-
-
Save robinsmidsrod/4008017 to your computer and use it in GitHub Desktop.
ddns-update-style none; | |
deny bootp; #default | |
authoritative; | |
include "/etc/dhcp/ipxe-option-space.conf"; | |
# GREEN (private network) | |
subnet 10.1.1.0 netmask 255.255.255.0 { | |
range 10.1.1.100 10.1.1.199; | |
option subnet-mask 255.255.255.0; | |
option routers 10.1.1.1; # firewall.smidsrod.lan | |
default-lease-time 3600; | |
max-lease-time 86400; | |
option domain-name "smidsrod.lan"; | |
option domain-search "smidsrod.lan"; | |
option domain-name-servers 10.1.1.1; # firewall.smidsrod.lan | |
option ntp-servers 132.163.97.3,132.163.97.2; # time.nist.gov | |
option log-servers 10.1.1.2; # core.smidsrod.lan | |
option lpr-servers 10.1.1.8; # laserjet.smidsrod.lan | |
include "/etc/dhcp/ipxe-green.conf"; | |
} | |
use-host-decl-names on; | |
include "/etc/dhcp/static.conf"; |
# For information on valid values for option arch, see these links: | |
# https://git.ipxe.org/ipxe.git/commitdiff/af9afd0a86aeac1eed28b5028c3de669515fc7fc | |
# https://git.ipxe.org/ipxe.git/blob/HEAD:/src/include/ipxe/dhcp.h#l275 | |
# https://www.rfc-editor.org/errata_search.php?rfc=4578 | |
# | |
# I like to use native iPXE drivers (they're faster and more stable), so | |
# give ipxe.pxe/ipxe.efi to all non-iPXE clients, use undionly.kpxe/snponly.efi | |
# only if you have unsupported or misbehaving NICs. | |
allow bootp; | |
allow booting; | |
next-server 10.1.1.2; # core.smidsrod.lan | |
# Disable ProxyDHCP, we're in control of the primary DHCP server | |
option ipxe.no-pxedhcp 1; | |
# Make sure the iPXE we're loading supports the features we need, if not | |
# load a full-featured version. See ipxe-option-space.conf for definitions. | |
if exists ipxe.http | |
and exists ipxe.menu | |
and exists ipxe.nfs # NB: not enabled in iPXE by default | |
and ( | |
( exists ipxe.pxe | |
and exists ipxe.bzimage | |
and exists ipxe.elf | |
and exists ipxe.comboot # NB: not enabled in iPXE by default | |
and exists ipxe.iscsi | |
) or ( | |
exists ipxe.efi | |
) | |
) { | |
filename "nfs://nas.smidsrod.lan/raid/boot/boot.ipxe"; | |
#filename "http://boot.smidsrod.lan/boot.ipxe"; | |
} elsif option arch = 00:09 { # EFI BC | |
} elsif option arch = 00:08 { # EFI Xscale | |
} elsif option arch = 00:07 { | |
# EFI x86-64 (Intel x86 64-bit EFI mode) | |
# - most commonly used on newer hardware | |
filename "ipxe-x64.efi"; | |
#filename "snponly-x64.efi"; | |
} elsif option arch = 00:06 { | |
# EFI IA32 (Intel x86 32-bit EFI mode) | |
# - almost never seen in the wild | |
filename "ipxe-x86.efi"; | |
#filename "snponly-x86.efi"; | |
} elsif option arch = 00:05 { # Intel Lean Client | |
} elsif option arch = 00:04 { # Arc x86 | |
} elsif option arch = 00:03 { # DEC Alpha | |
} elsif option arch = 00:02 { # EFI Itanium | |
} elsif option arch = 00:01 { # NEC/PC98 | |
} else { | |
# Intel x86PC (Intel x86 32-bit legacy BIOS mode) | |
# - technically option arch = 00:00, but we use it as fallback | |
filename "ipxe.pxe"; | |
#filename "undionly.kpxe"; | |
} |
# Declare the iPXE/gPXE/Etherboot option space | |
option space ipxe; | |
option ipxe-encap-opts code 175 = encapsulate ipxe; | |
# iPXE options, can be set in DHCP response packet | |
option ipxe.priority code 1 = signed integer 8; | |
option ipxe.keep-san code 8 = unsigned integer 8; | |
option ipxe.skip-san-boot code 9 = unsigned integer 8; | |
option ipxe.syslogs code 85 = string; | |
option ipxe.cert code 91 = string; | |
option ipxe.privkey code 92 = string; | |
option ipxe.crosscert code 93 = string; | |
option ipxe.no-pxedhcp code 176 = unsigned integer 8; | |
option ipxe.bus-id code 177 = string; | |
option ipxe.san-filename code 188 = string; | |
option ipxe.bios-drive code 189 = unsigned integer 8; | |
option ipxe.username code 190 = string; | |
option ipxe.password code 191 = string; | |
option ipxe.reverse-username code 192 = string; | |
option ipxe.reverse-password code 193 = string; | |
option ipxe.version code 235 = string; | |
option iscsi-initiator-iqn code 203 = string; | |
# iPXE feature flags, set in DHCP request packet | |
option ipxe.pxeext code 16 = unsigned integer 8; | |
option ipxe.iscsi code 17 = unsigned integer 8; | |
option ipxe.aoe code 18 = unsigned integer 8; | |
option ipxe.http code 19 = unsigned integer 8; | |
option ipxe.https code 20 = unsigned integer 8; | |
option ipxe.tftp code 21 = unsigned integer 8; | |
option ipxe.ftp code 22 = unsigned integer 8; | |
option ipxe.dns code 23 = unsigned integer 8; | |
option ipxe.bzimage code 24 = unsigned integer 8; | |
option ipxe.multiboot code 25 = unsigned integer 8; | |
option ipxe.slam code 26 = unsigned integer 8; | |
option ipxe.srp code 27 = unsigned integer 8; | |
option ipxe.nbi code 32 = unsigned integer 8; | |
option ipxe.pxe code 33 = unsigned integer 8; | |
option ipxe.elf code 34 = unsigned integer 8; | |
option ipxe.comboot code 35 = unsigned integer 8; | |
option ipxe.efi code 36 = unsigned integer 8; | |
option ipxe.fcoe code 37 = unsigned integer 8; | |
option ipxe.vlan code 38 = unsigned integer 8; | |
option ipxe.menu code 39 = unsigned integer 8; | |
option ipxe.sdi code 40 = unsigned integer 8; | |
option ipxe.nfs code 41 = unsigned integer 8; | |
# Other useful general options | |
# http://www.ietf.org/assignments/dhcpv6-parameters/dhcpv6-parameters.txt | |
option arch code 93 = unsigned integer 16; |
@MaxPeal I've added the san-filename option now.
@hildred I know it's a long time since you mentioned the things, but do you have a version of this gist the way you feel it should look? Then it'd be easier me to find out exactly what is different and possibly incorporate some of it into this version.
@robinsmidsrod I agree with @hildred, removing the if clauses for user-class should give the same end result but without risk of falling out, just add a final filename "ipxe.pxe";
instead of # Unsupported client architecture type, so do nothing
in the last else
and it should be safe for all cases.
@robinsmidsrod nice, it is easier to follow, and I can't see any way that this can create any negative results. Awesome!
I was trying to find how to chainload using ipxe and not dhcp. I ended up making this script:
#!ipxe
:version_check
set latest_version 1.20.1+ (g3662)
echo ${cls}
iseq ${version} ${latest_version} && goto version_up2date ||
echo
echo Updated version of iPXE is available:
echo
echo Running version.....${version}
echo Updated version.....${latest_version}
echo
echo Attempting to chain to latest version...
chain --autofree http://pxe.local/ipxe.lkrn ||
:version_up2date
Have spent some time to create almost identical config for those in need of a Proxy DHCP setup using dnsmasq
In there we also discussed that EFI now supports iSCSI by default, so it would probably make sense to move and exists ipxe.iscsi
to directly after the and exists ipxe.menu
line
can you add the to the option:
option ipxe.san-filename code 188 = string;