TFTP using pxe-service menu option on existing DNSMasq DHCP server

frobishant32

I am a new user. I have installed Fog successfully in an Arch Linux VM (I had to use dev-branch (currently commit 42b459a7) for it to work (due to an issue with PHP8, I think).

Now I have tried to configure an additional boot option on my existing DHCP / TFTP server (running dnsmasq). I have added this option

pxe-service=x86PC,Fog,ipxe.kpxe,192.168.21.82

where that is the IP of the Fog server.

I had to manually start the TFTP server on the Fog server but, otherwise, it appears to work

systemctl start tftpd

I note this is configured ( /etc/conf.d/tftpd with a TFTP root at /srv/tftp rather than /tftpboot as documented ). The files are present and I can pull them using curl. So I believe that the TFTP server on Fog is good.

Now when I PXE boot a machine on my network, I get the new Fog menu option in addition to all of the others previously there. Selecting that causes it to boot from the Fog server, however after iPXE loads it then tries to chain load tftp://192.168.21.2/default/ipxe which is the address of my DHCP/TFTP server and not the Fog server. The file does not exist on my server.

BOOT SERVER IP: 192.168.21.82
PXE->EB: !PXE at 9DA9:0070, entry point ad 9DA9:0104
iPXE initialising devices...ok

iPXE 1.21.1+ (g47159) -- Open source Network Boot Firmware -- https://ipxe.org
Waiting for link-up on net0..... ok
Configuring (net0 08:00:27:d5:66:5f)... ok
Received DHCP answer on interface net0
tftp://192.168.21.2/default.ipxe... No such file or directory (https://ipxe.org/2d12603b)

I can copy over default.ipxe and then it works, however I would have expected it to load that from itself, no?

If it has to go on my server, I don’t really want that file in the root but I can’t see if it’s possible to specify a path.

But I don’t think I should need any of these files on my TFTP/DHCP server because it just points at the TFTP hosted by the Fog server.

I should just need a menu entry directing client to the Fog IP, lile I have done with

pxe-service=x86PC,Fog,ipxe.kpxe,192.168.21.82

I’ve looked in Wireshark at what happens. I can see the message that passes the boot file name “ipxe.kpxe” and the next server IP address being 192.168.21.82.

I can see the separate Server host name field is not given (I tried adding dhcp-option=66,"192.168.21.82" to the dnsmasq config but it made no difference to this). I don’t know if that’s relevant.

User Datagram Protocol, Src Port: 4011, Dst Port: 4011
Dynamic Host Configuration Protocol (ACK)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x28d5665f
    Seconds elapsed: 4
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 192.168.21.175
    Next server IP address: 192.168.21.82
    Relay agent IP address: 0.0.0.0
    Client MAC address: PcsCompu_d5:66:5f (08:00:27:d5:66:5f)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name: ipxe.kpxe
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (ACK)
        Length: 1
        DHCP: ACK (5)
    Option: (54) DHCP Server Identifier (192.168.21.2)
        Length: 4
        DHCP Server Identifier: 192.168.21.2
    Option: (60) Vendor class identifier
        Length: 9
        Vendor class identifier: PXEClient
    Option: (97) UUID/GUID-based Client Identifier
        Length: 17
        Client Identifier (UUID): 1e151d72-cba2-4c28-8d50-aefed289fd36
    Option: (43) Vendor-Specific Information (PXEClient)
        Length: 30
        Option 43 Suboption: (71) PXE boot item
            Length: 4
            boot item: 80050000
                Type: 32773
                Layer: 0000
        Option 43 Suboption: (10) PXE menu prompt
            Length: 21
            menu prompt: ff43686f6f736520796f75722070697869652e2e2e
                Timeout: 255
                Prompt: Choose your pixie...
        PXE Client End: 255
    Option: (255) End
        Option End: 255

I also looked in Fog TFTP Server settings page but could not see a setting that would help resolve this.

Is it possible to Dnsmasq PXE menu option and/or Fog to boot Fog iPXE and have it perform its chain-load from itself ?

george1421

@frobishant32 There is a couple of things going on here.

Your dnsmasq configuration is only setup for bios based computers. Look at this tutorial here to see how to configure dnsmasq for proxy dhcp. Understand this is not what you need, but look at the section with the pxe-service entries for the uefi settings : https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server?_=1699482367667

The second issue you have is that when iPXE boots it once again does a dhcp query to find the IP address of the “what it assumes” is the fog server. So what ever dhcp has for options 66 and 67 will be used to find the fog server. This next part is a little complicated but let me explain. When iPXE boots it runs an internal script that the fog developers embedded in the FOG version of iPXE. The script is pretty much here: https://github.com/FOGProject/fogproject/blob/master/src/ipxe/src/ipxescript

#!ipxe
isset ${net0/mac} && ifopen net0 && dhcp net0 || goto dhcpnet1
echo Received DHCP answer on interface net0 && goto proxycheck

:dhcpnet1
isset ${net1/mac} && ifopen net1 && dhcp net1 || goto dhcpnet2
echo Received DHCP answer on interface net1 && goto proxycheck

:dhcpnet2
isset ${net2/mac} && ifopen net2 && dhcp net2 || goto dhcpall
echo Received DHCP answer on interface net2 && goto proxycheck

:dhcpall
dhcp && goto proxycheck || goto dhcperror

:dhcperror
prompt --key s --timeout 10000 DHCP failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot

:proxycheck
isset ${proxydhcp/next-server} && set next-server ${proxydhcp/next-server} || goto nextservercheck

:nextservercheck
isset ${next-server} && goto netboot || goto setserv

:setserv
echo -n Please enter tftp server: && read next-server && goto netboot || goto setserv

:chainloadfailed
prompt --key s --timeout 10000 Chainloading failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot

:netboot
chain tftp://${next-server}/default.ipxe || goto chainloadfailed

As I said this script looks to what dhcp settings are and then uses that to chain to load default.ipxe.

So you will need to adjust this script and rebuild ipxe if you want to change the behavior of ipxe as it boots from fog. Maybe something like this edit

#!ipxe
isset ${net0/mac} && ifopen net0 && dhcp net0 || goto dhcpnet1
echo Received DHCP answer on interface net0 && goto proxycheck

:dhcpnet1
isset ${net1/mac} && ifopen net1 && dhcp net1 || goto dhcpnet2
echo Received DHCP answer on interface net1 && goto proxycheck

:dhcpnet2
isset ${net2/mac} && ifopen net2 && dhcp net2 || goto dhcpall
echo Received DHCP answer on interface net2 && goto proxycheck

:dhcpall
dhcp && goto proxycheck || goto dhcperror

:dhcperror
prompt --key s --timeout 10000 DHCP failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot

:proxycheck
isset ${proxydhcp/next-server} && set next-server ${proxydhcp/next-server} || goto nextservercheck

:nextservercheck
isset ${next-server} && goto netboot || goto setserv

:setserv
echo -n Please enter tftp server: && read next-server && goto netboot || goto setserv

:chainloadfailed
prompt --key s --timeout 10000 Chainloading failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot

:netboot
chain tftp://192.168.21.82/default.ipxe || goto chainloadfailed

That chain update will then ignore what dhcp is telling ipxe and it will load always from the 21.82 address.

Here is a tutorial on rebuilding ipxe. https://forums.fogproject.org/topic/15826/updating-compiling-the-latest-version-of-ipxe

I’m pretty sure you can get to what you need with the above info. I would try the dnsmasq settings first before going down the ipxe edit route.