Categories
Linux

PXE Server on Centos for network deployments

Found this article for installing a PXE server on Centos for network deployments.

NOTE: I ran into one issue that had me stumped for al long time. The PXE install would hang and after a lot of troubleshooting I added more RAM to the virtual machine I was trying to do the network install on and whammo, it worked. I added 4GB of RAM but not sure what the minimum is.

Install the following packages for setting up PXE environment.

yum install httpd xinetd syslinux tftp-server -y

Configure PXE Server

Go to /usr/share/syslinux/ directory:

cd /usr/share/syslinux/

Copy the following TFTP configuration files to the /var/lib/tftpboot/ directory.

cp pxelinux.0 menu.c32 memdisk mboot.c32 chain.c32 /var/lib/tftpboot/

 

Edit file /etc/xinetd.d/tftp

vi /etc/xinetd.d/tftp

 

Enable TFTP server. To do this, change “disable=yes” to “no”.

 # default: off
 # description: The tftp server serves files using the trivial file transfer \
 #       protocol.  The tftp protocol is often used to boot diskless \
 #       workstations, download configuration files to network-aware printers, \
 #       and to start the installation process for some operating systems.
 service tftp
 {
 socket_type             = dgram
 protocol                = udp
 wait                    = yes
 user                    = root
 server                  = /usr/sbin/in.tftpd
 server_args             = -s /var/lib/tftpboot
 disable                 = no
 per_source              = 11
 cps                     = 100 2
 flags                   = IPv4
}

 

Mount CentOS installation ISO file to any directory of your choice, for example /mnt. I already have CentOS 7 64 bit ISO image on my /root directory.

mount -o loop /root/<ISONAME>.iso /mnt/

 

Next, create a directory to store CentOS installation ISO image.

mkdir /var/lib/tftpboot/centos7_x64

Note: If you want to install CentOS 32 bit edition, make a relevant directory called centos7_i386 (Ex. /var/lib/tftpboot/centos7_i386).

 

Copy the ISO file contents to /var/lib/tftpboot/centos7_x64/.

cp -fr /mnt/* /var/lib/tftpboot/centos7_x64/

 

Copy the boot files to /var/lib/tftpboot/.

cp initrd.img /var/lib/tftpboot/
cp vmlinuz /var/lib/tftpboot/

 

Set the proper permissions to the above directory.

chmod -R 755 /var/lib/tftpboot/centos7_x64/

 

Create a apache configuration file for PXE server under /etc/httpd/conf.d/ directory:

vi /etc/httpd/conf.d/pxeboot.conf

 

Add the following lines:

Alias "/centos7" "/var/lib/tftpboot/centos7/"

<Directory /var/lib/tftpboot/centos7>
Options Indexes FollowSymLinks
Require all granted
</Directory>

Save and close the file.

Start the Apache service and TFTP

systemctl enable httpd.service
systemctl restart httpd.service
systemctl start xinetd
systemctl start tftp
systemctl enable xinetd
systemctl enable tftp

 

Then, create a configuration directory for PXE server:

mkdir /var/lib/tftpboot/pxelinux.cfg

 

Now, create PXE server configuration file under the pxelinux.cfg:

vi /var/lib/tftpboot/pxelinux.cfg/default

 

Add the following lines:

default menu.c32
prompt 0
timeout 300
ONTIMEOUT local

menu title ########## PXE Boot Menu ##########

label 1
menu label ^1) Install CentOS 7
kernel centos7_x64/images/pxeboot/vmlinuz
append initrd=centos7_x64/images/pxeboot/initrd.img method=http://192.168.1.150/centos7_x64 devfs=nomount

label 2
menu label ^2) Boot from local drive localboot

 

Save and close the file.

Disable Firewall and SELinux

To reduce complexity, I have disabled both firewall and SELinux in my PXE server.

To disable firewall, run the following commands:

systemctl disable firewalld
systemctl stop firewalld

 

To disable SELinux, edit file /etc/sysconfig/selinux:

vi /etc/sysconfig/selinux

 

Find the line: SELINUX=enforcing and change it to SELINUX=disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

 

Save and close the file. Reboot your PXE server to take effect the saved changes.

Categories
Misc

Enable Remote Root Login

Enable root login over SSH:
  1. As root, edit the sshd_config file in /etc/ssh/sshd_config:

    nano /etc/ssh/sshd_config
  2. Add a line in the Authentication section of the file that says PermitRootLogin yes. This line may already exist and be commented out with a “#”. In this case, remove the “#”.

    # Authentication:
    #LoginGraceTime 2m
    PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
  3. Save the updated /etc/ssh/sshd_config file.
  4. Restart the SSH server:

    service sshd restart