当前位置: > Linux发行版 > Debian >

PXE+TFTP+DHCP+Apache2实现网络安装Debian9详解

时间:2021-12-18 16:55来源:linux.it.net.cn 作者:IT

安装软件

# apt-get install tftpd-hpa isc-dhcp-server apache2

配置dhcp服务器

配置文件:/etc/dhcp/dhcpd.conf

option domain-name "example.org";
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
allow booting;
allow bootp;

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.21 192.168.1.23;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.1.255;
  option routers 192.168.1.253;
  option domain-name-servers 192.168.1.1;
  next-server 192.168.1.1;
  filename "pxelinux.0";
  server-name "192.168.1.1";
}

If your machine uses UEFI to boot, you will have to specify a boot loader appropriate for UEFI machines, for example:
group {
  next-server 192.168.1.1;
  host tftpclient {
# tftp client hardware address
  hardware ethernet  00:10:DC:27:6C:15;
  filename "debian-installer/amd64/bootnetx64.efi";
 }
}

配置文件:/etc/default/isc-dhcp-server

DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
DHCPDv6_CONF=""
DHCPDv4_PID=/var/run/dhcpd.pid
DHCPDv6_PID=""
INTERFACESv4="br0"
INTERFACESv6=""

禁用DHCPDv6:

# cd /etc/dhcp
# mv dhcpd6.conf dhcpd6.conf.bak
# touch dhcpd6.conf

启动服务:

# /etc/init.d/isc-dhcp-server start

查看tftpd服务器配置

配置文件:/etc/default/tftpd-hpa

# /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"  # 此为tftpd启动镜像目录
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure"

配置apache2

配置文件:/etc/apache2/sites-enabled/000-default.conf

DocumentRoot /var/www

重启服务:

# /etc/init.d/apache2 restart

准备网络安装文件

  • 准备系统安装文件
# mkdir /root/isos
# cd /root/isos
# wget -c https://mirrors.tuna.tsinghua.edu.cn/debian-cd/9.9.0/amd64/iso-cd/debian-9.9.0-amd64-xfce-CD-1.iso
或:http://mirror.lzu.edu.cn/debian-cd/9.9.0/amd64/iso-cd/debian-9.9.0-amd64-xfce-CD-1.iso

# mkdir -p /var/www/debian
# mount -t iso9660 -o loop /root/isos/debian-9.9.0-amd64-xfce-CD-1.iso /var/www/debian

# vim /etc/fstab  # 开机挂载(可选)
/root/isos/debian-9.9.0-amd64-xfce-CD-1.iso  /var/www/debian    iso9660  loop           0       2
  • 准备tftpd启动文件并替换initrd.gz(此步骤非常重要,否则后续自动化安装会带来众多问题)

(1)准备网络启动文件

# cd /srv/tftp
# wget -c https://mirrors.tuna.tsinghua.edu.cn/debian/dists/stretch/main/installer-amd64/current/images/netboot/netboot.tar.gz
# tar zxf netboot.tar.gz

(2)合并并替换initrd.gz

#创建工作目录
# mkdir initrd
# cd initrd

#准备iso中的initrd压缩包
# cp /var/www/debian/install.amd/initrd.gz ./
# gunzip initrd.gz
# mv initrd initrd-iso

#准备netboot中的initrd压缩包
# cp /srv/tftp/debian-installer/amd64/initrd.gz ./
# gunzip initrd.gz
# mv initrd initrd-net

#创建两个临时目录保存解包后的文件
# mkdir -p {iso,net}

#解包iso中的initrd
# cd iso
# cpio -i < ../initrd-iso

#解包netboot中的initrd
# cd ../net
# cpio -i < ../initrd-net

#合并驱动文件
# cd ..
# cp -avr iso/lib/modules/4.9.0-9-amd64/kernel/drivers/* net/lib/modules/4.9.0-9-amd64/kernel/drivers/

#进入net目录重新打包initrd.gz文件
# cd net
# find | cpio -R 0:0 -o -H newc > ../initrd
# cd ..
# gzip initrd

#覆盖原来netboot中的initrd.gz文件
# cp initrd.gz /srv/tftp/debian-installer/amd64/

准备自动化安装脚本

# mkdir -p /var/www/pxe
# vim /var/www/pxe/debian.seed

脚本示例:

#### Contents of the preconfiguration file (for debian)
#
### Localization
d-i debian-installer/locale string en_US
d-i localechooser/supported-locales multiselect en_US.UTF-8, zh_CN.UTF-8
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us

### Network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
d-i netcfg/get_nameservers string 192.168.1.1
d-i netcfg/wireless_wep string

### Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string 192.168.1.1
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string

### Account setup
d-i passwd/root-login boolean true
# Generate command: "mkpasswd -m sha-512"
d-i passwd/root-password-crypted password <md5 hash>
#
d-i passwd/user-fullname string Test-User
d-i passwd/username string testuser
d-i passwd/user-password-crypted password <md5 hash>

