Netbooting the server installer on amd64

Netbooting the server installer on amd64

amd64 systems boot in either UEFI or legacy (“BIOS”) mode (many systems can be configured to boot in either mode). The precise details depend on the system firmware, but both modes usually support the PXE (“Preboot eXecution Environment”) specification, which allows the provisioning of a bootloader over the network.

The process for network booting the live server installer is similar for both modes and goes like this:

  1. The to-be-installed machine boots, and is directed to network boot.
  2. The DHCP/bootp server tells the machine its network configuration and where to get the bootloader.
  3. The machine’s firmware downloads the bootloader over tftp and executes it.
  4. The bootloader downloads configuration, also over tftp, telling it where to download the kernel, ramdisk and kernel command line to use.
  5. The ramdisk looks at the kernel command line to learn how to configure the network and where to download the server ISO from.
  6. The ramdisk downloads the ISO and mounts it as a loop device.
  7. From this point on the install follows the same path as if the ISO was on a local block device.

The difference between UEFI and legacy modes is that in UEFI mode the bootloader is a EFI executable, signed so that is accepted by SecureBoot, and in legacy mode it is PXELINUX. Most DHCP/bootp servers can be configured to serve the right bootloader to a particular machine.

Configuring DHCP/bootp and tftp

There are several implementations of the DHCP/bootp and tftp protocols available. This document will briefly describe how to configure dnsmasq to perform both of these roles.

  1. Install dnsmasq with “sudo apt install dnsmasq”

  2. Put something like this in /etc/dnsmasq.conf.d/pxe.conf:

    interface=<your interface>,lo
    bind-interfaces
    dhcp-range=<your interface>,192.168.0.100,192.168.0.200
    dhcp-boot=pxelinux.0
    dhcp-match=set:efi-x86_64,option:client-arch,7
    dhcp-boot=tag:efi-x86_64,bootx64.efi
    enable-tftp
    tftp-root=/srv/tftp
    

    (This assumes several things about your network; read man dnsmasq or the default /etc/dnsmasq.conf for lots more options).

  3. restart dnsmasq with sudo systemctl restart dnsmasq.service.

Serving the bootloaders and configuration.

We need to make this section possible to write sanely

Ideally this would be something like:

# apt install cd-boot-images-amd64
# ln -s /usr/share/cd-boot-images-amd64 /srv/tftp/boot-amd64

Mode independent set up

  1. Download the latest live server ISO for the release you want to install:

    # wget http://cdimage.ubuntu.com/ubuntu-server/daily-live/current/focal-live-server-amd64.iso
    
  2. Mount it.

    # mount ubuntu-19.10-live-server-amd64.iso /mnt
    
  3. Copy the kernel and initrd from it to where the dnsmasq serves tftp from:

     # cp /mnt/casper/{vmlinuz,initrd} /srv/tftp/
    

Setting up the files for UEFI booting

  1. Copy the signed shim binary into place:

    # apt download shim-signed
    # dpkg-deb --fsys-tarfile shim-signed*deb | tar x ./usr/lib/shim/shimx64.efi.signed -O > /srv/tftp/bootx64.efi
    
  2. Copy the signed grub binary into place:

    # apt download grub-efi-amd64-signed
    # dpkg-deb --fsys-tarfile grub-efi-amd64-signed*deb | tar x ./usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed -O > /srv/tftp/grubx64.efi
    
  3. Grub also needs a font to be available over tftp:

    # apt download grub-common
    #  dpkg-deb --fsys-tarfile grub-common*deb | tar x ./usr/share/grub/unicode.pf2 -O > /srv/tftp/unicode.pf2
    
  4. Create /srv/tftp/grub/grub.cfg that contains:

    set default="0"
    set timeout=-1
    
    if loadfont unicode ; then
      set gfxmode=auto
      set locale_dir=$prefix/locale
      set lang=en_US
    fi
    terminal_output gfxterm
    
    set menu_color_normal=white/black
    set menu_color_highlight=black/light-gray
    if background_color 44,0,30; then
      clear
    fi
    
    function gfxmode {
            set gfxpayload="${1}"
            if [ "${1}" = "keep" ]; then
                    set vt_handoff=vt.handoff=7
            else
                    set vt_handoff=
            fi
    }
    
    set linux_gfx_mode=keep
    
    export linux_gfx_mode
    
    menuentry 'Ubuntu 20.04' {
            gfxmode $linux_gfx_mode
            linux /vmlinux $vt_handoff quiet splash
            initrd /initrd
    }
    

Setting up the files for legacy boot

  1. Download pxelinux.0 and put it into place:

    # wget http://archive.ubuntu.com/ubuntu/dists/eoan/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/pxelinux.0
    # mkdir -p /srv/tftp
    # mv pxelinux.0 /srv/tftp/
    
  2. Make sure to have installed package syslinux-common and then:

     # cp /usr/lib/syslinux/modules/bios/ldlinux.c32 /srv/tftp/
    
  3. Create /srv/tftp/pxelinux.cfg/default containing:

    DEFAULT install
    LABEL install
      KERNEL vmlinuz
      INITRD initrd
      APPEND root=/dev/ram0 ramdisk_size=1500000 ip=dhcp url=http://cdimage.ubuntu.com/ubuntu-server/daily-live/current/focal-live-server-amd64.iso
    

    As you can see, this downloads the ISO from Ubuntu’s servers. You may well want to host it somewhere on your infrastructure and change the url to match.

This configuration is obviously very simple. PXELINUX has many, many options, and you can consult its documentation at https://wiki.syslinux.org/wiki/index.php?title=PXELINUX for more.