The
pxe-boot-prepare.sh script:
Code:
#!/bin/sh
# (c) J65nko daemonforums.org
# ISC license
#
# ---- prepare OpenBSD box as PXE boot server
# See http://www.openbsd.org/faq/faq6.html#PXE for the details
# If you use an 'install.conf' file for autoinstall(8) read that
# man page for additional instructions on configuring the DHCP server
if [ "$(id -u)" -ne 0 ]; then
echo $0 error: Requires root privilege, sorry, bailing out ....
exit 10
fi
case "$1" in
amd64 | i386 ) ARCH="$1"
;;
* ) echo "$0 : Please specify architecture ('amd64' or 'i386')"
exit 1
;;
esac
# tftpboot is a dyslexic nightmare so we select another name here ....
PXE_DIR=/pxe
WEBDIR=/home/www/snapshots/${ARCH}
COM_SPEED=19200
echo Creating ${PXE_DIR}/etc ...
mkdir -p ${PXE_DIR}/etc
# --- enable tftpd daemon in /etc/rc.conf.local
FILE=/etc/rc.conf.local
#FILE=$(basename $FILE)
echo Checking for 'tftpd_flags' setting in "${FILE}" ...
if grep 'tftpd_flags=' ${FILE} ; then
echo Trivial File Protocol Daemon already mentioned in "${FILE}"
echo So please check it ....
else
echo Updating ${FILE} to enable TFTP daemon..
cat <<-END >>${FILE}
# --- $(date) ---
#tftpd_flags=NO # for normal use: "[chroot dir]
tftpd_flags=${PXE_DIR}
END
fi
echo "Creating ${PXE_DIR}/etc/random.seed for bootloader ..."
# -- code lifted from /etc/rc
#dd if=/dev/random of=${PXE_DIR}/etc/random.seed bs=512 count=1 status=none
dd if=/dev/random of=${PXE_DIR}/etc/random.seed bs=512 count=1
chmod 644 ${PXE_DIR}/etc/random.seed
# See boot.conf(8) for the details
FILE=${PXE_DIR}/etc/boot.conf
#FILE=$(basename ${FILE})
echo Creating ${FILE} ...
cat <<END >${FILE}
time
set image bsd.rd
stty com0 ${COM_SPEED}
set
set tty com0
set
END
echo Deleting ${PXE_DIR}/INSTALL.\* ...
rm -f ${PXE_DIR}/INSTALL.*
echo Copying 'pxeboot', 'bsd.rd' and "INSTALL.${ARCH}" from ${WEBDIR} ....
# INSTALL.${ARCH} is not needed for PXE booting
# we use it only as indicator for architecture
cp -p ${WEBDIR}/{pxeboot,bsd.rd,INSTALL.${ARCH}} ${PXE_DIR}
# -- for autoinstall(8). Ssee NOTE at end of script
# Not harmful if you don't use autoinstall
echo "For autoinstall(8) creating symbolic link "${PXE_DIR}/auto_install" \
pointing to "${PXE_DIR}/pxeboot" ..."
ln -sf pxeboot ${PXE_DIR}/auto_install
cat <<END
------- contents of ${PXE_DIR} -----------
$(ls -lR ${PXE_DIR})
--- contents of ${PXE_DIR}/etc/boot.conf --
$(cat ${PXE_DIR}/etc/boot.conf)
--------------------------------------
END
cat <<END
The tftpd program is located at $(which tftpd)
Start it with:
$(which tftpd) ${PXE_DIR}
or
sudo /etc/rc.d/tftpd start
Then verify with "netstat" whether TFTP daemon is at port 69:
$ netstat -an -f inet -p udp
You should see something like this:
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
udp 0 0 *.69 *.*
-----------------------------------------------------------------------------
==== Output of "ps -aux | grep tftpd | grep -v grep":
$(ps -aux | grep tftpd | grep -v grep)
==== Output of "netstat -an -f inet -p udp":
$( netstat -an -f inet -p udp)
-----------------------------------------------------------------------------
END
#
# NOTE FOR PF USERS
#
# --- pf firewall rules for tftpd server (here 192.168.222.20)
# Like FTP, TFTP uses two communication channels. The command channel uses
# destination port 69. The TFTP daemon listens on this port.
# A separate data channel is used to to transfer data via UDP. The TFTPD server
# and client negotiate the ports, and then the server initiates this channel.
# (just like active FTP ).
#
# A) You need to allow incoming udp traffic to port 69, on which the tftpd server
# listens:
#
# @39 pass in quick on egress inet proto udp from 192.168.222.0/24 to any port = 69
# [ Evaluations: 1662 Packets: 28 Bytes: 1369 States: 0 ]
# [ Inserted: uid 0 pid 7938 State Creations: 20 ]
#
# B) For the data transfer outgoing UDP needs to be allowed
# Here 192.168.222.230 is the TFTP client
#
# @32 pass out quick on egress inet proto udp from 192.168.222.20 to 192.168.222.230
# [ Evaluations: 26 Packets: 310754 Bytes: 89595798 States: 0 ]
#
# If the TFTPD server is behind a firewall, you can use tftp-proxy(8)
#
# From https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol :
# TFTP uses UDP as its transport protocol. A transfer request is
# always initiated targeting port 69, but the data transfer ports are
# chosen independently by the sender and receiver during the transfer
# initialization. The ports are chosen at random according to the
# parameters of the networking stack, typically from the range of
# ephemeral ports.
# ENDQUOTE
#
# On OpenBSD the ephemeral port range is defined
# with the following sysctl settings:
#
# net.inet.ip.porthifirst=49152
# net.inet.ip.porthilast=65535
#
# However with OpenBSD TFTPD this does not seem like the case.
# At least from my experience with PXE booting OpenBSD virtual
# guests under Linux Kernel-based Virtual Machine (KVM) as host
# So I gave up specifying a port range and just use the IP address range.
#
#
# QUOTE FROM autoinstall(8):
#
# On architectures where the 'filename' statement is used to provide the name
# of the file to netboot it is necessary to create symbolic links called
# 'auto_install' and 'auto_upgrade' that point to the expected boot program and
# to change the value of the filename statement in the dhcpd.conf(5) file
# to be 'auto_instal' or 'auto_upgrade'.
#
# Note that in these cases, the HTTP server and TFTP server must be on the
# same machine.
# END QUOTE
#
# DHCPD configuration example:
#
# host pxe-client {
# hardware ethernet 52:54:00:aa:aa:01;
# fixed-address 192.168.222.230;
# #filename "pxeboot";
# filename "auto_install";
# next-server 192.168.222.20;
# }
#
# --- end of script ---