🥇Imenyu yokuqalisa ye-PXE eneMenenja Yokucushwa Yesikhungo Sesistimu

Sihlola ukwandisa amakhono e-System Center Configuration Manager (umkhiqizo wokuphathwa kwengqalasizinda ye-IT) lapho siqalisa kabusha ama-PC abasebenzisi ngenethiwekhi sisebenzisa i-PXE. Sakha imenyu yokuqalisa esekelwe ku-PXE.Linux ngokusebenza kweSikhungo Sesistimu futhi wengeze amakhono okuskena ama-antivirus, izithombe zokuxilonga, kanye nokutakula. Ekupheleni kwesihloko, sizothinta imininingwane yokuthi iSikhungo Sokucushwa kweSikhungo Sesikhungo 2012 sisebenza kanjani ne Windows Deployment Services (WDS) при загрузке через PXE.

Senza zonke izenzo endaweni yokuhlola esivele inesiphathi se-System Center 2012 se-SP1 esifakiwe, isilawuli sesizinda, kanye nenani lemishini yokuhlola. Kucatshangwa ukuthi i-SCCM isivele isebenzisa inethiwekhi isebenzisa i-PXE.

entry

Тестовая среда состоит из нескольких виртуальных машин. На всех машинах установлена гостевая ОС Microsoft Windows Server 2008 R2 (x64), сетевой адаптер E1000, SCSI Controller: LSI Logic SAS

Igama (Izindima)
Ikheli le-IP / igama le-DNS
Ukusebenza

I-SCCM (I-System Center Configuration Manager)
192.168.57.102
sccm2012.test.local

Kufakiwe Isiphathi Sokucushwa Kwesikhungo Sesistimu 2012 SP1

I-DC (AD,DHCP,DNS)
192.168.57.10
dc1.test.local

Indima yesilawuli sesizinda, iseva ye-DHCP kanye neseva ye-DNS

TEST (Umshini wokuhlola)
192.168.57.103
test.test.local

Okokuhlola

G.W. (Isango)
192.168.57.1
Umzila phakathi kwamanethiwekhi. Indima yesango

1. Добавляем PXELinux в SCCM

Senza izenzo emshinini lapho Umphathi Wokucushwa Wesikhungo Sesistimu efakwe khona

Ake sinqume uhla lwemibhalo lapho amafayela e-WDS atholakala khona ukuze alandwe, ngoba lokhu sibheka ebhukwini ngenani lepharamitha. RootFolder egatsheni HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesWDSServerProvidersWDSTFTP
Inani elizenzakalelayo C:RemoteInstall
Amafayela azolandwa endaweni ye-SCCM yokuphakelwa atholakala ohlwini lwemibhalo smsbootx86 и smsbootx64 kuye ngokuthi i-architecture.
Okokuqala, setha uhla lwemibhalo lwezakhiwo ezingama-32-bit, ngokuzenzakalelayo c:Remoteinstallsmsbootx86
Landa ingobo yomlando nokwakamuva syslinux . Kopisha kusuka ku-syslinux-5.01.zip kuye c:Remoteinstallsmsbootx86 amafayela alandelayo:
memdisk, chain.c32, ldlinux.c32, libcom32.c32, libutil.c32, pxechn.c32, vesamenu.c32, pxelinux.0
Amafayela engeziwe ayadingeka ukuze kugwenywe iphutha elinjalo.
В c:Remoteinstallsmsbootx86 qamba kabusha pxelinux.0 в pxelinux.com
Kufolda c:remoteinstallsmsbootx86 yenza ikhophi abortpxe.com futhi uyiqambe kabusha ukuze abortpxe.0
Uma kungenjalo ukuqamba kabusha kusandiso .0, bese ngokwesibonelo isiyalo
```
Kernel abortpxe.com
```
izohluleka ngephutha elilandelayo: Ukuqalisa i-kernel kwehlulekile: Inombolo yefayela embi
Ku-PXELINUX, isandiso sefayela lokulanda kufanele sisethwe ngokuya ngepuleti
```
none or other	Linux kernel image
 .0		PXE bootstrap program (NBP) [PXELINUX only]
 .bin		"CD boot sector" [ISOLINUX only]
 .bs		Boot sector [SYSLINUX only]
 .bss		Boot sector, DOS superblock will be patched in [SYSLINUX only]
 .c32		COM32 image (32-bit COMBOOT)
 .cbt		COMBOOT image (not runnable from DOS)
 .com		COMBOOT image (runnable from DOS)
 .img		Disk image [ISOLINUX only]
```
Source: http://www.syslinux.org/wiki/index.php/SYSLINUX#KERNEL_file isigaba "Kernel file"
Ukuze ungacindezeli ukhiye we-F12 izikhathi eziningana lapho ulayisha i-SCCM ngemenyu, qamba kabusha i-pxeboot.com kuya ku-pxeboot.com.f12, kopisha pxeboot.n12 ku-pxeboot.com
Uma lokhu kungenziwanga, lapho-ke sikhetha, sizothola umlayezo onjalo njalo

Qaphela: Ungakhohlwa ukuqamba kabusha lawa mafayela kufolda ye-x64 futhi. uma ilayisha x86wdsnbp.com kusuka kufolda ye-x86, isilayishi sinquma ukwakheka kweprosesa futhi ifayela elilandelayo lilayishwa kusuka kufolda ngezakhiwo ezihambisanayo. Ngakho, ku-x64, ifayela elilandelayo ngeke libe x86pxeboot.com, futhi x64pxeboot.com
Landa / dala ingemuva.png, ukulungiswa okungu-640x480, kopisha kufolda efanayo. Dala ifolda ISO lapho sizobeka khona izithombe ze-ISO. Dala ifolda pxelinux.cfg kwe-configs.

Kufolda ye-pxelinux.cfg, dala ifayela elizenzakalelayo, ngombhalo wekhodi okungeyona i-unicode, nokuqukethwe
okuzenzakalelayo (Chofoza ukuze ubonise)

# используем графическое меню
DEFAULT vesamenu.c32
PROMPT 0
timeout 80
TOTALTIMEOUT 9000

MENU TITLE PXE Boot Menu (x86)
MENU INCLUDE pxelinux.cfg/graphics.conf
MENU AUTOBOOT Starting Local System in 8 seconds

# Boot local HDD (default)
LABEL bootlocal
menu label Boot Local
menu default
localboot 0x80
# if it doesn't work 
#kernel chain.c32
#append hd0

# Вход в меню по паролю Qwerty, алгоритм MD5
label av
menu label Antivirus and tools
menu PASSWD $1$15opgKTx$dP/IaLNiCbfECiC2KPkDC0
kernel vesamenu.c32
append pxelinux.cfgav.conf 

label sccm
menu label Start to SCCM
COM32 pxechn.c32
APPEND sccm2012.test.local::smsbootx86wdsnbp.com -W

label pxe64
menu label Start to x64 pxelinux
COM32 pxechn.c32
APPEND sccm2012.test.local::smsbootx64pxelinux.com

LABEL Abort
MENU LABEL Exit
KERNEL abortpxe.0

Kufolda pxelinux.cfg dala ifayela graphics.conf ngokuqukethwe
graphics.conf (Chofoza ukuze ubonise)

MENU MARGIN 10
MENU ROWS 16
MENU TABMSGROW 21
MENU TIMEOUTROW 26
MENU COLOR BORDER 30;44 #00000000 #00000000 none
MENU COLOR SCROLLBAR 30;44 #00000000 #00000000 none
MENU COLOR TITLE 0 #ffffffff #00000000 none
MENU COLOR SEL 30;47 #40000000 #20ffffff
MENU BACKGROUND background.png
NOESCAPE 0
ALLOWOPTIONS 0

Kufolda pxelinux.cfg dala ifayela av.conf ngokuqukethwe
av.conf (Chofoza ukuze ubonise)

DEFAULT vesamenu.c32
PROMPT 0
MENU TITLE Antivirus and tools
MENU INCLUDE pxelinux.cfg/graphics.conf

label main menu
menu label return to main menu
kernel vesamenu.c32
append pxelinux.cfg/default

label drweb
menu label DrWeb
kernel memdisk
append iso raw initrd=isodrweb.iso

label eset
menu label Eset
kernel memdisk
append iso raw initrd=isoeset_sysrescue.iso

label kav
menu label KAV Rescue CD
KERNEL kav/rescue
APPEND initrd=kav/rescue.igz root=live rootfstype=auto vga=791 init=/init kav_lang=ru udev liveimg doscsi nomodeset quiet splash

#Загружаем ISO по полному пути, можно загружать с другого TFTP
label winpe
menu label WinPE  from another TFTP
kernel sccm2012.test.local::smsbootx86memdisk
append iso raw initrd=sccm2012.test.local::smsbootx86isoWinPE_RaSla.iso

label clonezilla
menu label Clonezilla
kernel memdisk
append iso raw initrd=isoclonezilla.iso

Njengomphumela, uhla lwemibhalo lwe-c:remoteinstallsmsbootx86 luqukethe ukwakheka
c:remoteinstallsmsbootx86
pxelinux.cfg
iketango.c32
ldlinux.c32
libcom32.c32
libutil.c32
pxechn.c32
vesemenu.c32
pxelinux.com
ingemuva.png
pxelinux.cfg
pxelinux.cfg
pxelinux.cfg
ISO
abortpxe.0
wdsnbp.com
ebobgfw.efi
wdsmgfw.efi
imvu.exe
fxeboot.n12
pxeboot.com
abortpxe.com
ezenzakalelayo
av.conf
igraphics.conf
*.iso
Ngokwakhiwa kwe-x64, nathi sikopisha futhi sidale isakhiwo esifanayo kufolda c:remoteinstallsmsbootx64

Ukwengeza
Uma usebenzisa umyalo menu PASSWD iphasiwedi ingasethwa njengoba injalo, noma sebenzisa i-algorithm ye-hashing ngokungeza isiginesha ehambisanayo ekuqaleni kwepharamitha
I-Algorithm
Isiginesha
MD5
$1
I-SHA-1
$4
SHA-2-256
$5
SHA-2-512
$6
Ngakho nge-password Qwerty kanye ne-algorithm ye-MD5
menu PASSWD $1$15opgKTx$dP/IaLNiCbfECiC2KPkDC0
Ungakwazi ukukhiqiza iphasiwedi, isibonelo, ngokusebenzisa i-inthanethi hashi generator www.insidepro.com/hashes.php?lang=rus, ulayini MD5(Unix)

2. Настраиваем загрузку PXELinux

Manje sizokhombisa ukuthi ungayilayisha kanjani i-pxelinux.com futhi uthole imenyu.
Ukucacisa i-bootloader ye-pxelinux.com ngokusebenzisa ukusebenza kwe-WDS akusebenzi ku-SCCM. Buka Imiyalo

wdsutil /set-server /bootprogram:bootx86pxeboot.com /architecture:x86

azicutshungulwa. Ungaqinisekisa ukuthi izithombe zokuqalisa azisethwanga ngokusebenzisa umyalo wokulungiselelwa kweseva ye-WDS okukhiphayo

wdsutil /get-server /show:images

Ngakho-ke, ku-SCCM 2012, awukwazi ukucacisa ifayela lakho ukuze lilande i-PXE kumhlinzeki we-SMSPXE. Ngakho-ke, sizomisa indawo esebenzayo yeseva ye-DHCP.
Kumapharamitha wendawo esebenzayo ye-DHCP, setha imingcele ngokusho kwepuleti

Inketho ye-DHCP
Igama lepharamitha
Okushoyo

066
Igama leseva yokuqalisa
sccm2012.test.local

067
Igama le-bootfile
smsbootx86pxelinux.com

006
Amaseva we-DNS
192.168.57.10

015
Igama lesizinda se-DNS
test.endaweni

Kwinketho ethi 066 sicacisa igama le-FQDN leseva ye-sccm, ekukhetheni okuthi 067 sicacisa indlela eya ku-x86 bootloader pxelinux.com kusukela empandeni ye-TFTP, kunketho ethi 006 sicacisa ikheli le-IP leseva ye-DNS. Uma igama leseva elifushane lisetshenziswa kunketho ethi 066, kunketho ethi 015 sicacisa isijobelelo se-DNS sesizinda.

Ukwengeza
Kuchaze ukucushwa kwe-DHCP ngemininingwane eyengeziwe umgolubev lapha. Kodwa kuqhubeke DC inketho 150, ikheli le-IP leseva ye-TFTP, belingekho kuzilungiselelo zobubanzi be-DHCP, futhi ukuchaza inketho 150 nge-netsh akusebenzanga.

3. Ukuhlola umsebenzi

Izilungiselelo eziyisisekelo ziqediwe futhi ungaqala ukuhlola. Sibonisa kukhompyutha yokuhlola ku-BIOS ukuthi ilayishwe kunethiwekhi futhi ilayishwa kumenyu

Khetha into «Start to SCCM» futhi uma ukulandelana komsebenzi kunikezwe ikhompuyutha, emva kwesikhashana kuzovela iwindi elithi "Task Sequence Wizard" likutshela ukuthi ufake iphasiwedi.

Qalisa kabusha umshini, buyela emuva kumenyu, khetha kumenyu «Antivirus and tools» bese ufaka iphasiwedi Qwerty

Sikhetha into engafanele futhi sibheke ukulayishwa kwesithombe se-ISO enkumbulweni

Ukulinda nokubona umphumela

Ukuqinisekisa kuqediwe

4. Izilungiselelo nezici ezengeziwe

Ukusethwa komzila

Uma iklayenti, iseva ye-DHCP, neseva equkethe isilayishi senethiwekhi zikusegimenti yenethiwekhi efanayo, akukho ukulungiselelwa okwengeziwe okudingekayo. Kodwa-ke, uma iklayenti neseva ye-DHCP noma iseva ye-WDS/SCCM kukusegmenti ehlukene yenethiwekhi, kuyanconywa ukuthi ulungiselele amarutha akho ukuze adlulisele amaphakethe okusakaza ukusuka kuklayenti kuya kuseva esebenzayo ye-DHCP kanye neseva esebenzayo ye-WDS/SCCM. Ezincwadini zesiNgisi, le nqubo yaziwa ngele-"IP Helper table updates". Kulokhu, iklayenti, ngemva kokuthola ikheli le-IP, lithinta iseva equkethe isilayishi senethiwekhi ngokuqondile ngamaphakethe e-DHCP ukuze lilande isilayishi senethiwekhi.
Kumarutha eCisco, sebenzisa umyalo

ip helper-address {ip address}

kuphi {ip address} Iseva ye-DHCP noma ikheli leseva ye-WDS/SCCM. Lo myalo futhi uthumela amaphakethe okusakaza e-UDP alandelayo

Imbobo
Isivumelwano

69
I-TFTP

53
Uhlelo Lwesizinda Segama (DNS)

37
Isevisi yesikhathi

137
Iseva yegama le-NetBIOS

138
Iseva ye-NetBIOS Datagram

67
I-Bootstrap Protocol (BOOTP)

49
I-TACACS

Indlela yesibili yokuthi iklayenti lithole ulwazi mayelana nesilayishi senethiwekhi ngokuqondile kuseva ye-DHCP iwukucacisa izinketho 60,66,67 kuseva ye-DHCP. Ukusebenzisa inketho ye-DHCP engu-60 enenani «PXEClient» во все области действия DHCP, только если сервер DHCP размещается на том же сервере, что и службы развертывания Windows. В этом случае клиент связывается с сервером служб развертывания Windows напрямую по протоколу TFTP через UDP-порт 4011, а не по DHCP. Этот способ не рекомендуется Microsoft из-за проблем с балансировкой нагрузки, неверной обработкой параметров DHCP и параметров ответа служб развертывания Windows на стороне клиента. А также потому, что использование только двух опций 66 и 67 DHCP позволяет обойти параметры, заданные на сервере сетевой загрузки.
Также нужно открыть следующие UDP порты на сервере служб развертывания Windows
port 67 (DHCP)
port 69 (TFTP)
port 4011 (PXE)
kanye nembobo engu-68 uma ukugunyazwa kwe-DHCP kudingeka kuseva.

