283 lines
429 KiB
HTML
283 lines
429 KiB
HTML
|
<!DOCTYPE html>
|
|||
|
<html><head><title>PXE 自动化部署</title><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta property="og:title" content="PXE 自动化部署"/><meta property="og:description" content="PXE(Preboot Execution Environment)是由 Intel 公司开发的技术,允许计算机通过网络启动并加载操作系统。."/><meta property="og:image" content="https://wiki.7wate.com/static/og-image.png"/><meta property="og:width" content="1200"/><meta property="og:height" content="675"/><link rel="icon" href="../../../static/icon.png"/><meta name="description" content="PXE(Preboot Execution Environment)是由 Intel 公司开发的技术,允许计算机通过网络启动并加载操作系统。."/><meta name="generator" content="Quartz"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com"/><script async src="https://umami.7wate.com/script.js" data-website-id="c061efdc-95dd-4d21-9d04-a1ffda0a85b9"></script><script>
|
|||
|
var _hmt = _hmt || [];
|
|||
|
(function() {
|
|||
|
var hm = document.createElement("script");
|
|||
|
hm.src = "https://hm.baidu.com/hm.js?94d8ccb156eb7c65abf317e6e01cdba9";
|
|||
|
var s = document.getElementsByTagName("script")[0];
|
|||
|
s.parentNode.insertBefore(hm, s);
|
|||
|
})();
|
|||
|
</script><script async src="https://www.googletagmanager.com/gtag/js?id=G-MHMEL0F832"></script><script>
|
|||
|
(function() {
|
|||
|
window.dataLayer = window.dataLayer || [];
|
|||
|
function gtag() {
|
|||
|
window.dataLayer.push(arguments);
|
|||
|
}
|
|||
|
gtag('js', new Date());
|
|||
|
gtag('config', 'G-MHMEL0F832');
|
|||
|
})();
|
|||
|
</script><link href="../../../index.css" rel="stylesheet" type="text/css" spa-preserve/><link href="https://cdn.jsdelivr.net/npm/katex@0.16.0/dist/katex.min.css" rel="stylesheet" type="text/css" spa-preserve/><link href="https://fonts.googleapis.com/css2?family=IBM Plex Mono&family=Schibsted Grotesk:wght@400;700&family=Source Sans Pro:ital,wght@0,400;0,600;1,400;1,600&display=swap" rel="stylesheet" type="text/css" spa-preserve/><script src="../../../prescript.js" type="application/javascript" spa-preserve></script><script type="application/javascript" spa-preserve>const fetchData = fetch(`../../../static/contentIndex.json`).then(data => data.json())</script></head><body data-slug="Tech/operating-system/Automation/PXE--系统部署"><div id="quartz-root" class="page"><div id="quartz-body"><div class="left sidebar"><h1 class="page-title "><a href="../../..">📚 X·Eden</a></h1><div class="spacer mobile-only"></div><div class="search "><div id="search-icon"><p>Search</p><div></div><svg tabIndex="0" aria-labelledby="title desc" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.9 19.7"><title id="title">Search</title><desc id="desc">Search</desc><g class="search-path" fill="none"><path stroke-linecap="square" d="M18.5 18.3l-5.4-5.4"></path><circle cx="8" cy="8" r="7"></circle></g></svg></div><div id="search-container"><div id="search-space"><input autocomplete="off" id="search-bar" name="search" type="text" aria-label="Search for something" placeholder="Search for something"/><div id="results-container"></div></div></div></div><div class="darkmode "><input class="toggle" id="darkmode-toggle" type="checkbox" tabIndex="-1"/><label id="toggle-label-light" for="darkmode-toggle" tabIndex="-1"><svg xmlns="http://www.w3.org/2000/svg" xmlnsXlink="http://www.w3.org/1999/xlink" version="1.1" id="dayIcon" x="0px" y="0px" viewBox="0 0 35 35" style="enable-background:new 0 0 35 35;" xmlSpace="preserve"><title>Light mode</title><path d="M6,17.5C6,16.672,5.328,16,4.5,16h-3C0.672,16,0,16.672,0,17.5 S0.672,19,1.5,19h3C5.328,19,6,18.328,6,17.5z M7.5,26c-0.414,0-0.789,0.168-1.061,0.439l-2,2C4.168,28.711,4,29.086,4,29.5 C4,30.328,4.671,31,5.5,31c0.414,0,0.789-0.168,1.06-0.44l2-2C8.832,28.289,9,27.914,9,27.5C9,26.672,8.329,26,7.5,26z M17.5,6 C18.329,6,19,5.328,19,4.5v-3C19,0.672,18.329,0,17.5,0S16,0.672,16,1.5v3C16,5.328,16.671,6,17.5,6z M27.5,9 c0.414,0,0.789-0.168,1.06-0.439l2-2C30.832,6.289,31,5.914,31,5.5C31,4.672,30.329,4,29.5,4c-0.414,0-0.789,0.168-1.061,0.44 l-2,2C26.168,6.711,26,7.086,26,7.5C26,8.328,26.671,9,27.5,9z M6.439,8.561C6.711,8.832,7.086,9,7.5,9C8.328,9,9,8.328,9,7.5 c0-0.414-0.168-0.789-0.439-1.061l-2-2C6.289,4.168,5.914,4,5.5,4C4.672,4,4,4.672,4,5.5c0,0.414,0.168,0.789,0.439,1.06 L6.439,8.561z M33.5,16h-3c-0.828,0-1.5,0.672-1.5,1.5s0.672,1.5,1.5,1.5h3c0.828,0,1.5-0.672,1.5-1.5S34.328,16,33.5,16z M28.561,26.439C28.289,26.168,27.914,26,27.5,26c-0.828,0-1.5,0.672-1.5,1.5c0,0.414,0.168,0.789,0.439,1.06l2,2 C28.711,30.832,29.086,31,29.5,31c0.828,0,1.5-0.672,1.5-1.5c0-0.414-0.168-0.789-0.439-1.061L28.561,26.439z M17.5,29 c-0.829,0-1.5,0.672-1.5,1.5v3c0,0.828,0.671,1.5,1.5,1.5s1.5-0.672,1.5-1.5v-3C19,29.672,18.329,29,17.5,29z M17.5,7 C11.71,7,7,11.71,7,17.5S11.71,28,17.5,28S28,23.29,28,17.5S23.29,7,17.5,7z M17.5,25c-4.136,0-7.5-3.364-7.5-7.5 c0-4.136,3.364-7.5,7.5-7.5c4.136,0,7.5,3.364,7.5,7.5C25,21.636,21.636,25,17.5,25z"></path></svg></label><label id="toggle-label-dark" for="darkmode-toggle" tabIndex="-1"><svg xmlns="http://www.w3.org/2000/svg" xmlnsXlink="http://www.w3.org/1999/xlink" version="1.1" id="nightIcon" x="0px" y="0px" viewBox="0 0 100 100" style="enable-background='new 0 0 100 100'" xmlSpace="preserve"><title>Dark mode</title><path d="M96.76,66.458c-0.853-0.852-2.15-1.064-3.23-0.534c-6.063,2.991-12.858,4.571-19.655,4.571 C62.022,70.495,50.88,65.88,42.5,57.5C29.043,44.043,25.658,23.536,34.076,6.47c0.532-1.08,0.318-2.379-0.534-3.23 c-0.851-0.852-2.15-1.064-3.23-0.534c-4.918,2.427-9.375,5.619-13.246,9.491c-9.447,9.447-14.65,22.008-14.65,35.369 c0,13
|
|||
|
<p>PXE(Preboot Execution Environment)是一种网络引导技术,允许计算机在启动 BIOS/UEFI 后通过网络接口从远程服务器下载操作系统或其他软件进行启动。这项技术主要应用于无人值守的自动化部署场景,包括系统部署、更新、维护和灾难恢复。与传统的物理介质启动相比,PXE 提供了更大的灵活性和可管理性,特别适合需要快速部署和更新大量系统的企业和机构。</p>
|
|||
|
<h3 id="主要应用场景">主要应用场景<a aria-hidden="true" tabindex="-1" href="#主要应用场景" class="internal"> §</a></h3>
|
|||
|
<ul>
|
|||
|
<li><strong>系统自动化部署</strong>:实现无人值守的操作系统和应用程序批量部署。</li>
|
|||
|
<li><strong>故障恢复</strong>:通过网络快速恢复故障系统。</li>
|
|||
|
<li><strong>远程维护</strong>:支持远程诊断和修复问题。</li>
|
|||
|
<li><strong>固件更新</strong>:批量更新设备固件。</li>
|
|||
|
</ul>
|
|||
|
<h2 id="pxe-工作原理">PXE 工作原理<a aria-hidden="true" tabindex="-1" href="#pxe-工作原理" class="internal"> §</a></h2>
|
|||
|
<h3 id="启动流程详解">启动流程详解<a aria-hidden="true" tabindex="-1" href="#启动流程详解" class="internal"> §</a></h3>
