February 24, 2015 at 11:46Administration of computers on the local network before loading the operating system
Hi, habrahabr! This is my first article and it is dedicated to remote administration. I hope that it will be interesting not only to system administrators, but also just to advanced users, since the use of some components may be useful to you.
Basically, we will focus on the administration of computers before loading the operating system. When the number of computers is small, a lot of human resources are not required to support their performance. With the expansion of the computer fleet, their maintenance becomes more expensive. In my case, the organization has about 100 computers. Reinstalling operating systems, restoring images of operating systems takes a lot of time. I had to service each piece of equipment separately. Therefore, the task was to develop a system that would simplify the life of the administrator and increase the amount of free time that could be spent on more interesting things.
There is a lot of software that can do such things, however, each of them has drawbacks that I tried to remove and develop a system that meets my requirements.
What is needed for this?
The client machine must have a network card that supports the PXE standard (there is almost every network card). I will not describe the principle of operation of this standard, there is a lot of information on the Internet for acquaintance. I can only say that it allows you to upload files over the network. Well, in the BIOS you need to enable boot over the network. The setup of the client part is now complete.
The server must include DHCP and TFTP. In order not to bother with the settings, I used the TFTPD32 program, which already includes all the necessary components. The program is freely available with open source.
To configure DHCP, I had to run and remove the MAC address from each computer. This is necessary to identify computers on the network. In the TFTP server, you only had to specify the file upload folder and put everything you need into it. The loader that will perform all operations is grub4dos. This bootloader was chosen, since there is enough experience in creating bootable USB-drives with it, and there is a lot of information on the Internet.
Now about the principle of action.
1. When turned on, the computer accesses the DHCP server for an IP address.
2.The DHCP server, according to its configuration, issues the necessary IP to the client, as well as the IP address of the TFTP server and the name of the boot file. In my case, the grub4dos bootloader file is grldr.
3. The client computer, upon accepting the request, establishes an IP for itself and contacts the TFTP server with a request for a boot file.
4. TFTP server sends the requested file. It looks like this:
5. After downloading the file, PXE starts the bootloader and finishes its work. Further work is done by the bootloader. After starting, the bootloader requests the menu.lst file. This file contains instructions for installing the OS or running utilities.
6. The server transfers the file menu.lst
7. The loader program “reads” the instructions on the client and executes them, downloading the required files from the TFTP server.
The bottom line is that the TFTPD32 program always issues the same menu.lst instruction file. That is, without changes it was impossible to assign different tasks to different computers. Since the program is open source, I found in the code the place where the program sends the menu.lst file and changed it.
As a result, as soon as the client machine requests the menu.lst file from the server, the program sends a GET request to the web server (http: //localhost/getmenulst.php? Ip = IP) using the http protocol to request the instruction file for a specific IP. The instruction files are stored in the database.
For clarity, I will give a new scheme.
Next, the task was to prepare images for installing OS systems and loading utilities, as well as write menu.lst instruction files.
For example, menu.lst for installing windows 7 looks like this:
To download Acronis True Image:
I will not give all the options so as not to load the article.
It took a lot of time to assemble the images with the required software and prepare them for installation over the network, since this is not just copying a file to a directory. From OS systems, I collected only Windows 7 and Windows XP. I had to get into Acronis True Image to make automatic system recovery from the image. Also uploaded ISO images of several necessary utilities.
To manage all this “miracle” he wrote a small admin panel in PHP + MySQL. It allows you to add / remove computers, add / remove options, as well as set boot options. We can also see the time the computer was last turned on and the option that was installed for it. The default setting is “Boot from Hard Disk”.
Do not pay attention to the first part of the administration panel. There, the ability to remotely control the installation of programs using the uTorrnet program is implemented, which I will write about in the next article, if it interests anyone.
To summarize. This system works in real time. Sometimes I find bugs and fix them, add new options.
The procedure is as follows: they call me and say that the system on the computer "Name" does not boot. I go to the administration panel, put the option "Acronis Download" and ask the person on the other end of the wire to restart the computer. Further, the system will restore everything from the image itself and inform the user that it can work. If a new computer is installed, its MAC is entered into the database, the OS installation options are set in the panel, and Windows installs itself without any involvement.
This is very convenient, because often I have to leave, and so I can fix problems from anywhere. It is worth noting that there is no finance for the purchase of high-quality equipment. We live as we can.
Of course, there is still a lot of work before full automation, but believe me, it has become easier for me to live.
