CN116594641A - Operating system installation method and device, electronic equipment and storage medium - Google Patents
Operating system installation method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116594641A CN116594641A CN202310449992.5A CN202310449992A CN116594641A CN 116594641 A CN116594641 A CN 116594641A CN 202310449992 A CN202310449992 A CN 202310449992A CN 116594641 A CN116594641 A CN 116594641A
- Authority
- CN
- China
- Prior art keywords
- pxe client
- pxe
- operating system
- security certificate
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000009434 installation Methods 0.000 title claims abstract description 60
- 238000012546 transfer Methods 0.000 claims abstract description 58
- 238000012795 verification Methods 0.000 claims abstract description 26
- 241001290266 Sciaenops ocellatus Species 0.000 claims description 29
- 238000004590 computer program Methods 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 5
- 230000008676 import Effects 0.000 abstract description 10
- 238000007726 management method Methods 0.000 description 19
- 238000004891 communication Methods 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides an operating system installation method, an operating system installation device, electronic equipment and a storage medium, wherein the operating system installation method comprises the following steps: the method comprises the steps of importing a pre-created security certificate to a PXE client of an operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment; and under the condition that the security certificate passes verification, acquiring a target system file corresponding to the PXE client, and responding to a restarting signal of the basic input output system of the PXE client, controlling the PXE client to load the target system file so as to enable the PXE client to install an operating system according to the target system file. The invention replaces the traditional PXE network service by using the hypertext transfer security protocol network environment, and remotely operates the PXE client to realize the automatic import of the security certificate, so that the PXE client loads the target system file through the hypertext transfer security protocol network environment, and the efficiency of a large number of server installation systems is improved.
Description
Technical Field
The present invention relates to the field of server technologies, and in particular, to an operating system installation method, an operating system installation device, an electronic device, and a storage medium.
Background
With the continuous development of internet technology, the number of servers is also increasing, an operating system needs to be installed for each device when devices such as a server are produced in a factory, most factories implement the installation of the operating system of the server based on PXE (Pre-boot Execution Environment, pre-start execution environment), and since the PXE depends on DHCP (Dynamic Host Configuration Protocol ) service and FTP (File Transfer Protocol, file transfer protocol) service, the server and client machines need to be ensured to be in the same local area network to finish the transmission and loading of a system start file, and the PXE has no security encryption mechanism, so that security risks are easily exposed when network intrusion behaviors such as unauthorized access exist.
At present, considering that the HTTP service can quickly transmit related files such as system startup from a server outside the local area network, and meanwhile, the TLS/SSL protocol is used to construct the performance of trusted operations such as encrypted transmission, identity authentication, etc., most factories consider using the network environment deployment based on the HTTP service to replace the traditional network environment deployment based on the PXE service.
However, when the client accesses the server-side HTTP type link, the CA certificate needs to be manually imported into the client machine in advance to pass encryption authentication, and the manual certificate importing is time-consuming and labor-consuming, has great limitation, and cannot realize the system installation of a large number of servers.
Disclosure of Invention
In view of the above, the present invention aims to provide an operating system installation method, an apparatus, an electronic device, and a storage medium, which remotely control a PXE client to implement automatic introduction of a security certificate by using a hypertext transfer security protocol network environment, thereby solving the technical problems that manual introduction of a CA certificate is time-consuming and laborious, and system installation of a large number of servers cannot be implemented.
According to a first aspect of the present invention, there is provided an operating system installation method applied to a PXE server, the method including:
importing a pre-created security certificate to a PXE client of an operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment;
under the condition that the security certificate passes verification, acquiring a target system file corresponding to the PXE client;
and responding to a restarting signal of the basic input output system of the PXE client, and controlling the PXE client to load the target system file so as to enable the PXE client to install an operating system according to the target system file.
Optionally, the importing the pre-created security certificate to the PXE client of the operating system to be installed, where the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment, includes:
Pre-creating a security certificate corresponding to a PXE client of an operating system to be installed;
and under the pre-deployed hypertext transfer security protocol network environment, automatically importing the security certificate to the PXE client through the Redfish POST operation of the PXE server.
Optionally, the obtaining the target system file corresponding to the PXE client when the security certificate passes verification includes:
when the PXE client accesses the link of the PXE server hypertext transfer security protocol type, verifying whether the identification information of the security certificate of the PXE client is consistent with the identification information of the security certificate which is created in advance;
inquiring the IP address of the operating system file under the condition that the security certificate passes verification; wherein the operating system file is pre-deployed by the PXE server;
and acquiring a target system file corresponding to the PXE client from the operating system file according to the IP address.
Optionally, the controlling the PXE client to load the target system file, so that the PXE client installs an operating system according to the target system file includes:
if an instruction of installing an operating system of a PXE client is received, starting a first starting item of the PXE client, and establishing a hypertext transfer security protocol type link between the PXE client and a PXE server;
Transmitting an operating system image file to the PXE client so that the PXE client determines a target system file in the operating system image file;
and controlling the PXE client to load the target system file so that the PXE client installs an operating system according to the target system file.
Optionally, before the controlling the PXE client to load the target system file in response to a restart signal of the PXE client bios, the method further includes:
and setting a network starting item of the PXE client basic input output system as a first starting item.
Optionally, the pre-creating the security certificate corresponding to the PXE client of the operating system to be installed includes:
a Redfish management interface is connected in advance, and a certificate management tool is called;
creating a security certificate corresponding to the PXE client through the certificate management tool;
and storing the security certificate and a storage path of the security certificate.
Optionally, after the storing the security certificate and the storing path of the security certificate, the method further includes:
if the security certificate is detected to be changed, determining the security certificate to be updated in a storage path of the pre-stored security certificate;
Updating the security certificate.
According to a second aspect of the present invention, there is provided an operating system mounting apparatus comprising:
the system comprises an importing security certificate module, a pre-established security certificate generation module and a pre-deployed security protocol network environment, wherein the importing security certificate module is used for importing a pre-established security certificate to a PXE client of an operating system to be installed, and the security certificate is automatically imported through the pre-deployed hypertext transfer security protocol network environment;
the file acquisition module is used for acquiring a target system file corresponding to the PXE client under the condition that the security certificate passes verification;
and the control module is used for responding to a restarting signal of the basic input output system of the PXE client, controlling the PXE client to load the target system file, and enabling the PXE client to install an operating system according to the target system file.
Optionally, the importing security credential module includes:
the creation sub-module is used for pre-creating a security certificate corresponding to the PXE client of the operating system to be installed;
and the importing sub-module is used for automatically importing the security certificate to the PXE client through the Redfish POST operation of the PXE server under the pre-deployed hypertext transfer security protocol network environment.
Optionally, the file obtaining module includes:
the verification sub-module is used for verifying whether the identification information of the security certificate of the PXE client is consistent with the identification information of the security certificate which is created in advance when the PXE client accesses the link of the hypertext transfer security protocol type of the PXE server;
the inquiring sub-module is used for inquiring the IP address of the operating system file under the condition that the security certificate passes verification; wherein the operating system file is pre-deployed by the PXE server;
and the file acquisition sub-module is used for acquiring the target system file corresponding to the PXE client from the operating system file according to the IP address.
Optionally, the control module includes:
the connection sub-module is used for starting a first starting item of the PXE client if an instruction of installing an operating system of the PXE client is received, and establishing a hypertext transfer security protocol type link between the PXE client and the PXE server;
the transmission sub-module is used for transmitting the operating system image file to the PXE client so that the PXE client can determine a target system file in the operating system image file;
and the control sub-module is used for controlling the PXE client to load the target system file so that the PXE client installs an operating system according to the target system file.
Optionally, the apparatus further comprises:
and the starting setting module is used for setting the network starting item of the PXE client basic input output system as a first starting item.
Optionally, the creating submodule includes:
the connection interface unit is used for connecting the Redfish management interface in advance and calling a certificate management tool;
a creation unit configured to create, by the certificate management tool, a security certificate corresponding to the PXE client;
and the storage unit is used for storing the security certificate and the storage path of the security certificate.
Optionally, the creating sub-module further includes:
the detection unit is used for determining the security certificate to be updated in a storage path of pre-storing the security certificate if the security certificate is detected to be changed;
and the updating unit is used for updating the security certificate.
According to a third aspect of the present invention, there is provided an electronic device comprising: a processor; a memory for storing the processor-executable instructions; wherein the processor is configured to execute the instructions to implement the operating system installation method of the first aspect.
According to a fourth aspect of the present invention there is provided a readable storage medium having stored thereon a computer program which when executed by a processor implements the steps of the operating system installation method of the first aspect.
