Thursday, September 6, 2012

centos kickstarts configure file example


Linux Documentation Sucks

Every time I try to lookup how to do something in Linux, I get a deluge of out of date, incomplete, and just plain wrong documentation. This is the PXE/Kickstart guide I wish I would have read before I wasted 3 days. Thanks for nothing, RedHat documentation team.

Outline of the steps

* Obtain installation media
* Create Kickstart config file
* Setup NFS server
* Obtain PXE bootloader
* Create PXE config file
* Setup TFTP server
* Setup DHCP server

Installation Media

I was installing CentOS 5.5/x86_64 during this process, so I downloaded the two DVD images via torrent onto my NFS server. My BitTorrent client created the directory CentOS-5.5-x86_64-bin-DVD with the files:
CentOS-5.5-x86_64-bin-DVD-1of2.iso  md5sum.txt      sha1sum.txt      sha256sum.txt
CentOS-5.5-x86_64-bin-DVD-2of2.iso  md5sum.txt.asc  sha1sum.txt.asc  sha256sum.txt.asc
I moved this directory to /share/images to make it available via NFS.

Next I mounted the first ISO file as a loop image and copied the initrd and kernel to my DHCP server:
$ sudo mount /share/images/CentOS-5.5-x86_64-bin-DVD/CentOS-5.5-x86_64-bin-DVD-1of2.iso /mnt/dvd/ -t iso9660 -o loop
$ scp /mnt/dvd/images/pxeboot/*i* root@dhcp-server:/tftpboot

Kickstart File

I created the directory /share/kickstart for Kickstart config files on my NFS server.

I created the Kickstart file (test64-ks) using a previous CentOS install as a basis, and editing it based on snippets I found scattered around the 'Web.
# Kickstart file automatically generated by anaconda.
# Modified substantially by chort

install
nfs --server 10.25.0.129 --dir /share/images/CentOS-5.5-x86_64-bin-DVD/
#url --url http://mirror.centos.org/centos/5.4/os/x86_64
lang en_US.UTF-8
keyboard us

# don't define more NICs than you have, the install will bomb if you do
network --device eth0 --onboot yes --bootproto static --ip 10.25.42.139 --netmask 255.255.0.0 --gateway 10.25.0.1 --nameserver 10.25.0.5
#network --device eth1 --onboot no --bootproto dhcp
#network --device eth2 --onboot no --bootproto dhcp
#network --device eth3 --onboot no --bootproto dhcp

# grab the hash from an account in /etc/shadow that has the password you want to use
rootpw --iscrypted $1$fi0JeZ1p$Il0CxFxe0jqpNnkrOqC.0.
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --disabled
timezone --utc America/Los_Angeles

bootloader --location=mbr --driveorder=sda
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
clearpart --all --drives=sda
# 100MB /boot partition
part /boot --fstype ext3 --size=100 --ondisk=sda
# everything else goes to LVM
part pv.4 --size=0 --grow --ondisk=sda
volgroup VolGroup00 --pesize=32768 pv.4
# 2GB swap fs
logvol swap --fstype swap --name=LogVol01 --vgname=VolGroup00 --size=2048
# 5GB / fs
logvol / --fstype ext3 --name=LogVol00 --vgname=VolGroup00 --size=5120
# 10GB + remaining space for /opt fs
logvol /opt --fstype ext3 --name=LogVol02 --vgname=VolGroup00 --size=10240 --grow

%packages
@base
@core
@dialup
@editors
@text-internet
keyutils
trousers
fipscheck
device-mapper-multipath
bind
bind-chroot
bind-devel
caching-nameserver
compat-libstdc++-33
compat-glibc
gdb
ltrace
ntp
OpenIPMI-tools
screen
sendmail-cf
strace
sysstat
-bluez-utils

%post
/usr/bin/yum -y update >> /root/post_install.log 2>&1
/sbin/chkconfig --del bluetooth
/sbin/chkconfig --del cups
/sbin/chkconfig ntpd on
/sbin/chkconfig named on

NFS Server

Make sure NFS is enabled:
$ for i in nfs nfslock portmap ; do sudo chkconfig --list $i ; done

Edit /etc/exports to enable access to the share for the machines that will PXE boot:
# sample /etc/exports file
#/               master(rw) trusty(rw,no_root_squash)
#/projects       proj*.local.domain(rw)
#/usr            *.local.domain(ro) @trusted(rw)
#/home/joe       pc001(rw,all_squash,anonuid=150,anongid=100)
#/pub            (ro,insecure,all_squash)
#/pub            (ro,insecure,all_squash)

/share  *.bkeefer.se.example.com(ro,no_root_squash)

I restart the nfs service after I edit /etc/exports
$ sudo service nfs restart

Bootloader

Next, on the DHCP server, I grabbed the PXE bootloader from the syslinux package. You should be able to install this through yum:
$ sudo yum install syslinux

Copy the bootloader to the TFTP server directory:
$ sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot

Create the pxelinux.cfg directory in /tftpboot and edit the default file:
# You can have multiple kernels, if so name each with it's version
# This configuration only has one possible kernel so I didn't rename it
default linux
label linux
  kernel vmlinuz
  append ksdevice=eth0 load_ramdisk=1 initrd=initrd.img network ks=nfs:10.25.0.129:/share/kickstart/test64-ks

TFTP Server

Configure the TFTP server by editing /etc/xinetd.conf/tftp file:
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol.  The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
 socket_type  = dgram
 protocol  = udp
 wait   = yes
 user   = root
 server   = /usr/sbin/in.tftpd
 server_args  = -vvs /tftpboot
 disable   = no
 per_source  = 11
 cps   = 100 2
 flags   = IPv4
}
I changed "disable = yes" -> "disable = no" and "server_args = -s /tftpboot" -> "server_args = -vvs /tftpboot". xinetd probably doesn't need to be restarted, but I did any way:
$ sudo service xinetd restart

I had only a single machine to boot, so I used a fixed IP base on the Ethernet address. Make sure you edit /var/lib/dhcp.lease* to erase references to the MAC and restart dhcpd. Here's the /etc/dhcpd.conf
shared-network SE-NET {

 subnet 10.25.42.0 netmask 255.255.255.0 {
  authoritative;
  allow booting;
  option routers   10.25.0.1;
  option subnet-mask  255.255.0.0;
  option domain-name  "bkeefer.se.example.com";
  option domain-name-servers 10.25.0.5;
  option time-offset  -28800;
  option ntp-servers  ntp.example.com;

  host test64 {
   hardware ethernet 00:0c:29:b3:81:99;
   fixed-address 10.25.42.139;
   next-server 10.25.0.5;
   filename "pxelinux.0";
  }
 }
}

I haven't had any luck with restarting dhcpd, so I do stop followed by start:
$ sudo service dhcpd stop && sudo service dhcpd start

Note that there are also forward and reverse DNS entries to match 10.25.42.139 to test64.bkeefer.se.example.com .

Final Step

At this point you should be able to edit the BIOS for the machine you're booting to make sure the network card is in the boot order (as long as there's no OS installed, it should boot off the NIC no matter where it is in the order).

Conclusion

There, was that so hard? You'd think with the hundreds of millions of dollars RedHat takes in every year they could afford to test their documentation, and maybe even write start-to-finish guides instead of disconnected snippets.

Please e-mail me at with any suggestions or feedback.  Thanks!






This site © copyright 2003-2010 Brian Keefer.  Opinions expressed on this site are my own and do not reflect those of my employer.

No comments: