initial commit

lab-setup/.gitignore

@@ -0,0 +1 @@
+*.iso

lab-setup/README.md

@@ -0,0 +1,53 @@
+# PXE Lab Setup
+
+Create a dedicated network for the PXE lab with DHCP disabled.
+
+```sh
+sudo virsh net-define /dev/fd/0 <<EOF
+<network>
+  <name>pxe-lab</name>
+  <forward mode='nat'>
+    <nat>
+      <port start='1024' end='65535'/>
+    </nat>
+  </forward>
+  <bridge name='virbr2' stp='on' delay='0'/>
+  <ip address='192.168.23.1' netmask='255.255.255.0'>
+  </ip>
+</network>
+EOF
+sudo virsh net-start pxe-lab
+sudo virsh net-autostart pxe-lab
+```
+
+Install the PXE Server.
+
+```sh
+sudo virt-install -n pxe-server --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-server.qcow2,size=10 -l $PWD/CentOS-Stream-8-x86_64-20210311-boot.iso --initrd-inject=$PWD/centos-ks.cfg --extra-args "ks=file:/centos-ks.cfg" --network network=pxe-lab
+```
+
+[Configure the PXE Server](../pxe-setup/README.md)
+
+Test the PXE install of a BIOS client.
+
+```sh
+sudo virt-install -n pxe-client-bios --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-client-bios.qcow2,size=10 --pxe --network network=pxe-lab
+```
+
+Test the PXE install of a UEFI client.
+
+```sh
+sudo virt-install -n pxe-client-uefi --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-client-uefi.qcow2,size=10 --pxe --network network=pxe-lab --boot uefi
+```
+
+Clean up.
+
+```sh
+sudo virsh destroy pxe-client-uefi
+sudo virsh undefine --nvram pxe-client-uefi
+sudo rm /var/lib/libvirt/images/pxe-client-uefi.qcow2
+
+sudo virsh destroy pxe-client-bios
+sudo virsh undefine pxe-client-bios
+sudo rm /var/lib/libvirt/images/pxe-client-bios.qcow2
+```

lab-setup/centos-ks.cfg

@@ -0,0 +1,128 @@
+##
+## Environment setup
+##
+
+# CentOS Stream mirror URL
+url --url=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/
+
+# Install mode: text (interactive installs) or cmdline (unattended installs)
+# cmdline
+text
+
+# Hash password with SHA-512
+authselect --enableshadow --passalgo=sha512
+
+# French keyboard layout
+keyboard --vckeymap=fr --xlayouts='fr'
+
+# English i18n
+lang en_US.UTF-8
+
+# Accept the EULA
+eula --agreed
+
+# Which action to perform after install: poweroff or reboot
+poweroff
+
+##
+## network configuration
+##
+
+# Configure the first network device
+# network  --bootproto=dhcp --device=enp1s0 --noipv6 --activate
+network  --bootproto=static --ip=192.168.23.10 --netmask=255.255.255.0 --gateway=192.168.23.1 --nameserver=192.168.23.1 --device=enp1s0
+
+# Set the hostname
+network  --hostname=localhost.localdomain
+
+# Timezone is GMT
+timezone Etc/GMT --utc
+
+##
+## partitioning
+##
+
+# Install on /dev/vda
+ignoredisk --only-use=vda
+
+# Install Grub in the MBR of /dev/vda
+bootloader --location=mbr --boot-drive=vda
+
+# Clear the target disk
+zerombr
+
+# Remove existing partitions
+clearpart --all --initlabel
+
+# Automatically create partitions required by hardware platform
+reqpart
+
+# Create the root partition
+part / --fstype xfs --size=1 --grow --asprimary --label=root
+
+##
+## User Accounts
+##
+
+# Generate encrypted password with "openssl passwd -6"
+rootpw --lock
+user --groups=wheel --name=nicolas --iscrypted --password=$6$XUTB20jVVXIqh78k$L1A9Lft5JlbOtNbeDP.fOZ5giLl09LfJGGCon5uwtsIhPJoNkj4SIk08Rb6vSowOps2ik5tlUwT2ZOZ6jjr7.0 --gecos="Nicolas MASSE"
+
+# Inject the SSH key of nicolas
+sshkey --username nicolas "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain"
+
+##
+## SELinux and Firewalld
+##
+
+selinux --enforcing
+firewall --enabled --ssh
+
+## 
+## Software Packages
+##
+
+%packages --ignoremissing
+@core
+@^minimal
+net-tools
+hdparm
+iptraf
+iotop
+vim-enhanced
+tmux
+rsync
+tree
+unzip
+tar
+tcpdump
+telnet
+strace
+bind-utils
+%end
+
+##
+## Install scripts
+##
+
+%post --interpreter=/bin/bash
+
+# Enable KVM virsh console access
+systemctl enable serial-getty@ttyS0.service
+systemctl start serial-getty@ttyS0.service
+
+# Help identify when logged in as root
+echo "PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]# '" >> /root/.bashrc
+
+# Regular users get a different prompt
+echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /etc/skel/.bashrc
+echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /home/nicolas/.bashrc
+
+# Disable password authentication over SSH
+sed -i.post-install -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
+service sshd restart
+
+# Do not ask password for sudo
+sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel  ALL=(ALL)       NOPASSWD: ALL/" /etc/sudoers
+
+%end

pxe-setup/README.md

@@ -0,0 +1,81 @@
+# PXE Server Setup
+
+Install dnsmasq, activate it and open the firewall ports.
+
+```sh
+dnf install dnsmasq
+systemctl enable dnsmasq
+firewall-cmd --add-service dhcp --permanent
+firewall-cmd --add-service proxy-dhcp --permanent
+firewall-cmd --add-service tftp --permanent
+firewall-cmd --reload
+```
+
+Prepare the files to server over TFTP.
+
+```sh
+dnf install syslinux
+mkdir -p /var/lib/tftpboot/pxelinux.cfg
+cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
+cp /usr/share/syslinux/{menu,vesamenu,ldlinux,libcom32,libutil,reboot}.c32 /var/lib/tftpboot/
+curl -Lo /tmp/shim.rpm http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/Packages/shim-x64-15-15.el8_2.x86_64.rpm
+curl -Lo /tmp/grub2-efi.rpm http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/Packages/grub2-efi-x64-2.02-99.el8.x86_64.rpm
+for i in *.rpm; do rpm2cpio $i | cpio -dimv; done
+cp boot/efi/EFI/centos/shimx64.efi /var/lib/tftpboot/
+cp boot/efi/EFI/centos/grubx64.efi /var/lib/tftpboot/
+cp boot/efi/EFI/BOOT/BOOTX64.EFI /var/lib/tftpboot/
+```
+
+Add the CentOS Stream 8 files.
+
+```sh
+mkdir -p /var/lib/tftpboot/centos-stream-8/
+curl -Lo CentOS-Stream-8-x86_64-20210311-boot.iso http://ftp.pasteur.fr/mirrors/CentOS/8-stream/isos/x86_64/CentOS-Stream-8-x86_64-20210311-boot.iso
+mount -t iso9660 -o loop,ro /tmp/CentOS-Stream-8-x86_64-20210311-boot.iso /mnt
+cp /mnt/images/pxeboot/{vmlinuz,initrd.img} /var/lib/tftpboot/centos-stream-8/
+umount /mnt
+```
+
+Create the file **/var/lib/tftpboot/grub.cfg** (UEFI clients).
+
+```
+set timeout=60
+menuentry 'CentOS Stream 8' {
+  linuxefi centos-stream-8/vmlinuz ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/
+  initrdefi centos-stream-8/initrd.img
+}
+```
+
+Create the file **/var/lib/tftpboot/pxelinux.cfg/default** (BIOS clients).
+
+```
+DEFAULT menu.c32
+PROMPT 1
+TIMEOUT 60
+
+LABEL centos8
+ MENU LABEL Install ^CentOS Stream 8
+ KERNEL centos-stream-8/vmlinuz
+ APPEND initrd=centos-stream-8/initrd.img ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/
+
+LABEL rescue
+ MENU LABEL ^Rescue
+ KERNEL centos-stream-8/vmlinuz
+ APPEND initrd=centos-stream-8/initrd.img rescue
+
+LABEL reboot
+ MENU DEFAULT
+ MENU LABEL Reboot
+ COM32 reboot.c32
+
+LABEL local
+  MENU LABEL ^Boot from local drive
+  LOCALBOOT 0xffff
+```
+
+Fix file permissions.
+
+```
+restorecon -RF /var/lib/tftpboot/
+chmod -R go+rX /var/lib/tftpboot/
+```

pxe-setup/dnsmasq.conf

@@ -0,0 +1,16 @@
+# Enable TFTP Server
+enable-tftp
+tftp-root=/var/lib/tftpboot
+
+# Enable DHCP Server
+dhcp-range=enp1s0,192.168.23.100,192.168.23.200,255.255.255.0,8h
+dhcp-option=option:router,192.168.23.1
+dhcp-option=option:dns-server,192.168.23.1
+
+# Setup PXE
+dhcp-boot=pxelinux.0
+
+# Serve the PXE Menu for different arches
+pxe-service=x86PC,"PXE Menu (BIOS)",pxelinux
+pxe-service=X86-64_EFI,"PXE Menu (UEFI)",BOOTX64.EFI
+pxe-service=BC_EFI,"PXE Menu (UEFI)",BOOTX64.EFI