Example DHCP server config doesn't work

[danboid]

The example dhcpd config given on https://netboot.xyz/docs/docker doesn't work. When I try using that config (or something like it) I get the errors:

PXE-T01: File not found
PXE-E3B: TFTP Error - File not found

Here is a working config albeit one that doesn't try to detect the platform, hence why I'm not submitting a PR to update the docs.

option arch code 93 = unsigned integer 16;

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.34 192.168.0.254;
  next-server 192.168.0.33;
  option subnet-mask 255.255.255.0;
  option routers 192.168.0.1;
  option broadcast-address 192.168.0.255;
  option domain-name "mynetwork.lan";
  option domain-name-servers 1.1.1.1;
  filename "netboot.xyz.kpxe";
}

[danboid]

I re-installed my Armbian Focal (20.04) running TV box (X96 Air) today and isc-dhcp-server would start fine if started manually but it was failing to start at boot. Armbian defaults to using NetworkManager so if you're using NM the fix for this problem is to run:

systemctl enable NetworkManager-wait-online.service

I tried unsuccessfully to get dnsmasq to work with the netboot docker container

EDIT

That will most likely be because I hadn't disabled port 69 on the docker container so the TFTP port would've clashed with the one from dnsmasq. I have yet to try dnsmasq again with the docker container.

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[danboid]

I've noticed the netboot docs contain an example UEFI and Legacy boot DHCP config but I've not yet tried translating that to regular isc-dhcp-server config, which I think is different so I've only been able to use my self hosted netboot.xyz server with BIOS machines so far.

https://netboot.xyz/docs/kb/networking/edgerouter

[vincemulhollon]

The exact and specific problem is the web page

https://netboot.xyz/docs/docker

Suggests an isc DHCP server config, including, in parts:

} elsif option arch = 00:00 {
filename "netboot.xyz.pxe";

And the docker image ships with no netboot.xyz.pxe file.

You can verify as follows:

docker logs netbootxyz

and notice there are repeated errors along the lines of RRQ for netboot.xyz.pxe followed by error messages about no file.

Well, OK then, I tried with command line tftp and yes indeed that file does not exist although I have no trouble downloading netboot.xyz.efi and netboot.xyz.kpxe using a CLI tftp client.

Then scroll down to the big table "The following bootfile names can be set as the boot file in the DHCP configuration. They are baked into the Docker image:" and node the docker image intentionally does not ship with a netboot.xyz.pxe

All you need do is remove that "if" lines for the .pxe file and then I can boot into the menu just fine, run my memtest and all that. Everything else about the docs seems OK? OPs solution of complete rewrite works also, of course, although all you really need to do is remove the reference to the non-existent .pxe file.

[danboid]

Hi vince

Can you please be more verbose in your solution? Please paste your working dhcp server config in full.

Are you claiming that your dhcp server config works with both BIOS and UEFI machines?

[vincemulhollon]

Yes I made a VMware image and forced it to legacy and netbooted it and it runs great and I have a physical hardware (admittedly, older) supermicro server that's set up to UEFI and it's netbooting Ubuntu while I type this in...

I have two DHCP servers both running up to date FreeBSD. They are set up primary/secondary and have hundreds of static assignments so I'm not going to cut and paste "everything" but heres the most of /usr/local/etc/dhcpd.conf:

# for netboot.xyz
option arch code 93 = unsigned integer 16;

option domain-search "cedar.mulhollon.com", "mulhollon.com";
option domain-name-servers 10.10.200.41,10.10.200.42;
default-lease-time 600;
max-lease-time 600;
ddns-update-style none;
authoritative;
log-facility local7;

failover peer "dhcp-failover" {
  primary;
  address dhcp1.cedar.mulhollon.com;
  port 647;
  peer address dhcp2.cedar.mulhollon.com;
  peer port 647;
  max-response-delay 30;
  max-unacked-updates 10;
  load balance max seconds 3;
  mclt 1800;
  split 128;
}

subnet 10.10.0.0 netmask 255.255.0.0 {
  option routers 10.10.1.1;
  option subnet-mask 255.255.0.0;
  option broadcast-address 10.10.255.255;
  pool {
    failover peer "dhcp-failover";
    max-lease-time 600;
    range 10.10.254.1 10.10.254.254;
  }

  next-server 10.10.21.12;
  if option arch = 00:07 {
    filename "netboot.xyz.efi";
  } else {
    filename "netboot.xyz.kpxe";
  }
}

host adf5355 {
  hardware ethernet dc:a6:32:4e:40:b4;
  fixed-address adf5355.cedar.mulhollon.com;
}

# A few hundred lines of host entries deleted because you'd find it rather repetitive and boring.

Comments:

"option arch code 93" I know not what this incantation means, but it seems required

The next paragraph is pretty standard network stuff, what is my DNS search string, what are my DNS servers, etc.

