Fedora network install via PXE boot

7,686

It is also possible to setup a Proxy DHCP service for PXE. Thus, the existing DHCP server does not need to be changed. A normal Linux system (e.g. a workstation) can then be used to host the preboot execution environment (PXE).

Following steps are necessary to setup a PXE for net-booting a Fedora network install image (assuming also a Fedora host):

Verify the Image

$ gpg --verify Fedora-Server-21-x86_64-CHECKSUM
$ sha256sum --check Fedora-Server-21-x86_64-CHECKSUM
Fedora-Server-netinst-x86_64-21.iso: OK

Mount the Image

mkdir /mnt/iso
mount -o loop Fedora-Server-netinst-x86_64-21.iso /mnt/iso

DHCP Setup

yum install dnsmasq tftp-server syslinux-tftpboot

The tftp-server package is just for creating the directory /var/lib/tftpboot, dnsmasq already has a tftp server integrated.

The config:

cat > /etc/dnsmasq.conf
interface=enp0s25
# and don't bind to 0.0.0.0
bind-interfaces
# extra logging
log-dhcp
dhcp-range=192.168.178.0,proxy
# first IP address is the one of the host
dhcp-boot=pxelinux.0,192.168.178.34,192.168.178.0
pxe-service=x86PC,"Automatic Network Boot",pxelinux
# Specify the IP address of another tftp server
enable-tftp
# default location of tftp-server on Fedora
tftp-root=/var/lib/tftpboot
# disable DNS
port=0

Start it:

systemctl start dnsmasq.service

Setup TFTP directory

Copy all needed files:

cp /mnt/iso/images/pxeboot/initrd.img /var/lib/tftpboot
cp /mnt/iso/images/pxeboot/vmlinuz /var/lib/tftpboot
cp /tftpboot/pxelinux.0 /var/lib/tftpboot
cp /tftpboot/vesamenu.c32 /var/lib/tftpboot
cp /tftpboot/ldlinux.c32 /var/lib/tftpboot
cp /tftpboot/libcom32.c32 /var/lib/tftpboot
cp /tftpboot/libutil.c32 /var/lib/tftpboot

Add config:

mkdir /var/lib/tftpboot/pxelinux.cfg
cat > /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
prompt 0
# disable timeout
timeout 0
#timeout 600

# if file is missing, this is ignored
display boot.msg

label linux
  menu label Install Fedora 21 Server x86-64
  kernel vmlinuz
  append initrd=initrd.img inst.stage2=http://workstation.example.org/

Setup HTTP Server

yum install nginx

Configure instance:

cat > /etc/nginx/conf.d/iso.conf
  server {
      listen       80 default_server;
      server_name  localhost;
      root         /mnt/iso ;
      include /etc/nginx/default.d/*.conf;
  }

Disable the default instance/move it to a different port:

--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -43,7 +43,7 @@ http {
     include /etc/nginx/conf.d/*.conf;

     server {
-        listen       80 default_server;
+        listen       8080 default_server;
         server_name  localhost;
         root         /usr/share/nginx/html;

start the server:

systemctl start nginx.service

The Fedora installer (dracut) basically just needs to get one file from that http server:

LiveOS/squashfs.img

Configure Firewalld

firewall-cmd --add-service=http
firewall-cmd --add-service=dhcp
firewall-cmd --add-service=tftp
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=dhcp --permanent
firewall-cmd --add-service=tftp --permanent

Boot Clients

That's it. Clients are know able to network boot via PXE and get the Fedora netinstall image.

Variations could be: Adding a kickstart file (and setting a timeout) for a fully automatic network install, configuring different PXE settings for different clients (based on the MAC address), etc.

Cleanup

The daemons can be stopped and the loopback image can be unmounted:

systemctl stop nginx.service
systemctl stop dnsmasq.service
umount /mnt/iso

Security Note

This method should only be executed in a trustful intranet because the netboot client gets its config and several images absolutely unsecured over TFTP and HTTP.

Share:
7,686

Related videos on Youtube

maxschlepzig
Author by

maxschlepzig

My name is Georg Sauthoff. 'Max Schlepzig' is just a silly old pseudonym (I am hesitant to change it because existing @-replies will not be updated) I studied computer science In my current line of work, I work on trading system software and thus care about low-latency

Updated on September 18, 2022

Comments

  • maxschlepzig
    maxschlepzig over 1 year

    How do I install Fedora over the network using PXE boot?

    Motivation: The BIOS of target system is simply not able to boot from USB mass storage devices. An alternative motivation is that booting over the network is just more convenient.

    Challenge: The LAN already has a DHCP server that can't be changed, i.e. one that does not support configuring PXE related options (it is part of a Fritz Box router).

    • pipereset
      pipereset almost 9 years
      I am wondering why you are adding permanent firewall rules, when you are not permanently enabling ngnix or dnsmasq.
    • maxschlepzig
      maxschlepzig almost 9 years
      @Sladjko, I added them such that I don't have to re-execute them when I need to PXE boot another install at some point in time when the host system was rebooted. I don't permanently enable nginx/dnsmasq because I don't need them all the time. Starting a PXE install is thus only two systemctl start commands away.
  • Sahil Chaudhary
    Sahil Chaudhary over 6 years
    nice clues but I'd suggest the readers to tale a look at official docs: docs-old.fedoraproject.org/en-US/Fedora/26/html/…
  • AkiRoss
    AkiRoss over 5 years
    Thanks for this answer, which is the most complete I read so far, but can you clarify the dnsmasq options and the value you used, please? For example, is 192.168.178.34 the address of the server? What about the proxy?
  • maxschlepzig
    maxschlepzig over 5 years
    @AkiRoss With this configuration dnsmasq acts as a dhcp proxy to another dhcp server. 192.168.178.34 is the address of the workstation running dnsmasq and the tftp server. 192.168.178.0 denotes the IP-range managed by the other dhcp server - in this case 192.168.178.*. Of course, you also have to adjust the interface name (i.e.enp0s25).
  • maxschlepzig
    maxschlepzig over 5 years
    @akostadinov The link you have provided doesn't even mention Proxy DHCP PXE.
  • AkiRoss
    AkiRoss over 5 years
    Thanks @maxschlepzig. I had a few problems with this, that I'm writing in the case it is useful to someone else. DHCP went ok, but then I got an error "PXE-E77: Bad or missing discovery server list", which was caused by the pxe-service option: after commenting it, the bootloader popped up. Sadly, I am now facing a kernel panic on boot, so I still have that to fix.