Create PfSense.md #13
Conversation
docs/PfSense.md
Outdated
| In order to boot PfSense via PXE and use unattended install, | ||
| you need the following: | ||
|
|
||
| 1. Extracted PfSense installation ISO exported via NFS. |
There was a problem hiding this comment.
@pkubaj please provide link to PfSense image you tested, so there will be no confusion in future. Please provide method of extracting or link to relevant documentation in the web.
| label PfSense | ||
| menu label PfSense | ||
| pxe images/pfsense/boot/pxeboot | ||
| ``` |
There was a problem hiding this comment.
@pkubaj why don't you add this entry to our configuation of PXE server ?
| The path `images/pfsense/boot/pxeboot` is relative to TFTP root directory. | ||
| It's a path to the PXE loader in the extracted PfSense installation image. | ||
|
|
||
| Unfortunately, there's no mechanism for unattended installation of PfSense. |
There was a problem hiding this comment.
@pkubaj any reference about that ?
There was a problem hiding this comment.
There's just no reference to unattended installation in the docs or in the official forum. It's possible though too install with Foreman.
https://doc.pfsense.org/index.php/Installing_pfSense - nothing here
Other people also ask about it:
https://forum.pfsense.org/index.php?topic=87212.0
https://forum.pfsense.org/index.php?topic=61112.0
https://forum.pfsense.org/index.php?topic=66024.0
Also, OPNSense, which forked from PfSense, also doesn't support it.
There was a problem hiding this comment.
@pkubaj please add this information as note to documentation. It would be very helpful for future developers.
|
|
||
| In order to extract the contents, you need to mount | ||
| the ISO with following commands (example from FreeBSD): | ||
| `mount_cd9660 /dev/$(mdconfig -a -t vnode -f pfSense-CE-2.3.4-RELEASE-amd64.iso) /mnt` |
There was a problem hiding this comment.
@pkubaj on Debian like systems it would be easier to use this:
mount -o loop pfSense-CE-2.3.4-RELEASE-amd64.iso /mnt and then rsync.
It also mounts an ISO image to target directory and creates a device node with name loopX.
I do not have mount_cd9660 command.
I got some errors when running rsync:
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1183) [sender=3.1.1]
There was a problem hiding this comment.
Considering that most of our target audience (and our validation team) use Linux, please provide examples using some modern, popular distro (e.g. Debian). FreeBSD examples are also welcome, but shouldn't be the only one - sorry :)
There was a problem hiding this comment.
@miczyg1 it looks that rsync couldn't transfer some files attributes exactly (like read/write/execute permissions).
There was a problem hiding this comment.
@mek-x is right and this shouldn't really matter.
| You need to have `rsync` installed. | ||
|
|
||
| 2. Relevant entry in DHCP server config: | ||
| `option root-path /srv/tftp/images/pfsense;` |
There was a problem hiding this comment.
@pkubaj I would appreciate to prepare a solution for a network without running DHCP server on linux machine. Please provide necessary kernel command line with nfs options if possible. I will be able then to reproduce it
There was a problem hiding this comment.
Sorry, this time you must adjust to the standard :)
https://www.freebsd.org/doc/handbook/network-diskless.html
"In order to provide the files needed for an operating system to boot over the network, a PXE setup also requires properly configured DHCP, TFTP, and NFS servers"
|
|
||
| In order to extract the contents, you need to mount | ||
| the ISO with following commands (example from FreeBSD): | ||
| `mount_cd9660 /dev/$(mdconfig -a -t vnode -f pfSense-CE-2.3.4-RELEASE-amd64.iso) /mnt` |
There was a problem hiding this comment.
Considering that most of our target audience (and our validation team) use Linux, please provide examples using some modern, popular distro (e.g. Debian). FreeBSD examples are also welcome, but shouldn't be the only one - sorry :)
| 1. Download ISO from https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-2.3.4-RELEASE-amd64.iso.gz | ||
|
|
||
| You should also check the SHA256 hash: | ||
| `sha256 -c 610b2a8c696e1d1854845d553ce8540debaab9d78ed6c15ce83872eaeac9d05f pfSense-CE-2.3.4-RELEASE-amd64.iso.gz` |
There was a problem hiding this comment.
I believe this is redundant. Please choose between providing the hash in command to execute or asking people to check it using the site. IMHO, I'm not a huge fan of putting such "harcoded" values in documentation (it's doing redundancy with the image owner's site).
There was a problem hiding this comment.
I have removed the info about website. SHA256 is hardcoded, because the command uses it.
docs/PfSense.md
Outdated
| @@ -0,0 +1,35 @@ | |||
| In order to boot PfSense via PXE, | |||
There was a problem hiding this comment.
PXE or iPXE? They're not exactly the same
|
|
||
| In order to extract the contents, you need to mount | ||
| the ISO with following commands (example from FreeBSD): | ||
| `mount_cd9660 /dev/$(mdconfig -a -t vnode -f pfSense-CE-2.3.4-RELEASE-amd64.iso) /mnt` |
There was a problem hiding this comment.
@miczyg1 it looks that rsync couldn't transfer some files attributes exactly (like read/write/execute permissions).
|
First thing: the iso mentioned in this paper is not appropiate. There is an image for memstick with serial console enabled: |
|
@miczyg1 please update documentation. |
This PR adds the configuration necessary to boot the PfSense install ISO.