The next paragraph is a pretty typical primary side config for a dual-server cluster probably not very relevant to the netboot problem.

My IP address scheme is of the order of 10.vlan.0.0/16, so VLAN number 10 uses IP addresses 10.10.0.0/16 I don't use DHCP on my other VLANs (long story).

next-server is the ip address of my Docker install of netboot.xyz

My if options are just a cut down version of the web page docs.

If I log into my docker server and run a "docker logs netbootxyz" I see this kind of stuff for legacy:

2022-06-02 16:38:00 warning in.tftpd[108]: tftp: client does not accept options
2022-06-02 16:38:00 notice in.tftpd[111]: RRQ from 10.10.254.140 filename netboot.xyz.kpxe
2022-06-02 16:38:13 notice in.tftpd[112]: RRQ from 10.10.254.140 filename local-vars.ipxe
2022-06-02 16:38:13 info in.tftpd[112]: sending NAK (1, File not found) to 10.10.254.140
2022-06-02 16:38:13 notice in.tftpd[115]: RRQ from 10.10.254.140 filename MAC-0050568c05c6.ipxe
2022-06-02 16:38:13 info in.tftpd[115]: sending NAK (1, File not found) to 10.10.254.140
2022-06-02 16:38:13 notice in.tftpd[116]: RRQ from 10.10.254.140 filename menu.ipxe
2022-06-02 16:38:13 notice in.tftpd[117]: RRQ from 10.10.254.140 filename boot.cfg
2022-06-02 16:38:28 notice in.tftpd[118]: RRQ from 10.10.254.140 filename utils-pcbios-64.ipxe

If I boot a UEFI I see this kind of stuff for EFI boots:

2022-06-03 12:10:42 notice in.tftpd[147]: RRQ from 10.10.254.157 filename netboot.xyz.efi
2022-06-03 12:10:42 warning in.tftpd[147]: tftp: client does not accept options
2022-06-03 12:10:43 notice in.tftpd[150]: RRQ from 10.10.254.157 filename netboot.xyz.efi
2022-06-03 12:10:43 notice in.tftpd[151]: RRQ from 10.10.254.157 filename autoexec.ipxe
2022-06-03 12:10:43 info in.tftpd[151]: sending NAK (1, File not found) to 10.10.254.157
2022-06-03 12:11:25 notice in.tftpd[152]: RRQ from 10.10.254.158 filename local-vars.ipxe
2022-06-03 12:11:25 info in.tftpd[152]: sending NAK (1, File not found) to 10.10.254.158
2022-06-03 12:11:25 notice in.tftpd[155]: RRQ from 10.10.254.158 filename MAC-ac1f6b1a8b10.ipxe
2022-06-03 12:11:25 info in.tftpd[155]: sending NAK (1, File not found) to 10.10.254.158
2022-06-03 12:11:25 notice in.tftpd[156]: RRQ from 10.10.254.158 filename menu.ipxe
2022-06-03 12:11:25 notice in.tftpd[157]: RRQ from 10.10.254.158 filename boot.cfg
2022-06-03 12:11:45 notice in.tftpd[158]: RRQ from 10.10.254.158 filename linux.ipxe
2022-06-03 12:11:50 notice in.tftpd[161]: RRQ from 10.10.254.158 filename ubuntu.ipxe

It all works fine...

[vincemulhollon]

The next paragraph is a pretty typical primary side config for a dual-server cluster probably not very relevant to the netboot problem.

As a follow up I was thinking at lunch it would be hilarious to have two DHCP servers a primary and a secondary and only configure netboot correctly on one of the DHCP servers, then only about half the time would netboot work or maybe only on half the ip addresses or similar. That would be sooooooo hilarious, especially if I were copy-pasting from the bad config, so I double checked my work.

I keep both my servers DHCP config in the same git repo, so I can, and just did, "diff" the two files, and they are essentially identical other than the primary/secondary part of the config.

So yeah, verified that the above config is good working although I only cut and pasted from one of my two servers in the cluster.

Anyway good luck with this all.

