星期三, 3月 23, 2016

CentOS 7 PXE server for legacy and UEFI BIOS client

Basic Requirement



disable selinux (/etc/selinux/config) and reboot
# service firewalld stop ; chkconfig firewalld off
# yum install dhcp tftp tftp-server syslinux vsftpd xinetd

--- For Ubuntu ---
#sudo apt-get install tftp-hpa isc-dhcp-server vsftpd

# cp -a /mnt/CentOS-DVD/* /var/ftp/pub
# mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfg
# mkdir -p /var/lib/tftpboot/pxelinux/centos7
# mkdir -p /var/lib/tftpboot/uefi
# cp /var/ftp/pub/images/pxeboot/vmlinuz /var/ftp/pub/images/pxeboot/initrd.img /var/lib/tftpboot/centos7/
# cp /var/ftp/pub/images/pxeboot/vmlinuz /var/ftp/pub/images/pxeboot/initrd.img /var/lib/tftpboot/uefi
# cp /var/ftp/pub/EFI/BOOT/grubx64.efi /var/lib/tftpboot/pxelinux/BOOTX64.EFI
# cp /var/ftp/pub/EFI/BOOT/grub.cfg /var/lib/tftpboot/pxelinux/
# chmod -R 777 /var/lib/tftpboot

PXE environment configuration files


  • file tree under /var/lib/tftp

/var/lib/tftpboot/
/var/lib/tftpboot/pxelinux
/var/lib/tftpboot/pxelinux/centos7
/var/lib/tftpboot/pxelinux/centos7/vmlinuz
/var/lib/tftpboot/pxelinux/centos7/initrd.img
/var/lib/tftpboot/pxelinux/pxelinux.cfg
/var/lib/tftpboot/pxelinux/pxelinux.cfg/default
/var/lib/tftpboot/pxelinux/pxelinux.cfg/efidefault  -> should be able to skip this file
/var/lib/tftpboot/pxelinux/msgs
/var/lib/tftpboot/pxelinux/msgs/boot.msg
/var/lib/tftpboot/pxelinux/pxelinux.0
/var/lib/tftpboot/pxelinux/fonts
/var/lib/tftpboot/pxelinux/fonts/TRANS.TBL
/var/lib/tftpboot/pxelinux/fonts/unicode.pf2
/var/lib/tftpboot/pxelinux/tmp
/var/lib/tftpboot/pxelinux/tmp/grub.cfg
/var/lib/tftpboot/pxelinux/tmp/grubx64.efi
/var/lib/tftpboot/pxelinux/tmp/MokManager.efi
/var/lib/tftpboot/pxelinux/tmp/TRANS.TBL
/var/lib/tftpboot/pxelinux/BOOTX64.EFI
/var/lib/tftpboot/pxelinux/grub.cfg
/var/lib/tftpboot/uefi
/var/lib/tftpboot/uefi/vmlinuz
/var/lib/tftpboot/uefi/initrd.img



  • /var/lib/tftpboot/pxelinux/pxelinux.cfg/default

default 0
timeout 2000
F1 msgs/boot.msg
F2 msgs/expert.msg
prompt 1
display msgs/boot.msg
        label 0
localboot 1
        label 1
kernel centos7/vmlinuz
append initrd=centos7/initrd.img ramdisk_size=65536 inst.repo=ftp://192.168.1.1/pub  ks=ftp://192.168.1.1/pub/ks.cfg


  • /var/lib/tftpboot/pxelinux/pxelinux.cfg/efidefault

#debug --graphics
default=0
#splashimage=/EFI/BOOT/splash.xpm.gz
timeout 5000
#hiddenmenu
title UEFI CentOS 7 Installation
        root (nd)
        kernel /centos7/vmlinuz
        initrd /centos7/initrd.img ramdisk_size=65536 inst.repo=ftp://192.168.1.1/pub  ks=ftp://192.168.1.1/pub/ks.cfg


  • /var/lib/tftpboot/pxelinux/msgs/boot.msg

1. Install Cent OS 7


  • /var/ftp/pub/EFI/BOOT/grub.cfg
*** modify the bottom of config, and left only this "menuentry".

menuentry 'Install CentOS 7' --class fedora --class gnu-linux --class gnu --class os {
        linuxefi /uefi/vmlinuz ip=dhcp inst.repo=ftp://192.168.1.1/pub  ks=ftp://192.168.1.1/pub/ks.cfg
        initrdefi /uefi/initrd.img


  • /var/ftp/pub/ks.cfg  (add this kickstart file manually)
openssl passwd -1 "000000" (run this command to have encryped root password)

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use NFS installation media
url --url="ftp://192.168.1.1/pub/"
# Root password (change the value to the value above)
rootpw --iscrypted $1$JagGKmgC$Mi3cHtb2cIm62SOtbHvxA1
# System authorization information
auth  useshadow  passalgo=sha512
# Use graphical install
graphical
firstboot disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux disabled
# Installation logging level
logging level=info
# System timezone
timezone Europe/Amsterdam
# System bootloader configuration
bootloader location=mbr
clearpart --all --initlabel
part swap --asprimary --fstype="swap" --size=1024
part /boot --fstype xfs --size=200
part pv.01 --size=1 --grow
volgroup rootvg01 pv.01
logvol / --fstype xfs --name=lv01 --vgname=rootvg01 --size=1 --grow
%packages
@core
wget
net-tools
%end
%post
%end


Server settings


  • xinetd + tftp server
    • /etc/xinetd.d/tftp

service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /var/lib/tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}


  • dhcp server
    • /etc/dhcpd/dhcpd.conf

option arch code 93 = unsigned integer 16; # RFC4578
allow booting;
allow bootp;
subnet 192.168.1.0 netmask 255.255.255.0 {
    option routers 192.168.1.1;
    range 192.168.1.100 192.168.1.200;
    class "pxeclients" {
        match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
        next-server 192.168.1.1;

        if option arch = 00:07 {
            filename "pxelinux/BOOTX64.EFI";
            }
        else {
            filename "pxelinux/pxelinux.0";
        }

    }
}



  • vsftp server

no need to modify vsftpd config file

Service enablement

chkconfig tftp on
chkconfig xinetd on
chkconfig dhcpd on
chkconfig vsftpd on
service xinetd start
service tftp start
service dhcpd start
service vsftpd start