Setup Kickstart Server using Centos 7 for PXE Boot as a VM for VMware Fusion

Computer, Linux 10 Minutes

I don’t believe in recreating the wheel, so I am referencing a few sites that I found to be very useful in configuring Kickstart the first time. Instead of coping the verbiage in most instances I will reference a site I used. There you will be able to get the necessary information for setting up the bulk of the configuration.

Installing Centos 7 for Kickstart Server

Im not going to go into how to install Centos for your initial kickstart server. Its pretty straight forward. In my case I downloaded Centos 7 from: https://www.centos.org/ and created a boot image on a usb stick using the app from this site: https://unetbootin.github.io/ in my case I am using the macOS version. Refer to this site for how to install Centos 7: https://linoxide.com/how-tos/centos-7-step-by-step-screenshots/

Setting up Kickstart

The first step is to build a kickstart server. In my case I used one of the Dell T110 servers I have in my home lab. If you don’t have access to an unused server you can deploy this on a virtual machine as well. I used this website as a reference to build my kickstart server: https://www.tecmint.com/install-pxe-network-boot-server-in-centos-7/ (excerpts below were taken form this site)

Configuring VMware Fusion to PXE Boot

Open a terminal session and enter the command string below. This will stop the network services for Fusion. 

# sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --configure

Edit the file:  /Library/Preferences/VMware\ Fusion/vmnet8/dhcpd.conf

Find the subnet {} section of the dhcpd.conf file and add the following lines:

next-server ;
filename "pxelinux.0";

Replace <PXE KICKSTART/PXE SERVER> with the static IP address your using for your PXE/Kickstart server. For reference I am using 10.0.1.167.

The dhcpd.conf file will look similar to what is shown below. Your IPs may be different than what is shown below:

allow unknown-clients;
default-lease-time 1800; # default is 30 minutes
max-lease-time 7200; # default is 2 hours

subnet 10.0.1.0 netmask 255.255.255.0 {
range 10.0.1.128 10.0.1.254;
option broadcast-address 10.0.1.255;
option domain-name-servers 10.0.1.2;
option domain-name localdomain;
default-lease-time 1800; # default is 30 minutes
max-lease-time 7200; # default is 2 hours
option netbios-name-servers 10.0.1.2;
option routers 10.0.1.2;
next-server 10.0.1.167; # Add this line
filename “pxelinux.0”; # Add this line
host vmnet8 {
hardware ethernet 00:50:56:C0:00:08;
fixed-address 10.0.1.1;
option domain-name-servers 0.0.0.0;
option domain-name “”;
option routers 0.0.0.0;
}

After your satisfied with the edits, restart the VMware network services for Fusion:

# sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --start

Setup Kickstart in Centos VM on Fusion

I followed the procedure on Techmint so I am just going to borrow their procedures with my modifications.

Getting Started with DNS Server

Configure a static IP in your Centos VM

  1. Open a terminal session
    1. Enter “nmtui d” this displays your interfaces
    2. Enter “nmtui” its pretty straight forward from here so not going to get into it. Just make sure you make it static.
  2. You can also edit the config with your favorite editor (vi is the best 🙂
    1. cd /etc/sysconfig/network-scripts/
    2. vi ifcfg-xxxx whatever your interface is. Static will look like this. Entries in Bold are changed to meet your requirements:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp2s0
UUID=(generated don’t change)
DEVICE=enp2s0
ONBOOT=yes
IPADDR=10.0.1.167
PREFIX=24
GATEWAY=10.0.1.1
IPV6_PRIVACY=no
DNS1=10.0.1.1
HWADDR=12:34:56:78:90:11

Install and configure DNSMASQ Server

After you have configured your static IP Address, updated your system and performed other initial settings, use the following command to install DNSMASQ daemon.

# yum install dnsmasq -y

DNSMASQ main default configuration file located in /etc directory is self-explanatory but intends to be quite difficult to edit, do to its highly commented explanations.

First make sure you backup this file in case you need to review it later and, then, create a new blank configuration file using your favorite text editor by issuing the following commands.

# mv /etc/dnsmasq.conf  /etc/dnsmasq.conf.backup
# nano /etc/dnsmasq.conf

Now, copy and paste the following configurations on dnsmasq.conf file and assure that you change the below explained statements to match your network settings accordingly.

interface=ens37,lo
#bind-interfaces
domain=centos.local
# DHCP range-leases
dhcp-range= ens37,10.0.1.10,10.0.1.19,255.255.255.0,1h
# PXE
dhcp-boot=pxelinux.0,pxeserver,10.0.1.167
# Gateway
dhcp-option=3,10.0.1.1
# DNS
dhcp-option=6,10.0.1.1, 8.8.8.8
server=8.8.4.4
# Broadcast Address
dhcp-option=24,10.0.1.255
# NTP Server
dhcp-option=42,17.253.12.12

#pxe-prompt=”Press F8 for menu.”, 60
pxe-service=x86PC, “Select Linux from network server 10.0.1.167”, pxelinux
enable-tftp
tftp-root=/var/lib/tftpboot

The statements that you need to change are follows:

  1. interface – Interfaces that the server should listen and provide services.
  2. bind-interfaces – Uncomment to bind only on this interface.
  3. domain – Replace it with your domain name.
  4. dhcp-range – Replace it with IP range defined by your network mask on this segment.
  5. dhcp-boot – Replace the IP statement with your interface IP Address.
  6. dhcp-option=3,10.0.1.1 – Replace the IP Address with your network segment Gateway.
  7. dhcp-option=6,10.0.1.1 – Replace the IP Address with your DNS Server IP – several DNS IPs can be defined.
  8. server=8.8.4.4 – Put your DNS forwarders IPs Addresses.
  9. dhcp-option=24,10.0.1.255 – Replace the IP Address with network broadcast address –optionally.
  10. dhcp-option=42,17.253.12.12 – Put your network time servers – optionally (0.0.0.0 Address is for self-reference).
  11. pxe-prompt – Leave it as default – means to hit F8 key for entering menu 60 with seconds wait time..
  12. pxe=service – Use x86PC for 32-bit/64-bit architectures and enter a menu description prompt under string quotes. Other values types can be: PC98, IA64_EFI, Alpha, Arc_x86, Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI.
  13. enable-tftp – Enables the build-in TFTP server.
  14. tftp-root – Use /var/lib/tftpboot – the location for all netbooting files.

Getting the appropriate Linux files over.

Copy over SYSLINUX files

The next task is fairly straight forward. You need to copy SYSLINUX bootloaders to the “tftpboot” directory which we will install and create in next section. 

# yum install syslinux -y

Install TFTP-Server and Populate it with SYSLINUX Bootloaders

6. Now, let’s move to next step and install TFTP-Server and, then, copy all bootloders files provided by Syslinux package from the above listed location to /var/lib/tftpboot path by issuing the following commands.

# yum install tftp-server
# cp -r /usr/share/syslinux/* /var/lib/tftpboot

Setup PXE Server Configuration File

7. Typically the PXE Server reads its configuration from a group of specific files (GUID files – first, MAC files – next, Default file – last) hosted in a folder called pxelinux.cfg, which must be located in the directory specified in tftp-root statement from DNSMASQ main configuration file.

Create the required directory pxelinux.cfg and populate it with a default file by issuing the following commands. You can see that the 10.0.1.167 server which is the Kickstart server is configured. 

# mkdir /var/lib/tftpboot/pxelinux.cfg

Edit PXE Server configuration file with valid Linux distributions installation options. Also note that all paths used in this file must be relative to the /var/lib/tftpboot directory.

# vi /var/lib/tftpboot/pxelinux.cfg/default

Below you can see an example configuration file that you can use it, but modify the installation images (kernel and initrd files), protocols (FTP, HTTP, HTTPS, NFS) and IPs to reflect your network installation source repositories and paths accordingly.

default menu.c32
prompt 0
timeout 300
ONTIMEOUT local

menu title ########## PXE Boot Menu ##########

label 1
menu label ^1) Install CentOS 7 x64 with Local Repo
kernel centos7/vmlinuz
append initrd=centos7/initrd.img method=ftp://10.0.1.166/pub/centos7 devfs=nomount inst.repo=ftp://10.0.1.167/pub/centos7 inst.ks=ftp://10.0.1.166/pub/centos7/centos7-ks.cfg

label 2
menu label ^2) Install CentOS 7 x64 with http://mirror.centos.org Repo
kernel centos7/vmlinuz
append initrd=centos7/initrd.img method=http://mirror.centos.org/centos/7/os/x86_64/ devfs=nomount ip=dhcp

label 3
menu label ^3) Install CentOS 7 x64 with Local Repo using VNC
kernel centos7/vmlinuz
append initrd=centos7/initrd.img method=ftp://10.0.1.167/pub/centos7 devfs=nomount inst.vnc inst.vncpassword=password

label 4
menu label ^4) Install Red Hat 8 x64 with Local Repo
kernel rh8/vmlinuz
append initrd=rh8/initrd.img ip=dhcp inst.repo=ftp://10.0.1.167/pub/rh8 inst.ks=ftp://10.0.1.167/pub/rh8/rh8-ks.cfg

label 5
menu label ^5) Install RedHat 7 x64 with Local Repo
kernel rh7/vmlinuz
append initrd=rh7/initrd.img ip=dhcp inst.repo=ftp://10.0.1.167/pub/rh7 inst.ks=ftp://10.0.1.167/pub/rh7/rh7-ks.cfg

label 6
menu label ^6) Install RedHat 7 x64 with AT&T Repo
kernel rh7/vmlinuz
append initrd=rh7/initrd.img ip=dhcp inst.repo=ftp://10.0.1.167/pub/rh7 inst.ks=ftp://10.0.1.167/pub/rh7/kickstart_att.cfg

label 7
menu label ^7) Install RedHat 6 x64 with Local Repo
kernel rh6/vmlinuz
append initrd=rh6/initrd.img ip=dhcp ks=ftp://10.0.1.165/pub/rh6/rh6-ks.cfg

label 10
menu label ^10) Boot from local drive

As you can see CentOS 7 boot images (kernel and initrd) reside in a directory named centos7 relative to /var/lib/tftpboot (on an absolute system path this would mean /var/lib/tftpboot/centos7) and the installer repositories can be reached by using FTP protocol on 10.0.1.167/pub network location – in this case the repos are hosted locally because the IP address is the same as the PXE server address).

Also menu label 3 specifies that the client installation should be done from a remote location via VNC (here replace VNC password with a strong password) in case you install on a headless client and the menu label 2 specifies as installation sources a CentOS 7 official Internet mirror (this case requires an Internet connection available on client through DHCP and NAT).

This step requires a CentOS kernel and initrd files. To get those files you need the CentOS 7 DVD ISO Image. So, go ahead and download CentOS DVD Image, put it in your DVD drive and mount the image to /mnt system path by issuing the below command.

The reason for using the DVD and not a Minimal CD Image is the fact that later this DVD content would be used to create the locally installer repositories for FTP sources. https://www.centos.org/download/

You can also use wget to accomplish the same task. The example below shows the version I used initially but there has been updates so the file and version will change over time:

# wget http://mirrors.xservers.ro/centos/7.0.1406/isos/x86_64/CentOS-7.0-1406-x86_64-DVD.iso
# mount -o loop /path/to/centos-dvd.iso  /mnt

In your terminal enter the following to get it copied over to the right place:

If you created the file on your workstation then we need to get it to the right spot: 

# mkdir /var/lib/tftpboot/centos7
# cp /mnt/images/pxeboot/vmlinuz  /var/lib/tftpboot/centos7
# cp /mnt/images/pxeboot/initrd.img /var/lib/tftpboot/centos7

Create CentOS 7 Local Mirror Installation Source

In the example I have show we are using FTP server its simple and easy. If you have security requirements or just prefer a different source method then you have options: HTTP, HTTPS or NFS

Install vsftpd daemon, copy all DVD mounted content to vsftpd default server path (/var/ftp/pub) – this can take a while depending on your system resources and append readable permissions to this path by issuing the following commands.

