boris/IPXE
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

exo

Browse Source
This commit is contained in:
jierjijr 2023-04-12 14:17:47 +02:00
parent 564d0be377
commit 6ce1fb7ed2
9 changed files with 420 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
README.md
View File

@ -1 +1,125 @@
# Ceci est nos projets rassemblés
## A PXE to unite them all and in the light install them...
# IPXE INSTALLATION
- IPXE installation for Debian 11
## INTRODUCTION
iPXE allows you to set up a PXE (network) boot system to launch operating systems, utility ISOs or installation programs. iPXE is BIOS and EFI compatible. The host system used for this documentation is Ubuntu Server 18.04. (https://doc.ubuntu-fr.org/ipxe)
## TABLE OF CONTENT
[INSTALLATION (ON DEBIAN)](#installation-(on-debian))
[CONFIGURATION FILES](#configuration-files)
[STEPS SCRIPT INSTALL](#steps-script-install)
- [Variable](#variables)
- [Dependencies](#dependencies)
- [DHCP Server](#dhcp-server)
- [TFTP Server](#tftp-server)
- [NFS Server](#nsf-server)
- [LAMP Server](#lamp-server)
- [Prepare iPXE startup files](#prepare-ipxe-startup-files)
- [Directories for distributions](#directories-for-distributions)
- [TFTPD-HPA Restart](#tftpd-hpa-restart)
- [Install Distributions](#install-distributions)
- [Good rights](#good-rights)
- [Reboot](#variables)
[MANUAL INSTALLATION OF DISTRIBUTIONS](#manual-installation-of-distributions)
## INSTALLATION (ON DEBIAN)
Firstly update the system :
```bash
sudo apt update && sudo apt upgrade -y
```
Then:
```bash
sudo sh ipxe-install.sh
```
or
```bash
sudo chmod +x ipxe-install.sh
sudo ./ipxe-install.sh
```
## CONFIGURATION FILES
**IMPORTANT : THE CONFIGURATION FILES HAVE BEEN EDITED UPSTREAM AND REPLACE THE DEFAULT FILES**
More about : https://gitlab.com/garagenum/greg/pxe/-/blob/ipxe/get-distribs.sh
### [DHCP](#dhcp-server)
- ```./configs/isc-dhcp-server /etc/default/isc-dhcp-server```
- ```./configs/dhcpd.conf /etc/dhcp/```
### [TFTP](#tftp-server)
- ```./configs/tftpd-hpa /etc/default/tftpd-hpa```
### [MENU](#ipxe-menu)
- ```./configs/install.ipxe /var/www/html/install.ipxe```
## STEPS SCRIPT INSTALL
about : [ipxe-install.sh](https://gitlab.com/garagenum/greg/pxe/-/blob/ipxe/ipxe-install.sh)
### Variables
- Check server ip
- Network interface check
### Dependencies
- Update the system
- Install wget program
- Install : ```wimboot``` ```mkisofs``` ```cabextract```
### DHCP Server
Installation of the DHCP server on the server.
(WARNING : A server must have a fixed ip address ! )
- Install isc-dhcp-server
- Edit dhcp.conf located in ```etc/dhcp/``` >>> adapt to our current network
For our configuration we have chosen as address range between ```.150``` & ```.199```
### TFTP Server
The TFTP server is the one that will provide the necessary files for network startup.
- Install TFTP server
- Edit tftpd-hpa file located in ```/etc/default/```
- Replace the TFTP address with the address of our ixpe server
- Then restart the service : isc-dhcp-server
### NFS Server
The NFS server will be necessary in some cases, it allows to leave files available to the started system.
- Install nfs-kernel-server
### LAMP Server
To work, iPXE needs an HTTP server.
- Install HTTP server
- Create a symbolic link from tftpboot to the LAMP server
### Prepare iPXE startup files
- In this directory : ```/var/lib/tftpboot```
- Downloading files from the Web :
```undionly.kpxe``` and ```ipxe.efi```
### IPXE Menu
- The iPXE menu must be located on the web server, located in ```/var/www/html/```
- Create a symbolic link from ```/var/www/html/install.ipxe``` to ```/var/lib/tftpboot/```
- Allow sharing in the NFS configuration file :
```bash
sudo echo "/var/lib/tftpboot/ *(async,no_root_squash,no_subtree_check,ro)" >> /etc/exports
```
- Then restart the service nfs-kernel-server
### Directories for distributions
- In this directory : ```/var/lib/tftpboot```
- Create folders for all used distributions
### TFTPD-HPA Restart
- Restart tftpd-hpa service
### Install Distributions
- Call the script ```get-distribs.sh```
### Good rights
- Re-establishing the right rights to root : ```/var/lib/tftpboot```
- Modification of the rights of a directory and its sub-directories : ```/var/lib/tftpboot```
### Reboot
- Reboot and and test the operation
## DONE !
## MANUAL INSTALLATION OF DISTRIBUTIONS
about : [get-distribs.sh](https://gitlab.com/garagenum/greg/pxe/-/blob/ipxe/get-distribs.sh)
### Process
- In this directory ```/tmp```
- We have added a variable url, in which is referenced the url that will serve as a source to download the iso
- Then we mount iso file in this directory ```/mnt```
Explanation : The loop option of mount (it's not a type, it's an option) tells mount that this is a "looping" device - a normal file to use as a block device. In the background, mount sets up a loopback device, then mounts it to /mnt in our case.
- We copy everything in ```/mnt``` to a folder in the ```/var/lib/tftpboot/``` directory where our installation images are located
- Then we dismantle everything in ```/mnt```
- Finally we delete the iso present in the /mnt directory

4
configs/chain.ipxe Normal file
View File

@ -0,0 +1,4 @@
#!ipxe
dhcp
chain http://$192.168.1.52/install.ipxe

89
configs/dhcpd.conf Normal file
View File

@ -0,0 +1,89 @@
default-lease-time 7200;
max-lease-time 7200;
allow unknown-clients;
#authoritative;
option subnet-mask 255.255.255.0;
###PXE###
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16;
option space ipxe;
option ipxe-encap-opts code 175 = encapsulate ipxe;
option ipxe.priority code 1 = signed integer 8;
option ipxe.keep-san code 8 = unsigned integer 8;
option ipxe.skip-san-boot code 9 = unsigned integer 8;
option ipxe.syslogs code 85 = string;
option ipxe.cert code 91 = string;
option ipxe.privkey code 92 = string;
option ipxe.crosscert code 93 = string;
option ipxe.no-pxedhcp code 176 = unsigned integer 8;
option ipxe.bus-id code 177 = string;
option ipxe.san-filename code 188 = string;
option ipxe.bios-drive code 189 = unsigned integer 8;
option ipxe.username code 190 = string;
option ipxe.password code 191 = string;
option ipxe.reverse-username code 192 = string;
option ipxe.reverse-password code 193 = string;
option ipxe.version code 235 = string;
option iscsi-initiator-iqn code 203 = string;
# Feature indicators
option ipxe.pxeext code 16 = unsigned integer 8;
option ipxe.iscsi code 17 = unsigned integer 8;
option ipxe.aoe code 18 = unsigned integer 8;
option ipxe.http code 19 = unsigned integer 8;
option ipxe.https code 20 = unsigned integer 8;
option ipxe.tftp code 21 = unsigned integer 8;
option ipxe.ftp code 22 = unsigned integer 8;
option ipxe.dns code 23 = unsigned integer 8;
option ipxe.bzimage code 24 = unsigned integer 8;
option ipxe.multiboot code 25 = unsigned integer 8;
option ipxe.slam code 26 = unsigned integer 8;
option ipxe.srp code 27 = unsigned integer 8;
option ipxe.nbi code 32 = unsigned integer 8;
option ipxe.pxe code 33 = unsigned integer 8;
option ipxe.elf code 34 = unsigned integer 8;
option ipxe.comboot code 35 = unsigned integer 8;
option ipxe.efi code 36 = unsigned integer 8;
option ipxe.fcoe code 37 = unsigned integer 8;
option ipxe.vlan code 38 = unsigned integer 8;
option ipxe.menu code 39 = unsigned integer 8;
option ipxe.sdi code 40 = unsigned integer 8;
option ipxe.nfs code 41 = unsigned integer 8;
###RESEAUX###
subnet 192.168.1.0 netmask 255.255.255.0 {
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 8.8.8.8, 1.1.1.1;
range 192.168.1.150 192.168.1.199;
