PXE远程装机服务批量部署LINUX系统

# mkdir /mnt/cdrom
# mount /dev/sr0 /mnt/cdrom/    # 挂载Centos7光盘
# yum -y install vsftpd    # 安装ftp服务
# vim /etc/vsftpd/vsftpd.conf    # 修改ftp配置文件，添加下面三行到connect_from_port_20=YES后面
pasv_enable=YES    # 使用被动模式
pasv_min_port=3001    # 设定被动模式监听端口号范围
pasv_max_port=3100    # 设定被动模式监听端口号范围
# systemctl start vsftpd.service    # 启动vsftp服务
# mkdir /var/ftp/yum    # ftp目录下创建yum目录
# cp -rf /mnt/cdrom/* /var/ftp/yum    # 将光盘的所有内容复制到yum目录下作为yum源
# mkdir /etc/yum.repos.d/old
# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/old    # 移动备份下现有的yum源配置文件
# vim /etc/yum.repos.d/CentOS-cr.repo    # 创建一个新的yum源配置文件，内容如下：
[cr]
name=CentOS-$releasever - cr
baseurl=ftp://192.168.8.10/yum
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1
# yum clean all
# yum makecache

# yum -y install dhcp
# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcp.conf    # 通过帮助模板创建DHCP配置文件
# vim /etc/dhcp/dhcpd.conf    # 修改DHCP配置文件
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.8.0 netmask 255.255.255.0 {
range 192.168.8.100 192.168.8.200;
option routers 192.168.8.2;
option broadcast-address 192.168.8.255;
default-lease-time 600;
max-lease-time 7200;
next-server 192.168.8.10;    # 指定PXE引导服务器
filename "pxelinux.0";    # 指定引导文件
}
# systemctl start dhcpd.service    # 启动DHCP服务

# yum -y install tftp-server
# yum -y install syslinux
# vim /etc/xinetd.d/tftp    # 开启tftp服务，因为tftp是xinetd控制的，所以要修改相关配置文件后重启xinetd服务
disable= no    # 把yes改成no代表开启tftp服务
# systemctl start xinetd.service
# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
# cp /var/ftp/yum/isolinux/{vmlinuz,initrd.img，vesamenu.c32，boot.msg} /var/lib/tftpboot/
# mkdir /var/lib/tftpboot/pxelinux.cfg
# cp /var/ftp/yum/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default    # 复制并重命名为default
# vim /var/lib/tftpboot/pxelinux.cfg/default    # 修改default文件，添加下面的内容，注意：记得同时删除后面原有的menu default
label centos7
menu label ^Install CentOS 7 Li networkserver
menu default
kernel vmlinuz
append initrd=initrd.img inst.stage2=ftp://192.168.8.10/yum inst.ks=ftp://192.168.8.10/ks.cfg quiet    # 指定安装系统软件时的软件地址，和安装系统的配置文件

# yum -y install system-config-kickstart
# system-config-kickstart    # 进入图形化配置生成界面，配置完成后将文件保存在上面指定的位置，即：/var/ftp/ks.cfg

# vim /var/ftp/ks.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'# Reboot after installation
reboot
# Root password
rootpw --iscrypted $1$uP/6KVVM$domD73qgFbtoo5.Udls1V.
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="ftp://192.168.8.10/yum"
# System language
lang en_US
# Firewall configuration
firewall --enabled --ssh
# Network information
network  --bootproto=dhcp --device=eth0
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use graphical install
graphical
# Run the Setup Agent on first boot
firstboot --enable
# SELinux configuration
selinux --enforcing
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype="ext4" --size=1024
part /home --fstype="ext4" --size=4096
part swap --fstype="swap" --size=2048
part / --fstype="ext4" --size=10240
%packages    # 这一段是将要安装的软件包组
@base
@core
@desktop-debugging
@dial-up
@directory-client
@fonts
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@java-platform
@multimedia
@network-file-system-client
@networkmanager-submodules
@print-client
@x11
kexec-tools
%end
%post --interpreter=/bin/bash    # 这一段是需要部署完成后运行的脚本，非必须，下面两个脚本分别是我加的配置yum源和更新ssh
mkdir /etc/yum/old
cp -rf /etc/yum.repos.d/* /etc/yum/old
rm -rf /etc/yum.repos.d/*
echo '# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=ftp://192.168.8.10/yum
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
gpgcheck=1
enabled=1
' >/etc/yum.repos.d/CentOS7.repo
wget ftp://192.168.8.10/pub/openssh-7.6p1.tar.gz tar -xf openssh-7.6p1.tar.gz
cd openssh-7.6p1
yum -y install gcc
yum install -y zlib-devel
yum -y install openssl-devel
./configure --prefix=/usr --sysconfdir=/etc/ssh
make
rpm -e --nodeps `rpm -qa | grep openssh`
cp -rf /etc/ssh ./ssh.bak
rm -rf /etc/ssh/*
make install
echo "#$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile.ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystemsftp/usr/libexec/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
#X11Forwarding no
#AllowTcpForwarding no
#PermitTTY no
#ForceCommand cvs server
">/etc/ssh/sshd_config
cp /openssh-7.6p1/contrib/redhat/sshd.init /etc/init.d/sshd
setenforce 0
chkconfig --add sshd
systemctl start sshd.service
%end

# firewall-cmd --permanent --add-service=ftp    # 防火墙开启ftp服务（tcp21）
# firewall-cmd --permanent --add-service=dhcp    # 防火墙开启DHCP服务（udp67）
# firewall-cmd --permanent --add-port=69/udp    # 防火墙开启tftp服务（udp69）
# firewall-cmd --permanent --add-port=3001-3100/tcp    # 防火墙开启ftp被动监听的端口段
# systemctl restart firewalld.service    # 重启防火墙使配置生效，或者firewall-cmd--reload