dnsmasq PXE Server setup on Rocky Linux 8.5

Sun, Sep 18, 2022 4-minute read

Introduction

When installing many machines - that being bare-metal or virtual machines - automation comes to mind - and to that PXE booting and installing via the network is awesome.

This requires that you have a PXE server configured and configuration files on that server that tells clients how to install.

I am using dnsmasq, which is an awesome piece of software that also is running as a DHCP server on my network.

Dnsmasq should exist as a package for whatever system you are using, so you should be able to grab it via the package manager you use on your linux installation.

Installation

On Rockly linux you install dnsmasq via the dnf command - so simply start a console and type in sudu dnf -y install dnsmasq

On top of dnsmasq you also need a ftp server to serve up the ISO image - I use vsftpd which is also installed via sudo dnf -y install vsftpd.

This will install dnsmasq with default settings.

My dnsmasq configuration are as follows:

bind-interfaces
listen-address=::1,127.0.0.1,192.168.200.5
domain=root.dom
# DHCP range-leases
dhcp-range=ens18,192.168.110.2,192.168.110.200,255.255.0.0,1h
# PXE
dhcp-boot=pxelinux.0
dhcp-boot=efi/BOOTX64.EFI
# Gateway
dhcp-option=3,192.168.0.1
# DNS
dhcp-option=6,192.168.0.2,192.168.0.3
server=192.168.0.2
# Broadcast Address
dhcp-option=28,192.168.255.255

#pxe-prompt="Press F8 for menu.", 60
pxe-service=x86PC, "Install Linux from network server 192.168.200.5", pxelinux
enable-tftp
#tftp-unique-root
tftp-root=/var/ftp/pub/tftpboot,ens18
#log-dhcp=0
#log-queries=0

Lets go over the important bits:

  • listen-address this was required on my machine - otherwise the tftp server would only bind to localhost - you might not require this.
  • dhcp-boot=pxelinux.0 this is the boot file for BIOS machines
  • dhcp-boot=efi/BOOTX64.EFI this is the boot file for UEFI machines
  • pxe-service=x86PC, "Install Linux from network server 192.168.200.5", pxelinux - this is only required if you have BIOS clients - if you only use UEFI machines, you can remove this setting - my testing shows.
  • enable-tftp this enables the TFTP server that will serve the BIOS files and configuration for the PXE clients
  • `tftp-root=/var/ftp/pub/tftpboot,ens18' - this is the root directory for the TFTP server. This is where you have to place the menu files

This is the basic configuration for getting PXE working.

To get a hold of the pxelinux.0 file, you need to install the package syslinux and then copy the file:

dnf -y install syslinux
cp /usr/share/syslinux/pxelinux.0 /var/ftp/pub/tftpboot/pxelinux.0

To install the reuired UEFI files you need to mount a installation media and copy the files from the EFI/BOOT directory:

sudo mkdir /mnt/cdrom
sudo mkdir /var/ftp/pub/tftpboot/efi
sudo mount /dev/sr0 /mnt/cdrom
cp -rp /mnt/cdrom/EFI/BOOT* /var/ftp/pub/tftpboot/efi/
chmod a+r /var/ftp/pub/tftpboot/efi/*

To be able to serve the ISO for the installation to the PXE clients - it needs to be mounted on the server and be available from the root of the ftp server.

I have put ths following entry in the /etc/fstab

/dev/sr0                                /var/ftp/pub/rocky8 iso9660 ro,noatime,nofail 0 0

The ftp server needs anonymous access allowed and the correct root for anonymous users.

So edit /etc/vsftpd/vsftpd.conf and edit/add the following lines:

anon_root=/var/ftp/pub
anonymous_enable=YES

PXE Menus

When booting via PXE you will be presented with a menu and depending on what type of BIOS you have dnsmasq requires different files.

UEFI Clients

UEFI clients uses the file located in /var/ftp/pub/tftpboot/grub.cfg - if your tftp-root is the same as mine.

My configuration looks like:

set default="0"

function load_video {
  insmod efi_gop
  insmod efi_uga
  insmod video_bochs
  insmod video_cirrus
  insmod all_video
}

load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2

set timeout=15
### END /etc/grub.d/00_header ###

search --no-floppy --set=root -l 'Rocky-8-5-x86_64-dvd'

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Install Rocky Linux 8 from 192.168.200.5' --class fedora --class gnu-linux --class gnu --class os {
 linuxefi rocky8/vmlinuz inst.stage2=ftp://192.168.200.5/pub/rocky8 devfs=nomount inst.ks=ftp://192.168.200.5/pub/rocky8-ks-efi.cfg inst.repo=ftp://192.168.200.5/pub/rocky8
 initrdefi rocky8/initrd.img
}

menuentry 'Install Rocky Linux 8 - Docker/Kubernetes from 192.168.200.5' --class fedora --class gnu-linux --class gnu --class os {
        linuxefi rocky8/vmlinuz inst.stage2=ftp://192.168.200.5/pub/rocky8 devfs=nomount inst.ks=ftp://192.168.200.5/pub/rocky8-ks-efi-docker.cfg inst.repo=ftp://192.168.200.5/pub/rocky8
        initrdefi rocky8/initrd.img
}

Basically I have two options - install a default rocky installation with a kickstart and another for a docker/kubernetes host - also via a kickstart.

BIOS Clients

BIOS clients downloads the file /var/ftp/pub/tftpboot/pxelinux.cfg/default - and my configuration looks like:

default menu.c32
prompt 0
timeout 300
ONTIMEOUT 5

menu title ########## PXE Boot Menu ##########

label 1
menu label ^1) Install Debian 10
kernel debian/10/vmlinuz
append initrd=debian/10/initrd.gz auto=true url=ftp://192.168.200.5/pub/debian/10/preseed.txt ip=dhcp priority=critical

label 2
menu label ^2) Install Rocky Linux 8
menu default
kernel rocky8/vmlinuz
append initrd=rocky8/initrd.img inst.repo=ftp://192.168.200.5/pub/rocky8 devfs=nomount inst.ks=ftp://192.168.200.5/pub/rocky8-ks.cfg

label 9
menu label ^8) Boot from local drive
localboot 0

Kickstart

To make my installations fully automated, I use Kickstart, which is a way of preconfiguring a system so you can have 100% hands free installation.

I showed some of this in the post about my dell wyse machines.

Notes

It might be that the configuration files I have mentioned in this post is not working with your machines - but if you enable logging on the dnsmasq server, you can see what files clients are trying to locate - and then its just a matter of making that file in a format that the PXE client understands.

I have tested mine with a proxmox installation that uses qemu and iPXE.

I hope this helped you get a dnsmasq server up and running that will allow you to install clients via the network.