Chapter 1 Pre-installation Configuration

This chapter describes the system requirements for Oracle Linux 7, how to obtain the software, how to set up a network installation server, and some general guidelines to help prepare for an installation.

1.1 System Requirements

Oracle Linux 7 includes both the Unbreakable Enterprise Kernel (UEK) and Red Hat Compatible Kernel (RHCK). You can install Oracle Linux 7 on x86-64 systems with up to 2048 logical CPUs and 64 TB of memory. The theoretical upper limit is 5120 logical CPUs and 64 TB of memory, but Oracle has not tested this configuration. A minimum of 2 logical CPUs and 1 GB of memory per logical CPU is recommended. Although the minimum disk space required for installation is 1GB, a minimum of 5 GB is recommended.

If your system supports UEFI mode and you plan to boot and install Oracle Linux 7 in this mode, make sure that the target disk uses GPT (GUID Partition Table), as some UEFI firmwares do not allow UEFI/MBR boot.

For additional details about system requirements and any known installation issues, see the release notes for your Oracle Linux 7 release and update level at Oracle® Linux 7 Documentation

For information about x86-based servers that are certified for Oracle Linux with UEK, see the Hardware Certification List for Oracle Linux and Oracle VM at https://linux.oracle.com/hardware-certifications.

For UEK system requirements and known issues, see the documentation for your UEK release at Unbreakable Enterprise Kernel Documentation

1.2 Obtaining and Preparing Installation Media

The Oracle Linux distribution is free to download, use, and distribute.

You can download the Oracle Linux installation media from the Oracle Software Delivery Cloud at https://edelivery.oracle.com/linux. After logging in, the Popular Downloads window containing a list of products is displayed.

To download the Oracle Linux 7 installation media, do the following:

  1. Choose one of the following methods to obtain your product:

    • If your product is included in the Popular Downloads window, then select that product to add it to the cart.

    • If your product is not included in the Popular Downloads window, then do the following:

      1. Type "Oracle Linux 7" in the search box, then click Search.

      2. From the search results list, select the product you want to download to add it to the cart.

  2. Click the Cart icon.

  3. From the Platform/Languages drop-down list, select your system's platform, then continue.

  4. On the next page, accept the terms of licenses, then continue.

  5. On the last page that itemizes the contents of the Oracle Linux package that you selected, click Download.

The Media Pack contains the following ISO images:

  • Oracle Linux 7 for x86_64 (64 bit)

    This ISO image contains everything needed to boot a system and install Oracle Linux.

  • Oracle Linux 7 Boot ISO image for x86_64 (64 bit)

    This ISO image contains everything that is required to boot a system and start an installation. However, to complete the installation, you must specify the location of the packages, for example on a local disk or an NFS share. RHCK is used during the installation and both UEK and RHCK kernels are installed. After the installation, the system boots the UEK kernel by default.

    Note

    When installing releases prior to Oracle Linux 7 Update 3, Unbreakable Enterprise Kernel Release 3 is used. From Oracle Linux 7 Update 3 on, the default kernel is Unbreakable Enterprise Kernel Release 4.

  • Oracle Linux 7 UEK Boot ISO image for x86_64 (64 bit)

    This ISO image contains everything that is required to boot a system and start an installation. However, to complete the installation, you must specify the location of the packages, for example on a local disk, an NFS share, or an HTTP resource like the base repository for an Oracle Linux release on the Oracle Linux yum server. UEK is used during the installation and is the default kernel that is booted after an installation. Use this boot image if you have hardware that is only supported on UEK, or if you are having trouble with the installer when using the RHCK boot image. This ISO image is available in the Media Pack for Oracle Linux 7 Update 2 and later.

  • Oracle Linux 7 Source DVD 1 and 2

    These ISO images contain the source code for the software packages in the release.

You can use the full installation ISO image or the boot ISO image to do the following:

The ISO images can be used in a virtual DVD-ROM drive to boot and install an Oracle VM or Oracle VM VirtualBox virtual machine (guest).

You can use the full installation ISO image to prepare a network location, such as an NFS share or HTTP server directory, for use during an installation. This method is typically used when a boot image is used to start an installation. See Section 1.3, “Configuring a Network Installation Server”.

Note that the media pack might contain additional content that may pertain to a particular release update of Oracle Linux. Items such as Driver Update Disks may also be included. These items are described in further detail in the release notes for the particular update release.

After installation, you can obtain Oracle Linux packages from the Unbreakable Linux Network (ULN) and the Oracle Linux yum server. For more information, see Chapter 5, Post-Installation Configuration.

1.2.1 Preparing CD or DVD Installation Media

Only a recordable DVD has enough storage capacity for the full installation ISO image.

A recordable CD has enough storage capacity for the boot ISO image, but not for the full installation ISO image.

