紀錄一下工作上所撰寫的Service Building Manual
Linux PXE Server Setup
Request:
- Install Package: yum install dhcp-server radvd syslinux tftp tftp-server xinetd nfs-utils httpd elfutils-libelf-devel(Intel LAN driver installation require)
PS: 8.x support dnf and yum. - 附加功能NTP-Server
- Maintance Notice
OS Setup configuration:
一.OS installation: (以下使用CentOS 8.1 1911進行架設)
1. 套件Server with GUI: File and Storage Server, Development tools, RPM Development tools, Java Platform, Hardware Monitoring Utilities(Option, not necessary).
2. Partition: Standard
|
Partition: |
Size: |
|
/boot |
1024MiB |
|
/boot/efi (if UEFI OS) |
1024MiB |
|
/ |
50GiB |
|
Swap |
4GiB |
|
/os |
65GiB |
3. Root pw: abcdef;通常管理者知道即可
(以Linux OS設計的角度,管理者不使用root登入,使用具有root權限的帳戶避免誤操作)
User: lex , Password: abcdef;設定一個給代理人使用的帳號,或管理者使用的帳號
4. Driver: 配合使用的機台進行driver installation.
5. 為了方便安裝相對應的套件,將OSI掛載至/mnt並cp -a複製到要放/os下相對應的資料夾(ex: CentOS8up1_64),延續命名規則分類使用
6-1. RHEL: 複製OSI內的media.repo到 /yum/repos.d/下,修改/yum/repos.d/media.repo內容,加入baseurl=file://路徑
6-2. CentOS: 修改/yum/repos.d/CentOS-Media.repo內容,修改路徑baseurl=file://路徑
備註:RHEL/CentOS8.x需同時設定BaseOS跟Appstream。
Repo名稱可設定一樣,下指令時比較方便;# yum –disablerepo=\* --enablerepo=c8-media
Repo部分名稱不同時,可用米號代替;# yum –disablerepo=\* --enablerepo=c8-media*
7-1. 防火牆: 由於測試內網是封閉式網路,直接關掉防火牆,設定好環境之後,若有需要再打開進行設定權限。
7-2. 若是開放式網路,建議開啟防火牆,並針對各個Service設定防火牆。
關閉防火牆: # systemctl stop firewalld.service
# systemctl disable firewalld.service
設定各個Service可通過防火牆
|
firewall-cmd --add-service=tftp --permanent firewall-cmd --add-service=dhcp --permanent firewall-cmd --add-service=dhcpv6 --permanent firewall-cmd --add-service=nfs --permanent firewall-cmd --add-service=nfs3 --permanent firewall-cmd --add-service=http --permanent firewall-cmd --add-service=ntp --permanent firewall-cmd –reload #/*設定之後,reloa啟用設定d*/ |
8. SELinux: 檢查狀態 # sestatus 或 # getenforce
免重開機,暫時關閉 #setenforce 0
Disabled SELinux: # vim /etc/selinux/config
內容改成=> SELINUX=disabled
PXE Server Service Setup
(I). Setup DHCP service
安裝套件# yum install dhcp-server
Part I:( IPv4 Setup )
a. 複製IPV4範例檔案
# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf
b. 修改IPV4設定檔案內容
# vim /etc/dhcp/dhcpd.conf
/*IPV4, change the contents as below:*/
|
# dhcpd.conf
#option domain-name-servers ns1.example.org, ns2.example.org;
option space pxelinux; option pxelinux.magic code 208 = string; option pxelinux.configfile code 209 = text; option pxelinux.pathprefix code 210 = text; option pxelinux.reboottime code 211 = unsigned integer 32; option architecture-type code 93 = unsigned integer 16;
# These settings are required for UEFI boot: option space PXE; option PXE.mtftp-ip code 1 = ip-address; option PXE.mtftp-cport code 2 = unsigned integer 16; option PXE.mtftp-sport code 3 = unsigned integer 16; option PXE.mtftp-tmout code 4 = unsigned integer 8; option PXE.mtftp-delay code 5 = unsigned integer 8; option arch code 93 = unsigned integer 16; # RFC4578 #The Client System Architecture Type Option 93 (EFI x86-64) is defined in RFC4578.
