Using FOG with an unmodifiable DHCP server/ Using FOG with no DHCP server

Note:

This article is quality and may be followed, however a new article is written at the below link that includes UEFI support.

New article: ProxyDHCP with dnsmasq

=Overview= This combines FOG with a proxyDHCP server. What a proxyDHCP service does is listen to DHCP requests and respond to clients identifying themselves as PXE Clients. It leaves the role of assigning IP addresses to the other DHCP servers, but provides the necessary information so the client can PXE boot. ProxyDHCP is a solution for those of you who are working with an unmodifiable DHCP server or wish to avoid the hassle of editing the already existing DHCP server, or even as a portable imaging solution.

=How ProxyDHCP works= When a PXE client boots up, it sends a DHCP Discover broadcast on the network, which includes a list of information the client would like from the DHCP server, and some information identifying itself as a PXE capable device. A regular DHCP server responds with a DHCP Offer, which contains possible values for network settings requested by the client.Usually a possible IP address, subnet mask, router (gateway) address, dns domain name, etc. Because the client identified itself as a PXEClient, the proxyDHCP server also responds with a DHCP Offer with additional information, but not IP address info. It leaves the IP address assigning to the regular DHCP server. The proxyDHCP server provides the next-server-name and boot file name values, which is used by the client during the upcoming TFTP transaction. The PXE Client responds to the DHCP Offer with a DHCP Request, where it officially requests the IP configuration information from the regular DHCP server. The regular DHCP server responds back with an ACK (acknowledgement), letting the client know it can use the IP configuration information it requested. The client now has its IP configuration information, TFTP Server name, and boot file name and it initiate a TFTP transaction to download the boot file. 

=Environment= Tested working with:


 * dnsmasq
 * LTSP Server, further documentation at Ubuntu LTSP/ProxyDHCP.

=Setup and Configuration=  First get your desired linux flavor installed</li>

Install FOG (use instructions on wiki user manual)</li>

Make sure you do a normal server installation, don't setup a DHCP router address or a DNS server address, also don't use FOG as a DHCP server.</li>

If you set a MySQL password make sure you change it in /var/www/fog/commons/config.php and also in /opt/fog/service/etc/config.php</li>

Edit /etc/exports to look like this:

/images                       *(ro,async,no_wdelay,insecure_locks,no_root_squash,insecure) /images/dev                   *(rw,async,no_wdelay,no_root_squash,insecure) </li>

Install dnsmasq using: sudo apt-get install dnsmasq </li>

Create /etc/dnsmasq.d/ltsp.conf using the following settings, modify as needed:
 * 1) Sample configuration for dnsmasq to function as a proxyDHCP server,
 * 2) enabling LTSP clients to boot when an external, unmodifiable DHCP
 * 3) server is present.
 * 4) The main dnsmasq configuration is in /etc/dnsmasq.conf;
 * 5) the contents of this script are added to the main configuration.
 * 6) You may modify the file to suit your needs.

port=0
 * 1) Don't function as a DNS server:

log-dhcp
 * 1) Log lots of extra information about DHCP transactions.


 * 1) Dnsmasq can also function as a TFTP server. You may uninstall
 * 2) tftpd-hpa if you like, and uncomment the next line:
 * 3) enable-tftp

tftp-root=/tftpboot
 * 1) Set the root directory for files available via FTP.

dhcp-boot=pxelinux.0
 * 1) The boot filename.

dhcp-option=17,/images
 * 1) rootpath option, for NFS

dhcp-option=vendor:PXEClient,6,2b
 * 1) kill multicast

dhcp-no-override
 * 1) Disable re-use of the DHCP servername and filename fields as extra
 * 2) option space. That's to avoid confusing some old or broken DHCP clients.

pxe-prompt="Press F8 for boot menu", 3
 * 1) PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.

pxe-service=X86PC, "Boot from network", pxelinux
 * 1) The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
 * 2) Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
 * 3) This option is first and will be the default if there is no input from the user.

pxe-service=X86PC, "Boot from local hard disk", 0
 * 1) A boot service type of 0 is special, and will abort the
 * 2) net boot procedure and continue booting from local media.


