First, build FTP service and configure the local Yum source of ftp:
# mkdir /mnt/cdrom# mount /dev/sr0 /mnt/cdrom/ # Mount the CENTOS7 CD # yum -y install vsftpd # install the FTP service # vim / etc/vsftpd/vsftpd.conf # Modify the FTP configuration file, add the following three lines to Connect_from_port_20=yes back pasv_ enable=yes # using passive mode pasv_min_port=3001 # Set Passive mode listening port number range pasv_max_port=3100 # Set passive mode listening port number range # systemctl start vsftpd.service # Start vsftp Service # mkdir /var/ftp/yum Create yum directory under # ftp directory # cp -rf /mnt/cdrom/* /var/ftp/yum # Copy all the contents of the disc into the Yum directory as a yum source # mkdir /etc/yum.repos.d/old# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/old # Mobile Backup Under existing Yum source configuration file # vim /etc/yum.repos.d/ centos-cr.repo # Create aA new Yum source configuration file with the following contents: [cr]name=centos-$releasever - crbaseurl=ftp://192.168.8.10/yumgpgcheck=1gpgkey=file :///etc/pki/rpm-gpg/rpm-gpg-key-centos-7enabled=1# yum clean all# yum makecache
Second, the construction of DHCP services:
# yum-y Install dhcp# cp/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example/etc/dhcp/dhcp.conf # Create a DHCP profile from the Help template # Vim/etc /dhcp/dhcpd.conf # Modify DHCP configuration file Default-lease-time 600;max-lease-time 7200;log-facility local7;subnet 192.168.8.0 netmask 255.255.255.0 {range 192.168.8.100 192.168.8.200; Option routers 192.168.8.2; Option broadcast-address 192.168.8.255; Default-lease-time 600; Max-lease-time 7200; Next-server 192.168.8.10; # Specify the PXE boot server filename "pxelinux.0"; # Specify boot file}# systemctl start dhcpd.service # start DHCP service
Third, build TFTP service and Syslinux:
# yum -y install tftp-server# yum -y install syslinux# vim / etc/xinetd.d/tftp # Open the TFTP service because TFTP is xinetd controlled, so to modify the relevant configuration file after restarting the XINETD service disable= no # change Yes to no means to open the TFTP service # systemctl start Xinetd.service# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/# cp /var/ftp/yum /isolinux/{vmlinuz,initrd.img,vesamenu.c32,boot.msg} /var/lib/tftpboot/# mkdir /var/lib/ tftpboot/pxelinux.cfg# cp /var/ftp/yum/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/ default # copy and rename to Default# vim /var/lib/tftpboot/pxelinux.cfg/default # Modify the default file, add the following content, note: Remember to delete the original menu default label Centos7 menu label ^install centos 7 li networkserver menu default kernel vmlinuz append initrd=initrd.img inst.stage2=ftp://192.168.8.10/yum inst.ks=ftp:// 192.168.8.10/ks.cfg quiet # Specifies the software address when installing the system software, and the configuration file for installing the system
Iv. Install the System-config-kickstart and configure the configuration file specified above to generate:
# yum-y Install system-config-kickstart# System-config-kickstart # Enter the graphical configuration build interface and save the file in the location specified above when configured, namely:/var/ftp/ks.cfg
Of course, this configuration file can also be edited manually:
# vim /var/ftp/ks.cfg #platform =x86, amd64, or intel em64t #version =devel # install os instead of upgrade install # Keyboard layouts keyboard ' Us ' # reboot after installation reboot # root password rootpw --iscrypted $1$up/6kvvm$ Domd73qgfbtoo5.udls1v. # system timezone timezone Asia/Shanghai # Use network installation Url --url= "Ftp://192.168.8.10/yum" # System language lang en_US # Firewall configuration Firewall --enabled --ssh # network information network --bootproto= dhcp --device=eth0 # system authorization information auth --useshadow --passalgo=sha512 # Use Graphical install graphical # run the setup Agent on first boot firstboot --enable # SELinux configuration selinux --enforcing # system bootloader configuration bootloader --location=mbr # clear the master boot record zerombr # Partition clearing information clearpart --all --initlabel &Nbsp; # disk partitioning information part /boot --fstype= "Ext4" --size=1024 part /home --fstype= "Ext4" --size =4096 part swap --fstype= "Swap" --size=2048 part / --fstype= "Ext4" --size=10240 %packages # This section is the package group that will be installed @base @core @ desktop-debugging @dial-up @directory-client @fonts @gnome-desktop @guest-agents @guest-desktop-agents @input-methods @internet-browser @java-platform @multimedia @ network-file-system-client @networkmanager-submodules @print-client @x11 kexec-tools %end %post --interpreter=/bin/bash # This section is the script that needs to be run after the deployment is complete, not required, the following two scripts are my plus config yum source and update ssh mkdir /etc/ Yum/old cp -rf /etc/yum.repos.d/* /etc/yum/old rm -rf /etc/yum.repos.d/* echo ' # centos-base.repo # # the mirror system uses the connecting ip address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You Should use&nbsP;this for centos updates # unless you are manually picking other mirrors. # # if the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # [base] name=centos-$releasever - Base - mirrors.aliyun.com failovermethod=priority baseurl=ftp:// 192.168.8.10/yum gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-7 gpgcheck=1 enabled=1 ' >/etc/yum.repos.d/ centos7.repo wget ftp://192.168.8.10/pub/openssh-7.6p1.tar.gz tar -xf openssh-7.6p1.tar.gz cd openssh-7.6p1 yum -y install gcc yum install -y zlib-devel yum -y install openssl-devel ./configure --prefix=/usr --sysconfdir=/etc/ssh make rpm -e --nodeps ' rpm -qa | grep OpenSSH '     CP -RF /ETC/SSH ./SSH.BAK    RM -RF /etc/ssh/* make install echo "# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm exp $ # This is the sshd server system-wide configuration file. see # sshd_config (5) for more information. # this sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin # The Strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them Commented. uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # hostkey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 # pubkeyauthentication yes # the default is to check Both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys authorizedkeysfile.ssh/authorized_keys #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # for this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # change to yes if you don ' T trust ~/.ssh/known_ hosts for # hostbasedauthentication # Ignoreuserknownhosts no # don ' T read the user ' s ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # to disable tunneled clear text passwords, change to no here ! #PasswordAuthentication yes #PermitEmptyPasswords no # change to no to disable s/key passwords # challengeresponseauthentication yes # kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no # gssapicleanupcredentials yes # set this to ' yes ' to enable pam authentication, account processing, # and session processing. if this is enabled, pam authentication will # be allowed through the challengeresponseauthentication and # passwordauthentication. depending on your pam configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "Permitrootlogin without-password" . # If you just want the PAM account and session checks to run without # pam authentication, then enable this but set passwordauthentication # and challengeresponseauthentication to ' no ' . #UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes # uselogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # override default of no subsystems subsystemsftp/usr/libexec/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs #X11Forwarding no # allowtcpforwarding no #PermitTTY no #ForceCommand cvs server ">/etc/ssh/sshd_config cp / openssh-7.6p1/contrib/redhat/sshd.init /etc/init.d/sshd setenforce 0 chkconfig --add sshd systemctl start sshd.service %end
V. Configure firewalls, open related services and ports:
# firewall-cmd--permanent--add-service=ftp # Firewall Open FTP Service (TCP21) # firewall-cmd--permanent--add-service=dhcp # Firewall on Start DHCP service (UDP67) # firewall-cmd--permanent--add-port=69/udp # Firewall on TFTP service (udp69) # Firewall-cmd--permanent--add-port=3 001-3100/TCP # Firewall on FTP passive listening Port segment # systemctl Restart Firewalld.service # Restart the firewall for configuration to take effect, or firewall-cmd--reload
Six, test:
As long as the host to install the system and this server in a network segment or other network segment can be obtained by DHCP relay address can be installed automatically
PXE Remote machine service for batch deployment of Linux systems