nicolas
/
pxe-lab
mirror of https://github.com/nmasse-itix/pxe-lab.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

automated installs

main
Nicolas Massé 5 years ago
parent
7ec70e600b
commit
5b475fa69a
3 changed files with 220 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      lab-setup/README.md
  2. 70
      pxe-setup/README.md
  3. 127
      pxe-setup/auto-ks.cfg

26
lab-setup/README.md
View File

@ -51,3 +51,29 @@ sudo virsh destroy pxe-client-bios
sudo virsh undefine pxe-client-bios sudo virsh undefine pxe-client-bios
sudo rm /var/lib/libvirt/images/pxe-client-bios.qcow2 sudo rm /var/lib/libvirt/images/pxe-client-bios.qcow2
``` ```
## Test PXE automated install
Test the PXE automated install of a BIOS client.
```sh
sudo virt-install -n pxe-client-bios --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-client-bios.qcow2,size=10 --pxe --network network=pxe-lab,mac=52:54:00:88:a4:b0
```
Test the PXE automated install of a UEFI client.
```sh
sudo virt-install -n pxe-client-uefi --memory 2048 --vcpus=1 --os-variant=centos8 --accelerate -v --disk path=/var/lib/libvirt/images/pxe-client-uefi.qcow2,size=10 --pxe --network network=pxe-lab,mac=52:54:00:88:a4:b0 --boot uefi
```
Clean up.
```sh
sudo virsh destroy pxe-client-uefi
sudo virsh undefine --nvram pxe-client-uefi
sudo rm /var/lib/libvirt/images/pxe-client-uefi.qcow2
sudo virsh destroy pxe-client-bios
sudo virsh undefine pxe-client-bios
sudo rm /var/lib/libvirt/images/pxe-client-bios.qcow2
```

70
pxe-setup/README.md
View File

@ -5,6 +5,7 @@ Install dnsmasq, activate it and open the firewall ports.
```sh ```sh
dnf install dnsmasq dnf install dnsmasq
systemctl enable dnsmasq systemctl enable dnsmasq
systemctl start dnsmasq
firewall-cmd --add-service dhcp --permanent firewall-cmd --add-service dhcp --permanent
firewall-cmd --add-service proxy-dhcp --permanent firewall-cmd --add-service proxy-dhcp --permanent
firewall-cmd --add-service tftp --permanent firewall-cmd --add-service tftp --permanent
@ -36,22 +37,41 @@ cp /mnt/images/pxeboot/{vmlinuz,initrd.img} /var/lib/tftpboot/centos-stream-8/
umount /mnt umount /mnt
``` ```
Add the Memtest files.
```sh
curl -Lo /tmp/memtest.gz http://www.memtest.org/download/5.31b/memtest86+-5.31b.bin.gz
gunzip /tmp/memtest.gz
mkdir -p /var/lib/tftpboot/memtest/
cp /tmp/memtest /var/lib/tftpboot/memtest/
```
Create the file **/var/lib/tftpboot/grub.cfg** (UEFI clients). Create the file **/var/lib/tftpboot/grub.cfg** (UEFI clients).
``` ```
set timeout=60 set timeout=60
menuentry 'CentOS Stream 8' { menuentry 'CentOS Stream 8' {
linuxefi centos-stream-8/vmlinuz ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ linuxefi centos-stream-8/vmlinuz ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/
initrdefi centos-stream-8/initrd.img initrdefi centos-stream-8/initrd.img
} }
menuentry 'Rescue' {
linuxefi centos-stream-8/vmlinuz rescue
initrdefi centos-stream-8/initrd.img
}
menuentry 'Reboot' {
reboot
}
``` ```
Create the file **/var/lib/tftpboot/pxelinux.cfg/default** (BIOS clients). Create the file **/var/lib/tftpboot/pxelinux.cfg/default** (BIOS clients).
``` ```
DEFAULT menu.c32 DEFAULT menu.c32
PROMPT 1 PROMPT 0
TIMEOUT 60 TIMEOUT 600
LABEL centos8 LABEL centos8
MENU LABEL Install ^CentOS Stream 8 MENU LABEL Install ^CentOS Stream 8
@ -63,6 +83,10 @@ LABEL rescue
KERNEL centos-stream-8/vmlinuz KERNEL centos-stream-8/vmlinuz
APPEND initrd=centos-stream-8/initrd.img rescue APPEND initrd=centos-stream-8/initrd.img rescue
LABEL Memtest
MENU LABEL Memtest
KERNEL memtest/memtest
LABEL reboot LABEL reboot
MENU DEFAULT MENU DEFAULT
MENU LABEL Reboot MENU LABEL Reboot
@ -75,7 +99,47 @@ LABEL local
Fix file permissions. Fix file permissions.
``` ```sh
restorecon -RF /var/lib/tftpboot/ restorecon -RF /var/lib/tftpboot/
chmod -R go+rX /var/lib/tftpboot/ chmod -R go+rX /var/lib/tftpboot/
``` ```
## Automated install based on Mac Address
Create **/var/lib/tftpboot/pxelinux.cfg/01-52-54-00-88-a4-b0**.
```sh
DEFAULT menu.c32
PROMPT 0
TIMEOUT 50
LABEL centos8
MENU DEFAULT
MENU LABEL Install CentOS Stream 8 with Kickstart
KERNEL centos-stream-8/vmlinuz
APPEND initrd=centos-stream-8/initrd.img ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ inst.ks=http://192.168.23.10/auto-ks.cfg
```
Create **/var/lib/tftpboot/grub.cfg-01-52-54-00-88-a4-b0**.
```sh
set timeout=5
menuentry 'Install CentOS Stream 8 with Kickstart' {
linuxefi centos-stream-8/vmlinuz ip=dhcp inst.repo=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/ inst.ks=http://192.168.23.10/auto-ks.cfg
initrdefi centos-stream-8/initrd.img
}
```
Install lighttpd.
```sh
dnf -y install epel-release
systemctl enable lighttpd
systemctl start lighttpd
firewall-cmd --add-service http --permanent
firewall-cmd --reload
```
Create **/var/www/lighttpd/auto-ks.cfg** from [auto-ks.cfg](auto-ks.cfg).

127
pxe-setup/auto-ks.cfg
View File

@ -0,0 +1,127 @@
##
## Environment setup
##
# CentOS Stream mirror URL
url --url=http://ftp.pasteur.fr/mirrors/CentOS/8-stream/BaseOS/x86_64/os/
# Install mode: text (interactive installs) or cmdline (unattended installs)
# cmdline
text
# Hash password with SHA-512
authselect --enableshadow --passalgo=sha512
# French keyboard layout
keyboard --vckeymap=fr --xlayouts='fr'
# English i18n
lang en_US.UTF-8
# Accept the EULA
eula --agreed
# Which action to perform after install: poweroff or reboot
poweroff
##
## network configuration
##
# Configure the first network device
network --bootproto=dhcp --device=enp1s0 --noipv6 --activate
# Set the hostname
network --hostname=localhost.localdomain
# Timezone is GMT
timezone Etc/GMT --utc
##
## partitioning
##
# Install on /dev/vda
ignoredisk --only-use=vda
# Install Grub in the MBR of /dev/vda
bootloader --location=mbr --boot-drive=vda
# Clear the target disk
zerombr
# Remove existing partitions
clearpart --all --initlabel
# Automatically create partitions required by hardware platform
reqpart
# Create the root partition
part / --fstype xfs --size=1 --grow --asprimary --label=root
##
## User Accounts
##
# Generate encrypted password with "openssl passwd -6"
rootpw --lock
user --groups=wheel --name=nicolas --iscrypted --password=$6$XUTB20jVVXIqh78k$L1A9Lft5JlbOtNbeDP.fOZ5giLl09LfJGGCon5uwtsIhPJoNkj4SIk08Rb6vSowOps2ik5tlUwT2ZOZ6jjr7.0 --gecos="Nicolas MASSE"
# Inject the SSH key of nicolas
sshkey --username nicolas "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas@localhost.localdomain"
##
## SELinux and Firewalld
##
selinux --enforcing
firewall --enabled --ssh
##
## Software Packages
##
%packages --ignoremissing
@core
@^minimal
net-tools
hdparm
iptraf
iotop
vim-enhanced
tmux
rsync
tree
unzip
tar
tcpdump
telnet
strace
bind-utils
%end
##
## Install scripts
##
%post --interpreter=/bin/bash
# Enable KVM virsh console access
systemctl enable serial-getty@ttyS0.service
systemctl start serial-getty@ttyS0.service
# Help identify when logged in as root
echo "PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]# '" >> /root/.bashrc
# Regular users get a different prompt
echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /etc/skel/.bashrc
echo "PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /home/nicolas/.bashrc
# Disable password authentication over SSH
sed -i.post-install -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
service sshd restart
# Do not ask password for sudo
sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers
%end
Write Preview
Loading…
Cancel
Save