PXE: Not Just for Server Networks Anymore!

Using a combination of open-source technologies, you can build an unattended network-based OS installer that can save you huge amounts of time and even can install Windows.

to get the likewise package. After that, I had to get the Ubuntu server to “join” the Windows domain. I did this by running:


sudo domainjoin-cli join <fqdn.mydomain.com> <DomainAdminUID>

I wanted likewise to run when the machine boots, so I issued a:

sudo update-rc.d likewise-open defaults 

I also wanted the logins to be checked against the default domain, so I added the following line to the /etc/samba/lwiauthd.conf file:

winbind use default domain = yes

Finally, I started the likewise-open dæmon using:

sudo /etc/init.d/likewise-open start

Now, my PXE LTSP clients could authenticate against the corporate Active Directory. Step one of the mission was complete!

Figure 2. The Ubuntu desktop—it's working!

Setting Up Unattended Windows Installs via PXE

The next step in my PXE adventures came when I was told I needed to refresh about 30 laptops with fresh builds of Windows. The method the previous Windows staff used to install Windows was through imaging the machine. Unfortunately, I could not locate the image files that had been used previously. Due to the issues and time constraints involved with trying to redevelop valid images for each hardware platform we had, I elected to do unattended installations of Windows.

I knew Windows included Remote Installation Service (RIS), but because I was in a time crunch, I was reluctant to learn a completely new technology. However, there was another option: Unattended, an open-source project. I'd found the Unattended project about a year earlier, and although I'd dabbled with it in my home lab, I'd never tried it in a corporate environment. Like many Linux administrators, I hear “Windows” and I cringe, but because I was tasked with this, I figured I'd do my best to make sense of the Windows install process, as well as get some repeatability and understanding out of it.

Unattended relies on the fact that the first step of the Windows 2000/XP installer is essentially a DOS program. What happens when a machine is PXE booted to an Unattended install is a little convoluted, but it allows for great flexibility. Basically, the machine boots to a Linux kernel and shell, where some scripts provided by Unattended step in. The script partitions the system's disk and creates a basic FAT filesystem, and then it walks you through some menus where you can make choices as to the OS type (if you've set up Unattended with different Microsoft OS flavors), installation options and optional software you may have packaged. You're asked all the questions for a particular installation up front, including the CD Key, User Name, workgroup or domain to join, and administrative users. The Unattended scripts automatically digest all of this and create an unattend.txt file, which is dropped on the newly created FAT filesystem. Then, a FreeDOS session is started, and the Windows installer and OS bits are copied from a Samba share on the Unattended server, and then the installer is launched using the unattend.txt file. At this point, the installation is hands-off and proceeds without administrator intervention. The Unattended team has even gone so far as to create custom scripts that can install other pieces of software you may want to add to your configuration (automated VPN or Microsoft Office, for example).

Because there is no packaged install for Unattended, and the install process is quite different from the standard ./configure && make install, I sat down for a bit and read the documentation on the site. Basically, the Unattended system leverages PXE and Linux as stated above, plus Samba for the distribution of the installation bits, and a bunch of Perl, shell and batch scripts to do a lot of the installation “magic”.

The documentation asks that you have a working DHCP and DNS server, as well as a Samba server. I had the DHCP and DNS figured out for the LTSP server, so as per the step-by-step documentation, a sudo apt-get install samba got the Samba server installed. Next, I downloaded the Unattended distribution from the Web site and unpacked it in /opt/unattended. Then, I created a CNAME record on our DNS server that pointed ntinstall to the real hostname of the installation server. I then configured the Samba server with the following share information in /etc/samba/smb.conf:

[global]
...
guest account   = guest
unix extensions = off
...
[install]
   comment  = Unattended
   writable = no
   locking  = no
   path     = /path/to/unattended/install
   guest ok = yes

Finally, it was time to populate the OS distribution point with the Windows bits. This is done by creating a directory under the <unattended root>/install/os directory for whatever flavor of Windows you choose to install. In my case, I created an /opt/unattended/install/os/winxp directory and mounted that directory via Samba on my desktop. Then, I dropped the Windows installation media into the CD drive on my desktop and copied the /i386 directory from the CD to the /install/os/winxp share on the server. Now my Unattended server was, in theory, ready to install a system...except there was no way to select the Unattended install from a boot menu.

Here's where Kyle's article helped out again. What I needed was a PXE boot menu, and thanks to his article, I was able to whip up one in fairly short order. I had to take the bzImage and initrd files out of the tftpboot directory in the linuxboot zip file on the Unattended site and place them in the /var/lib/tftpboot/ltsp/i386/ directory (I renamed the bzImage to unat and the intird to unatin.img to help distinguish them better).

Then, I created a /var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default file (Listing 1) on the server, containing a combination of the syslinux boot arguments from the LTSP server and the Unattended server's configurations. Note the DISPLAY and LABEL directives. The DISPLAY directive states that when the machine boots you see the file pxemenu.msg displayed on the screen. This contains the text of the menu. The LABEL directive is what you type to boot a particular menu option. In this case, if I type “1”, I get the Ubuntu LTSP session (this is also the default), and if I type “2”, I get the Unattended Windows install.

______________________

Bill Childers is the Virtual Editor for Linux Journal. No one really knows what that means.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Using Abbreviations Indiscriminately

~weatherguy's picture

It is foolish and acts as a point of abandonment for a technical article not to have the acronym or abbreviation identified. It requires the reader to have the specialized vocabulary as part of their working vocabulary. Those who might eventually come to trust your message are tempted to abandon your article when it has acronyms and abbreviations that have not been identified at the first use.

In most scholarly or technical writing--other than the Internet--there are standards for what is allowable in technical writing. Not adopting some standard for minimum levels of communication both in writing and in what amounts to a complete explanation in a tutorial is an egregious lapse.

It will cost you readers and credibility.

~weatherguy

FOG Server a possible PXE solution for some

Anonymous's picture

Some may find a FOG server may be suitable (http://www.fogproject.org/) for managing windows images. It lives nicely in a PXE environment as well.

As far as Windows SPs &

Anonymous's picture

As far as Windows SPs & drivers go, you just need to slipstream them into the install image using something like nlite (XP - http://www.nliteos.com/) or vlite (Vista - http://www.vlite.net/) - works beautifully, even for the real PITA drivers like strange SATA raid controllers that you'd normally manually need to load from floppy.

The Windows unattended

T-One's picture

The Windows unattended installations are very interessting but without vista and server 2008 support not useable for a systembuilder like me.

LTSP with dnsmasq

Kenneth Finnegan's picture

I don't know if it's just me, but I couldn't get your dnsmasq conf lines to work in Tomato 1.23. I'd expect it to need the /ltsp/i386/ prefix, but even with that, it didn't work for me. However, I stopped pounding on it when I got this to work instead:
dhcp-boot=/ltsp/i386/pxelinux.0,KWF2,192.168.1.12
Thanks for putting me on the right track though! It's so much easier not having to manually switch CAT5 cables and configure multiple interfaces + another DHCP server every time I want to boot one of my hosts off another (broken CD drives + multiple users on main desktop mean I use this a lot!).

Outstanding

Josh's picture

I worked w/ the enterprise version of Ghost a year or so back. All of the docs said that PXE-style imaging was supported, but through multiple support calls, I was finally informed that it wasn't gonna happen...I spent a LOT of time trying to get it to work. (Granted, it probably *was* possible, but I wasn't smart enough/skilled enough/etc.)

That being said, I am extremely happy to see this. All of our machines at work are currently able to PXE boot, but we don't have the budget to purchase any high-end imaging stuff. I'm really, really excited about this article, and I can't wait to try it. Thanks so much for the article!

Josh

nfsmount error

senshikaze's picture

If you are runnign the LTSP server on a Debian Etch/Lenny machine, make sure to set the windows DHCP option "017 Root Path" to "/opt/ltsp/i386" (minus quotes) to get rid of the "nfsmount: need a path" error.
Also, if your server is running on AMD64 (x86_64), run this command "sudo ltsp-build-client --arch i386" to make a x86 compatible image.
Thanks for the article, Mr. Childers. Will see if I get images installed instead of an unattended install of XP (we have ALOT of programs installed by default). Good article.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix