Simply boot the selected system using an installation disc that matches your kickstart. For example, if your kickstart was configured to use the ks-rhel-i386-server-5-u2 kickstart tree, you must boot with the Red Hat Enterprise Linux 5.2 i386 installation disc. When the boot prompt comes up, simply type:
linux ks=http://satellite.example.com/path/to/kickstart
The system will boot, download the kickstart, and re-install itself.
PXE booting is a very convenient method of installing and reinstalling your physical systems, but does come with a few requirements:
You must have a DHCP server, even if your systems are to be configured statically after installation.
As DHCP does not normally cross network (router) boundaries, you will need to make special provision to ensure that all of your machines can connect to your DHCP server in the event your machines reside on multiple networks. Options here include multi-homing your DHCP server (either real or trunked vlan) and configuring your routers or switches to pass DHCP across network boundaries.
You must be able to configure your DHCP server to point to the PXE server (the Satellite server), by setting the next-server address for the systems you want to be managed by Satellite.
Each system you have must support PXE booting at the BIOS level. Nearly all recent hardware should be able to do this.
You must have the TFTP service on and running.
5.8.1.2.1. Configuring an Existing DHCP Server
If you have a DHCP server deployed on another system on the network, you will need administrative access to the DHCP server in order to to edit the DHCP configuration file so that it points to the Cobbler server and PXE boot image.
As root on the DHCP server, edit the /etc/dhcpd.conf file and append a new class with options for performing PXE boot installation. For example:
allow booting;
allow bootp;
class "PXE" {
match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
next-server 192.168.2.1;
filename "pxelinux.0";
}
Following each action step-by-step in the above example:
The administrator enables network booting with the bootp protocol.
Then, the administrator creates a class called PXE, which, if a system that is configured to have PXE first in its boot priority, identifies itself as PXEClient.
Then DHCP server then directs the system to the Cobbler server at 192.168.2.1.
Finally, the DHCP server refers to the boot image file (in this case, at /var/lib/tftpboot/pxelinux.0.
5.8.1.2.2. Xinetd and TFTP
Xinetd is a daemon that manages a suite of services, including TFTP, the FTP server used for transferring the boot image to a PXE client.
To configure TFTP, you must first enable the service via Xinetd. To do this, edit the /etc/xinetd.d/tftp as root and change the disable = yes line to disable = no.
Alternatively, you can use the following command:
chkconfig xinetd on
Before TFTP can start serving the pxelinux.0 boot image, you must start the Xinetd service.
chkconfig --level 345 xinetd on
/sbin/service xinetd start
The chkconfig command turns on the xinetd service for all user runlevels, while the /sbin/service command turns on xinetd immediately.
5.8.1.2.3. Configuring SELinux and IPTables for Cobbler Support
Red Hat Enterprise Linux is installed with SELinux support in addition to secure firewall enabled by default. To properly configure a Red Hat Enterprise Linux server to use Cobbler, you must first configure these system and network safeguards to allow connections to and from the Cobbler Server.
5.8.1.2.3.1. SELinux Configuration
To enable SELinux for Cobbler support, you must set the SELinux boolean to allow HTTPD web service components. Run the following command as root on the Cobbler server:
setsebool -P httpd_can_network_connect true
The -P switch is essential, as it enables HTTPD connection persistently across all system reboots.
You must also set SELinux file context rules to ensure Cobbler properly functions in an SELinux system.
Run the following as root on the Cobbler server:
semanage fcontext -a -t public_content_t "var/lib/tftpboot/.*"
The command sets file context for TFTP to serve the boot image file.
5.8.1.2.3.2. IPTables Configuration
Once you have configured SELinux, you must then configure IPTables to allow incoming and outgoing network traffic on the Cobbler server.
If you have an existing firewall ruleset using IPTables, you need to add the following rules to open the requisite Cobbler-related ports. The following lists each of the requisite rules with their associated service.
For TFTP:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
For HTTPD:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
For Cobbler:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p udp --dport 25150 -j ACCEPT
For Koan:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
Once those firewall rules are entered, be sure to save the firewall configuration:
/sbin/iptables-save
5.8.1.2.4. Syncing and Starting the Cobbler Service
Once all the prerequisites specified in cobbler check are met, you can now start the Cobbler service.
First, ensure that the configuration files are all synchronized by running the following command:
cobbler sync
Then, start the Satellite server:
/usr/sbin/rhn-satellite start
Warning
Do not start or stop the cobblerd service independent of the Satellite service, as doing so may cause errors and other issues.
Always use /usr/sbin/rhn-satellite to start or stop RHN Satellite.
Cobbler is already set up to generate PXE configurations, but you may want to adjust the pxe_just_once configuration option depending on how your machines BIOSes are configured, for the best possible PXE workflow.
A common setup has PXE occur first in the BIOS order, effectively not booting off the local disk unless the PXE server instructs the system to do so remotely. By having pxe_just_once: 1 (enabled) in /etc/cobbler/settings, it will prevent "boot loops" where the system continually reinstalls. What happens is that the $kickstart_done macro in the kickstart templates will expand into a directive that indicates to the cobbler server that the system will then boot locally, instead of booting from the network. Then, to reinstall the system, the netboot-enabled flag on the system can be toggled back on via the Satellite GUI or Cobbler. Once enabled, the next time the system power cycles it will PXE install instead of booting locally. At the end of each install, the server will trip the netboot-enabled flag back to off again to tell the system to boot to the local hard drive the next time it powers up. Note that if your kickstart is missing the $kickstart_done line in %post, this will not work, and boot loops will occur.
With pxe_just_once set to 0, the netboot enabled flag will not be disabled after an install, so if PXE is first in your BIOS boot order, the system will loop indefinitely. If you have the BIOS of the system set up to boot to local hard drives first, though, there is no need to set pxe_just_once enabled, but to re-PXE a system it is then neccessary to zero out the MBR of that system.
Cobbler system records are objects within cobbler that keep track of a system and its associated kickstart profile. To do PXE kickstarting you'll need to ensure that a Satellite kickstart profile is tied to Cobbler system records corresponding to the machines you intend to PXE kickstart to that profile. To make this association:
Visit the System details page of each system in question and click on the Provisioning link
Select the kickstart profile you want to associate it with
Click the Create Cobbler System Record button.
Once you've made this association, it will remain in place forever unless you have set pxe_just_once to true in cobbler for any given machine. In that case the association will be broken after a successful kickstart.
Without this association, a machine that PXE bootstraps to a Satellite server will be presented with a menu of kickstart profiles which requires manual interaction.
The Cobbler boot ISO is a disk image that can be built on your Satellite server and burned to a CD or DVD. You can then boot any system with it. When you do you will see a menu of available kickstarts similar to the one you would see if you PXE boot a machine off a Cobbler server without a system record. Simply select the kickstart you want, and the system will start to install itself. Any time you add a kickstart within Satellite, you will need to recreate the ISO and re-burn it to an optical disc.
To create a boot ISO, log in to your Satellite server as root and run cobbler buildiso. The ISO will contain all kernel/initrd images stored in your Satellite along with all associated kernel argument settings. Kickstart files will be sourced remotely. This means that changes to the kickstart templates can be made without having to re-burn the CD. If you create a new kickstart profile and want to use it via the cobbler boot ISO, you will need to recreate a fresh disc.
Note
Due to issues with the version of syslinux shipped with Red Hat Enterprise Linux 4, this command will not work unless the Satellite is running on Red Hat Enterprise Linux 5. Also since syslinux is not available for s390x, it is not possible to use this on a satellite running on s390x.
