爲了實驗的順利進行,在所有操作之前我已經把防火牆和selinux禁用
[root@CentOS7 ksfile]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Sun 2018-05-27 20:01:00 CST; 47min ago
Docs: man:firewalld(1)
Process: 664 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 664 (code=exited, status=0/SUCCESS)
May 27 19:52:08 CentOS7.miriam systemd[1]: Starting firewalld - dynamic firewall daemon...
May 27 19:52:08 CentOS7.miriam systemd[1]: Started firewalld - dynamic firewall daemon.
May 27 19:52:08 CentOS7.miriam firewalld[664]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
May 27 19:52:08 CentOS7.miriam firewalld[664]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
May 27 19:52:08 CentOS7.miriam firewalld[664]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
May 27 19:52:08 CentOS7.miriam firewalld[664]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
May 27 19:52:08 CentOS7.miriam firewalld[664]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
May 27 19:52:08 CentOS7.miriam firewalld[664]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
May 27 20:01:00 CentOS7.miriam systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 27 20:01:00 CentOS7.miriam systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@CentOS7 ksfile]# getenforce
Disabled系統安裝工作過程
1)讀取MBR:當本地磁盤中沒有操作系統,那麼當計算機啓動時,默認會按照光盤->本地磁盤->NFS->URL的順序尋找啓動盤的MBR,對應啓動盤中的 isolinux/boot.cat;
2)讀取光盤啓動程序 isolinux/isolinux.bin,此階段類似於操作系統啓動中的 grub 的第二階段;
3)讀取配置文件:isolinux/isolinux.cfg,其中包括了要加載的內核。和向內核傳遞的單數;
4)啓動 anaconda 安裝嚮導。
查看 isolinux/isolinux.cfg 文件
[root@CentOS6 isolinux]# cat isolinux.cfg
default vesamenu.c32 #啓動界面樣式
#prompt 1
timeout 600 #超時時間,超時後進入默認啓動項
#以下都是光盤啓動界面參數
display boot.msg
menu background splash.jpg
menu title Welcome to CentOS 6.9!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000
