Re: [foreman-users] UEFI PXEBoot not downloading config file
Hello, I just found that our Preseed template has incorect kind associated, filed bug and fixed it, we will push an update for 1.15: http://projects.theforeman.org/issues/20143 In the meantime you can fix this by executing this: foreman-rake console > kind = TemplateKind.find_by_name(:PXEGrub2) > tmpl = ProvisioningTemplate.unscoped.find_by_name("Preseed default PXEGrub2") > tmpl.update_attribute(:template_kind, kind) if tmpl && kind > exit And then you can associate it correctly with your OS. On Wed, Jun 21, 2017 at 10:10 AM, Stanisław Jakielwrote: > I've tried loaders from: > http://downloads.theforeman.org/foreman-bootloaders/ > by putting them under tftp dir > > And they behave the same way as stock grubx64.efi from foreman-installer - > so no luck > I'll give it a shot with some qemu uefi env. > > Please advise about previous question about templates. > > Regards > > On Monday, June 19, 2017 at 9:27:36 AM UTC+2, Lukas Zapletal wrote: >> >> Foreman now supports Grub1, Grub2 and PXELinux templates, you can pick >> anything you want. Note that Grub1 does not support UEFI. >> >> If you install Smart Proxy on a system where Grub1 or Grub2 is >> available, we generate the bootloader via the installer using mkgrub >> command. Usually only one of these grubs are available depending on >> your OS version (e.g. RHEL6 = Grub1, RHEL7 = Grub2, the same for >> Debians etc). If you want to use let's say PXELinux EFI, you need to >> deploy pxelinux.efi file yourself. The following snippet comes from >> our docs: >> >> ~~~ >> When creating a new Host, the PXE Loader option must be selected in >> order to pass the correct DHCP filename option to the client. One >> option out of the following must be chosen: >> >> PXELinux BIOS (loads pxelinux.0 filename from TFTP) >> PXELinux UEFI (loads pxelinux.efi filename from TFTP) >> PXEGrub UEFI (loads grub/bootx64.efi filename from TFTP) >> PXEGrub UEFI SecureBoot (loads grub/shim.efi filename from TFTP) >> PXEGrub2 UEFI (loads grub2/grubx64.efi filename from TFTP) >> PXEGrub2 UEFI SecureBoot (loads grub2/shim.efi filename from TFTP) >> None - no filename passed (e.g. for HTTP booting via iPXE) >> >> Grub filenames are different for each individual architecture >> associated with the Host: >> >> grub/bootia32.efi (for Intel named "i*86" where * can be any character) >> grub/bootx64.efi (for Intel named "x86-64") >> grub2/grubia32.efi (for Intel named "i*86" where * can be any character) >> grub2/grubx64.efi (for Intel named "x86-64") >> grub2/grubaa64.efi (for ARM 64 named either "aa64" or "aarch64") >> grub2/grubppc64.efi (for IBM POWER named "ppc64”) >> grub2/grubppc64le.efi (for IBM POWER Little Endian named "ppc64le") >> grub2/grubXYZ.efi (for arbitrary Architecture named "XYZ") >> >> Foreman installer only installs pxelinux.0 and grub2/grubx64.efi (if >> grub2 is available). In order to boot systems via other loaders like >> PXELinux EFI or Grub 1 (legacy), deploy the required bootloader files >> in the TFTP directory. >> >> Some operating systems use a “shim” loader for SecureBoot (e.g. Red >> Hat Enterprise Linux and clones). To use SecureBoot with an operating >> system that does not use a shim chainloader, make a copy of the signed >> EFI loader named shim.efi or make a symlink in order to do secure >> boot. >> ~~~ >> >> Now, initially I've implemented this on Red Hat systems and I haven't >> realized that Red Hat patches Grub2 in order to read configuration >> files according to MAC address. Debian family does not do that, this >> results in only reading grub.cfg which does not work. There is one >> trick you can do in your grub.cfg (this is for Grub2): >> >> regexp --set=1:m1 --set=2:m2 --set=3:m3 --set=4:m4 --set=5:m5 >> --set=6:m6 >> '^([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})' >> "$net_default_mac" >> mac=${m1}-${m2}-${m3}-${m4}-${m5}-${m6} >> configfile=/grub2/grub.cfg-01-$mac >> source "$configfile" >> >> We have recently patched our installer to set this for you by default >> if you are on non-redhat system so starting from 1.15 this should be >> in. >> >> Second option is to use foreman-bootloaders package which we plan to >> provide in our repositories which ships builds from RHEL and Fedora. >> This way you will have all bootloaders installed no matter if you are >> on older or newer OS. Note it does not ship PXELinux EFI yet as there >> is no stable release yet. We will add this later. >> >> For more details read this chapter: >> https://theforeman.org/manuals/1.15/index.html#4.4.3ProvisioningTemplates >> and feel free to improve our docs if you think it's not clear. E.g. >> the info about non-redhats would be nice to have there. >> >> On Sat, Jun 17, 2017 at 5:12 PM, Stanisław Jakiel >> wrote: >> > Hello, >> > >> > I've read some posts/issues about UEFI support for foreman: >> > -
