Fedora 23でPXEサーバを立てる

ネットワークの設定を書き換えずにPXEサーバを立てたい！ということでProxyDHCPを使ったPXEの設定について。

パッケージのインストール

# dnf install dnsmasq syslinux-tftpboot
1
# dnf install dnsmasq syslinux-tftpboot
 
 

PXEサーバ設定

/etc/dnsmasq.d/proxy_pxe.conf

# function as a tftp server
1
# function as a tftp server
2
enable-tftp
3
 
4
# Don't function as a DNS server:
5
port=0
6
 
7
# don't bind to 0.0.0.0
8
bind-interfaces
9
 
10
# root directory for files available via ftp.
11
tftp-root=/tftpboot
12
 
13
# This range(s) is for the public interface, where dnsmasq functions
14
# as a proxy DHCP server providing boot information but no IP leases.
15
# Any ip in the subnet will do, so you may just put your server NIC ip here.
16
# I used my router ip address
17
dhcp-range=192.168.1.0, proxy
18
 
19
# kill multicast
20
dhcp-option=vendor:PXEClient,6,2b
21
 
22
# disable reuse of the dhcp servername and filename fields as extra.
23
# option space. to avoid confusing some old or broken dhcp clients.
24
dhcp-no-override
25
 
26
# Log lots of extra information about DHCP transactions.
27
log-dhcp
28
log-queries
29
 
30
# PXE menu
31
pxe-prompt="Press F8 for boot menu", 10
32
 
33
# A boot service type of 0 is special, and will abort the
34
# net boot procedure and continue booting from local media.
35
pxe-service=X86PC, "Boot from local hard disk", 0
36
 
37
# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
38
# Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
39
pxe-service=X86PC, "Boot from network", lpxelinux
 
 

ブートメニューを作る

# mkdir /tftpboot/pxelinux.cfg
1
# mkdir /tftpboot/pxelinux.cfg
 
 

/tftpboot/pxelinux.cfg/default

default vesamenu.c32
1
default vesamenu.c32
2
prompt 1
3
timeout 100
4
 
5
menu title ########## Boot Menu ##########
6
#menu background pxelinux.cfg/logo.png
7
 
8
label internet
9
    menu label ^Install Fedora from InterNET
10
    kernel http://192.168.1.10/netboot/fedora/vmlinuz
11
    initrd http://192.168.1.10/netboot/fedora/initrd.img
12
    append inst.stage2=http://download.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/ ip=dhcp
13
 
14
label live
15
    menu label ^Boot Live Linux(puppy)
16
    kernel http://192.168.1.10/netboot/puppy/vmlinuz
17
    initrd http://192.168.1.10/netboot/puppy/initrd.gz
18
    append root=/dev/ram0
19
 
20
label backup
21
    menu label backup/recovery(g4l)
22
    menu default
23
    linux http://192.168.1.10/netboot/g4l/bz4x3.3
24
    initrd http://192.168.1.10/netboot/g4l/ramdisk.lzma
25
    append root=/dev/ram0
26
 
27
label rescue
28
    menu label ^System Rescue
29
    linux http://192.168.1.10/netboot/systemrescue/rescue64
30
    initrd http://192.168.1.10/netboot/systemrescue/initram.igz
31
    append netboot=http://192.168.1.10/netboot/systemrescue/sysrcd.dat setkmap=jp scandelay=5
32
 
33
label memtest86
34
    menu label ^Memory test
35
    kernel memtest86plus
36
    append -
37
 
38
label local
39
    menu label ^Boot from Local drive
40
    localboot 0xffff
 
 

ブートイメージの作成

Fedora Install

# mkdir /tftpboot/fedora
1
# mkdir /tftpboot/fedora
2
# wget http://download.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/images/pxeboot/vmlinuz -O /tftpboot/fedora/vmlinuz
3
# wget http://download.fedoraproject.org/pub/fedora/linux/releases/23/Server/x86_64/os/images/pxeboot/initrd.img -O /tftpboot/fedora/initrd.img
 
 

Puppy

# mkdir puppy
1
# mkdir puppy
2
# wget http://openlab.jp/puppylinux/download/puppy-5.7.1JP/precise-571JP.iso
3
# mount -o loop,ro -t iso9660 precise-571JP.iso puppy
4
# mkdir initrd
5
# cd initrd
6
# zcat ../puppy/initrd.gz | cpio -i -H newc -d
7
5329 blocks
8
# cp ../puppy/puppy_precise_5.7.1JP.sfs .
9
# find | cpio -o -H newc | gzip -4 > ../initrd.gz
10
257025 blocks
11
# cd ..
12
# mkdir /tftpboot/puppy
13
# mv initrd.gz /tftpboot/puppy/.
14
# cp puppy/vmlinuz /tftpboot/puppy/.
 
 

g4l

# mkdir /tftpboot/g4l
1
# mkdir /tftpboot/g4l
2
# wget http://netix.dl.sourceforge.net/project/g4l/g4l%20ISO%20images/g4l-v0.50.iso
3
# mount -o loop,ro -t iso9660 g4l-v0.50.iso g4l
4
# cp g4l/bz4x3.3 /tftpboot/g4l/.
5
# cp g4l/ramdisk.lzma /tftpboot/g4l/.
 
