The technology has been around for a while to do unattended OS installs, using kickstart on redhat for example. These installs are typically done remotely. Kickstart is basically done off of an image file, which can be inserted via a floppy, CD, or now a USB Keychain drive.

Another technology that has been around a while is pxeboot. Using pxeboot, you can boot images directly from a supported network card. Most network cards have a built in bootp interface. The network card first looks for a bootp (aka dhcp) server to assign an IP address and load an image. It then uses the trivial ftp protocol to look for a boot image, called pxelinux. Then pxelinux loads the correct installer image. So the process looks like this:
Power on->Boot from Network->Bootp->Tftp->pxelinux->Boot Image Loads
After loading the boot image, the system is on its own as far as doing the install. Best of all, this means that as long as the OS has an unattended boot image, it can be loaded from this method. For anyone running a datacenter, this is excellent! It provides a way to do these installs from the next city, the next state, or even halfway across the world!

Setting up the bootp server

The bootp protocol is supported in Redhat’s (and I imagine others) dhcp server.

For this exercise, I am going to assume you are using yum. But, you can do these installs the same with sudo apt-get install or installing the rpms/debs manually.

First, install dhcpd:
yum install dhcpd
Then setup the dhcp server
# vi /etc/dhcpd.conf

group {
next-server 10.0.2.2; # name of your TFTP server
filename "pxelinux.0"; # name of the bootloader program
}

You can see from this code that we are setting up the install network on the 10.0.2.x private network.

The image filename the dhcp server tells the network card to boot off is pxelinux.0.

TFTP Server

The TFTP server is necessary to grab the initial image files from. I recommend either tftp-hpa for linux, or tftpd32 for Windows. For the rest of this article, I will assume that you are using tftp-hpa on linux.

After compiling tftp-hpa from source, enable it adding/editing /etc/xinet.d/tftp like so:

service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}

Restart xinetd. The tftp server is now serving files from /tftpboot/

PXELinux

PXELinux is a software package from H. Peter Anvin. It loads other OS images from its initial boot interface. See his site for more information on this powerful package. Download the pxelinux package and extract pxelinux.0 to /tftpboot/. Then create the directory /tftpboot/pxelinux.cfg.

When the system boots, it looks for an configuration file (similar to syslinux syntax) in the pxelinux.cfg directory. First it tries to match by the MAC address of the network card, the it goes by a hexadecimal representation of the IP address, then it loads default. for example, if the Ethernet MAC address is 88:99:AA:BB:CC:DD and the IP address 192.0.2.91, it will try (in order):

/tftpboot/pxelinux.cfg/01-88-99-aa-bb-cc-dd
/tftpboot/pxelinux.cfg/C000025B
/tftpboot/pxelinux.cfg/C000025
/tftpboot/pxelinux.cfg/C00002
/tftpboot/pxelinux.cfg/C0000
/tftpboot/pxelinux.cfg/C000
/tftpboot/pxelinux.cfg/C00
/tftpboot/pxelinux.cfg/C0
/tftpboot/pxelinux.cfg/C
/tftpboot/pxelinux.cfg/default

Notice the mac address has 01- preceeding it, and each colon is replaced by a - dash.

Now, to make sure I don’t inadvertantly install over a good os, I make sure to keep a default file in this directory with the following contents:

default linux
label linux
localboot 0

This tells the system to boot off of the hard drive.

A CentOS Remote install

CentOS is one of the easier OSes to install via this method. I will use this for an example during this article.

We first need a CentOS image to boot from and use for the install image. Lets put this image in the tftpboot directory in a location called images/CentOS/4.4_i386. Rsync is a good choice to use, but you can really use anything you want to transfer the image (off of a CD for example). Here is a set of commands that works for me:

mkdir -p /tftpboot/images/CentOS/4.4_i386
cd /tftpboot/images/CentOS/
rsync -r rsync://mirror.linux.duke.edu::centos/centos/4.4/os/i386 4.4_i386

Then copy the boot images from the CentOS directory to the tftpboot directory:

cd /tftpboot/
cp /tftpboot/images/CentOS/4.4_i386/i386/isolinux/initrd.img initrd_centos_4.4.img
cp /tftpboot/images/CentOS/4.4_i386/i386/isolinux/vmlinuz vmlinuz_centos_4.4

Its ok to leave those guys alone. If you would ever need to update them to include other drivers, you can do so but that is beyond the scope of this article.

