PXE Boot Installation

Starting from version 0.2.0, Harvester can be installed automatically. This document provides an example to do an automatic installation with PXE boot.

We recommend using iPXE to perform the network boot. It has more features than the traditional PXE Boot program and is likely available in modern NIC cards. If the iPXE firmware is not available for your NIC card, the iPXE firmware images can be loaded from the TFTP server first.

To see sample iPXE scripts, please visit Harvester iPXE Examples.

Prerequisite

Nodes need to have at least 8 GiB of RAM because the installer loads the full ISO file into tmpfs.

PXE Boot Installation - 图1info

The installer automatically checks if the hardware meets the minimum requirements for production use. If any of the checks fail, installation will be stopped. To override this behavior, set either the configuration file option install.skipchecks=true or the kernel parameter harvester.install.skipchecks=true.

Preparing HTTP Servers

An HTTP server is required to serve boot files. Let’s assume the NGINX HTTP server’s IP is 10.100.0.10, and it serves the /usr/share/nginx/html/ directory with the path http://10.100.0.10/.

Preparing Boot Files

  • Download the required files from the Harvester releases page.

    • The ISO: harvester-<version>-amd64.iso
    • The kernel: harvester-<version>-vmlinuz-amd64
    • The initrd: harvester-<version>-initrd-amd64
    • The rootfs squashfs image: harvester-<version>-rootfs-amd64.squashfs
  • Serve the files.

    Copy or move the downloaded files to an appropriate location so they can be downloaded via the HTTP server. For example:

    1. sudo mkdir -p /usr/share/nginx/html/harvester/
    2. sudo cp /path/to/harvester-<version>-amd64.iso /usr/share/nginx/html/harvester/
    3. sudo cp /path/to/harvester-<version>-vmlinuz-amd64 /usr/share/nginx/html/harvester/
    4. sudo cp /path/to/harvester-<version>-initrd-amd64 /usr/share/nginx/html/harvester/
    5. sudo cp /path/to/harvester-<version>-rootfs-amd64.squashfs /usr/share/nginx/html/harvester/

Preparing iPXE Boot Scripts

When performing an automatic installation, there are two modes:

  • CREATE: we are installing a node to construct an initial Harvester cluster.
  • JOIN: we are installing a node to join an existing Harvester cluster.

Harvester v1.3.0 introduces roles that you can assign to nodes to support different scenarios. For more information, see Harvester Configuration.

CREATE Mode

PXE Boot Installation - 图2caution

Security Risks: The configuration file below contains credentials which should be kept secret. Please do not make the configuration file publicly accessible.

Create a Harvester configuration file called config-create.yaml for CREATE mode. Modify the values as needed:

  1. # cat /usr/share/nginx/html/harvester/config-create.yaml
  2. scheme_version: 1
  3. token: token # Replace with a desired token
  4. os:
  5. hostname: node1 # Set a hostname. This can be omitted if DHCP server offers hostnames
  6. ssh_authorized_keys:
  7. - ssh-rsa ... # Replace with your public key
  8. password: p@ssword # Replace with your password
  9. ntp_servers:
  10. - 0.suse.pool.ntp.org
  11. - 1.suse.pool.ntp.org
  12. install:
  13. mode: create
  14. management_interface: # available as of v1.1.0
  15. interfaces:
  16. - name: ens5
  17. default_route: true
  18. method: dhcp
  19. bond_options:
  20. mode: balance-tlb
  21. miimon: 100
  22. device: /dev/sda # The target disk to install
  23. # data_disk: /dev/sdb # It is recommended to use a separate disk to store VM data
  24. iso_url: http://10.100.0.10/harvester/harvester-<version>-amd64.iso
  25. # tty: ttyS1,115200n8 # For machines without a VGA console
  26. vip: 10.100.0.99 # The VIP to access the Harvester GUI. Make sure the IP is free to use
  27. vip_mode: static # Or dhcp, check configuration file for more information
  28. # vip_hw_addr: 52:54:00:ec:0e:0b # Leave empty when vip_mode is static

For machines that needs to be installed using CREATE mode, the following is an iPXE script that boots the kernel with the above config:

  1. #!ipxe
  2. kernel harvester-<version>-vmlinuz ip=dhcp net.ifnames=1 rd.cos.disable rd.noverifyssl console=tty1 root=live:http://10.100.0.10/harvester/rootfs.squashfs harvester.install.automatic=true harvester.install.config_url=http://10.100.0.10/harvester/config-create.yaml
  3. initrd harvester-<version>-initrd
  4. boot

This assumes the iPXE script is stored in /usr/share/nginx/html/harvester/ipxe-create.

