debian9自動化部署Fully Automatic Installation(FAI)

時間  2021-02-03
標籤 html linux docker apache bootstrap vim 服務器 app less dom 欄目 測試自動化 简体版
原文   原文鏈接

debian9自動化部署Fully Automatic Installation(FAI)

FAI是debian wiki推薦的自動化部署工具https://wiki.debian.org/FAI,FAI官網網址爲http://fai-project.orghtml

準備工做:已部署好的debian9,使用的版本爲debian9.6.0。主機ip地址:192.168.1.99linux

配置FAI軟件倉庫

root@fai-server:~# vim /etc/apt/sources.list

聯網的狀況下使用國內軟件倉庫,這邊使用國內中科大debian倉庫:docker

如下爲sources.list中的內容apache

deb https://mirrors.ustc.edu.cn/debian/ stretch main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ stretch-updates main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ stretch-backports main contrib non-free
deb https://mirrors.ustc.edu.cn/debian-security/ stretch/updates main contrib non-free
deb http://mirrors.ustc.edu.cn/docker-ce/linux/debian stretch stable

也可配置本地倉庫(藉助apt-mirror軟件實現):bootstrap

root@fai-server:~# apt-get -y install apt-mirror

修改apt-mirror的配置文件,配置軟件倉庫同步的源vim

root@fai-server:~# cat /etc/apt/mirror.list
############# config ##################
#
 set base_path    /debian9_mirror
#
 set mirror_path  $base_path/mirror
 set skel_path    $base_path/skel
 set var_path     $base_path/var
 set cleanscript $var_path/clean.sh
# set defaultarch  <running host architecture>
# set postmirror_script $var_path/postmirror.sh
 set run_postmirror 0
set nthreads     20
set _tilde 0
#
############# end config ##############
deb http://ftp.hk.debian.org/debian stretch main contrib non-free
deb http://ftp.hk.debian.org/debian stretch-updates main contrib non-free
deb http://ftp.hk.debian.org/debian stretch-backports main contrib non-free
deb https://download.docker.com/linux/debian stretch stable
clean http://ftp.hk.debian.org/debian
clean https://download.docker.com/linux/debian

deb源根據本身的實際狀況設置,這邊添加的debian9(debian官方香港地址)的stretch、stretch-updates和stretch-backports的源(下載速度比中科大的快,不知道爲何-_-||)以及docker的軟件倉庫。服務器

配置完成後退出,執行apt-mirror便可自動下載,數據量較大。 大小約爲debian9:74G左右;docker-ce:692M左右app

root@fai-server:~# du -h --max-depth=1 /debian_mirror/mirror/
692M    /debian_mirror/mirror/download.docker.com
74G     /debian_mirror/mirror/ftp.hk.debian.org
74G     /debian_mirror/mirror/

軟件倉庫同步完成後,藉助apache變成可訪問的軟件源less

root@fai-server:~# apt-get -y install apache2

作軟鏈接至apache的html目錄下dom

root@fai-server:~# ln -s /debian9_mirror/mirror/ftp.hk.debian.org/debian /var/www/html/debian
root@fai-server:~# ln -s /debian9_mirror/mirror/download.docker.com/linux/debian /var/www/html/docker

修改source.list

root@fai-server:~# cat /etc/apt/sources.list
deb http://192.168.1.99/debian stretch main contrib non-free
deb http://192.168.1.99/debian stretch-updates main contrib non-free
deb http://192.168.1.99/debian stretch-backports main non-free contrib
deb http://192.168.1.99/docker stretch stable

更新軟件倉庫。因爲docker軟件倉庫沒有gpg祕鑰,會報錯,可從https://download.docker.com/linux/debian/gpg 安裝gpg祕鑰文件。

爲後面本地部署方便,可將該文件放apache的html目錄下供本地機器下載使用,在需求安裝docker-ce的服務器上執行「curl -fsSL http://192.168.1.99/gpg | apt-key add -」, 再執行apt-get update就不會報錯了

準備工做完成後開始部署faiserver

安裝軟件包

root@fai-server:~# wget -O - https://fai-project.org/download/074BCDE4.asc | apt-key add -
root@fai-server:~# echo "deb http://fai-project.org/download stretch koeln" > /etc/apt/sources.list.d/fai.list
root@fai-server:~# apt-get update
root@fai-server:~# apt-get install aptitude -y
root@fai-server:~# aptitude install fai-quickstart -y
root@fai-server:~# apt-get install qemu-user-static -y

配置DHCP服務(ipv4指定網卡,註釋ipv6)

root@fai-server:~# cat /etc/default/isc-dhcp-server
...
...
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="enp0s3"
#INTERFACESv6=""

根據自身狀況配置dhcp服務,next-server爲tftp服務器的ip

root@fai-server:~# cat /etc/dhcp/dhcpd.conf
...
...
# This is a very basic subnet declaration.

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.20 192.168.1.90;
  next-server 192.168.1.99;
  filename "fai/pxelinux.0";
  option routers 192.168.1.1;
  option domain-name-servers 192.168.1.1;
}
...
...

DHCP配置錯誤日誌路徑爲/var/log/daemon.log,有問題可自行經過這個日誌排除.

配置TFTP服務

root@fai-server:~# sed -i 's/0.0.0.0:69/192.168.1.99:69/' /etc/default/tftpd-hpa

配置fai的source.list(fai-steup -v時,從本地軟件倉庫拉取數據)

root@fai-server:~# cat /etc/apt/sources.list > /etc/fai/apt/sources.list

配置fai-nfs服務

FAI_DEBOOTSTRAP:在建立nfsroot這個目錄文件時,須要從指定的軟件倉庫下載debian的鏡像和此版本debian所依賴的軟件包,若是有本地的debian軟件倉庫,可指定爲本地的軟件倉庫。

FAI_ROOTPW:爲設定的新裝機器開機密碼,該密碼對應明文爲fai。如要修改,可經過命名mkpasswd生成新的MD5填入

root@fai-server:~# apt-get install whois -y
root@fai-server:~# echo "password" | mkpasswd -m md5 -s

生成的密文即爲password的MD5碼,填入便可替換默認的fai密碼

NFSROOT_ETC_HOSTS值爲faiserver的IP

root@fai-server:~# cat /etc/fai/nfsroot.conf
# For a detailed description see nfsroot.conf(5)

# "<suite> <mirror>" for debootstrap
FAI_DEBOOTSTRAP="stretch http://192.168.1.99/debian"
FAI_ROOTPW='$1$ab9BtYz3$rmjVoBEilyld2TWF3fw9G.'

NFSROOT=/srv/fai/nfsroot
TFTPROOT=/srv/tftp/fai
NFSROOT_HOOKS=/etc/fai/nfsroot-hooks/
NFSROOT_ETC_HOSTS="192.168.1.99"
FAI_DEBOOTSTRAP_OPTS="--exclude=info"

# Configuration space
FAI_CONFIGDIR=/srv/fai/debian9_config

建立FAI安裝所需的文件(經過互聯網的話,根據軟件倉庫傳輸的實際狀況,須要花費必定時間,若是是本地軟件倉庫的話,很快就能結束,若是軟件倉庫中軟件有問題,可能會報錯,就須要本身去排查問題,就我遇到的問題而言,爲軟件下載殘缺致使,將那個文件從官方倉庫下載替換後即解決了。從新執行fai-setup -v時,要刪除/srv/fai/下全部的文件才能執行)

確認hosts下本機ip的hostname存在,不然fai-setup -v時會不建立ssh祕鑰,致使自動安裝最後卡chboot and savelog階段,雖然不影響安裝,但須要手動干預,才能完成安裝。

root@fai-server:~# cat /etc/hosts
192.168.1.99    fai-server
...

部署fai

root@fai-server:~# fai-setup -v
Adding system user `fai' (UID 110) ...
Adding new user `fai' (UID 110) with group `nogroup' ...
Creating home directory `/var/log/fai/remote-logs' ...
Generating public/private rsa key pair.
Your identification has been saved in /var/log/fai/remote-logs/.ssh/id_rsa.
Your public key has been saved in /var/log/fai/remote-logs/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:YzXCxhaSvntjGmI5PuX0Z9V7H1NGIX2xTiUodoH+Dig fai@fai-server
The key's randomart image is:
+---[RSA 2048]----+
|      ...  ..+ooo|
|      .+ .+ o .o=|
|     .  *ooo   oo|
|      .o o..  o. |
|       .S. . . .o|
|     .E.... o ...|
|    =+.+   +   + |
|   o.oo.= o . . +|
|    ...+ +     .o|
+----[SHA256]-----+
Generating public/private ed25519 key pair.
Your identification has been saved in /var/log/fai/remote-logs/.ssh/id_ed25519.
Your public key has been saved in /var/log/fai/remote-logs/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:WOhJEuh49et8WM8/5ahozXr+XOCUCxEwd0ZseHOYaBc fai@fai-server
The key's randomart image is:
+--[ED25519 256]--+
|   ..   o.o=E+   |
|  . .. . o++O .  |
| o ...o ...+ o   |
|. o  +.+   . .   |
| .    +.S . +    |
|      . .  + o.  |
|     o o =  o+.  |
|      + o.*.o..  |
|       oo+o++.   |
+----[SHA256]-----+
Adding 192.168.1.99,fai-server to known_hosts.
Adding 172.17.0.1 to known_hosts.
/var/log/fai/remote-logs/.ssh/known_hosts created.
/var/log/fai/remote-logs/.ssh/authorized_keys created.
...
...
...
FAI packages and related packages inside the nfsroot:
dracut             044+241-3
dracut-network     044+241-3
fai-client         5.3.6
fai-nfsroot        5.3.6
fai-setup-storage  5.3.6
Waiting for background jobs to finish
[1]+  Done                    nice xz -q $NFSROOT/var/tmp/base.tar  (wd: /srv/fai/nfsroot)
fai-make-nfsroot finished properly.
Log file written to /var/log/fai/fai-make-nfsroot.log
Your initial config space is now located in /srv/fai/debian9_config
Please don't forget to fill out the FAI questionnaire after you've finished your project with FAI.

FAI setup finished.
Log file written to /var/log/fai/fai-setup.log

建立PXE啓動配置文件

root@fai-server:~# fai-chboot -IBv -u nfs://192.168.1.99/srv/fai/debian9_config default
Booting kernel vmlinuz-4.9.0-8-amd64
 append initrd=initrd.img-4.9.0-8-amd64 ip=dhcp
   FAI_FLAGS=verbose,sshd,reboot FAI_CONFIG_SRC=nfs://192.168.1.99/srv/fai/debian9_config

default has no IP in hex default
Writing file /srv/tftp/fai/pxelinux.cfg/default for default

編輯生成的啓動配置文件

label XXXX就是關聯下方kernel的啓動內核,可一對一配置多個。安裝啓動時boot會提示,輸入XXXX,就會從指定的內核啓動。可設置時間參數(timeout 60)、默認啓動內核參數(default XXXX)。

默認只有default、label兩個參數,只有一個內核的話,不須要修改。

若是服務器第一啓動項爲網卡,那麼會沒有詢問,直接自動安裝系統,要當心。全新安裝時可經過設置第一啓動項爲硬盤,第二啓動項爲網卡,這樣硬盤沒有啓動引導的狀況下會從網卡啓動,安裝結束後硬盤中有了系統引導,就不會從網卡啓動了,避免了無限重裝,同時也不須要人工干預。

root@fai-server:~# cat /srv/tftp/fai/pxelinux.cfg/default
# generated by fai-chboot for host default with IP no IP
default fai-generated

label fai-generated
kernel vmlinuz-4.9.0-8-amd64
append initrd=initrd.img-4.9.0-8-amd64 ip=dhcp LOGUSER=fai root=192.168.1.99:/srv/fai/nfsroot:vers=3 rootovl  FAI_FLAGS=verbose,sshd,reboot FAI_CONFIG_SRC=nfs://192.168.1.99/srv/fai/debian9_config FAI_ACTION=install

配置磁盤分區

root@fai-server:~# cat /srv/fai/debian9_config/disk_config/FAIBASE
# example of new config file for setup-storage
#
# <type> <mountpoint> <size>   <fs type> <mount options> <misc options>

disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid

logical swap   8G  swap  sw
primary /      100-100%   ext4  rw,noatime,errors=remount-ro

根據本身的需求設置預安裝軟件

root@fai-server:~#  cat /srv/fai/debian9_config/package_config/DEBIAN
PACKAGES install-norec
apt-transport-https # is only needed for stretch
debconf-utils
file
less
linuxlogo
rsync
openssh-client openssh-server
time
procinfo
nullmailer
eject
locales
console-setup kbd
pciutils usbutils
unattended-upgrades
vim
wget
software-properties-common
ca-certificates
curl
docker-ce
qemu-kvm 
libvirt-clients 
libvirt-daemon-system 
bridge-utils 
libguestfs-tools 
virtinst 
libosinfo-bin
ssh
...
...

配置默認時區、root初始密碼、普通帳號等

root@fai-server:~# cat /srv/fai/debian9_config/class/FAIBASE.var
# default values for installation. You can override them in your *.var files

# allow installation of packages from unsigned repositories
FAI_ALLOW_UNSIGNED=1

# Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not.
UTC=yes
TIMEZONE=Asia/Shanghai

# the hash of the root password for the new installed linux system
# pw is "fai"
ROOTPW='$1$ab9BtYz3$rmjVoBEilyld2TWF3fw9G.'

# errors in tasks greater than this value will cause the installation to stop
STOP_ON_ERROR=700

# set parameter for install_packges(8)
MAXPACKAGES=800

# a user account will be created
username=service
USERPW='$1$ab9BtYz3$rmjVoBEilyld2TWF3fw9G.'

重啓相關服務

root@fai-server:~# /etc/init.d/networking restart
root@fai-server:~# /etc/init.d/isc-dhcp-server restart
root@fai-server:~# /etc/init.d/tftpd-hpa restart
root@fai-server:~# /etc/init.d/rpcbind restart
root@fai-server:~# /etc/init.d/nfs-kernel-server restart

測試自動化系統安裝

自定義自動化部署腳本

fai在自動部署系統時,是依賴fai服務端的各種腳本實現,腳本在/srv/fai/debian9_config/scripts下各個相應的目錄中,LAST目錄是系統部署最後須要執行的腳本,但因爲這次用於安裝的是debian,爲管理方便,將自定義的部署腳本放在DEBIAN目錄下

root@fai-server:~# ls /srv/fai/debian9_config/scripts/DEBIAN/
10-rootpw        20-capabilities  30-interface     40-misc          50-start

50-start即爲自定義的腳本,在該腳本中,修改了ssh的禁用密碼登錄和設置ssh祕鑰登錄、加入部分軟件源的key,以及建立的部分linux配置文件和啓動腳本。

部署腳本的寫法與尋常腳本區別不大,惟一的區別應該是路徑問題,因爲在部署過程當中,磁盤是掛載狀態使用的,因此路徑有變化,參照系統自帶腳本,在真實路徑前加入$target便可,參考範例以下

sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' $target/etc/ssh/sshd_config
...
mkdir -p $target/root/.ssh
touch $target/root/.ssh/authorized_keys
chmod 600 $target/root/.ssh/authorized_keys

參考文檔

https://blog.51cto.com/7938217/1701161
http://fai-project.org/fai-guide/
https://blog.51cto.com/7938217/1701161
https://blog.cavebeat.org/2017/07/local-apt-mirror-for-debian-stretch/
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程