Skip to content

Datacenter Pxe Provisioning

← Back to all decks

12 cards — 🟢 3 easy | 🟡 6 medium | 🔴 3 hard

🟢 Easy (3)

1. Describe the PXE boot sequence from power-on to OS installer start.

Show answer Server powers on, NIC firmware sends a DHCP DISCOVER, DHCP server responds with an IP address plus next-server (TFTP IP) and filename (bootloader path). Server downloads the bootloader via TFTP, bootloader loads the kernel and initrd, kernel starts the installer (Kickstart/Preseed/Autoinstall) which partitions disks and installs the OS.

2. Why is TFTP used in PXE boot and what is its major limitation?

Show answer TFTP (Trivial File Transfer Protocol) is used because it is simple enough to implement in NIC firmware ROM with minimal code. Its major limitation is performance: it transfers data in 512-byte blocks with no windowing, making large file transfers (like 50-100MB initrd images) extremely slow and prone to timeouts on congested networks.

3. What are the stages of the bare-metal provisioning lifecycle?

Show answer The lifecycle stages are: Rack and Cable, OOB Setup (BMC/IPMI config), BIOS Configuration, PXE Boot, OS Install, Post-Install validation, Production deployment, and eventually Decommission/Reprovision. The goal is zero-touch provisioning where a newly racked server bootstraps itself to production-ready state automatically.

🟡 Medium (6)

1. What are DHCP options 66 and 67 (next-server and filename) and why are they critical for PXE?

Show answer Option 66 (next-server) tells the PXE client the IP address of the TFTP server to fetch the bootloader from. Option 67 (filename) specifies the bootloader file path, such as pxelinux.0 for BIOS or ipxe/snponly.efi for UEFI. Without these options, a PXE client receives an IP but has no bootloader to download and simply skips network boot.

2. What is iPXE chainloading and why is it preferred over plain PXE?

Show answer iPXE chainloading means PXE first downloads a small iPXE binary via TFTP, then iPXE takes over and downloads the kernel and initrd via HTTP instead of TFTP. HTTP is 10-50x faster, supports retries gracefully, and allows dynamic boot scripts. The iPXE script can customize boot behavior per MAC address using variables.

3. What is Kickstart and what are its key sections for automated OS installation?

Show answer Kickstart is Red Hat/CentOS's automated installer. Key sections include: install source (url), language/keyboard/timezone, rootpw, network config, disk layout (zerombr, clearpart, autopart), %packages (package selection), and %post (post-install scripts for bootstrap, SSH keys, config management registration). A fully configured Kickstart enables unattended installation.

4. What are the key infrastructure components in a bare-metal provisioning architecture?

Show answer A provisioning architecture requires: an isolated provisioning VLAN for PXE traffic, a DHCP+TFTP server (often dnsmasq) for IP assignment and bootloader delivery, an HTTP server (nginx) hosting OS images and kickstart files, a configuration management system (Ansible) for post-install config, and a CMDB/inventory system to track provisioned assets.

5. How do you set a server to PXE boot on next reboot using IPMI and Redfish?

Show answer Via IPMI: "ipmitool -I lanplus -H -U admin -P pass chassis bootdev pxe" sets one-time PXE boot. Via Redfish: PATCH /redfish/v1/Systems/ with {"Boot": {"BootSourceOverrideTarget": "Pxe", "BootSourceOverrideEnabled": "Once"}}. Both set a one-time override that reverts to normal boot order after the next reboot.

6. How do you generate per-host Kickstart files for a fleet of servers?

Show answer Create a Kickstart template with placeholders (%%HOSTNAME%%, %%IP%%, %%GATEWAY%%) and a CSV inventory of hostnames, MACs, IPs, and gateways. A script iterates over the inventory, substituting values with sed, and writes each Kickstart file named by MAC address to the HTTP server. The iPXE script then requests the Kickstart URL using the client's MAC.

🔴 Hard (3)

1. How do you configure DHCP to serve different bootloaders for UEFI vs Legacy BIOS clients?

Show answer Use DHCP option architecture matching: if option arch equals 00:07 (EFI x64), serve "ipxe/snponly.efi" or "grubx64.efi"; if 00:00 (BIOS), serve "pxelinux.0". Modern servers default to UEFI, so a PXE setup that only serves pxelinux.0 will silently fail for UEFI clients -- they will skip PXE and boot from disk instead.

2. What should a post-install validation script check before a server enters production?

Show answer Validate hardware (CPU count, RAM size, disk presence), OS services (sshd, chronyd running, NTP synchronized), network connectivity (gateway ping, DNS resolution, provisioning server reachable), and security (SELinux enforcing, no leftover private keys). Exit non-zero on any failure so automation can catch provisioning errors before workload placement.

3. Why must you configure serial console parameters when PXE-booting headless servers?

Show answer Headless servers have no video output. Without serial console parameters (console=tty0 console=ttyS1,115200n8) in the kernel command line, the installer runs on an invisible display and may hang waiting for interactive input. You must also ensure the Kickstart is fully unattended and configure GRUB and systemd getty for serial output.