Setting up a ‘PXE Network Boot Server’ for Multiple Linux Distribution Installations in RHEL/CentOS 7
PXE Server – Preboot eXecution Environment – instructs a
client computer to boot, run or install an operating system directly
form a network interface, eliminating the need to burn a CD/DVD or use a
physical medium, or, can ease the job of installing Linux distributions
on your network infrastructure on multiple machines the same time.
Setting PXE Network Boot in RHEL/CentOS 7
Requirements
- CentOS 7 Minimal Installation Procedure
- RHEL 7 Minimal Installation Procedure
- Configure Static IP Address in RHEL/CentOS 7
- Remove Unwanted Services in RHEL/CentOS 7
- Install NTP Server to Set Correct System Time in RHEL/CentOS 7
This article will explain how you can install and configure a
PXE Server on
RHEL/
CentOS 7 x64-bit with mirrored local installation repositories, sources provided by CentOS 7 DVD ISO image, with the help of
DNSMASQ Server.
Which provides
DNS and
DHCP services,
Syslinux package which provides bootloaders for network booting,
TFTP-Server, which makes bootable images available to be downloaded via network using
Trivial File Transfer Protocol (TFTP) and
VSFTPD
Server which will host the local mounted mirrored DVD image – which
will act as an official RHEL/CentOS 7 mirror installation repository
from where the installer will extract its required packages.
Step 1: Install and configure DNSMASQ Server
1. No need to remind you that is absolutely
demanding that one of your network card interface, in case your server
poses more NICs, must be configured with a static IP address from the
same IP range that belongs to the network segment that will provide PXE
services.
So, after you have configured your static IP Address, updated your
system and performed other initial settings, use the following command
to install
DNSMASQ daemon.
# yum install dnsmasq
Install dnsmasq Package
2. DNSMASQ main default configuration file located in
/etc directory is self-explanatory but intends to be quite difficult to edit, do to its highly commented explanations.
First make sure you backup this file in case you need to review it
later and, then, create a new blank configuration file using your
favorite text editor by issuing the following commands.
# mv /etc/dnsmasq.conf /etc/dnsmasq.conf.backup
# nano /etc/dnsmasq.conf
3. Now, copy and paste the following configurations on
dnsmasq.conf file and assure that you change the below explained statements to match your network settings accordingly.
interface=eno16777736,lo
#bind-interfaces
domain=centos7.lan
# DHCP range-leases
dhcp-range= eno16777736,192.168.1.3,192.168.1.253,255.255.255.0,1h
# PXE
dhcp-boot=pxelinux.0,pxeserver,192.168.1.20
# Gateway
dhcp-option=3,192.168.1.1
# DNS
dhcp-option=6,92.168.1.1, 8.8.8.8
server=8.8.4.4
# Broadcast Address
dhcp-option=28,10.0.0.255
# NTP Server
dhcp-option=42,0.0.0.0
pxe-prompt="Press F8 for menu.", 60
pxe-service=x86PC, "Install CentOS 7 from network server 192.168.1.20", pxelinux
enable-tftp
tftp-root=/var/lib/tftpboot
Dnsmasq Configuration
The statements that you need to change are follows:
- interface – Interfaces that the server should listen and provide services.
- bind-interfaces – Uncomment to bind only on this interface.
- domain – Replace it with your domain name.
- dhcp-range – Replace it with IP range defined by your network mask on this segment.
- dhcp-boot – Replace the IP statement with your interface IP Address.
- dhcp-option=3,192.168.1.1 – Replace the IP Address with your network segment Gateway.
- dhcp-option=6,92.168.1.1 – Replace the IP Address with your DNS Server IP – several DNS IPs can be defined.
- server=8.8.4.4 – Put your DNS forwarders IPs Addresses.
- dhcp-option=28,10.0.0.255 – Replace the IP Address with network broadcast address –optionally.
- dhcp-option=42,0.0.0.0 – Put your network time servers – optionally (0.0.0.0 Address is for self-reference).
- pxe-prompt – Leave it as default – means to hit F8 key for entering menu 60 with seconds wait time..
- pxe=service – Use x86PC for 32-bit/64-bit architectures and
enter a menu description prompt under string quotes. Other values types
can be: PC98, IA64_EFI, Alpha, Arc_x86, Intel_Lean_Client, IA32_EFI,
BC_EFI, Xscale_EFI and X86-64_EFI.
- enable-tftp – Enables the build-in TFTP server.
- tftp-root – Use /var/lib/tftpboot – the location for all netbooting files.
For other advanced options concerning configuration file feel free to read
dnsmasq manual.
Step 2: Install SYSLINUX Bootloaders
4. After you have edited and saved
DNSMASQ main configuration file, go ahead and install
Syslinx PXE bootloader package by issuing the following command.
# yum install syslinux
Install Syslinux Bootloaders
5. The PXE bootloaders files reside in
/usr/share/syslinux
absolute system path, so you can check it by listing this path content.
This step is optional, but you might need to be aware of this path
because on the next step, we will copy of all its content to
TFTP Server path.
# ls /usr/share/syslinux
Syslinux Files
Step 3: Install TFTP-Server and Populate it with SYSLINUX Bootloaders
6. Now, let’s move to next step and install
TFTP-Server and, then, copy all bootloders files provided by Syslinux package from the above listed location to
/var/lib/tftpboot path by issuing the following commands.