PXE Boot Installation - 图3note

If you have multiple network interfaces, you can leverage dracut’s ip= parameter to specify the booting interface and any other network configurations that dracut supports (e.g., ip=eth1:dhcp). See man dracut.cmdline for more information.

Use ip= parameter to designate the booting interface only, as we only support one single ip= parameter.

JOIN Mode

PXE Boot Installation - 图4caution

Security Risks: The configuration file below contains credentials which should be kept secret. Please do not make the configuration file publicly accessible.

Create a Harvester configuration file called config-join.yaml for JOIN mode. Modify the values as needed:

  1. # cat /usr/share/nginx/html/harvester/config-join.yaml
  2. scheme_version: 1
  3. server_url: https://10.100.0.99:443 # Should be the VIP set up in "CREATE" config
  4. token: token
  5. os:
  6. hostname: node2
  7. ssh_authorized_keys:
  8. - ssh-rsa ... # Replace with your public key
  9. password: p@ssword # Replace with your password
  10. dns_nameservers:
  11. - 1.1.1.1
  12. - 8.8.8.8
  13. install:
  14. mode: join
  15. management_interface: # available as of v1.1.0
  16. interfaces:
  17. - name: ens5
  18. default_route: true
  19. method: dhcp
  20. bond_options:
  21. mode: balance-tlb
  22. miimon: 100
  23. device: /dev/sda # The target disk to install
  24. # data_disk: /dev/sdb # It is recommended to use a separate disk to store VM data
  25. iso_url: http://10.100.0.10/harvester/harvester-<version>-amd64.iso
  26. # tty: ttyS1,115200n8 # For machines without a VGA console

Note that the mode is join and the server_url needs to be provided.

For machines that needs to be installed in JOIN mode, the following is an iPXE script that boots the kernel with the above config:

  1. #!ipxe
  2. kernel harvester-<version>-vmlinuz ip=dhcp net.ifnames=1 rd.cos.disable rd.noverifyssl console=tty1 root=live:http://10.100.0.10/harvester/rootfs.squashfs harvester.install.automatic=true harvester.install.config_url=http://10.100.0.10/harvester/config-join.yaml
  3. initrd harvester-<version>-initrd
  4. boot

This assumes the iPXE script is stored in /usr/share/nginx/html/harvester/ipxe-join.

DHCP Server Configuration

PXE Boot Installation - 图5note

In the PXE installation scenario, you are required to add the routers option (option routers) when configuring the DHCP server. This option is used to add the default route on the Harvester host. Without the default route, the node will fail to start.

In the ISO installation scenario, when the management network interface is in DHCP mode, you are also required to add the routers option (option routers) when configuring the DHCP server.

For example:

  1. Harvester Host:~ # ip route
  2. default via 192.168.122.1 dev mgmt-br proto dhcp

For more information, see ISC DHCPv4 Option Configuration.

The following is an example of how to configure the ISC DHCP server to offer iPXE scripts:

  1. option architecture-type code 93 = unsigned integer 16;
  2. subnet 10.100.0.0 netmask 255.255.255.0 {
  3. option routers 10.100.0.10;
  4. option domain-name-servers 192.168.2.1;
  5. range 10.100.0.100 10.100.0.253;
  6. }
  7. group {
  8. # create group
  9. if exists user-class and option user-class = "iPXE" {
  10. # iPXE Boot
  11. if option architecture-type = 00:07 {
  12. filename "http://10.100.0.10/harvester/ipxe-create-efi";
  13. } else {
  14. filename "http://10.100.0.10/harvester/ipxe-create";
  15. }
  16. } else {
  17. # PXE Boot
  18. if option architecture-type = 00:07 {
  19. # UEFI
  20. filename "ipxe.efi";
  21. } else {
  22. # Non-UEFI
  23. filename "undionly.kpxe";
  24. }
  25. }
  26. host node1 { hardware ethernet 52:54:00:6b:13:e2; }
  27. }
  28. group {
  29. # join group
  30. if exists user-class and option user-class = "iPXE" {
  31. # iPXE Boot
  32. if option architecture-type = 00:07 {
  33. filename "http://10.100.0.10/harvester/ipxe-join-efi";
  34. } else {
  35. filename "http://10.100.0.10/harvester/ipxe-join";
  36. }
  37. } else {
  38. # PXE Boot
  39. if option architecture-type = 00:07 {
  40. # UEFI
  41. filename "ipxe.efi";
  42. } else {
  43. # Non-UEFI
  44. filename "undionly.kpxe";
  45. }
  46. }
  47. host node2 { hardware ethernet 52:54:00:69:d5:92; }
  48. }

The config file declares a subnet and two groups. The first group is for hosts to boot using CREATE mode and the other one is for JOIN mode. By default, the iPXE path is chosen, but if it sees a PXE client it offers the iPXE image according to the client architecture. Please prepare those images and a TFTP server first.

