Chapter 5. Preparing network-based repositories
You must prepare repositories to install RHEL from your network system.
5.1. Ports for network-based installation
The following table lists the ports that must be open on the server for providing the files for each type of network-based installation.
Protocol used | Ports to open |
---|---|
HTTP | 80 |
HTTPS | 443 |
FTP | 21 |
NFS | 2049, 111, 20048 |
TFTP | 69 |
Additional resources
5.2. Creating an installation source on an NFS server
You can use this installation method to install multiple systems from a single source, without having to connect to physical media.
Prerequisites
- You have administrator-level access to a server with Red Hat Enterprise Linux 10, and this server is on the same network as the system to be installed.
- You have downloaded the full installation DVD ISO from the Product Downloads page.
- You have created a bootable CD, DVD, or USB device from the image file.
- You have verified that your firewall allows the system you are installing to access the remote installation source. For more information, see Ports for network-based installation.
Ensure that you use different paths in inst.ks
and inst.repo
. When using NFS to host the installation source, you cannot use the same nfs share to host the Kickstart.
Procedure
Install the
nfs-utils
package:# dnf install nfs-utils
- Copy the DVD ISO image to a directory on the NFS server.
Open the
/etc/exports
file using a text editor and add a line with the following syntax:/exported_directory/ clients
- Replace /exported_directory/ with the full path to the directory with the ISO image.
Replace clients with one of the following:
- The host name or IP address of the target system
- The subnetwork that all target systems can use to access the ISO image
-
To allow any system with network access to the NFS server to use the ISO image, the asterisk sign (
*
)
See the
exports(5)
man page for detailed information about the format of this field.For example, a basic configuration that makes the
/rhel10-install/
directory available as read-only to all clients is:/rhel10-install *
-
Save the
/etc/exports
file and exit the text editor. Start the nfs service:
# systemctl start nfs-server.service
If the service was running before you changed the
/etc/exports
file, reload the NFS server configuration:# systemctl reload nfs-server.service
The ISO image is now accessible over NFS and ready to be used as an installation source.
When configuring the installation source, use
nfs:
as the protocol, the server host name or IP address, the colon sign(:)
, and the directory holding the ISO image. For example, if the server host name ismyserver.example.com
and you have saved the ISO image in/rhel10-install/
, specifynfs:myserver.example.com:/rhel-10-install/
as the installation source.
5.3. Creating an installation source by using HTTP or HTTPS
You can create an installation source for a network-based installation by using an installation tree, which is a directory containing extracted contents of the DVD ISO image and a valid .treeinfo
file. The installation source is accessed over HTTP or HTTPS.
Prerequisites
- You have administrator-level access to a server with Red Hat Enterprise Linux 10, and this server is on the same network as the system to be installed.
- You have downloaded the full installation DVD ISO from the Product Downloads page.
- You have created a bootable CD, DVD, or USB device from the image file.
- You have verified that your firewall allows the system you are installing to access the remote installation source. For more information, see Ports for network-based installation.
-
The
httpd
package is installed. -
The
mod_ssl
package is installed, if you use thehttps
installation source.
If your Apache web server configuration enables SSL security, prefer to enable the TLSv1.3 protocol. By default, TLSv1.2 (LEGACY) is enabled.
If you use an HTTPS server with a self-signed certificate, you must boot the installation program with the noverifyssl
option.
Procedure
- Copy the DVD ISO image to the HTTP(S) server.
Create a suitable directory for mounting the DVD ISO image, for example:
# mkdir /mnt/rhel10-install/
Mount the DVD ISO image to the directory:
# mount -o loop,ro -t iso9660 /image_directory/image.iso /mnt/rhel10-install/
Replace /image_directory/image.iso with the path to the DVD ISO image.
Copy the files from the mounted image to the HTTP(S) server root.
# cp -r /mnt/rhel10-install/ /var/www/html/
This command creates the
/var/www/html/rhel10-install/
directory with the content of the image. Note that some other copying methods might skip the.treeinfo
file which is required for a valid installation source. Entering thecp
command for entire directories as shown in this procedure copies.treeinfo
correctly.Start the
httpd
service:# systemctl start httpd.service
The installation tree is now accessible and ready to be used as the installation source.