To write an ISO image file to a CD or DVD, you can use a command such as cdrecord, for example:

# cdrecord -v -eject speed=16 dev=ATA:0,2,0 file_name.iso

You can use the cdrecord -scanbus command to display the SCSI subsystem and device that corresponds to the CD or DVD writer.

1.2.2 Preparing USB Installation Media

If a system's firmware supports booting from a USB drive, you can create a boot image on a USB drive and use this to install Oracle Linux. Depending on the capacity of the USB drive, you can use the full installation ISO image or the boot ISO image to create the bootable USB drive.

To create a bootable USB drive, you can use the dd command or a separate utility that can write an ISO image to a USB drive. The following steps describe how to use the dd command.

Caution

This procedure destroys any existing data on the drive. To avoid overwriting an existing hard disk partition, ensure that you specify the correct device name for the USB drive. The following procedure assumes that the USB drive is the /dev/sdb1 device, which might not be the case on your system.

  1. Insert a USB drive into an Oracle Linux system.

    If the operating system mounts any file systems on the device, unmount these file systems, for example:

    # df /media/USB
    Filesystem           1K-blocks      Used Available Use% Mounted on
    /dev/sdb1                35346     35346         0 100% /media/USB
    # umount /dev/sdb1
  2. Use the dd command to write the contents of the ISO image file to the USB device.

    # dd if=iso_file_name of=usb_device bs=bytes

    For example:

    # dd if=./full_image.iso of=/dev/sdb bs=512k

    Note that you must write the ISO contents directly to the USB device node, not to a partition on the USB device. This helps to ensure that the device is bootable and the contents are found in the correct location.

You can now remove the USB drive and use it to boot a system.

1.2.3 Extracting the Contents of the Full Installation ISO Image

To extract the contents of the full Oracle Linux 7 installation ISO image:

  1. Mount the full installation ISO image on a suitable mount point, for example /mnt:

    # mount -t iso9660 -o loop full_image.iso /mnt

  2. Extract the contents of the full installation ISO image.

    Ensure that the command you use extracts the .treeinfo file at the root of the ISO image, for example:

    # cp -a -T mount_dir output_dir

    For example, to extract the ISO image mounted on /mnt to an NFS share at /var/OSimage/OL7:

    # cp -a -T /mnt /var/OSimage/OL7

    For example, to extract the ISO image mounted on /mnt to a web server directory at /var/www/html/OSimage/OL7:

    # cp -a -T /mnt /var/www/html/OSimage/OL7

  3. Unmount the DVD image:

    # umount mount_dir

1.3 Configuring a Network Installation Server

If you use a boot ISO or the Preboot eXecution Environment (PXE) to install systems, you can set up a network installation server to host the RPM packages. This server must have sufficient storage space to host the full Oracle Linux 7 installation DVD image (approximately 4.5 GB), and you must configure it to use either NFS or HTTP to serve the image files to the target systems on which you want to install Oracle Linux 7.

To configure a network installation server:
  1. Set up an NFS or HTTP server.

    Instructions can be found in the Administrator's Guide for your Oracle Linux release:

  2. Download the full Oracle Linux 7 installation ISO image.

    See Section 1.2, “Obtaining and Preparing Installation Media”.

  3. Configure the NFS or HTTP server to act as a network installation server.

  4. (Optional) Configure support for installation on PXE clients.

    In deployments where multiple systems are installed, it is common to perform a network-based installation by configuring systems to load a PXE boot image from a Trivial File Transfer Protocol (TFTP) server that is configured on the same network. Dynamic Host Configuration Protocol (DHCP) is used to provide clients with the location of the boot files on the FTP server.

    If you want to support PXE client installation, configure the Dynamic Host Configuration Protocol (DHCP) and Trivial File Transfer Protocol (TFTP) services. See Section 1.3.3, “Configuring DHCP and TFTP Services to Support PXE Clients” or Section 1.3.4, “Configuring Dnsmasq to Support PXE Clients”.

1.3.1 Configuring an Existing NFS Server

The following instructions apply to configuring an NFS share on Oracle Linux 7 systems. For instructions on configuring NFS shares on Oracle Linux 6, see Oracle® Linux 6: Administrator's Guide

To configure an existing NFS server:
  1. Create the directory you want to export as the NFS share, for example /var/OSimage/OL7:

    # mkdir -p /var/OSimage/OL7
  2. Copy the Oracle Linux 7 installation files to the NFS share.

    When you copy the full installation ISO image to the NFS share, the installation program is able to detect that the installation source is the full installation ISO image and install from that file.

    If you prefer, you can extract the contents of the full installation ISO image to the NFS share, see Section 1.2.3, “Extracting the Contents of the Full Installation ISO Image”.

