Jamf Nation Community

CentOS is not an option. Yes, I know they are .. the same. Almost.

I'm just looking for some help getting it installed the way I already have it installed. I saw some other threads about dhcpd.conf and 3.0.x versions having some issues with double semi colons or something.

I believe it should work the way I have it - no need to toy around with docker at this point.

use RHEL then, or Ubuntu or whatever you like, thats the beauty of docker, the distro of linux doesn't matter.

*shrugs* up to you. But if you follow the steps I have up there you could have a working netboot server in literally 15 minutes.

I agree with you, I honestly would like to figure out a way for it to work with my existing setup. I'm not against Docker, I just don't know much about containers right now to feel comfortable doing this and saying it will stay up and running forever :)

I'm ideally looking to set it up where my existing DHCP server forwards the pxeboot request to the netboot server and it all kicks off from there. Is it necessary to have DHCP running on the NetSUS box?

Sure.

No the NetSUS doesn't run DHCP as such, it kind of augments your existing DHCP server. It provides bsdp options.
Your router/switches should be configured with an IP_Helper in order to forward requests from different subnets.
This IP helper should be the ip address of the netsus. This way if a machine on a different subnet to the netsus requests bsdp options, your netsus will get that request and send the packet to the machine Macs do not use PXE boot, its a similar but different tech
Macs use BSDP
If you really want to get technical, apple has documentation here
http://opensource.apple.com/source/bootp/bootp-298/Documentation/BSDP.doc

Not to be rude but have you read the manual? http://jamfsoftware-content.s3.amazonaws.com/downloads/NetBootSUSServerUserGuide_v3.0.pdf

All this needing to define subnets and configuration headache is what prompted me to really look at bsdpy instead of netsus. No way I could easily roll out a thousand netsus appliances but i've got no issues doing it with docker and puppet

Not rude at all sir! Knowledge is king. Yes, read the manual. I've done a lot of footwork, now just need bootp to function properly. Essentially I'm forwarding DHCP requests to the NetSUS (check dhcpd.conf entry at the bottom) and not seeing traffic from the appliance.

I manually modified the dhcpd.conf on a my main DHCP server running dhcpd V3.0.5-RedHat.

Utilizing tcpdump to monitor port 67 on my DHCP server I'm seeing my MBP with MAC 68:5b:35:8f:df:6a.

I'm definitely seeing traffic on my DHCP server:

18:50:04.275195 IP 10.71.2.3.bootps > 10.71.20.50.bootps: BOOTP/DHCP, Request from 68:5b:35:8f:df:6a, length: 301 18:50:04.275805 IP 10.71.20.50.bootps > 10.71.2.187.bootpc: BOOTP/DHCP, Reply, length: 301 18:50:05.274947 IP 10.71.2.3.bootps > 10.71.20.50.bootps: BOOTP/DHCP, Request from 68:5b:35:8f:df:6a, length: 301

As this request comes through, I see "Faux NetBoot" option on my Mac if I have Thunderbolt Ethernet plugged in and hold OPTION while booting up. I can verify that it goes away when I remove the config below and reload the dhcpd server.

When I click Faux NetBoot, it goes for a few seconds (5 or so) and then goes to the login screen of the machine. Doing this while running a tcpdump on the NetSUS server yields no traffic. I don't ever see any traffic incoming/outgoing of the NetSUS box.

I've modified next-server, filename, and option root-path as variables.

class "AppleNBI-i386" { match if substring (option vendor-class-identifier, 0, 14) = "AAPLBSDPC/i386"; if (option dhcp-message-type = 8) { option vendor-class-identifier "AAPLBSDPC"; if (substring (option vendor-encapsulated-options, 0, 6) = 01:01:01:02:02:01) { option dhcp-parameter-request-list 60, 43; option vendor-encapsulated-options 01:01:01:04:02:FF:FF:07:04:01:00:02:0E:08:04:01:00:02:0E:09:11:01:00:02:0E:0C:46:61:75:78:20:4E:65:74:42:6F:6F:74; } if ((substring (option vendor-encapsulated-options, 0, 6) = 01:01:02:02:02:01 and substring (option vendor-encapsulated-options, 7, 12) = 08:04:01:00:02:0E:03:04:AC:1B:01:5C) or (substring (option vendor-encapsulated-options, 0, 6) = 01:01:02:02:02:01 and substring (option vendor-encapsulated-options, 7, 12) = 03:04:AC:1B:01:5C:08:04:01:00:02:0E)) { option dhcp-parameter-request-list 17, 43, 60; option vendor-encapsulated-options 01:01:02:08:04:01:00:02:0E:80:2A:61:66:70:3A:2F:2F:61:66:70:75:73:65:72:3A:61:66:70:75:73:65:72:31:40:31:37:32:2E:32:37:2E:31:2E:39:32:2F:4E:65:74:42:6F:6F:74:81:11:4E:65:74:42:6F:6F:74:30:30:31:2F:53:68:61:64:6F:77; next-server $MY_NETSUS_SERVER_IP; filename "MY_IMAGE.NBI/i386/booter"; option root-path "http://$MY_NETSUS_SERVER_IP/NetBoot/NetBootSP0/MY_IMAGE.NBI/NetBoot.dmg"; } } }

The NetBoot.dmg exists and I'm able to access it anywhere on the network.

