PXE (Network Boot) installation Server on CentOS/RHEL 7.x
The Preboot eXecution Environment (PXE, sometimes pronounced as pixie) specification describes a standardized client-server environment that boots a software assembly, retrieved from a network, on PXE-enabled clients. On the client side it requires only a PXE-capable network interface controller (NIC), and uses a small set of industry-standard network protocols such as DHCP and TFTP.
The concept behind the PXE originated in the early days of protocols like BOOTP/DHCP/TFTP, and as of 2015 it forms part of the Unified Extensible Firmware Interface (UEFI) standard. Given fast and reliable local area networks (LANs), PXE is the most frequent choice for operating system booting, installation and deployment.
Install required packages for PXE Setup
To install and Configure pxe server on centos 7.x we need the following packages.
[root@pxeserver ~]# yum install dhcp tftp tftp-server syslinux vsftpd xinetd
Configure DHCP Server for PXE
Install dhcp package then a sample configuration file of dhcp server is created at "/usr/share/doc/dhcp*/dhcpd.conf.example", though the configuration file of dhcp is at '/etc/dhcp/dhcpd.conf'.
Copy the following lines into the file '/etc/dhcp/dhcpd.conf', replace the ip subnet and other details as per your environment.
[root@pxeserver~]# vi /etc/dhcp/dhcpd.conf
# DHCP Server Configuration file.
ddns-update-style interim;
ignore client-updates;
authoritative;
allow booting;
allow bootp;
allow unknown-clients;
# internal subnet for my DHCP Server
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.21 192.168.2.151;
option domain-name-servers 192.168.2.11;
option domain-name "pxeserver.hackthesec.co.in";
option routers 192.168.2.11;
option broadcast-address 192.168.2.255;
default-lease-time 600;
max-lease-time 7200;
# IP of PXE Server
next-server 192.168.2.11;
filename "pxelinux.0";
}
Edit and Config tftp server (/etc/xinetd.d/tftp)
TFTP (Trivial File Transfer Protocol ) is used to transfer files from data server to its clients without any kind of authentication. In case of PXE server setup tftp is used for bootstrap loading. To config tftp server, edit its configuration file '/etc/xinetd.d/tftp', change the parameter ‘disable = yes' to 'disable = no' and leave the other parameters as it is.
[root@pxeserver ~]# vi /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
tftp root directory "/var/lib/tftpboot"
Run the following commands to copy required network boot files in '/var/lib/tftpboot/'
[root@pxeserver ~]# cp -v /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot
[root@pxeserver ~]# cp -v /usr/share/syslinux/menu.c32 /var/lib/tftpboot
[root@pxeserver ~]# cp -v /usr/share/syslinux/memdisk /var/lib/tftpboot
[root@pxeserver ~]# cp -v /usr/share/syslinux/mboot.c32 /var/lib/tftpboot
[root@pxeserver ~]# cp -v /usr/share/syslinux/chain.c32 /var/lib/tftpboot
[root@pxeserver ~]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@pxeserver ~]# mkdir /var/lib/tftpboot/networkboot
Mount CentOS 7.x ISO file and copy its contents to local ftp server
Run the following commands to mount iso file and copy its contents in ftp server’s directory '/var/ftp/pub'
[root@pxeserver ~]# mount -o loop CentOS-7-x86_64-DVD-1511.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@pxeserver ~]# cd /mnt/
[root@pxeserver mnt]# cp -av * /var/ftp/pub/
Copy Kernel file (vmlimz) and initrd file from mounted iso file to '/var/lib/tftpboot/networkboot/'
[root@pxeserver ~]# cp /mnt/images/pxeboot/vmlinuz /var/lib/tftpboot/networkboot/
[root@pxeserver ~]# cp /mnt/images/pxeboot/initrd.img /var/lib/tftpboot/networkboot/
Create kickStart & PXE menu file.
Before creating kickstart file, let's first create the root password in an encrypted string because we will using that encrypted password string in kickstart file
[root@pxeserver ~]# openssl passwd -1 Pxese@123#
$1$e2wrcGGw$tZOPMCSXVhNmbiGg66seGH
System default kickstart file is placed under /root/anaconda-ks.cfg. and we will be creating a new kickstart under the folder /var/ftp/pub with the name'centos7.cfg'
Copy the following content into the new kickstart file. Please modify the kickstart file as per your needs.
[root@pxeserver ~]# vi /var/ftp/pub/centos7.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use FTP installation media
url --url="ftp://192.168.2.11/pub/"
# Root password
rootpw --iscrypted $1$e2wrcGGX$tZPQKPsXVhNmbiGg53MN41
# System authorization information
auth useshadow passalgo=sha512
# Use graphical install
graphical
firstboot disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux disabled
# Installation logging level
logging level=info
# System timezone
timezone asia/kolkata
# System bootloader configuration
bootloader location=mbr
clearpart --all --initlabel
part swap --asprimary --fstype="swap" --size=1024
part /boot --fstype xfs --size=300
part pv.01 --size=1 --grow
volgroup root_vg01 pv.01
logvol / --fstype xfs --name=lv_01 --vgname=root_vg01 --size=1 --grow
%packages
@^minimal
@core
%end
%addon com_redhat_kdump --disable --reserve-mb='auto'
%end
Create a PXE menu file (/var/lib/tftpboot/pxelinux.cfg/default), copy the following contents into the pxe menu file.
[root@pxeserver ~]# vi /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
prompt 0
timeout 30
MENU TITLE Hack The Sec PXE Menu
LABEL centos7_x64
MENU LABEL CentOS 7_X64
KERNEL /networkboot/vmlinuz
APPEND initrd=/networkboot/initrd.img inst.repo=ftp://192.168.2.11/pub ks=ftp://192.168.2.11/pub/centos7.cfg
Start and enable xinetd, dhcp and vsftpd service.
Use the fllowing commands to start and enable xinetd, dhcp and vsftpd.
[root@pxeserver ~]# systemctl start xinetd
[root@pxeserver ~]# systemctl enable xinetd
[root@pxeserver ~]# systemctl start dhcpd.service
[root@pxeserver ~]# systemctl enable dhcpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.
[root@pxeserver ~]# systemctl start vsftpd
[root@pxeserver ~]# systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
If your SELinux is enabled, then set the following selinux rule for ftp server.
[root@pxeserver ~]# setsebool -P allow_ftpd_full_access 1
Open the ports in the OS firewall using following firewall-cmd commands
[root@pxeserver ~]# firewall-cmd --add-service=ftp --permanent
success
[root@pxeserver ~]# firewall-cmd --add-service=dhcp --permanent
success
[root@pxeserver ~]# firewall-cmd --add-port=69/tcp --permanent
success
[root@pxeserver ~]# firewall-cmd --add-port=69/udp --permanent
success
[root@pxeserver ~]# firewall-cmd --add-port=4011/udp --permanent
success
[root@pxeserver ~]# firewall-cmd --reload
success
Boot the clients with pxe boot option.
0 comments:
Post a Comment