共计 7393 个字符,预计需要花费 19 分钟才能阅读完成。
之前使用 Cobbler 搭建自动安装系统,最近 Cobbler 网站 http://www.cobblerd.org/ 无法访问,执行命令 cobbler get-loaders 下载获取 PXE 启动需要的文件时报 404,即使下载成功,所有文件都为 0 字节,导致服务器安装系统自动获取到 IP 地址后卡住。不得已自己想办法解决,重新用 Nginx DHCP TFTP Kickstart 搭建了一套自动安装系统。Nginx 安装和配置都挺简单,代替了 Cobbler 中使用的 Apache。
虚拟环境
网段:192.168.200.0
掩码:255.255.255.0
网关:192.168.200.2
自动安装系统地址:192.168.200.10
DHCP 分配地址范围:192.168.200.11 – 192.168.200.254
一、安装配置 Nginx
下载编译安装 Nginx
cd /App/src
wget http://nginx.org/download/nginx-1.8.0.tar.gz
tar zxf nginx-1.8.0.tar.gz
cd nginx-1.8.0
./configure \
–prefix=/App/nginx \
–without-http_access_module \
–without-http_auth_basic_module \
–without-http_browser_module \
–without-http_empty_gif_module \
–without-http_fastcgi_module \
–without-http_geo_module \
–without-http_limit_conn_module \
–without-http_limit_req_module \
–without-http_map_module \
–without-http_memcached_module \
–without-http_proxy_module \
–without-http_referer_module \
–without-http_rewrite_module \
–without-http_scgi_module \
–without-http_split_clients_module \
–without-http_ssi_module \
–without-http_upstream_hash_module \
–without-http_upstream_ip_hash_module \
–without-http_upstream_keepalive_module \
–without-http_upstream_least_conn_module \
–without-http_userid_module \
–without-http_uwsgi_module \
–without-mail_imap_module \
–without-mail_pop3_module \
–without-mail_smtp_module \
–without-pcre \
–without-poll_module \
–without-select_module
make && make install
修改 Nginx 配置文件 /App/nginx/conf/nginx.conf
user nginx nginx;
worker_processes auto;
error_log logs/error.log error;
pid logs/nginx.pid;
worker_rlimit_nofile 65536;
events
{
use epoll;
accept_mutex off;
worker_connections 65536;
}
http
{
include mime.types;
default_type text/html;
charset UTF-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
open_file_cache max=65536 inactive=60s;
open_file_cache_valid 80s;
open_file_cache_min_uses 1;
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;
access_log logs/access.log main;
sendfile on;
server_tokens off;
keepalive_timeout 60;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 64k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/javascript application/xml;
server
{
listen 80;
server_name localhost;
index index.html;
root /App/web;
autoindex on;
}
}
新建 Nginx 运行账号和 Web 目录
useradd -s /bin/false -M nginx
mkdir -p /App/web
下载 CentOS 镜像 iso 文件并导入 Web 目录
cd /App/src
wget http://mirrors.aliyun.com/centos/6.6/isos/x86_64/CentOS-6.6-x86_64-bin-DVD1.iso
mount -o loop CentOS-6.6-x86_64-bin-DVD1.iso /mnt
rsync -avP /mnt/ /App/web/CentOS-6.6-x86_64
启动 Nginx
/App/nginx/sbin/nginx
二、安装配置 DHCP
Yum 安装 dhcp 服务端
yum -y install dhcp
修改配置 dhcp 文件 /etc/dhcp/dhcpd.conf
allow booting;
allow bootp;
subnet 192.168.200.0 netmask 255.255.255.0 {
option routers 192.168.200.2;
option domain-name-servers 223.5.5.5,223.6.6.6;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.200.11 192.168.200.254;
filename “/pxelinux.0”;
default-lease-time 21600;
max-lease-time 43200;
next-server 192.168.200.10;
}
启动 dhcp 服务
/etc/init.d/dhcpd start
三、安装配置 TFTP
Yum 安装 tftp 服务端
yum -y install tftp-server
修改 tftp 配置并启动 xinetd 服务
sed -i ‘/disable/s/yes/no/’ /etc/xinetd.d/tftp
/etc/init.d/xinetd start
Yum 安装 syslinux 引导加载程序,拷贝相关文件至 tftp 根目录
yum -y install syslinux
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
cd /App/web/CentOS-6.6-x86_64/isolinux/
cp vesamenu.c32 boot.msg splash.jpg vmlinuz initrd.img memtest /var/lib/tftpboot/
mkdir -p /var/lib/tftpboot/pxelinux.cfg
cp isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
