Fedora 23でPXEサーバを立てる

2016/02/14
ネットワークの設定を書き換えずにPXEサーバを立てたい!ということでProxyDHCPを使ったPXEの設定について。

パッケージのインストール
# dnf install dnsmasq syslinux-tftpboot

PXEサーバ設定

/etc/dnsmasq.d/proxy_pxe.conf
# function as a tftp server
enable-tftp

# Don't function as a DNS server:
port=0

# don't bind to 0.0.0.0
bind-interfaces

# root directory for files available via ftp.
tftp-root=/tftpboot

# This range(s) is for the public interface, where dnsmasq functions
# as a proxy DHCP server providing boot information but no IP leases.
# Any ip in the subnet will do, so you may just put your server NIC ip here.
# I used my router ip address
dhcp-range=192.168.1.0, proxy

# kill multicast
dhcp-option=vendor:PXEClient,6,2b

# disable reuse of the dhcp servername and filename fields as extra.
# option space. to avoid confusing some old or broken dhcp clients.
dhcp-no-override

# Log lots of extra information about DHCP transactions.
log-dhcp
log-queries

# PXE menu
pxe-prompt="Press F8 for boot menu", 10

# A boot service type of 0 is special, and will abort the
# net boot procedure and continue booting from local media.
pxe-service=X86PC, "Boot from local hard disk", 0

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
pxe-service=X86PC, "Boot from network", lpxelinux


ブートメニューを作る
# mkdir /tftpboot/pxelinux.cfg

/tftpboot/pxelinux.cfg/default
default vesamenu.c32
prompt 1
timeout 100

menu title ########## Boot Menu ##########
#menu background pxelinux.cfg/logo.png

label internet
    menu label ^Install Fedora from InterNET
    kernel http://192.168.1.10/netboot/fedora/vmlinuz
    initrd http://192.168.1.10/netboot/fedora/initrd.img
    append inst.stage2=http://download.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/ ip=dhcp

label live
    menu label ^Boot Live Linux(puppy)
    kernel http://192.168.1.10/netboot/puppy/vmlinuz
    initrd http://192.168.1.10/netboot/puppy/initrd.gz
    append root=/dev/ram0

label backup
    menu label backup/recovery(g4l)
    menu default
    linux http://192.168.1.10/netboot/g4l/bz4x3.3
    initrd http://192.168.1.10/netboot/g4l/ramdisk.lzma
    append root=/dev/ram0

label rescue
    menu label ^System Rescue
    linux http://192.168.1.10/netboot/systemrescue/rescue64
    initrd http://192.168.1.10/netboot/systemrescue/initram.igz
    append netboot=http://192.168.1.10/netboot/systemrescue/sysrcd.dat setkmap=jp scandelay=5

label memtest86
    menu label ^Memory test
    kernel memtest86plus
    append -

label local
    menu label ^Boot from Local drive
    localboot 0xffff


ブートイメージの作成

Fedora Install
# mkdir /tftpboot/fedora
# wget http://download.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/images/pxeboot/vmlinuz -O /tftpboot/fedora/vmlinuz
# wget http://download.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/images/pxeboot/initrd.img -O /tftpboot/fedora/initrd.img


Puppy
# mkdir puppy
# wget http://openlab.jp/puppylinux/download/puppy-5.7.1JP/precise-571JP.iso
# mount -o loop,ro -t iso9660 precise-571JP.iso puppy
# mkdir initrd
# cd initrd
# zcat ../puppy/initrd.gz | cpio -i -H newc -d
5329 blocks
# cp ../puppy/puppy_precise_5.7.1JP.sfs .
# find | cpio -o -H newc | gzip -4 > ../initrd.gz
257025 blocks
# cd ..
# mkdir /tftpboot/puppy
# mv initrd.gz /tftpboot/puppy/.
# cp puppy/vmlinuz /tftpboot/puppy/.


g4l
# mkdir /tftpboot/g4l
# wget http://netix.dl.sourceforge.net/project/g4l/g4l%20ISO%20images/g4l-v0.50.iso
# mount -o loop,ro -t iso9660 g4l-v0.50.iso g4l
# cp g4l/bz4x3.3 /tftpboot/g4l/.
# cp g4l/ramdisk.lzma /tftpboot/g4l/.


