Red Hat 8.0 PXE server, etc. on PL2500
Red Hat 8.0 – default custom install
First let’s set up date and time as I like accurate logs:
vi /etc/ntp.conf
server 172.16.0.5
vi /etc/ntp/step-tickers
172.16.0.5
chkconfig –level 2345 ntpd on
service ntpd start
ntpq -np
or
ntpq -p
Disable ipchains and iptables, pick one of the following two methods:
Slow Method:
chkconfig –del ipchains
chkconfig –del iptables
Fast Method:
for X in ipchains iptables; do chkconfig –del $X; done
Let’s set our boot parameters (memory in our case)
vi /boot/grub/grub.conf
Add to the kernel line:
mem=exactmap mem=640@0 mem=255M@1M
Let’s setup /etc/modules.conf to load preferred drivers (e100 vs. eepro100)
vi /etc/modules.conf
s/eepro100/e100/g
s/tg3/bcm5700/g
Let’s set up our hostname and network configuration
We want 2 NICs, one for the pxe network and one to connect us upstream (in our case, directly upstream is deadnet, which connects to corpnet, which connects to the internet).
We will have static ip addresses on both network cards, but all this will work as well if our upstream NIC had a DHCP address as well.
see hostname.html to set up the hostname
netconfig, set up eth1, mv /etc/sysconfig/network-scripts/ifcfg-eth0 to ifcfg-eth1, change the “device=eth0” to “device=eth1” in ifcfg-eth1, then set up eth0 using netconfig.
When prompted for the gateway, if you are using static address on the outside NIC, then put the upstream gateway (in our case the deadnet gateway of 172.16.0.4) — if using a dhcp address for the outside NIC, then just leave GW blank. When prompted for the DNS, we can put private (pxe network) NIC as the DNS server since we will be setting up DNS on this box too.
Make a copy of /etc/resolv.conf: cp -a /tmp/resolv.conf /tmp
service network stop
killall dhclient
rmmod eepro100
service network start
Let’s temporarily fix up our /etc/resolv.conf:
cat /tmp/resolv.conf | grep nameserver >> /etc/resolv.conf
Let’s install the necessary packages, we’ll get our packages through NFS:
mkdir /mnt/nfs
mount 172.16.0.4:/var/ftp/pub /mnt/nfs
cd /mnt/nfs/rh80/i386/RedHat/RPMS
Install the following packages
dhcp-3.0pl1-9.i386.rpm
bind-9.2.1-9.i386.rpm
bind-utils-9.2.1-9.i386.rpm
caching-nameserver-7.2-4.noarch.rpm
tftp-server-0.29-3.i386.rpm
And install these development packages:
binutils-2.13.90.0.2-2.i386.rpm
gcc-3.2-7.i386.rpm
glibc-devel-2.2.93-5.i386.rpm
glibc-kernheaders-2.4-7.20.i386.rpm
nasm-0.98.34-1.i386.rpm
tftp-0.29-3.i386.rpm
netpbm-9.24-6.i386.rpm
netpbm-progs-9.24-6.i386.rpm
Install gShield:
mkdir /etc/firewalls
cp -a /mnt/nfs/gShield/gShield-2.8.tgz /etc/firewalls
cd /etc/firewalls
tar -xzvf – gShield-2.8.tgz
cd /etc
ln -s firewalls/gShield-2.8 firewall
cd /etc/init.d
ln -s ../../firewall/gShield.rc firewall
vi firewall
Add near the top:
# chkconfig: 2345 99 01
# description: gShield firewall service
Set up gShield:
/etc/firewall/gShield.conf
Set up interfaces
MULTI=yes
TIME=yes
time servers ==> 172.16.0.5
DMZ yes
Open up ftp, http, https, pop, imap, imap-ssl
yes to bind, zone transfer, local-bind
open up ssh, nfs, ntp
/etc/firewall/conf/NATS
172.32.0.0/16
Set up the DMZ
for X in `seq 128 254`; do echo 172.32.0.$X; done >> DMZ/dmz_hosts
/etc/firewall/gshield.first
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_ftp
/etc/firewall/conf/reserved_addresses
Uncomment any private networks that may hit your outside interface, such as 172.16.0.0
Install, setup, and start the firewall service:
chkconfig –add firewall
chkconfig –level 2345 firewall on
service firewall start
Download and install syslinux-2.02.tar.bz2 (
http://www.kernel.org/pub/linux/utils/boot/syslinux/)
(Red Hat 8.0 comes with syslinux-1.75 which is broken, you should use version 2.00 or later)
export http_proxy=myproxy.mydomain.com:8080
wget -m -nH –cut-dirs=5 http://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-2.02.tar.bz2
tar xvfj syslinux-2.02.tar.bz2
cd syslinux-2.02
export LANG=C
make clean install
mkdir -p /tftpboot/pxelinux.cfg
cp -a /usr/lib/syslinux/pxelinux.0 /tftpboot/
strings /tftpboot/pxelinux.0 | grep PXELINUX
strings should reveal the version number and date for pxelinux as follows:
PXELINUX 2.02 2003-02-13
Now mount up a bootnet.img floppy and copy in syslinux.cfg, vmlinuz, and initrd.img
mount /mnt/floppy
cp -a /mnt/floppy/syslinux.cfg /tftpboot/pxelinux.cfg/default
cp -a /mnt/floppy/vmlinuz /tftpboot
cp -a /mnt/floppy/initrd.img /tftpboot
Setting up DHCP
cp -a /usr/share/doc/dhcp-3.0pl1/dhcpd.conf.sample /etc/dhcpd.conf
Here’s a diff between the sample dhcpd.conf file and my new one — this shows the changes I had to make.
