Centos 7 PXE server over DHCP/HTTP/NFS/SMB (2018)

...

setup gpxe server on centor 7

== os install ==
<pre>

  • instalar centos 7 minimal

establecer ip fija

  • desabilitar selinux y firewall

setenforce 0
sed -i "s/keepcache=0/keepcache=1/g" /etc/yum.conf
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/SELINUX=permisive/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/SELINUX=disabled/SELINUX=disabled/g" /etc/selinux/config

chkconfig firewalld off
service firewalld stop
systemctl disable NetworkManager
service NetworkManager stop
echo "net.ipv4.conf.all.rp_filter = 2"|sudo tee /etc/sysctl.d/99-rp_filter.conf
systemctl enable network
service network restart

</pre>

== extra packates install ==
<pre>

yum -y install epel-release

yum -y upgrade

yum -y install mc w3m links elinks lynx wget curl sshpass

yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty epel-release

yum -y install httpd httpd-devel mod_ssl mod_wsgi php php-mysql php-gd php-xml php-pgsql php-mbstring php-xcache php-apc php-pear php-intl php-memcache php-xmlrpc php-soap composer apr apr-devel apr-util apr-util-devel libcurl-devel php-snmp

chkconfig httpd on

service httpd start

service httpd restart

yum -y install http://springdale.math.ias.edu/data/puias/7/x86_64/os/Addons/Packages/ntfs-3g-2016.2.22-1.sdl7.x86_64.rpm

yum -y install http://li.nux.ro/download/nux/dextop/el7/x86_64//libwim15-1.9.2-1.el7.nux.x86_64.rpm

yum -y install http://li.nux.ro/download/nux/dextop/el7/x86_64//wimtools-1.9.2-1.el7.nux.x86_64.rpm

yum -y install genisoimage cabextract

</pre>

== ipxe services install and environment ==

=== ===
<pre>

yum -y install dhcp tftp tftp-server syslinux wget syslinux-tftpboot xinetd

yum -y install ipxe-bootimgs ipxe-roms ipxe-roms-qemu

yum -y install proftpd proftpd-devel proftpd-ldap proftpd-mysql proftpd-postgresql proftpd-sqlite proftpd-utils

yum -y install samba samba-common samba-winbind

</pre>

=== ===
<pre>
#################### prepare aisled configs

mkdir -p /mnt/data/xtrt/{etc/xinetd.d,var/{lib,log/tftp}}

</pre>

==== ====

<pre>

### HTTPd folders

mv /etc/httpd /mnt/data/xtrt/etc

ln -s /mnt/data/xtrt/etc/httpd /etc/httpd

mv /var/www /mnt/data/xtrt/var

ln -s /mnt/data/xtrt/var/www /var/www

mv /var/log/httpd /mnt/data/xtrt/var/log

ln -s /mnt/data/xtrt/var/log/httpd /var/log/httpd

rm -f /etc/httpd/logs

ln -s /var/log/httpd /etc/httpd/logs

rm -f /etc/httpd/modules

ln -s /usr/lib64/httpd/modules /etc/httpd/modules

rm -f /etc/httpd/run

ln -s /run/httpd /etc/httpd/run

mkdir -p /var/www/html/0tools

</pre>

==== ====

<pre>

### tftp folders

mv /var/lib/tftpboot /mnt/data/xtrt/var/lib

ln -s /mnt/data/xtrt/var/lib/tftpboot /var/lib/tftpboot

mv /etc/xinetd.d/tftp /mnt/data/xtrt/etc/xinetd.d

ln -s /mnt/data/xtrt/etc/xinetd.d/tftp /etc/xinetd.d/tftp

ln -s /mnt/data/xtrt/var/log/tftp /var/log/tftp

touch /mnt/data/xtrt/var/log/tftp/tftp.log

ln -s /mnt/data/xtrt/var/log/tftp /var/log/tftp

</pre>

==== ====

<pre>

### dhcpd folders

mv /etc/dhcp /mnt/data/xtrt/etc

ln -s /mnt/data/xtrt/etc/dhcp /etc/dhcp

### smbd folders

mkdir -p /mnt/data/xtrt/var/lib/samba-shared/mswin/x64/{desktop/{10,07},server}

ln -s /mnt/data/xtrt/var/lib/samba-shared /var/lib/samba-shared

mv /etc/samba /mnt/data/xtrt/etc

ln -s /mnt/data/xtrt/etc/samba /etc/samba

echo 777 -R /mnt

</pre>

==== ====

<pre>

=== DHCPd setup ===
<pre>

cat «EOF > /etc/dhcp/dhcpd.conf

ddns-update-style interim;
ignore client-updates;
authoritative;
allow booting;
allow bootp;
allow unknown-clients;
log-facility local7;

###subnet 192.168.204.0 netmask 255.255.255.0 {
### wan subnet
###}

subnet 192.168.204.0 netmask 255.255.255.0 {
range 192.168.204.50 192.168.204.240;
option domain-name-servers 192.168.24.100;
option domain-name "my.subdomain.net";
option routers 192.168.204.57;
option broadcast-address 192.168.0.0;
default-lease-time 600;
max-lease-time 7200;
# PXE SERVER IP
next-server 192.168.204.57;
filename "pxelinux.0";
}

EOF

### for remote check:
### sudo nmap —script broadcast-dhcp-discover
</pre>

=== CIFS/SMB Setup ===
<pre>

cat «EOF > /etc/samba/smb.conf

[global]
netbios name = iPXESERVER

  1. load printers = yes
  2. cups options = raw

guest account = nobody
netbios aliases = iPXESERVER

  1. printing = cups

server string = networkscanner
workgroup = iPXESERVER
os level = 20

  1. printcap name = cups

security = user

  1. passdb backend = tdbsam

map to guest = bad user
encrypt passwords = yes
hosts allow = 192.168.254.0/24, 192.168.204.0/24, 127.0.0.1
hosts deny = 0.0.0.0/0

[mswin0010x64]
comment = iPXE Microsoft Windows 10 x64 Installer
path = /var/lib/samba-shared/mswin/x64/desktop/10
force user = nobody
force group = nobody
read only = No
acl check permissions = No
guest ok = Yes
nt acl support = No
map readonly = no
create mask = 0777

EOF

</pre>

=== tFTP Setup ===
==== tFTP service ====
<pre>
cat «EOF > /etc/xinetd.d/tftp

service tftp {
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
log_type = FILE /var/log/tftp/tftp.log
}

EOF

### for remote check
### sudo nmap -sU -p 69 —script tftp-enum.nse —script-args tftp-enum.filelist=customlist.txt 192.168.204.57

</pre>

== iPXE setup==
<pre>

cp -a /usr/share/syslinux/* /var/lib/tftpboot/

cat «EOF > /var/lib/tftpboot/pxelinux.cfg/default

default menu.c32
prompt 0
timeout 300
ONTIMEOUT local

menu title ########## PXE Boot Menu ##########

label 1

menu label ^1) Boot from local drive localboot

label 2

menu label ^2) Install CentOS 7

kernel centos7_x64/images/pxeboot/vmlinuz

append initrd=centos7_x64/images/pxeboot/initrd.img method=http://192.168.1.150/centos7_x64 devfs=nomount

EOF

</pre>

== ==
<pre>

systemctl restart xinetd

systemctl restart dhcpd

systemctl restart nmb

systemctl restart smb

systemctl restart httpd

systemctl enable xinetd

systemctl enable dhcpd

systemctl enable nmb

systemctl enable smb

systemctl enable httpd

</pre>

== ==
<pre>

</pre>

==Referencias==

Unless otherwise stated, the content of this page is licensed under GNU Free Documentation License.