Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / Setting up an HTTP Boot server

Setting up an HTTP Boot server

Publication Date: 05 Dec 2024
WHAT?

This article shows you how to configure DNS, DHCP, and HTTP on a single machine to act as an HTTP Boot server.

WHY?

HTTP Boot can remotely install operating systems from an HTTP URL. While PXE can only deploy images to servers in a local subnet, HTTP Boot can deploy images to servers across different subnets in routed networks, and can quickly transfer larger files, such as the Linux kernel and root file system.

EFFORT

Approximately 30 minutes to set up an HTTP Boot server.

GOAL

Use this server to remotely install operating systems on clients that support HTTP Boot. Consult the relevant documentation for information on how to enable HTTP Boot on client machines.

REQUIREMENTS
  • SUSE Linux Enterprise Server is installed and up to date on your server.

  • Networking is configured on your server.

  • You have a SUSE Linux Enterprise Server ISO image available.

  • If you want to enable SSL support, you must have an SSL certificate installed on your server.

1 Configuring the DNS server

Configuring the DNS server allows you to assign a user-friendly name to the HTTP Boot server.

In this procedure, replace the example host names and IP addresses with the appropriate values for your server.

  1. Install the dnsmasq package:

    > sudo zypper install dnsmasq
  2. Add the following lines to the /etc/dnsmasq.conf file:

    interface=eth0
    addn-hosts=/etc/hosts.conf
  3. Assign a domain name to the IP addresses in the /etc/hosts.conf file:

    192.168.111.1 www.httpboot.local
    2001:db8:f00f:cafe::1 www.httpboot.local
  4. Enable and start the DNS server:

    > sudo systemctl enable --now dnsmasq
Note
Note: Use the shim boot loader

Because of a change in UEFI 2.7, we recommend using a shim boot loader from SUSE Linux Enterprise 15 or newer to avoid potential errors caused by the additional DNS node.

2 Configuring the HTTP server

The HTTP server provides the installation sources to clients.

  1. Install the apache2 package:

    > sudo zypper install apache2
  2. In the root directory of the HTTP Boot server (/srv/www/htdocs/), create a subdirectory for the installation content. For example, /srv/www/htdocs/sle/:

    > sudo mkdir /srv/www/htdocs/sle
  3. Copy or extract all of the files from the ISO to the new directory.

  4. To configure the boot menu, edit the /srv/www/htdocs/sle/EFI/BOOT/grub.cfg file using the following example as a reference:

     menuentry 'Installation IPv4' --class opensuse --class gnu-linux --class gnu --class os {
      set gfxpayload=keep
      echo 'Loading kernel ...'
      linuxefi /sle/boot/x86_64/loader/linux install=http://www.httpboot.local/sle
      echo 'Loading initial ramdisk ...'
      initrdefi /sle/boot/x86_64/loader/initrd
     }
    
     menuentry 'Installation IPv6' --class opensuse --class gnu-linux --class gnu --class os {
      set gfxpayload=keep
      echo 'Loading kernel ...'
      linuxefi /sle/boot/x86_64/loader/linux install=http://www.httpboot.local/sle ipv6only=1 ifcfg=*=dhcp6,DHCLIENT6_MODE=managed
      echo 'Loading initial ramdisk ...'
      initrdefi /sle/boot/x86_64/loader/initrd
     }
  5. Enable and start apache2:

    > sudo systemctl enable --now apache2

3 Configuring the DHCP server

The DHCP server provides IP addresses and other networking information to clients.

In this procedure, replace the example IP addresses and subnets with the appropriate values for your system.

  1. Install the dhcp-server package:

    > sudo zypper install dhcp-server
  2. Edit the /etc/sysconfig/dhcpd file to specify the network interface for the DHCPv4 and DHCPv6 servers:

    DHCPD_INTERFACE="eth0"
    DHCPD6_INTERFACE="eth0"
  3. To configure the DHCPv4 server, edit the /etc/dhcpd.conf file using the following example as a reference:

    option domain-name-servers 192.168.111.1;
    option routers 192.168.111.1;
    default-lease-time 14400;
    ddns-update-style none;
    subnet 192.168.111.0 netmask 255.255.255.0 {
      range dynamic-bootp 192.168.111.100 192.168.111.120;
      default-lease-time 14400;
      max-lease-time 172800;
      option vendor-class-identifier "HTTPClient"; 1
      filename "http://www.httpboot.local/sle/EFI/BOOT/bootx64.efi"; 2
    }

    1

    The vendor class ID must be HTTPClient. The client uses this ID to identify an HTTP Boot offer.

