Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
en:guides:pxe [2010/05/04 17:44] jozee |
en:guides:pxe [2012/08/01 16:25] bellard Add the qemu commande line to test the PXE server |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== PXE ======= | ====== PXE ======= | ||
| - | =====PXE boot ===== | + | |
| + | The //Preboot eXecution Environment// (or //PXE//, pronounced 'pixie') is the process of booting a computer from a network connection. It is comparable to booting a LiveCD from a remote CD drive. | ||
| This network boot method requires: | This network boot method requires: | ||
| - | * a server to store files running DHCP and TFTP (each could be on a separate server), | + | * a server to store files running DHCP and TFTP (each could be on a separate server); |
| - | * a client with a PXE bootloader. Maybe diskless. | + | * a client with a PXE boot-loader, stored in the BIOS firmware. It maybe disk-less. |
| - | ===== PXE server setup ===== | + | \\ |
| - | PXE server = DHCP server + DHCP bootfile option + TFTP server | + | ===== PXE Server Set-Up ===== |
| - | Demo with a Slitaz Live CD: Launch netbox (menu System / netbox) | + | A PXE server comprises: |
| - | * in Static IP tab click start. This box will be the DHCP server. It can't use DHCP to get IP configuration. | + | * a DHCP server to accept clients; |
| - | * in Server / INETD tab ensure tftpd line is uncommented (by default) in /etc/initd.conf and click start. (launch the TFTP server) | + | * a DHCP boot-file to configure them; |
| - | * in Server / PXE tab edit configuration and add your boot options. This action will update dhcp server configuration automatically. (configure bootfile option) | + | * a TFTP server to deliver an OS. |
| - | * in Server / DHCP tab check configuration. Previous action has added the lines boot_file and siaddr. Then click start. (launch the DHCP server) | + | |
| - | * ensure files bzImage and rootfs.gz are stored in /boot | + | |
| - | ===== PXE client bootloader ===== | + | ==== Quick start with the Live CD ==== |
| - | Most recent machines with embedded ethernet have PXE BIOS. Look for this feature in BIOS menus and BIOS boot menu. | + | The SliTaz LiveCD can be used as a PXE server. To begin the process, launch the Netbox application (from the System Tools menu). |
| - | Otherwise create a cdrom or a boot floppy with System -> Boot floppy/cdrom creation tool. In PXE Network tab click Write floppy. And boot on it. | + | |
| - | Your ethernet card is not recognized ? See http://rom-o-matic.net/ | + | |
| - | ===== PXE boot without PXE server: WEB boot ===== | + | * From the //Static IP// tab, click //Start//. |
| + | * This box will be the DHCP server. It can't use DHCP to get an IP configuration. | ||
| - | See http://boot.slitaz.org/ | + | <note tip>Since SliTaz 3.0 the Netbox application is now split into Netbox and Serverbox. If you are running a recent SliTaz version, please read **Serverbox application** instead of **Server tab** below</note> |
| - | You need a DHCP server to get ip address, netmask, gateway address. | + | |
| - | ===== PXE boot without DHCP server: WEB boot and command line ===== | + | * From the //Server// tab, select the //INETD// sub-tab and ensure the //tftpd// line is **uncommented** in /etc/initd.conf. This is the default behaviour. Click //Start//. |
| + | * This will launch the TFTP server, which will deliver the SliTaz LiveCD across the network. | ||
| - | See http://boot.slitaz.org/. You need an ip address with a netmask, a gateway address and optionally a dns address. Example using grub: | + | * From the //Server// tab, select the //PXE// sub-tab. |
| - | <code> | + | * Edit the configuration to add your boot options. |
| + | * This will update the DHCP server configuration automatically. | ||
| + | |||
| + | * From the //Server// tab, select the //DHCP// sub-tab. Check that the configuration aligns with your network. The previous step has added the lines //boot_file// and //siaddr//. Click //Start//. | ||
| + | * This will launch the the DHCP server. If clients to do not receive an IP address, check this configuration. | ||
| + | |||
| + | * Ensure the files //bzImage// and //rootfs.gz// are stored in the // /boot // directory of the LiveCD. | ||
| + | |||
| + | ==== Customize your PXE server ==== | ||
| + | |||
| + | * You can have multiple PXE configurations for the different client groups, see [[http://syslinux.zytor.com/wiki/index.php/PXELINUX#How_do_I_Configure_PXELINUX.3F|PXElinux wiki]]. | ||
| + | * You can store __/home__ on a client local drive only (like tazusb does), example append __/etc/fstab__ with : <file>/dev/hda1 /home ext3 defaults 0 0</file> | ||
| + | * Since SliTaz 3.0, you can have a hydrid installation on (some) clients. These clients have SliTaz installed with some huge packages like libreoffice. They boot with PXE and most of the system runs in RAM except the huge software linked to the hard disk (could be a network disk too). Example, append to __/etc/init.d/local.sh__ :<file>mount -t nfs -o ro bootserver:/slitaz /media/slitaz | ||
| + | tazpkg link libre-office /media/slitaz</file> | ||
| + | * Since SliTaz 3.0, you can stack multiple initramfs in the pxelinux configuration file - An easy way to upgrade SliTaz and keep your customizations, example :<file>label slitaz | ||
| + | kernel /boot/bzImage | ||
| + | append initrd=/boot/rootfs.gz,/boot/configs/extra-packages.gz,/boot/configs/special-configuration.gz rw root=/dev/null vga=normal autologin</file> | ||
| + | * Example of a PXE server configuration: The [[http://boot.slitaz.org/|SliTaz web boot]] server http://mirror.slitaz.org/pxe/ (start with [[http://mirror.slitaz.org/pxe/pxelinux.cfg/default|pxelinux.cfg/default]]) | ||
| + | \\ | ||
| + | ==== Test the PXE server with QEMU ==== | ||
| + | |||
| + | * Install qemu <file>tazpkg get-install qemu</file> | ||
| + | * Launch the VM <file>qemu -boot n -bootp /pxelinux.0 -tftp /boot</file> | ||
| + | \\ | ||
| + | ===== PXE Client Set-Up ===== | ||
| + | |||
| + | Most recent machines with on-board Ethernet have a PXE-capable BIOS. Look for this feature in BIOS menus and the BIOS boot menu and ensure it is activated. It may require you press a key, such as F12, during the boot process. | ||
| + | |||
| + | If your computer does not support PXE booting, you can use SliTaz as a client instead. Create a bootable CD-ROM or floppy disk with the // Boot Floppy/CDROM // tool found in the //System Tools// menu. | ||
| + | |||
| + | In the PXE Network tab click Write floppy. Use this to boot the client computer. | ||
| + | |||
| + | <note tip>Is your Ethernet card not recognised? See [[http://rom-o-matic.net/|ROM-O-Matic]]</note> | ||
| + | |||
| + | \\ | ||
| + | |||
| + | ===== Web Booting ===== | ||
| + | |||
