debian 12 PXE Server 批量部署系统

pxe server 前言

PXE（Preboot eXecution Environment，预启动执行环境）是一种网络启动协议，允许计算机通过网络启动而不是使用本地硬盘。PXE服务器是实现这一功能的服务器，它提供了启动镜像和引导加载程序，使得客户端计算机可以通过网络启动并安装操作系统或运行其他软件。

在Debian系统中，要设置一个PXE服务器，您需要以下几个组件：

• TFTP服务器：用于提供启动镜像和引导加载程序。
• DHCP服务器：用于分配IP地址给客户端计算机。
• NFS或HTTP服务器：用于提供操作系统镜像和其他文件。

在Debian中，可以使用以下软件包来设置PXE服务器：

• atftpd：一个轻量级的TFTP服务器，可以用于提供启动镜像和引导加载程序。
• dnsmasq：一个轻量级的DHCP和DNS服务器，可以用于分配IP地址给客户端计算机。
• nfs-kernel-server：用于提供NFS服务，以便客户端可以访问操作系统镜像和其他文件。

debian 相关下载，文档参考

• debian 基础系统部署，源参考

创建一键安装tftp dhcp 实现批量部署debian

• 实现自动化安装debian（bios+uefi），lvm 分区xfs
• debian 构建内部镜像资源站，参考

• d-i mirror/http/hostname string 192.168.11.70 内网镜像挂载安装方式配置参考
  d-i mirror/http/directory string /debian12
  d-i mirror/http/proxy string
  

• dhcp 配置文件位置/etc/dhcp/dhcpd.conf
• tftp 配置文件/etc/default/tftpd-hpa
• tftp 文件位置/var/lib/tftp
• apache2 配置文件 /etc/apache2/apache2.conf
• apache2 目录位置/var/www/html
• debian11 netboot 位置/var/lib/tftp/debian11.10/debian-installer
• debian12 netboot 位置/var/lib/tftp/debian12.6/debian-installer
• 基于bios 启动配置文件/var/lib/tftp/pxelinux.cfg/default
• 基于UEFI启动配置文件/var/lib/tftp/grub/grub.cfg
• debian 自动化编排脚本位置/var/lib/tftp/preseed/debian-11-12-preseed.cfg （脚本兼容bios+uefi）
• 执行以下脚本执行前 ln -sf bash /bin/sh
• root/1234.com 以下自动化安装完成的用户密码
• 18-45行变量，根据自己的实际情况进行变更
• 使用crypt(3)哈希进行加密(apt install -y whois) (mkpasswd -m sha-512 生成密钥)
• debian 11 12 实现bios+uefi

vim /debian_pxe_server_bios_uefi_install.sh

#!/bin/bash
# -*- coding: utf-8 -*-
# Author: make.han 
# Email: CIASM@CIASM
# Date: 2024/07/12
# install PXE Server debian 12
 
# preseed.cfg 编排
#https://www.debian.org/releases/stable/amd64/apbs04.zh-cn.html#ftn.idm3455
 
# TFTP 网络引导准备文件
#https://www.debian.org/releases/stable/amd64/ch04s05.zh-cn.html
 
# 安装手册
#https://www.debian.org/releases/stable
 
#dhcp ip address
nic_network_name=`ifconfig -s | awk 'NR>1 && !/^lo/ && !/^idrac/ && !/^br/ && !/^veth/ && !/^docker/{print $1; exit}'`
host_IP=`ifconfig -a | grep inet | grep -v '127.0.0.1' | awk '{ print $2}' | awk 'NR==1'`
IP="192.168.11.69"
MASK="255.255.255.0"
BROADCAST_ADDRESS="192.168.11.255"
ROUTERS="192.168.11.1"
SUBNET="192.168.11.0"
DNS="8.8.8.8"
RANGE="192.168.11.56 192.168.11.250"
 
#tftp variable configuration
tftp_port=69
tftp_user=tftp
tftp_catalogue=/var/lib/tftp
 
#debian catalogue
debian_11_catalogue=debian11.10
debian_12_catalogue=debian12.6
debian_iso=debian_iso
debian_cfg=debian_cfg
 
#netboot downlaod 
netboot_11_url_download=https://mirrors.ustc.edu.cn/debian/dists/Debian11.10/main/installer-amd64/current/images/netboot/netboot.tar.gz
netboot_12_url_download=https://mirrors.ustc.edu.cn/debian/dists/Debian12.6/main/installer-amd64/current/images/netboot/netboot.tar.gz
netboot_gz=netboot.tar.gz
 
# root用户，普通用户 密码使用crypt(3)哈希进行加密(apt install -y whois) (mkpasswd -m sha-512 生成密钥)
root_password='$6$5vShu8v/wRoByWOr$0uGqOl9W40u.hXXZwLBrP6jGFubcw.UM3JE13eOkdm7RsfcnseVsCe1YBR6VawPtFH4rNROi2sJ35X98dNO.C/'
host_name=debian
common_user=debian
common_password='$6$5vShu8v/wRoByWOr$0uGqOl9W40u.hXXZwLBrP6jGFubcw.UM3JE13eOkdm7RsfcnseVsCe1YBR6VawPtFH4rNROi2sJ35X98dNO.C/'
time_zone="Asia/Shanghai"
mirror="ftp.cn.debian.org"
 
# apache2 variable configuration
apache_port=80
apache_catalogue=/var/www/html
 
#debian download
debian12_download_url=https://cdimage.debian.org/debian-cd/12.6.0/amd64/iso-dvd/debian-12.6.0-amd64-DVD-1.iso
debian11_download_url=https://cdimage.debian.org/cdimage/archive/11.10.0/amd64/iso-dvd/debian-11.10.0-amd64-DVD-1.iso
debian12_iso=debian-12.6.0-amd64-DVD-1.iso
debian11_iso=debian-11.10.0-amd64-DVD-1.iso
 
install_pxe_server (){
 
if ! [ -x "$(command -v dhcpd)" ]; then
 
	if [ $? -eq 0 ];then
 
echo "install firewalld"
apt install -y firewalld curl
firewall-cmd --zone=public --add-port=$tftp_port/tcp --permanent && firewall-cmd --reload
firewall-cmd --zone=public --add-port=$tftp_port/udp --permanent && firewall-cmd --reload
 
echo "install whois mkpasswd"
apt install -y whois
 
echo "install dhcp"
apt install -y isc-dhcp-server
 
echo "isc-dhcp-server add nic"
sed -i "s/^INTERFACESv4=.*$/INTERFACESv4=\"$nic_network_name\"/" /etc/default/isc-dhcp-server
 
echo "configuration dhcpd.conf"
rm -rf /etc/dhcp/dhcpd.conf
cat <<EOF>>/etc/dhcp/dhcpd.conf
option domain-name         "$DNS";
option domain-name-servers  $DNS;
default-lease-time 2592000;
max-lease-time 2592000;
authoritative;
 
# add follows
option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;
option architecture-type code 93 = unsigned integer 16;
 
subnet $SUBNET  netmask $MASK {
    range dynamic-bootp $RANGE;
    option broadcast-address $BROADCAST_ADDRESS;
    option routers $ROUTERS;
 
    #add follows
    class "pxeclients" {
        match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
        # PXE servers hostname or IP address
        next-server $host_IP;
        if option architecture-type = 00:07 {
            filename "bootx64.efi";
        }
        else {
            filename "pxelinux.0";
        }
    }
}
EOF
 
echo "install tftpd-hpa"
apt install -y tftpd-hpa
 
echo "configuration tftpd-hpa"
rm -rf /etc/default/tftpd-hpa
cat <<EOF>>/etc/default/tftpd-hpa
TFTP_USERNAME="$tftp_user"
TFTP_DIRECTORY="$tftp_catalogue/"
TFTP_ADDRESS=":$tftp_port"
TFTP_OPTIONS="--secure"
EOF
 
