#756862 Fw: Feature dnsmasq as TFTP server in the installation guide ?

#756862#5
Date:
2014-08-02 17:31:33 UTC
From:
To:
Forwarded to BTS, so that it does not get lost.

Holger




Date: Mon, 15 Jul 2013 19:53:07 +0900
From: Charles Plessy <plessy@debian.org>
To: debian-boot@lists.debian.org
Subject: Feature dnsmasq as TFTP server in the installation guide ?


Hello everybody,

today I installed debian via TFTP on a network where I was already running
dnsmasq, and it had never been so simple:

    # cat <<__END__ > /etc/dnsmasq.d/tftp
    enable-tftp
    tftp-root=/var/tftp
    __END__

    # /etc/init.d/dnsmasq restart
    # mkdir /var/tftp ; cd /var/tftp
    # wget http://http.us.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/gtk/netboot.tar.gz
    # tar xvfz netboot.tar.gz

According to the Debian wiki, only the following other items need to be configured.

    interface=eth1
    domain=yourdomain.com
    dhcp-range=192.168.0.3,192.168.0.253,255.255.255.0,1h
    dhcp-boot=pxelinux.0,pxeserver,192.168.0.2
    pxe-service=x86PC, "Install Linux", pxelinux

https://wiki.debian.org/PXEBootInstall#Another_Way_-_use_Dnsmasq

Nevertheless, it looks like pxe-service is not strictly necessary.

I wonder if it would be worth mentioning dnsmasq proeminently it in the
Installation Guide.  It is a much easier setup than isc-dhcp-server or BOOTP
(is that still needed ?)

Have a nice day,

#756862#10
Date:
2025-11-15 16:47:26 UTC
From:
To:
Hello

I don't quite know how the situation was 12 years ago, but since
isc-dhcp-server is now abandoned upstream: certainly worth it.
Moreover, if you use network-manager and plan to install using a shared
connection, with the built-in dnsmasq, it's as easy as dropping these
lines in /etc/NetworkManager/dnsmasq-shared.d/:

  dhcp-boot=debian-installer/amd64/bootnetx64.efi
  enable-tftp
  tftp-root=/var/tftp/

... the simplicity of which is hard to beat.  I'll try to prepare a
merge request in Salsa with this.

Greetings
-Steven

#756862#15
Date:
2025-11-15 17:42:42 UTC
From:
To:
Hi Steven,

Am 15. November 2025 17:47:26 MEZ schrieb Steven De Herdt <steven.deherdt@gmail.com>:

Yes, a patch or a merge request would be great.
Thanks


Holger

#756862#20
Date:
2025-11-16 12:15:24 UTC
From:
To:
Hi,

Am 15. November 2025 18:42:42 MEZ schrieb Holger Wansing <hwansing@mailbox.org>:

I looked into this, and would like to come up with a proposal.
Most of the text was stolen from
https://wiki.debian.org/DebianInstaller/NetbootPXE

I left Steven's NetworkManager-based three-liner from above beside, but took
the config from the wiki page, to have an example, that works for everyone
(hopefully).

I could think of something like this (it could be added as a new chapter
4.5.1 in https://d-i.debian.org/manual/en.amd64/ch04s05.html, replacing the
note we have now in 4.5):


========snip=======

  / Note:
 /
| In the past, we recommended to use tftpd-hpa. It's written by the same author
| as the syslinux bootloader and is therefore least likely to cause issues.
| Another good alternative is atftpd.
| Documentation for these traditional packages is still available below.
|
| These days however, it turns out, that **dnsmasq** is a good and easy to configure
| solution, uniting all the needed functionality in one server.
 \
  \ end of note

4.5.1 Setting up dnsmasq as all-in-one solution for DHCP + TFTP

Following is an example for /etc/dnsmasq.conf providing the same functionality
as the method of installing and configuring of isc-dhcp-server and tftpd-hpa
described below:
----------------------------------------------------------------- interface=eth1 domain=yourdomain.com dhcp-range=192.168.0.3,192.168.0.253,255.255.255.0,1h dhcp-boot=pxelinux.0,pxeserver,192.168.0.2 enable-tftp tftp-root=/srv/tftp pxe-service=x86PC, "PXELINUX (BIOS)", "pxelinux.0" pxe-service=X86-64_EFI,"PXE (UEFI)","grubx64.efi" # other UEFI type identifier, see RFC4578 section-2.1 pxe-service=2, "PXELINUX (0002-EFI)", "grubx64.efi" pxe-service=6, "PXELINUX (0006-EFI)", "grubx64.efi" pxe-service=7, "PXELINUX (0007-EFI)", "grubx64.efi" pxe-service=8, "PXELINUX (0008-EFI)", "grubx64.efi" pxe-service=9, "PXELINUX (0009-EFI)", "grubx64.efi" ----------------------------------------------------------------- Download the netboot.tar.gz and extract it in the /srv/tftp (for trixie in this example):
----------------------------------------------------------------- cd /srv/ mkdir tftp cd /srv/tftp wget http://ftp.debian.org/debian/dists/trixie/main/installer-amd64/current/images/netboot/netboot.tar.gz tar -xzvf netboot.tar.gz rm netboot.tar.gz ln -s debian-installer/amd64/grubx64.efi . ln -s debian-installer/amd64/grub . ----------------------------------------------------------------- Then restart dnsmasq : systemctl restart dnsmasq and you should be able to start performing the installation. ========snap======= Holger
#756862#25
Date:
2025-11-16 15:45:55 UTC
From:
To:
Hi Holger

I had already started writing, and I've now committed this first
attempt to https://salsa.debian.org/stdh/installation-guide.  I'll
integrate your proposal there, minus perhaps the preparation of
/srv/tftp which already has its own section.

IMHO, that current section "Move TFTP Images Into Place" could use
some clarity as well.  What's the practical difference between
bootnetx64.efi and grubx64.efi, if/how secure boot is involved, why
you need to symlink certain files (and sometimes not?)...  But perhaps
someone else should do that, someone who actually understands that. :)

Before I really request the merge I'd like to test the things I put in
TODO-tags, I'm not quite sure anymore about them.

Kind regards
-Steven

#756862#30
Date:
2025-11-16 18:36:23 UTC
From:
To:
Hi,

Am 16. November 2025 16:45:55 MEZ schrieb Steven De Herdt <steven.deherdt@gmail.com>:

Looks good generally.
However, the chapter about "Adjusting Network-Manager's shared connections for TFTP boot" is irritating me.
I guess that method is for later use on the installed system? (NetworkManager is not available in the installer environment.)

Maybe that chapter (and/or its use case) could be clarified a bit?


Holger

#756862#35
Date:
2025-11-17 11:08:01 UTC
From:
To:
Steven De Herdt <steven.deherdt@gmail.com> writes:

Personally, I use the `di-netboot-assistant` package for maintaining the
images that I offer for TFTP booting. It allows one to configure things
once, and then trivially upgrade the images that are being offered (as
well as handling the added complexities, such as nonfree firmware,
signed images for secure boot, custom menu entries etc., if you
configure it to do so).

It's possible to upgrade images and have something that boots by running
a couple of obvious commands, which means that I've forgotten most of
the details since I first set it up a few releases ago -- it should
definitely be suggested as the preferred option before describing all the
manual steps IMO.

Cheers, Phil.

#756862#40
Date:
2025-11-17 21:11:24 UTC
From:
To:
Hi,

Philip Hands <phil@hands.com> wrote (Mon, 17 Nov 2025 12:08:01 +0100):

I'm not sure, maybe this is for advanced experience/developer level and
not for the common user?
So probably not mention that as the preferred-for-all solution?


Holger

#756862#45
Date:
2025-11-18 07:27:36 UTC
From:
To:
Holger Wansing <hwansing@mailbox.org> writes:

I don't think so.

Firstly, setting up PXE booting at all is hardly for the common user,
but if you're going to do it at all, you have the choice of doing all
the setup steps by hand ... and if you get any of them wrong, it just
doesn't work, often in a way that tells you very little about why not
until you get a packet sniffer out to see what is and isn't happening,
which requires one to know what is happening at quite a low level.

I used to do it that way about 20 years ago, and have lost most of the
details to the mists of time -- I'm not sad.

Alternatively, one can install di-netboot-assistant, and look at the
README, which includes:

=-=-=-=
QuickStart
----------
    1. Install the 'di-netboot-assistant' package and a TFTP
       server, for example 'dnsmasq' configured with
       'enable-tftp' [2].
    2. Run 'di-netboot-assistant install stable' or similar.
       'di-netboot-assistant install' returns a list of netboot images
       available for download and installation.
    3. Configure a DHCP server, as explained in [1]. For further
       information, read the 'architecture specific notes' below and
       the example configuration samples [2].

    For a more detailed example consult the 'README.installbox'.
=-=-=-=

You end up running something like:

  di-netboot-assistant install stable

to put everything in the right place, then:

  di-netboot-assistant fw-toggle stable

to include the nonfree firmware, and if you reconfigure things, one of:

  di-netboot-assistant rebuild-grub
or
  di-netboot-assistant rebuild-menu

ISTR that I also had to add a symlink or two from the top level tftpboot
dir into the ./d-i/n-a/ dir, but that's possibly a symptom of the fact
that I migrated from an existing setup rather than starting from
di-netboot-assistant from the start. If that is something that's always
needed then I guess that's a bug in di-netboot-assistant, which can be
reported and fixed and then newbies will not have to worry about that
bit either.

I installed this years before I tried a secure or UEFI network boot, and
di-n-a obviously grew support of that while I wasn't paying attention, so
IIRC all I had to do to get a machine to boot with that was one of the
rebuild steps, which then must have sorted out the signed EFI binaries
for me (which I only know anything about from the package's changelog)

It seems unkind to beginners to not tell them about the easy option.

If there's an easier option than di-netboot-assistant then I'd love to
hear about it, but I'm pretty sure it's not doing it yourself by hand.

Cheers, Phil.