Skip to content

Instantly share code, notes, and snippets.

@robinsmidsrod
Last active January 5, 2025 20:44
Show Gist options
  • Save robinsmidsrod/4008017 to your computer and use it in GitHub Desktop.
Save robinsmidsrod/4008017 to your computer and use it in GitHub Desktop.
Trying to chainload iPXE with full feature set from a lesser featured one, whilst still being able to boot non-supported cards with UNDI
ddns-update-style none;
deny bootp; #default
authoritative;
include "/etc/dhcp/ipxe-option-space.conf";
# GREEN (private network)
subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.100 10.1.1.199;
option subnet-mask 255.255.255.0;
option routers 10.1.1.1; # firewall.smidsrod.lan
default-lease-time 3600;
max-lease-time 86400;
option domain-name "smidsrod.lan";
option domain-search "smidsrod.lan";
option domain-name-servers 10.1.1.1; # firewall.smidsrod.lan
option ntp-servers 132.163.97.3,132.163.97.2; # time.nist.gov
option log-servers 10.1.1.2; # core.smidsrod.lan
option lpr-servers 10.1.1.8; # laserjet.smidsrod.lan
include "/etc/dhcp/ipxe-green.conf";
}
use-host-decl-names on;
include "/etc/dhcp/static.conf";
# For information on valid values for option arch, see these links:
# https://git.ipxe.org/ipxe.git/commitdiff/af9afd0a86aeac1eed28b5028c3de669515fc7fc
# https://git.ipxe.org/ipxe.git/blob/HEAD:/src/include/ipxe/dhcp.h#l275
# https://www.rfc-editor.org/errata_search.php?rfc=4578
#
# I like to use native iPXE drivers (they're faster and more stable), so
# give ipxe.pxe/ipxe.efi to all non-iPXE clients, use undionly.kpxe/snponly.efi
# only if you have unsupported or misbehaving NICs.
allow bootp;
allow booting;
next-server 10.1.1.2; # core.smidsrod.lan
# Disable ProxyDHCP, we're in control of the primary DHCP server
option ipxe.no-pxedhcp 1;
# Make sure the iPXE we're loading supports the features we need, if not
# load a full-featured version. See ipxe-option-space.conf for definitions.
if exists ipxe.http
and exists ipxe.menu
and exists ipxe.nfs # NB: not enabled in iPXE by default
and (
( exists ipxe.pxe
and exists ipxe.bzimage
and exists ipxe.elf
and exists ipxe.comboot # NB: not enabled in iPXE by default
and exists ipxe.iscsi
) or (
exists ipxe.efi
)
) {
filename "nfs://nas.smidsrod.lan/raid/boot/boot.ipxe";
#filename "http://boot.smidsrod.lan/boot.ipxe";
} elsif option arch = 00:09 { # EFI BC
} elsif option arch = 00:08 { # EFI Xscale
} elsif option arch = 00:07 {
# EFI x86-64 (Intel x86 64-bit EFI mode)
# - most commonly used on newer hardware
filename "ipxe-x64.efi";
#filename "snponly-x64.efi";
} elsif option arch = 00:06 {
# EFI IA32 (Intel x86 32-bit EFI mode)
# - almost never seen in the wild
filename "ipxe-x86.efi";
#filename "snponly-x86.efi";
} elsif option arch = 00:05 { # Intel Lean Client
} elsif option arch = 00:04 { # Arc x86
} elsif option arch = 00:03 { # DEC Alpha
} elsif option arch = 00:02 { # EFI Itanium
} elsif option arch = 00:01 { # NEC/PC98
} else {
# Intel x86PC (Intel x86 32-bit legacy BIOS mode)
# - technically option arch = 00:00, but we use it as fallback
filename "ipxe.pxe";
#filename "undionly.kpxe";
}
# Declare the iPXE/gPXE/Etherboot option space
option space ipxe;
option ipxe-encap-opts code 175 = encapsulate ipxe;
# iPXE options, can be set in DHCP response packet
option ipxe.priority code 1 = signed integer 8;
option ipxe.keep-san code 8 = unsigned integer 8;
option ipxe.skip-san-boot code 9 = unsigned integer 8;
option ipxe.syslogs code 85 = string;
option ipxe.cert code 91 = string;
option ipxe.privkey code 92 = string;
option ipxe.crosscert code 93 = string;
option ipxe.no-pxedhcp code 176 = unsigned integer 8;
option ipxe.bus-id code 177 = string;
option ipxe.san-filename code 188 = string;
option ipxe.bios-drive code 189 = unsigned integer 8;
option ipxe.username code 190 = string;
option ipxe.password code 191 = string;
option ipxe.reverse-username code 192 = string;
option ipxe.reverse-password code 193 = string;
option ipxe.version code 235 = string;
option iscsi-initiator-iqn code 203 = string;
# iPXE feature flags, set in DHCP request packet
option ipxe.pxeext code 16 = unsigned integer 8;
option ipxe.iscsi code 17 = unsigned integer 8;
option ipxe.aoe code 18 = unsigned integer 8;
option ipxe.http code 19 = unsigned integer 8;
option ipxe.https code 20 = unsigned integer 8;
option ipxe.tftp code 21 = unsigned integer 8;
option ipxe.ftp code 22 = unsigned integer 8;
option ipxe.dns code 23 = unsigned integer 8;
option ipxe.bzimage code 24 = unsigned integer 8;
option ipxe.multiboot code 25 = unsigned integer 8;
option ipxe.slam code 26 = unsigned integer 8;
option ipxe.srp code 27 = unsigned integer 8;
option ipxe.nbi code 32 = unsigned integer 8;
option ipxe.pxe code 33 = unsigned integer 8;
option ipxe.elf code 34 = unsigned integer 8;
option ipxe.comboot code 35 = unsigned integer 8;
option ipxe.efi code 36 = unsigned integer 8;
option ipxe.fcoe code 37 = unsigned integer 8;
option ipxe.vlan code 38 = unsigned integer 8;
option ipxe.menu code 39 = unsigned integer 8;
option ipxe.sdi code 40 = unsigned integer 8;
option ipxe.nfs code 41 = unsigned integer 8;
# Other useful general options
# http://www.ietf.org/assignments/dhcpv6-parameters/dhcpv6-parameters.txt
option arch code 93 = unsigned integer 16;
@hildred
Copy link

hildred commented Oct 5, 2015

In ipxe-green.conf the tests for ipxe and gpxe on lines 24 and 37 are both theoretically fragile (user-class is supposed to be user definable) and unnecessary. By adding a fallback filename of ipce.pxe after line 67 to catch broken pxe clients and removing lines 24 through 41 you lose no functionality and stand a chance to boot broken pxe clients.

Additionally the arch definition in ipxe-option-space.conf lines 47 and following has multiple minor issues. It should be an array of unsigned integers as it is theoretically possible for a pxe client to support multiple architectures (although I have not seen this used in the wild and the first one is normally good enough).and it may conflict with more complete definitions elsewhere making it difficult to include this file in larger projects.

@MaxPeal
Copy link

MaxPeal commented Sep 17, 2017

can you add the to the option:
option ipxe.san-filename code 188 = string;

@robinsmidsrod
Copy link
Author

@MaxPeal I've added the san-filename option now.

@robinsmidsrod
Copy link
Author

@hildred I know it's a long time since you mentioned the things, but do you have a version of this gist the way you feel it should look? Then it'd be easier me to find out exactly what is different and possibly incorporate some of it into this version.

@NiKiZe
Copy link

NiKiZe commented Jan 2, 2018

@robinsmidsrod I agree with @hildred, removing the if clauses for user-class should give the same end result but without risk of falling out, just add a final filename "ipxe.pxe";instead of # Unsupported client architecture type, so do nothing in the last else and it should be safe for all cases.

@robinsmidsrod
Copy link
Author

@NiKiZe @hildred I've made some changes in line with your comments. What do you think about it? Looks better as a basic example?

@NiKiZe
Copy link

NiKiZe commented Feb 23, 2018

@robinsmidsrod nice, it is easier to follow, and I can't see any way that this can create any negative results. Awesome!

@JanRK
Copy link

JanRK commented Jul 20, 2020

I was trying to find how to chainload using ipxe and not dhcp. I ended up making this script:

#!ipxe

:version_check
set latest_version 1.20.1+ (g3662)
echo ${cls}
iseq ${version} ${latest_version} && goto version_up2date ||
echo
echo Updated version of iPXE is available:
echo
echo Running version.....${version}
echo Updated version.....${latest_version}
echo
echo Attempting to chain to latest version...
chain --autofree http://pxe.local/ipxe.lkrn ||

:version_up2date

@NiKiZe
Copy link

NiKiZe commented Aug 6, 2021

Have spent some time to create almost identical config for those in need of a Proxy DHCP setup using dnsmasq

In there we also discussed that EFI now supports iSCSI by default, so it would probably make sense to move and exists ipxe.iscsi to directly after the and exists ipxe.menu line

@robinsmidsrod
Copy link
Author

Just FYI, I'm not using this anymore, as I've moved over to the new (maintained) ISC KEA DHCP server, which supports both IPv4 and IPv6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment