Administration of computers on the local network before loading the operating system
Hi, Habrahabr! This is my first article and it is dedicated to remote administration. I hope that it will be interesting not only for system administrators, but also for simply advanced users, as the use of some components may be useful to you.
Basically, it will be about the administration of computers before loading the operating system. When the number of computers is small, a lot of human resources are not required to support their performance. With the expansion of the park of computers, their maintenance becomes more expensive. In my case, the organization has about 100 computers. Reinstalling operating systems, restoring operating system images takes a lot of time. I had to service each unit of equipment separately. Therefore, there was a task to develop a system that will simplify the life of the administrator and increase the amount of free time you can spend on more interesting things.
There is a lot of software that can do these things, however, each of them has flaws that I tried to remove and develop a system that meets my requirements.
What is needed for this?
The client machine must have a network card that supports the PXE standard (there is almost every network card). I will not describe the principle of operation of this standard, there is a lot of information on the Internet for review. Let me just say that it allows you to upload files over the network. Well, in the BIOS you need to enable booting over the network. Configuring the client side is over.
')
The server must include DHCP and TFTP. In order not to bother with the settings, I used the TFTPD32 program, which already includes all the necessary components. The program is freely available open source.
To configure DHCP, I had to run and remove the MAC addresses from each computer. This is needed to identify computers on the network. In the TFTP server, you only had to specify the file upload folder and put everything you need into it. The bootloader that will perform all the operations is grub4dos. This particular bootloader was chosen because there is enough experience in creating bootable USB-drives with it, and a lot of information on the Internet.
Now about the principle of action.
1. When turned on, the computer accesses the DHCP server for an IP address.
2. The DHCP server, according to its configuration, provides the necessary IP to the client, as well as the IP address of the TFTP server and the name of the boot file. In my case, the grub4dos loader file is grldr.
3. The client computer, having accepted the request, sets itself an IP and refers to the TFTP server with a request for the boot file.
4. TFTP server sends the requested file. It looks like this:
5. After downloading the file, PXE starts the bootloader and finishes its work. Further work is performed by the loader. Once launched, the bootloader requests the menu.lst file. This file contains instructions for installing the OS or running utilities.
6. The server transfers the menu.lst file
7. The loader program on the client "reads" the instructions and executes them, downloading the required files from the TFTP server.
The bottom line is that the TFTPD32 program always issues the same menu.lst instruction file. That is, without changes it was impossible to assign different tasks to different computers. Since the program is open source, I found in the code the place where the program sends the menu.lst file and changed it.
As a result, as soon as the client machine requests the menu.lst file from the server, the program, using the http protocol, sends a GET request to the web server (http: //localhost/getmenulst.php? Ip = IP) to request the instruction file for a specific IP. The instruction files are stored in the database.
For clarity, bring a new scheme.
Then there was the task to prepare images for installing the OS of systems and loading utilities, as well as to write menu.lst instruction files.
For example, menu.lst to install windows 7 looks like this:
To download Acronis True Image:
I will not give all the options so as not to load the article.
It took a lot of time to build images with the required software and prepare them for installation over the network, since this is not just copying the file to the directory. From OS systems I assembled only Windows 7 and Windows XP. I had to get into Acronis True Image to make automatic system recovery from the image. I also downloaded ISO images of several useful utilities.
To manage all this "miracle" I wrote a small administration panel in PHP + MySQL. It allows you to add / remove computers, add / remove options, as well as set boot options. We can also see the last time the computer was turned on and the option that is set for it. The default setting is “Boot from hard disk”.
Do not pay attention to the first part of the administration panel. There, the ability to remotely control the installation of programs using the uTorrnet program is implemented, which I will write about in the next article if anyone is interested.
To summarize. This system works in real time. Sometimes I find bugs and fix them, add new options.
The procedure is as follows: they call me and say that the system does not boot on the Name computer. I enter the administration panel, put the Acronis Boot option and ask the person on the other end to restart the computer. Then the system will restore everything from the image itself and inform the user that it can work. If a new computer is installed, its MAC is entered into the database, the OS installation options are installed in the panel, and Windows is installed by itself without any involvement.
This is very convenient, because often I have to leave, and so I can correct problems from anywhere. It is worth noting that there is no finance for the purchase of high-quality equipment. We live as we can.
Of course, there is still a lot of work to complete automation, but believe me, life has become easier for me.
