Trustix Install With PXE
From TrustixWiki
Contents |
Intro
Originally written for Trustix 2.2, expanded and updated for 3.0 For Trustix 3.0, refer to the /pxeboot directory on the CDROM. There is a README.txt that gives terse but complete instructions.
There is a special 30 meg network-based installation ISO image for 3.0 in the download area called trustix-3.0-net.i586.iso. It includes the PXEboot support files.
Overview
PXEboot allows a computer to boot from its network interface; it accesses a 'boot server' to load its operating system so it can operate in diskless mode. Many Linux distros (including Trustix) support PXEboot as an installation method. If you have a system that does not have either CD-ROM or floppy drive, you might still be able to do an installation if it supports PXEboot.
Maybe this is obvious, but you have to have two computers to do this: a boot server and the PXEboot client that you want to install Linux on. This article tells you have to set up a Trustix server to act as the boot server.
Once you have the system booting with PXElinux new possibilities open to you... hands-off OS installs with kickstart, remote management, diskless workstations, router appliances... but that's outside the scope of this doc.
Most computers that have built-in ethernet include PXEboot in the BIOS. Many higher-end network cards have a ROM BIOS chip on them that supports PXEboot. If your computer has a network boot option and you have one of these cards, it might work for you. One of my systems (Intel SE440BX2) supports something called "MBA UNDI" and that was the one needed there. Poke around in the BIOS and experiment. If you have an old computer or a cheap network card, you might be disappointed. Good luck. (Hint: good 10/100BT network cards are dirt cheap right now on eBay. Everyone is going 1000BT and dumping outdated 100BT stuff. I recommend 3COM PCI cards for PXEboot.)
The article at GCTGlobal.com, Network Booting a Linux STB with PXE is very complete, with links to other relevant Web sites. No need to duplicate all that here, so all that we cover is a few minor changes needed for Trustix.
Using Trustix as a boot server
In section "Installing the TFTPD Server", you don't need to build a tftpd server. Just install the package "tftpd-hpa". It is available for TSL 2.2 and 3.0.
For TSL 2.2
In section "Moving Kernel and Root FS Images", copy the contents of http://http.trustix.org/pub/trustix/releases/trustix-2.2/i586/images/pxeboot/ into /tftpboot.
In section "Setting Up PXELINUX", I got pxelinux.0 from the TSL syslinux package.
Also, these are the contents of my pxelinux.cfg/default:
LABEL linux KERNEL vmlinuz APPEND initrd=initrd.img ramdisk_size=8192 IPAPPEND 1
- The label "linux" is looked for by default. It may or may not be what you want.
- The name of the KERNEL and initrd are taken from the i586/images/pxeboot/ directory.
- The size of the ramdisk has to be specified. The default is 4096 and this is too small for the image.
For TSL 3.0
Locations of files are changed in TSL 3, refer to the CDROM's file /pxeboot/README.txt for details. Also the TSL 3.0 version comes with /pxeboot/default; use it instead of the one listed above. It has this in it:
LABEL linux KERNEL vmlinuz APPEND initrd=ramdisk.cramfs ramdisk_size=24780 root=/dev/ram0 console=/dev/tty3
Other systems as boot servers
Just because you want to install Trustix on a new machine with PXEboot does not mean the host has to be running Trustix. For example, on a Debian or Ubuntu server, you can install the required server packages with the command 'apt-get install tftpd-hpa syslinux'. Other than that most of the instructions here apply equally well.
How it works
It's helpful when setting up PXEboot to understand what steps take place.
- When the new computer boots, it has to be set up to use its network card as the boot device.
- The network card broadcasts on your LAN, requesting configuration information from DHCP.
- The DHCP server, in addition to the usual IP address, also sends information to the new machine telling it the address of TFTP server, and what file to load.
- The new machine reads the designated file (usually pxeboot.0) from the TFTP server, and executes it.
- The pxeboot.0 file uses the same TFTP server to load in the Linux kernel vmlinuz and the ramdisk.
- The boot sequence in the ramdisk starts the TSL installer running.
Once the installer is running, installation is the same as for booting from any media.
In this doc, we are setting up one server to do dhcp, tftp, and nfs. But you could use three separate machines. You can also watch in dhcpd.conf for specific MAC addresses and boot different machines with different parameters; for example, you could use it to install Trustix to the machine's hard drive but you could also boot diskless workstations from the same server(s) based on MAC address.
Make it run
Remember the boot server has to have these components not just installed but configured and running!
- dhcpd; set up /etc/dhcpd.conf as described in the PXElinux docs and then do "service dhcpd restart". It is critical that you edit the dhcpd configuration so that the new machine will be able to find its files on the tftp server.
- tftpd, which is started by xinetd so do "service xinetd restart" to enable it.
- nfs or http - so you can make the CDROM image available to the client.
The installer will ask for the location of the CD image, it's up to you to decide where to put it.
I already have NFS installed and running so I use it. I do a loopback mount of the CD image rather than use the CDROM itself, a hard drive is much faster than a CD drive. I make /mnt/cdrom available via NFS, like this:
# mount -o loop trustix-3.0.i586.iso /mnt/cdrom # exportfs *:/mnt/cdrom # showmount -e Export list for otter.clickshift.com: /mnt/cdrom *
No CD available
I was bit confused when Viper (TSL 3.x installer) asked me where my CD drive was, I don't have one! Then I noticed the SKIP button. The NEXT screen asks for the location of the image, network or hard drive.
Security notes
It's not a good idea to have NFS and TFTPd running on servers that are exposed to the Internet. Your boot server should be on an isolated or firewall protected network. You should consider setting up iptables on the boot server to control who can connect to it.
In TSL 3.x, you can optionally have the installer use swup to load the latest packages and security updates; in this case you will want to use a firewall-protected boot server rather than an isolated network.
Troubleshooting
Make sure there is no other DHCP server on your network, for example, a Linksys gateway router with DHCP enabled. It might respond to an IP request faster than the Trustix box and then the process will fail.
If you think the problem is in the tftp stage, you can test your tftp server with a tftp client. You can install the trustix package tftp-hpa. Tftp is a simpler protocol than "ftp"; there are only a few commands. You can't list a directory. Type help after starting the client to see available commands. You should be able to do this:
# cd /tmp # tftp localhost tftp> get vmlinuz tftp> quit # ls -l vmlinuz -rw------- 1 root root 1375813 Jul 1 10:44 vmlinuz
Run tcpdump on the server to see connection attempts from the PXEboot client as it tries to boot. You should be able to see the BOOTPC requests, the DHCP server response with an IP address, and the TFTP server session start up.
Watching the log with 'tail -f /var/log/messages' is helpful too.
Good luck!
Getting all the details correct takes a few hours work, but once it is functioning it's very satisfying watching systems boot without messing around boot media.
