Environment Information
-
PXE Server IP:
<span>10.1.100.97</span> -
Gateway:
<span>10.1.100.1</span> -
DHCP Address Pool:
<span>10.1.100.91</span>to<span>10.1.100.93</span> -
System Architecture: aarch64 (ARM64)
Step 1: Environment Preparation
1.1 Set Static IP
Ensure your PXE server has a static IP <span>10.1.100.97</span>.
# Please replace eth0 with your actual network interface name
nmcli connection modify eth0 ipv4.addresses 10.1.100.97/24
nmcli connection modify eth0 ipv4.gateway 10.1.100.1
nmcli connection modify eth0 ipv4.dns "10.1.100.1"
nmcli connection modify eth0 ipv4.method manual
nmcli connection up eth0
1.2 Disable Firewall and SELinux (Testing Environment)
To simplify configuration, we will disable them. In a production environment, please open ports as needed.
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld
Step 2: Install and Configure Dnsmasq (DHCP + TFTP)
2.1 Install Required Software
You already have <span>dnsmasq</span>, we also need <span>httpd</span> to provide the installation source.
dnf install -y httpd
2.2 Configure Dnsmasq
Create a new, clean configuration file, ensuring correct syntax is used.
cat > /etc/dnsmasq.conf <<EOF
# Network interface to listen on (please replace eth0 with your actual network interface name)
interface=eth0
# DHCP configuration (use your specified address pool and gateway)
dhcp-range=10.1.100.91,10.1.100.93,12h
dhcp-option=option:router,10.1.100.1
dhcp-option=option:dns-server,10.1.100.1
# Use numeric code 28 to specify broadcast address for better compatibility
dhcp-option=28,10.1.100.255
# PXE Boot configuration (for aarch64 UEFI)
dhcp-match=set:efi-aarch64,option:client-arch,11
dhcp-match=set:efi-aarch64,option:client-arch,19
dhcp-boot=tag:efi-aarch64,efi/grubaa64.efi
# Enable TFTP service
enable-tftp
tftp-root=/var/lib/tftpboot
# Enable logging (optional, for troubleshooting)
log-queries
log-dhcp
EOF
2.3 Start Dnsmasq
systemctl enable --now dnsmasq
systemctl status dnsmasq # Ensure status is active (running)
Step 3: Prepare Boot Files
3.1 Download and Mount boot.iso
# Download boot.iso
wget http://mirrors.aliyun.com/rockylinux/10.0/isos/aarch64/Rocky-10.0-aarch64-boot.iso
# Create mount point and mount
mkdir -p /mnt/iso
mount -o loop Rocky-10.0-aarch64-boot.iso /mnt/iso
3.2 Copy Boot Files to TFTP Directory
# Create TFTP directory and set permissions
mkdir -p /var/lib/tftpboot/efi
chown -R nobody:nobody /var/lib/tftpboot
# Copy UEFI bootloader, kernel, and initial RAM disk
cp /mnt/iso/EFI/BOOT/grubaa64.efi /var/lib/tftpboot/efi/
cp /mnt/iso/images/pxeboot/vmlinuz /var/lib/tftpboot/
cp /mnt/iso/images/pxeboot/initrd.img /var/lib/tftpboot/
chmod 755 /var/lib/tftpboot/efi/grubaa64.efi
mkdir /tftpboot/efi
ln -sf /var/lib/tftpboot/efi/grubaa64.efi /tftpboot/efi/grubaa64.efi
cp -r /mnt/iso/EFI/BOOT /var/lib/tftpboot/
chown -R nobody:nobody /var/lib/tftpboot/BOOT
chmod -R 755 /var/lib/tftpboot/BOOT
Step 4: Configure HTTP Installation Source
We will use <span>httpd</span> to provide the complete installation system files.
