diff --git a/lab-setup/README.md b/lab-setup/README.md index 3df4196..80d157f 100644 --- a/lab-setup/README.md +++ b/lab-setup/README.md @@ -51,3 +51,29 @@ sudo virsh destroy pxe-client-bios sudo virsh undefine pxe-client-bios sudo rm /var/lib/libvirt/images/pxe-client-bios.qcow2 ``` + +## Test PXE automated install + +Test the PXE automated install of a BIOS client. + +```sh +sudo virt-install -n pxe-client-bios --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-client-bios.qcow2,size=10 --pxe --network network=pxe-lab,mac=52:54:00:88:a4:b0 +``` + +Test the PXE automated install of a UEFI client. + +```sh +sudo virt-install -n pxe-client-uefi --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-client-uefi.qcow2,size=10 --pxe --network network=pxe-lab,mac=52:54:00:88:a4:b0 --boot uefi +``` + +Clean up. + +```sh +sudo virsh destroy pxe-client-uefi +sudo virsh undefine --nvram pxe-client-uefi +sudo rm /var/lib/libvirt/images/pxe-client-uefi.qcow2 + +sudo virsh destroy pxe-client-bios +sudo virsh undefine pxe-client-bios +sudo rm /var/lib/libvirt/images/pxe-client-bios.qcow2 +``` \ No newline at end of file diff --git a/pxe-setup/README.md b/pxe-setup/README.md index 27cc8b6..01793f1 100644 --- a/pxe-setup/README.md +++ b/pxe-setup/README.md @@ -5,6 +5,7 @@ Install dnsmasq, activate it and open the firewall ports. ```sh dnf install dnsmasq systemctl enable dnsmasq +systemctl start dnsmasq firewall-cmd --add-service dhcp --permanent firewall-cmd --add-service proxy-dhcp --permanent firewall-cmd --add-service tftp --permanent @@ -36,22 +37,41 @@ cp /mnt/images/pxeboot/{vmlinuz,initrd.img} /var/lib/tftpboot/centos-stream-8/ umount /mnt ``` +Add the Memtest files. + +```sh +curl -Lo /tmp/memtest.gz http://www.memtest.org/download/5.31b/memtest86+-5.31b.bin.gz +gunzip /tmp/memtest.gz +mkdir -p /var/lib/tftpboot/memtest/ +cp /tmp/memtest /var/lib/tftpboot/memtest/ +``` + Create the file **/var/lib/tftpboot/grub.cfg** (UEFI clients). ``` set timeout=60 + menuentry 'CentOS Stream 8' { linuxefi centos-stream-8/vmlinuz ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ initrdefi centos-stream-8/initrd.img } + +menuentry 'Rescue' { + linuxefi centos-stream-8/vmlinuz rescue + initrdefi centos-stream-8/initrd.img +} + +menuentry 'Reboot' { + reboot +} ``` Create the file **/var/lib/tftpboot/pxelinux.cfg/default** (BIOS clients). ``` DEFAULT menu.c32 -PROMPT 1 -TIMEOUT 60 +PROMPT 0 +TIMEOUT 600 LABEL centos8 MENU LABEL Install ^CentOS Stream 8 @@ -63,6 +83,10 @@ LABEL rescue KERNEL centos-stream-8/vmlinuz APPEND initrd=centos-stream-8/initrd.img rescue +LABEL Memtest + MENU LABEL Memtest + KERNEL memtest/memtest + LABEL reboot MENU DEFAULT MENU LABEL Reboot @@ -75,7 +99,47 @@ LABEL local Fix file permissions. -``` +```sh restorecon -RF /var/lib/tftpboot/ chmod -R go+rX /var/lib/tftpboot/ ``` + +## Automated install based on Mac Address + +Create **/var/lib/tftpboot/pxelinux.cfg/01-52-54-00-88-a4-b0**. + +```sh +DEFAULT menu.c32 +PROMPT 0 +TIMEOUT 50 + +LABEL centos8 + MENU DEFAULT + MENU LABEL Install CentOS Stream 8 with Kickstart + KERNEL centos-stream-8/vmlinuz + APPEND initrd=centos-stream-8/initrd.img ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ inst.ks=http://192.168.23.10/auto-ks.cfg +``` + +Create **/var/lib/tftpboot/grub.cfg-01-52-54-00-88-a4-b0**. + +```sh +set