Configure Baremetal PXE-UEFI Boot

A high level overview of how a baremetal node in the Fedora Infra gets booted via UEFI is as follows.
  • Server powered on

  • Gets ip via dhcp

  • DHCP server uses next-server command to point the Server to next contact the tftpboot server and retrieve grub.cfg

  • tftpboot serves grub.cfg

  • Sysadmin manually chooses the correct UEFI menu to boot

  • tftpboot serves kernel and initramfs to the server

  • Server boots with kernel and initramfs, and retrieves ingition file from os-control01

UEFI Configuration

The configuration for UEFI booting is contained in the grub.cfg config which is not currently under source control. It is located on the batcave01 at: /srv/web/infra/bigfiles/tftpboot2/uefi/grub.cfg.

The following is a sample configuration to install a baremetal OCP4 worker in the Staging cluster.

menuentry 'RHCOS 4.8 worker staging' {
  linuxefi images/RHCOS/4.8/x86_64/rhcos-4.8.2-x86_64-live-kernel-x86_64 ip=dhcp nameserver=10.3.163.33 coreos.inst.install_dev=/dev/sda coreos.live.rootfs_url=http://10.3.166.50/rhcos/rhcos-4.8.2-x86_64-live-rootfs.x86_64.img coreos.inst.ignition_url=http://10.3.166.50/rhcos/worker.ign
  initrdefi images/RHCOS/4.8/x86_64/rhcos-4.8.2-x86_64-live-initramfs.x86_64.img
}

Any new changes must be made here. Writing to this file requires one to be a member of the sysadmin-main group, so best to instead create a ticket in the Fedora Infra issue tracker with patch request. See the following PR for inspiration.

Pushing new changes out to the tftpboot server

To push out changes made to the grub.cfg the following playbook should be run, which requires sysadmin-noc group permissions:

sudo rbac-playbook groups/noc.yml -t 'tftp_server,dhcp_server'

On the noc01 instance the grub.cfg file is located at /var/lib/tftpboot/uefi/grub.cfg

If particular changes to OS images for example, are required, they should be made on the noc01 instance directly at /var/lib/tftpboot/images/. This will require users to be in the sysadmin-noc group.