default-lease-time 1800; max-lease-time 7200; min-lease-time 600;
# Use this to enble / disable dynamic dns updates globally. ddns-update-style interim; #none;
############################# ignore client-updates; #############################
# If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; allow booting; allow bootp; allow unknown-clients;
subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.101 192.168.0.250; option routers 192.168.0.1; option broadcast-address 192.168.0.255; option ntp-servers 192.168.0.10;
default-lease-time 1800; max-lease-time 7200; min-lease-time 600;
class "pxeclients" { match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; next-server 192.168.0.10; # DHCP Server IP
if option architecture-type = 00:07 { filename "grubx64.efi"; #filename "shim.efi"; } else { filename "pxelinux/pxelinux.0"; } }
host pxe { hardware ethernet 00:25:22:90:ab:99; fixed-address 192.168.0.10; } } |
c. 啟動服務 # systemctl start dhcpd.service
# systemctl enable dhcpd.service
備註:設定開機啟動 #chkconfig dhcpd on /* 可略過不設,改用其他方法統一啟動 */
Part II:( IPv6 Setup )
安裝套件# yum install radvd 須利用RADVD(Router Advertisement Daemon)運行Stateless DHCPv6
a. #vim /etc/dhcp/dhcpd6.conf /*IPv6,change the contents as below:*/
|
# IPv6 address valid lifetime default-lease-time 86400; # IPv6 address preferred lifetime preferred-lifetime 43200; # T1, the delay before Renew option dhcp-renewal-time 1800; # T2, the delay before Rebind (if Renews failed) option dhcp-rebinding-time 3600; # Enable RFC 5007 support (same than for DHCPv4) allow leasequery; # The delay before information-request refresh option dhcp6.info-refresh-time 10800; # The path of the lease file dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases"; # The subnet where the server is attached subnet6 2020:2019:2018:abcd::/64 { # addresses available to clients # Some available for Prefix Delegation (RFC 3633) range6 2020:2019:2018:abcd::11 2020:2019:2018:abcd::ffff:ffff; # Use the whole /64 prefix for temporary addresses(i.e., direct application of RFC 4941) #range6 3ffe:501:ffff:100:: temporary; option dhcp6.bootfile-url "tftp://[2020:2019:2018:abcd::10]/grubx64.efi"; } |
b. #vim /etc/radvd.conf /*Edit radvd configuration as below*/
|
# interface enp1s0 { AdvSendAdvert on; MinRtrAdvInterval 30; MaxRtrAdvInterval 100; prefix 2020:2019:2018:abcd::/64 { AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; };
}; |
檢查設定是否啟用# sysctl -p
c.啟動 radvd前,須把 ipv6 fordward 打開. ipv6 fordward 跟 ipv4 的設定檔一樣儲存在 /etc/sysctl.conf
|
Add as below: net.ipv6.conf.all.forwarding=1 |
d.啟動服務 # systemctl start dhcpd6.service
# systemctl enable dhcpd6.service
# systemctl start radvd.service
# systemctl enable radvd.service
備註:設定開機啟動 # chkconfig dhcpd6 on /* 可略過不設,改用其他方法統一啟動 */
# chkconfig radvd on /* 可略過不設,改用其他方法統一啟動 */
(II). 設定OSI Source。(NFS , HTTP Service)
Part I:( Setup NFS service )
安裝套件# yum install nfs-utils
a. #vim /etc/exports (setup share folder)
|
Add as below: /os *(ro) |
b. 啟動服務 # systemctl start nfs-server.service
# systemctl enable nfs-server.service
Part II:( Setup HTTP service )
安裝套件# yum install httpd
a. 設定osi目錄軟連結至/var/www/html/os
#ln –s /os /var/www/html/os
b. 啟動服務 # systemctl start httpd.service
# systemctl enable httpd.service
c. 建立好啟動服務後,用網頁連線到 127.0.0.1/os,就可正常連線至剛剛設定連結的資料夾
(III). Setup TFTP service
安裝套件# yum install tftp tftp-server xinetd
a. 複製Service檔案
# cp /usr/lib/systemd/system/tftp.service /etc/systemd/system/tftp-server.service
# cp /usr/lib/systemd/system/tftp.socket /etc/systemd/system/tftp-server.socket
b. 編輯/etc/systemd/system/tftp-server.service
|
[Unit] Description=Tftp Server Requires=tftp-server.socket Documentation=man:in.tftpd
[Service] ExecStart=/usr/sbin/in.tftpd -c -p -s /var/lib/tftpboot StandardInput=socket
[Install] WantedBy=multi-user.target Also=tftp-server.socket |
c. 編輯/etc/systemd/system/tftp-server.socket
|
[Unit] Description=Tftp Server Activation Socket
[Socket] ListenDatagram=69 BindIPv6Only=both
[Install] WantedBy=sockets.target |
d. 啟動服務 # systemctl start tftp-socket.service
# systemctl start tftp-server.service
# systemctl enable tftp-server.service
(IV). 建立用來存放 PXE 引導Client PXE開機的設定
a. 建立pxelinux資料夾到tftpboot資料夾下 # mkdir /var/lib/tftpboot/pxelinux/
b. 複製需要的檔案(Lagacy 網路開機引導檔與其他必要檔案)
# cp /usr/share/syslinux/{pxelinux.0,libcom.c32,ldlinux.c32,vesamenu.c32} /var/lib/tftpboot/pxelinux/
c. 建立pxelinux.cfg資料夾到pxelinux資料夾下
# mkdir /var/lib/tftpboot/pxelinux/pxelinux.cfg/
d. 編輯建立Lagacy Mode(for BIOS-based clients) 網路開機引導設定
#vim /var/lib/tftpboot/ pxelinux/pxelinux.cfg/default
Part I:( 編輯建立Lagacy netboot configuration )
d-1. 建立default,及編寫內容。設定Lagacy netboot的設定
|
#default 0 default menu.c32 prompt 1 (若mark this line and set default to menu.c32, the menu will be Graphic Unit Interface.) timeout 600 F1 boot.msg F2 test.msg display boot.msg
######## CentOS 8.1 (1911) ######## label C8.1 #menu label ^Install system #menu default kernel CentOS8up1_64/vmlinuz append initrd=CentOS8up1_64/initrd.img ip=dhcp inst.repo=http://192.168.0.10/os/CentOS8up1_64/ label C8.1-vno #menu label Install system with ^basic video driver kernel CentOS8up1_64/vmlinuz append initrd=CentOS8up1_64/initrd.img ip=dhcp inst.xdriver=vesa nomodeset inst.repo=http://192.168.0.10/os/CentOS8up1_64/ label C8.1-bnv #menu label Install system with ^basic video driver kernel CentOS8up1_64/vmlinuz append initrd=CentOS8up1_64/initrd.img ip=dhcp modprobe.blacklist=nouveau inst.repo=http://192.168.0.10/os/CentOS8up1_64/ label C8.1-bnvno #menu label Install system with ^basic video driver kernel CentOS8up1_64/vmlinuz append initrd=CentOS8up1_64/initrd.img ip=dhcp modprobe.blacklist=nouveau nomodeset inst.repo=http://192.168.0.10/os/CentOS8up1_64/ ######## CentOS 8.xx Work-able append (about inst source) #### ## append initrd=CentOS8up1_64/initrd.img ip=dhcp inst.repo=nfs:192.168.0.10:/os/CentOS8up1_64/ ## append initrd=CentOS8up1_64/initrd.img ip=dhcp inst.repo=http://192.168.0.10/os/CentOS8up1_64/ ## append initrd=CentOS8up1_64/initrd.img ip=dhcp inst.stage2=nfs:192.168.0.10:/os/CentOS8up1_64/ ############################################################## ## Not support -> source methods for RHEL/CentOS 8.xx : nfsroot=192.168.0.10:/os/CentOS8up1_64/
