您现在的位置是: 网站首页 >Docker >Shell常用脚本 Docker
【docker、tftp、ipxe、nginx】Docker启动PE支持密码镜像生成
admin2021年4月20日 18:07 【Docker | Linux | Shell 】 2029人已围观
Shell常用脚本简介 汇总常用的Shell常用脚本
# dhcp服务(已有) 已有dhcp独立的服务器,配置好`next-server` ```conf # 部分配置文件 next-server 192.168.96.20; class "pxeclient" { match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; if substring (option vendor-class-identifier, 15, 5) = "00000" { # BIOS client filename "undionly.kpxe"; } else { # default to EFI 64 bit filename "ipxe.efi"; } } ``` # 【Script】制作启动PE镜像的脚本 - 需要安装Docker环境 - 以下为制作镜像的脚本(基于alpine),由于需要启动PE的iso,使用nginx作文件浏览器。将生成的文件传到其他设备,导入直接启动即可。 - 网络启动PE需要输入密码,满足安全启动要求 ```bash #!/usr/bin/env bash # 内中网ipxe启动pe使用 # PE使用nginx监听36987端口,用于sanboot启动 http://192.168.96.20:36987/WePE_64_V2.1.iso # Linux执行脚本,生成Docker # 创建工作目录 mkdir docker_with_tftp_ipxe/ cd docker_with_tftp_ipxe/ # 编译ipxe apt-get install make gcc liblzma-dev git -y git clone git://git.ipxe.org/ipxe.git echo "创建 boot.ipxe 文件" cd ipxe/src/ cat > boot.ipxe << \EOF #!ipxe menu PXE Server dhcp # 不需要密码,如果需要密码注释下面行 # prompt --key 0x157e --timeout 6000 Press F9 Continue! && goto menutftp # ============================ 密码开始 ================================= prompt --key 0x157e --timeout 6000 Press F9 Continue! && goto passloop0 || goto otherkey :otherkey prompt --key 0x02 --timeout 6000 Press Ctrl+B Continue! && goto passloop0 || reboot :passloop0 prompt --key c Password: && goto passloop1 || goto passloop0 :passloop1 prompt --key d Password: && goto passloop2 || goto passloop0 :passloop2 prompt --key i Password: && goto passloop3 || goto passloop0 :passloop3 prompt --key t Password: && goto menutftp || goto passloop0 # ============================ 密码结束 ================================= :menutftp # 访问tftp上的ipxe文件,相当于一个菜单 chain tftp://${next-server}/menu.ipxe || echo Fail to get from tftp, Exit! && goto exit :failed echo Booting failed, Exit goto exit :config config :reboot reboot :exit exit EOF echo "编译undionly.kpxe 和 ipxe.efi" # 传统模式 make bin/undionly.kpxe EMBED=boot.ipxe 2>&1 > make_undionly.log cp cp bin/undionly.kpxe ../../ # UEFI模式 make bin-x86_64-efi/ipxe.efi EMBED=boot.ipxe 2>&1 > make_ipxe.log cp cp bin-x86_64-efi/ipxe.efi ../../ cd ../../ echo "准备pxe菜单文件" cat > menu.ipxe << \EOF #!ipxe # Setup some basic convenience variables set menu-timeout 30000 set submenu-timeout 5000 # 测试是否存在ip,否则dhcp自动获取 isset ${ip} || dhcp # 确保menu-default变量设置了,如果没有指定为exit isset ${menu-default} || set menu-default exit ######## MAIN MENU ######## :start # 显示menu标题 menu IT & PXE Boot Menu # 列项,可以指定热键,别名 # item [-m|--menu <menu>] [-k|--key <key>] [-d|--default] [-g|--gap] [<labe>] [<text>] item --gap -- ----------- Select the following menu for ( ${mac} ) ----------- item --gap item --gap Menu A: item exit Start OS installation or Boot from local disk By count down item --key p windows_pe_tools [P] Boot WinPE Tools AD item --gap item --gap Menu B: item --gap item --gap Menu C: # 进入另一个菜单 item advanced Advanced # 在倒计时后选择默认项 choose --timeout ${menu-timeout} --default ${menu-default} target && goto ${target} ################################## 菜单A ################################## # PE启动项 :windows_pe_tools echo sanboot http://${next-server}:36987/WePE_64_V2.1.iso sanboot --no-describe http://${next-server}:36987/WePE_64_V2.1.iso # sanboot --no-describe http://192.168.96.20:36987/WePE_64_V2.1.iso boot ################################## 菜单B ################################## ################################## 菜单C ################################## :advanced menu Advanced # 隐藏这些功能 item config Configure settings item shell Enter iPXE shell item reboot Reboot item back Back to top menu... choose --timeout ${submenu-timeout} --default back selected && goto ${selected} :shell # 打开命令行 echo Type 'exit' to get the back to the menu. shell set menu-timeout 0 goto start :failed echo Booting failed, dropping to shell goto shell :reboot # 重启 reboot :exit # 退出 exit :local # 从本地硬盘启动(测试失败) sanboot --no-describe --drive 0x80 :config # 进入配置 config goto start :back set submenu-timeout 0 clear submenu-default goto start EOF echo "准备WinPE的iso文件,需要在外网运行" wget http://192.168.96.20:8088/images/WePE_64_V2.1.iso -O WePE_64_V2.1.iso echo "该目录需要有 undionly.kpxe、ipxe.efi、menu.ipxe、WePE_64_V2.1.iso 文件" ls docker pull alpine echo "准备docker运行脚本" cat > entrypoint.sh << \EOF #!/bin/sh echo "run http server with nginx" nginx echo "run tftpd" in.tftpd -L --secure /var/tftpboot EOF echo "准备nginx配置文件,用于pe显示" cat > nginx36987.conf << \EOF server { listen 36987 default_server; listen [::]:36987 default_server; root /var/tftpboot; location / { try_files $uri $uri/ =404; autoindex on; autoindex_exact_size off; autoindex_localtime on; } } EOF echo "准备Dockerfile文件" cat > dockerfile_tftp_alpine << \EOF FROM alpine ENV tftpboot /var/tftpboot # 设置时区 RUN apk update && apk add ca-certificates && \ apk add tzdata && \ ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ echo "Asia/Shanghai" > /etc/timezone RUN apk add --no-cache tftp-hpa # RUN apk add --no-cache python3 RUN apk add --no-cache nginx VOLUME ${tftpboot} COPY undionly.kpxe ${tftpboot} COPY ipxe.efi ${tftpboot} COPY menu.ipxe ${tftpboot} COPY WePE_64_V2.1.iso ${tftpboot} RUN rm -f /etc/nginx/http.d/default.conf COPY nginx36987.conf /etc/nginx/http.d/ RUN mkdir /run/nginx/ && touch /run/nginx/nginx.pid COPY entrypoint.sh / RUN chmod +x /entrypoint.sh EXPOSE 69/udp 36987 ENTRYPOINT ["/entrypoint.sh"] #ENTRYPOINT ["in.tftpd"] #CMD ["-L", "--secure", "/var/tftpboot"] EOF echo "创建镜像" docker build -t alpine/itnest_tftp_ipxe:v1 -f dockerfile_tftp_alpine . --no-cache echo "运行容器" docker stop itnest_tftp_ipxe && docker rm itnest_tftp_ipxe docker run --rm -d --name itnest_tftp_ipxe --net host -p 0.0.0.0:69:69/udp alpine/itnest_tftp_ipxe:v1 docker save alpine/itnest_tftp_ipxe:v1 -o ./itnest_tftp_ipxe.tar # 拷贝到内、中网机运行 # docker load < itnest_tftp_ipxe.tar # docker stop itnest_tftp_ipxe # docker rm itnest_tftp_ipxe # docker run -d --name itnest_tftp_ipxe --net host -p 0.0.0.0:69:69/udp --restart=always alpine/itnest_tftp_ipxe:v1 ``` # 效果图 ![BLOG_20210420_180918_26](/media/blog/images/2021/04/BLOG_20210420_180918_26.png "博客图集BLOG_20210420_180918_26.png") ![BLOG_20210420_180923_74](/media/blog/images/2021/04/BLOG_20210420_180923_74.png "博客图集BLOG_20210420_180923_74.png") ![BLOG_20210420_180927_74](/media/blog/images/2021/04/BLOG_20210420_180927_74.png "博客图集BLOG_20210420_180927_74.png") ![BLOG_20210420_180934_43](/media/blog/images/2021/04/BLOG_20210420_180934_43.png "博客图集BLOG_20210420_180934_43.png")
很赞哦! (1)
相关文章
文章交流
- emoji