2011-05-21 05:04:03 +04:00
|
|
|
+++++++
|
|
|
|
PyBootd
|
|
|
|
+++++++
|
2011-05-21 02:21:53 +04:00
|
|
|
|
|
|
|
Overview
|
2011-05-21 05:04:03 +04:00
|
|
|
~~~~~~~~
|
2011-05-21 02:21:53 +04:00
|
|
|
|
2019-09-06 17:20:54 +03:00
|
|
|
PyBootd is a daemon supporting a subset of the BOOTP, DHCP, PXE, TFTP and HTTP
|
2011-05-21 02:21:53 +04:00
|
|
|
protocols, with some handy extensions.
|
|
|
|
|
2011-05-21 02:22:58 +04:00
|
|
|
One of its main goals is to provide a simple solution to boot up any
|
2011-05-22 17:53:57 +04:00
|
|
|
PXE-enabled personal computer, with no other tool required but a standard
|
2011-05-21 02:21:53 +04:00
|
|
|
Python installation.
|
|
|
|
|
2019-09-06 17:20:54 +03:00
|
|
|
It is not designed to be feature-complete, but to be used as an easy modifiable
|
|
|
|
code to develop custom boot solutions
|
|
|
|
|
2011-05-21 02:21:53 +04:00
|
|
|
Pybootd can be used for any network boot up, or to install an OS without any
|
2011-05-22 17:53:57 +04:00
|
|
|
physical support such as a USB key or a CD/DVD.
|
2011-05-21 02:21:53 +04:00
|
|
|
|
2019-09-06 17:20:54 +03:00
|
|
|
|
2011-05-21 02:21:53 +04:00
|
|
|
Requirements
|
2011-05-21 05:04:03 +04:00
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
|
|
Python
|
|
|
|
------
|
2011-05-21 02:21:53 +04:00
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
- Python_ 3.5+ or above is required. Python_ 2.x is not longer supported.
|
2016-10-05 15:35:03 +03:00
|
|
|
- Netifaces_ Python module is required on OS X; on Linux only, iproute2_ can be
|
|
|
|
used as an alternative
|
2019-09-05 18:44:14 +03:00
|
|
|
- Optional: python_pkg_resources_ Python module
|
2011-05-21 02:21:53 +04:00
|
|
|
|
|
|
|
.. _Python: http://python.org/
|
|
|
|
.. _Netifaces: http://alastairs-place.net/netifaces/
|
2013-03-06 05:57:48 +04:00
|
|
|
.. _iproute2: http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
|
2019-09-05 18:44:14 +03:00
|
|
|
.. _python_pkg_resources: http://pythonhosted.org/distribute/pkg_resources.html
|
2011-05-21 02:21:53 +04:00
|
|
|
|
2011-05-21 05:04:03 +04:00
|
|
|
Permissions
|
|
|
|
-----------
|
2011-05-21 02:21:53 +04:00
|
|
|
|
|
|
|
- DHCP protocol requires the daemon to listen on port 67.
|
|
|
|
- TFTP protocol requires the daemon to listen on port 69.
|
2019-09-06 17:20:54 +03:00
|
|
|
- HTTP optional daemon may be run on any port.
|
2011-05-21 02:21:53 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
As these ports are within the server's range (<1024), the superuser privileges
|
|
|
|
are required on Unix hosts (Linux, Mac OS X, ...) to start up these daemons.
|
2011-05-21 02:21:53 +04:00
|
|
|
|
2019-09-06 17:20:54 +03:00
|
|
|
|
2011-05-21 02:21:53 +04:00
|
|
|
Status
|
2011-05-21 05:04:03 +04:00
|
|
|
~~~~~~
|
2011-05-21 02:21:53 +04:00
|
|
|
|
|
|
|
This project is in beta development stage.
|
|
|
|
|
2019-09-06 17:20:54 +03:00
|
|
|
|
2011-05-21 02:21:53 +04:00
|
|
|
Supported features
|
2011-05-21 05:04:03 +04:00
|
|
|
~~~~~~~~~~~~~~~~~~
|
2019-09-06 17:20:54 +03:00
|
|
|
|
2011-05-21 02:21:53 +04:00
|
|
|
- Access control:
|
|
|
|
|
|
|
|
1. None (any remote host can be served)
|
|
|
|
2. MAC address ACL
|
|
|
|
3. UUID based ACL - requires PXE protocol
|
2011-05-21 02:22:58 +04:00
|
|
|
4. HTTP forwarding - authorization is delegated to a remote server using
|
2011-05-21 02:21:53 +04:00
|
|
|
simple HTTP GET requests
|
|
|
|
|
|
|
|
- Local or remote file serving:
|
|
|
|
|
|
|
|
- For example, it is possible to boot up a full Debian system directly from
|
|
|
|
the Internet, without storing any file on the pybootd host machine
|
|
|
|
|
|
|
|
- Network notification of client requests through UDP messages
|
|
|
|
|
|
|
|
- File name translation
|
|
|
|
|
2011-05-21 02:22:58 +04:00
|
|
|
- Files requested from TFTP clients can be filtered and transformed into
|
2011-05-21 02:21:53 +04:00
|
|
|
local filenames using filters
|
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
- It is possible to use pybootd with only one of the services, either TFTP or
|
|
|
|
DHCP
|
2011-05-21 05:04:03 +04:00
|
|
|
|
2019-09-06 17:20:54 +03:00
|
|
|
- A very basic HTTP server can be optionally enabled to serve files over HTTP
|
|
|
|
for complex hosts that require additional files (such as a root file system)
|
|
|
|
after the initial boot sequence.
|
|
|
|
|
|
|
|
Warning
|
|
|
|
~~~~~~~
|
|
|
|
|
|
|
|
There is no strong checking of permissions nor robust file path management, so
|
|
|
|
it is recommended NOT to run this daemon on a host with sensitive content.
|
|
|
|
|
|
|
|
Although only read requests are implemented, there is no enforcement or
|
|
|
|
strong validation of received data and strings from adversary remote clients.
|
|
|
|
|
|
|
|
|
2011-05-21 05:04:03 +04:00
|
|
|
FAQ
|
|
|
|
~~~
|
|
|
|
|
|
|
|
Common errors
|
|
|
|
-------------
|
|
|
|
|
|
|
|
``pybootd.pxed.BootpError: Unable to detect network configuration``
|
2013-03-06 06:03:00 +04:00
|
|
|
This error is often triggered when the ``pool_start`` address is not
|
|
|
|
part of a valid network. Double check the network configuration and
|
2019-09-05 18:44:14 +03:00
|
|
|
fix up the ``[bootpd]`` section so that it matches the actual
|
2013-03-06 06:03:00 +04:00
|
|
|
network. If you don't want to allocate addresses dynamically from
|
|
|
|
the pool (with ``pool_count = 0``), you still need to specify
|
|
|
|
``pool_start`` to some address in the local network you want to
|
|
|
|
serve (*eg.* the address of your local server).
|
2011-05-21 05:04:03 +04:00
|
|
|
|
2016-10-05 15:35:03 +03:00
|
|
|
``error: Can't assign requested address``
|
|
|
|
This errir is often triggered with an invalid listening address setting.
|
|
|
|
Try listening on all IPv4 interfaces with ``address = 0.0.0.0`` and use ACL
|
|
|
|
to discard requests from network you do not want to serve.
|
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
Configuration
|
|
|
|
-------------
|
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
``pybootd`` has a few option switches. The server offers two services: *bootpd*
|
|
|
|
(which supports DHCP and PXE extensions) and *tftpd*. It is possible to disable
|
2011-05-22 04:44:05 +04:00
|
|
|
either services.
|
|
|
|
|
2019-09-05 18:48:12 +03:00
|
|
|
Usage: pybootd.py [-h] [-c CONFIG] [-p] [-t] [-d]
|
|
|
|
Tiny BOOTP/DHCP/TFTP/PXE server
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
Options:
|
|
|
|
-h, --help show this help message and exit
|
2019-09-05 18:48:12 +03:00
|
|
|
-c CONFIG, --config CONFIG
|
2011-05-22 04:44:05 +04:00
|
|
|
configuration file
|
2019-09-06 17:20:54 +03:00
|
|
|
-p, --pxe only enable BOOTP/DHCP/PXE server
|
|
|
|
-t, --tftp only enable TFTP server
|
|
|
|
-H, --http enable HTTP server (default: disabled)
|
2019-09-05 18:48:12 +03:00
|
|
|
-d, --debug enable debug mode
|
2011-05-22 04:44:05 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
``pybootd`` daemon uses a configuration file, in ``.ini`` format, for all other
|
2011-05-22 04:44:05 +04:00
|
|
|
options.
|
|
|
|
|
2011-05-22 16:05:42 +04:00
|
|
|
Some options accept a boolean value. The following values are recognized:
|
|
|
|
|
2016-10-05 15:35:03 +03:00
|
|
|
- true values: ``on``, ``high``, ``true``, ``enable``, ``enabled``, ``yes``,
|
|
|
|
``1``
|
|
|
|
- false values: ``off``, ``low``, ``false``, ``disable``, ``disabled``, ``no``,
|
|
|
|
``0``
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
The BOOTP daemon associates each MAC address to an assigned IP address. As long
|
|
|
|
as the BOOTP daemon is running, the same IP address is always assigned to the
|
|
|
|
same client. The address never gets back to the pool, *i.e.* it cannot be
|
|
|
|
re-assigned to another machine even when the lease expires.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
This is especially useful for a full network-based installation, where each
|
|
|
|
client requests at least an IP address twice:
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
- when BIOS kicks off, its PXE ROM code requests an IP address, then requests
|
|
|
|
an executable to run,
|
|
|
|
- when the executable runs, it usually boots up an OS (Linux, ...), which in
|
|
|
|
turn requests an IP address to resume the installation.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
|
|
|
``[logger]`` section
|
|
|
|
....................
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``type``
|
2011-05-22 17:53:57 +04:00
|
|
|
The type of logger, if any. ``stderr``, ``file``, ``syslog`` or ``none``.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``level``
|
2011-05-22 17:53:57 +04:00
|
|
|
The level of logger verbosity. ``critical``, ``error``, ``info`` or
|
|
|
|
``debug``.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``file``
|
2011-05-22 17:53:57 +04:00
|
|
|
The path to the output log file, if ``type`` is set to ``file``.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
``[bootpd]`` section
|
|
|
|
....................
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``access``
|
2011-05-22 16:05:42 +04:00
|
|
|
Type of access control list. If this option is not defined, all BOOTP
|
|
|
|
requests are served, as long as the defined pool is not exhausted. It can be
|
2011-05-22 17:53:57 +04:00
|
|
|
one among the following options:
|
2011-05-22 16:05:42 +04:00
|
|
|
|
|
|
|
- ``mac``: incoming BOOTP requests are filtered out based on the MAC address
|
2011-05-22 17:53:57 +04:00
|
|
|
of the requester.
|
2011-05-22 16:05:42 +04:00
|
|
|
- ``uuid``: incoming PXE requests are filtered out based on the UUID of the
|
2011-05-22 17:53:57 +04:00
|
|
|
request. UUIDs are not emitted from simple BOOTP or DHCP clients, so this
|
|
|
|
option is only meaningful for PXE-enabled clients.
|
2011-05-22 16:05:42 +04:00
|
|
|
- ``http``: incoming requests are forwarded to another host, through simple
|
2011-05-22 17:53:57 +04:00
|
|
|
HTTP GET requests. The MAC address and the UUID if it exists, are sent
|
|
|
|
to the HTTP server which replies to grant or deny access to the requester.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
A section named after the selected option should exist to define the access
|
|
|
|
list.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``address``
|
2011-05-22 17:53:57 +04:00
|
|
|
Specifies the network to listen to requesters for receiving incoming BOOTP
|
2011-05-22 04:44:05 +04:00
|
|
|
requests. On most hosts, the only valid address is ``0.0.0.0``. Some hosts
|
2011-05-22 17:53:57 +04:00
|
|
|
accept subnetworks (such as ``192.168.1.0``). It is recommended not to
|
|
|
|
define this option, and use an ACL to reject clients. Hosts will multiple
|
|
|
|
network interfaces, it might not be possible to listen to single network.
|
|
|
|
Implementing such as feature would require to use RAW sockets, which falls
|
|
|
|
out of scope for this simple server.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``allow_simple_dhcp``
|
2011-05-22 17:53:57 +04:00
|
|
|
The default behaviour is to expect PXE requests. In order to serve simple
|
|
|
|
BOOTP or DHCP requests, this option should be enabled. This option accepts
|
|
|
|
a boolean value.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``domain``
|
2011-05-22 17:53:57 +04:00
|
|
|
Domain part of the client FQDN, that is the network's domain name.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``dns``
|
2013-03-06 06:07:08 +04:00
|
|
|
IP addresses of DNS servers. Multiple addresses are separated with
|
|
|
|
semicolon. Specify ``auto`` to re-use DNS addresses used by the
|
|
|
|
server. Note that most DHCP clients will only consider the first
|
|
|
|
DNS address if multiple are provided.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
2016-10-05 15:35:03 +03:00
|
|
|
``gateway``
|
|
|
|
Specify gateway address in DHCP reply, default to DHCP server address
|
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
``lease_time``
|
2011-05-22 17:53:57 +04:00
|
|
|
Validity in seconds of a DHCP lease. Please note that the BOOTP daemon does
|
|
|
|
not manage lease expiration; this value has therefore little meaning.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``pool_start``
|
2013-03-06 06:03:00 +04:00
|
|
|
First address to allocate for a BOOT client. This has to be an
|
|
|
|
address in the local network you want to serve, even if
|
|
|
|
``pool_count`` is set to 0, in which case the address of the DHCP
|
|
|
|
server is a good choice.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``pool_count``
|
2013-03-06 06:03:00 +04:00
|
|
|
The maximum number of IP addresses that can be dynamically
|
|
|
|
allocated from the pool to BOOTP/DHCP clients. Set it to 0 to
|
|
|
|
prevent server from dynamically allocating IP addresses from the
|
|
|
|
pool and see ``static_dhcp`` below.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``notify``
|
2011-05-22 17:53:57 +04:00
|
|
|
When defined, the IP address and port (using a column separator:
|
|
|
|
``a.b.c.d:p``) to which a UDP notification message should be sent whenever
|
|
|
|
a client requests an IP address to the BOOTP daemon.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``port``
|
2011-05-22 17:53:57 +04:00
|
|
|
Alternative port for incoming BOOTP requests.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``timeout``
|
2011-05-22 17:53:57 +04:00
|
|
|
Timeout in seconds for a response from a remote authentication host to be
|
|
|
|
received, when ACL is enabled and set to use the HTTP protocol. If no answer
|
|
|
|
is received from the remote host, the BOOTP daemon ignores the incoming
|
|
|
|
BOOTP/DHCP request.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``servername``
|
2011-05-22 17:53:57 +04:00
|
|
|
Name of the BOOTP server.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
``[mac]`` section
|
|
|
|
.................
