PXE Remote machine service for batch deployment of Linux systems

First, build FTP service and configure the local Yum source of ftp:

# mkdir /mnt/cdrom# mount /dev/sr0 /mnt/cdrom/    #  Mount the CENTOS7 CD # yum -y install vsftpd    #  install the FTP service # vim / etc/vsftpd/vsftpd.conf    #  Modify the FTP configuration file, add the following three lines to Connect_from_port_20=yes back  pasv_ enable=yes    #  using passive mode  pasv_min_port=3001    #  Set Passive mode listening port number range  pasv_max_port=3100    #  Set passive mode listening port number range # systemctl start  vsftpd.service    #  Start vsftp Service # mkdir /var/ftp/yum    Create yum directory under  # ftp directory # cp -rf /mnt/cdrom/* /var/ftp/yum    #   Copy all the contents of the disc into the Yum directory as a yum source # mkdir /etc/yum.repos.d/old# mv /etc/yum.repos.d/*.repo  /etc/yum.repos.d/old    #  Mobile Backup Under existing Yum source configuration file # vim /etc/yum.repos.d/ centos-cr.repo    #  Create aA new Yum source configuration file with the following contents: [cr]name=centos-$releasever  - crbaseurl=ftp://192.168.8.10/yumgpgcheck=1gpgkey=file :///etc/pki/rpm-gpg/rpm-gpg-key-centos-7enabled=1# yum clean all# yum makecache

Second, the construction of DHCP services:

# yum-y Install dhcp# cp/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example/etc/dhcp/dhcp.conf # Create a DHCP profile from the Help template # Vim/etc /dhcp/dhcpd.conf # Modify DHCP configuration file Default-lease-time 600;max-lease-time 7200;log-facility local7;subnet 192.168.8.0  netmask 255.255.255.0 {range 192.168.8.100 192.168.8.200;  Option routers 192.168.8.2;  Option broadcast-address 192.168.8.255;  Default-lease-time 600;  Max-lease-time 7200;    Next-server 192.168.8.10;    # Specify the PXE boot server filename "pxelinux.0"; # Specify boot file}# systemctl start dhcpd.service # start DHCP service

Third, build TFTP service and Syslinux:

# yum -y install tftp-server# yum -y install syslinux# vim / etc/xinetd.d/tftp    #  Open the TFTP service because TFTP is xinetd controlled, so to modify the relevant configuration file after restarting the XINETD service    disable= no    #  change Yes to no means to open the TFTP service # systemctl start  Xinetd.service# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/# cp /var/ftp/yum /isolinux/{vmlinuz,initrd.img,vesamenu.c32,boot.msg} /var/lib/tftpboot/# mkdir /var/lib/ tftpboot/pxelinux.cfg# cp /var/ftp/yum/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/ default    #  copy and rename to Default# vim /var/lib/tftpboot/pxelinux.cfg/default     #  Modify the default file, add the following content, note: Remember to delete the original menu default  label  Centos7  menu label ^install centos 7 li networkserver  menu  default  kernel vmlinuz  append initrd=initrd.img inst.stage2=ftp://192.168.8.10/yum inst.ks=ftp:// 192.168.8.10/ks.cfg quiet    #  Specifies the software address when installing the system software, and the configuration file for installing the system

Iv. Install the System-config-kickstart and configure the configuration file specified above to generate:

# yum-y Install system-config-kickstart# System-config-kickstart # Enter the graphical configuration build interface and save the file in the location specified above when configured, namely:/var/ftp/ks.cfg

Of course, this configuration file can also be edited manually:

