Debian8系统批量网络安装PEX+TFTP+DHCP+APACHE配置说明

组件说明

DHCP：为将要安装系统的机器分配IP，以便通过网络获取启动镜像。
TFTP：为机器提供引导映像
APACHE：提供系统镜像DVD/CD安装文件、自动安装脚本文件
PXE：开机引导

安装DHCP

# apt-get install isc-dhcp-server

配置DHCPv4，指定获取文件路径和服务器地址

# vim /etc/dhcp/dhcpd.conf

subnet 192.168.1.0 netmask 255.255.255.0 {
	range 192.168.1.2 192.168.1.10;
	option routers 192.168.1.253;
	option domain-name-servers 192.168.1.1;
	option subnet-mask 255.255.255.0;
	option broadcast-address 192.168.1.255;
	next-server 192.168.1.1;
	filename "pxelinux.0";
	server-name "192.168.1.1";
}

# /etc/init.d/isc-dhcp-server restart

安装TFTP

# apt-get install tftpd-hpa

配置TFTP

# vim /etc/default/tftpd-hpa

TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure"

安装apache2

# apt-get install apache2

# vim /etc/apache2/sites-enabled/000-default.conf
DocumentRoot /var/www

新建文件夹及配置权限

# mkdir -p /var/www/debian   # 用于挂载debian镜像DVD/CD安装文件
# mkdir -p /var/www/pxe      # 用于存放自动安装脚本文件
# mount -t iso9660 -o loop /root/debian-8.5.0-amd64-CD-1.iso /var/www/debian

配置PXE开机引导

# 根据要安装的系统选择相应的版本类型，这里以AMD64位为例。
# cd /srv/tftp/
# wget http://ftp.cn.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/netboot.tar.gz
# gunzip netboot.tar.gz
# tar -xvf netboot.tar

编辑开机引导文件

# vim /srv/tftp/pxelinux.cfg/default

# D-I config version 2.0
# search path for the c32 support libraries (libcom32, libutil etc.)
path debian-installer/amd64/boot-screens/
include debian-installer/amd64/boot-screens/menu.cfg
default debian-installer/amd64/boot-screens/vesamenu.c32
prompt 1
timeout 5
DEFAULT jessie_amd64
LABEL jessie_amd64
        kernel debian-installer/amd64/linux
        append vga=normal initrd=debian-installer/amd64/initrd.gz auto=true interface=auto netcfg/dhcp_timeout=60 netcfg/choose_interface=auto priority=critical url=http://192.168.1.1/pxe/preseed.cfg ;DEBCONF_DEBUG=5
        IPAPPEND 2

配置无人值守安装脚本

安装脚本示例：/var/www/pxe/preseed.cfg

## Contents of the preconfiguration file (for jessie)

# Localization
d-i debian-installer/locale string en_US
d-i keyboard-configuration/xkb-keymap select us

# Network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
d-i netcfg/get_nameservers string 192.168.1.1
d-i netcfg/wireless_wep string

# Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string 192.168.1.1
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string

# Account setup
d-i passwd/root-password-crypted password <MD5 hash密码>
d-i passwd/user-fullname string User1
d-i passwd/username string user1
d-i passwd/user-password-crypted password <MD5 hash密码>

# Clock and time zone setup
d-i clock-setup/utc boolean false
d-i time/zone string Asia/Shanghai
d-i clock-setup/ntp boolean false

# Partitioning
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
#
d-i partman-auto/expert_recipe string \
boot-root :: \
1024 2048 1024 ext4 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /boot } \
. \
4096 512 -1 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
. \
1024 1024 1024 linux-swap \
method{ swap } format{ } \
.
#
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

# Apt setup
d-i apt-setup/non-free boolean false
d-i apt-setup/contrib boolean false
d-i apt-setup/use_mirror boolean false
d-i apt-setup/services-select multiselect main
d-i debian-installer/allow_unauthenticated boolean true

# Package selection
tasksel tasksel/first multiselect standard
d-i pkgsel/include string openssh-server vim
d-i pkgsel/upgrade select none
d-i pkgsel/language-packs multiselect en, zh
d-i pkgsel/update-policy select none

# Boot loader installation
d-i grub-installer/only_debian boolean true
d-i grub-installer/bootdev string default

# Finishing up the installation
d-i finish-install/keep-consoles boolean true
d-i finish-install/reboot_in_progress note

# Run script in the target system.
d-i preseed/late_command string chroot /target sh -c "/usr/bin/wget -O /tmp/postinstall http://192.168.1.1/pxe/postinstall && /bin/sh -x /tmp/postinstall"

postinstall服务脚本示例：

#!/bin/sh
#
PXESERVER=192.168.1.1

# Get firstboot script.
/usr/bin/wget -O /root/firstboot http://${PXESERVER}/pxe/firstboot
chmod +x /root/firstboot

# Create a service that will run firstboot script.
cat >/etc/init.d/firstboot << EOF
#! /bin/sh
#
### BEGIN INIT INFO
# Provides:        firstboot
# Required-Start:  $networking
# Required-Stop:   $networking
# Default-Start:   2 3 4 5
# Default-Stop:    0 1 6
# Short-Description: A script that runs once
# Description: A script that runs once
### END INIT INFO
cd /root; /usr/bin/nohup sh -x /root/firstboot &
EOF

# Install the firstboot service.
chmod +x /etc/init.d/firstboot
update-rc.d firstboot defaults
echo "Finished postinstall"

首次安装脚本示例：

#!/bin/sh
#
PXESERVER=192.168.1.1

INF=eth0
NETMASK=255.255.255.0
GATEWAY=192.168.1.253

ZOOKEEPERVERSION=3.4.10
HADOOPVERSION=2.7.4
HBASEVERSION=1.2.6

# This script will run the first time the system boots. Even
# though we've told it to run after networking is enabled,
#
# Introducing a brief sleep makes things work right all the
# time. The time for DHCP to catch up.
sleep 120

# Install new sources.
cat << EOF >/etc/apt/sources.list
deb http://ftp.cn.debian.org/debian/ jessie main
EOF

# Update system and install some softwares.
apt-get update
apt-get -y upgrade
apt-get -y install python chrony monit supervisor openjdk-7-jdk
cd /root
wget http://$PXESERVER/pxe/zookeeper-$ZOOKEEPERVERSION.tar.gz
wget http://$PXESERVER/pxe/hadoop-$HADOOPVERSION.tar.gz
wget http://$PXESERVER/pxe/hbase-$HBASEVERSION-bin.tar.gz
tar zxf zookeeper-$ZOOKEEPERVERSION.tar.gz -C /usr/local/
tar zxf hadoop-$HADOOPVERSION.tar.gz -C /usr/local/
tar zxf hbase-$HBASEVERSION-bin.tar.gz -C /usr/local/
cd /usr/local
ln -s zookeeper-$ZOOKEEPERVERSION zookeeper
ln -s hadoop-$HADOOPVERSION hadoop
ln -s hbase-$HBASEVERSION hbase

mkdir /root/.ssh
cd /root/.ssh
wget http://$PXESERVER/pxe/sshkey/root/authorized_keys
wget http://$PXESERVER/pxe/sshkey/root/id_rsa
chmod 0600 ./*
cd /root

# Delete some services.
update-rc.d firstboot remove
rm /etc/init.d/firstboot /root/firstboot
update-rc.d exim4 remove
update-rc.d nfs-common remove
update-rc.d rpcbind remove

# Configure hostname and static IP.
DHCPIP=`ifconfig $INF | egrep -o '(\<([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>\.){3}\<([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\>' | head -1`
HOSTNUM=`echo $DHCPIP | awk -F. '{print $NF}'`
cat << EOF >/etc/hostname
node-$HOSTNUM
EOF
sed -i 's/iface eth0 inet dhcp/iface eth0 inet static/g' /etc/network/interfaces
cat << EOF >>/etc/network/interfaces
address $DHCPIP
netmask $NETMASK
gateway $GATEWAY
EOF

# Configure ssh.
sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
cat << EOF >>/etc/ssh/sshd_config
UseDNS no
EOF
cat << EOF >>/etc/ssh/ssh_config
StrictHostKeyChecking no
EOF

# Configure chrony.
sed -i 's/server 0.debian.pool.ntp.org offline minpoll 8/#server 0.debian.pool.ntp.org offline minpoll 8/g' /etc/chrony/chrony.conf
sed -i 's/server 1.debian.pool.ntp.org offline minpoll 8/#server 1.debian.pool.ntp.org offline minpoll 8/g' /etc/chrony/chrony.conf
sed -i 's/server 2.debian.pool.ntp.org offline minpoll 8/#server 2.debian.pool.ntp.org offline minpoll 8/g' /etc/chrony/chrony.conf
sed -i 's/server 3.debian.pool.ntp.org offline minpoll 8/#server 3.debian.pool.ntp.org offline minpoll 8/g' /etc/chrony/chrony.conf
cat << EOF >>/etc/chrony/chrony.conf
server $PXESERVER
EOF

# Configure supervisor.
cat <<EOF >/etc/supervisor/conf.d/httpserver.conf
[inet_http_server]
port=0.0.0.0:9001
username=admin
password=admin
EOF

# Configure env.
cat << EOF >/etc/profile.d/java.sh
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64
EOF
cat << EOF >/etc/profile.d/hadoop.sh
export PATH=$PATH:/usr/local/zookeeper/bin:/usr/local/hadoop/bin:/usr/local/hadoop/sbin:/usr/local/hbase/bin
EOF

# Create groups and users.
groupadd hadoop
for I in zookeeper hadoop hbase; do
  chown -R root:hadoop /usr/local/$I/
  chmod -R g+rwx /usr/local/$I/
done

for USERNAME in zookeeper hdfs yarn hbase; do
  if ! grep "^$USERNAME\>" /etc/passwd &>/dev/null; then
    useradd -s /bin/bash $USERNAME
    echo $USERNAME:$USERNAME | chpasswd
    mkdir -p /home/$USERNAME/.ssh
    cd /home/$USERNAME/.ssh
    wget http://$PXESERVER/pxe/sshkey/$USERNAME/authorized_keys
    wget http://$PXESERVER/pxe/sshkey/$USERNAME/id_rsa
    chmod 0600 ./*
    chown -R $USERNAME.$USERNAME /home/$USERNAME/
    usermod -G hadoop $USERNAME
  else
    echo "$USERNAME exists."
  fi
done

# Reboot system.
echo "Reboot system."
/sbin/reboot

解决PXE方式找不到硬盘的

# 由于网络启动模式的initrd.gz中并未包含对应的驱动模块，导致无法发现硬盘。
# 拿DVD光盘中install.amd目录下的initrd解压后获取驱动模块
# 与网络方式netboot安装的initrd合并后，重新制作新的initrd文件
# gunzip解压dvd中的initrd.gz并重命名为initrd-dvd
# gunzip解压netboot中的initrd.gz并重命名为initrd-net
# 解包initrd-dvd到dvd目录
# mkdir dvd
# cd dvd
# cpio -i < ../initrd-dvd
# 解包initrd-net到net目录
# mkdir net
# cd net
# cpio -i < ../initrd-net
# 将dvd版本中的驱动复制到net版（请调整目录名称）
# cd ../dvd/lib/modules/3.2.0-4-amd64/kernel/drivers/
# cp -a * ../../../../../../net/lib/modules/3.2.0-4-amd64/kernel/drivers/
# 重新打包initrd
# cd ../../../../../../net/#进入netboot解包目录
# find | cpio -R 0:0 -o -H newc > ../initrd
# cd ..
# gzip initrd
# 复制initrd.gz到tftp目录测试PXE引导

取消安装过程中需要的认证

# 因为采用的是DVD源，没有公开的签名，自已配置的源会出现错误
# emacs /var/lib/tftpboot/debian-installer/amd64/boot-screens/txt.cfg 
# default install
# label install
# menu label ^Install
# menu default
# kernel debian-installer/amd64/linux
# append vga=788 initrd=debian-installer/amd64/initrd.gz debian-installer/allow_unauthenticated=true -- quiet
# emacs /var/www/pxe/preseed.cfg
# d-i debian-installer/allow_unauthenticated string true
# 以上配置即忽略签名认证