# Create installation source directory
mkdir -p /var/www/html/rocky10
# Copy all mounted ISO content
rsync -avzH /mnt/iso/ /var/www/html/rocky10/
# Change permissions, if you are using nginx, use chown -R nginx:nginx /var/www/html/rocky10
chown -R apache:apache /var/www/html/rocky10
# Start and enable httpd to run on boot
systemctl enable --now httpd
Step 5: Create Kickstart File (Core of Unattended Installation)
5.1 Create <span>ks.cfg</span> File
This is an “answer file” for automated installation.
cat > /var/www/html/ks.cfg << 'EOF'
# Rocky Linux 10 Unattended Installation Kickstart File (Final Successful Version v12 - Allows Root Remote Login)
# Main installation source points to BaseOS
url --url="http://10.1.100.97/rocky10/BaseOS/"
repo --name="AppStream" --baseurl="http://10.1.100.97/rocky10/AppStream/"
text
lang en_US.UTF-8
keyboard --vckeymap=us --xlayouts='us'
timezone Asia/Shanghai
services --disabled=chronyd
network --bootproto=dhcp --device=link --activate
rootpw --plaintext Apple2009@
# --- Correct bootloader command for UEFI ---
bootloader --location=none
# --- Disk partitioning configuration ---
ignoredisk --only-use=vda
clearpart --all --initlabel
# Create standard partitions
part /boot/efi --fstype=efi --size=500 --ondisk=vda
part /boot --fstype=ext4 --size=1024 --ondisk=vda
# Create LVM physical volume, using all remaining space
part pv.01 --grow --ondisk=vda
# Create volume group and logical volumes
volgroup rocky --pesize=4096 pv.01
logvol / --vgname=rocky --name=root --size=40960 --fstype=ext4
logvol swap --vgname=rocky --name=swap --size=2048 --fstype=swap
logvol /home --vgname=rocky --name=home --size=1024 --grow --fstype=ext4
%packages
@core
@standard
%end
%post --log=/root/ks-post.log
# --- Automatically configure SSH to allow root login after installation ---
# 1. Use sed command to modify /etc/ssh/sshd_config file
# -i means to modify the file directly
# 's/^#\?PermitRootLogin.*/PermitRootLogin yes/' this regex will find
# the line starting with '#' or not and replace it with 'PermitRootLogin yes'
sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
# 2. Ensure SSH service starts automatically on system boot (although usually default, explicitly specifying is more reliable)
systemctl enable sshd
echo "Kickstart installation completed successfully!" > /etc/motd
%end
reboot
EOF
5.2 Set File Permissions
chmod 644 /var/www/html/ks.cfg
chown apache:apache /var/www/html/ks.cfg
Step 6: Configure GRUB Boot Menu
Create a GRUB configuration file that points to the Kickstart file.
cat > /var/lib/tftpboot/efi/grub.cfg <<EOF
setdefault="0"
settimeout=5
# Unattended installation menu item (default)
menuentry "Install Rocky Linux 10 aarch64 (Automated)" {
linux /vmlinuz inst.repo=http://10.1.100.97/rocky10/ inst.ks=http://10.1.100.97/ks.cfg
initrd /initrd.img
}
# Keep a manual installation menu item for emergencies
menuentry "Install Rocky Linux 10 aarch64 (Manual)" {
linux /vmlinuz inst.repo=http://10.1.100.97/rocky10/
initrd /initrd.img
}
EOF
chown nobody:nobody /var/lib/tftpboot/efi/grub.cfg
chmod 644 /var/lib/tftpboot/efi/grub.cfg
Step 7: Final Check and Client Testing
7.1 Check Service Status
Ensure all critical services are running:
systemctl status dnsmasq
systemctl status httpd
7.2 Verify File Accessibility
Run the following commands on the server to ensure clients can access critical files over the network:
# Check Kickstart file
curl http://10.1.100.97/ks.cfg
# Check installation source
curl http://10.1.100.97/rocky10/
7.3 Boot Client
-
Connect your aarch64 client to the same network.
-
Power on and enter BIOS/UEFI settings, select network boot (PXE Boot).
-
The client will automatically obtain an IP (
<span>10.1.100.91-93</span>one of them), load the GRUB menu, and default to selecting the “Automated” item to start the unattended installation. -
The entire process requires no manual intervention, and the system will automatically reboot after installation is complete.