PXE+Kickstart unattended installation

PXE one key installation

PXE(Preboot eXecute Environment) is mainly used to boot the client host to install the Linux operating system in the unattended installation system. Kickstart is an unattended installation method. Its working principle is to save the parameters that need to be filled in manually by the operation and maintenance personnel into a ks.cfg file in advance. When the parameters need to be filled in during the installation process, they will automatically match the files generated by kickstart.

1, Preparation before installation

Hardware and software configuration: the network card should support pxe startup, and the operating system should also support pxe startup

DHCP server for ip allocation

TFTP server helps clients get boot and driver files

The VSFTP server is used to store the installation files of the operating system, or httpd can be used to replace the vsftpd service program.

2, Actual combat environment

   [root@pxe ~]# cat  /etc/redhat-release

   CentOS Linux release 7.4.1708 (Core)

3, Configure static ip

[root@pxe ~]# cat  /etc/sysconfig/network-scripts/ifcfg-eth0 
# Generated by dracut initrd
DEVICE="eth0"
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.200
PREFIX=24
GATEWAY=192.168.1.254
TYPE=Ethernet
NM_CONTROLLED=no

4. Configure dhcp service

[root@pxe ~]# yum  -y install  dhcp
[root@pxe ~]# cat /etc/dhcp/dhcpd.conf
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
ddns-update-style none;
ignore client-updates;
default-lease-time 14400;
max-lease-time 86400;
allow bootp;
allow booting;
local-address 192.168.1.200;                           #Native ip
local-port 67;
include "/etc/dhcp/subnet";  

[root@pxe ~]# cat  /etc/dhcp/subnet
subnet	192.168.1.0 netmask 255.255.255.0 {
	option routers 192.168.1.254;
	option subnet-mask 255.255.255.0;
	option domain-name-servers 192.168.1.254;
	option ntp-servers 192.168.1.254;
	filename "/gpxelinux.0";
	next-server 192.168.1.200;                        #Native ip
       	pool {
		range dynamic-bootp 192.168.1.10 192.168.1.240;
		default-lease-time 3600;
		max-lease-time 72000; 
		allow unknown-clients;
	}
}

[root@pxe ~]# cat  /etc/dhcp/subnet
subnet	192.168.1.0 netmask 255.255.255.0 {
	option routers 192.168.1.254;
	option subnet-mask 255.255.255.0;
	option domain-name-servers 192.168.1.254;
	option ntp-servers 192.168.1.254;
	filename "/gpxelinux.0";
	next-server 192.168.1.200;                        #Native ip
       	pool {
		range dynamic-bootp 192.168.1.10 192.168.1.240;
		default-lease-time 3600;
		max-lease-time 72000; 
		allow unknown-clients;
	}
}

5, Configure tftp service

[root@pxe ~]# yum  -y  install tftp-server

[root@pxe ~]# cd  /var/lib/tftpboot/

[root@pxe tftpboot]# ls
chain.c32  gpxelinux.0  mboot.c32  memdisk  menu.c32  pxelinux.0  
[root@pxe tftpboot]#  mkdir pxelinux.cfg
[root@pxe tftpboot]# cd pxelinux.cfg/
[root@pxe pxelinux.cfg]# vim  default  
[root@pxe pxelinux.cfg]# cat default 
default menu.c32
prompt 0
timeout 60
LABEL CentOS7
    MENU LABEL CentOS 7 install
    KERNEL centos7/vmlinuz
    APPEND initrd=centos7/initrd.img ks=ftp://192.168.1.200/pub/ks7.cfg ksdevice=bootif console=tty0 console=ttyS0,115200

[root@pxe tftpboot]# mkdir  centos7
[root@pxe tftpboot]# cd centos7
[root@pxe centos7]# ls
initrd.img  vmlinuz

[root@pxe tftpboot]# tree .                   # Install tree software
.
|-- centos7
|   |-- initrd.img
|   `-- vmlinuz
|-- chain.c32
|-- gpxelinux.0
|-- mboot.c32
|-- memdisk
|-- menu.c32
|-- pxelinux.0
`-- pxelinux.cfg
    `-- default

2 directories, 9 files


[root@pxe ~]# systemctl   restart  tftp
[root@pxe ~]# systemctl   enable  tftp

See the following link address for the above related guidance documents:

https://github.com/lmzf2018/1804/tree/master/important/PXE one click installation

6, Configure vsftp service

[root@pxe ~]# yum  -y  install   vsftpd
[root@pxe ~]# cat  /etc/vsftpd/vsftpd.conf
...
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES                                                 #NO changed to YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
# Make sure, that one of the listen options is commented !!
listen_ipv6=NO                                              #YES changed to NO

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

use_localtime=YES
chroot_list_enable=YES
chroot_local_user=YES
userlist_deny=YES
listen_address=0.0.0.0
listen_port=21
pasv_min_port=50000

pasv_max_port=51000
pasv_enable=YES
pasv_promiscuous=YES
port_promiscuous=NO
max_clients=9
max_per_ip=9

7, Create ks.cfg file

[root@pxe pub]# pwd
/var/ftp/pub
[root@pxe pub]# ls
ks7.cfg
[root@pxe pub]# cat ks7.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted lxqk4My6q5YyQ
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="ftp://192.168.1.254/centos7"
# System language
lang en_US.UTF-8
# Firewall configuration
firewall --disabled
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
# Installation logging level
logging --level=warning
# Run the Setup Agent on first boot
firstboot --disable
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Network information
network --device=bootif --onboot=on --hostname=localhost --bootproto=bootp --noipv6
# Reboot after installation
reboot
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --asprimary --fstype=xfs --size=512
part /     --asprimary --fstype=xfs --size=1 --grow

%packages --nobase
@Core --nodefaults
-iwl3160-firmware
-iwl6000g2b-firmware
-iwl2030-firmware
-iwl7265-firmware
-iwl1000-firmware
-iwl4965-firmware
-iwl2000-firmware
-iwl3945-firmware
-alsa-tools-firmware
-aic94xx-firmware
-iwl135-firmware
-iwl7260-firmware
-iwl6050-firmware
-iwl6000g2a-firmware
-iwl5000-firmware
-ivtv-firmware
-iwl100-firmware
-iwl5150-firmware
-iwl105-firmware
-iwl6000-firmware
-alsa-firmware
-postfix
-audit
-tuned
chrony
psmisc
net-tools
screen
vim-enhanced
tcpdump
lrzsz
ltrace
strace
traceroute
whois
bind-utils
tree
mlocate
rsync
lsof
lftp
patch
diffutils
cpio
time
nmap
socat
man-pages
rpm-build
createrepo
%end

%pre
%end

%post --interpreter=/bin/bash
rm -f /etc/yum.repos.d/*.repo
cat >/etc/yum.repos.d/local.repo <<'EOF'
[local_repo]
name=CentOS-$releasever - Base
baseurl=ftp://192.168.1.254/centos7
enabled=1
gpgcheck=1
EOF
rpm -import ftp://192.168.1.254/centos7/RPM-GPG-KEY-CentOS-7
yum erase -y NetworkManager NetworkManager-libnm kexec-tools firewalld-filesystem polkit
sed 's,^CRONDARGS=.*,&"-m off",' -i /etc/sysconfig/crond
sed 's,^\(OPTIONS=\).*,\1"-4",'  -i /etc/sysconfig/chronyd
sed 's,^server .*,&\ncmdallow 127.0.0.1,' -i /etc/chrony.conf
sed 's,^#\(terminfo xterm \x27is.*\),\1\nterm xterm,' -i /etc/screenrc
cat >>/etc/sysconfig/network <<'EOF'
IPV6INIT="no"
NETWORKING="yes"
NOZEROCONF="yes"
EOF
echo -e "# ::1\t\tlocalhost localhost.localdomain localhost6 localhost6.localdomain6" >/etc/hosts
echo -e "127.0.0.1\tlocalhost localhost.localdomain localhost4 localhost4.localdomain4" >>/etc/hosts
echo -e 'export TZ='Asia/Shanghai' PYTHONSTARTUP="/usr/lib64/python2.7/pystartup.py" TMOUT=7200' >/etc/profile.d/environ.sh
echo -e "blacklist acpi_pad\nblacklist power_meter" >/etc/modprobe.d/blacklist.conf
cat >/usr/lib64/python2.7/pystartup.py <<'EOF'
#!/usr/bin/python
# -*- coding:utf_8 -*-
#from __future__ import print_function
from rlcompleter import readline
readline.parse_and_bind("tab: Complete")
EOF
cat >/etc/sysctl.d/70-system.conf <<'EOF'
net.ipv4.ip_forward = 1
net.ipv4.ip_default_ttl = 255
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 0

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
kernel.sysrq = 16
vm.swappiness = 0
EOF
# config vimrc
cat >>/etc/vimrc<<'EOF'
set wrapscan
set noautoindent
set showmatch
set binary
set noswapfile
set ignorecase          " Do case insensitive matching
set foldmethod=syntax
set foldlevel=100
filetype plugin off
EOF
sed -e 's,^#\(Port\).*,\1 10022,' \
    -e 's,^#\(ListenAddress 0.0.0.0\),\1,' \
    -e 's,^#\(PermitRootLogin\).*,\1 yes,' \
    -e 's,^#\(MaxAuthTries\).*,\1 3,' \
    -e 's,^#\(UseDNS\).*,\1 no,' -i /etc/ssh/sshd_config
cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<'EOF'
# Generated by dracut initrd
DEVICE="eth0"
ONBOOT="yes"
IPV6INIT="no"
IPV4_FAILURE_FATAL="no"
NM_CONTROLLED="no"
TYPE="Ethernet"
BOOTPROTO="dhcp"
EOF
%end

[root@pxe ~]# systemctl restart vsftpd
[root@pxe ~]# systemctl enable  vsftpd

8, Ensure that the folder has read and execute (rw) permission, and the ordinary text file has read (r) permission (important)

[root@pxe ~]# ll    /var/lib/tftpboot/
//Total consumption 268
drwxr-xr-x 2 root root    39 9 Month 522:59 centos7
-rw-r--r-- 1 root root 20832 9 Month 522:49 chain.c32
-rw-r--r-- 1 root root 89376 9 Month 522:49 gpxelinux.0
-rw-r--r-- 1 root root 35676 9 Month 522:49 mboot.c32
-rw-r--r-- 1 root root 26268 9 Month 522:49 memdisk
-rw-r--r-- 1 root root 61796 9 Month 522:49 menu.c32
-rw-r--r-- 1 root root 26759 9 Month 522:49 pxelinux.0
drwxr-xr-x 2 root root    21 9 Month 523:01 pxelinux.cfg
[root@pxe ~]# ll    /var/lib/tftpboot/pxelinux.cfg/default 
-rw-r--r-- 1 root root 233 9 Month 522:53 /var/lib/tftpboot/pxelinux.cfg/default

9, System installation flow chart

 

 

Tags: vsftpd network yum ftp

Posted on Thu, 02 Jan 2020 03:27:10 -0500 by asy1mpo