# yum install vsftpd
# cp -r /mnt/*  /var/ftp/pub/ 
# chmod -R 755 /var/ftp/pub

Start and Enable Daemons System-Wide

Now that the PXE server configuration is finally finished, start DNSMASQ and VSFTPD servers, verify their status and enable it system-wide, to automatically start after every system reboot, by running the below commands.

# systemctl start dnsmasq
# systemctl status dnsmasq
# systemctl start vsftpd
# systemctl status vsftpd
# systemctl enable dnsmasq
# systemctl enable vsftpd

Open Firewall and Test FTP Installation Source

To get a list of all ports that needs to be open on your Firewall in order for client machines to reach and boot from PXE server, run netstat command and add CentOS 7 Firewalld rules accordingly to dnsmasq and vsftpd listening ports.

# netstat -tulpn
# firewall-cmd --add-service=ftp --permanent  	## Port 21
# firewall-cmd --add-service=dns --permanent  	## Port 53
# firewall-cmd --add-service=dhcp --permanent  	## Port 67
# firewall-cmd --add-port=69/udp --permanent  	## Port for TFTP
# firewall-cmd --add-port=4011/udp --permanent  ## Port for ProxyDHCP
# firewall-cmd --reload  ## Apply rules

To test FTP Installation Source network path open a browser locally you can use the “ftp” command in linux or whatever FTP applciation you may use for Windows or macOS. You can also use a browser as well just enter: ftp://10.0.1.67/pub in the URL box.

# ftp ftp@10.0.1.167

To debug PXE server for eventual misconfigurations or other information and diagnostics in live mode run the following command.

# tail -f /var/log/messages

Next unmount your source ISO

# umount /mnt

Configure Clients to Boot from Network

Now your clients can boot and install CentOS 7 on their machines by configuring Network Boot as primary boot device from their systems BIOS or by hitting a specified key during BIOS POST operations as specified in motherboard manual.

In order to choose network booting. After first PXE prompt appears, press F8 or F12 key to enter presentation and then hit Enter key to proceed forward to PXE menu. F8 and F12 defer in BIOs. VMWare VMs for instance uses F12 but Dell servers i.e. T110s may use F8.

If you have everything setup properly you will boot into the installation program. This is a manual way to do things if you want to do hands off you can create kickstart files, optional app directories, scripts and all sorts of customization. The next section will show you how to do a basic kickstart for Centos. There are plenty of guides and help available to understand how to configure what you need on the internet.

Automate your installs

Here is an example Red Hat 7 kickstart file. If you want more details refer to: Techmint. The encrypted password is “changeme” if you want to change the password in the kickstart file do the following:

# openssl passwd -1 password
The ouput will be the encrypyed password.  Just replace the content of the "rootpw" line.

The kickstart file would go under your ftp server directory for public access. In this guide we placed it under /var/ftp/pub. I chose to keep things organized so this is what I have under pub: centos7  rh6  rh7  rh8

Under each of these is the ISO source we copied and the kickstart file. If you remember when we made the PXE boot menu file earlier, you will notice that it points out specific locations of where the source and kickstart file are.

#centos7-ks.cfg
lang en_US
keyboard us
timezone America/New_York –isUtc
rootpw $1$HO3ad3ft$6dmLgtB8fNwZRDLy2YIDV1 –iscrypted
#platform x86, AMD64, or Intel EM64T
text
url –url=ftp://ftp@10.0.1.167/pub/centos7
bootloader –location=mbr –append=”rhgb quiet crashkernel=auto”
zerombr
clearpart –all –initlabel
autopart
auth –passalgo=sha512 –useshadow
selinux –disabled
firewall –disabled
skipx
firstboot –disable
%packages
@base
%end

I tested this in a virtual machine. If you do this make sure it has at least 2G of memory otherwise it will fail.

Thanks, have fun

Published