refactor(pxe)!: combine dhcpd and tftpd to dnsmasq

docs/runbooks/dnsmasq.md

@@ -0,0 +1,10 @@
+# Dnsmasq
+
+## Overview
+Dnsmasq is used as either a DHCP server or DHCP proxy server for PXE metal provisioning. 
+
+Proxy mode is enabled by default allowing the use of existing DHCP servers on the network. A good description on how DHCP Proxy works can be found on the related [FOG project wiki page](https://wiki.fogproject.org/wiki/index.php?title=ProxyDHCP_with_dnsmasq)
+
+## Disabling Proxy Mode
+
+Certain scenarios will require this project to use a DHCP server, such as an air-gap deployment or dedicated VLAN. To disable proxy mode thereby using dnsmasq as a DHCP server, modify `metal/roles/pxe_server/defaults/main.yml` and set `dhcp_proxy` to `false`

docs/troubleshooting.md

@@ -13,8 +13,8 @@ To view PXE server (includes DHCP, TFTP and HTTP server) logs:
     You can view the logs of one or more containers selectively, for example:
 
     ```sh
-    ./scripts/pxe-logs dhcp
-    ./scripts/pxe-logs tftp http
+    ./scripts/pxe-logs dnsmasq
+    ./scripts/pxe-logs http
     ```
 
 ## Nodes not booting from the network

metal/roles/pxe_server/defaults/main.yml

@@ -1,3 +1,4 @@
 iso_url: "https://download.rockylinux.org/pub/rocky/8.6/isos/x86_64/Rocky-8.6-x86_64-minimal.iso"
 iso_checksum: "sha256:a9ece0e810275e881abfd66bb0e59ac05d567a5ec0bc2f108b9a3e90bef5bf94"
 timezone: Asia/Ho_Chi_Minh
+dhcp_proxy: true

metal/roles/pxe_server/files/dnsmasq/Dockerfile

@@ -0,0 +1,5 @@
+FROM alpine:3.11
+
+RUN apk --no-cache add dnsmasq
+
+ENTRYPOINT ["dnsmasq", "-k"]

metal/roles/pxe_server/files/docker-compose.yml

@@ -1,19 +1,17 @@
 version: "3"
 
 services:
-  dhcp:
-    build: ./dhcp
+  dnsmasq:
+    build: ./dnsmasq
     volumes:
-      - ./data/pxe-config/dhcpd.conf:/etc/dhcp/dhcpd.conf
+      - ./data/pxe-config/dnsmasq.conf:/etc/dnsmasq.conf
+      - ./data/pxe-config/grub.cfg:/tftp/grub.cfg
+      - ./data/os/EFI/BOOT/grubx64.efi:/tftp/grubx64.efi
+      - ./data/os/images/pxeboot/initrd.img:/tftp/initrd.img
+      - ./data/os/images/pxeboot/vmlinuz:/tftp/vmlinuz
     network_mode: host
-  tftp:
-    build: ./tftp
-    network_mode: host
-    volumes:
-      - ./data/pxe-config/grub.cfg:/var/lib/tftpboot/grub.cfg
-      - ./data/os/EFI/BOOT/grubx64.efi:/var/lib/tftpboot/grubx64.efi
-      - ./data/os/images/pxeboot/initrd.img:/var/lib/tftpboot/initrd.img
-      - ./data/os/images/pxeboot/vmlinuz:/var/lib/tftpboot/vmlinuz
+    cap_add:
+      - NET_ADMIN
   http:
     build: ./http
     network_mode: host

metal/roles/pxe_server/tasks/main.yml

@@ -11,10 +11,10 @@
     cmd: "xorriso -osirrox on -indev {{ iso.dest }} -extract / {{ role_path }}/files/data/os"
     creates: "{{ role_path }}/files/data/os/.treeinfo"
 
-- name: Generate DHCP config
+- name: Generate dnsmasq config
   ansible.builtin.template:
-    src: dhcpd.conf.j2
-    dest: "{{ role_path }}/files/data/pxe-config/dhcpd.conf"
+    src: dnsmasq.conf.j2
+    dest: "{{ role_path }}/files/data/pxe-config/dnsmasq.conf"
     mode: 0644
 
 - name: Generate GRUB config

metal/roles/pxe_server/templates/dnsmasq.conf.j2

@@ -0,0 +1,26 @@
+# Disable DNS Server.
+port=0
+{% if dhcp_proxy == true %}
+# We're DHCP proxying on the network of the homelab host
+dhcp-range={{ ansible_default_ipv4.address }},proxy
+pxe-service=X86-64_EFI, "Boot From Network, (UEFI)", grubx64.efi
+{% else %}
+# We're DHCP configuring on this range
+dhcp-range={{ ansible_default_ipv4.network | ansible.netcommon.ipmath(1) }},{{ ansible_default_ipv4.broadcast | ansible.netcommon.ipmath(-1) }},{{ ansible_default_ipv4.netmask }},12h
+dhcp-option=3,{{ ansible_default_ipv4.gateway }}
+
+# Match Arch Types efi x86 and x64
+dhcp-match=set:efi-x86_64,option:client-arch,7
+dhcp-match=set:efi-x86_64,option:client-arch,9
+
+# Set the Boot file based on the tag from above
+dhcp-boot=tag:efi-x86_64,grubx64.efi
+{% endif %}
+# Log DHCP queries to stdout
+log-queries
+log-dhcp
+log-facility=-
+
+# Enable TFTP server
+enable-tftp
+tftp-root=/tftp