System Automation – Part 1 – PXE and Preseed

Hi everyone I am going to start a mini series enabled system automation which will cover the basis of how to automate the deployment, configuration and upgrades of your Linux infrastructure. Some of the posts will be more geared toward Ubuntu vs RHEL but many of the ideas can easily be adopted by RHEL uses alike. In the first part of this series I want to cover the use of PXE boot and preseed to initially boot strap your Linux servers. If you are using a cloud provider such as Amazon you might want to skip this step and move onto another section such as puppet, cucumber-puppet, fabric or git.

What Is PXE

Good thing I am not in college (well at the moment anyway) because I am going to actually reference Wikipedia and their definition of PXE. “The Preboot eXecution Environment (PXE, also known as Pre-Execution Environment; sometimes pronounced “pixie”) is an environment to boot computers using a network interface independently of data storage devices (like hard disks) or installed operating systems.”. So your asking yourself what does that mean basically PXE allows you to boot your servers off of one of their network interfaces. In this blog post I will teach you how to setup a PXE server on Ubuntu and leverage preseed to complete the initial installation.

Mount Media To Your PXE Server

We need to make sure that the media is available because we need certain files to get PXE working properly and because the preseed will grab the packages off of the media.

We need to download an Ubuntu ISO image from one of the mirror sites https://launchpad.net/ubuntu/+archivemirrors the iso should be named ubuntu-10.04.3-server-amd64.iso and should be downloaded to /var/tmp. Once downloaded we will mount the DVD to /export/ubuntu:

mkdir -p /export/ubuntu/10.04/
sudo mount -o loop /var/tmp/ubuntu-10.04.3-server-amd64.iso /export/ubuntu/10.04/

This will make all of our files available later in this tutorial.

Setting Up DHCP

The first thing you will need to do is actually manually install an Ubuntu 10.04 Linux system so you can setup the rest of the system. Once you have your Ubuntu 10.04 system built you will want to install the following package to get started:

sudo apt-get install dhcp3-server

This will install the a basic dhcp server on your new PXE servers. Once dhcp3-server is installed you will want to setup a basic configuration, in /etc/dhcp3/ vi the dhcpd.conf file and put in the following:

allow booting;
allow bootp;
authorative;

subnet 192.168.10.0 netmask 255.255.255.0 {
  range 192.168.10.115 192.168.10.120;
  option broadcast-address 192.168.10.255;
  option routers 192.168.10.1;
  option subnet-mask 255.255.255.0;
  option domain-name-servers 192.168.10.12;
        option domain-name "example.com";
  filename "pxelinux.0";
  next-server 192.168.10.133;
}

You will want to change the domain-name as well as the IP range so that everything is specific to your environment. Next you will want to actually start the dhcpd service with the following command:

sudo /etc/init.d/dhcp3-server start

If you have properly edited your configuration the dhcpd server should now be running.

Setting Up TFTP

Next we are going to want to setup our tftp server, this is how the small Linux kernel gets served to your server allowing you to specify which preseed configuration file you will want to use to build out the system:

sudo apt-get install tftpd-hpa

Now that we have the tftpd application installed we will want to setup the configuration. In your /etc/default/tftpd-hpa put in the following config:

#Defaults for tftpd-hpa
RUN_DAEMON="yes"
TFTP_USERNAME="tftp"
OPTIONS="-l -s /tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure"

This will use the directory /tftpboot as the location for the files which will get our PXE environment working right.

Next we want to create the directories:

 
sudo mkdir -p /tftpboot/pxelinux.cfg

Copy in the boot file we specified in our dhcpd.conf file:

sudo cp /export/ubuntu/10.04/install/netboot/pxelinux.0 /tftpboot

We also need to copy over a menu module:

cp /export/ubuntu/10.04/install/netboot/ubuntu-installer/amd64/boot-screens/vesamenu.c32 /tftpboot/pxelinux.cfg 

