Zombie

Mar 12, 2020

This document describes how to build Zombie, a PXE and other protocol boot server. Zombie runs on commodity router hardware and provides a number of features:

  • PXE boot server

We build Zombie on top of OpenWrt because of the distribution’s simplicity and small size. Zombie is made up of roughly 80 packages, and its programs and configurations take up less than 125 MB of storage space. Here we assume that Zombie will run within the confines of a Xen hypervisor.

Establish the Zombie VM

Perform the following steps on the Xen Dom0 host to establish the VM which will host Zombie:

  1. Obtain the x86_64 OpenWrt image at https://downloads.lede-project.org/releases/17.01.1/targets/x86/64/lede-17.01.1-x86-64-combined-ext4.img.gz.
  2. Uncompress the image and place it at /var/lib/xen/images/zombie-lede-17.01.1-x86-64-combined-ext4.img on the Xen Dom0 host.
  3. Write the following at /etc/xen/vm-zombie.cfg on the Xen Dom0 host (replace XX:XX:XX:XX:XX:XX):
name    = "zombie"
memory  =  1024
vcpus   =  1
builder = "hvm"
vif     = [ "model=e1000,script=vif-bridge,bridge=xenbr0,mac=XX:XX:XX:XX:XX:XX" ]
disk    = [ "tap2:tapdisk:aio:/var/lib/xen/images/herald-lede-17.01.1-x86-64-combined-ext4.img ,xvda,w" ]
serial  = "pty"

Software installation

Perform the following steps on Zombie:

  1. Set the root password: passwd.
  2. Remove unnecessary packages:
opkg remove \
        kmod-ppp \
        kmod-pppoe \
        kmod-pppox \
        kmod-r8169 \
        logd \
        luci-app-firewall \
        luci-lib-ip \
        luci-lib-jsonc \
        luci-lib-nixio \
        luci-proto-ipv6 \
        luci-proto-ppp \
        luci-theme-bootstrap \
        luci-mod-admin-full \
        luci-base \
        luci \
        mtd \
        odhcpd-ipv6only \
        ppp \
        ppp-mod-pppoe \
        r8169-firmware \
        uhttpd-mod-ubus \
        uhttpd
  1. Configure networking by writing /etc/config/network:
config interface loopback
option ifname lo
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0

config interface lan
        option ifname eth0
        option proto dhcp
  1. Install the necessary software:
opkg update
opkg install \
        freifunk-watchdog \
        syslog-ng
  1. Install a public SSH key at /etc/dropbear/authorized_keys.

Configuring TFTP

Here we describe how to configure dnsmasq to provide a TFTP service.

  1. /etc/config/dhcp:
config dnsmasq
        option enable_tftp      1
        option tftp_root        /usr/libexec/tftpboot
        option localservice     1

config dhcp lan
        option ignore           1
  1. Create the directory /usr/libexec/tftpboot/pxelinux/bios/.
  2. Install the syslinux package on a Fedora host, and copy the files /usr/share/syslinux/{ldlinux.c32,libcom32.c32,libutil.c32,pxelinux.0,vesamenu.c32} to /usr/libexec/tftpboot/pxelinux/bios/ on Zombie.
  3. usr/libexec/tftpboot/pxelinux/bios/pxelinux.cfg/default:
default vesamenu.c32
prompt 1
timeout 600

display boot.msg

label linux
        menu label ^Install or upgrade an existing system
        menu default
        kernel vmlinuz
        append initrd=initrd.img inst.repo=https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Everything/x86_64/os/ inst.ks=https://www.flyn.org/kickstart/Fedora-35-x86_64-workstation.ks
  1. Create the directory /usr/libexec/tftpboot/pxelinux/efi/.
  2. Install the shim, grub2-efi, and grub2-efi-x64 packages on a Fedora host, and copy the file /boot/efi/EFI/fedora/shim.efi to /usr/libexec/tftpboot/pxelinux/efi/ on Zombie.
  3. Copy the files /boot/efi/EFI/fedora/grubx64.efi to /usr/libexec/tftpboot/ on Zombie.
  4. usr/libexec/tftpboot/grub.cfg:
function load_video {
        insmod efi_gop
        insmod efi_uga
        insmod video_bochs
        insmod video_cirrus
        insmod all_video
}

load_video
set gfxpayload=keep
insmod gzio

menuentry 'Install Fedora 64-bit'  --class fedora --class gnu-linux --class gnu --class os {
        linuxefi pxelinux/bios/vmlinuz ip=dhcp inst.repo=https://download.fedoraproject.org/pub/fedora/linux/releases/35/Everything/x86_64/os/ inst.ks=https://www.flyn.org/kickstart/Fedora-35-x86_64-workstation.ks
        initrdefi pxelinux/bios/initrd.img
}
  1. Copy https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Everything/x86_64/os/images/pxeboot/vmlinuz to usr/libexec/tftpboot/pxelinux/bios/vmlinuz.
  2. Copy https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Everything/x86_64/os/images/pxeboot/initrd.img to usr/libexec/tftpboot/pxelinux/bios/initrd.img.

Configuring DHCP

Add the following to /etc/config/dhcp on the host that provides your network’s DHCP service (replace W.X.Y.Z and example.com with Zombie’s IP address and domain name, respectively):

config boot linux
        option serveraddress 'W.X.Y.Z'
        option servername 'zombie.example.com'
        option filename 'pxelinux/bios/pxelinux.0'

# For EFI:
# config boot linux
#       option serveraddress 'W.X.Y.Z'
#       option servername 'zombie.example.com'
#       option filename 'pxelinux/efi/shim.efi'