Lets create a /tftpboot/Kickstart/ks.cfg file now:

lang en_US
langsupport en_US
keyboard us
mouse none --device null

%post
rpm --import /usr/share/doc/centos-release-4/RPM-GPG-KEY-centos4
echo "co:2345:respawn:/sbin/agetty -h -t 60 ttyS0 9600 vt102" >> /etc/inittab
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

For a comprehensive guide on the options for this file, check out the Redhat 9 Kickstart options HOWTO which is still good for our purposes.

In the above code we are loading the OS from a nfs share.

If nfs is not installed you’ll need to do that first:

yum install nfs
chkconfig nfs on

Add the following line to /etc/exports

/tftpboot 10.0.2.0/255.255.255.0(sync)

Start up nfs

service nfs start

Putting it all together

Now, lets use the above to put this automated installer to work!

You’ll need to set up your hardware on the network along with the installation system. You’ll need to set up the boot order to let the machine boot off the network firstly; then HD, CD or floppy next. If it boots to the disk first, the machine will never contact the automated installer and will just try (and fail, if the HD is blank) to boot off the the HD.

You will also need to mark down the MAC Address of the network card the server will be booting off of. This will be retrieved from the actual hardware; off of the boot menu; or as a last resort you can boot it off of your DHCP server and then check the log for when this server hits the installer machine.

Lets create our pxelinux boot file. It should be named based off of the Ethernet MAC Address. For example: /tftpboot/pxelinux.cfg/01-88-99-aa-bb-cc-dd

Note that the mac address has an 01 in the very beginning of it; sometimes this is not included when you write down the mac address of the system.

default linux
serial 0,9600n8
label linux
kernel vmlinuz_centos_4.4
append ksdevice=eth0 console=tty0 console=ttyS0,9600n8 load_ramdisk=1 initrd=initrd_centos_4.4.img network ks=nfs:10.0.2.2:/tftpboot/Kickstart/ks.cfg

You may have noticed that this file specifies a few things. The initrd and vmlinuz files we copied, handle the kickstart of the image. /tftpboot/Kickstart/ks.cfg is the kickstart configuration file and is needed to do the actual unattended install. If you do not need remote serial console access during this install, you should remove the string “console=ttyS0,9600n8″ which simply adds output to the serial port.

That is it! Now that all of the files are set up; you can boot/power cycle the server. This is what should happen:

1. Server boots and looks for DHCP server on its network interface. Installer server responds and assigns server an IP address
2. Server begins looking for a pxeboot configuration for what to do. It (hopefully) finds the file /tftpboot/pxelinux.cfg/01-88-99-aa-bb-cc-dd and boots using this
3. It loads vmlinuz_centos_4.4 and the initrd initrd_centos_4.4.img.
4. Kickstart config is told to load from the nfs share nfs:10.0.2.2:/tftpboot/Kickstart/ks.cfg
5. Kickstart install begins like a normal Kickstart install from a floppy or CD install

Here is a catch: After the installation starts; remove the pxeboot.cfg file. If you do not remove/move this file, when the machine reboots after the install it will just do the remote installation again, resulting in an infinite install loop.

Bonus: Windows Unattended Installation

In order to perform this same process but with Windows; we use the Unattended installation system.

Follow the directions for basic installation of this system.

Once you have it installed; copy :unattended install:/linuxboot/tftpboot/* to /tftpboot/

Then create a pxeboot.cfg file with the following lines:

default unattended
label unattended
kernel bzImage
# Add options (z_user=..., z_path=..., etc.) to this line.
append initrd=initrd_unattended

The Unattended installer will then work off its own installer system; which will automatically provision Windows versions - I’ve tested 2003 but it should also work for 2000 and XP installs.

In order to customize the installs further, you can use nLite to slipstream service packs and hotfixes; as well as make other changes to the default install.

Conclusion

Using this method allows you to deploy lots of installs with minimal datacenter presence. Once you have the hardware set up and ready to go; you just need to create the pxeboot config file and power cycle the machine. This has great benefits if you are far away from the datacenter; or what to deploy a lot of machines without doing manual installs. If you have any other solutions that will automate installations in a similar manner; please let me know!

I recently purchased the Cingular 8525 Windows Mobile 5.0 phone. The base applications are alright, but if you really want to use it to it’s full potential there are several “Must have” applications for it. I couldn’t find any sites that had a list like this, so I thought I would put one together.

System Administration

1. PHM Registry editor - (free) - This allows you to edit your registry, along with backing up and restoring it. I would recommend doing a backup as soon as you get your phone in case something goes wrong!

2. .NET VNC Viewer - (free) - Allows you to connect to a PC with VNC Server over the network.

Usability

3. rlToday - (free) - Adds a clock, calendar, and more to your today screen. Fully skinnable to your liking. Also displays registry keys, which then allows you to show if you have new messages or your phone signal.

4. PhoneAlarm - (US$24.95) - Skinnable today screen plugin which shows new messages, voicemails, missed called. Can also control Bluetooth and Wifi. Also allows you to schedule profiles for your phone, which control volume, message alerts and the like. It is great because you can have your phone automatically turn off rings for nighttime, or quickly set to a “Meeting” mode which sets your phone to vibrate.

5. SPB Mobile Shell - (US$29.95) - If you want to forgo designing your plugins to make the today screen a simple information screen (as I have) this this software is a good drop-in replacement. When you wake up your phone, it shows a clock, signal information, mails, weather, and upcoming appointments. It also replaces your normal menu with a “large font” version that makes it easy to navigate with one hand. However, there is a problem with this software. On my Cingular 8525 it causes the phone to freeze frequently, making a soft reset necessary. So, try out the demo before purchasing this software.

Internet Applications

6. Opera Mobile - (US$24, Demo available) - This mobile browser kicks Pocket Internet Explorer’s ass. Opera Mobile has single column rendering, javascript support, and more, all of which PIE lacks.

7. Google Maps Mobile - (free) - This mapping software kicks ass. You can get directions, display a road or aerial map, search for businesses, show traffic, connect your GPS, and more. All for one low cost price.

8. Microsoft Live Search for Mobile - (free) - A really nice mobile suite. Give you one hand access to a Category search (for example: restaurants, shopping, transportation, etc.), mapping (road or aerial), directions, and more. GPS access is also included. Live Search has a slight edge over Google Maps Mobile. It has the ability to go full screen, and also includes a nicer interface to the keys on the phone, allowing better one handed map browsing.

9. Boopsie - (free) - This little known application is one of the best things since sliced bread. If you are a nerd like me, sometimes you have contests with your friends to see who can look up a movie name, or who was that guy in some movie, or where in the world is Estonia. Using this software, you launch the program, select your search category, such as Wikipedia, IMDB, Amazon, Dictionary.com and many more, and start typing your search term. As you are typing, it will narrow down the words so as soon as there is one entry left, you hit enter and it will bring up the page on that term. It is a really fast way to search for any kind of information you can think of. Highly recommended.

Multimedia

10. Orb.com - (free) - First you install Orb to your home PC. Then you poke holes through your firewall to allow access to your digital media. Then you access the Orb portal at mycast.orb.com. You can stream any media you want off of your home PC, and onto your mobile device. This includes LIVE TV if you have a tuner card in your PC. The only tricky part is that you need to use a web browser to access your media, so it is not exactly easy to access your content if you have a large library.

Bonus - if you have a Wii, Orb has customized their portal to work with Wii. It will play your local content over the Internet Channel using a flash applet. It plays all of your music (with album art) and also video and Live TV.

11. PocketPlayer - (US$19.95, Demo Available) - This is the best music player I’ve found for Windows Mobile. It has “iPod” like menus which allow you to scroll through your music on your memory card. But, unlike what the iPod is capable of doing, it has many other functions. You can add Podcasts, which it will download and stream over your net connection, it will play some video (mostly WMV, it is not a great video player, see the next item) and also play music over uPnP so you can play music off of your Orb server, for example.