Create default configuration file /tftpboot/pxelinux.cfg/default

#
#
MENU WIDTH 80
MENU MARGIN 10
MENU PASSWORDMARGIN 3
MENU ROWS 10
MENU TABMSGROW 15
MENU CMDLINEROW 15
MENU ENDROW 24
MENU PASSWORDROW 11
MENU TIMEOUTROW 16
MENU TITLE Pressed Installers
menu color title 1;34;49 #eea0a0ff #cc333355 std
menu color sel 7;37;40 #ff000000 #bb9999aa all
menu color border 30;44 #ffffffff #00000000 std
menu color pwdheader 31;47 #eeff1010 #20ffffff std
menu color hotkey 35;40 #90ffff00 #00000000 std
menu color hotsel 35;40 #90000000 #bb9999aa all
menu color timeout_msg 35;40 #90ffffff #00000000 none
menu color timeout 31;47 #eeff1010 #00000000 none
prompt 0
noescape 1
timeout 0
default pxelinux.cfg/vesamenu.c32

label Ubuntu 10.04 (Ubuntu 10.04)
menu label Ubuntu 10.04 (Ubuntu 10.04)
kernel pxe/images/ubuntu/ubuntu-10.4-x86_64
append initrd=pxe/images/ubuntu/ubuntu-10.4-x86_64.img ksdevice=eth0 DEBCONF_DEBUG=5 locale=en_US.UTF-8 console-setup/layoutcode=us domain=example.com hostname=hostname url=http://192.168.10.133/preseed/

One thing to note about the above file is that you will want to make your url= value set to the location of your preseed files. We haven’t covered that yet but will later in this tutorial, the IP will probably be the same IP as this host unless for some reason you decide to host your preseed files on a different system.

Next we want to copy over the kernel and initrd files

sudo mkdir /tftpboot/pxe/images/ubuntu
sudo cp /export/ubuntu/10.04/install/netboot/ubuntu-installer/amd64/linux /tftpboot/pxe/images/ubuntu/ubuntu-10.4-x86_64
sudo cp /export/ubuntu/10.04/install/netboot/ubuntu-installer/amd64/initrd.gz /tftpboot/pxe/images/ubuntu/ubuntu-10.4-x86_64.img

Set the permissions on your /tftpboot directory

sudo chmod -R 777 /tftpboot

Start the tftp-hpa service

sudo /etc/init.d/tftpd-hpa start

Preseed File Configuration

I come from a RHEL/CentOS background so it took me a few days to get the preseed working flawless without any user intervention. Below is an example preseed you should be able to leverage to create your own for your environment. In /export/preseed you will want to create a file yourhost.cfg with below content.

The first part of the preseed sets up basic information such as language, keymap, etc..

d-i debian-installer/locale string en_US
d-i console-tools/archs select at
d-i console-keymaps-at/keymap select American English
d-i debian-installer/keymap string us

Next comes the network configuration such as which interface to use for the preseed as well as hostname, domain and IP address (you can google arround about how to enable DHCP but I like to set IP and hostname during preseed):

d-i netcfg/choose_interface select eth0
d-i netcfg/dhcp_timeout string 300
d-i netcfg/get_hostname string your_host_name
d-i netcfg/get_hostname seen true
d-i netcfg/get_domain string example.com
d-i netcfg/get_domain seen true
d-i netcfg/disable_dhcp boolean true
d-i netcfg/dhcp_failed note
d-i netcfg/get_nameservers string 192.168.10.12
d-i netcfg/get_ipaddress string 192.168.10.141
d-i netcfg/get_netmask string 255.255.255.0
d-i netcfg/get_gateway string 192.168.10.1
d-i netcfg/confirm_static boolean true

Next we want to specify how and where the installer can get access to the Ubuntu distribution we want to use. I had some problems getting http to work properly so I have the protocol string set to ftp. The IP address is going to be the IP address of the system where we have the ISO mounted from the previous steps, obviously the directory is where the Ubuntu image is mounted, in the next two steps I’ll cover the apache and ftp server configurations:

d-i mirror/protocol string ftp
d-i mirror/ftp/hostname string 192.168.10.133
d-i mirror/ftp/directory string /10.04/
d-i mirror/ftp/proxy string

Now we are simply specifying which distro we are installed and which components we want to make available for install.

d-i mirror/suite string lucid
d-i mirror/udeb/suite string lucid
d-i mirror/udeb/components multiselect main, restricted
d-i clock-setup/utc boolean false

Set your timezone (I’m in Denver)


d-i time/zone string American/Denver

Now we are going to set a default password, if you wanted to you could setup an initial user, but I do all of my user creation with puppet so I simply create a system with the password set to passw0rd and have puppet change it later:

d-i passwd/make-user boolean false
d-i passwd/root-password password passw0rd
d-i passwd/root-password-again password passw0rd
user-setup-udeb passwd/root-login boolean true

