A Creating a Network Installation Setup
Network installations are useful and advantageous especially in scenarios where you have to install the OS on multiple systems.
If you use a boot ISO or the Preboot eXecution Environment (PXE) to install the OS on systems, you can set up a network installation configuration that consists of the following components:
-
A network installation server that provides the IP and network configuration, the PXE configuration files, kernel and boot images, and kernel boot directives. In this example,
dnsmasq
is used to provide these services. -
A network accessible file system server over a protocol such as NFS or HTTP, where packages, the kickstart file, and other required configuration files might be stored. In this document, NFS is used as the file system. Note that if your systems have direct access to the Internet, you can configure your kickstart installation to use the BaseOS and AppStream repositories directly available on the Oracle Linux yum server for the package installation. You can also create a yum mirror of these repositories as described in Oracle Linux: Managing Software on Oracle Linux so that systems that do not have direct access to the Internet have access to a complete set of packages. However, you would still need to provide a mechanism to serve the kickstart file up to the system when it boots.
The two components can be on separate systems. Also, they are not required to run the latest Oracle Linux version. A previous release would suffice. For convenience, the scenario in this example assumes that the two components are hosted in one system. It also assumes that kickstart installation is used.
Setting Up the Network Server
Preparing a server for a network installation consists of the following general tasks:
How to Configure NFS
If you have an existing NFS server, you can use this service to host the extracted contents of an ISO and your kickstart configuration files. Ensure that the exported share directories are accessible to the IP ranges specified for your PXE boot hosts.
If you do not have an available NFS server, use the following procedure to install and configure the service to enable network installation.
Note:
These NFS configuration steps are limited only to what is relevant to a network installation. For more information in configuring NFS, refer to the appropriate Oracle Linux System Administration guide.
-
Install the
nfs-utils
package:sudo dnf install nfs-utils -y
-
If you are running a firewall service, enter the following firewall command.
sudo firewall-cmd --add-service nfs --permanent
If you are using an alternate firewall service or you have an external firewall device, ensure that you configure rules that grant PXE boot hosts access to the NFS service on this system.
-
Create a directory to store the ISO image, for example.
sudo mkdir /var/nfs-exports/ISOs
-
Export the NFS share directory.
sudo exportfs -i -o ro [subnet]:/var/nfs-exports/ISOs
This syntax grants world access to the NFS share with read only permissions. Adding subnet, for example
192.0.2.0/24:/var/nsf-exports/ISOs
, limits access only to the subnet's clients.Alternatively, you can add an entry for exporting the share directory in the
/etc/exports
file, for example:/var/nsf-exports/ISOs 192.0.2.0/24(ro)
Then, reload the
/etc/exports
to implement the entry:sudo exportfs -ra
For more information, see the
exportfs(8)
,exports(5)
, andshowmount(8)
manual pages. -
Start the
nfs-server
service and configure it to automatically start after every system reboot:sudo systemctl start nfs-server sudo systemctl enable nfs-server
-
Extract the downloaded ISO image to a subdirectory of the NFS share directory:
sudo cp -a T path-to-download-image /var/nfs-exports/ISOs/ol9
-
If using kickstart, put the kickstart files in a subdirectory of the NFS share directory also, such as
/var/nfs-exports/ISOs/ksfiles
. -
(Optional) From a different system, verify that the NFS share directory is accessible, for example:
sudo mount -t nfs NFS-server-ip:/var/nfs-exports/ISOs /mnt
How to Configure dnsmasq
The dnsmasq router advertisement server is designed to act as a DNS forwarder, DHCP server, and TFTP server. Dnsmasq is applicable in most network installation scenarios and is therefore a convenient alternative to configuring separate DHCP and TFTP services.
For more information about dnsmasq, see the
dnsmasq(8)
manual page, the
/usr/share/doc/dnsmasq-version
file, and
https://thekelleys.org.uk/dnsmasq/doc.html.
-
Install the
dnsmasq
package.sudo dnf install dnsmasq -y
-
Configure parameters in the
/etc/dnsmasq.conf
file.-
At a minimum, you must have the
enable-tftp
entry and a defined TFTP server directory fortftp-root
. See the entries in bold in the following example:interface=em1 dhcp-range=10.0.0.101,10.0.0.200,6h dhcp-host=80:00:27:c6:a1:16,10.0.0.253,svr1,infinite dhcp-boot=pxelinux/pxelinux.0 dhcp-match=set:efi-x86_64,option:client-arch,8 dhcp-boot=tag:efi-x86_64,shim.efi enable-tftp tftp-root=/var/lib/tftpboot
Note:
If SELinux is enabled in enforcing mode on your system and you configured a TFTP server directory other than
/var/lib/tftpboot
, you must also install thepolicycoreutils-python
andpolicycoreutils
packages to enable you to run the following commands:sudo /usr/sbin/semanage fcontext -a -t tftpdir_t "/var/tftpboot(/.*)?" sudo /sbin/restorecon -R -v /var/tftpboot
These commands define the default file type of the TFTP server directory hierarchy as
tftpdir_t
and apply the file type to the entire directory hierarchy.The following list describes the other parameters in the
/etc/dnsmasq.conf
file:-
interface
-
Specifies the interface to be monitored for incoming client requests.
-
dhcp-range
-
Identifies a range of available IP addresses. The
6h
setting in the example above specifies a six-hour lease of the addresses.To configure static addresses with infinite leases, instead of a pool, specify a static network address and use the
static
andinfinite
keywords, for example:dhcp-range=10.0.0.253,static,infinite
-
dhcp-host
-
Specifies a reserved IP address for a client system. The system is identified by its name and MAC address.
-
dhcp-boot
-
Specifies the location of the boot loader file for clients, such as
pxelinux/pxelinux.0
for BIOS-based clients. For UEFI-based clients, include thetag:efi-x86_64
keyword in the setting before specifying the boot loader, for example:dhcp-boot=tag:efi-x86_64,shim.efi
You must create separate entries for BIOS-based and UEFI-based clients.
-
- Uncomment the
tftp-no-blocksize
line in the file as shown:# This option stops dnsmasq from negotiating a larger blocksize for TFTP # transfers. It will slow things down, but may rescue some broken TFTP # clients. tftp-no-blocksize
-
-
(Optional) To use dnsmasq as a caching-only name server, do the following:
-
In the
/etc/resolv.conf
file, configure a name server entry for 127.0.0.1 that precedes other name server entries, for example:nameserver 127.0.0.1 nameserver 10.0.0.8 nameserver 10.0.0.4
The dnsmasq server ignores the 127.0.0.1 entry and forwards DNS queries to the other listed name servers.
-
Configure the firewall to accept DNS requests:
sudo firewall-cmd --add-service=dns --permanent
-
-
Start the
dnsmasq
service and configure it to automatically start after every system reboot.sudo systemctl start dnsmasq sudo systemctl enable dnsmasq
Configuring PXE Boot Loading
The steps to configure a PXE boot loader depends on the type of system that is used for the boot server.
Important:
You must use the correct kernel and ram-disk image for the installation that you intend to support. For example, if you intend to install a system with a Btrfs root partition, you must use the UEK boot ISO to obtain the correct kernel and image for the system to be able to install with Btrfs support.How to Configure for BIOS-based PXE Clients
-
Install the
syslinux
package that contains thepxelinux.0
boot loader.sudo dnf install syslinux -y
-
Create the
pxelinux/pxelinux.cfg
directory under the TFTP server directory.sudo mkdir -p /var/lib/tftpboot/pxelinux/pxelinux.cfg
-
Copy the boot loader file to the
pxelinux
subdirectory.sudo cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/pxelinux
-
From the NFS share directory, copy the installation kernel (
vmlinuz
), and the ram-disk image file (initrd.img
) to thepxelinux
subdirectory.sudo cp /var/nfs-exports/ISOs/ol9/vmlinuz /var/lib/tftpboot/pxelinux/vmlinuz sudo cp /var/nfs-exports/ISOs/ol9/initrd.img /var/lib/tftpboot/pxelinux/initrd.img
-
Copy the modules for displaying the boot loader as a menu to the boot loader directory.
sudo cp /usr/share/syslinux/*.c32 /var/lib/tftpboot/pxelinux
-
In the
pxelinux.cfg
subdirectory, create and then add entries to a boot configuration file.You can assign any name to the file, such as
pxe.conf
. The following example shows typical entries in the file:DEFAULT menu.c32 TIMEOUT 400 ONTIMEOUT BootLocal PROMPT 0 MENU INCLUDE pxelinux.cfg/pxe.conf NOESCAPE 1 LABEL BootLocal localboot 0 TEXT HELP Boot to local hard disk ENDTEXT LABEL OL9 MENU LABEL OL9 kernel vmlinuz append initrd=initrd.img inst.repo=/var/nfs-exports/ISOs/ol9/ \ inst.ks.sendmac inst.ks=/var/nfs-exports/ISOs/ksfiles/kstart-file TEXT HELP Install Oracle Linux 9 ENDTEXT
Based on these entries, the boot loader would automatically attempt to boot from the local drive if no user intervention occurs during the
TIMEOUT
period. If no OS is installed, then the boot loader would boot from the network and initiate the installation process.This list explains some of the directives used in the configuration file:
-
DEFAULT
identifies the module you want to use for displaying the boot loader menu.For a basic text display, the
menu.c32
module suffices. However, if you add directives for a graphical display, such as images and colors, then specify thevesamenu.c32
module instead. -
TIMEOUT
specifies the period intimeout
/10 seconds before the boot loader boots the client according to the subsequent directives. The next directive (ontimeout
) specifies the action when the wait period expires. -
PROMPT
determines whether or not theboot:
prompt is displayed by default. IfPROMPT
is set to 1, theboot:
prompt is displayed. IfPROMPT
is set to 0, theboot:
prompt is not displayed unless the user presses theShift
orAlt
key at the console. -
MENU INCLUDE
identifies the boot configuration file you created. -
kernel
defines the name of the kernel executable. -
append
defines any parameters that should be appended when loading the kernel, such as the name of the ram-disk image and the location of a file. Note that theinst.repo
variable can be set to point to the BaseOS repository on the Oracle Linux yum server if the system has access to the Internet. For example,inst.repo
can be set tohttps://yum.oracle.com/repo/OracleLinux/OL9/baseos/latest/x86_64
for an x86_64 platform system.Important:
The kernel and ram-disk image file paths are assumed to be relative to the subdirectory that contains the boot loader, such as
pxelinux
. If you place thevmlinuz
andinitrd.img
files in a subdirectory such aspxelinux/OL9
, ensure you have the correct relative paths.
-
How to Configure for UEFI-based PXE Clients
-
Install the following packages:
-
grub2-efi
that contains thegrubx64.efi
boot loader -
shim
that contains the first-stage boot loadershim.efi
This package is required to support Secure Boot on UEFI clients, but should be used for all UEFI clients as a passthrough boot loader.
-
-
Go to the package location and extract their contents.
Run the following commands:
sudo cd /tempdir sudo rpm2cpio grub2-efi-version.rpm | cpio -idmv sudo rpm2cpio shim-version.rpm | cpio -idmv
-
Create a subdirectory, for example,
efi
, under the TFTP server directory..sudo mkdir -p /var/lib/tftpboot/efi
-
Copy the boot loader and other related files to the
efi
subdirectory.Run the following commands:
sudo cp /tempdir/boot/efi/EFI/redhat/grubx64.efi /var/lib/tftpboot/efi sudo cp /tempdir/boot/efi/EFI/redhat/shim.efi /var/lib/tftpboot/efi sudo cp /tempdir/boot/efi/EFI/redhat/MokManager.efi /var/lib/tftpboot/efi
Note:
The
shim.efi
andMokManager.efi
files are needed if you want to support Secure Boot on clients. TheMokManager.efi
provides utilities for managing the keys used to sign EFI binaries. As a passthrough boot loader, you would then specifyshim.efi
when settingdhcp-boot
for UEFI-based clients in the/etc/dnsmasq.conf
file. See How to Configure dnsmasq. -
From the NFS share directory, copy the installation kernel (
vmlinuz
) and the ram-disk image file (initrd.img
) to theefi
subdirectory.sudo cp /var/nfs-exports/ISOs/ol9/vmlinuz -O /var/lib/tftpboot/efi/vmlinuz sudo cp /var/nfs-exports/ISOs/ol9/initrd.img /var/lib/tftpboot/efi/initrd.img
-
In the
efi
subdirectory, create and then add entries to thegrub.cfg
boot loader configuration file.The configuration file should have the options for booting from the network as well as for booting locally. The client boots from the network to begin the installation process. Then once the client reboots at the end of the installation, the system boots from the local drive.
The following example shows typical entries in the file:
set default 0 set timeout=10 menuentry 'ol9 localboot' { echo "Booting from local disk" set root=(hd0,gpt1) chainloader efi/shim.efi boot } menuentry 'ol9' { echo "Loading vmlinuz" linuxefi vmlinuz inst.repo=/var/nfs-exports/ISOs/ol9/ inst.ks.sendmac \ inst.ks=/var/nfs-exports/ISOs/ksfiles/kstart-file echo "Loading /initrd.img" initrdefi initrd.img echo "Booting installation kernel" }
Caution:
Boot loader configuration is not uniform across UEFI-based systems. Because of variables such as differing disk layout, a specific boot loader setup will not universally apply to all systems. The previous example illustrates only one way of configuring the boot loader. You must create boot loader configurations appropriate to your own systems.
-
linuxefi
defines the name of the kernel executable and any parameter that should be appended when loading the kernel, such as the location of the installation packages and the location of a file. -
initrdefi
defines the name of the ram-disk image.
Important:
The kernel and ram-disk image file paths are assumed to be relative to the subdirectory that contains the boot loader, such as
efi
. If you place thevmlinuz
andinitrd.img
files in a subdirectory, such asefi/OL9
, ensure you have the correct relative paths. -
Supporting Different Kinds of Clients
To support different types of clients, you can create a configuration file with the name based one the following:
-
Client's UUID, for example,
a8943708-c6f6-51b9-611e-74e6ac80b93d
Note:
A UUID-based file name is valid only for BIOS-based clients. Do not apply it for UEFI-based clients.
-
Client's MAC address prefixed by
01-
, which represents the ARP hardware type for Ethernet, and using dashes to separate each byte value instead of colons, for example,01-80-00-27-c6-a1-16
.Use lowercase characters when typing the MAC address.
-
Client's IP address expressed in hexadecimal without any leading 0x, for example,
0A0000FD
represents the IP address 10.0.0.253.To reduce the number of configuration files, you can group clients by IP address range, for example,
0A0000E
represents the IP address range 10.0.0.224 through 10.0.0.239.
If you are serving both types of clients, ensure that the file
names are distinct from each other. Where the configuration file
for BIOS-based clients is A000FC
, for
example, the equivalent file for UEFI-based clients can be
grub.cfg-A000FC
, and so on.
Place the configuration files in their respective boot loader
subdirectories such as pxelinux/pxelinux.cfg
for BIOS-based clients or efi
subdirectory
for UEFI-based clients.
The boot loader searches for a configuration file in the following order, until a matching file name is found:
-
UUID
(for example,a8943708-c6f6-51b9-611e-74e6ac80b93d
) -
01-MAC_address
(for example,[grub2-cfg-]01-80-00-27-c6-a1-16
) -
Full 32 bits of the IP address (for example,
[grub.cfg-]0A0000FD
) -
Most significant 28 bits of the IP address (for example,
[grub.cfg-]0A0000F
) -
Most significant 24 bits of the IP address (for example,
[grub.cfg-]0A0000
) -
Most significant 20 bits of the IP address (for example,
[grub.cfg-]0A000
) -
Most significant 16 bits of the IP address (for example,
[grub.cfg-]0A00
) -
Most significant 12 bits of the IP address (for example,
[grub.cfg-]0A0
) -
Most significant 8 bits of the IP address (for example,
[grub.cfg-]0A
) -
Most significant 4 bits of the IP address (for example,
[grub.cfg-]0
) -
Default configuration file (either
default
for BIOS-based clients orgrub.cfg
for UEFI-based clients.
If several configuration files for a client type have identical
content, you can use the ln
command to link the
files to a primary copy, for example:
sudo ln primary-ol-verson [grub.cfg-]0A0000FC
sudo ln primary-ol-verson [grub.cfg-]0A0000FD
sudo ln primary-ol-verson [grub.cfg-]0A0000FE
For more information about pxelinux, see https://wiki.syslinux.org/wiki/index.php?title=PXELINUX.
For more information about GRUB 2, run the info
grub
command to access the GRUB 2 manual.