Nginx DHCP TFTP Kickstart搭建自动安装系统

之前使用 Cobbler 搭建自动安装系统，最近 Cobbler 网站 http://www.cobblerd.org/ 无法访问，执行命令 cobbler get-loaders 下载获取PXE启

之前使用 Cobbler 搭建自动安装系统，最近 Cobbler 网站 http://www.cobblerd.org/ 无法访问，执行命令 cobbler get-loaders 下载获取PXE启动需要的文件时报404，即使下载成功，所有文件都为0字节，导致服务器安装系统自动获取到 IP 地址后卡住。不得已自己想办法解决，重新用 Nginx DHCP TFTP Kickstart 搭建了一套自动安装系统。Nginx 安装和配置都挺简单，代替了 Cobbler 中使用的 Apache。

虚拟环境

网段：192.168.200.0掩码：255.255.255.0网关：192.168.200.2自动安装系统地址：192.168.200.10DHCP分配地址范围：192.168.200.11 - 192.168.200.254

一、安装配置 Nginx

• 编译安装 Nginx：

cd /App/srcwget http://nginx.org/download/nginx-1.8.0.tar.gztar zxf nginx-1.8.0.tar.gzcd nginx-1.8.0./configure /--prefix=/App/nginx /--without-http_access_module /--without-http_auth_basic_module /--without-http_browser_module /--without-http_empty_gif_module /--without-http_fastcgi_module /--without-http_geo_module /--without-http_limit_conn_module /--without-http_limit_req_module /--without-http_map_module /--without-http_memcached_module /--without-http_proxy_module /--without-http_referer_module /--without-http_rewrite_module /--without-http_scgi_module /--without-http_split_clients_module /--without-http_ssi_module /--without-http_upstream_hash_module /--without-http_upstream_ip_hash_module /--without-http_upstream_keepalive_module /--without-http_upstream_least_conn_module /--without-http_userid_module /--without-http_uwsgi_module /--without-mail_imap_module /--without-mail_pop3_module /--without-mail_smtp_module /--without-pcre /--without-poll_module /--without-select_modulemake && make install

• 修改 Nginx 配置文件 /App/nginx/conf/nginx.conf：

user  nginx nginx;worker_processes  auto;error_log  logs/error.log error;pid        logs/nginx.pid;worker_rlimit_nofile    65536;events{    use epoll;    accept_mutex off;    worker_connections  65536;}http{    include       mime.types;    default_type  text/html;    charset	UTF-8;    server_names_hash_bucket_size	128;    client_header_buffer_size		4k;    large_client_header_buffers	 4	32k;    client_max_body_size            8m;    open_file_cache max=65536  inactive=60s;    open_file_cache_valid      80s;    open_file_cache_min_uses   1;    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                      '$status $body_bytes_sent "$http_referer" '                      '"$http_user_agent" "$http_x_forwarded_for"';    access_log  logs/access.log  main;    sendfile    on;    server_tokens off;    keepalive_timeout  60;    gzip  on;    gzip_min_length	1k;    gzip_buffers  4	64k;    gzip_http_version	1.1;    gzip_comp_level	2;    gzip_types text/plain text/css application/json application/javascript application/xml;    server    {        listen       80;        server_name  localhost;        index        index.html;        root         /App/web;        autoindex    on;    }}

• 新建 Nginx 运行账号和 Web 目录：

useradd -s /bin/false -M nginxmkdir -p /App/web

• 下载 CentOS 镜像 iso 文件并导入Web目录：

cd /App/srcwget http://mirrors.aliyun.com/centos/6.6/isos/x86_64/CentOS-6.6-x86_64-bin-DVD1.isomount -o loop CentOS-6.6-x86_64-bin-DVD1.iso /mntrsync -avP /mnt/ /App/web/CentOS-6.6-x86_64

• 启动 Nginx：

/App/nginx/sbin/nginx

二、安装配置 DHCP

• Yum 安装 dhcp 服务端：

yum -y install dhcp

• 修改配置 dhcp 文件 /etc/dhcp/dhcpd.conf：

allow booting;allow bootp;subnet 192.168.200.0 netmask 255.255.255.0 {     option routers             192.168.200.2;     option domain-name-servers 223.5.5.5,223.6.6.6;     option subnet-mask         255.255.255.0;     range dynamic-bootp        192.168.200.11 192.168.200.254;     filename                   "/pxelinux.0";     default-lease-time         21600;     max-lease-time             43200;     next-server                192.168.200.10;}

• 启动 dhcp 服务：

/etc/init.d/dhcpd start

三、安装配置 TFTP

• Yum 安装 tftp 服务端：

yum -y install tftp-server

• 修改 tftp 配置并启动 xinetd 服务：

sed -i '/disable/s/yes/no/' /etc/xinetd.d/tftp/etc/init.d/xinetd start

• Yum 安装 syslinux 引导加载程序，拷贝相关文件至 tftp 根目录：

yum -y install syslinuxcp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/cd /App/web/CentOS-6.6-x86_64/isolinux/cp vesamenu.c32 boot.msg splash.jpg vmlinuz initrd.img  memtest /var/lib/tftpboot/mkdir -p /var/lib/tftpboot/pxelinux.cfgcp isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default

• 修改启动菜单 /var/lib/tftpboot/pxelinux.cfg/default，特别注意 menu default 这个配置决定了默认启动哪个选项，如果是 label linux 下，服务器一旦重启将删除所有分区并格式化，非常危险，一定要修改此项。

default vesamenu.c32prompt 0timeout 60display boot.msgmenu background splash.jpgmenu title Welcome to CentOS 6.6!menu color border 0 #ffffffff #00000000menu color sel 7 #ffffffff #ff000000menu color title 0 #ffffffff #00000000menu color tabmsg 0 #ffffffff #00000000menu color unsel 0 #ffffffff #00000000menu color hotsel 0 #ff000000 #ffffffffmenu color hotkey 7 #ffffffff #ff000000menu color scrollbar 0 #ffffffff #00000000label linux  menu label ^Install or upgrade an existing system  kernel vmlinuz  append initrd=initrd.img ks=http://192.168.200.10/CentOS-6.6-x86_64/ks.cfg ksdevice=em1 label vesa  menu label Install system with ^basic video driver  kernel vmlinuz  append initrd=initrd.img xdriver=vesa nomodesetlabel rescue  menu label ^Rescue installed system  kernel vmlinuz  append initrd=initrd.img rescuelabel local  menu label Boot from ^local drive  menu default  localboot 0xfffflabel memtest86  menu label ^Memory test  kernel memtest  append -

四、添加 Kickstart 配置

• Web目录中添加 kickstart 配置文件 /App/web/CentOS-6.6-x86_64/ks.cfg:

installkeyboard uslang zh_CNurl --url=http://192.168.200.10/CentOS-6.6-x86_64/network --onboot yes --device eth0 --bootproto dhcp --noipv6rootpw  --iscrypted $6$y0UTGMGnCEgUJmUB$IPcaQ8ipx24V8lAq.XepGoilvjXM9kFs5YrivQQoejYmLOmeVXSeM6IvzxtdsUJ0CFuTMzANEmlj5FOluuwy40auth --useshadow --passalgo=sha512rebootfirewall --disabledfirstboot --disableselinux --disabledlogging --level=infotimezone  Asia/Shanghaibootloader --location=mbrzerombr yesclearpart --all --initlabelpart /boot --fstype ext4 --size=200part swap --size=2048part / --fstype ext4 --size=200 --grow%packages@chinese-support@core@server-policy@workstation-policy%end%postServiceList=`chkconfig --list | grep '0' | awk '{print $1}' | grep -Ev 'sshd|network|crond|syslog'`for Service in $ServiceListdo/etc/init.d/$Service stopchkconfig --level 0123456 $Service offdonecat >> /etc/sysctl.conf << EOFvm.swappiness = 0net.core.rmem_default = 262144net.core.rmem_max = 16777216net.core.wmem_default = 262144net.core.wmem_max = 16777216net.core.somaxconn = 262144net.core.netdev_max_backlog = 262144net.ipv4.tcp_max_orphans = 262144net.ipv4.tcp_max_syn_backlog = 262144net.ipv4.tcp_max_tw_buckets = 10000net.ipv4.ip_local_port_range = 1024 65500net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_syncookies = 1net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_syn_retries = 1net.ipv4.tcp_fin_timeout = 30net.ipv4.tcp_keepalive_time = 1200net.ipv4.tcp_mem = 786432 1048576 1572864fs.aio-max-nr = 1048576fs.file-max = 6815744kernel.sem = 250 32000 100 128fs.inotify.max_user_watches = 1048576EOFsysctl -pcat >> /etc/security/limits.conf << EOF* - nofile 1048576* - nproc  65536* - stack  1024EOFcat >> /etc/profile << EOFulimit -n 1048576ulimit -u 65536ulimit -s 1024alias grep='grep --color=auto'export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "EOFsed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/configsetenforce 0sed -i 's/.*UseDNS yes/UseDNS no/' /etc/ssh/sshd_configsed -i 's/.*GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config/etc/init.d/sshd restartcat >> $HOME/.bash_profile << EOFexport PATH=/App/script:/$PATHEOFmkdir -p /App/script /App/srcmount --bind /dev/shm /tmpecho "/bin/mount --bind /dev/shm /tmp" >> /etc/rc.local

五、检查相关服务监听端口

http：80、dhcp：67、tftp：69:

netstat -tunlp | grep -E '(0.0.0.0:80|0.0.0.0:67|0.0.0.0:69)'

如下图说明各服务已监听：