Chapter 50

PXE/TFTP Server

The PreeXecution Environment (PXE) provides supporting BIOS systems a source from which to receive a bootable image and/or configuration. Allows a system to boot from the network to an OS without an OS being installed on any local disk.

Subsections of PXE/TFTP Server

Adding WinPE to PXE Boot Server

portions of this article used herein

Certainly Microsoft has its own flavor of PXE boot service, called Windows Deployment Server (WDS). They also provide free software for advanced Windows OS deployment, called Microsoft Deployment Toolkit (MDT). By using the configuration editor, called Deployment Workbench, you can design a “lite touch” deployment scenario for your Windows OS, including driver packages and 3rd party applications.

Microsoft Deployment Toolkit

The limitation of MDT and Deployment Workbench is that they only run on Windows systems. However, the PXE bootable image it creates can be loaded into a Linux PXE server

First install the Windows host for MDT

CPU: 2x vCPU in 1 socket Mem: 8GB HDD1: 40GB #OS storage HDD2: 50GB #storage for deployment share IP: 192.168.1.15 hostname: deploy Admin: deployprojadmin PW: deployprojadmin OS: Windows 10

After the OS has been installed, install the appropriate version of the Windows ADK, selecting the following features:

  • Deployment Toolkit
  • Windows Preinstallation Environment (Windows PE)
  • User State Migration Tool (USMT)

Next install the Microsoft Deployment Toolkit (which is separate from what is included in the ADK)

Create a new deployment share in the secondary 50GB HDD. Setup of the MDT configuration is beyond the scope of this article - you’ll find some documentation for this in the previous link. However, to involve the PXE server we will need to generate a boot image from the MDT. To do this, right-click on the deployment share object in the left-hand navigation tree, in Deployment Workbench once you have it open. This will generate the first-time configuration and boot images, though with the deployment share being empty and unconfigured the boot images will need some tweaking before they are useful.

Back on the PXE server, bring over the boot image ISO and follow the steps in this article to mount the ISO and copy the boot files to the location the PXE server needs.

mkdir /var/lib/tftpboot/WinPE
cp /var/lib/tftpboot/memdisk /var/lib/tftpboot/networkboot

Add the following to your PXE config file

vi /var/lib/tftpboot/pxelinux.cfg/default

…then add a new section

LABEL 3
MENU LABEL ^3) Install Windows 10
KERNEL memdisk
INITRD windows/winpe_x86.iso
APPEND iso raw

Press [esc]:wq to save and quit

Creating a PXE/TFTP Boot Server

based on https://www.linuxtechi.com/configure-pxe-installation-server-centos-7/

PXE server installation and configuration

A Linux-based PXE server has 3 configuration components (in addition to your OS installation image, of course):

  • DHCP server options (could be from a co-hosted service or from a separate DHCP server)
  • TFTP/FTP server
  • PXE options and menu build

In this build I lace together the services of a DHCP server (previously established on a separate server) and a TFTP server (new). Both based on CentOS 7.

Begin by installing CentOS to a new virtual machine (VM)

  • Hostname: pxe
  • IP: 192.168.1.14
  • U: pxeprojadmin
  • P: pxeprojadmin

Install the needed packages

yum -y install tftp tftp-server syslinux vsftpd xinetd wget

Copying the ISO

TFTP (trivial file transport protocol) is controlled by xinetd, so it must be turned on in xinetd config

vi /etc/xinetd.d/tftp

…then find the line ‘disable=yes’ and change to:

disable=no

Press [esc]:wq to save and quit

Now the boot loader files need to be copied to the TFTP directory

cp /usr/share/syslinux/{pxelinux.0, menu.c32, memdisk, mboot.c32, chain.c32} /var/lib/tftpboot