ping-check = 1;
next-server IP;
# PXE
if option arch = 00:07 or option arch = 00:09 {
if exists user-class and option user-class = "iPXE" {
filename "http://IP/install.ipxe";
} else {
filename "ipxe/ipxe.efi";
}
} else if option arch = 00:06 {
if exists user-class and option user-class = "iPXE" {
filename "http://IP/install.ipxe";
} else {
filename "ipxe/ipxe32.efi";
}
} else {
if exists user-class and option user-class = "iPXE" {
filename "http://IP/install.ipxe";
} else {
filename "undionly.kpxe";
}
}
}

17
configs/exports Normal file
View File

@ -0,0 +1,17 @@
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
/var/lib/tftpboot/ *(async,no_root_squash,no_subtree_check,ro)
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
# POUR TOUTES LES DISTRIBS (ACCES FICHIERS)
# /var/lib/tftpboot/ *(async,no_root_squash,no_subtree_check,ro)
# POUR UBUNTU (ACCES FICHIERS)
#/var/lib/tftpboot/ubuntu-live *(async,no_root_squash,no_subtree_check,ro)

52
configs/install.ipxe Normal file
View File

@ -0,0 +1,52 @@
#!ipxe
### VARIABLES
set menu-timeout 72000
set submenu-timeout ${menu-timeout}
isset ${menu-default} || set menu-default item1
set server_ip IP
# HS
#console --picture http://boot.ipxe.org/ipxe.png
# MENU
menu
item --gap -- - Install Menu
item --gap -- -------------DEBIAN-LIVE-64-------------
item debian-live-64 Debian-live-64
item --gap -- -------------SHREDOS-64-----------------
item shredos-64 Shredos-64 (nwipe)
item --gap -- -------------LMDE-LIVE-64---------------
item lmde-64 LMDE-live-64
item --gap -- -------------SORTIR---------------------
item shell Shell iPXE
item exit Exit
choose --timeout ${menu-timeout} --default ${menu-default} target && goto ${target}
#####################################OS-LIVE###############################################
#Paramètres de démarrage pour DEBIAN-LIVE-64 -- OK
:debian-live-64
kernel http://${server_ip}/tftpboot/debian-live-64/live/vmlinuz
initrd http://${server_ip}/tftpboot/debian-live-64/live/initrd.img
imgargs vmlinuz initrd=initrd root=/dev/nfs boot=live components netboot=nfs nfsroot=${server_ip}:/var/lib/tftpboot/debian-live-64 ip=dhcp quiet splash --
boot
#Paramètres de démarrage pour SHRED OS-64 -- OK
:shredos-64
kernel http://${server_ip}/tftpboot/shredos-64/boot/bzImage console=tty3 quiet loglevel=0
boot || goto menu
#Paramètres de démarrage pour LMDE-LIVE-64 OK
:lmde-64
kernel http://${server_ip}/tftpboot/lmde-live-64/live/vmlinuz
initrd http://${server_ip}/tftpboot/lmde-live-64/live/initrd.lz
imgargs vmlinuz initrd=initrd boot=live user=mint initrd=initrd root=/dev/nfs netboot=nfs nfsroot=${server_ip}:/var/lib/tftpboot/lmde-live-64 ip=dhcp quiet nosplash --
boot || goto menu
:shell
shell
:exit
exit

17
configs/isc-dhcp-server Normal file
View File

@ -0,0 +1,17 @@
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4=NETINTERFACE
INTERFACESv6=""

5
configs/tftpd-hpa Normal file
View File

@ -0,0 +1,5 @@
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/var/lib/tftpboot"
TFTP_ADDRESS="IP:69"
TFTP_OPTIONS="--secure"
RUN_DAEMON="yes"

30
get-distribs.sh Normal file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# GET ISO FILES
# LMDE-LIVE-64 - OK
cd /tmp
url="https://ftp.crifo.org/mint-cd/debian/lmde-5-cinnamon-64bit.iso"
wget $url
sudo mount -o loop lmde-5-cinnamon-64bit.iso /mnt
sudo cp -r /mnt/. /var/lib/tftpboot/lmde-live-64
sudo umount /mnt
sudo rm -rf /tmp/lmde-5-cinnamon-64bit.iso
# SHREDOS-64
url="https://github.com/PartialVolume/shredos.x86_64/releases/download/v2021.08.2_21_x86-64_0.32.023/shredos-2021.08.2_21_x86-64_0.32.023_20220126.iso"
wget $url
sudo mount -o loop ./shredos-2021.08.2_21_x86-64_0.32.023_20220126.iso /mnt
sudo cp -r /mnt/. /var/lib/tftpboot/shredos-64
sudo umount /mnt
sudo rm -rf /tmp/shredos-2021.08.2_21_x86-64_0.32.023_20220126.iso
# DEBIAN-LIVE-64 - OK
url="https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-11.6.0-amd64-gnome.iso"
wget $url
sudo mount -o loop ./debian-live-11.6.0-amd64-gnome.iso /mnt
sudo cp -r /mnt/. /var/lib/tftpboot/debian-live-64/
sudo umount /mnt
sudo rm -rf /tmp/debian-live-11.6.0-amd64-gnome.iso
sudo mv /var/lib/tftpboot/debian-live-64/live/vmlinuz* /var/lib/tftpboot/debian-live-64/live/vmlinuz
sudo mv /var/lib/tftpboot/debian-live-64/live/initrd* /var/lib/tftpboot/debian-live-64/live/initrd.img

81
ipxe-install.sh Normal file
View File

@ -0,0 +1,81 @@
#!/bin/bash
# VARIABLES
IP=$(ip route get 1.2.3.4 | awk '{print $7}')
INTERFACE="$(ip addr show | awk '/inet.*brd/{print $NF; exit}')"
# DEPENDANCES
sudo apt update
sudo apt install wget -y
#sudo apt install wimboot mkisofs cabextract -y
# DHCP SERVICE
sudo apt install isc-dhcp-server -y
mv /etc/default/isc-dhcp-server /etc/default/isc-dhcp-server.BAK
sed -i "s/NETINTERFACE/$INTERFACE/" ./configs/isc-dhcp-server; sudo cp ./configs/isc-dhcp-server /etc/default/isc-dhcp-server
mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.BAK
sed -i "s/IP/$IP/g" ./configs/dhcpd.conf; sudo cp ./configs/dhcpd.conf /etc/dhcp/
# TFTP
sudo apt install tftpd-hpa -y
sudo mkdir -p /var/lib/tftpboot
sed -i "s/IP/$IP/" ./configs/tftpd-hpa; cp ./configs/tftpd-hpa /etc/default/tftpd-hpa
sudo service isc-dhcp-server restart
# NFS
sudo apt install nfs-kernel-server -y
# LAMP
sudo apt install apache2 php libapache2-mod-php php-mysql php-curl php-gd php-intl php-json php-mbstring php-xml php-zip -y
ln -s /var/lib/tftpboot /var/www/html/tftpboot
cd /var/lib/tftpboot
sudo wget http://boot.ipxe.org/undionly.kpxe
sudo wget http://boot.ipxe.org/ipxe.efi
cd -
# CHAIN.IPXE
#cd /tmp
#git clone git://git.ipxe.org/ipxe.git
#cd /tmp/ipxe/src
#sed -i "s/IP/$IP/" ./configs/chain.ipxe; sudo cp ./configs/chain.ipxe /tmp/ipxe/src/chain.ipxe
# INSTALL.IPXE (MENU)
sudo sed -i "s/IP/$IP/" ./configs/install.ipxe; sudo cp ./configs/install.ipxe /var/www/html/install.ipxe
sudo ln -s /var/www/html/install.ipxe /var/lib/tftpboot/
# ALLOW SHARING IN THE NFS CONF FILE :
sudo echo "/var/lib/tftpboot/ *(async,no_root_squash,no_subtree_check,ro)" >> /etc/exports
sudo systemctl restart nfs-kernel-server
# CREATION DES DOSSIERS DISTRIBS
cd /var/lib/tftpboot
sudo mkdir lmde-live-64 shredos-64 debian-live-64
cd -
# REDEMARRAGE TFTPD-HPA
sudo service tftpd-hpa restart
# INSTALL DES DISTRIBS (SCRIPT MAX)
sudo sh ./get-distribs.sh
# WINDOWS PE -- TODO
# INSTALL DEPENDANCES
# PLACEMENT FICHIERS WINPE + AUTRES WINDOWS
# PRE CONFIG WINPE POUR AUTOBOOT (NETUSE DANS STARTCMD)
# GOOD RIGHTS (voir pour windows...)
sudo chown -R root:root /var/lib/tftpboot
sudo chmod 755 /var/lib/tftpboot
# REBOOT
echo "redémarrage!"
sleep 10
sudo reboot