#以下是光盤啓動菜單選項及參數
label linux #菜單的標籤
menu label ^Install or upgrade an existing system #菜單的內容
menu default #聲明爲默認選項
kernel vmlinuz #指定內核文件路徑
append initrd=initrd.img #聲明內核啓動參數
label vesa
menu label Install system with ^basic video driver
kernel vmlinuz
append initrd=initrd.img nomodeset
label rescue
menu label ^Rescue installed system
kernel vmlinuz
append initrd=initrd.img rescue
label local
menu label Boot from ^local drive
localboot 0xffff
label memtest86
menu label ^Memory test
kernel memtest
append -
使用kickstart文件實現單機自動化安裝
kickstart 文件的格式與 ~/anaconda-ks.cfg 一樣,可以修改其中內容來生成 kickstart 文件。
[root@CentOS6 ~]# cat anaconda-ks.cfg
# Kickstart file automatically generated by anaconda.
#version=DEVEL
install
cdrom #指定啓動方式
lang en_US.UTF-8 #語言,文字格式
keyboard us #鍵盤選項
network --onboot no --device eth0 --bootproto dhcp --noipv6 #網卡設置
rootpw --iscrypted $6$8gvguYGiFoHRO0KJ$obDjRQ0JL... #root口令
firewall --service=ssh #防火牆選項
authconfig --enableshadow --passalgo=sha512 #認證方式選項
selinux --enforcing #selinux選項
timezone Asia/Shanghai #時區設置
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet" #bootloder安裝選項及設置
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --none #清理分區表,建議再加一條清理MBR“zreombr”
#part /boot --fstype=ext4 --size=1024 #區分信息
#part / --fstype=ext4 --size=51200
#part /data --fstype=ext4 --size=3072
#part swap --size=2048
repo --name="CentOS" --baseurl=cdrom:sr0 --cost=100 #yum源選項,及初始安裝的包
%packages
@base
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@directory-client
@fonts
@general-desktop
@graphical-admin-tools
@input-methods
@internet-applications
@internet-browser
@java-platform
@legacy-x
@network-file-system-client
@office-suite
@print-client
@remote-desktop-clients
@server-platform
@server-policy
@workstation-policy
@x11
mtools
pax
python-dmidecode
oddjob
wodim
sgpio
genisoimage
device-mapper-persistent-data
abrt-gui
samba-winbind
certmonger
pam_krb5
krb5-workstation
libXmu
%end #後面還可以跟腳本 kickstart 文件的創建方式有:手動創建和自動生成兩種模式。
手工創建就是把 anaconda-ks.cfg 修改一下就可以,自動生成則需要一個epel源中的工具 system-config-kickstart。因爲 system-config-kickstart 是個圖像化工具,自己看看就能會,所以直接來看 kickstart 文件:
[root@CentOS6 ~]# cat ks6_mini.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url="http://192.168.30.69/centos/6" #通過URL方式安裝
# Root password
rootpw --iscrypted $1$YKI6J61k$FhWIpRefQwkBJhBtqu8Y2/
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Installation logging level
logging --level=info
# Reboot after installation
reboot #安裝完成後自動重啓
# System timezone
timezone Asia/shanghai
# Network information
network --bootproto=static --device=eth0 --gateway=192.168.30.1 --ip=192.168.30.169 --netmask=255.255.255.0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr #清空MBR
# Partition clearing information
clearpart --all --initlabel #清空分區表
# Disk partitioning information
part / --fstype="ext4" --size=51200
part /boot --fstype="ext4" --size=1024
part /data --fstype="ext4" --size=5120
part swap --fstype="swap" --size=2048
%post #安裝後腳本
ssh-keygen -f /root/.ssh/id_rsa -P ""
ssh-copy-id 192.168.30.74
%end
%packages
@base
@core
@server-policy
@workstation-policy
%end擔心 kickstart 文件中有錯誤的話,可以使用 ksvalidator 工具檢查 kickstart 文件中的格式錯誤
[root@CentOS6 cd]# ksvalidator /var/www/html/centos/ksfile/ks6_mini.cfg
File uses a deprecated option or command.
%packages does not end with %end. This syntax has been deprecated. It may be removed from future releases, which will result in a fatal error from kickstart. Please modify your kickstart file to use this updated syntax.
[root@CentOS6 cd]# vim /var/www/html/centos/ksfile/ks6_mini.cfg
[root@CentOS6 cd]# ksvalidator /var/www/html/centos/ksfile/ks6_mini.cfg
[root@CentOS6 cd]#一、將安裝光盤中的文件存放進預先設定的 http 服務器,同時也將 kickstart 文件存放進 http 服務器
[root@CentOS6 html]# tree -L 3
.
└── centos
├── 6
│ ├── CentOS_BuildTag
│ ├── EFI
│ ├── EULA
│ ├── GPL
│ ├── images
│ ├── isolinux
│ ├── Packages
│ ├── RELEASE-NOTES-en-US.html
│ ├── repodata
│ ├── RPM-GPG-KEY-CentOS-6
│ ├── RPM-GPG-KEY-CentOS-Debug-6
│ ├── RPM-GPG-KEY-CentOS-Security-6
│ ├── RPM-GPG-KEY-CentOS-Testing-6
│ └── TRANS.TBL
└── ksfile
└── ks6_mini.cfg
8 directories, 10 files
二、開始使用 kickstart 文件進行自動安裝
1)使用光盤啓動安裝程序,摁 ESC 鍵進入配置安裝界面,設置 ip 地址與 kickstart 文件存放路徑
2)回車之後就開始自動安裝了
但是在啓動安裝程序的時候還是需要光盤引導,下面需要做的是實現無盤啓動,通過網絡來引導安裝程序。
創建啓動盤文件
將安裝光盤中 isolinux 中的文件連同目錄一起復制到一個文件夾裏,並且再創建一個文件夾用來存放 kickstart 文件
[root@CentOS6 LinuxISO]#⮀tree
.
