Jamf Nation Community

gmce87 · ‎08-16-2017

Hi, I've just set up a Ubunutu 16.04 virtual server to provide netboot services using BSDPy. I've used AutoDMG and AutoCasperNBI to build my netboot image from the offical 10.12.6 installer from the App Store, and I've followed Graham Gilbert's BDSPy blog post (https://grahamgilbert.com/blog/2015/04/22/getting-started-with-bsdpy-on-docker/) to set up Docker and the necessary containers.

The server is up and running, and the three containers loaded in Docker are macadmins/netboot-httpd, macadmins/tftpd and bruienne/bsdpy. The HTTPD service is bound to port 80, TFTPD is bound to port 69 and BSDPy is bound to port 67.

Here's my startup script below [edit: modified to include code to set blocksize for the TFTPD container, credit to Neil's post below]

#!/bin/bash
# BSDPy Startup Script
# Documentation - https://hub.docker.com/r/bruienne/bsdpy
# Script taken from - https://grahamgilbert.com/blog/2015/04/22/getting-started-with-bsdpy-on-docker/

# Pulls the tftpd, netboot-httpd and bsdpy repos from Docker
docker pull macadmins/tftpd
docker pull macadmins/netboot-httpd
docker pull bruienne/bsdpy

# Stops and removes any existing containers before attempting to run them
docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)

chmod -R 777 /usr/local/docker/nbi
IP=`ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'`
echo $IP

docker run -d 
  -v /usr/local/docker/nbi:/nbi 
  --name web 
  --restart=always 
  -p 0.0.0.0:80:80 
  macadmins/netboot-httpd

docker run -d 
  -p 0.0.0.0:69:69/udp 
  -v /usr/local/docker/nbi:/nbi 
  --name tftpd 
  --restart=always 
  macadmins/tftpd 
  /usr/sbin/in.tftpd --listen --foreground --verbosity=10 --user user -B 1468 /nbi

docker run -d 
  -p 0.0.0.0:67:67/udp 
  -v /usr/local/docker/nbi:/nbi 
  -e BSDPY_IFACE=eth0 
  -e BSDPY_NBI_URL=http://$IP 
  -e BSDPY_IP=$IP 
  --name bsdpy 
  --restart=always 
  bruienne/bsdpy

My network team have added the server's IP address as a helper address to the subnets that require netbooting, and when I go into Startup Disk (or hold Alt while booting) I can see the 10.12.6AutoCasperNBI image available as a network disk, however when I attempt to load this, the machine hangs for 15-20 seconds and then boots back up to my desktop.

If I run "sudo docker logs bsdpy" I can see my machines are talking to the server, and I'm seeing the below;

08/16/2017 01:11:04 PM - DEBUG: -=========================================-
08/16/2017 01:11:04 PM - DEBUG: Got BSDP INFORM[LIST] packet:
08/16/2017 01:11:04 PM - DEBUG: Determining image list for system ID iMac12,1
08/16/2017 01:11:04 PM - DEBUG: Found enabled system ID iMac12,1 - adding "10.12.6AutoCasperNBI" to list
08/16/2017 01:11:04 PM - DEBUG: -=========================================-
08/16/2017 01:11:04 PM - DEBUG: Return ACK[LIST] to 10.9.251.2 on 721
08/16/2017 01:11:04 PM - DEBUG: Default boot image ID: [129, 0, 7, 25]
08/16/2017 01:11:06 PM - DEBUG: -=========================================-
08/16/2017 01:11:06 PM - DEBUG: Got BSDP INFORM[SELECT] packet:
08/16/2017 01:11:06 PM - DEBUG: Determining image list for system ID iMac12,1
08/16/2017 01:11:06 PM - DEBUG: Found enabled system ID iMac12,1 - adding "10.12.6AutoCasperNBI" to list
08/16/2017 01:11:06 PM - DEBUG: -->> Using HTTP URI: http://172.17.0.4/10.12.6AutoCasperNBI.nbi/NetBoot.dmg
08/16/2017 01:11:06 PM - DEBUG: ACK[SELECT] image ID: [129, 0, 7, 25]
08/16/2017 01:11:06 PM - DEBUG: -=========================================-
08/16/2017 01:11:06 PM - DEBUG: Return ACK[SELECT] to 10.9.251.2 on 721
08/16/2017 01:11:06 PM - DEBUG: TFTP path: /nbi/10.12.6AutoCasperNBI.nbi/i386/booter

However there's nothing more I can see in the logs to indicate a failure or anything. If I try browsing to http://172.17.0.4/10.12.6AutoCasperNBI.nbi/NetBoot.dmg it fails obviously, but if I change the IP address to the server's actual IP address rather than the Docker virtual IP address, it downloads the DMG with no issues, so as far as firewalls go and the HTTPD instance on the server, everything seems to be OK there.

I'm not sure where to go from here, can anyone please point me in the right direction?

Thanks
Gary

neilmartin83 · ‎08-16-2017

Hi @gmce87 ,

Looking at the line in your script:

IP=`ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'`

Try changing eth0 to the host's interface - in my case that's ens32

If you run ifconfig you'll get a list of interfaces and their assigned IP addresses so you should be able to correctly identify the one that has the IP your clients need to connect to.

Other than that, I had some specific issues with 2017 iMacs and TFTP, which I fixed by manually setting a specific blocksize for the tftpd container - that might be worth looking at if the above doesn't help. :-)

gmce87 · ‎08-17-2017

Hi @neil.martin83

Thanks for the suggestions. Eth0 is the host interface that has my IP address on it, I should have clarified that in the original post sorry.

I've had a look about online for how to increase the blocksize but I'm not sure on how to apply this to the docker container. The docker hub info for the TFTPD image doesn't seem to tell you how to do this. I've read that you need to edit the xinetd.d/tftp file to specify the blocksize, however there isn't any such file on my host machine and I'm not sure on how to apply this to the docker image, can you elaborate please?

neilmartin83 · ‎08-17-2017

@gmce87

My script looks like this - note the additional line under the section that brings up the tftpd container and don't forget the escape backslash after macadmins/tftpd :-)

/usr/sbin/in.tftpd --listen --foreground --verbosity=10 --user user -B 1468 /nbi

#!/bin/bash

docker pull macadmins/tftpd
docker pull macadmins/netboot-httpd
docker pull bruienne/bsdpy:1.0

# Other stuff is above here
docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)

chmod -R 777 /usr/local/docker/nbi
IP=`ifconfig ens32 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'`
echo $IP

docker run -d 
  -v /usr/local/docker/nbi:/nbi 
  --name web 
  --restart=always 
  -p 0.0.0.0:80:80 
  macadmins/netboot-httpd

docker run -d 
  -p 0.0.0.0:69:69/udp 
  -v /usr/local/docker/nbi:/nbi 
  --name tftpd 
  --restart=always 
  macadmins/tftpd 
  /usr/sbin/in.tftpd --listen --foreground --verbosity=10 --user user -B 1468 /nbi
docker run -d 
  -p 0.0.0.0:67:67/udp 
  -v /usr/local/docker/nbi:/nbi 
  -e BSDPY_IFACE=ens32 
  -e BSDPY_NBI_URL=http://$IP 
  -e BSDPY_IP=$IP 
  --name bsdpy 
  --restart=always 
  bruienne/bsdpy:1.0

neilmartin83 · ‎08-17-2017

Also, I'd double check the interface because BSDPy is passing the container's IP to the connecting Mac. My logs look like this and you can see the actual host IP being passed back for both the HTTP and TFTP URLs:

08/17/2017 09:37:34 AM - DEBUG: Return ACK[SELECT] to c:4d:e9:9b:4c:55 - 10.2.64.71 on port 68
08/17/2017 09:37:34 AM - DEBUG: --> TFTP URI: tftp://172.21.0.130/nbi/UELNetBootImaging10126998.nbi/i386/booter
08/17/2017 09:37:34 AM - DEBUG: --> Boot Image URI: http://172.21.0.130/UELNetBootImaging10126998.nbi/NetBoot.dmg

Do you get the host's IP if you run ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'
?

gmce87 · ‎08-17-2017

@neil.martin83

Thanks for that, much appreciated! I've updated my script and I've restarted the containers and let it initialise, but unfortunately it's still doing the same thing. I select the NBI from the list and press Enter, nothing happens for approx 15 seconds, and then the Apple logo and loading bar appear and my desktop login screen appears when it's finished loading.

When I run the ifconfig eth0 2>/dev/null[etcetera] command, it correctly returns the host's IP address, for example let's pretend the server IP address that I SSH to is 192.168.0.240, that command returns that IP address, so that part's definitely working.

When I'm checking the logs after restarting the containers and attempting to netboot, this is what I'm seeing.

$ sudo docker logs -f bsdpy
Starting nginx: nginx.
error: Failed to connect to 2401:1d80:1010::151: Cannot assign requested address while accessing https://bitbucket.org/bruienne/bsdpy.git/info/refs
fatal: HTTP request failed
08/17/2017 10:36:16 AM - DEBUG: Using HTTP basedmgpath http://172.17.0.4/
08/17/2017 10:36:16 AM - DEBUG: Server IP: 172.17.0.4 - Server FQDN: 35d600a1f52a - Serving on eth0 - Using http to serve boot image.
08/17/2017 10:36:16 AM - DEBUG:

-=- Starting new BSDP server session -=-

08/17/2017 10:36:16 AM - DEBUG: Considering NBI source at /nbi/10.12.6AutoCasperNBI.nbi
08/17/2017 10:36:16 AM - DEBUG: [========= Using the following boot images =========]
08/17/2017 10:36:16 AM - DEBUG: /nbi/10.12.6AutoCasperNBI.nbi
08/17/2017 10:36:16 AM - DEBUG: [=========     End boot image listing      =========]
08/17/2017 10:42:56 AM - DEBUG: -=========================================-
08/17/2017 10:42:56 AM - DEBUG: Got BSDP INFORM[LIST] packet:
08/17/2017 10:42:56 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:42:56 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:42:56 AM - DEBUG: -=========================================-
08/17/2017 10:42:56 AM - DEBUG: Return ACK[LIST] to 172.16.6.131 on 994
08/17/2017 10:42:56 AM - DEBUG: -=========================================-
08/17/2017 10:42:56 AM - DEBUG: Got BSDP INFORM[LIST] packet:
08/17/2017 10:42:56 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:42:56 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:42:56 AM - DEBUG: -=========================================-
08/17/2017 10:42:56 AM - DEBUG: Return ACK[LIST] to 172.16.6.131 on 994
08/17/2017 10:42:56 AM - DEBUG: Default boot image ID: [129, 0, 7, 25]

the above attempts timestamped at 10:42 repeat several times, these were all generated when I loaded Startup Disk on my test Mac and could see the NBI.

The below were generated when I restarted the iMac and held Alt/Option, then attempted to load the NBI. 172.16.6.131 is the correct IP address for my test iMac.

08/17/2017 10:43:40 AM - DEBUG: -=========================================-
08/17/2017 10:43:40 AM - DEBUG: Got BSDP INFORM[LIST] packet:
08/17/2017 10:43:40 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:43:40 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:43:40 AM - DEBUG: -=========================================-
08/17/2017 10:43:40 AM - DEBUG: Return ACK[LIST] to 172.16.6.131 on 68
08/17/2017 10:43:40 AM - DEBUG: Default boot image ID: [129, 0, 7, 25]
08/17/2017 10:43:40 AM - DEBUG: -=========================================-
08/17/2017 10:43:40 AM - DEBUG: Got BSDP INFORM[LIST] packet:
08/17/2017 10:43:40 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:43:40 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:43:40 AM - DEBUG: -=========================================-
08/17/2017 10:43:40 AM - DEBUG: Return ACK[LIST] to 172.16.6.131 on 68
08/17/2017 10:43:40 AM - DEBUG: Default boot image ID: [129, 0, 7, 25]
08/17/2017 10:43:41 AM - DEBUG: -=========================================-
08/17/2017 10:43:41 AM - DEBUG: Got BSDP INFORM[LIST] packet:
08/17/2017 10:43:41 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:43:41 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:43:41 AM - DEBUG: -=========================================-
08/17/2017 10:43:41 AM - DEBUG: Return ACK[LIST] to 172.16.6.131 on 68
08/17/2017 10:43:41 AM - DEBUG: Default boot image ID: [129, 0, 7, 25]
08/17/2017 10:43:41 AM - DEBUG: -=========================================-
08/17/2017 10:43:41 AM - DEBUG: Got BSDP INFORM[LIST] packet:
08/17/2017 10:43:41 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:43:41 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:43:41 AM - DEBUG: -=========================================-
08/17/2017 10:43:41 AM - DEBUG: Return ACK[LIST] to 172.16.6.131 on 68
08/17/2017 10:43:41 AM - DEBUG: Default boot image ID: [129, 0, 7, 25]
08/17/2017 10:43:42 AM - DEBUG: -=========================================-
08/17/2017 10:43:42 AM - DEBUG: Got BSDP INFORM[LIST] packet:
08/17/2017 10:43:42 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:43:42 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:43:42 AM - DEBUG: -=========================================-
08/17/2017 10:43:42 AM - DEBUG: Return ACK[LIST] to 172.16.6.131 on 68
08/17/2017 10:43:42 AM - DEBUG: Default boot image ID: [129, 0, 7, 25]
08/17/2017 10:43:42 AM - DEBUG: -=========================================-
08/17/2017 10:43:42 AM - DEBUG: Got BSDP INFORM[LIST] packet:
08/17/2017 10:43:42 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:43:42 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:43:42 AM - DEBUG: -=========================================-
08/17/2017 10:43:42 AM - DEBUG: Return ACK[LIST] to 172.16.6.131 on 68
08/17/2017 10:43:42 AM - DEBUG: Default boot image ID: [129, 0, 7, 25]
08/17/2017 10:43:42 AM - DEBUG: -=========================================-
08/17/2017 10:43:42 AM - DEBUG: Got BSDP INFORM[SELECT] packet:
08/17/2017 10:43:42 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:43:42 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:43:42 AM - DEBUG: -->> Using HTTP URI: http://172.17.0.4/10.12.6AutoCasperNBI.nbi/NetBoot.dmg
08/17/2017 10:43:42 AM - DEBUG: ACK[SELECT] image ID: [129, 0, 7, 25]
08/17/2017 10:43:42 AM - DEBUG: -=========================================-
08/17/2017 10:43:42 AM - DEBUG: Return ACK[SELECT] to 172.16.6.131 on 68
08/17/2017 10:43:42 AM - DEBUG: TFTP path: /nbi/10.12.6AutoCasperNBI.nbi/i386/booter
08/17/2017 10:43:42 AM - DEBUG: -=========================================-
08/17/2017 10:43:42 AM - DEBUG: Got BSDP INFORM[SELECT] packet:
08/17/2017 10:43:42 AM - DEBUG: Determining image list for system ID iMac14,1
08/17/2017 10:43:42 AM - DEBUG: Found enabled system ID iMac14,1 - adding "10.12.6AutoCasperNBI" to list
08/17/2017 10:43:42 AM - DEBUG: -->> Using HTTP URI: http://172.17.0.4/10.12.6AutoCasperNBI.nbi/NetBoot.dmg
08/17/2017 10:43:42 AM - DEBUG: ACK[SELECT] image ID: [129, 0, 7, 25]
08/17/2017 10:43:42 AM - DEBUG: -=========================================-
08/17/2017 10:43:42 AM - DEBUG: Return ACK[SELECT] to 172.16.6.131 on 68
08/17/2017 10:43:42 AM - DEBUG: TFTP path: /nbi/10.12.6AutoCasperNBI.nbi/i386/booter

Is it normal for so many attempts to be registered from a single machine making a single attempt to netboot?

gmce87 · ‎08-17-2017

I've also tried connecting to the server via TFTP on my test iMac and I've downloaded the booter file to test that TFTP is actually working.

$ tftp [server IP address]
tftp> get /nbi/10.12.6AutoCasperNBI.nbi/i386/booter
Received 579092 bytes in 13.3 seconds

13 seconds to download a 500KB file seems pretty slow!

gmce87 · ‎08-24-2017

Fixed! For the record, this was due to our corporate firewall, figured I'd post this here for future reference in case anyone has a similar issue.

error: Failed to connect to 2401:1d80:1010::151: Cannot assign requested address while accessing https://bitbucket.org/bruienne/bsdpy.git/info/refs
fatal: HTTP request failed

This was the culprit here, once our network support team allowed this through the firewall and I restarted the Docker containers, everything started working correctly and we can boot up into Casper Imaging now.

Jamf Nation Community

BSDPy - Machines can see NBI, but fail to boot it