一、PXE简介
1-1 什么是PXE
PXE(preboot execute environment,预启动执行环境)是由Intel公司开发的最新技术,工作于Client/Server的网络模式,支持工作站通过网络从远端服务器下载映像,并由此支持通过网络启动操作系统,在启动过程中,终端要求服务器分配IP地址,再用TFTP(trivial file transfer protocol)或MTFTP(multicast trivial file transfer protocol)协议下载一个启动软件包到本机内存中执行,由这个启动软件包完成终端(客户端)基本软件设置,从而引导预先安装在服务器中的终端操作系统。PXE可以引导多种操作系统,如:Windows95/98/2000/windows2003/windows2008/winXP/win7/win8,linux系列系统等
1-2 PXE工作流程
1-1 DHCP工作流程
一、环境准备
2-1 PXE服务端
外网地址(NAT):192.168.100.133
内网地址(LAN):172.16.35.133
2-2 PXE客户端
外网地址(NAT):192.168.100.134
2-3 验证
[root@pxe-server ~]# ping 192.168.100.134 PING 192.168.100.134 (192.168.100.134) 56(84) bytes of data. 64 bytes from 192.168.100.134: icmp_seq=1 ttl=64 time=4.73 ms [root@pxe-server ~]# ping 172.16.35.134 PING 172.16.35.134 (172.16.35.134) 56(84) bytes of data. 64 bytes from 172.16.35.134: icmp_seq=1 ttl=64 time=16.3 ms [root@pxe-client ~]# ping 192.168.100.133 PING 192.168.100.133 (192.168.100.133) 56(84) bytes of data. 64 bytes from 192.168.100.133: icmp_seq=1 ttl=64 time=1.29 ms [root@pxe-client ~]# ping 172.16.35.133 PING 172.16.35.133 (172.16.35.133) 56(84) bytes of data. 64 bytes from 172.16.35.133: icmp_seq=1 ttl=64 time=1.51 ms
一、环境部署
[root@pxe-server ~]# cat /etc/redhat-release CentOS release 6.6 (Final) [root@pxe-server ~]# uname -r 2.6.32-504.el6.x86_64 [root@pxe-server ~]# uname -m x86_64 [root@pxe-server ~]# uname -n pxe-server [root@pxe-server ~]# getenforce Permissive [root@pxe-server ~]# /etc/init.d/iptables status iptables: Firewall is not running.
3-1 安装dhcp
[root@pxe-server ~]# rpm -qa dhcp
[root@pxe-server ~]# yum -y install dhcp
[root@pxe-server ~]# rpm -qa dhcp
dhcp-4.1.1-53.P1.el6.centos.x86_64
[root@pxe-server ~]# vim /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see 'man 5 dhcpd.conf'
#
ddns-update-style none;
ignore client-updates;
subnet 172.16.35.0 netmask 255.255.255.0 {
range 172.16.35.21 172.16.35.200; #可分配IP地址池
option subnet-mask 255.255.255.0; #子网掩码
default-lease-time 21600; #默认IP租用期限
max-lease-time 43200; #最大IP租用期限
next-server 172.16.35.133; #告诉PXE客户端TFTP服务器地址
filename "/pxelinux.0"; #告诉PXE客户端从TFTP服务器地址根目录下载pxelinux.0文件
}
[root@pxe-server ~]# vim /etc/sysconfig/dhcpd
# Command line options here
DHCPDARGS=eth1 #指定哪块网卡通过DHCP获取IP地址
[root@pxe-server ~]# /etc/init.d/dhcpd start
Starting dhcpd: [ OK ]
[root@pxe-server ~]# netstat -tnlup|grep "67"|grep -v "grep"
udp 0 0 0.0.0.0:67 0.0.0.0:* 27410/dhcpd
[root@pxe-server ~]# ps -ef|grep "dhcpd"|grep -v "grep"
dhcpd 27410 1 0 14:43 ? 00:00:00 /usr/sbin/dhcpd -user dhcpd -group dhcpd eth1
[root@pxe-server ~]# lsof -i:67
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dhcpd 27410 dhcpd 7u IPv4 36459 0t0 UDP *:bootps
关闭虚拟机DHCP服务,防止eth1获取地址有误
3-2 安装tftp
[root@pxe-server ~]# rpm -qa tftp-server
[root@pxe-server ~]# yum -y install tftp-server
[root@pxe-server ~]# rpm -qa tftp-server
tftp-server-0.49-8.el6.x86_64
[root@pxe-server ~]# vim /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no #由原来的yes改成no
per_source = 11
cps = 100 2
flags = IPv4
}
[root@pxe-server ~]# /etc/init.d/xinetd start
Starting xinetd: [ OK ]
[root@pxe-server ~]# netstat -tnlup|grep "69"|grep -v "grep"
udp 0 0 0.0.0.0:69 0.0.0.0:* 27537/xinetd
[root@pxe-server ~]# lsof -i:69
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 27537 root 5u IPv4 38548 0t0 UDP *:tftp3-3 安装http