|
|||
|
<pre><code class="mermaid">sequenceDiagram
|
|||
|
participant Client as PXE客户端
|
|||
|
participant DHCPServer as DHCP服务器
|
|||
|
participant TFTPServer as TFTP服务器
|
|||
|
participant BootServer as 引导服务器
|
|||
|
|
|||
|
Client->>DHCPServer: 请求IP地址和引导服务器信息
|
|||
|
DHCPServer->>Client: 分配IP地址和引导服务器地址
|
|||
|
Client->>TFTPServer: 请求引导镜像文件
|
|||
|
TFTPServer->>Client: 传输引导镜像文件
|
|||
|
Client->>BootServer: 加载引导菜单并请求启动操作系统
|
|||
|
BootServer-->>Client: 根据选择传输操作系统启动文件
|
|||
|
Client->>BootServer: 启动操作系统或应用程序
|
|||
|
</code></pre>
|
|||
|
<p>PXE 启动流程可以分为以下几个阶段:</p>
|
|||
|
<ol>
|
|||
|
<li><strong>POST 自检:</strong> 计算机启动时,会进行开机自检(POST)。</li>
|
|||
|
<li><strong>获取 DHCP 信息:</strong> 自检完成后,PXE 客户机会向 DHCP 服务器发送请求,获取 IP 地址、引导服务器地址等信息。</li>
|
|||
|
<li><strong>下载引导镜像:</strong> 客户机从 TFTP 服务器下载引导镜像,如 pxelinux.0。</li>
|
|||
|
<li><strong>加载引导菜单:</strong> 引导镜像加载后,会显示引导菜单,允许用户选择要启动的操作系统或应用程序。</li>
|
|||
|
<li><strong>启动操作系统:</strong> 根据用户选择,启动相应的操作系统或应用程序。</li>
|
|||
|
</ol>
|
|||
|
<h3 id="涉及的关键网络协议">涉及的关键网络协议<a aria-hidden="true" tabindex="-1" href="#涉及的关键网络协议" class="internal"> §</a></h3>
|
|||
|
<p>PXE 工作过程中涉及以下几个关键网络协议:</p>
|
|||
|
<ul>
|
|||
|
<li><strong>DHCP:</strong> 动态主机配置协议,用于为 PXE 客户机分配 IP 地址和引导服务器地址。</li>
|
|||
|
<li><strong>TFTP:</strong> Trivial File Transfer Protocol,用于传输引导镜像和其他文件。</li>
|
|||
|
<li><strong>HTTP/HTTPS</strong>:在 UEFI 模式下,相比 TFTP 提供更快的文件传输速度和加密支持。</li>
|
|||
|
<li><strong>BPD:</strong> Boot Protocol Discovery,用于引导服务器发现 PXE 客户机。</li>
|
|||
|
</ul>
|
|||
|
<h2 id="pxe-技术的关键组件">PXE 技术的关键组件<a aria-hidden="true" tabindex="-1" href="#pxe-技术的关键组件" class="internal"> §</a></h2>
|
|||
|
<p>PXE 部署涉及的核心组件包括 DHCP 服务器、TFTP/HTTP 服务器和 PXE 引导程序。这些组件协同工作,实现了从网络启动计算机并自动加载操作系统的功能。</p>
|
|||
|
<h3 id="dhcp-服务器">DHCP 服务器<a aria-hidden="true" tabindex="-1" href="#dhcp-服务器" class="internal"> §</a></h3>
|
|||
|
<p>DHCP 服务器负责在网络启动过程中为客户端分配 IP 地址,并提供引导服务器(如 TFTP 或 HTTP 服务器)的位置和启动文件名。这是实现 PXE 环境的基础。</p>
|
|||
|
<h3 id="tftphttp-服务器">TFTP/HTTP 服务器<a aria-hidden="true" tabindex="-1" href="#tftphttp-服务器" class="internal"> §</a></h3>
|
|||
|
<ul>
|
|||
|
<li><strong>TFTP 服务器</strong>用于存储和传输引导文件(如 <code>pxelinux.0</code> 或 <code>grubx64.efi</code>)和操作系统映像。尽管 TFTP 是传统选择,但它的传输速度相对较慢。</li>
|
|||
|
<li><strong>HTTP/HTTPS 服务器</strong>提供了一种更快、更安全的替代方案,尤其是在 UEFI 启动模式下。HTTPS 还可以加密数据传输,保护部署过程中的数据安全。</li>
|
|||
|
</ul>
|
|||
|
<h3 id="pxe-引导程序">PXE 引导程序<a aria-hidden="true" tabindex="-1" href="#pxe-引导程序" class="internal"> §</a></h3>
|
|||
|
<p>PXE 引导程序如 SYSLINUX 或 GRUB,负责显示启动菜单,允许用户选择不同的操作系统或工具进行加载。它们支持从 TFTP 或 HTTP 服务器加载操作系统映像。</p>
|
|||
|
<h2 id="无人值守安装">无人值守安装<a aria-hidden="true" tabindex="-1" href="#无人值守安装" class="internal"> §</a></h2>
|
|||
|
<p>无人值守安装允许自动执行操作系统安装,无需人工干预。这通过使用预先定义的安装脚本或应答文件来实现,可以大幅提升大规模部署的效率和一致性。</p>
|
|||
|
<h3 id="实现步骤">实现步骤<a aria-hidden="true" tabindex="-1" href="#实现步骤" class="internal"> §</a></h3>
|
|||
|
<ol>
|
|||
|
<li><strong>准备操作系统映像</strong>:将操作系统安装文件存放于 TFTP 或 HTTP 服务器。</li>
|
|||
|
<li><strong>创建应答文件</strong>:例如 Kickstart(用于 Red Hat/CentOS)或 Preseed(用于 Debian/Ubuntu),定义安装过程中的所有选择,如分区、网络配置、用户账号和安装的软件包。</li>
|
|||
|
<li><strong>配置 PXE 引导程序</strong>:设置启动菜单以引导到特定的安装环境,并指定应答文件。</li>
|
|||
|
</ol>
|
|||
|
<h3 id="自动化脚本和工具">自动化脚本和工具<a aria-hidden="true" tabindex="-1" href="#自动化脚本和工具" class="internal"> §</a></h3>
|
|||
|
<p>使用如 Ansible、Puppet 的自动化运维工具进一步自动化和优化部署流程,可以在无人值守安装基础上实现后续的配置管理和应用部署。</p>
|
|||
|
<h2 id="pxe-环境搭建">PXE 环境搭建<a aria-hidden="true" tabindex="-1" href="#pxe-环境搭建" class="internal"> §</a></h2>
|
|||
|
<p>搭建 PXE 环境需要配置服务器端(包括 DHCP、TFTP/HTTP 服务器和引导文件)和客户端(BIOS/UEFI 设置)。</p>
|
|||
|
<h3 id="服务器端要求">服务器端要求<a aria-hidden="true" tabindex="-1" href="#服务器端要求" class="internal"> §</a></h3>
|
|||
|
<ul>
|
|||
|
<li><strong>操作系统</strong>:Linux 发行版,如 CentOS 或 Ubuntu。</li>
|
|||
|
<li><strong>软件组件:</strong>
|
|||
|
<ul>
|
|||
|
<li>DHCP 服务器(如 ISC DHCP Server)</li>
|
|||
|
<li>TFTP 服务器(如 tftp-hpa)或 HTTP 服务器(如 Apache 或 Nginx)</li>
|
|||
|
<li>PXE 引导程序(如 SYSLINUX 或 GRUB)</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>网络配置</strong>:静态 IP 地址,确保服务器与客户端在同一网络段。</li>
|
|||
|
</ul>
|
|||
|
<h3 id="客户端配置要求">客户端配置要求<a aria-hidden="true" tabindex="-1" href="#客户端配置要求" class="internal"> §</a></h3>
|
|||
|
<ul>
|
|||
|
<li><strong>BIOS/UEFI 设置</strong>:启用网络启动选项,设置网络引导为首选启动设备。</li>
|
|||
|
</ul>
|
|||
|
<h3 id="uefi-支持">UEFI 支持<a aria-hidden="true" tabindex="-1" href="#uefi-支持" class="internal"> §</a></h3>
|
|||
|
<ul>
|
|||
|
<li><strong>UEFI 启动</strong>:配置 UEFI 启动模式下的特定引导文件(如 <code>grubx64.efi</code>)和 DHCP 选项,以支持更现代的硬件。</li>
|
|||
|
</ul>
|
|||
|
<h3 id="网络环境配置与优化">网络环境配置与优化<a aria-hidden="true" tabindex="-1" href="#网络环境配置与优化" class="internal"> §</a></h3>
|
|||
|
<ul>
|
|||
|
<li><strong>通信检查</strong>:确保服务器和客户端间网络畅通。</li>
|
|||
|
<li><strong>使用 VLAN 隔离</strong>:将 PXE 部署网络与生产网络隔离,增强安全性。</li>
|
|||
|
<li><strong>性能优化</strong>:在支持的环境下,使用 HTTP/HTTPS 替代 TFTP 以提升文件传输速度和安全性。</li>
|
|||
|
</ul>
|
|||
|
<h2 id="安全性">安全性<a aria-hidden="true" tabindex="-1" href="#安全性" class="internal"> §</a></h2>
|
|||
|
<p>虽然 PXE 提供了极大的便利,但也引入了新的安全风险。以下措施可以帮助提升 PXE 环境的安全性:</p>
|
|||
|
<h3 id="网络隔离和访问控制">网络隔离和访问控制<a aria-hidden="true" tabindex="-1" href="#网络隔离和访问控制" class="internal"> §</a></h3>
|
|||
|
<p>通过 VLAN 或物理隔离手段将 PXE 部署网络与生产网络分离,限制对 PXE 服务器的访问,确保只有授权客户端可以启动和访问部署服务。</p>
|
|||
|
<h3 id="数据加密">数据加密<a aria-hidden="true" tabindex="-1" href="#数据加密" class="internal"> §</a></h3>
|
|||
|
<p>使用 HTTPS 代替 TFTP,为数据传输过程提供加密,保护敏感信息不被窃取。</p>
|
|||
|
<h3 id="定期更新和补丁应用">定期更新和补丁应用<a aria-hidden="true" tabindex="-1" href="#定期更新和补丁应用" class="internal"> §</a></h3>
|
|||
|
<p>定期更新 PXE 服务器上的软件和操作系统,应用安全补丁,减少安全漏洞。</p>
|
|||
|
<h3 id="强化服务器安全">强化服务器安全<a aria-hidden="true" tabindex="-1" href="#强化服务器安全" class="internal"> §</a></h3>
|
|||
|
<p>为 PXE 服务器配置强密码,实施最小权限原则,使用防火墙和入侵检测系统等安全工具,增加额外的安全层。</p>
|
|||
|
<h2 id="pxe-技术的优势与局限性">PXE 技术的优势与局限性<a aria-hidden="true" tabindex="-1" href="#pxe-技术的优势与局限性" class="internal"> §</a></h2>
|
|||
|
<p>PXE(Preboot Execution Environment)技术在系统部署和维护方面带来了显著的优势,但同时也存在一些局限性。理解这些优点和缺点对于有效地利用 PXE 技术至关重要。</p>
|
|||
|
<h3 id="优势">优势<a aria-hidden="true" tabindex="-1" href="#优势" class="internal"> §</a></h3>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<table><thead><tr><th>优势</th><th>描述</th></tr></thead><tbody><tr><td>自动化部署</td><td>通过无人值守安装,极大提高批量部署计算机的效率,尤其适合数据中心、测试实验室等需要频繁部署大量系统的环境。</td></tr><tr><td>集中管理</td><td>启动镜像和安装脚本可以集中存储在网络服务器上,使得更新和管理更加集中和方便。</td></tr><tr><td>可扩展性</td><td>支持通过网络启动任意数量的客户端,轻松扩展以满足增长的需求,无需对每个客户端进行手动配置。</td></tr><tr><td>安全性提升</td><td>通过网络安全策略和技术保护部署过程,如网络隔离、数据加密,减少物理介质丢失或被盗的风险。</td></tr></tbody></table>
