UEFI & dhcpd.conf

Background:
I’ve been looking for a good bare metal installer for a while and came across Foreman only a week ago. I have been very impressed by the quality of the product and documentation. Many thanks to everyone here for your great work - very impressive!!!

Problem:
The strong documentation and foreman-installer made the basic installation very simple until I ran into my first roadblock - net booting my first server into discovery mode.

I tried everything over a few nights but without success until I discovered the problem was that…

  1. Sample dhcp.conf was missing the required net boot info.
  2. OMAPI interface between dhcpd and foreman wasn’t going to make good any of this gap.
  3. My server was, like most modern servers, based on UEFI rather than a classical BIOS.

I finally ended up setting up the host statically in Foreman and configuring the UEFI bios to legacy BIOS mode and hey presto, everything suddenly worked.

Solution:
I then started work on a better solution pulling details from RFC 4578, ISC DHCPD manual pages and various notes on this site regarding booting UEFI servers using grub2. The alternative dhcpd.conf file which I found on Google Groups written by @lzap looked close, but gave errors when I tried to run in on my version of dhcpd.

I messed around a little and came up with following configuration for dhcpd.conf using class and subclass. I have based this on the provided sample file for reference (my actual config is a little different :wink: )

ddns-update-style interim;
ignore client-updates;
authoritative;
allow booting;
allow bootp;

option pxe-arch code 93 = unsigned integer 16;

class "pxe-client" {
    match if substring(option vendor-class-identifier, 0, 9) ="PXEClient";
    spawn with option pxe-arch;
    next-server 10.1.1.1;
}

subclass "pxe-client" 00:00 {
    # Intel x86PC (BIOS) => PXELinux
    filename "pxelinux.0";
}

subclass "pxe-client" 00:06 {
    # EFI IA32 => Grub2
    filename "grub2/shim.efi";
}

subclass "pxe-client" 00:07 {
    # EFI BC => Grub2
    filename "grub2/shim.efi";
}

subclass "pxe-client" 00:09 {
    # EFI x86-64 => Grub2
    filename "grub2/shim.efi";
}

key omapi_key {
    algorithm HMAC-MD5;
    secret "2wgoV3yukKdKMkmOzOn/hIsM97QgLTT4CLVzg9Zv0sWOSe1yxPxArmr7a/xb5DOJTm5e/9zGgtzL9FKna0NWis==;"
}

omapi-key omapi_key;
omapi-port 7911;

subnet 10.1.1.0 netmask 255.255.255.0 {
    option routers      10.1.1.254;
    option subnet-mask  255.255.255.0;

    option domain-name    "domain.com";
    option domain-name-servers  10.1.1.1, 8.8.8.8;
    option log-servers    syslog;
    option ntp-servers    ntp;

    range dynamic-bootp 10.1.1.10 10.1.1.250;
    default-lease-time 21600;
    max-lease-time 43200;
}

Suggestion:
I suspect I might not be the last person to run into this problem. I can see from the development topics that work has started on supporting HTTP booting for UEFI.

Can I suggest that in the meantime, that we think about updating the sample dhcpd.conf file or at least consider putting up a couple of different versions for different purposes? It would certainly have saved me several days of effort :smile:

Many thanks again for an *excellent product!!

Foreman and Proxy versions:
foreman = 1.17
foreman-discovery = 10.0
dhcp = 4.2.5

3 Likes

Oops… missed a quote in the revised code above, but editing disabled already… :blush:

Hello and welcome to our community!

The sample conf wiki page is super old left-over which is not much relevant anymore. Our installer will actually set one up which works with UEFI if you tell it to do so (grep for dhcp options). I am going to edit this wiki and replace it with link to our documentation. FYI Here is mine from Foreman version 1.17:

omapi-port 7911;
default-lease-time 43200;
max-lease-time 86400;
ddns-update-style none;
option domain-name "nat.lan";
option domain-name-servers 192.168.199.3;
option ntp-servers none;
allow booting;
allow bootp;
option fqdn.no-client-update    on;  # set the "O" and "S" flag bits
option fqdn.rcode2            255;
option pxegrub code 150 = text ;
next-server 192.168.199.3;
option architecture code 93 = unsigned integer 16 ;
if option architecture = 00:06 {
  filename "grub2/shim.efi";
} elsif option architecture = 00:07 {
  filename "grub2/shim.efi";
} elsif option architecture = 00:09 {
  filename "grub2/shim.efi";
} else {
  filename "pxelinux.0";
}
log-facility local7;
include "/etc/dhcp/dhcpd.hosts";
subnet 192.168.199.0 netmask 255.255.255.0 {
  pool
  {
    range 192.168.199.10 192.168.199.109;
  }
  option subnet-mask 255.255.255.0;
  option routers 192.168.199.1;
}

Done, it is really old. Use the installer.

We are actually a project, but thanks :slight_smile:

1 Like

Hey… thanks for the update. Sorry… grep which doc/file?

A couple of other pages that you might want to look at…

Perhaps we could replace the samples and/or update the instructions to mention the relevant install option?

Thanks again - really great project :smile:

@lzap means the installer itself - you can do foreman-installer --full-help | grep ... or check out the installer manual section and search that.

Thanks for the update.

So I reread both to be sure. They both offer similar information. A couple of newbie observations…

  • Foreman 1.17 Manual - Section 4.3.4.2 ISC DHCP still contains the old sample dhcpd.conf. Perhaps worth updating?
  • 28 dhcp installer options listed… not immediately obvious from the concise descriptions which one would install a default dhcpd.conf. Any clues?

BTW… would be pleased to offer my help in reviewing documentation if it would be helpful. Don’t want to be a burden.

1 Like

No contributor is a burden :slight_smile: - do you need some pointers on where it lives?

:sunglasses: yes please.

2 Likes

No worries. Here’s the main manual repo:

If you just want to make simple edits, the GitHub UI should suffice - but if you want to do more, you’ll want to clone the repo and run it locally to test your changes. I’ve no idea of your comfort level with that kind of thing, so I’ll point you to these notes for running a local copy of the site, and trust you to ask if it’s not clear enough :slight_smile:

Thanks!

3 Likes