PXE one key installation
PXE(Preboot eXecute Environment) is mainly used to boot the client host to install the Linux operating system in the unattended installation system. Kickstart is an unattended installation method. Its working principle is to save the parameters that need to be filled in manually by the operation and maintenance personnel into a ks.cfg file in advance. When the parameters need to be filled in during the installation process, they will automatically match the files generated by kickstart.
1, Preparation before installation
Hardware and software configuration: the network card should support pxe startup, and the operating system should also support pxe startup
DHCP server for ip allocation
TFTP server helps clients get boot and driver files
The VSFTP server is used to store the installation files of the operating system, or httpd can be used to replace the vsftpd service program.
2, Actual combat environment
[root@pxe ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
3, Configure static ip
[root@pxe ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 # Generated by dracut initrd DEVICE="eth0" ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.200 PREFIX=24 GATEWAY=192.168.1.254 TYPE=Ethernet NM_CONTROLLED=no
4. Configure dhcp service
[root@pxe ~]# yum -y install dhcp [root@pxe ~]# cat /etc/dhcp/dhcpd.conf # DHCP Server Configuration file. # see /usr/share/doc/dhcp*/dhcpd.conf.example # see dhcpd.conf(5) man page ddns-update-style none; ignore client-updates; default-lease-time 14400; max-lease-time 86400; allow bootp; allow booting; local-address 192.168.1.200; #Native ip local-port 67; include "/etc/dhcp/subnet"; [root@pxe ~]# cat /etc/dhcp/subnet subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.254; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.1.254; option ntp-servers 192.168.1.254; filename "/gpxelinux.0"; next-server 192.168.1.200; #Native ip pool { range dynamic-bootp 192.168.1.10 192.168.1.240; default-lease-time 3600; max-lease-time 72000; allow unknown-clients; } } [root@pxe ~]# cat /etc/dhcp/subnet subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.254; option subnet-mask 255.255.255.0; option domain-name-servers 192.168.1.254; option ntp-servers 192.168.1.254; filename "/gpxelinux.0"; next-server 192.168.1.200; #Native ip pool { range dynamic-bootp 192.168.1.10 192.168.1.240; default-lease-time 3600; max-lease-time 72000; allow unknown-clients; } }
5, Configure tftp service
[root@pxe ~]# yum -y install tftp-server [root@pxe ~]# cd /var/lib/tftpboot/ [root@pxe tftpboot]# ls chain.c32 gpxelinux.0 mboot.c32 memdisk menu.c32 pxelinux.0 [root@pxe tftpboot]# mkdir pxelinux.cfg [root@pxe tftpboot]# cd pxelinux.cfg/ [root@pxe pxelinux.cfg]# vim default [root@pxe pxelinux.cfg]# cat default default menu.c32 prompt 0 timeout 60 LABEL CentOS7 MENU LABEL CentOS 7 install KERNEL centos7/vmlinuz APPEND initrd=centos7/initrd.img ks=ftp://192.168.1.200/pub/ks7.cfg ksdevice=bootif console=tty0 console=ttyS0,115200 [root@pxe tftpboot]# mkdir centos7 [root@pxe tftpboot]# cd centos7 [root@pxe centos7]# ls initrd.img vmlinuz [root@pxe tftpboot]# tree . # Install tree software . |-- centos7 | |-- initrd.img | `-- vmlinuz |-- chain.c32 |-- gpxelinux.0 |-- mboot.c32 |-- memdisk |-- menu.c32 |-- pxelinux.0 `-- pxelinux.cfg `-- default 2 directories, 9 files [root@pxe ~]# systemctl restart tftp [root@pxe ~]# systemctl enable tftp
See the following link address for the above related guidance documents:
https://github.com/lmzf2018/1804/tree/master/important/PXE one click installation
6, Configure vsftp service
[root@pxe ~]# yum -y install vsftpd [root@pxe ~]# cat /etc/vsftpd/vsftpd.conf ... # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=YES #NO changed to YES # # This directive enables listening on IPv6 sockets. By default, listening # on the IPv6 "any" address (::) will accept connections from both IPv6 # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6 # sockets. If you want that (perhaps because you want to listen on specific # addresses) then you must run two copies of vsftpd with two configuration # files. # Make sure, that one of the listen options is commented !! listen_ipv6=NO #YES changed to NO pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES use_localtime=YES chroot_list_enable=YES chroot_local_user=YES userlist_deny=YES listen_address=0.0.0.0 listen_port=21 pasv_min_port=50000 pasv_max_port=51000 pasv_enable=YES pasv_promiscuous=YES port_promiscuous=NO max_clients=9 max_per_ip=9
7, Create ks.cfg file
[root@pxe pub]# pwd /var/ftp/pub [root@pxe pub]# ls ks7.cfg [root@pxe pub]# cat ks7.cfg #platform=x86, AMD64, or Intel EM64T #version=DEVEL # Install OS instead of upgrade install # Keyboard layouts keyboard 'us' # Root password rootpw --iscrypted lxqk4My6q5YyQ # System timezone timezone Asia/Shanghai # Use network installation url --url="ftp://192.168.1.254/centos7" # System language lang en_US.UTF-8 # Firewall configuration firewall --disabled # System authorization information auth --useshadow --passalgo=sha512 # Use text mode install text # Installation logging level logging --level=warning # Run the Setup Agent on first boot firstboot --disable # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # Network information network --device=bootif --onboot=on --hostname=localhost --bootproto=bootp --noipv6 # Reboot after installation reboot # System bootloader configuration bootloader --location=mbr # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel # Disk partitioning information part /boot --asprimary --fstype=xfs --size=512 part / --asprimary --fstype=xfs --size=1 --grow %packages --nobase @Core --nodefaults -iwl3160-firmware -iwl6000g2b-firmware -iwl2030-firmware -iwl7265-firmware -iwl1000-firmware -iwl4965-firmware -iwl2000-firmware -iwl3945-firmware -alsa-tools-firmware -aic94xx-firmware -iwl135-firmware -iwl7260-firmware -iwl6050-firmware -iwl6000g2a-firmware -iwl5000-firmware -ivtv-firmware -iwl100-firmware -iwl5150-firmware -iwl105-firmware -iwl6000-firmware -alsa-firmware -postfix -audit -tuned chrony psmisc net-tools screen vim-enhanced tcpdump lrzsz ltrace strace traceroute whois bind-utils tree mlocate rsync lsof lftp patch diffutils cpio time nmap socat man-pages rpm-build createrepo %end %pre %end %post --interpreter=/bin/bash rm -f /etc/yum.repos.d/*.repo cat >/etc/yum.repos.d/local.repo <<'EOF' [local_repo] name=CentOS-$releasever - Base baseurl=ftp://192.168.1.254/centos7 enabled=1 gpgcheck=1 EOF rpm -import ftp://192.168.1.254/centos7/RPM-GPG-KEY-CentOS-7 yum erase -y NetworkManager NetworkManager-libnm kexec-tools firewalld-filesystem polkit sed 's,^CRONDARGS=.*,&"-m off",' -i /etc/sysconfig/crond sed 's,^\(OPTIONS=\).*,\1"-4",' -i /etc/sysconfig/chronyd sed 's,^server .*,&\ncmdallow 127.0.0.1,' -i /etc/chrony.conf sed 's,^#\(terminfo xterm \x27is.*\),\1\nterm xterm,' -i /etc/screenrc cat >>/etc/sysconfig/network <<'EOF' IPV6INIT="no" NETWORKING="yes" NOZEROCONF="yes" EOF echo -e "# ::1\t\tlocalhost localhost.localdomain localhost6 localhost6.localdomain6" >/etc/hosts echo -e "127.0.0.1\tlocalhost localhost.localdomain localhost4 localhost4.localdomain4" >>/etc/hosts echo -e 'export TZ='Asia/Shanghai' PYTHONSTARTUP="/usr/lib64/python2.7/pystartup.py" TMOUT=7200' >/etc/profile.d/environ.sh echo -e "blacklist acpi_pad\nblacklist power_meter" >/etc/modprobe.d/blacklist.conf cat >/usr/lib64/python2.7/pystartup.py <<'EOF' #!/usr/bin/python # -*- coding:utf_8 -*- #from __future__ import print_function from rlcompleter import readline readline.parse_and_bind("tab: Complete") EOF cat >/etc/sysctl.d/70-system.conf <<'EOF' net.ipv4.ip_forward = 1 net.ipv4.ip_default_ttl = 255 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 kernel.sysrq = 16 vm.swappiness = 0 EOF # config vimrc cat >>/etc/vimrc<<'EOF' set wrapscan set noautoindent set showmatch set binary set noswapfile set ignorecase " Do case insensitive matching set foldmethod=syntax set foldlevel=100 filetype plugin off EOF sed -e 's,^#\(Port\).*,\1 10022,' \ -e 's,^#\(ListenAddress 0.0.0.0\),\1,' \ -e 's,^#\(PermitRootLogin\).*,\1 yes,' \ -e 's,^#\(MaxAuthTries\).*,\1 3,' \ -e 's,^#\(UseDNS\).*,\1 no,' -i /etc/ssh/sshd_config cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<'EOF' # Generated by dracut initrd DEVICE="eth0" ONBOOT="yes" IPV6INIT="no" IPV4_FAILURE_FATAL="no" NM_CONTROLLED="no" TYPE="Ethernet" BOOTPROTO="dhcp" EOF %end [root@pxe ~]# systemctl restart vsftpd [root@pxe ~]# systemctl enable vsftpd
8, Ensure that the folder has read and execute (rw) permission, and the ordinary text file has read (r) permission (important)
[root@pxe ~]# ll /var/lib/tftpboot/ //Total consumption 268 drwxr-xr-x 2 root root 39 9 Month 522:59 centos7 -rw-r--r-- 1 root root 20832 9 Month 522:49 chain.c32 -rw-r--r-- 1 root root 89376 9 Month 522:49 gpxelinux.0 -rw-r--r-- 1 root root 35676 9 Month 522:49 mboot.c32 -rw-r--r-- 1 root root 26268 9 Month 522:49 memdisk -rw-r--r-- 1 root root 61796 9 Month 522:49 menu.c32 -rw-r--r-- 1 root root 26759 9 Month 522:49 pxelinux.0 drwxr-xr-x 2 root root 21 9 Month 523:01 pxelinux.cfg [root@pxe ~]# ll /var/lib/tftpboot/pxelinux.cfg/default -rw-r--r-- 1 root root 233 9 Month 522:53 /var/lib/tftpboot/pxelinux.cfg/default
9, System installation flow chart
