19 Use PXE + Kickstart unattended installation service
19.1 Unattended system
PXE (Preboot eXecute Environment, pre-boot execution environment) is a technology developed by Intel Corporation that allows computers to start operating systems through the network (provided that the network card installed on the computer supports PXE technology), which is mainly used to install the system unattended Medium guide client host to install Linux operating system. Kickstart is an unattended installation method, and its working principle is to save in advance the parameters that need to be manually filled in by the operation and maintenance personnel into oneks.cfg file, When you need to fill in the parameters during the installation process, it automatically matches the file generated by Kickstart. So as long as the Kickstart file contains all the parameters that need to be filled in manually during the installation process, in theory, the operation can be completed automatically without the intervention of operation and maintenance personnel.
Since the current client host does not have a complete operating system, it cannot complete the verification of the FTP protocol, so the TFTP protocol is needed to help the client obtain the boot and driver files. The vsftpd service program is used to transmit the complete system installation image to the client through the network. Of course, as long as you can successfully transfer the system installation image to the client, you can also use httpd instead of the vsftpd service program.
19.2 Deploying related service programs
19.2.1 Configure DHCP service program
The DHCP service program is used to assign available IP addresses to the client host, and this is the basis for file transfer between the server and the client host, so we first configure the DHCP service program. First set the IP address for the unattended system according to Table 19-1, and then close its own DHCP service in the virtual network editor of the virtual machine according to Figure 19-2 and Figure 19-3.
Table 19-1 Settings of unattended system and client
| Host name | operating system | IP address |
|---|---|---|
| Unattended system | RHEL 7 | 192.168.10.10 |
| Client | No operating system installed | - |
Figure 19-2 Open the virtual network editor of the virtual machine
Figure 19-3 Disable the DHCP service provided by the virtual machine
When the CD image is mounted and the Yum warehouse files are properly configured, the DHCP service program software package can be installed.
[root@linuxprobe ~]# yum install dhcp
Chapter 14 has explained the configuration and deployment method of the DHCP service program in detail. I believe you have some impressions about the related configuration parameters. However, there are two main differences between the configuration file we use here and the configuration file in Chapter 14: The BOOTP bootloader protocol is allowed, which is designed to allow hosts with no operating system in the LAN to obtain a static IP address; The boot driver file pxelinux.0 is loaded at the bottom of the file (this file will be created in the following steps). Its purpose is to allow the client host to actively obtain the boot driver file after obtaining the IP address and enter the next installation process by itself.
[root@linuxprobe ~]# vim /etc/dhcp/dhcpd.conf
allow booting;
allow bootp;
ddns-update-style interim;
ignore client-updates;
subnet 192.168.10.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.10.10;
range dynamic-bootp 192.168.10.100 192.168.10.200;
default-lease-time 21600;
max-lease-time 43200;
next-server 192.168.10.10;
filename "pxelinux.0";
}
[root@linuxprobe ~]# systemctl restart dhcpd
[root@linuxprobe ~]# systemctl enable dhcpd
ln -s '/usr/lib/systemd/system/dhcpd.service' '/etc/systemd/system/multi-user.target.wants/dhcpd.service'
19.2.2 Configuring the TFTP service program
We have studied vsftpd service and TFTP service in Chapter 11. vsftpd is a feature-rich file transfer service program that allows users to authenticate access in anonymous open mode, local user mode, and virtual user mode. However, the current client host has not yet installed an operating system, how to log in authentication? As a simple file transfer protocol based on UDP protocol, TFTP does not require user authentication to obtain the required file resources. So next configure the TFTP service program to provide boot and driver files for the client host. After the client host has the basic driver, the complete CD image file is transferred through the vsftpd service program.
[root@linuxprobe ~]# yum install tftp-server
TFTP is a very streamlined file transfer service program. Its operation and shutdown are managed by the xinetd network daemon service. The xinetd service program will monitor multiple ports of the system at the same time, and then call the corresponding service program according to the port number requested by the user to respond to the user's request. To open the TFTP service program, just change the disable parameter to no in the configuration file of the xinetd service program. Save the configuration file and exit, then restart the xinetd service program and add it to the startup item (on the RHEL 7 system, the xinetd service program has been enabled by default, so there is no output when it is added to the startup item Information is normal).
[root@linuxprobe ~.d]# vim /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
[root@linuxprobe xinetd.d]# systemctl restart xinetd
[root@linuxprobe xinetd.d]# systemctl enable xinetd
The TFTP service program uses the UDP protocol by default, and the port number occupied is 69. Therefore, in the production environment, you need to write an allow policy in the firewalld firewall management tool to make it permanently effective, so that the client host can successfully obtain the boot file .
[root@linuxprobe ~]# firewall-cmd --permanent --add-port=69/udp
success
[root@linuxprobe ~]# firewall-cmd --reload
success
19.2.3 Configuring the SYSLinux service program
SYSLinux is a service program for providing boot loading. Instead of saying that SYSLinux is a service program, it is better to say that the boot file inside is needed. After installing the SYSLinux service program package, many boot files will appear in the / usr / share / syslinux directory.
[root@linuxprobe ~]# yum install syslinux
We first need to copy the boot file provided by SYSLinux to the default directory of the TFTP service program, which is the file pxelinux.0 mentioned above, so that the client host can successfully obtain the boot file. In addition, there are some boot files that we need to retrieve in the RHEL 7 system CD image. After confirming that the CD image has been mounted in the / media / cdrom directory, use the copy command to copy some of the boot files included in the CD image to the default directory of the TFTP service program.
[root@linuxprobe ~]# cd /var/lib/tftpboot
[root@linuxprobe tftpboot]# cp /usr/share/syslinux/pxelinux.0 .
[root@linuxprobe tftpboot]# cp /media/cdrom/images/pxeboot/{vmlinuz,initrd.img} .
[root@linuxprobe tftpboot]# cp /media/cdrom/isolinux/{vesamenu.c32,boot.msg} .
Then create a new pxelinux.cfg directory in the directory of the TFTP service program. Although the name of the directory has a suffix, it is still a directory, not a file! Copy the boot option menu from the system CD to this directory and name it default. This default file is the option menu at boot, as shown in Figure 19-4.
Figure 19-4 Linux system boot menu interface
[root@linuxprobe tftpboot]# mkdir pxelinux.cfg
[root@linuxprobe tftpboot]# cp /media/cdrom/isolinux/isolinux.cfg pxelinux.cfg/default
There are two options in the default boot menu, either to install the system or to verify the installation media. Now that we have determined to install the system in an unattended manner, we also need to manually select the corresponding option for each host, which is contrary to our main theme (unattended installation). Now we edit the default file and change the default parameter on line 1 to linux, so that the system will execute the option named linux by default when the system boots. The corresponding linux option is about 64 lines. We changed the default installation method of the CD image to the FTP file transfer method, and specified the acquisition URL of the CD image and the acquisition path of the Kickstart answer file:
[root@linuxprobe tftpboot]# vim pxelinux.cfg/default
1 default linux
2 timeout 600
3
4 display boot.msg
5
6 # Clear the screen when exiting the menu, instead of leaving the menu displa yed.
7 # For vesamenu, this means the graphical background is still displayed witho ut
8 # the menu itself for as long as the screen remains in graphics mode.
9 menu clear
10 menu background splash.png
11 menu title Red Hat Enterprise Linux 7.0
12 menu vshift 8
13 menu rows 18
14 menu margin 8
15 #menu hidden
16 menu helpmsgrow 15
17 menu tabmsgrow 13
18
19 # Border Area
20 menu color border * #00000000 #00000000 none
21
22 # Selected item
23 menu color sel 0 #ffffffff #00000000 none
24
25 # Title bar
26 menu color title 0 #ff7ba3d0 #00000000 none
27
28 # Press [Tab] message
29 menu color tabmsg 0 #ff3a6496 #00000000 none
30
31 # Unselected menu item
32 menu color unsel 0 #84b8ffff #00000000 none
33
34 # Selected hotkey
35 menu color hotsel 0 #84b8ffff #00000000 none
36
37 # Unselected hotkey
38 menu color hotkey 0 #ffffffff #00000000 none
39
40 # Help text
41 menu color help 0 #ffffffff #00000000 none
42
43 # A scrollbar of some type? Not sure.
44 menu color scrollbar 0 #ffffffff #ff355594 none
45
46 # Timeout msg
47 menu color timeout 0 #ffffffff #00000000 none
48 menu color timeout_msg 0 #ffffffff #00000000 none
49
50 # Command prompt text
51 menu color cmdmark 0 #84b8ffff #00000000 none
52 menu color cmdline 0 #ffffffff #00000000 none
53
54 # Do not display the actual menu unless the user presses a key. All that is displayed is a timeout message.
55
56 menu tabmsg Press Tab for full configuration options on menu items.
57
58 menu separator # insert an empty line
59 menu separator # insert an empty line
59 menu separator # insert an empty line
60
61 label linux
62 menu label ^Install Red Hat Enterprise Linux 7.0
63 kernel vmlinuz
64 append initrd=initrd.img inst.stage2=ftp://192.168.10.10 ks=ftp://192.168.10.10/pub/ks.cfg quiet
65
………………省略部分输出信息………………
19.2.4 Configuring the VSFtpd service program
In the service of our unattended installation system, the CD image is transmitted through the FTP protocol, so it is necessary to use the vsftpd service program. Of course, you can also use the httpd service program to provide a way to access the Web site, as long as you can ensure that the CD image is smoothly transmitted to the client host. If you intend to use the Web site service to provide the CD image, be sure to modify the URL of the CD image in the above configuration file and the URL of the Kickstart answer file.
[root@linuxprobe ~]# yum install vsftpd
After the configuration file is modified correctly, the corresponding service program must be added to the startup item, so that whether it is in the production environment or in the Red Hat certification exam, it can still provide the corresponding service after the device restarts. I hope you readers will develop this good habit.
[root@linuxprobe ~]# systemctl restart vsftpd
[root@linuxprobe ~]# systemctl enable vsftpd
ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'
After confirming that the system CD image has been normally mounted in the / media / cdrom directory, copy all the CD image files in the directory to the working directory of the vsftpd service program.
[root@linuxprobe ~]# cp -r /media/cdrom/* /var/ftp
This process takes about 3 to 5 minutes. In the meantime, let's not be idle, write the permission policy that makes the FTP protocol permanently effective in the firewalld firewall management tool, and then release the FTP transfer in SELinux:
[root@linuxprobe ~]# firewall-cmd --permanent --add-service=ftp
success
[root@linuxprobe ~]# firewall-cmd --reload
success
[root@linuxprobe ~]# setsebool -P ftpd_connect_all_unreserved=on
19.2.5 Creating a KickStart answer file
After all, we use PXE + Kickstart to deploy a set of "unattended installation system services", not "unattended transmission system CD image services", so we also need to allow the client host to obtain the CD image while being able to Automatically help us fill in the options that appear during the installation process. Simply put, if there are 100 servers in the production environment, they need to install the same system environment, then the buttons clicked and the information filled in during the installation process should also be the same. So why not create a requirements list similar to a memo? In this way, when installing the system unattended, you can find the corresponding option value from this list of requirements, thereby eliminating the pain of manual input, and more importantly, completely liberating human intervention and completely implementing unattended automatic Install the system instead of simply transferring the system CD image.
With the above foreshadowing, I believe you should be able to guess that Kickstart is not actually a service program, but an answer file. Yes! The Kickstart answer file contains the options and parameter information that need to be used during the system installation. The system can automatically retrieve the contents of this answer file, thus completely implementing the unattended installation system. So, since this file is so important, where should I go? In fact, there is a file named anaconda-ks.cfg in the root administrator's home directory, which is the answer file. Next, copy this file to the working directory of the vsftpd service program (the configuration file of the boot option menu has defined the path of the file, that is, the pub subdirectory of the vsftpd service program data directory). Use the chmod command to set the permissions of the file to ensure that everyone has readable permissions to ensure that the client host can successfully obtain the answer file and its contents:
[root@linuxprobe ~]# cp ~/anaconda-ks.cfg /var/ftp/pub/ks.cfg
[root@linuxprobe ~]# chmod +r /var/ftp/pub/ks.cfg
The Kickstart answer file is not as complicated as imagined, it only has a total of about 46 lines of parameters and comments.
First, change the installation method of the CD image on line 6 to the FTP protocol, carefully fill in the IP address of the FTP server, and try to open it with a local browser to check whether there is an error. Then change the time zone on line 21 to Shanghai (Asia / Shanghai), and finally set the disk option on line 29 to clear all disk contents and initialize the disk:
[root@linuxprobe ~]# vim /var/ftp/pub/ks.cfg
1 #version=RHEL7
2 # System authorization information
3 auth --enableshadow --passalgo=sha512
4
5 # Use CDROM installation media
6 url --url=ftp://192.168.10.10
7 # Run the Setup Agent on first boot
8 firstboot --enable
9 ignoredisk --only-use=sda
10 # Keyboard layouts
11 keyboard --vckeymap=us --xlayouts='us'
12 # System language
13 lang en_US.UTF-8
14
15 # Network information
16 network --bootproto=dhcp --device=eno16777728 --onboot=off --ipv6=auto
17 network --hostname=localhost.localdomain
18 # Root password
19 rootpw --iscrypted $6$pDjJf42g8C6pL069$iI.PX/yFaqpo0ENw2pa7MomkjLyoae2zjMz2UZJ7b H3UO4oWtR1.Wk/hxZ3XIGmzGJPcs/MgpYssoi8hPCt8b/
20 # System timezone
21 timezone Asia/Shanghai --isUtc
22 user --name=linuxprobe --password=$6$a9v3InSTNbweIR7D$JegfYWbCdoOokj9sodEccdO.zL F4oSH2AZ2ss2R05B6Lz2A0v2K.RjwsBALL2FeKQVgf640oa/tok6J.7GUtO/ --iscrypted --gecos ="linuxprobe"
23 # X Window System configuration information
24 xconfig --startxonboot
25 # System bootloader configuration
26 bootloader --location=mbr --boot-drive=sda
27 autopart --type=lvm
28 # Partition clearing information
29 clearpart --all --initlabel
30
31 %packages
32 @base
33 @core
34 @desktop-debugging
35 @dial-up
36 @fonts
37 @gnome-desktop
38 @guest-agents
39 @guest-desktop-agents
40 @input-methods
41 @internet-browser
42 @multimedia
43 @print-client
44 @x11
45
46 %end
If you feel that the system's default answer file has fewer parameters and cannot meet the needs of the production environment, you can install the system-config-kickstart package through the Yum software repository. This is a graphical Kickstart answer file generation tool. You can generate a customized answer file according to your needs, and then put the generated file in the / var / ftp / pub directory and modify the name to ks.cfg. .
19.3 Automatic client deployment
After successfully deploying various related service programs according to the method explained above, you can use PXE + Kickstart to install the system unattended. When using the following steps to create a virtual host, be sure to set the client's network card mode to the "host-only mode" consistent with the server, otherwise the two devices cannot communicate, not to mention the automatic installation of the system. The remaining hardware configuration options are not mandatory, you can refer to the configuration options here to set.
Step 1 : Open the "New Virtual Machine Wizard" program, select the "Typical (recommended)" configuration type, and then click the "Next" button, as shown in Figure 19-5.
Figure 19-5 Select the configuration type of the virtual machine
Step 2 : Set the installation source of the virtual machine operating system to "Install the operating system later". The purpose of this is to allow the virtual machine to actually obtain the system installation image from the network, and also to avoid the VMware Workstation virtual machine software to install the system by itself according to the built-in method. Click the "Next" button, as shown in Figure 19-6.
Figure 19-6 Setting the installation source of the virtual machine operating system
Step 3 : Set the "guest operating system" to "Red Hat Enterprise Linux 7 64-bit", and then click the "Next" button, as shown in Figure 19-7.
Figure 19-7 Selecting the operating system of the client host
Step 4 : Name the virtual machine and set the installation location. You can define the name of the virtual machine, and choose a partition with a large disk space as much as possible. Then click the "Next" button, as shown in Figure 19-8.
Figure 19-8 Name the virtual machine and set the installation location of the virtual machine
Step 5 : Specify the disk capacity. Here, the "maximum disk size" is set to 20GB, which refers to the maximum upper limit that the virtual machine system can use, rather than being filled up immediately, so it does not matter if it is set slightly larger. Then click the "Next" button, as shown in Figure 19-9.
Figure 19-9 Specifying the disk capacity as 20GB
Step 6 : After finishing the "New Virtual Machine Wizard", don't rush to open the virtual machine system. You also need to click the "Customize Hardware" button in Figure 19-10. In the pop-up interface shown in Figure 19-11, the "Network Adapter" device is also set to "Host Only Mode" Very important), and then click the "OK" button.
Figure 19-10 Click the "Customize Hardware" button of the virtual machine
Figure 19-11 Setting the virtual machine network adapter device to host-only mode
Now, we have prepared PXE + Kickstart unattended installation system and virtual host at the same time. In a production environment, you only need to put the properly configured server on the shelf, connect the network cable between the server and the client host, and then start the client host. Next, as shown in Figure 19-12 and Figure 19-13, the transfer of the CD image file and automatic installation will begin-no manual intervention is required during this period, and the operation and maintenance personnel will not need to perform simple initialization until the installation is complete.
Figure 19-12 Automatically transferring CD image files and installing the system
Figure 19-13 Automatic installation system without manual intervention
It can be seen that when hundreds of servers are required to install systems in batches in the production environment, the convenience of using unattended installation systems is self-evident.