Friday, November 30, 2012

PXE Boot Server Ubuntu



DDNS, DHCP & PXE server configuration ubuntu



configure ddns server =>

#apt-get install bind9 dhcp3-server

#vim /etc/hosts
      127.0.0.1   localhost
      192.168.0.194     host.irfan.com     host
:wq

#vim /etc/resolv.conf
nameserver  192.168.0.50
nameserver  127.0.0.1
:wq

#vim /etc/bind/db.irfan.com
irfan.com.           IN SOA  host.irfan.com. pathanirfan6@gmail.com. (
                                1          ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
irfan.com.                           IN      NS   host.irfan.com.
localhost.irfan.com.                 IN      A    127.0.0.1
host.irfan.com.         IN      A    192.168.0.194

:wq


#vim /etc/bind/db.192.168.0
0.168.192.in-addr.arpa.     IN SOA  host.irfan.com. pathanirfan6@gmail.com. (
                                1          ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
0.168.192.in-addr.arpa.       IN    NS   host.irfan.com.
194.0.168.192.in-addr.arpa.   IN    PTR  host.irfan.com.

:wq

#vim /etc/bind/named.conf.local
zone "irfan.com" in {
        type master;
        file "/etc/bind/db.irfan.com";
        allow-update { key "rndc-key"; };
        notify yes;
};
 
zone "0.168.192.in-addr.arpa" in {
        type master;
        file "/etc/bind/db.192.168.0";
        allow-update { key "rndc-key"; };
        notify yes;
};
 
include "/etc/bind/rndc.key";

:wq

-----------------------------------------------------------


configure dhcp server =>



#vim /etc/dhcp3/dhcpd.conf

# Basic stuff to name the server and switch on updating
server-identifier       192.168.0.194;
ddns-updates            on;
ddns-update-style       interim;
ddns-domainname         "irfan.com.";
ddns-rev-domainname     "in-addr.arpa.";
# Ignore Windows FQDN updates
ignore                  client-updates;
 
# Include the key so that DHCP can authenticate itself to BIND9
include                 "/etc/bind/rndc.key";
 
# This is the communication zone
zone irfan.com. {
        primary 127.0.0.1;
        key rndc-key;
}
 
# Normal DHCP stuff
option domain-name              "irfan.com";
option domain-name-servers      192.168.0.194;
option ip-forwarding            off;
 
default-lease-time              600;
max-lease-time                  7200;
log-facility                  local7;
allow booting;
allow bootp;
 
# Tell the server it is authoritative on that subnet (essential)
authoritative;
subnet 192.168.0.0 netmask 255.255.240.0 {
        range                           192.168.9.50 192.168.9.254;
        option broadcast-address        192.168.1.255;
        option routers                  192.168.0.194;
        allow                           unknown-clients;
        filename "pxelinux.0";
        next-server 192.168.0.194;
 
        zone 0.168.192.in-addr.arpa. {
                primary 192.168.0.194;
                key "rndc-key";
        }
 
        zone localdomain. {
                primary 192.168.0.194;
                key "rndc-key";
        }
}

:wq


#vim /etc/bind/named.conf.options

options {
      directory "/var/cache/bind";

      // If there is a firewall between you and nameservers you want
      // to talk to, you may need to fix the firewall to allow multiple
      // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

      // If your ISP provided one or more IP addresses for stable
      // nameservers, you probably want to use them as forwarders. 
      // Uncomment the following block, and insert the addresses replacing
      // the all-0's placeholder.

       forwarders {
            8.8.8.8;8.8.2.2;
       };

      auth-nxdomain no;    # conform to RFC1035
      listen-on-v6 { any; };
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
        };
:wq


Assign permissionz

#chmod g+w /etc/bind
#chmod +r /etc/bind/rndc.key


Apparmour changes
Add following line in apparmour before closing “}”
#vi /etc/apparmor.d/usr.sbin.dhcpd3
/etc/bind/ rw,
/etc/bind/** rw,

example :
#vi /etc/apparmor.d/usr.sbin.dhcpd3

# vim:syntax=apparmor
# Author: Irfan Pathan <pathanirfan6@gmail.com>

#include <tunables/global>

/usr/sbin/dhcpd3 {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/ssl_keys>

  capability net_bind_service,
  capability net_raw,
  capability setgid,
  capability setuid,

  network inet raw,
  network packet packet,

  /etc/hosts.allow r,
  /etc/hosts.deny r,

  /etc/dhcp3/ r,
  /etc/dhcp3/** r,
  /etc/dhcpd.conf r,
  /etc/dhcpd_ldap.conf r,

  /usr/sbin/dhcpd3 mr,

  /var/lib/dhcp3/dhcpd.leases* lrw,
  /var/log/ r,
  /var/log/** rw,
  /var/run/dhcp3-server/dhcpd.pid w,

  # LTSP. See:
  /etc/ltsp/ r,
  /etc/ltsp/** r,
  /etc/dhcpd-k12ltsp.conf r,
  /etc/dhcpd.leases* lrw,
  /ltsp/ r,
  /ltsp/** r,

  # Eucalyptus
  /var/run/eucalyptus/net/ r,
  /var/run/eucalyptus/net/** r,
  /var/run/eucalyptus/net/*.pid lrw,
  /var/run/eucalyptus/net/*.leases* lrw,
  /var/run/eucalyptus/net/*.trace lrw,
/etc/bind/ rw,
/etc/bind/** rw,
}

:wq



#/etc/init.d/apparmor restart
#/etc/init.d/dhcp3-server start
#/etc/init.d/bind9 restart


----------------------------------------------------------------------------------




PXE boot server=>



#apt-get install tftpd-hpa syslinux

configurting TFTP server

#/etc/init.d/openbsd-inetd stop
#update-rc.d -f openbsd-inetd remove
#sed -i s/no/yes/ /etc/default/tftpd-hpa
#/etc/init.d/tftpd-hpa start
#/etc/init.d/dhcp3-server restart



* copy needed files from syslinux to tftpboot directory

#cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot
#cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot
#cp /usr/lib/syslinux/menu.c32 /var/lib/tftpboot
#cp /usr/lib/syslinux/memdisk /var/lib/tftpboot
#cp /usr/lib/syslinux/mboot.c32 /var/lib/tftpboot
#cp /usr/lib/syslinux/chain.c32 /var/lib/tftpboot

#mkdir /var/lib/tftpboot/pxelinux.cfg

#vim /var/lib/tftpboot/pxelinux.cfg/default


default menu.c32
 
prompt 0
timeout 100
ONTIMEOUT localboot
 
MENU TITLE Irfan Pathan's PXE Server...
 
LABEL localboot
MENU LABEL Boot From Hard Disk
LOCALBOOT  0
 
LABEL Ubuntu 10.04 64 bit Desktop Installer
MENU Ubuntu 10.04 64 bit Desktop Installer...
KERNEL ubuntu10.04_64bit/vmlinuz
append boot=casper netboot=nfs nfsroot=192.168.0.194:/ubuntu/ vga=normal initrd=ubuntu10.04_64bit/initrd.lz ramdisk_size=32768

LABEL Ubuntu 10.04 32 bit Desktop Installer
MENU Ubuntu 10.04 32 bit Desktop Installer...
KERNEL ubuntu10.04_32bit/vmlinuz
append boot=casper netboot=nfs nfsroot=192.168.0.194:/ubuntu_10.04_32_bit_desktop initrd=ubuntu10.04_32bit/initrd.lz ramdisk_size=32768

LABEL Ubuntu 12.04 64 bit Desktop Installer
MENU Ubuntu 12.04 64 bit Desktop Installer...
KERNEL ubuntu12.04_64bit/vmlinuz
append boot=casper netboot=nfs nfsroot=192.168.0.194:/ubuntu_12.04_64_bit_desktop initrd=ubuntu12.04_64bit/initrd.lz ramdisk_size=32768

LABEL Ubuntu 11.10 64 bit Desktop Installer
MENU Ubuntu 11.10 64 bit Desktop Installer...
KERNEL ubuntu11.10_64bit/vmlinuz
append boot=casper netboot=nfs nfsroot=192.168.0.194:/ubuntu_11.10_64_bit_desktop initrd=ubuntu11.10_64bit/initrd.lz ramdisk_size=32768

:wq



create folder for kernel files

#mkdir /var/lib/tftpboot/ubuntu10.04_32bit
#mkdir /var/lib/tftpboot/ubuntu10.04_64bit
#mkdir /var/lib/tftpboot/ubuntu11.10_64bit
#mkdir /var/lib/tftpboot/ubuntu12.04_64bit


create folder for images data

#mkdir /ubuntu
#mkdir /ubuntu_10.04_32_bit_desktop
#mkdir /ubuntu_11.10_64_bit_desktop
#mkdir /ubuntu_12.04_64_bit_desktop




mount iso images

#mount -o loop /ubuntu10.04_64bit.iso /mnt
#cp -rv /mnt/* /ubuntu/
#cp -rv /mnt/.disk /ubuntu/
#cp -rv /mnt/casper/initrd.lz /var/lib/tftpboot/ubuntu10.04_64bit
#cp -rv /mnt/casper/vmlinuz /var/lib/tftpboot/ubuntu10.04_64bit
#umount /mnt

#mount -o loop /ubuntu10.04_32bit.iso /mnt

#cp -rv /mnt/* /ubuntu_10.04_32_bit_desktop/
#cp -rv /mnt/.disk /ubuntu_10.04_32_bit_desktop/
#cp -rv /mnt/casper/initrd.lz /var/lib/tftpboot/ubuntu10.04_32bit
#cp -rv /mnt/casper/vmlinuz /var/lib/tftpboot/ubuntu10.04_32bit
#umount /mnt

#mount -o loop /ubuntu11.10_64bit.iso /mnt

#cp -rv /mnt/* /ubuntu_11.10_64_bit_desktop/
#cp -rv /mnt/.disk /ubuntu_11.10_64_bit_desktop/
#cp -rv /mnt/casper/initrd.lz /var/lib/tftpboot/ubuntu11.10_64bit
#cp -rv /mnt/casper/vmlinuz /var/lib/tftpboot/ubuntu11.10_64bit
#umount /mnt

#mount -o loop /ubuntu12.04_64bit.iso /mnt

#cp -rv /mnt/* /ubuntu_12.04_64_bit_desktop/
#cp -rv /mnt/.disk /ubuntu_12.04_64_bit_desktop/
#cp -rv /mnt/casper/initrd.lz /var/lib/tftpboot/ubuntu12.04_64bit
#cp -rv /mnt/casper/vmlinuz /var/lib/tftpboot/ubuntu12.04_64bit
#umount /mnt


--------------------------------------------------------------

install nfs server

#apt-get install nfs-kernel-server
#/etc/init.d/nfs-kernel-server start

#vim /etc/exports

/ubuntu                       *(ro,async,no_root_squash,no_subtree_check)
/ubuntu_10.04_32_bit_desktop  *(ro,async,no_root_squash,no_subtree_check)
/ubuntu_12.04_64_bit_desktop  *(ro,async,no_root_squash,no_subtree_check)
/ubuntu_11.10_64_bit_desktop  *(ro,async,no_root_squash,no_subtree_check)

:wq

#exportfs -rv
#/etc/init.d/nfs-kernel-server restart
#/etc/init.d/tftpd-hpa restart


Irfan Pathan 

------------------------------done--------------------