echo "Create a new tftp directory"
mkdir -p $tftp_catalogue/{$debian_11_catalogue,$debian_12_catalogue}
 
echo "start tftpd-hpa"
systemctl start tftpd-hpa
 
echo "install apache2"
apt install -y apache2
 
echo "Delete the default apache2 page"
rm -rf $apache_catalogue/index.html
 
echo "restart apache2"
systemctl restart apache2
 
echo "apache2 firewall"
firewall-cmd --zone=public --add-port=$apache_port/tcp --permanent && firewall-cmd --reload
 
# debian 11 12 Image download mount
<<!
echo "mkdir catalogue debian 11 12"
mkdir -p $apache_catalogue/{$debian_11_catalogue,$debian_12_catalogue}
 
echo "download debian 11 12"
mkdir -p $apache_catalogue/$debian_iso
curl -o $apache_catalogue/$debian_iso/$debian11_iso $debian11_download_url
curl -o $apache_catalogue/$debian_iso/$debian12_iso $debian12_download_url
 
echo "mount debian12_iso"
mount -t iso9660 -o loop,ro $apache_catalogue/$debian_iso/$debian11_iso $apache_catalogue/$debian_11_catalogue
mount -t iso9660 -o loop,ro $apache_catalogue/$debian_iso/$debian12_iso $apache_catalogue/$debian_12_catalogue
 
echo "Mount an image on startup"
sed -i "$ a $apache_catalogue/$debian_iso/$debian11_iso  $apache_catalogue/$debian_11_catalogue/ iso9660 defaults,loop,ro 0 0" /etc/fstab 
sed -i "$ a $apache_catalogue/$debian_iso/$debian12_iso $apache_catalogue/$debian_12_catalogue/ iso9660 defaults,loop,ro 0 0" /etc/fstab 
!
 
echo "downlaod netboot"
curl -o $tftp_catalogue/$debian_11_catalogue/$netboot_gz $netboot_11_url_download
curl -o $tftp_catalogue/$debian_12_catalogue/$netboot_gz $netboot_12_url_download
 
echo "decompression netboot"
tar -xf $tftp_catalogue/$debian_11_catalogue/$netboot_gz -C $tftp_catalogue/$debian_11_catalogue
tar -xf $tftp_catalogue/$debian_12_catalogue/$netboot_gz -C $tftp_catalogue/$debian_12_catalogue
 
echo "bios configuration default"
mkdir -p $tftp_catalogue/pxelinux.cfg
cat <<EOF | tee $tftp_catalogue/pxelinux.cfg/default
default vesamenu.c32
 
#自定义图片路径位置
#menu background /debian.png
 
menu hshift 13
menu width 49
menu margin 8
menu tabmsg
timeout 100
 
menu title Installer boot menu
label Auto Install Debian 11.10
  menu label ^Auto Install Debian 11.10
  menu default
  kernel $debian_11_catalogue/debian-installer/amd64/linux
  append auto=true priority=critical vga=788 initrd=$debian_11_catalogue/debian-installer/amd64/initrd.gz url=http://${host_IP}/$debian_cfg/debian-11-12-preseed.cfg
menu end
 
label Auto Install Debian 12.6
  menu label ^Auto Install Debian 12.6
  menu default
  kernel $debian_12_catalogue/debian-installer/amd64/linux
  append auto=true priority=critical vga=788 initrd=$debian_12_catalogue/debian-installer/amd64/initrd.gz url=http://${host_IP}/$debian_cfg/debian-11-12-preseed.cfg
menu end
 
label local
   #menu default
   com32 chain.c32
   menu label Boot from ^local drive
   localboot 0xffff
menu end
EOF
 
