Open Source


System Integration


The Zombie PXE and other protocol boot server

This document describes how to build Zombie, a PXE and other protocol boot server. Zombie runs on commodity router hardware and provides a number of features:

We build Zombie on top of OpenWrt because of the distribution's simplicity and small size. Zombie is made up of roughly 80 packages, and its programs and configurations take up less than 125 MB of storage space. Here we assume that Zombie will run within the confines of a Xen hypervisor.

Establish the Zombie VM

Perform the following steps on the Xen Dom0 host to establish the VM which will host Zombie:

  1. Obtain the x86_64 OpenWrt image at https://downloads.lede-project.org/releases/17.01.1/targets/x86/64/lede-17.01.1-x86-64-combined-ext4.img.gz.
  2. Uncompress the image and place it at /var/lib/xen/images/zombie-lede-17.01.1-x86-64-combined-ext4.img on the Xen Dom0 host.
  3. Write the following at /etc/xen/vm-zombie.cfg on the Xen Dom0 host (replace XX:XX:XX:XX:XX:XX):
    name    = "zombie"
    memory  =  1024
    vcpus   =  1
    builder = "hvm"
    vif     = [ "model=e1000,script=vif-bridge,bridge=xenbr0,mac=XX:XX:XX:XX:XX:XX" ]
    disk    = [ "tap2:tapdisk:aio:/var/lib/xen/images/herald-lede-17.01.1-x86-64-combined-ext4.img ,xvda,w" ]
    serial  = "pty"

Software installation

Perform the following steps on Zombie:

  1. Set the root password: passwd.
  2. Remove unnecessary packages:
    opkg remove \
            kmod-ppp \
            kmod-pppoe \
            kmod-pppox \
            kmod-r8169 \
    	logd \
            luci-app-firewall \
            luci-lib-ip \
    	luci-lib-jsonc \
            luci-lib-nixio \
            luci-proto-ipv6 \
            luci-proto-ppp \
            luci-theme-bootstrap \
    	luci-mod-admin-full \
    	luci-base \
    	luci \
            mtd \
            odhcpd-ipv6only \
            ppp \
            ppp-mod-pppoe \
            r8169-firmware \
            uhttpd-mod-ubus \
  3. Configure networking by writing /etc/config/network:
    config interface loopback
    	option ifname lo
    	option proto static
    	option ipaddr
    	option netmask
    config interface lan
    	option ifname eth0
    	option proto dhcp
  4. Install the necessary software:
    opkg update
    opkg install \
            freifunk-watchdog \
  5. Install a public SSH key at /etc/dropbear/authorized_keys.

Configuring TFTP

Here we describe how to configure dnsmasq to provide a TFTP service.

  1. /etc/config/dhcp:
    config dnsmasq
    	option enable_tftp	1
    	option tftp_root	/usr/libexec/tftpboot
    	option localservice	1
    config dhcp lan
    	option ignore		1
  2. Create the directory /usr/libexec/tftpboot/pxelinux/bios/.
  3. Install the syslinux package on a Fedora host, and copy the files /usr/share/syslinux/{ldlinux.c32,libcom32.c32,libutil.c32,pxelinux.0,vesamenu.c32} to /usr/libexec/tftpboot/pxelinux/bios/ on Zombie.
  4. usr/libexec/tftpboot/pxelinux/bios/pxelinux.cfg/default:
    default vesamenu.c32
    prompt 1
    timeout 600
    display boot.msg
    label linux
    	menu label ^Install or upgrade an existing system
    	menu default
    	kernel vmlinuz
    	append initrd=initrd.img inst.repo=https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Everything/x86_64/os/ ks=https://www.flyn.org/kickstart/Fedora-31-x86_64-workstation.ks
  5. Create the directory /usr/libexec/tftpboot/pxelinux/efi/.
  6. Install the shim, grub2-efi, and grub2-efi-x64 packages on a Fedora host, and copy the file /boot/fedora/boot/efi/EFI/fedora/shim.efi to /usr/libexec/tftpboot/pxelinux/efi/ on Zombie.
  7. Copy the files /boot/fedora/boot/efi/EFI/fedora/grubx64.efi to /usr/libexec/tftpboot/ on Zombie.
  8. usr/libexec/tftpboot/grub.cfg:
    function load_video {
    	insmod efi_gop
    	insmod efi_uga
    	insmod video_bochs
    	insmod video_cirrus
    	insmod all_video
    set gfxpayload=keep
    insmod gzio
    menuentry 'Install Fedora 64-bit'  --class fedora --class gnu-linux --class gnu --class os {
    	linuxefi pxelinux/bios/vmlinuz ip=dhcp inst.repo=https://download.fedoraproject.org/pub/fedora/linux/releases/31/Everything/x86_64/os/ ks=https://www.flyn.org/kickstart/Fedora-31-x86_64-workstation.ks
    	initrdefi pxelinux/bios/initrd.img
  9. Copy https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Everything/x86_64/os/images/pxeboot/vmlinuz to usr/libexec/tftpboot/pxelinux/bios/vmlinuz.
  10. Copy https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Everything/x86_64/os/images/pxeboot/initrd.img to usr/libexec/tftpboot/pxelinux/bios/initrd.img.

Configuring DHCP

Add the following to /etc/config/dhcp on the host that provides your network's DHCP service (replace W.X.Y.Z and example.com with Zombie's IP address and domain name, respectively):

config boot linux                                 
	option serveraddress 'W.X.Y.Z' 
	option servername 'zombie.example.com'  
	option filename 'pxelinux/bios/pxelinux.0'

# For EFI:
# config boot linux                                 
#	option serveraddress 'W.X.Y.Z' 
#	option servername 'zombie.example.com'  
#	option filename 'pxelinux/efi/shim.efi'
Email: www@flyn.org — ✉ 6110 Campfire Court; Columbia, Maryland 21045; USA