Switching from undionly.kpxe to ipxe.efi...or...updating DNSMASQ to 2.79 on RHEL 6.9

drapalsfj

I am currently in charge of our FOG server after the departure of our former network admin, and anything i have done to the server has been done with a little luck and a little bit of guessing. I am barely competent with Linux so please keep that in mind.

We are attempting to use EFI on our newer computers for various reasons, and we are struggling with the transition from undionly.kpxe to ipxe.efi or something to that effect. I have full access to the FOG server but no access to the DHCP settings as I am one of my institutions technicians and not in the network dept. I worked with one of the network techs to change option 067 on WS2008, as i updated .fogsettings on my end to no avail. Is there more work that needs to be done to manually change over from undionly.kpxe to ipxe.efi?

I searched around for a while before coming across the idea of DNSMASQ (https://wiki.fogproject.org/wiki/index.php?title=ProxyDHCP_with_dnsmasq).

I ran the steps, modifying syntax where needed for RHEL, and then ran into a snag on compiling dnsmasq 2.79.

[root@fog2 dnsmasq-2.79]# make install
/root/dnsmasq-2.79/src/dnsmasq.h:146:34: error: nettle/nettle-meta.h: No such file or directory
/root/dnsmasq-2.79/src/dnsmasq.h:146:34: error: nettle/nettle-meta.h: No such file or directory
Package dbus-1 was not found in the pkg-config search path.
Perhaps you should add the directory containing `dbus-1.pc'
to the PKG_CONFIG_PATH environment variable
No package 'dbus-1' found
Package libidn was not found in the pkg-config search path.
Perhaps you should add the directory containing `libidn.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libidn' found
Package libnetfilter_conntrack was not found in the pkg-config search path.
Perhaps you should add the directory containing `libnetfilter_conntrack.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libnetfilter_conntrack' found
Package nettle was not found in the pkg-config search path.
Perhaps you should add the directory containing `nettle.pc'
to the PKG_CONFIG_PATH environment variable
No package 'nettle' found
Package hogweed was not found in the pkg-config search path.
Perhaps you should add the directory containing `hogweed.pc'
to the PKG_CONFIG_PATH environment variable
No package 'hogweed' found
Package dbus-1 was not found in the pkg-config search path.
Perhaps you should add the directory containing `dbus-1.pc'
to the PKG_CONFIG_PATH environment variable
No package 'dbus-1' found
Package libidn was not found in the pkg-config search path.
Perhaps you should add the directory containing `libidn.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libidn' found
Package libnetfilter_conntrack was not found in the pkg-config search path.
Perhaps you should add the directory containing `libnetfilter_conntrack.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libnetfilter_conntrack' found
Package nettle was not found in the pkg-config search path.
Perhaps you should add the directory containing `nettle.pc'
to the PKG_CONFIG_PATH environment variable
No package 'nettle' found
Package hogweed was not found in the pkg-config search path.
Perhaps you should add the directory containing `hogweed.pc'
to the PKG_CONFIG_PATH environment variable
No package 'hogweed' found
/root/dnsmasq-2.79/src/dnsmasq.h:146:34: error: nettle/nettle-meta.h: No such file or directory
/root/dnsmasq-2.79/src/dnsmasq.h:146:34: error: nettle/nettle-meta.h: No such file or directory
make[1]: Entering directory `/root/dnsmasq-2.79/src'
cc -Wall -W -O2   -DVERSION='"2.79"'           -c cache.c
In file included from cache.c:17:
dnsmasq.h:146:34: error: nettle/nettle-meta.h: No such file or directory
make[1]: *** [cache.o] Error 1
make[1]: Leaving directory `/root/dnsmasq-2.79/src'
make: *** [all] Error 2

Are these errors being thrown because RHEL 6.9 does not support that version of dnsmasq?
I ask that because of the vulnerability update information found here: https://access.redhat.com/errata/RHSA-2017:2839 references 2.48 as the version and not 2.76 as seen here: https://access.redhat.com/errata/RHSA-2017:2836

I grabbed 2.79 because it is the latest version, but i would love to get even 2.76 working because of the EFI support.

Any tips would be greatly appreciated. Thank you.

Wayne Workman

@drapalsfj This article would be of interest to you: https://wiki.fogproject.org/wiki/index.php?title=BIOS_and_UEFI_Co-Existence

drapalsfj

I ran through that a few weeks ago after confirming with our network team that we were on 2008. My fear is that I recommend to them updating our DHCP to WS2012 or later. Which would mean it would join the long line of other servers they are working on. The whopping 7 total staff that we have in our entire IT dept.

Wayne Workman

@drapalsfj Another option - run dnsmasq not on this RHEL server, but on something like Debian 9 that already has a newer version. You are not required to run the dnsmasq service on the same box that FOG is on. @george1421 is our resident dnsmasq guy if you want to make this work on rhel 6.9. I’d take the easier route if it were me and use a newer OS. up to you.

drapalsfj

If that is the case then perhaps we have another VM box on our server that could serve this function, just for dnsmasq.
I will keep that in mind. Thank you.

I was thinking about seeing if in the interim i could have my network team provision a new VM for me, and just port FOG over to an OS that isn’t as outdated. As i mentioned in my original post, i am not that affiliated with Linux but if i am going to have control over our FOG ecosystem, why not have it be something i can develop and document, and learn along the way.

george1421

@drapalsfj Centos 7 supports the required dnsmasq v 2.76 if you want to stay in the RHEL camp, or Ubuntu 17.04/Debian 9 if you want to hang with those kind of people.

george1421

I was able to get it to compile under centos 6. Basically just remove the defines listed in the wiki page.

#define HAVE_DBUS
#define HAVE_IDN
#define HAVE_IDN_STATIC
#define HAVE_CONNTRACK
#define HAVE_DNSSEC

Then compile it. You won’t have international support or dns, or connection tracking, but you won’t use them anyway.

I’ll upload what I compiled to a google drive in case you have no success on your end.

george1421

OK I worked a bit more with the build.

you can enable these features:

#define HAVE_DBUS
#define HAVE_CONNTRACK

If you install these rpm packages.
yum install dbus-devel libnetfilter_conntrack-devel
And then download and install this RPMS
http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el6/en/x86_64/rpmforge/RPMS/nettle-2.2-1.el6.rf.x86_64.rpm
http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el6/en/x86_64/rpmforge/RPMS/nettle-devel-2.2-1.el6.rf.x86_64.rpm

Then you can compile in more features. But again you are not using those functions at the moment.

drapalsfj

I got 2.76 working thanks to your response about skipping the #define grouping but after much forking my EFI booting PC still scoffs at the idea of doing something with iPXE. Per my meeting with them this morning my next move may be to ask my network team to spin up a 2012 or newer DHCP server, so that we can create multiple vendor classes.

george1421

@drapalsfj Once you have 2.76 then you need to use my config file for 2.76 or later. Once you have that you can pxe boot both firmware types. But if you are installing 2012 dhcp server that is a better longer term solution. If you need to circle back to dnsmasq let me know and we can finish your setup.