PXE-assisted provisioning with cloud-based Edge Orchestrator#

Note

This is an experimental feature. PXE provisioning is dedicated for OXM Deployment Profile.

The PXE-assisted boot can also be used with the cloud-based Edge Orchestrator. However, this option requires a PXE server to be deployed locally on site. The local PXE server must provide Edge Orchestrator’s iPXE script to Edge Nodes booting via PXE.

The following deployment scenarios are possible:

  1. Deploy Edge OrchestratorPXE server in the standalone mode

    A reference topology for this deployment scenario is depicted below:

    EIM PXE server with cloud-based |software_prod_name|

    Use this option if:

    • You want full automation of the PXE server and lifecycle management with Kubernetes, and

    • You already have a local Kubernetes cluster deployed that can run PXE server, and

    • You don’t want or cannot modify the local DHCP server to provide PXE boot info and TFTP artifacts, and

    • Your local network allows for Proxy-DHCP mode (co-existing of two DHCP servers).

  2. Modify your local DHCP server to provide PXE boot info and iPXE script via TFTP.

    In this scenario you don’t need to deploy any additional PXE server. Instead, you will leverage your local, already-existing DHCP server as the PXE server. Looking at the above diagram, the PXE server would be part of the Local DHCP server.

    The DHCP/TFTP configuration depends on the vendor of a local DHCP server. We provide a reference configuration for dnsmasq (see Extra: Example dnsmasq configuration for enabling PXE capabilities).

    Use this option if:

    • You don’t want to deploy additional Kubernetes cluster to run PXE server, and

    • You cannot use Proxy-DHCP mode (e.g., it is blocked by local DHCP spoofing/guarding rules), so you must use your default DHCP server to serve both dynamic IP address assignment and PXE boot info.

  3. Deploy your own PXE server.

    You can always deploy a DHCP and TFTP server implementation of your choice. You only need to download the iPXE script, configure your TFTP server to provide the iPXE script and configure DHCP server to provide PXE boot info.

Download iPXE script from Edge Orchestrator#

Regardless of the deployment option, the first step is to download the iPXE script from Edge Orchestrator:

wget https://tinkerbell-nginx.CLUSTER_FQDN/tink-stack/signed_ipxe.efi --no-check-certificate --no-proxy

Note

Replace CLUSTER_FQDN with the FQDN of the Edge Orchestrator.

Deploy Edge OrchestratorPXE server in the standalone mode#

Prerequisites:

  1. Up and running Kubernetes cluster.

  2. Ensure you Download iPXE script from Edge Orchestrator.

Download the PXE server Helm chart and deploy it. The following installation parameters are required:

  • interface must be set to the name of the network interface that is connected to the L2 subnet from where Edge Nodes are expected to start PXE booting.

  • bootServerIP must be set to the IP address assigned to the interface.

  • subnetAddress must be set to the IP subnet address. For example, the IP subnet address of 192.168.160.0/24 is 192.168.160.0.

  • path-to-ipxe must be the full path to the downloaded iPXE script on your local disk.

Note

Be aware that the PXE server will be deployed with hostNetwork: true, so the PXE server Pod will have access to host networking. This is required to intercept L2 broadcast DHCP packets.

https://github.com/open-edge-platform/infra-charts.git
helm install pxe-server ./infra-charts/pxe-server/ \
  --set global.registry.name="registry-rs.edgeorchestration.intel.com/edge-orch/" \
  --set config.interface=<interface-name>,config.bootServerIP=<boot-server-IP>,config.subnetAddress=<subnetAddress>,standaloneMode.enabled=true,standaloneMode.ipxePath="<path-to-ipxe>"

Once executed, check the pxe-server Pod status. If you see it in the Running state, you can proceed to Onboard Edge Nodes with PXE-assisted boot.

Extra: Example dnsmasq configuration for enabling PXE capabilities#

The below configuration snippet provides default dnsmasq settings to enable PXE capabilities. Note it’s only a reference. You should follow best practices to harden your PXE server configuration. See dnsmasq documentation for more details.

Note

ipxe.efi is expected to be placed under /var/lib/tftp.

interface=<interface> # provide your interface name
bind-interfaces

dhcp-match=set:pxe,60,PXEClient
dhcp-match=set:efi64,option:client-arch,7
pxe-service=tag:pxe,tag:efi64,x86-64_EFI,"Network Boot UEFI x86_64",ipxe.efi,<bootServerIP>

enable-tftp
tftp-root=/var/lib/tftp
tftp-no-blocksize