[vincemulhollon]

I checked portainer and I'm running "build_version netboot.xyz version: 0.6.7-nbxyz7 Build-date: 2022-05-24T04:40:18"

I got that by installing the latest tag as per

https://github.com/netbootxyz/docker-netbootxyz/pkgs/container/netbootxyz

that is 11 days old, so I have the most recent netbootxyz docker image installed.

If you want to verify my claim that the Docker netboot container ships without netboot.xyz.pxe, all you need do is connect to the shell in the docker container, run "ps aux | grep tftpd" and you'll see the command line for tftpd looks like

bash-5.1# ps aux | grep tftpd
   17 root      0:00 /usr/sbin/in.tftpd -Lvvv --user nbxyz --secure /config/menus

Then cd /config/menus and ls netboot.* and

bash-5.1# cd /config/menus/
bash-5.1# ls netboot*
netboot.xyz-arm64-snp.efi      netboot.xyz-arm64.efi          netboot.xyz-snponly.efi        netboot.xyz.efi
netboot.xyz-arm64-snponly.efi  netboot.xyz-snp.efi            netboot.xyz-undionly.kpxe      netboot.xyz.kpxe
bash-5.1# 

Then look at the webpage https://netboot.xyz/docs/docker/ ISC-DHCP sample config which contains in part

  } elsif option arch = 00:00 {
    filename "netboot.xyz.pxe";

Well thats not going to work as you can see above that file isn't in the tftpd directory so it'll never be able to download it, which is why every time I'd boot I'd see an error in the tftpd logs complaining about that file not existing and the boot would fail.

So I just rewrote the DHCPD server config as seen above and it just works.

Theoretically either the docker image needs to have netboot.xyz.pxe added or the sample config should not reference that file or completely rewrite it like I did, either of the three options "should" work.

[antonym]

Updated docs to drop the pxe file as we don't currently build or bundle it in the image.

[danboid]

Sorry for the delay in getting back to you on this. I've got this working now and I'm ready to update the Docker docs page with all the missing details to get a container installed and get DHCP set up etc but I don't know how to fetch/update the docs.

I've cloned the netboot.xyz-docs repo then I tried:

dan@dan-HP-EliteBook-735-G6:~/src/netboot.xyz-docs$ yarn install
00h00m00s 0/0: : ERROR: [Errno 2] No such file or directory: 'install'
dan@dan-HP-EliteBook-735-G6:~/src/netboot.xyz-docs$ yarn start
00h00m00s 0/0: : ERROR: [Errno 2] No such file or directory: 'start'

Nor can I see the source for the docker page in that repo. I've never used yarn before so I'm a bit stuck.

Whats the easiest way to update the docs?

Also, on a bit of a tangent, is it not possible to boot into netboot when secure boot is enabled? I've not been able to do that but BIOS and UEFI w/o secure boot are working now.

[antonym]

If you want to submit a PR for the Docker README, you can do it here: https://github.com/netbootxyz/docker-netbootxyz/blob/master/README.md in markdown.

Yeah, secure boot does not work with iPXE, it would require getting the binaries signed by MS: https://ipxe.org/appnote/etoken

[danboid]

I have created this PR which addresses most of my gripes about the current netboot docker docs

netbootxyz/docker-netbootxyz#23

[danboid]

@antonym has merged my PR but https://netboot.xyz/docs/docker/ hasn't been updated yet to mirror the state of the updated docker-netbootxyz README and I suspect this is because the https://github.com/netbootxyz/docker-netbootxyz page says the build is currently failing. I don't think my markdown changes could cause the build to fail could it?

There are a few more changes I want to make (or would like to see someone else make) to the netboot.xyz docs:

• I haven't got netboot.xyz to use locally downloaded assets yet so I've opened a separate ticket for that:

netbootxyz/docker-netbootxyz#24

As I say in that ticket, I think I'm not using the right docker command option or path. Has anyone here tested using local assets with their own netboot server? Maybe its an unfinished feature?

• The Self-hosted page seems mis-titled. What most people prob want for 'self-hosted' is explained on the Docker page. The self-hosted page is for those who want to fully customise netboot, not just host a local instance. We should explain this at the top of the self-hosted page if we don't rename that page to make it less confusing.

• netboot's lack of support for secure boot should be covered in the FAQ https://netboot.xyz/docs/faq

• Has anyone written a guide for extracting the Windows install ISO for installation via netboot?

[danboid]

The DHCP config has been updated on the main Docker page so I'm closing this.

I'm going to open another ticket for al the other minor issues I have with the current docs.