PXE一键装机
PXE(Preboot eXecute Environment,预启动执行环境),主要用于在无人值守安装系统中引导客户端主机安装 Linux 操作系统。Kickstart 是一种无人值守的安装方式,其工作原理是预先把原本需要运维人员手工填写的参数保存成一个ks.cfg 文件,当安装过程中需要填写参数时则自动匹配 Kickstart 生成的文件。
一. 安装前的准备
软硬件配置:网卡要支持pxe启动,操作系统也要支持pxe启动
DHCP服务器用于分配ip
TFTP服务器帮助客户端获取引导及驱动文件
VSFTP服务器用于存储操作系统的安装文件,也可以使用 httpd 来替代 vsftpd 服务程序。
二. 实战环境
[root@pxe ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
三. 配置静态ip
[root@pxe ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Generated by dracut initrd
DEVICE="eth0"
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.200
PREFIX=24
GATEWAY=192.168.1.254
TYPE=Ethernet
NM_CONTROLLED=no
四. 配置dhcp服务
[root@pxe ~]# yum -y install dhcp
[root@pxe ~]# cat /etc/dhcp/dhcpd.conf
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
ddns-update-style none;
ignore client-updates;
default-lease-time 14400;
max-lease-time 86400;
allow bootp;
allow booting;
local-address 192.168.1.200; #本机ip
local-port 67;
include "/etc/dhcp/subnet";
[root@pxe ~]# cat /etc/dhcp/subnet
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.254;
option ntp-servers 192.168.1.254;
filename "/gpxelinux.0";
next-server 192.168.1.200; #本机ip
pool {
range dynamic-bootp 192.168.1.10 192.168.1.240;
default-lease-time 3600;
max-lease-time 72000;
allow unknown-clients;
}
}
[root@pxe ~]# cat /etc/dhcp/subnet
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.254;
option ntp-servers 192.168.1.254;
filename "/gpxelinux.0";
next-server 192.168.1.200; #本机ip
pool {
range dynamic-bootp 192.168.1.10 192.168.1.240;
default-lease-time 3600;
max-lease-time 72000;
allow unknown-clients;
}
}
五. 配置tftp服务
[root@pxe ~]# yum -y install tftp-server
[root@pxe ~]# cd /var/lib/tftpboot/
[root@pxe tftpboot]# ls
chain.c32 gpxelinux.0 mboot.c32 memdisk menu.c32 pxelinux.0
[root@pxe tftpboot]# mkdir pxelinux.cfg
[root@pxe tftpboot]# cd pxelinux.cfg/
[root@pxe pxelinux.cfg]# vim default
[root@pxe pxelinux.cfg]# cat default
default menu.c32
prompt 0
timeout 60
LABEL CentOS7
MENU LABEL CentOS 7 install
KERNEL centos7/vmlinuz
APPEND initrd=centos7/initrd.img ks=ftp://192.168.1.200/pub/ks7.cfg ksdevice=bootif console=tty0 console=ttyS0,115200
[root@pxe tftpboot]# mkdir centos7
[root@pxe tftpboot]# cd centos7
[root@pxe centos7]# ls
initrd.img vmlinuz
[root@pxe tftpboot]# tree . # 安装tree软件
.
|-- centos7
| |-- initrd.img
| `-- vmlinuz
|-- chain.c32
|-- gpxelinux.0
|-- mboot.c32
|-- memdisk
|-- menu.c32
|-- pxelinux.0
`-- pxelinux.cfg
`-- default
2 directories, 9 files
[root@pxe ~]# systemctl restart tftp
[root@pxe ~]# systemctl enable tftp
以上相关引导文件见以下链接地址:
https://github.com/lmzf2018/1804/tree/master/important/PXE一键装机
六. 配置vsftp服务
[root@pxe ~]# yum -y install vsftpd
[root@pxe ~]# cat /etc/vsftpd/vsftpd.conf
...