Next we are going to do a basic install with limited packages and override the kernel so that the linux-server kernel is installed vs the generic kernel. Again I let puppet add the right packages to the system for this intended function:

d-i grub-installer/only_debian boolean true
d-i pkgsel/upgrade select none
d-i pkgsel/update-policy select none
d-i pkgsel/updatedb boolean true
d-i base-installer/kernel/override-image string linux-server
tasksel tasksel/first multiselect standard
d-i pkgsel/include string puppet lsb-release openssh-server screen sysstat wget ldap-utils
d-i finish-install/reboot_in_progress note

Now we are going to install security related updates for our system:

d-i apt-setup/services-select multiselect security
d-i apt-setup/security_host string security.ubuntu.com
d-i apt-setup/security_path string /ubuntu

Next we want to add the puppetlabs apt repository for Lucid and we want to import the gpg key.

d-i apt-setup/local0/repository string http://apt.puppetlabs.com/ubuntu lucid main
d-i apt-setup/local0/key string http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x1054B7A24BD6EC30

Now comes the disk partition scheme there are many ways to define the disk layout of your Ubuntu system for the purpose of this document we are simply using the multi layout there are other layout options or you can customize your own:

d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string lvm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select multi
d-i partman/default_filesystem string ext4
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
popularity-contest popularity-contest/participate boolean false

Next we want to add a few “late commands” to run once our preseed is near completion

d-i preseed/late_command string  \
/bin/echo "192.168.10.133 puppet puppet.example.com" >> /target/etc/hosts; \
/bin/sed -i s/true/false/g /target/etc/puppet/puppet.conf; \
/bin/sed -i s/no/yes/g /target/etc/default/puppet

Finally we want to force the installer to apply our network specific configuration information specified in the beginning of the pressed apparently there is a bug that prevents the netcfg from applying the hostname and domain to the system:

d-i preseed/early_command string /bin/killall.sh; /bin/netcfg

Well there you have it you should have a working preseed file to bootstrap your Ubuntu installations with puppet installed so after the system boots it will check into the puppetmaster and have the right configs applied.

Setting Up Apache To Serve Ubuntu Installation Files

Now we need to make sure Apache is configured to serve up the distribution we have mounted in /export/ubuntu/10.04. The first thing we need to do is make sure apache2 is installed.

sudo apt-get install apache2

Next we are going to edit the /etc/apache2/sites-enabled/000-default (this is really a symlink to /etc/apache2/sites-available/default and add the following lines:

        alias /ubuntu "/export/ubuntu"
        <Directory "/export/ubuntu">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                order deny,allow
                Allow from all
        </Directory>

This will make the /export/ubuntu directory available over http for our preseed files to use. As you can see we are laying the foundation for other versions of Ubuntu to be made available via the same URL.

Now we want to setup access to the preseed configuration files in /export/pressed so we will add the following lines to the /etc/apache2/sites-enabled/000-default file:

        alias /kickstart "/export/kickstart"
        <Directory "/export/kickstart">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                order deny,allow
                Allow from all
        </Directory>

Restart Apache for the configuration to take effect:

sudo /etc/init.d/apache2 restart

Install and Configure vsftpd

As stated in the preseed configuration section I had problems getting http to work, I read many blogs where other people had the same problem so I simply configured my system to have vsftpd installed and configured to serve up the debian packages for the installer. First we want to install vsftpd:

sudo apt-get install vsftpd

Next we simply want to change the /etc/vsftpd.conf to allow for anonymous logins and to serve up the directory /export/ubuntu:

listen=YES
anonymous_enable=YES
local_enable=NO
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem

Finally we simply want to change the home directory of the ftp user with the following command:

sudo usermod -d /export/ubuntu ftp

Once this step is complete then restart vsftpd:

sudo /etc/init.d/vsftpd restart

Now you have a working PXE boot environment.

Selecting The Preseed File

Once we boot our new system or virtual machine we should be presented with the following Preseed Menu:





From this image we want to press the key and type in the name of our config in my case its example.cfg:




Press enter and your installation should begin.

5 Comments

Leave a Reply to Carpio Brian Cancel reply

Your email address will not be published. Required fields are marked *