From 6ce1fb7ed28d5eafcc36a819637f60e576db0f24 Mon Sep 17 00:00:00 2001 From: jierjijr Date: Wed, 12 Apr 2023 14:17:47 +0200 Subject: [PATCH] exo --- README.md | 126 +++++++++++++++++++++++++++++++++++++++- configs/chain.ipxe | 4 ++ configs/dhcpd.conf | 89 ++++++++++++++++++++++++++++ configs/exports | 17 ++++++ configs/install.ipxe | 52 +++++++++++++++++ configs/isc-dhcp-server | 17 ++++++ configs/tftpd-hpa | 5 ++ get-distribs.sh | 30 ++++++++++ ipxe-install.sh | 81 ++++++++++++++++++++++++++ 9 files changed, 420 insertions(+), 1 deletion(-) create mode 100644 configs/chain.ipxe create mode 100644 configs/dhcpd.conf create mode 100644 configs/exports create mode 100644 configs/install.ipxe create mode 100644 configs/isc-dhcp-server create mode 100644 configs/tftpd-hpa create mode 100644 get-distribs.sh create mode 100644 ipxe-install.sh diff --git a/README.md b/README.md index 732894d..c4a2f22 100644 --- a/README.md +++ b/README.md @@ -1 +1,125 @@ -# Ceci est nos projets rassemblés \ No newline at end of file +## A PXE to unite them all and in the light install them... +# IPXE INSTALLATION + +- IPXE installation for Debian 11 + +## INTRODUCTION + +iPXE allows you to set up a PXE (network) boot system to launch operating systems, utility ISOs or installation programs. iPXE is BIOS and EFI compatible. The host system used for this documentation is Ubuntu Server 18.04. (https://doc.ubuntu-fr.org/ipxe) + +## TABLE OF CONTENT +[INSTALLATION (ON DEBIAN)](#installation-(on-debian)) + +[CONFIGURATION FILES](#configuration-files) + +[STEPS SCRIPT INSTALL](#steps-script-install) +- [Variable](#variables) +- [Dependencies](#dependencies) +- [DHCP Server](#dhcp-server) +- [TFTP Server](#tftp-server) +- [NFS Server](#nsf-server) +- [LAMP Server](#lamp-server) +- [Prepare iPXE startup files](#prepare-ipxe-startup-files) +- [Directories for distributions](#directories-for-distributions) +- [TFTPD-HPA Restart](#tftpd-hpa-restart) +- [Install Distributions](#install-distributions) +- [Good rights](#good-rights) +- [Reboot](#variables) + +[MANUAL INSTALLATION OF DISTRIBUTIONS](#manual-installation-of-distributions) +## INSTALLATION (ON DEBIAN) +Firstly update the system : +```bash +sudo apt update && sudo apt upgrade -y +``` +Then: + +```bash +sudo sh ipxe-install.sh +``` + +or + +```bash +sudo chmod +x ipxe-install.sh +sudo ./ipxe-install.sh +``` + +## CONFIGURATION FILES +**IMPORTANT : THE CONFIGURATION FILES HAVE BEEN EDITED UPSTREAM AND REPLACE THE DEFAULT FILES** + +More about : https://gitlab.com/garagenum/greg/pxe/-/blob/ipxe/get-distribs.sh +### [DHCP](#dhcp-server) +- ```./configs/isc-dhcp-server /etc/default/isc-dhcp-server``` +- ```./configs/dhcpd.conf /etc/dhcp/``` +### [TFTP](#tftp-server) +- ```./configs/tftpd-hpa /etc/default/tftpd-hpa``` +### [MENU](#ipxe-menu) +- ```./configs/install.ipxe /var/www/html/install.ipxe``` +## STEPS SCRIPT INSTALL +about : [ipxe-install.sh](https://gitlab.com/garagenum/greg/pxe/-/blob/ipxe/ipxe-install.sh) +### Variables +- Check server ip +- Network interface check +### Dependencies +- Update the system +- Install wget program +- Install : ```wimboot``` ```mkisofs``` ```cabextract``` +### DHCP Server +Installation of the DHCP server on the server. +(WARNING : A server must have a fixed ip address ! ) +- Install isc-dhcp-server +- Edit dhcp.conf located in ```etc/dhcp/``` >>> adapt to our current network + +For