FOG server Withou dhcp services

errbravosix · Oct 16, 2023, 4:28 PM

Hey all,

My friends, first, sorry for my english.

I have a Fog server running on a VMware lab, i have too a PFsense running on the same lab, my fog in running on ubuntu server 22.04 with the static ip 172.16.1.15, my pfsense is 172.16.1.1 no dhcp services, both servers see each other and have internet connection.

So, on my VMware i running more two VMs to testing boot PXE, the first vm is biuld in bios legacy, the other vm biuld in UEFI Bios.

The Point is, i need boot pxe totaly without dhcp services, because my cenario is, we have a 2800 stores, i have a fortinet per store like a firewall, our infraestructure is based in no dhcp services running on those firewalls, everthing is running on static ips, I have approximately a total of 33 thousand machines in my technology park, and i study fog to implement in our infrastructure.

My file ltps.conf into the /etc/dnsmasq.d is configure like this:

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# The boot filename, Server name, Server Ip Address
dhcp-boot=undionly.kpxe,,172.16.1.15

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# inspect the vendor class string and match the text to set the tag
dhcp-vendorclass=BIOS,PXEClient:Arch:00000
dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
dhcp-vendorclass=UEFI,PXEClient:Arch:00007
dhcp-vendorclass=UEFI64,PXEClient:Arch:00009

# Set the boot file name based on the matching tag from the vendor class (above)
dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,172.16.1.15
dhcp-boot=net:UEFI,ipxe.efi,,172.16.1.15
dhcp-boot=net:UEFI64,ipxe.efi,,172.16.1.15

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Buscando Servidor de Imagens", 5

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
pxe-service=X86PC, "Boot to FOG", undionly.kpxe
pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi

dhcp-range=172.16.1.50,172.16.1.52,255.255.255.0

######################################

So, when i boot the vm with legacy bios everthing works fine, and i register the host normaly.

And finally this is my problem, when i boot my vm with UEFI bios, the vm caths the ip like a configure on dnsmasq dhcp-proxy, 172.16.1.51 example, but the load page pxe not load, and return do boot bios options.

somebody can help with this, i realy try many things to fix, but nothing works.

and also just to contextualize when I use active dhcp in pfsense everything works normally, in short without using dhcp services my vm was able to start with legacy pxe, but it doesn’t start with bios UEFI.

After count five, the screen return on the blue screen.

george1421 · Oct 16, 2023, 10:34 PM

@errbravosix Your config file looks OK, typically that configuration is used for proxydhcp where dnsmasq only gives the pxe boot information and not dhcp.

But I can tell you that wireshark will be your friend here to see what the client is doing and what its being told. Take wireshark and load it on a witness computer (third computer not part of pxe booting). Set a capture filter of port 67 or port 68 to capture the dhcp info. When you pxe boot you should see the DORA process.

Discover: client
Offer: DHCP server
Request: client
Ack: dhcp server.

In the discover packet the client will tell what it is in dhcp option 93 or 94. .The dhcp server will Offer in next-server and boot-file as well as dhcp option 66 and 67 the boot info.

errbravosix · Oct 16, 2023, 11:38 PM

@george1421

Good evening my friend.

I will do what you saying.

And I reply after all.

Thanks a lot man.

errbravosix · Oct 17, 2023, 2:28 PM

@george1421

I see the DORA process.

But i cant understant what is wrong in the final process.

this is the end off discover

this is the end off Offer

this is the end of Request

this is the end of ACK

If you need more details i can get for you, to help me solve this.

Thanks a lot man.

george1421 · Oct 17, 2023, 3:57 PM

@errbravosix From the DISCOVER packet I see this is an EFI system.

What I need to see is in the OFFER, the ethernet header section is there a value for next-server and boot-file? And then in the dhcp options section is there a value for dhcp option 66 and 67? Your screen shot doesn’t show that. We really don’t need the other two packets for seeing what is going wrong.

errbravosix · Oct 17, 2023, 4:10 PM

@george1421

I hope this is help.

Thats is everthing i have in Offer section.

Thanks.

george1421 · Oct 17, 2023, 4:17 PM

@errbravosix OK I see the problem but not sure right away how to fix.

In the ethernet header we are seeing both the next-server [172.16.1.15] and boot-file [ipxe.efi] fields populated. But there are no dhcp options of 66 and 67. The PXE roms in computers can either look at the header or at the dhcp options or both to find the boot server. Its up to the rom manufacturer where to look.

What dnsmasq is doing at the moment is only filling out the ethernet header fields, this is BOOTP method. and not filling out the DHCP method fields. In your ltsp.conf file the field match is happening because its picking ipxe.efi for the boot file. Whats missing is the sending the dhcp options too. So its 80% working, we just need the remaining 20% to have a functional solution.

errbravosix · Oct 17, 2023, 4:27 PM

@george1421

Thanks a lot to reply, i will continue searching for some solution, strange is, when i enable the true dhcp on my pfsense, everthing works fine.

per hour without dhcp just work on legacy no problem, i will try discover whats is cause.

