- Package:
- installation-guide
- Source:
- installation-guide
- Submitter:
- Holger Wansing
- Date:
- 2025-11-18 07:29:01 UTC
- Severity:
- wishlist
Forwarded to BTS, so that it does not get lost.
Holger
Date: Mon, 15 Jul 2013 19:53:07 +0900
From: Charles Plessy <plessy@debian.org>
To: debian-boot@lists.debian.org
Subject: Feature dnsmasq as TFTP server in the installation guide ?
Hello everybody,
today I installed debian via TFTP on a network where I was already running
dnsmasq, and it had never been so simple:
# cat <<__END__ > /etc/dnsmasq.d/tftp
enable-tftp
tftp-root=/var/tftp
__END__
# /etc/init.d/dnsmasq restart
# mkdir /var/tftp ; cd /var/tftp
# wget http://http.us.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/gtk/netboot.tar.gz
# tar xvfz netboot.tar.gz
According to the Debian wiki, only the following other items need to be configured.
interface=eth1
domain=yourdomain.com
dhcp-range=192.168.0.3,192.168.0.253,255.255.255.0,1h
dhcp-boot=pxelinux.0,pxeserver,192.168.0.2
pxe-service=x86PC, "Install Linux", pxelinux
https://wiki.debian.org/PXEBootInstall#Another_Way_-_use_Dnsmasq
Nevertheless, it looks like pxe-service is not strictly necessary.
I wonder if it would be worth mentioning dnsmasq proeminently it in the
Installation Guide. It is a much easier setup than isc-dhcp-server or BOOTP
(is that still needed ?)
Have a nice day,
Hello I don't quite know how the situation was 12 years ago, but since isc-dhcp-server is now abandoned upstream: certainly worth it. Moreover, if you use network-manager and plan to install using a shared connection, with the built-in dnsmasq, it's as easy as dropping these lines in /etc/NetworkManager/dnsmasq-shared.d/: dhcp-boot=debian-installer/amd64/bootnetx64.efi enable-tftp tftp-root=/var/tftp/ ... the simplicity of which is hard to beat. I'll try to prepare a merge request in Salsa with this. Greetings -Steven
Hi Steven, Am 15. November 2025 17:47:26 MEZ schrieb Steven De Herdt <steven.deherdt@gmail.com>: Yes, a patch or a merge request would be great. Thanks Holger
Hi, Am 15. November 2025 18:42:42 MEZ schrieb Holger Wansing <hwansing@mailbox.org>: I looked into this, and would like to come up with a proposal. Most of the text was stolen from https://wiki.debian.org/DebianInstaller/NetbootPXE I left Steven's NetworkManager-based three-liner from above beside, but took the config from the wiki page, to have an example, that works for everyone (hopefully). I could think of something like this (it could be added as a new chapter 4.5.1 in https://d-i.debian.org/manual/en.amd64/ch04s05.html, replacing the note we have now in 4.5): ========snip======= / Note: / | In the past, we recommended to use tftpd-hpa. It's written by the same author | as the syslinux bootloader and is therefore least likely to cause issues. | Another good alternative is atftpd. | Documentation for these traditional packages is still available below. | | These days however, it turns out, that **dnsmasq** is a good and easy to configure | solution, uniting all the needed functionality in one server. \ \ end of note 4.5.1 Setting up dnsmasq as all-in-one solution for DHCP + TFTP Following is an example for /etc/dnsmasq.conf providing the same functionality as the method of installing and configuring of isc-dhcp-server and tftpd-hpa described below:----------------------------------------------------------------- interface=eth1 domain=yourdomain.com dhcp-range=192.168.0.3,192.168.0.253,255.255.255.0,1h dhcp-boot=pxelinux.0,pxeserver,192.168.0.2 enable-tftp tftp-root=/srv/tftp pxe-service=x86PC, "PXELINUX (BIOS)", "pxelinux.0" pxe-service=X86-64_EFI,"PXE (UEFI)","grubx64.efi" # other UEFI type identifier, see RFC4578 section-2.1 pxe-service=2, "PXELINUX (0002-EFI)", "grubx64.efi" pxe-service=6, "PXELINUX (0006-EFI)", "grubx64.efi" pxe-service=7, "PXELINUX (0007-EFI)", "grubx64.efi" pxe-service=8, "PXELINUX (0008-EFI)", "grubx64.efi" pxe-service=9, "PXELINUX (0009-EFI)", "grubx64.efi" ----------------------------------------------------------------- Download the netboot.tar.gz and extract it in the /srv/tftp (for trixie in this example):----------------------------------------------------------------- cd /srv/ mkdir tftp cd /srv/tftp wget http://ftp.debian.org/debian/dists/trixie/main/installer-amd64/current/images/netboot/netboot.tar.gz tar -xzvf netboot.tar.gz rm netboot.tar.gz ln -s debian-installer/amd64/grubx64.efi . ln -s debian-installer/amd64/grub . ----------------------------------------------------------------- Then restart dnsmasq : systemctl restart dnsmasq and you should be able to start performing the installation. ========snap======= Holger