Re: [foreman-users] UEFI PXEBoot not downloading config file
I've tried loaders from: http://downloads.theforeman.org/foreman-bootloaders/ by putting them under tftp dir And they behave the same way as stock grubx64.efi from foreman-installer - so no luck I'll give it a shot with some qemu uefi env. Please advise about previous question about templates. Regards On Monday, June 19, 2017 at 9:27:36 AM UTC+2, Lukas Zapletal wrote: > > Foreman now supports Grub1, Grub2 and PXELinux templates, you can pick > anything you want. Note that Grub1 does not support UEFI. > > If you install Smart Proxy on a system where Grub1 or Grub2 is > available, we generate the bootloader via the installer using mkgrub > command. Usually only one of these grubs are available depending on > your OS version (e.g. RHEL6 = Grub1, RHEL7 = Grub2, the same for > Debians etc). If you want to use let's say PXELinux EFI, you need to > deploy pxelinux.efi file yourself. The following snippet comes from > our docs: > > ~~~ > When creating a new Host, the PXE Loader option must be selected in > order to pass the correct DHCP filename option to the client. One > option out of the following must be chosen: > > PXELinux BIOS (loads pxelinux.0 filename from TFTP) > PXELinux UEFI (loads pxelinux.efi filename from TFTP) > PXEGrub UEFI (loads grub/bootx64.efi filename from TFTP) > PXEGrub UEFI SecureBoot (loads grub/shim.efi filename from TFTP) > PXEGrub2 UEFI (loads grub2/grubx64.efi filename from TFTP) > PXEGrub2 UEFI SecureBoot (loads grub2/shim.efi filename from TFTP) > None - no filename passed (e.g. for HTTP booting via iPXE) > > Grub filenames are different for each individual architecture > associated with the Host: > > grub/bootia32.efi (for Intel named "i*86" where * can be any character) > grub/bootx64.efi (for Intel named "x86-64") > grub2/grubia32.efi (for Intel named "i*86" where * can be any character) > grub2/grubx64.efi (for Intel named "x86-64") > grub2/grubaa64.efi (for ARM 64 named either "aa64" or "aarch64") > grub2/grubppc64.efi (for IBM POWER named "ppc64”) > grub2/grubppc64le.efi (for IBM POWER Little Endian named "ppc64le") > grub2/grubXYZ.efi (for arbitrary Architecture named "XYZ") > > Foreman installer only installs pxelinux.0 and grub2/grubx64.efi (if > grub2 is available). In order to boot systems via other loaders like > PXELinux EFI or Grub 1 (legacy), deploy the required bootloader files > in the TFTP directory. > > Some operating systems use a “shim” loader for SecureBoot (e.g. Red > Hat Enterprise Linux and clones). To use SecureBoot with an operating > system that does not use a shim chainloader, make a copy of the signed > EFI loader named shim.efi or make a symlink in order to do secure > boot. > ~~~ > > Now, initially I've implemented this on Red Hat systems and I haven't > realized that Red Hat patches Grub2 in order to read configuration > files according to MAC address. Debian family does not do that, this > results in only reading grub.cfg which does not work. There is one > trick you can do in your grub.cfg (this is for Grub2): > > regexp --set=1:m1 --set=2:m2 --set=3:m3 --set=4:m4 --set=5:m5 > --set=6:m6 > '^([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})' > > > "$net_default_mac" > mac=${m1}-${m2}-${m3}-${m4}-${m5}-${m6} > configfile=/grub2/grub.cfg-01-$mac > source "$configfile" > > We have recently patched our installer to set this for you by default > if you are on non-redhat system so starting from 1.15 this should be > in. > > Second option is to use foreman-bootloaders package which we plan to > provide in our repositories which ships builds from RHEL and Fedora. > This way you will have all bootloaders installed no matter if you are > on older or newer OS. Note it does not ship PXELinux EFI yet as there > is no stable release yet. We will add this later. > > For more details read this chapter: > https://theforeman.org/manuals/1.15/index.html#4.4.3ProvisioningTemplates > and feel free to improve our docs if you think it's not clear. E.g. > the info about non-redhats would be nice to have there. > > On Sat, Jun 17, 2017 at 5:12 PM, Stanisław Jakiel >wrote: > > Hello, > > > > I've read some posts/issues about UEFI support for foreman: > > - https://github.com/theforeman/foreman-bootloaders > > - https://github.com/theforeman/community-templates/pull/346 > > - https://github.com/theforeman/puppet-foreman_proxy/pull/324 > > - http://projects.theforeman.org/issues/16654 > > > > and to be honest I've no idea what is the status for PXEbooting Debian > OSes > > > > First of all how to configure UEFI in foreman GUI? > > - the OS is supposed to have PXEGrub2 template set or not? > > - what is the meaning of PXE Loader dropdown in host creation screen? > why > > PXELinux UEFI doesn't require grub template but grub(2) uefi does? > > - as I'm using dnsmasq (DHCPProxy) I
