Virtualization Setup for RH CSA study

While my company has wonderful resources to allow employees to study for our certifications, they are time limited to prevent waste. I find I’ve often kicked off the lab, only to get distracted with a reql-world-interrupt, and come back to find the lab has timed out. I like working on my own systems, and having my own servers to work on. As such, I’m setting up a complementary system to the corporate one for my own study.

Overview

Here’s the general idea; I’m going to use libvirt and the virtualization infrastructure of my system to build a private network that I can use to provision virtual machines. This network will not have the standard DHCP server, but will, instead, have a specifically targeted on that works in conjunction with a tftp server to provision images. This setup is called Preboot Execution Environment (PXE, usually pronounced Pixie. This should help you remember it.

Thanks, Mairin.

Pixie booting as we would all like to imagine it.

Network Setup

While I originally created the network using the virt-manager UI, I have it now in XML form. it looks like this:

 
  <network>
  <name>provision</name>
  <uuid>bc9db3c9-89a8-41de-9cfa-bd9b5bd771f3</uuid>
  <bridge name='virbr1' stp='on' delay='0'/>
  <mac address='52:54:00:39:08:19'/>
  <domain name='provision'/>
  <ip address='192.168.131.1' netmask='255.255.255.0'>
  </ip>
</network>

Create a blank VM on the network setup to PXE boot, and ensure that it does not get a DHCP response.

There are a few guides to setting up PXE on Fedora. This one seems fairly recent, although a few things have changed and I’ll note them. Lets start with the DCHP setup. Aside from replacing yum with dnf, the name of the package is dhcp-server, not dhcp.

sudo dnf install -y dhcp-server

We want this listening on the interface that the VMs are on. From the XML fragment above, we can see that is the virbr1 Bridge. Run ip addr on my laptop shows:

16: virbr1: &lt;NO-CARRIER,BROADCAST,MULTICAST,UP&gt; mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:39:08:19 brd ff:ff:ff:ff:ff:ff
    inet 192.168.131.1/24 brd 192.168.131.255 scope global virbr1
       valid_lft forever preferred_lft forever

Since the IP address is 192.168.131.1/24, which maps to the virsh network XML document above, I am fairly certain that if I get a DHCP server listening on this interface (and only this one) I can use it to provision VMs without interference from other DHCP providers.

TCPDump

Lets check with tcp-dump. Thanks for this little fragment.

$ sudo tcpdump -i virbr1 -n port 67 and port 68
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr1, link-type EN10MB (Ethernet), capture size 262144 bytes

To start that shows nothing. Now fire up the virtual machine and:

20:02:03.781250 IP 0.0.0.0.bootpc &gt; 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:4f:e4:fa, length 396
20:02:05.758560 IP 0.0.0.0.bootpc &gt; 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:4f:e4:fa, length 396
20:02:09.713201 IP 0.0.0.0.bootpc &gt; 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:4f:e4:fa, length 396

So that is what our DHCPD instance needs to field.

DHCPD Configuration

The configuration file is now in /etc/dhcp/dhcpd.conf

$ rpmquery -f /etc/dhcp/dhcpd.conf
dhcp-server-4.3.6-8.fc27.x86_64

And it is pretty much empty.

$ sudo cat  /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#

Here is a minimal configuration.

subnet 192.168.131.0 netmask 255.255.255.0 {
  allow booting;
  allow bootp;
  option domain-name "ayoung541.test";
  option domain-name-servers 127.0.0.1;
  option routers 192.168.131.1;
  next-server 192.168.131.1;
  filename "pxelinux.0";
 
  range 192.168.131.10 192.168.131.20;
}

I poked around a bit, seeing if I needed to do something to make dhcpd only listen on the specified interface, and found this in /etc/sysconfig/dhcp

# WARNING: This file is NOT used anymore.
 
# If you are here to restrict what interfaces should dhcpd listen on,
# be aware that dhcpd listens *only* on interfaces for which it finds subnet
# declaration in dhcpd.conf. It means that explicitly enumerating interfaces
# also on command line should not be required in most cases.

So I figure with the above configuration I should be Ok. Restart the DHCPD daemon via syscontrol, run tcpdump with the same options, and restart the virtual machine.

First off, I see the following in tcpdump’s output:

21:39:11.791024 IP 0.0.0.0.bootpc &gt; 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:4f:e4:fa, length 396
21:39:12.792374 IP 192.168.131.1.bootps &gt; 192.168.131.10.bootpc: BOOTP/DHCP, Reply, length 300
21:39:12.792506 IP 0.0.0.0.bootpc &gt; 255.255.255.255.bootps: BOOTP/DHCP, Request from 52:54:00:4f:e4:fa, length 408
21:39:12.792616 IP 192.168.131.1.bootps &gt; 192.168.131.10.bootpc: BOOTP/DHCP, Reply, length 300

Which is pretty encouraging. Looking at the vms console, I see:

PXEBoot Output, No such file.

This is success! A couple things to note:

  • The VM got the IP address of 192.168.131.10 which was the first one in our range.
  • It attempted to download a file named pxelinux.0 via tftp.  That matches what I set in the config file.

Leases

We can see the lease granted to this machine via the leases file.

$ sudo cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.3.6

# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;

lease 192.168.131.10 {
  starts 6 2018/02/10 00:57:12;
  ends 6 2018/02/10 12:57:12;
  tstp 6 2018/02/10 12:57:12;
  cltt 6 2018/02/10 00:57:12;
  binding state active;
  next binding state free;
  rewind binding state free;
  hardware ethernet 52:54:00:4f:e4:fa;
  uid "\001RT\000O\344\372";
  set vendor-class-identifier = "PXEClient:Arch:00000:UNDI:002001";
}
server-duid "\000\001\000\001\"\020\365\344RT\0009\010\031";

So if we know a MAC address, we can find the IP address for it by searching through this file. If we want to pre-allocate address for a Known mac, we can either do it in the main /etc/dhcp/dhcpd.conf file or in a file in /var/lib/dhcpd.

TFTP Server

Next, I need to set up a TFTP server on that interface and serve out a file. Lets do that.

sudo dnf install -y tftp-server
sudo touch /var/lib/tftpboot/pxelinux.0

This is obviously a bogus file, but this is going step by step. Lets use the tftp client to see if we can fetch that.

$ tftp 192.168.131.1 -c get pxelinux.0
$ file pxelinux.0 
pxelinux.0: empty

Looks good. Delete the empty files and keep going.

SYSLINUX

sudo dnf install -y syslinux
sudo cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

Lets try to pxeboot the VM again.

PXE Boot Fail looking for ldlinux.c32

Again, we move toward success. The TFTP server is working, and the PXE boot process on the VM attempts to download syslinux.

Lets get the rest of the files in place and try again:

 sudo cp -a /usr/share/syslinux /var/lib/tftpboot/

Reboot the VM. A new failure:

Kickstart

Lets make that configuration:

sudo mkdir  /var/lib/tftpboot/pxelinux.cfg

Create the file /var/lib/tftpboot/pxelinux.cfg/default and put in it:

path syslinux
include menu.cfg
default syslinux/vesamenu.c32
prompt 0
timeout 50

Create the file /var/lib/tftpboot/menu.cfg

menu hshift 13
menu width 49
menu margin 8
menu tabmsg
 
menu title automated install boot menu
label fedora-26-automated-install
  menu label ^Fedora 26 automated install
  kernel vmlinuz
  append vga=788 initrd=initrd.img ip=dhcp inst.repo=${MIRROR_URL} \
    ks=nfs:${SERVER_IPADDR}:/var/lib/nfsroot/fedora-26-ks.cfg
menu end

This is obviously a straight lift from the above referenced Install. We are not going to leave it like this, just want to get it started for testing.

Lets kick off that PXE boot again:

PXE Automated install Screen

This keeps looping around to 0 and restarting, as it lacks proper values for MIRROR_URL etc, and thus cannot download anything. So while we are still at a failure mode, we are ready to start looking at Kickstart files, which is one of the study objectives for the RH CSA exam. I’ll go through those more in depth in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.