  3. Use the exportfs command to export the directory.

    # exportfs -i -o options client:export_dir

    For example, to allow read-only access to the directory /var/OSimage/OL7 for any NFS client on the 192.168.1 subnet:

    # exportfs -i -o ro 192.168.1.0/24:/var/OSimage/OL7

    Alternatively, edit the /etc/exports configuration file and add an entry for the directory, for example:

    /var/OSimage/OL7 192.168.1.0/24(ro)

    Then use the exportfs -ra command to reload the NFS shares defined in the /etc/exports file.

1.3.2 Configuring an Existing Apache HTTP Server

The instructions in this section are for configuring an HTTP directory on Oracle Linux 7 systems. For instructions on configuring HTTP directories on Oracle Linux 6 systems, see Oracle® Linux 6: Administrator's Guide.

To configure an existing Apache HTTP server:
  1. Create the directory that will be used to store the contents of the full installation ISO image.

    Create the directory under the DocumentRoot hierarchy that is defined in the HTTP server configuration file (/etc/httpd/conf/httpd.conf), for example /var/www/html/OSimage/OL7.

    # mkdir -p /var/www/html/OSimage/OL7
  2. Extract the contents of the full installation ISO image to the HTTP directory.

    See Section 1.2.3, “Extracting the Contents of the Full Installation ISO Image”.

  3. Edit the HTTP server configuration file, /etc/httpd/conf/httpd.conf, and add a <Directory> section.

    For example:

    <Directory "/var/www/html/OSimage/OL7">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

    Place this section after the closing </Directory> statement for the <Directory DocumentRoot> section.

    The Indexes option is only required if you want to be able to browse the directory hierarchy, it is not required for installation.

  4. If SELinux is enabled in enforcing mode and you extracted the ISO image to a directory that is not under /var/www/html, use the semanage and restorecon commands to restore the SELinux security context on the extracted files.

    The semanage and restorecon commands are provided by the policycoreutils-python and policycoreutils packages.

    1. Use the semanage command to define the default file type of the directory hierarchy as httpd_sys_content_t:

      # /usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/var/OSimage(/.*)?"

    2. Use the restorecon command to apply the file type to the entire directory hierarchy.

      # /sbin/restorecon -R -v /var/OSimage

    See the httpd_selinux(8) manual page for more information.

1.3.3 Configuring DHCP and TFTP Services to Support PXE Clients

The DHCP and TFTP services required to install Oracle Linux 7 on PXE clients do not have to run on the same host. If you configure separate DHCP and TFTP servers, the DHCP server must define the TFTP server from which a client can download the boot loader, installation kernel, and initial ram-disk files.

The DHCP and TFTP servers do not have to host the installation packages, you can use a separate network installation source. The TFTP server can define a network installation source from which a client can obtain the installation packages.

To configure the DHCP service for PXE client installation requests:
  1. Install the dhcp package.

    # yum install dhcp
  2. Edit /etc/dhcp/dhcpd.conf and configure an entry for the PXE clients, for example:

    set vendorclass = option vendor-class-identifier;
    option pxe-system-type code 93 = unsigned integer 16;
    set pxetype = option pxe-system-type;
    
    option domain-name "example.com";
    
    subnet 10.0.0.0 netmask 255.255.255.0 {
      option domain-name-servers 10.0.0.1;
      option broadcast-address 10.0.0.255;
      option routers 10.0.0.1;
      default-lease-time 14400;
      max-lease-time 28800;
      if substring(vendorclass, 0, 9)="PXEClient" {
        if pxetype=00:06 or pxetype=00:07 {
            filename "efi/grubx64.efi";
        } else {
            filename "pxelinux/pxelinux.0";
        }
      }
      pool {
        range 10.0.0.101 10.0.0.200;
      }
      next-server 10.0.0.6;
    }
    
    host svr1 {
    hardware ethernet 08:00:27:c6:a1:16;
    fixed-address 10.0.0.253;
    option host-name "svr1";
    } 
    
    host svr2 {
    hardware ethernet 08:00:27:24:0a:56;
    fixed-address 10.0.0.254;
    option host-name "svr2";
    } 

    This example configures a pool of generally available IP addresses in the range 10.0.0.101 through 10.0.0.200 on the 10.0.0/24 subnet. Any PXE-booted system on the subnet uses the boot loader that the filename parameter specifies for its PXE type. The boot loader file grubx64.efi for UEFI-based clients is located in the efi subdirectory of the TFTP server directory. The boot loader file pxelinux.0 for BIOS-based clients is located in the pxelinux subdirectory.

    The next-server statement specifies the IP address of the TFTP server from which a client can download the boot loader file.

    Note

    You should include a next-server statement even if you use the same server to host both DHCP and TFTP services. Otherwise, some boot loaders do not know how to obtain their configuration files, which causes them to reboot the client, to hang, or to display a prompt such as boot: or grub>.

