Cobbler可以干什么
服务器上架后,可以手动选择需要安装的系统(如:Centos6.8 或 Centos 7.3) 服务器上架后,能够根据需求,安装配置操作系统(如:修改IP地址、主机名、选择安装包) 系统安装后,可以自定义的执行脚本,完成系统基础软件初始化(如:Zabbix安装配置、SaltStack安装配置) 可以当内部YUM源,并在系统安装时进行初始化 可以重装系统 Cobbler支持API,可以无缝融合到自建运维平台中 Cobbler支持网卡的路由配置、DNS配置、bondingCobbler基础原理
Cobbler是通过将DHCP、TFTP、DNS、HTTP等服务进行集成,创建一个中央管理节点,其可以实现的功能有配置服务,创建存储库,解压缩操作系统媒介,代理或集成一个配置管理系统,控制电源管理等。 Cobbler的最终目的是实现无需进行人工干预即可安装机器。在进行进一步的操作之前,我们有必要先了解下pxe和kickstart 。PXE概述
预启动执行环境(Preboot eXecution Environment,PXE,也被称为预执行环境)是让计算机通过网卡独立地使用数据设备(如硬盘)或者安装操作系统。Intel 搞出来的。其工作原理:
PXE Client发送广播包请求DHCP分配IP地址DHCP Server回复请求,给出IP地址以及Boot Server的地址PXE下载引导文件执行引导程序 总结来说,PXE主要是通过广播的方式发送一个包,并请注获取一个地址,而后交给TFTP程序下载一个引导文件。Kickstart 概述
Kickstart 是红帽开发的一种工具,我们可以简单理解为一个自动安装应答配置管理程序。通过读取这个配置文件,系统知道怎么去分区,要安装什么包,配什么IP,优化什么内核参数等等。其主要有以下部分组成: Kickstart 安装选项,包含语言的选择,防火墙,密码,网络,分区的设置等; %Pre 部分,安装前解析的脚本,通常用来生成特殊的ks配置,比如由一段程序决定磁盘分区等; %Package 部分,安装包的选择,可以是 @core 这样的group的形式,也可以是这样 vim-* 包的形式; %Post 部分,安装后执行的脚本,通常用来做系统的初始化设置。比如启动的服务,相关的设定等。Cobbler的设计方式
Cobbler 的配置结构基于一组注册的对象。每个对象表示一个与另一个实体相关联的实体(该对象指向另一个对象,或者另一个对象指向该对象)。当一个对象指向另一个对象时,它就继承了被指向对象的数据,并可覆盖或添加更多特定信息。以下对象类型的定义为: 发行版:表示一个操作系统。它承载了内核和 initrd 的信息,以及内核参数等其他数据。 配置文件:包含一个发行版、一个 kickstart 文件以及可能的存储库,还包含更多特定的内核参数等其他数据。 系统:表示要配给的机器。它包含一个配置文件或一个镜像,还包含 IP 和 MAC 地址、电源管理(地址、凭据、类型)以及更为专业的数据等信息。 存储库:保存一个 yum 或 rsync 存储库的镜像信息。 镜像:可替换一个包含不属于此类别的文件的发行版对象(例如,无法分为内核和 initrd 的对象)server端:
第一步,启动Cobbler服务 第二步,进行Cobbler错误检查,执行cobbler check命令 第三步,进行配置同步,执行cobbler sync命令 第四步,复制相关启动文件文件到TFTP目录中 第五步,启动DHCP服务,提供地址分配 第六步,DHCP服务分配IP地址 第七步,TFTP传输启动文件 第八步,Server端接收安装信息 第九步,Server端发送ISO镜像与Kickstart文件Client端:
第一步,客户端以PXE模式启动 第二步,客户端获取IP地址 第三步,通过TFTP服务器获取启动文件 第四步,进入Cobbler安装选择界面 第五步,客户端确定加载信息 第六步,根据配置信息准备安装系统 第七步,加载Kickstart文件 第八步,传输系统安装的其它文件 第九步,进行安装系统pxe服务端ip地址为:192.168.0.119
[root@localhost ~]# uname -r 3.10.0-514.el7.x86_64 [root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)关闭防火墙和selinux
systemctl stop firewalld systemctl disable firewalld setenforce 0 #临时关闭selinux cat /etc/selinux/config 永久关闭selinux SELINUX=disabled init 6 #重启生效yum配置:
#安装wget, yum install -y wget #讲旧仓库配置转移到某目录中 mkdir /etc/yum.repos.d/old && mv /etc/yum.repos.d/C* /etc/yum.repos.d/old/ #添加aliyun Base仓库及epel仓库 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo安装服务:
yum install cobbler cobbler-web dhcp tftp-server pykickstart httpd xinetd python-ctypes -y启动服务
systemctl enable --now httpd ##-now 表示加入到开机自动服务,且启动服务 systemctl enable --now xinetd systemctl enable --now rsyncd systemctl enable --now tftp systemctl enable --now cobblerd执行cobbler check检查运行环境:
[root@localhost ~]# cobbler check The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : debmirror package is not installed, it will be required to manage debian deployments and repositories 6 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 7 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.默认密码,setting,和dhcp
生成新的默认密码
[root@localhost ~]# openssl passwd -1 -salt `openssl rand 15 -base64` '123456' $1$GpiKDkJ1$hD9vwyfLQKZlT4ESjsQJH0注意: 此密码是系统安装后的默认密码,建议使用复杂度高的密码
修改setting配置文件
#第一条和第二条 :注意自己的本机ip地址哦我的是0.199 #第四条加密后的密码和sed更改的密码保持一致
sed -i 's%^server: 127.0.0.1%server: 192.168.0.119%g' /etc/cobbler/settings sed -i 's%^next_server: 127.0.0.1%next_server: 192.168.0.119%g' /etc/cobbler/settings sed -i 's%manage_dhcp: 0%manage_dhcp: 1%g' /etc/cobbler/settings sed -i 's%^default_password_crypted.*%default_password_crypted: "$1$GpiKDkJ1$hD9vwyfLQKZlT4ESjsQJH0"%g' /etc/cobbler/settings配置DHCP /etc/dhcp/dhcpd.conf
subnet 192.168.0.0 netmask 255.255.255.0 { option routers 192.168.0.1; #网关地址 option domain-name-servers 114.114.114.114; #dns地址 option subnet-mask 255.255.255.0; #掩码 range dynamic-bootp 192.168.0.150 192.168.0.250; #地址分配范围 default-lease-time 21600; max-lease-time 43200; next-server $next_server; #引用上面setting配置的nex-server值 filename "/pxelinux.0"; }还要修改/etc/cobbler/dhcp.template 文件
subnet 192.168.0.0 netmask 255.255.255.0 { option routers 192.168.0.1; option domain-name-servers 114.114.114.114; option subnet-mask 255.255.255.0; range dynamic-bootp 192.168.0.150 192.168.0.250; default-lease-time 21600; max-lease-time 43200; next-server $next_server;通常情况下如果没有关selinux 问题3是需要关闭selinux
修改tftp文件并启动tftp服务器
编辑tftp服务配置文件 /etc/xinetd.d/tftp
service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /var/lib/tftpboot disable = no per_source = 11 cps = 100 2 flags = IPv4 }获取引导文件
尴尬我执行的第二遍,已经存在,多多包涵哈哈哈
[root@localhost ~]# cobbler get-loaders task started: 2020-10-06_211022_get_loaders task started (id=Download Bootloader Content, time=Tue Oct 6 21:10:22 2020) path /var/lib/cobbler/loaders/README already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/COPYING.elilo already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/COPYING.yaboot already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/COPYING.syslinux already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/elilo-ia64.efi already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/yaboot already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/pxelinux.0 already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/menu.c32 already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/grub-x86.efi already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/grub-x86_64.efi already exists, not overwriting existing content, use --force if you wish to update *** TASK COMPLETE ***debian相关文件获取(如不需要部署debian系统可省略)
yum -y install debmirror vim /etc/debmirror.conf #修改/etc/debmirror.conf配置文件,注释掉@dists和@arches两行 #@dists="sid"; @sections="main,main/debian-installer,contrib,non-free"; #@arches="i386";问题7 电源管理工具(可选)
yum -y install fence-agents重启服务并同步状态
[root@localhost ~]# systemctl restart cobblerd [root@localhost ~]# cobbler check No configuration problems found. All systems go.主要用来定义和设置系统发行版本,里包含了系统的内核,引导文件,以及安装包等内容,就相当于一个LINUX系统的ISO镜像。如:多个发行版本,同一发行版不同版本号。
1.首先上传系统iso镜像文件,此处以centos7.3镜像为例,其他镜像做法类似
把镜像放到root目录下 [root@localhost ~]# mkdir -p /system/centos73 [root@localhost ~]# mount -t iso9660 ~/CentOS-7-x86_64-Minimal-1611.iso /system/centos73/ mount: /dev/loop0 is write-protected, mounting read-only2.导入镜像
[root@localhost ~]# cobbler import --name=centos7_3 --path=/system/centos73/ --arch=x86_64 task started: 2020-10-06_212127_import task started (id=Media import, time=Tue Oct 6 21:21:27 2020) Found a candidate signature: breed=redhat, version=rhel6 Found a candidate signature: breed=redhat, version=rhel7 Found a matching signature: breed=redhat, version=rhel7 Adding distros from path /var/www/cobbler/ks_mirror/centos7_3-x86_64: creating new distro: centos7_3-x86_64 trying symlink: /var/www/cobbler/ks_mirror/centos7_3-x86_64 -> /var/www/cobbler/links/centos7_3-x86_64 