I feel like I'm close... thoughts?

If it was me i would nuke and pave. I think you are on the wrong track.

You should not touch any config of your existing DHCP server. This is likely your problem.

Your normal dhcp server should be completely unaware of any changes. the netsus is a drop in, it simply sits in along side the existing infrastructure and listens. Your mac client will first get bsdp information from the netsus, this gives it information it uses to configure a tftp session to download the kernal to the machine (no ipaddress) it then loads teh kernal and gets an ip address from your dhcp server, then it contacts the netsus over tcp/ip and downloads the netboot.dmg file and boots the machine up.

Have you configured ip helpers for your switches/routers ?

Its honestly not this difficult.

Install linux distro, download the Netsus run file, install it, configure it and away you go.
No other changes need to be made to your network, unless you are netbooting across subnets in which case you add the ip helpers to your switches/routers

I'm not trying to make things difficult. Road blocks come up and things need to be setup in a certain way in my environment. It's on a per case basis. I'm trying to troubleshoot and figure out how to get it to work in my specific use case. I agree, if I had a simple network with nothing else going on I can install the distro, load the NetSUS run file, install, configure, and go. But that's not what is going on here.

IP helpers are configured. I am modifying my existing DHCP server for a reason, I don't want to run another one on the NetSUS server.

Again, I have a fully working PXE boot environment right now with cobbler. I've validated that tftp works and I can grab the files from the NetSUS server.

I have made some more progress. I believe the first subnet I had in my dhcpd.conf was taking precedence over the Apple config. I've put it above it in the config and now I'm seeing the NetSUS server download the booter file.

After that it hangs and not do anything. In the tcpdump I'm seeing an RPC V2 CALLIT call to the broadcast address repeat. And nothing happens. The Mac icon just spins. I've spanned a port to my Mac and am doing a tcpdump of the Mac trying to image.

I believe the machine is waiting for our DHCP server to respond with some type of message but it's not sending anything out.

From https://docs.oracle.com/cd/E19253-01/821-0439/troubleshooting-2/index.html

RPC: Timed out No bootparams (whoami) server responding; still trying... (x86 based systems only) Cause: The client is trying to boot from the network, but it cannot find a system with an entry in the /etc/bootparams file on the install server. Solution: Use add_install_client on the install server. Using this command adds the proper entry in the /etc/bootparams file, enabling the client to boot from the network.

Still chugging along.

The netsus DOES NOT RUN a DHCP server as such. It will not interfere with your existing DHCP server.
You need to let the DHCP server on the NetSUS do its thing. It will not interfere with your network!

The problems you having are because of your modifications to your DHCP server.

Put your DHCP server back the way it was before you started any of this NetSUS stuff

Then create a new RHEL VM, update and patch as necessary install netsus configure etc etc etc etc

Don't mess with your DHCP server!

:)

Looks like there is a bug in the adminHelper.sh script where it doesn't actually detected which version on OS your host is running, in my case it thinks I am running ubuntu ! which is totally not true. therefore the touchconf function in the script won't run and will not give the right permission to Apache to access /etc/dhcpd.conf

I hope that helps.

[root@server]# sh -x adminHelper.sh + NAMESERVERLIST=
+ '[' -f /usr/bin/lsb_release ']'
++ lsb_release -s -d
+ ubuntuVersion='"Red Hat Enterprise Linux Server release 6.5 (Santiago)"'
+ case $ubuntuVersion in
+ case $1 in
[root@server]#

[root@server]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.5 (Santiago)
[root@server]#

path to the script: vim /var/www/html/webadmin/scripts/adminHelper.sh

I escaped the Ubuntu OS check in the script to make it work.

I noticed some errors in the logs referencing a missing bracket in dhcpd.conf. Looks like it's in this line:

if ((substring (option vendor-encapsulated-options, 0, 6) = 01:01:02:02:02:01

I added a right paren at the end of the line, and suddenly the NetBoot indicator turned green. Go figure.