NoteWhen configuring the installation source, use
http://
orhttps://
as the protocol, the server host name or IP address, and the directory that contains the files from the ISO image, relative to the HTTP server root. For example, if you use HTTP, the server host name ismyserver.example.com
, and you have copied the files from the image to/var/www/html/rhel10-install/
, specifyhttp://myserver.example.com/rhel-10-install/
as the installation source.
Additional resources
5.4. Creating an installation source by using FTP
You can create an installation source for a network-based installation by using an installation tree, which is a directory containing extracted contents of the DVD ISO image and a valid .treeinfo
file. The installation source is accessed over FTP.
Prerequisites
- You have administrator-level access to a server with Red Hat Enterprise Linux 10, and this server is on the same network as the system to be installed.
- You have downloaded the full installation DVD ISO from the Product Downloads page.
- You have created a bootable CD, DVD, or USB device from the image file.
- You have verified that your firewall allows the system you are installing to access the remote installation source. For more information, see Ports for network-based installation.
-
The
vsftpd
package is installed.
Procedure
Open and edit the
/etc/vsftpd/vsftpd.conf
configuration file in a text editor.-
Change the line
anonymous_enable=NO
toanonymous_enable=YES
-
Change the line
write_enable=YES
towrite_enable=NO
. Add lines
pasv_min_port=<min_port>
andpasv_max_port=<max_port>
. Replace <min_port> and <max_port> with the port number range used by the FTP server in passive mode, for example,10021
and10031
.This step might be necessary in network environments featuring various firewall/NAT setups.
Optional: Add custom changes to your configuration. For available options, see the vsftpd.conf(5) man page. This procedure assumes that default options are used.
WarningIf you configured SSL/TLS security in your
vsftpd.conf
file, ensure that you enable only the TLSv1 protocol, and disable SSLv2 and SSLv3. This is due to the POODLE SSL vulnerability (CVE-2014-3566). For more information, see the Red Hat Knowledgebase solution Resolution for POODLE SSLv3.0 vulnerability.
-
Change the line
Configure the server firewall.
Enable the firewall:
# systemctl enable firewalld
Start the firewall:
# systemctl start firewalld
Configure the firewall to allow the FTP port and port range from the previous step:
# firewall-cmd --add-port min_port-max_port/tcp --permanent # firewall-cmd --add-service ftp --permanent
Replace <min_port> and <max_port> with the port numbers you entered into the
/etc/vsftpd/vsftpd.conf
configuration file.Reload the firewall to apply the new rules:
# firewall-cmd --reload
- Copy the DVD ISO image to the FTP server.
Create a suitable directory for mounting the DVD ISO image, for example:
# mkdir /mnt/rhel10-install
Mount the DVD ISO image to the directory:
# mount -o loop,ro -t iso9660 /image-directory/image.iso /mnt/rhel10-install
Replace
/image-directory/image.iso
with the path to the DVD ISO image.Copy the files from the mounted image to the FTP server root:
# mkdir /var/ftp/rhel10-install # cp -r /mnt/rhel10-install/ /var/ftp/
This command creates the
/var/ftp/rhel10-install/
directory with the content of the image. Some copying methods can skip the.treeinfo
file which is required for a valid installation source. Entering thecp
command for whole directories as shown in this procedure will copy.treeinfo
correctly.Make sure that the correct SELinux context and access mode is set on the copied content:
# restorecon -r /var/ftp/rhel10-install # find /var/ftp/rhel10-install -type f -exec chmod 444 {} \; # find /var/ftp/rhel10-install -type d -exec chmod 755 {} \;
Start the
vsftpd
service:# systemctl start vsftpd.service
If the service was running before you changed the
/etc/vsftpd/vsftpd.conf
file, restart the service to load the edited file:# systemctl restart vsftpd.service
Enable the
vsftpd
service to start during the boot process:# systemctl enable vsftpd
The installation tree is now accessible and ready to be used as the installation source.
When configuring the installation source, use
ftp://
as the protocol, the server host name or IP address, and the directory in which you have stored the files from the ISO image, relative to the FTP server root. For example, if the server host name ismyserver.example.com
and you have copied the files from the image to/var/ftp/rhel10-install/
, specifyftp://myserver.example.com/rhel-10-install/
as the installation source.