Craig Sanders via luv-main writes:
On Sat, Feb 06, 2016 at 12:36:02AM +0000, James Harper wrote:
Any suggestions?
you seem to have solved your original question, but my suggestion is to serve gpxelinux.0 or ipxe to the client, then you can use http rather than tftp to transfer kernel+initrd or boot/rescue image or whatever.
http is faster and IMO more reliable.
I tested this recently. TFTP is not significantly slower *iff* the PXE client supports large block sizes. (dnsmasq 2.52-1ubuntu0.1 vs. untuned apache 2.2.14-5ubuntu8.15). dnsmasq will negotiate large blocks by default (--tftp-no-blocksize) pxelinux will negotiate large blocks by default. curl will NOT negotiate large blocks by default (--tftp-blksize). pxe-kexec doesn't support large blocks at all. SIGH. Intel PXE ROM I'm not sure about, because I couldn't read the source, and it only loads pxelinux.0 here, which isn't big enough to measure. (I didn't bother to tcpdump.) If you already have an httpd set up (and secured), it's certainly more CONVENIENT to just use that. Of course, you still have to load the gPXE/iPXE payload somehow. :-) OTOH if you're already using dnsmasq as DHCP server & DNS proxy, turning on its TFTP server is a no-brainer. Recommend --tftp-secure, which makes dnsmasq even more picky. If you run a generic tftp server like tftpd-hpa, be sure to turn off write access &c! Otherwise your users will start uploading pwned payloads.
BTW, an alias (and Allow/Deny access control directives) in your web server to serve, e.g., /var/tftp/ as /tftp/ is useful.
The usual place is /srv/tftp these days.