1. Overview

Linux distributions often provide ways for entirely network-based installation. In particular, this enables administrators to set up a central server containing the installation files. Thus, client machines can boot and install Linux remotely via so-called net booting. Net booting requires a small set of packages to start the installation. The rest of the packages are then downloaded during installation.

A network installer can be a good choice for systems without a GUI. Similarly, for a large number of systems, network installers can be very helpful. Also, net booting usually downloads the latest packages. Thus, we’ve got no immediate need to upgrade them.

In this tutorial, we’ll see the steps to install Ubuntu over a network. Moreover, we’ll install Ubuntu 20.04 in UEFI mode.

2. Prerequisites

Before proceeding with the network installation, let’s ensure we’ve some prerequisites:

  • server machine running Ubuntu or another Linux distribution (IP address: 192.168.29.45)
  • client machine with a network boot option enabled in the BIOS or UEFI settings
  • DHCP server setup to provide IP addresses to the client machines
  • network connectivity between the server and client machines

Also, we’re using VMware virtualization to test the client machine.

3. Steps

To summarize, network installation requires several steps:

  1. installing and configuring the dnsmasq, TFTP server, and NFS server
  2. mounting Ubuntu ISO file
  3. transferring boot files to the TFTP root directory
  4. setting GRUB
  5. setting UEFI boot option on the client machine
  6. booting the VM

Additionally, using a UEFI boot facilitates the secure boot option.

4. Setting up the Network Installation Server

There are several required packages on the server side. In addition to installing them, we might need to change some package settings.

4.1. Installing and Configuring dnsmasq

dnsmasq serves as an easy-to-setup DHCP and DNS server for network installation. Further, it offers combined DNS and DHCP functionality for the local area network (LAN).

First, we install dnsmasq:

$ sudo apt install dnsmasq

After that, we edit the dnsmasq config file, /etc/dnsmasq.conf.

Next, we add entries for the DHCP configuration in this file:

$ cat /etc/dnsmasq.conf
...
interface=wlo1
bind-interfaces
dhcp-range=192.168.29.150,192.168.29.240,255.255.255.0,8h
dhcp-option=option:router,192.168.29.1
dhcp-option=option:dns-server,192.168.29.1
dhcp-boot=bootx64.efi,192.168.29.45

Let’s break down each setting:

  • interface=wlo1: specifies the network interface (wlo1) that dnsmasq should listen on for DNS and DHCP requests
  • bind-interfaces: binds the DHCP and DNS services to the IP address of the specified interface
  • dhcp-range=…: defines the DHCP range and lease time
  • dhcp-option=…router…: sets the DHCP option for the router (gateway) IP address to 192.168.29.1
  • dhcp-option=…dns-server…: sets the DHCP option for the DNS server IP address to 192.168.29.1
  • dhcp-boot=bootx64.efi,..: specifies the file to be used for net booting and the IP address of the TFTP server

Later, we restart the dnsmasq service:

$ sudo systemctl restart dnsmasq

Thus, the new settings should now be in effect.

4.2. Installing and Configuring TFTP

Next, we set up a TFTP server to serve the installation files.

So, let’s install the TFTP server:

$ sudo apt install tftpd-hpa

Next, we create the TFTP root directory, if not already present, since it stores the installation files:

$ sudo mkdir /srv/tftp

Markedly, TFTP has a config file at /etc/default/tftpd-hpa. In this file, we set the TFTP parameters:

$ cat /etc/default/tftpd-hpa
# /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS=":69"
TFTP_OPTIONS="--secure"

Let’s see the meaning of the parameter in the above file:

  • TFTP_USERNAME=”tftp”: specifies the username under which the TFTP server runs
  • TFTP_DIRECTORY=”/srv/tftp”: defines the root directory on the filesystem where the TFTP server looks for files to serve
  • TFTP_ADDRESS=”:69″: the format :69 indicates that the TFTP server listens on all available network interfaces (0.0.0.0) on port 69
  • TFTP_OPTIONS=”–secure”: prevents access to files outside of the TFTP directory specified by TFTP_DIRECTORY

Subsequently, we restart the TFTP server:

$ sudo systemctl restart tftpd-hpa

Finally, this completes the TFTP server setup.

4.3. Installing and Configuring NFS

Let’s now install the NFS kernel server package:

$ sudo apt install -y nfs-kernel-server

Further, we edit the /etc/exports file to share the TFTP root directory over NFS:

$ cat /etc/exports
...
/srv/tftp *(ro,sync,no_root_squash,insecure,no_subtree_check)

Let’s break down the above options:

  • ro: exported file system is mounted as read-only
  • sync: the NFS server replies to new requests only once old requests are completed
  • no_root_squash: remote user can get root privileges
  • insecure: enables NFS service to be run by a non-root user
  • no_subtree_check: don’t check the subdirectories exported for the requested file

Finally, we export the NFS share:

$ sudo exportfs -a

Several other options can also be used to control how the shared file system is mounted.

5. Obtaining Ubuntu Installation Files

Before starting the installation, let’s ensure we have the necessary files ready.

Essentially, to acquire them, we download the ISO file for Ubuntu 20.04.

