Creating Bare Metal Profiles for Linux Images

Create Bare Metal profiles from the Image Library dashboard to perform bare metal deployments on Linux targets.

Select a Linux image (.LIM) and click Create Bare Metal Profile.

A wizard with the information retrieved from the selected Linux image is displayed. Some field values are already set but you can change them as appropriate. The fields apply depending on whether the selected image is captured or created from installation media.

Important:
  • Bare metal deployments of Linux Ubuntu Desktop are supported only for captured images. Setup images are not supported.
  • The boot mode of the captured image must match the boot mode of the computer where the image is deployed. For example, if you select an image that was captured on a machine booted in UEFI mode, it must be deployed to a target that booted in UEFI mode.
  • If you deploy a RHEL 8.0 (CentOS 8.0) capture image with LVM partitions, RHEL 8 (CentOS 8) version 1 resource is recommended instead of RHEL 8 (CentOS 8) version 0.
  • If you deploy a SLES/SLED 12 capture image, patch level 3 resource is recommended for the operating systems SLES/SLED 12 patch level 3 or lower.

You can deploy your bare metal profiles in multicast, if your network supports it, by specifying the required parameters in the Multicast tab.

The default network configuration for targets is DHCP. You can specify different network configuration parameters for the targets receiving the profile by using the Network tab. If your targets have multiple network interface cards, use the Change Bare Metal Target Network Configuration task (354) to configure them.

Note: If you specify a value enclosed by {} (curly brackets) for a field in the wizard or for a parameter value in the Manual tab, the enclosed value is considered as a relevance that will be evaluated. You must ensure that the syntax of the values enclosed by the curly brackets is correct. If you want to use the curly bracket as part of the field value without a relevance substitution, you must specify it with a double curly bracket at the beginning, for example:
{{yes}
Common bare metal profile fields (both setup and captured images)

Required fields:

Display name
The name of the bare metal profile created from the image that you selected. by default it is the same name as the image.
Image Locale
Choose the image locale for the operating system if different form the preset one.
Time Zone
Select the time zone of the target operating system
Hostname Rule
Specify the hostname rule that will be used to build the hostname, computer name, and full computer name of the target. You can specify values in the following forms:
  • A prefix.
  • A prefix and one or more variables.
  • One or more variables.
There is a limit of 8 alphanumeric characters if you specify a prefix only. If you specify an asterisk (*) as prefix, the target hostname is set to a string formed by the characters OSDOSD- followed by a string assigned by the operating system. Variables must be specified in the form [variable] enclosed by square brackets. You can concatenate variables. Allowed variables are:
  • [IP] - IP Address of the primary interface that has completed a PXE boot
  • [MAC] - Hardware Address of the primary interface that has completed the PXE boot)
  • [UUID] - System UUID as found in DMI (SMBIOS)
  • [SN] - Serial number as found in DMI (SMBIOS)
  • [AT] - Asset TAG as found in DMI (SMBIOS)
  • [BBSN] - Base Board Serial Number as found in DMI (SMBIOS)

Every variable keyword supports a range extension, and you can decide to include only part of the information. The range starts at value zero. The value [IP3] corresponds to the last byte of the IP address. In IP addresses bytes are separated by dots. For example, if you specify a hostname rule of pc-[IP3] and the IP address of the target is 192.168.0.232, the hostname becomes pc-232. If you specify [IP0-2], the first three bytes of the IP address are included. For SN, UUID, AT, and BBSN values, the range corresponds to a substring. You can also add R at the end of the range to start it from the last character specified. Dots are always removed from the IP address in the final string.

Note: If the deployment is started from network boot media, the IP address used in the hostname rule is the one assigned during the network boot.
Root Password
Specify the root password for the target system. You are asked to specify it twice.

The following figure displays a bare metal profile for an image created from installation media (Setup).