|
|||
|
<h3 id="局限性">局限性<a aria-hidden="true" tabindex="-1" href="#局限性" class="internal"> §</a></h3>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<table><thead><tr><th>局限性</th><th>描述</th></tr></thead><tbody><tr><td>网络依赖性</td><td>完全依赖于网络环境。网络配置错误、服务器不可用或网络故障都可能导致部署失败,大规模部署时对网络带宽的需求也相应增加。</td></tr><tr><td>安全风险</td><td>错误配置的 PXE 环境可能成为安全漏洞,未经授权的设备可能尝试接入网络,攻击者可能利用环境中的漏洞发起攻击。</td></tr><tr><td>技术复杂性</td><td>设置和管理 PXE 环境比传统物理介质安装更复杂,需要专业知识配置和维护 DHCP、TFTP/HTTP 服务器以及安全措施。</td></tr><tr><td>兼容性问题</td><td>在不同硬件和操作系统之间可能会遇到兼容性问题,特别是 UEFI 启动模式下可能需要额外的配置支持。</td></tr></tbody></table>
|
|||
|
<h2 id="pxe-技术的应用">PXE 技术的应用<a aria-hidden="true" tabindex="-1" href="#pxe-技术的应用" class="internal"> §</a></h2>
|
|||
|
<h3 id="基于-rhelfedora-系的详细配置指南">基于 RHEL/Fedora 系的详细配置指南<a aria-hidden="true" tabindex="-1" href="#基于-rhelfedora-系的详细配置指南" class="internal"> §</a></h3>
|
|||
|
<h4 id="1-安装必要的软件包">1. 安装必要的软件包<a aria-hidden="true" tabindex="-1" href="#1-安装必要的软件包" class="internal"> §</a></h4>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="bash" data-theme="default"><code data-language="bash" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">yum</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dhcp-server</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">tftp-server</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">syslinux</span></span></code></pre></div>
|
|||
|
<h4 id="2配置-dhcp-服务器">2.配置 DHCP 服务器<a aria-hidden="true" tabindex="-1" href="#2配置-dhcp-服务器" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li>编辑配置文件 <code>/etc/dhcp/dhcpd.conf</code>,添加以下内容:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="conf" data-theme="default"><code data-language="conf" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);">subnet 192.168.1.0 netmask 255.255.255.0 {</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> range 192.168.1.100 192.168.1.200;</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> option routers 192.168.1.1;</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> option domain-name-servers 8.8.8.8, 8.8.4.4;</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> next-server 192.168.1.2;</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> filename "pxelinux.0";</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">}</span></span></code></pre></div>
|
|||
|
<ol>
|
|||
|
<li>启动并启用 DHCP 服务:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="bash" data-theme="default"><code data-language="bash" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dhcpd</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enable</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dhcpd</span></span></code></pre></div>
|
|||
|
