refactor(pxe)!: combine dhcpd and tftpd to dnsmasq (#69)

* Add DNSMasq as an opt-in option * Default to original * Remove commented commands * Remove dhcpd, replaced with dnsmasq * Remove dhcpd, replaced with dnsmasq * Move to dnsmasq * dnsmasq output to stdout * dnsmasq * dnsmasq * Remove unused code, update tag * Correct title Co-authored-by: Khue Doan <khuedoan98@gmail.com> * Remove TFTP Co-authored-by: Khue Doan <khuedoan98@gmail.com> * rename to Dnsmasq Moving to use proxy by default Co-authored-by: Khue Doan <khuedoan98@gmail.com> * Rename for consistency Co-authored-by: Khue Doan <khuedoan98@gmail.com> * Correct terminology Co-authored-by: Khue Doan <khuedoan98@gmail.com> * formatting Co-authored-by: Khue Doan <khuedoan98@gmail.com> * Additional logging * proxy-by-default * naming consistency * naming consistency * Revert Dnsmasq proxy ask * proxy enabled by default * naming consistency * naming consistency * Formatting Co-authored-by: Robin Bourne <robin.bourne@onepeloton.com> Co-authored-by: Khue Doan <khuedoan98@gmail.com>
2025-02-02 04:14:28 +07:00 · 2022-07-17 14:39:02 -04:00 · 2022-07-17 14:39:02 -04:00 · f650c894b0
commit f650c894b0
parent 5321995852
10 changed files with 56 additions and 50 deletions
--- a/docs/runbooks/dnsmasq.md
+++ b/docs/runbooks/dnsmasq.md
@ -0,0 +1,10 @@
+# Dnsmasq
+
+## Overview
+Dnsmasq is used as either a DHCP server or DHCP proxy server for PXE metal provisioning. 
+
+Proxy mode is enabled by default allowing the use of existing DHCP servers on the network. A good description on how DHCP Proxy works can be found on the related [FOG project wiki page](https://wiki.fogproject.org/wiki/index.php?title=ProxyDHCP_with_dnsmasq)
+
+## Disabling Proxy Mode
+
+Certain scenarios will require this project to use a DHCP server, such as an air-gap deployment or dedicated VLAN. To disable proxy mode thereby using dnsmasq as a DHCP server, modify `metal/roles/pxe_server/defaults/main.yml` and set `dhcp_proxy` to `false`
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@ -13,8 +13,8 @@ To view PXE server (includes DHCP, TFTP and HTTP server) logs:
    You can view the logs of one or more containers selectively, for example:

    ```sh
-    ./scripts/pxe-logs dhcp
-    ./scripts/pxe-logs tftp http
+    ./scripts/pxe-logs dnsmasq
+    ./scripts/pxe-logs http
    ```

 ## Nodes not booting from the network
--- a/metal/roles/pxe_server/defaults/main.yml
+++ b/metal/roles/pxe_server/defaults/main.yml
@ -1,3 +1,4 @@
 iso_url: "https://download.rockylinux.org/pub/rocky/8.6/isos/x86_64/Rocky-8.6-x86_64-minimal.iso"
 iso_checksum: "sha256:a9ece0e810275e881abfd66bb0e59ac05d567a5ec0bc2f108b9a3e90bef5bf94"
 timezone: Asia/Ho_Chi_Minh
+dhcp_proxy: true
--- a/metal/roles/pxe_server/files/dhcp/Dockerfile
+++ b/metal/roles/pxe_server/files/dhcp/Dockerfile
@ -1,7 +0,0 @@
-FROM alpine:20220316
-
-RUN apk add dhcp
-
-RUN touch /var/lib/dhcp/dhcpd.leases
-
-CMD [ "dhcpd", "-d", "-f", "-cf", "/etc/dhcp/dhcpd.conf" ]
--- a/metal/roles/pxe_server/files/dnsmasq/Dockerfile
+++ b/metal/roles/pxe_server/files/dnsmasq/Dockerfile
@ -0,0 +1,5 @@
+FROM alpine:3.11
+
+RUN apk --no-cache add dnsmasq
+
+ENTRYPOINT ["dnsmasq", "-k"]
--- a/metal/roles/pxe_server/files/docker-compose.yml
+++ b/metal/roles/pxe_server/files/docker-compose.yml
@ -1,19 +1,17 @@
 version: "3"

