PXE+kickstart部署系统

PXE(preboot execute environment，预启动执行环境)是由Intel公司开发的最新技术，工作于Client/Server的网络模式，支持工作站通过网络从远端服务器下载映像，并由此支持通过网络启动操作系统，在启动过程中，终端要求服务器分配IP地址，再用TFTP（trivial file transfer protocol）或MTFTP(multicast trivial file transfer protocol)协议下载一个启动软件包到本机内存中执行，由这个启动软件包完成终端（客户端）基本软件设置，从而引导预先安装在服务器中的终端操作系统。

简单来说PXE是可以基于网络功能来为一个没有操作系统的客户端来安装系统，它所依赖的服务有dhcp，tftp，fileserver以及kickstart。

DHCP服务器

动态主机设置协议（英语：Dynamic Host Configuration Protocol，DHCP）是一个局域网的网络协议，使用UDP协议工作，主要有两个用途：用于内部网或网络服务供应商自动分配IP地址；给用户用于内部网管理员作为对所有计算机作中央管理的手段。

DHCP工作原理：

• 客户端使用mac地址向DHCP服务器发送广播，请求DHCP服务器分配地址

• DHCP服务器在收到请求之后，最先拿到请求的那台DHCP服务器会向客户端发送一个offer报文，其中包含客户端能够使用的地址。当然其他DHCP服务器上的offer也会陆续到达。

• 但是客户端只能处理一个offer，所以它就向最先得到请求的DHCP服务发送响应报文。这时候客户端还没有真正得到地址，只是将带有ip地址的结果回复给服务器。所以客户端以广播的形式再次发送给所有DHCP服务器，DHCP服务器根据客户端发来的报文进行比对，如果一样，就给客户端地址响应，如果不一样，直接丢弃

• DHCP服务器向客户端发送一个ACK报文

• 客户端拿到地址。如果地址可用，就会加入到租约池中。到期自动释放地址。如果地址不可用，将给DCP服务器发送DHCP Decline报文，通知DHCP Server禁用这个IP地址，然后DHCP Client开始新的地址申请过程。

• 在租期到50%的时候，客户端会以单播的形式向DHCP发送request报文来续租地址，如果客户端成功收到DHCP的ACK报文，则续约成功。如果没有续约成功就继续使用当前这个地址。

• 在使用租期到87.5%的时候，客户端会以广播的形式向DHCP服务器发送REQUEST报文，如果收到DHCP的ACK报文，则续约成功，如果没有就继续使用，直到ip地址到期，客户端向DCHP服务器发送release报文来释放这个地址，并开始申请新的ip地址

DHCP的实现

两种服务：

• DHCP
• dnsmaq

DHCP服务

• 服务器：dhcp-server 监听在67/udp
• 客户端：dhcpclient 监听在68/udp

DHCP服务器

安装DHCP服务器

[root@localhost ~]# yum install -y dhcp

配置文件

[root@localhost ~]# rpm -ql dhcp
/etc/dhcp/dhcpd.conf
/usr/lib/systemd/system/dhcpd.service
/usr/lib/systemd/system/dhcrelay.service
....

dhcpd.conf是没有内容的，需要将示例拷贝过来使用

[root@localhost ~]# cat /etc/dhcp/dhcpd.conf 
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#


[root@localhost ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf 
cp：是否覆盖"/etc/dhcp/dhcpd.conf"？ y

[root@localhost dhcp]# vim dhcpd.conf 

  1 # dhcpd.conf
  2 #
  3 # Sample configuration file for ISC dhcpd
  4 #
  5 
  6 # option definitions common to all supported networks...
  7 option domain-name "example.org";   # 搜索域。比如说你只www，你在这边定义了一个，它会自动给你不全后面的example.org
  8 option domain-name-servers ns1.example.org, ns2.example.org;#DNS服务器
  9 
 10 default-lease-time 600;  #默认租期
 11 max-lease-time 7200;    #最大租期
 12 
 13 # Use this to enble / disable dynamic dns updates globally.
 14 #ddns-update-style none;
 15 
 16 # If this DHCP server is the official DHCP server for the local
 17 # network, the authoritative directive should be uncommented.
 18 #authoritative;
 19 
 20 # Use this to send dhcp log messages to a different log file (you also
 21 # have to hack syslog.conf to complete the redirection).
 22 log-facility local7;
 23 
 24 # No service will be given on this subnet, but declaring it helps the 
 25 # DHCP server to understand the network topology.
 26 
 27 subnet 10.152.187.0 netmask 255.255.255.0 {#这个只是个示例，不用填写，只给你一个参考
 28 }
 29 
 30 # This is a very basic subnet declaration.  这是一个基本的子网生命
 31 
 32 subnet 10.254.239.0 netmask 255.255.255.224 {
 33   range 10.254.239.10 10.254.239.20;  #起始的网址
 34   option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;  #指明一些选项
 35 }
 36 
 37 # This declaration allows BOOTP clients to get dynamic addresses,
 38 # which we don't really recommend.
 39 
 40 subnet 10.254.239.32 netmask 255.255.255.224 {
 41   range dynamic-bootp 10.254.239.40 10.254.239.60;
 42   option broadcast-address 10.254.239.31;
 43   option routers rtr-239-32-1.example.org;
 44 }
 45 
 46 # A slightly different configuration for an internal subnet.
 47 subnet 10.5.5.0 netmask 255.255.255.224 {  #一些选项的参考
 48   range 10.5.5.26 10.5.5.30;
 49   option domain-name-servers ns1.internal.example.org;
 50   option domain-name "internal.example.org";
 51   option routers 10.5.5.1;
 52   option broadcast-address 10.5.5.31;
 53   default-lease-time 600;
 54   max-lease-time 7200;
 55 }
 56 
 57 # Hosts which require special configuration options can be listed in
 58 # host statements.   If no address is specified, the address will be
 59 # allocated dynamically (if possible), but the host-specific information
 60 # will still come from the host declaration.
 61 
 62 host passacaglia {
 63   hardware ethernet 0:0:c0:5d:bd:95;
 64   filename "vmunix.passacaglia"; #指明主机的引导文件，相当于bootloader，一会儿pxe会用到
 65   server-name "toccata.fugue.com"; #指明引导文件的ip地址。
 66 }
 67 
 68 # Fixed IP addresses can also be specified for hosts.   These addresses
 69 # should not also be listed as being available for dynamic assignment.
 70 # Hosts for which fixed IP addresses have been specified can boot using
 71 # BOOTP or DHCP.   Hosts for which no fixed address is specified can only
 72 # be booted with DHCP, unless there is an address range on the subnet
 73 # to which a BOOTP client is connected which has the dynamic-bootp flag
 74 # set.
 75 host fantasia {   # 为特定的主机绑定地址 
 76   hardware ethernet 08:00:07:26:c0:a5;  #主机的mac地址
 77   fixed-address fantasia.fugue.com;    #分配的ip地址
 78 }
 79 
 80 # You can declare a class of clients and then do address allocation
 81 # based on that.   The example below shows a case where all clients
 82 # in a certain class get addresses on the 10.17.224/24 subnet, and all
 83 # other clients get addresses on the 10.0.29/24 subnet.
 84 
 85 class "foo" {
 86   match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
 87 }
 88 
 89 shared-network 224-29 {
 90   subnet 10.17.224.0 netmask 255.255.255.0 {
 91     option routers rtr-224.example.org;
 92   }
 93   subnet 10.0.29.0 netmask 255.255.255.0 {
 94     option routers rtr-29.example.org;
 95   }
 96   pool {
 97     allow members of "foo";
 98     range 10.17.224.10 10.17.224.250;
 99   }
100   pool {
101     deny members of "foo";
102     range 10.0.29.10 10.0.29.230;
103   }
104 }

示例

1）服务器端


2）查看服务器端绑定的地址

3）查看客户端获取情况

4）使用dhclient查看

PXE安装

PXE原理

• client向PXE server上的DHCP服务器发送ip地址请求信息，DHCP检测client是否合法（主要是检测client的网卡地址），如果合法就返回client的ip地址，同时将启动文件pxelinux.0的位置消息一并传给client
• client向PXE server上的TFTP服务器发送获取pelinux.0的请求消息，TFTP接收到请求之后在向client发送pelinux.0的大小信息，试探client是否满意，当TFTP收到client返回的同意消息之后，向client发送pxelinux.0
• client接受到pxelinux.0
• client向TFTP server发送针对本机的配置信息文件(在FTP服务器的pxelinux.cfg目录下)，TFTP将配置文件发回client，继而client根据配置文件执行后继续操作。
• client向TFTP发送linux内核请求信息，TFTP收到消息后将内核文件发送给client
• client向TFTP发送根文件请求信息，TFTP收到消息后将根文件发送给client
• client启动内核文件
• client下载安装源文件，读取自动化安装脚本

centos7

需要准备的前期工作：

• 服务：tftp-server,httpd,dhcp
• 关闭iptables，selinux

1）检查iptables和selinux

[root@localhost ~]# iptables -vnL
Chain INPUT (policy ACCEPT 2295 packets, 6442K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 2085 packets, 153K bytes)
 pkts bytes target     prot opt in     out     source               destination


