一、iPXE介绍
PXE 采用PXELINUX:,是 Syslinux 项目的一部分,提供了一个基于菜单的 PXE 引导管理器,可用于通过网络引导计算机。它是相对简单和常用的 PXE 实现之一。
iPXE,一个开源的网络引导固件,相比于原生的PXE网络引导 iPXE 提供了更多的灵活性和功能,如支持丰富的网络协议、如,http,https,NFS,TFTP,iSCSI协议,提高了下载速度和灵活性。iPXE允许我们做适配性修改,除了传统X86架构,我行还引进了国产ARM架构,我们只需要编译一个ARM架构的iPXE启动程序,即可快速适配新架构服务器的自动部署。具有强大的脚本和配置选项。它还具有其他高级功能,如**支持 HTTP 引导和 iSCSI 引导**,使其成为高级网络引导的首选工具。
简单说,iPXE与原生PXE比较有一下优点:
1、 iPXE启动脚本配置简单方便,可以efi和legacy启动方式共用一个启动菜单脚本,而PXE通常需要维护default和GRUB.cfg两个菜单脚本。
2、iPXE一个启动环境同时支持Linux和Windows系统安装部署,提高系统时适配性。
二、iPXE配置
配置步骤,先参见本人的博文 “Linux& Windows 系统部署环境搭建--PXE专题(一)”大部分配置方法相似,但为了体现专题描述的完整性,以配置的全过程进行说明。
基础环境说明
iPXE服务端: CPU架构是 x86_64
CentOS 8.5 64Bit for x86_64 (选择“带GUI的服务器)
IP地址:192.168.150.100/24,GW 192.168.150.254
yum软件仓库已经正确配置,能够获取到软件包
配置都是在root用户下进行
iPXE客户端: CPU架构是 x86_64
待部署系统CentOS 7.9 (2009) x86_64 和WIndows PE(经改进能部署Windows )
网卡支持PXE/iPXE启动协议
一、安装文件准备
CentOS 7.9
安装的目标系统是CentOS 7.9 (2009) x86_64,安装文件有光盘介质或者ISO镜像文件的方式,选择任一方式都可以,需预先准备好安装光盘或ISO镜像。
1、光盘方式
#新建系统安装源目录
mkdir -p /opt/OSInstaller/LinuxOS/CentOS7.9
chmod -Rf 755 /opt/OSInstaller/LinuxOS/CentOS7.9
#采用系统光盘方式
OSdisk=$(ls /run/media/root/)
/bin/cp -rf "/run/media/root/$OSdisk/." /opt/OSInstaller/LinuxOS/CentOS7.9
2、ISO镜像方式
#新建系统安装源目录
mkdir -p /opt/OSInstaller/LinuxOS/CentOS7.9
chmod -Rf 755 /opt/OSInstaller/LinuxOS/CentOS7.9
#/opt #先将ISO镜像文件已经存放在/opt目录下
mkdir -p /mnt/CentOS7.9tmp #新建ISO文件挂载目录
ISO=$(ls /opt/*.iso)
mount -t iso9660 -o loop,ro "$ISO" /mnt/CentOS7.9tmp
/bin/cp -rf "/mnt/CentOS7.9tmp/." /opt/OSInstaller/LinuxOS/CentOS7.9
umount /mnt/CentOS7.9tmp
rmdir /mnt/CentOS7.9tmp
Windows PE
1、光盘方式
可以简单粗暴的把Windows安装光盘根目录下全选后复制到新建的WinOS\Win10目录下即可
#新建系统安装源目录
mkdir -p /opt/OSInstaller/WinOS/Win11
chmod -Rf 755 /opt/OSInstaller/WinOS/Win11
#采用系统光盘方式
OSdisk=$(ls /run/media/root/)
/bin/cp -rf "/run/media/root/$OSdisk/." /opt/OSInstaller/WinOS/Win11
#WinPE 启动辅助文件(Windows Imaging Format bootloader)
wget https://github.com/ipxe/wimboot/releases/download/v2.8.0/wimboot -O /opt/OSInstaller/WinOS/wimboot_x64
wget https://github.com/ipxe/wimboot/releases/download/v2.8.0/wimboot.arm64 -O /opt/OSInstaller/WinOS/wimboot_arm64
2.ISO镜像方式
#新建系统安装源目录
mkdir -p /opt/OSInstaller/WinOS/Win11
chmod -Rf 755 /opt/OSInstaller/WinOS/Win11
#/opt #先将ISO镜像文件已经存放在/opt目录下
mkdir -p /mnt/Win11tmp #新建ISO文件挂载目录
ISO=$(ls /opt/*.iso)
mount -t udf -o loop,ro "$ISO" /mnt/Win11tmp
/bin/cp -rf "/mnt/Win11tmp/." /opt/OSInstaller/WinOS/Win11
umount /mnt/Win11tmp
rmdir /mnt/Win11tmp
#WinPE 启动辅助文件(Windows Imaging Format bootloader)
wget https://github.com/ipxe/wimboot/releases/download/v2.8.0/wimboot -O /opt/wimboot_x64
wget https://github.com/ipxe/wimboot/releases/download/v2.8.0/wimboot.arm64 -O /opt/wimboot_arm64
2、tftp服务配置
yum -y install tftp-server #安装tftp-server软件包
#yum -y install syslinux #安装syslinux软件包
mkdir -p /var/lib/tftpboot/Legacy
mkdir -p /var/lib/tftpboot/EFI
mkdir -p /var/lib/tftpboot/Boot/CentOS7.9
/bin/cp -fr /opt/OSInstaller/LinuxOS/CentOS7.9/images/pxeboot/{vmlinuz,initrd.img} /var/lib/tftpboot/Boot/CentOS7.9
#下载 iPXE 启动文件
wget https://boot.ipxe.org/ipxe.efi -O /var/lib/tftpboot/EFI/ipxe.efi
