Creating a Network Installation Setup

A Creating a Network Installation Setup

Network installations are useful and advantageous especially in scenarios where you have to install the OS on multiple systems.

If you use a boot ISO or the Preboot eXecution Environment (PXE) to install the OS on systems, you can set up a network installation configuration that consists of the following components:

A network installation server that provides the IP and network configuration, the PXE configuration files, kernel and boot images, and kernel boot directives. In this example, dnsmasq is used to provide these services.
A network accessible file system server over a protocol such as NFS or HTTP, where packages, the kickstart file, and other required configuration files might be stored. In this document, NFS is used as the file system. Note that if your systems have direct access to the Internet, you can configure your kickstart installation to use the BaseOS and AppStream repositories directly available on the Oracle Linux yum server for the package installation. You can also create a yum mirror of these repositories as described in Oracle Linux: Managing Software on Oracle Linux so that systems that do not have direct access to the Internet have access to a complete set of packages. However, you would still need to provide a mechanism to serve the kickstart file up to the system when it boots.

The two components can be on separate systems. Also, they are not required to run the latest Oracle Linux version. A previous release would suffice. For convenience, the scenario in this example assumes that the two components are hosted in one system. It also assumes that kickstart installation is used.

Setting Up the Network Server

Preparing a server for a network installation consists of the following general tasks:

How to Configure NFS

If you have an existing NFS server, you can use this service to host the extracted contents of an ISO and your kickstart configuration files. Ensure that the exported share directories are accessible to the IP ranges specified for your PXE boot hosts.

If you do not have an available NFS server, use the following procedure to install and configure the service to enable network installation.

Note:

These NFS configuration steps are limited only to what is relevant to a network installation. For more information in configuring NFS, refer to the appropriate Oracle Linux System Administration guide.

Install the nfs-utils package:
```
sudo dnf install nfs-utils -y
```
If you are running a firewall service, enter the following firewall command.
```
sudo firewall-cmd --add-service nfs --permanent
```
If you are using an alternate firewall service or you have an external firewall device, ensure that you configure rules that grant PXE boot hosts access to the NFS service on this system.
Create a directory to store the ISO image, for example.
```
sudo mkdir /var/nfs-exports/ISOs
```
Export the NFS share directory.
```
sudo exportfs -i -o ro [subnet]:/var/nfs-exports/ISOs
```
This syntax grants world access to the NFS share with read only permissions. Adding subnet, for example 192.0.2.0/24:/var/nsf-exports/ISOs, limits access only to the subnet's clients.

Alternatively, you can add an entry for exporting the share directory in the /etc/exports file, for example:
```
/var/nsf-exports/ISOs   192.0.2.0/24(ro)
```
Then, reload the /etc/exports to implement the entry:
```
sudo exportfs -ra
```
For more information, see the exportfs(8), exports(5), and showmount(8) manual pages.
Start the nfs-server service and configure it to automatically start after every system reboot:
```
sudo systemctl start nfs-server
sudo systemctl enable nfs-server
```
Extract the downloaded ISO image to a subdirectory of the NFS share directory:
```
sudo cp -a T path-to-download-image /var/nfs-exports/ISOs/ol8
```
If using kickstart, put the kickstart files in a subdirectory of the NFS share directory also, such as /var/nfs-exports/ISOs/ksfiles.
(Optional) From a different system, verify that the NFS share directory is accessible, for example:
```
sudo mount -t nfs NFS-server-ip:/var/nfs-exports/ISOs /mnt
```

How to Configure dnsmasq

The dnsmasq router advertisement server is designed to act as a DNS forwarder, DHCP server, and TFTP server. Dnsmasq is applicable in most network installation scenarios and is therefore a convenient alternative to configuring separate DHCP and TFTP services.

For more information about dnsmasq, see the dnsmasq(8) manual page, the /usr/share/doc/dnsmasq-version file, and https://thekelleys.org.uk/dnsmasq/doc.html.

Install the dnsmasq package.
```
sudo dnf install dnsmasq -y
```
Configure parameters in the /etc/dnsmasq.conf file.
- At a minimum, you must have the enable-tftp entry and a defined TFTP server directory for tftp-root. See the entries in bold in the following example:
```
interface=em1
dhcp-range=10.0.0.101,10.0.0.200,6h
dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite
dhcp-boot=pxelinux/pxelinux.0
dhcp-match=set:efi-x86_64,option:client-arch,8
dhcp-boot=tag:efi-x86_64,shim.efi
enable-tftp
tftp-root=/var/lib/tftpboot
```
  Note:
  
  If SELinux is enabled in enforcing mode on your system and you configured a TFTP server directory other than /var/lib/tftpboot, you must also install the policycoreutils-python and policycoreutils packages to enable you to run the following commands:
```
sudo /usr/sbin/semanage fcontext -a -t tftpdir_t "/var/tftpboot(/.*)?"
sudo /sbin/restorecon -R -v /var/tftpboot
```
  These commands define the default file type of the TFTP server directory hierarchy as tftpdir_t and apply the file type to the entire directory hierarchy.
  The following list describes the other parameters in the /etc/dnsmasq.conf file:
  interface
  
  Specifies the interface to be monitored for incoming client requests.
  
  dhcp-range
  Identifies a range of available IP addresses. The 6h setting in the example above specifies a six-hour lease of the addresses.
  
  To configure static addresses with infinite leases, instead of a pool, specify a static network address and use the static and infinite keywords, for example:
```
dhcp-range=10.0.0.253,static,infinite
```
  dhcp-host
  
  Specifies a reserved IP address for a client system. The system is identified by its name and MAC address.
  
  dhcp-boot
  Specifies the location of the boot loader file for clients, such as pxelinux/pxelinux.0 for BIOS-based clients. For UEFI-based clients, include the tag:efi-x86_64 keyword in the setting before specifying the boot loader, for example:
```
dhcp-boot=tag:efi-x86_64,shim.efi
```
  You must create separate entries for BIOS-based and UEFI-based clients.
- Uncomment the tftp-no-blocksize line in the file as shown:
```
# This option stops dnsmasq from negotiating a larger blocksize for TFTP
# transfers. It will slow things down, but may rescue some broken TFTP
# clients.
tftp-no-blocksize
```
(Optional) To use dnsmasq as a caching-only name server, do the following:
1. In the /etc/resolv.conf file, configure a name server entry for 127.0.0.1 that precedes other name server entries, for example:
```
nameserver 127.0.0.1
nameserver 10.0.0.8
nameserver 10.0.0.4
```
  The dnsmasq server ignores the 127.0.0.1 entry and forwards DNS queries to the other listed name servers.
2. Configure the firewall to accept DNS requests:
```
sudo firewall-cmd --add-service=dns --permanent
```
Start the dnsmasq service and configure it to automatically start after every system reboot.
```
sudo systemctl start dnsmasq
sudo systemctl enable dnsmasq
```

Configuring PXE Boot Loading

The steps to configure a PXE boot loader depends on the type of system that is used for the boot server.

Important:

You must use the correct kernel and ram-disk image for the installation that you intend to support. For example, if you intend to install a system with a Btrfs root partition, you must use the UEK boot ISO to obtain the correct kernel and image for the system to be able to install with Btrfs support.

How to Configure for BIOS-based PXE Clients

Install the syslinux package that contains the pxelinux.0 boot loader.
```
sudo dnf install syslinux -y
```
Create the pxelinux/pxelinux.cfg directory under the TFTP server directory.
```
sudo mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfg
```

Copy the boot loader file to the pxelinux subdirectory.

sudo cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/pxelinux

From the NFS share directory, copy the installation kernel (vmlinuz), and the ram-disk image file (initrd.img) to the pxelinux subdirectory.
```
sudo cp /var/nfs-exports/ISOs/ol8/vmlinuz /var/lib/tftpboot/pxelinux/vmlinuz
sudo cp /var/nfs-exports/ISOs/ol8/initrd.img /var/lib/tftpboot/pxelinux/initrd.img
```
Copy the modules for displaying the boot loader as a menu to the boot loader directory.
```
sudo cp /usr/share/syslinux/*.c32 /var/lib/tftpboot/pxelinux
```
In the pxelinux.cfg subdirectory, create and then add entries to a boot configuration file.

You can assign any name to the file, such as pxe.conf. The following example shows typical entries in the file:
```
DEFAULT menu.c32
TIMEOUT 400
ONTIMEOUT BootLocal
PROMPT 0
MENU INCLUDE pxelinux.cfg/pxe.conf
NOESCAPE 1
LABEL BootLocal
    localboot 0
    TEXT HELP
    Boot to local hard disk
    ENDTEXT

LABEL OL8
    MENU LABEL OL8 
    kernel vmlinuz
    append initrd=initrd.img inst.repo=/var/nfs-exports/ISOs/ol8/ \
    inst.ks.sendmac inst.ks=/var/nfs-exports/ISOs/ksfiles/kstart-file
    TEXT HELP
    Install Oracle Linux 8   
    ENDTEXT
```
Based on these entries, the boot loader would automatically attempt to boot from the local drive if no user intervention occurs during the TIMEOUT period. If no OS is installed, then the boot loader would boot from the network and initiate the installation process.

This list explains some of the directives used in the configuration file:
- DEFAULT identifies the module you want to use for displaying the boot loader menu.
  
  For a basic text display, the menu.c32 module suffices. However, if you add directives for a graphical display, such as images and colors, then specify the vesamenu.c32 module instead.
- TIMEOUT specifies the period in timeout/10 seconds before the boot loader boots the client according to the subsequent directives. The next directive (ontimeout) specifies the action when the wait period expires.
- PROMPT determines whether or not the boot: prompt is displayed by default. If PROMPT is set to 1, the boot: prompt is displayed. If PROMPT is set to 0, the boot: prompt is not displayed unless the user presses the Shift or Alt key at the console.
- MENU INCLUDE identifies the boot configuration file you created.
- kernel defines the name of the kernel executable.
- append defines any parameters that should be appended when loading the kernel, such as the name of the ram-disk image and the location of a file. Note that the inst.repo variable can be set to point to the BaseOS repository on the Oracle Linux yum server if the system has access to the Internet. For example, inst.repo can be set to https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64 for an x86_64 platform system.
  
  Important:
  
  The kernel and ram-disk image file paths are assumed to be relative to the subdirectory that contains the boot loader, such as pxelinux. If you place the vmlinuz and initrd.img files in a subdirectory such as pxelinux/OL8, ensure you have the correct relative paths.

How to Configure for UEFI-based PXE Clients

Install the following packages:
- grub2-efi that contains the grubx64.efi boot loader
- shim that contains the first-stage boot loader shim.efi
  
  This package is required to support Secure Boot on UEFI clients, but should be used for all UEFI clients as a passthrough boot loader.

Go to the package location and extract their contents.

Run the following commands:

sudo cd /tempdir
sudo rpm2cpio grub2-efi-version.rpm | cpio -idmv 
sudo rpm2cpio shim-version.rpm | cpio -idmv

Create a subdirectory, for example, efi, under the TFTP server directory..
```
sudo mkdir -p /var/lib/tftpboot/efi
```
Copy the boot loader and other related files to the efi subdirectory.

Run the following commands:
```
sudo cp /tempdir/boot/efi/EFI/redhat/grubx64.efi /var/lib/tftpboot/efi
sudo cp /tempdir/boot/efi/EFI/redhat/shim.efi /var/lib/tftpboot/efi
sudo cp /tempdir/boot/efi/EFI/redhat/MokManager.efi /var/lib/tftpboot/efi
```
Note:

The shim.efi and MokManager.efi files are needed if you want to support Secure Boot on clients. The MokManager.efi provides utilities for managing the keys used to sign EFI binaries. As a passthrough boot loader, you would then specify shim.efi when setting dhcp-boot for UEFI-based clients in the /etc/dnsmasq.conf file. See How to Configure dnsmasq.
From the NFS share directory, copy the installation kernel (vmlinuz) and the ram-disk image file (initrd.img) to the efi subdirectory.
```
sudo cp /var/nfs-exports/ISOs/ol8/vmlinuz -O /var/lib/tftpboot/efi/vmlinuz
sudo cp /var/nfs-exports/ISOs/ol8/initrd.img /var/lib/tftpboot/efi/initrd.img
```
In the efi subdirectory, create and then add entries to the grub.cfg boot loader configuration file.

The configuration file should have the options for booting from the network as well as for booting locally. The client boots from the network to begin the installation process. Then once the client reboots at the end of the installation, the system boots from the local drive.

The following example shows typical entries in the file:
```
set default 0
set timeout=10

menuentry 'ol8 localboot' {
echo "Booting from local disk"
set root=(hd0,gpt1)
chainloader efi/shim.efi
boot
}

menuentry 'ol8' {
  echo "Loading vmlinuz"
  linuxefi vmlinuz inst.repo=/var/nfs-exports/ISOs/ol8/ inst.ks.sendmac \
  inst.ks=/var/nfs-exports/ISOs/ksfiles/kstart-file
  echo "Loading /initrd.img"
  initrdefi initrd.img
  echo "Booting installation kernel"
}
```
Caution:

Boot loader configuration is not uniform across UEFI-based systems. Because of variables such as differing disk layout, a specific boot loader setup will not universally apply to all systems. The previous example illustrates only one way of configuring the boot loader. You must create boot loader configurations appropriate to your own systems.
- linuxefi defines the name of the kernel executable and any parameter that should be appended when loading the kernel, such as the location of the installation packages and the location of a file.
- initrdefi defines the name of the ram-disk image.
Important:

The kernel and ram-disk image file paths are assumed to be relative to the subdirectory that contains the boot loader, such as efi. If you place the vmlinuz and initrd.img files in a subdirectory, such as efi/OL8, ensure you have the correct relative paths.

Supporting Different Kinds of Clients

To support different types of clients, you can create a configuration file with the name based one the following:

Client's UUID, for example, a8943708-c6f6-51b9-611e-74e6ac80b93d

Note:

A UUID-based file name is valid only for BIOS-based clients. Do not apply it for UEFI-based clients.
Client's MAC address prefixed by 01-, which represents the ARP hardware type for Ethernet, and using dashes to separate each byte value instead of colons, for example, 01-80-00-27-c6-a1-16.

Use lowercase characters when typing the MAC address.
Client's IP address expressed in hexadecimal without any leading 0x, for example, 0A0000FD represents the IP address 10.0.0.253.

To reduce the number of configuration files, you can group clients by IP address range, for example, 0A0000E represents the IP address range 10.0.0.224 through 10.0.0.239.

If you are serving both types of clients, ensure that the file names are distinct from each other. Where the configuration file for BIOS-based clients is A000FC, for example, the equivalent file for UEFI-based clients can be grub.cfg-A000FC, and so on.

Place the configuration files in their respective boot loader subdirectories such as pxelinux/pxelinux.cfg for BIOS-based clients or efi subdirectory for UEFI-based clients.

The boot loader searches for a configuration file in the following order, until a matching file name is found:

UUID (for example, a8943708-c6f6-51b9-611e-74e6ac80b93d)
01-MAC_address (for example, [grub2-cfg-]01-80-00-27-c6-a1-16)
Full 32 bits of the IP address (for example, [grub.cfg-]0A0000FD)
Most significant 28 bits of the IP address (for example, [grub.cfg-]0A0000F)
Most significant 24 bits of the IP address (for example, [grub.cfg-]0A0000)
Most significant 20 bits of the IP address (for example, [grub.cfg-]0A000)
Most significant 16 bits of the IP address (for example, [grub.cfg-]0A00)
Most significant 12 bits of the IP address (for example, [grub.cfg-]0A0)
Most significant 8 bits of the IP address (for example, [grub.cfg-]0A)
Most significant 4 bits of the IP address (for example, [grub.cfg-]0)
Default configuration file (either default for BIOS-based clients or grub.cfg for UEFI-based clients.

If several configuration files for a client type have identical content, you can use the ln command to link the files to a primary copy, for example:

sudo ln primary-ol-verson [grub.cfg-]0A0000FC

sudo ln primary-ol-verson [grub.cfg-]0A0000FD

sudo ln primary-ol-verson [grub.cfg-]0A0000FE

For more information about pxelinux, see https://wiki.syslinux.org/wiki/index.php?title=PXELINUX.

For more information about GRUB 2, run the info grub command to access the GRUB 2 manual.