2014년 10월 7일 화요일

RHEL/CentOS PXE Network Install Boot Using dnsmasq, darkhttpd, and vsftpd

  This is a followup to my previous post on PXE network install of RHEL/CentOS in which the installation files from the .iso are sent to clients over http from the PXE server. In this post, I will show how you can send installation files from the .iso over ftp instead of http.

Basically the method is the same as that described previously except that the vsftpd server will share a mounted iso to anonymous over ftp.

 Just like in the previous post, you will need to ensure that you have dnsmasq, darkhttpd, and syslinux installed. In addition you will need to install vsftpd.


Differences between PXE Install over http vs. ftp

1. Only one instance of darkhttpd is required
    When sending .iso installation files by http, we used two instances of darkhttpd -- one to share the PXE
    boot images from /usr/local/tftpboot/pxe on 192.168.10.100:80, and another to share
    the .iso installation files from /mnt/distroIso on 192.168.10.100:8080.

    In the ftp, method, however, we only need to run one instance of darkhttpd sharing
    /usr/local/tftpboot/pxe on 192.168.10.100:80

2. Share the mounted iso over ftp, not http
    We must edit /etc/vsftpd.conf such that the iso mount point will also be the directory used for
    anonymous login.


/etc/vsftpd.conf Settings

Make sure that the following entries are set in /etc/vsftpd.conf :

  1. anonymous_enable=YES
  2. no_anon_password=YES
  3. anon_root=/mnt/distroIso/ (you can customize this mountpoint as needed)
  4. dirmessage_enable=YES
  5. xferlog_enable=YES
  6. connect_from_port_20=YES
  7. listen=YES (listen on IPv4 sockets)


Sample PXE cfg file for network boot using ftp


Note that after repo= above, the protocol is ftp:// and the user is anonymous. Once the PXE menu appears on the server console and you press ENTER, the installer will give you an IP address for manually connecting to the installation instance using the command vncviewer 123.456.789:1

To make each installation client automatically reverse connect to a listening instance of vncviewer (vncviewer -listen), in the kernel parameters line after vnc add the statement vncconnect=192.168.XXX.XXX:5500 where the specified IP address corresponds to the machine on which vncviewer is running in listen mode (note that this address can be different from the IP address of your PXE server).

Steps

Note: Some of these steps will overlap with those from my previous PXE tutorial for http.

1. Install required packages
    a. dnsmasq (integrated dns, dhcp, and tftp server)

    b. darkhttpd (http server which we will use to serve up PXE boot images)

    c. syslinux (for boot images used in pxe)

    d. vsftpd (ftp server using ssh which we will use to serve up installation files from the .iso)

2. Disconnect router from Internet (active DHCP processes conflict with dhcpd/dnsmasq
    assigning IP's to PXE clients; Our PXE server machine will be connected to a
    router (preferably with DHCP turned off) or a simple hub and we will run our own DHCP server
    for assigning IP's to PXE clients)

3. Setup PXE
    a. copy all files from /usr/lib/syslinux/bios to a local directory
        that will be used as the tftp-root (for the purposes of this tutorial
        we will call this directory /usr/local/tftpboot/pxe Make sure this directory
        is writable by your regular user)

    b. create a mountpoint for the installation .iso - the mountpoint doesn't have to be
        located under the ../tftpboot directory as in the previous method. A common
        mountpoint would be something like /mnt/distroIso

    c. From the mounted RHEL/CentOS installation .iso, navigate to /images/pxeboot
        and copy the Linux kernel images vmlinuz and initrd.img to a sub-
        directory of /usr/local/tftpboot/pxe, something like
        /usr/local/tftpboot/pxe/images/centos7_64

    d. create a config file for the PXE server under /usr/local/tftpboot/pxe
        Try to make it something distro-specific, i.e. centos7_64_vnc_ftp.cfg

4. Edit dnsmasq.conf
    a. edit /etc/dnsmasq.conf (refer to the previous post on setting up dnsmasq.conf; note
        that dhcp-option-force=209,path/to/pxe_server_cfg_file should point to the PXE config file
        defined above in step 3d)

5. Start/Restart Services
    a. start dnsmasq as root: sudo systemctl start dnsmasq (systemd syntax)

    b. start darkhttpd as rootsudo darkhttpd /usr/local/tftpboot/pxe --no-keepalive
        (this will share the pxe images on port 80 of our wired IP address)

    c. start vsftpd: sudo systemctl start vsftpd
        (this will share the mounted iso on ftp port 20 from the PXE server's IP)

6. PXE Client setup
    a. Physical machine: enter BIOS and set network/PXE boot order to first place

    b. VM: Enable network booting in the VM Manager, change the network interface to
                bridge with wired interface (i.e. eth0 or enp1s0)

7. Installation


Postscript 2016-02-06
This old post only covers Legacy BIOS PXE netboot with dnsmasq. Please refer to a newer post from 2016 that explains how to setup dnsmasq for UEFI PXE netboot:

http://eatpeppershothot.blogspot.kr/2016/02/uefi-and-legacy-bios-pxe-netboot.html