wget https://boot.ipxe.org/undionly.kpxe -O /var/lib/tftpboot/Legacy/undionly.kpxe
firewall-cmd --add-service=tftp --permanent
firewall-cmd --reload
systemctl enable tftp.socket #在引导过程中启用tftp服务
systemctl start tftp.socket #启动tftp服务
#systemctl status tftp.socket ##查验tftp.socket服务状态
3、DHCP服务配置
yum -y install dhcp-server #安装dhcp服务
#多网络端口指定dhcp服务端口
#echo "DHCPDARGS=ens160">> /etc/sysconfig/dhcpd
mv -f /etc/dhcp/dhcpd.conf{,.bak} #重命名原配置文件
mv -f /etc/dhcp/dhcpd6.conf{,.bak}
#指定DHCP服务所使用的IP address 或网络接口需要在下面定义,作为参数引入
#例如: local_ip=192.168.150.100 或
#DHCP_iface=ens*** #
local_ip=192.168.150.100 #定义接口IP
echo $local_ip #IP需根据实际情况修改
cat>/etc/dhcp/dhcpd.conf<<EOF
default-lease-time 300; #默认租约时间 ,单位为秒
max-lease-time 7200; #最大租约时间,单位为秒
##authoritative;
ddns-update-style none;
option space pxelinux;
option pxelinux.mtftp-ip code 1 = ip-address;
option pxelinux.mtftp-cport code 2 = unsigned integer 16;
option pxelinux.mtftp-sport code 3 = unsigned integer 16;
option pxelinux.mtftp-tmout code 4 = unsigned integer 8;
option pxelinux.mtftp-delay code 5 = unsigned integer 8;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;
option architecture-type code 93 = unsigned integer 16;
#定义 DHCP 服务器名
server-name "PXEserver";
#定义DNS 服务器
option domain-name "pxe.org";
option domain-name-servers 114.114.114.114;
subnet 192.168.150.0 netmask 255.255.255.0 {
allow booting;
allow bootp;
#网关
option routers 192.168.150.254;
#广播地址
#option boardcase-address 192.168.150.255;
option netbios-name-servers $local_ip;
# 定义分配的网段和掩码
range 192.168.150.51 192.168.150.100; #地址范围
# 定义分配的地址范围
next-server $local_ip;
}
class "pxeclients" { # 指定引导文件名称
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option architecture-type = 00:00 { filename "Legacy/undionly.kpxe"; }
else if option architecture-type = 00:07 { filename "EFI/ipxe.efi";} #x64 uefi
else if option architecture-type = 00:09 { filename "EFI/ipxe.efi";} #x64 uefi
}
EOF
firewall-cmd --add-service=dhcp --permanent
firewall-cmd --reload
systemctl enable dhcpd #在引导过程中启用dhcp 服务
systemctl start dhcpd #启动dhcp服务
#systemctl status dhcpd #查验DHCP 服务状态
4、http协议配置
yum -y install httpd
#复制CentOS 7.9安装文件
mkdir -p /var/www/html/LinuxOS/CentOS7.9
/bin/cp -rf "/opt/OSInstaller/LinuxOS/CentOS7.9/." /var/www/html/LinuxOS/CentOS7.9
mkdir -p /var/www/html/WinOS/Win11
/bin/cp -rf /opt/OSInstaller/WinOS /var/www/html
#配置文件校验 apachectl configtest
semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
restorecon -Rv /var/www/html/
echo "PXE 系统安装环境" > /var/www/html/index.html
firewall-cmd --add-service=http --permanent
firewall-cmd --reload
systemctl enable httpd
systemctl start httpd
#systemctl status httpd
5、NFS配置
yum -y install nfs-utils
mkdir -p opt/OSInstaller/
echo '/opt/OSInstaller 192.168.150.0/24(ro,root_squash,all_squash,async)' >>/etc/exports
exportfs -arv
firewall-cmd --add-service nfs --permanent
firewall-cmd --add-service rpc-bind --permanent
firewall-cmd --reload
systemctl enable nfs-server.service
systemctl start nfs-server.service
#systemctl status nfs-server.service
6、SMB配置
yum -y install samba
/bin/cp -rf /etc/samba/smb.conf /etc/samba/smb.conf.bak
#####以下配置 smb.conf (不包括本行)
cat>/etc/samba/smb.conf<<EOF
[global]
workgroup = workgroup
server string =Samba Server Version %v (%i)
netbios name = myserver
security = user
log file = /var/log/samba/%m.log
log level = 1
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
hide dot files=no
browseable = Yes
server role = standalone server
#bind interfaces only=yes
#interfaces = ens160
# hosts allow = 150.203. EXCEPT 150.203.6.66 #默认值:hosts allow=,参数是以逗号、空格或制表符分隔的一组主机,允许访问服务,如果在 [global] 部分中指定,则它将适用于所有服务,请注意,除非主机拒绝选项明确拒绝,否则将始终允许访问本地主机地址 127.0.0.1
#hosts allow = 192.168.150.0/24
# hosts allow = lapland, arvidsjaur
# hosts deny=150.203.4. badhost.mynet.edu.au #hosts allow - 此处列出的主机不允许访问服务,除非特定服务有自己的列表来覆盖此列表。如果列表发生冲突,则allow 列表优先。
[public]
comment = Public Stuff
path = /opt/samba/public
#map to guest = Bad User
public = yes
guest ok = yes
security = share
guest only = yes
browseable=yes
#restrict anonymous = 0
# writable = yes
# guest account = ftp
[OSDS]
comment = Operating System Deployment Service(OSDS) %S, %D%w%S
# valid users = %S, %D%w%S
read only = yes
#guest ok = yes
#create mask =0777
writable=yes
browseable=yes
# inherit acls = Yes
create mode = 0664 #新建文件的默认权限
directory mode = 0775 #新建目录的默认权限
available=yes
path = /opt/OSInstaller/
# read list= #如果连接用户在此列表中,那么无论只读选项设置为什么,他们都不会被授予写访问权限。
# write list= #如果连接用户在此列表中,那么无论只读选项设置为什么,他们都将获得写访问权限。
EOF
#####以上配置 smb.conf 完成 (不包括本行)
#每更新了smb.conf 需要重启smb服务
smbcontrol all reload-config
systemctl reload smb
systemctl restart smb
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
systemctl enable smb
systemctl start smb
systemctl status smb
#firewall-cmd --permanent --add-service=samba-client
#firewall-cmd –reload
本步骤需一条一条执行,
#默认约定:用户名:Guest ,密码:PWD
groupadd smbgroup
user=Guest
#创建操作系统账户
useradd -M -s /sbin/nologin $user
#设置密码
passwd $user
#添加到Samba数据库,并为账户设置密码
smbpasswd -a $user
#启用Samba账户
smbpasswd -e $user
usermod -g smbgroup $user
5、启动验证
开机选择网络启动,如果看到的启动画面如下所示,表示已经正常的完成了iPXE网络引导,根据报告信息"tftp://192.168.150.100/main.ipxe... NOT found",main.ipxe是在源码编译的时候预留的启动菜单(启动脚本)接口,接下来只要在 /var/lib/tftpboot下准备一个 main.ipxe文件即可完成启动和选择系统安装条目。
5.1、Legacy Bootloader
5.2、UEFI Bootloader
6、启动菜单编辑
vi /var/lib/tftpboot/main.ipxe 把以下下脚本粘贴进去即可。
#!ipxe
## 设置变量,
# Some menu defaults
set menu-timeout 5000
set submenu-timeout 5000
set menu-default winpe
#set boot-url http://${proxydhcp/next-server}
set boot-url http://${dhcp-server}
#note : we are not going to use cpuid/arch for WinPE Boot
iseq ${buildarch} x86_64 && cpuid --ext 29 && set arch x64 || set arch x86
iseq ${buildarch} i386 && set arch x86 && goto isArch ||
iseq ${buildarch} arm && set arch arm && goto isArch ||
iseq ${buildarch} arm64 && set arch arm64 && goto isArch ||
:isArch
##回显变量值
echo cwduri............: ${cwduri}
echo cwuri.............: ${cwuri}
echo platform..........: ${platform}
echo chip .............: ${chip}
echo mac...............: ${mac}
echo ip................: ${ip}
echo netmask...........: ${netmask}
echo gateway...........: ${gateway}
echo dns...............: ${dns}
echo domain............: ${domain}
echo dhcp-server.......: ${dhcp-server}
echo next-server.......: ${next-server}
echo filename..........: ${filename}
echo
echo Script Modify By RealSunny
sleep 1
######## MAIN MENU ###################
:start
menu Operating System Deployer --${platform}--${ip}
item
item winpe Windows PE
item CentOS7.9 CentOS 7.9
item Debian12 Debian12
item --gap -- ------------------------------ Advanced ---------------------------------
item config Configure settings
item shell Enter iPXE shell
item reboot Reboot
item exit Exit (boot local disk)
#默认为 超时50 秒 exit ,可根据需要定义
choose --default ${menu-default} --timeout 5000 target && set base ${boot-url}/LinuxOS/${target} || goto cancel
goto ${target}
########## UTILITY ITEMS ####################
:shell
echo Type exit to get the back to the menu
shell
goto start
:failed
echo Booting failed, dropping to shell
goto shell
:reboot
reboot
:exit
exit
:cancel
echo You cancelled the menu, dropping you to a shell
:config
config
goto start
:back
clear submenu-default
goto start
###
### Custom menu entries
###
################################# WinPE MENU
:winpe
echo ${platform}_${arch}
#引导文件特别需要关注于大小,切记
#Windows启动文件直接使用http下的文件,不在tftp下
set WinBooturl ${boot-url}/WinOS/Win11 #若需适配启动文件记路径,只要修改本条即可,下面通常不需改动
### menu Boot WinPE
### echo ${buildarch}
#cpuid --ext 29 && set arch x64 || set arch x86
goto ${platform}_winpe || goto start
#for Legacy Bootloader Install windows
:pcbios_winpe
kernel ${boot-url}/WinOS/wimboot_${arch} gui
initrd ${WinBooturl}/bootmgr bootmgr
initrd ${WinBooturl}/boot/boot.sdi boot.sdi
initrd ${WinBooturl}/boot/bcd BCD
initrd ${WinBooturl}/sources/boot.wim boot.wim
boot || goto failed
goto start
#for EFI Bootloader Install windows
:efi_winpe
kernel ${boot-url}/WinOS/wimboot_${arch} gui
initrd ${WinBooturl}/boot/boot.sdi boot.sdi
initrd ${WinBooturl}/efi/microsoft/boot/bcd BCD
initrd ${WinBooturl}/sources/boot.wim boot.wim
iseq ${arch} x86 && initrd ${WinBooturl}/EFI/boot/bootia32.efi bootia32.efi ||
iseq ${arch} x64 && initrd ${WinBooturl}/EFI/boot/bootx64.efi bootx64.efi ||
iseq ${arch} arm && initrd ${WinBooturl}/EFI/boot/bootaarm.efi bootaarm64.efi ||
iseq ${arch} arm64 && initrd ${WinBooturl}/EFI/boot/bootaarm64.efi bootaarm64.efi ||
boot || goto failed
clear target
goto start
################################# CentOS Linux
:CentOS7.9
kernel /Boot/${target}/vmlinuz inst.repo=${base} inst.stage2=${base} inst.ks=${base}/${target}-ks.cfg ip=dhcp nomodeset
initrd /Boot/${target}/initrd.img
boot || goto failed
clear target
goto start
:Debian12
set dist-root ${nfs-linux-live}/debian10
kernel ${dist-root}/vmlinuz-4.19.0-13-amd64
initrd ${dist-root}/initrd.img-4.19.0-13-amd64
imgargs vmlinuz-4.19.0-13-amd64 initrd=initrd.img-4.19.0-13-amd64 nfsroot=${nfs-linux-boot}/debian10 netboot=nfs boot=l$boot
goto start
boot || goto failed
clear target
goto start
wpeutil InitializeNetwork
net use * \\192.168.150.100\OSDS /user:Guest PWD
setup /installfrom:z:\WinOS\Win11\Sources\Install.wim /showoobe none /imageindex:1 /unattend:un.xml /installdrivers d:\drv /noreboot /postoobe none