PXE+Kickstart 无人值守装机

                                                                                PXE一键装机    

    PXE(Preboot eXecute Environment,预启动执行环境),主要用于在无人值守安装系统中引导客户端主机安装 Linux 操作系统。Kickstart 是一种无人值守的安装方式,其工作原理是预先把原本需要运维人员手工填写的参数保存成一个ks.cfg 文件,当安装过程中需要填写参数时则自动匹配 Kickstart 生成的文件。

一.  安装前的准备

    软硬件配置:网卡要支持pxe启动,操作系统也要支持pxe启动

    DHCP服务器用于分配ip

    TFTP服务器帮助客户端获取引导及驱动文件

    VSFTP服务器用于存储操作系统的安装文件,也可以使用 httpd 来替代 vsftpd 服务程序。

二.  实战环境

   [root@pxe ~]# cat  /etc/redhat-release

   CentOS Linux release 7.4.1708 (Core)

三.  配置静态ip 

[root@pxe ~]# cat  /etc/sysconfig/network-scripts/ifcfg-eth0 
# Generated by dracut initrd
DEVICE="eth0"
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.200
PREFIX=24
GATEWAY=192.168.1.254
TYPE=Ethernet
NM_CONTROLLED=no

 四.  配置dhcp服务

[root@pxe ~]# yum  -y install  dhcp
[root@pxe ~]# cat /etc/dhcp/dhcpd.conf
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
ddns-update-style none;
ignore client-updates;
default-lease-time 14400;
max-lease-time 86400;
allow bootp;
allow booting;
local-address 192.168.1.200;                           #本机ip
local-port 67;
include "/etc/dhcp/subnet";  

[root@pxe ~]# cat  /etc/dhcp/subnet
subnet	192.168.1.0 netmask 255.255.255.0 {
	option routers 192.168.1.254;
	option subnet-mask 255.255.255.0;
	option domain-name-servers 192.168.1.254;
	option ntp-servers 192.168.1.254;
	filename "/gpxelinux.0";
	next-server 192.168.1.200;                        #本机ip
       	pool {
		range dynamic-bootp 192.168.1.10 192.168.1.240;
		default-lease-time 3600;
		max-lease-time 72000; 
		allow unknown-clients;
	}
}

[root@pxe ~]# cat  /etc/dhcp/subnet
subnet	192.168.1.0 netmask 255.255.255.0 {
	option routers 192.168.1.254;
	option subnet-mask 255.255.255.0;
	option domain-name-servers 192.168.1.254;
	option ntp-servers 192.168.1.254;
	filename "/gpxelinux.0";
	next-server 192.168.1.200;                        #本机ip
       	pool {
		range dynamic-bootp 192.168.1.10 192.168.1.240;
		default-lease-time 3600;
		max-lease-time 72000; 
		allow unknown-clients;
	}
}

五.  配置tftp服务

[root@pxe ~]# yum  -y  install tftp-server

[root@pxe ~]# cd  /var/lib/tftpboot/

[root@pxe tftpboot]# ls
chain.c32  gpxelinux.0  mboot.c32  memdisk  menu.c32  pxelinux.0  
[root@pxe tftpboot]#  mkdir pxelinux.cfg
[root@pxe tftpboot]# cd pxelinux.cfg/
[root@pxe pxelinux.cfg]# vim  default  
[root@pxe pxelinux.cfg]# cat default 
default menu.c32
prompt 0
timeout 60
LABEL CentOS7
    MENU LABEL CentOS 7 install
    KERNEL centos7/vmlinuz
    APPEND initrd=centos7/initrd.img ks=ftp://192.168.1.200/pub/ks7.cfg ksdevice=bootif console=tty0 console=ttyS0,115200

[root@pxe tftpboot]# mkdir  centos7
[root@pxe tftpboot]# cd centos7
[root@pxe centos7]# ls
initrd.img  vmlinuz

[root@pxe tftpboot]# tree .                   # 安装tree软件
.
|-- centos7
|   |-- initrd.img
|   `-- vmlinuz
|-- chain.c32
|-- gpxelinux.0
|-- mboot.c32
|-- memdisk
|-- menu.c32
|-- pxelinux.0
`-- pxelinux.cfg
    `-- default

2 directories, 9 files


[root@pxe ~]# systemctl   restart  tftp
[root@pxe ~]# systemctl   enable  tftp

以上相关引导文件见以下链接地址:

https://github.com/lmzf2018/1804/tree/master/important/PXE一键装机

六.  配置vsftp服务

[root@pxe ~]# yum  -y  install   vsftpd
[root@pxe ~]# cat  /etc/vsftpd/vsftpd.conf
...
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES                                                 #NO改为YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO                                              #YES改为NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

use_localtime=YES
chroot_list_enable=YES
chroot_local_user=YES
userlist_deny=YES
listen_address=0.0.0.0
listen_port=21
pasv_min_port=50000

pasv_max_port=51000
pasv_enable=YES
pasv_promiscuous=YES
port_promiscuous=NO
max_clients=9
max_per_ip=9

七. 创建ks.cfg 文件

[root@pxe pub]# pwd
/var/ftp/pub
[root@pxe pub]# ls
ks7.cfg
[root@pxe pub]# cat ks7.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted lxqk4My6q5YyQ
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="ftp://192.168.1.254/centos7"
# System language
lang en_US.UTF-8
# Firewall configuration
firewall --disabled
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
# Installation logging level
logging --level=warning
# Run the Setup Agent on first boot
firstboot --disable
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Network information
network --device=bootif --onboot=on --hostname=localhost --bootproto=bootp --noipv6
# Reboot after installation
reboot
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --asprimary --fstype=xfs --size=512
part /     --asprimary --fstype=xfs --size=1 --grow

%packages --nobase
@Core --nodefaults
-iwl3160-firmware
-iwl6000g2b-firmware
-iwl2030-firmware
-iwl7265-firmware
-iwl1000-firmware
-iwl4965-firmware
-iwl2000-firmware
-iwl3945-firmware
-alsa-tools-firmware
-aic94xx-firmware
-iwl135-firmware
-iwl7260-firmware
-iwl6050-firmware
-iwl6000g2a-firmware
-iwl5000-firmware
-ivtv-firmware
-iwl100-firmware
-iwl5150-firmware
-iwl105-firmware
-iwl6000-firmware
-alsa-firmware
-postfix
-audit
-tuned
chrony
psmisc
net-tools
screen
vim-enhanced
tcpdump
lrzsz
ltrace
strace
traceroute
whois
bind-utils
tree
mlocate
rsync
lsof
lftp
patch
diffutils
cpio
time
nmap
socat
man-pages
rpm-build
createrepo
%end

%pre
%end

%post --interpreter=/bin/bash
rm -f /etc/yum.repos.d/*.repo
cat >/etc/yum.repos.d/local.repo <<'EOF'
[local_repo]
name=CentOS-$releasever - Base
baseurl=ftp://192.168.1.254/centos7
enabled=1
gpgcheck=1
EOF
rpm -import ftp://192.168.1.254/centos7/RPM-GPG-KEY-CentOS-7
yum erase -y NetworkManager NetworkManager-libnm kexec-tools firewalld-filesystem polkit
sed 's,^CRONDARGS=.*,&"-m off",' -i /etc/sysconfig/crond
sed 's,^\(OPTIONS=\).*,\1"-4",'  -i /etc/sysconfig/chronyd
sed 's,^server .*,&\ncmdallow 127.0.0.1,' -i /etc/chrony.conf
sed 's,^#\(terminfo xterm \x27is.*\),\1\nterm xterm,' -i /etc/screenrc
cat >>/etc/sysconfig/network <<'EOF'
IPV6INIT="no"
NETWORKING="yes"
NOZEROCONF="yes"
EOF
echo -e "# ::1\t\tlocalhost localhost.localdomain localhost6 localhost6.localdomain6" >/etc/hosts
echo -e "127.0.0.1\tlocalhost localhost.localdomain localhost4 localhost4.localdomain4" >>/etc/hosts
echo -e 'export TZ='Asia/Shanghai' PYTHONSTARTUP="/usr/lib64/python2.7/pystartup.py" TMOUT=7200' >/etc/profile.d/environ.sh
echo -e "blacklist acpi_pad\nblacklist power_meter" >/etc/modprobe.d/blacklist.conf
cat >/usr/lib64/python2.7/pystartup.py <<'EOF'
#!/usr/bin/python
# -*- coding:utf_8 -*-
#from __future__ import print_function
from rlcompleter import readline
readline.parse_and_bind("tab: Complete")
EOF
cat >/etc/sysctl.d/70-system.conf <<'EOF'
net.ipv4.ip_forward = 1
net.ipv4.ip_default_ttl = 255
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 0

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
kernel.sysrq = 16
vm.swappiness = 0
EOF
# config vimrc
cat >>/etc/vimrc<<'EOF'
set wrapscan
set noautoindent
set showmatch
set binary
set noswapfile
set ignorecase          " Do case insensitive matching
set foldmethod=syntax
set foldlevel=100
filetype plugin off
EOF
sed -e 's,^#\(Port\).*,\1 10022,' \
    -e 's,^#\(ListenAddress 0.0.0.0\),\1,' \
    -e 's,^#\(PermitRootLogin\).*,\1 yes,' \
    -e 's,^#\(MaxAuthTries\).*,\1 3,' \
    -e 's,^#\(UseDNS\).*,\1 no,' -i /etc/ssh/sshd_config
cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<'EOF'
# Generated by dracut initrd
DEVICE="eth0"
ONBOOT="yes"
IPV6INIT="no"
IPV4_FAILURE_FATAL="no"
NM_CONTROLLED="no"
TYPE="Ethernet"
BOOTPROTO="dhcp"
EOF
%end

[root@pxe ~]# systemctl restart vsftpd
[root@pxe ~]# systemctl enable  vsftpd

八. 保证文件夹有读和执行(rw)权限,普通文本文件有读(r)权限(important

[root@pxe ~]# ll    /var/lib/tftpboot/
总用量 268
drwxr-xr-x 2 root root    39 9月   5 22:59 centos7
-rw-r--r-- 1 root root 20832 9月   5 22:49 chain.c32
-rw-r--r-- 1 root root 89376 9月   5 22:49 gpxelinux.0
-rw-r--r-- 1 root root 35676 9月   5 22:49 mboot.c32
-rw-r--r-- 1 root root 26268 9月   5 22:49 memdisk
-rw-r--r-- 1 root root 61796 9月   5 22:49 menu.c32
-rw-r--r-- 1 root root 26759 9月   5 22:49 pxelinux.0
drwxr-xr-x 2 root root    21 9月   5 23:01 pxelinux.cfg
[root@pxe ~]# ll    /var/lib/tftpboot/pxelinux.cfg/default 
-rw-r--r-- 1 root root 233 9月   5 22:53 /var/lib/tftpboot/pxelinux.cfg/default

九. 系统安装流程图

PXE+Kickstart 无人值守装机_第1张图片

 

PXE+Kickstart 无人值守装机_第2张图片

 

PXE+Kickstart 无人值守装机_第3张图片

你可能感兴趣的:(运维)