Remote Unattended OS installs – Linux and Windows!



The technology has been around for a while to do unattended OS installs, using kickstart on redhat for example. These installs are typically done remotely. Kickstart is basically done off of an image file, which can be inserted via a floppy, CD, or now a USB Keychain drive.

datacenter-web.jpg

Another technology that has been around a while is pxeboot. Using pxeboot, you can boot images directly from a supported network card. Most network cards have a built in bootp interface. The network card first looks for a bootp (aka dhcp) server to assign an IP address and load an image. It then uses the trivial ftp protocol to look for a boot image, called pxelinux. Then pxelinux loads the correct installer image. So the process looks like this:

1
Power on->Boot from Network->Bootp->Tftp->pxelinux->Boot Image Loads

After loading the boot image, the system is on its own as far as doing the install. Best of all, this means that as long as the OS has an unattended boot image, it can be loaded from this method. For anyone running a datacenter, this is excellent! It provides a way to do these installs from the next city, the next state, or even halfway across the world!

Setting up the bootp server

fot80-web-1nato-boot.jpg

The bootp protocol is supported in Redhat’s (and I imagine others) dhcp server.

For this exercise, I am going to assume you are using yum. But, you can do these installs the same with sudo apt-get install or installing the rpms/debs manually.

First, install dhcpd:

1
yum install dhcpd

Then setup the dhcp server

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# vi /etc/dhcpd.conf

ddns-update-style interim;
# deny unknown-clients;
not authoritative;

option domain-name              "ks.domain.com";
option domain-name-servers      10.0.2.1;
option subnet-mask              255.255.255.0;

allow bootp;
allow booting;

option ip-forwarding    false;  # No IP forwarding
option mask-supplier    false;  # Don't respond to ICMP Mask req


option subnet-mask 255.255.255.0;
option broadcast-address 10.0.2.255;
option routers 10.0.2.1;
option domain-name-servers      10.0.2.2;
option netbios-name-servers     10.0.2.2;

subnet 10.0.2.0 netmask 255.255.255.0 {
  option routers        10.0.2.1;
  range 10.0.2.10 10.0.2.100;
  authoritative;
  allow unknown-clients;
  next-server 10.0.2.2;          # name of your TFTP server
  filename "pxelinux.0";        # name of the bootloader program
}

group {
  next-server 10.0.2.2;          # name of your TFTP server
  filename "pxelinux.0";        # name of the bootloader program
}

You can see from this code that we are setting up the install network on the 10.0.2.x private network.

The image filename the dhcp server tells the network card to boot off is pxelinux.0.

TFTP Server

The TFTP server is necessary to grab the initial image files from. I recommend either tftp-hpa for linux, or tftpd32 for Windows. For the rest of this article, I will assume that you are using tftp-hpa on linux.

After compiling tftp-hpa from source, enable it adding/editing /etc/xinet.d/tftp like so:

1
2
3
4
5
6
7
8
9
10
11
12
13
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

Restart xinetd. The tftp server is now serving files from /tftpboot/

PXELinux

PXELinux is a software package from H. Peter Anvin. It loads other OS images from its initial boot interface. See his site for more information on this powerful package. Download the pxelinux package and extract pxelinux.0 to /tftpboot/. Then create the directory /tftpboot/pxelinux.cfg.

When the system boots, it looks for an configuration file (similar to syslinux syntax) in the pxelinux.cfg directory. First it tries to match by the MAC address of the network card, the it goes by a hexadecimal representation of the IP address, then it loads default. for example, if the Ethernet MAC address is 88:99:AA:BB:CC:DD and the IP address 192.0.2.91, it will try (in order):

/tftpboot/pxelinux.cfg/01-88-99-aa-bb-cc-dd
/tftpboot/pxelinux.cfg/C000025B
/tftpboot/pxelinux.cfg/C000025
/tftpboot/pxelinux.cfg/C00002
/tftpboot/pxelinux.cfg/C0000
/tftpboot/pxelinux.cfg/C000
/tftpboot/pxelinux.cfg/C00
/tftpboot/pxelinux.cfg/C0
/tftpboot/pxelinux.cfg/C
/tftpboot/pxelinux.cfg/default

Notice the mac address has 01- preceeding it, and each colon is replaced by a – dash.

Now, to make sure I don’t inadvertantly install over a good os, I make sure to keep a default file in this directory with the following contents:

1
2
3
default linux
label linux
  localboot 0

This tells the system to boot off of the hard drive.

A CentOS Remote install

centos1.png

CentOS is one of the easier OSes to install via this method. I will use this for an example during this article.

We first need a CentOS image to boot from and use for the install image. Lets put this image in the tftpboot directory in a location called images/CentOS/4.4_i386. Rsync is a good choice to use, but you can really use anything you want to transfer the image (off of a CD for example). Here is a set of commands that works for me:

1
2
3
mkdir -p /tftpboot/images/CentOS/4.4_i386
cd /tftpboot/images/CentOS/
rsync -r rsync://mirror.linux.duke.edu::centos/centos/4.4/os/i386 4.4_i386

Then copy the boot images from the CentOS directory to the tftpboot directory:

1
2
3
cd /tftpboot/
cp /tftpboot/images/CentOS/4.4_i386/i386/isolinux/initrd.img initrd_centos_4.4.img
cp /tftpboot/images/CentOS/4.4_i386/i386/isolinux/vmlinuz vmlinuz_centos_4.4

Its ok to leave those guys alone. If you would ever need to update them to include other drivers, you can do so but that is beyond the scope of this article.

Lets create a /tftpboot/Kickstart/ks.cfg file now:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
lang en_US
langsupport en_US
keyboard us
mouse none --device null

#important - where to load the images from
network --device=eth0 --bootproto dhcp --hostname ks.hostname.com
nfs --server 10.0.2.2 --dir /tftpboot/images/CentOS/4.4_i386

rootpw changeme
firewall --disabled
authconfig --enableshadow --enablemd5
timezone --utc America/NewYork
bootloader
reboot

# clears the master boot record and all partitions on the hard drive
zerombr yes
clearpart --all

# creates your partitions.
part /boot --fstype ext3 --size=300 --ondisk=sda
part /tmp --fstype ext3 --size=2000 --ondisk=sda
part / --fstype ext3 --size=2000 --grow --ondisk=sda
part swap --fstype swap --size=2000 --ondisk=sda

%packages --resolvedeps
@ legacy-network-server
@ legacy-software-development
@ server-cfg
@ system-tools
@ network-server
@ editors
@ admin-tools
@ text-internet
mdadm
kernel
grub
e2fsprogs
expect
ncompress

%post
rpm --import /usr/share/doc/centos-release-4/RPM-GPG-KEY-centos4
echo "co:2345:respawn:/sbin/agetty -h -t 60 ttyS0 9600 vt102" >> /etc/inittab
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

For a comprehensive guide on the options for this file, check out the Redhat 9 Kickstart options HOWTO which is still good for our purposes.

In the above code we are loading the OS from a nfs share.

If nfs is not installed you’ll need to do that first:

1
2
yum install nfs
chkconfig nfs on

Add the following line to /etc/exports

1
/tftpboot 10.0.2.0/255.255.255.0(sync)

Start up nfs

1
service nfs start

Putting it all together

Now, lets use the above to put this automated installer to work!

You’ll need to set up your hardware on the network along with the installation system. You’ll need to set up the boot order to let the machine boot off the network firstly; then HD, CD or floppy next. If it boots to the disk first, the machine will never contact the automated installer and will just try (and fail, if the HD is blank) to boot off the the HD.

You will also need to mark down the MAC Address of the network card the server will be booting off of. This will be retrieved from the actual hardware; off of the boot menu; or as a last resort you can boot it off of your DHCP server and then check the log for when this server hits the installer machine.

Lets create our pxelinux boot file. It should be named based off of the Ethernet MAC Address. For example: /tftpboot/pxelinux.cfg/01-88-99-aa-bb-cc-dd

Note that the mac address has an 01 in the very beginning of it; sometimes this is not included when you write down the mac address of the system.

1
2
3
4
5
default linux
serial 0,9600n8
label linux
  kernel vmlinuz_centos_4.4
  append ksdevice=eth0 console=tty0 console=ttyS0,9600n8 load_ramdisk=1 initrd=initrd_centos_4.4.img network ks=nfs:10.0.2.2:/tftpboot/Kickstart/ks.cfg

You may have noticed that this file specifies a few things. The initrd and vmlinuz files we copied, handle the kickstart of the image. /tftpboot/Kickstart/ks.cfg is the kickstart configuration file and is needed to do the actual unattended install. If you do not need remote serial console access during this install, you should remove the string “console=ttyS0,9600n8” which simply adds output to the serial port.

That is it! Now that all of the files are set up; you can boot/power cycle the server. This is what should happen:

  1. Server boots and looks for DHCP server on its network interface. Installer server responds and assigns server an IP address
  2. Server begins looking for a pxeboot configuration for what to do. It (hopefully) finds the file /tftpboot/pxelinux.cfg/01-88-99-aa-bb-cc-dd and boots using this
  3. It loads vmlinuz_centos_4.4 and the initrd initrd_centos_4.4.img.
  4. Kickstart config is told to load from the nfs share nfs:10.0.2.2:/tftpboot/Kickstart/ks.cfg
  5. Kickstart install begins like a normal Kickstart install from a floppy or CD install

Here is a catch: After the installation starts; remove the pxeboot.cfg file. If you do not remove/move this file, when the machine reboots after the install it will just do the remote installation again, resulting in an infinite install loop.

Bonus: Windows Unattended Installation

xplogosharp.jpg

In order to perform this same process but with Windows; we use the Unattended installation system.

Follow the directions for basic installation of this system.

Once you have it installed; copy :unattended install:/linuxboot/tftpboot/* to /tftpboot/

Then create a pxeboot.cfg file with the following lines:

1
2
3
4
5
default unattended
label unattended
        kernel bzImage
# Add options (z_user=..., z_path=..., etc.) to this line.
        append initrd=initrd_unattended

The Unattended installer will then work off its own installer system; which will automatically provision Windows versions – I’ve tested 2003 but it should also work for 2000 and XP installs.

In order to customize the installs further, you can use nLite to slipstream service packs and hotfixes; as well as make other changes to the default install.

Conclusion

Using this method allows you to deploy lots of installs with minimal datacenter presence. Once you have the hardware set up and ready to go; you just need to create the pxeboot config file and power cycle the machine. This has great benefits if you are far away from the datacenter; or what to deploy a lot of machines without doing manual installs. If you have any other solutions that will automate installations in a similar manner; please let me know!

  • shashikant kabra

    hi all
    i want to write a script that for windows installation,when i give mac id then windows is install automayically can any one help me???

    Thanks
    shashikant

  • shashikant kabra

    hi all
    i want to write a script that for windows installation,when i give mac id then windows is install automayically can any one help me???

    Thanks
    shashikant

  • Pete Bevin

    Great article. Thank you!

  • Pete Bevin

    Great article. Thank you!