Thank you so much, if you have any idea, please send a message.

george1421 · Oct 17, 2023, 4:30 PM

@errbravosix said in FOG server Withou dhcp services:

enable the true dhcp on my pfsense, everthing works fine

This is because pfsense is filling out both the bootp and dhcp parts for pxe booting.

dhcp just work on legacy no problem

This can be explained because the legacy bios firmware is probably only looking at the bootp fields and not only looking at dhcp fields for pxe boot info.

The issue “I think” is specifically with dnsmasq and its configuration. There is something missing to tell it to also send dhcp fields and not just boot fields. I’ve just not used dnsmasq this way before I don’t know off the top of my head the answer.

errbravosix · Oct 17, 2023, 5:41 PM

@george1421

I understand your point.

So i will continue looking for a solution.

Can we leave this post open for now? Maybe someone can help at some point.

george1421 · Oct 17, 2023, 7:51 PM

@errbravosix said in FOG server Withou dhcp services:

dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,172.16.1.15
dhcp-boot=net:UEFI,ipxe.efi,172.16.1.15
dhcp-boot=net:UEFI64,ipxe.efi,172.16.1.15

In your LTSP.conf Update this section to:

dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,172.16.1.15,172.16.1.15
dhcp-boot=net:UEFI,ipxe.efi,172.16.1.15,172.16.1.15
dhcp-boot=net:UEFI64,ipxe.efi,172.16.1.15,172.16.1.15

Lets see if that gives you a successful pxe boot.

errbravosix · Oct 17, 2023, 7:59 PM

@george1421

I will try here, just a moment.

thanks

errbravosix · Oct 17, 2023, 9:32 PM

@george1421
I do what do you want.

but dhcp-proxy stops delivery ip to vm with UEFI.

when i remove your changes, delivery dhcp-proxy works fine, but we go back to zero blue screen nothing happens.

legacy still works with your changes, and without your changes.

george1421 · Oct 18, 2023, 4:14 PM

@errbravosix The more research I do the more I’m thinking that your config file should just work.

I did put together an alternate configuration for dnsmasq. As long as the dnsmasq server is running on the fog server this config should also justwork.

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# inspect the vendor class string and match the text to set the tag
dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-match=set:efi-x86_64,option:client-arch,9
dhcp-match=set:efi-x86,option:client-arch,6
dhcp-match=set:bios,option:client-arch,0

# Set the boot file name based on the matching tag from the vendor class (above)
dhcp-boot=tag:efi-x86_64,ipxe.efi
dhcp-boot=tag:efi-x86,i386-efi/ipxe.efi
dhcp-boot=tag:bios,undionly.kpxe

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Buscando Servidor de Imagens", 5

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
pxe-service=X86PC,"Boot to FOG (BIOS)",undionly.kpxe
pxe-service=X86-64_EFI,"Boot to FOG (EFI)",ipxe.efi
pxe-service=BC_EFI,"Boot to FOG (EFI)",ipxe.efi

dhcp-range=172.16.1.50,172.16.1.52,255.255.255.0

errbravosix · Oct 18, 2023, 4:14 PM

@george1421

Hey boss

I use your config file and, nothing happens.

but i found on the network two more lines of parameter codes.

When i add this lines, its work fine, sounds good.

They are:

# TFTP IP is required on all dhcp-boot lines (unless dnsmasq itself acts as tftp server?)
pxe-service=tag:!ipxe-ok,X86PC,PXE,undionly.kpxe,172.16.1.15
pxe-service=tag:!ipxe-ok,IA32_EFI,PXE,snponlyx32.efi,172.16.1.15
pxe-service=tag:!ipxe-ok,BC_EFI,PXE,snponly.efi,172.16.1.15
pxe-service=tag:!ipxe-ok,X86-64_EFI,PXE,snponly.efi,172.16.1.15

And:

#set ipxe-ok tag if we have correct combination
# http && menu && iscsi ((pxe && bzimage) || efi)
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-pxe,tag:ipxe-bzimage
tag-if=set:ipxe-ok,tag:ipxe-http,tag:ipxe-menu,tag:ipxe-iscsi,tag:ipxe-efi

After add these lines everthing WORKS SO GOOD.

Change Status to SOLVED, in Gods Name.

Thanks a lot man, for all help you give to me.

george1421 · Oct 18, 2023, 4:36 PM

@errbravosix ~~Would you provide a complete ltsp.conf file because what you provided here shouldn’t have fixed the problem directly,~~

BUT from the original config, if you would have modified it to this for the pxe-service section:

pxe-service=X86PC,"Boot to FOG (BIOS)",undionly.kpxe,172.16.1.15
pxe-service=X86-64_EFI,"Boot to FOG (EFI)",ipxe.efi,172.16.1.15
pxe-service=BC_EFI,"Boot to FOG (EFI)",ipxe.efi,172.16.1.15

Then that config should have worked. dnsmasq is a bit cryptic with its optional parameters I do have to say.

BUT I can say if you have it working then its working so no need to change anything. Good job finding the solution.

errbravosix · Oct 18, 2023, 4:41 PM

@george1421

Yes, I changed it, exactly as you just mentioned, and it still didn’t work, it worked fine when I added those two lines of code I mentioned earlier.

Anyway, thank you very much for your help and attention.

FOG server Withou dhcp services

161

12.0k

17.3k

155.2k