20201119在Fedora 32 server 建立NetBoot Image
跳至導覽
跳至搜尋
STEP 2
(1-1)列出作業系統資訊: [root@localhost ~]# uname -a Linux localhost.localdomain 5.6.6-300.fc32.x86_64 #1 SMP Tue Apr 21 13:44:19 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux (1-2)列出所有的區塊設備(硬碟、隨身碟、…): # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sr0 11:0 1 1024M 0 rom vda 252:0 0 60G 0 disk ├─vda1 252:1 0 1G 0 part /boot └─vda2 252:2 0 59G 0 part ├─fedora-root 253:0 0 15G 0 lvm / └─fedora-swap 253:1 0 4G 0 lvm [SWAP] [root@localhost ~]# (1-3)列出CPU資訊:架構(x86, x86_64...等等)、核心數、執行緒數、頻率和快取 [root@localhost ~]# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 40 bits physical, 48 bits virtual CPU(s): 2 On-line CPU(s) list: 0,1 Thread(s) per core: 1 Core(s) per socket: 2 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 15 Model name: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz Stepping: 11 CPU MHz: 2097.570 BogoMIPS: 4195.14 Hypervisor vendor: KVM Virtualization type: full L1d cache: 64 KiB L1i cache: 64 KiB L2 cache: 8 MiB NUMA node0 CPU(s): 0,1 Vulnerability Itlb multihit: KVM: Vulnerable Vulnerability L1tf: Mitigation; PTE Inversion Vulnerability Mds: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown Vulnerability Meltdown: Mitigation; PTI Vulnerability Spec store bypass: Vulnerable Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Vulnerability Spectre v2: Mitigation; Full generic retpoline, STIBP disabled, RSB filling Vulnerability Tsx async abort: Not affected Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx l m constant_tsc rep_good nopl cpuid tsc_known_freq pni ssse3 cx16 pcid sse4_2 x2apic hypervisor lahf_lm pti [root@localhost ~]# 註3:以 Least Significant Byte(LSB) 逐一儲存位元組者,稱為little-endian,x86_64採用以簡化硬体設計。 (1-4)列出所有的環境變數 # env SHELL=/bin/bash HISTCONTROL=ignoredups HISTSIZE=1000 HOSTNAME=localhost.localdomain PWD=/root LOGNAME=root XDG_SESSION_TYPE=tty HOME=/root LANG=en_US.UTF-8 LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.m4a=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.oga=01;36:*.opus=01;36:*.spx=01;36:*.xspf=01;36: SSH_CONNECTION=163.25.20.252 54228 163.25.20.15 22 XDG_SESSION_CLASS=user SELINUX_ROLE_REQUESTED= TERM=xterm LESSOPEN=||/usr/bin/lesspipe.sh %s USER=root SELINUX_USE_CURRENT_RANGE= SHLVL=1 XDG_SESSION_ID=93 XDG_RUNTIME_DIR=/run/user/0 SSH_CLIENT=163.25.20.252 54228 22 PATH=/root/.local/bin:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin SELINUX_LEVEL_REQUESTED= DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/0/bus MAIL=/var/spool/mail/root SSH_TTY=/dev/pts/0 _=/usr/bin/env [root@localhost ~]# (2)設定網路: (2-1) [root@localhost ~]# sudo -i [root@localhost ~]# MY_HOSTNAME=lfwiki.kmvs.km.edu.tw [root@localhost ~]# hostnamectl set-hostname $MY_HOSTNAME [root@localhost ~]# MY_DNS1=168.95.1.1 [root@localhost ~]# MY_DNS2=168.95.192.1 [root@localhost ~]# MY_IP=163.25.20.15 [root@localhost ~]# MY_PREFIX=24 [root@localhost ~]# MY_GATEWAY=163.25.20.254 [root@localhost ~]# (2-2) # ip route show default default via 163.25.20.254 dev ens18 proto static metric 100 [root@localhost ~]# # ip route show default|awk '{print $5}' ens18 # DEFAULT_DEV=$(ip route show default|awk '{print $5}') [root@localhost ~]# nmcli d show $DEFAULT_DEV GENERAL.DEVICE: ens18 GENERAL.TYPE: ethernet GENERAL.HWADDR: FE:FC:FE:0F:1B:EC GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: ens18 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/2 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS[1]: 163.25.20.15/24 IP4.GATEWAY: 163.25.20.254 IP4.ROUTE[1]: dst = 163.25.20.0/24, nh = 0.0.0.0, mt = 100 IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 163.25.20.254, mt = 100 IP4.DNS[1]: 168.95.192.1 IP6.ADDRESS[1]: fe80::fcfc:feff:fe0f:1bec/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dst = ff00::/8, nh = ::, mt = 256, table=255 IP6.ROUTE[2]: dst = fe80::/64, nh = ::, mt = 256 [root@localhost ~]# (2-3) # nmcli d show $DEFAULT_DEV | sed -n '/^GENERAL.CONNECTION:/s!.*:\s*!! p' ens18 # DEFAULT_CON=$(nmcli d show $DEFAULT_DEV | sed -n '/^GENERAL.CONNECTION:/s!.*:\s*!! p') (2-4)在預設連線上建立一個network bridge(br0) [root@localhost ~]# nohup bash << END > nmcli con mod "$DEFAULT_CON" connection.id "$DEFAULT_DEV" > nmcli con mod "$DEFAULT_DEV" connection.interface-name "$DEFAULT_DEV" > nmcli con mod "$DEFAULT_DEV" ipv4.method disabled > nmcli con up "$DEFAULT_DEV" > nmcli con add con-name br0 ifname br0 type bridge > nmcli con mod br0 bridge.stp no > nmcli con mod br0 ipv4.dns $MY_DNS1 , $MY_DNS2 > nmcli con mod br0 ipv4.addresses $MY_IP/$MY_PREFIX > nmcli con mod br0 ipv4.gateway $MY_GATEWAY > nmcli con mod br0 ipv4.method manual > nmcli con up br0 > nmcli con add con-name br0-slave0 ifname "$DEFAULT_DEV" type bridge-slave master br0 > nmcli con up br0-slave0 > END [root@localhost ~]# nohup bash << END > nmcli con mod "$DEFAULT_CON" connection.id "$DEFAULT_DEV" > nmcli con mod "$DEFAULT_DEV" connection.interface-name "$DEFAULT_DEV" > nmcli con mod "$DEFAULT_DEV" ipv4.method disabled > nmcli con up "$DEFAULT_DEV" > nmcli con add con-name br0 ifname br0 type bridge > nmcli con mod br0 bridge.stp no > nmcli con mod br0 ipv4.dns $MY_DNS1 , $MY_DNS2 > nmcli con mod br0 ipv4.addresses $MY_IP/$MY_PREFIX > nmcli con mod br0 ipv4.gateway $MY_GATEWAY > nmcli con mod br0 ipv4.method manual > nmcli con up br0 > nmcli con add con-name br0-slave0 ifname "$DEFAULT_DEV" type bridge-slav e master br0 > nmcli con up br0-slave0 > END nohup: appending output to 'nohup.out' [root@localhost ~]# ^C 以上設定在預設連線上建立一個network bridge,以利日後可在伺服端執行虛擬機器。 bridge將二個區域網路整併成一個。 註4:nohup: 不理會HUP (hangup)訊號,讓目前的批次指令(script)進入背景中執行。 (10)安裝NFS網路檔案系統 ref:how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/ [root@sice ~]# MY_HOSTNAME=lfwiki.kmvs.km.edu.tw [root@sice ~]# hostnamectl set-hostname $MY_HOSTNAME [root@sice ~]# MY_DNS1=163.25.20.1 [root@sice ~]# MY_DNS2=168.95.192.1 [root@sice ~]# MY_IP=163.25.20.15 [root@sice ~]# MY_PREFIX=24 [root@sice ~]# DEFAULT_DEV=$(ip route show default|awk '{print $5}') [root@sice ~]# DEFAULT_CON=$(nmcli d show $DEFAULT_DEV | sed -n '/^GENERAL.CONNECTION:/s!.*:\s*!! p') [root@sice ~]# nohup bash << END > nmcli con mod "$DEFAULT_CON" connection.id "$DEFAULT_DEV" > nmcli con mod "$DEFAULT_DEV" connection.interface-name "$DEFAULT_DEV" > nmcli con mod "$DEFAULT_DEV" ipv4.method disabled > nmcli con up "$DEFAULT_DEV" > nmcli con add con-name br0 ifname br0 type bridge > nmcli con mod br0 bridge.stp no > nmcli con mod br0 ipv4.dns $MY_DNS1,$MY_DNS2 > nmcli con mod br0 ipv4.addresses $MY_IP/$MY_PREFIX > nmcli con mod br0 ipv4.gateway $MY_GATEWAY > nmcli con mod br0 ipv4.method manual > nmcli con up br0 > nmcli con add con-name br0-slave0 ifname "$DEFAULT_DEV" type bridge-slave master br0 > nmcli con up br0-slave0 > END nohup: appending output to 'nohup.out' # dnf install -y nfs-utils Last metadata expiration check: 2:59:38 ago on Wed 18 Nov 2020 05:40:16 PM EST. Package nfs-utils-1:2.5.1-4.rc4.fc32.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! [root@localhost ~]# (11) [root@localhost ~]# MY_SUBNET=163.25.20.0 [root@localhost ~]# mkdir /export # echo "/export -fsid=0,ro,sec=sys,root_squash $MY_SUBNET/$MY_PREFIX" > /etc/exports # cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="resume=/dev/mapper/fedora-swap rd.lvm.lv=fedora/root rd.lvm.lv=fedora/swap rhgb quiet" GRUB_DISABLE_RECOVERY="true" GRUB_ENABLE_BLSCFG=true [root@localhost ~]# sed -i '/GRUB_CMDLINE_LINUX/s/"$/ audit=0 selinux=0"/' /etc/default/grub [root@localhost ~]# cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="resume=/dev/mapper/fedora-swap rd.lvm.lv=fedora/root rd.lvm.lv=fedora/swap rhgb quiet audit=0 selinux=0" GRUB_DISABLE_RECOVERY="true" GRUB_ENABLE_BLSCFG=true [root@localhost ~]# (12) # ifconfig br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 163.25.20.15 netmask 255.255.255.0 broadcast 163.25.20.255 inet6 fe80::bc3e:ded7:7e6d:c060 prefixlen 64 scopeid 0x20<link> ether a6:e3:24:de:3a:13 txqueuelen 1000 (Ethernet) RX packets 393454 bytes 53835537 (51.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18614 bytes 39136754 (37.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens18: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ether fe:fc:fe:0f:1b:ec txqueuelen 1000 (Ethernet) RX packets 79505322 bytes 14324158140 (13.3 GiB) RX errors 0 dropped 673758 overruns 0 frame 0 TX packets 3534166 bytes 2566514003 (2.3 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 36128 bytes 44417306 (42.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36128 bytes 44417306 (42.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@lfwiki ~]# (13) # ls /boot -l total 190192 -rw-r--r--. 1 root root 219333 Apr 21 2020 config-5.6.6-300.fc32.x86_64 -rw-r--r--. 1 root root 225577 Oct 7 11:01 config-5.8.14-200.fc32.x86_64 drwxr-xr-x. 3 root root 17 Oct 12 06:00 efi drwx------. 5 root root 97 Nov 19 00:48 grub2 -rw-------. 1 root root 83866178 Oct 12 06:04 initramfs-0-rescue-996d3946ceff4ffcabf09e2dca3bb899.img -rw-------. 1 root root 34047221 Oct 12 06:05 initramfs-5.6.6-300.fc32.x86_64.img -rw-------. 1 root root 32796870 Oct 13 01:35 initramfs-5.8.14-200.fc32.x86_64.img drwxr-xr-x. 3 root root 21 Oct 12 06:01 loader -rw-------. 1 root root 5027575 Apr 21 2020 System.map-5.6.6-300.fc32.x86_64 -rw-------. 1 root root 5327267 Oct 7 11:01 System.map-5.8.14-200.fc32.x86_64 -rwxr-xr-x. 1 root root 10782824 Oct 12 06:02 vmlinuz-0-rescue-996d3946ceff4ffcabf09e2dca3bb899 -rwxr-xr-x. 1 root root 10782824 Apr 21 2020 vmlinuz-5.6.6-300.fc32.x86_64 -rwxr-xr-x. 1 root root 11656080 Oct 7 11:01 vmlinuz-5.8.14-200.fc32.x86_64 [root@lfwiki ~]# # grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... done (14) # sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux [root@lfwiki ~]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@lfwiki ~]# (15) 讓nfs可通過防火牆 [root@lfwiki ~]# firewall-cmd --add-service nfs FirewallD is not running [root@lfwiki ~]# :: : [root@sice ~]# firewall-cmd --add-service nfs success [root@sice ~]# firewall-cmd --runtime-to-permanent success [root@sice ~]# systemctl enable nfs-server.service Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service. [root@sice ~]# systemctl start nfs-server.service [root@sice ~]# date 日 1月 20 16:05:45 CST 2019
STEP 3
(16) 建立Netboot Image所在目錄 [root@lfwiki ~]# mkdir /fc32 (17)先裝fedora-release systemd passwd rootfiles sudo dracut dracut-network nfs-utils vim-minimal dnf等十個基本套件: (17-1) [root@lfwiki ~]# dnf -y --releasever=32 --installroot=/fc32 install fedora-release systemd passwd rootfiles sudo dracut dracut-network nfs-utils vim-minimal dnf Fedora 32 openh264 (From Cisco) - x86_64 0.0 B/s | 0 B 00:00 Errors during downloading metadata for repository 'fedora-cisco-openh264': - Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-32&arch=x86_64 [Could not resolve host: mirrors.fedoraproject.org] (17-2) [root@lfwiki ~]# vi /etc/resolv.conf # Generated by NetworkManager search kmvs.km.edu.tw nameserver 8.8.8.8 nameserver 1.1.1.1 nameserver 1.0.0.1 # ping dns PING dns.kmvs.km.edu.tw (163.25.20.1) 56(84) bytes of data. 64 bytes from dns.kmvs.km.edu.tw (163.25.20.1): icmp_seq=1 ttl=64 time=0.524 ms 64 bytes from dns.kmvs.km.edu.tw (163.25.20.1): icmp_seq=2 ttl=64 time=0.718 ms ^C --- dns.kmvs.km.edu.tw ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.524/0.621/0.718/0.097 ms [root@lfwiki ~]# (17-4) [root@lfwiki ~]# dnf -y --releasever=32 --installroot=/fc32 install fedora-release systemd passwd rootfiles sudo dracut dracut-network nfs-utils vim-minimal dnf Fedora Modular 32 - x86_64 - Updates 2.0 MB/s | 3.9 MB 00:01 Fedora 32 - x86_64 - Updates 1.6 MB/s | 27 MB 00:16 Fedora 32 - x86_64 : Installed: NetworkManager-1:1.22.16-1.fc32.x86_64 NetworkManager-libnm-1:1.22.16-1.fc32.x86_64 acl-2.2.53-5.fc32.x86_64 alternatives-1.11-6.fc32.x86_64 audit-libs-3.0-0.19.20191104git1c2f876.fc32.x86_64 basesystem-11-9.fc32.noarch bash-5.0.17-1.fc32.x86_64 bzip2-libs-1.0.8-2.fc32.x86_64 ca-certificates-2020.2.41-1.1.fc32.noarch coreutils-8.32-4.fc32.1.x86_64 coreutils-common-8.32-4.fc32.1.x86_64 cpio-2.13-4.fc32.x86_64 cracklib-2.9.6-22.fc32.x86_64 cracklib-dicts-2.9.6-22.fc32.x86_64 crypto-policies-20200619-1.git781bbd4.fc32.noarch crypto-policies-scripts-20200619-1.git781bbd4.fc32.noarch cryptsetup-libs-2.3.4-1.fc32.x86_64 curl-7.69.1-6.fc32.x86_64 cyrus-sasl-lib-2.1.27-4.fc32.x86_64 dbus-1:1.12.20-1.fc32.x86_64 dbus-broker-24-1.fc32.x86_64 dbus-common-1:1.12.20-1.fc32.noarch dbus-libs-1:1.12.20-1.fc32.x86_64 deltarpm-3.6.2-5.fc32.x86_64 