RE: Compiling dnsmasq 2.76 if you need uefi support

Ubuntu 16.04 LTS based systems

Build system: Mint 18 x64 (Based on Ubuntu 16.04 LTS)
(note the following instructions worked perfectly for Raspbian Jessie which is Debian based)

1. First we need to setup our build environment

sudo apt-get update

sudo apt-get install build-essential

sudo apt-get install -y wget libdbus-1-dev libnetfilter-conntrack-dev idn libidn11-dev nettle-dev libval-dev dnssec-tools 

2. Next we’ll get the source code for dnsmasq 2.76 Note: version 2.77 has been released. I have not tested it yet, but I suspect the same process can be used to compile 2.77 as 2.76
   wget http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.76.tar.gz
3. Extract the source code from the tar file
   tar -zxf dnsmasq-2.76.tar.gz
4. Change into the dnsmasq build directory
   cd dnsmasq-2.76
5. Lets update a few settings in the config file. I know there are other ways to go about this with command line switches, but I didn’t
   sudo vi src/config.h
6. Find this section

/* #define HAVE_LUASCRIPT */
/* #define HAVE_DBUS */
/* #define HAVE_IDN */
/* #define HAVE_CONNTRACK */
/* #define HAVE_DNSSEC */

7. Paste in these settings just below the above text

#define HAVE_DBUS
#define HAVE_IDN
#define HAVE_IDN_STATIC
#define HAVE_CONNTRACK
#define HAVE_DNSSEC

8. Save and exit the config.h file.
9. We need to see where the current dnsmasq file is located. (NOTE: Please be sure that dnsmasq has already been installed in your linux distribution to ensure all of the dependences have been installed before we proceed).
   which dnsmasq
   10 This command should respond with something like this:

# which dnsmasq
/usr/sbin/dnsmasq

11. The key bit of info here is that dnsmasq is installed in /usr/sbin. What we need to do is tell the install script to not place the dnsmasq files in the default location (according to dnsmasq of /usr/local/sbin) but to place the files where the distribution dnsmasq put them (/usr/sbin). SO in this case we want to overwrite the dnsmasq binary in /usr/sbin. To do this we need to update the prefix variable in the Makefile (compiler instruction file).
12. Since we know where dnsmasq is now, lets go and update the Makefile to reflect the location where we dnsmasq installed.
    sudo vi Makefile
13. Search for this line and change

PREFIX        = /usr/local
# To this
PREFIX        = /usr

14. Save and exit out of the Makefile
15. Lets backup the original dnsmasq executable just in case…
    sudo cp /usr/sbin/dnsmasq /usr/sbin/dnsmasq.old
16. Ok here’s where we create and install the latest version of dnsmasq
    sudo make install

At this point the compiler will dig through the source code and compile the dnsmasq program. Hopefully it will compile and install without errors.

17. Once the install is done lets ensure that the right version of dnsmasq is found first in the search path.
18. Key in the following
    dnsmasq -v
    The output should look like this:

Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.

19. Ensure the version displays 2.76 if so you are all set.
20. The last and final step is to ensure that the application runs when the service is called.
    sudo service dnsmasq restart
21. If the service starts correctly (no errors) then you’re done.
22. If you question if dnsmasq is running the proper version you can always inspect /var/log/syslog for any dnsmasq error messages.

As a suggestion you should be able to use this configuration for your new version of dnsmasq that is configured for both bios and uefi operations.

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# The boot filename, Server name, Server Ip Address
dhcp-boot=undionly.kpxe,,<fog_server_IP>

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# inspect the vendor class string and match the text to set the tag
dhcp-vendorclass=BIOS,PXEClient:Arch:00000
dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
dhcp-vendorclass=UEFI,PXEClient:Arch:00007
dhcp-vendorclass=UEFI64,PXEClient:Arch:00009

# Set the boot file name based on the matching tag from the vendor class (above)
dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,<fog_server_IP>
dhcp-boot=net:UEFI,ipxe.efi,,<fog_server_IP>
dhcp-boot=net:UEFI64,ipxe.efi,,<fog_server_IP>

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Booting FOG Client", 1

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
pxe-service=X86PC, "Boot to FOG", undionly.kpxe
pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi

dhcp-range=<fog_server_ip>,proxy

Don’t forget to replace <fog_server_ip> in the above text with the IP address of your fog server. The tag appears many times.

If you have Centos 7, there is no direct path to compiling your own version of dnsmasq. I did find a precompiled rpm of dnsmasq 2.76 here: http://rpm.pbone.net/index.php3/stat/4/idpl/35995670/dir/centos_7/com/dnsmasq-2.76-1cnt7.x86_64.rpm.html

(place holder)

(place holder)

(place holder)

There has been a brilliant bit of code added to dnsmasq 2.76 (May 2016) to provide / fix support for sending uefi boot information to uefi systems. The issue is that most linux distributions do not have this latest version of dnsmasq available for install. It may take quite a while to get this version into the mainstream linux distributions. As always the case with FOSS environments you can download and compile your own software as long as the author releases the source code.

In this tutorial I’ll outline the steps required to compile and install this latest version of dnsmasq for common distributions of linux. I don’t have access to every version and/or flavor so I’ll only document what I’ve personally perform. I would encourage other, that can, document their experiences here with flavors/versions of linux that I don’t cover.

Before you compile this updated version of dnsmasq be sure that you install the version of dnsmasq from your linux distributions, package repository. This way you will be sure that all of the supporting scripts and dependences have been installed. In the steps below we will just replace the dnsmasq binary with the latest compiled version.

@dureal99d I don’t have a how-to yet for compiling dnsmasq. I was able to compile it on a Raspberry Pi running a debian variant without any issues (full disclosure I’ve been compiling applications in linux for a few years so I already had the foundation stuff under control).

Its not hard to do. Will you do the following on the FOG server console.

1. Identify the path to dnsmasq
   which dnsmasq
2. See if you have the development tools loaded
   gcc --version
   hopefully you’ll get the version line.

I needed these libraries for debian, I might guess ubuntu is similar.

sudo apt-get update
sudo apt-get install -y libdbus-1-dev libnetfilter-conntrack-dev libidn11-dev nettle-dev libval-dev dnssec-tools

I’ll tell you what. I just reloaded Mint 18 on my wife’s computer which is based on ubuntu 16.04. Let me work up a rough guide with that system. My laptop is running Zorin which is based on ubuntu 15.10 (I think so that might work, but I’ll use my wife’s to be sure).

I have been working with dnsmasq config setting since I saw your post this AM. I’ve come up with some interesting things and something that haven’t worked as I expected. Once I have a positive solution for one of my issues I’ll write up a tutorial on that info too.

Does this really work like you think?

dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-boot=tag:efi-x86_64,intel.efi,,192.168.1.109

and

dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-boot=tag:efi-x86_64,realtek.efi,,192.168.1.109

Depending on how dnsmasq processes its config file I can see the second entry might overwrite the first entry in the dnsmasq configuration in memory. OR if the list is processed in order then I can see the second match never being reached.

If you compile your own version of dnsmasq (version 2.76) you can use this dnsmasq config. I can confirm that only dnsmasq 2.76 works reliably with bios and uefi systems.

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Booting FOG Client", 1

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI, ARM_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.
# PXEClient:Arch:00000
 pxe-service=X86PC, "Boot BIOS PXE", undionly.kpxe
# PXEClient:Arch:00007
 pxe-service=BC_EFI, "Boot UEFI PXE-BC", ipxe.efi
# PXEClient:Arch:00009
 pxe-service=X86-64_EFI, "Boot UEFI PXE-64", ipxe.efi

dhcp-range=<fog_server_ip>,proxy

ref: https://forums.fogproject.org/topic/8677/dnsmasq-bios-and-uefi

@noelpd Nice, now when the developers get back then can see if that hardware is supported (it should be based on the title).

@noelpd OK maybe the lspce -nn doesn’t return what I expected in FOS. In centos 7 it returned something like this:

0b:00.0 Ethernet controller [0200]: VMware VMXNET3 Ethernet Controller [15ad:07b0] (rev 01)

Try it with only one -n

@noelpd Remember I said that number starting with 8086 was made up. Actually the vendor code 8086 is for intel, so I hope you would not find it there.

try this one if there is a lot of lines lspci -nn | grep rnet

@noelpd Just to be sure I didn’t loose my place here.