Hi Holger I had already started writing, and I've now committed this first attempt to https://salsa.debian.org/stdh/installation-guide. I'll integrate your proposal there, minus perhaps the preparation of /srv/tftp which already has its own section. IMHO, that current section "Move TFTP Images Into Place" could use some clarity as well. What's the practical difference between bootnetx64.efi and grubx64.efi, if/how secure boot is involved, why you need to symlink certain files (and sometimes not?)... But perhaps someone else should do that, someone who actually understands that. :) Before I really request the merge I'd like to test the things I put in TODO-tags, I'm not quite sure anymore about them. Kind regards -Steven
Hi, Am 16. November 2025 16:45:55 MEZ schrieb Steven De Herdt <steven.deherdt@gmail.com>: Looks good generally. However, the chapter about "Adjusting Network-Manager's shared connections for TFTP boot" is irritating me. I guess that method is for later use on the installed system? (NetworkManager is not available in the installer environment.) Maybe that chapter (and/or its use case) could be clarified a bit? Holger
Steven De Herdt <steven.deherdt@gmail.com> writes: Personally, I use the `di-netboot-assistant` package for maintaining the images that I offer for TFTP booting. It allows one to configure things once, and then trivially upgrade the images that are being offered (as well as handling the added complexities, such as nonfree firmware, signed images for secure boot, custom menu entries etc., if you configure it to do so). It's possible to upgrade images and have something that boots by running a couple of obvious commands, which means that I've forgotten most of the details since I first set it up a few releases ago -- it should definitely be suggested as the preferred option before describing all the manual steps IMO. Cheers, Phil.
Hi, Philip Hands <phil@hands.com> wrote (Mon, 17 Nov 2025 12:08:01 +0100): I'm not sure, maybe this is for advanced experience/developer level and not for the common user? So probably not mention that as the preferred-for-all solution? Holger
Holger Wansing <hwansing@mailbox.org> writes:
I don't think so.
Firstly, setting up PXE booting at all is hardly for the common user,
but if you're going to do it at all, you have the choice of doing all
the setup steps by hand ... and if you get any of them wrong, it just
doesn't work, often in a way that tells you very little about why not
until you get a packet sniffer out to see what is and isn't happening,
which requires one to know what is happening at quite a low level.
I used to do it that way about 20 years ago, and have lost most of the
details to the mists of time -- I'm not sad.
Alternatively, one can install di-netboot-assistant, and look at the
README, which includes:
=-=-=-=
QuickStart
----------
1. Install the 'di-netboot-assistant' package and a TFTP
server, for example 'dnsmasq' configured with
'enable-tftp' [2].
2. Run 'di-netboot-assistant install stable' or similar.
'di-netboot-assistant install' returns a list of netboot images
available for download and installation.
3. Configure a DHCP server, as explained in [1]. For further
information, read the 'architecture specific notes' below and
the example configuration samples [2].
For a more detailed example consult the 'README.installbox'.
=-=-=-=
You end up running something like:
di-netboot-assistant install stable
to put everything in the right place, then:
di-netboot-assistant fw-toggle stable
to include the nonfree firmware, and if you reconfigure things, one of:
di-netboot-assistant rebuild-grub
or
di-netboot-assistant rebuild-menu
ISTR that I also had to add a symlink or two from the top level tftpboot
dir into the ./d-i/n-a/ dir, but that's possibly a symptom of the fact
that I migrated from an existing setup rather than starting from
di-netboot-assistant from the start. If that is something that's always
needed then I guess that's a bug in di-netboot-assistant, which can be
reported and fixed and then newbies will not have to worry about that
bit either.
I installed this years before I tried a secure or UEFI network boot, and
di-n-a obviously grew support of that while I wasn't paying attention, so
IIRC all I had to do to get a machine to boot with that was one of the
rebuild steps, which then must have sorted out the signed EFI binaries
for me (which I only know anything about from the package's changelog)
It seems unkind to beginners to not tell them about the easy option.
If there's an easier option than di-netboot-assistant then I'd love to
hear about it, but I'm pretty sure it's not doing it yourself by hand.
Cheers, Phil.