Share |

5.3 Setting up your PXE boot environment

Ever wondered what you could do with that PXE stuff from your network card at boot time? Well you could run a TRK on your network.

1. Prerequisites

Here 's what you need:
-the latest TRK
-A (wired) local area network
-Computers with PXE compliant hardware
-A decent configurable dhcp server
-A Linux machine or any OS that can run an NFS server (not Windows, or else a third party soft)
-A TFTP server (these last 3 things can all run on the same server)


Time to install and configure everything: 15 minutes (if you understand everything directly)

2. Put the TRK files somewhere

Download the latest tar.gz distributed TRK version (version 275 and up) and unpack it somewhere on your Linux nfs/tftp server. In this case we 're going to assume unpacking it to /home/trkfiles. User and group ownership is ok for root, just make sure it 's world readable (is normally ok, but just in case)
commands:
'cd /home/trkfiles'
'tar xzf /tmp/trinity-rescue-kit-3.2-build-275.tar.gz'

You can also copy your files from your TRK CD, usb stick or mount the iso file with a loopback device and copy everything from there.

Keep in mind: This is the location where all of your TRK files will reside. The folder you are about to use will be the same for your TFTP server as for your NFS share. Make sure they are the same, not a subfolder of the other!

There 's another thing you should do, that 's generating a default pxelinux config file  (/home/trkfiles/pxelinux.cfg/default). I 've created a small script that does it for you, based on the normal isolinux/syslinux config files. This is something you need to do everytime you upgrade TRK
-Go to /home/trkfiles/trk3 'cd /home/trkfiles/trk3'
-'./mkpxelinux'
The script will prompt you for an nfs path to specify. This is the ip-address of your server combined with the path where TRK resides. This is necessary for the secondary startup phase of TRK. If you omit this, you will get weird results when booting.
An example you could fill in is '192.168.81.5:/home/trkfiles'

3. Setting up DHCP

I 'm going to discuss 2 DHCP servers.

First the ISC dhcp server, which is about the standard in most Linux distributions.
Here 's what the dhcp.conf should more or less look like, depending on your site configuration.
It 's what 's in bold that 's important.
Note that in this situation ALL of your machines will be able to boot from PXE.
If you omit the PXE parameters ('next-server' which is your TFTP server and 'filename') from the general dhcp parameters and put them in the section 'group' (what' s commented out with #), you can specify PXE booting per host based on the host's mac address.

allow booting;
allow bootp;
ddns-update-style none;
subnet 192.168.81.0 netmask 255.255.255.0 {
    # default gateway
    option routers 192.168.81.2;
    option subnet-mask 255.255.255.0;

    option domain-name "trinityhome.local";
    option broadcast-address 192.168.81.255;

    # Seting up an ip address is better here
    option domain-name-servers 192.168.81.2;
    option nis-domain "trinityhome.local";

    range dynamic-bootp 192.168.81.128 192.168.81.254;
    default-lease-time 21600;
    max-lease-time 43200;
    # PXE directives
    next-server 192.168.81.5;
    filename "/pxelinux.0";

#    group {
#    host testtrk {
#    hardware ethernet 00:0C:29:A1:E9:E5;
#    fixed-address 192.168.81.253;
#    next-server 192.168.81.5;
#    filename "/pxelinux.0";
#        }
#    }

 
Second DHCP server is with a Microsoft DHCP.
-Run  the DHCP snap-in
-Go to  your active scope => scope options => right click in it and select  'Configure options'
-Activate option '066 Bootserver hostname' and option '067 Bootfile Name'.
-Put for hostname the IP-address of your TFTP server alltogether.
-For bootfilename '/pxelinux.0'

4. Setting up a TFTP server (primary bootprocess)

I 'm using the tftp-hpa-0.43a TFTP server, which is recommended by the syslinux developer. Download it from kernel.org: http://www.kernel.org/pub/software/network/tftp/
Download, unpack, configure and make && make install it.
It 's also possible it was already in your distribution, so you don 't need to compile it.
To have the tftp server run from the commandline as a daemon, using /home/trkfiles as the dir where your TRK resides, type 'in.ftpd -l -s /home/trkfiles'
In fact, this whole procedure so far is also explained on the syslinux homepage.

5. Setting up NFS (secondary bootprocess)

This is for a very basic NFS setup. TRK only needs read only access on NFS, so there 's no big security issue for this simple setup.
NFS relies on 1 configuration file for its shares: /etc/exports
Edit /etc/exports and add the next line, again assuming /home/trkfiles is where your TRK resides. This is the same folder as your TFTP server root!
'/home/trkfiles   *(ro,no_root_squash)'
Restart your NFS service.


That 's it, you 're all set. Take a machine in your lan, power it on, press F12 and boot from network with TRK. It should boot even faster than from CD or disk.
When a newer version of TRK appears, all you need to do is download and unpack in the same dir where it resided before and regenerate your PXE config with mkpxelinux

In the event you gave wrong parameters or your NFS has any problem at all to get mounted, TRK will drop to a basic shell allowing you to debug what's happened.

6. Custom security and triggers

Setting it up

In some cases you cannot have the physical console of a machine, but it can be remotely booted from network with TRK  on PXE.
You could run a ssh server, but TRK by default will not run one because there would be no security (the default password for root is 'trk').
In this case I 've developed a possibility to have a custom shadow file (=holds encrypted versions of passwords on a Linux machine) or even better the use of RSA public keys.
Furthermore, there 's also a check for a custom, per host trk3options.conf file, should you not have a trk3optionsserver environment (feature since TRK 3.1).
Also it will look for a custom trklocscript, so you can launch anything else you like.
Here 's the way to set it up:
-In the directory where your TRK files reside, create a directory called 'pxeconfig'
-in the directory pxeconfig, create directories named according the mac-address of your custom hosts.
If your hosts network card is 00:0C:29:A1:B9:E5, then create that directory, but use hyphens instead of colons, just to avoid filesystems that don 't accept colons. So in this case create directory '00-0C-29-A1-B9-E5'

Security and other triggers

-Per host shadow file
In the mac-address based directory you can now put a custom shadow file. This will be detected upon startup of TRK on the host with the matching network interface and copied locally.
Once copied, TRK will start a secure shell server allowing remote control of the machine with the matching root password from the custom shadow file.

-Per host authorized_keys file
Another way of  having custom security for ssh is the use of rsa key authentication. This is fairly easy to setup. The method of public/private key authentication is standard secure shell and is explained anywhere on the internet. I will therefore not explain how you should generate a public/private keypair.
What 's important is that you copy the public key of the root user to a file called 'authorized_keys'. In general, one key is enough, so it 's ok to copy the file id_rsa.pub or identity.pub to 'authorized_keys' into our /<trkpxefiles>/pxeconfig/<mac-addres>/ directory.
Upon startup, this file will be detected and gets precedence over a custom shadow file. Once this file is copied, TRK will disable password based authentication, so you can only login with your private key

-Per host or general trk3options.conf and trklocscript file
Just like with a trkoptionsserver, you can have a custom trk3options.conf file in which you can specify custom proxy settings or a complete script. Just put the file in /<trkpxefiles>/pxeconfig/<mac-addres>/  for per host trk3options.conf or in /<trkpxefiles>/pxeconfig/ to have this file for general use for all local TRK hosts.
The same principle goes for trklocscript, a script that will get executed when found. Place this script in /<trkpxefiles>/trk3/ and it will get executed on startup.

Updated: July 28, 2010