The method for installing the operating system comprises the steps of importing a pre-created security certificate to a PXE client of the operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment; and under the condition that the security certificate passes verification, acquiring a target system file corresponding to the PXE client, and responding to a restarting signal of the basic input output system of the PXE client, controlling the PXE client to load the target system file so as to enable the PXE client to install an operating system according to the target system file. According to the invention, the hypertext transfer security protocol network environment is used for replacing the traditional PXE network service, so that safe and reliable network access and file transfer environments are provided, the risk of network intrusion is reduced, the PXE client of the operating system to be installed is remotely operated to realize automatic introduction of the security certificate, the CA certificate is not required to be manually introduced, and the PXE client loads the target system file through the hypertext transfer security protocol network environment by controlling the BIOS restarting of the PXE client, thereby realizing the batch installation of the operating system by the PXE client according to the target system file, avoiding manual interference in the whole process, carrying out safe, reliable and efficient batch system installation operation, and improving the efficiency of a large number of server installation systems.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 is a flowchart illustrating steps of an operating system installation method according to an embodiment of the present invention;
FIG. 2 is a flow chart of step 101 of the operating system installation method of the embodiment of the present invention provided in FIG. 1;
FIG. 3 is a flow chart of step 102 of the operating system installation method of the embodiment of the present invention provided in FIG. 1;
FIG. 4 is a flow chart of step 103 of the operating system installation method of the embodiment of the present invention provided in FIG. 1;
FIG. 5 is a second flowchart illustrating a method for installing an operating system according to an embodiment of the present invention;
Fig. 6 is an application scenario schematic diagram of an operating system installation method provided in an embodiment of the present application;
FIG. 7 is a schematic diagram of an operating system installation device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the following detailed description of the embodiments of the present application will be given with reference to the accompanying drawings. However, those of ordinary skill in the art will understand that in various embodiments of the present application, numerous technical details have been set forth in order to provide a better understanding of the present application. However, the claimed application may be practiced without these specific details and with various changes and modifications based on the following embodiments. The following embodiments are divided for convenience of description, and should not be construed as limiting the specific implementation of the present application, and the embodiments can be mutually combined and referred to without contradiction.
Referring to fig. 1, one of the step flowcharts of the operating system installation method provided by the embodiment of the present application is shown and applied to the PXE server shown in fig. 6, where the method may include:
Step 101, importing a pre-created security certificate to a PXE client of an operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment.
In the embodiment of the invention, before the PXE client starts to install the operating system from the PXE, the PXE server performs preparation work before installation, the PXE server is in communication connection with a plurality of PXE clients, the PXE server stores the equipment identifier of the operating system server to be installed as the PXE client and the MAC (Media Access Control ) address corresponding to the equipment identifier in the database of the PXE server in advance, a security certificate is created in advance, the security certificate is imported to the PXE client through a pre-deployed hypertext transfer security protocol network environment, so that after the PXE server verifies the certificate, a corresponding starting configuration file is determined, and the address of the determined starting configuration file is added into a guide file corresponding to the MAC address according to the MAC address selected by an operator in the operating system selection menu, thereby realizing the installation of the operating system of the PXE client.
In the embodiment of the invention, the PXE server creates the security certificate corresponding to the PXE client of the operating system to be installed in advance, and after the PXE client is started from the PXE, the PXE server imports the security certificate created in advance to the PXE client of the operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment, an operator is not required to import the security certificate for the PXE client manually and select or intervene in the operating system, and the PXE client only needs to read the guide file, obtain the starting configuration file from the PXE server, and can automatically install the operating system according to the starting configuration file.
In the embodiment of the invention, a PXE server deploys a hypertext transfer security protocol network environment HTTPS in advance, and specifically mainly comprises network services such as DNS, DHCP, HTTP, openSSL, wherein a DHCP server is used for distributing IP addresses, providing HTTPS file downloading services, using OpenSSL to generate a CA certificate, storing the certificate in a specified path, deploying a system installation file into a server in the HTTPS network environment, remotely and automatically importing a security certificate into a PXE client by using a Redfish technology, and through the steps, the automation of registering a host and deploying system services in the HTTPS network environment can be realized, and the management efficiency and security of the server are improved.
It should be noted that, the Redfish is a RESTful API in industry standard, and uses HTTPS protocol to provide a server management function, so as to send data to the Redfish API to create or modify resources, and in this embodiment, a specific resource may be created or modified on a server by using the Redfish POST method, so as to remotely manage and monitor the server.
According to the method and the device, the pre-created security certificates are automatically imported to the PXE clients of the operating system to be installed through the pre-deployed hypertext transfer security protocol network environment, compared with the conventional method and device, which requires operators to manually import the security certificates at each PXE client one by one, the operation of selecting the operating system is performed, and a great deal of time and effort are saved, so that the installation efficiency of batch installation of the operating systems is improved, and the cost is reduced.
Step 102, under the condition that the security certificate passes verification, a target system file corresponding to the PXE client is obtained.
In the embodiment of the invention, when a PXE client accesses a link of a hypertext transfer security protocol type of the PXE server, the PXE server needs to verify the security of the PXE client before returning a boot configuration file required by the PXE client, specifically, whether the identification information of a security certificate of the PXE client is consistent with the identification information of a security certificate created in advance or not is verified, and under the condition that the security certificate verification is passed, a target system file corresponding to the PXE client is obtained, wherein the target system file can be a boot file required by the PXE client of an operating system to be installed and a boot configuration file for starting the operating system.
It should be noted that, in this embodiment, the security certificate may be a CA certificate that is created in advance by the PXE server for the PXE client, where the process of verifying the CA certificate uses asymmetric encryption, the PXE client initiates a request to the PXE server, the PXE server applies for returning a certificate to the executing mechanism, if the certificate is legal, a random value is generated, and the PXE server uses the random value as a key for symmetric encryption, and remotely imports the legal CA certificate into the PXE client, and when receiving a request instruction sent by the PXE client for installing the operating system, it is a priori that whether the identification information of the security certificate of the PXE client is consistent with the identification information of the security certificate created in advance.
Specifically, under the condition that the security certificate passes verification, the IP address of the operating system file is queried; the operating system file is pre-deployed by the PXE server, and a target system file required by the PXE client is acquired from the operating system file according to the IP address.
And step 103, responding to a restarting signal of the basic input output system of the PXE client, and controlling the PXE client to load a target system file so as to enable the PXE client to install an operating system according to the target system file.
In the embodiment of the invention, the remote management of the CA certificate can be realized by utilizing the Redfish technology, so that batch transmission of the system files provided by the HTTPS link is possible, and then efficient system batch installation operation is realized, therefore, operations such as CA certificate import, PXE client BIOS start item modification, BIOS restarting and the like are carried out through the Redfish remote operation client, and the system start files can be automatically loaded through the deployed HTTPS network environment after the BIOS of the PXE client is restarted.
It should be noted that, the first start item of the current basic input output system BIOS of the PXE client is set as a Network Boot in advance through the Redfish POST operation, and the HTTP Support switch is turned on, so that the basic input output system BIOS of the PXE client is restarted through the Redfish POST operation, and the PXE client is controlled to load the target system file in response to the restart signal of the basic input output system of the PXE client, so that the PXE client installs the operating system according to the target system file.
Specifically, controlling the PXE client to load the target system file, so that the PXE client installs the operating system according to the target system file may include: if an operating system installation instruction of the PXE client is received, a first start item of the PXE client is started, a hypertext transfer security protocol type link between the PXE client and the PXE server is established, an operating system image file is transmitted to the PXE client, so that the PXE client determines a target system file in the operating system image file, and the PXE client is controlled to load the target system file, so that the PXE client installs an operating system according to the target system file.
In some possible embodiments of the present invention, a PXE server receives a dynamic host configuration protocol DHCP message sent by a PXE client, where the DHCP message includes a device identifier of the PXE client; and searching target system files such as a PXE bootstrap program and an operating system image file corresponding to the device identifier of the PXE client, and sending a DHCP response message to the PXE client, wherein the DHCP response message comprises an IP address distributed for the PXE client and the address of the searched target system file so as to enable the PXE client to download the PXE client.
When the target system file is executed on the PXE client, the PXE client can be guided to complete the installation of the corresponding operating system, the effect that the operating system is required for the equipment installation automatically without manual intervention is achieved, the operation and maintenance cost of the server is saved, and the working efficiency is improved.
The method for installing the operating system comprises the steps of importing a pre-created security certificate to a PXE client of the operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment; and under the condition that the security certificate passes verification, acquiring a target system file corresponding to the PXE client, and responding to a restarting signal of the basic input output system of the PXE client, controlling the PXE client to load the target system file so as to enable the PXE client to install an operating system according to the target system file. According to the invention, the hypertext transfer security protocol network environment is used for replacing the traditional PXE network service, so that safe and reliable network access and file transfer environments are provided, the risk of network intrusion is reduced, the PXE client of the operating system to be installed is remotely operated to realize automatic introduction of the security certificate, the CA certificate is not required to be manually introduced, and the PXE client loads the target system file through the hypertext transfer security protocol network environment by controlling the BIOS restarting of the PXE client, thereby realizing the batch installation of the operating system by the PXE client according to the target system file, avoiding manual interference in the whole process, carrying out safe, reliable and efficient batch system installation operation, and improving the efficiency of a large number of server installation systems.
Further, referring to fig. 2, a flowchart illustrating a step 101 of the operating system installation method provided in fig. 1, the method being substantially the same as the operating system installation method provided in the first embodiment of the present invention, the step 101 may include:
step 201, pre-creating a security certificate corresponding to a PXE client of an operating system to be installed.
Step 202, automatically importing a security certificate to a PXE client through a Redfish POST operation of a PXE server under a pre-deployed hypertext transfer security protocol network environment.
It should be noted that, in the foregoing steps 201 to 202, the PXE server creates the security certificate corresponding to the PXE client of the operating system to be installed in advance, and automatically imports the security certificate to the PXE client under the pre-deployed hypertext transfer security protocol network environment through the Redfish POST operation of the PXE server, where the Redfish is a RESTful API that is standard in the industry and provides the server management function using the HTTP protocol, so that the relationship between the Redfish POST and the server is closely related, and by using the POST method in the Redfish API, the resource can be modified or created, which enables the server administrator to manage and monitor the server in a standardized manner through the Redfish API without depending on the vendor-specific solution.
Specifically, the creating, in step 201, the security certificate corresponding to the PXE client of the operating system to be installed in advance may include:
a Redfish management interface is connected in advance, and a certificate management tool is called;
creating a security certificate corresponding to the PXE client through the certificate management tool;
and storing the security certificate and a storage path of the security certificate.
In the embodiment of the invention, the security certificate corresponding to the PXE client is created through the certificate management tool of the Redfish management interface, and the security certificate and the storage path of the security certificate are stored, so that the pre-created security certificate can be acquired by accessing the storage path when the security certificate is verified.
It should be noted that, before performing the operation of importing the CA certificate, the source of the certificate should be ensured to be reliable, and the original certificate storage area should be backed up before importing the certificate, after importing the certificate, the certificate storage area should be updated in time, and the SSL/TLS protocol should be enabled to ensure the security of data transmission.
Therefore, specifically, after the storing the security certificate and the storing path of the security certificate, the method further includes:
if the security certificate is detected to be changed, determining the security certificate to be updated in a storage path of the security certificate stored in advance, and updating the security certificate.
In the embodiment of the invention, the remote management of the CA certificate is realized by using the Redfish technology, so that the safety and the efficiency of installing an operating system of the PXE server can be improved.
Further, referring to fig. 3, a flowchart illustrating a step 102 of the operating system installation method provided in fig. 1, the method being substantially the same as the operating system installation method provided in the first embodiment of the present invention, the step 102 may include:
in step 301, when the PXE client accesses the PXE server-side hypertext transfer security protocol type link, it is verified whether the identification information of the security certificate of the PXE client is consistent with the identification information of the security certificate created in advance.
In the embodiment of the invention, the security certificate, namely the CA certificate, is a digital certificate used for verifying the identity between the client and the server and the integrity of the message. When an operating system is installed on a PXE server, remote transmission is required through a hypertext transfer security protocol type network environment, and encryption and verification are required in a data transmission process so as to prevent a malicious attacker from stealing data or falsifying data content.
Specifically, in this embodiment, when the PXE client accesses the link of the PXE server-side hypertext transfer security protocol type, it is determined whether the PXE client satisfies security verification by verifying whether the identification information of the security certificate of the PXE client is consistent with the identification information of the security certificate created in advance, so as to prevent network intrusion behaviors such as unauthorized access.
Step 302, inquiring the IP address of the operating system file under the condition that the security certificate passes verification; wherein the operating system files are pre-deployed by the PXE server.
It should be noted that, the PXE server side deploys the operating system file required for installing the operating system in advance, and queries the IP address of the operating system file deployed in advance when the security certificate of the PXE client passes the verification, and assigns the IP address to the PXE client so as to facilitate the PXE client to download the operating system file.
Step 303, obtaining the target system file corresponding to the PXE client from the operating system file according to the IP address.
In the embodiment of the invention, the target system file corresponding to the PXE client is obtained from the operating system file by verifying whether the identification information of the security certificate of the PXE client is consistent with the identification information of the security certificate which is created in advance, and the PXE client loads the target system file through the hypertext transfer security protocol network environment under the condition that the security certificate passes the verification, so that the PXE client installs the operating system in batches according to the target system file.
Further, referring to fig. 4, a flowchart illustrating a step 103 of the operating system installation method provided in fig. 1, the method being substantially the same as the operating system installation method provided in the first embodiment of the present invention, the step 103 may include:
Step 401, if an instruction of installing an operating system of the PXE client is received, a first start item of the PXE client is started, and a hypertext transfer security protocol type link between the PXE client and the PXE server is established.
Step 402, the operating system image file is transmitted to the PXE client, so that the PXE client determines the target system file in the operating system image file.
And step 403, controlling the PXE client to load the target system file so that the PXE client installs the operating system according to the target system file.
It should be noted that, in the foregoing steps 401 to 403, if the instruction of installing the operating system of the PXE client is received, the first start-up item of the PXE client is started, where the first start-up item is a preset network start-up item, and is used to establish a hypertext transfer security protocol type link between the PXE client and the PXE server, so that the PXE client can determine the target system file.
By way of example, the method includes the steps that through a Redfish POST operation, CA certificates of a PXE server are imported to all PXE clients through HTTPS, a current BIOS starting item is set to be a Network Boot through the Redfish POST operation, an HTTP Support switch is started, the BIOS is restarted through the Redfish POST operation, and after the BIOS is restarted, a system starting file of the PXE server can be loaded through a deployed HTTPS Network environment automatically.
A second embodiment of the present invention relates to an operating system installation method, which is substantially the same as the operating system installation method provided in the first embodiment of the present invention, and is different from the first embodiment of the present invention in that, referring to fig. 5, a second step flowchart of the operating system installation method provided in the embodiment of the present invention is shown, and the method includes:
step 101, importing a pre-created security certificate to a PXE client of an operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment.
Step 102, under the condition that the security certificate passes verification, a target system file corresponding to the PXE client is obtained.
Step 104, setting the network starting item of the PXE client bios as the first starting item.
And step 103, responding to a restarting signal of the basic input output system of the PXE client, and controlling the PXE client to load a target system file so as to enable the PXE client to install an operating system according to the target system file.
The steps 101 to 103 are described with reference to the foregoing, and are not repeated here.
It should be noted that, in the embodiment of the present invention, before restarting the PXE client bios, the network start item of the PXE client bios is preset to be the first start item through the Redfish POST operation, so as to establish a hypertext transfer security protocol type link between the PXE client and the PXE server, so that the PXE client determines the target system file through the hypertext. And responding to a restarting signal of the basic input output system of the PXE client, and controlling the PXE client to load the target system file, so that the PXE client installs the operating system according to a boot program and a starting configuration file of the target system file.
In this embodiment, for ease of understanding, the specific execution position of step 104 is not limited, and in this embodiment, step 104 is executed as an example before step 103, which is not described in detail herein.
Compared with the prior art, the operating system installation method provided by the embodiment of the invention has the advantages that the hypertext transfer security protocol network environment is used for replacing the traditional PXE network service, the safe and reliable network access and file transfer environment is provided, the risk of network intrusion is reduced, the PXE client of the operating system to be installed is remotely operated to realize the automatic import of the security certificate, the CA certificate is not required to be manually imported, the network starting item of the basic input output system of the PXE client is set as the first starting item, the BIOS of the PXE client is controlled to restart, the PXE client loads the target system file through the hypertext transfer security protocol network environment, the batch installation of the operating system according to the target system file is realized by the PXE client, the whole process is free from manual interference, the safe, reliable and efficient batch system installation operation is carried out, and the efficiency of the batch server installation system is improved.
Referring to fig. 7, a schematic structural diagram of an operating system installation device provided by an embodiment of the present invention is applied to a PXE server shown in fig. 6, and as shown in fig. 7, the device may include:
An import security certificate module 501, configured to import a pre-created security certificate to a PXE client to which an operating system is to be installed, where the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment;
an acquiring file module 502, configured to acquire a target system file corresponding to the PXE client if the security certificate passes verification;
and the control module 503 is configured to respond to a restart signal of the PXE client bios, and control the PXE client to load the target system file, so that the PXE client installs an operating system according to the target system file.
Optionally, the importing security credential module 501 includes:
the creation sub-module is used for pre-creating a security certificate corresponding to the PXE client of the operating system to be installed;
and the importing sub-module is used for automatically importing the security certificate to the PXE client through the Redfish POST operation of the PXE server under the pre-deployed hypertext transfer security protocol network environment.
Optionally, the file obtaining module 502 includes:
the verification sub-module is used for verifying whether the identification information of the security certificate of the PXE client is consistent with the identification information of the security certificate which is created in advance when the PXE client accesses the link of the hypertext transfer security protocol type of the PXE server;
The inquiring sub-module is used for inquiring the IP address of the operating system file under the condition that the security certificate passes verification; wherein the operating system file is pre-deployed by the PXE server;
and the file acquisition sub-module is used for acquiring the target system file corresponding to the PXE client from the operating system file according to the IP address.
Optionally, the control module 503 includes:
the connection sub-module is used for starting a first starting item of the PXE client if an instruction of installing an operating system of the PXE client is received, and establishing a hypertext transfer security protocol type link between the PXE client and the PXE server;
the transmission sub-module is used for transmitting the operating system image file to the PXE client so that the PXE client can determine a target system file in the operating system image file;
and the control sub-module is used for controlling the PXE client to load the target system file so that the PXE client installs an operating system according to the target system file.
Optionally, the apparatus further comprises:
and the starting setting module is used for setting the network starting item of the PXE client basic input output system as a first starting item.
Optionally, the creating submodule includes:
the connection interface unit is used for connecting the Redfish management interface in advance and calling a certificate management tool;
a creation unit configured to create, by the certificate management tool, a security certificate corresponding to the PXE client;
and the storage unit is used for storing the security certificate and the storage path of the security certificate.
Optionally, the creating sub-module further includes:
the detection unit is used for determining the security certificate to be updated in a storage path of pre-storing the security certificate if the security certificate is detected to be changed;
and the updating unit is used for updating the security certificate.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
The device for installing the operating system provided by the embodiment of the invention is characterized in that a pre-created security certificate is imported to a PXE client of the operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment; and under the condition that the security certificate passes verification, acquiring a target system file corresponding to the PXE client, and responding to a restarting signal of the basic input output system of the PXE client, controlling the PXE client to load the target system file so as to enable the PXE client to install an operating system according to the target system file. According to the invention, the hypertext transfer security protocol network environment is used for replacing the traditional PXE network service, so that safe and reliable network access and file transfer environments are provided, the risk of network intrusion is reduced, the PXE client of the operating system to be installed is remotely operated to realize automatic introduction of the security certificate, the CA certificate is not required to be manually introduced, and the PXE client loads the target system file through the hypertext transfer security protocol network environment by controlling the BIOS restarting of the PXE client, thereby realizing the batch installation of the operating system by the PXE client according to the target system file, avoiding manual interference in the whole process, carrying out safe, reliable and efficient batch system installation operation, and improving the efficiency of a large number of server installation systems.
The embodiment of the present invention further provides an electronic device, as shown in fig. 8, including a processor 601, a communication interface 602, a memory 603, and a communication bus 604, where the processor 601, the communication interface 602, and the memory 603 perform communication with each other through the communication bus 604,
a memory 603 for storing a computer program;
the processor 601 is configured to execute the program stored in the memory 603, and implement the following steps:
importing a pre-created security certificate to a PXE client of an operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment;
under the condition that the security certificate passes verification, acquiring a target system file corresponding to the PXE client;
and responding to a restarting signal of the basic input output system of the PXE client, and controlling the PXE client to load the target system file so as to enable the PXE client to install an operating system according to the target system file.
The communication bus mentioned by the above terminal may be a peripheral component interconnect standard (Peripheral Component Interconnect, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the terminal and other devices.
The memory may include random access memory (Random Access Memory, RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processing, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment of the present invention, a computer readable storage medium is provided, in which instructions are stored, which when run on a computer, cause the computer to perform the operating system installation method according to any one of the above embodiments.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.
Claims (10)
1. An operating system installation method applied to a PXE server side is characterized by comprising the following steps:
importing a pre-created security certificate to a PXE client of an operating system to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment;
under the condition that the security certificate passes verification, acquiring a target system file corresponding to the PXE client;
and responding to a restarting signal of the basic input output system of the PXE client, and controlling the PXE client to load the target system file so as to enable the PXE client to install an operating system according to the target system file.
2. The method of claim 1, wherein the importing the pre-created security certificate to the PXE client to which the operating system is to be installed, wherein the security certificate is automatically imported through a pre-deployed hypertext transfer security protocol network environment, comprises:
Pre-creating a security certificate corresponding to a PXE client of an operating system to be installed;
and under the pre-deployed hypertext transfer security protocol network environment, automatically importing the security certificate to the PXE client through the Redfish POST operation of the PXE server.
3. The method as recited in claim 1, wherein the obtaining the target system file corresponding to the PXE client if the security certificate is verified includes:
when the PXE client accesses the link of the PXE server hypertext transfer security protocol type, verifying whether the identification information of the security certificate of the PXE client is consistent with the identification information of the security certificate which is created in advance;
inquiring the IP address of the operating system file under the condition that the security certificate passes verification; wherein the operating system file is pre-deployed by the PXE server;
and acquiring a target system file corresponding to the PXE client from the operating system file according to the IP address.
4. The method as recited in claim 1, wherein the controlling the PXE client to load the target system file to cause the PXE client to install an operating system according to the target system file comprises:
If an installation operating system instruction of the PXE client is received, starting a first starting item of the PXE client, and establishing a hypertext transfer security protocol type link between the PXE client and the PXE server;
transmitting an operating system image file to the PXE client so that the PXE client determines a target system file in the operating system image file;
and controlling the PXE client to load the target system file so that the PXE client installs an operating system according to the target system file.
5. The method as recited in claim 1, wherein the controlling the PXE client before loading the target system file in response to a restart signal of the PXE client bios further comprises:
and setting a network starting item of the PXE client basic input output system as a first starting item.
6. The method as recited in claim 2, wherein the pre-creating the security certificate corresponding to the PXE client of the operating system to be installed comprises:
a Redfish management interface is connected in advance, and a certificate management tool is called;
creating a security certificate corresponding to the PXE client through the certificate management tool;
And storing the security certificate and a storage path of the security certificate.
7. The method of claim 6, further comprising, after the storing the security certificate and the storage path of the security certificate:
if the security certificate is detected to be changed, determining the security certificate to be updated in a storage path of the pre-stored security certificate;
updating the security certificate.
8. An operating system installation device applied to a PXE server side, the device comprising:
the system comprises an importing security certificate module, a pre-established security certificate generation module and a pre-deployed security protocol network environment, wherein the importing security certificate module is used for importing a pre-established security certificate to a PXE client of an operating system to be installed, and the security certificate is automatically imported through the pre-deployed hypertext transfer security protocol network environment;
the file acquisition module is used for acquiring a target system file corresponding to the PXE client under the condition that the security certificate passes verification;
and the control module is used for responding to a restarting signal of the basic input output system of the PXE client, controlling the PXE client to load the target system file, and enabling the PXE client to install an operating system according to the target system file.
9. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the operating system installation method of any one of claims 1 to 7.
10. A readable storage medium, wherein a computer program is stored on the readable storage medium, which when executed by a processor implements the operating system installation method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310449992.5A CN116594641A (en) | 2023-04-24 | 2023-04-24 | Operating system installation method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310449992.5A CN116594641A (en) | 2023-04-24 | 2023-04-24 | Operating system installation method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116594641A true CN116594641A (en) | 2023-08-15 |
Family
ID=87603663
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310449992.5A Pending CN116594641A (en) | 2023-04-24 | 2023-04-24 | Operating system installation method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116594641A (en) |
-
2023
- 2023-04-24 CN CN202310449992.5A patent/CN116594641A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11922177B2 (en) | Securely and reliably transferring startup script | |
| EP3675418B1 (en) | Issuance of service configuration file | |
| US11941390B2 (en) | End-point configuration and hardening for IoT devices | |
| US11190397B2 (en) | Identifying trusted configuration information to perform service discovery | |
| US10887180B2 (en) | Internet of things device discovery and deployment | |
| US11240315B2 (en) | Systems and methods for remote management of appliances | |
| EP2759956B1 (en) | System for testing computer application | |
| US20110145786A1 (en) | Remote commands in a shell environment | |
| US11995450B2 (en) | Cloud-based provisioning of UEFI-enabled systems | |
| CN112953764A (en) | Networking terminal configuration method and device, networking terminal and computer storage medium | |
| CN116594641A (en) | Operating system installation method and device, electronic equipment and storage medium | |
| CN115658221A (en) | State detection method, service virtual machine, equipment and medium | |
| CN111046383B (en) | Terminal attack defense method and device, terminal and cloud server | |
| KR20020081974A (en) | Software download method for terminal equipment | |
| CN114629683B (en) | Access method, device, equipment and storage medium of management server | |
| EP4170530A1 (en) | Securing containerized applications | |
| CN116471178A (en) | Boot file configuration method, device, system, equipment and storage medium | |
| CN107770209B (en) | Resource sharing method and device | |
| US20190056960A1 (en) | Online desktop operating system | |
| CN117692218A (en) | Cross-application login method and device and electronic equipment | |
| CN117950791A (en) | Virtual machine access method and device, electronic equipment and computer readable medium | |
| WO2018190969A1 (en) | System and methods for uniquily identifying internet connected devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |