Fedora Server network-based installation

Peter Boy Version F36-F37 Last review: 0000-00-00

Status: work in progress. Text is still raw and unedited yet. No valid information to find here!

With this method, the server to be installed does not boot from a local media, but from another specially configured server using a specific protocol, the Preboot Execution Environment (PXE). As the name indicates, this is completely independent of any operating system, but is implemented in the server’s firmware. This allows to conveniently configure and control the entire boot process with a local desktop connected to that specially configured server.

Preboot Execution Environment, or PXE, is a technology that allows computers to boot directly from resources provided over the network. A system administrator doesn’t have to create a dedicated installation media and connect it somehow to the server to be installed – previously typically a CD or DVD, at present typically a USB memory stick. There is no need to physically touch the server at all. During initial commissioning, the server is configured to search at first for a PXE source on the network. The MAC address of the interface card, which is unique in the network, is used for identification and addressing a response. If no PXE server responds, the boot process selects a local medium, usually a hard disk.

System administrators can do everything necessary from their comfortable desktop. First, they configure the PXE server to respond to the Mac address of the server to be installed and provide the designated boot configuration. Then they reboot the server to be installed. Everything can be done remotely via network connections.

This method is ideal for servers located in a remote data center. It is originally intended for physical servers, but is applicable on virtual machines as well.

In a Fedora Server installation, the boot process ends with Anaconda, the installation program. Depending on the requirements, a kickstart file starts an automatic installation procedure or starts a VNC for an interactive remote installation.

PXE technology is not only useful for installation, but also for monitoring and managing productive operation.

How it works – a PXE installation overview

The process involves a number of components and features working together to provide the resources required.

Prerequisites

PXE-capable server: Most modern computers have the capability to network boot. Typically, a function key pressed during boot will bring up a boot selection menu. In environments designed for unattended administration, systems will often be configured to first attempt booting from the network, then boot from local storage, and the installation server is configured to only offer the installation when required. Your computer’s manual will provide specific instructions on setting boot priorities.
DHCP Server: When a system requests an address during network booting, the DHCP server also provides the location of files to boot. A network should have only one DHCP server.

Consult the either the dnsmasq or the ISC DHCP server installation guide.
TFTP Server: Because the pre-boot environment is very simple, files must be provided in a very simple way. Trivial File Transfer Protocol, or TFTP, provides the system with the bootloader required to continue the installation process.

Consult the TFTP installation guide

Instead of installing and configuring all the required pieces, you may consider the cobbler installation server. Tasks like managing kickstart configurations, coordinating repositories, maintaining dns records, dhcp servers, and even puppet manifests are effectively automated by cobbler.

Preparations

Bootloader: Because the job of booting an operating system is too complex for the pre-boot environment, a bootloader is used to load the kernel and related files. It also provides configuration information to the installer, and can offer a menu to select from different configurations.
Kernel and Initramfs: The kernel is the core of any Linux operating system, and the initramfs provides the kernel with required tools and resources. These files are also provided by tftp.
Package repository: A Fedora repository must be available for the installation. The example in this section uses the public Fedora mirrors as the repository source, but you can also use a repo on the local network provided by NFS, FTP, or HTTP. Repositories can be configured using the inst.repo= boot option; see [Specifying the Installation Source] for details.

Configuring the PXE boot environment

Providing and configuring bootloaders for PXE clients

Getting the bootloader files

Get the syslinux bootloader for BIOS clients.

Install the syslinux package.
```
# dnf install syslinux
```

Create a directory for the bootloader files, and make them available there.

# mkdir -p /var/lib/tftpboot/pxelinux.cfg
# cp /usr/share/syslinux/{pxelinux.0,menu.c32,vesamenu.c32,ldlinux.c32,libcom32.c32,libutil.c32} /var/lib/tftpboot/

Get the bootloader files for UEFI systems
1. Install the shim-x64 and grub2-efi-x64 packages. If your server is a BIOS system, you must install the packages to a temporary install root. Installing them directly on a BIOS machine will attempt to configure the system for UEFI booting and cause problems.
  # dnf install shim-x64 grub2-efi-x64 --installroot=/tmp/fedora --releasever 36
2. Create a directory for the bootloader files, and make them available there.
  # mkdir -p /var/lib/tftpboot/uefi # cp /tmp/fedora/boot/efi/EFI/fedora/{shimx64.efi,grubx64.efi} /var/lib/tftpboot/uefi/

Configuring client bootloaders

Create a boot menu for BIOS clients at /var/lib/tftpboot/pxelinux.cfg/default.

default vesamenu.c32
prompt 1
timeout 600

label local
menu label Boot from ^local drive
menu default
localboot 0xffff

label linux
menu label ^Install Fedora 36 64-bit
kernel f36/vmlinuz
append initrd=f35/initrd.img inst.stage2=https://download.fedoraproject.org/pub/fedora/linux/releases/35/Server/x86_64/os/ ip=dhcp

label server
menu label ^Install Fedora 35 ( Minimal Image )
kernel f35/vmlinuz
append initrd=f35/initrd.img inst.stage2=https://download.fedoraproject.org/pub/fedora/linux/releases/35/Server/x86_64/os/ ip=dhcp ks=https://example.com/fedora/kickstarts/minimal.ks

Create a boot menu for UEFI clients at /var/lib/tftpboot/uefi/grub.cfg.

function load_video {
	insmod efi_gop
	insmod efi_uga
	insmod video_bochs
	insmod video_cirrus
	insmod all_video
}

load_video
set gfxpayload=keep
insmod gzio

menuentry 'Exit this grub' {
        exit
}

menuentry 'Install Fedora 64-bit'  --class fedora --class gnu-linux --class gnu --class os {
	linux $fw_path/f35/vmlinuz ip=dhcp inst.repo=https://download.fedoraproject.org/pub/fedora/linux/releases/35/Server/x86_64/os/
	initrd $fw_path/f35/initrd.img
}

menuentry 'Install Fedora 35 Server'  --class fedora --class gnu-linux --class gnu --class os {
	kernel f35/vmlinuz
	append initrd=f35/initrd.img inst.repo=https://download.fedoraproject.org/pub/fedora/linux/releases/35/Server/x86_64/os/ ip=dhcp ks=https://git.fedorahosted.org/cgit/spin-kickstarts.git/plain/fedora-install-server.ks?h=f21
}

Getting the kernel and initrd

Downloading the kernel and initrd

Create a directory for the files.
```
# mkdir -p /var/lib/tftpboot/f35
```

Download the kernel.

# wget https://download.fedoraproject.org/pub/fedora/linux/releases/35/Server/x86_64/os/images/pxeboot/vmlinuz -O /var/lib/tftpboot/f35/vmlinuz

Download the initrd

# wget https://download.fedoraproject.org/pub/fedora/linux/releases/35/Server/x86_64/os/images/pxeboot/initrd.img -O /var/lib/tftpboot/f35/initrd.img

HTTP Installation Overview

HTTP/HTTPS boot is a technology that allows computers to boot directly from resources provided over the network. When used in conjunction with HTTPS the authenticity of the server is validated, and the use of HTTP offers a more reliable transport mechanism than PXE’s TFTP. Installing Fedora this way avoids creating install media and allows multiple computers to install simultaneously. Many current UEFI implementations, including the EDK2 based firmware shipping with fedora’s virtualization solutions, can directly boot from HTTP sources. A UEFI boot entry may be manually added that specifies a HTTP source via firmware menus. Alternatively, a DHCP server may automatically provide the required HTTP path.

Enrolling Certificatesll

While many machines are capable of HTTPS boot as well as HTTP, they will frequently need to have a certificate authority (CA) enrolled first. The CA is used to validate the certificates presented by the HTTPS server. This may be accomplished by enrolling the appropriate files from the fedora provided ca-certificates for public mirrors or the local HTTPS boot server’s certificate.

DHCP Server Configuration for HTTP

The installation and configuration of a DHCP server for HTTP boot is identical to its configuration for PXE except that we need to amend the option arch conditions for HTTP clients

....

if option arch = 00:07 {
# x64 UEFI
filename "uefi/shim64.efi";
next-server 192.168.1.2;
} else if option arch = 00:0b {
# aarch64 UEFI
filename "uefi/shimaa64.efi";
server-name "192.168.1.2";
} else if option arch = 00:13 {
# aarch64 UEFI HTTP
option vendor-class-identifier "HTTPClient";
filename "http://download.fedoraproject.org/pub/fedora/linux/releases/35/Server/aarch64/os/images/boot.iso";
} else if option arch = 00:10 {
# x64 UEFI HTTP
option vendor-class-identifier "HTTPClient";
filename "http://download.fedoraproject.org/pub/fedora/linux/releases/35/Server/x86_64/os/images/boot.iso";
} else {
filename "pxelinux.0";
next-server 192.168.1.2;
}

...

Providing repositories

The examples in this section use the public Fedora mirrors as the package source. For faster installations, installing to many systems, or more isolated environments, you may wish to maintain a local repository.

Fedora Infrastructure maintains instructions for configuring a local mirror at https://fedoraproject.org/wiki/Infrastructure/Mirroring. The preferred method for providing repositories is via HTTP, and you can refer to the Fedora System Administrator’s Guide to configure httpd.

Want to help? Learn how to contribute to Fedora Docs ›