| + | The SliTaz LiveCD has configuration settings to start your computer via the Internet. This is useful for using a newer version of SliTaz from older media. | ||
| + | |||
| + | You can start the automatic process with the following command at the SliTaz LiveCD boot-splash: | ||
| + | |||
| + | web | ||
| + | |||
| + | That's it! | ||
| + | |||
| + | You can find more information on using an Internet connection to boot your computer at the [[http://boot.slitaz.org/|SliTaz Web Boot home-page]]. | ||
| + | |||
| + | You will need a DHCP server to get an IP address, netmask, gateway address, as per a normal network connection -- a standard home router should be sufficient for this. | ||
| + | |||
| + | \\ | ||
| + | |||
| + | === PXE boot without DHCP server: Web Boot & Command Line === | ||
| + | |||
| + | If you have no device that can function as a DHCP server, you need an IP address with a netmask, gateway address and, optionally, a DNS address. | ||
| + | <file> | ||
| title Slitaz Web | title Slitaz Web | ||
| kernel /boot/gpxe ip=192.168.0.12/24 gw=192.168.0.1 dns=192.168.0.1 url=http://mirror.slitaz.org/pxe/pxelinux.0 | kernel /boot/gpxe ip=192.168.0.12/24 gw=192.168.0.1 dns=192.168.0.1 url=http://mirror.slitaz.org/pxe/pxelinux.0 | ||
| - | </code> | + | </file> |
| - | You can hack boot url (see below): | + | |
| - | Replace | + | |
| - | <code> http://mirror.slitaz.org/pxe/pxelinux.0 </code> | + | You can modify the URL thus: |
| + | <file> | ||
| + | title Slitaz Web | ||
| + | kernel /boot/gpxe ip=192.168.0.12/24 gw=192.168.0.1 dns=192.168.0.1 ip=192.168.0.12/24 gw=192.168.0.1 | ||
| + | dns=192.168.0.1 url=http://mirror.slitaz.org/pxe/pxelinux.0 | ||
| + | </file> | ||
| - | With | + | Note that only the following keywords are recognised: |
| - | <code> | + | |
| - | ip=192.168.0.12/24 gw=192.168.0.1 dns=192.168.0.1 url=http://mirror.slitaz.org/pxe/pxelinux.0 | + | |
| - | </code> | + | |
| - | Only ip= gw= dns= url= and nodhcp keywords are recognized. nodhcp is useful to avoid dhcp timeout. | + | |
| - | ===== WEB boot with embedded PXE boot prom (PXE forwarder) ===== | + | * ip= |
| + | * gw= | ||
| + | * dns= | ||
| + | * url= | ||
| + | * nodhcp (useful to avoid a DHCP timeout error) | ||
| - | Configure a PXE server with http://download.tuxfamily.org/slitaz/boot/gpxe.pxe as bootfile, a 42Kb second stage loader. | + | \\ |
| - | Successfully tested with a http://openwrt.org/ router: | + | |
| + | ===== Advanced Web Booting Configuration ===== | ||
| + | |||
| + | The Web Booting process can be embedded into routers and other devices, as well as being customised. | ||
| + | |||
| + | \\ | ||
| + | |||
| + | === Embedded Web Boot, with PXE boot PROM (PXE forwarder) === | ||
| + | |||
| + | Configure a PXE server with http://download.tuxfamily.org/slitaz/boot/gpxe.pxe as the boot file, a 42Kb second stage loader. This was successfully tested with an [[http://openwrt.org/|OpenWRT]] router: | ||
| * install http://mirror.slitaz.org/boot/mips/tftpd (mips version) in /jffs/usr/sbin | * install http://mirror.slitaz.org/boot/mips/tftpd (mips version) in /jffs/usr/sbin | ||
| Line 58: | Line 123: | ||
| * add dhcp bootfile option in dnsmasq config file | * add dhcp bootfile option in dnsmasq config file | ||
| - | <code> # echo "dhcp-boot=gpxe.pxe" >> /tmp/dnsmasq.conf </code> | + | # echo "dhcp-boot=gpxe.pxe" >> /tmp/dnsmasq.conf |
| - | launch the tftp server for your lan (say 192.168.0.1/24) | + | Launch the tftp server for your lan (say 192.168.0.1/24) |
| - | <code> # /jffs/usr/sbin/tftpd 192.168.0.1 /jffs/boot </code> | + | # /jffs/usr/sbin/tftpd 192.168.0.1 /jffs/boot |
| - | ===== Hack gpxe default WEB boot URL ===== | + | <note tip>You can avoid the tftp server installation and use the SliTaz tftp server directly : |
| + | # echo "dhcp-boot=gpxe.pxe,mirror.slitaz.org" >> /tmp/dnsmasq.conf | ||
| + | </note> | ||
| - | The URL is stored at offset 519 in 255 bytes max | + | \\ |
| - | Show current URL | + | |
| - | <code> $ dd bs=1 skip=519 count=255 if=gpxe 2> /dev/null | strings </code> | + | === Modifying the Default GPXE Web Boot URL === |
| - | Change URL | + | The URL is stored at offset 519 in 255 bytes max. |
| - | <code>$ echo -n "http://myurl.org/myboot" | cat - /dev/zero | dd conv=notrunc bs=1 seek=519 count=255 of=gpxe | + | * Show the current URL with: |
| - | </code> | + | |
| - | Change URL and IP stuff | + | |
| - | <code>$ echo -n "ip=192.168.0.10/24 gw=192.168.0.1 dns=192.168.0.1 url=http://myurl.org/myboot" | cat - /dev/zero | dd conv=notrunc bs=1 seek=519 count=255 of=gpxe | + | $ dd bs=1 skip=519 count=255 if=gpxe 2> /dev/null | strings |
| - | </code> | + | |
| - | Remove URL | + | |
| - | Will behave as a normal gpxe. | + | |
| - | <code>$ dd if=/dev/zero conv=notrunc bs=1 seek=519 count=255 of=gpxe | + | * Change the URL with: |
| - | </code> | + | |
| - | ===== Hack gpxe.pxe default WEB boot URL ===== | + | $ echo -n "http://myurl.org/myboot" | cat - /dev/zero | dd conv=notrunc bs=1 seek=519 count=255 of=gpxe |
| - | The URL is stored at offset 5 in 255 bytes max | + | * Change the URL and IP configuration with: |
| - | Show current URL | + | |
| - | <code>$ dd bs=1 skip=5 count=255 if=gpxe.pxe 2> /dev/null | strings | + | $ echo -n "ip=192.168.0.10/24 gw=192.168.0.1 dns=192.168.0.1 url=http://myurl.org/myboot" | cat - /dev/zero | dd |
| - | </code> | + | conv=notrunc bs=1 seek=519 count=255 of=gpxe |
| - | Change URL | + | |
| - | <code> | + | * Remove URL to behave as a normal GPXE with: |
| - | $ echo -n "http://myurl.org/myboot" | cat - /dev/zero | dd conv=notrunc bs=1 seek=5 count=255 of=gpxe.pxe | + | |
| - | </code> | + | |
| - | Remove URL | + | |
| - | Will behave as a normal gpxe.pxe. | + | $ dd if=/dev/zero conv=notrunc bs=1 seek=519 count=255 of=gpxe |
| - | <code>$ dd if=/dev/zero conv=notrunc bs=1 seek=5 count=255 of=gpxe.pxe | + | \\ |
| - | </code> | + | |
| - | ===== Redundant Web boot servers ===== | + | === Hack the gpxe.pxe Default Web Boot URL === |
| + | |||
| + | The URL is stored at offset 5 in 255 bytes max. | ||
| + | |||
| + | Show the current URL with: | ||
| + | |||
| + | $ dd bs=1 skip=5 count=255 if=gpxe.pxe 2> /dev/null | strings | ||
| + | |||
| + | Change the URL with: | ||
| + | |||
| + | $ echo -n "http://myurl.org/myboot" | cat - /dev/zero | dd conv=notrunc bs=1 seek=5 count=255 of=gpxe.pxe | ||
| + | |||
| + | Remove the URL and behave as a normal //gpxe.pxe// with: | ||
| + | $ dd if=/dev/zero conv=notrunc bs=1 seek=5 count=255 of=gpxe.pxe | ||
| + | |||
| + | \\ | ||
| + | |||
| + | === Using Redundancy with Web Boot Servers === | ||
| Comma separated URL lists are supported. | Comma separated URL lists are supported. | ||
| Line 112: | Line 183: | ||
| Example with current Slitaz Web boot servers : | Example with current Slitaz Web boot servers : | ||
| - | <code>$ echo -n "http://mirror.slitaz.org/pxe/pxelinux.0,http://mirror.switch.ch/ftp/mirror/pxe/pxelinux.0,http://download.tuxfamily.org/slitaz/pxe/pxelinux.0" | cat - /dev/zero | dd conv=notrunc bs=1 seek=519 count=255 of=gpxe | + | $ echo -n "http://mirror.slitaz.org/pxe/pxelinux.0,http://mirror.switch.ch/ftp/mirror/pxe/pxelinux.0,http: |
| - | </code> | + | download.tuxfamily.org/slitaz/pxe/pxelinux.0" | cat - /dev/zero | dd conv=notrunc bs=1 seek=519 count=255 of=gpxe |
| + | |||
| + | ===== Why use PXE ? The VNC example ===== | ||
| + | |||
| + | Let's say that your company is working on some very sensitive data. | ||
| + | You don't want people copying anything on to removable media such as USB keys. | ||
| + | Only a few users can use this data. | ||
| + | |||
| + | * PXELINUX chooses a special configuration by the MAC address in //pxelinux.cfg/<client-mac-address>// | ||
| + | * It checks the md5 (or sha256) password of the user boot entry with menu.c32 | ||
| + | * It sends a kernel and an initramfs with a **fbvnc** package built by http://tiny.slitaz.org/ (total size < 1.44MB) | ||
| + | * The client boots in 1 to 5 seconds with a VNC framebuffer client | ||
| + | * The VNC server can send any OS display | ||
| + | * The client has no media driver and can use 10 year old hardware (may avoid theft risk) | ||
| + | * The target OS can run in a VM : more scalable and easier to maintain than multiple desktops | ||
| + | * No data is stored on the client machine. It may also have no disk. It only needs an ethernet card | ||
| + | * Of course, the sessions in the target OS must have a connection timeout and need a username and a password... | ||
| + | |||
| + | ==== Increase security a bit ==== | ||
| + | |||
| + | The VNC listens to the network without a password | ||
| + | (fbvnc has no authentication support) and the VNC traffic is not encrypted on | ||
| + | the network. | ||
| + | |||
| + | * Build an initramfs with a **fbvnc-ssh** package on http://tiny.slitaz.org/ | ||
| + | * On the server, VNC should listen on localhost only | ||
| + | * The SSH public key of the client is installed in //$HOME/.ssh/authorized_keys// on the VNC server | ||
| + | * The VNC traffic can be compressed in the SSH tunnel (fbvnc supports raw frames only) | ||
| + | ==== A quick demo ==== | ||
| + | |||
| + | The menu //Tiny SliTaz// -> //Tiny VNC// of the [[http://boot.slitaz.org/|SliTaz Web Boot]] launches the VNC client without ssh | ||
| + | (you need a VNC server running on your network...). | ||
| + | <note tip>You can directly download the [[http://mirror.slitaz.org/pxe/tiny/vnc/bzImage.gz|kernel]] | ||
| + | and then the [[http://mirror.slitaz.org/pxe/tiny/vnc/rootfs.gz|initramfs]] and test it | ||
| + | on your network or with qemu | ||
| + | </note> | ||
| + | <note tip>Try with the cmdline argument **vga=ask** first. This will find the best | ||
| + | VESA mode to use (example **vga=0x33B**) | ||
| + | </note> | ||
| ---- | ---- | ||
| Line 123: | Line 232: | ||
| |Problems| add a [[http://forum.slitaz.org|forum post link]]| | |Problems| add a [[http://forum.slitaz.org|forum post link]]| | ||
| |::: | OR add a [[http://labs.slitaz.org/issues |lab issue tracker link ]]| | |::: | OR add a [[http://labs.slitaz.org/issues |lab issue tracker link ]]| | ||
| - | |How to Improve| Suggest briefly| | + | |How to Improve| Improve readability | |
| + | |::: | Section in to Client/Server, with Simple/Advanced in each | | ||
| |::: | | | |::: | | | ||
| \\ | \\ | ||
| ---- | ---- | ||