# vim /var/ftp/ks.cfg     #platform =x86, amd64, or intel  em64t     #version =devel    # install os instead of  upgrade    install    # Keyboard layouts     keyboard  ' Us ' # reboot after installation    reboot     # root password    rootpw --iscrypted $1$up/6kvvm$ Domd73qgfbtoo5.udls1v.    # system timezone    timezone  Asia/Shanghai    # Use network installation     Url --url= "Ftp://192.168.8.10/yum"     # System language     lang en_US    # Firewall configuration     Firewall --enabled --ssh    # network information    network  --bootproto= dhcp --device=eth0    # system authorization information     auth  --useshadow  --passalgo=sha512    # Use  Graphical install    graphical    # run the setup  Agent on first boot    firstboot --enable     # SELinux configuration    selinux --enforcing     # system bootloader configuration    bootloader --location=mbr     # clear the master boot record    zerombr     # Partition clearing information    clearpart  --all --initlabel &Nbsp;   # disk partitioning information    part /boot  --fstype= "Ext4"  --size=1024    part /home --fstype= "Ext4"  --size =4096    part swap --fstype= "Swap"  --size=2048    part  / --fstype= "Ext4"  --size=10240    %packages    #  This section is the package group that will be installed      @base      @core     @ desktop-debugging     @dial-up     @directory-client      @fonts      @gnome-desktop     @guest-agents      @guest-desktop-agents     @input-methods     @internet-browser      @java-platform     @multimedia     @ network-file-system-client    @networkmanager-submodules     @print-client     @x11      kexec-tools    %end    %post --interpreter=/bin/bash     #  This section is the script that needs to be run after the deployment is complete, not required, the following two scripts are my plus config yum source and update ssh    mkdir /etc/ Yum/old    cp -rf /etc/yum.repos.d/* /etc/yum/old    rm  -rf /etc/yum.repos.d/*    echo  ' # centos-base.repo     #    # the mirror system uses the connecting ip  address of the client and the    # update status  of each mirror to pick mirrors that are updated to and     # geographically close to the client.  You  Should use&nbsP;this for centos updates    # unless you are manually  picking other mirrors.    #    # if the  mirrorlist= does not work for you, as a fall back you  can try the     # remarked out baseurl= line  instead.    #    #          [base]    name=centos-$releasever  - Base -  mirrors.aliyun.com    failovermethod=priority    baseurl=ftp:// 192.168.8.10/yum    gpgkey=file:///etc/pki/rpm-gpg/rpm-gpg-key-centos-7     gpgcheck=1    enabled=1     '  >/etc/yum.repos.d/ centos7.repo    wget ftp://192.168.8.10/pub/openssh-7.6p1.tar.gz    tar -xf openssh-7.6p1.tar.gz     cd openssh-7.6p1    yum -y install gcc     yum install -y zlib-devel    yum -y install  openssl-devel    ./configure --prefix=/usr --sysconfdir=/etc/ssh     make    rpm -e --nodeps  ' rpm -qa | grep  OpenSSH '     CP -RF /ETC/SSH ./SSH.BAK    RM -RF  /etc/ssh/*    make install    echo  "# $OpenBSD:  sshd_config,v 1.101 2017/03/14 07:19:07 djm exp $    #  This is the sshd server system-wide configuration file.  see     # sshd_config (5)  for more information.    # this sshd was compiled  with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin    # The  Strategy used for options in the default sshd_config shipped with     # OpenSSH is to specify options with their  default value where    # possible, but leave them  Commented.  uncommented options override the    # default  value.     #Port  22     #AddressFamily  any      #ListenAddress  0.0.0.0     #ListenAddress  ::    # hostkey /etc/ssh/ssh_host_rsa_key     #HostKey  /etc/ssh/ssh_host_dsa_key      #HostKey  /etc/ssh/ssh_host_ecdsa_key     #HostKey  /etc/ssh/ssh_host_ed25519_key     # Ciphers and keying     #RekeyLimit  default none     # Logging     #SyslogFacility  AUTH      #LogLevel  INFO    # Authentication:     #LoginGraceTime  2m    PermitRootLogin yes     #StrictModes  yes      #MaxAuthTries  6     #MaxSessions  10    # pubkeyauthentication yes    # the default is to check  Both .ssh/authorized_keys and .ssh/authorized_keys2    # but this  is overridden so installations will only check .ssh/authorized_keys     authorizedkeysfile.ssh/authorized_keys     #AuthorizedPrincipalsFile  none      #AuthorizedKeysCommand  none     #AuthorizedKeysCommandUser  nobody     # for this to work you will also need host  keys in /etc/ssh/ssh_known_hosts     #HostbasedAuthentication  no     # change to yes if you don ' T trust ~/.ssh/known_ hosts for    # hostbasedauthentication    # Ignoreuserknownhosts no    # don ' T read the user ' s ~/.rhosts  and ~/.shosts files     #IgnoreRhosts  yes    #  to disable tunneled clear text passwords, change to no here !     #PasswordAuthentication yes     #PermitEmptyPasswords  no    # change to  no to disable s/key passwords    # challengeresponseauthentication yes    # kerberos options      #KerberosAuthentication  no     #KerberosOrLocalPasswd  yes      #KerberosTicketCleanup  yes     #KerberosGetAFSToken  no     # GSSAPI options     #GSSAPIAuthentication  no    # gssapicleanupcredentials yes    # set this to  ' yes '  to  enable pam authentication, account processing,    # and  session processing. if this is enabled, pam authentication will     # be allowed through the challengeresponseauthentication and    #  passwordauthentication.  depending on your pam configuration,     # PAM authentication via ChallengeResponseAuthentication may bypass     # the setting of  "Permitrootlogin without-password" .     # If you just want the PAM account and session  checks to run without    # pam authentication, then  enable this but set passwordauthentication    # and  challengeresponseauthentication to  ' no ' .     #UsePAM  no      #AllowAgentForwarding  yes     #AllowTcpForwarding  yes      #GatewayPorts  no     #X11forwarding yes     #X11DisplayOffset  10     #X11UseLocalhost  yes     #PermitTTY  yes     #PrintMotd  yes      #PrintLastLog  yes     #TCPKeepAlive  yes    # uselogin no     #PermitUserEnvironment  no     #Compression  delayed     #ClientAliveInterval  0     #ClientAliveCountMax  3     #UseDNS  no     #PidFile  /var/run/sshd.pid      #MaxStartups  10:30:100     #PermitTunnel  no      #ChrootDirectory  none     #VersionAddendum  none    #  no default banner path     #Banner  none    #  override default of no subsystems    subsystemsftp/usr/libexec/sftp-server    #  Example of overriding settings on a per-user basis      #Match  User anoncvs     #X11Forwarding  no    # allowtcpforwarding no     #PermitTTY  no     #ForceCommand  cvs server     ">/etc/ssh/sshd_config    cp / openssh-7.6p1/contrib/redhat/sshd.init /etc/init.d/sshd    setenforce 0     chkconfig --add sshd    systemctl start sshd.service     %end

V. Configure firewalls, open related services and ports:

# firewall-cmd--permanent--add-service=ftp # Firewall Open FTP Service (TCP21) # firewall-cmd--permanent--add-service=dhcp # Firewall on Start DHCP service (UDP67) # firewall-cmd--permanent--add-port=69/udp # Firewall on TFTP service (udp69) # Firewall-cmd--permanent--add-port=3 001-3100/TCP # Firewall on FTP passive listening Port segment # systemctl Restart Firewalld.service # Restart the firewall for configuration to take effect, or firewall-cmd--reload

Six, test:

As long as the host to install the system and this server in a network segment or other network segment can be obtained by DHCP relay address can be installed automatically

PXE Remote machine service for batch deployment of Linux systems