Doing PXE installations without control over the DHCP server.

Niels Basjes, 29 April 2012

In many cases there is a desire to do PXE based installations that can be managed by tools like cobbler and puppet. This page describes how this can be accomplished by using a combination of cobbler, dnsmasq and (optionally) puppet.

Introduction

I wrote this because I got emails stating that what I described here couldn't be done. They were partially right. It can be done but only with a small patch in cobbler. So I decided to provide a fix for cobbler and document the whole thing here.

At the end of this description you'll be able to run a PXE based installation system backed by cobbler without controlling the existing DHCP server. I've had people tell me this can't be done. It can be done and this is how.

Essential background information on PXE.

Booting a system using PXE is really using a DHCP broadcast with some additional flags and options.

The booting client needs a few things to continue:

  1. Enough network configuration to connect to the network
  2. Enough boot information to retrieve and start the code that bootstraps the operating system (usually pxelinux.0).

The trick we will be using is that a single PXE/DHCP request is answered by two "half" answers: one for the network info and one for the boot info.

Now main reason why people say this can't be done is because the most commonly used tools (like the ISC DHCP server) don't support this.

The cool thing is that this is an official part of the PXE standard and with recent versions of dnsmasq we have a tool that actually do this and is very manageable and flexible.

Have a look at section 1.5.1.1 of the PXE spec; We'll be doing "Separate standard DHCP and redirection service" (=ProxyDHCP).

The setup

Prerequisites

  1. You need to have a system (may very well be a virtual system) with a common Linux installed. I usually pick the latest CentOS.
  2. All systems you want to install this way must get a valid IP address from the main DHCP server.
  3. If the system admins already have a DHCP/PXE server in place that responds to such requests then STOP NOW. There is no reliable way to get your PXE server running.

Assuming this is done in an environment where other exist I strongly recommend to play nice.

So our setup will ignore any dhcp/pxe requests from unknown systems.

Installing

You must install

  • a dnsmasq version 2.51 or newer because we need proxyDHCP support.
  • a cobbler version that is newer than 2012-04-29. This is needed because of this patch

Configuring

Because I'm not providing a 100% installation manual I'll only focus on the basic config settings that need attention.

Simply configure cobbler to control the dns and dhcp for using dnsmasq

.

The config file for dnsmasq is generated using this template

.

I highlighted the important keywords.

/etc/cobbler/dnsmasq.template

# Cobbler generated configuration file for dnsmasq
# $date
#

# Usage logging (use this for debug only !)
log-queries
log-async

# resolve.conf .. ?
#no-poll
#enable-dbus
read-ethers
addn-hosts = /var/lib/cobbler/cobbler_hosts

# Be a proxyDHCP server
dhcp-range=10.10.0.0,proxy

# Only respond to clients that are known (i.e present in /etc/ethers)
dhcp-ignore=#known

# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
domain=example.com,10.10.0.0

# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
pxe-service=x86PC, "Boot PXELinux (=Cobbler controlled)", pxelinux ,$next_server

# Include the systems that must be "known"
$insert_cobbler_system_definitions

Running

Now your should first step is to run this without any systems defined in cobbler. This way you can verify it really ignores unknown requests.

After you verified this you can complete the cobbler installation by importing an operating system and configuring it for installation.

The next step is to define a system that needs to be installed. Now here we do something funny: We only define the MAC address.

We DO NOT define an IP address and there is no use in defining a hostname.

Do cobbler sync and you should be ready to roll.