Zombie

This document describes how to build Zombie, a PXE and other protocol boot server. Zombie runs on commodity router hardware and provides a number of features:

  • PXE boot server

We build Zombie on top of OpenWrt because of the distribution's simplicity and small size. Zombie is made up of roughly 80 packages, and its programs and configurations take up less than 125 MB of storage space. Here we assume that Zombie will run within the confines of a Xen hypervisor.

Establish the Zombie VM

Perform the following steps on the Xen Dom0 host to establish the VM which will host Zombie:

  1. Obtain the x86_64 OpenWrt image at https://downloads.lede-project.org/releases/17.01.1/targets/x86/64/lede-17.01.1-x86-64-combined-ext4.img.gz.
  2. Uncompress the image and place it at /var/lib/xen/images/zombie-lede-17.01.1-x86-64-combined-ext4.img on the Xen Dom0 host.
  3. Write the following at /etc/xen/vm-zombie.cfg on the Xen Dom0 host (replace XX:XX:XX:XX:XX:XX):
    name    = "zombie"
    memory  =  1024
    vcpus   =  1
    builder = "hvm"
    vif     = [ "model=e1000,script=vif-bridge,bridge=xenbr0,mac=XX:XX:XX:XX:XX:XX" ]
    disk    = [ "tap2:tapdisk:aio:/var/lib/xen/images/herald-lede-17.01.1-x86-64-combined-ext4.img ,xvda,w" ]
    serial  = "pty"
    

Software installation

Perform the following steps on Zombie:

  1. Set the root password: passwd.
  2. Remove unnecessary packages:
    opkg remove \
            kmod-ppp \
            kmod-pppoe \
            kmod-pppox \
            kmod-r8169 \
    	logd \
            luci-app-firewall \
            luci-lib-ip \
    	luci-lib-jsonc \
            luci-lib-nixio \
            luci-proto-ipv6 \
            luci-proto-ppp \
            luci-theme-bootstrap \
    	luci-mod-admin-full \
    	luci-base \
    	luci \
            mtd \
            odhcpd-ipv6only \
            ppp \
            ppp-mod-pppoe \
            r8169-firmware \
            uhttpd-mod-ubus \
    	uhttpd
    
  3. Configure networking by writing /etc/config/network:
    config interface loopback
    	option ifname lo
    	option proto static
    	option ipaddr 127.0.0.1
    	option netmask 255.0.0.0
    

    config interface lan option ifname eth0 option proto dhcp

  4. Install the necessary software:
    opkg update
    opkg install \
            freifunk-watchdog \
    	syslog-ng
    
  5. Install a public SSH key at /etc/dropbear/authorized_keys.

Configuring TFTP

Here we describe how to configure dnsmasq to provide a TFTP service.

  1. /etc/config/dhcp:
    config dnsmasq
    	option enable_tftp	1
    	option tftp_root	/usr/libexec/tftpboot
    	option localservice	1
    

    config dhcp lan option ignore 1

  2. Create the directory /usr/libexec/tftpboot/pxelinux/bios/.
  3. Install the syslinux package on a Fedora host, and copy the files /usr/share/syslinux/{ldlinux.c32,libcom32.c32,libutil.c32,pxelinux.0,vesamenu.c32} to /usr/libexec/tftpboot/pxelinux/bios/ on Zombie.
  4. usr/libexec/tftpboot/pxelinux/bios/pxelinux.cfg/default:
    default vesamenu.c32
    prompt 1
    timeout 600
    

    display boot.msg

    label linux menu label ^Install or upgrade an existing system menu default kernel vmlinuz append initrd=initrd.img inst.repo=https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Everything/x86_64/os/ ks=https://www.flyn.org/kickstart/Fedora-31-x86_64-workstation.ks

  5. Create the directory /usr/libexec/tftpboot/pxelinux/efi/.
  6. Install the shim, grub2-efi, and grub2-efi-x64 packages on a Fedora host, and copy the file /boot/fedora/boot/efi/EFI/fedora/shim.efi to /usr/libexec/tftpboot/pxelinux/efi/ on Zombie.
  7. Copy the files /boot/fedora/boot/efi/EFI/fedora/grubx64.efi to /usr/libexec/tftpboot/ on Zombie.
  8. usr/libexec/tftpboot/grub.cfg:
    function load_video {
    	insmod efi_gop
    	insmod efi_uga
    	insmod video_bochs
    	insmod video_cirrus
    	insmod all_video
    }
    

    load_video set gfxpayload=keep insmod gzio

    menuentry ‘Install Fedora 64-bit’ –class fedora –class gnu-linux –class gnu –class os { linuxefi pxelinux/bios/vmlinuz ip=dhcp inst.repo=https://download.fedoraproject.org/pub/fedora/linux/releases/31/Everything/x86_64/os/ ks=https://www.flyn.org/kickstart/Fedora-31-x86_64-workstation.ks initrdefi pxelinux/bios/initrd.img }

  9. Copy https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Everything/x86_64/os/images/pxeboot/vmlinuz to usr/libexec/tftpboot/pxelinux/bios/vmlinuz.
  10. Copy https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Everything/x86_64/os/images/pxeboot/initrd.img to usr/libexec/tftpboot/pxelinux/bios/initrd.img.

Configuring DHCP

Add the following to /etc/config/dhcp on the host that provides your network's DHCP service (replace W.X.Y.Z and example.com with Zombie's IP address and domain name, respectively):

config boot linux                                 
	option serveraddress 'W.X.Y.Z' 
	option servername 'zombie.example.com'  
	option filename 'pxelinux/bios/pxelinux.0'

# For EFI: # config boot linux
# option serveraddress ‘W.X.Y.Z’ # option servername ‘zombie.example.com’
# option filename ‘pxelinux/efi/shim.efi’

Avatar
W. Michael Petullo

My research interests include free and open source software, system security, and network security.