From d2b82dbcd1ec731a4a751b325a04e63052de83ff Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Wed, 9 Dec 2015 02:00:07 -0800 Subject: [PATCH] ipxe: Add ipxe boot server Vagrantfile --- vagrant/README.md | 33 +++++++----- vagrant/ipxe/Vagrantfile | 32 +++++++++++ vagrant/ipxe/config.rb | 12 +++++ vagrant/ipxe/scripts/ipxe.sh | 75 ++++++++++++++++++++++++++ vagrant/pixiecore/scripts/pixiecore.sh | 2 - 5 files changed, 140 insertions(+), 14 deletions(-) create mode 100644 vagrant/ipxe/Vagrantfile create mode 100644 vagrant/ipxe/config.rb create mode 100644 vagrant/ipxe/scripts/ipxe.sh diff --git a/vagrant/README.md b/vagrant/README.md index edad3ad7..2e70613e 100644 --- a/vagrant/README.md +++ b/vagrant/README.md @@ -1,6 +1,6 @@ -# Vagrant Development +# Vagrant Boot Servers -`pxe` and `pixiecore` provide Vagrantfiles and scripts for setting up a PXE or Pixiecore provisioning server in libvirt for development. +The `pxe`, `ipxe`, and `pixiecore` Vagrantfiles setup example PXE, iPXE, or Pixiecore boot/provisioner servers which can each be used to boot libvirt VM clients on a shared network into CoreOS and provision them with a simple cloud-config. This illustrates how the different network boot server setups work. To get started, install the dependencies @@ -9,31 +9,40 @@ To get started, install the dependencies ## Usage -Create a PXE or Pixiecore server VM with `vagrant up`. +Select one of the boot servers and create a boot server VM with `vagrant up`. vagrant up --provider libivrt vagrant ssh -The PXE server will allocate DHCP leases, run a TFTP server with a CoreOS kernel image and init RAM fs, and host a cloud-config over HTTP. The Pixiecore server itself is a proxy DHCP, TFTP, and HTTP server for images. +The **PXE server** uses dnsmasq for DHCP and TFTP and an HTTP server. DHCP grants authoritative DHCP leases on 192.168.32.0/24 and the boot server has static IP 192.168.32.10. TFTP serves the `pxelinux.0` bootloader, default pxelinux cfg, kernel image, and init RAM filesystem image. The HTTP server hosts a cloud config with a configurable authorized SSH key. -By default, the PXE server runs at 192.168.32.10 on the `vagrant-pxe` virtual network. The Pixiecore server runs at 192.168.33.10 on the `vagrant-pixiecore` virtual network. +The **iPXE server** uses dnsmasq for DHCP and TFTP and an HTTP server. DHCP grants authoritative DHCP leases on 192.168.34.0/24 and the boot server has static IP 192.168.34.10. TFTP serves the `undionly.kpxe` bootloader. The HTTP server hosts a boo.ipxe config script, the kernel image, the init RAM filesystem, and a cloud config with a configurable authorized SSH key. + +The **Pixiecore server** itself is a proxy DHCP server, TFTP server, and HTTP server for `lpxelinux.0`, the kernel image, and init RAM filesystem image. The network is configured to grant DHCP leases in 192.168.33.0/24 and the boot server has static IP address 192.168.33.10. A standalone HTTP server is used to serve the cloud-config with a configurable authorized SSH key. + + and will grant DHCP leases, run a TFTP server with a CoreOS kernel image and init RAM fs, and host a cloud-config over HTTP. + +### Configuration + +The Vagrantfile parses the `config.rb` file for several configurable variables including + +* network_range +* server_ip +* dhcp_range +* ssh_authorized_keys ### Clients -Once the provisioning server has started, PXE boot enabled client VMs in the same network should boot with CoreOS. +Any of the boot servers allow PXE boot enabled client VMs in the same network to boot into CoreOS and configure themselves with cloud-config. -Launch `virt-manager` to create a new virtual machine. When prompted, select Network Boot (PXE), skip adding a disk, and choose the `vagrant-libvirt` network. +Launch `virt-manager` to create a new virtual machine. When prompted, select Network Boot (PXE), skip adding a disk, and choose the `vagrant-pxe`, `vagrant-ipxe`, or `vagrant-pixiecore` network. -If you see "Nothing" to boot, try force resetting the client VM. +If you see "Nothing to boot", try force resetting the client VM, there can be DHCP contention on Vagrant. Use SSH to connect to a client VM after boot and cloud-config succeed. The CLIENT_IP will be visible in the virt-manager console. ssh core@CLIENT_IP # requires ssh_authorized_keys entry in cloud-config -### Configuration - -The Vagrantfile parses the `config.rb` file for several variables you can use to configure network settings. - ### Reload If you change the Vagrantfile or a configuration variable, reload the VM with diff --git a/vagrant/ipxe/Vagrantfile b/vagrant/ipxe/Vagrantfile new file mode 100644 index 00000000..d2605bed --- /dev/null +++ b/vagrant/ipxe/Vagrantfile @@ -0,0 +1,32 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +require 'fileutils' + +CONFIG = File.join(File.dirname(__FILE__), "config.rb") + +if File.exist?(CONFIG) + require CONFIG +end + +Vagrant.configure(2) do |config| + config.vm.box = "fedora/23-cloud-base" + + # Create a public network with a static IP address + config.vm.network "public_network", ip: $ipxe_server_ip, dev: "wlp3s0" + + # Provider Specific Configuration + config.vm.provider :libvirt do |libvirt| + libvirt.cpus = 1 + libvirt.memory = 1024 + libvirt.management_network_name = "vagrant-ipxe" + libvirt.management_network_address = $network_range + end + + # Provision an iPXE Server + config.vm.provision :shell do |s| + s.privileged = true + s.path = "scripts/ipxe.sh" + s.args = [$ipxe_server_ip, $dhcp_range, $ssh_authorized_key] + end +end diff --git a/vagrant/ipxe/config.rb b/vagrant/ipxe/config.rb new file mode 100644 index 00000000..0414fc19 --- /dev/null +++ b/vagrant/ipxe/config.rb @@ -0,0 +1,12 @@ + +# Vagrant Network CIDR +$network_range="192.168.34.0/24" + +# iPXE Server IP, must be from the network_range +$ipxe_server_ip="192.168.34.10" + +# DHCP range dnsmasq should serve, must be a subset of network_range +$dhcp_range="192.168.34.2,192.168.34.254,12h" + +# SSH Authorized Key for client CoreOS instances +$ssh_authorized_key="AAAAB3NzaC1yc2EAAAADAQABAAACAQC+LB/Ory3Io1t2MKSB9PHR6Fk7IGVssQOFZwrCY5hnwjCYm1HxPyv3OLI13AJ2aCJTyvPsJje9A6SkXtLRDhsRFyl4T+S+2cYaMC9GSezEoR+0Ecq2yRTX/BAT4nQKclUNNuXV7Duh3EwdbLoJaFbPhoNmaQdsgkwF92uengx1YLumB8zvpGuYrJCz01gVeDeMnjU9j8a+US+Uu17ySugYPX99LampNL3hLG0MqP1uDyDKFXkAhwRDSdidHiLdZ4pbb4Rdo0FNYMjVUIxCDzt5hgu7qPKvjl8Iq/tpcA9J5Ofnp3rmbLH/Lkujrz/GfIRVyoxI28VxaPTe7c/zUvZILMbwEGVYlKhT+RKOF+0t4nIJ0KxgG89mE3EayeJflvR/R5QnIkM7KBCCo2g1diVZ8ITl91YJ+AKpKEZREBj2MyecNq3z9souwGkJPLLDNiT/2YEHCqRfExztqmnc0T9jIG0EQMXlqQLcUDZQ7+FGirriS4gBcrw9fsrtmJEhd+xY8oxu3RsAjKDOJHkHj0X941LhvNBn13neHlLOl71tmL+OByny5B+R+5NVqPzoIE9M7i5/Jor1h61kWoYO7l8vgAeTlZCPWk09sH8ogLxZuXqbdhaXCZt7mTHOfjx4fy0YXlHpMgrTbur+Bbv4oVUvpo7wyhPOc4bm0SZlptom2w== dghubble@gmail.com" \ No newline at end of file diff --git a/vagrant/ipxe/scripts/ipxe.sh b/vagrant/ipxe/scripts/ipxe.sh new file mode 100644 index 00000000..3a9c8b7b --- /dev/null +++ b/vagrant/ipxe/scripts/ipxe.sh @@ -0,0 +1,75 @@ +#!/bin/bash -e +# Usage: Setup an iPXE server + + +IPXE_SERVER_IP=$1 +DHCP_RANGE=$2 +SSH_AUTHORIZED_KEYS=$3 + +# Sanity +dnf install -yq vim + +# dnsmasq - your all in one TFTP +dnf install -yq dnsmasq + +cp /etc/dnsmasq.conf /etc/dnsmasq.old +cat << EOF > "/etc/dnsmasq.conf" +dhcp-range=$DHCP_RANGE +dhcp-authoritative +enable-tftp +tftp-root=/var/lib/tftpboot +# set tag "ipxe" if request comes from iPXE ("iPXE" user class) +dhcp-userclass=set:ipxe,iPXE +# if PXE request came from regular firmware, TFTP serve iPXE firmware +dhcp-boot=tag:!ipxe,undionly.kpxe +# if PXE request comes from iPXE, HTTP serve an iPXE boot script +dhcp-boot=tag:ipxe,http://$IPXE_SERVER_IP/boot.ipxe +log-queries +log-dhcp +conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig +EOF + +# Create TFTP root directory +if [ ! -d "/var/lib/tftpboot" ]; then + mkdir -p "/var/lib/tftpboot" +fi + +# TFTP undionly.kpxe +dnf install -yq wget +wget -q -O /var/lib/tftpboot/undionly.kpxe http://boot.ipxe.org/undionly.kpxe +restorecon -R /var/lib/tftpboot + +systemctl enable dnsmasq +systemctl start dnsmasq + +# HTTP hosted kernel, initramfs, cloud-config +dnf install -yq httpd + +cat << EOF > "/var/www/html/boot.ipxe" +#!ipxe +set base-url http://stable.release.core-os.net/amd64-usr/current +kernel http://$IPXE_SERVER_IP/coreos_production_pxe.vmlinuz cloud-config-url=http://$IPXE_SERVER_IP/cloud-config.yml +initrd http://$IPXE_SERVER_IP/coreos_production_pxe_image.cpio.gz +boot +EOF + +# Kernel image and initramfs over HTTP +wget -q -O /var/www/html/coreos_production_pxe.vmlinuz http://stable.release.core-os.net/amd64-usr/current/coreos_production_pxe.vmlinuz +wget -q -O /var/www/html/coreos_production_pxe_image.cpio.gz http://stable.release.core-os.net/amd64-usr/current/coreos_production_pxe_image.cpio.gz + +cat << EOF > "/var/www/html/cloud-config.yml" +#cloud-config +coreos: + units: + - name: etcd2.service + command: start + - name: fleet.service + command: start +ssh_authorized_keys: + - ssh-rsa $SSH_AUTHORIZED_KEYS +EOF + +systemctl enable httpd +systemctl start httpd + +echo "Done" diff --git a/vagrant/pixiecore/scripts/pixiecore.sh b/vagrant/pixiecore/scripts/pixiecore.sh index 1937b878..c671da1e 100644 --- a/vagrant/pixiecore/scripts/pixiecore.sh +++ b/vagrant/pixiecore/scripts/pixiecore.sh @@ -1,7 +1,5 @@ #!/bin/bash -e # Usage: Setup a Pixiecore Server - -# ./pxe.sh IP SSH_KEY # ./pixiecore.sh "192.168.33.10" "AABC.... name" PIXIECORE_SERVER_IP=$1