Basically, we will focus on the administration of computers before loading the operating system. When the number of computers is small, a lot of human resources are not required to support their performance. With the expansion of the computer fleet, their maintenance becomes more expensive. In my case, the organization has about 100 computers. Reinstalling operating systems, restoring images of operating systems takes a lot of time. I had to service each piece of equipment separately. Therefore, the task was to develop a system that would simplify the life of the administrator and increase the amount of free time that could be spent on more interesting things.
There is a lot of software that can do such things, however, each of them has drawbacks that I tried to remove and develop a system that meets my requirements.
What is needed for this?
The client machine must have a network card that supports the PXE standard (there is almost every network card). I will not describe the principle of operation of this standard, there is a lot of information on the Internet for acquaintance. I can only say that it allows you to upload files over the network. Well, in the BIOS you need to enable boot over the network. The setup of the client part is now complete.
The server must include DHCP and TFTP. In order not to bother with the settings, I used the TFTPD32 program, which already includes all the necessary components. The program is freely available with open source.
To configure DHCP, I had to run and remove the MAC address from each computer. This is necessary to identify computers on the network. In the TFTP server, you only had to specify the file upload folder and put everything you need into it. The loader that will perform all operations is grub4dos. This bootloader was chosen, since there is enough experience in creating bootable USB-drives with it, and there is a lot of information on the Internet.
Now about the principle of action.
1. When turned on, the computer accesses the DHCP server for an IP address.
2.The DHCP server, according to its configuration, issues the necessary IP to the client, as well as the IP address of the TFTP server and the name of the boot file. In my case, the grub4dos bootloader file is grldr.
3. The client computer, upon accepting the request, establishes an IP for itself and contacts the TFTP server with a request for a boot file.
4. TFTP server sends the requested file. It looks like this:
Server response
5. After downloading the file, PXE starts the bootloader and finishes its work. Further work is done by the bootloader. After starting, the bootloader requests the menu.lst file. This file contains instructions for installing the OS or running utilities.
6. The server transfers the file menu.lst
7. The loader program “reads” the instructions on the client and executes them, downloading the required files from the TFTP server.
The bottom line is that the TFTPD32 program always issues the same menu.lst instruction file. That is, without changes it was impossible to assign different tasks to different computers. Since the program is open source, I found in the code the place where the program sends the menu.lst file and changed it.
As a result, as soon as the client machine requests the menu.lst file from the server, the program sends a GET request to the web server (http: //localhost/getmenulst.php? Ip = IP) using the http protocol to request the instruction file for a specific IP. The instruction files are stored in the database.
For clarity, I will give a new scheme.
Next, the task was to prepare images for installing OS systems and loading utilities, as well as write menu.lst instruction files.
For example, menu.lst for installing windows 7 looks like this:
Install Windows 7
color blue/green yellow/red white/magenta white/magenta
timeout 0
default 0
title Install Windows 7
pxe keep
chainloader --raw (pd)/pxeboot.n12
To download Acronis True Image:
Loading Acronis
color blue/green yellow/red white/magenta white/magenta
timeout 0
default 0
title boot acronis
#root (hd0,0)
kernel /kernel.dat vga=788 ramdisk_size=32768 acpi=off quiet noapicmbrcrcs on
initrd /ramdisk.dat
boot
I will not give all the options so as not to load the article.
It took a lot of time to assemble the images with the required software and prepare them for installation over the network, since this is not just copying a file to a directory. From OS systems, I collected only Windows 7 and Windows XP. I had to get into Acronis True Image to make automatic system recovery from the image. Also uploaded ISO images of several necessary utilities.
To manage all this “miracle” he wrote a small admin panel in PHP + MySQL. It allows you to add / remove computers, add / remove options, as well as set boot options. We can also see the time the computer was last turned on and the option that was installed for it. The default setting is “Boot from Hard Disk”.
Do not pay attention to the first part of the administration panel. There, the ability to remotely control the installation of programs using the uTorrnet program is implemented, which I will write about in the next article, if it interests anyone.
To summarize. This system works in real time. Sometimes I find bugs and fix them, add new options.
The procedure is as follows: they call me and say that the system on the computer "Name" does not boot. I go to the administration panel, put the option "Acronis Download" and ask the person on the other end of the wire to restart the computer. Further, the system will restore everything from the image itself and inform the user that it can work. If a new computer is installed, its MAC is entered into the database, the OS installation options are set in the panel, and Windows installs itself without any involvement.
This is very convenient, because often I have to leave, and so I can fix problems from anywhere. It is worth noting that there is no finance for the purchase of high-quality equipment. We live as we can.
Of course, there is still a lot of work before full automation, but believe me, it has become easier for me to live.