[root@pxe-server ~]# rpm -qa httpd [root@pxe-server ~]# yum -y install httpd [root@pxe-server ~]# rpm -qa httpd httpd-2.2.15-59.el6.centos.x86_64 [root@pxe-server ~]# sed -i "277i ServerName 127.0.0.1:80" /etc/httpd/conf/httpd.conf [root@pxe-server ~]# sed -n '277p' /etc/httpd/conf/httpd.conf ServerName 127.0.0.1:80 [root@pxe-server ~]# /etc/init.d/httpd start Starting httpd: [ OK ] [root@pxe-server ~]# netstat -tnlup|grep "80"|grep -v "grep" tcp 0 0 :::80 :::* LISTEN 28258/httpd [root@pxe-server ~]# ps -ef|grep "httpd"|grep -v "grep" root 28258 1 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28260 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28261 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28262 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28263 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28264 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28265 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28266 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28267 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd [root@pxe-server ~]# mkdir /var/www/html/pxe/centos6.6_x86_64 -p [root@pxe-server ~]# ls -ld /var/www/html/pxe/centos6.6_x86_64/ drwxr-xr-x. 2 root root 4096 Jun 22 15:32 /var/www/html/pxe/centos6.6_x86_64/
[root@pxe-server ~]# mount /dev/cdrom /var/www/html/pxe/centos6.6_x86_64/ #挂载镜像 mount: block device /dev/sr0 is write-protected, mounting read-only [root@pxe-server ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 13G 1.5G 11G 13% / tmpfs 244M 0 244M 0% /dev/shm /dev/sda1 976M 27M 898M 3% /boot /dev/sr0 4.4G 4.4G 0 100% /var/www/html/pxe/centos6.6_x86_64
3-4 安装syslinux
[root@pxe-server ~]# rpm -qa syslinux [root@pxe-server ~]# yum -y install syslinux #安装是为了获取pxelinux.0文件 [root@pxe-server ~]# rpm -qa syslinux syslinux-4.04-3.el6.x86_64 [root@pxe-server ~]# cp -a /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/ #拷贝启动菜单程序文件 [root@pxe-server ~]# ls -l /var/lib/tftpboot/pxelinux.0 -rw-r--r--. 1 root root 26759 Oct 16 2014 /var/lib/tftpboot/pxelinux.0 [root@pxe-server ~]# cp -a /var/www/html/pxe/centos6.6_x86_64/isolinux/* /var/lib/tftpboot/ #拷贝启动程序文件 [root@pxe-server ~]# ls /var/lib/tftpboot/ boot.cat grub.conf isolinux.bin memtest splash.jpg vesamenu.c32 boot.msg initrd.img isolinux.cfg pxelinux.0 TRANS.TBL vmlinuz [root@pxe-server ~]# mkdir /var/lib/tftpboot/pxelinux.cfg -p #存放客户端配置文件 [root@pxe-server ~]# ls -ld /var/lib/tftpboot/pxelinux.cfg/ drwxr-xr-x. 2 root root 4096 Jun 22 15:54 /var/lib/tftpboot/pxelinux.cfg/ [root@pxe-server ~]# cp -a /var/www/html/pxe/centos6.6_x86_64/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default [root@pxe-server ~]# ls -l /var/lib/tftpboot/pxelinux.cfg/default -r--r--r--. 1 root root 936 Oct 24 2014 /var/lib/tftpboot/pxelinux.cfg/default 新建一台虚拟机验证效果(内存大小最好大于1G),不需要指定镜像文件
第一块网卡eth0请求dhcp服务器获取IP地址,由于事先关闭了虚拟机的dhcp功能,所以获取IP地址失败,直到到达指定的超时时间,如果不想等待,直接按ESC跳过
第二块网卡eth1请求dhcp服务器获取IP地址,获取成功后,出现如下画面
3-5 配置default文件
[root@pxe-server ~]# vim /var/lib/tftpboot/pxelinux.cfg/default default kickstart #默认启动 prompt 0 #显示boot提示符,0表示不提示,直接启动default参数中指定的内容 label kickstart #标签 kernel vmlinuz #指定要启动的内核 append initrd=initrd.img ks=http://172.16.35.133/ks.cfg ksdevice=eth1 #指定追加内核参数,告诉从哪里获取ks.cfg文件
3-6 生成ks.cfg文件
[root@pxe-server ~]# vim /var/www/html/ks.cfg #platform=x86, AMD64, or Intel EM64T #version=DEVEL # Firewall configuration firewall --disabled # Install OS instead of upgrade install # Text mode installation text # Use network installation url --url="http://172.16.35.133/pxe/centos6.6_x86_64" # Root password rootpw --iscrypted $1$JdY39Iom$FsHk6E/B916KTw/hQ1MYe0 # System authorization information auth --useshadow --passalgo=sha512 # Use graphical install graphical # System keyboard keyboard us # System language lang en_US # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # Installation logging level logging --level=info # Reboot after installation reboot # System timezone timezone Asia/Shanghai # Network information network --bootproto=dhcp --device=eth1 --onboot=on dhcp --noipv6 --hostname=keywa.com # System bootloader configuration bootloader --location=mbr --md5pass="$1$T/UgquId$IntqW132CNwVhp3m95Q171" # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel # Disk partitioning information part /boot --asprimary --fstype="ext4" --size=200 part swap --asprimary --fstype="swap" --size=700 part / --asprimary --fstype="ext4" --grow --size=200 %packages @base @compat-libraries @debugging @development tree nmap lrzsz dos2unix telnet sysstat %post wget -O /tmp/initialization_pxe.sh http://172.16.35.133/scripts/initialization_pxe.sh /bin/bash /tmp/initialization_pxe.sh %end
3-7 系统初始化脚本
[root@pxe-server ~]# mkdir /var/www/html/scripts -p
[root@pxe-server ~]# ls -ld /var/www/html/scripts/
drwxr-xr-x. 2 root root 4096 Jun 22 18:47 /var/www/html/scripts/
[root@pxe-server ~]# vim /var/www/html/scripts/initialization_pxe.sh
#/bin/bash
# Name:initialization_pxe.sh
# Version:V1.0
# Type:Common Script
# Language:Bash Shell
# Date:2017-06-12
# Author:LinBin
# Email:linbin@keywa.com
# QQ:991395975
# Determine whether the current user is an administrator.
if [ "$UID" -ne 0 ]
then
echo "The Script Must Be An Administrator To Execute."
exit 1
fi
# Source function library.
. /etc/rc.d/init.d/functions
# Variable definitions.
LANG=en
Date=$(date +%F)
Nmap=$(nmap -n --open -p 80 172.16.35.133|grep "\b80\b"|wc -l)
Ip=$(ifconfig eth0|awk -F"[ :]+" 'NR==2{print $4}')
Wget_Url="http://192.168.100.133"
Network_File="/etc/sysconfig/network-scripts/ifcfg-eth0"
Selinux_Status=$(getenforce)
Selinux_File="/etc/selinux/config"
Porfile="/etc/profile"
Bashrc_File="/etc/bashrc"
Limits_File="/etc/security/limits.conf"
Base_Repo="/etc/yum.repos.d/CentOS-Base.repo"
Epel_Repo="/etc/yum.repos.d/epel.repo"
Motd_File="/etc/motd"
Sysctl_File="/etc/sysctl.conf"
Ssh_File="/etc/ssh/sshd_config"
Sshd="/etc/init.d/sshd"
# Check whether the download server is normal.
function Downcheck() {
if [ "$Nmap" -eq 1 ]
then
echo "Check The Download Server Is Normal."
else
echo "Check The Download Server Is Not Normal."
exit 2
fi
}
# Check whether the network is normal.
function Network() {
if [ -f "$Network_File" ]
then
sed -i -e 's#dhcp#static#g' -e '/BOOTPROTO/a\IPADDR='$Ip'\nNETMASK=255.255.255.0\nGATEWAY=172.16.35.1\nDNS1=114.114.114.114\nDNS2=202.96.128.86' "$Network_File"
RETVAL=$?
if [ "$RETVAL" -eq 0 ]
then
/etc/init.d/network restart &>/dev/null
fi
fi
}
# Close selinux service.
function Selinux() {
if [ "$Selinux_Status" = "permissive" -o "$Selinux_Status" = "disabled" ]
then
echo "Selinux Service Is Not Running."
else
setenforce 0 && sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" $Selinux_File
fi
}
# Close iptables service.
function Iptables() {
/etc/init.d/iptables status &>/dev/null
RETVAL=$?
if [ "$RETVAL" -eq 0 ]
then
/etc/init.d/iptables stop &>/dev/null && chkconfig --level 3 iptables off
else
echo "Iptables Service Is Not Running."
fi
}
# Optimize boot service.
function Chkconfig() {
for services in `chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|network|rsyslog|sshd|sysstat"`
do
chkconfig --level 3 $services off
done
}
# Set the number of system history command records and login timeout.
function Tty() {
sed -i 's#HISTSIZE=1000#HISTSIZE=100#g' $Porfile
sed -i '/^HISTSIZE/a\HISTFILESIZE=100\nHISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "\nTMOUT=300' $Porfile
source $Porfile
}
# Set the system alias.
function Alias() {
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
alias ll='ls -l --color=auto --time-style=long-iso'
alias vi='vim'
cat >> $Bashrc_File<<EOF
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
alias ll='ls -l --color=auto --time-style=long-iso'
alias vi='vim'
EOF
source $Bashrc_File
}
# Set the system to open the file descriptor.
function Descriptor() {
echo "* - nofile 65535" >> $Limits_File
ulimit -SHn 65535
}
# Hide system version information and set login prompts.
function Hideversion() {
[ -f /etc/issue ] && > /etc/issue
[ -f /etc/issue.net ] && > /etc/issue.net
cat >> $Motd_File<<EOF
Welcome To Join The Keywa Family, Please Save Your Account And Password, If You Have Any Questions, Please Contact Your System Administrator.
Mail: linbin@keywa.com
QQ: 991395975
EOF
}
# Set the system kernel parameters.
function Kernel() {
cat >> $Sysctl_File<<EOF
# By LinBin At 2017-06-12
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
EOF
sysctl -p &>/dev/null
}
# Optimizing SSH services.
function Ssh() {
[ -f "$Ssh_File" ] && cp -a $Ssh_File ${Ssh_File}_$Date
sed -i -e "s@^#Port 22@Port 48817@g" -e "s@^#ListenAddress 0.0.0.0@ListenAddress $Ip@g" -e "s@^#UseDNS yes@UseDNS no@g" -e "s@^#PermitRootLogin yes@PermitRootLogin no@g" -e "s@GSSAPIAuthentication yes@GSSAPIAuthentication no@g" $Ssh_File
[ -x "$Sshd" ] && $Sshd restart &>/dev/null
}
# Create a remote connection account.
function Adduser() {
useradd -c "For Remote Login Account" keywa1020b2b
RETVAL=$?
if [ "$RETVAL" -eq 0 ]
then
echo "axbc1kof"|passwd --stdin keywa1020b2b &>/dev/null
fi
}
# Set the network yum repository.
function Yum() {
[ -f "$Base_Repo" ] && cp -a $Base_Repo ${Base_Repo}_$Date
wget -q -O $Base_Repo ${Wget_Url}/config/CentOS-Base.repo
wget -q -O $Epel_Repo ${Wget_Url}/config/epel.repo
}
# Resolv system hostname.
function Resolv() {
wget -q -O /etc/hosts ${Wget_Url}/config/hosts
}
# Synchronize the network time server.
function Ntptime() {
ntpdate 0.pool.ntp.org &>/dev/null && hwclock &>/dev/null
cat >> /var/spool/cron/root<<EOF
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
EOF
}
# Main function.
function Main() {
Downcheck
Network
Selinux
Iptables
Chkconfig
Tty
Alias
Descriptor
Hideversion
Kernel
Ssh
Adduser
Yum
Resolv
Ntptime
}
# Execute the main function.
Main
[root@pxe-server ~]# mkdir /var/www/html/config -p
[root@pxe-server ~]# ls -ld /var/www/html/config/
drwxr-xr-x. 2 root root 4096 Jun 22 20:43 /var/www/html/config/
上传hosts、阿里云仓库、epel仓库
[root@pxe-server ~]# tree /var/www/html/ -L 2
/var/www/html/
├── config
│ ├── CentOS-Base.repo
│ ├── epel.repo
│ └── hosts
├── ks.cfg
├── pxe
│ └── centos6.6_x86_64
└── scripts
└── initialization_pxe.sh
4 directories, 5 files四、安装系统
发表评论