How to netboot the server installer on amd64¶
amd64 systems boot in either UEFI or legacy (“BIOS”) mode, and many systems can be configured to boot in either mode. The precise details depend on the system firmware, but both modes usually support the “Preboot eXecution Environment” (PXE) specification, which allows the provisioning of a bootloader over the network.
Steps needed¶
The process for network booting the live server installer is similar for both modes and goes like this:
The to-be-installed machine boots, and is directed to network boot.
The DHCP/BOOTP server tells the machine its network configuration and where to get the bootloader.
The machine’s firmware downloads the bootloader over TFTP and executes it.
The bootloader downloads configuration, also over TFTP, telling it where to download the kernel, RAM Disk and kernel command line to use.
The RAM Disk looks at the kernel command line to learn how to configure the network and where to download the server ISO from.
The RAM Disk downloads the ISO and mounts it as a loop device.
From this point on the install follows the same path as if the ISO was on a local block device.
The difference between UEFI and legacy modes is that in UEFI mode the bootloader is an EFI executable, signed so that is accepted by Secure Boot, and in legacy mode it is PXELINUX. Most DHCP/BOOTP servers can be configured to serve the right bootloader to a particular machine.
Configure DHCP/BOOTP and TFTP¶
There are several implementations of the DHCP/BOOTP and TFTP protocols available. This document will briefly describe how to configure dnsmasq
to perform both of these roles.
Install
dnsmasq
with:sudo apt install dnsmasq
Put something like this in
/etc/dnsmasq.conf.d/pxe.conf
:interface=<your interface>,lo bind-interfaces dhcp-range=<your interface>,192.168.0.100,192.168.0.200 dhcp-boot=pxelinux.0 dhcp-match=set:efi-x86_64,option:client-arch,7 dhcp-boot=tag:efi-x86_64,bootx64.efi enable-tftp tftp-root=/srv/tftp
Note: This assumes several things about your network; read
man dnsmasq
or the default/etc/dnsmasq.conf
for many more options.
Restart
dnsmasq
with:sudo systemctl restart dnsmasq.service
Serve the bootloaders and configuration.¶
We need to make this section possible to write sanely
Ideally this would be something like:
apt install cd-boot-images-amd64
ln -s /usr/share/cd-boot-images-amd64 /srv/tftp/boot-amd64
Mode-independent set up¶
Download the latest live server ISO for the release you want to install:
wget http://cdimage.ubuntu.com/ubuntu-server/daily-live/current/focal-live-server-amd64.iso
Mount it:
mount ubuntu-19.10-live-server-amd64.iso /mnt
Copy the kernel and
initrd
from it to where thednsmasq
serves TFTP from:cp /mnt/casper/{vmlinuz,initrd} /srv/tftp/
Set up the files for UEFI booting¶
Copy the signed shim binary into place:
apt download shim-signed dpkg-deb --fsys-tarfile shim-signed*deb | tar x ./usr/lib/shim/shimx64.efi.signed -O > /srv/tftp/bootx64.efi
Copy the signed GRUB binary into place:
apt download grub-efi-amd64-signed dpkg-deb --fsys-tarfile grub-efi-amd64-signed*deb | tar x ./usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed -O > /srv/tftp/grubx64.efi
GRUB also needs a font to be available over TFTP:
apt download grub-common dpkg-deb --fsys-tarfile grub-common*deb | tar x ./usr/share/grub/unicode.pf2 -O > /srv/tftp/unicode.pf2
Create
/srv/tftp/grub/grub.cfg
that contains:set default="0" set timeout=-1 if loadfont unicode ; then set gfxmode=auto set locale_dir=$prefix/locale set lang=en_US fi terminal_output gfxterm set menu_color_normal=white/black set menu_color_highlight=black/light-gray if background_color 44,0,30; then clear fi function gfxmode { set gfxpayload="${1}" if [ "${1}" = "keep" ]; then set vt_handoff=vt.handoff=7 else set vt_handoff= fi } set linux_gfx_mode=keep export linux_gfx_mode menuentry 'Ubuntu 20.04' { gfxmode $linux_gfx_mode linux /vmlinux $vt_handoff quiet splash initrd /initrd }
Set up the files for legacy boot¶
Download
pxelinux.0
and put it into place:wget http://archive.ubuntu.com/ubuntu/dists/eoan/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/pxelinux.0 mkdir -p /srv/tftp mv pxelinux.0 /srv/tftp/
Make sure to have installed package
syslinux-common
and then:cp /usr/lib/syslinux/modules/bios/ldlinux.c32 /srv/tftp/
Create
/srv/tftp/pxelinux.cfg/default
containing:DEFAULT install LABEL install KERNEL vmlinuz INITRD initrd APPEND root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://cdimage.ubuntu.com/ubuntu-server/daily-live/current/focal-live-server-amd64.iso
As you can see, this downloads the ISO from Ubuntu’s servers. You may want to host it somewhere on your infrastructure and change the URL to match.
This configuration is very simple. PXELINUX has many, many options, and you can consult its documentation for more.