 services:
-  dhcp:
-    build: ./dhcp
+  dnsmasq:
+    build: ./dnsmasq
    volumes:
-      - ./data/pxe-config/dhcpd.conf:/etc/dhcp/dhcpd.conf
+      - ./data/pxe-config/dnsmasq.conf:/etc/dnsmasq.conf
+      - ./data/pxe-config/grub.cfg:/tftp/grub.cfg
+      - ./data/os/EFI/BOOT/grubx64.efi:/tftp/grubx64.efi
+      - ./data/os/images/pxeboot/initrd.img:/tftp/initrd.img
+      - ./data/os/images/pxeboot/vmlinuz:/tftp/vmlinuz
    network_mode: host
-  tftp:
-    build: ./tftp
-    network_mode: host
-    volumes:
-      - ./data/pxe-config/grub.cfg:/var/lib/tftpboot/grub.cfg
-      - ./data/os/EFI/BOOT/grubx64.efi:/var/lib/tftpboot/grubx64.efi
-      - ./data/os/images/pxeboot/initrd.img:/var/lib/tftpboot/initrd.img
-      - ./data/os/images/pxeboot/vmlinuz:/var/lib/tftpboot/vmlinuz
+    cap_add:
+      - NET_ADMIN
  http:
    build: ./http
    network_mode: host
--- a/metal/roles/pxe_server/files/tftp/Dockerfile
+++ b/metal/roles/pxe_server/files/tftp/Dockerfile
@ -1,7 +0,0 @@
-FROM alpine:20220316
-
-RUN apk add busybox tftp-hpa
-
-ENTRYPOINT [ "/bin/sh", "-c" ]
-
-CMD [ "busybox syslogd -n -O /dev/stdout & in.tftpd -vvv --foreground --secure /var/lib/tftpboot" ]
--- a/metal/roles/pxe_server/tasks/main.yml
+++ b/metal/roles/pxe_server/tasks/main.yml
@ -11,10 +11,10 @@
    cmd: "xorriso -osirrox on -indev {{ iso.dest }} -extract / {{ role_path }}/files/data/os"
    creates: "{{ role_path }}/files/data/os/.treeinfo"

- name: Generate DHCP config
+- name: Generate dnsmasq config
  ansible.builtin.template:
-    src: dhcpd.conf.j2
-    dest: "{{ role_path }}/files/data/pxe-config/dhcpd.conf"
+    src: dnsmasq.conf.j2
+    dest: "{{ role_path }}/files/data/pxe-config/dnsmasq.conf"
    mode: 0644

 - name: Generate GRUB config
--- a/metal/roles/pxe_server/templates/dhcpd.conf.j2
+++ b/metal/roles/pxe_server/templates/dhcpd.conf.j2
@ -1,20 +0,0 @@
-option space pxelinux;
-option pxelinux.magic code 208 = string;
-option pxelinux.configfile code 209 = text;
-option pxelinux.pathprefix code 210 = text;
-option pxelinux.reboottime code 211 = unsigned integer 32;
-option architecture-type code 93 = unsigned integer 16;
-
-subnet {{ ansible_default_ipv4.network }} netmask {{ ansible_default_ipv4.netmask }} {
-    option routers {{ ansible_default_ipv4.gateway }};
-    range {{ ansible_default_ipv4.network | ansible.netcommon.ipmath(1) }} {{ ansible_default_ipv4.broadcast | ansible.netcommon.ipmath(-1) }};
-
-    class "pxeclients" {
-        match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
-        next-server {{ ansible_default_ipv4.address }};
-
-        if option architecture-type = 00:07 {
-            filename "grubx64.efi";
-        }
-    }
-}
--- a/metal/roles/pxe_server/templates/dnsmasq.conf.j2
+++ b/metal/roles/pxe_server/templates/dnsmasq.conf.j2
@ -0,0 +1,26 @@
+# Disable DNS Server.
+port=0
+{% if dhcp_proxy == true %}
+# We're DHCP proxying on the network of the homelab host
+dhcp-range={{ ansible_default_ipv4.address }},proxy
+pxe-service=X86-64_EFI, "Boot From Network, (UEFI)", grubx64.efi
+{% else %}
+# We're DHCP configuring on this range
+dhcp-range={{ ansible_default_ipv4.network | ansible.netcommon.ipmath(1) }},{{ ansible_default_ipv4.broadcast | ansible.netcommon.ipmath(-1) }},{{ ansible_default_ipv4.netmask }},12h
+dhcp-option=3,{{ ansible_default_ipv4.gateway }}
+
+# Match Arch Types efi x86 and x64
+dhcp-match=set:efi-x86_64,option:client-arch,7
+dhcp-match=set:efi-x86_64,option:client-arch,9
+
+# Set the Boot file based on the tag from above
+dhcp-boot=tag:efi-x86_64,grubx64.efi
+{% endif %}
+# Log DHCP queries to stdout
+log-queries
+log-dhcp
+log-facility=-
+
+# Enable TFTP server
+enable-tftp
+tftp-root=/tftp