====== Netbooting (PXE) with AstLinux ====== As we have already a working DHCP- and TFTP-server, it is really easy to add the Netbooting feature ([[wp>Preboot_Execution_Environment|PXE]]) to AstLinux. ==== General ==== I ((Michael Keuter)) prepared a package (80 kB) from the [[http://www.kernel.org/pub/linux/utils/boot/syslinux/|Syslinux-4.05]] source, which you can download **{{:userdoc:pxelinux.tar.gz|here}}**, and then just throw the content of this package into the Root of your AstLinux TFTP server ''/tftpboot/'' (without the enclosing folder). Then you only need to add the following line to your Dnsmasq configuration: ''/mnt/kd/dnsmasq.static'' (in the WebGUI Edit-tab): dhcp-boot=pxelinux.0 and perform a "Restart DNS & DHCP". I included a sample boot menu, which now lives in ''/tftpboot/pxelinux.cfg/default''. If you are lazy like me :-), just move this file as ''pxe-default.conf'' to ''/mnt/kd/'' and make a symlink like: ln -s /mnt/kd/pxe-default.conf /tftpboot/pxelinux.cfg/default to make the file file editable in the WebGUI. If you want to try out the ''memtest'' example you can just make another symlink: ln -s /oldroot/cdrom/memtest /tftpboot/memtest and now you can use Memtest86+ via netbooting. It even works with RUNNIX, so that would be an easy way to get an AstLinux image on boxes without CF, CD-ROM or harddrive like ThinClients. Or you could repair broken AstLinux installations and much more. Please note that you now can netboot complete ISOs((not all though, SysRescueCD is one exception, but there are other solutions)) over PXE (see my example). And the ISOs don't even need to be stored locally on your AstLinux box. Pxelinux supports access via TFTP, HTTP, FTP, NFS, etc. See the [[http://www.syslinux.org/wiki/index.php/SYSLINUX|Syslinux Wiki]] for further documentation or google the web, there are many examples. ==== Security ==== Please be careful what exactly you symlink to "/tftpboot". "/tftpboot" is the root directory for PXE for local files. For security reasons all menu entries and especially the menu line editing feature and escaping to a "boot:" prompt (with TAB/ESC) can be password protected (clear-text, MD5, SHA1). You could also comment out the above line in ''dnsmasq.static'' and only activate this feature, when you really need it. Additionally you could set a filter in "dnsmasq.static" for allowing only specific Netboot MAC-addresses (or ranges) by replacing the line: dhcp-boot=pxelinux.0 with this: dhcp-mac=set:netboot,08:00:27:fb:*:* dhcp-boot=tag:netboot,pxelinux.0 The first line adds the tag "netboot" only to MAC-addresses starting with 08:00:27:fb (in this example VirtualBox VMs). The 2nd line allows Netbooting only for devices which have the "netboot" tag. ==== Enabling Netboot in BIOS ==== Some x86 boards have netboot enabled by default in their BIOS, many do not. For example with the Jetway line of boards using AMI BIOS, netboot may be enabled on a NIC by NIC basis. **Jetway Board Example** Enter the **Setup** page in the BIOS by typing ''DEL'' via VGA Console or ''F4 (OS)'' via Serial Console. Navigate to Integrated Peripherals -> Onboard Device Function, then set "Onboard LAN1 BootROM [Enabled]" in the BIOS for one or more NICs (LAN1, LAN2, etc.). Finally, with netboot enabled in the BIOS, you can select the Boot Menu at startup by typing ''F11'' via VGA Console or ''F3 (OR)'' via Serial Console. Then you can select the NIC to netboot from. \\