# yum install tftp-server
# cp -r /usr/share/syslinux/* /var/lib/tftpboot
Install TFTP Server
Step 4: Setup PXE Server Configuration File
7. Typically the
PXE Server reads its configuration from a group of specific files (
GUID files – first,
MAC files – next,
Default file – last) hosted in a folder called
pxelinux.cfg, which must be located in the directory specified in
tftp-root statement from DNSMASQ main configuration file.
Create the required directory
pxelinux.cfg and populate it with a
default file by issuing the following commands.
# mkdir /var/lib/tftpboot/pxelinux.cfg
# touch /var/lib/tftpboot/pxelinux.cfg/default
8. Now it’s time to edit
PXE Server
configuration file with valid Linux distributions installation options.
Also note that all paths used in this file must be relative to the
/var/lib/tftpboot directory.
Below you can see an example configuration file that you can use it,
but modify the installation images (kernel and initrd files), protocols
(FTP, HTTP, HTTPS, NFS) and IPs to reflect your network installation
source repositories and paths accordingly.
# nano /var/lib/tftpboot/pxelinux.cfg/default
Add the following whole excerpt to the file.
default menu.c32
prompt 0
timeout 300
ONTIMEOUT local
menu title ########## PXE Boot Menu ##########
label 1
menu label ^1) Install CentOS 7 x64 with Local Repo
kernel centos7/vmlinuz
append initrd=centos7/initrd.img method=ftp://192.168.1.20/pub devfs=nomount
label 2
menu label ^2) Install CentOS 7 x64 with http://mirror.centos.org Repo
kernel centos7/vmlinuz
append initrd=centos7/initrd.img method=http://mirror.centos.org/centos/7/os/x86_64/ devfs=nomount ip=dhcp
label 3
menu label ^3) Install CentOS 7 x64 with Local Repo using VNC
kernel centos7/vmlinuz
append initrd=centos7/initrd.img method=ftp://192.168.1.20/pub devfs=nomount inst.vnc inst.vncpassword=password
label 4
menu label ^4) Boot from local drive
Configure PXE Server
As you can see CentOS 7 boot images (kernel and initrd) reside in a directory named
centos7 relative to
/var/lib/tftpboot (on an absolute system path this would mean
/var/lib/tftpboot/centos7) and the installer repositories can be reached by using
FTP protocol on
192.168.1.20/pub network location – in this case the repos are hosted locally because the IP address is the same as the PXE server address).
Also menu
label 3 specifies that the client installation should be done from a remote location via
VNC (here replace VNC password with a strong password) in case you install on a headless client and the menu
label 2 specifies as
installation sources a CentOS 7 official Internet mirror (this case
requires an Internet connection available on client through DHCP and
NAT).
Important: As you see in the
above configuration, we’ve used CentOS 7 for demonstration purpose, but
you can also define RHEL 7 images, and following whole instructions and
configurations are based on CentOS 7 only, so be careful while choosing
distribution.
Step 5: Add CentOS 7 Boot Images to PXE Server
9. For this step CentOS kernel and initrd files are required. To get those files you need the
CentOS 7 DVD ISO Image. So, go ahead and download CentOS DVD Image, put it in your DVD drive and mount the image to
/mnt system path by issuing the below command.
The reason for using the DVD and not a Minimal CD Image is the fact that later this DVD content would be used to create the
locally installer repositories for
FTP sources.
# mount -o loop /dev/cdrom /mnt
# ls /mnt
Mount CentOS DVD
If your machine has no DVD drive you can also download
CentOS 7 DVD ISO locally using
wget or
curl utilities from a
CentOS mirror and mount it.
# wget http://mirrors.xservers.ro/centos/7.0.1406/isos/x86_64/CentOS-7.0-1406-x86_64-DVD.iso
# mount -o loop /path/to/centos-dvd.iso /mnt
10. After the DVD content is made available, create the
centos7 directory and copy CentOS 7 bootable kernel and initrd images from the DVD mounted location to centos7 folder structure.
# mkdir /var/lib/tftpboot/centos7
# cp /mnt/images/pxeboot/vmlinuz /var/lib/tftpboot/centos7
# cp /mnt/images/pxeboot/initrd.img /var/lib/tftpboot/centos7
Copy CentOS Bootable Files
The reason for using this approach is that, later you can create new separate directories in
/var/lib/tftpboot path and add other Linux distributions to PXE menu without messing up the entire directory structure.
Step 6: Create CentOS 7 Local Mirror Installation Source
11. Although you can setup
Installation Source Mirrors via a variety of protocols such as HTTP, HTTPS or NFS, for this guide, I have chosen
FTP protocol because is very reliable and easy to setup with the help of
vsftpd server.
Further install vsftpd daemon, copy all DVD mounted content to
vsftpd default server path (
/var/ftp/pub)
– this can take a while depending on your system resources and append
readable permissions to this path by issuing the following commands.
# yum install vsftpd
# cp -r /mnt/* /var/ftp/pub/
# chmod -R 755 /var/ftp/pub
Install Vsftpd Server
Copy Files to FTP Path
Set Permissions on FTP Path
Step 7: Start and Enable Daemons System-Wide
12. Now that the PXE server configuration is finally finished, start
DNSMASQ and
VSFTPD
servers, verify their status and enable it system-wide, to
automatically start after every system reboot, by running the below
commands.
# systemctl start dnsmasq
# systemctl status dnsmasq
# systemctl start vsftpd
# systemctl status vsftpd
# systemctl enable dnsmasq
# systemctl enable vsftpd
Start Dnsmasq Service
Start Vsftpd Service
Step 8: Open Firewall and Test FTP Installation Source
13. To get a list of all ports that needs to be open
on your Firewall in order for client machines to reach and boot from
PXE server, run
netstat command and add CentOS 7 Firewalld rules accordingly to dnsmasq and vsftpd listening ports.
# netstat -tulpn
# firewall-cmd --add-service=ftp --permanent ## Port 21
# firewall-cmd --add-service=dns --permanent ## Port 53
# firewall-cmd --add-service=dhcp --permanent ## Port 67
# firewall-cmd --add-port=69/udp --permanent ## Port for TFTP
# firewall-cmd --add-port=4011/udp --permanent ## Port for ProxyDHCP
# firewall-cmd --reload ## Apply rules
Check Listening Ports
Open Ports in Firewall
14. To test FTP Installation Source network path open a browser locally (
lynx should do it) or on a different computer and type the IP Address of your PXE server with
FTP protocol followed by
/pub network location on URL filed and the result should be as presented in the below screenshot.
ftp://192.168.1.20/pub
Access FTP Files via Browser
15. To debug PXE server for eventual misconfigurations or other information and diagnostics in live mode run the following command.
# tailf /var/log/messages
Check PXE Logs for Errors
16. Finally, the last required step that you need to do is to unmount CentOS 7 DVD and remove the physical medium.
# umount /mnt
Step 9: Configure Clients to Boot from Network
17. Now your clients can boot and install CentOS 7 on their machines by configuring Network Boot as
primary boot device from their systems BIOS or by hitting a specified key during
BIOS POST operations as specified in motherboard manual.
In order to choose network booting. After first PXE prompt appears, press
F8 key to enter presentation and then hit
Enter key to proceed forward to PXE menu.
PXE Network Boot
PXE Network OS Boot
18. Once you have reached PXE menu, choose your CentOS 7 installation type, hit
Enter key and continue with the installation procedure the same way as you might install it from a local media boot device.
Please note down that using variant 2 from this menu requires an active Internet connection on the target client. Also, on below
screenshots you can see an example of a client remote installation via VNC.
PXE Menu
Remote Linux Installation via VNC
Remote Installation of CentOS
That’s all for setting up a minimal
PXE Server on
CentOS 7.
On my next article from this series, I will discuss other issues
concerning this PXE server configuration such as how to setup automated
installations of
CentOS 7 using
Kickstart files and adding other Linux distributions to PXE menu –
Ubuntu Server and
Debian 7.
Requirements
- CentOS 7.0 DVD ISO
CentOS 7.0 Installation Process
1. After downloading the last version of CentOS using above links or using official
CentOS download page. Burn it to a DVD or create a bootable USB stick using
LiveUSB Creator called
Unetbootin.
2. After you have created the installer bootable
media, place your DVD/USB into your system appropriate drive, start the
computer, select your bootable unit and the first CentOS 7 prompt should
appear. At the prompt choose
Install CentOS 7 and press [
Enter] key.
CentOS 7 Boot Menu
3. The system will start loading media installer and a Welcome screen should appear. Select your
Installation Process Language, that will assist you through the entire installation procedure and click on
Continue.
CentOS Installer Loading
Select Installation Process Language
4. The next step, present screen prompt is
Installation Summary.
It contains a lot of options to fully customize your system. First
thing you may want to setup is your time settings. Click on
Date & Time and select your server physical location from the provided map and hit on upper
Done button to apply configuration.
Select Date & Time and Location
5. The next step is to choose your
Language Support and
Keyboard settings. Choose your main and extra language for your system and when you’re finished hit on
Done button.
Select Language and Keyboard
Select English Language
6. The same way choose your
Keyboard Layout by hitting the
plus
button and test your keyboard configuration using the right input
filed. After you finish setting up your keyboard, again hit on upper
Done button to apply changes and go back to main screen on Installation Summary.
Choose Keyboard Layout
Choose English Keyboard
7. On the next step you can customize your installation by using other
Installation Sources than your local DVD/USB media, such as a network locations using
HTTP,
HTTPS,
FTP or
NFS
protocols and even add some additional repositories, but use this
methods only if you know what you’re doing. So leave the default
Auto-detected installation media and hit on
Done to continue.
Choose Installation Sources
Auto Detect Installation Type
8. On the next step you can choose your system
installation software. On this step CentOS offers a lot of Server and
Desktop platform environments that you choose from, but, if you want a
high degree of customization, especially if you are going to use CentOS 7
to run as a server platform, then I suggest you select
Minimal Install with
Compatibility Libraries as
Add-ons, which will install a minimal basic system software and later you can add other packages as your needs require using
yum groupinstall command.
Software Selection
Select CentOS 7 Minimal Install
9. Now it’s time to partition your hard-drive. Click on
Installation Destination menu, select your disk and choose
I will configure partitioning.
Choose Installation Destination
Installation Device Selection
10. On the next screen, choose
LVM (Logical Volume Manager) as partition layout and, then, click on
Click here to create them automatically, option which will create three system partition using
XFS filesystem, automatically redistributing your hard-disk space and gathering all LVS into one big
Volume Group named
centos.
- /boot – Non LVM
- /(root) – LVM
- Swap – LVM
Select LVM Partition Type
Create Partitions
11. If you are not pleased with the default partition layout done automatically by the installer you can completely
add, modify or resize your partition scheme and when you finish hit on
Done button and
Accept Changes on the Summary of Changes prompt.
Summary of Partition Changes
NOTE: For those users, who have
hard-disks more than 2TB in size, the installer automatically will
convert partition table to GPT, but if you wish to use GPT table on
smaller disks than 2TB, then you should use the argument
inst.gpt to the installer boot command line in order to change the default behaviour.
12. The next step is to set your system hostname and enable networking. Click on
Network & Hostname label and type your system
FQDN (Fully Qualified Domain Name) on Hostname filed, then enable your Network interface, switching the top
Ethernet button to
ON.
If you have a functional DHCP server on you network then it will
automatically configure all your network setting for enabled NIC, which
should appear under your active interface.
Set System Hostname
Enable Ethernet Interface
13. If your system will be destined as a server it’s better to set static network configuration on Ethernet NIC by clicking on
Configure button and add all your static interface settings like in the screenshot below, and when you’re finished hit on
Save button, disable and enable Ethernet card by switching the button to
OFF and
ON, and, then hit on
Done to apply setting and go back to main menu.
Enter Network Settings
14. Now it’s time to start installation process by pressing on
Begin Installation button and set up a strong password for
root account.
Click on Begin Installation
Select Root Password
Enter Root Password
15. After you finish setting up a strong password for root account move to
User Creation and create your first system user. You can designate this user to become a System Admin with root privileges using
sudo command by checking the box
Make this user administrator, then click on
Done to go back on main menu and wait for the installation process to finish.
CentOS 7 Installation Process
User Creation and Set Password
16. After the installation process finishes, the
installer will show a successfully message on screen, demanding to
reboot your system in order to use it.
CentOS 7 Installation Complete
Congratulation! You have now installed last version of
CentOS on your bare new machine. Remove any installation media and
reboot your computer so you can login to your new minimal
CentOS 7
environment and perform other system tasks, such as update you system
and install other useful software needed to run day to day tasks.
Disable and Remove Unwanted Services on RHEL/CentOS 7 Minimal Installation
RHEL/
CentOS 7 minimal installation for servers comes with some default pre-installed services, such as
Postfix Mail Transfer Agent daemon,
Avahi mdns daemon (multicast Domain Name System) and
Chrony service, which is responsible to maintain system clock.
Remove Services in CentOS 7
Now comes to the question.. Why wed need to disable all these
services. if they are pre-installed? One of the main reason would be to
increase system security level degree, the second reason is system final
destination and the third is system resources.
Requirements
- CentOS 7 Minimal Installation
- RHEL 7 Minimal Installation
If you are planning to use your newly installed RHEL/CentOS 7 to host, let’s say, a small website which runs on
Apache or
Nginx,
or to provide network services like DNS, DHCP, PXE boot, FTP server,
etc or other services that don’t require to run Postifx MTA daemon,
Chrony or Avahi daemon, then why we should keep all these unnecessary
daemons installed or even running on your server.
The main external services that your server truly requires to run after you perform a minimal installation would be just a
SSH
daemon, in order to allow remote logins on system, and, in some cases,
NTP service, to accurately synchronize your server internal clock with
external NTP servers.
Disable/Remove Postfix MTA, Avahi and Chrony Services
1. After the installation finishes, login on your server with
root
account or a user with root privileges and perform a system update, to
make sure that your system is up-to-date with all packages and security
patches.
# yum upgrade
Upgrade System
2. The next step would be to install some useful system utilities using YUM Package Manager, such as
net-tools (this package provides the older
but good
ifconfig command),
nano text editor,
wget and
curl for URL transfers,
lsof (to list your open files) and
bash-completion, which auto completes typed commands.
# yum install nano bash-completion net-tools wget curl lsof
Install System Utilities
3. Now you can start disabling and remove
pre-installed unwanted services. First of all get a list of all your
enabled and running services by running
netstat command against TCP, UDP and Listen state network sockets.
# netstat -tulpn ## To output numerical service sockets
# netstat -tulp ## To output literal service sockets
List Enabled Services
4. As you can see
Postfix is started and listens on localhost on port 25,
Avahi daemon binds on all network Interfaces and
Chronyd
service binds on localhost and all network interfaces on different
ports. Proceed with Postfix MTA service removal by issuing the following
commands.
# systemctl stop postfix
# yum remove postfix
Remove Postfix Service
5. Next remove Chronyd service, which will be replaced by NTP server, by issuing the following commands.
# systemctl stop chronyd
# yum remove chrony
Remove Chronyd Service
6. Now it’s time to remove
Avahi daemon.
Looks like in RHEL/CentOS 7 Avahi daemon is strongly tight and depends
on Network Manager service. Performing Avahi daemon removal can leave
your system without any network connections.
So, pay extra attention to this step. If you really need automatic
network configuration provided by Network Manager or you need to edit
your interfaces
through
nmtui network and interface utility, then you should only stop and disable Avahi daemon and perform no removal at all.
If you still want to completely remove this service then you must manually edit network configuration files located in
/etc/sysconfig/network-scripts/ifcfg-interface_name, then start and enable networking service.
Issue the following commands to remove
Avahi mdns daemon.
Caution: Do not attempt to remove Avahi daemon if you connected through SSH.
# systemctl stop avahi-daemon.socket avahi-daemon.service
# systemctl disable avahi-daemon.socket avahi-daemon.service
--------- Stop here if you don't want removal ---------
# yum remove avahi-autoipd avahi-libs avahi
Remove Avahi Daemon
7. This step is required only if you removed
Avahi daemon and your network connections crashed and you need to manually configure Network Interface Card again.
To edit your NIC to use
IPv6 and
static IP Address, go to
/etc/sysconfig/network-scripts/ path, open NIC interface file (usually the first card is named
ifcfg-eno1677776 and is already configured by Network Manager) and use the following excerpt as a guide in case your
network interface has no configuration.
IPV6INIT=no
IPV6_AUTOCONF=yes
BOOTPROTO=none
DEVICE=eno16777736
ONBOOT=yes
UUID=c3f0dc21-d2eb-48eb-aadf-10a520b13df0
TYPE=Ethernet
#DEFROUTE=no
IPV4_FAILURE_FATAL=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
NAME="System eno16777736"
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
HWADDR=00:0C:29:E2:06:E9
IPADDR=192.168.1.25
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DNS2=8.8.8.8
Configure Network Interface
The most important settings here you should take into consideration are:
- BOOTPROTO – Set to none or static – for static IP Address.
- ONBOOT – Set to yes – to bring up your interface after reboot.
- DEFROUTE – Statement commented with a # or completely removed
– do not use default route (If you use it here you should add
“DEFROUTE: no” to all network interfaces, not used as the default
route).
8. If your infrastructure has an DHCP Server that
automatically assigns IP Addresses, use the following excerpt for
Network Interfaces Configuration.
IPV6INIT=no
IPV6_AUTOCONF=yes
BOOTPROTO=dhcp
DEVICE=eno16777736
ONBOOT=yes
UUID=c3f0dc21-d2eb-48eb-aadf-10a520b13df0
TYPE=Ethernet
##DEFROUTE=no
IPV4_FAILURE_FATAL=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
NAME="System eno16777736"
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
HWADDR=00:0C:29:E2:06:E9
Configure DHCP Interface
Same as the configuration with Static IP Address, assure that
BOOTPROTO is set to
dhcp,
DEFROUTE
statement is commented or removed and the device is configured to
automatically start on boot. If you don’t use IPv6 just remove or
comment all the lines containing IPV6.
9. In order to apply the new configurations for your
network interfaces you must restart network service. After you restart
network daemon use
ifconfig
or
ip addr show command to get your interface settings and try to ping a domain name to see if network is functional.
# service network restart ## Use this command before systemctl
# chkconfig network on
# systemctl restart network
# ifconfig
# ping domain.tld
Confirm Network Settings
10. As a final setting make sure you set up a name for system
hostname using
hostnamectl utility and review your configuration with
hostname command.
# hostnamectl set-hostname FQDN_system_name
# hostnamectl status
# hostname
# hostname -s ## Short name
# hostname -f ## FQDN name
Setup System Hostname
11. That’s all! As a final test run
netstat command again to get a look of what services are running on your system.
# netstat -tulpn
# netstat -tulp
Verify Running Services
12. Besides SSH server, if your network uses DHCP to
pull dynamic IP configurations, a DHCP Client should run and be active
on UDP ports.
# netstat -tulpn
Verify DHCP Service
13. As an alternative to
netstat utility you can output your running network sockets with the help of
Sockets Statistics command.
# ss -tulpn
ss Command to Check Network
14. Reboot your server and run
systemd-analize command to determine your system boot-up time performance and, also, use
free and
Disk
Free command to display RAM and HDD statistics and
top command to see a top of the most used system resources.
# free -h
# df -h
# top
Check System Boot Time
Check Memory and Disk Usage
Congratulations! Now you have a clean minimal RHEL/CentOS 7 system
environment with less services installed and running and more resources
available for future configurations.
Setting Up “NTP (Network Time Protocol) Server” in RHEL/CentOS 7
Network Time Protocol – NTP- is a protocol which runs
over port 123 UDP at Transport Layer and allows computers to synchronize
time over networks for an accurate time. While time is passing by,
computers internal clocks tend to drift which can lead to inconsistent
time issues, especially on servers and clients logs files or if you want
to replicate servers resources or databases.
NTP Server Installation in CentOS and RHEL 7
Requirements:
- CentOS 7 Installation Procedure
- RHEL 7 Installation Procedure
Additional Requirements:
- Register and Enbale RHEL 7 Subscription for Updates
- Configure Static IP Address on CentOS/Rhel 7
- Disable and Remove Unwanted Services in CentOS/RHEL 7
This tutorial will demonstrate how you can install and configure
NTP server on
CentOS/
RHEL 7
and automatically synchronize time with the closest geographically
peers available for your server location by using NTP Public Pool Time
Servers list.
Step 1: Install and configure NTP daemon
1. NTP server package is provided by default from official
CentOS /
RHEL 7 repositories and can be installed by issuing the following command.
# yum install ntp
Install NTP Server
2. After the server is installed, first go to official
NTP Public Pool Time Servers, choose your
Continent area where the server physically is located, then search for your
Country location and a list of NTP servers should appear.
NTP Pool Server
3. Then open NTP daemon main configuration file for editing, comment the default list of Public Servers from
pool.ntp.org project and replace it with the list provided for your country like in the screenshot below.
Configure NTP Server
4. Further, you need to allow clients from your
networks to synchronize time with this server. To accomplish this, add
the following line to NTP configuration file, where
restrict statement controls, what network is allowed to query and sync time – replace network IPs accordingly.
restrict 192.168.1.0 netmask 255.255.255.0 nomodify notrap
The
nomodify notrap statements suggest that your clients are not allowed to configure the server or be used as peers for time sync.
5. If you need additional information for
troubleshooting in case there are problems with your NTP daemon add a
log file statement which will record all NTP server issues into one
dedicated log file.
logfile /var/log/ntp.log
Enable NTP Logs
6. After you have edited the file with all configuration explained above save and close
ntp.conf file. Your final configuration should look like in the screenshot below.
NTP Server Configuration
Step 2: Add Firewall Rules and Start NTP Daemon
7. NTP service uses UDP port
123 on OSI
transport layer (layer 4). It is designed particularly to resist the
effects of variable latency (jitter). To open this port on RHEL/CentOS 7
run the following commands against Firewalld service.
# firewall-cmd --add-service=ntp --permanent
# firewall-cmd --reload
Open NTP Port in Firewall
8. After you have opened Firewall port 123, start
NTP server and make sure you enable it system-wide. Use the following
commands to manage the service.
# systemctl start ntpd
# systemctl enable ntpd
# systemctl status ntpd
Start NTP Service
Step 3: Verify Server Time Sync
9. After NTP daemon has been started, wait a few
minutes for the server to synchronize time with its pool list servers,
then run the following commands to verify NTP peers synchronization
status and your system time.
# ntpq -p
# date -R
Verify NTP Time Sync
10. If you want to query and synchronize against a pool of your choice use
ntpdate command, followed by the server or servers addresses, as suggested in the following command line example.
# ntpdate -q 0.ro.pool.ntp.org 1.ro.pool.ntp.org
Synchronize NTP Time
Step 4: Setup Windows NTP Client
11. If your windows machine is not a part of a
Domain Controller you can configure Windows to synchronize time with
your NTP server by going to Time from the right side of
Taskbar ->
Change Date and Time Settings ->
Internet Time tab ->
Change Settings ->
Check Synchronize with an Internet time server -> put your
server’s IP or FQDN on
Server filed ->
Update now ->
OK.
Synchronize Windows Time with NTP
That’s all! Setting up a local NTP Server on your network ensures
that all your servers and clients have the same time set in case of an
Internet connectivity failure and they all are synchronized with each
other.
Setting Up Prerequisites to ‘Install Windows 7’ over ‘PXE Network Boot Server’ on RHEL/CentOS 7 – Part 1
Continuing the series of tutorials regarding
RHEL/
CentOS 7
PXE Network Boot Server Environment, where so far I have only discussed
integrating and installing Linux distributions over PXE Server.
Configure PXE Server to Install Windows
This tutorial will be concentrate around Windows based systems and will show you how to add and manually install
Windows 7, both 32-bit and 64-bit architectures, over a PXE Server and Samba shares.
Requirements
- Install PXE Network Boot Server for Multiple OS Installations in RHEL/CentOS 7
- A Samba fully accessed directory share setup on PXE Server machine.
- A computer with Windows 7 operating system installed.
- Windows Automated Installation Kit (AIK) installed on Windows 7 computer.
- Both Windows 7 32-bit/64-bit DVD ISO Images.
Before proceeding with the installation process, I will explain how this guide is structured.
The first part will cover the configurations needed to setup the
environment on RHEL/CentOS 7 PXE Server premises, by installing and
configuring a Samba fully accessed shared directory with no
authentication needed, where both Windows 7 system architecture images
will be deployed, and, also, editing PXE Server default configuration
file with the options needed to boot
WinPE ISO Image in order to manually proceed with Windows installation process.
The second part will be focused on building
WinPE ISO image (
Windows Preinstallation Enironment) with the help of
Windows Automated Installation Kit (AIK) installed on a
Windows 7 computer premises. This image will be then transferred to
PXE Server machine via Samba shared directory and moved to TFTP server default location.
The next steps that should be made on the client-side in order to boot, access and install Windows 7 over network.
Step 1: Install and Setup Samba Share on PXE Server
1. On the first step, login to
PXE Server with root account and setup a fully accessed Samba share, where
Windows 7 DVD installation sources will be deployed. Install Samba daemon by issuing the following command.
# yum install samba samba-common samba-winbind
Install Samba on PXE
2. Next, backup samba main configuration file and
create a new configuration file with your favourite text editor by
running the following commands.
# mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
# nano /etc/samba/smb.conf
Backup Samba Configuration
3. Now add the following configurations to samba main file as presented in the below file excerpt.
[global]
workgroup = PXESERVER
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
netbios name = pxe
map to guest = bad user
dns proxy = no
public = yes
## For multiple installations the same time - not lock kernel
kernel oplocks = no
nt acl support = no
security = user
guest account = nobody
[install]
comment = Windows 7 Image
path = /windows
read only = no
browseable = yes
public = yes
printable = no
guest ok = yes
oplocks = no
level2 oplocks = no
locking = no
Configure Samba for PXE
As you can see from this configuration file, I have created a shared folder named
install which is located under
/windows system path (on this path will copy
Windows 7 DVD installation sources).
4. After finishing editing main samba configuration file run
testparm command in order to check and validate the file for eventual errors or misconfigurations.
# testparm
Check Samba Configuration
5. On the next step create the
/windows directory under root path (the directory defined in samba conf file) and add
SELinux contextual rules in
order to be fully accessed in case your system has enforced SELinux security.
# mkdir /windows
# semanage fcontext -a -t samba_share_t ‘/windows(/.*)?’
# restorecon -R -v /windows
Add Samba Selinux Rules
Step 2: Deploy Windows 7 Installation Sources on PXE Server
6. For this step both
Windows 7 ISO DVD Images are needed. But before mounting and copy DVD content create two directories under
/windows path
to separate Windows installation sources architectures.
# mkdir /windows/x32
# mkdir /windows/x64
Create Windows Install Sources on PXE
7. Now it’s time to copy
Windows Installation Sources to the paths created above. First put
Windows 7 32-bit DVD Image ISO on your machine DVD drive, mount the image to
/mnt path and copy all DVD mounted content to samba shared directory
/windows/x32/. The transfer process can take a while depending on your system resources, and, after it finishes, unmount
Windows 7 32-bit DVD Image.
# mount -o loop /dev/cdrom /mnt
# cp -rf /mnt/* /windows/x32/
# umount /mnt
Mount Windows Install DVD on PXE
8. Repeat the above process with
Windows 7 64-bit DVD Image, but this time copy DVD mounted content to
/windows/x64/ shared path.
# mount -o loop /dev/cdrom /mnt
# cp -rf /mnt/* /windows/x64/
# umount /mnt
Mount Windows 7 64 bit on PXE
Note: If your PXE server machine
doesn’t have a DVD drive you can copy both Windows DVDs contents after
you start samba server and access the “install” shared folder from a
Windows computer.
9. After both DVD’s images are copied, issue the
following commands to setup the right owner and permissions in order to
make the share readable and fully accessible without authentication.
# chmod -R 0755 /windows
# chown -R nobody:nobody /windows
Grant Permission Windows Install Sources
Step 3: Add Firewall Rules, Start and Enable Samba System-Wide
10. If you are using a
Firewall on your PXE Server premises, add the following rule to
Firewalld service to open Samba to outside connections.
# firewall-cmd --add-service=samba --permanent
# firewall-cmd --reload
Open Samba on Firewall
11. Now, start Samba daemons and enable it system
wide, to automatically start after every reboot, by issuing the
following commands.
# systemctl restart smb
# systemctl enable smb
# systemctl restart winbind
# systemctl enable winbind
# systemctl restart nmb
# systemctl enable nmb
# systemctl status smb
Enable Samba Systemwide
12. To test Samba configuration move to a
Windows
computer and add the IP Address of your Samba server followed by the
shared path name in Windows Explorer address bar and the shared folders
should appear.
\\192.168.1.20\install
Check Samba Shares
At this point you can now use the alternate method explained in the above note, and put
Windows 7 ISO Images in your DVD drive and copy their content, depending on the system architecture, to
x32 and
x64 folders.
Step 4: Configure PXE Server
13. Before editing
PXE Menu configuration file, create a new directory named
windows on
TFTP server default system path. Under this directory you will later copy
WinPE ISO image, created on the
Windows 7 computer using
Windows Automated Installation Kit program.
# mkdir /var/lib/tftpboot/windows
14. Now, open
PXE Server default configuration file and add
Windows Installation label to PXE menu, as described in the below menu excerpt.
# nano /var/lib/tftpboot/pxelinux.cfg/default
Windows 7 menu label configuration.
label 9
menu label ^9) Install Windows 7 x32/x64
KERNEL memdisk
INITRD windows/winpe_x86.iso
APPEND iso raw
Add Windows 7 to PXE Menu
That’s all you need to setup on
RHEL/CentOS 7 PXE Server side. Still, don’t close the console yet, because you will need it later to copy
WinPE ISO image to
/var/lib/tftpboot/windows/ directory.
Further let’s continue with the procedure and move onto a
Windows 7 Installation on PXE Network – Part 2 of this series
Installing Windows 7 over PXE Network Boot Server on RHEL/CentOS 7 using WinPE ISO Image – Part 2
Continuing the series regarding installing
Windows 7 over
RHEL/
CentOS 7
PXE Network Boot, where in the first part I have only covered setting
up prerequisites on PXE Server, now in this article will be going to
discuss how to build
WinPE ISO image with the help of
Windows Automated Installation Kit on Windows and then move the build image to
PXE Server TFTP default location to access and install Windows 7 over PXE network.
Install Windows 7 over PXE Boot in CentOS
Requirements
- Configure PXE Server to Install Windows 7 over PXE Network Boot – Part 1
Step 1: Download and Install Windows Automated Installation Kit
1. On this second part, logon to a
Windows 7 Operating System computer, go to
Microsoft Download Center and download
Windows Automated Installation Kit ISO image file by using the following link.
- http://www.microsoft.com/en-us/download/details.aspx?id=5753
Download Windows Automated Installation Kit
2. After
AIK ISO image finishes downloading, mount the image using a Windows mount software (
Daemon Tools Lite Free Edition will do the job) and install Windows Automated Installation Kit software.
Mount Windows Automated Installation Kit
Welcome to Windows AIK
Step 2: Create WinPE ISO Image on Windows 7
3. After
Windows AIK software is installed on your system go to
Windows Start ->
All Programs ->
Microsoft Windows AIK -> right click on
Deployment Tools Command Prompt and select
Run as Administrator and a new
Windows Shell console should open on your screen.
Create WinPE ISO Image
4. Now it’s time to build the
Windows 7 Preinstallation Environment (WinPE) x86 boot image by issuing the following commands on
Deployment Tools Command Prompt.
copype x86 C:\winPE_x86
copy "C:\Program Files\Windows AIK\Tools\PETools\x86\winpe.wim" C:\winpe_x86\ISO\Sources\Boot.wim
copy "C:\Program Files\Windows AIK\Tools\x86\Imagex.exe" C:\winpe_x86\ISO\
oscdimg -n -bC:\winpe_x86\etfsboot.com C:\winpe_x86\ISO C:\winpe_x86\winpe_x86.iso
Build WinPE Image
Copy WinPE ISO Image
5. Although for this tutorial just the
WinPE x86 Boot ISO Image is required, below you can find the commands to build PE Images for Windows 7 64-bit and Windows 8 architectures also.
To build WinPE Boot images for Windows 7 64-bit use the following commands:
copype amd64 C:\winPE_amd64
copy "C:\Program Files\Windows AIK\Tools\PETools\amd64\winpe.wim" C:\winpe_amd64\ISO\Sources\Boot.wim
copy "C:\Program Files\Windows AIK\Tools\amd64\Imagex.exe" C:\winpe_amd64\ISO\
oscdimg -n -bC:\winpe_amd64\etfsboot.com C:\winpe_amd64\ISO C:\winpe_amd64\winpe_amd64.iso
To build Windows 8 32-bit WinPE bootable images run the following commands:
copype x86 C:\Win8PE_x86
MakeWinPEMedia /ISO C:\Win8PE_x86 C:\Win8PE_x86\WinPE_x86.iso
To build Windows 8 64-bit WinPE bootable images run the following commands:
copype amd64 C:\Win8PE_amd64
MakeWinPEMedia /ISO C:\Win8PE_amd64 C:\Win8PE_amd64\Win8PE_amd64.iso
Step 3: Copy WinPE ISO Image to CentOS PXE Server
6. After Windows 7 Preinstallation Environment (WinPE) x86 boot image has been created, use
Windows Explorer to copy
winpe_x86.iso image located in
C:\winpe_x86\ windows path to
PXE Samba shared directory at
\\192.168.1.20\install network location.
Copy WinPE ISO Image PXE Server
7. After
WinPE x86 ISO file is completely transferred to Samba “
install” shared directory go back to
PXE Server console and move this image from root’s
/windows directory to TFTP windows directory path to complete the entire installation process.
# mv /windows/winpe_x86.iso /var/lib/tftpboot/windows/
Step 4: Boot and Install Windows 7 over PXE Network on Client Side
8. In order to boot and install Windows 7 via
network and PXE server, first instruct the clients machines to boot over
network by modifying BIOS device boot order or hit a custom key during
BIOS post to select a network boot device.
After the first PXE prompt appears press
F8 and
Enter keys to continue and then select
Install Windows 7 from PXE menu.
Select Windows 7 from PXE Menu
9. After
WinPE image finishes loading, a customized minimal image of windows starts and a
Command Prompt window will be displayed on screen.
Loading Windows 7 over PXE Boot
Starting Windows 7 over PXE Boot
Windows 7 Command Prompt
10. In order to install
Windows 7 over a Network Share, in the
Command Prompt window, map the Windows installation sources (use the architecture
path you want to install), configured on
PXE Samba share directory, as a Network drive.
Then enter network drive share, by specifying the drive letter, and run
setup.exe
utility. Use the following commands to start the installation process
(replace the samba network address location and network drive letter
accordingly) and continue with the installation process as you normally
do it from a local DVD media.
net use z: \\192.168.1.20\install\x32
Z:
setup.exe
Enter Windows 7 Installation Source
Choose Windows 7 Language
Select Drive to Install Windows 7
11. If you want to install the
64-bit architecture, map the specific
64-bit network path using a different letter and continue the installation procedure by following the same steps explained above.
net use y : \\192.168.1.20\install\x64
Y:
setup.exe
Choose Windows 7 Install Source
Select Windows 7 Home Basic
12. In case the installation sources are configured with authentication use the following command switch to specify the username.
net use y : \\192.168.1.20\install\x64 /user:samba_username
13. After both architectures installation sources
had been mapped you can change between them by switching to the
designated network drive letter as presented in the screenshot below.
Change Network Installation Source
Thats all! Performing Windows installations over
PXE and
network has a lot of advantages, such as cutting down the installation
time drastically, allowing the installation process to take place the
same time on multiple machines without the need to use a physical
installation media.
You can also setup multiple Windows Installation Sources (using
Windows or
Samba shares) on different machines over your network to avoid a bottleneck on
RHEL/CentOS PXE Server,
in case you install Windows on multiple machines the same time, and
direct the network drive maps to use those specific network sources on
installation process.
