TFTP Open Timeout



  • FOG Version 1.1.1 running on a fresh install of CentOS 6.5 inside of VMware Player 6.0.1
    When a client tries to PXE boot, it gets a DHCP IP address and tries to TFTP the undionly.kpxe file. The client gives the error “PXE-E32: TFTP open timeout”. The corresponding entry in /var/log/messages reads, “/tftpboot: Permission denied”

    I have searched the forums here, and tried all of the steps that I’ve found, including (but not necessarily limited to):
    [LIST=1]
    []I have checked the permissions on the /tftpboot dir and all files, and they are all set at (currently) 666.
    [
    ]I have also tried 777 and 755 with no help.
    []I made sure that the files and dir are owned by fog:root
    [
    ]I have double-checked that SELinux is disabled and the the firewall is down.
    []I’ve checked that /etc/xinetd.conf and /etc/xinetd.d/tftp.conf are correct.
    [
    ]and probably a few other things that I can’t think of right now.
    [/LIST]
    Perhaps significantly, I have tried to TFTP from a local console on the FOG VM, and have received the same errors.

    Any ideas?

    Thanks in advance!



  • [FONT=Arial][COLOR=#333333]I believe I found the issue. I had one DHCP scope in which I had missed updating option 67 to undionly.kpxe. It was still set to pxelinux.0 Once I changed that, it seemed to fix the issue.[/COLOR][/FONT]



  • Just as confirmation, the service I am restarting on the fog server is tftpd-hpa



  • Ubuntu is version 11.10



  • I’m having a similar issue. I updates to fog 1.2 and everything seemed fine. A little later, i noticed clients hanging on “TFTP Open Timeout” before iPXE could load. After restarting the server, clients loaded iPXE just fine. Then a little while later, they started hanging again. I checked server status of tftp and it said running, but I restarted the service anyway. Then clients could pxe boot again. But after a while, it goes down again. Any ideas?

    I’m not sure what version of Ubuntu we’re running, I’ll post when I get it.

    Dhcp addresses are handed out by windows servers on our network.



  • [CODE]sudo ufw disable
    Firewall stopped and disabled on system startup[/CODE]

    I have done that now. I don’t have the offending machine anymore but when I get it back I will test it and report.

    Thanks.


  • Senior Developer

    What happens if you run:[code]sudo ufw disable[/code]



  • Didn’t want to start a new thread as I think my issue is similar. I have tried everything posted here but the problem remains. tftp timeout on downloading /default.ipxe

    One major difference, I can tftp locally and download the file so I don’t think it’s permissions.
    No IP Tables running. SELinux is disabled.

    One thing of note… any time I reboot the server, I get the Database Schema Installer / Updater which a MySQL service restart clears.

    Server moved from an old laptop to a Dell PowerEdge 2900. Move went fine and I was able to test earlier in the month but now when I go to use it, the default.ipxe times out. I have been able to register and backup / deploy images with this exact setup less than two weeks ago so I am assuming an update that I pushed through recently has caused it to break. Here’s my apt history from when it last worked - approximately…
    [CODE]
    Start-Date: 2014-08-14 06:42:31
    Install: linux-image-extra-3.13.0-34-generic:amd64 (3.13.0-34.60, automatic), linux-image-3.13.0-34-generic:amd64 (3.13.0-34.60, automatic), linux-headers-3.13.0-34-generic:amd64 (3.13.0-34.60, automatic), linux-headers-3.13.0-34:amd64 (3.13.0-34.60, automatic)
    Upgrade: linux-headers-generic:amd64 (3.13.0.33.39, 3.13.0.34.40), linux-libc-dev:amd64 (3.13.0-33.58, 3.13.0-34.60), linux-image-generic:amd64 (3.13.0.33.39, 3.13.0.34.40), linux-generic:amd64 (3.13.0.33.39, 3.13.0.34.40)
    End-Date: 2014-08-14 06:43:13

    Start-Date: 2014-08-14 11:35:25
    Commandline: apt-get install dnsmasq
    Install: libnetfilter-conntrack3:amd64 (1.0.4-1, automatic), libmnl0:amd64 (1.0.3-3ubuntu1, automatic), dnsmasq-base:amd64 (2.68-1, automatic), dnsmasq:amd64 (2.68-1)
    End-Date: 2014-08-14 11:35:28

    Start-Date: 2014-08-25 12:27:17
    Commandline: apt-get install whois
    Install: whois:amd64 (5.1.1)
    End-Date: 2014-08-25 12:27:20

    Start-Date: 2014-08-25 12:28:11
    Commandline: apt-get upgrade
    Upgrade: python3-problem-report:amd64 (2.14.1-0ubuntu3.2, 2.14.1-0ubuntu3.3), libsystemd-login0:amd64 (204-5ubuntu20.3, 204-5ubuntu20.4), accountsservice:amd64 (0.6.35-0ubuntu7, 0.6.35-0ubuntu7.1), libgirepository-1.0-1:amd64 (1.40.0-1ubuntu0.1, 1.40.0-1ubuntu0.2), systemd-services:amd64 (204-5ubuntu20.3, 204-5ubuntu20.4), rpcbind:amd64 (0.2.1-2ubuntu1, 0.2.1-2ubuntu2.1), libsystemd-daemon0:amd64 (204-5ubuntu20.3, 204-5ubuntu20.4), libpam-systemd:amd64 (204-5ubuntu20.3, 204-5ubuntu20.4), udev:amd64 (204-5ubuntu20.3, 204-5ubuntu20.4), libudev1:amd64 (204-5ubuntu20.3, 204-5ubuntu20.4), gir1.2-glib-2.0:amd64 (1.40.0-1ubuntu0.1, 1.40.0-1ubuntu0.2), python3-distupgrade:amd64 (0.220.2, 0.220.4), python3-gi:amd64 (3.12.0-1, 3.12.0-1ubuntu1), apport:amd64 (2.14.1-0ubuntu3.2, 2.14.1-0ubuntu3.3), libaccountsservice0:amd64 (0.6.35-0ubuntu7, 0.6.35-0ubuntu7.1), python3-apport:amd64 (2.14.1-0ubuntu3.2, 2.14.1-0ubuntu3.3), ubuntu-release-upgrader-core:amd64 (0.220.2, 0.220.4), net-tools:amd64 (1.60-25ubuntu2, 1.60-25ubuntu2.1)
    End-Date: 2014-08-25 12:28:49

    Start-Date: 2014-08-25 12:41:11
    Commandline: apt-get autoremove
    Remove: linux-image-extra-3.13.0-32-generic:amd64 (3.13.0-32.57), linux-image-3.13.0-32-generic:amd64 (3.13.0-32.57), linux-headers-3.13.0-32-generic:amd64 (3.13.0-32.57), linux-headers-3.13.0-32:amd64 (3.13.0-32.57)
    End-Date: 2014-08-25 12:41:22

    Start-Date: 2014-08-29 06:42:00
    Install: linux-headers-3.13.0-35:amd64 (3.13.0-35.62, automatic), linux-image-extra-3.13.0-35-generic:amd64 (3.13.0-35.62, automatic), linux-image-3.13.0-35-generic:amd64 (3.13.0-35.62, automatic), linux-headers-3.13.0-35-generic:amd64 (3.13.0-35.62, automatic)
    Upgrade: linux-headers-generic:amd64 (3.13.0.34.40, 3.13.0.35.42), multiarch-support:amd64 (2.19-0ubuntu6.1, 2.19-0ubuntu6.3), libc-dev-bin:amd64 (2.19-0ubuntu6.1, 2.19-0ubuntu6.3), libc-bin:amd64 (2.19-0ubuntu6.1, 2.19-0ubuntu6.3), libc6:amd64 (2.19-0ubuntu6.1, 2.19-0ubuntu6.3), linux-libc-dev:amd64 (3.13.0-34.60, 3.13.0-35.62), linux-image-generic:amd64 (3.13.0.34.40, 3.13.0.35.42), libc6-dev:amd64 (2.19-0ubuntu6.1, 2.19-0ubuntu6.3), linux-generic:amd64 (3.13.0.34.40, 3.13.0.35.42)
    End-Date: 2014-08-29 06:42:46
    [/CODE]

    Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-35-generic x86_64)
    Fog 1.2.0
    Non-modifiable DHCP server so using DNS-Masq which worked perfectly when testing earlier in the month.

    I can attach my foginstall.log if required.

    UPDATE it is still working on a different laptop (it definitely wasn’t working on any machine on Friday so something that I changed has made it work a little better).
    I have updated the BIOS on the non-working machine and it is still the same.

    Non working machine - Dell Latitude E5420, A14 BIOS


  • Testers

    To access a directory you have to have read and [B]execute[/B] - in the context of a directory it basically means “access metadata” rather than execute. That explains the 7 instead of 6, but you would still expect 676 to work, assuming that your tftp service runs as root.



  • OK, I did the test you requested. I changed the permissions to 644 and the ownership (again) to fog:root using the commands you gave me, and PERMISSION DENIED. Change permissions back to 777, and all is well.

    More info:
    666 results in DENIED
    766 DENIED
    676 DENIED
    667 ALLOWED ??? (WTF?) (Although the PXE boot does not complete; it stops at "Booting from SAN device 0x80)

    Now, I’m no Linux guru, but I’d say that was definitely NOT what I expected to see.

    -Bruce D.

    [quote=“Tom Elliott, post: 31045, member: 7271”]Well,

    Can you do one more test?

    We know 777 perms works, but that leaves it open for anyuser logged in to the system to delete it.

    Can you reset the mod to
    [code]chmod -R 644 /tftpboot
    chmod -R fog:root /tftpboot[/code]

    My guess is the selinux wasn’t actually allowing the changing of the permissions when you were trying before.

