|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| | + | [[Category:Linux]] |
| | + | |
| | NetBoot using PXE and TFTP. See [[NetBoot server principle]] | | NetBoot using PXE and TFTP. See [[NetBoot server principle]] |
| | | | |
| − |
| |
| − |
| |
| − | =Current target=
| |
| − |
| |
| − | This will boot using an official installation image.
| |
| − |
| |
| − | Reminder:
| |
| − |
| |
| − | * NetBoot requires a DHCP server
| |
| − | * TFTP is NOT secure at all. You should only use it into your internal network !!
| |
| − |
| |
| − | => Don't forget to adjust your firewall rules
| |
| − |
| |
| − |
| |
| − |
| |
| − | =Installation=
| |
| − |
| |
| − | '''Trivial FTP (TFTP) client'''
| |
| − | <syntaxhighlight lang="bash">
| |
| − | apt-get install tftp-hpa
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | '''Trivial FTP (TFTP) server'''
| |
| − | <syntaxhighlight lang="bash">
| |
| − | apt-get install tftpd-hpa
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | '''SysLinux [netboot utilities]'''
| |
| − | <syntaxhighlight lang="bash">
| |
| − | apt-get install syslinux mtools initramfs-tools
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − |
| |
| − | Syslinux contains some starter files you can use for your netboot clients.
| |
| − |
| |
| − |
| |
| − |
| |
| − | =Configuration=
| |
| − |
| |
| − |
| |
| − | ==Create target TFTP folders==
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | mkdir -m 755 -p /tftpboot
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − |
| |
| − | ==TFTP configuration==
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | vim /etc/default/tftpd-hpa
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − |
| |
| − | It should look like:
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | # /etc/default/tftpd-hpa
| |
| − | RUN_DAEMON="yes"
| |
| − | TFTP_USERNAME="tftp"
| |
| − | TFTP_DIRECTORY="/tftpboot"
| |
| − | TFTP_ADDRESS="0.0.0.0:69"
| |
| − | TFTP_OPTIONS="--secure"
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − |
| |
| − | '''Don't forget to add the RUN_DAEMON setting.'''
| |
| − |
| |
| − |
| |
| − | The TFTP server files [= the files that will be used by the TFTP clients] are in the "TFTP_DIRECTORY" instruction.
| |
| − | ==> You should use the folder we just created: ''/tftpboot''
| |
| − |
| |
| − |
| |
| − |
| |
| − | IMPORTANT !!
| |
| − |
| |
| − | '''You must not change the default user or port number''' !!
| |
| − |
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | service tftpd-hpa restart
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − |
| |
| − |
| |
| − | ==TFTP automatic start on boot==
| |
| − |
| |
| − | Sometimes the "RUN_DAEMON" is not enough for TFTP automatic startup... :(
| |
| − |
| |
| − |
| |
| − | In that case you have to register tftp-hpa as a service.
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | cd /etc/init.d/
| |
| − | update-rc.d tftpd-hpa defaults
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | Reboot your server ! The TFTP should be up and running now :)
| |
| − |
| |
| − |
| |
| − |
| |
| − |
| |
| − | ==Firewall configuration==
| |
| − |
| |
| − | Adjust your firewall script and add the following rules:
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | IPTABLES=`which iptables`
| |
| − | LAN_ADDRESS="172.16.50.0/24"
| |
| − |
| |
| − | $IPTABLES -A INPUT -p udp -s $LAN_ADDRESS --dport 69 -j ACCEPT
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − |
| |
| − |
| |
| − | ==Test the server==
| |
| − |
| |
| − | 1. Create a file on the server
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | vim /tftpboot/hello.txt
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − |
| |
| − |
| |
| − | 2. Connect to the server
| |
| − |
| |
| − | Install TFTP client:
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | apt-get install tftp-hpa
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − | Connect to the server and get file:
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | tftp 172.16.50.2
| |
| − | get hello.txt
| |
| − | quit
| |
| − | </syntaxhighlight>
| |
| − |
| |
| − |
| |
| − | Check the received file:
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | cat hello.txt
| |
| − | </syntaxhighlight>
| |
| | | | |
| | | | |
| Line 216: |
Line 71: |
| | | | |
| | | | |
| − |
| |
| − | =TFTP management=
| |
| − |
| |
| − | Just use the "service" command:
| |
| − |
| |
| − | <syntaxhighlight lang="bash">
| |
| − | service tftpd-hpa {status|restart|start|stop}
| |
| − | </syntaxhighlight>
| |
| | | | |
| | | | |
NetBoot using PXE and TFTP. See NetBoot server principle
Setup NetBoot files
Use an Ubuntu ISO image as NetBoot
Download the latest Ubuntu netboot image for the target architecture(s) from: http://cdimage.ubuntu.com/netboot/
You have to take the netboot.tar.gz archive.
cd /tftpboot/
mkdir rescue
cd rescue
wget http://archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/netboot.tar.gz
tar -xzvf netboot.tar.gz
rm netboot.tar.gz
Register files in DHCP server
Edit your DHCP server configuration:
Adjust it like that:
#### NETBOOT settings
# PXE file to serve.
# >> elilo.efi => for ia64 clients;
# >> pxelinux.0 => for x86
# These files should be at the root of your TFTP server
# Note: The file name can be add in the "host" section too. Then, the "host" will override the current setting
filename "rescue/pxelinux.0";
# set the server that serve this NETBOOT file
next-server 172.16.50.2;
# Ensure that the new client (the one booting) is not stealing someone else IP @
ping-check = 1;
Mind the "rescue/" in the filename section.
You can always override that setting later on for each host.
Restart the DHCP server
service isc-dhcp-server restart
Next step: Diskless server / workstation