    The static IP addresses 10.0.0.253 and 10.0.0.254 are reserved for svr1 and svr2, which are identified by their MAC addresses.

    If the server has more that one network interface, the DHCP service uses the /etc/dhcp/dhcpd.conf file to determine which interfaces to listen on.

  3. Start the DHCP service, and configure it to start after a reboot.

    # systemctl start dhcpd
    # systemctl enable dhcpd

    If you make any changes to /etc/dhcp/dhcpd.conf, restart the dhcpd service.

  4. Configure the firewall to accept DHCP requests, for example:

    # firewall-cmd --zone=zone --add-port=67-68/udp
    # firewall-cmd --zone=zone --add-port=67-68/udp --permanent
To configure the TFTP service for PXE client installation requests:
  1. Install the tftp-server package.

    # yum install tftp-server  
  2. Edit /etc/xinetd.d/tftp and modify the disable and server_args attributes to enable xinetd to start the TFTP service (in.tftpd) and define the TFTP server directory, for example:

    service tftp
    {
        socket_type = dgram
        protocol    = udp
        wait        = yes
        user        = root
        server      = /usr/sbin/in.tftpd
        server_args = -s /var/lib/tftpboot
        disable     = no
        per_source  = 11
        cps         = 100 2
        flags       = IPv4
    }

    This example defines the TFTP server directory to be /var/lib/tftpboot, which is the default.

    When xinetd receives a TFTP request, it starts in.tftpd and directs the request to it.

    For more information about the configuration attributes, see the xinetd.conf(5) manual page.

  3. Obtain the boot loader files.

    PXE clients require a boot loader to load the Linux installation kernel (vmlinuz).

    For BIOS-based PXE clients, you can use the pxelinux.0 boot loader available in the syslinux package. To install this package:

    # yum install syslinux

    For UEFI-based PXE clients, you can use the grubx64.efi boot loader available in the grub2‑efi package. You also need the first-stage boot loader shim.efi, available in the shim package, so that the boot loader and kernel can be verified. Either download these packages to a temporary location, or copy them from the full installation ISO image. Then extract the contents of the packages:

    # cd /tempdir
    # rpm2cpio grub2-efi-version.rpm | cpio -idmv 
    # rpm2cpio shim-version.rpm | cpio -idmv
    Note

    Make sure you specify shim.efi as the boot loader in your DHCP configuration in /etc/dhcp/dhcpd.conf. The shim boot loader is required for Secure Boot, but if it is not used it simply initializes Grub without attempting to validate signatures.

  4. Create the directories used to contain the boot loaders and their configuration files as subdirectories of the TFTP server directory.

    For BIOS-based clients, create the pxelinux/pxelinux.cfg directories, for example:

    # mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfg

    For UEFI-based clients, create the efi directory, for example:

    # mkdir -p /var/lib/tftpboot/efi
  5. Copy the boot loader files, the installation kernel (vmlinuz), and the ram-disk image file (initrd.img) to the TFTP server subdirectories.

    For BIOS-based clients, copy the BIOS boot loader file, the installation kernel, and the ram-disk image file to the pxelinux directory:

    # cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/pxelinux
    # wget http://10.0.0.11/OSimage/OL7/isolinux/vmlinuz -O /var/lib/tftpboot/pxelinux/vmlinuz
    # wget http://10.0.0.11/OSimage/OL7/isolinux/initrd.img -O /var/lib/tftpboot/pxelinux/initrd.img

    For UEFI-based clients, copy the BIOS boot loader file, the installation kernel, and the ram-disk image file to the efi directory:

    # cp /tempdir/boot/efi/EFI/redhat/grubx64.efi /var/lib/tftpboot/efi
    # cp /tempdir/boot/efi/EFI/redhat/shim.efi /var/lib/tftpboot/efi
    # cp /tempdir/boot/efi/EFI/redhat/MokManager.efi /var/lib/tftpboot/efi
    # wget http://10.0.0.11/OSimage/OL7/isolinux/vmlinuz -O /var/lib/tftpboot/efi/vmlinuz
    # wget http://10.0.0.11/OSimage/OL7/isolinux/initrd.img /var/lib/tftpboot/efi/initrd.img
    Note

    Copy the shim.efi and MokManager.efi files to support Secure Boot on clients. The MokManager.efi provides utilities for managing the keys used to sign EFI binaries.

    The above examples use HTTP to obtain the installation kernel and ram-disk images files from a separate network installation server. You could use a local copy of the files if the TFTP server also hosts the installation packages.

    To be able to install different operating system versions on PXE clients, you can rename the kernel and ram-disk image files, for example to vmlinuz-ol7 and initrd-ol7.img. Alternatively, you could copy the kernel and ram-disk image files to subdirectories such as efi/ol7 and pxelinux/ol7.