Ngemininingwane eyengeziwe, inqubo yokumisa kanye nama-nuances wokuqondisa kabusha phakathi kwamaseva e-WDS ahlukene achazwe ngezansi emithonjeni:
Ukuphathwa kohlelo lokuqalisa inethiwekhi http://technet.microsoft.com/ru-ru/library/cc732351(v=ws.10).aspx
Ukuphathwa kweseva http://technet.microsoft.com/ru-ru/library/cc770637(v=ws.10).aspx
Microsoft Product Support Services (PSS) support boundaries for network booting Microsoft Windows Preinstallation Environment (Windows PE) 2.0 http://support.microsoft.com/kb/926172/en-us
Ungakudlulisa kanjani ukusakazwa kwe-UDP (BOOTP / DHCP) kuCisco http://www.cisco-faq.com/163/forward_udp_broadcas.html
Izici zokusebenza nokucushwa kwe-DHCP kumarutha eCisco (Ingxenye 2) http://habrahabr.ru/post/89997/

Izinketho ezengeziwe zokulanda kwasendaweni

Endaweni yokuhlola, umyalo

localboot 0

inikeza iphutha elinjalo

Kulandela emibhalweni ye-syslinux ukuthi nini

localboot 0

ukulayisha kuzosuka kudiski yendawo. Futhi uma ucacisa inani elithile le-0x00 kusuka ku-floppy disk eyinhloko (eyisisekelo), lapho ucacisa i-0x80 kusuka ku-hard disk eyinhloko (eyisisekelo). Ngokushintsha umyalo othi

localboot 0x80

i-OS yendawo ilayishiwe.
Uma kunesidingo sokuqalisa kusuka kudiski ethile, ukwahlukanisa noma umyalo localboot ayisebenzi, ungasebenzisa amakhono emojula chain.c32. Ngemva kokuyilayisha, sebenzisa umyalo we-append ukuze ucacise idiski ethile noma ukwahlukanisa kwediski, izinombolo zediski ziqala ku-0, izinombolo zokuhlukanisa ziqala ku-1. uma ukwahlukanisa 0 kucacisiwe, i-MBR iyalayishwa. Lapho ucacisa idiski, ukwahlukanisa kungashiywa.

KERNEL chain.c32
APPEND hd0 0

noma

KERNEL chain.c32
APPEND hd0

Imithombo: http://www.syslinux.org/wiki/index.php/SYSLINUX#LOCALBOOT_type_.5BISOLINUX.2C_PXELINUX.5D
http://www.gossamer-threads.com/lists/syslinux/users/7127

I-oda nencazelo yokulanda amafayela nge-PXE

Njengoba kushiwo ekuqaleni kwesihloko, uhla lwemibhalo lapho amafayela e-WDS atholakala ukuze alandwe luqukethwe inani lepharamitha. RootFolder egatsheni lokubhalisa HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesWDSServerProvidersWDSTFTP
Inani elizenzakalelayo C:RemoteInstall
Lapha kupharamitha ReadFilter uhla lwemibhalo lucacisiwe lapho iseva ye-TFTP ibheka amafayela ukuze ilandwe, kusukela empandeni. Njengoba i-SCCM 2012 SP1 ifakiwe, lesi silungiselelo sinjalo

boot*
tmp*
SMSBoot*
SMSTemp*
SMSImages*

Uma ushintsha inani lepharamitha libe * bese wonke amafayela atholakala kuhla lwemibhalo azocutshungulwa RemoteInstall.

Iqhaza lephoyinti lokuphakela le-SCCM 2012 licaciswe kunani lokubhalisa ProvidersOrderetholakala egatsheni HKLMSystemCurrentControlSetWDSServerProvidersWDSPXE
Ipharamitha ProvidersOrder ingathatha amanani

I-SMSPXE
Indawo yesevisi ye-PXE ku-SCCM

I-SMS.PXE.Hlunga
Isiphathi seskripthi se-PXE esivela ku-MDT (I-Microsoft Deployment Toolkit)

I-BINLSVC
Injini ejwayelekile ye-WDS ne-RIS

Nge-SCCM efakiwe, ipharamitha ProvidersOrder izindaba SMSPXE. Ngokushintsha ipharamitha, ungashintsha indlela abahlinzeki abalayishwa ngayo.

Kukhathalogi RemoteInstall amafayela ajwayelekile alandelayo ayatholakala

wdsnbp.com

Программа сетевой загрузки, разработанная для служб развертывания Windows и выполняющая следующие задачи:
1. Ukutholwa kwezakhiwo.
2. Ukugcinwa kwamakhompyutha alindile. Uma inqubomgomo yokungeza ngokuzenzakalela inikwe amandla, lolu hlelo lwenethiwekhi yokuqalisa luthunyelwa kumakhompyutha alindile ukuze amise okwesikhashana ukuqalisa kwenethiwekhi nokwazisa iseva ngezakhiwo zekhompuyutha yeklayenti.
3. Ukusebenzisa izixhumanisi zokuvula inethiwekhi (okuhlanganisa ukusebenzisa izinketho ze-DHCP 66 kanye no-67)

PXEboot.com

(Okuzenzakalelayo) Idinga umsebenzisi ukuthi acindezele ukhiye we-F12 ukuze aqhubeke nokuqalisa inethiwekhi

I-PXEboot.n12

Ayidingi ukuthi umsebenzisi acindezele ukhiye we-F12 futhi iqale ukubhutha kwenethiwekhi ngokushesha

I-AbortPXE.com

Ivula ikhompuyutha isebenzisa into elandelayo yokuqalisa ku-BIOS ngaphandle kokulinda

I-Bootmgr.exe

Диспетчер загрузки Windows (Bootmgr.exe или Bootmgr.efi). Загружает с помощью встроенного ПО загрузчик Windows из определенного раздела диска или через сетевое подключение (в случае сетевой загрузки)

I-Bootmgfw.efi

Inguqulo ye-EFI ye-PXEboot.com ne-PXEboot.n12 (ku-EFI, ukukhetha ukuqalisa noma ukungavuli i-PXE kukugobolondo le-EFI, hhayi uhlelo lokuqalisa inethiwekhi). I-Bootmgfw.efi ihlanganisa amandla e-PXEboot.com, PXEboot.n12, abortpxe.com, kanye ne-bootmgr.exe. Okwamanje ikhona kuphela kuma-architectures we-x64 kanye ne-Itanium.

Okuzenzakalelayo.bcd

Isitolo Sedatha Yokucushwa Kwe-Boot (BCD), ifomethi ye-REGF, ingalayishwa ku-REGEDIT, ingene esikhundleni sefayela lombhalo le-Boot.ini

Ukulayisha kwenzeka ngohlelo olulandelayo njengoba kuchazwe ngenhla
1. Layisha i-wdsnbp.com.
2. Okulandelayo, i-pxeboot.com yezakhiwo ezifanele iyalayishwa
3. I-PXEBoot.com ilanda i-bootmgr.exe kanye nesitolo sedatha yokucushwa kwe-BCD yokuqalisa
4. Bootmgr.exe считывает записи операционной системы данных конфигурации загрузки BCD и загружает файл Boot.sdi и образ Windows PE (boot.wim)
5. Bootmgr.exe начинает загрузку Windows PE, обращаясь к Winload.exe в образе Windows PE

Uma ku RemoteInstall kukhona amafolda

Boot
Images
Mgmt
Templates
Tmp
WdsClientUnattend

их наличие означает, что перед добавлением роли точки распространения в SCCM 2012 (точки обслуживания PXE в SCCM 2007) было какое либо действие по конфигурированию установленной Windows Deployment Services (WDS), в результате которого были автоматически созданы эти папки.
Ngendima yephoyinti lokusabalalisa (iphoyinti lesevisi ye-PXE ku-SCCM 2007), amafolda alandelayo kuphela anele

SMSBoot
SMSIMAGES
SMSTemp
Stores

Lokhu akusho ukuthi i-SCCM ifakwe ngokungalungile, kodwa ingakhomba umthombo wamaphutha okungenzeka.
Isixazululo sezinkinga ezahlukahlukene zenqwaba ye-WDS, SCCM kanye ne-PXE kuxoxwa ngayo ngokuningiliziwe esihlokweni. Ukuxazulula inkinga nge-PXE Service Point kanye ne-WDS ku-Configuration Manager 2007