In my home lab, I’m constantly [re]installing VMs for the various testing I am doing. It gets annoying having to mount the OS ISO in the VM to perform the install. Therefore, I created a PXE server so I could perform a network install of Rocky Linux 9.5. This document lists the configuration I performed to make it successful.
In my environment, I am using OpnSense as a router. My management interface is [Mgmt] and has an IP address of 172.16.103.1. My management server, also running Rocky Linux 9.5, is named mgmtsrv.mydomain.com and has an IP address of 172.16.103.11. My OS firewall zone is named mgmt. In this scenario I will use OpnSense as my DHCP server and my management server as my TFTP server and HTTP server for sharing files. All of the commands executed below are from a root login.
Note: I know, I know, you really should login in as a user account and use sudo for running most of these commands. However, since this is a lab, I prefer to take a shortcut. You do you.
(1) Install the TFTP and HTTP services:
dnf -y install tftpd-server httpd
(2) Open the necessary ports for TFTP and HTTP:
firewall-cmd --permanent --zone mgmt --add-service tftpfirewall-cmd --permanent --zone mgmt --add-service http
(3) Mount Rocky Linux 9.5 DVD and copy the files to the TFTP directory:
mount -o loop /tmp/Rocky-9.5-x86_64-dvd.iso /media
cp -ra /media/EFI /var/lib/tftpboot
cp -ra /media/images /var/lib/tftpboot
(4) I needed to change some access and update SELinux to get it to work, so lets go ahead and do that now:
chmod -R 755 /var/lib/tftpboot
ausearch -c 'in.tftpd' --raw | audit2allow -M my-intftpd
semodule -X 300 -i my-intftpd.pp
(5) Next, lets update the grub.cfg file to point to the files on the HTTP server:
vim /var/lib/tftpboot/EFI/BOOT/grub.cfg
(6) Add the new menu item at the top (under ### BEGIN ###) in case you just want to boot normally:
menuentry "Boot Local" {
exit
}
(7) For each of the existing menu entries, add inst.repo=http://172.16.103.11/Rocky-9.5-x86_64 on the vmlinuz line. Also, change inst.stage2 to http://172.16.103.11/Rocky-9.5-x86_64.
Save these changes. You can also create system-specific boot loaders by copying the grub.cfg file to grub.cfg-01-mac_address. For example:
cp grub.cfg grub.cfg-01-00-0c-29-a8-cc-33
(8) Now, copy the contents of the Rocky Linux DVD into the HTML base directory:
mkdir /var/www/html/Rocky-9.5-x86_64
cp -ra /media/* /var/www/html/Rocky-9.5-x86_64
Note: make sure the files .discinfo and .treeinfo are copied
(9) Enable both the TFTP and HTTP services:
systemctl enable --now tftp.socket
systemctl enable --now httpd
Note: a lot of references I found said to rename tftp.socket and tftp.service to tftp-server.socket and tftp-server.service. However, the Red Hat documentation didn’t mention that, and it worked following Red Hat’s documentation, so I stuck with that.
(1) On the OpnSense server, navigate to Services –> ISC DHCPv4 –> [Mgmt] –> Network booting and click Advanced.
(2) Mark the checkbox beside Enable network booting.
(3) Set next-server IP to 172.16.103.11
(4) Set x64 UEFI/EBC (64-bit) filename to /EFI/BOOT/grubx64.efi
(5) Click Save
(6) In the upper right-hand of the UI, restart the service.
Power on the VM and you should see the system start to load the Rocky Linux installation. You can watch the TFTP messages (e.g. tail -f /var/log/messages) and the HTTP messages (e.g. tail -f /var/log/messages/http/access) to see the files being copied.