1.3.3 Configuring DHCP and TFTP Services to Support PXE Clients

The DHCP and TFTP services required to install Oracle Linux 7 on PXE clients do not have to run on the same host. If you configure separate DHCP and TFTP servers, the DHCP server must define the TFTP server from which a client can download the boot loader, installation kernel, and initial ram-disk files.

The DHCP and TFTP servers do not have to host the installation packages, you can use a separate network installation source. The TFTP server can define a network installation source from which a client can obtain the installation packages.

To configure the DHCP service for PXE client installation requests:

  1. Install the dhcp package.

    # yum install dhcp
  2. Edit /etc/dhcp/dhcpd.conf and configure an entry for the PXE clients, for example:

    set vendorclass = option vendor-class-identifier;
    option pxe-system-type code 93 = unsigned integer 16;
    set pxetype = option pxe-system-type;
    
    option domain-name "example.com";
    
    subnet 10.0.0.0 netmask 255.255.255.0 {
      option domain-name-servers 10.0.0.1;
      option broadcast-address 10.0.0.255;
      option routers 10.0.0.1;
      default-lease-time 14400;
      max-lease-time 28800;
      if substring(vendorclass, 0, 9)="PXEClient" {
        if pxetype=00:06 or pxetype=00:07 {
            filename "efi/grubx64.efi";
        } else {
            filename "pxelinux/pxelinux.0";
        }
      }
      pool {
        range 10.0.0.101 10.0.0.200;
      }
      next-server 10.0.0.6;
    }
    
    host svr1 {
    hardware ethernet 08:00:27:c6:a1:16;
    fixed-address 10.0.0.253;
    option host-name "svr1";
    } 
    
    host svr2 {
    hardware ethernet 08:00:27:24:0a:56;
    fixed-address 10.0.0.254;
    option host-name "svr2";
    } 

    This example configures a pool of generally available IP addresses in the range 10.0.0.101 through 10.0.0.200 on the 10.0.0/24 subnet. Any PXE-booted system on the subnet uses the boot loader that the filename parameter specifies for its PXE type. The boot loader file grubx64.efi for UEFI-based clients is located in the efi subdirectory of the TFTP server directory. The boot loader file pxelinux.0 for BIOS-based clients is located in the pxelinux subdirectory.

    The next-server statement specifies the IP address of the TFTP server from which a client can download the boot loader file.

    Note

    You should include a next-server statement even if you use the same server to host both DHCP and TFTP services. Otherwise, some boot loaders do not know how to obtain their configuration files, which causes them to reboot the client, to hang, or to display a prompt such as boot: or grub>.

    The static IP addresses 10.0.0.253 and 10.0.0.254 are reserved for svr1 and svr2, which are identified by their MAC addresses.

    If the server has more that one network interface, the DHCP service uses the /etc/dhcp/dhcpd.conf file to determine which interfaces to listen on.

  3. Start the DHCP service, and configure it to start after a reboot.

    # systemctl start dhcpd
    # systemctl enable dhcpd

    If you make any changes to /etc/dhcp/dhcpd.conf, restart the dhcpd service.

  4. Configure the firewall to accept DHCP requests, for example:

    # firewall-cmd --zone=zone --add-port=67-68/udp
    # firewall-cmd --zone=zone --add-port=67-68/udp --permanent

To configure the TFTP service for PXE client installation requests:

  1. Install the tftp-server package.

    # yum install tftp-server  
  2. Edit /etc/xinetd.d/tftp and modify the disable and server_args attributes to enable xinetd to start the TFTP service (in.tftpd) and define the TFTP server directory, for example:

    service tftp
    {
        socket_type = dgram
        protocol    = udp
        wait        = yes
        user        = root
        server      = /usr/sbin/in.tftpd
        server_args = -s /var/lib/tftpboot
        disable     = no
        per_source  = 11
        cps         = 100 2
        flags       = IPv4
    }

    This example defines the TFTP server directory to be /var/lib/tftpboot, which is the default.

    When xinetd receives a TFTP request, it starts in.tftpd and directs the request to it.

    For more information about the configuration attributes, see the xinetd.conf(5) manual page.

  3. Obtain the boot loader files.

    PXE clients require a boot loader to load the Linux installation kernel (vmlinuz).

