ネットワークの設定を書き換えずにPXEサーバを立てたい!ということでProxyDHCPを使ったPXEの設定について。
パッケージのインストール
PXEサーバ設定
/etc/dnsmasq.d/proxy_pxe.conf
ブートメニューを作る
/tftpboot/pxelinux.cfg/default
ブートイメージの作成
Fedora Install
Puppy
g4l
SystemRescueCD
Windows PE
WinPe-tchのダウンロード等
memtest86+
apacheの設定
/etc/httpd/conf.d/netboot.conf
SELinuxの設定
/tftpboot に設定されているtftpdir_tにhttpdのアクセス許可を追加するが、セキュリティは大丈夫?気になるなら、イメージは別ディレクトリに移してhttpd_sys_content_tのtcontextを設定するとよい。
pxe.te
サービスを起動する
ポートを開ける
Read more ...
パッケージのインストール
# dnf install dnsmasq syslinux-tftpboot
PXEサーバ設定
/etc/dnsmasq.d/proxy_pxe.conf
# function as a tftp server enable-tftp # Don't function as a DNS server: port=0 # don't bind to 0.0.0.0 bind-interfaces # root directory for files available via ftp. tftp-root=/tftpboot # This range(s) is for the public interface, where dnsmasq functions # as a proxy DHCP server providing boot information but no IP leases. # Any ip in the subnet will do, so you may just put your server NIC ip here. # I used my router ip address dhcp-range=192.168.1.0, proxy # kill multicast dhcp-option=vendor:PXEClient,6,2b # disable reuse of the dhcp servername and filename fields as extra. # option space. to avoid confusing some old or broken dhcp clients. dhcp-no-override # Log lots of extra information about DHCP transactions. log-dhcp log-queries # PXE menu pxe-prompt="Press F8 for boot menu", 10 # A boot service type of 0 is special, and will abort the # net boot procedure and continue booting from local media. pxe-service=X86PC, "Boot from local hard disk", 0 # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86, # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI pxe-service=X86PC, "Boot from network", lpxelinux
ブートメニューを作る
# mkdir /tftpboot/pxelinux.cfg
/tftpboot/pxelinux.cfg/default
default vesamenu.c32 prompt 1 timeout 100 menu title ########## Boot Menu ########## #menu background pxelinux.cfg/logo.png label internet menu label ^Install Fedora from InterNET kernel http://192.168.1.10/netboot/fedora/vmlinuz initrd http://192.168.1.10/netboot/fedora/initrd.img append inst.stage2=http://download.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/ ip=dhcp label live menu label ^Boot Live Linux(puppy) kernel http://192.168.1.10/netboot/puppy/vmlinuz initrd http://192.168.1.10/netboot/puppy/initrd.gz append root=/dev/ram0 label backup menu label backup/recovery(g4l) menu default linux http://192.168.1.10/netboot/g4l/bz4x3.3 initrd http://192.168.1.10/netboot/g4l/ramdisk.lzma append root=/dev/ram0 label rescue menu label ^System Rescue linux http://192.168.1.10/netboot/systemrescue/rescue64 initrd http://192.168.1.10/netboot/systemrescue/initram.igz append netboot=http://192.168.1.10/netboot/systemrescue/sysrcd.dat setkmap=jp scandelay=5 label memtest86 menu label ^Memory test kernel memtest86plus append - label local menu label ^Boot from Local drive localboot 0xffff
ブートイメージの作成
Fedora Install
# mkdir /tftpboot/fedora # wget http://download.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/images/pxeboot/vmlinuz -O /tftpboot/fedora/vmlinuz # wget http://download.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/images/pxeboot/initrd.img -O /tftpboot/fedora/initrd.img
Puppy
# mkdir puppy # wget http://openlab.jp/puppylinux/download/puppy-5.7.1JP/precise-571JP.iso # mount -o loop,ro -t iso9660 precise-571JP.iso puppy # mkdir initrd # cd initrd # zcat ../puppy/initrd.gz | cpio -i -H newc -d 5329 blocks # cp ../puppy/puppy_precise_5.7.1JP.sfs . # find | cpio -o -H newc | gzip -4 > ../initrd.gz 257025 blocks # cd .. # mkdir /tftpboot/puppy # mv initrd.gz /tftpboot/puppy/. # cp puppy/vmlinuz /tftpboot/puppy/.
g4l
# mkdir /tftpboot/g4l # wget http://netix.dl.sourceforge.net/project/g4l/g4l%20ISO%20images/g4l-v0.50.iso # mount -o loop,ro -t iso9660 g4l-v0.50.iso g4l # cp g4l/bz4x3.3 /tftpboot/g4l/. # cp g4l/ramdisk.lzma /tftpboot/g4l/.
