搭建安装服务器

此附录为之前有过Linux经验的人而准备。如果你是一个新用户,那么你也许想要使用最小启动媒体或者发行版DVD,而不是这个来进行安装。

PXE安装概览

预先启动安装环境或PXE,是一种允许电脑直接从网络上的资源来启动的技术。通过网络安装Fedora意味着你不需要创建媒体,并且你可以同时将操作系统安装到多台电脑或虚拟机上。这个过程包含了大量的组件和特性共同提供需要的资源。

PXE兼容的电脑

大多数现代的电脑拥有网络启动的能力。典型的做法是在启动时按下一个功能键即可进入一个启动选择菜单。在非人工值守的环境中,系统通常被配置为首次尝试从网络启动,然后才从本地存储中启动,然后安装服务器就被配置为只在安装时才被需要。你的电脑的手册将提供在设置启动顺序上的、专业的信息。

DHCP服务器

当一个操作系统在网络启动时需要一个地址时,DHCP服务器也将提供用于启动的文件的地址。一个网络需要有且仅有一个DHCP服务器。

TFTP服务器

由于预启动环境非常简单,所以文件必须以一种非常简单的方式被提供。普通文件传输协议,或TFTP,将系统提供给要求继续安装过程的bootloader。

Bootloader

由于启动一个操作系统的工作对于预启动环境而言太过于复杂,所以需要一个bootloader来加载内核和相关的文件。它还为安装器提供配置信息,还能提供一个用于选择不同配置的菜单。

内核和Initramfs

内核是任意Linux操作系统的核心,然后initramfs为内核提供需要的工具和资源。这些文件也被TFTP所提供。

软件源

A Fedora repository must be available for the installation. The example in this section uses the public Fedora mirrors as the repository source, but you can also use a repo on the local network provided by NFS, FTP, or HTTP. Repositories can be configured using the inst.repo= boot option; see Specifying the Installation Source for details.

DHCP服务器配置

安装并配置dhcpd
  1. 安装dhcp服务器软件包。

    # dnf install dhcp-server
  2. 为dhcp服务器在`/etc/dhcp/dhcpd.conf`创建一个简单地配置

    subnet 192.168.1.0 netmask 255.255.255.0 {
    authoritative;
    default-lease-time 600;
    max-lease-time 7200;
    ddns-update-style none;
    
    option domain-name-servers 192.168.1.1;
    option routers 192.168.1.1;
    
    }
  3. 测试你的配置并且标出你发现的问题的位置。

    systemctl start dhcpd
    systemctl enable dhcpd
    journalctl --unit dhcpd --since -2m --follow
  4. Add entries to point clients to their bootloader and the server that provides it to your subnet configuration in /etc/dhcp/dhcpd.conf. Because DHCP clients provide the server with identifying information along with their address request, BIOS clients and UEFI clients can each be directed to the correct bootloader. Using latest processor architecture option codes, which may be found on the IANA DHCPv6 registration page, allows multiple architectures to share a single DHCP server.

    # refer to RFC4578 & IANA DHCPv6 for possible arch option values
    option arch code 93 = unsigned integer 16;
    
    subnet 192.168.1.0 netmask 255.255.255.0 {
    if option arch = 00:07 {
    # x64 UEFI
    filename "uefi/shimx64.efi";
    next-server 192.168.1.2;
    } else if option arch = 00:0b {
    # aarch64 UEFI
    filename "uefi/shimaa64.efi";
    server-name "192.168.1.2";
    } else {
    filename "pxelinux.0";
    next-server 192.168.1.2;
    }
    
    
    ...
  5. 重启dhcp服务来检查配置,并且如果需要的话就更改配置。

    systemctl restart dhcpd
    journalctl --unit dhcpd --since -2m --follow

安装tftp服务器

安装tftp服务器
  1. 安装tftp服务器软件包。

    # dnf install tftp-server
  2. 开始并启用`tftp socket`。当需要时,`systemd`将自动启动`tftpd`服务。

    # systemctl start tftp.socket
    # systemctl enable tftp.socket

提供并配置用于PXE服务器的bootloader

获取bootloader文件
  1. 为BIOS客户端获取[package]syslinux bootloader。

    1. 安装[package]*syslinux*软件包。

      # dnf install syslinux
    2. 为bootloader 文件创建一个目录,并且令其中的文件可用。

      # mkdir -p /var/lib/tftpboot/pxelinux.cfg
      # cp /usr/share/syslinux/{pxelinux.0,menu.c32,vesamenu.c32,ldlinux.c32,libcom32.c32,libutil.c32} /var/lib/tftpboot/
  2. 获取UEFI系统的bootloader文件

    1. Install the shim-x64 and grub2-efi-x64 packages. If your server is a BIOS system, you must install the packages to a temporary install root. Installing them directly on a BIOS machine will attempt to configure the system for UEFI booting and cause problems.

      # dnf install shim-x64 grub2-efi-x64 --installroot=/tmp/fedora --releasever 36
    2. 为bootloader 文件创建一个目录,并且令其中的文件可用。

      # mkdir -p /var/lib/tftpboot/uefi
      # cp /tmp/fedora/boot/efi/EFI/fedora/{shimx64.efi,grubx64.efi} /var/lib/tftpboot/uefi/
配置客户端bootloader
  1. 在`/var/lib/tftpboot/pxelinux.cfg/default`之下创建一个为BIOS准备的启动菜单。

    default vesamenu.c32
    prompt 1
    timeout 600
    
    label local
    menu label Boot from ^local drive
    menu default
    localboot 0xffff
    
    label linux
    menu label ^Install Fedora 36 64-bit
    kernel f36/vmlinuz
    append initrd=f36/initrd.img inst.stage2=https://download.fedoraproject.org/pub/fedora/linux/releases/36/Server/x86_64/os/ ip=dhcp
    
    label server
    menu label ^Install Fedora 36 ( Minimal Image )
    kernel f36/vmlinuz
    append initrd=f36/initrd.img inst.stage2=https://download.fedoraproject.org/pub/fedora/linux/releases/36/Server/x86_64/os/ ip=dhcp ks=https://example.com/fedora/kickstarts/minimal.ks
  2. Create a boot menu for UEFI clients at /var/lib/tftpboot/uefi/grub.cfg.

    function load_video {
    	insmod efi_gop
    	insmod efi_uga
    	insmod video_bochs
    	insmod video_cirrus
    	insmod all_video
    }
    
    load_video
    set gfxpayload=keep
    insmod gzio
    
    menuentry 'Exit this grub' {
            exit
    }
    
    menuentry 'Install Fedora 64-bit'  --class fedora --class gnu-linux --class gnu --class os {
    	linux $fw_path/f36/vmlinuz ip=dhcp inst.repo=https://download.fedoraproject.org/pub/fedora/linux/releases/36/Server/x86_64/os/
    	initrd $fw_path/f36/initrd.img
    }
    
    menuentry 'Install Fedora 36 Server'  --class fedora --class gnu-linux --class gnu --class os {
    	kernel f36/vmlinuz
    	append initrd=f36/initrd.img inst.repo=https://download.fedoraproject.org/pub/fedora/linux/releases/36/Server/x86_64/os/ ip=dhcp ks=https://git.fedorahosted.org/cgit/spin-kickstarts.git/plain/fedora-install-server.ks?h=f21
    }

获取内核和initrd

下载内核和initrd
  1. 创建一个文件的目录。

    # mkdir -p /var/lib/tftpboot/f36
  2. 下载内核。

    # wget https://download.fedoraproject.org/pub/fedora/linux/releases/36/Server/x86_64/os/images/pxeboot/vmlinuz -O /var/lib/tftpboot/f36/vmlinuz
  3. 下载initrd

    # wget https://download.fedoraproject.org/pub/fedora/linux/releases/36/Server/x86_64/os/images/pxeboot/initrd.img -O /var/lib/tftpboot/f36/initrd.img

HTTP Installation Overview

HTTP/HTTPS boot is a technology that allows computers to boot directly from resources provided over the network. When used in conjunction with HTTPS the authenticity of the server is validated, and the use of HTTP offers a more reliable transport mechanism than PXE’s TFTP. Installing Fedora this way avoids creating install media and allows multiple computers to install simultaneously. Many current UEFI implementations, including the EDK2 based firmware shipping with fedora’s virtualization solutions, can directly boot from HTTP sources. A UEFI boot entry may be manually added that specifies a HTTP source via firmware menus. Alternatively, a DHCP server may automatically provide the required HTTP path.

Enrolling Certificatesll

While many machines are capable of HTTPS boot as well as HTTP, they will frequently need to have a certificate authority (CA) enrolled first. The CA is used to validate the certificates presented by the HTTPS server. This may be accomplished by enrolling the appropriate files from the fedora provided ca-certificates for public mirrors or the local HTTPS boot server’s certificate.

DHCP Server Configuration for HTTP

The installation and configuration of a DHCP server for HTTP boot is identical to its configuration for PXE except that we need to amend the option arch conditions for HTTP clients

....

if option arch = 00:07 {
# x64 UEFI
filename "uefi/shim64.efi";
next-server 192.168.1.2;
} else if option arch = 00:0b {
# aarch64 UEFI
filename "uefi/shimaa64.efi";
server-name "192.168.1.2";
} else if option arch = 00:13 {
# aarch64 UEFI HTTP
option vendor-class-identifier "HTTPClient";
filename "http://download.fedoraproject.org/pub/fedora/linux/releases/36/Server/aarch64/os/images/boot.iso";
} else if option arch = 00:10 {
# x64 UEFI HTTP
option vendor-class-identifier "HTTPClient";
filename "http://download.fedoraproject.org/pub/fedora/linux/releases/36/Server/x86_64/os/images/boot.iso";
} else {
filename "pxelinux.0";
next-server 192.168.1.2;
}

...

提供软件源

本小节中的例子使用Fedora镜像作为软件源。为了更快的安装或安装大量系统,或更多的隔离环境,那么你也许想要维护一个本地软件源。

Fedora Infrastructure maintains instructions for configuring a local mirror at https://fedoraproject.org/wiki/Infrastructure/Mirroring. The preferred method for providing repositories is via HTTP, and you can refer to the Fedora System Administrator’s Guide to configure httpd.

使用Cobbler进行增强的网络安装

For more complex environments, Fedora offers the cobbler installation server. Tasks like managing kickstart configurations, coordinating repositories, maintaining dns records, dhcp servers, and even puppet manifests are effectively automated by cobbler.

使用cobbler传送所有特性可以非常简单,此工具的全部的功能点太宽泛而不能在此文档中列出。Cobbler社区在https://cobbler.github.io/提供了文档,并伴随Fedora软件源分发。

另外,比也许对Foreman感兴趣。你可以在https://www.theforeman.org/项目网页上找到官方文档并下载。