DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th March 2014
chessmaster chessmaster is offline
Port Guard
 
Join Date: Feb 2012
Posts: 17
Thanked 0 Times in 0 Posts
Default pxeboot install from remote server to my LAN

Hey everyone. I'm a neophyte that is trying to install OpenBSD from my remote gentoo server. Is it possible to have my bsd.rd and pxeboot in a remote location and boot my LAN from it? I have asked in the gentoo forums and mailing list with no response.(Guess because I'm trying to install OpenBSD)

Last edited by chessmaster; 4th March 2014 at 03:23 AM.
Reply With Quote
  #2   (View Single Post)  
Old 4th March 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,668
Thanked 214 Times in 189 Posts
Default

Yes, you can use other systems. PXE booting only requires a DHCP server and a TFTP server -- they need not be the same architecture; they do not have to be the same OS.

The DHCP server provides the name of the file to transfer and boot via TFTP, and if needed it provides the address of the TFTP server.

An explanation (using the OpenBSD versions of dhcpd(8) and tftpd(8) for configuration examples) can be found in pxeboot(8). You'll need to copy the pxeboot bootloader (/usr/mdec/pxeboot) and the RAMDISK kernel bsd.rd to your TFTP server.

Once you've used pxeboot, and are comfortable with it, you may find yourself wanting to run OpenBSD partially or entirely from your network. See diskless(8) if you're interested.
Reply With Quote
  #3   (View Single Post)  
Old 4th March 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,668
Thanked 214 Times in 189 Posts
Default

Sorry, the pxeboot(8) man page does not show how to configure your DHCP server if the TFTP server is on a separate platform. If they are not on the same machine, you need to configure the DHCP server with the option next-server to provide the separate IP address of the TFTP server. See dhcpd.conf(5) if this is needed.
Reply With Quote
  #4   (View Single Post)  
Old 4th March 2014
chessmaster chessmaster is offline
Port Guard
 
Join Date: Feb 2012
Posts: 17
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by jggimi View Post
Yes, you can use other systems. PXE booting only requires a DHCP server and a TFTP server -- they need not be the same architecture; they do not have to be the same OS.

The DHCP server provides the name of the file to transfer and boot via TFTP, and if needed it provides the address of the TFTP server.

An explanation (using the OpenBSD versions of dhcpd(8) and tftpd(8) for configuration examples) can be found in pxeboot(8). You'll need to copy the pxeboot bootloader (/usr/mdec/pxeboot) and the RAMDISK kernel bsd.rd to your TFTP server.

Once you've used pxeboot, and are comfortable with it, you may find yourself wanting to run OpenBSD partially or entirely from your network. See diskless(8) if you're interested.
Is it possible to do this remotely from a remote location? Thanks for the information. I guess I need to do some more reading on DHCP to understand the rather obtuse parameters and declarations.

Last edited by chessmaster; 4th March 2014 at 03:19 AM.
Reply With Quote
  #5   (View Single Post)  
Old 4th March 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,878
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by chessmaster View Post
Is it possible to give to have my bsd.rd and pxeboot in a remote location and boot my LAN from it?
Your installation server needs to be configured to serve the TFTP protocol. Since the client upon booting doesn't know anything about where or what TFTP server it is to use, PXE requires the client to broadcast its request, & whatever server responds is the server used. This is the same model used by DHCP. If the server on the same subnet does not respond, it is a question of whether the intervening routers are configured to pass broadcast messages from one subnet to another. If you have control over all of the intervening routers, you may be able to separate the client(s) from the TFTP server, but if you are doing this over the Internet, remember that the protocol specifies that the "first server" responds to the request. If this isn't your server, this is a problem.

For more information, study Section 6.10 of the official FAQ, & the tftp(1), tftpd(8), pxeboot(8) manpages.

In addition, you will need to study the boot(8) manpage for information on boot.conf as this file will be required on the TFTP server as well.

You may also want to study Wikipedia's introductory article on PXE. A PDF of Intel's specification can be found at the bottom of the article.
Reply With Quote
  #6   (View Single Post)  
Old 4th March 2014
chessmaster chessmaster is offline
Port Guard
 
Join Date: Feb 2012
Posts: 17
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by ocicat View Post
Your installation server needs to be configured to serve the TFTP protocol. Since the client upon booting doesn't know anything about where or what TFTP server it is to use, PXE requires the client to broadcast its request, & whatever server responds is the server used. This is the same model used by DHCP. If the server on the same subnet does not respond, it is a question of whether the intervening routers are configured to pass broadcast messages from one subnet to another. If you have control over all of the intervening routers, you may be able to separate the client(s) from the TFTP server, but if you are doing this over the Internet, remember that the protocol specifies that the "first server" responds to the request. If this isn't your server, this is a problem.

For more information, study Section 6.10 of the official FAQ, & the tftp(1), tftpd(8), pxeboot(8) manpages.

In addition, you will need to study the boot(8) manpage for information on boot.conf as this file will be required on the TFTP server as well.

You may also want to study Wikipedia's introductory article on PXE. A PDF of Intel's specification can be found at the bottom of the article.
Ok I will keep reading the man pages carefully to know the configurations of tftp and dhcpd.conf. The part that has me stomp and passing the right options for my LAN to find my DHCP remote server off site. Will keep battling this and post my working solution for other SA's.
Reply With Quote
  #7   (View Single Post)  
Old 4th March 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,878
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by chessmaster View Post
The part that has me stomp and passing the right options for my LAN to find my DHCP remote server off site.
Basically, the client upon boot understands nothing about what Layer 3 IP address to use or where TFTP services originate. This requires the client to blindly broadcast request(s) for both DHCP & TFTP.

Is your DHCP server under your control or some ISP? If you have control, you need to look into how broadcast messages are getting from your client to the server. If you are using an ISP's DHCP server, chances are they aren't going to honor any request to add PXE booting to the information exchanged upon assigning an IP address.
Reply With Quote
  #8   (View Single Post)  
Old 4th March 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,668
Thanked 214 Times in 189 Posts
Default

PXE booting uses two protocols: DHCP and TFTP.

DHCP requests begin as broadcasts, and broadcast traffic by its nature is not routable. The system being booted requires either a local DHCP server on the same subnet, or it requires a DHCP-relay server on the same subnet to relay requests to a central DHCP server elsewhere. Remember, DHCP assigns IP addresses, defines routes, and provides other network configurations to platforms and are almost always local to the subnet where the devices being configured are connected.

The TFTP protocol is routable, as it rides atop UDP. But, it is TFTP. From a security perspective, keep in mind what this could mean if you are using insecure network connections, such as the Internet: TFTP has no authentication, and packets are transmitted in plaintext. MITM attacks are possible, even if those attacks are low odds.
Reply With Quote
  #9   (View Single Post)  
Old 4th March 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,668
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by ocicat View Post
Is your DHCP server under your control or some ISP?
Many people use DHCP servers that they own or rent, every day, without ever realizing they have them. The most common DHCP servers on the planet are located inside of those small home routers, either purchased or leased from an ISP. Those private network "192.168.x.y" addresses that are assigned to all the devices in one's home are provided by a local DHCP server on premises.

However, none of these turn-key devices provide advanced DHCP features such as filename or next-server. For that, you have to disable the DHCP server in the router/gateway and provide a separate DHCP server yourself
Reply With Quote
Old 4th March 2014
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,878
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by jggimi View Post
DHCP requests begin as broadcasts, and broadcast traffic by its nature is not routable.
This is correct, however, Cisco routers can be configured to pass DHCP requests between networks (See the ip helper-address command which can be used to pass on different protocols utilizing UDP...). Hence, my question/admonition about how the client & server(s) are separated to chessmaster.
Quote:
From a security perspective, keep in mind what this could mean if you are using insecure network connections, such as the Internet: TFTP has no authentication, and packets are transmitted in plaintext. MITM attacks are possible, even if those attacks are low odds.
I completely concur that separating these services on different networks has ramifications which need to be understood. Since information has not been shared how remote is "remote", we can only speculate.
Reply With Quote
Old 4th March 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,668
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by ocicat View Post
...however, Cisco routers can be configured to pass DHCP requests between networks...
My point was that a local service of some kind is needed on the subnet; for most of us it may as well be a local DHCP server. Large networks (such as ISPs) may be able to reduce management effort by centralizing DHCP servers, and use DHCP-relay platforms such as Cisco routers or other dhcrelay(8) equivalents.
Reply With Quote
Old 4th March 2014
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,142
Thanked 182 Times in 149 Posts
Default

Having an extra box that you can use as a PXE server, is something I can recommend.

Save that old desktop computer your Mom, Dad, uncle or aunt wants to get rid off. It so nice to play with a BSD OS when you do not need to be afraid to accidentally wipe your precious Windows data in another disk partition
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 5th March 2014
comet--berkeley comet--berkeley is offline
Old programmer/hacker
 
Join Date: Apr 2009
Posts: 90
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by chessmaster View Post
Hey everyone. I'm a neophyte that is trying to install OpenBSD from my remote gentoo server. Is it possible to have my bsd.rd and pxeboot in a remote location and boot my LAN from it? I have asked in the gentoo forums and mailing list with no response.(Guess because I'm trying to install OpenBSD)
One might ask the Slackware forum, not that they would respond either because the question is about OpenBSD, but they might have given you pointers.

After booting up with a Slackware install DVD one can start up a PXE server on the local network and it will let you install Slackware to any machine on the local network using PXE. (google "Slackware pxesetup script")

The PXE server it uses is called Dnsmasq which is also a TFTP and DHCP server as well.

It has a nice feature "dhcp-proxy" which allows it to act as a middle man for the main network router dhcp server.

http://dnsmasq.org/

http://www.thekelleys.org.uk/dnsmasq...smasq-man.html

Using Dnsmasq, one could serve up any boot image such as the OpenBSD bsd.rd.
Reply With Quote
Old 5th March 2014
chessmaster chessmaster is offline
Port Guard
 
Join Date: Feb 2012
Posts: 17
Thanked 0 Times in 0 Posts
Default

I have further read that the remote DHCP server I configured is in conflict with my (local) router DHCP. My question would dnsmasq present the same problem? I believe i overcomplicated the Matter of trying it remotely instead of Local. Rather this exercise was used to test the ability of pxeboot. As I believe this is a tool every SA should master.

Last edited by chessmaster; 5th March 2014 at 06:12 PM.
Reply With Quote
Old 5th March 2014
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,142
Thanked 182 Times in 149 Posts
Default

Yes, you overcomplicated by wanting to do pxeboot with a remote server. Study http://www.openbsd.org/faq/faq6.html#PXE and you will have a local one set up within 10 minutes
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 5th March 2014 at 10:36 PM.
Reply With Quote
Old 5th March 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,668
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by chessmaster View Post
I have further read that the remote DHCP server I configured is in conflict with my (local) router DHCP.
Yes. You must have missed my earlier post:
Quote:
Originally Posted by jggimi View Post
However, none of these turn-key devices provide advanced DHCP features such as filename or next-server. For that, you have to disable the DHCP server in the router/gateway and provide a separate DHCP server yourself
Quote:
My question would dnsmasq present the same problem?
Yes, it would. You are required to have one DHCP request handling service of some kind on the local subnet. You cannot have a local DHCP server, such as the one currently operating in your router and simulatneously relay DHCP requests to a remote DHCP server. [1]
Quote:
I believe i overcomplicated the Matter of trying it remotely instead of Local.
You are correct.

[1] Unless you are configuring synchronized DHCP servers and their lease databases, such as with the dhcpd(8) -Y/-y options.
Reply With Quote
Old 6th March 2014
chessmaster chessmaster is offline
Port Guard
 
Join Date: Feb 2012
Posts: 17
Thanked 0 Times in 0 Posts
Default

Thanks. I'm going to take J65nko advice and just use my one of my old laptops as a pxe server. Which by the way was very simple to setup and a easy way to update snapshots
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote backups server using FreeBSD, ZFS, and Rsync phoenix Guides 1 5th March 2010 12:17 AM
A plan for a remote install and reinstall of FreeBSD J65nko FreeBSD Installation and Upgrading 4 14th February 2010 02:46 PM
Remote OpenBSD ssh-based install problems artix OpenBSD Installation and Upgrading 7 13th March 2009 08:52 PM
Remote Access to File Server Oko OpenBSD Security 7 23rd June 2008 05:17 PM
Remote OpenBSD install via ssh. Dazhelpwiz Guides 0 23rd May 2008 12:07 AM


All times are GMT. The time now is 07:11 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick