影片Demo:https://youtu.be/_tEx_A1ZzBU
一、Mirror 鏡像站
1. 準備 200 GB 以上之硬碟空間,並建立裝鏡像站之目錄
mkdir -p /home/ftp
2. 寫一個 getdeb.sh
# 選擇一個外站來下載
HOST=ftp.tw.debian.org
#HOST=debian.nctu.edu.tw
#HOST=opensource.nchc.org.tw
#HOST=ftp.wa.au.debian.org
#HOST=120.117.72.71
#HOST=ftp.debian.org
debmirror \
--arch=i386,amd64,armel,armhf,sha4 \
--dist=jessie,jessie-updates \
--di-arch=i386,amd64,armel \
--di-dist=stable \
--host=$HOST \
--root=":debian" \
--diff=none -p \
--nosource \
--method=rsync \
--section main,contrib,non-free,main/debian-installer \
--i18n \
--ignore-release-gpg /home/ftp/debian/ ;
#--section non-free,contrib,main,main/debian-installer,main/installer-armel,main/i18n,main/source \
#debmirror \
# -v --nosource -d lenny/updates -a i386 \
# -s non-free,contrib,main,main/debian-installer \
# --method=http -h security.debian.org \
# --ignore-release-gpg -r /debian-security /home/ftp/debian/security/
# --section main,contrib,non-free,main/debian-installer,main/installer-armel,main/i18n,main/source \
#wget -r -l1 -nH ftp://$HOST/debian/dists/squeeze/main/source/
date
3. 將鏡像站載到 /home/ftp/debian 目錄下
sh getdeb.sh
4. 修改/home/ftp/debian所有檔案權限
DIR=/home/ftp/debian
chown root.root -Rv $DIR
chmod ug-s -Rv $DIR
find $DIR -type -d -exec chmod 755 {} +
find $DIR -type -f -exec chmod 644 {} +
5. 修改 sources.list 檔:
cat >> /etc/apt/sources.list << EOF deb ftp://localhost/debian jessie main contrib non-free deb-src ftp://localhost/debian jessie main contrib non-free EOF
6. 測試更新
apt-get update
7. 若出現 installer 或 source… 缺少檔案,請自行去別的鏡像站補檔案到對應的目錄。
=============================================================
二、建立私有網路 192.168.10.0/24
1. 將建置環境之對外網路線先移除,
其他含有 DHCP Server 相關的設備也移除 (例如 WiFi 基地台)。
其他含有 DHCP Server 相關的設備也移除 (例如 WiFi 基地台)。
2. PXE Server 端,修改網路設定
vi /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
########## Eth0/DHCP ##########
#allow-hotplug eth0
#iface eth0 inet dhcp
########### PXE Server Machine ##########
allow-hotplug eth0
iface eth0 inet static
address 192.168.10.254
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
gateway 192.168.10.1
3. 重啟網卡
/etc/init.d/networking restart
4. 確認網路設定成功,若沒有出現 ip:192.168.10.254,再多重啟幾次。
/sbin/ifconfig=============================================================
三、FTP / NFS /HTTP Server(擇一,本例使用 FTP)
‧FTP Server
1. 安裝sudo apt-get install proftpd-basic
2.修改設定檔 /etc/proftpd/proftpd.conf
搜尋 Anonymous ,解除註解,完成如下結果:
sudo vi /etc/proftpd/proftpd.conf
搜尋 Anonymous ,解除註解,完成如下結果:
<Anonymous ~ftp>
User ftp
Group nogroup
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Cosmetic changes, all files belongs to ftp user
DirFakeUser on ftp
DirFakeGroup on ftp
RequireValidShell off
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
# Uncomment this if you're brave.
# <Directory incoming>
# # Umask 022 is a good standard umask to prevent new files and dirs
# # (second parm) from being group and world writable.
# Umask 022 022
# <Limit READ WRITE>
# DenyAll
# </Limit>
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
</Anonymous>
3.修改 /etc/passwd 設定
搜尋 ftp ,將其中的目錄路徑改為自訂 FTP 目錄 (例如: /home/ftp)
瀏灠器測試 ftp://192.168.10.254
-------------------------------------------------------------------------------------------------
‧PXE Server
1. 安裝
2. 設定
3. 重啟
4. 檢查
Export list for localhost:
/srv/nfs 192.168.10.0/24
‧NFS Client
1. Client 端套件安裝
2.建立掛載 NFS 目錄
3. 手動掛載
2. 修改
3. 修改
4. 重啟
sudo apt-get install isc-dhcp-server
2. 設定
3. 重啟
2.設定
3. 下載開機套件
4. 確立 /srv/tftp 目錄存在
sudo vi /etc/passwd
搜尋 ftp ,將其中的目錄路徑改為自訂 FTP 目錄 (例如: /home/ftp)
瀏灠器測試 ftp://192.168.10.254
-------------------------------------------------------------------------------------------------
‧NFS Server
‧PXE Server
1. 安裝
sudo apt-get install nfs-kernel-server
2. 設定
sudo vi /etc/exports
/srv/nfs 192.168.10.0/24(rw,no_root_squash,async,no_subtree_check)
3. 重啟
exportfs -rav /etc/init.d/nfs-kernel-server restart
4. 檢查
showmount -e localhost正確輸出:
Export list for localhost:
/srv/nfs 192.168.10.0/24
‧NFS Client
1. Client 端套件安裝
sudo apt-get install nfs-common
2.建立掛載 NFS 目錄
mkdir -p /dev/nfs
3. 手動掛載
mount -t nfs -nolock 192.168.10.1:/srv/nfs /dev/nfs-------------------------------------------------------------------------------------------------
‧HTTP Server
1. 安裝sudo apt-get install apache2
2. 修改
vi /etc/apache2/apache2.conf`
<Directory /home/ftp>
Options Indexes
AllowOverride None
Require all granted
</Directory>
3. 修改
vi /etc/apache2/sites-available/000-default.conf`
#DocumentRoot /var/www/html DocumentRoot /home/ftp
4. 重啟
/etc/init.d/apache2 restart=============================================================
四、DHCP Server
1. 安裝sudo apt-get install isc-dhcp-server
2. 設定
vi /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers 120.117.2.1;
#option domain-name-servers 8.8.8.8;
default-lease-time 600;
max-lease-time 7200;
allow booting;
subnet 192.168.10.0 netmask 255.255.255.0{
range 192.168.10.100 192.168.10.200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255;
option routers 192.168.10.1;
option domain-name-servers 120.117.2.1;
next-server 192.168.10.254;
filename "pxelinux.0";
}
3. 重啟
/etc/init.d/isc-dhcp-server restart systemctl enable isc-dhcp-server systemctl status isc-dhcp-server=============================================================
五、TFTP Server
1. 安裝sudo apt-get -y install tftpd-hpa
2.設定
vi /etc/default/tftpd-hpa
TFTP_RUN_DAEMON="yes" TFTP_USERNAME="tftp" TFTP_DIRECTORY="/srv/tftp" TFTP_ADDRESS="0.0.0.0:69" TFTP_OPTIONS="--secure"
3. 下載開機套件
wget http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/netboot.tar.gz
4. 確立 /srv/tftp 目錄存在
mkdir -p /srv/tftp
5. 解壓至 tftp 目錄
tar xfva netboot.tar.gz -C /srv/tftp
6. PXE 開機選單訊息(自行定義)
7. 原檔備份
8. PXE 開機選單
9. 權限o+rx
10. 重啟
=============================================================
#https://www.youtube.com/watch?v=YT7qUoEw0BY
#http://pastebin.com/jadh4U5n
#https://www.debian.org/releases/jessie/example-preseed.txt
=============================================================
3. 遠端 ssh 第一次,無需打 yes ,自動更新 known_hosts 檔方法:
建一設定檔於 PXE Server 端: /root/.ssh/config
vi /srv/tftp/boot.msg
=========================
| INSTALL MENU |
=========================
Choose installation type:
0 Local Boot(Default)
1 PXE Manual Install Debian/Jessie
2 PXE Automated Install Debian/Jessie
=========================
7. 原檔備份
mv /srv/tftp/pxelinux.cfg/default /srv/tftp/pxelinux.cfg/default.bak
8. PXE 開機選單
vi /srv/tftp/pxelinux.cfg/default
DISPLAY boot.msg
PROMPT 1
timeout 3000
default 0
LABEL 0
localboot 0
LABEL 1
kernel debian-installer/amd64/linux
append vga=normal initrd=debian-installer/amd64/initrd.gz --
LABEL 2
kernel debian-installer/amd64/linux
append vga=normal initrd=debian-installer/amd64/initrd.gz auto=true priority=critical url=http://192.168.10.254/preseed.cfg interface=eth0
9. 權限o+rx
chmod -Rv 755 /srv/tftp
10. 重啟
/etc/init.d/tftpd-hpa restart update-rc.d tftpd-hpa defaults systemctl enable tftpd-hpa
六、自動安裝設定 Preseed
#http://www.unt.edu/benchmarks/archives/2008/may08/auto_install_howto-2.pdf#https://www.youtube.com/watch?v=YT7qUoEw0BY
#http://pastebin.com/jadh4U5n
#https://www.debian.org/releases/jessie/example-preseed.txt
vim /home/ftp/preseed.cfg
#https://www.debian.org/releases/jessie/example-preseed.txt # Localization d-i debian-installer/locale string en_US d-i console-keymaps-at/keymap select us d-i console-setup/ask_detect boolean false d-i keyboard-configuration/xkb-keymap select us d-i keyboard-configuration/layoutcode string us # Networking d-i netcfg/choose_interface select auto d-i netcfg/get_hostname string unassigned-hostname d-i netcfg/get_domain string unassigned-domain # APT Mirror d-i mirror/country string enter information manually d-i mirror/http/hostname string ftp://192.168.10.254 d-i mirror/http/directory string /debian #d-i mirror/suite string default d-i mirror/http/proxy string # Timezone / Time d-i clock-setup/utc boolean false d-i time/zone string Asia/Taipei d-i clock-setup/ntp boolean true d-i clock-setup/ntp-server tick.stdtime.gov.tw # Partitoning # # https://wikitech.wikimedia.org/wiki/PartMan/Auto d-i partman-auto/disk string /dev/sda d-i partman-auto/method string regular #d-i partman-auto/expert_recipe string \ root :: \ 5000 25000 -1 ext4 \ $primary{ } \ $bootable{ } \ method{ format } \ format{ } \ use_filesystem{ } \ filesystem{ xfs } \ mountpoint{ / } \ . \ 1024 2048 8192 linux-swap \ $primary{ } \ method{ swap } \ format{ } \ . d-i partman-auto/choose_recipe select root d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/confirm boolean true d-i partman/confirm_write_new_label boolean true d-i partman/confirm_nooverwrite boolean false d-i partman/choose_partition select "Finish partitioning and write changes to disk" # Grub Install d-i grub-installer/only_debian boolean true d-i grub-installer/with_other_os boolean true d-i grub-installer/bootdev string /dev/sda # Account(s) setup # ROOT d-i passwd/root-login boolean true d-i passwd/root-password password abc123 d-i passwd/root-password-again password abc123 # USER d-i passwd/make-user boolean true d-i passwd/user-fullname string student d-i passwd/username string student d-i passwd/user-password password abc123 d-i passwd/user-password-again password abc123 d-i user-setup/allow-password-weak boolean true #d-i passwd/user-default-groups string users,audio,cdrom,video #d-i passwd/user-uid string 1001 # tasksel / extra APT packages #tasksel tasksel/first multiselect standard tasksel tasksel/first multiselect minimal d-i pkgsel/include string \ ssh sshpass sudo aptitude vim ntp rsync popularity-contest popularity-contest/participate boolean true # run shell script d-i preseed/late_command string \ in-target wget ftp://192.168.10.254/env.sh -P /root/; \ in-target /bin/chmod 700 /root/env.sh; \ in-target /bin/sh /root/env.sh
=============================================================
七、新機環境設定
