dnsmasq issues with tftp

dylz

Hi guys,

I’m having trouble getting tftp to work using dnsmasq. I followed the wiki and set up dnsmasq, and can get the client to retrieve an IP address and begin the tftp process from the server @ 192.168.0.66 but it fails to retrieve any files and fails.

This is my output for .fogsettings

ipaddress='192.168.0.66'
copybackold='0'
interface='enp1s0'
submask='255.255.255.0'
routeraddress=''
plainrouter=''
dnsaddress=''
username='technician'
password="password"
osid='2'
osname='Debian'
dodhcp='n'
bldhcp='0'
dhcpd='isc-dhcp-server'
blexports='1'
installtype='N'
snmysqluser='root'
snmysqlpass=''
snmysqlhost='localhost'
installlang='0'
storageLocation='/images'
fogupdateloaded=1
docroot='/var/www/'
webroot='/fog/'
caCreated='yes'
startrange='192.168.0.115'
endrange='192.168.0.130'
bootfilename='undionly.kpxe'
packages='apache2 bc build-essential cpp curl g++ gawk gcc gzip htmldoc lftp libapache2-mod-php7.1 libc6 libcurl3 m4 mysql-client mysql-server net-tools nfs-kernel-server openssh-server php7.1 php7.1-bcmath php7.1-cli php7.1-curl php7.1-fpm php7.1-gd php7.1-json php7.1-ldap php7.1-mbstring php7.1-mcrypt php7.1-mysql php-gettext tar tftpd-hpa tftp-hpa unzip vsftpd wget xinetd zlib1g'
noTftpBuild=''
notpxedefaultfile=''
sslpath='/opt/fog/snapins/ssl/'
backupPath=''
php_ver='7.1'
php_verAdds='-7.1'
sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
## End of FOG Settings

And the output for ltsp.conf for dnsmasq:

# Sample configuration for dnsmasq to function as a proxyDHCP server,
# enabling LTSP clients to boot when an external, unmodifiable DHCP
# server is present.
# The main dnsmasq configuration is in /etc/dnsmasq.conf;
# the contents of this script are added to the main configuration.
# You may modify the file to suit your needs.

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Dnsmasq can also function as a TFTP server. You may uninstall
# tftpd-hpa if you like, and uncomment the next line:
# enable-tftp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# The boot filename.
dhcp-boot=undionly.kpxe, 192.168.0.66

# rootpath option, for NFS
dhcp-option=17,/images

# kill multicast
dhcp-option=vendor:PXEClient,6,2b

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Press F8 for boot menu", 3

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
pxe-service=X86PC, "Boot from network", pxelinux

# A boot service type of 0 is special, and will abort the
# net boot procedure and continue booting from local media.
pxe-service=X86PC, "Boot from local hard disk", 0

# If an integer boot service type, rather than a basename is given, then the
# PXE client will search for a suitable boot service for that type on the
# network. This search may be done by multicast or broadcast, or direct to a
# server if its IP address is provided.
# pxe-service=x86PC, "Install windows from RIS server", 1

# This range(s) is for the public interface, where dnsmasq functions
# as a proxy DHCP server providing boot information but no IP leases.
# Any ip in the subnet will do, so you may just put your server NIC ip here.
# Since dnsmasq is not providing true DHCP services, you do not want it
# handing out IP addresses.  Just put your servers IP address for the interface
# that is connected to the network on which the FOG clients exist.
# If this setting is incorrect, the dnsmasq may not start, rendering
# your proxyDHCP ineffective.
dhcp-range=192.168.0.66,proxy

# This range(s) is for the private network on 2-NIC servers,
# where dnsmasq functions as a normal DHCP server, providing IP leases.
# dhcp-range=192.168.0.20,192.168.0.250,8h

# For static client IPs, and only for the private subnets,
# you may put entries like this:
# dhcp-host=00:20:e0:3b:13:af,10.160.31.111,client111,infinite

Once again, appreciate any help with this guys.

Dyl

george1421

Well I see a conflict here. I see you have isc-dhcp server loaded in your configuration AND you are using dnsmasq. Which one do you want to use?

In regards to dnsmasq first confirm you are running dnsmasq version 2.76 or newer by keying this into the fog server linux command prompt. dnsmasq -v Hopefully the response looks like this:

Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify

If so then please use my ltsp.conf, completely replacing yours.

