Tuesday, 31 July 2012

PXE Boot a Dban image from an Ubuntu Server




 Dhcp Offers from Ubuntu Server to Compute Nodes
****Note**** exercise extreme care with these notes I have made as you can boot and wipe any computer capable of net booting without any keyboard input on the private network if the machine in question is set to net-boot. 
I ACCEPT NO RESPONSIBILITY FOR ANY ERRORS OR OMISSIONS , YOU HAVE BEEN WARNED!


The object of this blog entry was to remind me how to securely erase a cluster of headless compute nodes connected to a head node using a Dban image pxe booted from the head node.

I installed Ubuntu 12.04 Server on the head node. The Head Node's eth0 was connected via Ethernet switches to the compute nodes on a private network in the range 192.168.1.0 and eth1 was connected to the public network and it was set to receive an IP address via dhcp.

Installation Requirements for the Head Node:-
Install an internet super server, tftp server, dhcp server and syslinux a boot loader.
 The command to do this is :-
sudo apt-get -y install inetutils-inetd tftpd-hpa dhcp3-server syslinux

 You have to extract some files from a Darik's Boot 'n' Nuke image:-
sudo mkdir /media/iso
sudo mount -o loop /the/path/to/dBanfile.iso /media/iso

In the directory /var/lib/tftpboot place the following files dban.bzi from the /media/iso directory and the file pxelinux.0 from the /usr/lib/syslinux/ directory. Also place the remaining files from the iso image in /var/lib/tftpboot/pxelinux.cfg

 Set the entries in the file named default in the directory /var/lib/tftpboot/pxelinux.cfg

PROMPT 0
DEFAULT quick

With prompt set to 0 there is no pause and the default setting is quick it can be autonuke dban dod dod3pass dodshort gutman ops2 paranoid prng or zero.
This means when it is run it goes straight to quick wipe so exercise extreme care when doing this as you can boot and wipe anything on the private network if the machine in question is set to netboot. I set it to 0 as all the compute nodes were headless and keyboardless so I could not have a pause for keyboard input.

The settings in the file /etc/dhcp/dhcpd.conf  I required for the dhcp server are as follows :-
ddns-update-style none;
option domain-name "home.local";
option domain-name-servers 192.168.1.1;
default-lease-time 86400;
max-lease-time 604880;
option time-offset -18000;
authoritative;
log-facility local7;
allow booting;
allow bootp;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
filename "pxelinux.0";
option root-path "/var/lib/tftpboot";
next-server 192.168.1.1;
}



In the tftp config file /etc/default/tftpd-hpa I required the following :-


RUN_DAEMON="yes"
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/var/lib/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS=""


The other dhcp config file /etc/default/isc-dhcp-server
should contain :-
INTERFACES="eth0"

 The ethernet settings file /etc/network/interfaces
should contain :-
 auto lo
iface lo inet loopback

# This is the private network
# Its static ip address
iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
auto eth0
# The public network interface

# It uses dhcp
auto eth1
iface eth1 inet dhcp


Note you will have to ensure that the compute nodes' bios is set to pxe boot on eth0 if that is the interface you are using. Once the Ubuntu Head Node is booted use tail -f /var/log/syslog to track the progress of the compute nodes dhcp ip addresses being served as they are booted.

This really saved me time when I had to securely erase a large number of machines before they were decommissioned and sent for recycling :).

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home