    Chances are most likely the restorecon released the locking rights which had been established upon your initial reboot after the /etc/sysconfig/selinux change (which didn’t work).[/quote]



  • Hi Tom,

    I left work immediately after it started working. However, I will be happy to perform the tests you’re requesting when I get back there Monday morning. I’ll let you know what happens.

    -Bruce D.

    [quote=“Tom Elliott, post: 31045, member: 7271”]Well,

    Can you do one more test?

    We know 777 perms works, but that leaves it open for anyuser logged in to the system to delete it.

    Can you reset the mod to
    [code]chmod -R 644 /tftpboot
    chmod -R fog:root /tftpboot[/code]

    My guess is the selinux wasn’t actually allowing the changing of the permissions when you were trying before.

    Chances are most likely the restorecon released the locking rights which had been established upon your initial reboot after the /etc/sysconfig/selinux change (which didn’t work).[/quote]


  • Testers

    [B]It takes me so long to type that this post is completely irrelevant now. Solved above :).[/B]

    I think you’ve already checked this, but it sounds like permissions on /tftpboot, you need both read and execute set on the directory, e.g.
    [CODE]
    $ ls -ld /tftpboot

    drwxr-xr-x. 2 fog root 4096 Jun 17 14:46 tftpboot

    $ ls -l /tftpboot
    total 2592
    -rw-r–r--. 1 fog root 840 Jun 17 14:46 boot.txt
    -rw-r–r--. 1 root root 296 Jun 17 14:46 default.ipxe
    -rw-r–r--. 1 fog root 389702 Jun 17 14:46 ipxe.kkpxe
    -rw-r–r--. 1 fog root 389750 Jun 17 14:46 ipxe.kpxe
    -rw-r–r--. 1 fog root 391231 Jun 17 14:46 ipxe.krn
    -rw-r–r--. 1 fog root 389766 Jun 17 14:46 ipxe.pxe
    -rw-r–r--. 1 fog root 25340 Jun 17 14:46 memdisk
    -rw-r–r--. 1 fog root 16794 Jun 17 14:46 pxelinux.0.old
    -rw-r–r--. 1 fog root 165088 Jun 17 14:46 snponly.efi
    -rw-r–r--. 1 fog root 102777 Jun 17 14:46 undionly.kkpxe
    -rw-r–r--. 1 fog root 102825 Jun 17 14:46 undionly.kpxe
    -rw-r–r--. 1 fog root 382650 Jun 17 14:46 undionly.kpxe.INTEL
    -rw-r–r--. 1 fog root 102841 Jun 17 14:46 undionly.pxe

    -rw-r–r--. 1 fog root 147728 Jun 17 14:46 vesamenu.c32
    [/CODE]

    Assuming that is all OK you should be able to run tftp in the foreground to check for errors,
    [CODE]
    $ service xinetd stop
    $ /usr/sbin/in.tftpd -vvv -s /tftpboot -L
    [/CODE]
    Then from another shell on your fog server try the get (in a directory where you have write permissions!)
    [CODE]
    $ tftp fog.stat.ubc.ca
    tftp> get pxelinux.0.old

    tftp> quit

    $ ls -l pxelinux.0.old
    $ -rw-r–r--. 1 root root 16794 Jun 20 15:31 pxelinux.0.old
    [/CODE]

    When you’re done, remember to restart xinetd
    [CODE]
    $ service xinetd stop
    [/CODE]


  • Senior Developer

    Well,

    Can you do one more test?

    We know 777 perms works, but that leaves it open for anyuser logged in to the system to delete it.

    Can you reset the mod to
    [code]chmod -R 644 /tftpboot
    chmod -R fog:root /tftpboot[/code]

    My guess is the selinux wasn’t actually allowing the changing of the permissions when you were trying before.

    Chances are most likely the restorecon released the locking rights which had been established upon your initial reboot after the /etc/sysconfig/selinux change (which didn’t work).



  • Winner!

    I didn’t think to re-change the ownership and permissions after the first restorecon. After your last post reminded me, I changed them back to fog:root and 777, and now the client is booting! Woo-hoo!

    So, it looks like the restorecon (and then re-changing the permissions) did it. Any idea what the problem was?

    (Oh, and a BIG thanks! I’d never have figured that out on my own.)


  • Senior Developer

    [code]restorecon -Rv /tftpboot[/code]???

    I’m trying anything/everything I can think of now. If that doesn’t work, try:
    [code]chmod -R 777 /tftpboot[/code]



  • no change after reboot. still permission denied.



  • tried it withOUT reboot, no change. rebooting now.


  • Senior Developer

    Can you try:
    [code]restorecon -r /tftpboot[/code]



  • Grrrr, indeed!



  • Negative. Permission denied. (That is, using the command prompt tftp utility on the FOG VM itself.)


Log in to reply
 

364
Online

39.3k
Users

11.0k
Topics

104.4k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.