自動化運維(一)：Cobbler批量部署操作系統

作者：獨筆孤行@TaoCloud

前言

Cobbler是自動化運維的必備工具，可通過網絡啓動(PXE)方式實現操作系統快速批量安裝。Cobbler快速安裝操作系統基於kickstart實現，但Cobbler功能更完善，管理更加簡便、高效。Cobbler通過將安裝系統所涉及的服務(tftp、dhcp、kickstart)集中管理，提供全自動化批量快速安裝系統的網絡環境,以實現大規模機房設備的統一管理。

一、簡介

Cobbler支持CLI與WEB兩種管理方式。要求所有被安裝系統的服務器與Cobbler服務器在同一局域網內，且該網絡環境中有且只有Cobbler服務器中具有DHCP服務，以防止多個DHCP服務衝突。

本次實驗環境將Cobbler部署在虛擬機中，需要關閉虛擬化自帶的DHCP功能。
VMware Workstation關閉方法：編輯—虛擬網絡編輯器—更改設置—使用本地DHCP服務將IP地址分配給虛擬機，去掉選中的對勾後應用保存即可。其他虛擬化環境請自行尋找關閉辦法。

二、環境準備

操作系統：CentOS 7.6.1810
網絡IP：10.10.10.70
主機名：cobbler

1.關閉selinux及防火牆

systemctl stop firewalld
systemctl disable firewalld
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

2.配置epel源

yum install epel-release -y
reboot

配完後重啓服務器以使配置生效。

三、安裝Cobbler

1.安裝cobbler及相關軟件包

yum -y install cobbler cobbler-web dhcp tftp-server xinetd pykickstart httpd

2.配置cobbler，用openssl生成新密碼

[root@cobbler ~]# openssl passwd -1
Password: 
Verifying - Password: 
$1$7Rx88tdC$j5r4XFSO8D9YgMCU1zEwU1

本次設置密碼爲：111111. 記錄輸出結果：$1$7Rx88tdC$j5r4XFSO8D9YgMCU1zEwU1

修改/etc/cobbler/settings配置文件，找到default_password_crypted參數，用上面輸出的結果替換原有密碼，替換後內容如下：

#約101行
default_password_crypted: "$1$7Rx88tdC$j5r4XFSO8D9YgMCU1zEwU1"

修改server ip爲本地ip地址：

sed -i 's/server: 127.0.0.1/server: 10.10.10.70/g' /etc/cobbler/settings
sed -i 's/next_server: 127.0.0.1/next_server: 10.10.10.70/g' /etc/cobbler/settings

3.配置使用dhcp服務。將manage_dhcp參數值0改爲1。

sed -i 's/manage_dhcp: 0/manage_dhcp: 1/g' /etc/cobbler/settings

根據網絡實際配置修改/etc/cobbler/dhcp.template文件內容，一般情況只需要修改以下內容：

subnet 10.10.10.0 netmask 255.255.255.0 {
     option routers             10.10.10.254;
     option domain-name-servers 10.10.10.254;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        10.10.10.100 10.10.10.200;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;

相關參數說明：

subnet ：動態分配ip網段，一般與Cobbler服務器IP同一網段
netmask：子網掩碼
option routers : 路由，一般爲網關地址
option domain-name-servers ： DNS服務器
option subnet-mask ： 子網掩碼
range dynamic-bootp ： 動態IP地址分配範圍

其餘參數爲默認即可。

4.啓動dhcp、cobbler、http等服務並設置開機自啓動

systemctl enable dhcpd.service

systemctl enable cobblerd.service
systemctl start cobblerd.service
systemctl status cobblerd.service

systemctl start httpd
systemctl enable httpd

systemctl start xinetd
systemctl enable xinetd

5.檢查缺失文件

[root@cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:

1 : change 'disable' to 'no' in /etc/xinetd.d/tftp
2 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
3 : enable and start rsyncd.service with systemctl
4 : debmirror package is not installed, it will be required to manage debian deployments and repositories
5 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

6.根據如上提示進行相關修改
(1)修改/etc/xinetd.d/tftp文件，設置disable參數值爲no

sed -i '/disable/s/yes/no/g' /etc/xinetd.d/tftp

(2)下載缺失文件，運行命令：

cobbler get-loaders

(3)啓動rsyncd並設置開機自啓動

systemctl enable rsyncd.service && systemctl start rsyncd.service

(4)安裝debmirror軟件包和fence-agents工具

yum install debmirror fence-agents -y

(5)註釋掉dists和arches以支持debian系統

sed -i "s/@dists/#@dists/g" /etc/debmirror.conf
sed -i "s/@arches/#@arches/g" /etc/debmirror.conf

(6)重啓cobblerd服務，並重新同步配置

systemctl restart cobblerd.service
cobbler sync

沒有報錯才能進行下一步，返回如下內容：

[root@cobbler ~]# cobbler sync
task started: 2019-08-11_113013_sync
task started (id=Sync, time=Sun Aug 11 11:30:13 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
copying: /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
copying: /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
copying: /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
copying: /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout: 
received on stderr: 
running: service dhcpd restart
received on stdout: 
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service

running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***

7.處理完成後，再次運行命令檢查缺失文件，出現以下內容說明檢測通過。

# cobbler check
No configuration problems found.  All systems go.

四、CLI管理

1.下載鏡像
將鏡像文件上傳至服務器並掛載到/mnt目錄下

mount -t iso9660 -o loop,ro /root/CentOS-7-x86_64-Minimal-1511.iso /mnt/

2.導入鏡像

cobbler import --name=centos7.2 --arch=x86_64 --path=/mnt

/var/www/cobbler/ks_mirror 目錄用於存放系統數據文件，一般需要至少預留5-10GB空間用於導入系統數據
3.查看對象及相關詳細信息

cobbler distro list
cobbler profile list
cobbler distro report --name=centos7.2-x86_64

4.創建系統

cobbler system add --name=test --profile=centos7.2-x86_64

cobbler system edit --name=test --interface=eth0 --mac=00:11:22:AA:BB:CC --ip-address=10.10.10.100 --netmask=255.255.255.0 --static=1 --dns-name=test.mydomain.com

由於默認網關不是設置所有網口，所以單獨添加

cobbler system edit --name=test --gateway=10.10.10.254 --hostname=test.mydomain.com

5.查看相關配置信息

cobbler system report --name=test

6.信息同步

cobbler sync

注意：每次cobbler信息發生變化時都需要及時同步信息

7.新建測試虛擬機，可以看到開啓虛擬機後，自動進入操作系統安裝。

五、WEB管理

1.配置web訪問
配置訪問用戶cobbler密碼：111111

# htdigest /etc/cobbler/users.digest "Cobbler" cobbler
Changing password for user cobbler in realm Cobbler
New password: 
Re-type new password:

2.同步信息

cobbler sync

3.重啓服務

systemctl restart httpd
systemctl restart cobblerd

4.在chrome或Firefox瀏覽器中，輸入：https://10.10.10.70/cobbler_web 進行訪問，用戶名：cobbler ，密碼：111111. 如果不能正常訪問，請查看後邊“錯誤處理”章節內容。

六、錯誤處理

打開WEB鏈接：https://10.10.10.70/cobbler_web ，WEB報錯信息：

查看/var/log/httpd/ssl_error_log日誌報錯信息

[Mon Aug 12 22:10:03.269242 2019] [:error] [pid 9707] [remote 10.10.10.1:0] mod_wsgi (pid=9707): Exception occurred processing WSGI script '/usr/share/cobbler/web/cobbler.wsgi'.
[Mon Aug 12 22:10:03.269317 2019] [:error] [pid 9707] [remote 10.10.10.1:0] Traceback (most recent call last):
[Mon Aug 12 22:10:03.269342 2019] [:error] [pid 9707] [remote 10.10.10.1:0]   File "/usr/share/cobbler/web/cobbler.wsgi", line 26, in application
[Mon Aug 12 22:10:03.269417 2019] [:error] [pid 9707] [remote 10.10.10.1:0]     _application = get_wsgi_application()
[Mon Aug 12 22:10:03.269431 2019] [:error] [pid 9707] [remote 10.10.10.1:0]   File "/usr/lib/python2.7/site-packages/django/core/wsgi.py", line 13, in get_wsgi_application
[Mon Aug 12 22:10:03.270122 2019] [:error] [pid 9707] [remote 10.10.10.1:0]     django.setup(set_prefix=False)
[Mon Aug 12 22:10:03.270146 2019] [:error] [pid 9707] [remote 10.10.10.1:0]   File "/usr/lib/python2.7/site-packages/django/__init__.py", line 22, in setup
[Mon Aug 12 22:10:03.270893 2019] [:error] [pid 9707] [remote 10.10.10.1:0]     configure_logging(settings.LOGGING_CONFIG, settings.LOGGING)
[Mon Aug 12 22:10:03.270923 2019] [:error] [pid 9707] [remote 10.10.10.1:0]   File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 56, in __getattr__
[Mon Aug 12 22:10:03.271868 2019] [:error] [pid 9707] [remote 10.10.10.1:0]     self._setup(name)
[Mon Aug 12 22:10:03.271902 2019] [:error] [pid 9707] [remote 10.10.10.1:0]   File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 41, in _setup
[Mon Aug 12 22:10:03.271929 2019] [:error] [pid 9707] [remote 10.10.10.1:0]     self._wrapped = Settings(settings_module)
[Mon Aug 12 22:10:03.271939 2019] [:error] [pid 9707] [remote 10.10.10.1:0]   File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 110, in __init__
[Mon Aug 12 22:10:03.271951 2019] [:error] [pid 9707] [remote 10.10.10.1:0]     mod = importlib.import_module(self.SETTINGS_MODULE)
[Mon Aug 12 22:10:03.271963 2019] [:error] [pid 9707] [remote 10.10.10.1:0]   File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module
[Mon Aug 12 22:10:03.272747 2019] [:error] [pid 9707] [remote 10.10.10.1:0]     __import__(name)
[Mon Aug 12 22:10:03.272767 2019] [:error] [pid 9707] [remote 10.10.10.1:0]   File "/usr/share/cobbler/web/settings.py", line 89, in <module>
[Mon Aug 12 22:10:03.273494 2019] [:error] [pid 9707] [remote 10.10.10.1:0]     from django.conf.global_settings import TEMPLATE_CONTEXT_PROCESSORS
[Mon Aug 12 22:10:03.273523 2019] [:error] [pid 9707] [remote 10.10.10.1:0] ImportError: cannot import name TEMPLATE_CONTEXT_PROCESSORS

判斷爲Django版本問題，需要安裝指定Django版本進行處理

yum install python-pip -y
pip install Django==1.8.9
systemctl restart cobblerd
systemctl restart httpd

刷新瀏覽器，重新訪問。

輸入用戶名：cobbler 密碼：111111 ，通過認證後打開cobbler web管理頁面進行操作。

歡迎掃碼提問，可在線解答。會定期分享虛擬化、容器、DevOps等相關內容