Red Hat SummitChapter 6. Preparing a UEFI HTTP installation source
As an administrator of a server on a local network, you can configure an HTTP server to enable HTTP boot and network installation for other systems on your network.
6.1. Network installation overview
A network installation allows you to install Red Hat Enterprise Linux to a system that has access to an installation server. At a minimum, two systems are required for a network installation:
- Server
- A system running a DHCP server, an HTTP, HTTPS, FTP, or NFS server, and in the PXE boot case, a TFTP server. Although each server can run on a different physical system, the procedures in this section assume a single system is running all servers.
- Client
- The system to which you are installing Red Hat Enterprise Linux. Once installation starts, the client queries the DHCP server, receives the boot files from the HTTP or TFTP server, and downloads the installation environment image from the HTTP, HTTPS, FTP or NFS server. Unlike other installation methods, the client does not require any physical boot media for the installation to start.
To boot a client from the network, enable network boot in the firmware or in a quick boot menu on the client. On some hardware, the option to boot from a network might be disabled, or not available.
The workflow steps to prepare for an installation of Red Hat Enterprise Linux from a network by using HTTP or PXE are as follows:
Procedure
- Export the installation ISO image or the installation tree to an NFS, HTTPS, HTTP, or FTP server.
- Configure the HTTP or TFTP server and DHCP server, and start the HTTP or TFTP service on the server.
- Boot the client and start the installation.
You can choose between the following network boot protocols:
- HTTP
- Use the HTTP boot if your client UEFI supports it. HTTP boot is usually more reliable.
- PXE (TFTP)
- PXE boot is more widely supported by client systems, but sending the boot files over TFTP protocol might be slow and result in timeout failures.
6.2. Configuring the DHCPv4 server for network boot
Enable the DHCP version 4 (DHCPv4) service on your server, so that it can provide network boot functionality.
Prerequisites
- You are preparing network installation over the IPv4 protocol.
Find the network addresses of the server.
In the following examples, the server has a network interface
enp1s0with this configuration:- IPv4 address
- 192.168.124.2/24
- IPv4 gateway + DNS server
- 192.168.124.1
Procedure
Install the DHCP server:
dnf install kea
# dnf install keaCopy to Clipboard Copied! Set up a DHCPv4 server. Enter the following configuration in the
/etc/kea/kea-dhcp4.conffile. Replace the addresses to match your network card.{ "Dhcp4": { "interfaces-config": { "interfaces": [ "enp1s0" ] }, "subnet4": [ { "id": 1, "subnet": "192.168.124.0/24", "pools": [ { "pool": "192.168.124.100 - 192.168.124.200" } ], "option-data": [ { "space": "dhcp4", "name": "routers", "code": 3, "data": "192.168.124.10" }, { "space": "dhcp4", "name": "domain-name-servers", "code": 6, "data": "192.168.124.10" } ] } ], "client-classes": [ { "name": "uefi PXE Clients", "test": "substring(option[60].hex,0,9) == 'PXEClient' and option[93].hex == 0x0007", "next-server": "192.168.124.2", "boot-file-name": "/uefi/BOOT/BOOTX64.EFI" }, { "name": "bios PXE Clients", "test": "substring(option[60].hex,0,9) == 'PXEClient' and option[93].hex == 0x0000", "next-server": "192.168.124.2", "boot-file-name": "syslinux/pxelinux.0" }, { "name": "uefi HTTP Clients", "test": "substring(option[60].hex,0,10) == 'HTTPClient' and option[93].hex == 0x0007", "option-data": [ { "space": "dhcp4", "name": "vendor-class-identifier", "code": 60, "data": "HTTPClient" } ], "next-server": "192.168.124.2", "boot-file-name": "http://192.168.124.2/uefi/BOOT/BOOTX64.EFI" } ] } }{ "Dhcp4": { "interfaces-config": { "interfaces": [ "enp1s0" ] }, "subnet4": [ { "id": 1, "subnet": "192.168.124.0/24", "pools": [ { "pool": "192.168.124.100 - 192.168.124.200" } ], "option-data": [ { "space": "dhcp4", "name": "routers", "code": 3, "data": "192.168.124.10" }, { "space": "dhcp4", "name": "domain-name-servers", "code": 6, "data": "192.168.124.10" } ] } ], "client-classes": [ { "name": "uefi PXE Clients", "test": "substring(option[60].hex,0,9) == 'PXEClient' and option[93].hex == 0x0007", "next-server": "192.168.124.2", "boot-file-name": "/uefi/BOOT/BOOTX64.EFI" }, { "name": "bios PXE Clients", "test": "substring(option[60].hex,0,9) == 'PXEClient' and option[93].hex == 0x0000", "next-server": "192.168.124.2", "boot-file-name": "syslinux/pxelinux.0" }, { "name": "uefi HTTP Clients", "test": "substring(option[60].hex,0,10) == 'HTTPClient' and option[93].hex == 0x0007", "option-data": [ { "space": "dhcp4", "name": "vendor-class-identifier", "code": 60, "data": "HTTPClient" } ], "next-server": "192.168.124.2", "boot-file-name": "http://192.168.124.2/uefi/BOOT/BOOTX64.EFI" } ] } }Copy to Clipboard Copied! Start the DHCPv4 service:
systemctl enable --now kea-dhcp4
# systemctl enable --now kea-dhcp4Copy to Clipboard Copied!
6.3. Configuring the DHCPv6 server for network boot
Enable the DHCP version 6 (DHCPv4) service on your server, so that it can provide network boot functionality.
Prerequisites
- You are preparing network installation over the IPv6 protocol.
Find the network addresses of the server.
In the following examples, the server has a network interface
enp1s0with this configuration:- IPv6 address
- fd33::2/64
- IPv6 gateway
- fd33::1
Procedure
Install the DHCP server:
dnf install kea
# dnf install keaCopy to Clipboard Copied! Set up a DHCPv6 server. Enter the following configuration in the
/etc/kea/kea-dhcp6.conffile. Replace the addresses to match your network card.{ "Dhcp6": { "interfaces-config": { "interfaces": [ "enp1s0" ] }, "subnet6": [ { "id": 1, "subnet": "fd33::/64", "interface": "enp1s0", "pools": [ { "pool": "fd33::100-fd33::200" } ] } ], "client-classes": [ { "name": "uefi PXE Clients", "test": "substring(option[16].hex,6,9) == 'PXEClient' and substring(option[16].hex,21,5) == '00007'", "option-data": [ { "space": "dhcp6", "name": "bootfile-url", "code": 59, "data": "tftp://[fd33::2]/uefi/BOOT/BOOTX64.EFI" } ] }, { "name": "bios PXE Clients", "test": "substring(option[16].hex,6,9) == 'PXEClient' and substring(option[16].hex,21,5) == '00000'", "option-data": [ { "space": "dhcp6", "name": "bootfile-url", "code": 59, "data": "tftp://[fd33::2]/syslinux/pxelinux.0" } ] }, { "name": "uefi HTTP Clients", "test": "substring(option[16].hex,6,10) == 'HTTPClient' and substring(option[16].hex,22,5) == '00007'", "option-data": [ { "space": "dhcp6", "name": "bootfile-url", "code": 59, "data": "http://[fd33::2]/uefi/BOOT/BOOTX64.EFI" } ] } ] } }{ "Dhcp6": { "interfaces-config": { "interfaces": [ "enp1s0" ] }, "subnet6": [ { "id": 1, "subnet": "fd33::/64", "interface": "enp1s0", "pools": [ { "pool": "fd33::100-fd33::200" } ] } ], "client-classes": [ { "name": "uefi PXE Clients", "test": "substring(option[16].hex,6,9) == 'PXEClient' and substring(option[16].hex,21,5) == '00007'", "option-data": [ { "space": "dhcp6", "name": "bootfile-url", "code": 59, "data": "tftp://[fd33::2]/uefi/BOOT/BOOTX64.EFI" } ] }, { "name": "bios PXE Clients", "test": "substring(option[16].hex,6,9) == 'PXEClient' and substring(option[16].hex,21,5) == '00000'", "option-data": [ { "space": "dhcp6", "name": "bootfile-url", "code": 59, "data": "tftp://[fd33::2]/syslinux/pxelinux.0" } ] }, { "name": "uefi HTTP Clients", "test": "substring(option[16].hex,6,10) == 'HTTPClient' and substring(option[16].hex,22,5) == '00007'", "option-data": [ { "space": "dhcp6", "name": "bootfile-url", "code": 59, "data": "http://[fd33::2]/uefi/BOOT/BOOTX64.EFI" } ] } ] } }Copy to Clipboard Copied! Start the DHCPv6 service:
systemctl enable --now kea-dhcp6
# systemctl enable --now kea-dhcp6Copy to Clipboard Copied! If DHCPv6 packets are dropped by the RP filter in the firewall, check its log. If the log contains the
rpfilter_DROPentry, disable the filter using the following configuration in the/etc/firewalld/firewalld.conffile:IPv6_rpfilter=no
IPv6_rpfilter=noCopy to Clipboard Copied!
6.4. Configuring the HTTP server for HTTP boot
You must install and enable the httpd service on your server so that the server can provide HTTP boot resources on your network.
Prerequisites
Find the network addresses of the server.
In the following examples, the server has a network card with the
192.168.124.2IPv4 address.
Procedure
Install the HTTP server:
dnf install httpd
# dnf install httpdCopy to Clipboard Copied! Create the
/var/www/html/redhatdirectory:mkdir -p /var/www/html/redhat
# mkdir -p /var/www/html/redhatCopy to Clipboard Copied! - Download the RHEL DVD ISO file. See All Red Hat Enterprise Linux Downloads.
