UbuntuHelp:Desktop/PXE

文章出处:

https://help.ubuntu.com/community/Desktop/PXE

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

Goal

The deployment has currently more than 75 clients desktops booting via PXE on a readonly squashfs image, served from a one single NFS/TFTP server (having a load of 0) Offering a desktop based Ubuntu GNU/Linux for about 100 desktops, booting over a local network from one single image. This image needs to be customized for our users (mathematicians and students) at the Mathematical Institute of Leiden University, The Netherlands. Authentication is done via Kerberos and LDAP. The home directories are mounted over NFS.

Audience

Unix admins:

shell scripting (debugging/patching / diffing)
ubuntu / debian experiance for some time
understanding the "AS IS" section in the license .
use this on a non production machine
make backups, duh
below in this page is my email address, use it wisely only, preferably for improvement and patches.

What is written here, will not work off the shelf. To make it work you have to customize it, in the end can save you a lot of time.

Setup

Our setup has to offer:

NFS mounted home directories
authentication/authorisation via Kerberos/LDAP
tex / lyx / kyle
mutt / pine / elm
fully usable Gnome / KDE / Xfce4 / fluxbox
access to Linux and Windows terminal servers
large amount of fonts

Ubuntu Karmic 9.10 is used as a base. Documentation used:

Environment:

raid1 Ubuntu NFS/PXE server
raid1 + raid5 Ubuntu build/test host
Gb network with several VLANs
about 100 ASRock nettop clients

The main focus is the staging environment, keeping staging and production separate. For this howto I won't describe the production server, since they are mostly the same. But as a habit, I never build on production servers since one error in the build script could give me, and some hundred users, a bad day. This actually happened, one day my build server did not reboot any more. The build script escaped to the root and the initrd.img was replaced..... As a policy, I use LTS on servers. Here using Karmic is quite convenient. There more ways to do this, there are possibly a dozen alternative ways. IMHO this is not a beginners howto.

Networks

192.168.1.0/24 => external (uplink)
192.168.2.0/24 => internal (pxeboot)

Server setup

Install the build host with 3 raid1 partitions:

raid1
md0 /
md1 swap
md2 /tmp
md3 /var/
md4 /usr
raid5
md5 /data

Or choose another appropriate setup.

Packages

First install some packages

apt-get install dhcp3-server tftpd-hpa nfs-kernel-server syslinux debootstrap

Networking

Content of /etc/network/interfaces:

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
	address 192.168.1.2
	netmask 255.255.255.0
	network 192.168.1.0
	broadcast 192.168.1.255
	gateway 192.168.1.1 

auto eth1
iface eth1 inet static
	address 192.168.2.1
	netmask 255.255.255.0
	network 192.168.2.0
	broadcast 192.168.2.254

Content of /etc/dhcp3/dhcpd.conf:

DHCPDARGS=eth1; 
ddns-update-style none;
option domain-name "test.example.com";
option domain-name-servers 192.168.1.1; 
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;

subnet 192.168.2.0 netmask 255.255.255.0 {
        range 192.168.2.100 192.168.2.200;
        option routers 192.168.2.1;
        filename "pxelinux.0";
        next-server 192.168.2.1;
        }

NAT and forwarding

Content of /etc/rc.local (there must be a proper way to do this):

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Content of /etc/exports:

/data/tftpboot/ *(no_subtree_check,ro,no_root_squash,async)
/data/home/ *(no_subtree_check,rw,no_root_squash,async)

Content of /etc/default/tftpd-hpa:

RUN_DAEMON="yes"
OPTIONS="-l -s /data/tftpboot"

prepare pxe setup

mkdir -p /data/tftpboot/pxelinux.cfg
cp /usr/lib/syslinux/pxelinux.0 /data/tftpboot/
cp /usr/lib/syslinux/menu.c32 /data/tftpboot/
cp /usr/lib/syslinux/vesamenu.c32 /data/tftpboot/

Content of /data/tftpboot/pxelinux.cfg/default :

menu INCLUDE pxelinux.cfg/graphics.cfg
DEFAULT vesamenu.c32
NOESCAPE 1
ALLOWOPTIONS 0
boot label in /data/tftpboot
LABEL Karmic 
	MENU LABEL Karmic Production
	MENU DEFAULT
        KERNEL karmic/vmlinuz
        APPEND quiet splash initrd=karmic/initrd.img boot=casper netboot=nfs raid=noautodetect root=/dev/nfs nfsroot=192.168.2.1:/data/tftpboot/karmic ip=dhcp rw --

Content of /data/tftpboot/pxelinux.cfg/graphics.cfg:

MENU TITLE PXE Menu
menu color tabmsg 37;40      #80ffffff #00000000
menu color hotsel 30;47      #40000000 #20ffffff
menu color sel 30;47         #40000000 #20ffffff
menu color scrollbar 30;47   #40000000 #20ffffff
MENU WIDTH 80
MENU MARGIN 20 
MENU ROWS 20 
MENU TABMSGROW 18
MENU CMDLINEROW 18
MENU ENDROW 2
MENU MASTER PASSWD vingerhoed
MENU PASSWORDROW 24 
MENU PASSWORDMARGIN 20 
MENU PASSPROMPT Enter Password:
MENU TIMEOUTROW 20
MENU TIMEOUTROW 13
MENU VSHIFT 3 
NOESCAPE 1
ALLOWOPTIONS 0
PROMPT 0
TIMEOUT 60

Heads up Keep an eye on the options, and make sure you understand the documentation! Setting bad options here may allow a user to escape from the loader menu and start a shell as root instead of invoking init. This would give one access to all user files on NFS, which would only make you popular to a very limited set of people (and not at all popular to many others).

NOESCAPE 
ALLOWOPTIONS
PROMPT

Read more about PXELinux how to get nice menus and more.

Starting services

/etc/init.d/tftpd-hpa restart
/etc/init.d/nfs-kernel-server
/etc/init.d/dhcp3-server

Testing

Fetch a Ubuntu live and mount

todo

Local mirror

Read this info and execute the next commands:

apt-get install apt-mirror apache2
vi /etc/apt/mirror.list # configure it to put every thing in /data/mirror/
like this:
set base_path /data/mirror
mkdir -p /data/mirror/skel /data/mirror/mirror /data/mirror/var

Run apt-mirror:

apt-mirror

Add it to cron:

vi /etc/cron.d/apt-mirror 
and remove the # from the last line

Add to apache: assuming everything is in /data/mirror/ Be sure you use the correct Alias and replace the XX for a working directory! In /etc/apache2/sites-enabled/mirror:

Alias /ubuntu/ "/data/mirror/mirror/XX.archive.ubuntu.com/ubuntu/"
<Directory "/data/mirror/mirror">
        Options Indexes FollowSymLinks
        Order allow,deny
        Allow from all
        AllowOverride None
</Directory>

Restart apache:

/etc/init.d/apache2 restart

Test the mirror:

apt-get install lynx
lynx http://localhost/ubuntu/

Here a sample tarbal:

https://wiki.ubuntu.com/MartenVijn?action=AttachFile&do=get&target=ubuntu_pxe.desktop.0.0.128.tgz
Newer versions may exist here.

So download it and untar it. Now you should be able to use the buildscript: IMPORTANT

Read and understand:
 * config.txt. 
 * build.sh  
 * LICENSE.txt

Make sure are not on a production machine and you made backups

explantion of the files:

config.txt
A lot configuration options
a error handling funtion
build.sh builds:
kernel
initrd
installation dir
squashfs files
preseed.txt.
setting build environment for build tree
dpkg*
dpkg-set-selections_fastbuild.txt is a sample file
dpkg-set-selections_full.txt is a sample file
dpkg-set-selections.txt, file use by build.sh
kernel.config is a sample kernel configation file, kernel must have
initrd (casper)
nfsroot
able fetch an ipnumber by dhcp
driver for networkcards.

Getting it to work

With the TREE option you can add/utilize:

logings + passwords
kiosk functions
root ssh keys

We add:

ldap
kerberos
ssh-keys
nfs mounts for homedirs
nfs mounts for software
printer settings
postfix settings

Details of this are not public.

HELP

This is pre-alpha, ment as an example to feed unix admins creativity. From you should be able the work yourself into it as you a unix admin. Patches, Tips, better Ubuntu Practices are more than welkom. send an email to mvn at math dot leidenuniv dot nl

Future plans

liveusb-drives mounting over insecure networks
booting over https

个人工具

UbuntuHelp:Desktop/PXE - Ubuntu中文

搜索

导航

编辑

工具