Full Guide: Automatically install Linux OS from network

Preparation

The installation is based on a debian jessie (server) with two network interface. eth0(192.168.100.2) connects to internet, eth1(10.10.10.2) for intranet configured for with fai server.

dhcp server

Firstly, configure fai server with a static ip, edit /etc/network/interfaces

iface eth1 inet static
    address 10.10.10.2
    netmask 255.255.255.0
    broadcast 10.10.10.255
    gateway 10.10.10.1

Install isc-dhcp-server using the following command

apt-get install isc-dhcp-server

edit the config file /etc/dhcp/dhcpd.conf

subnet 10.10.10.0 netmask 255.255.255.0 {
  range 10.10.10.5 10.10.10.240;
  option routers 10.10.10.2;
  option broadcast-address 10.10.10.255;
  option domain-name-servers 114.114.114.114;
  filename "pxelinux.0";}

After modify the config file, restart DHCP server with

/etc/init.d/isc-dhcp-server restart

tftp server

Install tfptd-hpa

apt-get install tfptd-hpa

Mkdir /srv/tftp/fai for pxe files, and edit the config file /etc/default/tftpd-hpa

TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp/fai"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure"

restart tftp server

/etc/init.d/tftpd-hpa restart

NFS server

apt-get install nfs-kernel-server rpcbind

Mkdir /srv/fai/config and /srv/fai/nfsroot and edit configuration file /etc/exports

/srv/fai/config 10.10.10.1/24(async,ro,no_subtree_check)
/srv/fai/nfsroot 10.10.10.1/24(async,ro,no_subtree_check,no_root_squash)

Reload nfs configuration

exportfs -a

Test mount nfs with

mount 127.0.0.1:/srv/fai/config

configure linux server as gateway (optional)

In order to install additional packages and update packages, client must be able to install and update packages from public Debian mirror, or local mirror. Mirror Debian packages may cost lots of time, so I prefer to configure the fai server as a network gateway which allow the client to update from public Debian mirror.

Enable ip forward in kernel

echo 1 > /proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv6/ip_forward

Config iptable rules

# clean existing rules
iptables -Fiptables -t nat -F
iptables -t mangle -F
iptables -X

# accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT


# allow ip forward from eth1 to eth0  
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT


# allow establish connection from eth0 to eth1
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT


# Masquerade.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Don't forward from the outside to the inside.
# iptables -A FORWARD -i eth0 -o eth1 -j REJECT

# save
iptables-save > /etc/iptables-rule 

# restore
iptables-restore < /etc/iptables-rule

Step 1: Build basic files

Install fai packages fai-quickstart which contains whole fai necessay packages.

apt-get install fai-quickstart

Edit /etc/fai/fai.conf

# Account for saving log files and calling fai-chboot.
LOGUSER=fai

# URL to access the fai config space
FAI_CONFIG_SRC=nfs://10.10.10.2/srv/fai/config

Edit nfsroot conf /etc/fai/nfsroot.conf which is named as nfs.conf in older fai version

# "<suite> <mirror>" for debootstrap
FAI_DEBOOTSTRAP="jessie http://http.debian.net/debian"
FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'

NFSROOT=/srv/fai/nfsroot
TFTPROOT=/srv/tftp/fai
NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/
FAI_DEBOOTSTRAP_OPTS="--exclude=info --include=aptitude"

# Configuration space
FAI_CONFIGDIR=/srv/fai/config

Then preparing a cup of coffee, and run fai-setup -v. All the necessary files for a Debian system are downloaded from internet, and store in /srv/fai/nfsroot as predefined.

Step 2: Customize your system

Copy the sample configurations to configuration space:

cp -a /usr/share/doc/fai-doc/examples/simple/* /srv/fai/config/

Generate PXE boot files with

fai-chboot -IFv 10.10.10.3
fai-chboot -IFv 10.10.10.4
...

Step 3: Boot Client with PXE support

Change boot priority to PXE when booting client, then wait the installation finished. When errors occur, check the error log /tmp/fai/error.log on client side.

Tips

Install more packages

Edit /srv/fai/config/package_config/FAIBASE, add packages you want to install during the automation installation process.

Execute scripts

Edit /srv/fai/config/scripts/*, put the shell script in it. For example, we want to add a user test with passwd test. Edit scripts/DEBIAN/10-rootpw

$ROOTCMD groupadd test
$ROOTCMD useradd test -p "\$1\$RjwFEEb9\$uBBen8wcr4p41hSY2FGuu1" -m -d /home/test -g test -s /bin/bash

$1$RjwFEEb9$uBBen8wcr4p41hSY2FGuu1 refers to the crypt passwd test with

mkpasswd -Hmd5 -s "test"

mkpasswd command is involved in package whois

Beside, other optimization tasks can be added to scripts/LAST/50-misc

Disk Partition

refer to the files in disk_config

Reference

comments powered by Disqus