Re: [foreman-users] UEFI PXEBoot not downloading config file
Thank you! By "locally available" I've meant that grub.cfg-01-MAC is embedded in grubx64.efi and send to client host as one file. Thus client sources this from local to itself filesystem. I've associated "Preseed default PXEGrub2" for my Operating System but which template should I associate as: "PXEGrub2 template" kind? This is required for "Grub2 UEFI" PXE Loader. Otherwise it is impossible to create host as: "No PXEGrub2 templates were found for this host, make sure you define at least one in your Debian 9.0 settings or change PXE loader" appears on submit. Initially I've tried: "PXEGrub2 global default" but it states: *<%# Used to boot unknown hosts, do not associate or change the name. %>* and contains some magic about profiles that I don't understand. (It generated grub.cfg-01-MAC that is identical to grub.cfg) You mean these loaders: http://downloads.theforeman.org/foreman-bootloaders/ ? Should I simply () replace these generated by foreman under /var/lib/tftpboot/ ? Kind regards Staszek On Monday, June 19, 2017 at 11:24:09 PM UTC+2, Lukas Zapletal wrote: > > You want to associate "Preseed default PXEGrub2" for debian distros or > "Kickstart default PXEGrub2" for redhat distros not the "default" or > "local boot" ones, that is not correct. > > Default - template that renders to default menu (grub.cfg) > Local boot - template used when host is in production mode (local from > HDD/SSD) > > I don't understand what you mean by locally available, but it is > supposed to download this from TFTP. I haven't created this trick but > I've seen this on various mailing lists as a workaround. You don't > need this if you use foreman-bootloaders-redhat package anyway, that > will work for sure plus you get also SecureBoot support (Debian did > not support it until yesterday - Debian 9). > > LZ > > On Mon, Jun 19, 2017 at 5:46 PM, Stanisław Jakiel >wrote: > > 3) To be honest I don't understand this grub.cfg trick. It looks like > > sourcing locally available grub.cfg-01-MAC whereas it should be > downloaded > > from foreman's tftp. > > Only way for this to work would be regenerating grubx64.efi on each host > > creation (with this grub.cfg-01-MAC embedded) but how do you support > > multiple hosts provisioning then? > > > > On Monday, June 19, 2017 at 9:27:36 AM UTC+2, Lukas Zapletal wrote: > >> > >> Foreman now supports Grub1, Grub2 and PXELinux templates, you can pick > >> anything you want. Note that Grub1 does not support UEFI. > >> > >> If you install Smart Proxy on a system where Grub1 or Grub2 is > >> available, we generate the bootloader via the installer using mkgrub > >> command. Usually only one of these grubs are available depending on > >> your OS version (e.g. RHEL6 = Grub1, RHEL7 = Grub2, the same for > >> Debians etc). If you want to use let's say PXELinux EFI, you need to > >> deploy pxelinux.efi file yourself. The following snippet comes from > >> our docs: > >> > >> ~~~ > >> When creating a new Host, the PXE Loader option must be selected in > >> order to pass the correct DHCP filename option to the client. One > >> option out of the following must be chosen: > >> > >> PXELinux BIOS (loads pxelinux.0 filename from TFTP) > >> PXELinux UEFI (loads pxelinux.efi filename from TFTP) > >> PXEGrub UEFI (loads grub/bootx64.efi filename from TFTP) > >> PXEGrub UEFI SecureBoot (loads grub/shim.efi filename from TFTP) > >> PXEGrub2 UEFI (loads grub2/grubx64.efi filename from TFTP) > >> PXEGrub2 UEFI SecureBoot (loads grub2/shim.efi filename from TFTP) > >> None - no filename passed (e.g. for HTTP booting via iPXE) > >> > >> Grub filenames are different for each individual architecture > >> associated with the Host: > >> > >> grub/bootia32.efi (for Intel named "i*86" where * can be any character) > >> grub/bootx64.efi (for Intel named "x86-64") > >> grub2/grubia32.efi (for Intel named "i*86" where * can be any > character) > >> grub2/grubx64.efi (for Intel named "x86-64") > >> grub2/grubaa64.efi (for ARM 64 named either "aa64" or "aarch64") > >> grub2/grubppc64.efi (for IBM POWER named "ppc64”) > >> grub2/grubppc64le.efi (for IBM POWER Little Endian named "ppc64le") > >> grub2/grubXYZ.efi (for arbitrary Architecture named "XYZ") > >> > >> Foreman installer only installs pxelinux.0 and grub2/grubx64.efi (if > >> grub2 is available). In order to boot systems via other loaders like > >> PXELinux EFI or Grub 1 (legacy), deploy the required bootloader files > >> in the TFTP directory. > >> > >> Some operating systems use a “shim” loader for SecureBoot (e.g. Red > >> Hat Enterprise Linux and clones). To use SecureBoot with an operating > >> system that does not use a shim chainloader, make a copy of the signed > >> EFI loader named shim.efi or make a symlink in order to do secure > >> boot. > >> ~~~ > >> > >> Now, initially I've implemented this on Red Hat systems and I haven't > >> realized that
Re: [foreman-users] UEFI PXEBoot not downloading config file
You want to associate "Preseed default PXEGrub2" for debian distros or "Kickstart default PXEGrub2" for redhat distros not the "default" or "local boot" ones, that is not correct. Default - template that renders to default menu (grub.cfg) Local boot - template used when host is in production mode (local from HDD/SSD) I don't understand what you mean by locally available, but it is supposed to download this from TFTP. I haven't created this trick but I've seen this on various mailing lists as a workaround. You don't need this if you use foreman-bootloaders-redhat package anyway, that will work for sure plus you get also SecureBoot support (Debian did not support it until yesterday - Debian 9). LZ On Mon, Jun 19, 2017 at 5:46 PM, Stanisław Jakielwrote: > 3) To be honest I don't understand this grub.cfg trick. It looks like > sourcing locally available grub.cfg-01-MAC whereas it should be downloaded > from foreman's tftp. > Only way for this to work would be regenerating grubx64.efi on each host > creation (with this grub.cfg-01-MAC embedded) but how do you support > multiple hosts provisioning then? > > On Monday, June 19, 2017 at 9:27:36 AM UTC+2, Lukas Zapletal wrote: >> >> Foreman now supports Grub1, Grub2 and PXELinux templates, you can pick >> anything you want. Note that Grub1 does not support UEFI. >> >> If you install Smart Proxy on a system where Grub1 or Grub2 is >> available, we generate the bootloader via the installer using mkgrub >> command. Usually only one of these grubs are available depending on >> your OS version (e.g. RHEL6 = Grub1, RHEL7 = Grub2, the same for >> Debians etc). If you want to use let's say PXELinux EFI, you need to >> deploy pxelinux.efi file yourself. The following snippet comes from >> our docs: >> >> ~~~ >> When creating a new Host, the PXE Loader option must be selected in >> order to pass the correct DHCP filename option to the client. One >> option out of the following must be chosen: >> >> PXELinux BIOS (loads pxelinux.0 filename from TFTP) >> PXELinux UEFI (loads pxelinux.efi filename from TFTP) >> PXEGrub UEFI (loads grub/bootx64.efi filename from TFTP) >> PXEGrub UEFI SecureBoot (loads grub/shim.efi filename from TFTP) >> PXEGrub2 UEFI (loads grub2/grubx64.efi filename from TFTP) >> PXEGrub2 UEFI SecureBoot (loads grub2/shim.efi filename from TFTP) >> None - no filename passed (e.g. for HTTP booting via iPXE) >> >> Grub filenames are different for each individual architecture >> associated with the Host: >> >> grub/bootia32.efi (for Intel named "i*86" where * can be any character) >> grub/bootx64.efi (for Intel named "x86-64") >> grub2/grubia32.efi (for Intel named "i*86" where * can be any character) >> grub2/grubx64.efi (for Intel named "x86-64") >> grub2/grubaa64.efi (for ARM 64 named either "aa64" or "aarch64") >> grub2/grubppc64.efi (for IBM POWER named "ppc64”) >> grub2/grubppc64le.efi (for IBM POWER Little Endian named "ppc64le") >> grub2/grubXYZ.efi (for arbitrary Architecture named "XYZ") >> >> Foreman installer only installs pxelinux.0 and grub2/grubx64.efi (if >> grub2 is available). In order to boot systems via other loaders like >> PXELinux EFI or Grub 1 (legacy), deploy the required bootloader files >> in the TFTP directory. >> >> Some operating systems use a “shim” loader for SecureBoot (e.g. Red >> Hat Enterprise Linux and clones). To use SecureBoot with an operating >> system that does not use a shim chainloader, make