timeout=5 + +menuentry 'Install CentOS Stream 8 with Kickstart' { + linuxefi centos-stream-8/vmlinuz ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ inst.ks=http://192.168.23.10/auto-ks.cfg + initrdefi centos-stream-8/initrd.img +} +``` + +Install lighttpd. + +```sh +dnf -y install epel-release +systemctl enable lighttpd +systemctl start lighttpd +firewall-cmd --add-service http --permanent +firewall-cmd --reload +``` + +Create **/var/www/lighttpd/auto-ks.cfg** from [auto-ks.cfg](auto-ks.cfg). + diff --git a/pxe-setup/auto-ks.cfg b/pxe-setup/auto-ks.cfg new file mode 100644 index 0000000..3901a06 --- /dev/null +++ b/pxe-setup/auto-ks.cfg @@ -0,0 +1,127 @@ +## +## Environment setup +## + +# CentOS Stream mirror URL +url --url=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ + +# Install mode: text (interactive installs) or cmdline (unattended installs) +# cmdline +text + +# Hash password with SHA-512 +authselect --enableshadow --passalgo=sha512 + +# French keyboard layout +keyboard --vckeymap=fr --xlayouts='fr' + +# English i18n +lang en_US.UTF-8 + +# Accept the EULA +eula --agreed + +# Which action to perform after install: poweroff or reboot +poweroff + +## +## network configuration +## + +# Configure the first network device +network --bootproto=dhcp --device=enp1s0 --noipv6 --activate + +# Set the hostname +network --hostname=localhost.localdomain + +# Timezone is GMT +timezone Etc/GMT --utc + +## +## partitioning +## + +# Install on /dev/vda +ignoredisk --only-use=vda + +# Install Grub in the MBR of /dev/vda +bootloader --location=mbr --boot-drive=vda + +# Clear the target disk +zerombr + +# Remove existing partitions +clearpart --all --initlabel + +# Automatically create partitions required by hardware platform +reqpart + +# Create the root partition +part / --fstype xfs --size=1 --grow --asprimary --label=root + +## +## User Accounts +## + +# Generate encrypted password with "openssl passwd -6" +rootpw --lock +user --groups=wheel --name=nicolas --iscrypted --password=$6$XUTB20jVVXIqh78k$L1A9Lft5JlbOtNbeDP.fOZ5giLl09LfJGGCon5uwtsIhPJoNkj4SIk08Rb6vSowOps2ik5tlUwT2ZOZ6jjr7.0 --gecos="Nicolas MASSE" + +# Inject the SSH key of nicolas +sshkey --username nicolas "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain" + +## +## SELinux and Firewalld +## + +selinux --enforcing +firewall --enabled --ssh + +## +## Software Packages +## + +%packages --ignoremissing +@core +@^minimal +net-tools +hdparm +iptraf +iotop +vim-enhanced +tmux +rsync +tree +unzip +tar +tcpdump +telnet +strace +bind-utils +%end + +## +## Install scripts +## + +%post --interpreter=/bin/bash + +# Enable KVM virsh console access +systemctl enable serial-getty@ttyS0.service +systemctl start serial-getty@ttyS0.service + +# Help identify when logged in as root +echo "PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]# '" >> /root/.bashrc + +# Regular users get a different prompt +echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /etc/skel/.bashrc +echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /home/nicolas/.bashrc + +# Disable password authentication over SSH +sed -i.post-install -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config +service sshd restart + +# Do not ask password for sudo +sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers + +%end \ No newline at end of file