centos_pxe
CentOS 7/8 & Fedora PXE Boot Unattended OS Installation and Configuration Role
This role configures the basic framework for a local PXE boot environment allowing to perform unattended installation of CentOS 7, CentOS 8, Fedora 31 and more (with custom configuration).
It installs and configures the following:
Installation ISOs & Local RPM Repository - if the installation ISOs do not
exist locally they will be downloaded and mounted. Once mounted, their content
will be used to generate a local RPM mirror used during the installation process.
The mirror can be also used later for additional RPM packages installations.
TFTP server & PXE - we need this to allow the network clients to boot via PXE.
This role pre-configures the PXE service with the following:
- Boot from local drive. Do not install anything
- Install Fedora 31 Manually with graphical GUI
- Install CentOS 7 Manually with graphical GUI
- Install CentOS 8 Manually with graphical GUI
- Base Unattended Fedora 31 Kickstart Install in Text Mode
- Base Unattended CentOS 7 Kickstart Install in Text Mode
- Base Unattended CentOS 8 Kickstart Install in Text Mode
It also installs all the necessary kernel images needed for remote PXE clients to boot up properly.
Apache Web Server - with very little pre-configuration it'll be used
to create a locally accessible server-generated directory listings of
all RPM packages.
The local mirror will immitate the same directory structure as publically available mirrors.
They will be accessible locally at: (replace hostname.localdomain with own address)
- http://hostname.localdomain/fedora31
- http://hostname.localdomain/centos7
- http://hostname.localdomain/centos8
Kickstart Files - this role deploys CentOS7/8 & Fedora 31 unattended installation
Anaconda Kickstart files from templates. They are placed in a kickstart directory
in the web server root directory and are accessible by all clients.
Additional Notes
When building a new VM in VirtualBox or KVM allocate a minimum of 2 GB of RAM for the guest. The CentOS installation process will most likely fail if less than that is used. The amount of RAM can be lowered following a successfull installation.
The end user is encouraged to review and customize the Kickstart configuration templates. In their current form they are very basic. All of them assume the following:
- automatic partitioning with LVM
- SELinux off
- firewall off
- minimal software selection
- root login allowed
- single non-root administrator user
- DHCP client network configuration
The idea for doing as little as possible with Anaconda and Kickstart installation is to rely on post installation configuration customization.
Requirements
Apache
Standard installation of Apache web server is required in order for the Kickstart process to access the installation packages locally.
A simple Apache role can be installed from Galaxy:
ansible-galaxy install mariuszczyz.centos_apache
DHCPd
Working local DHCP service.
Alternatively, a dedicated DHCP can be set up on the PXE boot server by using this role: CentOS & Fedora DHCP Server Installation and Configuration Ansible Role.
Operating System Installation ISO Images
This role assumes the location of operating system installation ISO images is in
/isos/. Leave it as is or change it in the defaults/main.yml. However,
the ISO images must be downloaded prior to running this role. Otherwise,
it will not have access to all the files it needs to properly set up the
pre-boot environment. The task of downloading the ISOs has been purposely
left out of this role.
Kickstart Files
The minimum changes needed for the Kickstart installation files to work:
rootpw --iscrypted PASSWORD_HASH - root password hash
Instructions on how to create a Kickstart root password hash
Run this command on the CLI: openssl passwd -6
Available algorithm options:
-6 SHA512-based password algorithm
-5 SHA256-based password algorithm
-apr1 MD5-based password algorithm, Apache variant
-1 MD5-based password algorithm
-aixmd5 AIX MD5-based password algorithm
-crypt Standard Unix password algorithm (default)
It'll prompt for the password and output the hash:
Note: not a real password below
Password:
Verifying - Password:
$6$gdGbs42fZoKUVwQH$eY2nId.oONxK9MneuM58Vg2NPEuftngWmwfK09YW4DQLs3Hcq5F5HEohDEcM.Ci3p8gQrVuygTfScim7MY6QI1
The rest of the setting can be customized optionally to fit your own needs, like partitioning, timezone, additional packages, etc.
Role Variables
| Variable | Comment | Example |
|---|---|---|
| ISOS_PATH | Directory where ISO installation images will be stored locally | /isos |
| NAME | Sperating system name | fedora31 |
| ISO_LOCATION | Full path to ISO image | /isos/CentOS-7-x86_64-Everything-1908.iso |
| MOUNT_POINT | Full path to where the ISO image should be mounted on the local file system | /var/www/centos7 |
| KICKSTART_HASHED_ROOT_PASSWORD | Kickstart hased root password. Use "pwkickstart" or "openssl passwd -6" to generate | bEzYf1S49$yu |
| NON_ROOT_USER_NAME | Non root admin user account to create on the new system | mariusz |
| NON_ROOT_USER_PASSWORD | Kickstart hased user password. Use "pwkickstart" or "openssl passwd -6" to generate | bEzYf1S49$yu |
| TIMEZONE | Local timezone | America/Chicago |
| NTP_SERVERS | Network time servers. Local or public. | ntp.localdomain |
| FEDORA_HOSTNAME | Default hostname for the new Fedora server | fedora31.localdomain |
| FEDORA_NETWORK_INSTALLATION_URL | This is where Anaconda will fetch Fedora packages from | http://mirror.steadfastnet.com/fedora/releases/31/Everything/x86_64/os/ |
| CENTOS7_HOSTNAME | Default hostname for the new Fedora server | centos7.localdomain |
| CENTOS7_NETWORK_INSTALLATION_URL | This is where Anaconda will fetch CentOS packages from | http://192.168.1.109/centos7 |
| CENTOS8_HOSTNAME | Default hostname for the new Fedora server | centos8.localdomain |
| CENTOS8_BASE_OS_URL | CentOS 8 BaseOS packages repository URL | http://mirror.steadfastnet.com/centos/8/BaseOS/x86_64/os/ |
| CENTOS8_APPSTREAM_REPO_URL | CentOS 8 AppStream packages repository URL | http://mirror.steadfastnet.com/centos/8/AppStream/x86_64/kickstart/ |
Dependencies
mariuszczyz.centos_apache mariuszczyz.centos_dhcpd
Install the dependencies from Ansible Galaxy with requirements.yml
# Install from Ansible Galaxy
- src: mariuszczyz.centos_apache
- src: mariuszczyz.centos_dhcpd
Example Playbook
Manual
Fetch this role from Ansible Galaxy manually:
ansible-galaxy install mariuszczyz.centos_pxe
Not Manual
Galaxy
Or include this role from Ansible Galaxy via requirements.yml
# requirements.yml
# Install from Ansible Galaxy
- src: mariuszczyz.centos_pxe
Github option
# requirements.yml
# Install from Github repository
- src: https://www.github.com/mariuszczyz/centos_pxe
Then run this to install all dependencies from Ansible Galaxy:
ansible-galaxy install -r requirements.yml
Run it
If you want to run this role individually create a new file:
playbook.yml (name it however you wish btw) with the following content:
- hosts: servers
user: YOUR USER
become: True
roles:
- { role: mariuszczyz.centos_pxe, tags: ['centos_pxe'] }
Run it:
ansible-playbook -i hosts playbook.yml
License
BSD
Author Information
Author: Mariusz Czyz
Date: 12/2019
mariuszczyz.com
ansible-galaxy install mariuszczyz/centos-pxe