AsimAli – IT Blog

Setting Up Cobbler on Rocky9

by

asimat
in

This guide was made using latest RockyLinux9.5 and latest Cobbler-3.3.7. Also, please note I use Windows DHCP and DNS, cobbler does not run DHCP or DNS, but PXE and TFTP services run on cobbler server.

1. Disable SELinux

setenforce 0
vi /etc/selinux/config  # Set SELINUX=disabled

2. Install EPEL Repository and Update System

dnf -y install epel-release
dnf -y update

3. Configure Firewall

Allow HTTP/HTTPS and samba.

  firewall-cmd --permanent --zone=public --add-service=http
  firewall-cmd --permanent --zone=public --add-service=https
  firewall-cmd --permanent --zone=public --add-service=samba

PXE and TFTP Ports

  firewall-cmd --add-port=69/tcp --permanent   #tftp service
  firewall-cmd --add-port=69/udp --permanent   #tftp service
  firewall-cmd --add-port=4011/udp --permanent #pxe/dhcp

Cobbler XML-RPC Ports

  firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 -p tcp --dport 25150 -j ACCEPT
  firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 -p tcp --dport 25151 -j ACCEPT
firewall-cmd --reload

4. Reboot System – optional

reboot

5. Install Necessary Package

  dnf -y install wget tar yum-utils debmirror pykickstart syslinux
  dnf -y install python3-pefile python3-hivex wimlib-utils syslinux-tftpboot samba
  dnf -y --enablerepo=crb install python3-hivex python3-sphinx
  dnf -y --enablerepo=highavailability install fence-agents-all

6. Add Cobbler Repository & Install cobbler

  cd /etc/yum.repos.d/
  wget https://download.opensuse.org/repositories/systemsmanagement:cobbler:release33/RockyLinux_9/systemsmanagement:cobbler:release33.repo
  dnf -y install cobbler

7. Configure Cobbler Settings

Edit cobbler settings

vi /etc/cobbler/settings.yaml

Update the following:

  • next_server_v4: 192.168.1.111 (Windows-AD/DHCP/DNS)
  • server: 192.168.1.20 (Cobbler Server IP)
  • enable_ipxe: true (Enable for iPXE)

Windows Settings

vi /etc/cobbler/settings.d/windows.settings

Update:

  • windows_enabled: true

8. Enable and Start Services

systemctl enable --now httpd
systemctl enable --now cobblerd

9. Validate Cobbler Setup

cobbler check
cobbler sync

10. Configure debmirror

  vi /etc/debmirror.conf  # Comment out `dists` and `arches`

11. Mount Windows 11 ISO and Import

Mount network storage and DVD:

yum install nfs-utils
mkdir /mnt/nas
showmount -e 192.168.1.2  # NFS NAS
mount -t nfs 192.168.1.2:/Asim/Soft /mnt/nas

mkdir /mnt/dvd
mount -r -t udf,iso13346 '/ISO/ /Win11/SW_DVD9_Win_Pro_11_23H2.ISO' /mnt/dvd

Import Windows image into Cobbler:

cobbler import --path=/mnt/dvd --name=win11

12. Download Rocky Linux ISO and Import

  wget https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9.5-x86_64-dvd.iso
  umount /mnt/dvd        # unmount 
  mount -r Rocky-9.5-x86_64-dvd.iso /mnt/dvd  # mount the iso
Import the ISO into Cobbler
cobbler import --name=Rocky-9.5 --arch=x86_64 --breed=redhat --path=/mnt/dvd

13. List Cobbler Profiles

cobbler profile list

14. Setting Up Samba Share

Samba Share is needed for the Windows Setup files to be copied during windows deployments.

Edit the Samba configuration file to add the following lines at the end:

vi /etc/samba/smb.conf

Add:

[DISTRO]
  comment = Windows distributions
  # path = /var/www/cobbler/distro_mirror
  path = /var/www/cobbler
  guest ok = yes
  browseable = yes
  public = yes
  writeable = no
  printable = no
  locking = no

15. Enable and Start Samba Services

systemctl enable --now smb
systemctl enable --now nmb

16. iPXE Setup

We are going to use iPXE. If you have a windows Domain Controller also running DHCP like in my environment, then DHCP option 66 & 67 will need to point to cobbler server and shimx64.efi

git clone https://github.com/ipxe/ipxe.git
cd ipxe/
cd src/
vi myscript.ipxe

copy the following code to myscript.ipxe, change cobbler server IP as needed.