    For BIOS-based PXE clients, you can use the pxelinux.0 boot loader available in the syslinux package. To install this package:

    # yum install syslinux

    For UEFI-based PXE clients, you can use the grubx64.efi boot loader available in the grub2‑efi package. If you need to support Secure Boot on clients, you also need the first-stage boot loader shim.efi, available in the shim package, so that the boot loader and kernel can be verified. Either download these packages to a temporary location, or copy them from the full installation ISO image. Then extract the contents of the packages:

    # cd /tempdir
    # rpm2cpio grub2-efi-version.rpm | cpio -idmv 
    # rpm2cpio shim-version.rpm | cpio -idmv
    Note

    If you need to support Secure Boot, make sure you specify shim.efi as the boot loader in your DHCP configuration in /etc/dhcp/dhcpd.conf.

  4. Create the directories used to contain the boot loaders and their configuration files as subdirectories of the TFTP server directory.

    For BIOS-based clients, create the pxelinux/pxelinux.cfg directories, for example:

    # mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfg

    For UEFI-based clients, create the efi directory, for example:

    # mkdir -p /var/lib/tftpboot/efi
  5. Copy the boot loader files, the installation kernel (vmlinuz), and the ram-disk image file (initrd.img) to the TFTP server subdirectories.

    For BIOS-based clients, copy the BIOS boot loader file, the installation kernel, and the ram-disk image file to the pxelinux directory:

    # cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/pxelinux
    # wget http://10.0.0.11/OSimage/OL7/isolinux/vmlinuz -O /var/lib/tftpboot/pxelinux/vmlinuz
    # wget http://10.0.0.11/OSimage/OL7/isolinux/initrd.img -O /var/lib/tftpboot/pxelinux/initrd.img

    For UEFI-based clients, copy the BIOS boot loader file, the installation kernel, and the ram-disk image file to the efi directory:

    # cp /tempdir/boot/efi/EFI/redhat/grubx64.efi /var/lib/tftpboot/efi
    # cp /tempdir/boot/efi/EFI/redhat/shim.efi /var/lib/tftpboot/efi
    # cp /tempdir/boot/efi/EFI/redhat/MokManager.efi /var/lib/tftpboot/efi
    # wget http://10.0.0.11/OSimage/OL7/isolinux/vmlinuz -O /var/lib/tftpboot/efi/vmlinuz
    # wget http://10.0.0.11/OSimage/OL7/isolinux/initrd.img /var/lib/tftpboot/efi/initrd.img
    Note

    You only need to copy the shim.efi and MokManager.efi files if you need to support Secure Boot on clients. The MokManager.efi provides utilities for managing the keys used to sign EFI binaries.

    The above examples use HTTP to obtain the installation kernel and ram-disk images files from a separate network installation server. You could use a local copy of the files if the TFTP server also hosts the installation packages.

    To be able to install different operating system versions on PXE clients, you can rename the kernel and ram-disk image files, for example to vmlinuz-ol7 and initrd-ol7.img. Alternatively, you could copy the kernel and ram-disk image files to subdirectories such as efi/ol7 and pxelinux/ol7.

  6. Create the boot loader configuration files.

    As a minimum, you should create the default boot loader configuration files:

    pxelinux/pxelinux.cfg/default

    Default boot loader configuration file for BIOS-based PXE clients.

    efi/grub.cfg

    Default boot loader configuration file for UEFI-based PXE clients.

    You can create additional client-specific boot loader configuration files in either pxelinux/pxelinux.cfg or efi, depending on whether the client is BIOS or UEFI-based. For more information, see:

  7. If SELinux is enabled in enforcing mode on your system and you configured a TFTP server directory other than /var/lib/tftpboot, use the semanage command to define the default file type of the TFTP server directory hierarchy as tftpdir_t and then use the restorecon command to apply the file type to the entire directory hierarchy, for example:

    # /usr/sbin/semanage fcontext -a -t tftpdir_t "/var/tftpboot(/.*)?"
    # /sbin/restorecon -R -v /var/tftpboot

    See the tftpd_selinux(8) manual page for more information.

    Note

    The semanage and restorecon commands are provided by the policycoreutils-python and policycoreutils packages.

  8. Enable the TFTP network socket, and configure it to start after a reboot.

    # systemctl start tftp.socket
    # systemctl enable tftp.socket

    You do not need to restart the TFTP service if you change the content of boot loader configuration files.

  9. Configure the firewall to accept TFTP requests, for example:

    # firewall-cmd --zone=zone --add-service=tftp
    # firewall-cmd --zone=zone --add-service=tftp --permanent