In my home lab, I’m constantly [re]installing VMs for the various testing I am doing. It gets annoying having to mount the OS ISO in the VM to perform the install. Therefore, I created a PXE server so I could perform a network install of Rocky Linux 9.5. This document lists the configuration I performed to make it successful.<\/p>\n\n\n\n
In my environment, I am using OpnSense as a router. My management interface is Note:<\/strong> I know, I know, you really should login in as a user account and use sudo for running most of these commands. However, since this is a lab, I prefer to take a shortcut. You do you.<\/p>\n\n\n\n (1) Install the TFTP and HTTP services:<\/p>\n\n\n\n (2) Open the necessary ports for TFTP and HTTP:<\/p>\n\n\n\n (3) Mount Rocky Linux 9.5 DVD and copy the files to the TFTP directory:<\/p>\n\n\n\n (4) I needed to change some access and update SELinux to get it to work, so lets go ahead and do that now:<\/p>\n\n\n\n (5) Next, lets update the (6) Add the new menu item at the top (under ### BEGIN ###) in case you just want to boot normally:<\/p>\n\n\n\n (7) For each of the existing menu entries, add Save these changes. You can also create system-specific boot loaders by copying the (8) Now, copy the contents of the Rocky Linux DVD into the HTML base directory:<\/p>\n\n\n\n Note:<\/strong> make sure the files (9) Enable both the TFTP and HTTP services:<\/p>\n\n\n\n Note:<\/strong> a lot of references I found said to rename (1) On the OpnSense server, navigate to Services –> ISC DHCPv4 –> [Mgmt] –> Network booting and click Advanced<\/strong>.<\/p>\n\n\n\n (2) Mark the checkbox beside Enable network booting<\/strong>.<\/p>\n\n\n\n (3) Set next-server IP<\/strong> to (4) Set x64 UEFI\/EBC (64-bit) filename<\/strong> to (5) Click Save<\/strong><\/p>\n\n\n\n (6) In the upper right-hand of the UI, restart the service.<\/p>\n\n\n\n Power on the VM and you should see the system start to load the Rocky Linux installation. You can watch the TFTP messages (e.g. <\/p>\n","protected":false},"excerpt":{"rendered":" In my home lab, I’m constantly [re]installing VMs for the various testing I am doing. It gets annoying having to mount the OS ISO in the VM to perform the install. Therefore, I created a PXE server so I could perform a network install of Rocky Linux 9.5. This document lists the configuration I performed<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-88","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/posts\/88","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/comments?post=88"}],"version-history":[{"count":7,"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/posts\/88\/revisions"}],"predecessor-version":[{"id":95,"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/posts\/88\/revisions\/95"}],"wp:attachment":[{"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/media?parent=88"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/categories?post=88"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/homelab.eeinc.us\/index.php\/wp-json\/wp\/v2\/tags?post=88"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}[Mgmt]<\/code> and has an IP address of 172.16.103.1. My management server, also running Rocky Linux 9.5, is named mgmtsrv.mydomain.com<\/code> and has an IP address of 172.16.103.11. My OS firewall zone is named mgmt<\/code>. In this scenario I will use OpnSense as my DHCP server and my management server as my TFTP server and HTTP server for sharing files. All of the commands executed below are from a root login.<\/p>\n\n\n\nConfigure the management server<\/h4>\n\n\n\n
dnf -y install tftpd-server httpd<\/code><\/p>\n\n\n\nfirewall-cmd --permanent --zone mgmt --add-service tftp<\/code>firewall-cmd --permanent --zone mgmt --add-service http<\/code><\/p>\n\n\n\nmount -o loop \/tmp\/Rocky-9.5-x86_64-dvd.iso \/media
cp -ra \/media\/EFI \/var\/lib\/tftpboot
cp -ra \/media\/images \/var\/lib\/tftpboot<\/code><\/p>\n\n\n\nchmod -R 755 \/var\/lib\/tftpboot
ausearch -c 'in.tftpd' --raw | audit2allow -M my-intftpd
semodule -X 300 -i my-intftpd.pp<\/code><\/p>\n\n\n\ngrub.cfg<\/code> file to point to the files on the HTTP server:<\/p>\n\n\n\nvim \/var\/lib\/tftpboot\/EFI\/BOOT\/grub.cfg<\/code><\/p>\n\n\n\nmenuentry \"Boot Local\" {
exit
}<\/code><\/p>\n\n\n\ninst.repo=http:\/\/172.16.103.11\/Rocky-9.5-x86_64<\/code> on the vmlinuz<\/code> line. Also, change inst.stage2<\/code> to http:\/\/172.16.103.11\/Rocky-9.5-x86_64<\/code>.<\/p>\n\n\n\ngrub.cfg<\/code> file to grub.cfg-01-mac_address<\/em><\/code>. For example:<\/p>\n\n\n\ncp grub.cfg grub.cfg-01-00-0c-29-a8-cc-33<\/code><\/p>\n\n\n\nmkdir \/var\/www\/html\/Rocky-9.5-x86_64
cp -ra \/media\/* \/var\/www\/html\/Rocky-9.5-x86_64<\/code><\/p>\n\n\n\n.discinfo<\/code> and .treeinfo<\/code> are copied<\/p>\n\n\n\nsystemctl enable --now tftp.socket
systemctl enable --now httpd<\/code><\/p>\n\n\n\ntftp.socket<\/code> and tftp.service<\/code> to tftp-server.socket<\/code> and tftp-server.service<\/code>. However, the Red Hat documentation didn’t mention that, and it worked following Red Hat’s documentation, so I stuck with that.<\/p>\n\n\n\nConfigure the OpnSense Server<\/h4>\n\n\n\n
172.16.103.11<\/code><\/p>\n\n\n\n\/EFI\/BOOT\/grubx64.efi<\/code><\/p>\n\n\n\nTest the install<\/h4>\n\n\n\n
tail -f \/var\/log\/messages<\/code>) and the HTTP messages (e.g. tail -f \/var\/log\/messages\/http\/access<\/code>) to see the files being copied.<\/p>\n\n\n\n