4.1 KiB
pxeserv01
The server is a RHEL 8, installed manually and registered directly with redhat.com . This is so that it's completely independent from anything else at PSI.
For historical reasons, the tftpboot directory is hosted on AFS. But for an unknown reason, the RHEL8 tftpd can not read the files from AFS. (It's not SELinux) So the data is mirrored to the local drive and is served from this copy.
See /etc/crontab
There is a cron job defined in /etc/crontab to sync the content of the /afs directory to the local /tftpboot directory.
This job runs every minute and is defined as follows:
* * * * * root rsync -aah --exclude '*rhel-8-poc*' --delete /afs/psi.ch/service/linux/tftpboot/ /tftpboot
This server hosts the tftp service (port 69) used for pxe booting.
Permissions /tftpboot directory:
[root@pxeserv01 ~]# du -sh /tftpboot/
5.2G /tftpboot/
[root@pxeserv01 ~]# ls -lad /tftpboot/
drwxr-xr-x 13 5122 840 4096 Mar 4 17:26 /tftpboot/
Permissions of the /afs tftpboot directory:
[root@pxeserv01 tftpboot]# fs listacl
Access list for . is
Normal rights:
psi:nodes rl
svc.linux:administrators rlidwka
svc.linux:pxe rl
svc.linux:readonly rl
svc.linux:tools rl
svc.linux:users l
web:hosts rl
[root@pxeserv01 tftpboot]# pwd
/afs/psi.ch/service/linux/tftpboot
[root@pxeserv01 tftpboot]#
Current members of linux.administrators:
$ pts membership svc.linux:administrators
Members of svc.linux:administrators (id: -10574) are:
system:administrators
ebner
lutz_h
stadler_h
kapeller
huesser
feichtinger
barabas
sala
gsell
ozerov_d
talamo_i
dorigo_a
nazlikul_m
caubet_m
taylor_j
ext-metzler_d
buchel_k
Important
For any changes in the pxe config settings there might be a delay of 1 minute before the clients see the changes!
pxelinux.cfg directory
(/afs/psi.ch/service/linux/tftpboot/pxelinux.cfg /tftpboot/pxelinux.cfg)
There are several syntax variants, which can be used for specific pxelinux configuration files. It can do hostnames, ip addresses, hexa encoded expressions of either an IP or a subnet, partial or full MACs. etc.. For details see: https://wiki.syslinux.org/wiki/index.php?title=PXELINUX
grub.cfg files
(/afs/psi.ch/service/linux/tftpboot/grub.cfg* /tftpboot/grub.cfg*)
Beside the default grub.cfg there can similar to pxelinux a host or network specific grub configuration files.
For details see the Grub Manual, but note that the MAC address documentation is wrong: smiliar as for pxelinux the MAC address must be prepended with 01- to denote the network hardware type Ethernet.
Questions
- is there a special tftpd configuration, if yes, where?
- It's not really a config, but the systemd unit file, which is changed from the default
/usr/lib/systemd/system/tftp.service
-
chronyd has a port open on 323, for what is this needed?
- That's nothing special or custom, that's just how chronyd works by default
-
Are firewall rules set explicitly? Current firewall rules:
[root@pxeserv01 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: cockpit dhcpv6-client ssh tftp
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@pxeserv01 ~]#
- answer:
- tftp is opened up additionally, nothing more
firewall-cmd --zone=public --add-service=tftp --permanent
firewall-cmd --zone=public --add-service=tftp
-
is this service also used for windows systems? (I can see a
uefiwindirectory in the tftpboot directory)-
yes, this is the one and only tftp server for all PSI networks
-
The one person I ever talked to about PXE booting and windows was Niklaus Baumann.
-
-
Can you please explain the structure of the /tftpboot directory - which directories are populated by which services/users. Who is managing all this content? Is there additional documentation on this?
- Not really, it's a mess I inherited. On legacy mode, pxelinux.0 is loaded, on uefi, it is the grubx64.efi . These have their configs in pxelinux.cfg and grub.cfg respectively.