安装软件
配置dhcp服务器
配置文件:/etc/dhcp/dhcpd.conf
option domain-name "example.org";
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
allow booting;
allow bootp;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.21 192.168.1.23;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.253;
option domain-name-servers 192.168.1.1;
next-server 192.168.1.1;
filename "pxelinux.0";
server-name "192.168.1.1";
}
If your machine uses UEFI to boot, you will have to specify a boot loader appropriate for UEFI machines, for example:
group {
next-server 192.168.1.1;
host tftpclient {
hardware ethernet 00:10:DC:27:6C:15;
filename "debian-installer/amd64/bootnetx64.efi";
}
}
配置文件:/etc/default/isc-dhcp-server
DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
DHCPDv6_CONF=""
DHCPDv4_PID=/var/run/dhcpd.pid
DHCPDv6_PID=""
INTERFACESv4="br0"
INTERFACESv6=""
禁用DHCPDv6:
# cd /etc/dhcp
# mv dhcpd6.conf dhcpd6.conf.bak
# touch dhcpd6.conf
启动服务:
查看tftpd服务器配置
配置文件:/etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure"
配置apache2
配置文件:/etc/apache2/sites-enabled/000-default.conf
DocumentRoot /var/www
重启服务:
准备网络安装文件
# mkdir /root/isos
# cd /root/isos
# wget -c https://mirrors.tuna.tsinghua.edu.cn/debian-cd/9.9.0/amd64/iso-cd/debian-9.9.0-amd64-xfce-CD-1.iso
或:http://mirror.lzu.edu.cn/debian-cd/9.9.0/amd64/iso-cd/debian-9.9.0-amd64-xfce-CD-1.iso
# mkdir -p /var/www/debian
# mount -t iso9660 -o loop /root/isos/debian-9.9.0-amd64-xfce-CD-1.iso /var/www/debian
# vim /etc/fstab # 开机挂载(可选)
/root/isos/debian-9.9.0-amd64-xfce-CD-1.iso /var/www/debian iso9660 loop 0 2
-
准备tftpd启动文件并替换initrd.gz(此步骤非常重要,否则后续自动化安装会带来众多问题)
(1)准备网络启动文件
# cd /srv/tftp
# wget -c https:
# tar zxf netboot.tar.gz
(2)合并并替换initrd.gz
#创建工作目录
# mkdir initrd
# cd initrd
#准备iso中的initrd压缩包
# cp /var/www/debian/install.amd/initrd.gz ./
# gunzip initrd.gz
# mv initrd initrd-iso
#准备netboot中的initrd压缩包
# cp /srv/tftp/debian-installer/amd64/initrd.gz ./
# gunzip initrd.gz
# mv initrd initrd-net
#创建两个临时目录保存解包后的文件
# mkdir -p {iso,net}
#解包iso中的initrd
# cd iso
# cpio -i < ../initrd-iso
#解包netboot中的initrd
# cd ../net
# cpio -i < ../initrd-net
#合并驱动文件
# cd ..
# cp -avr iso/lib/modules/4.9.0-9-amd64/kernel/drivers/* net/lib/modules/4.9.0-9-amd64/kernel/drivers/
#进入net目录重新打包initrd.gz文件
# cd net
# find | cpio -R 0:0 -o -H newc > ../initrd
# cd ..
# gzip initrd
#覆盖原来netboot中的initrd.gz文件
# cp initrd.gz /srv/tftp/debian-installer/amd64/
准备自动化安装脚本
脚本示例:
d-i debian-installer/locale string en_US
d-i localechooser/supported-locales multiselect en_US.UTF-8, zh_CN.UTF-8
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
d-i netcfg/get_nameservers string 192.168.1.1
d-i netcfg/wireless_wep string
d-i mirror/country string manual
d-i mirror/http/hostname string 192.168.1.1
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
d-i passwd/root-login boolean true
d-i passwd/root-password-crypted password <md5 hash>
d-i passwd/user-fullname string Test-User
d-i passwd/username string testuser
d-i passwd/user-password-crypted password <md5 hash>
d-i clock-setup/utc boolean false
d-i time/zone string Asia/Shanghai
d-i clock-setup/ntp boolean false
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-auto/expert_recipe string \
boot-root :: \
1024 1024 1024 ext3 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext3 } \
mountpoint{ /boot } \
. \
20480 1024 20480 ext4 \
$primary{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
. \
2048 1024 2048 linux-swap \
$primary{ } \
method{ swap } format{ } \
. \
10240 1024 10240 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /home } \
. \
4096 1024 4096 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /tmp } \
. \
40960 1024 -1 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \
.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i apt-setup/non-free boolean false
d-i apt-setup/contrib boolean false
d-i apt-setup/use_mirror boolean false
d-i apt-setup/services-select multiselect main
d-i debian-installer/allow_unauthenticated boolean true
tasksel tasksel/first multiselect standard
d-i pkgsel/include string openssh-server
d-i pkgsel/upgrade select none
d-i pkgsel/language-packs multiselect en, zh
d-i pkgsel/update-policy select none
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string default
d-i finish-install/keep-consoles boolean true
d-i finish-install/reboot_in_progress note
postinstall.sh脚本示例:
PXESERVER=192.168.1.1
/usr/bin/wget -O /root/firstboot.sh http://${PXESERVER}/pxe/firstboot.sh
chmod +x /root/firstboot.sh
cat >/etc/init.d/firstboot << EOF
cd /root; /usr/bin/nohup sh -x /root/firstboot.sh &
EOF
chmod +x /etc/init.d/firstboot
update-rc.d firstboot defaults
echo "Finished postinstall"
firstboot.sh脚本示例:
#!/bin/sh
sleep 90
cat << EOF >/etc/apt/sources.list
deb http://ftp.cn.debian.org/debian/ stretch main contrib non-free
EOF
apt-get update
apt-get -y upgrade
apt-get -y install python sudo bridge-utils vlan
sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS no/UseDNS no/g' /etc/ssh/sshd_config
echo "testuser ALL = (root) ALL" | tee /etc/sudoers.d/testuser
chmod 0440 /etc/sudoers.d/testuser
useradd -d /home/testuser -m testuser
echo testuser:password | chpasswd
echo "testuser ALL = (root) NOPASSWD:ALL" | tee /etc/sudoers.d/testuser
chmod 0440 /etc/sudoers.d/testuser
echo "Asia/Shanghai" | tee /etc/timezone
update-rc.d firstboot remove
update-rc.d exim4 remove
update-rc.d nfs-common remove
update-rc.d rpcbind remove
rm /etc/init.d/firstboot /root/firstboot
iptables -Z
iptables -F
iptables -X
/sbin/reboot
修改开机引导文件
配置文件:/srv/tftp/pxelinux.cfg/default
path debian-installer/amd64/boot-screens/
include debian-installer/amd64/boot-screens/menu.cfg
default debian-installer/amd64/boot-screens/vesamenu.c32
prompt 1
timeout 1
配置文件:/srv/tftp/debian-installer/amd64/boot-screens/txt.cfg
label install
menu label ^Install
kernel debian-installer/amd64/linux
append vga=788 initrd=debian-installer/amd64/initrd.gz auto=true priority=critical interface=auto netcfg/dhcp_timeout=30 url=http://192.168.1.1/pxe/debian.seed debian-installer/allow_unauthenticated=true
启动服务器自动化安装
(责任编辑:IT) |