debian 11 网络远程自动安装测试 - pxe - preseed.cfg

如机房的机子，一般是远程管理，不方便实地用光盘或U盘安装系统，如 debian 11 是提供了完整的网络安装 netboot 文件及自动配置安装参数 preseed.cfg 的说明。

环境：用 VirtualBox 来创建两个虚拟机，A机为pxe服务所在的机子，B机当客户机。A机安装debian 11，分配两张网卡，一张公网，另一张是内网（enp0s8）

步骤：

1. apt install dnsmasq # 在A机安装dnsmasq，为B机自动自动分配IP及网络引导启动、安装系统

2. /etc/dnsmasq.conf # 配置文件内容。大概是设置好tftp的路径 /srv/tftp ，及为B机（传统BIOS启动）设置启动文件为 os-images/bullseye/netboot/pxelinux.0

   interface=enp0s8
   domain=debian.local
   dhcp-range=192.168.3.3,192.168.3.253,255.255.255.0,1h
   enable-tftp
   tftp-root=/srv/tftp
   # dhcp-optsfile=/etc/dnsmasq.opt
   #dhcp-match=ipxe,175
   # dhcp-boot=net:ipxe,default.ipxe
   # pxe-service=x86PC,"ipxe bios", ipxe/undionly.kpxe
   # pxe-service=tag:x86-64_efi,"ipxe efi", ipxe/ipxe.efi
   
   dhcp-match=set:bios-x86,option:client-arch,0
   # dhcp-boot=tag:bios-x86,ipxe/undionly.kpxe
   dhcp-boot=tag:bios-x86,os-images/bullseye/netboot/pxelinux.0
   
   # boot config for UEFI systems
   # dhcp-match=set:efi-x86_64,option:client-arch,7
   # dhcp-match=set:efi-x86_64,option:client-arch,9
   # dhcp-boot=tag:efi-x86_64,ipxe/ipxe.efi
   
   # dhcp-match=set:ipxe,175
   # dhcp-boot=tag:ipxe,http://192.168.3.1/boot2.php
   # dhcp-userclass=set:ENH,iPXE
   # dhcp-boot=tag:ENH,default.ipxe

3. /srv/tftp/os-images/bullseye/netboot/pxelinux.cfg/01-08-00-27-49-b4-6c # 以B机的网卡mac地址为名创建一个pxelinux的启动配置文件内容。大概是将debian的自动应答文件preseed.cfg作为启动参数加载

   DEFAULT linux
    SAY Now booting the kernel from SYSLINUX...
   LABEL linux
    KERNEL debian-installer/amd64/linux
    APPEND auto=true hostname=auto2 domain=local preseed/url=tftp://192.168.3.1/os-images/bullseye/preseed.cfg initrd=debian-installer/amd64/initrd.gz

4. os-images/bullseye/preseed.cfg # 文件内容。目的是自动回答安装过程中的问题，无人值守就可以完成系统安装

   #### Contents of the preconfiguration file (for bullseye). refer: https://www.debian.org/releases/bullseye/example-preseed.txt
   d-i debian-installer/locale string en_US
   d-i keyboard-configuration/xkb-keymap select us
   d-i netcfg/choose_interface select auto
   d-i netcfg/get_hostname string unassigned-hostname
   d-i netcfg/get_domain string unassigned-domain
   d-i netcfg/hostname string auto1
   d-i netcfg/wireless_wep string
   d-i mirror/country string manual
   d-i mirror/http/hostname string ftp.cn.debian.org
   d-i mirror/http/directory string /debian
   d-i mirror/http/proxy string
   d-i passwd/root-password password r00tme
   d-i passwd/root-password-again password r00tme
   d-i passwd/user-fullname string Debian User
   d-i passwd/username string debian
   d-i passwd/user-password password insecure
   d-i passwd/user-password-again password insecure
   d-i clock-setup/utc boolean true
   d-i time/zone string US/Eastern
   d-i clock-setup/ntp boolean true
   d-i partman-auto/method string lvm
   d-i partman-auto-lvm/guided_size string max
   d-i partman-lvm/device_remove_lvm boolean true
   d-i partman-md/device_remove_md boolean true
   d-i partman-lvm/confirm boolean true
   d-i partman-lvm/confirm_nooverwrite boolean true
   d-i partman-auto/choose_recipe select atomic
   d-i partman-partitioning/confirm_write_new_label boolean true
   d-i partman/choose_partition select finish
   d-i partman/confirm boolean true
   d-i partman/confirm_nooverwrite boolean true
   d-i partman-md/confirm boolean true
   d-i partman-partitioning/confirm_write_new_label boolean true
   d-i partman/choose_partition select finish
   d-i partman/confirm boolean true
   d-i partman/confirm_nooverwrite boolean true
   d-i apt-setup/cdrom/set-first boolean false
   tasksel tasksel/first multiselect standard, ssh-server
   popularity-contest popularity-contest/participate boolean true
   d-i grub-installer/only_debian boolean true
   d-i grub-installer/with_other_os boolean true
   d-i grub-installer/bootdev  string default
   d-i finish-install/reboot_in_progress note

5. /etc/nftables.conf # 如果A机要为B机充当网关，转发上网，还需要配置一下。发现一个现象是B机有时上不了外网，要重启一下nftables服务

   #!/usr/sbin/nft -f
   
   flush ruleset
   
   table inet filter {
       chain input {
               type filter hook input priority 0;
       }
       chain forward {
               type filter hook forward priority 0;
       }
       chain output {
               type filter hook output priority 0;
       }
   }
   
   #######
   table inet nat {
       chain input {
               type nat hook input priority 0; policy accept;
               ip protocol icmp accept
       }
   
       chain prerouting {
               type nat hook prerouting priority 0; policy accept;
       }
   
       chain postrouting {
               type nat hook postrouting priority 100; policy accept;
   #               ip saddr 192.168.3.0/24 oifname "enp0s3" masquerade
               oifname "enp0s3" masquerade
       }
   
       chain output {
               type nat hook output priority 0; policy accept;
       }
   }

参考：

• https://wiki.debian.org/PXEBootInstall
• https://linuxhint.com/pxe_boot_ubuntu_server/
• https://www.molnar-peter.hu/en/ubuntu-jammy-netinstall-pxe.html
• https://serverfault.com/questions/1098581/how-to-use-d-i-and-preseeding-on-22-04
• https://github-wiki-see.page/m/cesetxeberria/pxeserver/wiki/Set-up-a-debian-pxe-server-with-ipxe-using-standard-debian-files
• https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html
• https://gist.github.com/annttu/a5b9a57bf03bfc1361ea806fa1bdd116
• https://lists.debian.org/debian-user/2016/02/msg00295.html
• https://ipxe.org/appnote/debian_preseed
• https://github.com/coreos/tectonic-installer/issues/932
• https://ipxe.org/err/2e0080
• https://www.debian.org/releases/stable/i386/apbs02.en.html#preseed-loading
• https://forums.fogproject.org/topic/10944/using-fog-to-pxe-boot-into-your-favorite-installer-images/27?lang=zh-CN