| Carl-Friedrich-Gauß-Fakultät | Informatik

PXE Booting & Fully Automated Installation (FAI)

AutorFrank Steinberg
SchlüsselworteFAI PXE Netboot

The IBR LAN provides an infrastructure for booting and installing some common operating systems and for running some maintenance tools purely from the network without the need for any media like CDs or USB sticks. All you need is a PXE capable PC.

When you connect your PC to the IBR LAN and boot it the from network (on many systems you might have to press F12 to get to a boot menu; maybe this has to be enabled in your BIOS settings first), you'll get to the "IBR PXE Boot Menu". The content of this menu (and probably its submenus) changes from time to time. However, some common functions are:

  • Fully Automated Installation (FAI) (see below)
  • some common Linux (and maybe other OS) installers
  • a Linux "Live" system (not modifying the harddisk content
  • "Nuke Disk" to safely wipe connected hard disks
  • a simple momory test program
  • maybe other (experimental) stuff

Fully Automated Installation (FAI)

In contrast to the standard OS installers, FAI supports a full Linux installation without any interaction and with numerous IBR specific adjustments and configuration choices that have been prepared by the admins. Furthermore, FAI client hosts (hosts that been installed using FAI), may subsequently run a program to keep up to date.

FAI uses "classes" to distinguish some sets of configuration choices. The PXE FAI submenu shows some combinations of such classes. When you want to run a FAI installation, you have to select one of these combinations:

  • TRUSTY (or other names) selects a the Linux distribution you want to install. Trusty is the name of Ubuntu 14.04 LTS. It is a good choice as of this writing, since it is a "long term support" version and it is used and well tested on many IBR hosts.
  • GERMAN does some adjustments for german keyboards.
  • LDAPIBR gets the host to use the IBR LDAP for user authentication and IBR file servers for home directories and some more things. The owner (supervisor in LDAP, if registered) get "sudo" permissions. This is a good choice, when the host is permanantly connected to the IBR LAN and you want to have easy access to other file resources. It is NOT a good choice for most notebooks. (There are some details related to how file services are mounted (NFSv4, NFSv3, CIFS), that are not handled here.). Cannot be combined with "LDAPTU".
  • LDAPTU gets the host to use the TU-BS GITZ LDAP and the GITZ AFS for user authentication and home directory access. This is used for some workstation pools. Cannot be combined with "LDAPIBR".
  • FULL extends the standard minimal package selection list of less than 1 GB to quite complete installation of approx. 14 GB. The installation may take 30 minutes or more, instead of just 3-5 minutes.
  • DESKTOP makes the host to fire up a display manager. Requires "FULL".
  • ROOTSDB make the seconds harddisk (probabaly an SSH) the OS disk.

Note that in any case...

  • an SSH server gets installed
  • IBR admins may login via SSH, authenticated by their public keys in ~root/.ssh/authorized_keys. Of course, you may change this behaviour, if you like.
  • If no "LDAP*" class is used, the following happens: If the host is registered in the IBR-LDAP the supervisor gets an account with sudo permissions and an email with the initial credentials. If the host is not registered in the IBR-LDAP, the host gets a generic host name and the initial root password will consist of the 12 digits of the MAC address.
  • some other FAI classes are "detected" and control some FAI bahavior (DELL, KVM, BAREMETAL, ...).
  • some other FAI classes are based on LDAP groups, e.g. hosts that are a member of the the group "fai", run the FAI "softupdate" procedure every day. (fai, ibrmunin, desktop, trusted, ...)

aktualisiert am 20.02.2015, 10:27 von Frank Steinberg