debian9自动化部署Fully Automatic Installation(FAI)

时间  2021-02-03
标签 html linux docker apache bootstrap vim 服务器 app less dom 栏目 测试自动化 繁體版
原文   原文链接

debian9自动化部署Fully Automatic Installation(FAI)

FAI是debian wiki推荐的自动化部署工具https://wiki.debian.org/FAI,FAI官网网址为http://fai-project.orghtml

准备工做:已部署好的debian9,使用的版本为debian9.6.0。主机ip地址:192.168.1.99linux

配置FAI软件仓库

root@fai-server:~# vim /etc/apt/sources.list

联网的状况下使用国内软件仓库,这边使用国内中科大debian仓库:docker

如下为sources.list中的内容apache

deb https://mirrors.ustc.edu.cn/debian/ stretch main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ stretch-updates main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ stretch-backports main contrib non-free
deb https://mirrors.ustc.edu.cn/debian-security/ stretch/updates main contrib non-free
deb http://mirrors.ustc.edu.cn/docker-ce/linux/debian stretch stable

也可配置本地仓库(借助apt-mirror软件实现):bootstrap

root@fai-server:~# apt-get -y install apt-mirror

修改apt-mirror的配置文件,配置软件仓库同步的源vim

root@fai-server:~# cat /etc/apt/mirror.list
############# config ##################
#
 set base_path    /debian9_mirror
#
 set mirror_path  $base_path/mirror
 set skel_path    $base_path/skel
 set var_path     $base_path/var
 set cleanscript $var_path/clean.sh
# set defaultarch  <running host architecture>
# set postmirror_script $var_path/postmirror.sh
 set run_postmirror 0
set nthreads     20
set _tilde 0
#
############# end config ##############
deb http://ftp.hk.debian.org/debian stretch main contrib non-free
deb http://ftp.hk.debian.org/debian stretch-updates main contrib non-free
deb http://ftp.hk.debian.org/debian stretch-backports main contrib non-free
deb https://download.docker.com/linux/debian stretch stable
clean http://ftp.hk.debian.org/debian
clean https://download.docker.com/linux/debian

deb源根据本身的实际状况设置,这边添加的debian9(debian官方香港地址)的stretch、stretch-updates和stretch-backports的源(下载速度比中科大的快,不知道为何-_-||)以及docker的软件仓库。服务器

配置完成后退出,执行apt-mirror便可自动下载,数据量较大。 大小约为debian9:74G左右;docker-ce:692M左右app

root@fai-server:~# du -h --max-depth=1 /debian_mirror/mirror/
692M    /debian_mirror/mirror/download.docker.com
74G     /debian_mirror/mirror/ftp.hk.debian.org
74G     /debian_mirror/mirror/

软件仓库同步完成后,借助apache变成可访问的软件源less

root@fai-server:~# apt-get -y install apache2

作软链接至apache的html目录下dom

root@fai-server:~# ln -s /debian9_mirror/mirror/ftp.hk.debian.org/debian /var/www/html/debian
root@fai-server:~# ln -s /debian9_mirror/mirror/download.docker.com/linux/debian /var/www/html/docker

修改source.list

root@fai-server:~# cat /etc/apt/sources.list
deb http://192.168.1.99/debian stretch main contrib non-free
deb http://192.168.1.99/debian stretch-updates main contrib non-free
deb http://192.168.1.99/debian stretch-backports main non-free contrib
deb http://192.168.1.99/docker stretch stable

更新软件仓库。因为docker软件仓库没有gpg秘钥,会报错,可从https://download.docker.com/linux/debian/gpg 安装gpg秘钥文件。

为后面本地部署方便,可将该文件放apache的html目录下供本地机器下载使用,在需求安装docker-ce的服务器上执行“curl -fsSL http://192.168.1.99/gpg | apt-key add -”, 再执行apt-get update就不会报错了

准备工做完成后开始部署faiserver

安装软件包

root@fai-server:~# wget -O - https://fai-project.org/download/074BCDE4.asc | apt-key add -
root@fai-server:~# echo "deb http://fai-project.org/download stretch koeln" > /etc/apt/sources.list.d/fai.list
root@fai-server:~# apt-get update
root@fai-server:~# apt-get install aptitude -y
root@fai-server:~# aptitude install fai-quickstart -y
root@fai-server:~# apt-get install qemu-user-static -y

配置DHCP服务(ipv4指定网卡,注释ipv6)

root@fai-server:~# cat /etc/default/isc-dhcp-server
...
...
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="enp0s3"
#INTERFACESv6=""

根据自身状况配置dhcp服务,next-server为tftp服务器的ip

root@fai-server:~# cat /etc/dhcp/dhcpd.conf
...
...
# This is a very basic subnet declaration.

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.20 192.168.1.90;
  next-server 192.168.1.99;
  filename "fai/pxelinux.0";
  option routers 192.168.1.1;
  option domain-name-servers 192.168.1.1;
}
...
...

DHCP配置错误日志路径为/var/log/daemon.log,有问题可自行经过这个日志排除.

