Wednesday, 8 April 2015

Network booting and Imaging with Clonezilla and PXELINUX

If you want to quickly look at the PXE menu file you can do so here

Ok theres a lot of stuff about PXE out there, I thought I'd do an overview of our current PXE setup. We use PXELINUX to boot from the network and provide network boot images. We mainly use this setup for deploying PC images using clonezilla.

We deploy about 250 PCs in the space of a couple of days every year and so we had a few goals for this PXE boot setup.

  • It had to integrate with the current network setup in our orgainisation.
  • It had to be easy to use.
  • It had to be as zero touch as possible.
  • It had to be reliable.
To meet these requirements, we went with clonezilla live edition and made this bootable over the network. We could then pass preseeded answers to all questions that are asked by the live edition, in fact multiple menuitems with preseeded answers were created for each task. This reduced errors when using the system and made imaging accessible and easy to use.

As mentioned, we use clonezilla boot options heavily to answer a lot of questions that would get the same answers on each boot. The clonezilla guys are very helpful and you can basically pre-answer all of the questions that get asked, including what image to pull down! This saves a lot of typing.

To find out what answers you need to pass at boot time, the general idea is to burn a clonezilla ISO to CD and do the tasks that you need to do manually. At the end, the clonezilla CD will summarise the chosen options for you, just take a note of these and include them in your network boot menu. Here's a link to the clonezilla documentation on the subject

Clonezilla needs storage space on the network, we used a separate storage server with access over SSH for this. This means that all of our PC images are password protected and can be in separate user accounts for separate departments or people. I won't cover the setup of the storage server since it's just a plain old SSH server.

Here's the tutorial that I got a lot of my PXE setup information from, our setup differs where we use nginx instead of apache, but largely it's the same.

The overall system is made up of a Debian GNU/Linux server which serves up the PXE boot images over TFTP and network OS filesystems over HTTP. A second server acts as storage for clonezilla PC images that are to be deployed. This storage server can be a windows server, ssh server, NFS.

When PCs boot up, they get the address of the PXE server and the name of the file to boot via dhcp. This dhcp configuration snippet was given to the network admins to add to the organisation's DHCP configuration. We asked for the network guys to allow specific subnets to get this configuration, as PXE booting was not going to the whole network.
    ##### PXE-specific configuration directives...
    allow booting;
    allow bootp;
    next-server 10.108.150.38;
    filename "pxelinux.0";

We used tftpd-hpa on our Debian server to serve up the TFTP PXE files. Here's our current /etc/default/tftpd-hpa

    # /etc/default/tftpd-hpa

    TFTP_USERNAME="tftp"
    TFTP_DIRECTORY="/srv/tftp"
    TFTP_ADDRESS="0.0.0.0:69"
    TFTP_OPTIONS="--secure --ipv4"

Nginx was configured to serve the same directory over http. This allows the larger squashfs files to be downloaded over http which is much faster. Here's a sample /etc/nginx/sites-available/pxe

    server {
        listen   80;
        server_name pxe;
        root   /srv/tftp;
    }
Then enable this config by linking to the file from sites-enabled and restart nginx. (If the default config is in here, remove it)
    cd /etc/nginx/sites-enabled/
    ln -s ../sites-available/pxe
    /etc/init.d/nginx restart

Next copy some pxelinux files into the tftp directory. On the debian server, install syslinux then (look at step 5 here) copy the pxelinux files that get installed. To be honest you will find different tutorials all recommending a different set of files to copy, some more some less. It all depends on the features you use in your PXE menus. Here's the ones I use:

    apt-get install syslinux
    cp /usr/lib/syslinux/chain.c32 /srv/tftp
    cp /usr/lib/syslinux/ifcpu64.c32 /srv/tftp
    cp /usr/lib/syslinux/mboot.c32 /srv/tftp
    cp /usr/lib/syslinux/memdisk /srv/tftp
    cp /usr/lib/syslinux/menu.c32 /srv/tftp
    cp /usr/lib/syslinux/pxechain.com /srv/tftp
    cp /usr/lib/syslinux/chain.c32 /srv/tftp
    cp /usr/lib/syslinux/pxechain.com /srv/tftp
    cp /usr/lib/syslinux/vesamenu.c32 /srv/tftp

Ok so now we are nearly ready to serve the PXE boot images over tftp. Next we need to create the PXE menu and add some network enabled operating systems (e.g. clonezilla live network boot).

Available in our network boot menus are: a memory error checker memtest86+, clonezilla, a debian live LXDE desktop environment, gparted and the System Rescue CD. Finding out exactly where to download these images can be troublesome, so we'll go through these. Generally you are looking to download a zip which is named closely to the a corresponding iso file. The zip file will contain the network boot version of the iso file.

memtest86+ - On the downloads page, download the pre-compiled bootable binary

Clonezilla - From the projects front page, it's in Downloads -> stable releases -> Select CPU architecure "i686-pae", and file type "zip". You may want a different CPU Architecture, read the notes on this page.

Debian Live LXDE - from live.debian.net front page, Under user, Download releases, stable, amd64, webboot. Look for the latest version of the desktop you want. then download three files, ending with vmlinuz, initrd.img, squashfs. These are the kernel, the initial ram filesystem, and the live filesystem respectively.
Here's the download location:
http://cdimage.debian.org/debian-cd/current-live/amd64/webboot/

gparted - Download the gparted live ZIP file from here
http://sourceforge.net/projects/gparted/files/gparted-live-stable/

System Rescue CD - All the files you need are on the ISO file. The files you want to copy from the CD are:

   isolinux/rescue32
   isolinux/rescue64
   isolinux/initram.igz
   sysrcd.md5
   sysrcd.dat

Once I had downloaded all of these files, I made an images directory under /srv/tftp/ and copied the various images into a directory hierarchy. I'm just going to do a tree command on the filesystem and you can work out what goes where. Here it is And here is just the directories

Finally on to creating the PXE boot menu itself. Create a directory under /usr/tftp called pxelinux.cfg in here create a file called default. This file contains all of the menu items and options. Again I'll just post our complete working menu file so that you can take and compare to your own config files.

    mkdir /svr/tftp/pxelinux.cfg
    touch /svr/tftp/pxelinux.cfg/default

Here's a link to our PXE menu file. Some menu items have a password associated with them (which is blah), these are generated with the sha1pass tool. Also you can optionally hide the menu completely by uncommenting two lines near the top of the file the lines starting with MENU SHIFTKEY and NOESCAPE.

There's a lot of information here and a lot that can go wrong with your setup. If you feel that some aspect needs more explanation, comment and I can do a post that specifically covers that area. Anyway I hope this helps someone out there.

No comments:

Post a Comment