feat: provide 'snp.efi' and recommend it over 'ipxe.efi'

Fixes #1042 Signed-off-by: Andrey Smirnov <[email protected]>
siderolabs · Apr 6, 2023 · e433504 · e433504
1 parent 71390a3
commit e433504
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 23 deletions.
diff --git a/app/sidero-controller-manager/internal/ipxe/patch.go b/app/sidero-controller-manager/internal/ipxe/patch.go
@@ -19,12 +19,22 @@ import (
 // BIOS amd64 undionly.pxe is compressed, so we instead patch uncompressed version and compress it back using zbin.
 // (zbin is built with iPXE).
 func PatchBinaries(script []byte) error {
-	if err := patchScript("/var/lib/sidero/ipxe/amd64/ipxe.efi", "/var/lib/sidero/tftp/ipxe.efi", script); err != nil {
-		return err
-	}
-
-	if err := patchScript("/var/lib/sidero/ipxe/arm64/ipxe.efi", "/var/lib/sidero/tftp/ipxe-arm64.efi", script); err != nil {
-		return err
+	for _, name := range []string{"ipxe", "snp"} {
+		if err := patchScript(
+			fmt.Sprintf("/var/lib/sidero/ipxe/amd64/%s.efi", name),
+			fmt.Sprintf("/var/lib/sidero/tftp/%s.efi", name),
+			script,
+		); err != nil {
+			return err
+		}
+
+		if err := patchScript(
+			fmt.Sprintf("/var/lib/sidero/ipxe/arm64/%s.efi", name),
+			fmt.Sprintf("/var/lib/sidero/tftp/%s-arm64.efi", name),
+			script,
+		); err != nil {
+			return err
+		}
 	}
 
 	if err := patchScript("/var/lib/sidero/ipxe/amd64/kpxe/undionly.kpxe.bin", "/var/lib/sidero/ipxe/amd64/kpxe/undionly.kpxe.bin.patched", script); err != nil {

diff --git a/website/content/v0.6/Getting Started/expose-services.md b/website/content/v0.6/Getting Started/expose-services.md
@@ -33,7 +33,7 @@ It is a good idea to verify that the services are exposed as you think they
 should be.
 
 ```bash
-$ curl -I http://192.168.1.150:8081/tftp/ipxe.efi
+$ curl -I http://192.168.1.150:8081/tftp/snp.efi
 HTTP/1.1 200 OK
 Accept-Ranges: bytes
 Content-Length: 1020416

diff --git a/website/content/v0.6/Getting Started/prereq-dhcp.md b/website/content/v0.6/Getting Started/prereq-dhcp.md
@@ -23,12 +23,22 @@ but they all use the same DHCP metadata key.
 In fact, we have as many as six different client types:
 
 - Legacy BIOS-based PXE boot (undionly.kpxe via TFTP)
-- UEFI-based PXE boot (ipxe.efi via TFTP)
-- UEFI HTTP boot (ipxe.efi via HTTP URL)
+- UEFI-based PXE boot (snp.efi/ipxe.efi via TFTP)
+- UEFI HTTP boot (snp.efi/ipxe.efi via HTTP URL)
 - iPXE (boot.ipxe via HTTP URL)
 - UEFI-based PXE arm64 boot (ipxe-arm64.efi via TFTP)
 - UEFI HTTP boot on arm64 (ipxe-arm64.efi via HTTP URL)
 
+## UEFI iPXE modules
+
+There are two iPXE modules available with Sidero Metal:
+
+- `snp.efi` uses iPXE network drivers to configure networking.
+- `ipxe.efi` uses the UEFI network drivers to configure networking.
+
+It is recommended to use `snp.efi` for UEFI-based PXE boot, since it is more reliable.
+However, some UEFI implementations do not support `snp.efi` and require `ipxe.efi` instead.
+
 ## Common client types
 
 If you are lucky and all of the machines in a given DHCP zone can use the same
@@ -38,17 +48,17 @@ options:
 - `Server-Name` (option 66) with the IP of the Sidero TFTP service
 - `Bootfile-Name` (option 67) with the appropriate value for the boot client type:
   - Legacy BIOS PXE boot: `undionly.kpxe`
-  - UEFI-based PXE boot: `ipxe.efi`
-  - UEFI HTTP boot: `http://sidero-server-url/tftp/ipxe.efi`
+  - UEFI-based PXE boot: `snp.efi` (fallback to `ipxe.efi` if `snp.efi` doesn't work)
+  - UEFI HTTP boot: `http://sidero-server-url/tftp/ipxe.efi` (fallback to `ipxe.efi` if `snp.efi` doesn't work)
   - iPXE boot: `http://sidero-server-url/boot.ipxe`
-  - arm64 UEFI PXE boot: `ipxe-arm64.efi`
-  - arm64 UEFI HTTP boot: `http://sidero-server-url/tftp/ipxe-arm64.efi`
+  - arm64 UEFI PXE boot: `snp-arm64.efi` (fallback to `ipxe-arm64.efi` if `snp-arm64.efi` doesn't work)
+  - arm64 UEFI HTTP boot: `http://sidero-server-url/tftp/ipxe-arm64.efi` (fallback to `ipxe-arm64.efi` if `snp-arm64.efi` doesn't work)
 
 In the ISC DHCP server, these options look like:
 
 ```text
 next-server 172.16.199.50;
-filename "ipxe.efi";
+filename "snp.efi";
 ```
 
 ## Multiple client types
@@ -83,14 +93,14 @@ class "biosclients" {
 # Configuration for UEFI-based PXE boot
 class "pxeclients" {
   match if not exists user-class and substring (option vendor-class-identifier, 0, 9) = "PXEClient";
-  filename "ipxe.efi";
+  filename "snp.efi";
 }
 
 # Configuration for UEFI-based HTTP boot
 class "httpclients" {
   match if not exists user-class and substring (option vendor-class-identifier, 0, 10) = "HTTPClient";
   option vendor-class-identifier "HTTPClient";
-  filename "http://172.16.199.50/tftp/ipxe.efi";
+  filename "http://172.16.199.50/tftp/snp.efi";
 }
 ```
 

diff --git a/website/content/v0.6/Getting Started/troubleshooting.md b/website/content/v0.6/Getting Started/troubleshooting.md
@@ -57,7 +57,7 @@ TFTP service is available at the IP you are advertising via DHCP.
 
 ```bash
   $ atftp 172.16.199.50
-  tftp> get ipxe.efi
+  tftp> get snp.efi
 ```
 
 TFTP is an old, slow protocol with very little feedback or checking.

diff --git a/website/content/v0.6/Guides/bootstrapping.md b/website/content/v0.6/Guides/bootstrapping.md
@@ -62,7 +62,7 @@ allow bootp;
 allow booting;
 
 next-server 192.168.1.150;
-filename "ipxe.efi"; # use "undionly.kpxe" for BIOS netboot or "ipxe.efi" for UEFI netboot
+filename "snp.efi"; # use "undionly.kpxe" for BIOS netboot or "snp.efi" for UEFI netboot
 
 host talos-mgmt-0 {
     fixed-address 192.168.254.2;
@@ -89,9 +89,9 @@ allow booting;
 next-server 192.168.1.150;
 
 if option system-arch = 00:0b {
-    filename "ipxe-arm64.efi";
+    filename "snp-arm64.efi";
 } else {
-    filename "ipxe.efi";
+    filename "snp.efi";
 }
 
 host talos-mgmt-0 {

diff --git a/website/content/v0.6/Guides/first-cluster.md b/website/content/v0.6/Guides/first-cluster.md
@@ -63,9 +63,9 @@ if exists user-class and option user-class = "iPXE" {
     # UEFI
     if substring (option vendor-class-identifier, 0, 10) = "HTTPClient" {
       option vendor-class-identifier "HTTPClient";
-      filename "http://192.168.254.2:8081/tftp/ipxe.efi";
+      filename "http://192.168.254.2:8081/tftp/snp.efi";
     } else {
-      filename "ipxe.efi";
+      filename "snp.efi";
     }
   }
 }
@@ -79,7 +79,7 @@ host talos-mgmt-0 {
 There are multiple ways to boot the via iPXE:
 
 - if the node has built-in iPXE, direct URL to the iPXE script can be used: `http://192.168.254.2:8081/boot.ipxe`.
-- depending on the boot mode (BIOS or UEFI), either `ipxe.efi` or `undionly.kpxe` can be used (these images contain embedded iPXE scripts).
+- depending on the boot mode (BIOS or UEFI), either `snp.efi` or `undionly.kpxe` can be used (these images contain embedded iPXE scripts).
 - iPXE binaries can be delivered either over TFTP or HTTP (HTTP support depends on node firmware).
 
 ## Register the Servers