Creating a Linux Bare Metal Profile from a Setup image

Optional fields

Prompt end user for properties
Select this option to prompt the user at the target computer for a hostname and network parameters. When the deployment starts on the target, a user interface is displayed and the user can configure the hostname and network settings for one or more network interfaces (NICs) available on the target system. For more information about the properties displayed at the target, see Specifying target network parameters at deployment time, and Changing Bare Metal Target Network Configuration Settings.
Installer Kernel parameters
Specify one or more optional kernel parameters for the Linux installer, and the corresponding values if required.
Kernel parameters
Specify one or more optional kernel parameters for the installed Linux operating system.
Kernel parameters have the following syntax:
#<model>#<parameter>#
Where the model refers to the computer model of the target to which the parameter is applied, and the parameter can be a single keyword or in the form key=value. Each model/parameter pair must be separated by a blank character. You can use the asterisk as a wildcard character. For example, #vm*#<parameter># applies the specified parameter to all models with names beginning with vm. The model field is not case-sensitive.
You can also replace existing values for parameters. For example, if you want to set a lower screen resolution on all VMware virtual machines while defining a higher screen resolution for all other available models, write the following:
#vm*#video=800x600-24#video=1024x800-32#
Assign Relays
Select this option to disable automatic relay selection on the target system, and to set the Bare Metal server to which the target connects as Primary Relay, and the BigFix server as Secondary Relay. The following client settings for the target are updated at deployment time:
  • __RelaySelect_Automatic = 0, to disable automatic relay selection
  • __RelayServer1, which is set to the relay with the Bare Metal Server to which the target connects
  • __RelayServer2, which is set to the BigFix server
Client Settings
Use this field to set named variables that are assigned to the deployed computer. The values you assign can be used either as labels to identify computers with specific roles or as filters in Fixlet actions and in Fixlet relevance to exclude an action on a target. You must specify the variables in a NAME:VALUE format. If you specify multiple variables, each one must be separated by a vertical bar |. After a deployment, you can display these values in the BigFix console by selecting the specified computer, and clicking Edit Computer Settings. The settings are listed under Custom Settings. Examples of how to use client settings to configure the target after a deployment are available on the Endpoint Manager wiki at this link: Using the Client Settings field to configure targets during deployments.

For a complete list of available client configuration settings, and a description of how to use them, see BigFix Configuration Settings.

Deployment password
Providing a deployment password protects the profile during deployment. Protected profiles are installed only after you provide the correct password at the target when prompted.
Auto Deploy Timeout (sec)
If you specify a value in seconds, a counter is started during the PXE boot on the target machine. When the specified time expires, the profile is automatically installed on the target.
SELinux Policy

This field is available only for RHEL and CentOS. Here you can select a selinux policy to apply. The values are:

  • default: For setup image. Lets the operating system apply its default policy by not specifying any policy.
  • no change: For captured image. Preserves the policy configured in the captured image.
  • disabled: Configures selinux policy as disabled.
  • permissive: Configures selinux policy as permissive.
  • enforcing: Configures selinux policy as enforcing. If you select this selinux policy, the configured type will be automatically set as "Targeted".
    Note: With the SELinux support, if policy is not specified, it will be the default of the OS level being deployed. If you want to continue to have the SELinux policy disabled, edit the profile and set the value disabled.
Unique fields for images created from installation media (setup)

Required fields

Base Environment
Pre-defined sets of packages with a specific purpose. If you want to manually manage the packages, select "No Environment" from the list. This field is available only for RHEL 7, RHEL 8, CentOS 7, and CentOS 8.
Client Version
Specify the version of the BigFix client to be installed on the target. The default selection is the same version as the BigFix server.

Optional fields

Allow client traffic
This option is selected by default. It is needed if the selected target has the operating system firewall enabled, to allow inbound udp traffic from the Server. You can also allow inbound traffic on the target by running Fixlets 678 or 682. For more information, see Changing Firewall settings.
Unique fields for captured images

Required fields

Linux OS Resource
The OS Resource to be used for the deployment of the selected image. This field displays the OS resource that best matches the selected image.
Optional fields
Reset Captured Client Settings
Selecting this option will delete any existing previously defined client settings in the selected captured image.
Important: When you deploy captured images, on the target, the Logical Volume configuration (LVM) is deleted only on the disks of the captured image. If you want to delete the Logical Volume configuration on all disks of the target receiving the Bare Metal Profile, you must specify rboforcelvmcleanup in the Installer Kernel parameter field of the Optional fields section.

Using the Partition Editor

Depending on the type of image, different partitioning actions are available. To work with partitions, expand the Partition Editor section of the wizard tab. If you selected a captured image, the partition editor displays the partition layout of the captured reference machine. You cannot add new partitions to captured images, but you can edit primary partitions and logical volumes to change their sizes. You can complete the following action:
  • Resize selected primary partitions and logical volumes. Highlight the partition and click the edit icon to change the size.
    Changing the size of a partition from the partition editor
    You can specify the size in kilobytes, megabytes, gigabytes, terabytes and percentages. If more than one partition is defined, specifying a value of one hundred percent (100%) for a partition, means that it will occupy all remaining space after the specified sizes have been allocated to the other partitions. You cannot delete captured partitions.

If you are deploying images imported from installation media ( setup) you do not have to edit partitions. In this case, the default partitioning is applied. If you want to edit partitions, you can specify a partition layout by expanding the Partition Editor section of the wizard tab. Consider the following partitioning use cases, depending on the characteristics of your target systems:

I want to define multiple partitions on a single physical disk:
  1. Define the partitions on the disk by clicking the corresponding option:
    Linux partition editor in bare metal profile

    Adding a partition to a Linux Bare Metal Profile
    You can add partitions or logical volumes. Specify the required information.
  2. If you want to add a logical volume, select LVM from the File system list, and specify a Volume Group name. When you click OK the Logical volume Editor becomes available at the bottom of the section. Click Add Logical volume and specify the characteristics of the logical volume.
    Adding a logical volume to a Linux bare metal profile
I want to define multiple partitions on different physical disks
  1. Define the physical disks on the machine that receives the profile. Click Define Disks The default disk name is /dev/sda. To define more physical disks, specify each disk element separated by a semicolon. For example: /dev/sda;/dev/sdb. Click OK to save your changes.
  2. Click Add Partition and select a disk that you defined in the previous step to partition it.
    Specifying a partition for a physical disk
    Specify the size of the partition, mount point and file system type. You can set the disk as primary. Specify the partition mount point. To add a logical volume, select LVM from the File System List, and specify a Logical Volume Group name. When you click OK the Logical volume Editor becomes available at the bottom of the section. Click Add Logical volume and specify the characteristics of the logical volume.
  3. Repeat step 2 for each physical disk that you defined.
You can delete partitions of Linux images imported from installation media (setup) by selecting the partition you want to delete and click the corresponding option.
Deleting partitions from the partition editor
You cannot delete captured partitions.
Important:
  • You can define up to three primary partitions, by selecting the appropriate option. If you want to deploy the profile in multicast to BIOS targets, you can define a maximum of two primary partitions.
  • If you are deploying a Linux Setup image in multicast on a target that has existing Windows partitions not on the primary disk, these partitions will not be formatted. This must be considered when defining multiple disks using the partition editor in the profile.
  • When you define multiple partitions for a disk, make sure you specify the size of at least one of the partitions using percentage (%) not with a fixed value, so as to optimize disk allocation and avoid disk space errors. This best practice applies to Logical Volumes too. When you define a fixed size for a Volume Group, for example 10 gigabytes, the actual size available to create Logical Volumes is slightly less (usually in the order of a few megabytes). To avoid space allocation problems, when you define volume groups you should specify the size of at least one Logical Volume in percentage (%).
  • When you edit a profile containing a partition layout, if you change the disk mapping, the current layout is erased. A warning message is issued asking you to confirm or to cancel the operation.
.

Manual tab settings

Using the Manual tab, you can customize the installation of Linux images imported from installation media (Setup) with specific settings that are not available in the wizard. Uncomment the settings you want to customize and include in your deployment. For more information about the customization of the configuration files, see Linux configuration options or refer to the specific Linux vendor documentation.


Manual tab properties of the Linux Bare Metal profile

Deploying bare metal profiles in multicast

To deploy bare metal profiles using multicast, specify the parameters in the Multicast tab. Multicast deployments are supported for Linux captured images on both BIOS and UEFI targets. Multicast deployments of Linux images imported from installation media (Setup) are limited to Linux RedHat version 6, 7 and 8 and CentOS Linux 7, 8 images on BIOS targets only. If you are deploying a RedHat/CentOS image on a BIOS target, the number of primary partitions you can define for the target is limited to two.
Multicast tab for the Bare Metal Profile Properties
Important:
  • Multicast deployments of Linux setup images are limited to BIOS only.
  • When deploying Linux setup images in multicast, if you define multiple partitions for the first disk (/dev/sda), you must leave some free space that is needed locally to store the image file, or alternatively, specify the size of at least one of the partitions using a percentage value (%). The amount of the minimum required free space is the size of the Image File Size (as reported in the Image Library Dashboard) +1 GB.
  • CentOS Linux 7 Minimal ISO does not support multicast.
To enable multicast for the profile, select the corresponding option. Default values for multicast deployment are provided. You can accept or change them, depending on the characteristics of your network:
Multicast Mode
Defines how the multicast distribution is managed on the targets at deployment time for the profile:
Probe and Fail
If the probe on the target fails, the deployment task also fails.
Probe and Fall Back to Unicast
If the probe on the target is successful, deployment occurs in multicast. If the probe fails, deployment of the profile occurs in unicast, using the Bare Metal Server cache, instead of the relay cache.
Force Multicast
Deployment on the target is forced to multicast regardless of probe results.
Force Unicast using permanent cache
Deployment on the target is completed in unicast using the Bare Metal Server cache. This option is useful when you want to ensure that all necessary files are available at deployment time.
Group Setup
Select the type of multicast group that is used for the deployment. You can accept or change the associated parameters.
Closed Group
Targets join the group as they are ready. When the following criteria are satisfied, the group is closed and distribution begins. This is the default.
Number of targets in group
Specify the maximum number of targets allowed in the group. The default value is 12.
Wait for targets up to minutes
Specify the maximum number of minutes to wait for targets before starting the multicast deployment. The default value is 10 minutes.
Minimum number of targets in group
Specify the minimum number of targets that must join for a multicast deployment. If the specified value is not reached, deployment is completed in unicast. The default value is 2.
Open Group
Targets can join the group as they are ready, at any time during deployment. You can change the associated parameter.
Average number of targets in group
Specify the average number of targets expected in the group. This value is used to optimize block synchronization. The closer the number of actual targets is to this value, the more efficient the multicast deployment. The default value is 16.
Advanced Parameters
Multicast advanced customization and tuning options that apply to both multicast group types.
Block synchronization wait time in seconds
Specify how many seconds the server must wait before sending the next block. This value is preset to 120 seconds. If you specify a value less than 5 seconds, the block synchronization wait time is forced to 5.
Block size in MB
The image is divided into blocks that are sent to the targets. This parameter sets the maximum size of the data blocks (in megabytes) sent in each transmission packet. The default value is 16 Megabytes.
Enable block encryption
Specify if the blocks must be encrypted during transmission.

Before deploying bare metal profiles in multicast, you can check if multicast is enabled in the subnet that is used for Bare Metal deployments by running the Probe Clients for Multicast Deployment task (80) against a target in the same network. The BigFix client must be running on the target.

Specifying target network parameters

You can define bare metal target network configuration settings with Task 354, by specifying them in the bare metal profile in the Network tab, or using a combination of both.

The actual network configuration settings used by the targets receiving the profile is determined by the type of configuration (Static or Dynamic), by the selected configuration policy, and by the Configure Bare Metal Target Network parameters task (354), if you have run it on targets before deploying this profile.


Specify target Network settings tab with default parameters
You can specify the following information:
IP Settings
Specify the type of configuration for the targets:
Dynamic IP - Use DHCP Server
Ths is the default selection. A dynamic IP address is assigned by the DHCP Server
Static IP - Import from DHCP Server
IP address, gateway, and network mask are imported from the DHCP Server
Network Configuration Settings
Optional. These parameters are used only if you select a static IP configuration. If your policy is to use the bare metal target configuration parameters previously defined with task 354, the parameters that were not already set with the task and specified in this section are considered. If there are parameters in common, the ones specified in the task take precedence. The parameters specified in this section are also used if you select a static IP configuration and you select to ignore any parameter defined with task 354. The configuration settings in this section are disabled if you are configuring a dynamic IP and you have selected to ignore any previously defined target network configuration using task 354).
Preferred DNS Server
Specify the IP address of the Preferred DNS server in your network
Alternate DNS Server
Specify the IP address of the Alternate DNS server in your network
DNS Domain
Specify The Domain Name Server name
Domain Search order
Specify the domain search order. Each domain name must be separated by blanks.
Bare Metal Target Network Configuration Policy
Choose the configuration policy that must be applied to the selected targets for this profile.
Use Task 354 parameters if specified

If you have run the Change Bare Metal Target Network Configuration Settings task 354 to configure network parameters on targets of this profile, and you have selected this option, the parameters you specified in the task will have precedence over the same parameters specified in the profile. A field by field check is performed, and the profile parameters that were not specified in the task are also used.

Use Bare Metal Profile Network Parameters

Select this option if you want to ignore any previously defined target network parameters with task 354. Only the parameters specified in the profile are used.

Force use of Task 354 parameters

Select this option if you want to use only network parameters defined with Task 354. If you have not previously run task 354 on the targets of this profile, the deployment fails.

To set or change bare metal target network configuration settings using the corresponding task (ID 354) , see Changing Bare Metal Target Network Configuration Settings.

Specifying target network parameters at deployment time

If you have selected the Prompt end user for properties option in the bare metal profile properties wizard, a user interface is displayed on the target system at deployment time. From this interface you can view and change the network interface settings, the hostname, and the partition mapping information that will be applied to the target. You can accept the displayed settings or change them as needed:
Network interface card (NIC)
All settings defined with task 354 or specified in the Network tab of the bare metal profile properties wizard are displayed. If the target has more than one network interface card (NIC), a separate configuration window is displayed for each one. Each interface is identified by the corresponding MAC address.
Hostname
Displays the hostname previously set with task 350 if used, or the final hostname value resulting from the application of the hostname rule you specified in the bare metal profile.
Note: If you set the hostname for a target at deployment time, this value is maintained for any subsequent bare metal deployments, independently of the hostname rule specified in the bare metal profile. To change the hostname, you can either use task 350 or deploy a new profile selecting the "Prompt end user for properties" option.
Partition mapping
Displays the partition mapping information that was specified using task 350. You can resize the partitions or accept the current mapping. If this information is not available, the related page is not displayed at the target.

Use grub2 bootloader for Linux deployment on UEFI targets

For UEFI deployment of Linux images (both setup and capture), if the OS resource that is associated to the bare metal profile (the resource selected in the bare metal profile wizard for the captured images, the resource specific for the OS version and update level for setup images) does not include the grub2 bootloader, the default bootloader elilo.efi is used to launch the specific Linux installer. If it does not work on your hardware, you can replace it with grub2 using the following procedure.

Pre-requisites: You need the shim.efi file or the BOOTX64.efi file (depending on the version of OS you are extracting it from) from the shim package and the grubx64.efi file from the grub2-efi package in the ISO image file.

The packages are shim-x64-<version>.rpm and grub2-efi-x64-<version>.rpm, where the <version> depends on the version of the OS on the dvd that you are extracting it from. For example, shim-x64-15-2.el7.x86_64.rpm and grub2-efi-x64-2.02-0.80.el7.x86_64.rpm.

Note:
  • It is not mandatory to extract the files from the same version of the OS that you are going to deploy.
  • The DHCP server must provide the option "next-server" with the value of the bare metal server IP address. On some DHCP servers, this options is provided together with the option 66.
  1. Extract the files shim.efi and grubx64.efi from packages.
    1. To extract them on a Linux computer, run the following commands:
      1. rpm2cpio shim-x64-<version>.rpm | cpio -dimv
      2. rpm2cpio grub2-efi-x64-<version>.rpm | cpio -dimv
    2. To extract them on a Windows computer, you can use an utility like 7zip.
  2. Copy the EFI boot images (the files shim.efi and grubx64.efi) on your bare metal server computer to the folder <bare metal server data>\tftp, where the default for <bare metal server data> is C:\BFOSD Files.
  3. Start a new Linux deployment on UEFI target.