什么是PXE
1. PXE,全名Pre-boot Execution Environment,预启动执行环境
2. 通过网络接口启动计算机,不依赖本地存储设备或本地已安装的操作系统
3. 由intel和systemsoft公司于1999年9月20日公布的技术
4. client/server的工作模式
5. PXE客户端会调用网际协议(ip),用户数据报协议(udp),动态主机设定协议(dhcp),小型文件传输协议(TFTP)等网络协议
6.PXE客户端(client)这个术语是指机器在PXE启动过程中的角色。一个PXE客户端可以是一台服务器,笔记本电脑或者其他装有PXE启动代码的机器
PXE的工作流程
,
环境准备
1.安装基础软件,如果是最小化安装的话 yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate 2.配置yum源 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo yum clean all yum makecache 3.关闭防火墙 [root@kickstart yum.repos.d]# systemctl stop firewalld [root@kickstart yum.repos.d]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@client01 ~]# sed -i 's/enforcing/disabled/g' /etc/selinux/config [root@kickstart ~]# getenforce Disabled 4.关闭vmware的dhcp服务,设置linux静态ip [root@kickstart ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="ens33" UUID="b4c06569-fc94-4e94-9c63-0391c7a35432" DEVICE="ens33" ONBOOT="yes" IPADDR=172.18.41.133 NETMASK=255.255.255.0 DNS1=1.2.4.8 GATEWAY=172.18.41.2 5.系统检查 [root@kickstart ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) [root@kickstart ~]# uname -r 3.10.0-862.el7.x86_64 [root@kickstart ~]# ifconfig ens33 |awk 'NR==2 {print $2}' 172.18.41.133 [root@kickstart ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 6.时间同步更新 [root@kickstart ~]# ntpdate -u ntp.aliyun.com 修改时区 [root@kickstart ~]# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime [root@kickstart ~]# date Tue Jul 21 19:05:06 CST 2020
DHCP报文
DHCP协议中的报文 DHCP报文共有一下几种: DHCP DISCOVER :客户端开始DHCP过程发送的包,是DHCP协议的开始 DHCP OFFER :服务器接收到DHCP DISCOVER之后做出的响应,它包括了给予客户端的IP(yiaddr)、客户端的MAC地址、租约过期时间、服务器的识别符以及其他信息 DHCP REQUEST :客户端对于服务器发出的DHCP OFFER所做出的响应。在续约租期的时候同样会使用。 DHCP ACK :服务器在接收到客户端发来的DHCP REQUEST之后发出的成功确认的报文。在建立连接的时候,客户端在接收到这个报文之后才会确认分配给它的IP和其他信息可以被允许使用。 DHCP NAK :DHCP ACK的相反的报文,表示服务器拒绝了客户端的请求。 DHCP RELEASE :一般出现在客户端关机、下线等状况。这个报文将会使DHCP服务器释放发出此报文的客户端的IP地址 DHCP INFORM :客户端发出的向服务器请求一些信息的报文 DHCP DECLINE :当客户端发现服务器分配的IP地址无法使用(如IP地址冲突时),将发出此报文,通知服务器禁止使用该IP地址。
DHCP作用域
作用域是指DHCP服务器可分配租用给DHCP客户机的IP地址范围。DHCP服务器应该至少配置一个作用域,各作用域的IP地址范围(IP地址池)不能出现重叠。
保留IP
保留IP用于有特定服务的客户机,需要将保留的IP与客户机的MAC地址绑定。
IP租约的跟新
当客户机重新启动或租期达50%时,就需要重新更新租约,客户机直接向提供租约的服务器发送请求DHCPREQUEST消息,要求更新现有的地址租约。如果DHCP服务器接收到请求,它将发送DHCP确认信息给客户机,更新客户机租约。如果客户机无法与提供租约的服务器取得联系,则客户机一直等到租期到达87.5%时,进入到一种重新申请的状态,它向网络上所有的服务器广播DHCPDISCOVER请求更新现有的IP租约。
IP租约的释放
使用ipconfig/release使DHCP客户机向DHCP服务器发送DHCPRELEASE消息并释放其租约。
如果客户机在租约时间内保持关闭并且不更新租约,在租约到期后DHCP服务器可能将客户机的IP地址分配给其他的客户机。如果客户机不发送DHCPRELEASE消息,那么它在重启后,将试图尝试继续使用上一次使用过的IP地址。
部署DHCP服务器
# 机器1 dhcp服务端 [root@kickstart ~]# ifconfig ens33 |awk 'NR==2 {print $2}' 172.18.41.133 [root@kickstart ~]# hostname kickstart [root@kickstart ~]# yum install dhcp -y # 查询软件包信息 [root@kickstart ~]# rpm -qa dhcp dhcp-4.2.5-79.el7.centos.x86_64 # 查看dhcp配置文件 [root@kickstart ~]# cat /etc/dhcp/dhcpd.conf # # DHCP Server Configuration file. # see /usr/share/doc/dhcp*/dhcpd.conf.example # see dhcpd.conf(5) man page # # 查看DHCP示例配置文件 # # DHCP Server Configuration file. # see /usr/share/doc/dhcp*/dhcpd.conf.example # see dhcpd.conf(5) man page # # dhcpd.conf # # Sample configuration file for ISC dhcpd # # option定义选项 # option definitions common to all supported networks... option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; default-lease-time 600; #默认租约时间单位秒 max-lease-time 7200; #最大租约时间单位秒 # Use this to enble / disable dynamic dns updates globally. #ddns-update-style none; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. #authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. subnet 10.152.187.0 netmask 255.255.255.0 { #定义子网 } # This is a very basic subnet declaration. subnet 10.254.239.0 netmask 255.255.255.224 { range 10.254.239.10 10.254.239.20; #指定IP地址池 # # 定义其他参数,如 dns,gateway option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; } # This declaration allows BOOTP clients to get dynamic addresses, # which we don't really recommend. subnet 10.254.239.32 netmask 255.255.255.224 { range dynamic-bootp 10.254.239.40 10.254.239.60; option broadcast-address 10.254.239.31; option routers rtr-239-32-1.example.org; } # A slightly different configuration for an internal subnet. # 选项可以写在子网内,优先级更高,全局优先级低 subnet 10.5.5.0 netmask 255.255.255.224 { range 10.5.5.26 10.5.5.30; option domain-name-servers ns1.internal.example.org; #DNS服务器,最多三个 option domain-name "internal.example.org"; #可选 设置默认搜索域 option routers 10.5.5.1; #网关 option broadcast-address 10.5.5.31; #可选 备选广播地址 default-lease-time 600; max-lease-time 7200; } # Hosts which require special configuration options can be listed in # host statements. If no address is specified, the address will be # allocated dynamically (if possible), but the host-specific information # will still come from the host declaration. # host 用于区别不同的主机名 host passacaglia { hardware ethernet 0:0:c0:5d:bd:95; filename "vmunix.passacaglia"; server-name "toccata.fugue.com"; } # Fixed IP addresses can also be specified for hosts. These addresses # should not also be listed as being available for dynamic assignment. # Hosts for which fixed IP addresses have been specified can boot using # BOOTP or DHCP. Hosts for which no fixed address is specified can only # be booted with DHCP, unless there is an address range on the subnet # to which a BOOTP client is connected which has the dynamic-bootp flag # set. # host 用于区别不同的主机名,例如针对该MAC地址,设置固定IP,主机名 host fantasia { #主机 hardware ethernet 08:00:07:26:c0:a5; #指定文件服务器MAC地址 fixed-address fantasia.fugue.com; #指定固定IP地址 } # You can declare a class of clients and then do address allocation # based on that. The example below shows a case where all clients # in a certain class get addresses on the 10.17.224/24 subnet, and all # other clients get addresses on the 10.0.29/24 subnet. class "foo" { match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; } shared-network 224-29 { subnet 10.17.224.0 netmask 255.255.255.0 { option routers rtr-224.example.org; } subnet 10.0.29.0 netmask 255.255.255.0 { option routers rtr-29.example.org; } pool { allow members of "foo"; range 10.17.224.10 10.17.224.250; } pool { deny members of "foo"; range 10.0.29.10 10.0.29.230; } }
编写DHCP配置文件
[root@kickstart ~]# cat /etc/dhcp/dhcpd.conf # # DHCP Server Configuration file. # see /usr/share/doc/dhcp*/dhcpd.conf.example # see dhcpd.conf(5) man page # subnet 172.18.41.0 netmask 255.255.255.0 { range 172.18.41.100 172.18.41.199; # range设置起始,结束ip范围 option subnet-mask 255.255.255.0; # 选项,设置掩码 option routers 172.18.41.2; # dhcp服务的网关设置,这里不写,客户端则无法上网 option domain-name-servers 1.2.4.8; # 保证dhcp客户端可以域名解析 default-lease-time 21600; # 默认的IP租用期限 max-lease-time 43200; # 最大的IP租用期限 next-server 172.18.41.133; # 告知客户端tftp服务器的ip filename "/pxelinux.0"; # 指明引导文件,用于指定PXE的运行程序文件,放在TFTP服务器的目录下 }
【配置文件解释】
filename:指明引导文件名称,用于指定PXE的运行程序文件,一般是在TFTP服务器的工作目录下,这个是关于PXE启动的配置。流程如下: 客户机通过网络启动,一般采用的就是intel的PXE来启动; PXE首先指定DHCP,获取自身IP地址、TFTP服务器或者NFS服务器的IP地址、PXE程序等内容; 执行获取的PXE程序,获得详细配置内容,再获取linux虚拟系统和intrid等内容; 最后加载整个linux系统到内核。 next-server server-name(一般是IP):客户端启动后,获得了IP地址,会加载引导文件,这里就定义提供引导文件的服务器IP地址
【启动DHCP服务,检查日志】
[root@kickstart ~]# systemctl start dhcpd [root@kickstart ~]# systemctl is-enabled dhcpd disabled [root@kickstart ~]# systemctl is-active dhcpd active # 部分日志如下 [root@kickstart ~]# tail -f /var/log/messages Jul 21 06:23:06 kickstart systemd: Starting DHCPv4 Server Daemon... Jul 21 06:23:06 kickstart dhcpd: Internet Systems Consortium DHCP Server 4.2.5 Jul 21 06:23:06 kickstart dhcpd: Copyright 2004-2013 Internet Systems Consortium. Jul 21 06:23:06 kickstart dhcpd: All rights reserved. Jul 21 06:23:06 kickstart dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Jul 21 06:23:06 kickstart dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file Jul 21 06:23:06 kickstart dhcpd: Wrote 0 leases to leases file. Jul 21 06:23:06 kickstart dhcpd: Listening on LPF/ens33/00:0c:29:e9:ed:77/172.18.41.0/24 Jul 21 06:23:06 kickstart dhcpd: Sending on LPF/ens33/00:0c:29:e9:ed:77/172.18.41.0/24 Jul 21 06:23:06 kickstart dhcpd: Sending on Socket/fallback/fallback-net Jul 21 06:23:06 kickstart systemd: Started DHCPv4 Server Daemon.
PXE和TFTP