SystemRescueCD
# mkdir systemrescuecd
# wget http://jaist.dl.sourceforge.net/project/systemrescuecd/sysresccd-x86/4.7.1/systemrescuecd-x86-4.7.1.iso
# mount -o loop,ro -t iso9660 systemrescuecd-x86-4.7.1.iso systemrescuecd
# mkdir /tftpboot/systemrescuecd
# cp systemrescuecd/sysrcd.dat /tftpboot/systemrescuecd/.
# cp systemrescuecd/sysrcd.md5 /tftpboot/systemrescuecd/.
# cp systemrescuecd/isolinux/initram.igz /tftpboot/systemrescuecd/.
# cp systemrescuecd/isolinux/rescue64 /tftpboot/systemrescuecd/.
# umount systemrescuecd


Windows PE
WinPe-tchのダウンロード等


memtest86+
# wget http://www.memtest.org/download/5.01/memtest86+-5.01.zip
# unzip memtest86+-5.01.zip
# mv memtest86+-5.01.bin /tftpboot/memtest86plus


apacheの設定

/etc/httpd/conf.d/netboot.conf
#
# This configuration file maps net boot images
#
Alias /netboot /tftpboot

<location netboot="">
    AllowOverride All
    Require ip 192.168.1.0/24
</location>

SELinuxの設定

/tftpboot に設定されているtftpdir_tにhttpdのアクセス許可を追加するが、セキュリティは大丈夫?気になるなら、イメージは別ディレクトリに移してhttpd_sys_content_tのtcontextを設定するとよい。

pxe.te
module pxe 1.0;

require {
        type httpd_t;
        type tftpdir_t;
        class file { read open getattr };
}

#============= httpd_t ==============
allow httpd_t tftpdir_t:file { read open getattr };
# checkmodule -M -m -o pxe.mod pxe.te
checkmodule:  loading policy configuration from pxe.te
checkmodule:  policy configuration loaded
checkmodule:  writing binary representation (version 17) to pxe.mod
# semodule_package -o pxe.pp -m pxe.mod
# semodule -i pxe.pp
# restorecon -v -R /tftpboot

サービスを起動する
# systemctl start dnsmasq
# systemctl status dnsmasq
● dnsmasq.service - DNS caching server.
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
   Active: active (running) since 金 2016-02-19 00:21:57 JST; 2s ago
 Main PID: 1690 (dnsmasq)
   CGroup: /system.slice/dnsmasq.service
           └─1690 /usr/sbin/dnsmasq -k

 2月 19 00:21:57 fedora.local.nerv.geek.jp systemd[1]: Started DNS caching server..
 2月 19 00:21:57 fedora.local.nerv.geek.jp systemd[1]: Starting DNS caching server....
 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq[1690]: started, version 2.75 DNS disabled
 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq[1690]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lu...notify
 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq-dhcp[1690]: DHCP, proxy on subnet 192.168.1.0
 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq-tftp[1690]: TFTP root is /tftpboot
Hint: Some lines were ellipsized, use -l to show in full.
# systemctl enable dnsmasq
Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.
# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since 木 2016-02-18 22:29:52 JST; 1h 54min ago
 Main PID: 940 (/usr/sbin/httpd)
   Status: "Total requests: 9; Idle/Busy workers 100/0;Requests/sec: 0.00132; Bytes served/sec:  75KB/sec"
   CGroup: /system.slice/httpd.service
           ├─ 940 /usr/sbin/httpd -DFOREGROUND
           ├─1195 /usr/sbin/httpd -DFOREGROUND
           ├─1196 /usr/sbin/httpd -DFOREGROUND
           ├─1197 /usr/sbin/httpd -DFOREGROUND
           ├─1198 /usr/sbin/httpd -DFOREGROUND
           ├─1200 /usr/sbin/httpd -DFOREGROUND
           └─1391 /usr/sbin/httpd -DFOREGROUND

 2月 18 22:29:48 fedora.local.nerv.geek.jp systemd[1]: Starting The Apache HTTP Server...
 2月 18 22:29:51 fedora.local.nerv.geek.jp httpd[940]: [Thu Feb 18 22:29:51.237904 2016] [core:warn] [pid 940] AH00114: Useless us....conf.
 2月 18 22:29:52 fedora.local.nerv.geek.jp systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

ポートを開ける
# firewall-cmd --add-service=http --permanent
# firewall-cmd --add-service=dhcp --permanent
# firewall-cmd --add-service=tftp --permanent
# firewall-cmd --add-service=proxy-dhcp --permanent
# firewall-cmd --reload
or
# firewall-cmd --set-default-zone=trusted
Read more ...