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# The boot filename, Server name, Server Ip Address
dhcp-boot=undionly.kpxe,,<fog_server_IP>

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# inspect the vendor class string and match the text to set the tag
dhcp-vendorclass=BIOS,PXEClient:Arch:00000
dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
dhcp-vendorclass=UEFI,PXEClient:Arch:00007
dhcp-vendorclass=UEFI64,PXEClient:Arch:00009

# Set the boot file name based on the matching tag from the vendor class (above)
dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,<fog_server_IP>
dhcp-boot=net:UEFI,ipxe.efi,,<fog_server_IP>
dhcp-boot=net:UEFI64,ipxe.efi,,<fog_server_IP>

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Booting FOG Client", 1

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
pxe-service=X86PC, "Boot to FOG", undionly.kpxe
pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi

dhcp-range=<fog_server_ip>,proxy

Don’t forget to replace the <fog_server_ip> tags with the IP address of your fog server.

Ref: https://forums.fogproject.org/topic/8725/compiling-dnsmasq-2-76-if-you-need-uefi-support/5

Now for the isc-dhcp server. You need to decide what really will be your dhcp server for the subnet where the fog server is. It can be the fog server if you are imaging on an isolated network, or it can be your building dhcp server if you want to image using your existing infrastructure.

If you have an isolated imaging network then you can use isc-dhcp server for everything, dnsmasq is not required and will actually confuse things. If you want to image on your current production network and your production network dhcp server isn’t capable of sending out the pxe boot options, then you can use dnsmasq in concert with your existing dhcp server.

You just need to pick a path and we can help you get there.

dylz

@george1421 Thanks for getting back. I’ll explain the situation. I work for a computer repair shop and our IT support is outsourced so I don’t have any access to the router. All the machines that we’ll be imaging are on the same subnet (192.168.0.0/24) and received DHCP info from the router/gateway at 192.168.0.1. If things get really tough I suppose I could contact support and ask them to change some settings on the DHCP server but I’d rather find a work around.

I’m totally new to dnsmasq and isc-dhcp so to be honest I’m not 100% sure what the best route to take is. It looks from what you’ve explained that dnsmasq is probably the best path for me.

dnsmasq is on version 2.78 and I got the same response as yourself.

I’ve now replaced the ltsp.conf file to what you recommended. Whats next?

george1421

@dylz OK your current configuration is supported by FOG so lets first make sure you only have one true dhcp server on your network.

Lets ensure you don’t have isc-dhcp server running on your FOG server. You can find out by running this command.
ps aux|grep isc-dhcp
The response should only be one line that has your grep command in it. If you see isc-dhcp-server with a few parameters then isc-dhcp server is running. We need to disable with these commands.
sudo systemctl stop isc-dhcp-server
sudo systemctl disable isc-dhcp-server

Now with isc-dhcp server off line and should not restart, then lets ensure that dnsmasq is running. In my configuration dnsmasq will only supply pxe boot information to augment what your main dhcp server provides. So lets run the command for first enable dnsmasq to load at each reboot then we will (re)start the dnsmasq service.
sudo systemctl enable dnsmasq
sudo systemctl restart dnsmasq

Now we can check to see if dnsmasq is running with
sudo systemctl status dnsmasq
and/or see if its listening on the dhcp port
sudo netstat -an|grep 67
You should see a response like

sudo netstat -an|grep 67
udp        0      0 0.0.0.0:67              0.0.0.0:*                          

If that is the case then dnsmasq is up and running. Understand that dnsmasq doesn’t change your network only provide additional pxe booting information. If you power off your fog server your network will run just fine, with the exception of pxe booting. Boot your fog server then pxe booting will work.

That should be all you need to do. My config of ltsp.conf supports pxe booting both bios (legacy) as well as uefi based systems. As a system rebuilder you may see both kinds on your campus. Also as a system rebuilder you will probably take advantage of the pxe boot to Quick Image or Deploy image from the FOG iPXE menu. This allows you to image a machine without needing to register it. There is no need to register it since FOG will never see the target computer post deployment again, so no need to have fog remember it.

dylz

@george1421 you are the man!

Finally getting to see the PXE menu. I haven’t tried to deploy or capture an image yet but it seems like it should work no problem. One thing though… when trying to live boot an ISO (DLC, True Image, etc.) I get the error =:

El Torito BVD sanity check failed
El Torito boot catalog sanity check failed

MEMDISK: bootstrap too large to load.

Any ideas?

P.S sorry for the late reply. UK time!

Sebastian Roth

@dylz Great to see you could make it work and got to the FOG boot menu.

Please don’t mix up different topics in one thread. It’s way easier for others to follow if we stick to one topic a time. You have a thread on booting ISOs open already and the last message says you figured out that DLC just doesn’t boot in UEFI mode. That’s the way it is. If you have more questions I’d say you better open a new thread for that.