PXE Install an OS

How to install an OS to any machine. Using a proxyDNS and its in-built TFTP as in Part 2. #pxe #pixieboot

PXE Install an OS
This is the natural habitat of the pixies

In Part 2 I showed how to Boot a Server or VM with PXE. Now we install an OS to a machine. This time we use the same proxyDNS.

The setup is my base setup for adding Debian Servers and Desktops. I switch on the VM when I have the need to setup a new Server or an Desktop. For security reasons I don't want this to be opp all the time. A little bit of paranoia is healthy.

On many physical servers, it is also possible to temporary switch to PXE boot without permanently changing the BIOS settings. See your documentation.

Dell servers: F12 will do the trick or Esc then @ on a serial or IPMI console

Installing Debian Bookworm

First we need to create the directory structure.

sudo mkdir -p /srv/tftp && sudo chown tftp:tftp /srv/tftp

Then we download the files and extract the netboot tarball.

Download the secure way

Download from a CDN backed by cloudflare and fastly currently

export YOURMIRROR=deb.debian.org
export ARCH=amd64
export DIST=stable
wget http://"$YOURMIRROR"/debian/dists/$DIST/main/installer-"$ARCH"/current/images/netboot/netboot.tar.gz
wget http://"$YOURMIRROR"/debian/dists/$DIST/main/installer-"$ARCH"/current/images/SHA256SUMS
wget http://"$YOURMIRROR"/debian/dists/$DIST/Release
wget http://"$YOURMIRROR"/debian/dists/$DIST/Release.gpg

Download the files

sha256sum -c <(awk '/netboot\/netboot.tar.gz/{print $1 " netboot.tar.gz"}' SHA256SUMS)

Output must print: netboot.tar.gz: OK

sha256sum -c <(awk '/[a-f0-9]{64}[[:space:]].*main\/installer-'$ARCH'\/current\/images\/SHA256SUMS/{print $1 " SHA256SUMS"}' Release)

Output must print SHA256SUMS: OK

The Direct Download Approach

sudo wget https://deb.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/netboot/netboot.tar.gz

It's easy to look for any Distros (except newer Ubuntu) netboot tarballs by googling netboot

sudo mkdir -p debian/bookworm && sudo tar -xf netboot.tar.gz -C debian/bookworm

Create the directory and extract the files to it

Moving Files from Local to Production

By extracting files to a local directory you may then later copy ( cp ) the files to the final destination on /srv/tftp/ . This way you can use them first in a test environment until you are ready to deploy. Then deploy to all servers in one go.

If needed to make them readable to TFTP daemon run chmod -R a+r * in the directory or just point the command to the directory.

You might have a needs of editing grub/grub.cfg if you ose a serial console or ...

If you are booting with UEFI
Then you should link grub and grubx64.efi into the root of your tftp directory.
Do somthing similar to this.

cd /srv/tftp
ln -s debian-installer/amd64/grubx64.efi .
ln -s debian-installer/amd64/grub .

Setup tftpd

The way thtpd works is to first look for GUID the MAC and if non of them is found it'll use pxelinux.cfg/default.

The Final Setup

Files and Directories needed

We use DNSMASQ. It is designed to be lightweight and have a small footprint. It's some kind of industrial standard for small systems.
Reason is that dnsmasq provides a DNS server, a DHCP server with support for DHCPv6 and PXE server, and a TFTP server and can run as a proxuDHCP server.

We need the directory structure

sudo mkdir -p /srv/tftp && sudo chown tftp:tftp /srv/tftp

Now enter it and get the files

wget http://ftp.debian.org/debian/dists/bookworm/main/installer-amd64/current/images/netboot/netboot.tar.gz
sudo tar -xzvf netboot.tar.gz
sudo rm netboot.tar.gz
sudo ln -s debian-installer/amd64/grubx64.efi .
sudo ln -s debian-installer/amd64/grub .
sudo chown tftp -R tftp ./*

Setup DNSMASQ as DHCP

Edit a new file by sudo nano dnsmasq.conf. This is using the in-built TFTP server.

interface=eth1
domain=example.com
dhcp-range=192.0.2.100,192.0.2.199,255.255.255.0,1h
dhcp-boot=pxelinux.0,pxeserver,192.0.2.69
enable-tftp # Enables the built-in TFTP server
tftp-root=/srv/tftp
pxe-service=x86PC, "PXELINUX (BIOS)", "pxelinux.0"
pxe-service=X86-64_EFI,"PXE (UEFI)","grubx64.efi"
pxe-service=2, "PXELINUX (0002-EFI)", "grubx64.efi"
pxe-service=6, "PXELINUX (0006-EFI)", "grubx64.efi"
pxe-service=7, "PXELINUX (0007-EFI)", "grubx64.efi"
pxe-service=8, "PXELINUX (0008-EFI)", "grubx64.efi"
pxe-service=9, "PXELINUX (0009-EFI)", "grubx64.efi"

The localDHCP Server and in-built TFTP Server

Setup DNSMASQ as proxyDHCP

port=0 # Stops DNS on this 
log-dhcp 
dhcp-range=10.10.10.0,proxy # Make it a proxyDHCP Server
dhcp-boot=pxlinux.0 
pxe-service=x86PC, "PXELINUX (BIOS)", "pxelinux.0"
pxe-service=X86-64_EFI,"PXE (UEFI)","grubx64.efi"
enable-tftp # Enables the built-in TFTP server
tftp-root=/tftpboot # Our files goes here

As an proxyDHCP with the in-built TFTP Server

Restart the proxyDHCP or DHCP or reboot your VM.

sudo systemctl restart dnsmasq.service

You can also install more things and do configurations with PXE, but that is outside of the scope of this blog post. We concentrate on setting up a plain OS.

Setup new Bookworm based VM's

To use PXE Boot you just select Boot option as scsi1 and net0 and have them in that order. The rest is totally depending on the use case and your Network. UEFI - Uncheck Pre-enroll keys. After the install is done set boot device to disk.

Setup a Bookworm Server

Do a normal install, but do not choose any desktop and choose the SSH Server.

After you start the server for the first time you probably like to set up some stuff.

  • The Net-Tools is handy apt install net-tools
  • Setup the network *
    nano /etc/network/interfaces and systemctl restart networking.
  • Then nano /etc/hosts amd nano /etc/hostname and systemctl reboot.
  • Then upgrade your server sudo apt update && sudo apt dist/upgrade -y
*) Note
In network/interfaces replace allow-hotplug ens33 with auto ens33.
Due to, restarting the network doesn't work - you have to reboot the server.

References

Syslinux [1] TFTP [2] vsftpd [3] commpressed files [4] RFC 4578 [5]


  1. Syslinux home page and on git ↩︎

  2. Trivial File Transfer Protocol server man page, Wikipedia ↩︎

  3. Very secure FTP daemon home page and Wikipedia ↩︎

  4. The tar command man page ↩︎

  5. RFC 4578 Dynamic Host Configuration Protocol (DHCP) Options for the
    Intel Preboot eXecution Environment (PXE) see the specifications ↩︎