PXE: Not Just for Server Networks Anymore!
In the April 2008 issue of Linux Journal, Kyle Rankin's article “PXE Magic” explains how PXE (Preboot eXecution Environment) works and how you can install your own PXE server and integrate rescue tools like Knoppix along with a PXE-capable Kickstart installation. I've used much of Kyle's PXE Magic before (he and I worked together in a previous life), but recently I found myself managing not only a network of Linux servers, but also the entire LAN, encompassing Ubuntu laptops, desktops and servers, along with Windows laptops, desktops and servers. I found myself imagineering a PXE server that would not only allow me to kickstart servers and boot rescue tools off the network, but that also could provide a temporary environment for my users in the event that their computers broke. In my mind, the Holy Grail of this PXE server even would be able to install Windows machines via the network. After a fair amount of trial and error, I finally figured out the recipe, and in a strange twist, I was able to automate a network-based Windows installation...by bootstrapping Linux first.
I knew one of my goals for this system would be to give the users of my network an environment they could PXE boot to in a pinch—something that would appear familiar to them, as well as allow them the ability to perform basic tasks like check e-mail, surf the Web, instant message and so on. Luckily, much of our staff here runs Ubuntu on the desktop, so the decision to implement an Ubuntu Terminal Server using the Linux Terminal Server Project (LTSP) was a simple one.
Like any PXE implementation, the LTSP server requires a TFTP server, a properly configured DHCP server and the syslinux software. In a nutshell, the client boots; the PXE code in the network adapter runs; the machine gets a DHCP address and the address of a server to grab the syslinux code via TFTP; and then, it actually runs a TFTP client and downloads that code and executes it, starting the boot process. Thanks to the hard work of the Ubuntu LTSP maintainers, setting up the server was fast and easy.
There are two paths you can take to install an LTSP server: normal or standalone. A normal LTSP installation assumes you have a pre-existing DHCP server on your network, and a standalone LTSP install assumes no DHCP server, and it will install the DHCP infrastructure and integrate it with the LTSP server automatically. There already was a DHCP server on our corporate LAN, so I elected to do the normal LTSP installation and integrate it with our existing Microsoft Windows DHCP server.
I began the installation by installing a standard Ubuntu 8.04 desktop on a Dell 1950 server, as the LTSP server will have to act as a GNOME desktop for anyone who would be logging in to it. After that, I assigned the server a static IP on our LAN (on the same subnet as the desktops and laptops). Installing the LTSP server was a piece of cake—a simple sudo apt-get install ltsp-server openssh-server at the GNOME terminal, and that task was complete. The final step on the LTSP server was to build the thin-client environment. Simply running sudo ltsp-build-client at the GNOME terminal fired off the remaining configuration steps and built the LTSP chroot.
Now that the LTSP server itself was ready, I had to enable our network for PXE booting, and this meant messing with the Windows DHCP server. It took a little bit of trial and error, but much like in the DHCP server config that Kyle mentions in his article, there were only two configuration options that needed to be added to the DHCP scope. In Microsoft-ese, these were Option “066 Boot Server Host Name”, which I set to the IP address assigned to the LTSP server and Option “067 Bootfile Name”, which I set to “ltsp/i386/pxelinux.0”. The last DHCP option seemed a little obscure, until I realized that the Ubuntu TFTP server's root directory was /var/lib/tftpboot. If you're running some other DHCP server, see the DHCP Notes sidebar, or refer to your DHCP server's documentation on adding options to the DHCP scope.
I mentioned integrating the LTSP server with a Microsoft Windows DHCP server, but it's not difficult to get the server to work with other DHCP servers. If you are running the “standard” ISC dhcpd server, see Kyle's “PXE Magic” article (listed in Resources). He includes example configuration options along with excellent explanations as to how they work. If you are running dnsmasq (popular in OpenWRT and other embedded or lightweight Linux distributions), the dhcp-option=66,<ltsp_ip_address>and dhcp-option=pxe,67,pxelinux.0 in the dnsmasq.conf file should be what you need (I run this configuration at my home).
At this point, I could boot a PC on our LAN, press F12, select Onboard NIC as the boot device, and in about 30 seconds, I got a GDM login screen! I could log in to an LTSP session at this point, but I had to do it as one of the users that already was on the Ubuntu server. It was close, but not quite what I wanted, as the ideal setup would allow anyone on our Windows domain to log in to an LTSP session. Fixing this would have meant integrating the server with our corporate Active Directory. That used to be a major chore unto itself, but with Ubuntu 8.04 and higher, it's just an apt-get and a couple commands away.
The package that makes all this magic happen is called likewise-open. First, I ran:
sudo apt-get install likewise-open
Bill Childers is the Virtual Editor for Linux Journal. No one really knows what that means.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide