ipxe + 定制systemrescue实现远程可连接，可执行ipmtool，可执行storecli

博主： admin
发布时间：2024 年 06 月 03 日
592 次浏览
暂无评论
514字数
分类：运维故事实验室 jncsy PC&服务器周边 PXE

ipxe是一个不错的网络启动软件，通过与dnsmasq提供的dns、tftp等服务，实现服务器/PC通过PXE启动，并获取启动文件，可以启动systemrescue CD系统。通过定制systemrescue CD，实现关闭默认防火墙、设置密码、开启VNC、加装storecli文件等，实现配置服务器的IPMI、磁盘RAID等操作，相对于传统进入服务器BIOS进行BMC配置、磁盘RAID等操作，节省了时间、提高了效率、提升了工程师的荣誉感。

# 前提

准备一台CentOS7.9的系统。

```
mkdir -p /data/wwwroot/ipxe/{centosboot,kickstart,menu,pxefile,tftpboot,pxelinux}
yum -y install gcc binutils make perl liblzma xz-devel mtools mkisofs

```

# 配置ipxe

```
mkdir -p /soft/ipxe && cd /soft/ipxe

```

```
cd /soft/ipxe/src/
cat <<'EOF'>/soft/ipxe/src/bootserver.ipxe
#!ipxe
dhcp
chain http://192.168.234.128/ipxe/boot.ipxe
EOF
make bin/undionly.kpxe EMBED=bootserver.ipxe
cp bin/undionly.kpxe /data/wwwroot/ipxe/tftpboot/
ls /data/wwwroot/ipxe/tftpboot/
```

## boot.ipxe文件

```
cat <<'EOF'>/data/wwwroot/ipxe/tftpboot/boot.ipxe
#!ipxe
set web-ip 192.168.234.128
#console --x 1024 --y 768
#console --picture http://${web-ip}/ipxe/menu/splash.png

:start
menu Welcome to iPXE's Boot Menu
item
item --gap -- ------------------------- Utilities ------------------------------
item openeduler-22.03-sp3    openeduler-22.03-sp3
item centos-7.9    centos-7.9
item usbos usbos
item systemrescue systemrescue
item reboot     Reboot
item exit       Exit (boot local disk)
choose --default systemrescue --timeout 3000 target && goto ${target}

:openeduler-22.03-sp3
dhcp
initrd http://${web-ip}/ipxe/boot/openeduler-22.03-sp3/initrd.img
kernel http://${web-ip}/ipxe/boot/openeduler-22.03-sp3/vmlinuz inst.ks=http://${web-ip}/ipxe/kickstart/openeuler-22.03-sp3.ks.cfg inst.repo=http://${web-ip}/os/openeuler-22.03-sp3/
imgargs vmlinuz initrd=initrd.img inst.ks=http://${web-ip}/ipxe/kickstart/openeuler-22.03-sp3.ks.cfg inst.repo=http://${web-ip}/os/openeuler-22.03-sp3/ ksdevice=bootif net.ifnames=0 biosdevname=0
boot || goto failed
goto start

:centos-7.9
dhcp
initrd http://${web-ip}/ipxe/boot/centos-7.9/initrd.img
kernel http://${web-ip}/ipxe/boot/centos-7.9/vmlinuz ks=http://${web-ip}/ipxe/kickstart/centos-7.9.ks.cfg inst.repo=http://${web-ip}/os/centos-7.9/
imgargs vmlinuz ks=http://${web-ip}/ipxe/kickstart/centos-7.9.ks.cfg inst.repo=http://${web-ip}/os/centos-7.9/ ksdevice=bootif net.ifnames=0 biosdevname=0
boot || goto failed
goto start

:usbos
dhcp
kernel http://${web-ip}/ipxe/memdisk/memdisk || read void
initrd http://${web-ip}/os/usbos/USBOSV3.iso || read void
imgargs memdisk iso raw || read void
boot || goto failed
goto start

:systemrescue
dhcp
kernel http://${web-ip}/ipxe/memdisk/memdisk || read void
initrd http://${web-ip}/os/systemrescue/systemrescue-11.00-amd64.20240603.iso || read void
imgargs memdisk iso raw || read void
boot || goto failed
goto start

:reboot
reboot

:exit
exit

EOF

```

## memdisk

```
yum install -y syslinux
mkdir -p /data/wwwrroot/ipxe/memdisk
cp -f /usr/share/syslinux/memdisk /data/wwwroot/ipxe/memdisk/

```

# 配置dnsmasq

```
yum install dnsmasq -y
cat <<'EOF'>/etc/dnsmasq.d/pxe.conf
bind-interfaces
dhcp-range=192.168.234.15,192.168.234.250,255.255.255.0,8h
dhcp-option=option:router,192.168.234.2
dhcp-option=option:dns-server,223.5.5.5,223.6.6.6
dhcp-boot=tag:ipxe,boot.ipxe
dhcp-boot=tag:!ipxe,tag:bios,undionly.kpxe
dhcp-match=set:bios,option:client-arch,0
dhcp-match=set:ipxe,175
enable-tftp
tftp-root=/data/wwwroot/ipxe/tftpboot/
EOF
systemctl enable dnsmasq && systemctl start dnsmasq

dhcp-boot=undionly.kpxe,server.name,192.168.234.128

ss -nupl | grep dnsmasq | egrep "67|69"
```

# 配置nginx

```
yum install epel-release -y
yum install nginx -y
cat <<'EOF'>/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /data/wwwroot/;
        autoindex on;
        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
        location = /404.html {
        }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }
}

EOF

systemctl start nginx && systemctl enable nginx

```

# 准备ISO文件

## openeuler-22.03-sp3

```
mount openEuler-22.03-LTS-SP3-x86_64-dvd.iso /mnt/
mkdir -p /data/wwwroot/os/openeduler-22.03-sp3/
cp -rvf  /mnt/.  /data/wwwroot/os/openeduler-22.03-sp3/
mkdir -p /data/wwwroot/ipxe/boot/openeduler-22.03-sp3/
cp /mnt/isolinux/vmlinuz  /data/wwwroot/ipxe/boot/openeduler-22.03-sp3/
cp /mnt/isolinux/initrd.img  /data/wwwroot/ipxe/boot/openeduler-22.03-sp3/
umount /mnt/
rm -rf openEuler-22.03-LTS-SP3-x86_64-dvd.iso

```

```
cat <<'EOF'>/data/wwwroot/ipxe/kickstart/openeuler-22.03-sp3.ks.cfg 
# Generated by Anaconda 36.16.5
# Generated by pykickstart v3.47
#version=DEVEL
# Use graphical install
graphical

%post
#enable kdump
sed  -i "s/ ro / ro crashkernel=1024M,high /" /boot/efi/EFI/openEuler/grub.cfg
%end

# Keyboard layouts
keyboard --vckeymap=cn --xlayouts='cn'
# System language
lang zh_CN.UTF-8

# Use network installation
url --url="http://192.168.234.128/os/openeuler-22.03-sp3/"

%packages
@^minimal-environment

%end

# Generated using Blivet version 3.4.2
ignoredisk --only-use=sda
autopart
# Partition clearing information
clearpart --none --initlabel

# System timezone
timezone Asia/Shanghai

# Root password
rootpw --iscrypted $y$j9T$l3LxKOT45AGD4rTegu7USHWT$MJACOvOmi9d/bepoQ2Wu7UGe.JRLVUNlngHGqvCcLX3

reboot
EOF

```

## centos-7.9

```

```
[root@localhost kickstart]# cat centos-7.9.ks.cfg 
#version=DEVEL
# System authorization information
auth --enableshadow --passalgo=sha512
# Use graphical install
graphical
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=sda
# Keyboard layouts
keyboard --vckeymap=cn --xlayouts='cn'
# System language
lang zh_CN.UTF-8

# Network information
network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate
network  --hostname=localhost.localdomain

# Use network installation
url --url="http://192.168.234.128/os/centos-7.9/"
# Root password
rootpw --iscrypted $6$FM/bG28ZgtpU3lmq$Ky9IBghyRObR4/zZOXPxqQBFI/5geHw4fv6Zg3OCsSkXNuczXKzaR2EeJz5jpzZd0XaobZwQ7e/NcBOBwyjBk/
# System services
services --enabled="chronyd"
# System timezone
timezone Asia/Shanghai --isUtc
# System bootloader configuration
bootloader --location=mbr --boot-drive=sda
autopart --type=lvm
# Partition clearing information
clearpart --none --initlabel

reboot

%packages
@^minimal
@core
chrony

%end

%addon com_redhat_kdump --disable --reserve-mb='auto'

%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

```

# 定制systemrescueCD

```
yum install -y mksquashfs patch xorriso squashfs-tools

```

```
cd /data/wwwroot/os/systemrescue
wget ....
sysrescue-customize --unpack -s systemrescue-11.00-amd64.iso -d isocontents
```

```
cat <<'EOF'>/data/wwwroot/os/systemrescue/isocontents/filesystem/sysrescue.d/100-defaults.yaml 
---
global:
    copytoram: true
    checksum: true
    nofirewall: true
    loadsrm: false
    #late_load_srm: "https://example.com/myconfig.srm"
    #setkmap: "fr-latin1"
    dostartx: true
    dovnc: true
    rootshell: "/bin/bash"
    #rootcryptpass: "$6$Y.AolXkpG/Js2Zqx$z7J893qtB7jKn3z39ucbgvpkJ6wTrJ8N0CBVr5cJ.uXugGTMTSjMI7qsSTu4UTFGGKpGyEG/BnYNRE6oZFO4b0"
    rootpass: "Lab_1314"
    vncpass: "Lab_1314"

autorun:
    ar_disable: false
    ar_nowait: true
    ar_nodel: false
    ar_attempts: 1
    ar_ignorefail: false
    ar_suffixes: "0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F"

autoterminal:
    tty2: "/usr/bin/tmux"

sysconfig:
    bash_history:
        100: "setkmap"
EOF

```

```
cd /data/wwwroot/os/systemrescue/isocontents/filesystem/autorun
wget https://d2.sddts.cn/d/download/usbos/Unified_storcli_all_os/Linux/MegaRAID.zip
unzip -d . MegaRAID.zip

```

```
cd /data/wwwroot/os/systemrescue
sysrescue-customize --rebuild -d systemrescue-11.00-amd64.20240603.iso -s isocontents --overwrite

```

# 测试效果

（1）网络启动systemrescue。
<video src="http://vip.123pan.cn/1815238395/%E5%BD%B1%E5%83%8F%E8%B5%84%E6%96%99/%E8%87%AA%E5%88%B6%E5%89%A7/%E8%BF%90%E7%BB%B4%E8%B6%A3%E4%BA%8B/20240603.ipxe%E6%B5%8B%E8%AF%95/20240603.%E7%BD%91%E7%BB%9C%E5%90%AF%E5%8A%A8openeuler.mp4" style="background-image:url(https://www.sddts.cn/usr/themes/handsome/assets/img/video.jpg);background-size: cover;"></video>

（2）网络自动安装openeuler-22.03-sp3
<video src="http://vip.123pan.cn/1815238395/%E5%BD%B1%E5%83%8F%E8%B5%84%E6%96%99/%E8%87%AA%E5%88%B6%E5%89%A7/%E8%BF%90%E7%BB%B4%E8%B6%A3%E4%BA%8B/20240603.ipxe%E6%B5%8B%E8%AF%95/20240603.%E7%BD%91%E7%BB%9C%E8%87%AA%E5%8A%A8%E5%AE%89%E8%A3%85openeuler-22.03-sp3.mp4" style="background-image:url(https://www.sddts.cn/usr/themes/handsome/assets/img/video.jpg);background-size: cover;"></video>

最后修改：2024 年 06 月 05 日

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱 *

地址

ipxe + 定制systemrescue实现远程可连接，可执行ipmtool，可执行storecli

admin • 2024 年 06 月 03 日

# 前提

准备一台CentOS7.9的系统。

```
mkdir -p /data/wwwroot/ipxe/{centosboot,kickstart,menu,pxefile,tftpboot,pxelinux}
yum -y install gcc binutils make perl liblzma xz-devel mtools mkisofs

```

# 配置ipxe

```
mkdir -p /soft/ipxe && cd /soft/ipxe

```

## boot.ipxe文件

```
cat <<'EOF'>/data/wwwroot/ipxe/tftpboot/boot.ipxe
#!ipxe
set web-ip 192.168.234.128
#console --x 1024 --y 768
#console --picture http://${web-ip}/ipxe/menu/splash.png

:usbos
dhcp
kernel http://${web-ip}/ipxe/memdisk/memdisk || read void
initrd http://${web-ip}/os/usbos/USBOSV3.iso || read void
imgargs memdisk iso raw || read void
boot || goto failed
goto start

:reboot
reboot

:exit
exit

EOF

```

## memdisk

```
yum install -y syslinux
mkdir -p /data/wwwrroot/ipxe/memdisk
cp -f /usr/share/syslinux/memdisk /data/wwwroot/ipxe/memdisk/

```

# 配置dnsmasq

dhcp-boot=undionly.kpxe,server.name,192.168.234.128

ss -nupl | grep dnsmasq | egrep "67|69"
```

# 配置nginx

EOF

systemctl start nginx && systemctl enable nginx

```

# 准备ISO文件

## openeuler-22.03-sp3

```

```
cat <<'EOF'>/data/wwwroot/ipxe/kickstart/openeuler-22.03-sp3.ks.cfg 
# Generated by Anaconda 36.16.5
# Generated by pykickstart v3.47
#version=DEVEL
# Use graphical install
graphical

%post
#enable kdump
sed  -i "s/ ro / ro crashkernel=1024M,high /" /boot/efi/EFI/openEuler/grub.cfg
%end

# Keyboard layouts
keyboard --vckeymap=cn --xlayouts='cn'
# System language
lang zh_CN.UTF-8

# Use network installation
url --url="http://192.168.234.128/os/openeuler-22.03-sp3/"

%packages
@^minimal-environment

%end

# Generated using Blivet version 3.4.2
ignoredisk --only-use=sda
autopart
# Partition clearing information
clearpart --none --initlabel

# System timezone
timezone Asia/Shanghai

# Root password
rootpw --iscrypted $y$j9T$l3LxKOT45AGD4rTegu7USHWT$MJACOvOmi9d/bepoQ2Wu7UGe.JRLVUNlngHGqvCcLX3

reboot
EOF

```

## centos-7.9

```

# Network information
network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate
network  --hostname=localhost.localdomain

reboot

%packages
@^minimal
@core
chrony

%end

%addon com_redhat_kdump --disable --reserve-mb='auto'

%end

```

# 定制systemrescueCD

```
yum install -y mksquashfs patch xorriso squashfs-tools

```

```
cd /data/wwwroot/os/systemrescue
wget ....
sysrescue-customize --unpack -s systemrescue-11.00-amd64.iso -d isocontents
```

autorun:
    ar_disable: false
    ar_nowait: true
    ar_nodel: false
    ar_attempts: 1
    ar_ignorefail: false
    ar_suffixes: "0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F"

autoterminal:
    tty2: "/usr/bin/tmux"

sysconfig:
    bash_history:
        100: "setkmap"
EOF

```

```
cd /data/wwwroot/os/systemrescue/isocontents/filesystem/autorun
wget https://d2.sddts.cn/d/download/usbos/Unified_storcli_all_os/Linux/MegaRAID.zip
unzip -d . MegaRAID.zip

```

```
cd /data/wwwroot/os/systemrescue
sysrescue-customize --rebuild -d systemrescue-11.00-amd64.20240603.iso -s isocontents --overwrite

```

# 测试效果

ipxe + 定制systemrescue实现远程可连接，可执行ipmtool，可执行storecli

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

搭建国内LabHub

CentOS 7.9 编译并使用rpm方式升级openssh9.6p1（包括后续更新9.8p1等）

一天从 redis 大 key 开始

安装eve-ng

重装ensp

2026.01.12. Technical Analysis of Telegram Proxy Connection Vulnerability Leading to IP Address Exposure

SnapBench LLM 空间推理基准测试技术分析

基于 vmware_exporter 的 ESXi 监控方案技术分析

Linux下touch的花式用法

特斯拉混合精度桥接专利技术分析

ipxe + 定制systemrescue实现远程可连接，可执行ipmtool，可执行storecli

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

ipxe + 定制systemrescue实现远程可连接，可执行ipmtool，可执行storecli

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款