Create the directory needed for the PXE boot configuration file

mkdir /var/lib/tftpboot/pxelinux.cfg /var/lib/tftpboot/networkboot

Download CentOS 7 installation ISO for later PXE distribution (to the current directory: /home/pxeprojadmin)

wget http://mirror.centos.org/centos/7/os/x86_64/images/boot.iso

Mount the ISO so that contents can be copied

mount -o loop boot.iso /mnt

Copy the contents to the FTP public directory

cp -a /mnt/* /var/ftp/pub

Copy the Kernel files to the TFTP server

cp /mnt/images/pxeboot/{vmlinuz, initrd.img} /var/lib/tftpboot/networkboot/

Clean up by unmounting the ISO

umount /mnt

Create the PXE menu configuration file and set system services

vi /var/lib/tftpboot/pxelinux.cfg/default

write the following

default menu
prompt 0
timeout 300

MENU TITLE ##### PXE Boot Menu #####

LABEL 1
MENU LABEL ^1) Install CentOS 7 x64 with Local Repo
KERNEL /networkboot/vmlinuz
APPEN initrd=/networkboot/initrd.img inst.repo=ftp://192.168.1.14/pub

LABEL 2
MENU LABEL ^2) Install CentOS 7 x64 with http://mirror.centos.org
KERNEL /networkboot/vmlinuz
APPEND initrd=/networkboot/initrd.img method=http://mirror.centos.org/centos/7/os/x86_64/ ip=dhcp

Enable and start your system services

systemctl enable --now xinetd
systemctl enable --now vsftpd

Set SELinux to allow FTP access

setsebool -P allow_ftpd_full_access 1

Set firewalld to allow relevant services

firewall-cmd --permanent --add-service=ftp --add-port={69/udp,69/tcp}
firewall-cmd --reload

Setting DHCP Options

Set DHCP options for the IP subnets you wish to access the PXE server. Here I’m assuming that you’re running a DHCP service in Linux, on the same or different service host.

vi /etc/dhcp/dhcpd.conf

In the subnet definition section of your file set the following options, with comment included to call out the PXE section

#IP of PXE Server
next-server 192.168.1.14;
filename "pxelinux.0";

…then in the general options section of the DHCP config file, add these lines

allow booting;
allow bootp;
allow unknown-clients;

Press [esc]:wq to save and quit

Restart the DHCP service

systemctl restart isc-dhcp-server

Now you should be able to access your PXE server connection when you boot a new computer/server/VM, using the PXE boot option of the available BIOS for your system.

Automated OS install with Kickstart file

I did not test this implementation, but the source article provided the following notes on setting a automation for the OS installation process

The kickstart file required a root password to complete the CentOS install (to set it for the root account in the installed OS). Since it will be stored in plain text in the kickstart file it is important to encrypt it. Here ‘Pxe@123#’ is the example root password. The command below outputs the encrypted password as string, which you substitute for [encrypted_root_pw] below

openssl passwd -1 Pxe@123#

The default kickstart file is /root/anaconda-ks.cfg, which you could reference for options. Create a blank file

vi /var/ftp/pub/centos7.cfg

and write the following in it

#Platform=x86, AMD64, or Intel EM64T
#Version=DEVEL

#Firewall configuration
firewall --disable

#Install OS instead of upgrade
install

#Use FTP installation media
url --url="ftp://192.168.1.14/pub/"

#Root password
rootpw --iscrypted [encrypted_root_pw]

#System authorization information
auth useshadow passalgo=sha512

#Use graphical install
graphical
firstboot disable

#System keyboard
lang en_US

#SELinux configuration
selinux disabled

#Installation log level
logging level=info

#System timezone
timezone America/Denver

#System bootloader configuration
bootloader location=mbr
cleanpart --all --initlabel
part swap --asprimary --fstype="swap" --size=1024
part /boot --fstype xfs --size=300
part pv.01 --size=1 --grow
volgroup root_vg01 pv.01
logvol / --fstype xfs --name=lv_01 --vgname=root_vg01 --size=1 --grow

%packages
@^minimal
@core
%end

%addon com_redhat_kdump --disable --reserve-mb='auto'
%end

Press [esc]:wq to save and quit

To enable the automation for a particular PXE option block, edit your PXE config file

vi /var/lib/tftpboot/pxelinux.cfg/default

and the following to your existing APPEND line

ks=ftp://192.168.1.14/pub/centos7.cfg

Press [esc]:wq to save and quit