The original post was that when you select full inventory from the iPXE menu you get an error message in the FOS boot about no dhcp response on interface eth0? If this is the case they your iPXE boot file is correct with undionly.kpxe, IMO the issue is a FOS driver one. We’ve kind of ruled out a spanning tree issue (typically what we see here).

We will need the vendor and device code that I mentioned before.

@noelpd These are new like just from china new?

If that is the case the FOS Engine may not have the proper driver for it. I do see the ProBook 470 G2 are supported but no mention of the G3.

OK here is what I need you to do. I need you to manually register this computer and then schedule a capture or deploy it doesn’t matter because when you create the task, make sure you select the debug capture/deploy option. Then PXE boot this new G3.

It should take you right to what ever mode you selected, but don’t worry its not going to do anything. After a few pages where you have to hit enter you will be dropped to a linux command prompt. This is the shell of the FOS Engine.

Now we need to see what the FOS Engine sees for hardware. I need you to key in lspci -nn This should give you a list of built in hardware, you need to look through the list for the ethernet adapter. On that line, there will be a hex code like (8086:3D12) [that was made up]. We need to know that code. The @developers will need to see if that driver is included in the FOS kernel.

@george1421 But in your initial post you said you were able to get into the iPXE menu and select full inventory. That means if you were that far you have the right dhcp boot file (undionly.kpxe). So if this booted on the G3 then you are in legacy (bios) mode. The uefi boot kernel would not have got you anywhere. The issue is then with the FOS Engine or something else.

You said this is a HP G3 but what model number.

@noelpd Go into the bios/firm where there should be a switch setting to change between legacy and uefi mode.

@noelpd Wait, I think I missed something. Is this client in bios (legacy) mode or uefi? What did you change the iPXE boot kernel to?

@noelpd This is only a shot in the dark, but does the switch where this computer is connected, have spanning tree enabled? If so are you using one of the fast spanning tree protocols (fast stp, port fast, RSTP, etc)?

A test would be to put a dumb (unmanaged) switch between the building switch and the target computer then try to pxe boot again.

Logic: Basic spanning tree take 27 seconds before it starts to forward data after a link transition. You will get one link transition when the iPXE menu starts and one when the FOS Engine (the customized linux OS that captures, deploys, and registers target computers) starts up. So if spanning tree is enabled and one of the fast protocols are not used, I can understand this error.

So what should you do first. I assume today you have the proper line in your current PXE boot menu to forward the client to the FOG server, Right??

Take a test computer and collect its mac address, then get with your networking or admin group and have them insert the line from your current pxe menu into a text file and title that file the mac address of your target computer. I think you create the file name without any punctuation. So the file name should be like: 0018DC234567 Then pxe boot the target computer and see what happens.

Actually read over this page it does a lot better explaining of syslinux pxe booting than I can: http://www.syslinux.org/wiki/index.php?title=PXELINUX Plus I had the search order backwards (go figure)

@ABane You do have a bit more complex environment than most, so you will have to play withing the rules of what you setup.

For every one of these computers you want to zero touch deploy (or more exactly) automatically forward to FOG. You will need to create one of these config files. If this config file doesn’t exist it will use the default pxe menu. So to answer your question yes you will need a config file for each systems, unless you can say all dell computers will be auto forwarded. Because the syslinux pxe boot loader (pxelinux.0) will start by pattern matching mac addresses I don’t remember which directions it moves in but lets assume this.

For this mac address 00:18:DC:23:45:67 it should start pattern matching like this.

0…
00…
001…
0018…
0018D…
0018DC…
0018DC2…
0018DC23…
0018DC234…
0018DC2345…
0018DC23456…
0018DC234567

Until it finds a file that exactly matches the mac address pattern. So if you wanted all Dell computers (which will have the first 6 characters the same) you would create a single config file with this name 0018DC then any dell computers would be forwarded to the FOG server. This may not fit your case but this IS possible.

As for the one for one files the contents will all be the same (go contact the FOG server) just the file names will be an exact match.

As for collect 150 mac addresses no problem. There are ways to scan your network (as long as you are on the same subnet as the target computers) and pickup the mac addresses, then filter them in excel and then create a script to loop through your list creating these files. It takes a little work but it can be done.