User provided dnsmasq dhcp-boot entries are overridden by /undionly.kpxe

As an operator, I may wish to provide DHCP boot options for hosts not managed by bifrost using the bifrost dnsmasq server.

If a dhcp-boot configuration option is provided to dnsmasq via a file in /etc/dnsmasq.d/, and the server is not booted via iPXE, it will be overridden by the following option added by bifrost in /etc/dnsmasq.conf:

dhcp-boot=tag:!ipxe,/undionly.kpxe

Steps to reproduce:

- Add an additional configuration file /etc/dnsmasq.d/extra.conf with the following contents (modified to suit your environment):

dhcp-match=set:mytag,<match option>
dhcp-boot=tag:mytag,<boot entry>

- Restart dnsmasq e.g. systemctl restart dnsmasq

- Power on the server being booted.

Expected results:

The server receives a DHCP offer containing the configured boot options.

Actual results:

The server receives a DHCP offer containing /undionly.kpxe

Analysis:

This occurs because the negated tag match !ipxe used in the /undionly.kpxe dhcp-boot entry will match all hosts not using iPXE. The dhcp-boot entries are processed in order and the last matching entry wins. Since the config-dir option appears before the dhcp-boot options, user-provided options are processed first and are therefore overridden.

Proposed solution:

The solution here is fairly simple - use a positive match for the ipxe tag:

dhcp-boot=tag:ipxe,http://host:port/boot.ipxe
dhcp-boot=/undionly.kpxe

An entry with a tag will always win over the entry without a tag specified, so it is now possible to add a rule to override undionly.kpxe.