Foreman now supports Grub1, Grub2 and PXELinux templates, you can pick
anything you want. Note that Grub1 does not support UEFI.

If you install Smart Proxy on a system where Grub1 or Grub2 is
available, we generate the bootloader via the installer using mkgrub
command. Usually only one of these grubs are available depending on
your OS version (e.g. RHEL6 = Grub1, RHEL7 = Grub2, the same for
Debians etc). If you want to use let's say PXELinux EFI, you need to
deploy pxelinux.efi file yourself. The following snippet comes from
our docs:

~~~
When creating a new Host, the PXE Loader option must be selected in
order to pass the correct DHCP filename option to the client. One
option out of the following must be chosen:

PXELinux BIOS (loads pxelinux.0 filename from TFTP)
PXELinux UEFI (loads pxelinux.efi filename from TFTP)
PXEGrub UEFI (loads grub/bootx64.efi filename from TFTP)
PXEGrub UEFI SecureBoot (loads grub/shim.efi filename from TFTP)
PXEGrub2 UEFI (loads grub2/grubx64.efi filename from TFTP)
PXEGrub2 UEFI SecureBoot (loads grub2/shim.efi filename from TFTP)
None - no filename passed (e.g. for HTTP booting via iPXE)

Grub filenames are different for each individual architecture
associated with the Host:

grub/bootia32.efi (for Intel named "i*86" where * can be any character)
grub/bootx64.efi (for Intel named "x86-64")
grub2/grubia32.efi (for Intel named "i*86" where * can be any character)
grub2/grubx64.efi (for Intel named "x86-64")
grub2/grubaa64.efi (for ARM 64 named either "aa64" or "aarch64")
grub2/grubppc64.efi (for IBM POWER named "ppc64”)
grub2/grubppc64le.efi (for IBM POWER Little Endian named "ppc64le")
grub2/grubXYZ.efi (for arbitrary Architecture named "XYZ")

Foreman installer only installs pxelinux.0 and grub2/grubx64.efi (if
grub2 is available). In order to boot systems via other loaders like
PXELinux EFI or Grub 1 (legacy), deploy the required bootloader files
in the TFTP directory.

Some operating systems use a “shim” loader for SecureBoot (e.g. Red
Hat Enterprise Linux and clones). To use SecureBoot with an operating
system that does not use a shim chainloader, make a copy of the signed
EFI loader named shim.efi or make a symlink in order to do secure
boot.
~~~

Now, initially I've implemented this on Red Hat systems and I haven't
realized that Red Hat patches Grub2 in order to read configuration
files according to MAC address. Debian family does not do that, this
results in only reading grub.cfg which does not work. There is one
trick you can do in your grub.cfg (this is for Grub2):

regexp --set=1:m1 --set=2:m2 --set=3:m3 --set=4:m4 --set=5:m5
--set=6:m6 
'^([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})'
"$net_default_mac"
mac=${m1}-${m2}-${m3}-${m4}-${m5}-${m6}
configfile=/grub2/grub.cfg-01-$mac
source "$configfile"

We have recently patched our installer to set this for you by default
if you are on non-redhat system so starting from 1.15 this should be
in.

Second option is to use foreman-bootloaders package which we plan to
provide in our repositories which ships builds from RHEL and Fedora.
This way you will have all bootloaders installed no matter if you are
on older or newer OS. Note it does not ship PXELinux EFI yet as there
is no stable release yet. We will add this later.

For more details read this chapter:
https://theforeman.org/manuals/1.15/index.html#4.4.3ProvisioningTemplates
and feel free to improve our docs if you think it's not clear. E.g.
the info about non-redhats would be nice to have there.

On Sat, Jun 17, 2017 at 5:12 PM, Stanisław Jakiel
<stanislaw.jak...@gmail.com> wrote:
> Hello,
>
> I've read some posts/issues about UEFI support for foreman:
>  - https://github.com/theforeman/foreman-bootloaders
>  - https://github.com/theforeman/community-templates/pull/346
>  - https://github.com/theforeman/puppet-foreman_proxy/pull/324
>  - http://projects.theforeman.org/issues/16654
>
> and to be honest I've no idea what is the status for PXEbooting Debian OSes
>
> First of all how to configure UEFI in foreman GUI?
>  - the OS is supposed to have PXEGrub2 template set or not?
>  - what is the meaning of PXE Loader dropdown in host creation screen? why
> PXELinux UEFI doesn't require grub template but grub(2) uefi does?
>  - as I'm using dnsmasq (DHCPProxy) I assume those two aforementioned
> options doesn't have any effect on me? I should handle dhcp config myself?
>
> For now lets assume I've configured it properly...
> My issue is following:
>
> The latest foreman comes with some grub2/grubx64.efi file and generates the
> grub2/grub.cfg-01-aa-bb-cc-dd-ee-ff which seems to be ok (for debian 8/9)
> The grub2/grubx64.efi filename is served properly by dnsmasq (ver. 2.67
> which is supposed to support UEFI)
>
> But when I use e.g. notebook with UEFI, disable secure boot and enable
> network boot, all what happens is:
>  - dhcp discover is sent, offers (one from DHCP server one from proxydhcp)
> is sent
>  - notebook hangs for like a 2 minutes and grub 2 shell appears...
>  - in wireshark I see only tftp grubx64.efi download, no requests for
> grub.cfg-01-aa-bb... config file
>
> I've seen some info about debian bootloader not downloading config file but
> I've used the stock one that comes with foreman (which
> I believe should download grub.cfg file)
>
> How do I get UEFI boot to work?
> How do I even debug it?
> Do I understand correctly that grubx64.efi file should contain bootloader
> that will download it's config file, (maybe) display some menu and start
> automated installation?
> If so, why I don't see any requests for grub.cfg-01-mac file?
>
> Thank you in advance
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to foreman-users+unsubscr...@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.



-- 
Later,
  Lukas @lzap Zapletal

-- 
You received this message because you are subscribed to the Google Groups 
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to foreman-users+unsubscr...@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to