|
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
The ``[mac]`` section contains one entry for each MAC address to allow or
|
|
|
|
block. The value for each entry is a boolean, *i.e.*::
|
2011-05-22 17:53:57 +04:00
|
|
|
|
2019-09-05 18:48:12 +03:00
|
|
|
AA-BB-CC-DD-EE-FF = enable
|
2019-09-05 18:44:14 +03:00
|
|
|
|
|
|
|
Note that due to a limitation of the configuration parser, ':' byte separator
|
|
|
|
in MAC addresses is not allowed, please use '-' separator.
|
2011-05-22 17:53:57 +04:00
|
|
|
|
2016-10-05 15:35:03 +03:00
|
|
|
|
2013-03-06 06:03:00 +04:00
|
|
|
``[static_dhcp]`` section
|
|
|
|
.........................
|
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
The ``[static_dhcp]`` section contains one entry for each MAC
|
|
|
|
address to associate with a specific IP address. The IP address can be
|
|
|
|
any IPv4 address in dotted notation, *i.e.*:
|
|
|
|
|
2019-09-05 18:48:12 +03:00
|
|
|
AA-BB-CC-DD-EE-FF = 192.168.1.2
|
2013-03-06 06:03:00 +04:00
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
The MAC addresses specified here will automatically be allowed,
|
|
|
|
unless ``[mac]`` section specifies otherwise.
|
2013-03-06 06:03:00 +04:00
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``[uuid]`` section
|
|
|
|
..................
|
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
The ``[uuid]`` section contains one entry for each UUID to allow or block.
|
|
|
|
The value for each entry is a boolean, *i.e.*::
|
|
|
|
|
2019-09-05 18:48:12 +03:00
|
|
|
xxxxxxxx-aaaa-bbbb-cccc-yyyyyyyyyyyy = enable
|
2011-05-22 17:53:57 +04:00
|
|
|
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
``[http]`` section
|
|
|
|
..................
|
2011-05-22 16:05:42 +04:00
|
|
|
|
|
|
|
``location``
|
|
|
|
The URL prefix to contact the remote server for boot permission.
|
|
|
|
|
|
|
|
``pxe``
|
2011-05-22 17:53:57 +04:00
|
|
|
The path to append to the URL prefix when the requester emits PXE
|
2011-05-22 16:05:42 +04:00
|
|
|
information. A regular PC with PXE capability emits a PXE boot request when
|
|
|
|
the BIOS kicks off. The remote HTTP server may therefore identify a BIOS
|
2011-05-22 17:53:57 +04:00
|
|
|
boot sequence upon receiving this kind of request from the *pybootd* daemon.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
|
|
|
``dhcp``
|
2011-05-22 17:53:57 +04:00
|
|
|
The path to append to the URL prefix when the requester emits simple DHCP
|
2011-05-22 16:05:42 +04:00
|
|
|
information. A regular OS emits a simple DHCP request at start up. The
|
2011-05-22 17:53:57 +04:00
|
|
|
remote HTTP server may therefore identify an OS boot sequence upon receiving
|
|
|
|
this kind of request from the *pybootd* daemon.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
The ``pxe``/``dhcp`` option pair enables the remote HTTP server to identify
|
|
|
|
the boot phase: either a BIOS initialization or an OS boot sequence. When such
|
2011-05-22 16:05:42 +04:00
|
|
|
differentiation is useless, both options may refer to the same path.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
|
2020-04-10 22:32:25 +03:00
|
|
|
``[bootfile]`` section
|
|
|
|
......................
|
|
|
|
|
|
|
|
This section contains one entry for each supported architecture.
|
|
|
|
It defines the name of the initial boot file the client should request,
|
|
|
|
indexed on the architecture it reports, if any.
|
|
|
|
|
|
|
|
It should contain at least one entry, ``default``, which map to the bootfile
|
|
|
|
for clients that do no expose their architecture.
|
|
|
|
|
|
|
|
The bootfile is usually requested over TFTP to boot up after the client has
|
|
|
|
been assigned a network address.