  6. Create the boot loader configuration files.

    As a minimum, you should create the default boot loader configuration files:

    pxelinux/pxelinux.cfg/default

    Default boot loader configuration file for BIOS-based PXE clients.

    efi/grub.cfg

    Default boot loader configuration file for UEFI-based PXE clients.

    You can create additional client-specific boot loader configuration files in either pxelinux/pxelinux.cfg or efi, depending on whether the client is BIOS or UEFI-based. For more information, see:

  7. If SELinux is enabled in enforcing mode on your system and you configured a TFTP server directory other than /var/lib/tftpboot, use the semanage command to define the default file type of the TFTP server directory hierarchy as tftpdir_t and then use the restorecon command to apply the file type to the entire directory hierarchy, for example:

    # /usr/sbin/semanage fcontext -a -t tftpdir_t "/var/tftpboot(/.*)?"
    # /sbin/restorecon -R -v /var/tftpboot

    See the tftpd_selinux(8) manual page for more information.

    Note

    The semanage and restorecon commands are provided by the policycoreutils-python and policycoreutils packages.

  8. Enable the TFTP network socket, and configure it to start after a reboot.

    # systemctl start tftp.socket
    # systemctl enable tftp.socket

    You do not need to restart the TFTP service if you change the content of boot loader configuration files.

  9. Configure the firewall to accept TFTP requests, for example:

    # firewall-cmd --zone=zone --add-service=tftp
    # firewall-cmd --zone=zone --add-service=tftp --permanent

1.3.4 Configuring Dnsmasq to Support PXE Clients

Dnsmasq is designed to act as a DNS forwarder, DHCP server, and TFTP server for small networks. You can use dnsmasq as an alternative to configuring separate DHCP and TFTP services. For more information about dnsmasq, see the dnsmasq(8) manual page, /usr/share/doc/dnsmasq-version, and http://www.thekelleys.org.uk/dnsmasq/doc.html.

The dnsmasq server does not have to host the installation packages, you can use a separate network installation source.

To configure dnsmasq for PXE client installation requests:
  1. Install the dnsmasq package.

    # yum install dnsmasq
  2. Edit /etc/dnsmasq.conf and configure entries for PXE clients and other systems on the network, for example:

    interface=em1
    dhcp-range=10.0.0.101,10.0.0.200,6h
    dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite
    dhcp-boot=pxelinux/pxelinux.0
    dhcp-match=set:efi-x86_64,option:client-arch,7
    dhcp-boot=tag:efi-x86_64,grubx64.efi
    enable-tftp
    tftp-root=/var/lib/tftpboot

    The lines in the sample configuration file do the following:

    interface=em1

    Listen for incoming client requests on interface em1 only.

    dhcp-range=10.0.0.101,10.0.0.200,6h

    Reserve a pool of generally available IP addresses in the range 10.0.0.101 through 10.0.0.200 on the 10.0.0/24 subnet with a six-hour lease.

    Note

    A dhcp-range setting is required to enable the DHCP service provided by dnsmasq. If you want to configure static addresses but not an address pool, specify a static network address and the keywords static and infinite, for example:

    dhcp-range=10.0.0.253,static,infinite
    dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite

    Reserve the IP address 10.0.0.253 with infinite lease time for svr1, which is identified by the MAC address 08:00:27:c6:a1:16.

    dhcp-boot=pxelinux/pxelinux.0

    Specify the location of the boot loader file, in this case for BIOS-based PXE clients.

    If you want to use a separate TFTP server instead of dnsmasq, specify its IP address after the boot loader path, for example:

    dhcp-boot=pxelinux/pxelinux.0,10.0.0.11
    dhcp-boot=tag:efi-x86_64,grubx64.efi

    Specify the location of the boot loader file required by PXE clients identified with the tag efi‑x86_64, in this case UEFI-based PXE clients. The efi‑x86_64 tag is defined by the dhcp‑match=set:efi‑x86_64 line, which applies the tag to UEFI-based x86_64 clients (architecture code 7).

    This example specifies the grubx64.efi boot loader. For UEFI clients, specify shim.efi as the boot loader.

    If you want to use a separate TFTP server instead of dnsmasq, specify its IP address after the boot loader path, for example:

    dhcp-boot=tag:efi-x86_64,grubx64.efi,10.0.0.11
    enable-tftp

    Enable the TFTP service provided by dnsmasq.

    tftp-root=/var/lib/tftpboot

    Specify the root directory for files served by TFTP. To prevent clients from accessing any file on the host, dnsmasq rejects requests that specify .. as a path element.

    For information on how to configure a separate TFTP server, see Section 1.3.3, “Configuring DHCP and TFTP Services to Support PXE Clients”.

  3. If you want dnsmasq to act as a caching-only name server, configure a name server entry for 127.0.0.1 that precedes other name server entries.

    Dnsmasq ignores the 127.0.0.1 entry and forwards DNS queries to the other listed name servers. If the NetworkManager service is enabled, you can configure name service entries by using the graphical applet, the nm-connection-editor utility, or the nm-tui utility. Otherwise, you can configure name server entries directly in /etc/resolv.conf, for example:

    nameserver 127.0.0.1
    nameserver 10.0.0.8
    nameserver 10.0.0.4

  4. Start the dnsmasq service, and configure it to start after a reboot.

    # systemctl start dnsmasq
    # systemctl enable dnsmasq

    If you make any changes to /etc/dnsmasq.conf, restart the dnsmasq service. You do not need to restart the service if you change the content of boot loader configuration files.

  5. Configure the firewall.

    • Configure the firewall to accept DHCP requests, for example:

      # firewall-cmd --zone=zone --add-port=67-68/udp
      # firewall-cmd --zone=zone --add-port=67-68/udp --permanent
    • If you enable the TFTP service in dnsmasq, configure the firewall to accept TFTP requests, for example:

      # firewall-cmd --zone=zone --add-service=tftp
      # firewall-cmd --zone=zone --add-service=tftp --permanent
    • If you want dnsmasq to act as a caching-only name server, configure the firewall to accept DNS requests:

      # firewall-cmd --zone=zone --add-service=dns
      # firewall-cmd --zone=zone --add-service=dns --permanent
To configure the dnsmasq TFTP service for PXE client installation requests:
  1. Obtain the boot loader files.

    PXE clients require a boot loader to load the Linux installation kernel (vmlinuz).

    For BIOS-based PXE clients, you can use the pxelinux.0 boot loader available in the syslinux package. To install this package:

    # yum install syslinux  

    For UEFI-based PXE clients, you can use the grubx64.efi boot loader available in the grub2‑efi package. You also need the first-stage boot loader shim.efi, available in the shim package, so that the boot loader and kernel can be verified. Either download these packages to a temporary location, or copy them from the full installation ISO image. Then extract the contents of the packages:

    # cd /tempdir
    # rpm2cpio grub2-efi-version.rpm | cpio -idmv 
    # rpm2cpio shim-version.rpm | cpio -idmv
    Note

    Make sure you specify shim.efi as the boot loader in your DHCP configuration in /etc/dnsmasq.conf. The shim boot loader is required for Secure Boot, but if it is not used it simply initializes Grub without attempting to validate signatures.

  2. Create the directories used to contain the boot loaders and their configuration files as subdirectories of the TFTP server directory.

    For BIOS-based clients, create the pxelinux/pxelinux.cfg directories, for example:

    # mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfg

    For UEFI-based clients, the dnsmasq TFTP server expects the boot loaders and configuration files to be in the root directory, for example /var/lib/tftpboot. You should ensure that this directory exists.

  3. Copy the boot loader files, the installation kernel (vmlinuz), and the ram-disk image file (initrd.img) to the TFTP server subdirectories.

    For BIOS-based clients, copy the BIOS boot loader file, the installation kernel, and the ram-disk image file to the pxelinux directory:

    # cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/pxelinux
    # wget http://10.0.0.11/OSimage/OL7/isolinux/vmlinuz -O /var/lib/tftpboot/pxelinux/vmlinuz
    # wget http://10.0.0.11/OSimage/OL7/isolinux/initrd.img -O /var/lib/tftpboot/pxelinux/initrd.img

    For UEFI-based clients, copy the UEFI boot loader files, the installation kernel, and the ram-disk image file to the root directory of the TFTP server:

    # cp /tempdir/boot/efi/EFI/redhat/grubx64.efi /var/lib/tftpboot
    # cp /tempdir/boot/efi/EFI/redhat/shim.efi /var/lib/tftpboot
    # cp /tempdir/boot/efi/EFI/redhat/MokManager.efi /var/lib/tftpboot
    # wget http://10.0.0.11/OSimage/OL7/isolinux/vmlinuz -O /var/lib/tftpboot/vmlinuz
    # wget http://10.0.0.11/OSimage/OL7/isolinux/initrd.img /var/lib/tftpboot/initrd.img
    Note

    Copy the shim.efi and MokManager.efi files. The MokManager.efi provides utilities for managing the keys used to sign EFI binaries, and shim.efi will validate signatures if Secure Boot is enabled. Depending on your Grub 2 configuration, you could copy the installation kernel, and the ram-disk image file to a subdirectory.

    The above examples use HTTP to obtain the installation kernel and ram-disk images files from a separate network installation server. You could use a local copy of the files if the dnsmasq server also hosts the installation packages.

    To be able to install different operating system versions on PXE clients, you can rename the kernel and ram-disk image files, for example to vmlinuz-ol7 and initrd-ol7.img. Alternatively, you could copy the kernel and ram-disk image files to subdirectories such as efi/ol7 and pxelinux/ol7.

  4. Create the boot loader configuration files.

    As a minimum, you should create the default boot loader configuration files:

    pxelinux/pxelinux.cfg/default

    Default boot loader configuration file for BIOS-based PXE clients.

    grub.cfg

    Default boot loader configuration file for UEFI-based PXE clients.

    You can create additional client-specific boot loader configuration files in either pxelinux/pxelinux.cfg or to the root directory of the TFTP server, depending on whether the client is BIOS or UEFI-based. For more information, see:

  5. If SELinux is enabled in enforcing mode on your system and you configured a TFTP server directory other than /var/lib/tftpboot, use the semanage command to define the default file type of the TFTP server directory hierarchy as tftpdir_t and then use the restorecon command to apply the file type to the entire directory hierarchy, for example:

    # /usr/sbin/semanage fcontext -a -t tftpdir_t "/var/tftpboot(/.*)?"
    # /sbin/restorecon -R -v /var/tftpboot
    Note

    The semanage and restorecon commands are provided by the policycoreutils-python and policycoreutils packages.

1.3.5 Boot Loader Configuration for BIOS-Based PXE Clients

The default file is the default boot loader configuration file for BIOS-based PXE clients and uses pxelinux configuration settings, for example:

prompt 0
default ol7
timeout 0

label ol7
kernel vmlinuz
append initrd=initrd.img inst.repo=http://10.0.0.11/OSimage/OL7 inst.ks.sendmac \
inst.ks=http://10.0.0.11/ksfiles/ol7_cfg.ks

To allow the boot: prompt to be displayed, change the value of prompt to 1. To display the prompt, press Shift or Alt at the console.

The default directive identifies the default boot entry by its label value, ol7.

Pxelinux boots the client using the default boot entry after timeout/10 seconds.

The kernel directive defines the name of the kernel executable and the append directive defines any parameters that should be appended when loading the kernel, such as the name of the ram-disk image and the location of a kickstart file.

The kernel and ram-disk image file paths are assumed to be relative to the subdirectory that contains the boot loader, for example pxelinux. If you place the vmlinuz and initrd.img files in a subdirectory such as pxelinux/OL7, ensure you have the correct relative paths.

If you want to display the boot loader configuration as a menu on the screen, you can use the menu.c32 module. To do this:

  1. Copy the menu.c32 module to the boot loader directory:

    # cp /usr/share/syslinux/menu.c32 /var/lib/tftpboot/pxelinux
  2. Edit the boot loader configuration to use the module, for example:

    default menu.c32
    timeout 0
    
    menu title Install Oracle Linux
    label Install Oracle Linux 7
    kernel vmlinuz
    append initrd=initrd.img inst.repo=http://10.0.0.11/OSimage/OL7 inst.ks.sendmac \
    inst.ks=http://10.0.0.11/ksfiles/ol7_cfg.ks

To support different types of client, you can create a configuration file named for:

  • A client's UUID (for example, a8943708-c6f6-51b9-611e-74e6ac80b93d).

  • A client's MAC address prefixed by 01-, which represents the ARP hardware type for Ethernet, and using dashes to separate each byte value instead of colons (for example, 01-80-00-27-c6-a1-16).

    Note

    The file name must use lowercase characters for the MAC address.

  • A client's IP address expressed in hexadecimal without any leading 0x (for example, 0A0000FD represents the IP address 10.0.0.253).

    To reduce the number of configuration files, you can group clients by IP address range, for example 0A0000E represents the IP address range 10.0.0.224 through 10.0.0.239.

Place the configuration files in pxelinux/pxelinux.cfg.

The boot loader looks for a configuration file in the following order until it finds a matching file name:

  • UUID (for example, a8943708-c6f6-51b9-611e-74e6ac80b93d)

  • 01-MAC_address (for example, 01-80-00-27-c6-a1-16)

  • Full 32 bits of the IP address (for example, 0A0000FD)

  • Most significant 28 bits of the IP address (for example, 0A0000F)

  • Most significant 24 bits of the IP address (for example, 0A0000)

  • Most significant 20 bits of the IP address (for example, 0A000)

  • Most significant 16 bits of the IP address (for example, 0A00)

  • Most significant 12 bits of the IP address (for example, 0A0)

  • Most significant 8 bits of the IP address (for example, 0A)

  • Most significant 4 bits of the IP address (for example, 0)

  • default (the default configuration file)

If several configuration files have identical content, you can use the ln command to link the files to a primary copy, for example:

# ln primary-ol7 0A0000FC
# ln primary-ol7 0A0000FD
# ln primary-ol7 0A0000FE

For more information about pxelinux, see http://www.syslinux.org/wiki/index.php/PXELINUX.