修改启动菜单 /var/lib/tftpboot/pxelinux.cfg/default,特别注意 menu default 这个配置决定了默认启动哪个选项,如果是【label linux】下,服务器一旦重启将删除所有分区并格式化,非常危险,一定要修改此项。
default vesamenu.c32
prompt 0
timeout 60
display boot.msg
menu background splash.jpg
menu title Welcome to CentOS 6.6!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000
label linux
menu label ^Install or upgrade an existing system
kernel vmlinuz
append initrd=initrd.img ks=http://192.168.200.10/CentOS-6.6-x86_64/ks.cfg ksdevice=em1
label vesa
menu label Install system with ^basic video driver
kernel vmlinuz
append initrd=initrd.img xdriver=vesa nomodeset
label rescue
menu label ^Rescue installed system
kernel vmlinuz
append initrd=initrd.img rescue
label local
menu label Boot from ^local drive
menu default
localboot 0xffff
label memtest86
menu label ^Memory test
kernel memtest
append –
四、添加 Kickstart 配置
Web 目录中添加 kickstart 配置文件 /App/web/CentOS-6.6-x86_64/ks.cfg
install
keyboard us
lang zh_CN
url –url=http://192.168.200.10/CentOS-6.6-x86_64/
network –onboot yes –device eth0 –bootproto dhcp –noipv6
rootpw –iscrypted $6$y0UTGMGnCEgUJmUB$IPcaQ8ipx24V8lAq.XepGoilvjXM9kFs5YrivQQoejYmLOmeVXSeM6IvzxtdsUJ0CFuTMzANEmlj5FOluuwy40
auth –useshadow –passalgo=sha512
reboot
firewall –disabled
firstboot –disable
selinux –disabled
logging –level=info
timezone Asia/Shanghai
bootloader –location=mbr
zerombr yes
clearpart –all –initlabel
part /boot –fstype ext4 –size=200
part swap –size=2048
part / –fstype ext4 –size=200 –grow
%packages
@chinese-support
@core
@server-policy
@workstation-policy
%end
%post
ServiceList=`chkconfig –list | grep ‘0’ | awk ‘{print $1}’ | grep -Ev ‘sshd|network|crond|syslog’`
for Service in $ServiceList
do
/etc/init.d/$Service stop
chkconfig –level 0123456 $Service off
done
cat >> /etc/sysctl.conf << EOF
vm.swappiness = 0
net.core.rmem_default = 262144
net.core.rmem_max = 16777216
net.core.wmem_default = 262144
net.core.wmem_max = 16777216
net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_max_tw_buckets = 10000
net.ipv4.ip_local_port_range = 1024 65500
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_mem = 786432 1048576 1572864
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.sem = 250 32000 100 128
fs.inotify.max_user_watches = 1048576
EOF
sysctl -p
cat >> /etc/security/limits.conf << EOF
* – nofile 1048576
* – nproc 65536
* – stack 1024
EOF
cat >> /etc/profile << EOF
ulimit -n 1048576
ulimit -u 65536
ulimit -s 1024
alias grep=’grep –color=auto’
export HISTTIMEFORMAT=”%Y-%m-%d %H:%M:%S “
EOF
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/’ /etc/selinux/config
setenforce 0
sed -i ‘s/.*UseDNS yes/UseDNS no/’ /etc/ssh/sshd_config
sed -i ‘s/.*GSSAPIAuthentication yes/GSSAPIAuthentication no/’ /etc/ssh/sshd_config
/etc/init.d/sshd restart
cat >> $HOME/.bash_profile << EOF
export PATH=/App/script:\$PATH
EOF
mkdir -p /App/script /App/src
mount –bind /dev/shm /tmp
echo “/bin/mount –bind /dev/shm /tmp” >> /etc/rc.local
五、检查相关服务监听端口
http:80、dhcp:67、tftp:69
netstat -tunlp | grep -E ‘(0.0.0.0:80|0.0.0.0:67|0.0.0.0:69)’
如下图说明各服务已监听
Linux 基础教程:Linux Kickstart 自动安装 http://www.linuxidc.com/Linux/2015-05/117877.htm
使用 PXE+DHCP+Apache+Kickstart 无人值守安装 CentOS5.8 x86_64 http://www.linuxidc.com/Linux/2012-12/76913p4.htm
Linux PXE 无人值守安装出现 PXE-E32:TFTP OPen timeout 的解决办法 http://www.linuxidc.com/Linux/2014-03/98986.htm
使用 PXE 结合 kickstart 自动安装 Linux 系统 http://www.linuxidc.com/Linux/2014-03/98014.htm
RHCE 认证之无人值守安装 Linux 系统(FTP+TFTP+DHCP+Kickstart+PXE)http://www.linuxidc.com/Linux/2013-10/91013.htm
PXE 网络装机 (有人值守与无人值守安装) http://www.linuxidc.com/Linux/2013-07/87456.htm
本文永久更新链接地址 :http://www.linuxidc.com/Linux/2015-10/124650.htm