自訂義於 /home/ftp/env.sh#!/bin/bash # KLin # 2015/08/25 USER=student # login directory: /root cd /root/ # APT Package updates #apt-get update # sshd server #apt-get -y install ssh sshpass rsh sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config mkdir -p /root/.ssh ## 使用 `ssh-keygen` 指令生成公鑰,Copy 起來 #cat >> /root/.ssh/authorized_keys << EOF #ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLDfPtWH2zTq92nfsml5i6agoXWQRBzsb9VJzKGwY/jyPfyIL7rl+Q#hD4oGxDLW3pNmtflAkQ3/X3W8j/o7tW14Sdw2eW5HRl2Um2eSa9q2BWHbzT464R+xlGgAI3iUH0yPRgW602EYzeCZi3/#8zSoVHMVrjsZyjOzz5n+EFbNsirVtSOndF9iXa2ByT1GuxjOobBWoIue5/1jb7B8pG6QlRAf6kz0x/1xLWASiBmMaLPf#mHbQ5xvgBFbSOQTTG7vRevuVrpBaUdEHEGiRMY4TS8o/2bOzAoCa9hgCcxb1N3Ys/AKbwU00yWGUSKqhTK93tpbSsUmG#34MaDGmMWmfz root@KaiLin #ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCllLrsVt7koI6q/erYCUubKW2fxHRGYB4xYkY7LacPxiSexnvrX6yk#vRQbWcEOtNig2SXZJ6NwJWIDnkAfehVLbYWSu1S4MfPMzPLQVQryAQxf3oajyLAg+D64QGeBfDmScJ0LIBwPJq9/oqSI#4QgiMUXjj+9kBn6VBzGaB9h2u6AN1YYRJYJbKHFt4mxiqbXuXalw2fC0VWoerp9La9weozvCWOXeuxL6SCYPyTcIDqQ7#t9hSvH93af6HqNtcBr0WzmrYdrVRyNW5KbCD0IFf35yOogzrAon86MVjReVAF2gLHnFYz+bjH4DstcRAAZgJTvT4HGuA#cGqrfXf11RhZ root@120-117-73-86 #EOF # Black List cat >> /etc/modprobe.d/fbdev-blacklist.conf << EOF blacklist nouveau blacklist nv blacklist ast EOF # Setting `sudo` echo "$USER ALL=(ALL:ALL) ALL" >> /etc/sudoers # .bashrc & .vimrc for ACCOUNT in /root /home/$USER do # set .bashrc cat >> $ACCOUNT/.bashrc << EOF # Language Setting "zh.TW.UTF-8" export LC_ALL=zh_TW.UTF-8 export LANG=zh_TW.UTF-8 export LANGUAGE=zh_TW.UTF-8 # define more command aliases alias ls='ls -F --color=auto' alias l='ls -lF --color=auto' alias ll='ls -lF --color=auto' alias lt='ls -lt --color=auto' alias la='ls -aF --color=auto' alias lh='ls -lhF --color=auto' alias lz='ls -lZF --color=auto' alias grep='grep --color=auto' alias vi='vim' alias df='df -h' alias ifconfig='/sbin/ifconfig' EOF # set .vimrc cat >> $ACCOUNT/.vimrc << EOF set hlsearch set bg=dark syntax on EOF done # end test touch /root/env_run.ok # Other shell...=============================================================
八、遠端控制 rsh + sshpass
※ 注意,使用 rsh 時,Server 與 Client 必需有相同之使用者帳號,
若 Server 端使用 root 權限,則 rsh 所執行的指令於 Client 端也為 root 權限。
若 Server 端使用 root 權限,則 rsh 所執行的指令於 Client 端也為 root 權限。
1. 於 server 端發遠端指令的方法參考 http://jamyy.us.to/blog/2013/08/5260.html
2. 安裝
apt-get install sshpass rsh
3. 遠端 ssh 第一次,無需打 yes ,自動更新 known_hosts 檔方法:
建一設定檔於 PXE Server 端: /root/.ssh/config
StrictHostKeyChecking no
4 遠端下指令,注意目前執行 rsh 的使用者權限:
sshpass -p <密碼> rsh <主機 IP> <指令> &
※令 ssh 連線無需輸入密碼
於 PXE Server 端,指令` ssh-keygen `產生 public key ,
並 copy 至 Client 端:/root/.ssh/authorized_keys (自行建立)的檔案內。
=============================================================
九、Reference:
http://www.unt.edu/benchmarks/archives/2008/may08/auto_install_howto-2.pdfhttps://raymii.org/s/articles/virt-install_introduction_and_copy_paste_distro_install_commands.html
http://www.tecmint.com/multiple-centos-installations-using-kickstart/#
http://ubuntuforums.org/showthread.php?t=1463142
http://www.syslinux.org/wiki/index.php/Comboot/menu.c32
http://wiki.hackzine.org/sysadmin/debian-pxe-server.html
http://www.iram.fr/~blanchet/tutorials/read-only_diskless_debian7.pdf
https://www.debian.org/releases/jessie/amd64/ch04s05.html.en
https://www.debian-administration.org/article/478/Setting_up_a_server_for_PXE_network_booting
http://linux.vbird.org/somepaper/20100901-pxe_ks.pdf
http://linux.vbird.org/somepaper/20101020-pxe_ks_2.pdf
https://help.ubuntu.com/community/DisklessUbuntuHowto
https://www.debian.org/releases/jessie/example-preseed.txt
沒有留言:
張貼留言