PXE Boot Installation of Rocky Linux Using Lorax, dnsmasq, and TFTP
Introduction
This article outlines the steps required to configure a PXE boot environment for Rocky Linux using Lorax to generate boot image and the Rocky Linux DVD image for creating the BaseOS and AppStream repositories.
This guide uses httpd
for serving the installation tree, dnsmasq
to provide DHCP and TFTP, and lorax
to generate EFI bootable installation media.
This setup enables automated network-based Rocky Linux installations over a local network.
Problem
Users often need to deploy Rocky Linux at scale without manually installing each system.
Manual DVD-based installation is not feasible in large environments or headless setups.
There is a need to set up a PXE boot environment that supports UEFI systems and provides the Rocky Linux installer via network boot.
Symptoms
Client machines are unable to PXE boot due to missing or misconfigured TFTP, HTTP, or DHCP services.
A boot fails with errors such as "no DHCP response", "file not found via TFTP", or "missing installation source".
UEFI systems may hang or drop to a shell if the GRUB configuration or bootloader path is incorrect.
Resolution
Prerequisites
-
root
access orsudo
privileges. -
A Rocky Linux DVD ISO.
-
Two machines, one as the PXE host and one as the PXE client directly connected to each other / on a segmented network and doesn't have DHCP servers running.
-
A working Internet connection.
Initial setup
- Install these required packages:
sudo dnf install -y lorax httpd tftp-server dnsmasq
- Enable the
httpd
andtftp
services:
sudo systemctl enable --now httpd
sudo systemctl enable --now tftp
- Download the Rocky Linux 10 DVD ISO (Rocky Linux 10 is the example used throughout this article):
wget https://download.rockylinux.org/pub/rocky/10/isos/x86_64/Rocky-10.0-x86_64-dvd1.iso
- Mount the ISO and copy its contents:
mkdir /mnt/dvd
sudo mount -o loop ~/Rocky-10.0-x86_64-dvd1.iso /mnt/dvd
sudo mkdir -p /var/www/html/rocky10-dvd
sudo cp -av /mnt/dvd/. /var/www/html/rocky10-dvd/
Boot image generation
- Generate the Rocky Linux 10 boot image:
sudo lorax --product "RockyLinux" --version "10" --release "10" --source "https://download.rockylinux.org/pub/rocky/10/BaseOS/x86_64/os/" --source "https://download.rockylinux.org/pub/rocky/10/AppStream/x86_64/os/" --isfinal --logfile lorax.log --buildarch x86_64 --volid "RL10_LIVENET" /tmp/lorax-out
- Copy the PXE boot files:
sudo mkdir -p /var/lib/tftpboot/rocky10
sudo cp /tmp/lorax-out/images/pxeboot/{vmlinuz,initrd.img} /var/lib/tftpboot/rocky10/
- Copy the installer stage 2 files:
sudo cp -r /tmp/lorax-out/images/ /var/www/html/rocky10/
- Mount the EFI boot image:
mkdir /tmp/efiboot
sudo mount -o loop /tmp/lorax-out/images/efiboot.img /tmp/efiboot
- Copy UEFI boot files:
sudo mkdir -p /var/lib/tftpboot/rocky10/EFI/BOOT
sudo cp -av /tmp/efiboot/EFI/BOOT/* /var/lib/tftpboot/rocky10/EFI/BOOT/
Grub configuration
- Configure GRUB:
cat << "EOF" | sudo tee /var/lib/tftpboot/rocky10/EFI/BOOT/grub.cfg
menuentry 'Rocky Linux 10 Install (PXE Boot)' {
linuxefi /rocky10/vmlinuz inst.stage2=http://192.168.1.150/rocky10 inst.repo=http://192.168.1.150/rocky10-dvd
initrdefi /rocky10/initrd.img
}
EOF
- Configure
dnsmasq
for PXE boot:
cat << "EOF" | sudo tee /etc/dnsmasq.conf
interface=enp2s0
bind-interfaces
domain-needed
bogus-priv
log-dhcp
dhcp-range=192.168.1.2,192.168.1.249,12h
dhcp-boot=rocky10/EFI/BOOT/grubx64.efi
enable-tftp
tftp-root=/var/lib/tftpboot
EOF
- Restart services:
sudo systemctl restart dnsmasq
sudo systemctl restart httpd
- Allow services through the firewall:
sudo firewall-cmd --add-service=tftp --permanent
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=dns --permanent
sudo firewall-cmd --add-service=dhcp --permanent
sudo firewall-cmd --reload
- Disable SELinux:
sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
Root cause
PXE boot environments require coordination between DHCP, TFTP, and HTTP services.
Incorrect or missing files, misconfigured GRUB boot paths, or firewall/SELinux restrictions can prevent PXE booting from succeeding.
Without properly generated and served installer images and boot files, UEFI systems cannot retrieve necessary components to launch the installer.
Notes
This guide is written for UEFI PXE clients only.
Legacy BIOS support would require additional configuration changes to use pxelinux.0
or GRUB BIOS equivalents.
Ensure that the interface=
line in dnsmasq.conf
matches your actual network interface name.
Network clients must be on the same subnet as the PXE server.