Deploy Ubuntu 14.04 Desktop Using PXE

Deploy Ubuntu 14.04 Desktop Using PXE

This has to be the most poorly documented feature of Ubuntu ever. The more I use it the more I wonder if they aren't losing their focus for corporate use completely. It's almost enough to make me want to play with CentOS. With Ubuntu 12.04 Precise, you were able to deploy Desktop installations by using some files from the "Alternate Install" disk image and a full desktop image. Since you had a full desktop image right there, the install literally took 15 minutes or less from start to finish.

Under 14.04 (and actually several between 12.04 and 14.04 from the looks of it) things have changed. Canonical no longer offers an "Alternate Install" image for Ubuntu LTS. I thought - no problem, I can make this work, however it turns out that the Desktop installer "Casper" is very anti-PXE. In fact, the only way to install Ubuntu Desktop with PXE now appears to be to use the Ubuntu Server install image, and then have the installation download the desktop packages directly from Ubuntu (or your own caching server) one at a time. While I got this to work, an install now takes over twice as long.

Regardless, here's how to do it.

Configure the PXE server

This is complicated, and there are other tutorials out there that might cover this in more depth. In fact I covered it back in 2009. My point is to explain the differences with a 14.04 network install but here's the basics. You'll need a couple of things: A web server (Apache?), a TFTP server (tftpd-hpa) and a DHCP server.

The DHCP server needs the following options added to it (I'm assuming isc-dhcp-server here.) Replace the next-server IP address with the IP of your TFTP server. It can be the same or different from any of the other components, so it doesn't have to run on the same machine as the DHCP or Apache servers, but for ease of use you might do that.

filename "pxelinux.0";

On your Apache server you'll want to place a copy of the Ubuntu Server image CD. So basically download the Server ISO and do something like this:

sudo su -
mkdir /media/ubuntu
mount -o loop -t iso9660 ./ubuntu-14.04.2-server-amd64.iso /media/ubuntu
mkdir /var/www/ubuntu-14.04.amd64-server
cp -R /media/ubuntu/* /var/www/ubuntu-14.04.amd64-server
umount /media/ubuntu
rmdir /media/ubuntu

You'll also want to copy the contents of /var/www/ubuntu-14.04.amd64-server/install/netboot/ into the root of your TFTP server. Assuming it's on the same box something like this should do it:

cp -R /var/www/ubuntu-14.04.amd64-server/install/netboot/* /var/tftp/

Next, prepare the menu entry by editing the file at "/var/tftp/pxelinux.cfg/default" with an entry to install. Here's where some of the magic has to come into play - you need to specify the live-installer/net-image option here or the installer will end up failing. Here's an example entry for you:

LABEL Ubuntu 14.04 Desktop
	MENU LABEL Trusty 14.04 Desktop
	KERNEL ubuntu-installer/amd64/linux
	append vga=normal ks= initrd=ubuntu-installer/amd64/initrd.gz live-installer/net-image= hostname=desktop --

You'll also find that all the menu options from the CD-ROM are still available when you use PXE, so you might want to edit "/var/tftp/ubuntu-installer/amd64/boot-screens/menu.cfg" to remove anything you don't want. You'll also notice I'm setting an installer variable called "hostname" in this line. Since I don't pre-assign machine names in DNS (what a pain that would be) I want to be able to specify a machine name during install. Doing this lets me select the line with "tab" during install, arrow back over it and replace "desktop" with the actual machine name. My kickstart script below will use that variable to set the machine hostname.

Next, make a kickstart file.

To begin with you'll need to install system-config-kickstart on an already working Ubuntu 14.04 installation. This installs a client utility called "Kickstart" on your desktop. It helps you create the script that will set everything up properly for you. Unfortunately this is also one of those areas where Ubuntu is falling down in the enterprise domain, because a year after it's release, the package is actually still broken when you install it. So, here's the workaround

apt-get remove hwdata
sudo dpkg -i  hwdata_0.234-1_all.deb
sudo apt-get install system-config-kickstart

And be aware, after your next software update this will stop working. If that happens, simply run the wget and dpkg lines above again to make it work again. Now, run Kickstart from your desktop menu. You'll see something like this:

From here you'll want to flip through each tab and examine all the options.

For "Installation Method" pick "HTTP" and put in your web server address and "ubuntu-14.04.amd64-server" as the HTTP directory. I always set it to clear any installed hard drives and format using the recommended sizes, but you may need to preserve existing partitions on your network. Because I now use SSSD for configuring authentication, I don't use any of the network authentication configuration options from the Kickstart Configurator. You can even use this tool to set a root password at installation, or add a user account as well. One or the other should be done or you could very well end up with a system you can't log into if you don't have a perfect configuration for your network user authentication scheme.

Save the kickstart file and then open it back up in your favorite text editor. Scroll down to "%packages" and change it to be the following:


Actually, you may or may not want the SSH server installed on all of your desktops, but we use it for remote administration. We also configure it to NOT allow password logins, to be more secure.

Following %packages we'll add our custom scripting in %post. Now this is not something you can copy and paste. This is just an example of other things you can do. For instance, I find that the sources.list from a PXE install is often just wrong, so I deploy a standard sources.list file. I also deploy a custom home directory Skeleton file that I have precreated and ready for download on the webserver. I also run an apt-caching proxy on the same box as the web server, so we don't have to download all the packages from the Internet for every installation. One key thing though is installing "ubuntu-desktop" during this step. I tried initially to do that in the %packages section but because of the sources.list configuration during that step I was unable to do so.

%post --interpreter=/bin/bash
# Install a standard ubuntu desktop soruces.list
wget -O /etc/apt/sources.list
# Install my own home directory skeleton
wget -O /etc/trustyskel.tgz
cd /etc/
tar -zxf /etc/trustyskel.tgz
# Configure it to use my APT cache proxy
cat > /etc/apt/apt.conf.d/01proxy <<EOT
Acquire::http::Proxy "";
apt-get update -qq -y
apt-get install -qq -y ntpdate
# Update the time from my own NTP server
# Install desktop environment and sssd components I want for authentication
apt-get install -qq -y sssd libpam-sss libnss-sss ubuntu-desktop libnss3-tools libnss-ldap
# Install chrome
wget -q -O - | sudo apt-key add -
sudo sh -c 'echo "deb stable main" >> /etc/apt/sources.list.d/google.list'
apt-get update -qq -y
apt-get install -qq -y google-chrome-stable
# Remove games packaged with ubuntu-desktop
apt-get -qq -y remove gnome-games gbrainy gnome-games-common
# Make use of the hostname variable supplied on the startup line:
cat > /etc/hosts <<EOT       localhost       ${hostname} ${hostname}
hostname ${hostname}
echo ${hostname} > /etc/hostname

There's actually a lot more that I do from here in the script, including configuring SSSD, Puppet and more.

Once this file is ready, copy it to the root of your webserver as "ks-1404-64-desktop.cfg". It's a lot of steps, but once it's done you can install a new Ubuntu desktop image quickly and easily, with it preconfigured with your own known-good security configuration.

Posted by Tony on Mar 23, 2015 | Servers, Desktop Linux, PXE, Netboot