[root@localhost ~]# getenforce
Disabled

2）安装tftp-server httpd dhcp

[root@localhost ~]# yum install -y httpd tftp-server dhcp

3)测试tftp-server是否能连接

[root@centos6 ~]# tftp 192.168.199.123
tftp> get fs111
tftp> exit
?Invalid command
tftp> quit
[root@centos6 ~]# ls
anaconda-ks.cfg  f1  fs111  install.log  install.log.syslog

4)挂载光盘到httpd服务里

[root@centos7 ~]# mkdir /var/www/html/centos/7 -pv
mkdir: 已创建目录 "/var/www/html/centos"
mkdir: 已创建目录 "/var/www/html/centos/7"
[root@centos7 ~]# mount /dev/sr0 /var/www/html/centos/7
mount: /dev/sr0 写保护，将以只读方式挂载

5）创建ks文件，放到httpd服务下

[root@centos7 ~]# ls /var/www/html
centos  ks7.cfg

#测试下是否可访问

6)准备DHCP服务器

[root@localhost ~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf 

[root@localhost dhcp]# cat dhcpd.conf
This is a very basic subnet declaration.
subnet 192.168.30.0 netmask 255.255.255.0 {
  	range 192.168.30.10 192.168.30.20;
  	option routers 192.168.30.1;
  	filename "pxelinux.0";
   next-server 192.168.30.2;#地址一定要写成同网段的，要不然没法连
	option domain-name-servers 1.1.1.1,114.114.114.114;
	option domain-name "ydong.com";
	default-lease-time 600;
	max-lease-time 7200; 
}
#只修改了此处

7. 安装syslinux包为获取pxelinux.0文件

[root@localhost tftpboot]# yum install -y syslinux

8）将pxeliinux.0(相当于bootloader) 和menu.c32(菜单背景） 到tftp的默认/var/lib/tftpboot目录下

[root@localhost tftpboot]# cp /usr/share/syslinux/{menu.c32,pxelinux.0} ./
[root@localhost tftpboot]# ls
menu.c32  pxelinux.0

9)复制光盘里的内核vmlinuz和initrd文件initrd.image到tftpboot目录下

[root@localhost tftpboot]# cp /var/www/html/centos7/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/
[root@localhost tftpboot]# ls
initrd.img  menu.c32  pxelinux.0  vmlinuz

10)复制光盘里的isolinux.cfg（菜单选项）到tftpboot目录下的pxelinux.cfg文件夹里。并且改名为default

[root@localhost tftpboot]# mkdir pxelinux.cfg
[root@localhost tftpboot]# ls
initrd.img  menu.c32  pxelinux.0  pxelinux.cfg  vmlinuz

[root@localhost tftpboot]# cp /var/www/html/centos7/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
[root@localhost tftpboot]# ls pxelinux.cfg
default

11)准备centos7的启动菜单

[root@localhost isolinux]# cp vesamenu.c32 splash.png /var/lib/tftpboot/
[root@localhost tftpboot]# cat pxelinux.cfg/default 
default vesamenu.c32   #由于menu.c32太丑了，我又重新复制了vesamenu.c32背景做菜单选项。
timeout 600

display boot.msg

# Clear the screen when exiting the menu, instead of leaving the menu displayed.
# For vesamenu, this means the graphical background is still displayed without
# the menu itself for as long as the screen remains in graphics mode.
menu clear
menu background splash.png
menu title CentOS 7
menu vshift 8
menu rows 18
menu margin 8
#menu hidden
menu helpmsgrow 15
menu tabmsgrow 13