 

SystemRescueCD

# mkdir systemrescuecd
1
# mkdir systemrescuecd
2
# wget http://jaist.dl.sourceforge.net/project/systemrescuecd/sysresccd-x86/4.7.1/systemrescuecd-x86-4.7.1.iso
3
# mount -o loop,ro -t iso9660 systemrescuecd-x86-4.7.1.iso systemrescuecd
4
# mkdir /tftpboot/systemrescuecd
5
# cp systemrescuecd/sysrcd.dat /tftpboot/systemrescuecd/.
6
# cp systemrescuecd/sysrcd.md5 /tftpboot/systemrescuecd/.
7
# cp systemrescuecd/isolinux/initram.igz /tftpboot/systemrescuecd/.
8
# cp systemrescuecd/isolinux/rescue64 /tftpboot/systemrescuecd/.
9
# umount systemrescuecd
 
 

Windows PE
WinPe-tchのダウンロード等


memtest86+

# wget http://www.memtest.org/download/5.01/memtest86+-5.01.zip
1
# wget http://www.memtest.org/download/5.01/memtest86+-5.01.zip
2
# unzip memtest86+-5.01.zip
3
# mv memtest86+-5.01.bin /tftpboot/memtest86plus
 
 

apacheの設定

/etc/httpd/conf.d/netboot.conf

#
1
#
2
# This configuration file maps net boot images
3
#
4
Alias /netboot /tftpboot
5
 
6
<location netboot="">
7
    AllowOverride All
8
    Require ip 192.168.1.0/24
9
</location>
 
 

SELinuxの設定

/tftpboot に設定されているtftpdir_tにhttpdのアクセス許可を追加するが、セキュリティは大丈夫？気になるなら、イメージは別ディレクトリに移してhttpd_sys_content_tのtcontextを設定するとよい。

pxe.te

module pxe 1.0;
1
module pxe 1.0;
2
 
3
require {
4
        type httpd_t;
5
        type tftpdir_t;
6
        class file { read open getattr };
7
}
8
 
9
#============= httpd_t ==============
10
allow httpd_t tftpdir_t:file { read open getattr };
 
 

# checkmodule -M -m -o pxe.mod pxe.te
1
# checkmodule -M -m -o pxe.mod pxe.te
2
checkmodule:  loading policy configuration from pxe.te
3
checkmodule:  policy configuration loaded
4
checkmodule:  writing binary representation (version 17) to pxe.mod
5
# semodule_package -o pxe.pp -m pxe.mod
6
# semodule -i pxe.pp
7
# restorecon -v -R /tftpboot
 
 

サービスを起動する

# systemctl start dnsmasq
1
# systemctl start dnsmasq
2
# systemctl status dnsmasq
3
● dnsmasq.service - DNS caching server.
4
   Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
5
   Active: active (running) since 金 2016-02-19 00:21:57 JST; 2s ago
6
 Main PID: 1690 (dnsmasq)
7
   CGroup: /system.slice/dnsmasq.service
8
           └─1690 /usr/sbin/dnsmasq -k
9
 
10
 2月 19 00:21:57 fedora.local.nerv.geek.jp systemd[1]: Started DNS caching server..
11
 2月 19 00:21:57 fedora.local.nerv.geek.jp systemd[1]: Starting DNS caching server....
12
 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq[1690]: started, version 2.75 DNS disabled
13
 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq[1690]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lu...notify
14
 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq-dhcp[1690]: DHCP, proxy on subnet 192.168.1.0
15
 2月 19 00:21:57 fedora.local.nerv.geek.jp dnsmasq-tftp[1690]: TFTP root is /tftpboot
16
Hint: Some lines were ellipsized, use -l to show in full.
17
# systemctl enable dnsmasq
18
Created symlink from /etc/systemd/system/multi-user.target.wants/dnsmasq.service to /usr/lib/systemd/system/dnsmasq.service.
 
 

# systemctl status httpd
1
# systemctl status httpd
2
● httpd.service - The Apache HTTP Server
3
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
4
   Active: active (running) since 木 2016-02-18 22:29:52 JST; 1h 54min ago
5
 Main PID: 940 (/usr/sbin/httpd)
6
   Status: "Total requests: 9; Idle/Busy workers 100/0;Requests/sec: 0.00132; Bytes served/sec:  75KB/sec"
7
   CGroup: /system.slice/httpd.service
8
           ├─ 940 /usr/sbin/httpd -DFOREGROUND
9
           ├─1195 /usr/sbin/httpd -DFOREGROUND
10
           ├─1196 /usr/sbin/httpd -DFOREGROUND
11
           ├─1197 /usr/sbin/httpd -DFOREGROUND
12
           ├─1198 /usr/sbin/httpd -DFOREGROUND
13
           ├─1200 /usr/sbin/httpd -DFOREGROUND
14
           └─1391 /usr/sbin/httpd -DFOREGROUND
15
 
16
 2月 18 22:29:48 fedora.local.nerv.geek.jp systemd[1]: Starting The Apache HTTP Server...
17
 2月 18 22:29:51 fedora.local.nerv.geek.jp httpd[940]: [Thu Feb 18 22:29:51.237904 2016] [core:warn] [pid 940] AH00114: Useless us....conf.
18
 2月 18 22:29:52 fedora.local.nerv.geek.jp systemd[1]: Started The Apache HTTP Server.
19
Hint: Some lines were ellipsized, use -l to show in full.
 
 

ポートを開ける

# firewall-cmd --add-service=http --permanent
1
# firewall-cmd --add-service=http --permanent
2
# firewall-cmd --add-service=dhcp --permanent
3
# firewall-cmd --add-service=tftp --permanent
4
# firewall-cmd --add-service=proxy-dhcp --permanent
5
# firewall-cmd --reload
 
 

or

# firewall-cmd --set-default-zone=trusted
1
# firewall-cmd --set-default-zone=trusted