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES #NO改为YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO #YES改为NO
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
use_localtime=YES
chroot_list_enable=YES
chroot_local_user=YES
userlist_deny=YES
listen_address=0.0.0.0
listen_port=21
pasv_min_port=50000
pasv_max_port=51000
pasv_enable=YES
pasv_promiscuous=YES
port_promiscuous=NO
max_clients=9
max_per_ip=9
七. 创建ks.cfg 文件
[root@pxe pub]# pwd
/var/ftp/pub
[root@pxe pub]# ls
ks7.cfg
[root@pxe pub]# cat ks7.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted lxqk4My6q5YyQ
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="ftp://192.168.1.254/centos7"
# System language
lang en_US.UTF-8
# Firewall configuration
firewall --disabled
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
# Installation logging level
logging --level=warning
# Run the Setup Agent on first boot
firstboot --disable
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Network information
network --device=bootif --onboot=on --hostname=localhost --bootproto=bootp --noipv6
# Reboot after installation
reboot
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --asprimary --fstype=xfs --size=512
part / --asprimary --fstype=xfs --size=1 --grow
%packages --nobase
@Core --nodefaults
-iwl3160-firmware
-iwl6000g2b-firmware
-iwl2030-firmware
-iwl7265-firmware
-iwl1000-firmware
-iwl4965-firmware
-iwl2000-firmware
-iwl3945-firmware
-alsa-tools-firmware
-aic94xx-firmware
-iwl135-firmware
-iwl7260-firmware
-iwl6050-firmware
-iwl6000g2a-firmware
-iwl5000-firmware
-ivtv-firmware
-iwl100-firmware
-iwl5150-firmware
-iwl105-firmware
-iwl6000-firmware
-alsa-firmware
-postfix
-audit
-tuned
chrony
psmisc
net-tools
screen
vim-enhanced
tcpdump
lrzsz
ltrace
strace
traceroute
whois
bind-utils
tree
mlocate
rsync
lsof
lftp
patch
diffutils
cpio
time
nmap
socat
man-pages
rpm-build
createrepo
%end
%pre
%end
%post --interpreter=/bin/bash
rm -f /etc/yum.repos.d/*.repo
cat >/etc/yum.repos.d/local.repo <<'EOF'
[local_repo]
name=CentOS-$releasever - Base
baseurl=ftp://192.168.1.254/centos7
enabled=1
gpgcheck=1
EOF
rpm -import ftp://192.168.1.254/centos7/RPM-GPG-KEY-CentOS-7
yum erase -y NetworkManager NetworkManager-libnm kexec-tools firewalld-filesystem polkit
sed 's,^CRONDARGS=.*,&"-m off",' -i /etc/sysconfig/crond
sed 's,^\(OPTIONS=\).*,\1"-4",' -i /etc/sysconfig/chronyd
sed 's,^server .*,&\ncmdallow 127.0.0.1,' -i /etc/chrony.conf
sed 's,^#\(terminfo xterm \x27is.*\),\1\nterm xterm,' -i /etc/screenrc
cat >>/etc/sysconfig/network <<'EOF'
IPV6INIT="no"
NETWORKING="yes"
NOZEROCONF="yes"
EOF
echo -e "# ::1\t\tlocalhost localhost.localdomain localhost6 localhost6.localdomain6" >/etc/hosts
echo -e "127.0.0.1\tlocalhost localhost.localdomain localhost4 localhost4.localdomain4" >>/etc/hosts
echo -e 'export TZ='Asia/Shanghai' PYTHONSTARTUP="/usr/lib64/python2.7/pystartup.py" TMOUT=7200' >/etc/profile.d/environ.sh
echo -e "blacklist acpi_pad\nblacklist power_meter" >/etc/modprobe.d/blacklist.conf
cat >/usr/lib64/python2.7/pystartup.py <<'EOF'
#!/usr/bin/python
# -*- coding:utf_8 -*-
#from __future__ import print_function
from rlcompleter import readline
readline.parse_and_bind("tab: Complete")
EOF
cat >/etc/sysctl.d/70-system.conf <<'EOF'
net.ipv4.ip_forward = 1
net.ipv4.ip_default_ttl = 255
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
kernel.sysrq = 16
vm.swappiness = 0
EOF
# config vimrc
cat >>/etc/vimrc<<'EOF'
set wrapscan
set noautoindent
set showmatch
set binary
set noswapfile
set ignorecase " Do case insensitive matching
set foldmethod=syntax
set foldlevel=100
filetype plugin off
EOF
sed -e 's,^#\(Port\).*,\1 10022,' \
-e 's,^#\(ListenAddress 0.0.0.0\),\1,' \
-e 's,^#\(PermitRootLogin\).*,\1 yes,' \
-e 's,^#\(MaxAuthTries\).*,\1 3,' \
-e 's,^#\(UseDNS\).*,\1 no,' -i /etc/ssh/sshd_config
cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<'EOF'
# Generated by dracut initrd
DEVICE="eth0"
ONBOOT="yes"
IPV6INIT="no"
IPV4_FAILURE_FATAL="no"
NM_CONTROLLED="no"
TYPE="Ethernet"
BOOTPROTO="dhcp"
EOF
%end
[root@pxe ~]# systemctl restart vsftpd
[root@pxe ~]# systemctl enable vsftpd
八. 保证文件夹有读和执行(rw)权限,普通文本文件有读(r)权限(important)
[root@pxe ~]# ll /var/lib/tftpboot/
总用量 268
drwxr-xr-x 2 root root 39 9月 5 22:59 centos7
-rw-r--r-- 1 root root 20832 9月 5 22:49 chain.c32
-rw-r--r-- 1 root root 89376 9月 5 22:49 gpxelinux.0
-rw-r--r-- 1 root root 35676 9月 5 22:49 mboot.c32
-rw-r--r-- 1 root root 26268 9月 5 22:49 memdisk
-rw-r--r-- 1 root root 61796 9月 5 22:49 menu.c32
-rw-r--r-- 1 root root 26759 9月 5 22:49 pxelinux.0
drwxr-xr-x 2 root root 21 9月 5 23:01 pxelinux.cfg
[root@pxe ~]# ll /var/lib/tftpboot/pxelinux.cfg/default
-rw-r--r-- 1 root root 233 9月 5 22:53 /var/lib/tftpboot/pxelinux.cfg/default
九. 系统安装流程图
来源:CSDN
作者:lmzf2011
链接:https://blog.csdn.net/lmzf2011/article/details/82425107