creating new profile: centos7_3-x86_64 associating repos checking for rsync repo(s) checking for rhn repo(s) checking for yum repo(s) starting descent into /var/www/cobbler/ks_mirror/centos7_3-x86_64 for centos7_3-x86_64 processing repo at : /var/www/cobbler/ks_mirror/centos7_3-x86_64 need to process repo/comps: /var/www/cobbler/ks_mirror/centos7_3-x86_64 looking for /var/www/cobbler/ks_mirror/centos7_3-x86_64/repodata/*comps*.xml Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos7_3-x86_64/repodata *** TASK COMPLETE ***3.查看distro配置
[root@localhost ~]# cobbler distro report Name : centos7_3-x86_64 Architecture : x86_64 TFTP Boot Files : {} Breed : redhat Comment : Fetchable Files : {} Initrd : /var/www/cobbler/ks_mirror/centos7_3-x86_64/images/pxeboot/initrd.img Kernel : /var/www/cobbler/ks_mirror/centos7_3-x86_64/images/pxeboot/vmlinuz Kernel Options : {} Kernel Options (Post Install) : {} Kickstart Metadata : {'tree': 'http://@@http_server@@/cblr/links/centos7_3-x86_64'} Management Classes : [] OS Version : rhel7 Owners : ['admin'] Red Hat Management Key : <<inherit>> Red Hat Management Server : <<inherit>> Template Files : {}查看centos相关文件:
[root@localhost ~]# cobbler list distros: centos7_3-x86_64 #镜像 profiles: centos7_3-x86_64 #配置,用于配置关联自动应答ks文件 systems: #可以为不同的主机根据MAC设置地址及安装参数 repos: images: mgmtclasses: packages: files:利用tree命令可以发现系统镜像的内核和初始化镜像文件已经成功被cobbler托管了。
tree /var/lib/tftpboot/images完成安装
配置profifile:定义自动安装应答文件
主要用来定义kickstart配置文件,安装时依据配置文件进行定制化安装,配置此项时要和distro进行关联。
[root@localhost ~]# cobbler profile report Name : centos7_3-x86_64 TFTP Boot Files : {} Comment : DHCP Tag : default Distribution : centos7_3-x86_64 Enable gPXE? : 0 Enable PXE Menu? : 1 Fetchable Files : {} Kernel Options : {} Kernel Options (Post Install) : {} Kickstart : /var/lib/cobbler/kickstarts/sample_end.ks Kickstart Metadata : {} Management Classes : [] Management Parameters : <<inherit>> Name Servers : [] Name Servers Search Path : [] Owners : ['admin'] Parent Profile : Internal proxy : Red Hat Management Key : <<inherit>> Red Hat Management Server : <<inherit>> Repos : [] Server Override : <<inherit>> Template Files : {} Virt Auto Boot : 1 Virt Bridge : xenbr0 Virt CPUs : 1 Virt Disk Driver Type : raw Virt File Size(GB) : 5 Virt Path : Virt RAM (MB) : 512 Virt Type : kvm配置repo:定义本地或远程仓库源 查看默认repo
cobbler repo report自定义repo cobbler repo add --help #创建 repo cobbler repo edit --help #修改repo (自定义)配置system
主要用来定义内核参数,电源管理,计算机名,网络接口参数等(客户机),如:根据mac地址配置IP地址,通过和 profifile,distro关联实现自动化安装。 cobbler system add --help #创建 system cobbler system edit --help #修改system测试pxe无人值守自动安装
内存大于2G 网络类型桥接==切记和pxe相同网络(我的pxe也是桥接) 新建一台虚拟机,不用选光盘映像文件,直接打开
选择第二个菜单,是之前制作的distro,接下来服务器会自动按照之前的ks文件自动安装
修改cobbler登录密码
/etc/cobbler/users.conf #Web服务授权配置文件 /etc/cobbler/users.digest #用于web访问的用户名密码 [root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 # 设置密码,在Cobbler组添加cobbler用户,输入2遍密码确 [root@cobbler ~]# htdigest /etc/cobbler/users.digest "Cobbler" cobbler Changing password for user cobbler in realm Cobbler New password: cobbler Re-type new password: cobbler # 同步配置并重启httpd、cobbler [root@cobbler ~]# cobbler sync [root@cobbler ~]# systemctl restart httpd [root@cobbler ~]# systemctl restart cobblerd再次登录即使用新设置的密码登录即可
账号cobbler 密码cobbler
kickstart配置文件,安装时依据配置文件进行定制化安装,配置此项时要和distro进行关联。