PXE Magic: Flexible Network Booting with Menus

Set up a PXE server and then add menus to boot kickstart images, rescue disks and diagnostic tools all from the network.

It's funny how automation evolves as system administrators manage larger numbers of servers. When you manage only a few servers, it's fine to pop in an install CD and set options manually. As the number of servers grows, you might realize it makes sense to set up a kickstart or FAI (Debian's Fully Automated Installer) environment to automate all that manual configuration at install time. Now, you boot the install CD, type in a few boot arguments to point the machine to the kickstart server, and go get a cup of coffee as the machine installs.

When the day comes that you have to install three or four machines at once, you either can burn extra CDs or investigate PXE boot. The Preboot eXecution Environment is an open standard developed by Intel to allow machines to boot over a network instead of from local media, such as a floppy, CD or hard drive. Modern servers and newer laptops and desktops with integrated NICs should support PXE booting in the BIOS—in some cases, it's enabled by default, and in other cases, you need to go into your BIOS settings to enable it.

Because many modern servers these days offer built-in remote power and remote terminals or otherwise are remotely accessible via serial console servers or networked KVM, if you have a PXE boot environment set up, you can power on remotely, then boot and install a machine from miles away.

If you have never set up a PXE boot server before, the first part of this article covers the steps to get your first PXE server up and running. If PXE booting is old hat to you, skip ahead to the section called PXE Menu Magic. There, I cover how to configure boot menus when you PXE boot, so instead of hunting down MAC addresses and doing a lot of setup before an install, you simply can boot, select your OS, and you are off and running. After that, I discuss how to integrate rescue tools, such as Knoppix and memtest86+, into your PXE environment, so they are available to any machine that can boot from the network.

PXE Setup

You need three main pieces of infrastructure for a PXE setup: a DHCP server, a TFTP server and the syslinux software. Both DHCP and TFTP can reside on the same server. When a system attempts to boot from the network, the DHCP server gives it an IP address and then tells it the address for the TFTP server and the name of the bootstrap program to run. The TFTP server then serves that file, which in our case is a PXE-enabled syslinux binary. That program runs on the booted machine and then can load Linux kernels or other OS files that also are shared on the TFTP server over the network. Once the kernel is loaded, the OS starts as normal, and if you have configured a kickstart install correctly, the install begins.

Configure DHCP

Any relatively new DHCP server will support PXE booting, so if you don't already have a DHCP server set up, just use your distribution's DHCP server package (possibly named dhcpd, dhcp3-server or something similar). Configuring DHCP to suit your network is somewhat beyond the scope of this article, but many distributions ship a default configuration file that should provide a good place to start. Once the DHCP server is installed, edit the configuration file (often in /etc/dhcpd.conf), and locate the subnet section (or each host section if you configured static IP assignment via DHCP and want these hosts to PXE boot), and add two lines:

next-server ip_of_pxe_server;
filename "pxelinux.0";

The next-server directive tells the host the IP address of the TFTP server, and the filename directive tells it which file to download and execute from that server. Change the next-server argument to match the IP address of your TFTP server, and keep filename set to pxelinux.0, as that is the name of the syslinux PXE-enabled executable.

In the subnet section, you also need to add dynamic-bootp to the range directive. Here is an example subnet section after the changes:

subnet netmask {
    range dynamic-bootp;
    filename "pxelinux.0";

Install TFTP

After the DHCP server is configured and running, you are ready to install TFTP. The pxelinux executable requires a TFTP server that supports the tsize option, and two good choices are either tftpd-hpa or atftp. In many distributions, these options already are packaged under these names, so just install your distribution's package or otherwise follow the installation instructions from the project's official site.

Depending on your TFTP package, you might need to add an entry to /etc/inetd.conf if it wasn't already added for you:

tftp           dgram   udp     wait    root  /usr/sbin/in.tftpd
/usr/sbin/in.tftpd -s /var/lib/tftpboot

As you can see in this example, the -s option (used for tftpd-hpa) specified /var/lib/tftpboot as the directory to contain my files, but on some systems, these files are commonly stored in /tftpboot, so see your /etc/inetd.conf file and your tftpd man page and check on its conventions if you are unsure. If your distribution uses xinetd and doesn't create a file in /etc/xinetd.d for you, create a file called /etc/xinetd.d/tftp that contains the following:

# default: off
# description: The tftp server serves files using 
# the trivial file transfer protocol. 
# The tftp protocol is often used to boot diskless 
# workstations, download configuration files to network-aware
# printers, and to start the installation process for
# some operating systems.
service tftp
        disable = no
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /var/lib/tftpboot
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4

As tftpd is part of inetd or xinetd, you will not need to start any service. At most, you might need to reload inetd or xinetd; however, make sure that any software firewall you have running allows the TFTP port (port 69 udp) as input.


Kyle Rankin is Chief Security Officer at Purism, a company focused on computers that respect your privacy, security, and freedom. He is the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Syslinux menus

HPA's picture

In the current version of Syslinux, there is a more natural way to do menus with the module vesamenu.c32. See the documentation file doc/menu.txt in the Syslinux distribution:


default settings

Marian Marinov's picture

If you don't want to reinstall the machines every time it is a good idea after the installation is finished, the installed machine to tell the PXE server to reset the default option to local.

When you have:
default local

the machine simply boots from its local bootable devices.

I do that by having a simple cgi script in bash which changes the default in the /var/lib/tftpboot/pxelinux.cfg/MAC-ADDRESS to local.

I call this script from the installed machine with wget or curl. This way on the next reboot it will not start to reinstall.

Beware of the wrong miniroot.gz !

fonini's picture

Thanks for this article! I decided to try it out just for the fun of it, but along the way I realized I had needed this for a long time. My job involves training UMTS operators' personnel on the use of their GPRS equipment, and I usually go in with a bunch of Knoppix CDs so the trainees can use the IP tools available or installable there -- from Wireshark, to VLANs and IP tunnels, to mobile phone simulators. While network-booting Knoppix isn't always the most practical solution in this situation, it does help in some cases.

However, I'd like to point out a mistake in the article which could frustrate some other readers' efforts:

The miniroot.gz file located on the /boot/isolinux directory of the Knoppix CD cannot be used for this, because it doesn't support NFS mounting (at least on the Knoppix 5.1.1 and 5.3.1 versions I tested).

You have to use the miniroot.gz file off the /tftpboot directory of a Knoppix Terminal Server. To get that, just boot a Knoppix LiveCD normally (no network boot yet) and start the Terminal Server on the Knoppix Services menu. Wait a few seconds after it is started and the miniroot.gz file will appear under that directory (it is only created when you start the Terminal Server). Now you can copy it to a pendrive or over ssh to your "real" terminal server.

Also, you have to do that with the same Knoppix version you plan to PXE-boot later; files from the recently released 5.3.1 version can't boot a 5.1.1 Knoppix, and vice-versa.

I'll still take in the Knoppix CDs, though. I give them to the trainees after the course, and I have tallied lots of "conversions" this way -- people just didn't know such powerful tools were available for the taking, and this is a real eye-opener for them.