配置TFTP服务

root@fai-server:~# sed -i 's/0.0.0.0:69/192.168.1.99:69/' /etc/default/tftpd-hpa

配置fai的source.list(fai-steup -v时,从本地软件仓库拉取数据)

root@fai-server:~# cat /etc/apt/sources.list > /etc/fai/apt/sources.list

配置fai-nfs服务

FAI_DEBOOTSTRAP:在建立nfsroot这个目录文件时,须要从指定的软件仓库下载debian的镜像和此版本debian所依赖的软件包,若是有本地的debian软件仓库,可指定为本地的软件仓库。

FAI_ROOTPW:为设定的新装机器开机密码,该密码对应明文为fai。如要修改,可经过命名mkpasswd生成新的MD5填入

root@fai-server:~# apt-get install whois -y
root@fai-server:~# echo "password" | mkpasswd -m md5 -s

生成的密文即为password的MD5码,填入便可替换默认的fai密码

NFSROOT_ETC_HOSTS值为faiserver的IP

root@fai-server:~# cat /etc/fai/nfsroot.conf
# For a detailed description see nfsroot.conf(5)

# "<suite> <mirror>" for debootstrap
FAI_DEBOOTSTRAP="stretch http://192.168.1.99/debian"
FAI_ROOTPW='$1$ab9BtYz3$rmjVoBEilyld2TWF3fw9G.'

NFSROOT=/srv/fai/nfsroot
TFTPROOT=/srv/tftp/fai
NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/
NFSROOT_ETC_HOSTS="192.168.1.99"
FAI_DEBOOTSTRAP_OPTS="--exclude=info"

# Configuration space
FAI_CONFIGDIR=/srv/fai/debian9_config

建立FAI安装所需的文件(经过互联网的话,根据软件仓库传输的实际状况,须要花费必定时间,若是是本地软件仓库的话,很快就能结束,若是软件仓库中软件有问题,可能会报错,就须要本身去排查问题,就我遇到的问题而言,为软件下载残缺致使,将那个文件从官方仓库下载替换后即解决了。从新执行fai-setup -v时,要删除/srv/fai/下全部的文件才能执行)

确认hosts下本机ip的hostname存在,不然fai-setup -v时会不建立ssh秘钥,致使自动安装最后卡chboot and savelog阶段,虽然不影响安装,但须要手动干预,才能完成安装。

root@fai-server:~# cat /etc/hosts
192.168.1.99    fai-server
...

部署fai

root@fai-server:~# fai-setup -v
Adding system user `fai' (UID 110) ...
Adding new user `fai' (UID 110) with group `nogroup' ...
Creating home directory `/var/log/fai/remote-logs' ...
Generating public/private rsa key pair.
Your identification has been saved in /var/log/fai/remote-logs/.ssh/id_rsa.
Your public key has been saved in /var/log/fai/remote-logs/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:YzXCxhaSvntjGmI5PuX0Z9V7H1NGIX2xTiUodoH+Dig fai@fai-server
The key's randomart image is:
+---[RSA 2048]----+
|      ...  ..+ooo|
|      .+ .+ o .o=|
|     .  *ooo   oo|
|      .o o..  o. |
|       .S. . . .o|
|     .E.... o ...|
|    =+.+   +   + |
|   o.oo.= o . . +|
|    ...+ +     .o|
+----[SHA256]-----+
Generating public/private ed25519 key pair.
Your identification has been saved in /var/log/fai/remote-logs/.ssh/id_ed25519.
Your public key has been saved in /var/log/fai/remote-logs/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:WOhJEuh49et8WM8/5ahozXr+XOCUCxEwd0ZseHOYaBc fai@fai-server
The key's randomart image is:
+--[ED25519 256]--+
|   ..   o.o=E+   |
|  . .. . o++O .  |
| o ...o ...+ o   |
|. o  +.+   . .   |
| .    +.S . +    |
|      . .  + o.  |
|     o o =  o+.  |
|      + o.*.o..  |
|       oo+o++.   |
+----[SHA256]-----+
Adding 192.168.1.99,fai-server to known_hosts.
Adding 172.17.0.1 to known_hosts.
/var/log/fai/remote-logs/.ssh/known_hosts created.
/var/log/fai/remote-logs/.ssh/authorized_keys created.
...
...
...
FAI packages and related packages inside the nfsroot:
dracut             044+241-3
dracut-network     044+241-3
fai-client         5.3.6
fai-nfsroot        5.3.6
fai-setup-storage  5.3.6
Waiting for background jobs to finish
[1]+  Done                    nice xz -q $NFSROOT/var/tmp/base.tar  (wd: /srv/fai/nfsroot)
fai-make-nfsroot finished properly.
Log file written to /var/log/fai/fai-make-nfsroot.log
Your initial config space is now located in /srv/fai/debian9_config
Please don't forget to fill out the FAI questionnaire after you've finished your project with FAI.