|
|
|
|
|
|
|
|
Each entry is the architecture string, with a filename value.
|
|
|
|
|
|
|
|
|
|
|
|
``[buggy_clients]`` section
|
|
|
|
...........................
|
|
|
|
|
|
|
|
When a BOOTP client requests a network address, the BOOTP/DHCP server should
|
|
|
|
broadcast on the client's LAN the DHCP offerring. Using the client's network is
|
|
|
|
recommended, as it avoid broadcasting BOOTP/DHCP packets to other networks.
|
|
|
|
|
|
|
|
Some clients, notably the clients based on Intel firmwares, are stupid enough
|
|
|
|
to ignore DHCP offering which is broadcasted to the network broadcast address.
|
|
|
|
They do require the DHCP server to broadcast to the global ``255.255.255.255``
|
|
|
|
address.
|
|
|
|
|
|
|
|
This section lists the MAC of the clients that are so stupid they need this
|
|
|
|
global broadcast address to work. If you use Intel BIOS/UEFI, this option is
|
|
|
|
likely needed.
|
|
|
|
|
|
|
|
Each entry is a MAC address, using the ``-`` byte separator, with a boolean
|
|
|
|
value.
|
|
|
|
|
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
``[tftpd]`` section
|
|
|
|
...................
|
2011-05-22 04:44:05 +04:00
|
|
|
|
|
|
|
``address``
|
2011-05-22 16:05:42 +04:00
|
|
|
Address to listen to incoming TFTP requests. When the BOOTP daemon is
|
2011-05-22 17:53:57 +04:00
|
|
|
enabled this option is better omitted, as the address is automatically
|
2011-05-22 16:05:42 +04:00
|
|
|
received from the BOOTP daemon.
|
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
``blocksize``
|
2011-05-22 17:53:57 +04:00
|
|
|
Size of each exchanged data block. It is recommended to leave the default
|
|
|
|
value, as some clients may not accept other values.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
``port``
|
2011-05-22 17:53:57 +04:00
|
|
|
Alternative port for incoming TFTP request.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
``timeout``
|
2011-05-22 17:53:57 +04:00
|
|
|
Timeout in seconds for an acknowledgment from the TFTP client to be
|
|
|
|
received. If the timeout expires the TFTP server retransmits the last
|
|
|
|
packet. It can be expressed as a real value.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
``root``
|
2011-05-22 16:05:42 +04:00
|
|
|
Base directory for the TFTP service. This path is automatically prepended
|
|
|
|
to the pathname issued from the TFTP client. It can either be:
|
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
- a relative path to the daemon directory, when the ``root`` option starts
|
|
|
|
with ``./``,
|
|
|
|
- an absolute path, when the ``root`` option starts with ``/``,
|
|
|
|
- a URL prefix, to access remote files.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
|
2019-09-06 17:20:54 +03:00
|
|
|
``[httpd]`` section
|
|
|
|
...................
|
|
|
|
|
|
|
|
``address``
|
|
|
|
Address to listen to incoming HTTP requests. When the BOOTP daemon is
|
|
|
|
enabled this option is better omitted, as the address is automatically
|
|
|
|
received from the BOOTP daemon.
|
|
|
|
|
|
|
|
``port``
|
|
|
|
Alternative port for incoming HTTP request, default to 80
|
|
|
|
|
|
|
|
``root``
|
|
|
|
Base directory for the HTTP service. This path is automatically prepended
|
|
|
|
to the pathname issued from the TFTP client. It can either point to a local
|
|
|
|
directory for now.
|
|
|
|
|
|
|
|
``check_ip``
|
|
|
|
Whether to enforce HTTP client IP or not. When enabled, requests from
|
|
|
|
clients that have not obtained an IP address from the BOOTP daemon are
|
|
|
|
rejected.
|
|
|
|
|
|
|
|
|
2011-05-22 16:05:42 +04:00
|
|
|
``[filters]`` section
|
|
|
|
.....................