├── isolinux
│ ├── boot.cat
│ ├── boot.msg
│ ├── grub.conf
│ ├── initrd.img
│ ├── isolinux.bin
│ ├── isolinux.cfg
│ ├── memtest
│ ├── menu.c32 #這裏我換用了一個目錄樣式,無關緊要
│ ├── splash.jpg
│ ├── TRANS.TBL
│ └── vmlinuz
└── ksfile
├── ks6_desktop.cfg
└── ks6_mini.cfg
2 directories, 13 files修改 isolinux.cfg 文件
[root@CentOS6 LinuxISO]# cat isolinux/isolinux.cfg
default menu.c32 #這裏聲明使用menu.c32目錄樣式
#prompt 1
timeout 600
menu title Auto Install CentOS
label desktop
menu label Install ^desktop linux system
kernel vmlinuz
append initrd=initrd.img ks=cdrom:/ksfile/ks6_desktop.cfg
label mini
menu label Install ^mini linux system
kernel vmlinuz
append initrd=initrd.img ks-cdrom:/ksfile/ks6_mini.cfg
label local
menu default
menu label Boot from ^local drive
localboot 0xffffc創建 centos6 安裝啓動盤
[root@CentOS6 data]# mkisofs -R -J -T -v --no-emul-boot --boot-load-size 4 --boot-info-table -V "CentOS 6.9 x86_64 boot" -b isolinux/isolinux.bin -c isolinux/boot.cat -o /data/bootcentos6.iso /data/LinuxISO/
I: -input-charset not specified, using utf-8 (detected in locale settings)
genisoimage 1.1.9 (Linux)
Scanning /data/LinuxISO/
Scanning /data/LinuxISO/isolinux
Excluded: /data/LinuxISO/isolinux/TRANS.TBL
Excluded by match: /data/LinuxISO/isolinux/boot.cat
Scanning /data/LinuxISO/ksfile
Writing: Initial Padblock Start Block 0
Done with: Initial Padblock Block(s) 16
Writing: Primary Volume Descriptor Start Block 16
Done with: Primary Volume Descriptor Block(s) 1
Writing: Eltorito Volume Descriptor Start Block 17
Size of boot image is 4 sectors -> No emulation
Done with: Eltorito Volume Descriptor Block(s) 1
Writing: Joliet Volume Descriptor Start Block 18
Done with: Joliet Volume Descriptor Block(s) 1
Writing: End Volume Descriptor Start Block 19
Done with: End Volume Descriptor Block(s) 1
Writing: Version block Start Block 20
Done with: Version block Block(s) 1
Writing: Path table Start Block 21
Done with: Path table Block(s) 4
Writing: Joliet path table Start Block 25
Done with: Joliet path table Block(s) 4
Writing: Directory tree Start Block 29
Done with: Directory tree Block(s) 3
Writing: Joliet directory tree Start Block 32
Done with: Joliet directory tree Block(s) 3
Writing: Directory tree cleanup Start Block 35
Done with: Directory tree cleanup Block(s) 0
Writing: Extension record Start Block 35
Done with: Extension record Block(s) 1
Writing: The File(s) Start Block 36
21.98% done, estimate finish Sat May 26 15:46:19 2018
43.88% done, estimate finish Sat May 26 15:46:19 2018
65.85% done, estimate finish Sat May 26 15:46:19 2018
87.74% done, estimate finish Sat May 26 15:46:19 2018
Total translation table size: 5148
Total rockridge attributes bytes: 1820
Total directory bytes: 4096
Path table size(bytes): 40
Done with: The File(s) Block(s) 22612
Writing: Ending Padblock Start Block 22648
Done with: Ending Padblock Block(s) 150
Max brk space used 1b000
22798 extents written (44 MB)
[root@CentOS6 data]# ll bootcentos6.iso
-rw-r--r-- 1 root root 46690304 May 26 15:46 bootcentos6.iso創建 iso 文件的命令是 :
mkisofs -R -J -T -v --no-emul-boot --boot-load-size 4 --boot-info-table -V "CentOS 6.9 x86_64 boot" -b isolinux/isolinux.bin -c isolinux/boot.cat -o /data/bootcentos6.iso /data/LinuxISO/
創建出來的 iso 文件可以用於作爲光盤啓動安裝
DHCP服務
DHCP(Dynamic Host Configuration Protocol,動態主機配置協議)是一個局域網的網絡協議,使用UDP協議工作。
主要有兩個用途:
給內部網絡或網絡服務供應商自動分配IP地址;給用戶或者內部網絡管理員作爲對所有計算機作中央管理的手段。
DHCP工作原理
1、DHCP Client以廣播的方式發出DHCP Discover報文。2、所有的DHCP Server都能夠接收到DHCP Client發送的DHCP Discover報文,所有的DHCP Server都會給出響應,向DHCP Client發送一個DHCP Offer報文。
DHCP Offer報文中“Your(Client) IP Address”字段就是DHCP Server能夠提供給DHCP Client使用的IP地址,且DHCP Server會將自己的IP地址放在“option”字段中以便DHCP Client區分不同的DHCP Server。DHCP Server在發出此報文後會存在一個已分配IP地址的紀錄。
3、DHCP Client只能處理其中的一個DHCP Offer報文,一般的原則是DHCP Client處理最先收到的DHCP Offer報文。
DHCP Client會發出一個廣播的DHCP Request報文,在選項字段中會加入選中的DHCP Server的IP地址和需要的IP地址。
4、DHCP Server收到DHCP Request報文後,判斷選項字段中的IP地址是否與自己的地址相同。如果不相同,DHCP Server不做任何處理只清除相應IP地址分配記錄;如果相同,DHCP Server就會向DHCP Client響應一個DHCP ACK報文,並在選項字段中增加IP地址的使用租期信息。
5、DHCP Client接收到DHCP ACK報文後,檢查DHCP Server分配的IP地址是否能夠使用。如果可以使用,則DHCP Client成功獲得IP地址並根據IP地址使用租期自動啓動續延過程;如果DHCP Client發現分配的IP地址已經被使用,則DHCP Client向DHCPServer發出DHCP Decline報文,通知DHCP Server禁用這個IP地址,然後DHCP Client開始新的地址申請過程。
6、DHCP Client在成功獲取IP地址後,隨時可以通過發送DHCP Release報文釋放自己的IP地址,DHCP Server收到DHCP Release報文後,會回收相應的IP地址並重新分配。
在使用租期超過50%時刻處,DHCP Client會以單播形式向DHCP Server發送DHCPRequest報文來續租IP地址。如果DHCP Client成功收到DHCP Server發送的DHCP ACK報文,則按相應時間延長IP地址租期;如果沒有收到DHCP Server發送的DHCP ACK報文,則DHCP Client繼續使用這個IP地址。在使用租期超過87.5%時刻處,DHCP Client會以廣播形式向DHCP Server發送DHCPRequest報文來續租IP地址。如果DHCP Client成功收到DHCP Server發送的DHCP ACK報文,則按相應時間延長IP地址租期;如果沒有收到DHCP Server發送的DHCP ACK報文,則DHCP Client繼續使用這個IP地址,直到IP地址使用租期到期時,DHCP Client纔會向DHCP Server發送DHCP Release報文來釋放這個IP地址,並開始新的IP地址申請過程。
需要說明的是:DHCP客戶端可以接收到多個DHCP服務器的DHCPOFFER數據包,然後可能接受任何一個DHCPOFFER數據包,但客戶端通常只接受收到的第一個DHCPOFFER數據包。另外,DHCP服務器DHCPOFFER中指定的地址不一定爲最終分配的地址,通常情況下,DHCP服務器會保留該地址直到客戶端發出正式請求。
正式請求DHCP服務器分配地址DHCPREQUEST採用廣播包,是爲了讓其它所有發送DHCPOFFER數據包的DHCP服務器也能夠接收到該數據包,然後釋放已經OFFER(預分配)給客戶端的IP地址。
如果發送給DHCP客戶端的地址已經被其他DHCP客戶端使用,客戶端會向服務器發送DHCPDECLINE信息包拒絕接受已經分配的地址信息。
在協商過程中,如果DHCP客戶端發送的REQUEST消息中的地址信息不正確,如客戶端已經遷移到新的子網或者租約已經過期,DHCP服務器會發送DHCPNAK消息給DHCP客戶 端,讓客戶端重新發起地址請求過程。
PXE自動化安裝系統
安裝原理
1、Client向PXE Server上的DHCP發送IP地址請求消息,DHCP檢測Client是否合法(主要是檢測Client的網卡MAC地址),如果合法則返回Client的IP地址,同時將啓動文件pxelinux.0的位置信息一併傳送給Client