FAI setup finished.
Log file written to /var/log/fai/fai-setup.log

建立PXE启动配置文件

root@fai-server:~# fai-chboot -IBv -u nfs://192.168.1.99/srv/fai/debian9_config default
Booting kernel vmlinuz-4.9.0-8-amd64
 append initrd=initrd.img-4.9.0-8-amd64 ip=dhcp
   FAI_FLAGS=verbose,sshd,reboot FAI_CONFIG_SRC=nfs://192.168.1.99/srv/fai/debian9_config

default has no IP in hex default
Writing file /srv/tftp/fai/pxelinux.cfg/default for default

编辑生成的启动配置文件

label XXXX就是关联下方kernel的启动内核,可一对一配置多个。安装启动时boot会提示,输入XXXX,就会从指定的内核启动。可设置时间参数(timeout 60)、默认启动内核参数(default XXXX)。

默认只有default、label两个参数,只有一个内核的话,不须要修改。

若是服务器第一启动项为网卡,那么会没有询问,直接自动安装系统,要当心。全新安装时可经过设置第一启动项为硬盘,第二启动项为网卡,这样硬盘没有启动引导的状况下会从网卡启动,安装结束后硬盘中有了系统引导,就不会从网卡启动了,避免了无限重装,同时也不须要人工干预。

root@fai-server:~# cat /srv/tftp/fai/pxelinux.cfg/default
# generated by fai-chboot for host default with IP no IP
default fai-generated

label fai-generated
kernel vmlinuz-4.9.0-8-amd64
append initrd=initrd.img-4.9.0-8-amd64 ip=dhcp LOGUSER=fai root=192.168.1.99:/srv/fai/nfsroot:vers=3 rootovl  FAI_FLAGS=verbose,sshd,reboot FAI_CONFIG_SRC=nfs://192.168.1.99/srv/fai/debian9_config FAI_ACTION=install

配置磁盘分区

root@fai-server:~# cat /srv/fai/debian9_config/disk_config/FAIBASE
# example of new config file for setup-storage
#
# <type> <mountpoint> <size>   <fs type> <mount options> <misc options>

disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid

logical swap   8G  swap  sw
primary /      100-100%   ext4  rw,noatime,errors=remount-ro

根据本身的需求设置预安装软件

root@fai-server:~#  cat /srv/fai/debian9_config/package_config/DEBIAN
PACKAGES install-norec
apt-transport-https # is only needed for stretch
debconf-utils
file
less
linuxlogo
rsync
openssh-client openssh-server
time
procinfo
nullmailer
eject
locales
console-setup kbd
pciutils usbutils
unattended-upgrades
vim
wget
software-properties-common
ca-certificates
curl
docker-ce
qemu-kvm 
libvirt-clients 
libvirt-daemon-system 
bridge-utils 
libguestfs-tools 
virtinst 
libosinfo-bin
ssh
...
...

配置默认时区、root初始密码、普通帐号等

root@fai-server:~# cat /srv/fai/debian9_config/class/FAIBASE.var
# default values for installation. You can override them in your *.var files

# allow installation of packages from unsigned repositories
FAI_ALLOW_UNSIGNED=1

# Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not.
UTC=yes
TIMEZONE=Asia/Shanghai

# the hash of the root password for the new installed linux system
# pw is "fai"
ROOTPW='$1$ab9BtYz3$rmjVoBEilyld2TWF3fw9G.'

# errors in tasks greater than this value will cause the installation to stop
STOP_ON_ERROR=700

# set parameter for install_packges(8)
MAXPACKAGES=800

# a user account will be created
username=service
USERPW='$1$ab9BtYz3$rmjVoBEilyld2TWF3fw9G.'

重启相关服务

root@fai-server:~# /etc/init.d/networking restart
root@fai-server:~# /etc/init.d/isc-dhcp-server restart
root@fai-server:~# /etc/init.d/tftpd-hpa restart
root@fai-server:~# /etc/init.d/rpcbind restart
root@fai-server:~# /etc/init.d/nfs-kernel-server restart

测试自动化系统安装

自定义自动化部署脚本

fai在自动部署系统时,是依赖fai服务端的各种脚本实现,脚本在/srv/fai/debian9_config/scripts下各个相应的目录中,LAST目录是系统部署最后须要执行的脚本,但因为这次用于安装的是debian,为管理方便,将自定义的部署脚本放在DEBIAN目录下

root@fai-server:~# ls /srv/fai/debian9_config/scripts/DEBIAN/
10-rootpw        20-capabilities  30-interface     40-misc          50-start

50-start即为自定义的脚本,在该脚本中,修改了ssh的禁用密码登录和设置ssh秘钥登录、加入部分软件源的key,以及建立的部分linux配置文件和启动脚本。

部署脚本的写法与寻常脚本区别不大,惟一的区别应该是路径问题,因为在部署过程当中,磁盘是挂载状态使用的,因此路径有变化,参照系统自带脚本,在真实路径前加入$target便可,参考范例以下

sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' $target/etc/ssh/sshd_config
...
mkdir -p $target/root/.ssh
touch $target/root/.ssh/authorized_keys
chmod 600 $target/root/.ssh/authorized_keys

参考文档

https://blog.51cto.com/7938217/1701161
http://fai-project.org/fai-guide/
https://blog.51cto.com/7938217/1701161
https://blog.cavebeat.org/2017/07/local-apt-mirror-for-debian-stretch/
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程