Create a mount point for the ISO file:
mkdir -p /var/www/html/redhat/iso
# mkdir -p /var/www/html/redhat/isoCopy to Clipboard Copied! Mount the ISO file:
mount -o loop,ro -t iso9660 path-to-RHEL-DVD.iso /var/www/html/redhat/iso
# mount -o loop,ro -t iso9660 path-to-RHEL-DVD.iso /var/www/html/redhat/isoCopy to Clipboard Copied! Copy the boot loader, kernel, and
initramfsfrom the mounted ISO file into your HTML directory:cp -r /var/www/html/redhat/iso/images /var/www/html/redhat cp -r /var/www/html/redhat/iso/EFI /var/www/html/redhat
# cp -r /var/www/html/redhat/iso/images /var/www/html/redhat # cp -r /var/www/html/redhat/iso/EFI /var/www/html/redhatCopy to Clipboard Copied! Make the boot loader configuration editable and ensure the boot files are owned by the user running httpd server (apache):
chmod 644 /var/www/html/redhat/EFI/BOOT/grub.cfg chown -R apache:apache /var/www/html/redhat/EFI
# chmod 644 /var/www/html/redhat/EFI/BOOT/grub.cfg # chown -R apache:apache /var/www/html/redhat/EFICopy to Clipboard Copied! Edit the
/var/www/html/redhat/EFI/BOOT/grub.cfgfile and replace its content with the following:set default="1" function load_video { insmod efi_gop insmod efi_uga insmod video_bochs insmod video_cirrus insmod all_video } load_video set gfxpayload=keep set timeout=60 menuentry 'Install Red Hat Enterprise Linux 10.0' --class fedora --class gnu-linux --class gnu --class os { linuxefi /redhat/images/pxeboot/vmlinuz inst.repo=http://192.168.124.2/redhat/iso quiet initrdefi /redhat/images/pxeboot/initrd.img } submenu 'Troubleshooting -->' { menuentry 'Install Red Hat Enterprise Linux 10.0 in text mode' --class fedora --class gnu-linux --class gnu --class os { linuxefi /redhat/images/pxeboot/vmlinuz inst.repo=http://192.168.124.2/redhat/iso inst.text quiet initrdefi /redhat/images/pxeboot/initrd.img } menuentry 'Rescue a Red Hat Enterprise Linux system' --class fedora --class gnu-linux --class gnu --class os { linuxefi /redhat/images/pxeboot/vmlinuz inst.stage2=http://192.168.124.2/redhat/iso inst.rescue quiet initrdefi /redhat/images/pxeboot/initrd.img } }set default="1" function load_video { insmod efi_gop insmod efi_uga insmod video_bochs insmod video_cirrus insmod all_video } load_video set gfxpayload=keep set timeout=60 menuentry 'Install Red Hat Enterprise Linux 10.0' --class fedora --class gnu-linux --class gnu --class os { linuxefi /redhat/images/pxeboot/vmlinuz inst.repo=http://192.168.124.2/redhat/iso quiet initrdefi /redhat/images/pxeboot/initrd.img } submenu 'Troubleshooting -->' { menuentry 'Install Red Hat Enterprise Linux 10.0 in text mode' --class fedora --class gnu-linux --class gnu --class os { linuxefi /redhat/images/pxeboot/vmlinuz inst.repo=http://192.168.124.2/redhat/iso inst.text quiet initrdefi /redhat/images/pxeboot/initrd.img } menuentry 'Rescue a Red Hat Enterprise Linux system' --class fedora --class gnu-linux --class gnu --class os { linuxefi /redhat/images/pxeboot/vmlinuz inst.stage2=http://192.168.124.2/redhat/iso inst.rescue quiet initrdefi /redhat/images/pxeboot/initrd.img } }Copy to Clipboard Copied! In this file, update the following strings:
- Install Red Hat Enterprise Linux 10.0
- Edit the version number to match the version of RHEL that you downloaded.
- 192.168.124.2
- Replace with the IP address of your server.
Open ports in the firewall to allow HTTP (80), DHCP (67, 68) and DHCPv6 (546, 547) traffic:
firewall-cmd --zone public \ --add-port={80/tcp,67/udp,68/udp,546/udp,547/udp}# firewall-cmd --zone public \ --add-port={80/tcp,67/udp,68/udp,546/udp,547/udp}Copy to Clipboard Copied! This command enables temporary access until the next server reboot.
-
Optional: To enable permanent access, add the
--permanentoption to the command. Reload firewall rules:
firewall-cmd --reload
# firewall-cmd --reloadCopy to Clipboard Copied! Start the HTTP server:
systemctl enable --now httpd
# systemctl enable --now httpdCopy to Clipboard Copied! Make the
htmldirectory and its content readable and executable:chmod -cR u=rwX,g=rX,o=rX /var/www/html
# chmod -cR u=rwX,g=rX,o=rX /var/www/htmlCopy to Clipboard Copied! Restore the SELinux context of the
htmldirectory:restorecon -FvvR /var/www/html
# restorecon -FvvR /var/www/htmlCopy to Clipboard Copied!
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}