commit 43f94aa39180d603f461f6673761ffa92f8a67ef Author: Nicolas MASSE Date: Sat Mar 13 15:31:19 2021 +0100 initial commit diff --git a/lab-setup/.gitignore b/lab-setup/.gitignore new file mode 100644 index 0000000..7a8f7aa --- /dev/null +++ b/lab-setup/.gitignore @@ -0,0 +1 @@ +*.iso \ No newline at end of file diff --git a/lab-setup/README.md b/lab-setup/README.md new file mode 100644 index 0000000..3df4196 --- /dev/null +++ b/lab-setup/README.md @@ -0,0 +1,53 @@ +# PXE Lab Setup + +Create a dedicated network for the PXE lab with DHCP disabled. + +```sh +sudo virsh net-define /dev/fd/0 < + pxe-lab + + + + + + + + + +EOF +sudo virsh net-start pxe-lab +sudo virsh net-autostart pxe-lab +``` + +Install the PXE Server. + +```sh +sudo virt-install -n pxe-server --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-server.qcow2,size=10 -l $PWD/CentOS-Stream-8-x86_64-20210311-boot.iso --initrd-inject=$PWD/centos-ks.cfg --extra-args "ks=file:/centos-ks.cfg" --network network=pxe-lab +``` + +[Configure the PXE Server](../pxe-setup/README.md) + +Test the PXE install of a BIOS client. + +```sh +sudo virt-install -n pxe-client-bios --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-client-bios.qcow2,size=10 --pxe --network network=pxe-lab +``` + +Test the PXE install of a UEFI client. + +```sh +sudo virt-install -n pxe-client-uefi --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-client-uefi.qcow2,size=10 --pxe --network network=pxe-lab --boot uefi +``` + +Clean up. + +```sh +sudo virsh destroy pxe-client-uefi +sudo virsh undefine --nvram pxe-client-uefi +sudo rm /var/lib/libvirt/images/pxe-client-uefi.qcow2 + +sudo virsh destroy pxe-client-bios +sudo virsh undefine pxe-client-bios +sudo rm /var/lib/libvirt/images/pxe-client-bios.qcow2 +``` diff --git a/lab-setup/centos-ks.cfg b/lab-setup/centos-ks.cfg new file mode 100644 index 0000000..e178071 --- /dev/null +++ b/lab-setup/centos-ks.cfg @@ -0,0 +1,128 @@ +## +## Environment setup +## + +# CentOS Stream mirror URL +url --url=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ + +# Install mode: text (interactive installs) or cmdline (unattended installs) +# cmdline +text + +# Hash password with SHA-512 +authselect --enableshadow --passalgo=sha512 + +# French keyboard layout +keyboard --vckeymap=fr --xlayouts='fr' + +# English i18n +lang en_US.UTF-8 + +# Accept the EULA +eula --agreed + +# Which action to perform after install: poweroff or reboot +poweroff + +## +## network configuration +## + +# Configure the first network device +# network --bootproto=dhcp --device=enp1s0 --noipv6 --activate +network --bootproto=static --ip=192.168.23.10 --netmask=255.255.255.0 --gateway=192.168.23.1 --nameserver=192.168.23.1 --device=enp1s0 + +# Set the hostname +network --hostname=localhost.localdomain + +# Timezone is GMT +timezone Etc/GMT --utc + +## +## partitioning +## + +# Install on /dev/vda +ignoredisk --only-use=vda + +# Install Grub in the MBR of /dev/vda +bootloader --location=mbr --boot-drive=vda + +# Clear the target disk +zerombr + +# Remove existing partitions +clearpart --all --initlabel + +# Automatically create partitions required by hardware platform +reqpart + +# Create the root partition +part / --fstype xfs --size=1 --grow --asprimary --label=root + +## +## User Accounts +## + +# Generate encrypted password with "openssl passwd -6" +rootpw --lock +user --groups=wheel --name=nicolas --iscrypted --password=$6$XUTB20jVVXIqh78k$L1A9Lft5JlbOtNbeDP.fOZ5giLl09LfJGGCon5uwtsIhPJoNkj4SIk08Rb6vSowOps2ik5tlUwT2ZOZ6jjr7.0 --gecos="Nicolas MASSE" + +# Inject the SSH key of nicolas +sshkey --username nicolas "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain" + +## +## SELinux and Firewalld +## + +selinux --enforcing +firewall --enabled --ssh + +## +## Software Packages +## + +%packages --ignoremissing +@core +@^minimal +net-tools +hdparm +iptraf +iotop +vim-enhanced +tmux +rsync +tree +unzip +tar +tcpdump +telnet +strace +bind-utils +%end + +## +## Install scripts +## + +%post --interpreter=/bin/bash + +# Enable KVM virsh console access +systemctl enable serial-getty@ttyS0.service +systemctl start serial-getty@ttyS0.service + +# Help identify when logged in as root +echo "PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]# '" >> /root/.bashrc + +# Regular users get a different prompt +echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /etc/skel/.bashrc +echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /home/nicolas/.bashrc + +# Disable password authentication over SSH +sed -i.post-install -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config +service sshd restart + +# Do not ask password for sudo +sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers + +%end diff --git a/pxe-setup/README.md b/pxe-setup/README.md new file mode 100644 index 0000000..27cc8b6 --- /dev/null +++ b/pxe-setup/README.md @@ -0,0 +1,81 @@ +# PXE Server Setup + +Install dnsmasq, activate it and open the firewall ports. + +```sh +dnf install dnsmasq +systemctl enable dnsmasq +firewall-cmd --add-service dhcp --permanent +firewall-cmd --add-service proxy-dhcp --permanent +firewall-cmd --add-service tftp --permanent +firewall-cmd --reload +``` + +Prepare the files to server over TFTP. + +```sh +dnf install syslinux +mkdir -p /var/lib/tftpboot/pxelinux.cfg +cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/ +cp /usr/share/syslinux/{menu,vesamenu,ldlinux,libcom32,libutil,reboot}.c32 /var/lib/tftpboot/ +curl -Lo /tmp/shim.rpm http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm +curl -Lo /tmp/grub2-efi.rpm http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/Packages/grub2-efi-x64-2.02-99.el8.x86_64.rpm +for i in *.rpm; do rpm2cpio $i | cpio -dimv; done +cp boot/efi/EFI/centos/shimx64.efi /var/lib/tftpboot/ +cp boot/efi/EFI/centos/grubx64.efi /var/lib/tftpboot/ +cp boot/efi/EFI/BOOT/BOOTX64.EFI /var/lib/tftpboot/ +``` + +Add the CentOS Stream 8 files. + +```sh +mkdir -p /var/lib/tftpboot/centos-stream-8/ +curl -Lo CentOS-Stream-8-x86_64-20210311-boot.iso http://ftp.pasteur.fr/mirrors/CentOS/8-stream/isos/x86_64/CentOS-Stream-8-x86_64-20210311-boot.iso +mount -t iso9660 -o loop,ro /tmp/CentOS-Stream-8-x86_64-20210311-boot.iso /mnt +cp /mnt/images/pxeboot/{vmlinuz,initrd.img} /var/lib/tftpboot/centos-stream-8/ +umount /mnt +``` + +Create the file **/var/lib/tftpboot/grub.cfg** (UEFI clients). + +``` +set timeout=60 +menuentry 'CentOS Stream 8' { + linuxefi centos-stream-8/vmlinuz ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ + initrdefi centos-stream-8/initrd.img +} +``` + +Create the file **/var/lib/tftpboot/pxelinux.cfg/default** (BIOS clients). + +``` +DEFAULT menu.c32 +PROMPT 1 +TIMEOUT 60 + +LABEL centos8 + MENU LABEL Install ^CentOS Stream 8 + KERNEL centos-stream-8/vmlinuz + APPEND initrd=centos-stream-8/initrd.img ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ + +LABEL rescue + MENU LABEL ^Rescue + KERNEL centos-stream-8/vmlinuz + APPEND initrd=centos-stream-8/initrd.img rescue + +LABEL reboot + MENU DEFAULT + MENU LABEL Reboot + COM32 reboot.c32 + +LABEL local + MENU LABEL ^Boot from local drive + LOCALBOOT 0xffff +``` + +Fix file permissions. + +``` +restorecon -RF /var/lib/tftpboot/ +chmod -R go+rX /var/lib/tftpboot/ +``` diff --git a/pxe-setup/dnsmasq.conf b/pxe-setup/dnsmasq.conf new file mode 100644 index 0000000..d4bbd62 --- /dev/null +++ b/pxe-setup/dnsmasq.conf @@ -0,0 +1,16 @@ +# Enable TFTP Server +enable-tftp +tftp-root=/var/lib/tftpboot + +# Enable DHCP Server +dhcp-range=enp1s0,192.168.23.100,192.168.23.200,255.255.255.0,8h +dhcp-option=option:router,192.168.23.1 +dhcp-option=option:dns-server,192.168.23.1 + +# Setup PXE +dhcp-boot=pxelinux.0 + +# Serve the PXE Menu for different arches +pxe-service=x86PC,"PXE Menu (BIOS)",pxelinux +pxe-service=X86-64_EFI,"PXE Menu (UEFI)",BOOTX64.EFI +pxe-service=BC_EFI,"PXE Menu (UEFI)",BOOTX64.EFI