a copy of the signed >> EFI loader named shim.efi or make a symlink in order to do secure >> boot. >> ~~~ >> >> Now, initially I've implemented this on Red Hat systems and I haven't >> realized that Red Hat patches Grub2 in order to read configuration >> files according to MAC address. Debian family does not do that, this >> results in only reading grub.cfg which does not work. There is one >> trick you can do in your grub.cfg (this is for Grub2): >> >> regexp --set=1:m1 --set=2:m2 --set=3:m3 --set=4:m4 --set=5:m5 >> --set=6:m6 >> '^([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})' >> "$net_default_mac" >> mac=${m1}-${m2}-${m3}-${m4}-${m5}-${m6} >> configfile=/grub2/grub.cfg-01-$mac >> source "$configfile" >> >> We have recently patched our installer to set this for you by default >> if you are on non-redhat system so starting from 1.15 this should be >> in. >> >> Second option is to use foreman-bootloaders package which we plan to >> provide in our repositories which ships builds from RHEL and Fedora. >> This way you will have all bootloaders installed no matter if you are >> on older or newer OS. Note it does not ship PXELinux EFI yet as there >> is no stable release yet. We will add this later. >> >> For more details read this chapter: >> https://theforeman.org/manuals/1.15/index.html#4.4.3ProvisioningTemplates >> and feel free to improve our docs if you think it's not clear. E.g. >> the info about non-redhats would be
Re: [foreman-users] UEFI PXEBoot not downloading config file
3) To be honest I don't understand this *grub.cfg* trick. It looks like sourcing *locally available **grub.cfg-01-MAC *whereas it should be downloaded from foreman's tftp. Only way for this to work would be regenerating grubx64.efi on each host creation (with this grub.cfg-01-MAC embedded) but how do you support multiple hosts provisioning then? On Monday, June 19, 2017 at 9:27:36 AM UTC+2, Lukas Zapletal wrote: > > Foreman now supports Grub1, Grub2 and PXELinux templates, you can pick > anything you want. Note that Grub1 does not support UEFI. > > If you install Smart Proxy on a system where Grub1 or Grub2 is > available, we generate the bootloader via the installer using mkgrub > command. Usually only one of these grubs are available depending on > your OS version (e.g. RHEL6 = Grub1, RHEL7 = Grub2, the same for > Debians etc). If you want to use let's say PXELinux EFI, you need to > deploy pxelinux.efi file yourself. The following snippet comes from > our docs: > > ~~~ > When creating a new Host, the PXE Loader option must be selected in > order to pass the correct DHCP filename option to the client. One > option out of the following must be chosen: > > PXELinux BIOS (loads pxelinux.0 filename from TFTP) > PXELinux UEFI (loads pxelinux.efi filename from TFTP) > PXEGrub UEFI (loads grub/bootx64.efi filename from TFTP) > PXEGrub UEFI SecureBoot (loads grub/shim.efi filename from TFTP) > PXEGrub2 UEFI (loads grub2/grubx64.efi filename from TFTP) > PXEGrub2 UEFI SecureBoot (loads grub2/shim.efi filename from TFTP) > None - no filename passed (e.g. for HTTP booting via iPXE) > > Grub filenames are different for each individual architecture > associated with the Host: > > grub/bootia32.efi (for Intel named "i*86" where * can be any character) > grub/bootx64.efi (for Intel named "x86-64") > grub2/grubia32.efi (for Intel named "i*86" where * can be any character) > grub2/grubx64.efi (for Intel named "x86-64") > grub2/grubaa64.efi (for ARM 64 named either "aa64" or "aarch64") > grub2/grubppc64.efi (for IBM POWER named "ppc64”) > grub2/grubppc64le.efi (for IBM POWER Little Endian named "ppc64le") > grub2/grubXYZ.efi (for arbitrary Architecture named "XYZ") > > Foreman installer only installs pxelinux.0 and grub2/grubx64.efi (if > grub2 is available). In order to boot systems via other loaders like > PXELinux EFI or Grub 1 (legacy), deploy the required bootloader files > in the TFTP directory. > > Some operating systems use a “shim” loader for SecureBoot (e.g. Red > Hat Enterprise Linux and clones). To use SecureBoot with an operating > system that does not use a shim chainloader, make a copy of the signed > EFI loader named shim.efi or make a symlink in order to do secure > boot. > ~~~ > > Now, initially I've implemented this on Red Hat systems and I haven't > realized that Red Hat patches Grub2 in order to read configuration > files according to MAC address. Debian family does not do that, this > results in only reading grub.cfg which does not work. There is one > trick you can do in your grub.cfg (this is for Grub2): > > regexp --set=1:m1 --set=2:m2 --set=3:m3 --set=4:m4 --set=5:m5 > --set=6:m6 > '^([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})' > > > "$net_default_mac" > mac=${m1}-${m2}-${m3}-${m4}-${m5}-${m6} > configfile=/grub2/grub.cfg-01-$mac > source "$configfile" > > We have recently patched our installer to set this for you by default > if you are on non-redhat system so starting from 1.15 this should be > in. > > Second option is to use foreman-bootloaders package which we plan to > provide in our repositories which ships builds from RHEL and Fedora. > This way you will have all bootloaders installed no matter if you are > on older or newer OS. Note it does not ship PXELinux EFI yet as there > is no stable release yet. We will add this later. > > For more details read this chapter: > https://theforeman.org/manuals/1.15/index.html#4.4.3ProvisioningTemplates > and feel free to improve our docs if you think it's not clear. E.g. > the info about non-redhats would be nice to have there. > > On Sat, Jun 17, 2017 at 5:12 PM, Stanisław Jakiel >wrote: > > Hello, > > > > I've read some posts/issues about UEFI support for foreman: > > - https://github.com/theforeman/foreman-bootloaders > > - https://github.com/theforeman/community-templates/pull/346 > > - https://github.com/theforeman/puppet-foreman_proxy/pull/324 > > - http://projects.theforeman.org/issues/16654 > > > > and to be honest I've no idea what is the status for PXEbooting Debian > OSes > > > > First of all how to configure UEFI in foreman GUI? > > - the OS is supposed to have PXEGrub2 template set or not? > > - what is the meaning of PXE Loader dropdown in host creation screen? > why > > PXELinux UEFI doesn't require grub template but grub(2) uefi does? >
Re: [foreman-users] UEFI PXEBoot not downloading config file
Thank you for response! I'm starting to getting this together in my head. I'm installing Foreman on Ubuntu 16.10. So basically the flow is following (grub2): - DHCP exchange, get filename - Download grubx64.efi that got generated during foreman installation - As grubx64.efi got generated with grub.cfg with this regexp, mac, configfile , source trick it should download the grub.cfg-01-MAC from TFTP 1) Is this flow correct? 2) I'm associating pxegrub2 global template to host, is this proper way? My grub.cfg-01-MAC contains only: Chainload Grub2 EFI from ESP, Chainload into BIOS bootloader on first disk, Foreman Discovery Image, so I'm assuming that something is wrong. Neither of which seems to be downloading anything from Foreman. Kind regards On Monday, June 19, 2017 at 9:27:36 AM UTC+2, Lukas Zapletal wrote: > > Foreman now supports Grub1, Grub2 and PXELinux templates, you can pick > anything you want. Note that Grub1 does not support UEFI. > > If you install Smart Proxy on a system where Grub1 or Grub2 is > available, we generate the bootloader via the installer using mkgrub > command. Usually only one of these grubs are available depending on > your OS version (e.g. RHEL6 = Grub1, RHEL7 = Grub2, the same for > Debians etc). If you want to use let's say PXELinux EFI, you need to > deploy pxelinux.efi file yourself. The following snippet comes from > our docs: > > ~~~ > When creating a new Host, the PXE Loader option must be selected in > order to pass the correct DHCP filename option to the client. One > option out of the following must be chosen: > > PXELinux BIOS (loads pxelinux.0 filename from TFTP) > PXELinux UEFI (loads pxelinux.efi filename from TFTP) > PXEGrub UEFI (loads grub/bootx64.efi filename from TFTP) > PXEGrub UEFI SecureBoot (loads grub/shim.efi filename from TFTP) > PXEGrub2 UEFI (loads grub2/grubx64.efi filename from TFTP) > PXEGrub2 UEFI SecureBoot (loads grub2/shim.efi filename from TFTP) > None - no filename passed (e.g. for HTTP booting via iPXE) > > Grub filenames are different for each individual architecture > associated with the Host: > > grub/bootia32.efi (for Intel named "i*86" where * can be any character) > grub/bootx64.efi (for Intel named "x86-64") > grub2/grubia32.efi (for Intel named "i*86" where * can be any character) > grub2/grubx64.efi (for Intel named "x86-64") > grub2/grubaa64.efi (for ARM 64 named either "aa64" or "aarch64") > grub2/grubppc64.efi (for IBM POWER named "ppc64”) > grub2/grubppc64le.efi (for IBM POWER Little Endian named "ppc64le") > grub2/grubXYZ.efi (for arbitrary Architecture named "XYZ") > > Foreman installer only installs pxelinux.0 and grub2/grubx64.efi (if > grub2 is available). In order to boot systems via other loaders like > PXELinux EFI or Grub 1 (legacy), deploy the required bootloader files > in the TFTP directory. > > Some operating systems use a “shim” loader for SecureBoot (e.g. Red > Hat Enterprise Linux and clones). To use SecureBoot with an operating > system that does not use a shim chainloader, make a copy of the signed > EFI loader named shim.efi or make a symlink in order to do secure > boot. > ~~~ > > Now, initially I've implemented this on Red Hat systems and I haven't > realized that Red Hat patches Grub2 in order to read configuration > files according to MAC address. Debian family does not do that, this > results in only reading grub.cfg which does not work. There is one > trick you can do in your grub.cfg (this is for Grub2): > > regexp --set=1:m1 --set=2:m2 --set=3:m3 --set=4:m4 --set=5:m5 > --set=6:m6 > '^([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})' > > > "$net_default_mac" > mac=${m1}-${m2}-${m3}-${m4}-${m5}-${m6} > configfile=/grub2/grub.cfg-01-$mac > source "$configfile" > > We have recently patched our installer to set this for you by default > if you are on non-redhat system so starting from 1.15 this should be > in. > > Second option is to use foreman-bootloaders package which we plan to > provide in our repositories which ships builds from RHEL and Fedora. > This way you will have all bootloaders installed no matter if you are > on older or newer OS. Note it does not ship PXELinux EFI yet as there > is no stable release yet. We will add this later. > > For more details read this chapter: > https://theforeman.org/manuals/1.15/index.html#4.4.3ProvisioningTemplates > and feel free to improve our docs if you think it's not clear. E.g. > the info about non-redhats would be nice to have there. > > On Sat, Jun 17, 2017 at 5:12 PM, Stanisław Jakiel >wrote: > > Hello, > > > > I've read some posts/issues about UEFI support for foreman: > > - https://github.com/theforeman/foreman-bootloaders > > - https://github.com/theforeman/community-templates/pull/346 > > - https://github.com/theforeman/puppet-foreman_proxy/pull/324 > > -
Re: [foreman-users] UEFI PXEBoot not downloading config file
Foreman now supports Grub1, Grub2 and PXELinux templates, you can pick anything you want. Note that Grub1 does not support UEFI. If you install Smart Proxy on a system where Grub1 or Grub2 is available, we generate the bootloader via the installer using mkgrub command. Usually only one of these grubs are available depending on your OS version (e.g. RHEL6 = Grub1, RHEL7 = Grub2, the same for Debians etc). If you want to use let's say PXELinux EFI, you need to deploy pxelinux.efi file yourself. The following snippet comes from our docs: ~~~ When creating a new Host, the PXE Loader option must be selected in order to pass the correct DHCP filename option to the client. One option out of the following must be chosen: PXELinux BIOS (loads pxelinux.0 filename from TFTP) PXELinux UEFI (loads pxelinux.efi filename from TFTP) PXEGrub UEFI (loads grub/bootx64.efi filename from TFTP) PXEGrub UEFI SecureBoot (loads grub/shim.efi filename from TFTP) PXEGrub2 UEFI (loads grub2/grubx64.efi filename from TFTP) PXEGrub2 UEFI SecureBoot (loads grub2/shim.efi filename from TFTP) None - no filename passed (e.g. for HTTP booting via iPXE) Grub filenames are different for each individual architecture associated with the Host: grub/bootia32.efi (for Intel named "i*86" where * can be any character) grub/bootx64.efi (for Intel named "x86-64") grub2/grubia32.efi (for Intel named "i*86" where * can be any character) grub2/grubx64.efi (for Intel named "x86-64") grub2/grubaa64.efi (for ARM 64 named either "aa64" or "aarch64") grub2/grubppc64.efi (for IBM POWER named "ppc64”) grub2/grubppc64le.efi (for IBM POWER Little Endian named "ppc64le") grub2/grubXYZ.efi (for arbitrary Architecture named "XYZ") Foreman installer only installs pxelinux.0 and grub2/grubx64.efi (if grub2 is available). In order to boot systems via other loaders like PXELinux EFI or Grub 1 (legacy), deploy the required bootloader files in the TFTP directory. Some operating systems use a “shim” loader for SecureBoot (e.g. Red Hat Enterprise Linux and clones). To use SecureBoot with an operating system that does not use a shim chainloader, make a copy of the signed EFI loader named shim.efi or make a symlink in order to do secure boot. ~~~ Now, initially I've implemented this on Red Hat systems and I haven't realized that Red Hat patches Grub2 in order to read configuration files according to MAC address. Debian