Setup Debian using PXE
Thu 20 August 2015 sysadmin / debian /
A PXE server
The main task of a PXE server is to facilitate the installation of a linux server over network with minimum hands on requirement. The main requirement of this system is a system that provides an IP address (via DHCP) and to allow a download of the linux boot image (tftp server).
Requirements:
You need a few things setup that I will not cover here, this setup will require
DHCP Server Web Server TFTP Server Patience
DHCP Server
In my case I am using the cisco firewall dhcp server
bootfile pxelinux.0
nextserver 192.168.1.237
In the configuration for the dhcp settings for the network
ip dhcp pool EXAMPLENET
network 192.168.1.0 255.255.255.0
bootfile pxelinux.0
next-server 192.168.1.237
domain-name example.com
dns-server 192.168.1.226
netbios-name-server 192.168.1.252
default-router 192.168.1.254
option 156 ascii "ftpservers=192.168.1.150, country=7, language=4"
lease 0 2
!
If you have to install a dhcp server on a linux machine then a similar setting would be :
apt-get install dhcp3-server
Once installed the server is configured in the file /etc/dhcp3/dhcpd.conf
option domain-name-servers 192.168.1.226;
default-lease-time 86400;
max-lease-time 604800;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.0 192.168.1.254;
filename "pxelinux.0";
next-server 192.168.1.237;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
}
next server in both examples is the tftp server IP address
TFTP Server
I have installed tftpd-hpa
/etc/default/tftp-hpa
RUN_DAEMON="yes"
OPTIONS="-l -s /data2/tftpboot"
Now create the root directory, if it is missing, and start the server:
# mkdir -p /data2/tftpboot
# /etc/init.d/tftpd-hpa start
within this directory I have created a number of directories
4 drwxrwxrwx 2 root root 4096 2014-02-20 16:25 cisco
0 drwxr-xr-x 2 root root 21 2010-11-19 16:17 config
0 drwxrwxrwx 7 root root 100 2015-06-01 10:03 debian
4 drwxrwxrwx 2 root root 4096 2010-09-27 11:40 esx
0 drwxr-xr-x 2 root root 25 2011-12-20 10:13 firewall
0 drwxr-xr-x 2 root root 37 2014-06-16 11:19 gparted
48 -rwxrwxrwx 1 root root 47404 2011-03-29 12:53 mboot.c32
0 drwxrwxrwx 3 root root 30 2010-04-29 11:09 memdisk
0 drwxrwxrwx 2 root root 20 2010-04-28 16:32 memtest
52 -rwxrwxrwx 1 root root 51020 2011-03-29 12:54 menu.c32
0 drwxr-xr-x 2 root root 83 2011-11-28 17:16 nbi_img
0 drwxrwxrwx 2 root root 59 2010-09-28 14:05 netinst
0 drwxrwxrwx 2 root root 52 2010-04-28 14:14 ntpasswd
4 drwxrwxrwx 11 root root 4096 2011-03-29 12:56 pxeknife
20 -rwxrwxrwx 1 root root 16794 2010-04-29 10:28 pxelinux.0
0 drwxrwxrwx 2 root root 148 2015-06-01 12:16 pxelinux.cfg
4 drwxrwxrwx 5 root root 4096 2012-01-11 11:59 trk
0 drwxrwxrwx 5 root root 45 2012-05-16 10:40 ubuntu
148 -rwxrwxrwx 1 root root 147996 2010-04-28 14:04 vesamenu.c32
0 drwxr-xr-x 2 root root 22 2011-02-10 15:49 win7
The important file here is the pxelinux.0 file this is the boot file declared in the dhcp server setting. all the other files and directories are related to configuration files used in each instance the ones I am interested at this moement is the debian folder.
Changing into the debian folder we can see I have split off the distributions I am interested in
0 drwxr-xr-x 3 root root 18 2015-06-01 10:07 jessie
0 drwxrwxrwx 3 root root 33 2010-10-07 16:22 lenny
0 drwxrwxrwx 4 root root 55 2012-02-27 16:11 squeeze
0 drwxr-xr-x 3 root root 54 2012-11-02 08:10 squeeze64
4 -rwxrwxrwx 1 root root 444 2011-09-13 12:18 squeeze_firmware.sh
0 drwxr-xr-x 3 root root 35 2014-03-04 15:33 wheezy
within each folder you can declare which cpu for each distribution but to be clear for the technicians I choose amd64
0 drwxr-xr-x 2 root root 93 2015-06-01 12:12 amd64
and within this directory I have boot files for jessie
rw-r--r-- 1 root root 435712 2015-04-23 00:11 bootnetx64.efi
-rw-r--r-- 1 root root 34972784 2015-06-01 12:12 initrd.gz
-rw-r--r-- 1 root root 15114098 2015-04-23 00:11 initrd.gz.orig
-rw-r--r-- 1 root root 3112560 2015-04-23 00:21 linux
-rw-r--r-- 1 root root 42955 2015-04-23 00:17 pxelinux.0
I have a special compiled version of initrd.gz to allow non-free fireware to beinstalled at boot this is becasue of problems with network drivers and new versions of debian removeing them to non-free not going to cover that here.
chainging back to the main directory /data2/tftpboot we have a menu config for the pxe server
/data2/tftpboot/pxelinux.cfg
within this directory is the menuconfig file called default ;0
MENU TITLE EXAMPLE.COM PXE Server
MENU BACKGROUND pxelinux.cfg/bsd.png
menu width 80
menu rows 14
menu color border 30;44 #ffffffff #00000000 std
DEFAULT vesamenu.c32
PROMPT 0
MENU INCLUDE pxelinux.cfg/pxe.conf
NOESCAPE 1
TIMEOUT 300
ONTIMEOUT localboot
MENU AUTOBOOT Normal booting will start in # seconds
LABEL localboot
MENU LABEL ^1. Boot from local Hard Disk
LOCALBOOT 0
LABEL jessie-amd64_install
MENU LABEL ^9. Install jessie amd64
kernel debian/jessie/amd64/linux
append DEBCONF_DEBUG=5 vga=normal initrd=debian/jessie/amd64/initrd.gz debian-installer/locale=en_US console-keymaps-at/keymap=us hostname=install domain=example.com netcfg/dhcp_timeout=60 preseed/url=http://apache.server/jessie-preseed.cfg netcfg/choose_interface=eth0 --
timeout 1000
Next is the preseed file
Apache config
we need a presseed file for configureing the debian installer
d-i debian-installer/locale string en_US
d-i console-tools/archs select at
# The values can also be preseeded individually for greater flexibility.
d-i debian-installer/language string en
d-i debian-installer/country string NL
d-i debian-installer/locale string en_US.UTF-8
# Optionally specify additional locales to be generated.
d-i localechooser/supported-locales multiselect en_US.UTF-8, nl_NL.UTF-8
# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
d-i keyboard-configuration/toggle select No toggling
# Static network configuration.
d-i netcfg/get_nameservers string 192.168.1.253
d-i netcfg/get_ipaddress string 192.168.1.190
d-i netcfg/get_netmask string 255.255.255.0
d-i netcfg/get_gateway string 192.168.1.1
d-i netcfg/confirm_static boolean true
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string argoss.nl
d-i netcfg/wireless_wep string
d-i netcfg/dhcp_hostname string install
d-i hw-detect/load_firmware boolean true
### Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string ftp.nl.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
# Suite to install.
d-i mirror/suite string jessie
### Clock and time zone setup
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
d-i time/zone string Europe/Amsterdam
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
d-i clock-setup/ntp-server string ntp.example.nl
### Partitioning
d-i partman-auto/method string regular
d-i partman-auto/expert_recipe string \
boot-root :: \
1 1 1 free method{ biosgrub } . \
1000 1000 1000 ext2 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext3 } \
mountpoint{ /boot } \
. \
1000 1000 1000 ext2 \
$primary{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext3 } \
mountpoint{ / } \
. \
25000 25000 25000 ext2 \
$primary{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext3 } \
mountpoint{ /usr } \
. \
30000 30000 30000 ext2 \
$logical{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext3 } \
mountpoint{ /var } \
. \
4096 4096 4096 linux-swap \
method{ swap } format{ } \
. \
500 500 500 ext2 \
$logical{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext2 } \
mountpoint{ /tmp } \
. \
5000 5000 5000 ext2 \
$logical{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext2 } \
mountpoint{ /var/log } \
. \
20000 1000 20000 xfs \
$logical{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ xfs } \
mountpoint{ /home } \
. \
1000 2000 100% xfs \
$logical{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ xfs } \
mountpoint{ /data } \
. \
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Account setup
d-i passwd/root-login boolean true
### User setup
d-i passwd/make-user boolean true
d-i passwd/user-fullname string ansible
d-i passwd/username string ansible
d-i passwd/user-password-crypted password <encrypted passord>
d-i user-setup/password-weak boolean true
d-i user-setup/allow-password-weak boolean true
d-i passwd/user-uid string 1001
d-i passwd/user-default-groups string ssh
# Root password, either in clear text
d-i passwd/root-password-crypted password <encrypted passord>
# To create a normal user account.
d-i passwd/user-fullname string Install User
d-i passwd/username string install
# Normal user's password, either in clear text
d-i passwd/user-password-crypted password <encrypted passord>
# Create the first user with the specified UID instead of the default.
d-i passwd/user-uid string 1000
### Apt setup
# You can choose to install non-free and contrib software.
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
### Package selection
tasksel tasksel/first multiselect Standard system
# Individual additional packages to install
d-i pkgsel/include string openssh-server firmware-bnx2 build-essential ntp sysv-rc-conf tcpdump subversion cvs vim postfix postgrey bacula-client vnc4server logwatch autofs libpam-ccreds librdmacm-dev docker vagrant snmp snmpd snmp-mibs-downloader
openssh-server openssh-server/permit-root-login boolean true
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select safe-upgrade
popularity-contest popularity-contest/participate boolean false
### Boot loader installation
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# This will prevent the installer from ejecting the CD during the reboot,
# which is useful in some situations.
d-i cdrom-detect/eject boolean false
### Preseeding other packages
#postfix
d-i postfix/main_mailer_type select Internet with smarthost
d-i postfix/mailname string install.example.nl
d-i postfix/relayhost string mail.example.nl
#ldap
d-i ldap-auth-config/rootbinddn string cn=admin,dc=example,dc=nl
d-i ldap-auth-config/ldapns/ldap-server string ldap://192.168.1.238
d-i ldap-auth-config/ldapns/base-dn string dc=example,dc=nl
d-i ldap-auth-config/ldapns/ldap_version select 3
d-i ldap-auth-config/dblogin boolean false
d-i ldap-auth-config/bindpw <rootpassword>
d-i ldap-auth-config/rootbindpw <rootpassword>
d-i ldap-auth-config/dbrootlogin boolean true
d-i ldap-auth-config/rootbinddn string cn=admin,dc=example,dc=nl
d-i preseed/late_command string mkdir /target/root/.ssh; chmod 700 /target/root/.ssh; echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtIkCGCyqf8UIsiWOagXqsoOVlyV0vMoo0HsaUb1rNv5hdM26Cr9U0eqolXsfcte7sBFlTsTOLH1rm0L6vM4n2k5s50hBAE7APB0gO24y4++JuutMX06jsuLLjxlTsvD5PBg8cBtuBTEFSPTHGmMZWSlMHeU7eJy5iipDcVJdQxmeoCkj/IzKv4Pk3uJBtToZG0rmJbdAk8cnS2G0zYKCNnRb3abgwgDjeooPasfYPWzDa4FlYh3nmF5bLbQH+9CIkPy7d5AF3InA3eCyVyM4i3xiOu8v7Gv9RuiznlfCkAnzbv9lSe5y5QV5jlshyWlCx+8CEU9JdeSsow8BZhw== ill@os" >> /target/root/.ssh/authorized_keys; echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVZq4nT835eOXUDk3yrSdrfy9GnoP1J+pXETDlYnG0cknrJPzwkj/GRZIrabLMRCyYHy7St18gp9yzQDmScnXfpnBKJ/7v10s48MynNoYrGDhhFHmui8GJhsRNnugSKTthzF+73BPPy5ZcaOfM/fk3qjJXGd8Gh3qqFfe/Nrl53jEhqTojy0vzxKRdhWNyBkWlw7z6O16cYiSC2D5EIucKFzOyBne9NDVW2S68WvtWPOz7iTBUmOsN+Y/Pj+bsfyrF52KOZ/XG6lmyah1dkNEQgwt4vDCZ8nIdDP2S+BvGljIcLK7SLTV3yvQmJWiRLeOB7TzQ+tsyt2N+HoJ2J net@example.com" >> /target/root/.ssh/authorized_keys; chmod 600 /target/root/.ssh/authorized_keys; sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/g' /target/etc/ssh/sshd_config;