title: “Configure PXE (Network Boot) installation Server on CentOS 7.x”
date: 2019-02-12T09:38:46
slug: configure-pxe-network-boot-installation-server-on-centos-7-x
yum install dhcp tftp tftp-server syslinux vsftpd xinetd
vi /etc/dhcp/dhcpd.conf
# DHCP Server Configuration file.
ddns-update-style interim;
ignore client-updates;
authoritative;
allow booting;
allow bootp;
allow unknown-clients;
# internal subnet for my DHCP Server
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.200 10.0.0.250;
option domain-name-servers 10.0.0.1;
option domain-name "openstack.local";
option routers 10.0.0.1;
option broadcast-address 10.0.0.255;
default-lease-time 600;
max-lease-time 7200;
next-server 10.0.0.5;
}
host controller.openstack.local {
hardware ethernet 52:54:00:37:2a:4e;
option host-name controller;
fixed-address 10.0.0.11;
filename "pxelinux.0";
}
vi /etc/xinetd.d/tftp
service tftp
{
socket\_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server\_args = -s /var/lib/tftpboot
disable = no
per\_source = 11
cps = 100 2
flags = IPv4
}
cp -v /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot
cp -v /usr/share/syslinux/menu.c32 /var/lib/tftpboot
cp -v /usr/share/syslinux/memdisk /var/lib/tftpboot
cp -v /usr/share/syslinux/mboot.c32 /var/lib/tftpboot
cp -v /usr/share/syslinux/chain.c32 /var/lib/tftpboot
mkdir /var/lib/tftpboot/pxelinux.cfg
mkdir /var/lib/tftpboot/networkboot
Mount Centos ISO and copy content to /var/ftp/pub/
mount /dev/cdrom /mnt
cd /mnt/
cp -av \* /var/ftp/pub/
cp /mnt/images/pxeboot/vmlinuz /var/lib/tftpboot/networkboot/
cp /mnt/images/pxeboot/initrd.img /var/lib/tftpboot/networkboot/
Generate Root Password
openssl passwd -1 Pxe@123#
$1$e2wrcGGX$tZPQKPsXVhNmbiGg53MN41
Create kickstart file (Replace Password and URLs)
vi /var/ftp/pub/centos7.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use FTP installation media
url --url="ftp://10.0.0.5/pub/"
# Root password
rootpw --iscrypted $1$B8PHMhWg$89J2kxGGtxIc/RdA9/3OI1
# System authorization information
auth useshadow passalgo=sha512
# Use graphical install
graphical
firstboot disable
# System keyboard
keyboard de
# System language
lang en\_US
# SELinux configuration
selinux disabled
# Installation logging level
logging level=info
# System timezone
timezone Europe/Amsterdam
# System bootloader configuration
bootloader location=mbr
ignoredisk --only-use=sda
clearpart --all --initlabel
part swap --asprimary --fstype="swap" --size=1024 --ondisk=sda
part /boot --fstype xfs --size=300 --ondisk=sda
part pv.01 --size=1 --grow --ondisk=sda
volgroup root\_vg01 pv.01
logvol / --fstype xfs --name=lv\_01 --vgname=root\_vg01 --size=1 --grow
%packages
@^minimal
@core
%end
network --device=eth0 --bootproto=dhcp
network --device=eth1 --bootproto=static
%addon com\_redhat\_kdump --disable --reserve-mb='auto'
%end
%post
rpm -Uvh https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum -y install salt-minion
yum -y update
systemctl enable salt-minion
systemctl start salt-minion
echo "10.0.0.5 salt" >> /etc/hosts
sed -i -e 's/GRUB\_CMDLINE\_LINUX=.\*/GRUB\_CMDLINE\_LINUX="rd.lvm.lv=root\_vg01\/lv\_01 rhgb quiet net.ifnames=0 biosdevname=0"/' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin" >> /var/spool/cron/root
echo "@reboot salt-call state.apply > /tmp/out 2>&1" >> /var/spool/cron/root
%end
reboot
Create a PXE menu file
vi /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
prompt 0
timeout 30
MENU TITLE LinuxTechi.com PXE Menu
LABEL centos7\_x64
MENU LABEL CentOS 7\_X64
KERNEL /networkboot/vmlinuz
APPEND initrd=/networkboot/initrd.img inst.repo=ftp://10.0.0.5/pub ks=ftp://10.0.0.5/pub/centos7.cfg net.ifnames=0 biosdevname=0
Start Services
systemctl start xinetd
systemctl enable xinetd
systemctl start dhcpd.service
systemctl enable dhcpd.service
systemctl start vsftpd
systemctl enable vsftpd
Allow FTP connection (selinux)
setsebool -P allow\_ftpd\_full\_access 1
Allow Connections (Firewall)
firewall-cmd --add-service=ftp --permanent
firewall-cmd --add-service=dhcp --permanent
firewall-cmd --add-port=69/tcp --permanent
firewall-cmd --add-port=69/udp --permanent
firewall-cmd --add-port=4011/udp --permanent
firewall-cmd --add-port=4506/tcp --permanent
firewall-cmd --reload
Salt installieren
rpm -Uvh https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum -y install salt-master epel-release git
yum install python-pip
pip install --upgrade pip
export VERSION=develop
for s in $(python -c "import site; print(' '.join(site.getsitepackages()))"); do
pip install --install-option="--prefix=" --upgrade --force-reinstall -I \
-t "$s" git+https://github.com/salt-formulas/reclass.git@${VERSION};
done
mkdir -p /srv/salt/inventory/{classes,hosts}
mkdir -p /srv/salt/pillar/{file\_tree,roots/base}
mkdir -p /srv/salt/state/base/basenode
[root@localhost ~]# tree /srv/salt/
/srv/salt/
├── inventory
│ ├── classes
│ └── hosts
│ └── controller.openstack.yml
├── pillar
│ ├── file\_tree
│ └── roots
│ └── base
└── state
└── base
└── basenode
└── init.sls
10 directories, 2 files
vi /srv/salt/state/base/basenode/init.sls
mc:
pkg.installed
vi /srv/salt/inventory/hosts/controller.openstack.yml
environment:
base classes: {}
applications:
- basenode
vi /etc/salt/master.d/01-master.conf
keep\_jobs: 24
max\_open\_files: 16384
open\_mode: True
auto\_accept: True
state\_top: top.sls
reclass: &reclass
storage\_type: yaml\_fs
inventory\_base\_uri: /srv/salt/inventory
nodes\_uri: hosts
classes\_uri: classes
class\_mappings: []
master\_tops:
reclass: \*reclass
state\_output: changes
file\_roots:
base:
- /srv/salt/state/base
env\_order:
- base
hash\_type: sha256
file\_ignore\_regex:
- '/\.svn($|/)'
- '/\.git($|/)'
file\_ignore\_glob:
- '\*.pyc'
- '\*/somefolder/\*.bak'
- '\*.swp'
fileserver\_backend:
- roots
pillar\_roots:
base:
- /srv/salt/pillar/roots/base
ext\_pillar:
- reclass:
storage\_type: yaml\_fs
inventory\_base\_uri: /srv/salt/inventory
nodes\_uri: hosts
classes\_uri: classes
class\_mappings: []
- file\_tree:
root\_dir: /srv/salt/pillar/file\_tree
follow\_dir\_links: False
keep\_newline: True
pillar\_source\_merging\_strategy: smart
log\_level: warning
systemctl enable salt-master
systemctl start salt-master
NFS Freigabe für Salt Scripte
yum -y install nfs-utils
#firewall-cmd --permanent --zone=public --add-service=ssh
firewall-cmd --permanent --zone=public --add-service=nfs
firewall-cmd --reload
systemctl enable nfs-server.service
systemctl start nfs-server.service
/etc/exports
/srv/salt/ 10.0.0.0/24(rw,sync,no\_subtree\_check)
exportfs -a
Am Client:
sudo mount -o soft -t nfs 10.0.0.5:/srv/salt/ /home/tay/openstack/salt
Install Vault
yum install unzip
curl https://releases.hashicorp.com/vault/1.0.3/vault\_1.0.3\_linux\_amd64.zip -o vault\_1.0.3\_linux\_amd64.zip
unzip vault\_1.0.3\_linux\_amd64.zip
mv vault /usr/bin/
export VAULT\_ADDR='http://10.0.0.5:8200'
vi /root/vault.hcl
backend "file" {
path = "/var/lib/vault"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls\_disable = 1
}
vault server -config=/root/vault.hcl &
vault operator init
Unseal Key 1: hiR5fSIEaS5NErWwmH/KGpwo1UDROL4nW5SyCwk6kMNm
Unseal Key 2: iYJrQ3UCIuuqwonQJWu4JoLj+/ElQfrKxtnEfd/H83rC
Unseal Key 3: 6+sPo592bAA9n5VCz9agyIW7Xrsb5dBsP7YEpK9gdP6c
Unseal Key 4: fxKfoRb6IWL5+07X25AmoHGbjwypX7592VydbBl3jpPU
Unseal Key 5: ItaavrSMOR8Qn3Q2wd7BDEVd76k2NDczstZnqWyWndKw
Initial Root Token: s.5qhccbKwytnpX5sEjLDBp3hg
3 Times: until Unseal Progress 2/3 is 3/3:
vault operator unseal
vault login <Initial Root Token>
vault write secret/openstack/RABBIT\_PASS password="abc123"
Create Salt Token (Read and List)
vi salt-policy.hcl
path "openstack/\*" {
capabilities = ["read", "list"]
}
path "auth/\*" {
capabilities = ["read", "list","sudo","create","update","delete"]
}
vault policy write salt-policy salt-policy.hcl
vault token create -policy=salt-policy
Key Value
token s.PCGMAcQTrN505EA8BIB3dLku
token\_accessor avIpcDUGvSTJMUmb910eXTUG
token\_duration 768h
token\_renewable true
token\_policies ["default" "salt-policy"]
identity\_policies []
policies ["default" "salt-policy"]
Create Entries
for NAME in ADMIN\_PASS CINDER\_DBPASS CINDER\_PASS DASH\_DBPASS DEMO\_PASS GLANCE\_DBPASS GLANCE\_PASS KEYSTONE\_DBPASS METADATA\_SECRET NEUTRON\_DBPASS NEUTRON\_PASS NOVA\_DBPASS NOVA\_PASS PLACEMENT\_PASS PLACEMENT\_DBPASS RABBIT\_PASS
do
PW=`openssl rand -hex 10`
vault write secret/openstack/${NAME} password=${PW}
done
vi /etc/salt/master.d/vault.conf (with token from 2nd step obove – vault token create -policy=salt-policy )
vault:
url: http://10.0.0.5:8200
auth:
method: token
token: s.mIeRDNYMeGhJv2W5e96DGr7z
policies:
- salt-policy
vi salt-policy.hcl
path "secret/\*" {
capabilities = ["read", "list"]
}
path "auth/\*" {
capabilities = ["read", "list","sudo","create","update","delete"]
}