#!ipxe
echo Configure dhcp …
dhcp
chain tftp://192.168.1.20/ipxe/default.ipxe
  yum install make gcc binutils perl xz xz-devel mtools mkisofs syslinux -y

  make bin/ipxe.lkrn bin-x86_64-efi/ipxe.efi EMBED=myscript.ipxe

  ./util/genfsimg -o ipxe.iso bin/ipxe.lkrn bin-x86_64-efi/ipxe.efi

  mkdir /mnt/{cdrom,disk}
  mount -o loop,ro /root/ipxe/src/ipxe.iso /mnt/cdrom
  mount -o loop,ro /mnt/cdrom/esp.img /mnt/disk

  cd /root
  wget https://github.com/ipxe/shim/releases/download/ipxe-15.7/ipxe-shimx64.efi
  cp ipxe-shimx64.efi /var/lib/tftpboot/shimx64.efi 
  cp /mnt/disk/EFI/BOOT/BOOTX64.EFI /var/lib/tftpboot/ipxe.efi 

 wget https://github.com/ipxe/wimboot/releases/latest/download/wimboot
  cp wimboot /var/lib/tftpboot

Start tftp service

systemctl enable --now tftp

Cobbler is now installed and setup for Windows and Linux OS Deployments.

17. Windows Answer File Tricks

If you are using VMs for testing and Windows11 fails because you don’t have TPM on the VM, the add the following to your answerfile:

vi /etc/cobbler/windows/answerfile.template

            <FullName>User</FullName>
            <Organization>Some Organization</Organization>
        </UserData>
        <RunSynchronous>
                            <RunSynchronousCommand wcm:action="add">
                                    <Order>1</Order>
                                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f</Path>
                            </RunSynchronousCommand>
                            <RunSynchronousCommand wcm:action="add">
                                    <Order>2</Order>
                                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f</Path>
                            </RunSynchronousCommand>
                            <RunSynchronousCommand wcm:action="add">
                                    <Order>3</Order>
                                    <Path>reg.exe add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f</Path>
                            </RunSynchronousCommand>
        </RunSynchronous>

I also added some more commands to the final phase (in answerfile) as explained below:

Command-1 or Order-1: Sets password expiry to false for user “localUser”.

Command-2 or Order-2: This will disable ipv6 as it gives me some issues in my environment.

Command-3 or Order-3: This is getting the output of Win.ks (autoinstall template) and saving the output to install.cmd

Command-4 or Order-4: This will run the above saved install.cmd.

           <FirstLogonCommands>
               <SynchronousCommand wcm:action="add">
                   <RequiresUserInput>false</RequiresUserInput>
                   <Order>1</Order>
                   <CommandLine>cmd /C wmic useraccount where "name='LocalUser'" set PasswordExpires=FALSE</CommandLine>
               </SynchronousCommand>
               <SynchronousCommand wcm:action="add">
                   <RequiresUserInput>false</RequiresUserInput>
                   <Order>2</Order>
                   <CommandLine>powershell -command "Get-NetAdapter | foreach { Disable-NetAdapterBinding -InterfaceAlias \$_.Name -ComponentID ms_tcpip6 }"</CommandLine>
               </SynchronousCommand>
               <SynchronousCommand wcm:action="add">
                   <RequiresUserInput>false</RequiresUserInput>
                   <Order>3</Order>
                   <CommandLine>powershell -command "& {\$WebClient = New-Object System.Net.WebClient; \$WebClient.DownloadFile('http://@@http_server@@/cblr/svc/op/autoinstall/profile/@@profile_name@@','c:\install.cmd')}"</CommandLine>
               </SynchronousCommand>
               <SynchronousCommand wcm:action="add">
                   <RequiresUserInput>false</RequiresUserInput>
                   <Order>4</Order>
                   <CommandLine>c:\install.cmd</CommandLine>
               </SynchronousCommand>
           </FirstLogonCommands>

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *