The default behavior for the cray-ipxe service is to build iPXE binaries with a well known name. However, to help
prevent untrusted access to the iPXE binaries, sites may manually customize the iPXE binary names to a site-specific
value. The site may further change the iPXE binary names periodically to further obfuscate and prevent access.
This procedure requires administrative privileges.
-
Edit the
cray-ipxe-settingsConfigMap using one of the following options.NOTESave a backup of the ConfigMap before making any changes.The following is an example of creating a backup:
kubectl get configmap -n services cray-ipxe-settings \ -o yaml > /root/cray-ipxe-settings-backup.yaml -
Within the ConfigMap, edit the following keys to set the desired iPXE binary names.
iPXE Binary ConfigMap Key Name Default Value Regular iPXE cray_ipxe_binary_nameipxe.efiDebug iPXE cray_ipxe_debug_binary_namedebug-ipxe.efiNOTEDo not change thecray_ipxe_binary_name_activeorcray_ipxe_debug_binary_name_activekeys in thecray-ipxe-settingsConfigMap. Thecray-ipxebuilder will automatically update these keys with the name of the currently built iPXE images once they are available.-
Option 1: Edit the
cray-ipxe-settingsConfigMap directly.kubectl edit configmap -n services cray-ipxe-settings
-
Option 2: Edit the ConfigMap by saving the file, editing it, and reloading the ConfigMap.
-
Save the file.
kubectl get configmap -n services cray-ipxe-settings \ -o yaml > /root/cray-ipxe-settings.yaml -
Edit the
cray-ipxe-settings.yamlfile.vi /root/cray-ipxe-bss-ipxe.yaml
-
Reload the ConfigMap.
Deleting and recreating the ConfigMap will reload it.
kubectl delete configmap -n services cray-ipxe-settings kubectl create -f /root/cray-ipxe-settings.yaml
-
-
The cray-ipxe builder will detect the configuration change and rebuild the iPXE binaries within 30 to 90 seconds. Upon
successfully building the newly named binaries, the cray-ipxe builder will delete the old binaries from the shared file
system.