Basically, it will be about the administration of computers before loading the operating system. When the number of computers is small, a lot of human resources are not required to support their performance. With the expansion of the park of computers, their maintenance becomes more expensive. In my case, the organization has about 100 computers. Reinstalling operating systems, restoring operating system images takes a lot of time. I had to service each unit of equipment separately. Therefore, there was a task to develop a system that will simplify the life of the administrator and increase the amount of free time you can spend on more interesting things.
There is a lot of software that can do these things, however, each of them has flaws that I tried to remove and develop a system that meets my requirements.
What is needed for this?
The client machine must have a network card that supports the PXE standard (there is almost every network card). I will not describe the principle of operation of this standard, there is a lot of information on the Internet for review. Let me just say that it allows you to upload files over the network. Well, in the BIOS you need to enable booting over the network. Configuring the client side is over.
')
The server must include DHCP and TFTP. In order not to bother with the settings, I used the TFTPD32 program, which already includes all the necessary components. The program is freely available open source.
To configure DHCP, I had to run and remove the MAC addresses from each computer. This is needed to identify computers on the network. In the TFTP server, you only had to specify the file upload folder and put everything you need into it. The bootloader that will perform all the operations is grub4dos. This particular bootloader was chosen because there is enough experience in creating bootable USB-drives with it, and a lot of information on the Internet.
Now about the principle of action.
1. When turned on, the computer accesses the DHCP server for an IP address.
2. The DHCP server, according to its configuration, provides the necessary IP to the client, as well as the IP address of the TFTP server and the name of the boot file. In my case, the grub4dos loader file is grldr.
3. The client computer, having accepted the request, sets itself an IP and refers to the TFTP server with a request for the boot file.
4. TFTP server sends the requested file. It looks like this:
Server response
5. After downloading the file, PXE starts the bootloader and finishes its work. Further work is performed by the loader. Once launched, the bootloader requests the menu.lst file. This file contains instructions for installing the OS or running utilities.
6. The server transfers the menu.lst file
7. The loader program on the client "reads" the instructions and executes them, downloading the required files from the TFTP server.
The bottom line is that the TFTPD32 program always issues the same menu.lst instruction file. That is, without changes it was impossible to assign different tasks to different computers. Since the program is open source, I found in the code the place where the program sends the menu.lst file and changed it.
As a result, as soon as the client machine requests the menu.lst file from the server, the program, using the http protocol, sends a GET request to the web server (http: //localhost/getmenulst.php? Ip = IP) to request the instruction file for a specific IP. The instruction files are stored in the database.
For clarity, bring a new scheme.
Then there was the task to prepare images for installing the OS of systems and loading utilities, as well as to write menu.lst instruction files.
For example, menu.lst to install windows 7 looks like this:
Install Windows 7
color blue/green yellow/red white/magenta white/magenta timeout 0 default 0 title Install Windows 7 pxe keep chainloader --raw (pd)/pxeboot.n12 To download Acronis True Image:
Loading Acronis
color blue/green yellow/red white/magenta white/magenta timeout 0 default 0 title boot acronis #root (hd0,0) kernel /kernel.dat vga=788 ramdisk_size=32768 acpi=off quiet noapicmbrcrcs on initrd /ramdisk.dat boot I will not give all the options so as not to load the article.
It took a lot of time to build images with the required software and prepare them for installation over the network, since this is not just copying the file to the directory. From OS systems I assembled only Windows 7 and Windows XP. I had to get into Acronis True Image to make automatic system recovery from the image. I also downloaded ISO images of several useful utilities.
To manage all this "miracle" I wrote a small administration panel in PHP + MySQL. It allows you to add / remove computers, add / remove options, as well as set boot options. We can also see the last time the computer was turned on and the option that is set for it. The default setting is “Boot from hard disk”.
Do not pay attention to the first part of the administration panel. There, the ability to remotely control the installation of programs using the uTorrnet program is implemented, which I will write about in the next article if anyone is interested.
To summarize. This system works in real time. Sometimes I find bugs and fix them, add new options.
The procedure is as follows: they call me and say that the system does not boot on the Name computer. I enter the administration panel, put the Acronis Boot option and ask the person on the other end to restart the computer. Then the system will restore everything from the image itself and inform the user that it can work. If a new computer is installed, its MAC is entered into the database, the OS installation options are installed in the panel, and Windows is installed by itself without any involvement.
This is very convenient, because often I have to leave, and so I can correct problems from anywhere. It is worth noting that there is no finance for the purchase of high-quality equipment. We live as we can.
Of course, there is still a lot of work to complete automation, but believe me, life has become easier for me.
Source: https://habr.com/ru/post/251301/
All Articles