自动化装机系统

什么是PXE

  1. PXE,全名Pre-boot Execution Environment,预启动执行环境

  2. 通过网络接口启动计算机,不依赖本地存储设备或本地已安装的操作系统

  3. 由intel和systemsoft公司于1999年9月20日公布的技术

  4. client/server的工作模式

  5. PXE客户端会调用网际协议(ip),用户数据报协议(udp),动态主机设定协议(dhcp),小型文件传输协议(TFTP)等网络协议

  6.PXE客户端(client)这个术语是指机器在PXE启动过程中的角色。一个PXE客户端可以是一台服务器,笔记本电脑或者其他装有PXE启动代码的机器  

PXE的工作流程

自动化装机系统

 

 自动化装机系统

 

 环境准备

1.安装基础软件,如果是最小化安装的话
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate 

2.配置yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache

3.关闭防火墙
[root@kickstart yum.repos.d]# systemctl stop firewalld
[root@kickstart yum.repos.d]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

[root@client01 ~]# sed -i  's/enforcing/disabled/g' /etc/selinux/config 
[root@kickstart ~]# getenforce 
Disabled

4.关闭vmware的dhcp服务,设置linux静态ip
[root@kickstart ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="b4c06569-fc94-4e94-9c63-0391c7a35432"
DEVICE="ens33"
ONBOOT="yes"
IPADDR=172.18.41.133
NETMASK=255.255.255.0
DNS1=1.2.4.8
GATEWAY=172.18.41.2

5.系统检查
[root@kickstart ~]#  cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core) 

[root@kickstart ~]# uname -r
3.10.0-862.el7.x86_64

[root@kickstart ~]# ifconfig  ens33 |awk  'NR==2 {print $2}'
172.18.41.133

[root@kickstart ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

6.时间同步更新
[root@kickstart ~]# ntpdate -u ntp.aliyun.com
修改时区
[root@kickstart ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 
[root@kickstart ~]# date
Tue Jul 21 19:05:06 CST 2020

  

DHCP报文

DHCP协议中的报文

DHCP报文共有一下几种:

DHCP DISCOVER :客户端开始DHCP过程发送的包,是DHCP协议的开始

DHCP OFFER :服务器接收到DHCP DISCOVER之后做出的响应,它包括了给予客户端的IP(yiaddr)、客户端的MAC地址、租约过期时间、服务器的识别符以及其他信息

DHCP REQUEST :客户端对于服务器发出的DHCP OFFER所做出的响应。在续约租期的时候同样会使用。

DHCP ACK :服务器在接收到客户端发来的DHCP REQUEST之后发出的成功确认的报文。在建立连接的时候,客户端在接收到这个报文之后才会确认分配给它的IP和其他信息可以被允许使用。

DHCP NAK :DHCP ACK的相反的报文,表示服务器拒绝了客户端的请求。

DHCP RELEASE :一般出现在客户端关机、下线等状况。这个报文将会使DHCP服务器释放发出此报文的客户端的IP地址

DHCP INFORM :客户端发出的向服务器请求一些信息的报文

DHCP DECLINE :当客户端发现服务器分配的IP地址无法使用(如IP地址冲突时),将发出此报文,通知服务器禁止使用该IP地址。

DHCP作用域

作用域是指DHCP服务器可分配租用给DHCP客户机的IP地址范围。DHCP服务器应该至少配置一个作用域,各作用域的IP地址范围(IP地址池)不能出现重叠。

保留IP

保留IP用于有特定服务的客户机,需要将保留的IP与客户机的MAC地址绑定。

IP租约的跟新

当客户机重新启动或租期达50%时,就需要重新更新租约,客户机直接向提供租约的服务器发送请求DHCPREQUEST消息,要求更新现有的地址租约。如果DHCP服务器接收到请求,它将发送DHCP确认信息给客户机,更新客户机租约。如果客户机无法与提供租约的服务器取得联系,则客户机一直等到租期到达87.5%时,进入到一种重新申请的状态,它向网络上所有的服务器广播DHCPDISCOVER请求更新现有的IP租约。

IP租约的释放

使用ipconfig/release使DHCP客户机向DHCP服务器发送DHCPRELEASE消息并释放其租约。

如果客户机在租约时间内保持关闭并且不更新租约,在租约到期后DHCP服务器可能将客户机的IP地址分配给其他的客户机。如果客户机不发送DHCPRELEASE消息,那么它在重启后,将试图尝试继续使用上一次使用过的IP地址。

部署DHCP服务器

  

# 机器1 dhcp服务端
[root@kickstart ~]# ifconfig  ens33 |awk  'NR==2 {print $2}'
172.18.41.133

[root@kickstart ~]# hostname
kickstart

[root@kickstart ~]# yum install dhcp -y
# 查询软件包信息
[root@kickstart ~]# rpm -qa dhcp
dhcp-4.2.5-79.el7.centos.x86_64


# 查看dhcp配置文件
[root@kickstart ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#



# 查看DHCP示例配置文件
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option定义选项
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;         #默认租约时间单位秒
max-lease-time 7200;            #最大租约时间单位秒

# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.

subnet 10.152.187.0 netmask 255.255.255.0 {       #定义子网
}

# This is a very basic subnet declaration.

subnet 10.254.239.0 netmask 255.255.255.224 {
  range 10.254.239.10 10.254.239.20;              #指定IP地址池
  # # 定义其他参数,如 dns,gateway
  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;  
}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

subnet 10.254.239.32 netmask 255.255.255.224 {
  range dynamic-bootp 10.254.239.40 10.254.239.60;
  option broadcast-address 10.254.239.31;
  option routers rtr-239-32-1.example.org;
}

# A slightly different configuration for an internal subnet.
# 选项可以写在子网内,优先级更高,全局优先级低
subnet 10.5.5.0 netmask 255.255.255.224 {
  range 10.5.5.26 10.5.5.30;
  option domain-name-servers ns1.internal.example.org;      #DNS服务器,最多三个
  option domain-name "internal.example.org";                #可选 设置默认搜索域
  option routers 10.5.5.1;                                  #网关
  option broadcast-address 10.5.5.31;                       #可选 备选广播地址
  default-lease-time 600;
  max-lease-time 7200;
}

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

# host 用于区别不同的主机名
host passacaglia {                                
  hardware ethernet 0:0:c0:5d:bd:95;              
  filename "vmunix.passacaglia";
  server-name "toccata.fugue.com";
}

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
# host 用于区别不同的主机名,例如针对该MAC地址,设置固定IP,主机名
host fantasia {                                 #主机
  hardware ethernet 08:00:07:26:c0:a5;          #指定文件服务器MAC地址
  fixed-address fantasia.fugue.com;             #指定固定IP地址
}

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

class "foo" {
  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}

shared-network 224-29 {
  subnet 10.17.224.0 netmask 255.255.255.0 {
    option routers rtr-224.example.org;
  }
  subnet 10.0.29.0 netmask 255.255.255.0 {
    option routers rtr-29.example.org;
  }
  pool {
    allow members of "foo";
    range 10.17.224.10 10.17.224.250;
  }
  pool {
    deny members of "foo";
    range 10.0.29.10 10.0.29.230;
  }
}

  自动化装机系统

 

 编写DHCP配置文件

[root@kickstart ~]# cat /etc/dhcp/dhcpd.conf 
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#

subnet 172.18.41.0 netmask 255.255.255.0 {    
range 172.18.41.100 172.18.41.199;                # range设置起始,结束ip范围
option subnet-mask 255.255.255.0;                # 选项,设置掩码
option routers 172.18.41.2;                        # dhcp服务的网关设置,这里不写,客户端则无法上网
option domain-name-servers 1.2.4.8;               # 保证dhcp客户端可以域名解析
default-lease-time 21600;                        # 默认的IP租用期限
max-lease-time 43200;                                # 最大的IP租用期限
next-server 172.18.41.133;                        # 告知客户端tftp服务器的ip
filename "/pxelinux.0";                            # 指明引导文件,用于指定PXE的运行程序文件,放在TFTP服务器的目录下
}

  【配置文件解释】

filename:指明引导文件名称,用于指定PXE的运行程序文件,一般是在TFTP服务器的工作目录下,这个是关于PXE启动的配置。流程如下:

        客户机通过网络启动,一般采用的就是intel的PXE来启动;

        PXE首先指定DHCP,获取自身IP地址、TFTP服务器或者NFS服务器的IP地址、PXE程序等内容;

        执行获取的PXE程序,获得详细配置内容,再获取linux虚拟系统和intrid等内容;

        最后加载整个linux系统到内核。

next-server server-name(一般是IP):客户端启动后,获得了IP地址,会加载引导文件,这里就定义提供引导文件的服务器IP地址

  【启动DHCP服务,检查日志】

[root@kickstart ~]# systemctl start dhcpd
[root@kickstart ~]# systemctl is-enabled dhcpd
disabled
[root@kickstart ~]# systemctl is-active  dhcpd
active


# 部分日志如下
[root@kickstart ~]# tail -f /var/log/messages 
Jul 21 06:23:06 kickstart systemd: Starting DHCPv4 Server Daemon...
Jul 21 06:23:06 kickstart dhcpd: Internet Systems Consortium DHCP Server 4.2.5
Jul 21 06:23:06 kickstart dhcpd: Copyright 2004-2013 Internet Systems Consortium.
Jul 21 06:23:06 kickstart dhcpd: All rights reserved.
Jul 21 06:23:06 kickstart dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Jul 21 06:23:06 kickstart dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Jul 21 06:23:06 kickstart dhcpd: Wrote 0 leases to leases file.
Jul 21 06:23:06 kickstart dhcpd: Listening on LPF/ens33/00:0c:29:e9:ed:77/172.18.41.0/24
Jul 21 06:23:06 kickstart dhcpd: Sending on   LPF/ens33/00:0c:29:e9:ed:77/172.18.41.0/24
Jul 21 06:23:06 kickstart dhcpd: Sending on   Socket/fallback/fallback-net
Jul 21 06:23:06 kickstart systemd: Started DHCPv4 Server Daemon.

  

PXE和TFTP

自动化装机系统

 

TFTP服务器

上一篇:Linux中的无人职守安装脚本kickstart


下一篇:shell脚本一键桌面化装机(pxe配合kickstart无人值守)