|
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
The ``filters`` section allows on-the-fly pathnames transformation. When a TFTP
|
2019-09-05 18:44:14 +03:00
|
|
|
client requests some specific filenames, the *tftpd* server can translate them
|
2011-05-22 17:53:57 +04:00
|
|
|
to other ones.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
This option is useful to serve the very same configuration file (''e.g.''
|
|
|
|
``pxelinux.cfg``) whatever the remote client, thus speeding up the boot
|
|
|
|
process. This option also enables to access files that are not stored within
|
|
|
|
the currently configured path (see the ``root`` option).
|
2011-05-22 16:05:42 +04:00
|
|
|
|
|
|
|
Each option of the ``filters`` section represents a file pattern to match. It
|
2011-05-22 17:53:57 +04:00
|
|
|
accepts standard wildcard characters: `*` and `?`. The option's value defines
|
|
|
|
the translated path.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
The *value* part can contain variables. Variables are written with enclosing
|
|
|
|
braces, such as ``{varname}``.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
|
|
|
For now, the only supported variable is ``filename``, which is replaced with
|
|
|
|
the actual requested filename.
|
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
The *value* part can also contain a special marker, that tells the *tftpd*
|
|
|
|
server to read the replacement pattern from a file. This special marker should
|
2011-05-22 16:05:42 +04:00
|
|
|
be written with enclosing brackets, such as ``[file]``.
|
|
|
|
|
|
|
|
Examples
|
|
|
|
........
|
|
|
|
|
|
|
|
The following filter::
|
|
|
|
|
|
|
|
pxelinux.cfg/* = pybootd/etc/pxe.cfg
|
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
tells the *tftpd* server that all client requests matching the
|
2011-05-22 17:53:57 +04:00
|
|
|
``pxelinux.cfg/*`` pattern should be served the ``pybootd/etc/pxe.cfg`` file
|
|
|
|
instead. This prevents the client to perform the usual time-costing fallback
|
|
|
|
requests using UUID, MAC, and suffix addresses before eventually falling
|
2011-05-22 16:05:42 +04:00
|
|
|
back to the simple ``pxelinux.cfg`` file.
|
|
|
|
|
|
|
|
The following filter::
|
|
|
|
|
|
|
|
startup = [dir/{filename}.cfg]
|
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
tells the *tftpd* server that when the ``startup`` file is requested, it should
|
2011-05-22 17:53:57 +04:00
|
|
|
read out the actual filename from the ``dir/startup.cfg`` file.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
|
|
|
HTTP-based authentication
|
|
|
|
-------------------------
|
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
This option enabled the delegation of the BOOTP authorization to a remote web
|
|
|
|
server. As *pybootd* emits standard HTTP GET requests and expects standard
|
|
|
|
HTTP reply codes, any web server may be used to manage authorizations.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
This web server receives HTTP GET requests with URLs formatted as follows::
|
2011-05-22 16:05:42 +04:00
|
|
|
|
|
|
|
http://server/path?mac=AA-BB-CC-DD-EE-FF&uuid=xxxxxxxx-aaaa-bbbb-cccc-yyyyyyyyyyyy
|
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
where:
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
- ``http://server`` matches the ``location`` option,
|
|
|
|
- ``/path`` matches the ``pxe`` or ``dhcp`` options of the ``[http]`` section.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
The web server should reply either with:
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
- ``200 Ok`` result if the requester is to be assigned an IP address, or
|
|
|
|
- ``401 Unauthorized`` result if it is to be ignored.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
The ``pybootd`` package contains a minimalist HTTP server that demonstrates
|
|
|
|
this feature. It can be found within the ``tests/`` subdirectory. See the
|
|
|
|
``config.ini`` file for this test daemon. The test daemon expects the ``pxe``
|
|
|
|
path to be set to ``/boot`` and the ``dhcp`` path to ``/linux``.
|
2011-05-22 04:44:05 +04:00
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
|
2011-05-21 05:04:03 +04:00
|
|
|
Sample configurations
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
Installing a Debian 6.0 machine from the official archive
|
|
|
|
---------------------------------------------------------
|
2019-09-05 18:44:14 +03:00
|
|
|
As pybootd's *tftpd* server is able to retrieve remote files using the HTTP
|
|
|
|
protocol, there is no need to manually download any file from a Debian mirror.
|
|
|
|
The daemon will forward all file requests to the mirror on behalf of the client
|
|
|
|
being installed.
|
2011-05-21 05:04:03 +04:00
|
|
|
|
2011-05-22 04:44:05 +04:00
|
|
|
The ``pybootd.ini`` would contain::
|
2011-05-21 05:04:03 +04:00
|
|
|
|
|
|
|
[logger]
|
2011-05-22 16:05:42 +04:00
|
|
|
; show requests on the standard error output of the daemon
|
2011-05-21 05:04:03 +04:00
|
|
|
type = stderr
|
2011-05-22 16:05:42 +04:00
|
|
|
; show informative and error messages only (disable verbose mode)
|
2011-05-21 05:04:03 +04:00
|
|
|
level = info
|
2011-05-22 04:44:05 +04:00
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
[bootpd]
|
2011-05-22 17:53:57 +04:00
|
|
|
; do not force a full PXE boot-up cycle to accept the client
|
2011-05-21 05:04:03 +04:00
|
|
|
allow_simple_dhcp = enable
|
2011-05-22 16:05:42 +04:00
|
|
|
; First BOOTP/DHCP address to generate
|
|
|
|
pool_start = 192.168.1.100
|
|
|
|
; Google DNS
|
2011-05-21 05:04:03 +04:00
|
|
|
dns = 8.8.8.8
|
2020-04-10 22:32:25 +03:00
|
|
|
|
|
|
|
[bootfile]
|
|
|
|
; boot-up executable the client should request through TFTP (BIOS)
|
|
|
|
default = pxelinux.0
|
|
|
|
; boot-up executable the client should request through TFTP (UEFI x86-64)
|
|
|
|
00007 = shimx64.efi
|
2011-05-22 04:44:05 +04:00
|
|
|
|
2019-09-05 18:44:14 +03:00
|
|
|
[tftpd]
|
2011-05-22 16:05:42 +04:00
|
|
|
; URL to install a Debian 6.0 Intel/AMD 64-bit network installation
|
2011-05-21 05:04:03 +04:00
|
|
|
root = http://http.us.debian.org/debian/dists/squeeze/main/installer-amd64/current/images/netboot
|
|
|
|
|
2011-05-22 16:05:42 +04:00
|
|
|
[filters]
|
2011-05-22 17:53:57 +04:00
|
|
|
; serve a simple configuration file to the linux PXE helper
|
2011-05-22 16:05:42 +04:00
|
|
|
pxelinux.cfg/* = pybootd/etc/pxe.cfg
|
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
The ``pool_start`` parameter should be a valid address on the host's networks,
|
|
|
|
and the ``root`` URL may be changed to use alternative mirror and path.
|
2011-05-22 16:05:42 +04:00
|
|
|
|
2011-05-22 17:53:57 +04:00
|
|
|
Please note that to complete the network installation, the client should be
|
|
|
|
able to access the remote resources on its own - as with a network ISO image
|
|
|
|
installation. There are two ways to achieve this:
|
2011-05-22 16:05:42 +04:00
|
|
|
|
|
|
|
- either enable IP forwarding on the *pybootd* host (see ``forward.sh``
|
|
|
|
script within the ``pybootd`` package), or
|
2011-05-22 17:53:57 +04:00
|
|
|
- be sure to connect the network cable of the client to a LAN that has direct
|
|
|
|
access to the Internet, once the first installation stage is complete.
|