family does not do that, this results in only reading grub.cfg which does not work. There is one trick you can do in your grub.cfg (this is for Grub2): regexp --set=1:m1 --set=2:m2 --set=3:m3 --set=4:m4 --set=5:m5 --set=6:m6 '^([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})\:([[:xdigit:]]{1,2})' "$net_default_mac" mac=${m1}-${m2}-${m3}-${m4}-${m5}-${m6} configfile=/grub2/grub.cfg-01-$mac source "$configfile" We have recently patched our installer to set this for you by default if you are on non-redhat system so starting from 1.15 this should be in. Second option is to use foreman-bootloaders package which we plan to provide in our repositories which ships builds from RHEL and Fedora. This way you will have all bootloaders installed no matter if you are on older or newer OS. Note it does not ship PXELinux EFI yet as there is no stable release yet. We will add this later. For more details read this chapter: https://theforeman.org/manuals/1.15/index.html#4.4.3ProvisioningTemplates and feel free to improve our docs if you think it's not clear. E.g. the info about non-redhats would be nice to have there. On Sat, Jun 17, 2017 at 5:12 PM, Stanisław Jakielwrote: > Hello, > > I've read some posts/issues about UEFI support for foreman: > - https://github.com/theforeman/foreman-bootloaders > - https://github.com/theforeman/community-templates/pull/346 > - https://github.com/theforeman/puppet-foreman_proxy/pull/324 > - http://projects.theforeman.org/issues/16654 > > and to be honest I've no idea what is the status for PXEbooting Debian OSes > > First of all how to configure UEFI in foreman GUI? > - the OS is supposed to have PXEGrub2 template set or not? > - what is the meaning of PXE Loader dropdown in host creation screen? why > PXELinux UEFI doesn't require grub template but grub(2) uefi does? > - as I'm using dnsmasq (DHCPProxy) I assume those two aforementioned > options doesn't have any effect on me? I should handle dhcp config myself? > > For now lets assume I've configured it properly... > My issue is following: > > The latest foreman comes with some grub2/grubx64.efi file and generates the > grub2/grub.cfg-01-aa-bb-cc-dd-ee-ff which seems to be ok (for debian 8/9) > The grub2/grubx64.efi filename is served properly by dnsmasq (ver. 2.67 > which is supposed to support UEFI) > > But when I use e.g. notebook with UEFI, disable secure boot and enable > network boot, all what happens is: > - dhcp discover is sent, offers (one from DHCP server one from proxydhcp)
[foreman-users] UEFI PXEBoot not downloading config file
Hello, I've read some posts/issues about UEFI support for foreman: - https://github.com/theforeman/foreman-bootloaders - https://github.com/theforeman/community-templates/pull/346 - https://github.com/theforeman/puppet-foreman_proxy/pull/324 - http://projects.theforeman.org/issues/16654 and to be honest I've no idea what is the status for PXEbooting Debian OSes First of all how to configure UEFI in foreman GUI? - the OS is supposed to have PXEGrub2 template set or not? - what is the meaning of PXE Loader dropdown in host creation screen? why PXELinux UEFI doesn't require grub template but grub(2) uefi does? - as I'm using dnsmasq (DHCPProxy) I assume those two aforementioned options doesn't have any effect on me? I should handle dhcp config myself? For now lets assume I've configured it properly... My issue is following: The latest foreman comes with some grub2/grubx64.efi file and generates the grub2/grub.cfg-01-aa-bb-cc-dd-ee-ff which seems to be ok (for debian 8/9) The grub2/grubx64.efi filename is served properly by dnsmasq (ver. 2.67 which is supposed to support UEFI) But when I use e.g. notebook with UEFI, disable secure boot and enable network boot, all what happens is: - dhcp discover is sent, offers (one from DHCP server one from proxydhcp) is sent - notebook hangs for like a 2 minutes and grub 2 shell appears... - in wireshark I see only tftp grubx64.efi download, no requests for grub.cfg-01-aa-bb... config file I've seen some info about debian bootloader not downloading config file but I've used the stock one that comes with foreman (which I believe should download grub.cfg file) How do I get UEFI boot to work? How do I even debug it? Do I understand correctly that grubx64.efi file should contain bootloader that will download it's config file, (maybe) display some menu and start automated installation? If so, why I don't see any requests for grub.cfg-01-mac file? Thank you in advance -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.