 * 1) If an integer boot service type, rather than a basename is given, then the
 * 2) PXE client will search for a suitable boot service for that type on the
 * 3) network. This search may be done by multicast or broadcast, or direct to a
 * 4) server if its IP address is provided.
 * 5) pxe-service=x86PC, "Install windows from RIS server", 1

dhcp-range=192.168.1.10,proxy
 * 1) This range(s) is for the public interface, where dnsmasq functions
 * 2) as a proxy DHCP server providing boot information but no IP leases.
 * 3) Any ip in the subnet will do, so you may just put your server NIC ip here.
 * 4) Since dnsmasq is not providing true DHCP services, you do not want it
 * 5) handing out IP addresses.  Just put your servers IP address for the interface
 * 6) that is connected to the network on which the FOG clients exist.
 * 7) If this setting is incorrect, the dnsmasq may not start, rendering
 * 8) your proxyDHCP ineffective.


 * 1) This range(s) is for the private network on 2-NIC servers,
 * 2) where dnsmasq functions as a normal DHCP server, providing IP leases.
 * 3) dhcp-range=192.168.0.20,192.168.0.250,8h


 * 1) For static client IPs, and only for the private subnets,
 * 2) you may put entries like this:
 * 3) dhcp-host=00:20:e0:3b:13:af,10.160.31.111,client111,infinite </li>

Restart dnsmasq with sudo service dnsmasq restart </li></ol>

Note: After getting everything working, you can change the timeout to 0 on the line: pxe-prompt="Press F8 for boot menu", 3

=DNSMASQ settings for iPXE= This information pertains to FOG 0.33 and the new iPXE boot method.

In order to continue to use dnsmasq to dole out ip addresses and to help find the boot file, some changes need to be made to force the boot file to load the iPXE boot file.

***FIRST*** Update the schema by navigating to your fog management page and install the update.

Make the following changes to your ltsp.conf file

port=0
 * 1) Don't function as a DNS server:

log-dhcp
 * 1) Log lots of extra information about DHCP transactions.


 * 1) Dnsmasq can also function as a TFTP server. You may uninstall
 * 2) tftpd-hpa if you like, and uncomment the next line:
 * 3) enable-tftp

tftp-root=/tftpboot
 * 1) Set the root directory for files available via FTP.

dhcp-boot=undionly.kpxe,,x.x.x.x
 * 1) The boot filename, Server name, Server Ip Address


 * 1) rootpath option, for NFS
 * 2) dhcp-option=17,/images


 * 1) kill multicast
 * 2) dhcp-option=vendor:PXEClient,6,2b

dhcp-no-override
 * 1) Disable re-use of the DHCP servername and filename fields as extra
 * 2) option space. That's to avoid confusing some old or broken DHCP clients.

pxe-prompt="Press F8 for boot menu", 3
 * 1) PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.

pxe-service=X86PC, "Boot from network", undionly
 * 1) The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
 * 2) Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
 * 3) This option is first and will be the default if there is no input from the user.


 * 1) A boot service type of 0 is special, and will abort the
 * 2) net boot procedure and continue booting from local media.
 * 3) pxe-service=X86PC, "Boot from local hard disk", 0


 * 1) If an integer boot service type, rather than a basename is given, then the
 * 2) PXE client will search for a suitable boot service for that type on the
 * 3) network. This search may be done by multicast or broadcast, or direct to a
 * 4) server if its IP address is provided.
 * 5) pxe-service=x86PC, "Install windows from RIS server", 1

dhcp-range=10.0.0.10,proxy
 * 1) This range(s) is for the public interface, where dnsmasq functions
 * 2) as a proxy DHCP server providing boot information but no IP leases.
 * 3) Any ip in the subnet will do, so you may just put your server NIC ip here.
 * 4) Since dnsmasq is not providing true DHCP services, you do not want it
 * 5) handing out IP addresses.  Just put your servers IP address for the interface
 * 6) that is connected to the network on which the FOG clients exist.
 * 7) If this setting is incorrect, the dnsmasq may not start, rendering
 * 8) your proxyDHCP ineffective.


 * 1) This range(s) is for the private network on 2-NIC servers,
 * 2) where dnsmasq functions as a normal DHCP server, providing IP leases.
 * 3) dhcp-range=192.168.0.20,192.168.0.250,8h


 * 1) For static client IPs, and only for the private subnets,
 * 2) you may put entries like this:
 * 3) dhcp-host=00:20:e0:3b:13:af,10.160.31.111,client111,infinite

Save your file and restart your dnsmasq service with the following command: sudo service dnsmasq restart

Make a symlink for the undionly.kpxe file so dnsmasq can find it. cd /tftpboot sudo ln -s undionly.kpxe undionly.0

OR

cd /tftpboot cp undionly.kpxe undionly.0

=Additional Steps for 12.04.4, 12.04.5, 14.04, 14.10= In Specific, when starting DNSMASQ you receive the following error: dnsmasq: failed to create listening socket for port 53: Address already in use failed! If you are using Ubuntu version 12.04.4, 12.04.5, 14.04, 14.10, dnsmasq-base is already installed on your system and in use by the network-manager.

Attempting to start the dnsmasq service after installation will lead to an error, the error mentioned above. To fix this error:

 Open terminal and issue the following command: sudo nano /etc/NetworkManager/NetworkManager.conf </li>  Remove the line dns=dnsmasq </li>  Now we need to restart the network service sudo service network-manager restart </li>  This should resolve issues with getting dnsmasq to start. </li>  Issue the following command: sudo service dnsmasq restart </li>

</ol> =Serving ProxyDHCP to multiple subnets= If you are serving ProxyDHCP to multiple subnets some changes must be made to your switches/routers and your server config.

 Modify your /etc/dnsmasq.d/ltsp.conf file by adding the subnet mask option to line: dhcp-range=192.168.1.10,proxy to make it dhcp-range=192.168.1.10,proxy,255.255.0.0 which will serve all 192.168.x.x subnets. If you are using 10.x.x.x addressing, use subnet mask "255.0.0.0" (8-bit) and if you are using 172.16.x.x, use subnet mask "255.240.0.0" (12 bit). Basically set the subnet mask so that all subnets on which ProxyDHCP should answer are covered.

If you don't do this, the ProxyDHCP server will not respond to DHCP requests for hosts outside of it's own subnet.</li> <li>Add an IP Helper/DHCP Relay record to your router or switch so the DHCP broadcasts are sent to your normal DHCP server AND the Fog server.</li> </ol>

=References= I gathered a lot of my ideas from peoples' questions on the FOG forums and the Ubuntu documentation on the LTSP proxyDHCP server, so thanks to them. Junkhacker - for help with iPXE chainloading jbsclm - for his work on figuring out how to chainload 0.33b with 0.32 pxelinux.0 http://forum.ipxe.org/showthread.php?tid=6077 - documentation on chainloading with dnsmasq

=Troubleshooting=

As ProxyDHCP intercepts DHCP requests, it starts its own internal checks. If it can't find the boot-file that is supposed to be assigned, it tells the requesting system there is nothing to find.

If it finds the file, it will send out the info as normal.

Using the above method and filter, this is what a BROKEN dnsmasq (ProxyDHCP) conversation looks like:



In this case, dnsmasq boot file name is not configured correctly, the boot file does not exist, or TFTP is not configured properly.

=Additional Info= A ProxyDHCP server can also help deal with PXE Clients that do not work with seperate DHCP and TFTP servers using option 66 &amp;67 (Windows), or next-server and filename (Linux). This can resolve situations where the clients are getting the tftp server IP address and filename, but are having issues with the TFTP Transaction, such as: PXE-T01: File not found, and other errors.

This has successfully resolved issues with: