一、PXE简介
1-1 什么是PXE
PXE(preboot execute environment,预启动执行环境)是由Intel公司开发的最新技术,工作于Client/Server的网络模式,支持工作站通过网络从远端服务器下载映像,并由此支持通过网络启动操作系统,在启动过程中,终端要求服务器分配IP地址,再用TFTP(trivial file transfer protocol)或MTFTP(multicast trivial file transfer protocol)协议下载一个启动软件包到本机内存中执行,由这个启动软件包完成终端(客户端)基本软件设置,从而引导预先安装在服务器中的终端操作系统。PXE可以引导多种操作系统,如:Windows95/98/2000/windows2003/windows2008/winXP/win7/win8,linux系列系统等
1-2 PXE工作流程
1-1 DHCP工作流程
一、环境准备
2-1 PXE服务端
外网地址(NAT):192.168.100.133
内网地址(LAN):172.16.35.133
2-2 PXE客户端
外网地址(NAT):192.168.100.134
2-3 验证
[root@pxe-server ~]# ping 192.168.100.134 PING 192.168.100.134 (192.168.100.134) 56(84) bytes of data. 64 bytes from 192.168.100.134: icmp_seq=1 ttl=64 time=4.73 ms [root@pxe-server ~]# ping 172.16.35.134 PING 172.16.35.134 (172.16.35.134) 56(84) bytes of data. 64 bytes from 172.16.35.134: icmp_seq=1 ttl=64 time=16.3 ms [root@pxe-client ~]# ping 192.168.100.133 PING 192.168.100.133 (192.168.100.133) 56(84) bytes of data. 64 bytes from 192.168.100.133: icmp_seq=1 ttl=64 time=1.29 ms [root@pxe-client ~]# ping 172.16.35.133 PING 172.16.35.133 (172.16.35.133) 56(84) bytes of data. 64 bytes from 172.16.35.133: icmp_seq=1 ttl=64 time=1.51 ms
一、环境部署
[root@pxe-server ~]# cat /etc/redhat-release CentOS release 6.6 (Final) [root@pxe-server ~]# uname -r 2.6.32-504.el6.x86_64 [root@pxe-server ~]# uname -m x86_64 [root@pxe-server ~]# uname -n pxe-server [root@pxe-server ~]# getenforce Permissive [root@pxe-server ~]# /etc/init.d/iptables status iptables: Firewall is not running.
3-1 安装dhcp
[root@pxe-server ~]# rpm -qa dhcp [root@pxe-server ~]# yum -y install dhcp [root@pxe-server ~]# rpm -qa dhcp dhcp-4.1.1-53.P1.el6.centos.x86_64 [root@pxe-server ~]# vim /etc/dhcp/dhcpd.conf # # DHCP Server Configuration file. # see /usr/share/doc/dhcp*/dhcpd.conf.sample # see 'man 5 dhcpd.conf' # ddns-update-style none; ignore client-updates; subnet 172.16.35.0 netmask 255.255.255.0 { range 172.16.35.21 172.16.35.200; #可分配IP地址池 option subnet-mask 255.255.255.0; #子网掩码 default-lease-time 21600; #默认IP租用期限 max-lease-time 43200; #最大IP租用期限 next-server 172.16.35.133; #告诉PXE客户端TFTP服务器地址 filename "/pxelinux.0"; #告诉PXE客户端从TFTP服务器地址根目录下载pxelinux.0文件 } [root@pxe-server ~]# vim /etc/sysconfig/dhcpd # Command line options here DHCPDARGS=eth1 #指定哪块网卡通过DHCP获取IP地址 [root@pxe-server ~]# /etc/init.d/dhcpd start Starting dhcpd: [ OK ] [root@pxe-server ~]# netstat -tnlup|grep "67"|grep -v "grep" udp 0 0 0.0.0.0:67 0.0.0.0:* 27410/dhcpd [root@pxe-server ~]# ps -ef|grep "dhcpd"|grep -v "grep" dhcpd 27410 1 0 14:43 ? 00:00:00 /usr/sbin/dhcpd -user dhcpd -group dhcpd eth1 [root@pxe-server ~]# lsof -i:67 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dhcpd 27410 dhcpd 7u IPv4 36459 0t0 UDP *:bootps 关闭虚拟机DHCP服务,防止eth1获取地址有误
3-2 安装tftp
[root@pxe-server ~]# rpm -qa tftp-server [root@pxe-server ~]# yum -y install tftp-server [root@pxe-server ~]# rpm -qa tftp-server tftp-server-0.49-8.el6.x86_64 [root@pxe-server ~]# vim /etc/xinetd.d/tftp # default: off # description: The tftp server serves files using the trivial file transfer \ # protocol. The tftp protocol is often used to boot diskless \ # workstations, download configuration files to network-aware printers, \ # and to start the installation process for some operating systems. service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /var/lib/tftpboot disable = no #由原来的yes改成no per_source = 11 cps = 100 2 flags = IPv4 } [root@pxe-server ~]# /etc/init.d/xinetd start Starting xinetd: [ OK ] [root@pxe-server ~]# netstat -tnlup|grep "69"|grep -v "grep" udp 0 0 0.0.0.0:69 0.0.0.0:* 27537/xinetd [root@pxe-server ~]# lsof -i:69 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME xinetd 27537 root 5u IPv4 38548 0t0 UDP *:tftp
3-3 安装http
[root@pxe-server ~]# rpm -qa httpd [root@pxe-server ~]# yum -y install httpd [root@pxe-server ~]# rpm -qa httpd httpd-2.2.15-59.el6.centos.x86_64 [root@pxe-server ~]# sed -i "277i ServerName 127.0.0.1:80" /etc/httpd/conf/httpd.conf [root@pxe-server ~]# sed -n '277p' /etc/httpd/conf/httpd.conf ServerName 127.0.0.1:80 [root@pxe-server ~]# /etc/init.d/httpd start Starting httpd: [ OK ] [root@pxe-server ~]# netstat -tnlup|grep "80"|grep -v "grep" tcp 0 0 :::80 :::* LISTEN 28258/httpd [root@pxe-server ~]# ps -ef|grep "httpd"|grep -v "grep" root 28258 1 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28260 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28261 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28262 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28263 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28264 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28265 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28266 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd apache 28267 28258 0 15:29 ? 00:00:00 /usr/sbin/httpd [root@pxe-server ~]# mkdir /var/www/html/pxe/centos6.6_x86_64 -p [root@pxe-server ~]# ls -ld /var/www/html/pxe/centos6.6_x86_64/ drwxr-xr-x. 2 root root 4096 Jun 22 15:32 /var/www/html/pxe/centos6.6_x86_64/
[root@pxe-server ~]# mount /dev/cdrom /var/www/html/pxe/centos6.6_x86_64/ #挂载镜像 mount: block device /dev/sr0 is write-protected, mounting read-only [root@pxe-server ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 13G 1.5G 11G 13% / tmpfs 244M 0 244M 0% /dev/shm /dev/sda1 976M 27M 898M 3% /boot /dev/sr0 4.4G 4.4G 0 100% /var/www/html/pxe/centos6.6_x86_64
3-4 安装syslinux
[root@pxe-server ~]# rpm -qa syslinux [root@pxe-server ~]# yum -y install syslinux #安装是为了获取pxelinux.0文件 [root@pxe-server ~]# rpm -qa syslinux syslinux-4.04-3.el6.x86_64 [root@pxe-server ~]# cp -a /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/ #拷贝启动菜单程序文件 [root@pxe-server ~]# ls -l /var/lib/tftpboot/pxelinux.0 -rw-r--r--. 1 root root 26759 Oct 16 2014 /var/lib/tftpboot/pxelinux.0 [root@pxe-server ~]# cp -a /var/www/html/pxe/centos6.6_x86_64/isolinux/* /var/lib/tftpboot/ #拷贝启动程序文件 [root@pxe-server ~]# ls /var/lib/tftpboot/ boot.cat grub.conf isolinux.bin memtest splash.jpg vesamenu.c32 boot.msg initrd.img isolinux.cfg pxelinux.0 TRANS.TBL vmlinuz [root@pxe-server ~]# mkdir /var/lib/tftpboot/pxelinux.cfg -p #存放客户端配置文件 [root@pxe-server ~]# ls -ld /var/lib/tftpboot/pxelinux.cfg/ drwxr-xr-x. 2 root root 4096 Jun 22 15:54 /var/lib/tftpboot/pxelinux.cfg/ [root@pxe-server ~]# cp -a /var/www/html/pxe/centos6.6_x86_64/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default [root@pxe-server ~]# ls -l /var/lib/tftpboot/pxelinux.cfg/default -r--r--r--. 1 root root 936 Oct 24 2014 /var/lib/tftpboot/pxelinux.cfg/default 新建一台虚拟机验证效果(内存大小最好大于1G),不需要指定镜像文件
第一块网卡eth0请求dhcp服务器获取IP地址,由于事先关闭了虚拟机的dhcp功能,所以获取IP地址失败,直到到达指定的超时时间,如果不想等待,直接按ESC跳过
第二块网卡eth1请求dhcp服务器获取IP地址,获取成功后,出现如下画面
3-5 配置default文件
[root@pxe-server ~]# vim /var/lib/tftpboot/pxelinux.cfg/default default kickstart #默认启动 prompt 0 #显示boot提示符,0表示不提示,直接启动default参数中指定的内容 label kickstart #标签 kernel vmlinuz #指定要启动的内核 append initrd=initrd.img ks=http://172.16.35.133/ks.cfg ksdevice=eth1 #指定追加内核参数,告诉从哪里获取ks.cfg文件
3-6 生成ks.cfg文件
[root@pxe-server ~]# vim /var/www/html/ks.cfg #platform=x86, AMD64, or Intel EM64T #version=DEVEL # Firewall configuration firewall --disabled # Install OS instead of upgrade install # Text mode installation text # Use network installation url --url="http://172.16.35.133/pxe/centos6.6_x86_64" # Root password rootpw --iscrypted $1$JdY39Iom$FsHk6E/B916KTw/hQ1MYe0 # System authorization information auth --useshadow --passalgo=sha512 # Use graphical install graphical # System keyboard keyboard us # System language lang en_US # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # Installation logging level logging --level=info # Reboot after installation reboot # System timezone timezone Asia/Shanghai # Network information network --bootproto=dhcp --device=eth1 --onboot=on dhcp --noipv6 --hostname=keywa.com # System bootloader configuration bootloader --location=mbr --md5pass="$1$T/UgquId$IntqW132CNwVhp3m95Q171" # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel # Disk partitioning information part /boot --asprimary --fstype="ext4" --size=200 part swap --asprimary --fstype="swap" --size=700 part / --asprimary --fstype="ext4" --grow --size=200 %packages @base @compat-libraries @debugging @development tree nmap lrzsz dos2unix telnet sysstat %post wget -O /tmp/initialization_pxe.sh http://172.16.35.133/scripts/initialization_pxe.sh /bin/bash /tmp/initialization_pxe.sh %end
3-7 系统初始化脚本
[root@pxe-server ~]# mkdir /var/www/html/scripts -p [root@pxe-server ~]# ls -ld /var/www/html/scripts/ drwxr-xr-x. 2 root root 4096 Jun 22 18:47 /var/www/html/scripts/ [root@pxe-server ~]# vim /var/www/html/scripts/initialization_pxe.sh #/bin/bash # Name:initialization_pxe.sh # Version:V1.0 # Type:Common Script # Language:Bash Shell # Date:2017-06-12 # Author:LinBin # Email:linbin@keywa.com # QQ:991395975 # Determine whether the current user is an administrator. if [ "$UID" -ne 0 ] then echo "The Script Must Be An Administrator To Execute." exit 1 fi # Source function library. . /etc/rc.d/init.d/functions # Variable definitions. LANG=en Date=$(date +%F) Nmap=$(nmap -n --open -p 80 172.16.35.133|grep "\b80\b"|wc -l) Ip=$(ifconfig eth0|awk -F"[ :]+" 'NR==2{print $4}') Wget_Url="http://192.168.100.133" Network_File="/etc/sysconfig/network-scripts/ifcfg-eth0" Selinux_Status=$(getenforce) Selinux_File="/etc/selinux/config" Porfile="/etc/profile" Bashrc_File="/etc/bashrc" Limits_File="/etc/security/limits.conf" Base_Repo="/etc/yum.repos.d/CentOS-Base.repo" Epel_Repo="/etc/yum.repos.d/epel.repo" Motd_File="/etc/motd" Sysctl_File="/etc/sysctl.conf" Ssh_File="/etc/ssh/sshd_config" Sshd="/etc/init.d/sshd" # Check whether the download server is normal. function Downcheck() { if [ "$Nmap" -eq 1 ] then echo "Check The Download Server Is Normal." else echo "Check The Download Server Is Not Normal." exit 2 fi } # Check whether the network is normal. function Network() { if [ -f "$Network_File" ] then sed -i -e 's#dhcp#static#g' -e '/BOOTPROTO/a\IPADDR='$Ip'\nNETMASK=255.255.255.0\nGATEWAY=172.16.35.1\nDNS1=114.114.114.114\nDNS2=202.96.128.86' "$Network_File" RETVAL=$? if [ "$RETVAL" -eq 0 ] then /etc/init.d/network restart &>/dev/null fi fi } # Close selinux service. function Selinux() { if [ "$Selinux_Status" = "permissive" -o "$Selinux_Status" = "disabled" ] then echo "Selinux Service Is Not Running." else setenforce 0 && sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" $Selinux_File fi } # Close iptables service. function Iptables() { /etc/init.d/iptables status &>/dev/null RETVAL=$? if [ "$RETVAL" -eq 0 ] then /etc/init.d/iptables stop &>/dev/null && chkconfig --level 3 iptables off else echo "Iptables Service Is Not Running." fi } # Optimize boot service. function Chkconfig() { for services in `chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|network|rsyslog|sshd|sysstat"` do chkconfig --level 3 $services off done } # Set the number of system history command records and login timeout. function Tty() { sed -i 's#HISTSIZE=1000#HISTSIZE=100#g' $Porfile sed -i '/^HISTSIZE/a\HISTFILESIZE=100\nHISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "\nTMOUT=300' $Porfile source $Porfile } # Set the system alias. function Alias() { alias grep='grep --color=auto' alias egrep='egrep --color=auto' alias ll='ls -l --color=auto --time-style=long-iso' alias vi='vim' cat >> $Bashrc_File<<EOF alias grep='grep --color=auto' alias egrep='egrep --color=auto' alias ll='ls -l --color=auto --time-style=long-iso' alias vi='vim' EOF source $Bashrc_File } # Set the system to open the file descriptor. function Descriptor() { echo "* - nofile 65535" >> $Limits_File ulimit -SHn 65535 } # Hide system version information and set login prompts. function Hideversion() { [ -f /etc/issue ] && > /etc/issue [ -f /etc/issue.net ] && > /etc/issue.net cat >> $Motd_File<<EOF Welcome To Join The Keywa Family, Please Save Your Account And Password, If You Have Any Questions, Please Contact Your System Administrator. Mail: linbin@keywa.com QQ: 991395975 EOF } # Set the system kernel parameters. function Kernel() { cat >> $Sysctl_File<<EOF # By LinBin At 2017-06-12 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 EOF sysctl -p &>/dev/null } # Optimizing SSH services. function Ssh() { [ -f "$Ssh_File" ] && cp -a $Ssh_File ${Ssh_File}_$Date sed -i -e "s@^#Port 22@Port 48817@g" -e "s@^#ListenAddress 0.0.0.0@ListenAddress $Ip@g" -e "s@^#UseDNS yes@UseDNS no@g" -e "s@^#PermitRootLogin yes@PermitRootLogin no@g" -e "s@GSSAPIAuthentication yes@GSSAPIAuthentication no@g" $Ssh_File [ -x "$Sshd" ] && $Sshd restart &>/dev/null } # Create a remote connection account. function Adduser() { useradd -c "For Remote Login Account" keywa1020b2b RETVAL=$? if [ "$RETVAL" -eq 0 ] then echo "axbc1kof"|passwd --stdin keywa1020b2b &>/dev/null fi } # Set the network yum repository. function Yum() { [ -f "$Base_Repo" ] && cp -a $Base_Repo ${Base_Repo}_$Date wget -q -O $Base_Repo ${Wget_Url}/config/CentOS-Base.repo wget -q -O $Epel_Repo ${Wget_Url}/config/epel.repo } # Resolv system hostname. function Resolv() { wget -q -O /etc/hosts ${Wget_Url}/config/hosts } # Synchronize the network time server. function Ntptime() { ntpdate 0.pool.ntp.org &>/dev/null && hwclock &>/dev/null cat >> /var/spool/cron/root<<EOF ####Synchronization Network Time Server#### */5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null EOF } # Main function. function Main() { Downcheck Network Selinux Iptables Chkconfig Tty Alias Descriptor Hideversion Kernel Ssh Adduser Yum Resolv Ntptime } # Execute the main function. Main [root@pxe-server ~]# mkdir /var/www/html/config -p [root@pxe-server ~]# ls -ld /var/www/html/config/ drwxr-xr-x. 2 root root 4096 Jun 22 20:43 /var/www/html/config/ 上传hosts、阿里云仓库、epel仓库 [root@pxe-server ~]# tree /var/www/html/ -L 2 /var/www/html/ ├── config │ ├── CentOS-Base.repo │ ├── epel.repo │ └── hosts ├── ks.cfg ├── pxe │ └── centos6.6_x86_64 └── scripts └── initialization_pxe.sh 4 directories, 5 files
发表评论