######## CentOS 7.6 (1810) ######## label C7.6 #menu label ^Install system kernel CentOS7up6_64/vmlinuz append initrd=CentOS7up6_64/initrd.img ip=dhcp inst.repo=http://192.168.0.10/os/CentOS7up6_64/ # append initrd=CentOS7up6_64/initrd.img ip=dhcp inst.repo=nfs:192.168.0.10:/os/CentOS7up6_64/ #If turn-off & disable firewalld is okay. # append initrd=CentOS7up6_64/initrd.img ip=dhcp inst.stage2=nfs:192.168.0.10:/os/CentOS7up6_64/ #If turn-off & disable firewalld is okay. label C7.6-vno menu label Install system with ^basic video driver kernel CentOS7up6_64/vmlinuz append initrd=CentOS7up6_64/initrd.img ip=dhcp inst.xdriver=vesa nomodeset inst.repo=http://192.168.0.10/os/CentOS7up6_64/ # append initrd=CentOS7up6_64/initrd.img ip=dhcp inst.xdriver=vesa nomodeset inst.repo=nfs:192.168.0.10:/os/CentOS7up6_64/ label C7.6-bnv menu label Install system with ^basic video driver kernel CentOS7up6_64/vmlinuz append initrd=CentOS7up6_64/initrd.img ip=dhcp modprobe.blacklist=nouveau inst.repo=http://192.168.0.10/os/CentOS7up6_64/ label C7.6-bnvno menu label Install system with ^basic video driver kernel CentOS7up6_64/vmlinuz append initrd=CentOS7up6_64/initrd.img ip=dhcp modprobe.blacklist=nouveau nomodeset inst.repo=http://192.168.0.10/os/CentOS7up6_64/ # append initrd=CentOS7up6_64/initrd.img ip=dhcp modprobe.blacklist=nouveau nomodeset inst.repo=nfs:192.168.0.10:/os/CentOS7up6_64/ # append initrd=CentOS7up6_64/initrd.img ip=dhcp modprobe.blacklist=nouveau nomodeset inst.repo=nfs:192.168.0.10:/os/CentOS7up6_64/
############################################################# # HTTP 伺服器 inst.repo=http://主機/路徑 # HTTPS 伺服器 inst.repo=https://主機/路徑 # FTP 伺服器 inst.repo=ftp://使用者名稱:密碼@主機/路徑 # NFS 伺服器 inst.repo=nfs:[選項:]伺服器:/路徑 ############################################################# |
Part II:( 設定PXE開機選單 )
d-2. #vim /var/lib/tftpboot/boot.msg 建立PXE開機選單(Lagacy Menu);純文字樣式。
備註:純文字的畫面顯示有限制寬度跟行數。
|
################################################################################ Linux OS : normal , vesa+nomodeset , black-nouveau , black-nouveau+nomodeset CentOS 8.1: C8.1 , C8.1-vno , C8.1-bnv , C8.1-bnvno CentOS 7.6: C7.6 , C7.6-vno , C7.6-bnv , C7.6-bnvno ################################################################################ |
e. 編輯建立UEFI Mode(for UEFI-based clients) 網路開機引導設定
本篇採用OS原生提供的UEFI引導檔;先前在其他OS試驗可用其他OS提供的引導檔
(ex: OS是RHEL6.7但PXE UEFI引導檔使用SLES11.2 bootx64.efi 搭配 elilo.conf)
e-1. 複製建立UEFI引導檔:從OSI提供的內容,複製取出需要的檔案。
#mkdir /tmp/pxeuefi/
# cp -pr /OS_OSI/BaseOS/Packages/shim-version-architecture.rpm /tmp/pxeuefi/
# cp -pr /OS_OSI/BaseOS/Packages/grub2-efi-version-architecture.rpm /tmp/pxeuefi/
# cd /tmp/pxeuefi/
# rpm2cpio shim-version-architecture.rpm | cpio –dimv
# rpm2cpio grub2-efi-version-architecture.rpm | cpio –dimv
# cp /tmp/pxeuefi/boot/efi/EFI/redhat/shimx64.efi /var/lib/tftpboot/shim.efi (名稱更動,請留意)(支援secure boot)
# cp /tmp/pxeuefi/boot/efi/EFI/redhat/grubx64.efi /var/lib/tftpboot/
備註:shim.efi與grubx64.efi放置的路徑與dhcpd.conf內容設定的有關。亦可放置於/var/lib/tftpboot/uefi/之下。
e-2. 建立grub.cfg及編寫UEFI netboot的設定內容。
#vim /var/lib/tftpboot/grub.cfg
|
set timeout=60 set default=0 ######## CentOS 8.1 ####################################################################################################################### menuentry 'CentOS 8.1' { linuxefi pxelinux/CentOS8up1_64/vmlinuz ip=dhcp inst.repo=http://192.168.0.10/os/CentOS8up1_64/ initrdefi pxelinux/CentOS8up1_64/initrd.img } menuentry 'CentOS 8.1 + vesa + nomodeset' { linuxefi pxelinux/CentOS8up1_64/vmlinuz ip=dhcp inst.repo=http://192.168.0.10/os/CentOS8up1_64/ inst.xdriver=vesa nomodeset initrdefi pxelinux/CentOS8up1_64/initrd.img } menuentry 'CentOS 8.1 + black nouveau' { linuxefi pxelinux/CentOS8up1_64/vmlinuz ip=dhcp inst.repo=http://192.168.0.10/os/CentOS8up1_64/ modprobe.blacklist=nouveau initrdefi pxelinux/CentOS8up1_64/initrd.img } menuentry 'CentOS 8.1 + black nouveau + nomodeset' { linuxefi pxelinux/CentOS8up1_64/vmlinuz ip=dhcp inst.repo=http://192.168.0.10/os/CentOS8up1_64/ modprobe.blacklist=nouveau nomodeset initrdefi pxelinux/CentOS8up1_64/initrd.img } ######## CentOS 7.6 ####################################################################################################################### menuentry 'CentOS 7.6' { linuxefi pxelinux/CentOS7up6_64/vmlinuz ip=dhcp inst.repo=http://192.168.0.10/os/CentOS7up6_64/ initrdefi pxelinux/CentOS7up6_64/initrd.img } menuentry 'CentOS 7.6 + vesa + nomodeset' { linuxefi pxelinux/CentOS7up6_64/vmlinuz ip=dhcp inst.repo=http://192.168.0.10/os/CentOS7up6_64/ inst.xdriver=vesa nomodeset initrdefi pxelinux/CentOS7up6_64/initrd.img } menuentry 'CentOS 7.6 + black nouveau' { linuxefi pxelinux/CentOS7up6_64/vmlinuz ip=dhcp inst.repo=http://192.168.0.10/os/CentOS7up6_64/ modprobe.blacklist=nouveau initrdefi pxelinux/CentOS7up6_64/initrd.img } menuentry 'CentOS 7.6 + black nouveau + nomodeset' { linuxefi pxelinux/CentOS7up6_64/vmlinuz ip=dhcp inst.repo=http://192.168.0.10/os/CentOS7up6_64/ modprobe.blacklist=nouveau nomodeset initrdefi pxelinux/CentOS7up6_64/initrd.img } ########################################################################################################################################### |
備註:由於CentOS 8.1 1911 提供的UEFI網路開機設定檔採用Grub2設定,所以不須設定UEFI Menu。
若需要純文字選單畫面,必須採用其他的pxe bootloader。
(V). 建立放置指向各別OS的開機引導檔
a. 建立個別OS開機引導檔案的資料夾
# mkdir /var/lib/tftpboot/CentOS8up1_64/
b. 從OSI內複製引導檔到開機引導檔案的資料夾
#cp [$OSI_Mount_Path]/CentOS8up1_64/images/pxeboot/{initrd.img,vmlinuz} /var/lib/tftpboot/CentOS8up1_64/
PS: 各種品牌的Linux OS的開機引導檔,於OSI放置位置可能不一樣。RHEL與CentOS會放置一樣的路徑。
引導必要檔案 initrd/initrd.img 與 linux/vmlinuz 兩個檔案。
(VI). 設定自動執行:最後把掛載OS Image Resource跟各項Service啟動/重新啟動的指令寫到shell script裡面,設定好rc.local每次開機後,自動執行shell file;甚至可以利用OS內建的機制,定期自動執行^_^
Example:
#vim run-services.sh
|
#!/bin/bash # 宣告使用 /bin/bash systemctl restart httpd.service systemctl restart dhcpd.service systemctl restart dhcpd6.service systemctl restart xinetd.service systemctl restart chronyd.service systemctl restart nfs-server.service systemctl restart tftp-server.service |
二.附加功能
1. Setup NTP-Server service
a. #yum install chrony
b. #vim /etc/chrony.conf /* 編輯環境設定檔,設定Allow NTP client access from local network的部分 */
|
Edit # Allow NTP client access from local network. allow 192.168.0.0/16 |
c. 啟動服務 # systemctl start chronyd.service
# systemctl enable chronyd.service
三. Maintance Notice:
1. 若架設或維護過程中發生錯誤的問題,可以依照系統回饋的資訊上網Google一下相關訊息。
2. 新增OS=>(i)tftpboot 新增要更新的OS之引導檔/資料夾。(章節PXE Server Setup>>(V))
(ii)OS Image路徑下,新增該OS的安裝檔案/資料夾。(章節OS Setup>>一>>5)
例如OS的ISO掛載在/iso目錄下,使用# cp –a /iso /os/xxxxx ;xxxxx為存放OS Image內容的目錄名稱。
(Path: /os/)
(iii)Lagacy(default)/UEFI(grub.cfg) Boot Source內容更新。(章節PXE Server Setup>>(IV)>>d~e)
(Path_Legacy: /var/lib/tftpboot/pxelinux/pxelinux.cfg/default)
(Path_UEFI: /var/lib/tftpboot/grub.cfg)
(iv)重啟跟PXE Server有關的服務。
3. 檢查方式,實際使用一台機器測試,使用Legacy與UEFI進到PXE選單後,確認是否可正常進到安裝介面。
4.依照以上順序,仍遇到檔案路徑正確,但是PXE install使用過程中卻找不到來源檔案的問題,檢查一下權限的問題
|
#=======Check 權限========================= #ll –a /*確認資料夾存取權限的問題*/ 權限至少是755=> drwxr-xr-x |
Reference:
https://docs.centos.org/en-US/8-docs/advanced-install/assembly_preparing-for-a-network-install/
https://www.lijyyh.com/2012/05/ipv6.html
留言列表
