DHCP server to allow clients to boot via TFTP / PXE

radjunior · May 18, 2021, 12:51 AM

I have a Linux Debian where I installed the DHCP server and the FOG Project, following the tutorials I realized that I must configure my DHCP server to allow booting via TFTP / PXE, but I don’t know where to change these options.

My DHCP Server:

My network interface:

Tutorials:
Server DHCP: https://www.youtube.com/watch?v=hqS_EuQA6pQ&ab_channel=BósonTreinamentos

FOGProject: https://www.youtube.com/watch?v=207As548aNw&ab_channel=PracticalITwithJeremyLeik

radjunior · May 20, 2021, 9:39 AM

@sebastian-roth Previously I had installed Debian and installed the isc-dhcp-server package and fog in it, configured both with the same IP, a dynamic scope for boot, all according to Example 1
From that I started to find errors as presented in this topic, It was then that I had the idea of separating a VM for each one and I opted for the windows server as a DHCP server, I only changed option 66 and 67, filename = snponly.efi to boot UEFI and it worked.

Edit: You can mark this topic as resolved

george1421 · May 18, 2021, 3:47 PM

@radjunior If you selected dhcp server when you installed FOG then it would have created a configuration similar to this: https://wiki.fogproject.org/wiki/index.php/BIOS_and_UEFI_Co-Existence#Example_1

You can use this example and merge it into your current dhcp server configuration. This configuration will allow dynamic pxe booting and will supply the proper boot file name based on the type of pxe booting computer (bios vs uefi)

radjunior · May 18, 2021, 3:47 PM

@george1421
I applied the settings and got the following result:

UEFI Boot

Boot Legacy

My settings:

DHCP server: 192.168.1.22
FOG Server: 192.168.1.22
Stations: 192.168.1.100 - 150

The problem is that in UEFI he downloads the file “undionly.kpxe” but I was unable to proceed

/etc/dhcp/dhcpd.conf

option domain-name "Reginaldo Junior - Ti";
option domain-name-servers 8.8.8.8;
option space PXE;
option PXE.mtftp-ip    code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16;
# RFC4578

use-host-decl-names on;
ddns-update-style interim;
ignore client-updates;
next-server 192.168.1.22;
authoritative;

log-facility local7;

subnet 192.168.1.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  range dynamic-bootp 192.168.1.100 192.168.1.150;
  default-lease-time 21600;
  max-lease-time 43200;
  option domain-name-servers 192.168.1.22;
  option routers 192.168.1.1;

  class "UEFI-32-1" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
    filename "i386-efi/ipxe.efi/undionly.kpxe";
    }

    class "UEFI-32-2" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
     filename "i386-efi/ipxe.efi/undionly.kpxe";
    }

    class "UEFI-64-1" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
     filename "undionly.kpxe";
    }

    class "UEFI-64-2" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
    filename "undionly.kpxe";
    }

    class "UEFI-64-3" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
     filename "undionly.kpxe";
    }

    class "Legacy" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
    filename "undionly.kkpxe";
    }

}
class "pxeclient" {
  match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
  if substring (option vendor-class-identifier, 15, 5) = "00000" {
        # BIOS client
        filename "undionly.kpxe";
    }
    elsif substring (option vendor-class-identifier, 15, 5) = "00006" {
        # EFI client 32 bit
        filename   "ipxe32.efi";
    }
    else {
        # default to EFI 64 bit
        filename   "ipxe.efi";
    }
}

/opt/fog/.fogsettings

## Start of FOG Settings
## Created by the FOG Installer
## Find more information about this file in the FOG Project wiki:
##     https://wiki.fogproject.org/wiki/index.php?title=.fogsettings
## Version: 1.5.9
## Install time: seg 17 mai 2021 20:56:58 -03
ipaddress='192.168.1.22'
copybackold='0'
interface='eno1'
submask='255.255.255.0'
hostname='usco'
routeraddress='192.168.1.22'
plainrouter='192.168.1.1'
dnsaddress='192.168.1.1'
username='fogproject'
password='.RzgVvTWx8idVlknIb90'
osid='2'
osname='Debian'
dodhcp='N'
bldhcp='0'
dhcpd='isc-dhcp-server'
blexports='1'
installtype='N'
snmysqluser='fogmaster'
snmysqlpass='hQSa3KTQqA&3Pebz0S7y'
snmysqlhost='localhost'
mysqldbname='fog'
installlang='0'
storageLocation='/images'
fogupdateloaded=1
docroot='/var/www/html/'
webroot='/fog/'
caCreated='yes'
httpproto='http'
startrange=''
endrange=''
bootfilename='undionly.kpxe'
packages='apache2 bc build-essential cpp curl g++ gawk gcc genisoimage git gzip htmldoc isolinux lftp libapache2-mod-php7.3 libc6 libcurl4 liblzma-dev m4 mariadb-client mariadb-server net-tools nfs-kernel-server openssh-server php7.3 ph$
noTftpBuild=''
sslpath='/opt/fog/snapins/ssl/'
backupPath='/home/'
armsupport='0'
php_ver='7.3'
php_verAdds='-7.3'
sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
## End of FOG Settings

george1421 · May 18, 2021, 4:06 PM

@radjunior I see the problem your configuration is wrong.

