第5章 Configuring iPXE to Reduce Provisioning Times

You can use Satellite to configure PXELinux to chainboot iPXE and boot using the HTTP protocol if you have the following restrictions that prevent you from using PXE:

  • A network with unmanaged DHCP servers.
  • A PXE service that is blacklisted on your network or restricted by a firewall.
  • An unreliable TFTP UDP-based protocol because of, for example, a low-bandwidth network.

iPXE Workflow Overview

The provisioning process using iPXE follows this workflow:

  • A discovered host boots over PXE.
  • The host loads either ipxe.efi or undionly.0.
  • The host initializes again on the network using DHCP.
  • The DHCP server detects the iPXE firmware and returns the iPXE template URL with the bootstrap flag.
  • The host requests iPXE template. Satellite does not recognize the host, and because the bootstrap flag is set, the host receives the iPXE intermediate script template that ships with Satellite.
  • The host runs the intermediate iPXE script and downloads the discovery image.
  • The host starts the discovery operating system and performs a discovery request.
  • The host is scheduled for provisioning and restarts.
  • The host boots over PXE.
  • The previous workflow repeats, but Satellite recognizes the host’s remote IP address and instead of the intermediate template, the host receives a regular iPXE template.
  • The host reads the iPXE configuration and boots the installer.
  • From this point, the installation follows a regular PXE installation workflow.

Note that the workflow uses the discovery process, which is optional. To set up the discovery service, see 「Setting up the Discovery Service for iPXE」.

With Satellite, you can set up hosts to download either the ipxe.efi or undionly.kpxe over TFTP. When the file downloads, all communication continues using HTTP. Satellite uses the iPXE provisioning script either to load an operating system installer or the next entry in the boot order.

There are three methods of using iPXE with Red Hat Satellite:

  1. Chainbooting virtual machines using hypervisors that use iPXE as primary firmware.
  2. Using PXELinux through TFTP to chainload iPXE directly on bare metal hosts.
  3. Using PXELinux through UNDI, which uses HTTP to transfer the kernel and the initial RAM disk on bare-metal hosts.

Security Information

The iPXE binary in Red Hat Enterprise Linux is built without some security features. For this reason, you can only use HTTP, and cannot use HTTPS.

+ All security-related features of iPXE in Red Hat Enterprise Linux are not supported. For more information, see Red Hat Enterprise Linux HTTPS support in iPXE.

Prerequisites

Before you begin, ensure that the following conditions are met:

  • A host exists on Red Hat Satellite to use.
  • The MAC address of the provisioning interface matches the host configuration.
  • The provisioning interface of the host has a valid DHCP reservation.
  • The NIC is capable of PXE booting. For more information, see http://ipxe.org/appnote/hardware_drivers.
  • The NIC is compatible with iPXE.

5.1. Setting up the Discovery Service for iPXE

  1. On Capsule Server, install the Foreman discovery service: 

    # yum install foreman-discovery-image

  2. On Capsule Server, enable the httpboot service: 

    # satellite-installer --foreman-proxy-httpboot true
  3. In the Satellite web UI, navigate to Administer > Settings, and click the Provisioning tab.
  4. Locate the Default PXE global template entry row and in the Value column, change the value to discovery.