--- /usr/share/doc/dhcp-3.0pl1/dhcpd.conf.sample 2002-08-28 12:26:22.000000000 -0500
+++ /etc/dhcpd.conf 2003-03-04 08:54:53.000000000 -0600
@@ -1,24 +1,33 @@
ddns-update-style interim;
ignore client-updates;
-subnet 192.168.0.0 netmask 255.255.255.0 {
+allow booting;
+allow bootp;
+
+subnet 172.16.0.0 netmask 255.255.255.0 {
+}
+subnet 172.32.0.0 netmask 255.255.255.0 {
# --- default gateway
- option routers 192.168.0.1;
- option subnet-mask 255.255.255.0;
+ option routers 172.32.0.1;
+ option subnet-mask 255.255.0.0;
- option nis-domain "domain.org";
- option domain-name "domain.org";
- option domain-name-servers 192.168.1.1;
+ option nis-domain "pxe.net";
+ option domain-name "pxe.net";
+ option domain-name-servers 172.16.0.1;
+
+ # PXE-specific configuration directives
+ next-server 172.32.0.1;
+ filename "pxelinux.0";
- option time-offset -18000; # Eastern Standard Time
-# option ntp-servers 192.168.1.1;
+ option time-offset -21600; # Central Standard Time
+ option ntp-servers 172.16.0.5;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
- range dynamic-bootp 192.168.0.128 192.168.0.255;
+ range dynamic-bootp 172.32.0.128 172.32.0.255;
default-lease-time 21600;
max-lease-time 43200;
Here’s my dhcpd.conf:
ddns-update-style interim;
ignore client-updates;
allow booting;
allow bootp;
subnet 172.16.0.0 netmask 255.255.255.0 {
}
subnet 172.32.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 172.32.0.1;
option subnet-mask 255.255.0.0;
option nis-domain "pxe.net";
option domain-name "pxe.net";
option domain-name-servers 172.16.0.1;
# PXE-specific configuration directives
next-server 172.32.0.1;
filename "pxelinux.0";
option time-offset -21600; # Central Standard Time
option ntp-servers 172.16.0.5;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp 172.32.0.128 172.32.0.255;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}
}
Make sure /var/lib/dhcp/dhcpd.leases exists
touch /var/lib/dhcp/dhcpd.leases
Before starting dhcpd, make sure there are no other dhcpd servers operating on that network card you will be starting it on. In our example we got a HUB that had no other network connections on it and we called it our PXE HUB. Now if we want to pxe install, we just plug that machine into this PXE HUB and away we go.
Then start the dhcpd server
service dhcpd start
At this point you’re ready to go. Just do a couple of steps as follows. Later you can tweak your pxe system as you like, complete with kickstarts, etc.