The Internet Systems Consortium (ISC) announced the final end-of-life (EOL) for ISC DHCP in 2022. ISC DHCP users are encouraged to migrate to the newer, feature-rich Kea DHCP, which the ISC designed for more modern network environments. If you are already using the Kea DHCPv4 server, check the following configuration example. For more information, see Kea DHCPv4 Configuration.

  1. "client-classes": [
  2. {
  3. "name": "iPXE UEFI/CREATE",
  4. "test": "option[user-class].exists and substring(option[user-class].hex,0,4) == 'iPXE' and option[client-system].hex == 0x0007",
  5. "boot-file-name": "http://10.100.0.10/harvester/ipxe-create-efi",
  6. "only-if-required": true
  7. },
  8. {
  9. "name": "iPXE non-UEFI/CREATE",
  10. "test": "option[user-class].exists and substring(option[user-class].hex,0,4) == 'iPXE' and not option[client-system].hex == 0x0007",
  11. "boot-file-name": "http://10.100.0.10/harvester/ipxe-create",
  12. "only-if-required": true
  13. },
  14. {
  15. "name": "iPXE UEFI/JOIN",
  16. "test": "option[user-class].exists and substring(option[user-class].hex,0,4) == 'iPXE' and option[client-system].hex == 0x0007",
  17. "boot-file-name": "http://10.100.0.10/harvester/ipxe-join-efi",
  18. "only-if-required": true
  19. },
  20. {
  21. "name": "iPXE non-UEFI/JOIN",
  22. "test": "option[user-class].exists and substring(option[user-class].hex,0,4) == 'iPXE' and not option[client-system].hex == 0x0007",
  23. "boot-file-name": "http://10.100.0.10/harvester/ipxe-join",
  24. "only-if-required": true
  25. },
  26. {
  27. "name": "PXE UEFI",
  28. "test": "option[user-class].exists and not substring(option[user-class].hex,0,4) == 'iPXE' and option[client-system].hex == 0x0007",
  29. "next-server": "10.100.0.20",
  30. "boot-file-name": "ipxe.efi"
  31. },
  32. {
  33. "name": "PXE non-UEFI",
  34. "test": "option[user-class].exists and not substring(option[user-class].hex,0,4) == 'iPXE' and option[client-system].hex == 0x0007",
  35. "next-server": "10.100.0.20",
  36. "boot-file-name": "undionly.kpxe"
  37. }
  38. ]
  39. "subnet4": [
  40. {
  41. "subnet": "10.100.0.0/24",
  42. "pools": [
  43. {
  44. "pool": "10.100.0.100 - 10.100.0.199",
  45. "require-client-classes" : [ "iPXE UEFI/CREATE", "iPXE non-UEFI/CREATE" ]
  46. }.
  47. {
  48. "pool": "10.100.0.200 - 10.100.0.253",
  49. "require-client-classes" : [ "iPXE UEFI/JOIN", "iPXE non-UEFI/JOIN" ]
  50. }
  51. ],
  52. "option-data": [
  53. {
  54. "name": "routers",
  55. "data": "10.100.0.10"
  56. }
  57. ],
  58. "reservations": [
  59. // assign ip address to the host for booting in CREATE mode
  60. {
  61. "hw-address": "52:54:00:6b:13:e2",
  62. "ip-address": "10.100.0.101"
  63. },
  64. // assign ip address to the host for booting in JOIN mode
  65. {
  66. "hw-address": "52:54:00:69:d5:92",
  67. "ip-address": "10.100.0.201"
  68. }
  69. ]
  70. }
  71. ]

Harvester Configuration

For more information about Harvester configuration, please refer to the Harvester configuration page.

By default, the first node will be the management node of the cluster. When there are 3 nodes, the other 2 nodes added first are automatically promoted to management nodes to form an HA cluster.

If you want to promote management nodes from different zones, you can add the node label topology.kubernetes.io/zone in the os.labels config. In this case, at least three different zones are required.

Users can also provide configuration via kernel parameters. For example, to specify the CREATE install mode, users can pass the harvester.install.mode=create kernel parameter when booting. Values passed through kernel parameters have higher priority than values specified in the config file.

UEFI HTTP Boot support

UEFI firmware supports loading a boot image from an HTTP server. This section demonstrates how to use UEFI HTTP boot to load the iPXE program and perform an automatic installation.

Serve the iPXE Program

Download the iPXE UEFI program from http://boot.ipxe.org/ipxe.efi and make sure ipxe.efi can be downloaded from the HTTP server. For example:

  1. cd /usr/share/nginx/html/harvester/
  2. wget http://boot.ipxe.org/ipxe.efi

The file now can be downloaded from http://10.100.0.10/harvester/ipxe.efi locally.

DHCP Server Configuration

If the user plans to use the UEFI HTTP boot feature by getting a dynamic IP first, the DHCP server needs to provide the iPXE program URL when it sees such a request. The following is an updated ISC DHCP server group example:

  1. group {
  2. # create group
  3. if exists user-class and option user-class = "iPXE" {
  4. # iPXE Boot
  5. if option architecture-type = 00:07 {
  6. filename "http://10.100.0.10/harvester/ipxe-create-efi";
  7. } else {
  8. filename "http://10.100.0.10/harvester/ipxe-create";
  9. }
  10. } elsif substring (option vendor-class-identifier, 0, 10) = "HTTPClient" {
  11. # UEFI HTTP Boot
  12. option vendor-class-identifier "HTTPClient";
  13. filename "http://10.100.0.10/harvester/ipxe.efi";
  14. } else {
  15. # PXE Boot
  16. if option architecture-type = 00:07 {
  17. # UEFI
  18. filename "ipxe.efi";
  19. } else {
  20. # Non-UEFI
  21. filename "undionly.kpxe";
  22. }
  23. }
  24. host node1 { hardware ethernet 52:54:00:6b:13:e2; }
  25. }

The elsif substring statement is new, and it offers http://10.100.0.10/harvester/ipxe.efi when it sees a UEFI HTTP boot DHCP request. After the client fetches the iPXE program and runs it, the iPXE program will send a DHCP request again and load the iPXE script from the URL http://10.100.0.10/harvester/ipxe-create-efi.

If you want to enable UEFI HTTP boot on the Kea DHCPv4 server, you must add a new client-class at the end of the client-classes.

Example:

  1. {
  2. "name": "HTTP",
  3. "test": "substring(option[vendor-class-identifier].hex,0,10) == 'HTTPClient'",
  4. "option-data": [
  5. {
  6. "name": "vendor-class-identifier",
  7. "data": "HTTPClient"
  8. }
  9. ],
  10. "boot-file-name": "http://10.100.0.10/harvester/ipxe.efi"
  11. }

The iPXE Script for UEFI Boot

It’s mandatory to specify the initrd image for UEFI boot in the kernel parameters. The following is an updated version of iPXE script for CREATE mode.

  1. #!ipxe
  2. kernel harvester-<version>-vmlinuz initrd=harvester-<version>-initrd ip=dhcp net.ifnames=1 rd.cos.disable rd.noverifyssl console=tty1 root=live:http://10.100.0.10/harvester/rootfs.squashfs harvester.install.automatic=true harvester.install.config_url=http://10.100.0.10/harvester/config-create.yaml
  3. initrd harvester-<version>-initrd
  4. boot

The parameter initrd=harvester-<version>-initrd is required.

Useful Kernel Parameters

Besides the Harvester configuration, you can also specify other kernel parameters that are useful in different scenarios. See also dracut.cmdline(7).

ip=dhcp

If you have multiple network interfaces, you could add the ip=dhcp parameter to get IP from the DHCP server from all interfaces.

rd.net.dhcp.retry=<cnt>

Failing to get IP from the DHCP server would cause iPXE booting to fail. You can add parameter rd.net.dhcp.retry=<cnt> to retry DHCP request for <cnt> times.

harvester.install.skipchecks=true

Installation is stopped if the hardware checks fail (because the minimum requirements for production use are not met). To override this behavior, set the kernel parameter harvester.install.skipchecks=true. When set to true, warning messages are still saved to /var/log/console.log, but the installation proceeds even if hardware requirements for production use are not met.

harvester.install.with_net_images=true

The installer does not preload images during installation and instead pulls all required images from the internet after installation is completed. Usage of this parameter is not recommended in most cases. For more information, see Net Install ISO.