### Clock and time zone setup
d-i clock-setup/utc boolean false
d-i time/zone string Asia/Shanghai
d-i clock-setup/ntp boolean false

### Partitioning
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
# -------------------------------------------------------
d-i partman-auto/expert_recipe string \
boot-root :: \
1024 1024 1024 ext3 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext3 } \
mountpoint{ /boot } \
. \
20480 1024 20480 ext4 \
$primary{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
. \
2048 1024 2048 linux-swap \
$primary{ } \
method{ swap } format{ } \
. \
10240 1024 10240 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /home } \
. \
4096 1024 4096 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /tmp } \
. \
40960 1024 -1 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \
.
# -------------------------------------------------------
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

### Apt setup
d-i apt-setup/non-free boolean false
d-i apt-setup/contrib boolean false
d-i apt-setup/use_mirror boolean false
d-i apt-setup/services-select multiselect main
d-i debian-installer/allow_unauthenticated boolean true

### Package selection
tasksel tasksel/first multiselect standard
d-i pkgsel/include string openssh-server
d-i pkgsel/upgrade select none
d-i pkgsel/language-packs multiselect en, zh
d-i pkgsel/update-policy select none

### Boot loader installation
d-i grub-installer/only_debian boolean true
#d-i grub-installer/bootdev string /dev/sda
d-i grub-installer/bootdev string default

### Finishing up the installation
d-i finish-install/keep-consoles boolean true
d-i finish-install/reboot_in_progress note

#### Advanced options
#### Running custom commands during the installation
#d-i preseed/late_command string chroot /target sh -c "/usr/bin/wget -c http://192.168.1.1/pxe/postinstall.sh -O /tmp/postinstall.sh && /bin/sh -x /tmp/postinstall.sh"

postinstall.sh脚本示例:

#!/bin/sh
#
PXESERVER=192.168.1.1

# Get firstboot script.
/usr/bin/wget -O /root/firstboot.sh http://${PXESERVER}/pxe/firstboot.sh
chmod +x /root/firstboot.sh

# Create a service that will run firstboot.sh script.
cat >/etc/init.d/firstboot << EOF
#! /bin/sh
#
### BEGIN INIT INFO
# Provides:        firstboot
# Required-Start:  \$networking
# Required-Stop:   \$networking
# Default-Start:   2 3 4 5
# Default-Stop:    0 1 6
# Short-Description: A script that runs once
# Description: A script that runs once
### END INIT INFO
cd /root; /usr/bin/nohup sh -x /root/firstboot.sh &
EOF

# Install the firstboot service.
chmod +x /etc/init.d/firstboot
update-rc.d firstboot defaults
echo "Finished postinstall"

firstboot.sh脚本示例:

#!/bin/sh
#
# This script will run the first time the system boots. Even
# though we've told it to run after networking is enabled,
#
# Introducing a brief sleep makes things work right all the
# time. The time for DHCP to catch up.
sleep 90

# Install new sources.
cat << EOF >/etc/apt/sources.list
deb http://ftp.cn.debian.org/debian/ stretch main contrib non-free
EOF

# Update system and install some softwares.
apt-get update
apt-get -y upgrade
apt-get -y install python sudo bridge-utils vlan

# Configure ssh.
sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i 's/#UseDNS no/UseDNS no/g' /etc/ssh/sshd_config

# Configure sudo privileges for test user.
echo "testuser ALL = (root) ALL" | tee /etc/sudoers.d/testuser
chmod 0440 /etc/sudoers.d/testuser

# Create test user.
useradd -d /home/testuser -m testuser
echo testuser:password | chpasswd

echo "testuser ALL = (root) NOPASSWD:ALL" | tee /etc/sudoers.d/testuser
chmod 0440 /etc/sudoers.d/testuser

# Modify timezone.
echo "Asia/Shanghai" | tee /etc/timezone

# Delete some services.
update-rc.d firstboot remove
update-rc.d exim4 remove
update-rc.d nfs-common remove
update-rc.d rpcbind remove
rm /etc/init.d/firstboot /root/firstboot

# Configure iptables.
iptables -Z
iptables -F
iptables -X

# Reboot system.
/sbin/reboot

# End

修改开机引导文件

配置文件:/srv/tftp/pxelinux.cfg/default

# D-I config version 2.0
# search path for the c32 support libraries (libcom32, libutil etc.)
path debian-installer/amd64/boot-screens/
include debian-installer/amd64/boot-screens/menu.cfg
default debian-installer/amd64/boot-screens/vesamenu.c32
prompt 1
timeout 1

配置文件:/srv/tftp/debian-installer/amd64/boot-screens/txt.cfg

label install
    menu label ^Install
    kernel debian-installer/amd64/linux
    append vga=788 initrd=debian-installer/amd64/initrd.gz auto=true priority=critical interface=auto netcfg/dhcp_timeout=30 url=http://192.168.1.1/pxe/debian.seed debian-installer/allow_unauthenticated=true --- quiet

启动服务器自动化安装




(责任编辑:IT)
------分隔线----------------------------