# Border Area
menu color border * #00000000 #00000000 none

# Selected item
menu color sel 0 #ffffffff #00000000 none

# Title bar
menu color title 0 #ff7ba3d0 #00000000 none

# Press [Tab] message
menu color tabmsg 0 #ff3a6496 #00000000 none

# Unselected menu item
menu color unsel 0 #84b8ffff #00000000 none

# Selected hotkey
menu color hotsel 0 #84b8ffff #00000000 none

# Unselected hotkey
menu color hotkey 0 #ffffffff #00000000 none

# Help text
menu color help 0 #ffffffff #00000000 none

# A scrollbar of some type? Not sure.
menu color scrollbar 0 #ffffffff #ff355594 none

# Timeout msg
menu color timeout 0 #ffffffff #00000000 none
menu color timeout_msg 0 #ffffffff #00000000 none

# Command prompt text
menu color cmdmark 0 #84b8ffff #00000000 none
menu color cmdline 0 #ffffffff #00000000 none

# Do not display the actual menu unless the user presses a key. All that is displayed is a timeout message.

menu tabmsg Press Tab for full configuration options on menu items.

menu separator # insert an empty line
menu separator # insert an empty line

label linux
  menu label ^Install CentOS 7
  kernel vmlinuz
  append initrd=initrd.img ks=http://192.168.30.2/ks7.cfg quiet   #这边应该写跟dhcp同网段的地址。



label local
  menu label Boot from ^local drive
  localboot 0xffff

menu separator # insert an empty line
menu separator # insert an empty line

label returntomain
  menu label Return to ^main menu
  menu exit

menu end

12）测试

安装期间出了错误，都是将地址写成了接外网的网卡地址，如果使用pxe安装的话，一定都要基于本地的方式连接。

centos6

centos6和centos7差不多，只是命令上的区别而已。为了不让centos7上的DHCP影响，关闭7的dhcp服务。

添加网卡之后centos6报错：

使用ip a命令查看eth1的mac地址，然后添加到对应的配置文件中即可

1）安装服务

[root@centos6 ~]# yum install -y httpd tftp-server dhcp

2)测试tftp-server能否使用

3）将光盘文件挂载至httpd服务目录下

[root@centos6 html]# cat /etc/fstab 
/dev/sr0		/var/www/html/centos6	iso9660	defaults 	0 0

[root@centos6 html]# mount -a
mount: block device /dev/sr0 is write-protected, mounting read-only

4）制作两个ks文件

[root@centos6 html]# ls /var/www/html
centos6  ks6_desktop.cfg  ks6_mini.cfg

5)配置dhcp服务器

[root@centos6 ~]# service dhcpd start
正在启动 dhcpd：                                           [确定]

32 subnet 192.168.30.0 netmask 255.255.255.0 {
 33         range 192.168.30.10 192.168.30.20;
 34         option routers 192.168.30.1;
 35         filename "pxelinux.0";
 36         next-server 192.168.30.2;
 37         option domain-name-servers 114.114.114.114;
 38         option domain-name "ydong.com";
 39         default-lease-time 600;
 40         max-lease-time 7200;
 41 }

6）复制所需的文件到tftpboot目录下

1)
[root@centos6 ~]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@centos6 tftpboot]# ls /var/lib/tftpboot/
pxelinux.cfg

2)
[root@centos6 tftpboot]# cp /usr/share/syslinux/{pxelinux.0,vesamenu.c32} /var/lib/tftpboot/
[root@centos6 tftpboot]# ls
pxelinux.0  pxelinux.cfg  vesamenu.c32

3）
[root@centos6 tftpboot]# cp /var/www/html/centos6/isolinux/{boot.msg,initrd.img,vmlinuz} /var/lib/tftpboot/
[root@centos6 tftpboot]# ls
boot.msg  initrd.img  pxelinux.0  pxelinux.cfg  vesamenu.c32  vmlinuz
[root@centos6 tftpboot]# cp /var/www/html/centos6/isolinux/splash.jpg /var/lib/tftpboot/
#因为在isolinux.cfg文件中调用了这个图片，所以还得复制图片

4）
[root@centos6 tftpboot]# cp /var/www/html/centos6/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
[root@centos6 tftpboot]# cat /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
#prompt 1
timeout 600

display boot.msg

menu background splash.jpg
menu title Welcome to CentOS 6.9!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000

label  PXE_mini linux
  menu label Instal ^mini system
  menu default
  kernel vmlinuz
  append initrd=initrd.img ks=http://192.168.30.2/ks6_mini.cfg
label PXE_desktop linux
  menu label install ^desktop system
  kernel vmlinuz
  append initrd=initrd.img ks=http://192.168.39.2/ks6_desktop.cfg
label local
  menu label Boot from ^local drive
  localboot 0xffff

7）测试