echo "syslinux pxelinux"
apt install -y syslinux pxelinux
 
cp /usr/lib/syslinux/modules/bios/* $tftp_catalogue/
#cp /usr/lib/syslinux/modules/bios/{ldlinux.c32,libutil.c32,menu.c32,vesamenu.c32} $tftp_catalogue/
cp /usr/lib/PXELINUX/{lpxelinux.0,pxelinux.0} $tftp_catalogue/
 
echo "shim-signed"
cd /
apt download shim-signed
dpkg -x shim-signed*deb shim
cp /shim/usr/lib/shim/shimx64.efi.signed $tftp_catalogue/bootx64.efi
 
echo "grub-efi-amd64-signed"
cd /
apt download grub-efi-amd64-signed
dpkg -x grub-efi-amd64-signed*deb grub
cp /grub/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed $tftp_catalogue/grubx64.efi
 
echo "grub-common"
cd /
apt download grub-common
dpkg -x grub-common*deb grub-common
cp /grub-common/usr/share/grub/unicode.pf2 $tftp_catalogue/
 
echo "rm shim grub grub-common"
rm -rf /{shim,grub,grub-common}
rm -rf /{shim-signed*deb,grub-efi-amd64-signed*deb,grub-common*deb}
 
echo "uefi configuration grub.cfg"
mkdir -p $tftp_catalogue/grub
cat <<EOF>>$tftp_catalogue/grub/grub.cfg
set default=4
set timeout=10
set gfxpayload=keep
set menu_color_highlight=cyan/black
set menu_color_normal=white/black
set color_normal=white/black
 
function load_video {
  insmod efi_gop
  insmod efi_uga
  insmod video_bochs
  insmod video_cirrus
  insmod all_video
}
 
load_video
insmod gzio
insmod part_msdos
insmod part_gpt
insmod ext2
insmod xfs
insmod png
insmod gfxterm
insmod gfxmenu
terminal_output gfxterm
background_image -m stretch bg.png
 
menuentry 'EFI Firmware System Setup'  'uefi-firmware' {
  fwsetup
}
 
menuentry 'Reboot System' {
  reboot
}
 
menuentry 'Shutdown System' {
  halt
}
 
menuentry 'Auto Install debian 11.10' {
    linuxefi $debian_11_catalogue/debian-installer/amd64/linux ip=dhcp auto=true priority=critical vga=788 url=http://${host_IP}/$debian_cfg/debian-11-12-preseed.cfg
    initrdefi $debian_11_catalogue/debian-installer/amd64/initrd.gz
}
 
menuentry 'Auto Install debian 12.6' {
    linuxefi $debian_12_catalogue/debian-installer/amd64/linux ip=dhcp auto=true priority=critical vga=788 url=http://${host_IP}/$debian_cfg/debian-11-12-preseed.cfg
    initrdefi $debian_12_catalogue/debian-installer/amd64/initrd.gz
}
EOF
 
echo "bios + uefi establish debian 11 12 cfg"
mkdir -p $apache_catalogue/$debian_cfg
cat <<EOF>>$apache_catalogue/$debian_cfg/debian-11-12-preseed.cfg
# 地区设置语言、国家和地区
d-i debian-installer/locale string en_US
d-i debian-installer/language string en
d-i debian-installer/country string CN
d-i debian-installer/locale string en_GB.UTF-8
d-i localechooser/supported-locales multiselect en_US.UTF-8, zh_CN.UTF-8
 
# 配置键盘
d-i keyboard-configuration/xkb-keymap select us
 
# 配置自动配置网络DHCP
d-i netcfg/choose_interface select auto
 
# 配置hostname和domain
d-i netcfg/get_hostname string $host_name
d-i netcfg/get_domain string $host_name
 
# 指定软件包镜像源的设置
d-i mirror/country string manual
d-i mirror/protocol string http
d-i mirror/http/hostname string $mirror
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
 
# 内网软件包镜像源的设置
#d-i mirror/http/hostname string 192.168.11.70
#d-i mirror/http/directory string /debian12
#d-i mirror/http/proxy string
 
# 选择软件包，标准系统实用程序
tasksel tasksel/first multiselect standard ssh-server 
 
#开启root登录并设置root密码，关闭普通用户创建
d-i passwd/root-login boolean true
d-i passwd/make-user boolean false
 
# Root密码，可以是明文
#d-i passwd/root-password password $root_password
#d-i passwd/root-password-again password $root_password
 
# root用户密码使用crypt(3)哈希进行加密(apt install -y whois) (mkpasswd -m sha-512 生成密钥)
d-i passwd/root-password-crypted password $root_password
 
# 普通用户创建
#d-i passwd/make-user boolean true
#d-i passwd/user-fullname string Debian User
#d-i passwd/username string $common_user
 
# 普通用户密码，可以是明文
#d-i passwd/user-password password $common_password
#d-i passwd/user-password-again password $common_password
 
# 普通用户密码使用crypt(3)哈希进行加密(apt install -y whois) (mkpasswd -m sha-512 生成密钥)
#d-i passwd/user-password-crypted password $common_password
 
#允许弱密码在用户账户创建时被接受
d-i user-setup/allow-password-weak boolean true
 
# 时钟与时区设置
d-i clock-setup/utc boolean true
d-i time/zone string $time_zone
d-i clock-setup/ntp boolean false
#d-i clock-setup/ntp-server string ntp.example.com
 
# uefi引导，强制使用gpt分区表
d-i partman-efi/non_efi_system boolean true
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
 
# 配置磁盘 LVM xfs
d-i partman-auto/method string lvm
d-i partman-auto/disk string /dev/sda
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-auto/choose_recipe select atomic
d-i partman/default_filesystem string xfs
 
# partman在没有确认的情况下自动分区
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
 
# 基本系统安装
#d-i  base-installer/kernel/p_w_picpath string linux-server
 
#设置apt
#d-i apt-setup/security_host string mirrors.aliyun.com
#d-i apt-setup/security_path string /ubuntu
#d-i debian-installer/allow_unauthenticated string false
#d-i pkgsel/upgrade select safe-upgrade
#d-i pkgsel/language-packs multiselect 
#d-i pkgsel/update-policy select none
#d-i pkgsel/updatedb boolean trueb
 
# 禁止在安装的时候弹出CD/DVD扫描提示
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
d-i apt-setup/cdrom/set-first boolean false
d-i apt-setup/cdrom/set-next boolean false
d-i apt-setup/cdrom/set-failed boolean false
 
# 安装额外的软件包，不更新系统
d-i pkgsel/include string openssh-server vim vim-tiny sudo whois git firewalld curl
d-i pkgsel/upgrade select none
 
# grub安装
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev string default
d-i grub-installer/skip boolean false
d-i grub-installer/bootdev string /dev/sda
#d-i lilo-installer/skip boolean false
 
# 安装完成之后不要弹出安装完成的界面，直接重启
d-i finish-install/reboot_in_progress note
 
# 允许ssh服务使用root用户登录
d-i preseed/late_command string in-target sed -i '$ a\PermitRootLogin yes' /etc/ssh/sshd_config
EOF
 
echo "enable tftp dhcp"
systemctl enable tftpd-hpa isc-dhcp-server apache2
 
echo "restart tftpd-hpa isc-dhcp-server"
systemctl restart tftpd-hpa isc-dhcp-server apache2
 
   echo -e "\033[32mThe pxe server Install Sussess...\033[0m" 
  else
   echo -e "\033[33mThe pxe server Install Failed...\033[0m" 
    exit 1
   fi
  else
   echo -e "\033[31mThe pxe server Install already...\033[0m"
fi
}
 
main (){
	install_pxe_server
}
 
main

执行一键安装

 bash /debian_pxe_server_bios_uefi_install.sh

pxe 网络启动，bios

pxe 网络启动，UEFI

自动化安装(支持debian11 12)bios+uefi

安装完成，查看