| title | excerpt | updated |
|---|---|---|
Manage your server reboot with the OVHcloud Link Aggregation feature (EN) |
Find out how to reboot your OVHcloud servers, working through your active private aggregation |
2025-01-28 |
This guide is designed to help you deploy all of the components and services you need to launch your OVHcloud solutions successfully in a fully private environment.
Get a private infrastructure without having to change the default configuration for your OVHcloud dedicated servers.
Warning
We have already carried out all our tests, qualifications and configuration validations, based on well-defined parameters and operating criteria, in order to offer you technical environments that are best adapted to your hardware.
Netboot (Network Boot) consists of using your network interface (in low-level mode) as a tool to select the boot of your operating system.
You can boot any system from a network volume, such as SAN or NFS. However, the system usually boots from a local volume: local disk, CD/DVD or USB.
As a reminder, we strongly advise against changing the default configurations: BIOS configuration, Boot Order, etc.
We have pre-configured this startup mechanism in our solutions, and have integrated all of our tools into it: netboot, monitoring, recycling, etc. If these settings were to be modified, our teams would no longer be able to perform the tasks dedicated to them under the conditions we have chosen, and above all, you could render the boot inoperative.
With OVHcloud dedicated servers, you can configure/declare your own networks.
Each server is equipped with at least 2 network interfaces, effectively functioning as aggregated links, ensuring redundancy in the event of failure.
You can therefore use/declare your public and private networks via our solution vRack.
We will present the case of dedicated server(s) configured in OLA mode, i.e. with only private networks.
This choice offers your infrastructure the best possible isolation/protection for your hosted service.
The only significant difference is that private networks do not have access to everything that does not belong to your infrastructure.
As a result, a server isolated by its private network prevents the boot mechanism. This means that when systems are booted via the Netboot (Network Boot) method, they are based on OVHcloud’s internal network and shared services.
A major component exists in 2 versions:
- PXE: Using a standardised client/server environment, based on BOOTP/DHCP/TFTP protocols, to enable boot/deployment through the client system network.
- iPXE: Using a more advanced, standardised client/server environment, based on HTTP, iSCSI, AoE, FCoE, Wi-Fi protocols to enable client system network boot/deployment.
List of components involved during startup:
- A DHCP server: Assigns a network configuration (lease with IP address) for a client machine that is attempting to boot.
- A TFTP service: Resources available across the network that will be queried by PXE and iXPE.
- The rEFInd solution, in the form of a BootLoader, was chosen because it was perfectly adapted. It will allow the search of boot sectors of client machines: local disk, USB, etc.
Here is a (logical) Netboot boot schema:
| Description/Details |
|---|
| 1. Sending a discover request to DHCP from the client machine (in broadcast) |
| 2. DHCP assigns an IP address to the client machine (offer/request/ack). iPXE binary recovery request |
| 3. iPXE binary TFTP recovery |
| 4. Loading iPXE binary as firmware |
| 5. iPXE firmware recovery request |
| 6. Retrieving the associated iPXE script in TFTP |
| 7. Running the iPXE script. Retrieving rEFInd resources: required binary and configuration file |
| 8. Running and loading the rEFInd binary |
| 9. rEFInd launches its scan task to identify boot sectors for local disks |
[!primary]
This description is as generic as possible, in order to remain clear, and so as not to add technical elements or constraints that go beyond our example. The aim of this scheme is to provide an overall view of the operating principle.
Warning
This article is intended for experienced users who have at least basic knowledge of the open-source world, as well as knowledge of system and network administration.
- Access to the OVHcloud Control Panel.
- At least one dedicated server with an operating system already installed.
- An additional dedicated server with the default network interfaces configured, namely public and private network access. This server will host all services (DHCP and TFTP). The operating system will be one of your choice.
- You must have all of the network interfaces for this server in private mode, which implies that you have already configured our OLA feature.
To check that your machine is eligible for our procedure, log in to the OVHcloud Control Panel and click on the
Bare Metal Cloud{.action} tab.Select your server and check that it is eligible for
OLA: OVHcloud Link Aggregationin theNetwork interfaces{.action} tab.
{.thumbnail}
{.thumbnail}
- Install the packages for DHCP/TFTP services.
- Perform the basic configuration for each service.
- Turn on your server.
Below is an example of a basic private infrastructure (layer 2 diagram):
Example:
- Services hosted/shared on Node 0.
- Only one Node 1 client machine with active OLA.
[!primary]
After booting the systems, and in order for DHCP services and optional services (DNS and NTP) to be fully functional, consider declaring/adding rules in the local firewall, via the private network interface of the machine hosting the services.
Below is a sample configuration file for your DHCP service.
Depending on your distribution, the tree may be different (dhcpd.conf).
In general, it is sufficient to:
- Declare a network interface for listening (waiting for requests).
- Specify the IP protocol version (v4 or v6).
- Enter a primary configuration file (as an example, see file below).
default-lease-time 7200;
max-lease-time 7200;
allow booting;
allow bootp;
allow unknown-clients;
###PXE###
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16;
option space ipxe;
option ipxe-encap-opts code 175 = encapsulate ipxe;
option ipxe.priority code 1 = signed integer 8;
option ipxe.keep-san code 8 = unsigned integer 8;
option ipxe.skip-san-boot code 9 = unsigned integer 8;
option ipxe.syslogs code 85 = string;
option ipxe.cert code 91 = string;
option ipxe.privkey code 92 = string;
option ipxe.crosscert code 93 = string;
option ipxe.no-pxedhcp code 176 = unsigned integer 8;
option ipxe.bus-id code 177 = string;
option ipxe.san-filename code 188 = string;
option ipxe.bios-drive code 189 = unsigned integer 8;
option ipxe.username code 190 = string;
option ipxe.password code 191 = string;
option ipxe.reverse-username code 192 = string;
option ipxe.reverse-password code 193 = string;
option ipxe.version code 235 = string;
option iscsi-initiator-iqn code 203 = string;
# Feature indicators
option ipxe.pxeext code 16 = unsigned integer 8;
option ipxe.iscsi code 17 = unsigned integer 8;
option ipxe.aoe code 18 = unsigned integer 8;
option ipxe.http code 19 = unsigned integer 8;
option ipxe.https code 20 = unsigned integer 8;
option ipxe.tftp code 21 = unsigned integer 8;
option ipxe.ftp code 22 = unsigned integer 8;
option ipxe.dns code 23 = unsigned integer 8;
option ipxe.bzimage code 24 = unsigned integer 8;
option ipxe.multiboot code 25 = unsigned integer 8;
option ipxe.slam code 26 = unsigned integer 8;
option ipxe.srp code 27 = unsigned integer 8;
option ipxe.nbi code 32 = unsigned integer 8;
option ipxe.pxe code 33 = unsigned integer 8;
option ipxe.elf code 34 = unsigned integer 8;
option ipxe.comboot code 35 = unsigned integer 8;
option ipxe.efi code 36 = unsigned integer 8;
option ipxe.fcoe code 37 = unsigned integer 8;
option ipxe.vlan code 38 = unsigned integer 8;
option ipxe.menu code 39 = unsigned integer 8;
option ipxe.sdi code 40 = unsigned integer 8;
option ipxe.nfs code 41 = unsigned integer 8;
subnet 192.168.1.0 netmask 255.255.255.240 {
range 192.168.1.2 192.168.1.5;
option broadcast-address 192.168.1.15;
option routers 192.168.1.1;
ping-check = 1;
next-server 192.168.1.1; # Determines the IP of your tftp server
if option arch = 00:07 { # Determines the architecture type, here 64 bits
if exists user-class and option user-class = "iPXE" {
filename "refind.pxe"; # Determines the script called by the binary
} else {
filename "ipxe.efi"; # Determines iPXE binary
}
} else if option arch = 00:06 { # Determines the architecture type, here 32 bits
if exists user-class and option user-class = "iPXE" {
filename "refind.pxe"; # Determines the script called by the binary
} else {
filename "ipxe32.efi"; # Determines iPXE binary
}
}
}
# Declare each host here
host node_1 {
hardware ethernet xx:xx:xx:xx:xx:xx;
server-name "node_1";
}Details:
- Private network (e.g. 192.168.1.0/28)
subnet_mask: 255.255.255.240broadcast_address: 192.168.1.15dns_servers: See optional chapterntp_servers: See optional chapterdefault_router: 192.168.1.1next-server: 192.168.1.1host: Client machine namehardware ethernet: Client machine hardware address (MAC)server-name: Client hostname machine
Depending on your distribution, there are several packages performing the TFTP server function.
For example: tftp-server, tftpd, tftpd-hpa or atftpd.
[!primary]
The installation tree may be different depending on the version of the package and the operating system you are using.
What you need to know:
- This service uses port 69 (UDP).
- It is mandatory to declare a "target" directory, corresponding to a local tree that will be used for receiving and downloading files.
Configuration example with tftpd-hpa software:
# /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="TFTP_server_address:69"
TFTP_OPTIONS="--secure"We will use the path /srv/tftp as an example, and upload the necessary files:
root@node_0:/srv/tftp# tree
.
|-- ipxe.efi
|-- ipxe32.efi
|-- refind.conf
|-- refind.pxe
`-- refind_x64.efi- File contents
refind.pxe:
#!ipxe
echo Boot to local disk
iseq ${platform} efi && goto is_efi_x86_64 || goto end
:is_efi_x86_64
echo EFI boot mode
# Retrieve configuration file
imgfetch --name refind.conf tftp://${next-server}/refind.conf
# Load rEFIND binary
imgfetch --name refind tftp://${next-server}/refind_x64.efi
chain refind
:end
echo Chain on hard drive failed
sleep 10
exit 1- File contents
refind.conf:
This involves integrating the minimum guidelines for proper integration with OVHcloud SI.
timeout 1
default_selection 1
hideui hwtest
hideui hints
banner_scale
textonly
scanfor internal
uefi_deep_legacy_scan
scan_delay 0
Below is a preview of what you get when displaying a UEFI Netboot (default):
Corresponds to steps 1 through 8.
{.thumbnail}
Corresponds to the result of steps 8 and 9.
{.thumbnail}
Above, we have the rEFInd bootloader loaded on a machine with a debian system installed.
You will find on this link the resources used to develop our tests and examples throughout this presentation. They can be used as templates, depending on your needs.
We also recommend deploying DNS and NTP services.
These are not necessary for the system startup phases, so not imposed in this procedure. They are, however, among the services that will be important in the future, especially for the stability of your infrastructure.
You can use the local table for each Node, i.e. the /etc/hosts file, or you can use a service like dnsmasq.
It is strongly recommended that you use an NTP service, especially if your infrastructure includes several machines.
- List of ports to authorise on your local firewall (on the machine hosting the services):
- NTP port 123
- DNS port 53
Understanding and customising your DHCP service
Understanding and customising your iPXE service
Understanding and customising your rEFInd service
Discovering and understanding NTP
Discovering and understanding Dnsmasq
Join our community of users.