    2

    The boot URL must point to the installation directory on the HTTP server.

  4. To configure the DHCPv6 server, edit the /etc/dhcpd6.conf file using the following example as a reference:

    option dhcp6.bootfile-url code 59 = string;
    option dhcp6.vendor-class code 16 = {integer 32, integer 16, string};
    subnet6 2001:db8:f00f:cafe::/64 {
            range6 2001:db8:f00f:cafe::42:10 2001:db8:f00f:cafe::42:99;
            option dhcp6.bootfile-url "http://www.httpboot.local/sle/EFI/BOOT/bootx64.efi"; 1
            option dhcp6.name-servers 2001:db8:f00f:cafe::1;
            option dhcp6.vendor-class 0 10 "HTTPClient"; 2
    }

    1

    The boot URL must point to the installation directory on the HTTP server.

    2

    The vendor class option must consist of the enterprise number, the vendor class length, and the vendor class content. The HTTP Boot driver ignores the enterprise number, so you can set it to 0. The vendor class length must 10, and the content must be HTTPClient. The client uses this ID to identify an HTTP Boot offer.

  5. Start the DHCP servers:

    > sudo systemctl enable --now dhcpd
    > sudo systemctl enable --now dhcpd6

4 Enabling SSL support for the HTTP server (optional)

To use HTTPS Boot, you must convert an SSL certificate into the DER format and enroll it into the client's firmware.

This procedure assumes that you already have an SSL certificate installed on your server.

  1. Convert the certificate into the DER format:

    > sudo openssl x509 -in CERTIFICATE.crt -outform der -out CERTIFICATE.der
  2. Enroll the server certificate into the client firmware. The procedure for enrolling the converted certificate depends on the client. For some hardware, you must enroll the certificate manually using an external storage device with the certificate on it. For machines with Redfish support, you can enroll the certificate remotely. Consult the documentation for your specific client for more information on enrolling certificates.

  3. Edit the /etc/sysconfig/apache2 file to add the SSL flag:

    APACHE_SERVER_FLAGS="SSL"
  4. In the same file, ensure that the ssl module appears in the APACHE_MODULES list:

    > sudo grep 'APACHE_MODULES.*ssl' /etc/sysconfig/apache2
    APACHE_MODULES="actions alias auth_basic authn_core authn_file authz_host
    authz_groupfile authz_core authz_user autoindex cgi dir env expires include
    log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
  5. Copy the private key and the certificate to the /etc/apache2/ directory:

    > sudo cp server.key /etc/apache2/ssl.key/
    > sudo chown wwwrun /etc/apache2/ssl.key/server.key
    > sudo chmod 600 /etc/apache2/ssl.key/server.key
    > sudo cp server.crt /etc/apache2/ssl.crt/
  6. Create the SSL vhost configuration:

    > sudo cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/vhost-ssl.conf
  7. Edit the /etc/apache2/vhosts.d/vhost-ssl.conf file to change the private key and the certificate to the following values:

    SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
  8. Restart Apache to activate the SSL support:

    > sudo systemctl restart apache2
  9. Replace the http:// prefix with https:// in the /etc/dhcpd.conf and /etc/dhcpd6.conf files:

    filename "https://www.httpboot.local/sle/EFI/BOOT/bootx64.efi";
    option dhcp6.bootfile-url "https://www.httpboot.local/sle/EFI/BOOT/bootx64.efi";
  10. Restart the DHCP servers:

    > sudo systemctl restart dhcpd
    > sudo systemctl restart dhcpd6

5 Troubleshooting HTTP Boot

This section helps you troubleshoot issues with HTTP Boot.

RP filter dropping DHCPv6 packets

If DHCPv6 packets are dropped by the RP filter in the firewall, check the firewall log. If it contains the rpfilter_DROP entry, disable the filter using the following configuration in /etc/firewalld/firewalld.conf:

IPv6_rpfilter=no