PXE遠程裝機服務批量部署LINUX系統
阿新 • • 發佈:2018-02-01
roc penssh toolbar off nco 更新 tftp服務 分享圖片 facility 一、搭建FTP服務並配置ftp的本地yum源:
# mkdir /mnt/cdrom # mount /dev/sr0 /mnt/cdrom/ # 掛載Centos7光盤 # yum -y install vsftpd # 安裝ftp服務 # vim /etc/vsftpd/vsftpd.conf # 修改ftp配置文件,添加下面三行到connect_from_port_20=YES後面 pasv_enable=YES # 使用被動模式 pasv_min_port=3001 # 設定被動模式監聽端口號範圍 pasv_max_port=3100 # 設定被動模式監聽端口號範圍 # systemctl start vsftpd.service # 啟動vsftp服務 # mkdir /var/ftp/yum # ftp目錄下創建yum目錄 # cp -rf /mnt/cdrom/* /var/ftp/yum # 將光盤的所有內容復制到yum目錄下作為yum源 # mkdir /etc/yum.repos.d/old # mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/old # 移動備份下現有的yum源配置文件 # vim /etc/yum.repos.d/CentOS-cr.repo # 創建一個新的yum源配置文件,內容如下: [cr] name=CentOS-$releasever - cr baseurl=ftp://192.168.8.10/yum gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=1 # yum clean all # yum makecache
二、搭建DHCP服務:
# yum -y install dhcp
# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcp.conf # 通過幫助模板創建DHCP配置文件
# vim /etc/dhcp/dhcpd.conf # 修改DHCP配置文件
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.8.0 netmask 255.255.255.0 {
range 192.168.8.100 192.168.8.200;
option routers 192.168.8.2;
option broadcast-address 192.168.8.255;
default-lease-time 600;
max-lease-time 7200;
next-server 192.168.8.10; # 指定PXE引導服務器
filename "pxelinux.0"; # 指定引導文件
}
# systemctl start dhcpd.service # 啟動DHCP服務三、搭建TFTP服務和syslinux:
# yum -y install tftp-server
# yum -y install syslinux
# vim /etc/xinetd.d/tftp # 開啟tftp服務,因為tftp是xinetd控制的,所以要修改相關配置文件後重啟xinetd服務
disable= no # 把yes改成no代表開啟tftp服務
# systemctl start xinetd.service
# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
# cp /var/ftp/yum/isolinux/{vmlinuz,initrd.img,vesamenu.c32,boot.msg} /var/lib/tftpboot/
# mkdir /var/lib/tftpboot/pxelinux.cfg
# cp /var/ftp/yum/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default # 復制並重命名為default
# vim /var/lib/tftpboot/pxelinux.cfg/default # 修改default文件,添加下面的內容,註意:記得同時刪除後面原有的menu default
label centos7
menu label ^Install CentOS 7 Li networkserver
menu default
kernel vmlinuz
append initrd=initrd.img inst.stage2=ftp://192.168.8.10/yum inst.ks=ftp://192.168.8.10/ks.cfg quiet # 指定安裝系統軟件時的軟件地址,和安裝系統的配置文件四、安裝system-config-kickstart並配置生成上面指定的配置文件:
# yum -y install system-config-kickstart # system-config-kickstart # 進入圖形化配置生成界面,配置完成後將文件保存在上面指定的位置,即:/var/ftp/ks.cfg
當然,這個配置文件也可以手動編輯了:
# vim /var/ftp/ks.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'# Reboot after installation
reboot
# Root password
rootpw --iscrypted $1$uP/6KVVM$domD73qgFbtoo5.Udls1V.
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="ftp://192.168.8.10/yum"
# System language
lang en_US
# Firewall configuration
firewall --enabled --ssh
# Network information
network --bootproto=dhcp --device=eth0
# System authorization information
auth --useshadow --passalgo=sha512
# Use graphical install
graphical
# Run the Setup Agent on first boot
firstboot --enable
# SELinux configuration
selinux --enforcing
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype="ext4" --size=1024
part /home --fstype="ext4" --size=4096
part swap --fstype="swap" --size=2048
part / --fstype="ext4" --size=10240
%packages # 這一段是將要安裝的軟件包組
@base
@core
@desktop-debugging
@dial-up
@directory-client
@fonts
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@java-platform
@multimedia
@network-file-system-client
@networkmanager-submodules
@print-client
@x11
kexec-tools
%end
%post --interpreter=/bin/bash # 這一段是需要部署完成後運行的腳本,非必須,下面兩個腳本分別是我加的配置yum源和更新ssh
mkdir /etc/yum/old
cp -rf /etc/yum.repos.d/* /etc/yum/old
rm -rf /etc/yum.repos.d/*
echo '# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=ftp://192.168.8.10/yum
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
gpgcheck=1
enabled=1
' >/etc/yum.repos.d/CentOS7.repo
wget ftp://192.168.8.10/pub/openssh-7.6p1.tar.gz
tar -xf openssh-7.6p1.tar.gz
cd openssh-7.6p1
yum -y install gcc
yum install -y zlib-devel
yum -y install openssl-devel
./configure --prefix=/usr --sysconfdir=/etc/ssh
make
rpm -e --nodeps `rpm -qa | grep openssh`
cp -rf /etc/ssh ./ssh.bak
rm -rf /etc/ssh/*
make install
echo "#$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile.ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystemsftp/usr/libexec/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
#X11Forwarding no
#AllowTcpForwarding no
#PermitTTY no
#ForceCommand cvs server
">/etc/ssh/sshd_config
cp /openssh-7.6p1/contrib/redhat/sshd.init /etc/init.d/sshd
setenforce 0
chkconfig --add sshd
systemctl start sshd.service
%end五、配置防火墻,開放相關服務和端口:
# firewall-cmd --permanent --add-service=ftp # 防火墻開啟ftp服務(tcp21) # firewall-cmd --permanent --add-service=dhcp # 防火墻開啟DHCP服務(udp67) # firewall-cmd --permanent --add-port=69/udp # 防火墻開啟tftp服務(udp69) # firewall-cmd --permanent --add-port=3001-3100/tcp # 防火墻開啟ftp被動監聽的端口段 # systemctl restart firewalld.service # 重啟防火墻使配置生效,或者firewall-cmd--reload
六、測試:
只要要安裝系統的主機和此服務器在一個網段或者其他網段能通過DHCP中繼獲取地址就可以自動安裝了
PXE遠程裝機服務批量部署LINUX系統