In the configuation file these lines imply uefi booting

    class "UEFI-64-1" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
     filename "undionly.kpxe";
    }

    class "UEFI-64-2" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
    filename "undionly.kpxe";
    }

So in stead if sending undionly.kpxe you need to send ipxe.efi like it shows in the example 1 I give you.

radjunior · May 19, 2021, 1:41 PM

@george1421
I changed the settings but got another error:

researching the suggested link do I understand that I need to update my IPXE? If so, how do I do this?

george1421 · May 19, 2021, 4:14 PM

@radjunior Ok so this error can be caused by having an old version of ipxe, a broken uefi bios, or default spanning tree enabled on your building switch, where RSTP or portfast should be enabled.

So I would ensure your target computer has the latest firmware installed,

I would also test by installing a cheap unmanaged switch between pxe booting computer and building network switch. The idea that a cheap ($20USD) network switch will not support spanning tree and will keep the building switch network link up. If you can pxe boot here, then you will need to look into the stp mode on your building switch.

radjunior · May 19, 2021, 5:51 PM

@george1421 I managed to solve it by changing from ipxe.efi to snponly.eficonsidering that my machines are all HP and support only UEFI boot.
I managed to enter the FOG interface but I was unable to register the device to upload the image, I get the following error:

I performed tests with the notebook connected directly to my server, I disabled the option if boot security, and even then there seems to be no solution.

Sebastian Roth · May 19, 2021, 6:22 PM

@radjunior When it drops you to the iPXE shell please run the command imgstat there, take a picture and post here.

As well please run the following commands on your FOG server console and post output here:

file /var/www/html/fog/service/ipxe/bzImage*
md5sum /var/www/html/fog/service/ipxe/bzImage*

Edit: Now that I look at it again I wonder if there is still some kind of security chip enabled in the UEFI firmware. Please double check to make sure this kind of stuff is disabled. On the other hand I’d think that secure boot would even prevent iPXE from being loaded.

radjunior · May 19, 2021, 6:53 PM

@Sebastian-Roth
I ran the imgstat and ifstat :

My FOG server is also my DHCP server, both operate together on Debian: 192.168.1.22
I’m new to this area, How do I open the Fog console on it?
I tried to execute the command in the Debian terminal and got no results

Sebastian Roth · May 19, 2021, 7:29 PM

@radjunior said in DHCP server to allow clients to boot via TFTP / PXE:

I’m new to this area, How do I open the Fog console on it?
I tried to execute the command in the Debian terminal and got no results

The normal Linux terminal/console is exactly what I meant. What do you mean by “no results”. It would either return with output or an error message (command or file not found…).

As we see bzImage : 6057 bytes in the picture I guess that something is really wrong with that kernel file. It’s way too small. On the other hand you say that legacy BIOS machines boot correctly, right?

Run the following (modified) commands on the Debian terminal and post output here:

ls -al /var/www/{html,}/fog/service/ipxe/bzImage*
file /var/www/{html,}/fog/service/ipxe/bzImage*
md5sum /var/www/{html,}/fog/service/ipxe/bzImage*

radjunior · May 19, 2021, 3:46 PM

@sebastian-roth Yes, it works perfectly in legacy BIOS mode.
Commands on the console:
Edit- I accessed via SSH and took a print, to improve the quality

Sebastian Roth · May 20, 2021, 5:49 AM

@radjunior Ok, the files look fine. Although this seems to be a dev-branch kernel that we don’t have online anymore. Not an issue but I can’t verify the checksums.

Do you have other machines (different models) in UEFI mode that you can try PXE booting on?

radjunior · May 20, 2021, 5:31 AM

@sebastian-roth I managed to solve by separating the servers in separate machines and installing the FOG again. I changed the Ip, I was successful, I managed to pass the registration of the machine but in the capture

ERROR:

Could not mount '/dev/nvme0n1p3' ( remove page file) 
Args Passed: '/dev/nvme0n1pe' 
Reason: The disk contains an unclean file system (0,0) Metadata kept in Windows Cache, refused mount. 
Failed to Mount '/dev/nvme0n1p3' The NTFS partition is in an unsafe state. Please resume and shutdown Windows fully (no hibernation or fast restarting)or mount the volume read-only with the 'ro' mount option

Edit:
FOG Server:
Version: 1.5.6
Ubuntu 10.40.0.157

DHCP server = Windows Server 10.40.0.151

Sebastian Roth · May 20, 2021, 3:27 PM

@radjunior Not sure I understand what you mean by separate the servers to solve the problem but good to hear it works now.

For the new issue please open another topic so we don’t mix things up. Helps other users to easier learn from these findings.

radjunior · May 20, 2021, 9:39 AM

@sebastian-roth Previously I had installed Debian and installed the isc-dhcp-server package and fog in it, configured both with the same IP, a dynamic scope for boot, all according to Example 1
From that I started to find errors as presented in this topic, It was then that I had the idea of separating a VM for each one and I opted for the windows server as a DHCP server, I only changed option 66 and 67, filename = snponly.efi to boot UEFI and it worked.

Edit: You can mark this topic as resolved

Sebastian Roth · May 20, 2021, 5:00 PM

@radjunior Can’t believe that switching to Windows DHCP server would solve a kernel download issue. But hey, what do I know. Great you got this solved!

DHCP server to allow clients to boot via TFTP / PXE

166

12.0k

17.3k

155.2k