UEFI PXE Boot - Pain
-
@rogerbrowntdl Yes they are two different services. tftpd is what FOG uses by default. The TFTP protocol listens on TCP port 69, so two services cannot listen on the same port at the same time.
-
@brakcounty Okay makes sense… dnsmasq was already installed and configured… Weird that it wouldnt boot before (hence we had to go the legacy option I believe) however now when I try and start dnsmasq it tells me to piss off because 69 is already in use?
"[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server…
[624]: dnsmasq: syntax check OK.
[678]: dnsmasq: failed to create listening socket for port 69: Address already >
[678]: failed to create listening socket for port 69: Address already in use
[678]: FAILED to start up
[1]: dnsmasq.service: Control process exited, code=exited, status=2/INVALIDARGU>
[1]: dnsmasq.service: Failed with result ‘exit-code’.
[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server. -
@rogerbrowntdl said in UEFI PXE Boot - Pain:
[678]: dnsmasq: failed to create listening socket for port 69: Address already >
This kind of indicates you did not follow the config file exactly. Since dnsmasq should not attempt to use tftp port with this configuraiton. Please post your complete ltsp.conf file here for review.
-
@rogerbrowntdl Ok so it seems that tftpd might still be running.
First stop and disable the tftpd servicesudo systemctl stop tftpd.service && sudo systemctl disable tftpd.serviceMake sure dnsmasq isn’t running
sudo systemctl stop dnsmasq.serviceEdit/Create a file called ltsp.conf in the /etc/dnsmasq.d directory
sudo nano /etc/dnsmasq.d/ltsp.confPaste the following code and replace <fog_server_IP> with your FOG server’s IP address
# Don't function as a DNS server: port=0 # Log lots of extra information about DHCP transactions. log-dhcp # Enable TFTP enable-tftp # Set the root directory for files available via FTP. tftp-root=/tftpboot # The boot filename, Server name, Server Ip Address dhcp-boot=undionly.kpxe,,<fog_server_IP> # Disable re-use of the DHCP servername and filename fields as extra # option space. That's to avoid confusing some old or broken DHCP clients. dhcp-no-override # inspect the vendor class string and match the text to set the tag dhcp-vendorclass=BIOS,PXEClient:Arch:00000Then start dnsmasq
sudo systemctl start dnsmasq.serviceLet me know how that works out for you.
-
@george1421 My ltsp file:
# Don't function as a DNS server: port=0 # Log lots of extra information about DHCP transactions. log-dhcp # Enable TFTP enable-tftp <<<<<<I added this bit as per @brakcounty suggested from his config # Set the root directory for files available via FTP. tftp-root=/tftpboot # The boot filename, Server name, Server Ip Address dhcp-boot=undionly.kpxe,,192.168.15.251 # Disable re-use of the DHCP servername and filename fields as extra # option space. That's to avoid confusing some old or broken DHCP clients. dhcp-no-override # inspect the vendor class string and match the text to set the tag dhcp-vendorclass=BIOS,PXEClient:Arch:00000 dhcp-vendorclass=UEFI32,PXEClient:Arch:00006 dhcp-vendorclass=UEFI,PXEClient:Arch:00007 dhcp-vendorclass=UEFI64,PXEClient:Arch:00009 # Set the boot file name based on the matching tag from the vendor class (above) dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,192.168.15.251 dhcp-boot=net:UEFI,ipxe.efi,,192.168.15.251 dhcp-boot=net:UEFI64,ipxe.efi,,192.168.15.251 # PXE menu. The first part is the text displayed to the user. The second is the timeout, in seconds. pxe-prompt="Booting FOG Client", 1 # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86, # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI # This option is first and will be the default if there is no input from the user. pxe-service=X86PC, "Boot to FOG", undionly.kpxe pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi dhcp-range=192.168.15.251,proxy -
@rogerbrowntdl said in UEFI PXE Boot - Pain:
# Enable TFTP enable-tftp <<<<<<I added this bit as per @brakcounty suggested from his configYeah, lets go and take that out of your config file. FOG installs a tftp service where this setting will conflict. Go ahead and restart dnsmasq after that.
-
@george1421 I had to disable tftpd and add that line to get it to serve ipxe.efi properly.
-
@brakcounty said in UEFI PXE Boot - Pain:
I had to disable tftpd and add that line to get it to serve ipxe.efi properly.
You shouldn’t need to. The built in tftp server does everything you need. There is one additional ltsp.conf setting that is used in rare instances that might have worked over using dnsmasq’s tftp server.
-
@george1421 bingo it’s started fine now
-
@rogerbrowntdl Welp, sorry for misdirecting you!
-
@brakcounty Chill man, it’s all good… Not everyones setup is gonna be the same. Unfortunately i’ve inherited this network from someone who was far more technical than me but why he set the Watchguard as the DHCP server rather than… oh IDK… an actual DHCP server is beyond me. Meh, it is what it is (I hate that saying but it’s true I guess)
Will try PXE tomorrow and see what happens… It is strange though that dnsmasq was already there and configured but when we first set this up it just fell on its face and wouldn’t PXE any machine hence the need to add the options 66 and 67 to at least get it to PXE so I could put an image out. Fucking manufacturers removing the option for legacy boot is fine and I guess the nature of the IT beast is that nothing stands still for long but it is a proper pain in the arse unpicking stuff to make it work based on them.
-
@rogerbrowntdl said in UEFI PXE Boot - Pain:
bingo it’s started fine now
Ok now that it started, just remember that dhcp (which pxe booting uses) is based on multicast messages, and those data packets typically won’t flow across vlan routers. So just as you needed to do for dhcp, there should be a dhcp-helper/dhcp-relay service on your existing subnet router. That service will have already been configured. What you need to do is add the FOG server’s IP address to the end of that list. What that setting will do is have the dhcp-relay service send the DISCOVER packet directly to the FOG server so dnsmasq can reply with a ProxyDHCP answer. Then the remote vlans pxe boot request will be seen by dnsmasq and load properly.
You should be on your way to pxe booting both bios and uefi systems without needing to mess around with the back end services anymore.
-
@george1421 I LOVE YOU!!! It’s working
@brakcounty thanks for your help alsoI have a new problem where it wont apply the image because it says the disk is too big but I’m sure it’s because I captured the image from a 500gb SSD and i’m trying to apply it to a 256gb SSD but I’m happy as hell because the actual PXE is working!!!
-
@rogerbrowntdl said in UEFI PXE Boot - Pain:
it says the disk is too big bu
Two things here.
- Make sure you are using single disk resizable in the image definition.
- You might need to upgrade fog to the dev-branch to bring the version of FOG up 10 1.5.9.110 or later. There is a change the MS introduced in 21H1 that causes the recovery partition to be marked as unmovable. This would cause that partition on a 500GB disk to be located past the end of a smaller disk. The code in the dev-branch has addressed that. The fix will be in 1.5.10 when its released later this year.
-
@george1421 i can just create a new image for a 256gb drive though right? I guess I can then apply that to either a 256gb or 500gb drive and it wont matter?
-
@rogerbrowntdl yes a smaller mother image would be best. 1.5.9 can grow the golden image to the size of the disk but not shrink it. Or just removed the recovery partition from the golden image. If you have an imaging solution in place is the recovery partition even useful?
I started with fog the shrink option really worked so I would create my golden image on a 70 or 80GB hard drive then expand it post deployment in windows. I also developed our golden images on a VM because I could snapshot the vm before critical steps. That kept me from having to rebuild the entire image again if I botched something. Stuff happens you know.