our configuration we have chosen as address range between ```.150``` & ```.199``` +### TFTP Server +The TFTP server is the one that will provide the necessary files for network startup. +- Install TFTP server +- Edit tftpd-hpa file located in ```/etc/default/``` +- Replace the TFTP address with the address of our ixpe server +- Then restart the service : isc-dhcp-server +### NFS Server +The NFS server will be necessary in some cases, it allows to leave files available to the started system. +- Install nfs-kernel-server +### LAMP Server +To work, iPXE needs an HTTP server. +- Install HTTP server +- Create a symbolic link from tftpboot to the LAMP server +### Prepare iPXE startup files +- In this directory : ```/var/lib/tftpboot``` +- Downloading files from the Web : +```undionly.kpxe``` and ```ipxe.efi``` +### IPXE Menu +- The iPXE menu must be located on the web server, located in ```/var/www/html/``` +- Create a symbolic link from ```/var/www/html/install.ipxe``` to ```/var/lib/tftpboot/``` +- Allow sharing in the NFS configuration file : + +```bash +sudo echo "/var/lib/tftpboot/ *(async,no_root_squash,no_subtree_check,ro)" >> /etc/exports +``` +- Then restart the service nfs-kernel-server +### Directories for distributions +- In this directory : ```/var/lib/tftpboot``` +- Create folders for all used distributions +### TFTPD-HPA Restart +- Restart tftpd-hpa service +### Install Distributions +- Call the script ```get-distribs.sh``` +### Good rights +- Re-establishing the right rights to root : ```/var/lib/tftpboot``` +- Modification of the rights of a directory and its sub-directories : ```/var/lib/tftpboot``` +### Reboot +- Reboot and and test the operation + +## DONE ! +## MANUAL INSTALLATION OF DISTRIBUTIONS +about : [get-distribs.sh](https://gitlab.com/garagenum/greg/pxe/-/blob/ipxe/get-distribs.sh) +### Process +- In this directory ```/tmp``` +- We have added a variable url, in which is referenced the url that will serve as a source to download the iso +- Then we mount iso file in this directory ```/mnt``` + +Explanation : The loop option of mount (it's not a type, it's an option) tells mount that this is a "looping" device - a normal file to use as a block device. In the background, mount sets up a loopback device, then mounts it to /mnt in our case. +- We copy everything in ```/mnt``` to a folder in the ```/var/lib/tftpboot/``` directory where our installation images are located +- Then we dismantle everything in ```/mnt``` +- Finally we delete the iso present in the /mnt directory diff --git a/configs/chain.ipxe b/configs/chain.ipxe new file mode 100644 index 0000000..47eba1a --- /dev/null +++ b/configs/chain.ipxe @@ -0,0 +1,4 @@ +#!ipxe + +dhcp +chain http://$192.168.1.52/install.ipxe diff --git a/configs/dhcpd.conf b/configs/dhcpd.conf new file mode 100644 index 0000000..758b327 --- /dev/null +++ b/configs/dhcpd.conf @@ -0,0 +1,89 @@ +default-lease-time 7200; +max-lease-time 7200; + +allow unknown-clients; +#authoritative; +option subnet-mask 255.255.255.0; + +###PXE### +option space PXE; +option PXE.mtftp-ip code 1 = ip-address; +option PXE.mtftp-cport code 2 = unsigned integer 16; +option PXE.mtftp-sport code 3 = unsigned integer 16; +option PXE.mtftp-tmout code 4 = unsigned integer 8; +option PXE.mtftp-delay code 5 = unsigned integer 8; +option arch code 93 = unsigned integer 16; + +option space ipxe; +option ipxe-encap-opts code 175 = encapsulate ipxe; +option ipxe.priority code 1 = signed integer 8; +option ipxe.keep-san code 8 = unsigned integer 8; +option ipxe.skip-san-boot code 9 = unsigned integer 8; +option ipxe.syslogs code 85 = string; +option ipxe.cert code 91 = string; +option ipxe.privkey code 92 = string; +option ipxe.crosscert code 93 = string; +option ipxe.no-pxedhcp code 176 = unsigned integer 8; +option ipxe.bus-id code 177 = string; +option ipxe.san-filename code 188 = string; +option ipxe.bios-drive code 189 = unsigned integer 8; +option ipxe.username code 190 = string; +option ipxe.password code 191 = string; +option ipxe.reverse-username code 192 = string; +option ipxe.reverse-password code 193 = string; +option ipxe.version code 235 = string; +option iscsi-initiator-iqn code 203 = string; +# Feature indicators +option ipxe.pxeext code 16 = unsigned integer 8; +option ipxe.iscsi code 17 = unsigned integer 8; +option ipxe.aoe code 18 = unsigned integer 8; +option ipxe.http code 19 = unsigned integer 8; +option ipxe.https code 20 = unsigned integer 8; +option ipxe.tftp code 21 = unsigned integer 8; +option ipxe.ftp code 22 = unsigned integer 8; +option ipxe.dns code 23 = unsigned integer 8; +option ipxe.bzimage code 24 = unsigned integer 8; +option ipxe.multiboot code 25 = unsigned integer 8; +option ipxe.slam code 26 = unsigned integer 8; +option ipxe.srp code 27 = unsigned integer 8; +option ipxe.nbi code 32 = unsigned integer 8; +option ipxe.pxe code 33 = unsigned integer 8; +option ipxe.elf code 34 = unsigned integer 8; +option ipxe.comboot code 35 = unsigned integer 8; +option ipxe.efi code 36 = unsigned integer 8; +option ipxe.fcoe code 37 = unsigned integer 8; +option ipxe.vlan code 38 = unsigned integer 8; +option ipxe.menu code 39 = unsigned integer 8; +option ipxe.sdi code 40 = unsigned integer 8; +option ipxe.nfs code 41 = unsigned integer 8; + +###RESEAUX### +subnet 192.168.1.0 netmask 255.255.255.0 { + option broadcast-address 192.168.1.255; + option routers 192.168.1.254; + option domain-name-servers 8.8.8.8, 1.1.1.1; + range 192.168.1.150 192.168.1.199; + ping-check = 1; + next-server IP; + +# PXE + if option arch = 00:07 or option arch = 00:09 { + if exists user-class and option user-class = "iPXE" { + filename "http://IP/install.ipxe"; + } else { + filename "ipxe/ipxe.efi"; + } + } else if option arch = 00:06 { + if exists user-class and option user-class = "iPXE" { + filename "http://IP/install.ipxe"; + } else { + filename "ipxe/ipxe32.efi"; + } + } else { + if exists user-class and option user-class = "iPXE" { + filename "http://IP/install.ipxe"; + } else { + filename "undionly.kpxe"; + } + } +} diff --git a/configs/exports b/configs/exports new file mode 100644 index 0000000..6ac603d --- /dev/null +++ b/configs/exports @@ -0,0 +1,17 @@ +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). +/var/lib/tftpboot/ *(async,no_root_squash,no_subtree_check,ro) + +# Example for NFSv2 and NFSv3: +# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) +# +# Example for NFSv4: +# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) +# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) +# + +# POUR TOUTES LES DISTRIBS (ACCES FICHIERS) +# /var/lib/tftpboot/ *(async,no_root_squash,no_subtree_check,ro) + +# POUR UBUNTU (ACCES FICHIERS) +#/var/lib/tftpboot/ubuntu-live *(async,no_root_squash,no_subtree_check,ro) diff --git a/configs/install.ipxe b/configs/install.ipxe new file mode 100644 index 0000000..8640247 --- /dev/null +++ b/configs/install.ipxe @@ -0,0 +1,52 @@ +#!ipxe + +### VARIABLES +set menu-timeout 72000 +set submenu-timeout ${menu-timeout} +isset ${menu-default} || set menu-default item1 +set server_ip IP + +# HS +#console --picture http://boot.ipxe.org/ipxe.png +# MENU +menu +item --gap -- - Install Menu +item --gap -- -------------DEBIAN-LIVE-64------------- +item debian-live-64 Debian-live-64 +item --gap -- -------------SHREDOS-64----------------- +item shredos-64 Shredos-64 (nwipe) +item --gap -- -------------LMDE-LIVE-64--------------- +item lmde-64 LMDE-live-64 +item --gap -- -------------SORTIR--------------------- +item shell Shell iPXE +item exit Exit + +choose --timeout ${menu-timeout} --default ${menu-default} target && goto ${target} + + +#####################################OS-LIVE############################################### + +#Paramètres de démarrage pour DEBIAN-LIVE-64 -- OK +:debian-live-64 +kernel http://${server_ip}/tftpboot/debian-live-64/live/vmlinuz +initrd http://${server_ip}/tftpboot/debian-live-64/live/initrd.img +imgargs vmlinuz initrd=initrd root=/dev/nfs boot=live components netboot=nfs nfsroot=${server_ip}:/var/lib/tftpboot/debian-live-64 ip=dhcp quiet splash -- +boot + +#Paramètres de démarrage pour SHRED OS-64 -- OK +:shredos-64 +kernel http://${server_ip}/tftpboot/shredos-64/boot/bzImage console=tty3 quiet loglevel=0 +boot || goto menu + +#Paramètres de démarrage pour LMDE-LIVE-64 OK +:lmde-64 +kernel http://${server_ip}/tftpboot/lmde-live-64/live/vmlinuz +initrd http://${server_ip}/tftpboot/lmde-live-64/live/initrd.lz +imgargs vmlinuz initrd=initrd boot=live user=mint initrd=initrd root=/dev/nfs netboot=nfs nfsroot=${server_ip}:/var/lib/tftpboot/lmde-live-64 ip=dhcp quiet nosplash -- +boot || goto menu + +:shell +shell + +:exit +exit \ No newline at end of file diff --git a/configs/isc-dhcp-server b/configs/isc-dhcp-server new file mode 100644 index 0000000..fb56ba3 --- /dev/null +++ b/configs/isc-dhcp-server @@ -0,0 +1,17 @@ + +# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). +#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf +#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf + +# Path to dhcpd's PID file (default: /var/run/dhcpd.pid). +#DHCPDv4_PID=/var/run/dhcpd.pid +#DHCPDv6_PID=/var/run/dhcpd6.pid + +# Additional options to start dhcpd with. +# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead +#OPTIONS="" + +# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? +# Separate multiple interfaces with spaces, e.g. "eth0 eth1". +INTERFACESv4=NETINTERFACE +INTERFACESv6="" diff --git a/configs/tftpd-hpa b/configs/tftpd-hpa new file mode 100644 index 0000000..e5b95ec --- /dev/null +++ b/configs/tftpd-hpa @@ -0,0 +1,5 @@ +TFTP_USERNAME="tftp" +TFTP_DIRECTORY="/var/lib/tftpboot" +TFTP_ADDRESS="IP:69" +TFTP_OPTIONS="--secure" +RUN_DAEMON="yes" diff --git a/get-distribs.sh b/get-distribs.sh new file mode 100644 index 0000000..c0c246f --- /dev/null +++ b/get-distribs.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# GET ISO FILES + +# LMDE-LIVE-64 - OK +cd /tmp +url="https://ftp.crifo.org/mint-cd/debian/lmde-5-cinnamon-64bit.iso" +wget $url +sudo mount -o loop lmde-5-cinnamon-64bit.iso /mnt +sudo cp -r /mnt/. /var/lib/tftpboot/lmde-live-64 +sudo umount /mnt +sudo rm -rf /tmp/lmde-5-cinnamon-64bit.iso + +# SHREDOS-64 +url="https://github.com/PartialVolume/shredos.x86_64/releases/download/v2021.08.2_21_x86-64_0.32.023/shredos-2021.08.2_21_x86-64_0.32.023_20220126.iso" +wget $url +sudo mount -o loop ./shredos-2021.08.2_21_x86-64_0.32.023_20220126.iso /mnt +sudo cp -r /mnt/. /var/lib/tftpboot/shredos-64 +sudo umount /mnt +sudo rm -rf /tmp/shredos-2021.08.2_21_x86-64_0.32.023_20220126.iso + +# DEBIAN-LIVE-64 - OK +url="https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-11.6.0-amd64-gnome.iso" +wget $url +sudo mount -o loop ./debian-live-11.6.0-amd64-gnome.iso /mnt +sudo cp -r /mnt/. /var/lib/tftpboot/debian-live-64/ +sudo umount /mnt +sudo rm -rf /tmp/debian-live-11.6.0-amd64-gnome.iso +sudo mv /var/lib/tftpboot/debian-live-64/live/vmlinuz* /var/lib/tftpboot/debian-live-64/live/vmlinuz +sudo mv /var/lib/tftpboot/debian-live-64/live/initrd* /var/lib/tftpboot/debian-live-64/live/initrd.img \ No newline at end of file diff --git a/ipxe-install.sh b/ipxe-install.sh new file mode 100644 index 0000000..c272155 --- /dev/null +++ b/ipxe-install.sh @@ -0,0 +1,81 @@ +#!/bin/bash + + +# VARIABLES +IP=$(ip route get 1.2.3.4 | awk '{print $7}') +INTERFACE="$(ip addr show | awk '/inet.*brd/{print $NF; exit}')" + + +# DEPENDANCES +sudo apt update +sudo apt install wget -y +#sudo apt install wimboot mkisofs cabextract -y + +# DHCP SERVICE +sudo apt install isc-dhcp-server -y + +mv /etc/default/isc-dhcp-server /etc/default/isc-dhcp-server.BAK +sed -i "s/NETINTERFACE/$INTERFACE/" ./configs/isc-dhcp-server; sudo cp ./configs/isc-dhcp-server /etc/default/isc-dhcp-server +mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.BAK +sed -i "s/IP/$IP/g" ./configs/dhcpd.conf; sudo cp ./configs/dhcpd.conf /etc/dhcp/ + +# TFTP +sudo apt install tftpd-hpa -y +sudo mkdir -p /var/lib/tftpboot +sed -i "s/IP/$IP/" ./configs/tftpd-hpa; cp ./configs/tftpd-hpa /etc/default/tftpd-hpa + +sudo service isc-dhcp-server restart + +# NFS +sudo apt install nfs-kernel-server -y + +# LAMP +sudo apt install apache2 php libapache2-mod-php php-mysql php-curl php-gd php-intl php-json php-mbstring php-xml php-zip -y + +ln -s /var/lib/tftpboot /var/www/html/tftpboot + +cd /var/lib/tftpboot +sudo wget http://boot.ipxe.org/undionly.kpxe +sudo wget http://boot.ipxe.org/ipxe.efi + +cd - +# CHAIN.IPXE +#cd /tmp +#git clone git://git.ipxe.org/ipxe.git +#cd /tmp/ipxe/src +#sed -i "s/IP/$IP/" ./configs/chain.ipxe; sudo cp ./configs/chain.ipxe /tmp/ipxe/src/chain.ipxe + +# INSTALL.IPXE (MENU) +sudo sed -i "s/IP/$IP/" ./configs/install.ipxe; sudo cp ./configs/install.ipxe /var/www/html/install.ipxe +sudo ln -s /var/www/html/install.ipxe /var/lib/tftpboot/ + +# ALLOW SHARING IN THE NFS CONF FILE : +sudo echo "/var/lib/tftpboot/ *(async,no_root_squash,no_subtree_check,ro)" >> /etc/exports +sudo systemctl restart nfs-kernel-server + +# CREATION DES DOSSIERS DISTRIBS +cd /var/lib/tftpboot +sudo mkdir lmde-live-64 shredos-64 debian-live-64 +cd - + +# REDEMARRAGE TFTPD-HPA +sudo service tftpd-hpa restart + +# INSTALL DES DISTRIBS (SCRIPT MAX) +sudo sh ./get-distribs.sh + +# WINDOWS PE -- TODO +# INSTALL DEPENDANCES +# PLACEMENT FICHIERS WINPE + AUTRES WINDOWS +# PRE CONFIG WINPE POUR AUTOBOOT (NETUSE DANS STARTCMD) + +# GOOD RIGHTS (voir pour windows...) +sudo chown -R root:root /var/lib/tftpboot +sudo chmod 755 /var/lib/tftpboot + + +# REBOOT +echo "redémarrage!" +sleep 10 + +sudo reboot