SystemRescueCD
# mkdir systemrescuecd # wget http://jaist.dl.sourceforge.net/project/systemrescuecd/sysresccd-x86/4.7.1/systemrescuecd-x86-4.7.1.iso # mount -o loop,ro -t iso9660 systemrescuecd-x86-4.7.1.iso systemrescuecd # mkdir /tftpboot/systemrescuecd # cp systemrescuecd/sysrcd.dat /tftpboot/systemrescuecd/. # cp systemrescuecd/sysrcd.md5 /tftpboot/systemrescuecd/. # cp systemrescuecd/isolinux/initram.igz /tftpboot/systemrescuecd/. # cp systemrescuecd/isolinux/rescue64 /tftpboot/systemrescuecd/. # umount systemrescuecd
Windows PE
WinPe-tchのダウンロード等
memtest86+
# wget http://www.memtest.org/download/5.01/memtest86+-5.01.zip # unzip memtest86+-5.01.zip # mv memtest86+-5.01.bin /tftpboot/memtest86plus
apacheの設定
/etc/httpd/conf.d/netboot.conf
# # This configuration file maps net boot images # Alias /netboot /tftpboot <location netboot=""> AllowOverride All Require ip 192.168.1.0/24 </location>
SELinuxの設定
/tftpboot に設定されているtftpdir_tにhttpdのアクセス許可を追加するが、セキュリティは大丈夫?気になるなら、イメージは別ディレクトリに移してhttpd_sys_content_tのtcontextを設定するとよい。
pxe.te
module pxe 1.0; require { type httpd_t; type tftpdir_t; class file { read open getattr }; } #============= httpd_t ============== allow httpd_t tftpdir_t:file { read open getattr };
# checkmodule -M -m -o pxe.mod pxe.te checkmodule: loading policy configuration from pxe.te checkmodule: policy configuration loaded checkmodule: writing binary representation (version 17) to pxe.mod # semodule_package -o pxe.pp -m pxe.mod # semodule -i pxe.pp # restorecon -v -R /tftpboot
サービスを起動する
# systemctl start dnsmasq # systemctl status dnsmasq ● dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled) Active: active (running) since 金 2016-02-19 00:21:57 JST; 2s ago Main PID: 1690 (dnsmasq) CGroup: /system.slice/dnsmasq.service └─1690 /usr/sbin/dnsmasq -k 2月 19 00:21:57 fedora.local.nerv.geek.jp systemd[1]: Started DNS caching server.. 2月 19 00:21:57 fedora.local.nerv.geek.jp systemd[1]: Starting DNS caching server.... 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq[1690]: started, version 2.75 DNS disabled 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq[1690]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lu...notify 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq-dhcp[1690]: DHCP, proxy on subnet 192.168.1.0 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq-tftp[1690]: TFTP root is /tftpboot Hint: Some lines were ellipsized, use -l to show in full. # systemctl enable dnsmasq Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.
# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since 木 2016-02-18 22:29:52 JST; 1h 54min ago Main PID: 940 (/usr/sbin/httpd) Status: "Total requests: 9; Idle/Busy workers 100/0;Requests/sec: 0.00132; Bytes served/sec: 75KB/sec" CGroup: /system.slice/httpd.service ├─ 940 /usr/sbin/httpd -DFOREGROUND ├─1195 /usr/sbin/httpd -DFOREGROUND ├─1196 /usr/sbin/httpd -DFOREGROUND ├─1197 /usr/sbin/httpd -DFOREGROUND ├─1198 /usr/sbin/httpd -DFOREGROUND ├─1200 /usr/sbin/httpd -DFOREGROUND └─1391 /usr/sbin/httpd -DFOREGROUND 2月 18 22:29:48 fedora.local.nerv.geek.jp systemd[1]: Starting The Apache HTTP Server... 2月 18 22:29:51 fedora.local.nerv.geek.jp httpd[940]: [Thu Feb 18 22:29:51.237904 2016] [core:warn] [pid 940] AH00114: Useless us....conf. 2月 18 22:29:52 fedora.local.nerv.geek.jp systemd[1]: Started The Apache HTTP Server. Hint: Some lines were ellipsized, use -l to show in full.
ポートを開ける
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=dhcp --permanent # firewall-cmd --add-service=tftp --permanent # firewall-cmd --add-service=proxy-dhcp --permanent # firewall-cmd --reloador
# firewall-cmd --set-default-zone=trusted