12. CorePlayer - (US$19.95) - This media player is not free, but it is hands down the best video player for Windows Media. It supports a lot of codecs, including H.264 (AVC), MKV, MPEG-1, MPEG-4 part 2 (ASP), DivX, XviD, WMV, MJPEG, Matroska, TS, PS, 3GPP, MOV, AVI, MPEG-4, NSV. It also plays audio files, but it does not seem to have a library function and I found PocketPlayer to be superior in this regard. I’ve heard that you can use TCPMP (which is no longer seems to be in development and who’s website is currently down) plus a few plugins, but I found this media player to be much better and worth it for the time you would have spent.

Games

13. ScummVM - (free) - The SCUMM (Script Creation Utility for Maniac Mansion) Engine runs classic games such as Maniac Mansion, Day of the Tentacle, Sam and Max, and Indiana Jones and the Fate of Atlantis. Since these games are not made for high resolution, they are perfect for the QVGA resolution of a Windows Mobile screen.

14. Pocket UFO - (free) - PocketUFO is a “pixel perfect” remake of the game X-COM UFO Defense (X-COM Enemy Unknown), which is one of the best games of all time. Like SCUMMVM, these games were not meant for the high resolution screens of today, but translate perfectly to the PocketPC.

Windows Desktop

15. ActiveSync - (free) - You probably already have this installed if you have a Windows Mobile device but I thought that this list would be incomplete without it.

16. ThemeGenCE - (free) - This is a little complicated to use but you can really cusomize your Windows Mobile theme. It allows you to grab the current screen from your device, and completely customize the colors and background for free. There is a tutorial for ThemeGenCE which describes how to use it a bit better if you are lost.

17. GetPDAScreen - (free) - Allows you to take screen captures from your PocketPC to a PC connected via ActiveSync.

Developing web apps cross platform can be a pain sometimes, as the drivers used in Windows are typically not available (by default anyway) in linux. For example, if you are using perl based software in linux, and you need to connect to a Windows database (for example, MSDE 2000 or SQL Server)

There are two essential pieces of open source software you will need to use. The first one is UnixODBC [http://www.unixodbc.org]. This software provides the software to create an ODBC connection. Secondly, you will need the driver to connect to your Windows data source. This driver is provided by FreeTDS [http://www.freetds.org].

After installing this software according to their respective websites, if you are using perl you need to also install the module “DBD::ODBC”.

perl -MCPAN -e 'install DBD::ODBC'

You can now set up datasources in your configuration files. In my case, it would be located in /usr/local/etc/odbc.ini, but you can find the location of your driver file using the command
odbcinst -j
In addition to setting up your connection here, you can create a “DSN-less” connection using a connection string. Depending on how your system is set up, you may need to supply the connection password in your connection string anyway.

I’m not going to go over the coding of the database connection, for better instructions on how to use the UnixODBC software see their website:

• Perl ODBC Documentation
• PHP ODBC Documentation

The software I am using as a particular example is Lyris Technologies ListManager. You can synchronize your mailing lists with your database. Depending on your database software your needs will change, so you will need to talk to your software provider for specific information. The information I am providing below is for iMIS software from Advanced Solutions International (ASI).

For the connection string in ListManager, you will use the following syntax:
DRIVER=FreeTDS;SERVER=10.0.0.X;UID=dbusername;PWD=dbpassword;DATABASE=dbname;TDS_Version=8.0;Port=1433;

dbusername = database username, must have dbreader access to your database
dbpassword = password to match username
dbname = actual database name

Make sure your SERVER IP is correct, and the port for MSDE 2000 is 1433 by default. (As a gotcha, make sure any firewall installed allows connections between your servers and ports).

This allows your linux server to connect to your windows server running the database.

Additionally, you’ll need to provide the query string. I’ve found that Listmanager’s tolerance is not very good when dealing with SQL queries, for example it does not accept JOINs. You need to use an alternative method of joining tables. Refer to the Listmanager documentation to see what variables you can pull into their databases.

Below is the SQL statement for 2 different mailing lists.

Selecting a particular Committee or Section:
SELECT Name.EMAIL AS EmailAddr_, Name.FULL_NAME AS FullName_, Name.ID AS Additional_, 'H' AS MailFormat_
FROM Name, Activity, Product
WHERE Activity.ID = Name.ID AND Activity.PRODUCT_CODE = Product.PRODUCT_CODE AND Product.PRODUCT_MINOR ='TEC'
In this case, ‘TEC’ is the code used in iMIS for the committee. You use the WHERE clause to specify joins. I do not think this is the best way, but it works in this case.

To select all Active Members:
SELECT Name.EMAIL as EmailAddr_, Name.FULL_NAME as FullName_, Name.ID as Additional_, 'H' AS MailFormat_
FROM Name
WHERE ((Name.MEMBER_TYPE)='REG' Or (Name.MEMBER_TYPE)='AFF' Or (Name.MEMBER_TYPE)='HON' Or (Name.MEMBER_TYPE)='SEN') AND ((Name.STATUS)='A')

As you can see, it is not exactly simple but it is easy enough to do once you have the right software. Once your software is talking to your databases, it makes things a lot easier!

Here is something that I did not know - DNS servers use TCP port 53 to do zone transfers (axfrs). Make sure to open that port up in your firewall if you are allowing zone transfers from your DNS server. Knowing that could have saved me a lot of time

So for future reference:
Incoming open ports:
TCP/53
UDP/53

Outgoing open ports:
TCP/53
UDP/53
TCP/1024-65535
UDP/1024-65535

Apache’s mod_proxy module is simply one of the best Apache modules out there. With it, you can do all sorts of things that you usually would not be able to do if you are behind a firewall or other limited network situations.

A problem that recently came up for me was how Microsoft Outlook Web Access (OWA) needs to run on an exchange server, however my linux server is the one that faces the internet (I have the firewall forward the ports to this server). I also purchased an SSL certificate for one domain, so I wanted to use this certificate to access OWA with a proper validating certificate.

All sounds well and good. Using this mod_proxy configuration should work:
ProxyPreserveHost On

#OWA
ProxyPass /exchange https://exchangserver.example.com/exchange
ProxyPassReverse /exchange https://exchangeserver.example.com/exchange
ProxyPass /Exchange https://exchangeserver.example.com/exchange
ProxyPassReverse /Exchange https://exchangeserver.example.com/exchange
ProxyPass /exchweb https://exchangeserver.example.com/exchweb
ProxyPassReverse /exchweb https://exchangeserver.example.com/exchweb
ProxyPass /public https://exchangeserver.example.com/public
ProxyPassReverse /public https://exchangeserver.example.com/public
ProxyPass /iisadmpwd https://exchangeserver.example.com/iisadmpwd
ProxyPassReverse /iisadmpwd https://exchangeserver.example.com/iisadmpwd

Problem - it works ok - except in IE it will prompt you for the password indefinately and not allow you in. In Firefox (Mozilla) it rejects your password, until you hit cancel, then enter your password and it finally allows you in.

To fix this issue, you need to disable “Integrated Windows Authentication”. In the IIS administration panel, go to the website for your exchange server (”Default site” by default) and find the exchange share (This is most likely “Exchange” and “Public”). From there, right click, go to Properties->Directory Security->Anonymous Access and Authentication Control. Make sure “Basic Authentication” is checked while “Integrated Windows Authentication” is unchecked. Do this for any other Exchange shares. This allows authentication to work OK.

Second problem… in OWA, in Internet Explorer only, when you try to view your inbox the “Loading…” message appears indefinately. Microsoft’s Knowledgebase Article 280823 has a few workarounds for this problem, none of which worked for me. OWA apparently has two modes that it runs in, “rich” and “reach” modes. The “rich” client, which it uses for Internet Explorer, can have issues when running behind a firewall. It uses http-dav components which are not passed through correctly.

Now a fix, let’s make sure all clients run in “reach” mode! Using apache, we can hard-code the User agent that will hit the Exchange server. We use the mod_header module of apache, so make sure you compile it in with –enable-headers. Note: this only works with Apache 2.0. Once you have this compiled in, let’s set the User agent:
RequestHeader set User-Agent "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7)"
You can use whatever you’d like in the user-agent string, as long as Outlook Web Access does not think it is IE, then it will serve the “reach” client.

After correcting all of the above issues, Outlook Web Access finally works in both Internet Explorer and Firefox.