Loading
Leave the CDs in the Office
There are few things more aggravating than going out to a coworker's office to work on their computer and finding that to fix it you need a CD that is sitting in your office. If you have ever experienced that, or would simply like to no longer need to tote that book of CDs with you every day, then this article is for you.
Even though I work in an environment where the desktop is dominated by Windows, there are several Linux-based tools that are used on a regular basis. These include tools for blanking a Windows password, destroying all the data on a hard drive, repartitioning a hard drive, and testing memory. The nice thing is that all of these tools natively boot via SYSLINUX (aka ISOLINUX), which means they can also be booted via PXE over the network. All that is required is a little time, a place on your network to store the files, and some free software. Interested? Good, let's make it happen.
First, configure a TFTP server on the same server that you want to store files on. Naturally, Linux is preferred here but a Windows server (not desktop) will work fine too via TFTPD32 or the like. Once that is setup we need something to serve out to our clients so lets download the latest version of SYSLINUX from kernel.org and copy the following files from it to our TFTP root:
- core\pxelinux.0
Be sure to actually use THIS version of pxelinux.0 as several Linux distros have modified theirs and somewhat broken it (details here). - com32\menu\vesamenu.c32
Now that these files are in place we need to make one more server-side configuration -- we need to set two DHCP options:
1. next-server = IP-ADDRESS-OR-FQDN-OF-YOUR-TFTP-SERVER 2. filename = /pxelinux.0
** If your network uses MS DHCP then these are set in Options 66 & 67.
The first of these tells clients where to find your TFTP server and the second tells them what file to request. Pxelinux.0 loads into memory then boots. The kicker is that we need to tell it what to do and that requires a plain text file named default (no extension) that is placed inside a folder called pxelinux.cfg, which, in turn, is in your TFTP root. So, thus far our directory structure should look like this:
/ # (the TFTP root) /pxelinux.0 /vesamenu.c32 /pxelinux.cfg/ /pxelinux.cfg/default
The file default contains your boot menu entries and can call other files if you are like me and want to separate out static menu configuration information and sub-menus. To get started, open "default" in your favorite text editor and enter the following:
DEFAULT vesamenu.c32 PROMPT 0 MENU INCLUDE pxelinux.cfg/pxe.conf NOESCAPE 1 TIMEOUT 300 ONTIMEOUT localboot MENU AUTOBOOT Normal booting will start in # seconds LABEL localboot MENU LABEL ^1. Boot from Local Hard Drive LOCALBOOT 0 LABEL memtest MENU LABEL ^2. Run Memtest86+ v4 kernel memtest/memtest LABEL ntpasswd MENU LABEL ^3. Blank a Windows Password TEXT HELP Runs Offline NT Password & Registry Editor ENDTEXT kernel ntpasswd/vmlinuz append rw vga=1 initrd=ntpasswd/initrd.cgz,ntpasswd/scsi.cgz LABEL dban MENU LABEL ^4. Launch Darik's Boot and Nuke TEXT HELP Use this to remove ALL data from a PC. ENDTEXT KERNEL memdisk/memdisk APPEND iso initrd=memdisk/iso/dban-beta.2006042900_i386.iso
Save that file and now create the file pxelinux.cfg/pxe.conf and enter the following:
MENU TITLE Choose from the below options: menu color border 30;44 #ffffffff #00000000 std NOESCAPE 1 ALLOWOPTIONS 0 PROMPT 0 menu width 80 menu rows 14 MENU TABMSGROW 24 MENU MARGIN 14 MENU VSHIFT 6
This is all info that never changes and just takes up a lot of room in default so I moved it to a separate file.
Now for the fun stuff...
As you can see from the menu we are setting up Memtest86+ to test a computer's RAM, Offline NT Password & Registry Editor, and Darik's Boot and Nuke for wiping hard drives. The partitioning tool I mentioned earlier is Gnome Partition Editor, a.k.a. GPartEd. Making gparted available via PXE is documented on their site but requires a bit more work than these three tools do. To setup Memtest86+ download the latest pre-compiled binary from their site and copy the contained file to a folder named memtest in your TFTP root. Rename the binary to memtest, otherwise it will fail to boot. Ntpasswd is similarly simple. Just download the bootable CD image from their site, mount the .iso, and copy the following files to ntpasswd in your TFTP root:
- vmlinuz
- initrd.cgz
- scsi.cgz
Booting DBAN requires chainloading its ISO via memdisk, which is provided by the SYSLINUX package in a folder by the same name. Copy it to a folder named memdisk in the TFTP root, create a folder inside of there called iso, and save your dban disk image in there. So, thus far our directory structure should look like this:
/ # (the TFTP root) /pxelinux.0 /vesamenu.c32 /pxelinux.cfg/ /pxelinux.cfg/default /pxelinux.cfg/pxe.conf /memtest/memtest /ntpasswd/vmlinuz /ntpasswd/initrd.cgz /ntpasswd/scsi.cgz /memdisk/memdisk /memdisk/iso/dban-beta.2006042900_i386.iso
That's it -- everything is now setup. Hook a computer or virtual machine (with bridged networking) up to the network and reboot. Generally you press F12 to get a boot menu which will have your network adapter listed as an option (if not, look for a setting to enable it with PXE in the BIOS). Select your NIC and you should rapidly be greeted by a blue menu showing the options we just setup. The numbers in the menu are hot keys because we put the ^ symbol before them in the menu. If you do not pick anything within 30 seconds your computer will boot to its local hard drive automatically.
As a final note, there are many other tools that can be added to this boot menu and menu options can be protected via a plain text or encrypted password to keep users from messing up their computers. For example, I set this menu up where I work and it includes the following options:
1. Local boot
2. Symantec Ghost 2.5.1 (these all use a WinPE environment)
- Regular Ghost Client
- Ghost Console Client
- Windows 7 Enterprise x86 Installer (via a network share)
3. Memtest86+
4. ntpasswd
5. DBAN
6. Ultimate Boot CD for Windows
7. Knoppix DVD (terminal server client environment)
8. GPartEd
9. Older Ghost Servers
- A Ghost 2.0 server
10. Ubuntu internet based installers
- 8.04 LTS amd64
- 8.04 LTS x86
- 9.04 amd64
- 9.04 x86
- 9.10 amd64
- 9.10 x86
11. Gentoo
- Gentoo amd64 minimal cd11.
- Gentoo x86 minimal cd
I hope you all find this as helpful in your day-to-day activities as it has been for me.
______________________
Gene Liverman is a Systems Administrator of *nix and VMware at a university.
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- RSS Feeds
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- Validate an E-Mail Address with PHP, the Right Way
- New Products
- Trying to Tame the Tablet
- Tech Tip: Really Simple HTTP Server with Python
- Agreed on AirDroid. With my
16 sec ago - I just learned this
4 min 26 sec ago - enterprise
34 min 30 sec ago - not living upto the mobile revolution
3 hours 25 min ago - Deceptive Advertising and
4 hours 1 min ago - Let\'s declare that you have
4 hours 2 min ago - Alterations in Contest Due
4 hours 3 min ago - At a numbers mindset, your
4 hours 4 min ago - Do not get Just Almost any
4 hours 8 min ago - A fantastic rule-of-thumb to
4 hours 9 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Developer Poll
Comments
Aye but
To aggravate means to make worse. Aggravting means making worse. It does NOT mean annoying.
Other than that.... good post.
Well, it's annoying enough to
Well, it's annoying enough to have to go out to the user's desktop. Not having your CD toolbox is aggravating because it makes the annoying situation worse... :).
Aggravate
Although some dislike the usage, it can be used that way:
1 obsolete a : to make heavy : burden b : increase
2 : to make worse, more serious, or more severe : intensify unpleasantly
3 a : to rouse to displeasure or anger by usually persistent and often petty goading b : to produce inflammation in
See 3a. Taken from: www.merriam-webster.com/dictionary/aggravate
Mitch Frazier is an Associate Editor for Linux Journal.
Live USBs
CD's are on death road, walking the seemingly endless road until Music and Software are no longer sold on them, and they begin to disappear.
All you really need is a 4GB LiveUSB to get the job done. Mostly all computer hardware made in the last five years can boot from a USB flash drive, and many GNU/Linux distributions can be installed to USB thumb drives. You can actually place GRUB on the master boot record for the USB drive and have multiple distributions installed to choose from at boot. Debian/Ubuntu, Live gParted, and BackTrack, are all useful.
Also, we sell LiveUSB drives, if anyone is interested.
Bootable USBs are nice and I
Bootable USBs are nice and I have used them for many things but they still fall subject to the same main issue as a CD... you have to remember to take the USB stick with you and it can only be used in one place at a time. By putting those same utils on the network you get to free yourself from toting around yet another item, plus you can use it simultaneously on multiple computers.
Gene Liverman is a Systems Administrator of *nix and VMware at a university.
Dial-up
Putting utilities on a network (Internet I suppose, because on a local network the concept isn't as useful) would make running them from a dial-up connection almost impossible.
whoa
comon.. look at the date.. 2010 my friend.. please I think dialup convo should be regarded as taboo. move someonewhere with broadband or just remind us of your drip drip drip data flow.
Other PXE bootables
There are versions of Damn Small Linux and Parted Magic that boot entirely over TFTP using a huge initrd image. This works but in the case of my server I have to split Parted Magic's image into smaller chunks else it hits the maximum transfer size and fails to load. There is a script at the Parted Magic site that does this easily.
I would like to get Mandriva, Fedora, and OpenSUSE booting with PXE over NFS or HTTP some day.
"I would like to get
"I would like to get Mandriva, Fedora, and OpenSUSE booting with PXE over NFS or HTTP some day."
Are you talking about getting them to install via PXE or more of a thin client setup that boots via PXE?
Gene Liverman is a Systems Administrator of *nix and VMware at a university.
PXE over NFS
We boot OpenSuSE with PXE over NFS in our production environment at work. Sort of a smart thin client.
Ideally both. With Ubuntu I
Ideally both. With Ubuntu I can boot LiveCD ISOs and install from them. The LiveCD "desktop" installers don't support RAID/LVM2/dm-crypt and have a 512MB+ memory requirement. For installations that don't meet these requirements I boot the "alternate" ISOs which have a text-mode interface. In the past I also had a full Ubuntu repository mirror that could install everything but removed it because the bandwidth requirements were too large.
ntpasswd in the domain
Of course I don't think I'll put ntpasswd out there on my domain network. I know it only exposes local passwords, not domain, but I still don't want to put the ability to clear the local admin password just an F12 away...
Securing ntpasswd
That same concern is why we decided to take advantage of the ability to add an encrypted password to all the menu entries that could mess up a computer. It adds a lot of piece-of-mind value to the setup.
Gene Liverman is a Systems Administrator of *nix and VMware at a university.
Great article
I'm even going to set this up at home.
Alternatively, the iodd
Alternatively, the iodd Virtual Rom is a USB 2.5" HDD caddy that has firmware that allows ISOs on a FAT32 filesystem to appear as a USB optical device.
Re: iodd Virtual Rom
Thanks for the info on the iodd Virtual Rom. I think I am going to look into getting one of these to use at home or any other time that I am tinkering.
Gene Liverman is a Systems Administrator of *nix and VMware at a university.
Beautiful!! great use.
I don't come across many articles that jump out at me, but for someone who still carries CDs, now thumb drives, but not zip discs or floppies, this is an elegant way to keep those items updated and available on the company net. Thanks.