Fedora Network Install via PXE Boot

Blog, Linux

Fedora network install via PXE boot – Unix & Linux Stack Exchange

It is also possible to setup a Proxy DHCP service for PXE. Thus, the existing DHCP server does not need to be changed. A normal Linux system (e.g. a workstation) can then be used to host the preboot execution environment (PXE).

Following steps are necessary to setup a PXE for net-booting a Fedora network install image (assuming also a Fedora host):

Verify the Image

$ gpg --verify Fedora-Server-21-x86_64-CHECKSUM
$ sha256sum --check Fedora-Server-21-x86_64-CHECKSUM
Fedora-Server-netinst-x86_64-21.iso: OK

Mount the Image

mkdir /mnt/iso
mount -o loop Fedora-Server-netinst-x86_64-21.iso /mnt/iso

DHCP Setup

yum install dnsmasq tftp-server syslinux-tftpboot

The tftp-server package is just for creating the directory /var/lib/tftpboot, dnsmasq already has a tftp server integrated.

The config:

cat > /etc/dnsmasq.conf
interface=enp0s25
# and don't bind to 0.0.0.0
bind-interfaces
# extra logging
log-dhcp
dhcp-range=192.168.178.0,proxy
# first IP address is the one of the host
dhcp-boot=pxelinux.0,192.168.178.34,192.168.178.0
pxe-service=x86PC,"Automatic Network Boot",pxelinux
# Specify the IP address of another tftp server
enable-tftp
# default location of tftp-server on Fedora
tftp-root=/var/lib/tftpboot
# disable DNS
port=0

Start it:

systemctl start dnsmasq.service

Setup TFTP directory

Copy all needed files:

cp /mnt/iso/images/pxeboot/initrd.img /var/lib/tftpboot
cp /mnt/iso/images/pxeboot/vmlinuz /var/lib/tftpboot
cp /tftpboot/pxelinux.0 /var/lib/tftpboot
cp /tftpboot/vesamenu.c32 /var/lib/tftpboot
cp /tftpboot/ldlinux.c32 /var/lib/tftpboot
cp /tftpboot/libcom32.c32 /var/lib/tftpboot
cp /tftpboot/libutil.c32 /var/lib/tftpboot

Add config:

mkdir /var/lib/tftpboot/pxelinux.cfg
cat > /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
prompt 0
# disable timeout
timeout 0
#timeout 600

# if file is missing, this is ignored
display boot.msg

label linux
  menu label Install Fedora 21 Server x86-64
  kernel vmlinuz
  append initrd=initrd.img inst.stage2=http://workstation.example.org/

Setup HTTP Server

yum install nginx

Configure instance:

cat > /etc/nginx/conf.d/iso.conf
  server {
      listen       80 default_server;
      server_name  localhost;
      root         /mnt/iso ;
      include /etc/nginx/default.d/*.conf;
  }

Disable the default instance/move it to a different port:

--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -43,7 +43,7 @@ http {
     include /etc/nginx/conf.d/*.conf;

     server {
-        listen       80 default_server;
+        listen       8080 default_server;
         server_name  localhost;
         root         /usr/share/nginx/html;

start the server:

systemctl start nginx.service

The Fedora installer (dracut) basically just needs to get one file from that
http server:

LiveOS/squashfs.img

Configure Firewalld

firewall-cmd --add-service=http
firewall-cmd --add-service=dhcp
firewall-cmd --add-service=tftp
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=dhcp --permanent
firewall-cmd --add-service=tftp --permanent

Boot Clients

That’s it. Clients are know able to network boot via PXE and get the Fedora netinstall image.

Variations could be: Adding a kickstart file (and setting a timeout) for a fully automatic network install, configuring different PXE settings for different clients (based on the MAC address), etc.

Cleanup

The daemons can be stopped and the loopback image can be unmounted:

systemctl stop nginx.service
systemctl stop dnsmasq.service
umount /mnt/iso

Security Note

This method should only be executed in a trustful intranet because the netboot client gets its config and several images absolutely unsecured over TFTP and HTTP.

autoDCHP

Blog, Linux

Auto proxy configuration using DHCP

For more information, see Web Proxy Autodiscovery Protocol

Also look at Microsoft Technet

Some handy javascript functions

This file assumes the IP of the DHCP server as well as the proxy servers are 192.168.0.1

apt-get install apache2 dhcp3-server

Edit /etc/apache2/httpd.conf and add this line:

AddType application/x-ns-proxy-autoconfig .dat

Edit /etc/dhcp3/dhcpd.conf (as well as /etc/ltsp/dhcpd.conf) and add this line:

option custom-proxy-server code 252 = text;
option custom-proxy-server “http://192.168.0.1/wpad.dat”;

Create the proxy configuration file ( /var/www/wpad.dat ). The code is javascript and the
function you have to implement is FindProxyForURL. Example contents to follow:

function FindProxyForURL(url, host)
{

// Add hostname exceptions for sites you do not want to
// proxy e.g. internal servers

if(shExpMatch(url,”*.softco/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*.softco:*/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*micky/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*micky:*/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*pluto/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*pluto:*/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*goofy/*”)) { return “DIRECT”; }
if(shExpMatch(url,”*goofy:*/*”)) { return “DIRECT”; }

// End hostname exceptions

// If you want to allow a specific IP range to go direct, use the line
// below or remove it

if(isInNet(host, “10.0.0.0”, “255.0.0.0”)) { return “DIRECT”; }
if(isInNet(host, “192.168.0.0”, “255.255.0.0”)) { return “DIRECT”; }
if(isInNet(host, “172.16.0.0”, “255.240.0.0”)) { return “DIRECT”; }

// End network exceptions

// Always bypass for localhost – make sure these 3 lines remain
if (shExpMatch(host, “localhost*”) || shExpMatch(host, “127.0.0.1*”)) {
return “DIRECT”;
}

// The browser is on a specific network, so send it a specific proxy to use
// This is useful for multi-subnet networks with multiple CensorNet servers
// Remove if you do not need this

if(shExpMatch(url,”*.archive.ubuntu.com/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*.archive.ubuntu.com:*/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*.security.ubuntu.com/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*.security.ubuntu.com:*/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*download.virtualbox.org/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*download.virtualbox.org/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*ppa.launchpad.net/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*ppa.launchpad.net:*/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*dl.google.com/linux/*/deb/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*dl.google.com:*/linux/*/deb/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*packages.medibuntu.org/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*packages.medibuntu.org:*/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*www.scootersoftware.com/*”)) { return “PROXY 192.168.0.1:3142”; }
if(shExpMatch(url,”*www.scootersoftware.com:*/*”)) { return “PROXY 192.168.0.1:3142”; }

// Finally, if it isn’t to be bypassed and is not localhost, return
// the proxy IP and port to use

return “PROXY 192.168.0.1:3128”;
}