<h4 id="3-配置-tftp-服务器">3. 配置 TFTP 服务器<a aria-hidden="true" tabindex="-1" href="#3-配置-tftp-服务器" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li>创建 TFTP 根目录:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="bash" data-theme="default"><code data-language="bash" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">mkdir</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-p</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/var/lib/tftpboot</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">chmod</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-R</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">777</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/var/lib/tftpboot</span></span></code></pre></div>
|
|||
|
<ol>
|
|||
|
<li>复制 PXE 引导文件到 TFTP 根目录:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="bash" data-theme="default"><code data-language="bash" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">cp</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/usr/lib/syslinux/pxelinux.0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/var/lib/tftpboot/</span></span></code></pre></div>
|
|||
|
<h4 id="4-配置-pxe-引导程序">4. 配置 PXE 引导程序<a aria-hidden="true" tabindex="-1" href="#4-配置-pxe-引导程序" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li>将操作系统安装镜像和相关文件复制到 TFTP 服务器的目录中:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="bash" data-theme="default"><code data-language="bash" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">cp</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/path/to/your/os/*</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/var/lib/tftpboot/</span></span></code></pre></div>
|
|||
|
<ol>
|
|||
|
<li>编辑 <code>/etc/sysconfig/iptables</code>,允许 DHCP 和 TFTP 流量:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="conf" data-theme="default"><code data-language="conf" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);">-A INPUT -p udp --dport 67:68 -j ACCEPT</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">-A INPUT -p udp --dport 4011:4012 -j ACCEPT</span></span></code></pre></div>
|
|||
|
<ol>
|
|||
|
<li>重启 iptables 服务:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="bash" data-theme="default"><code data-language="bash" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">restart</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iptables</span></span></code></pre></div>
|
|||
|
<h4 id="5客户端配置">5.客户端配置<a aria-hidden="true" tabindex="-1" href="#5客户端配置" class="internal"> §</a></h4>
|
|||
|
<ul>
|
|||
|
<li>进入 BIOS 设置,启用网络启动,并设置为第一启动选项。</li>
|
|||
|
</ul>
|
|||
|
<h3 id="基于-debianubuntu-系的详细配置指南">基于 Debian/Ubuntu 系的详细配置指南<a aria-hidden="true" tabindex="-1" href="#基于-debianubuntu-系的详细配置指南" class="internal"> §</a></h3></article></div><div class="right sidebar"><div class="graph "><h3>Graph View</h3><div class="graph-outer"><div id="graph-container" data-cfg="{"drag":true,"zoom":true,"depth":1,"scale":1.1,"repelForce":0.5,"centerForce":0.3,"linkDistance":30,"fontSize":0.6,"opacityScale":1,"showTags":true,"removeTags":[]}"></div><svg version="1.1" id="global-graph-icon" xmlns="http://www.w3.org/2000/svg" xmlnsXlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 55 55" fill="currentColor" xmlSpace="preserve"><path d="M49,0c-3.309,0-6,2.691-6,6c0,1.035,0.263,2.009,0.726,2.86l-9.829,9.829C32.542,17.634,30.846,17,29,17
|
|||
|
s-3.542,0.634-4.898,1.688l-7.669-7.669C16.785,10.424,17,9.74,17,9c0-2.206-1.794-4-4-4S9,6.794,9,9s1.794,4,4,4
|
|||
|
c0.74,0,1.424-0.215,2.019-0.567l7.669,7.669C21.634,21.458,21,23.154,21,25s0.634,3.542,1.688,4.897L10.024,42.562
|
|||
|
C8.958,41.595,7.549,41,6,41c-3.309,0-6,2.691-6,6s2.691,6,6,6s6-2.691,6-6c0-1.035-0.263-2.009-0.726-2.86l12.829-12.829
|
|||
|
c1.106,0.86,2.44,1.436,3.898,1.619v10.16c-2.833,0.478-5,2.942-5,5.91c0,3.309,2.691,6,6,6s6-2.691,6-6c0-2.967-2.167-5.431-5-5.91
|
|||
|
v-10.16c1.458-0.183,2.792-0.759,3.898-1.619l7.669,7.669C41.215,39.576,41,40.26,41,41c0,2.206,1.794,4,4,4s4-1.794,4-4
|
|||
|
s-1.794-4-4-4c-0.74,0-1.424,0.215-2.019,0.567l-7.669-7.669C36.366,28.542,37,26.846,37,25s-0.634-3.542-1.688-4.897l9.665-9.665
|
|||
|
C46.042,11.405,47.451,12,49,12c3.309,0,6-2.691,6-6S52.309,0,49,0z M11,9c0-1.103,0.897-2,2-2s2,0.897,2,2s-0.897,2-2,2
|
|||
|
S11,10.103,11,9z M6,51c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S8.206,51,6,51z M33,49c0,2.206-1.794,4-4,4s-4-1.794-4-4
|
|||
|
s1.794-4,4-4S33,46.794,33,49z M29,31c-3.309,0-6-2.691-6-6s2.691-6,6-6s6,2.691,6,6S32.309,31,29,31z M47,41c0,1.103-0.897,2-2,2
|
|||
|
s-2-0.897-2-2s0.897-2,2-2S47,39.897,47,41z M49,10c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S51.206,10,49,10z"></path></svg></div><div id="global-graph-outer"><div id="global-graph-container" data-cfg="{"drag":true,"zoom":true,"depth":-1,"scale":0.9,"repelForce":0.5,"centerForce":0.3,"linkDistance":30,"fontSize":0.6,"opacityScale":1,"showTags":true,"removeTags":[]}"></div></div></div><div class="toc desktop-only"><button type="button" id="toc" class><h3>Table of Contents</h3><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="fold"><polyline points="6 9 12 15 18 9"></polyline></svg></button><div id="toc-content"><ul class="overflow"><li class="depth-0"><a href="#pxe-技术概述" data-for="pxe-技术概述">PXE 技术概述</a></li><li class="depth-1"><a href="#主要应用场景" data-for="主要应用场景">主要应用场景</a></li><li class="depth-0"><a href="#pxe-工作原理" data-for="pxe-工作原理">PXE 工作原理</a></li><li class="depth-1"><a href="#启动流程详解" data-for="启动流程详解">启动流程详解</a></li><li class="depth-1"><a href="#涉及的关键网络协议" data-for="涉及的关键网络协议">涉及的关键网络协议</a></li><li class="depth-0"><a href="#pxe-技术的关键组件" data-for="pxe-技术的关键组件">PXE 技术的关键组件</a></li><li class="depth-1"><a href="#dhcp-服务器" data-for="dhcp-服务器">DHCP 服务器</a></li><li class="depth-1"><a href="#tftphttp-服务器" data-for="tftphttp-服务器">TFTP/HTTP 服务器</a></li><li class="depth-1"><a href="#pxe-引导程序" data-for="pxe-引导程序">PXE 引导程序</a></li><li class="depth-0"><a href="#无人值守安装" data-for="无人值守安装">无人值守安装</a></li><li class="depth-1"><a href="#实现步骤" data-for="实现步骤">实现步骤</a></li><li class="depth-1"><a href="#自动化脚本和工具" data-for="自动化脚本和工具">自动化脚本和工具</a></li><li class="depth-0"><a href="#pxe-环境搭建" data-for="pxe-环境搭建">PXE 环境搭建</a></li><li class="depth-1"><a href="#服务器端要求" data-for="服务器端要求">服务器端要求</a></li><li class="depth-1"><a href="#客户端配置要求" data-for="客户端配置要求">客户端配置要求</a></li><li class="depth-1"><a href="#uefi-支持" data-for="uefi-支持">UEFI 支持</a></li><li class="depth-1"><a href="#网络环境配置与优化" data-for="网络环境配置与优化">网络环境配置与优化</a></li><li class="depth-0"><a href="#安全性" data-for="安全性">安全性</a></li><li class="depth-1"><a href="#网络隔离和访问控制" data-for="网络隔离和访问控制">网络隔离和访问控制</a></li><li class="depth-1"><a href="#数据加密" data-for="数据加密">数据加密</a></li><li class="depth-1"><a href="#定期更新和补丁应用" data-for="定期更新和补丁应用">定期更新和补丁应用</a></li><li class="depth-1"><a href="#强化服务器安全" data-for="强化服务器安全">强化服务器安全</a></li><li class="depth-0"><a href="#pxe-技术的优势与局限性" data-for="pxe-技术的优势与局限性">PXE 技术的优势与局限性</a></li><li class="depth-1"><a href="#优势" data-for="优势">优势</a></li><li class="depth-1"><a href="#局限性" data-for="局限性">局限性</a></li><li class="depth-0"><a href="#pxe-技术的应用" data-for="pxe-技术的应用">PXE 技术的应用</a></li><li class="depth-1"><a href="#基于-rhelfedora-系的详细配置指南" data-for="基于-rhelfedora-系的详细配置指南">基于 RHEL/Fedora 系的详细配置指南</a></li><li class="depth-1"><a href="#基于-debianubuntu-系的详细配置指南" data-for="基于-debianubuntu-系的详细配置指南">基于 Debian/Ubuntu 系的详细配置指南</a></li></ul></div></div><div class="bac
|
|||
|
function toggleCallout() {
|
|||
|
const outerBlock = this.parentElement;
|
|||
|
outerBlock.classList.toggle(`is-collapsed`);
|
|||
|
const collapsed = outerBlock.classList.contains(`is-collapsed`);
|
|||
|
const height = collapsed ? this.scrollHeight : outerBlock.scrollHeight;
|
|||
|
outerBlock.style.maxHeight = height + `px`;
|
|||
|
let current = outerBlock;
|
|||
|
let parent = outerBlock.parentElement;
|
|||
|
while (parent) {
|
|||
|
if (!parent.classList.contains(`callout`)) {
|
|||
|
return;
|
|||
|
}
|
|||
|
const collapsed2 = parent.classList.contains(`is-collapsed`);
|
|||
|
const height2 = collapsed2 ? parent.scrollHeight : parent.scrollHeight + current.scrollHeight;
|
|||
|
parent.style.maxHeight = height2 + `px`;
|
|||
|
current = parent;
|
|||
|
parent = parent.parentElement;
|
|||
|
}
|
|||
|
}
|
|||
|
function setupCallout() {
|
|||
|
const collapsible = document.getElementsByClassName(
|
|||
|
`callout is-collapsible`
|
|||
|
);
|
|||
|
for (const div of collapsible) {
|
|||
|
const title = div.firstElementChild;
|
|||
|
if (title) {
|
|||
|
title.removeEventListener(`click`, toggleCallout);
|
|||
|
title.addEventListener(`click`, toggleCallout);
|
|||
|
const collapsed = div.classList.contains(`is-collapsed`);
|
|||
|
const height = collapsed ? title.scrollHeight : div.scrollHeight;
|
|||
|
div.style.maxHeight = height + `px`;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
document.addEventListener(`nav`, setupCallout);
|
|||
|
window.addEventListener(`resize`, setupCallout);
|
|||
|
</script><script type="module">
|
|||
|
import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.esm.min.mjs';
|
|||
|
const darkMode = document.documentElement.getAttribute('saved-theme') === 'dark'
|
|||
|
mermaid.initialize({
|
|||
|
startOnLoad: false,
|
|||
|
securityLevel: 'loose',
|
|||
|
theme: darkMode ? 'dark' : 'default'
|
|||
|
});
|
|||
|
document.addEventListener('nav', async () => {
|
|||
|
await mermaid.run({
|
|||
|
querySelector: '.mermaid'
|
|||
|
})
|
|||
|
});
|
|||
|
</script><script src="https://cdn.jsdelivr.net/npm/katex@0.16.7/dist/contrib/copy-tex.min.js" type="application/javascript"></script><script src="../../../postscript.js" type="module"></script></html>
|