2、Client向PXE Server上的TFTP發送獲取pxelinux.0請求消息,TFTP接收到消息之後再向Client發送pxelinux.0大小信息,試探Client是否滿意,當TFTP收到Client發回的同意大小信息之後,正式向Client發送pxelinux.03、Client執行接收到的pxelinux.0文件
4、Client向TFTP Server發送針對本機的配置信息文件(在TFTP 服務的pxelinux.cfg目錄下),TFTP將配置文件發回Client,繼而Client根據配置文件執行後續操作。
5、Client向TFTP發送Linux內核請求信息,TFTP接收到消息之後將內核文件發送給Client
6、Client向TFTP發送根文件請求信息,TFTP接收到消息之後返回Linux根文件系統
7、Client啓動Linux內核
8、Client下載安裝源文件,讀取自動化安裝腳本
安裝環境部署
1)安裝 tftp 服務器,並開啓服務
[root@CentOS6 ksfile]# yum install tftp-server.x86_64 [root@CentOS6 ksfile]# chkconfig tftp on; service xinetd start #centos6上啓動tftp服務
[root@CentOS7 ksfile]# systemctl start tftp.socket #centos7上啓動tftp服務[root@CentOS7 ksfile]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── centos6.9
│ ├── initrd.img #對應系統光盤中isolinux目錄下的文件
│ └── vmlinuz
├── centos7.4
│ ├── initrd.img
│ └── vmlinuz
├── menu.c32 #目錄樣式
├── pxelinux.0 #從/usr/share/syslinux/pxelinux.0複製
└── pxelinux.cfg
└── default #由isolinux。cfg文件修改
3 directories, 7 files[root@CentOS7 ksfile]# cat /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
#prompt 1
timeout 600
menu title Auto Install CentOS
label desktop
menu label Install desktop centos6.9 system
kernel centos6.9/vmlinuz
append initrd=centos6.9/initrd.img ks=http://192.168.30.74/centos/ksfile/ks6_desktop.cfg
label mini
menu label Install mini centos6.9 system
kernel centos6.9/vmlinuz
append initrd=centos6.9/initrd.img ks=http://192.168.30.74/centos/ksfile/ks6_mini.cfg
label desktop
menu label Install desktop centos7.4 system
kernel centos7.4/vmlinuz
append initrd=centos7.4/initrd.img ks=http://192.168.30.74/centos/ksfile/ks7_desktop.cfg
label mini
menu label Install mini centos7.4 system
kernel centos7.4/vmlinuz
append initrd=centos7.4/initrd.img ks=http://192.168.30.74/centos/ksfile/ks7_mini.cfg
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
3)配置 DHCP 服務
在子網配置裏添加next-server 192.168.30.74; filename "pxelinux.0";
subnet 192.168.30.0 netmask 255.255.255.0 {
range 192.168.30.10 192.168.30.100;
option routers 192.168.30.1;
option domain-name-servers 233.5.5.5, 233.6.6.6;
next-server 192.168.30.74; #添加的內容
filename "pxelinux.0"; #這裏與/var/lib/tftpboot/下的pxelinux.0對應,可修改文件名
}
4)配置 HTTP 文件
[root@CentOS7 ksfile]# tree -L 3 /var/www/html/
/var/www/html/
└── centos
├── 6 #centos7.4的光盤掛載點
│ ├── CentOS_BuildTag
│ ├── EFI
│ ├── EULA
│ ├── GPL
│ ├── images
│ ├── isolinux
│ ├── LiveOS
│ ├── Packages
│ ├── repodata
│ ├── RPM-GPG-KEY-CentOS-7
│ ├── RPM-GPG-KEY-CentOS-Testing-7
│ └── TRANS.TBL
├── 7 #centos7.4的光盤掛載點
│ ├── CentOS_BuildTag
│ ├── EFI
│ ├── EULA
│ ├── GPL
│ ├── images
│ ├── isolinux
│ ├── Packages
│ ├── RELEASE-NOTES-en-US.html
│ ├── repodata
│ ├── RPM-GPG-KEY-CentOS-6
│ ├── RPM-GPG-KEY-CentOS-Debug-6
│ ├── RPM-GPG-KEY-CentOS-Security-6
│ ├── RPM-GPG-KEY-CentOS-Testing-6
│ └── TRANS.TBL
└── ksfile #kicstart文件
├── ks6_desktop.cfg
├── ks6_mini.cfg
├── ks7_desktop.cfg
└── ks7_mini.cfg
15 directories, 19 files以上配置好就可以開始自動安裝了
cobbler 工具
cobbler 工具是強大的快速網絡安裝linux操作系統的服務,支持衆多的Linux發行版:Red Hat、Fedora、CentOS、Debian、Ubuntu和SuSE,也可以支持網絡安裝windows,由python開發,所以二次開發潛力巨大。
cobbler 工作流程
1、client裸機配置了從網絡啓動後,開機後會廣播包請求DHCP服務器(cobbler server)發送其分配好的一個IP
2、DHCP服務器(cobbler server)收到請求後發送responese,包括其ip地址
3、client裸機拿到ip後再向cobbler server發送請求OS引導文件的請求4、cobbler server告訴裸機OS引導文件的名字和TFTP server的ip和port
5、client裸機通過上面告知的TFTP server地址通信,下載引導文件
6、client裸機執行執行該引導文件,確定加載信息,選擇要安裝的os,期間會再向cobbler server請求kickstart文件和os image
7、cobbler server發送請求的kickstart和os iamge
8、client裸機加載kickstart文件
9、client裸機接收os image,安裝該os image
使用cobbler 工具無人值守部署系統
1)安裝 cobbler 工具,並檢查環境
[root@CentOS7 ksfile]# yum install cobbler #包在epel源中[root@CentOS7 tftpboot]# cobbler check #使用cobbler check檢查當前環境時,這時需要關閉selinux並且重啓httpd
httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cobbler/cli.py", line 251, in check_setup
s.ping()
File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1587, in __request
verbose=self.__verbose
File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1321, in single_request
response.msg,
ProtocolError: <ProtocolError for 127.0.0.1:80/cobbler_api: 404 Not Found>再次檢查 cobbler 環境
[root@CentOS7 tftpboot]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.2)解決環境問題
1:在 /etc/cobbler/settings 文件按的第384行修改 cobbler 服務器的 ip 地址
378 # this is the address of the cobbler server -- as it is used
379 # by systems during the install process, it must be the address
380 # or hostname of the system as those systems can see the server.
381 # if you have a server that appears differently to different subnets
382 # (dual homed, etc), you need to read the --server-override section
383 # of the manpage for how that works.
384 server: 192.168.30.74 378 # this is the address of the cobbler server -- as it is used
379 # by systems during the install process, it must be the address
380 # or hostname of the system as those systems can see the server.
381 # if you have a server that appears differently to different subnets
382 # (dual homed, etc), you need to read the --server-override section
383 # of the manpage for how that works.
384 server: 192.168.30.74 #修改爲cobbler服務器的地址269 # if using cobbler with manage_dhcp, put the IP address
270 # of the cobbler server here so that PXE booting guests can find it
271 # if you do not set this correctly, this will be manifested in TFTP open timeouts.