Turn on tftp:
vi /etc/xinetd.d/tftp
change disable=yes to become disable=no
save and exit tftp
service xinetd restart
then cd to /tftpboot/pxelinux.cfg
and copy or link your syslinux.cfg from your bootnet floppy to an appropriate entry. You could use “default” which would catch any machine that pxe booted — but that has the possibility of wiping a box if you have the boot order wrong on that system, etc. etc. The better method is to calculate the ip address of that system into hex — better yet, give it a fixed ip address in your dhcp configuration file. For example 172.48.0.255 translated to hex is AC3000FF — so I have my rh80-syslinux.cfg and I do a “ln -s rh80-syslinux.cfg AC3000FF” and I can now boot that box that has that ip address and it will pick up this syslinux.cfg file.
Setting up DNS
for now, see named.html
Setting up ETHERBOOT
I already had my server configured for pxe as mentioned above.
– tftp server
– dhcp server
– – global: next-server 192.168.0.1;
– – global: filename "pxelinux.0";
I got pxelinux.0 from the latest syslinux package 2.02 (1.75 is broke – overwrites certain memory segments and therefore hangs the boot).
I downloaded the disk ROM for my NIC from ROM-O-MATIC (http://www.rom-o-matic.net/5.0.7/, choose your NIC, then choose Floppy Bootable ROM Image (.lzdsk)) and pushed it to floppy.
I made the etherboot.img (http://etherboot.org/wiki/) by the command:
mknbi-linux –append="ks=<ks source> ramdisk_size=12000" vmlinuz images/pxeboot/initrd.img > etherboot.img
and the ks info (ks=…) in the above command came from my syslinux.cfg file:
mknbi-linux –append="ks=nfs:192.168.0.1:/var/ftp/pub/kickstart/rh80-ks.cfg ramdisk_size=12000" vmlinuz images/pxeboot/initrd.img > etherboot.img
I added a fixed address entry for this machine in my dhcpd.conf file:
host 00508bea8000 {
next-server 192.168.0.1;
hardware ethernet 00:50:8b:ea:80:00;
fixed-address 192.168.1.254;
filename "etherboot.img";
}
then with etherboot.img in the /tftpboot directory and the downloaded ROM from ROM-O-MATIC on a floppy, I booted the floppy and all went without problems.
I suppose I could even copy that ROM out to the hard drive boot sector when I’m done testing to get it to boot back to the network and do the next install. — Yes, I just tested this. I can dd out the ROM to the MBR of the hard drive rather than to floppy and the system will etherboot – WARNING: The partition table for the hard drive is contained in the MBR too, so doing this will erase the partition information for your hard drive and you will loose the data on the hard drive (mbr.html. Of course in my case at this point I am no longer concerned with the data on the hard drive, nor the partitioning – I will be etherbooting so I can land the next image on the hard drive using kickstart.
Michael says you should be able to make a CD-Rom out of this by doing the following:
1) Make a fullsized image since mkisofs needs it:
dd if= conv=sync of=cdimage.img bs=1440k
2) Burn a bootable CD:
mkdir bootcd/
cp cdimage.img bootcd/
mkisofs -b cdimage.img -c bootcat bootcd/ |cdrecord -dev 0,0,0 -v -eject –
(you will need to put the right cdrecord options in)
3) Boot CD
Booting a disk image:
add in the memdisk support
You’ve already built and installed memdisk support it when you built syslinux 2.00 in the above steps. Now you just need to copy memdisk to the /tftboot directory.
cp -a /usr/lib/syslinux/memdisk /tftpboot/
and add an approprite entry into a syslinux.cfg file in /tftpboot/pxelinux.cfg:
label dos
kernel memdisk
append initrd=dosboot.img
Also you can give the memdisk command from the pxe boot: prompt:
memdisk initrd=diskimg.img
For more details see: http://syslinux.zytor.com/memdisk.php
Booting to the local hard drive:
label localboot
localboot 0
Actually it makes a lot of sense in certain environments to have the machines default to pxe boot as their primary boot order. So in my environment I’m changing the following:
CD-Rom
A:
c:
PXE
to:
PXE
CD-Rom
A:
C:
The reason for this is that I am constantly loading up different versions of software for testing — this could easily be some sort of clustering software that needs to be reimaged for different job tasks, etc. Then if a machine goes offline, it is a matter of just making an entry back at the pxe server to change from “local boot” to “load RH80”, then i just power cycle the server. Then once the install begins, I switch that entry back at the pxe server back to “local boot”. This is a whole lot faster than going to the server, power cycling, waiting for the F12 to specify that I want to pxe boot, etc. etc. I’m just saying that for certain environments it does make sence and cuts out on a lot of down time, by setting the pxe boot as the first boot choice, and then controlling what happens back at the pxe server.