5.1. Downloading Ubuntu ISO

Let’s create the focal subdirectory inside the TFTP root directory to store the ISO file:

$ sudo mkdir /srv/tftp/focal

Then, we download the Ubuntu 20.04 ISO file and place it in the focal directory:

$ wget https://www.releases.ubuntu.com/focal/ubuntu-20.04.6-desktop-amd64.iso -O /srv/tftp/focal/ubuntu-20.04.6-desktop-amd64.iso

Alternatively, we can copy the existing ISO file on the system to the focal directory.

5.2. Extracting ISO Contents

Let’s move to the TFTP root directory:

$ cd /srv/tftp/

Next, we create a mount subdirectory /mnt/iso:

$ sudo mkdir /mnt/iso

Then, we mount the ISO file at /mnt/iso using a loop device:

$ sudo mount focal/ubuntu-20.04.6-desktop-amd64.iso /mnt/iso -o loop
mount: /mnt/iso: WARNING: device write-protected, mounted read-only.

A loop device enables a file to be mounted like a physical block device. Thus, the file system inside the file is now mounted.
This way, we can see and read the contents of the ISO file in the /mnt/iso directory.

Further, we copy the necessary boot files from /mnt/iso to the focal directory:

$ sudo cp -a /mnt/iso/. focal/
$ sudo cp -rf /mnt/iso/* focal/
$ sudo cp /mnt/iso/casper/{vmlinuz,initrd} focal/

Finally, we unmount the ISO file:

$ sudo umount /mnt/iso

Additionally, we can also remove the .iso file from the server to save on server space:

$ sudo rm focal/ubuntu-20.04.6-desktop-amd64.iso

Thus, the TFTP root directory can now serve the files over the network.

6. Creating GRUB Boot Menu

To network boot the client machine, we need a GRUB config file and support files.

6.1. Creating GRUB Config File

First, we create a subdirectory, grub, inside /srv/tftp:

$ sudo mkdir grub

Next, we create the GRUB config file in the grub directory:

$ cat grub/grub.cfg
menuentry "Focal - OS" {
linux /focal/vmlinuz ip=dhcp netboot=nfs nfsroot=192.168.29.45:/srv/tftp/focal/ boot=casper root=/dev/ram0 maybe-ubiquity
echo "Loading Ram Disk..."
initrd /focal/initrd
}

The above GRUB menu performs multiple actions on the client machine:

  • creates a menu entry as Focal – OS
  • gets an IP address from DHCP
  • sets the netboot option to NFS
  • sets the NFS directory path on the remote server
  • launches the Ubiquity installer with maybe-ubiquity
  • loads the compressed kernel vmlinuz
  • specifies the initrd file
  • uses the casper boot option, which is used for Live CD/USB environments

Also, while booting, the grub menu shows the Loading Ram Disk… message.

6.2. Downloading SHIM and GRUB Files

On UEFI systems, SHIM acts as a lightweight initial boot loader. Moreover, SHIM simplifies the signing complexity introduced by Microsoft’s Secure Boot requirement.

To be clear, the GRUB bootloader (GRUB 2) doesn’t have a universally trusted Microsoft key signature. Thus, UEFI Secure Boot can’t directly validate it. Since SHIM possesses a Microsoft key signature, Secure Boot can easily validate it. Thus, it can chainload other EFI binaries, like GRUB.

Let’s download the SHIM, GRUB, and grub-common .deb files to /tmp:

$ cd /tmp
$ apt-get download shim.signed -y
$ apt download grub-efi-amd64-signed
$ apt download grub-common

Next, we copy the signed SHIM binary, signed GRUB binary, and GRUB font file to the TFTP root directory:

$ sudo sh -c 'dpkg-deb --fsys-tarfile /tmp/shim-signed*deb | tar x ./usr/lib/shim/shimx64.efi.signed.latest -O > /srv/tftp/bootx64.efi'
$ sudo sh -c 'dpkg-deb --fsys-tarfile /tmp/grub-efi-amd64-signed*deb | tar x ./usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed -O > /srv/tftp/grubx64.efi'
$ sudo sh -c 'dpkg-deb --fsys-tarfile grub-common*deb | tar x ./usr/share/grub/unicode.pf2 -O > /srv/tftp/unicode.pf2'

In the above commands, dpkg-deb extracts the .deb package using the –fsys-tarfile option. It then pipes the output to STDOUT in .tar format.

Then, tar extracts several files within the tar stream:

  • shimx64.efi.signed.latest
  • grubnetx64.efi.signed
  • unicode.pf2

Finally, the redirection operator writes the files to the TFTP directory with the specified file names.

7. Starting Network Installation on Client Machines

To test the above setup, let’s create a virtual machine in VMware.

We can set up a new VM with the option to later install the OS:

VMware VM Config

 

After completing the VM setup, we open the VM settings. Now, we change the firmware type to UEFI:

UEFI Firmware For VM

After these changes, we keep the rest of the settings to the default ones:

VMware VM Summary

Now, let’s start the client machine:

VM Grub Menu

Thus, the VM boots from the network. Finally, we can start the Ubuntu installation process.

8. Conclusion

In this article, we’ve successfully set up a network installation server for Ubuntu. Client machines can now boot from the network. Similarly, multiple machines can install Ubuntu at the same time. Further, we don’t need a physical media.

Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.