WDS UEFI / BIOS DHCP Options

To get the WDS server to support deploying to UEFI hardware you need to set a different filnema in DHCP options.

This is the config I ended up with in my ISC DHCP subnet :

subnet 10.0.0.0 netmask 255.255.255.0 {

# Foreman Provisioning for Linux
#next-server 10.0.0.11;
#filename "/pxelinux.0";

# WDS for BIOS
#next-server 10.0.0.12;
#filename "boot\\x64\\wdsnbp.com";

# WDS for UEFI
next-server 10.0.0.13;
filename "boot\\x64\\wdsmgfw.efi";

This way I can easily switch between the deployment type i need by commenting out the two others.

NOTE: This is only a section of the subnet config regarding WDS, there are other options and settings that need to be configured in the subnet clause for the DHCP Server to function

NOTE: It is possible to create DHCP policies that will detect if the dhcp client is UEFI or Legacy BIOS system and then PXE boot to the correct environment based on that, but that still does not give me the freedom to select Foreman provisioning as above.

More information about how to do that here:
http://www.itfaq.dk/2016/07/27/use-dhcp-to-detect-uefi-or-legacy-bios-system-and-pxe-boot-to-sccm/

How to disable Teredo tunneling in Windows

I will post this for my own use, but I take no credit for this as I found it on the blog of Thorsten Rhau.
How to disable Teredo tunneling and thereby killing outgoing connections on UDP port 3544
Start cmd as admin and run the following:
netsh

interface

teredo

set state disabled

bye

 

Make isc-dhcp-server PXE boot into WDS

The normal Linux way for DHCP to give direction for PXE boot is :

next-server 10.10.10.10;
filename "/pxelinux.0";

However WDS takes a different approach as it does not have a pxelinux.0 file.
Instead it presents a program called wdsnbp.com.
Easy fix, we just replace the lines above with:

next-server 10.10.10.12;
filename "boot\\x64\\wdsnbp.com";

Remember to restart the service :

/etc/init.d/isc-dhcp-server restart

UPDATE: Also have a look at this post to add support for UEFI:
http://tomas.solamail.no/2019/03/20/wds-uefi-bios-dhcp-options/

fdisk – force start sector 63

When you try to create a partition on newer distributions you get “out of range” error message when trying to create a new partition starting at sector 63 :

First sector (2048-2930277167, default 2048): 63

Value out of range.
To force the use of the now deprecated “dos style” :
fdisk -c=dos /dev/sda

Steam – Ubuntu 16 Fix

Try this if Steam won’t start on Ubuntu 16. Will probably be fixed in future releases.

cd $HOME/.steam/ubuntu12_32/steam-runtime/i386/usr/lib/i386-linux-gnu
mv libstdc++.so.6 libstdc++.so.6.bak
cd $HOME/.steam/ubuntu12_32/steam-runtime/amd64/usr/lib/x86_64-linux-gnu
mv libstdc++.so.6 libstdc++.so.6.bak

Foreman Provisioning – TFTP not working

Problem:
When enabling the provisioning in Foreman it will not work because the TFTP config is invalid for IPv4.

Solution:
Change the TFTP_ADDRESS option in /etc/default/tftp-hpa from:

"[::]:69"

to

"0.0.0.0:69"

and restart the TFTP service.
Now it works on IPv4, but not for IPv6.

 

Puppet Server – Hosts with no reports

Foreman missing report fix for internal Foreman Puppet Server AIO

PROBLEM:
The dashboard is showing “Hosts with no reports” message.

CAUSE:
This is related to the fact that JVM no longer supprots DH prime lenght that mod_ssl is using.
Ref: https://tickets.puppetlabs.com/browse/SERVER-17

VERIFY:
Check the following log file with command:
/var/log/puppetlabs/puppetserver/puppetserver.log | grep report
See if you find error messages like this one:

 2016-11-13 20:37:46,687 ERROR [qtp1671969010-68] [puppetserver] Puppet Report processor failed: Could not send report to Foreman at https://master.solamail.no/api/config_reports: Could not generate DH keypair

SOLUTION:

Open /etc/apache2/sites-enabled/05-foreman-ssl.conf

Add the following line:

SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW

after the SSL section of the file and then restart Apache.

Done !