[CentOS] EFI netboot to kickstart install

Thu Oct 22 13:03:43 UTC 2015
Jonathan Billings <billings at negate.org>

On Thu, Oct 22, 2015 at 02:25:21AM +0000, Grant Street wrote:
> Hello All
> Up until now we have been using standard PXE boot to do kick start
> installs of centos boxes. With recent machines however they come by
> default as EFI boot. We can set them to legacy but I would like to
> solve this before this option goes away. 
> 
> Just wondering if anyone has any experience setting up a net boot
> server that can be used to kickstart EFI machines? 

In my experience, getting our HP workstations to PXE boot from the
UEFI ipv4 network boot took some extra work.  I have dnsmasq installed
on the PXE/TFTP server.

Our PXE server is not the DHCP server for the environment.  The
central DHCP system is configured to have our PXE server's IP as the
"next-server", and the file name as "/uefi/bootx64.efi".  I set up
TFTP to serve out the bootx64.efi (which is just the GRUB2 EFI
executable).

The tricky part is that for whatever reason, our UEFI PXE boot
firmware requires that the next-server that handles the TFTP requests
also answer Proxy DHCP requests.  I ended up having a dnsmasq
configuration that looked like this:

# Limit DHCP server to only handle proxy-dhcp
dhcp-range=<IP OF THIS SERVER>,proxy
dhcp-alternate-port=4011,4011
log-dhcp
dhcp-boot=pxelinux.0
dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-boot=tag:efi-x86_64,/uefi/bootx64.efi
#disable DNS
port=0

Then I have a /grub/grub.cfg installed at the root of my TFTP
directory, which the bootx64.efi reads from once it has been
downloaded and executed.

I'm not certain *why* uefi requires proxy-dhcp, it might be an
artifact of how our DHCP service runs or it might be a requirement for
UEFI netbooting on our hardware.  Also, in my experience, it doesn't
actually care what my dnsmasq server says for dhcp-boot (I've tried
alternate executables), because it uses the filename from the original
DHCP request.  But it wouldn't boot without getting an answer from the
proxy-dhcp server.

-- 
Jonathan Billings <billings at negate.org>