device-mapper-1.02.171-1.fc32.x86_64 device-mapper-libs-1.02.171-1.fc32.x86_64 diffutils-3.7-4.fc32.x86_64 dnf-4.4.0-3.fc32.noarch dnf-data-4.4.0-3.fc32.noarch dracut-050-61.git20200529.fc32.x86_64 dracut-network-050-61.git20200529.fc32.x86_64 e2fsprogs-libs-1.45.5-3.fc32.x86_64 elfutils-debuginfod-client-0.181-1.fc32.x86_64 elfutils-default-yama-scope-0.181-1.fc32.noarch elfutils-libelf-0.181-1.fc32.x86_64 elfutils-libs-0.181-1.fc32.x86_64 expat-2.2.8-2.fc32.x86_64 fedora-gpg-keys-32-10.noarch fedora-release-32-4.noarch fedora-release-common-32-4.noarch fedora-repos-32-10.noarch file-5.38-4.fc32.x86_64 file-libs-5.38-4.fc32.x86_64 filesystem-3.14-2.fc32.x86_64 findutils-1:4.7.0-4.fc32.x86_64 fips-mode-setup-20200619-1.git781bbd4.fc32.noarch fuse-libs-2.9.9-9.fc32.x86_64 gawk-5.0.1-7.fc32.x86_64 gdbm-libs-1:1.18.1-3.fc32.x86_64 gettext-0.21-1.fc32.x86_64 gettext-libs-0.21-1.fc32.x86_64 glib2-2.64.6-1.fc32.x86_64 glibc-2.31-4.fc32.x86_64 glibc-all-langpacks-2.31-4.fc32.x86_64 glibc-common-2.31-4.fc32.x86_64 gmp-1:6.1.2-13.fc32.x86_64 gnupg2-2.2.20-2.fc32.x86_64 gnupg2-smime-2.2.20-2.fc32.x86_64 gnutls-3.6.15-1.fc32.x86_64 gpgme-1.14.0-1.fc32.x86_64 grep-3.3-4.fc32.x86_64 grub2-common-1:2.04-23.fc32.noarch grub2-tools-1:2.04-23.fc32.x86_64 grub2-tools-minimal-1:2.04-23.fc32.x86_64 grubby-8.40-40.fc32.x86_64 gssproxy-0.8.2-8.fc32.x86_64 gzip-1.10-2.fc32.x86_64 ima-evm-utils-1.2.1-3.fc32.x86_64 iproute-5.7.0-1.fc32.x86_64 iproute-tc-5.7.0-1.fc32.x86_64 iptables-libs-1.8.4-9.fc32.x86_64 iputils-20190515-7.fc32.x86_64 json-c-0.13.1-13.fc32.x86_64 kbd-2.2.0-1.fc32.x86_64 kbd-legacy-2.2.0-1.fc32.noarch kbd-misc-2.2.0-1.fc32.noarch keyutils-1.6-4.fc32.x86_64 keyutils-libs-1.6-4.fc32.x86_64 kmod-27-1.fc32.x86_64 kmod-libs-27-1.fc32.x86_64 kpartx-0.8.2-4.fc32.x86_64 krb5-libs-1.18.2-29.fc32.x86_64 libacl-2.2.53-5.fc32.x86_64 libarchive-3.4.3-1.fc32.x86_64 libargon2-20171227-4.fc32.x86_64 libassuan-2.5.3-3.fc32.x86_64 libattr-2.4.48-8.fc32.x86_64 libbasicobjects-0.1.1-44.fc32.x86_64 libblkid-2.35.2-1.fc32.x86_64 libbrotli-1.0.9-3.fc32.x86_64 libcap-2.26-7.fc32.x86_64 libcap-ng-0.7.11-1.fc32.x86_64 libcollection-0.7.0-44.fc32.x86_64 libcom_err-1.45.5-3.fc32.x86_64 libcomps-0.1.15-1.fc32.x86_64 libcurl-7.69.1-6.fc32.x86_64 libdb-5.3.28-40.fc32.x86_64 libdb-utils-5.3.28-40.fc32.x86_64 libdnf-0.54.2-3.fc32.x86_64 libev-4.31-2.fc32.x86_64 libevent-2.1.8-8.fc32.x86_64 libfdisk-2.35.2-1.fc32.x86_64 libffi-3.1-24.fc32.x86_64 libgcc-10.2.1-6.fc32.x86_64 libgcrypt-1.8.5-3.fc32.x86_64 libgomp-10.2.1-6.fc32.x86_64 libgpg-error-1.36-3.fc32.x86_64 libidn2-2.3.0-2.fc32.x86_64 libini_config-1.3.1-44.fc32.x86_64 libkcapi-1.2.0-3.fc32.x86_64 libkcapi-hmaccalc-1.2.0-3.fc32.x86_64 libksba-1.3.5-11.fc32.x86_64 libmetalink-0.1.3-13.fc32.x86_64 libmnl-1.0.4-11.fc32.x86_64 libmodulemd-2.9.3-1.fc32.x86_64 libmount-2.35.2-1.fc32.x86_64 libndp-1.7-5.fc32.x86_64 libnetfilter_conntrack-1.0.7-4.fc32.x86_64 libnfnetlink-1.0.1-17.fc32.x86_64 libnfsidmap-1:2.5.2-0.fc32.x86_64 libnghttp2-1.41.0-1.fc32.x86_64 libnsl2-1.2.0-6.20180605git4a062cf.fc32.x86_64 libpath_utils-0.2.1-44.fc32.x86_64 libpcap-14:1.9.1-3.fc32.x86_64 libpsl-0.21.0-4.fc32.x86_64 libpwquality-1.4.4-1.fc32.x86_64 libref_array-0.1.5-44.fc32.x86_64 librepo-1.12.1-1.fc32.x86_64 libreport-filesystem-2.13.1-5.fc32.noarch libseccomp-2.5.0-3.fc32.x86_64 libsecret-0.20.3-1.fc32.x86_64 libselinux-3.0-5.fc32.x86_64 libsemanage-3.0-3.fc32.x86_64 libsepol-3.0-4.fc32.x86_64 libsigsegv-2.11-10.fc32.x86_64 libsmartcols-2.35.2-1.fc32.x86_64 libsolv-0.7.14-1.fc32.x86_64 libssh-0.9.5-1.fc32.x86_64 libssh-config-0.9.5-1.fc32.noarch libstdc++-10.2.1-6.fc32.x86_64 libtasn1-4.16.0-1.fc32.x86_64 libtextstyle-0.21-1.fc32.x86_64 libtirpc-1.2.6-1.rc4.fc32.x86_64 libunistring-0.9.10-7.fc32.x86_64 libusbx-1.0.23-1.fc32.x86_64 libuser-0.62-24.fc32.x86_64 libutempter-1.1.6-18.fc32.x86_64 libuuid-2.35.2-1.fc32.x86_64 libverto-0.3.0-9.fc32.x86_64 libverto-libev-0.3.0-9.fc32.x86_64 libxcrypt-4.4.17-1.fc32.x86_64 libxcrypt-compat-4.4.17-1.fc32.x86_64 libxkbcommon-0.10.0-2.fc32.x86_64 libxml2-2.9.10-7.fc32.x86_64 libyaml-0.2.2-3.fc32.x86_64 libzstd-1.4.5-4.fc32.x86_64 linux-atm-libs-2.5.1-26.fc32.x86_64 lua-libs-5.3.5-8.fc32.x86_64 lz4-libs-1.9.1-2.fc32.x86_64 mkpasswd-5.5.7-1.fc32.x86_64 mpfr-4.0.2-5.fc32.x86_64 ncurses-6.1-15.20191109.fc32.x86_64 ncurses-base-6.1-15.20191109.fc32.noarch ncurses-libs-6.1-15.20191109.fc32.x86_64 nettle-3.5.1-5.fc32.x86_64 nfs-utils-1:2.5.2-0.fc32.x86_64 npth-1.6-4.fc32.x86_64 openldap-2.4.47-5.fc32.x86_64 openssl-1:1.1.1g-1.fc32.x86_64 openssl-libs-1:1.1.1g-1.fc32.x86_64 openssl-pkcs11-0.4.10-6.fc32.x86_64 os-prober-1.77-6.fc32.x86_64 p11-kit-0.23.21-2.fc32.x86_64 p11-kit-trust-0.23.21-2.fc32.x86_64 pam-1.3.1-27.fc32.x86_64 passwd-0.80-8.fc32.x86_64 pcre-8.44-2.fc32.x86_64 pcre2-10.35-8.fc32.x86_64 pcre2-syntax-10.35-8.fc32.noarch pigz-2.4-6.fc32.x86_64 pinentry-1.1.0-7.fc32.x86_64 polkit-libs-0.116-7.fc32.x86_64 popt-1.16-19.fc32.x86_64 procps-ng-3.3.16-1.fc32.x86_64 psmisc-23.3-3.fc32.x86_64 publicsuffix-list-dafsa-20190417-3.fc32.noarch python-pip-wheel-19.3.1-4.fc32.noarch python-setuptools-wheel-41.6.0-2.fc32.noarch python-unversioned-command-3.8.6-1.fc32.noarch python3-3.8.6-1.fc32.x86_64 python3-dbus-1.2.16-1.fc32.x86_64 python3-dnf-4.4.0-3.fc32.noarch python3-gpg-1.14.0-1.fc32.x86_64 python3-hawkey-0.54.2-3.fc32.x86_64 python3-libcomps-0.1.15-1.fc32.x86_64 python3-libdnf-0.54.2-3.fc32.x86_64 python3-libs-3.8.6-1.fc32.x86_64 python3-pip-19.3.1-4.fc32.noarch python3-rpm-4.15.1-3.fc32.1.x86_64 python3-setuptools-41.6.0-2.fc32.noarch python3-unbound-1.10.1-1.fc32.x86_64 qrencode-libs-4.0.2-5.fc32.x86_64 quota-1:4.05-9.fc32.x86_64 quota-nls-1:4.05-9.fc32.noarch readline-8.0-4.fc32.x86_64 rootfiles-8.1-27.fc32.noarch rpcbind-1.2.5-5.rc1.fc32.1.x86_64 rpm-4.15.1-3.fc32.1.x86_64 rpm-build-libs-4.15.1-3.fc32.1.x86_64 rpm-libs-4.15.1-3.fc32.1.x86_64 rpm-plugin-systemd-inhibit-4.15.1-3.fc32.1.x86_64 rpm-sign-libs-4.15.1-3.fc32.1.x86_64 sed-4.5-5.fc32.x86_64 setup-2.13.6-2.fc32.noarch shadow-utils-2:4.8.1-2.fc32.x86_64 shared-mime-info-1.15-3.fc32.x86_64 sqlite-libs-3.33.0-2.fc32.x86_64 sudo-1.9.2-1.fc32.x86_64 systemd-245.8-2.fc32.x86_64 systemd-libs-245.8-2.fc32.x86_64 systemd-pam-245.8-2.fc32.x86_64 systemd-rpm-macros-245.8-2.fc32.noarch systemd-udev-245.8-2.fc32.x86_64 trousers-0.3.13-15.fc32.x86_64 trousers-lib-0.3.13-15.fc32.x86_64 tss2-1331-4.fc32.x86_64 tzdata-2020d-1.fc32.noarch unbound-libs-1.10.1-1.fc32.x86_64 util-linux-2.35.2-1.fc32.x86_64 vim-minimal-2:8.2.1941-1.fc32.x86_64 which-2.21-19.fc32.x86_64 whois-nls-5.5.7-1.fc32.noarch xkeyboard-config-2.29-1.fc32.noarch xz-5.2.5-1.fc32.x86_64 xz-libs-5.2.5-1.fc32.x86_64 zchunk-libs-1.1.5-2.fc32.x86_64 zlib-1.2.11-21.fc32.x86_64 Complete! [root@lfwiki ~]# 註:dracut是一種事件驅動的 initramfs infrastructure,dracut指令會自裝妥的linux系統拷取必要的檔案與工具來產生initramfs。 (18-1) 不採hostonly,以利initramfs可支援多種硬體驅動程式: : # echo 'hostonly=no' > /fc32/etc/dracut.conf.d/hostonly.conf [root@lfwiki ~]# (18-2) 設定支援nfs [root@lfwiki ~]# echo 'add_dracutmodules+=" network nfs "' > /fc32/etc/dracut.conf.d/netboot.conf [root@lfwiki ~]# (18-3)再裝kernel組件 [root@lfwiki ~]# dnf -y --installroot=/fc32 install kernel : : Installed: alsa-sof-firmware-1.5-1.fc32.noarch kernel-5.9.8-100.fc32.x86_64 kernel-core-5.9.8-100.fc32.x86_64 kernel-modules-5.9.8-100.fc32.x86_64 linux-firmware-20201022-113.fc32.noarch linux-firmware-whence-20201022-113.fc32.noarch Complete! [root@lfwiki ~]# (18-4)設定不要自動更新kernel組件 [root@lfwiki ~]# echo 'exclude=kernel-*' >> /fc32/etc/dnf/dnf.conf [root@lfwiki ~]# cat /fc32/etc/dnf/dnf.conf [main] gpgcheck=1 installonly_limit=3 clean_requirements_on_remove=True best=False skip_if_unavailable=True exclude=kernel-* [root@lfwiki ~]# (19) [root@lfwiki ~]# echo 'exclude=kernel-*' >> /fc32/etc/dnf/dnf.conf [root@lfwiki ~]# MY_CLIENT_HOSTNAME=lfwiki-client1.kmvs.km.edu.tw [root@lfwiki ~]# echo $MY_CLIENT_HOSTNAME > /fc32/etc/hostname [root@lfwiki ~]# echo 'kernel.printk = 0 4 1 7' > /fc32/etc/sysctl.d/00-printk.conf [root@lfwiki ~]# echo 'liveuser:x:1000:1000::/home/liveuser:/bin/bash' >> /fc32/etc/passwd [root@lfwiki ~]# echo 'liveuser::::::::' >> /fc32/etc/shadow [root@lfwiki ~]# echo 'liveuser:x:1000:' >> /fc32/etc/group [root@lfwiki ~]# echo 'liveuser:!::' >> /fc32/etc/gshadow [root@lfwiki ~]# echo 'liveuser ALL=(ALL) NOPASSWD: ALL' > /fc32/etc/sudoers.d/liveuser (20) [root@lfwiki ~]# dnf install -y --installroot=/fc32 authselect oddjob-mkhomedir : Installed: authselect-1.2.1-1.fc32.x86_64 authselect-libs-1.2.1-1.fc32.x86_64 dbus-tools-1:1.12.20-1.fc32.x86_64 oddjob-0.34.6-1.fc32.x86_64 oddjob-mkhomedir-0.34.6-1.fc32.x86_64 Complete! (21) [root@lfwiki ~]# echo 'dirs /home' > /fc32/etc/rwtab.d/home [root@lfwiki ~]# chroot /fc32 authselect select sssd with-mkhomedir --force Backup stored at /var/lib/authselect/backups/2020-11-19-06-26-31.iqoAce Profile "sssd" was selected. The following nsswitch maps are overwritten by the profile: - passwd - group - netgroup - automount - services Make sure that SSSD service is configured and enabled. See SSSD documentation for more information. - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module is present and oddjobd service is enabled and active - systemctl enable --now oddjobd.service [root@lfwiki ~]# [root@lfwiki ~]# chroot /fc32 systemctl enable oddjobd.service Created symlink /etc/systemd/system/multi-user.target.wants/oddjobd.service → /usr/lib/systemd/system/oddjobd.service. [root@lfwiki ~]# 註:chroot指令用以改變所指定命令或程序的根目錄 (22)# sed -i 's/^READONLY=no$/READONLY=yes/' /fc32/etc/sysconfig/readonly-root ????? # sed -i 's/^READONLY=no$/READONLY=yes/' /fc32/etc/sysconfig/readonly-root sed: can't read /fc32/etc/sysconfig/readonly-root: No such file or directory [root@lfwiki ~]# ??? (23)# cat /fc28/etc/sysconfig/readonly-root # Set to 'yes' to mount the system filesystems read-only. # NOTE: It's necessary to append 'ro' to mount options of '/' mount point in # /etc/fstab as well, otherwise the READONLY option will not work. READONLY=yes # Set to 'yes' to mount various temporary state as either tmpfs # or on the block device labelled RW_LABEL. Implied by READONLY TEMPORARY_STATE=no # Place to put a tmpfs for temporary scratch writable space RW_MOUNT=/var/lib/stateless/writable # Label on local filesystem which can be used for temporary scratch space RW_LABEL=stateless-rw # Options to use for temporary mount RW_OPTIONS= # Label for partition with persistent data STATE_LABEL=stateless-state # Where to mount to the persistent data STATE_MOUNT=/var/lib/stateless/state # Options to use for persistent mount STATE_OPTIONS= # NFS server to use for persistent data? CLIENTSTATE= # Use slave bind-mounts SLAVE_MOUNTS=yes (24-1)# sed -i 's/^#Storage=auto$/Storage=volatile/' /fc28/etc/systemd/journald.conf (24-2)# cat /fc28/etc/systemd/journald.conf # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # Entries in this file show the compile time defaults. # You can change settings by editing this file. # Defaults can be restored by simply deleting this file. # # See journald.conf(5) for details. [Journal] Storage=volatile #Compress=yes #Seal=yes #SplitMode=uid #SyncIntervalSec=5m #RateLimitIntervalSec=30s #RateLimitBurst=1000 #SystemMaxUse= #SystemKeepFree= #SystemMaxFileSize= #SystemMaxFiles=100 #RuntimeMaxUse= #RuntimeKeepFree= #RuntimeMaxFileSize= #RuntimeMaxFiles=100 #MaxRetentionSec= #MaxFileSec=1month #ForwardToSyslog=no #ForwardToKMsg=no #ForwardToConsole=no #ForwardToWall=yes #TTYPath=/dev/console #MaxLevelStore=debug #MaxLevelSyslog=debug #MaxLevelKMsg=notice #MaxLevelConsole=info #MaxLevelWall=emerg #LineMax=48K #ReadKMsg=yes (25)# cat << END > /fc28/etc/resolv.conf > nameserver 192.168.1.1 > nameserver 163.25.20.1 > END (26) # echo 'dirs /var/lib/gssproxy' > /fc28/etc/rwtab.d/gssproxy # cat << END > /fc28/etc/rwtab.d/systemd > dirs /var/lib/systemd/catalog > dirs /var/lib/systemd/coredump > END (27) # mkdir /export/fc28 # echo '/fc28 /export/fc28 none bind 0 0' >> /etc/fstab # mount /export/fc28 # echo "/export/fc28 -ro,sec=sys,no_root_squash 192.168.1.0/24" > /etc/exports.d/fc28.exports # exportfs -vr exporting 192.168.1.0/24:/export/fc28 exporting 192.168.1.0/24:/export (28)比一下: # ls /fc28 bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var # ls /export/fc28 bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var # ls / bin boot dev etc export fc28 home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var select id,article_id,topic,text from lt_articles_text where article_id =473; ok.
REF: Netboot server