PXE的部署

简介

什么是PXE?

1. PXE是 Preboot Execution Environment的缩写,称之为预启动执行环境;
2. 由Intel设计的一种网络协议,可使计算机通过网络启动安装系统;
3. 是一种使用网络接口启动计算机的机制,其不依赖本地数据存储设备或本地已安装的系统;
4. 协议分为client端和server端,PXE client在网卡的boot ROM中启动,当计算机开机引导时,BIOS把PXE client调入内存执行,
    并显示出命令菜单,经用户选择需要安装的系统后,PXE client将放置在远端的操作系统通过网络下载到本地运行;

常见安装方式:

1. 光盘安装
    使用server内置光驱或外置USB光驱,将系统镜像刻录,从光盘安装;
2. U盘安装
    利用工具将镜像系统写入U盘,从U盘启动;
3. 镜像挂载安装
    利用BMC Web GUI远程挂载镜像安装;
4. 网络引导安装(PXE)
    客户端通过网络启动,读取远端服务器上的镜像以安装;

PXE server的四种模式

IPV4 legacy,IPV4 UEFI,IPV6 legacy,IPV6 UEFI

IPV4 legacy PXE启动需要文件

1. pxelinux.0: 计算机自展引导程序(bootstrap),负责系统引导和启动,作用类似于BIOS,会调用PXE相关配置文件
2. pxelinux.cfg: 文件夹,存放PXE配置文件
3. vmlinuz: linux的内核文件,可以被引导程序加载,从而启动Linux系统
4. initrd.img: boot loader initialized RAM disk的缩写,作为根文件系统加载各种模块、驱动、服务等,网卡驱动就包含在该文件中.

原理

1. 客户端(Client)的BIOS支持网卡启动,且网卡具有PXE ROM芯片;
2. 服务端(PXE Server)至少有dhcp,tftp,nfs服务且为开启状态;
3. BIOS通过PXE Client调入内存执行,PXE Sever向本地局域网中dhcp.server发出分配IP请求;
4. 在dhcp.server收到请求后,便向PXE Server返回IP及bootstrap文件(自展引导程序)的位置;客户端向tftp.server请求bootstrap文件
    ,tftp.server收到请求向客户端发送bootstrap文件 -->pxelinux.0;
5. 客户端收到pxelinux.0文件后执行文件,并根据内容向tftp.server请求pxelinux.0的配置文件-->tftpboot/pxelinux.cfg/default;
6. 客户机读取default文件,等待用户选择安装系统后,客户端向tftp.server发出提供内核文件vmlinuz和根文件系统initrd.img请求;
7. tftp.server收到客户端请求,提供vmlinuz和initrd.img;
8. 客户端收到文件,启动内核映像文件,内核文件根据bootstrap的配置文件pxelinux.0向PXE sever请求提供自动安装脚本和源文件,PXE 
    Server通过ftp/http/nfs中的一个向客户端传送相关脚本和源文件,客户端获得后进行自动安装。

PXE server架设过程

1. 关闭Firewalls & SELinux
    Firewalls:
    $service iptables stop  
    $chkconfig iptables off 
    $vim /etc/selinux/config    
        SELINUX=disabled
2. 检查是否安装了dhcp,tftp,nfs服务
    $rpm -qa | grep {dhcp |  tftp | nfs}
3. 配置yum源
    $vim /etc/yum.repos.d/server.repo
        [development]
        name=development
        baseurl=file:///mnt/
        gpgcheck=0
        enabled=1
        gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
4. 安装dhcp,ftp,nfs服务
    $yum install -y dhcp tftp nfs
5. 配置任意网口信息,并设定IP地址
    $vim /etc/sysconfig/network-scripts/ifcfg-enp3s0f0
        # Generated by dracut initrd
        NAME="enp3s0f0"         
        DEVICE="enp3s0f0"       
        ONBOOT=yes  
        NETBOOT=yes
        UUID="169f6948-307c-42a7-bb35-a773c86fb5d6"
        BOOTPROTO=none  
        IPADDR=192.168.1.250    
        TYPE=Ethernet
        PREFIX=24
        DEFROUTE=yes
        IPV4_FAILURE_FATAL=no
        IPV6INIT=yes
        IPV6_FAILURE_FATAL=no
        IPV6_AUTOCONF=yes
        IPV6_DEFROUTE=yes
        IPV6_PEERDNS=yes
        IPV6_PEERROUTES=yes
    $service network start
6. 配置dhcp.conf并启动服务
    $vim /etc/dhcp/dhcpd.conf
        # dhcpd.conf
        # Sample configuration file for ISC dhcpd
        ddns-update-style interim;  
        ignore client-updates;
        allow booting;  
        allow bootp;    
        class "pxeclients" {
        match if substring(option vendor-class-identifier,0,9)="PXEClient";
        next-server 192.168.1.250;  
        filename "pxelinux.0";  
        }
        subnet 192.168.1.0 netmask 255.255.255.0 {
        option broadcast-address 192.168.1.255;
        option routers 192.168.1.250;
        option subnet-mask 255.255.255.0;
        range 192.168.1.205 192.168.1.249;  
        default-lease-time 8640000;
        }
    $service dhcp start or $chkconfig dhcpd on  
7. 配置tftp并启动服务
    $vim /etc/xinetd.d/tftp 
        # default: off
        # description: The tftp server serves files using the trivial file transfer \
        #   protocol.  The tftp protocol is often used to boot diskless \
        #   workstations, download configuration files to network-aware printers, \
        #   and to start the installation process for some operating systems.
        service tftp
        {
            socket_type     = dgram
            protocol        = udp
            wait            = yes
            user            = root
            server          = /usr/sbin/in.tftpd
            server_args     = -s /tftpboot  
            disable         = no    
            per_source      = 11
            cps         = 100 2
            flags           = IPv4
        }
    $servicre tftp start 
or /etc/init.d/xinetd start or chkconfig tftp on
8. 配置nfs并启动服务
    $vim /etc/exports
        /tftpboot *(rw,no_root_squash)  
    $service nfs start
9. 准备系统镜像文件
    $mount -o loop rhel7.4.iso /mnt
    $mkdir /tftpboot/rhel7.4
    $cp -rf /mnt/* /tftpboot/rhel7.4
    $chmod -R +x /tftpboot/rhel7.4
    $cp -rf /usr/share/syslinux/pxelinux.0 /tftpboot/
    $cp -rf boot.msg vesamenu.c32 splash.png /tftpboot/
    $mkdir /tftpboot/pxelinux.cfg
    $cp -rf /tftpboot/rhel7.4/isolinux/isolinux.cfg /tftpboot/pxelinux.cfg/
    $mv /tftpboot/pxelinux.cfg/isolinux.cfg /tftpboot/pxelinux.cfg/default
10. 配置pxelinux.cfg文件
    $vim default
        default vesamenu.c32    
        prompt 1    
        timeout 600     
        display boot.msg
        menu background 1.jpg   
        menu title Welcome to CV Team's PXE server!     
        menu color border 0 #ffffffff #00000000
        menu color sel 7 #ffffffff #ff000000
        menu color title 0 #ffffffff #00000000
        menu color tabmsg 0 #ffffffff #00000000
        menu color unsel 0 #ffffffff #00000000
        menu color hotsel 0 #ff000000 #ffffffff
        menu color hotkey 7 #ffffffff #ff000000
        menu color scrollbar 0 #ffffffff #00000000

        label install   
        menu label ^1)Install rhel7.4 in /dev/sda
        menu default    
        kernel rhel7.4/vmlinuz biosdevname=0
        append initrd=rhel7.4/initrd.img ks=nfs:192.168.1.250:/tftpboot/rhel7.4/ks/ks.cfg   
11. 配置无人值守kickstart文件
        #platform=x86, AMD64, or Intel EM64T
        #version=DEVEL
        # Install OS instead of upgrade
        install
        # Keyboard layouts
        keyboard 'us'
        # Root password
        rootpw --iscrypted $1$BrX4T9WN$OXLjtLaSe7VNnmjlsUyXE0
        # System language
        lang zh_CN
        # Firewall configuration
        firewall --disabled
        # System authorization information
        auth  --useshadow  --passalgo=sha512
        # Use graphical install
        install
        graphical
        # SELinux configuration
        selinux --disabled
        # Use NFS installation media
        nfs --server=192.168.1.250 --dir=/tftpboot/rhel7.4
        # Network information
        network  --bootproto=dhcp --device=enp3s0f0
        # Reboot after installation
        reboot
        # System timezone
        timezone Asia/Shanghai
        # Partition clearing information
        clearpart --all --drives=sda
        # System bootloader configuration
        bootloader --append="crashkernel=768M vconsole.font=latarcyrheb-sun16 vconsole.keymap=us biosdevname=0 ipv6.
        disable=1 console=tty0 console=ttyS0,115200 scsi_mod.scan=sync intel_idle.max_cstate=0 pci=pcie_bus_perf
        nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off rd.driver.pre=ahci" --location=mbr --boot-drive
        =sda
        # autopart --type=lvm
        part /boot --asprimary --fstype="ext4" --ondisk=sda --size=1024
        part swap --asprimary --fstype="swap" --ondisk=sda --size=51200
        part / --asprimary --fstype="ext4" --ondisk=sda --size=153600

        %packages
        @additional-devel
        @anaconda-tools
        @backup-client
        @backup-server
        @base
        @compat-libraries
        @console-internet
        @core
        @debugging
        @desktop-debugging
        @development
        @dial-up
        @directory-client
        @directory-server
        @dns-server
        @emacs
        @file-server
        @fonts
        @ftp-server
        @gnome-apps
        @gnome-desktop
        @graphical-admin-tools
        @graphics
        @guest-agents
        @guest-desktop-agents
        @hardware-monitoring
        @identity-management-server
        @infiniband
        @input-methods
        @internet-browser
        @java-platform
        @kde-desktop
        @large-systems
        @legacy-unix
        @legacy-x
        @load-balancer
        @mail-server
        @mainframe-access
        @mariadb
        @mariadb-client
        @multimedia
        @network-file-system-client
        @network-server
        @network-tools
        @networkmanager-submodules
        @perl-runtime
        @perl-web
        @php
        @platform-devel
        @platform-kvm
        @platform-microsoft
        @platform-vmware
        @postgresql
        @postgresql-client
        @print-client
        @print-server
        @python-web
        @remote-desktop-clients
        @remote-system-management
        @ruby-runtime
        @scientific
        @security-tools
        @smart-card
        @system-admin-tools
        @system-management
        @technical-writing
        @virtualization-client
        @virtualization-hypervisor
        @virtualization-platform
        @virtualization-tools
        @web-server
        @web-servlet
        @x11
        %end