For information about configuring and using kickstart to perform automated installation, see Section 3.2, “Automated Installation Using Kickstart”.

1.3.6 Boot Loader Configuration for UEFI-Based PXE Clients

The grub.cfg file is the default boot loader configuration file for UEFI-based PXE clients and uses GRUB 2 configuration settings:

set default 0
set timeout=10

menuentry 'ol7' {
  echo "Loading efi/vmlinuz"
  linuxefi efi/vmlinuz inst.repo=http://10.0.0.11/OSimage/OL7 inst.ks.sendmac \
  inst.ks=http://10.0.0.11/ksfiles/ol7_cfg.ks
  echo "Loading efi/initrd.img"
  initrdefi efi/initrd.img
  echo "Booting installation kernel"
}

The linuxefi directive defines the name of the kernel executable and defines any parameters that should be appended when loading the kernel, such as the location of the installation packages, and how to access these packages. This example uses HTTP to install the packages from the specified URL. The initrdefi directive defines the name of the ram-disk image.

The kernel and ram-disk image file paths are assumed to be relative to the subdirectory that contains the boot loader, for example efi. If you place the vmlinuz and initrd.img files in a subdirectory such as efi/OL7, ensure you have the correct relative paths.

By default, GRUB 2 does not provide any indication that is transferring the kernel and ram-disk images files. The echo statements in the example above provide a simple indication of progress.

To support different types of client, you can create a configuration file named grub2.cfg-client-ID where client-ID is one of the following:

  • A client's MAC address prefixed by 01-, which represents the ARP hardware type for Ethernet, and using dashes to separate each byte value instead of colons (for example, 01-80-00-27-c6-a1-16).

    Note

    The file name must use lowercase characters for the MAC address.

  • A client's IP address expressed in hexadecimal without any leading 0x (for example, 0A0000FD represents the IP address 10.0.0.253).

    To reduce the number of configuration files, you can group clients by IP address range, for example 0A0000E represents the IP address range 10.0.0.224 through 10.0.0.239.

Place the configuration files in the same directory as the boot loader files, for example efi.

The boot loader looks for a configuration file in the following order until it finds a matching file name:

  • 01-MAC_address (for example, grub.cfg-01-80-00-27-c6-a1-16)

  • Full 32 bits of the IP address (for example, grub.cfg-0A0000FD)

  • Most significant 28 bits of the IP address (for example, grub.cfg-0A0000F)

  • Most significant 24 bits of the IP address (for example, grub.cfg-0A0000)

  • Most significant 20 bits of the IP address (for example, grub.cfg-0A000)

  • Most significant 16 bits of the IP address (for example, grub.cfg-0A00)

  • Most significant 12 bits of the IP address (for example, grub.cfg-0A0)

  • Most significant 8 bits of the IP address (for example, grub.cfg-0A)

  • Most significant 4 bits of the IP address (for example, grub.cfg-0)

  • grub.cfg (the default configuration file)

If several configuration files have identical content, you can use the ln command to link the files to a primary copy, for example:

# ln primary-ol7 grub.cfg-0A0000FC
# ln primary-ol7 grub.cfg-0A0000FD
# ln primary-ol7 grub.cfg-0A0000FE

For more information about GRUB 2, enter the info grub command to access the GRUB 2 manual.

For information about configuring and using kickstart to perform automated installation, see Section 3.2, “Automated Installation Using Kickstart”.

1.4 Planning an Installation

Planning for an installation helps to ensure that the resulting system is ready for its intended use. Use the information in Chapter 2, Installing Oracle Linux Manually to familiarize yourself with the installation process.

The following are the main considerations when planning to install a system:

Storage

The storage devices on which you intend to install the operating system, such as a local hard disk. If the storage devices are already partitioned, identify the partitions that can be used for the installation. The installation program indicates how much disk space is required, and warns you if there is insufficient space.

The layout of the storage devices on which the operating system's file systems will be installed, including any provision for logical volume management or RAID configuration.

The amount of space required for each file system (/, /boot, /home, /var/tmp, and so on), the file system type, and whether the block device underlying each file system should be encrypted.

For iSCSI or FCoE connections, the WWID or the port, target, and LUN to be used.

Network

The network interface to use for installation (if any), and its IP address, netmask, and gateway settings if you do not use DHCP.

The fully qualified domain name of the system, or just the host name if you intend to use DHCP to provide network settings.

Any other network interface to be configured during installation, and their IP address, netmask, and gateway settings if you do not use DHCP.

Any specialized network interfaces to be configured during installation, such as VLANs and bonds.

Software

The software packages that should be installed on the system as determined by the system's intended purpose, such as a web server.

The URLs of any additional repositories and the proxy settings to be used to install packages.