How to set up PXE boot for UEFI hardware

Having Red Hat Virtualization (RHV) implemented in different networks requires some sort of automation to install new RHV hosts. It is particularly handy to automate the process when there are slight differences between different hosts in the same network.

In this article, I take you through the process of designing and setting up a Preboot Execute Environment (PXE) that includes setting up a PXE server, configuring a DHCP server, and installing a TFTP server. Setting up a PXE boot environment isn't particularly difficult but does require multiple critical steps and each step contains a lot of detail. 

Design

Setting up one PXE server to provision different servers' farms located in different networks is beneficial, especially if you are going to automate the provisioning later on.

In this setup, we configure one PXE server and two different servers' farms. Each servers' farm network has its own dedicated PXE network (called the "Provisioning Network" in this article), while the PXE server itself is not in any of these networks.

Below is the network diagram with sample IP ranges:

This design achieves the following:

1. This setup is more secure rather than using regular management networks (i.e. ovirtmgmt).
2. This setup protects management networks from the broadcast storm that might be caused by Dynamic Host Configuration Protocol (DHCP) requests.
3. PXE servers need to reach a Satellite server or the Internet either via a DMZ interface or via a proxy server to download the needed packages. Having the PXE server(s) outside of the Provisioning Networks protects these networks from being compromised.

Assumptions

This article is based on the following assumptions for the sake of simplicity:

1. The PXE setup (DHCP, Trivial File Transfer Protocol (TFTP) and Hypertext Transfer Protocol (HTTP)) is hosted on a single server, although this is not required.

Installation the operating system (OS) on a server follows the order in the image below:

2. The PXE server can reach the internet via a proxy server, and if not then a Satellite server is used.

3. The PXE server is setup on Red Hat Enterprise Linux (RHEL) 7.x.

PXE Server OS

The PXE server is installed on a server with four core CPUs and four GB of memory, although servers with lower specifications can work.

The server has one network interface card (NIC) which is used for all types of traffic, although you can have different network interfaces if network segregation is needed.

RHEL7.6 ISO image is used to install the OS, with the minimal installation option.

After installation the OS registration and enabling the relevant repositories are needed:

1. Edit the rhsm file:

# vi /etc/rhsm/rhsm.conf

2. In the section below add the relevant details of the proxy server:

#an http proxy server to use
proxy_hostname =

#port for http proxy server
proxy_port =

#user name for authenticating to an http proxy, if needed
proxy_user =

#password for basic http proxy auth, if needed
proxy_password =

3. Save the file.

4. Register and attach the system:

#subscription-manager register --auto-attach
username: your-rhsm-username
password: your-rhsm-password

5. Enabling the needed repositories:

# subscription-manager repos --enable=rhel-7-server-rh-common-rpms --enable=rhel-7-server-rpms --enable=rhel-7-server-extras-rpms

DHCP Setup

Below are the steps to set up the DHCP to support PXE boot for UEFI servers:

1. Install the DHCP server:

# yum install -y dhcp

2. Adjust the DHCP configuration file(/etc/dhcp/dhcpd.conf). Here is a sample configuration file based on the network diagram above:

# DHCP Server Configuration File
#
#. see /usr/share/doc/dhcp*/dhcpd.conf.example
#
#. see dhcpd.conf(5) man page


option rfc3442-classless-static-routes code 121 = array of integer 8;
option ms-classless-static-routes code 249 = array of integer 8;
option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;
option architecture-type code 93 = unsigned integer 16;
subnet 192.168.1.0 netmask 255.255.255.0 {
   option routers 192.168.1.0;
   option subnet-mask 255.255.255.0;
   option broadcast-address 192.168.1.255;
}

subnet 192.168.2.0 netmask 255.255.255.0 {
   option routers 192.168.2.1;
   option subnet-mask 255.255.255.0;
   option broadcast-address 192.168.2.255;
   range 192.168.2.2 192.168.2.254;

   class "pxeclients" {
     match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
     next-server 192.168.1.10;
     if option architecture-type = 00:07 {
        filename "shim.efi";
        } else {
        filename "pxelinux/pxelinux.0";
     }
   }
}

subnet 192.168.3.0 netmask 255.255.255.0 {
   option routers 192.168.3.1;
   option subnet-mask 255.255.255.0;
   option broadcast-address 192.168.3.255;
   range 192.168.3.2 192.168.3.254;

   class "pxeclients" {
     match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
     next-server 192.168.1.10;
     if option architecture-type = 00:07 {
        filename "shim.efi";
        } else {
        filename "pxelinux/pxelinux.0";
     }
   }
}

3. Enable and start the dhcpd service:

# systemctl enable dhcpd; systemctl start dhcpd

TFTP Setup

The TFTP server is needed to provide:

1. initrd.img - The “boot loader” which will be loaded to a RAM disk
2. vmlinuz - A compressed bootable Linux kernel

The setup of the TFTP server to support PXE boot for UEFI servers is a bit different from the setup to support the BIOS servers.

Below are the steps to set up a TFTP server to support PXE boot for UEFI servers:

1. Install the TFTP server:

# yum install -y tftp-server

2. Download the needed packages from the RHEL repositories:

# mkdir /root/packages

# cd /root/packages

# yumdownloader shim-version-architecture

# yumdownloader grub2-efi- version-architecture

3. Extract the needed binaries:

# rpm2cpio shim-version-architecture.rpm | cpio -dimv

# rpm2cpio grub2-efi- version-architecture.rpm | cpio -dimv

# cp boot/efi/EFI/redhat/grubx64.efi /var/lib/tftpboot/

# cp boot/efi/EFI/redhat/shim.efi /var/lib/tftpboot/

4. Download ISO image and move it to the PXE server.

5. Mount the ISO Image:

# mount -t iso9660 /path/iso-file.iso /mnt -o loop,ro

6. Create a subdirectory to store boot image files within /var/lib/tftpboot:

# mkdir -p /var/lib/tftp/images/rhv-4.3

7. Copy the boot image files:

# cp /mnt/pxeboot/{vmlinuz,initrd.img} /var/lib/tftp/images/rhv-4.3/

8. Create a configuration file named grub.cfg in /var/lib/tftpboot. Here is a sample configuration file at /var/lib/tftpboot/grub.cfg:

set default=0
set timeout=60
menuentry  'Install RHVH 4.3' --class fedora --class gnu-linux --class gnu --class os {
   linuxefi images/rhv-4.3/vmlinuz inst.ks=http://192.168.1.10/kickstarts/ks.cfg inst.stage2=http:// 192.168.1.10/rhv4.3/ISO quiet
   initrdefi images/rhv-4.3/initrd.img
}

9. Enable and start the tftp service:

#systemctl enable tftp; systemctl start tftp

Tips regarding creating the grub.cfg

Creating a grub.cfg might require some additional parameters dependent on the network. Here are some commonly used parameters which might be needed in the grub.cfg:

rd.net.timeout.carrier=60

If this option is set, dhclient is called with -timeout, so it is useful if the DHCP server replies are delayed:

ip=device-name:dhcp

This is useful in case the server which is to be installed has multiple interfaces and only one is dedicated to the PXE boot.

For more options, you can refer to the man page for the Dracut Command Line.

Wrapping Up

It is a somewhat lengthy process to set up a PXE system, so we'll continue next week with part two. At this point, you will have a functioning PXE server, a DHCP server configured for delivering IP addresses to PXE booted systems, and a TFTP server to deliver a bootable system and ISO images.

In part two, I will continue with the PXE setup by showing you how to set up the HTTP server, the Kickstart file, the host-based firewall, and the network. I also discuss troubleshooting your PXE setup and I cover some automation options.

[ Need to learn more about Linux system administration? Take a Red Hat system administration course. ]