from:"Sven\-Volker Nowarra"

Fwd: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

2017-01-29 Thread Sven-Volker Nowarra

>> ...
>>
>> $ ./tftpd_rewrite
>> $ doas chgrp _tftpd /tmp/tftpd_rewrite.sock ; doas chmod g+w
/tmp/tftpd_rewrite.sock
>> $ doas tftpd -v -r /tmp/tftpd_rewrite.sock /home/vm
>>
>> $ tftp 127.0.0.1
>> tftp> get /etc/boot.conf
>> Received 38 bytes in 0.0 seconds
>>
>> $ syslogc daemon | tail -n1
>> Jan 29 01:51:49 t440s tftpd[626]: 127.0.0.1: read request for
'/etc/boot.conf'
>> $ cat boot.conf
>> set tty com0
>> boot tftp:/bsd.rd.i386
>
> nice proof of concept :-)
> thx! works well with OpenBSD's tftpd.
> Same logic does not apply to in.tftpd or atftpd. I had copied the OpenBSD
"pxeboot" (amd64 and i386, they differ a bit) to my Linux box. As you can see
in the second line, the requested filename "boot.conf" has no additional IP
address or MAC to filter on:
>
>  in.tftpd[2131]: RRQ from 192.168.88.253 filename /i386/bsd60_i386_pxeboot
>> in.tftpd[2132]: remap: input: /etc/boot.conf
>  in.tftpd[2132]: remap: done
>  in.tftpd[2132]: RRQ from 192.168.88.253 filename /etc/boot.conf
>  in.tftpd[2133]: remap: input: /etc/random.seed
>  in.tftpd[2133]: remap: done
>  in.tftpd[2133]: RRQ from 192.168.88.253 filename /etc/random.seed
>  in.tftpd[2133]: sending NAK (1, File not found) to 192.168.88.253
>  in.tftpd[2134]: remap: input: /bsd
>  in.tftpd[2134]: remap: done
>  in.tftpd[2134]: RRQ from 192.168.88.253 filename /bsd
>  in.tftpd[2134]: sending NAK (1, File not found) to 192.168.88.253
>
> This way, when creating a remapping based on the raw filename, it would
apply to i386 and amd64.
> Anyhow, I will update my doc with the solution for OpenBSD. Already a good
step forwards.
> At the same time I will also update with Anton's remark for a dual server.
>

I am wrong! I have played around with in.tftpd. I could get my OpenBSD systems
to properly netboot i386 and amd64 in the same network segment. Here is all
the configs I used, to achieve OpenBSD clients booting from in.tftpd and it's
"filename remapping":

/etc/hosts:
192.168.88.253 mvbcxfw1.svn.localdomain mvbcxfw1
192.168.88.254 mvbcxfw2.svn.localdomain mvbcxfw2

/etc/tftp.remap:
r /etc/boot.conf /etc/boot.conf.\i

This translates into: for all requests [r] that come with a filename
“/etc/boot.conf” replace it with the filename “/etc/boot.conf” and
attach a dot and the IP address of the tftpd requesting client [\i]. (man
in.tftpd)

/etc/dhcpd.conf
...
group {
  filename "/pxeboot";
  next-server 192.168.88.8;
  host mvbcxfw1 {
option host-name "mvbcxfw1";
hardware ethernet 00:47:11:12:01:27;
fixed-address mvbcxfw1;
  }
  host mvbcxfw2 {
option host-name "mvbcxfw2";
hardware ethernet 00:47:11:12:01:28;
fixed-address mvbcxfw2;
  }
}

I created two files in the /srv/tftpboot/etc/ directory:

/srv/tftpboot/etc/boot.conf.192.168.88.253:
echo #
echo # in.tftpd greetings to client 192.168.88.253
echo #
boot /i386/bsd60_i386_bsd.rd

/srv/tftpboot/etc/boot.conf.192.168.88.254:
echo #
echo # in.tftpd greetings to client 192.168.88.254
echo #
boot /amd64/bsd60_amd64_bsd.rd

I then start the xinetd, with the in.tftpd activated. The config file
/etc/xinetd.d/tftp:
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
group = tftp
server = /usr/sbin/in.tftpd
server_args = -m /etc/tftpd.remap -vvv -s /srv/tftpboot
}

Alternativly, one can also do a manual start:
/usr/sbin/in.tftpd -l -m /etc/tftpd.remap -vvv -s /srv/tftpboot

I boot my first i386 client, and see this in journalctl -f
/usr/sbin/in.tftpd:
  Jan 30 02:04:33 mleap42ix in.tftpd[4125]: remap: input: /pxeboot
  Jan 30 02:04:33 mleap42ix in.tftpd[4125]: remap: done
  Jan 30 02:04:33 mleap42ix in.tftpd[4125]: RRQ from 192.168.88.253 filename
/pxeboot
  Jan 30 02:04:33 mleap42ix in.tftpd[4126]: remap: input: /etc/boot.conf
  Jan 30 02:04:33 mleap42ix in.tftpd[4126]: remap: rule 0: rewrite:
/etc/boot.conf.192.168.88.253
  Jan 30 02:04:33 mleap42ix in.tftpd[4126]: remap: done
  Jan 30 02:04:33 mleap42ix in.tftpd[4126]: RRQ from 192.168.88.253 filename
/etc/boot.conf remapped to /etc/boot.conf.192.168.88.253
...
  Jan 30 02:04:33 mleap42ix in.tftpd[4128]: remap: input:
/i386/bsd60_i386_bsd.rd
  Jan 30 02:04:33 mleap42ix in.tftpd[4128]: remap: done
  Jan 30 02:04:33 mleap42ix in.tftpd[4128]: RRQ from 192.168.88.253 filename
/i386/bsd60_i386_bsd.rd

Line number 5 and line number 7 show the change. So with this one can define a
per IP address config file, and define in the boot.conf . whichever kernel
we want to boot. The equivalent result for the amd64 client would show the
remapping, and boot the amd64 kernel.

rgds,
Volker

Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

2017-01-29 Thread Sven-Volker Nowarra

> Am 29.01.2017 um 14:23 schrieb Jiri B :
>
>>> Isn't better to use rewrite/file remapping instead of hacking pxeboot?
>>> If an i386 machine would request /etc/boot.conf via tftp you could
rewrite
>>> it to (based on fact you know that that machine is i386 - during
provisioning)
>>> /etc/i386/boot.conf. For the client I suppose it would still think it
gets
>>> /etc/boot.conf.
>
> A POC...
>
> j.
>
> ~~~
> #!/usr/bin/perl -w
>
> use IO::Socket::UNIX;
>
> my $socket_path = '/tmp/tftpd_rewrite.sock';
> unlink $socket_path if -e $socket_path;
> my $socket = IO::Socket::UNIX->new(
>Local  => $socket_path,
>Type   => SOCK_STREAM,
>Listen => SOMAXCONN,
> );
> die "Can't create socket: $!" unless $socket;
>
> while (1) {
>next unless my $connection = $socket->accept;
>$connection->autoflush(1);
>while (my $line = <$connection>) {
>chomp($line);
># XXX
># conditionals here
>if ($line =~ /^127.0.0.1 read \/etc\/boot.conf$/) {
>print $connection "/etc/boot.conf.i386\n";
>} elsif ($line =~ /^\S+ read \/etc\/boot.conf$/) {
>print $connection "/etc/boot.conf\n";
>}
>}
> }
> ~~~
>
> $ ./tftpd_rewrite
> $ doas chgrp _tftpd /tmp/tftpd_rewrite.sock ; doas chmod g+w
/tmp/tftpd_rewrite.sock
> $ doas tftpd -v -r /tmp/tftpd_rewrite.sock /home/vm
>
> $ tftp 127.0.0.1
> tftp> get /etc/boot.conf
> Received 38 bytes in 0.0 seconds
>
> $ syslogc daemon | tail -n1
> Jan 29 01:51:49 t440s tftpd[626]: 127.0.0.1: read request for
'/etc/boot.conf'
> $ cat boot.conf
> set tty com0
> boot tftp:/bsd.rd.i386

nice proof of concept :-)
thx! works well with OpenBSD's tftpd.
Same logic does not apply to in.tftpd or atftpd. I had copied the OpenBSD
"pxeboot" (amd64 and i386, they differ a bit) to my Linux box. As you can see
in the second line, the requested filename "boot.conf" has no additional IP
address or MAC to filter on:

  in.tftpd[2131]: RRQ from 192.168.88.253 filename /i386/bsd60_i386_pxeboot
> in.tftpd[2132]: remap: input: /etc/boot.conf
  in.tftpd[2132]: remap: done
  in.tftpd[2132]: RRQ from 192.168.88.253 filename /etc/boot.conf
  in.tftpd[2133]: remap: input: /etc/random.seed
  in.tftpd[2133]: remap: done
  in.tftpd[2133]: RRQ from 192.168.88.253 filename /etc/random.seed
  in.tftpd[2133]: sending NAK (1, File not found) to 192.168.88.253
  in.tftpd[2134]: remap: input: /bsd
  in.tftpd[2134]: remap: done
  in.tftpd[2134]: RRQ from 192.168.88.253 filename /bsd
  in.tftpd[2134]: sending NAK (1, File not found) to 192.168.88.253

This way, when creating a remapping based on the raw filename, it would apply
to i386 and amd64.
Anyhow, I will update my doc with the solution for OpenBSD. Already a good
step forwards.
At the same time I will also update with Anton's remark for a dual server.

thx, rgds,
Volker

Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

2017-01-28 Thread Sven-Volker Nowarra

> Am 28.01.2017 um 14:56 schrieb Jiri B <ji...@devio.us>:
>
> On Sat, Jan 28, 2017 at 12:17:40AM +0100, Sven-Volker Nowarra wrote:
>> I am netbooting many systems, and last recently stepped on the issue, that
I
>> had an amd64 and an i386 client in the same network. I wanted to boot them
>> into a "full" OpenBSD (not ramdisk kernel). That is not possible with the
>> default installation, cause pxeboot can not distinguish between these
>> Intel/AMD systems. DHCP server can distinguish by MAC address, but then
when
>> pxeboot is loaded, the kernel is per default "bsd". This must clash either
>> with i386 or amd64 architecture, whatever was dropped into tftpboot
direcotry.
>> So I went through some older mailing list entries, adapted them, and
updated
>> my meanwhile extensive netboot document. I updated this into a PDF,
covering
>> many, many details (now ~50 pages). Wanted to give something back to the
>> community. The PDF is currently located here:
>> http://nowarra.ch/Volker/netboot_OpenBSD/170127_netbooting_OpenBSD60.pdf
>>
>
> Thanks, interesting document.
>
> Isn't better to use rewrite/file remapping instead of hacking pxeboot?
> If an i386 machine would request /etc/boot.conf via tftp you could rewrite
> it to (based on fact you know that that machine is i386 - during
provisioning)
> /etc/i386/boot.conf. For the client I suppose it would still think it gets
> /etc/boot.conf.
>
> j.

If this works, I could get rid of recompiling pxeboot everytime a new release
comes out. Well, sometimes pxeboot also supports "older" OpenBSDs, but that is
another topic.

I understand, the tftp server has a "root dir" for the client specified. In
the dhcpd.conf I declare per client a MAC address and its filename (usually
"/pxeboot"). The i386 pxeboot manual says: "pxeboot boot program will look for
an /etc/boot.conf configuration file on the TFTP server." I didn't find a
reference to a different sub structure...

Anyway, I tried a structure like you proposed, but pxeboot didn't find the
boot.conf, and didn't even show the echo lines from this file (so useless to
play with bsd location). This was my setup:

location of boot.conf:
  /tftpboot/etc/i386/boot.conf

$ cat /tftpboot/etc/i386/boot.conf
echo ###
echo ### hello from tftpd@192.168.88.12, with /etc/i386/boot.conf ###
echo ###
boot bsd.rd

$ cat /etc/dhcpd.conf | grep filename
   filename "/pxeboot";

I also tried to play with the dhcpd.conf settings, by using a different subdir
for pxeboot, but I didn't get the system to find "his" boot.conf in the i386
directory.

netbooting OpenBSD (6.0) i386 and amd64 clients from one server

2017-01-28 Thread Sven-Volker Nowarra

I am netbooting many systems, and last recently stepped on the issue, that I
had an amd64 and an i386 client in the same network. I wanted to boot them
into a "full" OpenBSD (not ramdisk kernel). That is not possible with the
default installation, cause pxeboot can not distinguish between these
Intel/AMD systems. DHCP server can distinguish by MAC address, but then when
pxeboot is loaded, the kernel is per default "bsd". This must clash either
with i386 or amd64 architecture, whatever was dropped into tftpboot direcotry.
So I went through some older mailing list entries, adapted them, and updated
my meanwhile extensive netboot document. I updated this into a PDF, covering
many, many details (now ~50 pages). Wanted to give something back to the
community. The PDF is currently located here:
http://nowarra.ch/Volker/netboot_OpenBSD/170127_netbooting_OpenBSD60.pdf

Fwd: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

netbooting OpenBSD (6.0) i386 and amd64 clients from one server

4 matches

Site Navigation

Mail list logo

Footer information