272 next_server: 192.168.30.74 3:修改 /etc/xinetd.d/tftp 文件中的 disable 爲 no
14 disable = no [root@CentOS7 ~]# cobbler get-loaders
task started: 2018-05-27_212446_get_loaders
task started (id=Download Bootloader Content, time=Sun May 27 21:24:46 2018)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@CentOS7 ~]# cobbler sync
task started: 2018-05-27_212630_sync
task started (id=Sync, time=Sun May 27 21:26:30 2018)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***[root@CentOS7 ~]#⮀tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│ └── grub
│ └── menu.lst
├── etc
├── grub
│ ├── efidefault
│ ├── grub-x86_64.efi
│ ├── grub-x86.efi
│ └── images -> ../images
├── images
│ └── CentOS-6.9-x86_64
│ ├── initrd.img
│ └── vmlinuz
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│ └── default
├── s390x
│ └── profile_list
└── yaboot
11 directories, 12 files 5:此項不是必要修改項,忽略
6:此項爲 debian 系統需要修改的項,忽略
7:修改系統默認密碼,使用 openssl passwd -1 命令生成斌替換 /etc/cobbler/settings 的第101行
[root@CentOS7 ~]# openssl passwd -1
Password:
Verifying - Password:
$1$o19uxuwb$vbVj38jsOQsdQaLe9xuhU1
8:暫時忽略
3)可以使用 cobbler 替我們生成 DHCP 服務配置,也可以自己設置
啓用 cobbler 生成 DCHP 配置文件需要修改 etc/cobbler/settings 中第242行
242 manage_dhcp: 1242 manage_dhcp: 1 #修改爲1[root@CentOS7 tftpboot]#⮀cat /etc/cobbler/dhcp.template
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.30.0 netmask 255.255.255.0 {
option routers 192.168.30.1;
option domain-name-servers 8.8.8.8;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.30.10 192.168.30.200;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}...... 最後重啓 cobbler 服務再使用 cobbler sync 命令同步,所有配置就完成了
4)導入系統安裝文件
[root@CentOS7 ~]# cobbler import --path=/var/www/html/centos/6 --name=CentOS-6.9-x86_64 --arch=x86_64
task started: 2018-05-27_215121_import
task started (id=Media import, time=Sun May 27 21:51:21 2018)
Found a candidate signature: breed=redhat, version=rhel6
Found a candidate signature: breed=redhat, version=rhel7
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/CentOS-6.9-x86_64:
creating new distro: CentOS-6.9-x86_64
trying symlink: /var/www/cobbler/ks_mirror/CentOS-6.9-x86_64 -> /var/www/cobbler/links/CentOS-6.9-x86_64
creating new profile: CentOS-6.9-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/CentOS-6.9-x86_64 for CentOS-6.9-x86_64
processing repo at : /var/www/cobbler/ks_mirror/CentOS-6.9-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/CentOS-6.9-x86_64
looking for /var/www/cobbler/ks_mirror/CentOS-6.9-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/CentOS-6.9-x86_64/repodata
*** TASK COMPLETE ***完成後 cobbler 會自動在 /var/www/cobbler 下生成所有安裝系統需要的文件
[root@CentOS7 cobbler]# tree -L 2
.
├── images
│ └── CentOS-6.9-x86_64
├── ks_mirror
│ ├── CentOS-6.9-x86_64
│ └── config
├── links
│ └── CentOS-6.9-x86_64 -> /var/www/cobbler/ks_mirror/CentOS-6.9-x86_64
├── localmirror
├── misc
│ ├── anamon
│ └── anamon.init
├── pub
├── rendered
├── repo_mirror
└── svc
├── services.py
├── services.pyc
└── services.pyo
13 directories, 5 files使用 cobbler profile 查看當前生效的 kicstart 文件列表
[root@CentOS7 ~]# cobbler profile list #查看kicstart文件列表
CentOS-6.9-x86_64
[root@CentOS7 ~]# cobbler profile report --name=CentOS-6.9-x86_64 #查看kicstart文件信息
Name : CentOS-6.9-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : CentOS-6.9-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/sample_end.ks
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm使用 --help 可以查看 cobbler 和其子命令的選項幫助
[root@CentOS7 ~]# cobbler profile --help
usage
=====
cobbler profile add
cobbler profile copy
cobbler profile dumpvars
cobbler profile edit
cobbler profile find
cobbler profile getks
cobbler profile list
cobbler profile remove
cobbler profile rename
cobbler profile report5)之後就和 PXE 一樣,能夠自動安裝了
cobbler web 工具
cobbler 還有基於 web 頁面的管理工具,可以通過 web 頁面進行系統的部署和配置。
1)安裝 cobbler-web 包( epel 源中),並重啓 cobbler 服務。
[root@CentOS7 ~]# yum install cobbler-web
[root@CentOS7 ~]# systemctl restart httpd.service2)查看 /etc/cobbler/modules.conf
[root@CentOS7 ~]#⮀cat /etc/cobbler/modules.conf
# cobbler module configuration file
# =================================
# authentication:
# what users can log into the WebUI and Read-Write XMLRPC?
# choices: #所有登陸cobbler_web頁面的認證方式
# authn_denyall -- no one (default)
# authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
# authn_passthru -- ask Apache to handle it (used for kerberos)
# authn_ldap -- authenticate against LDAP
# authn_spacewalk -- ask Spacewalk/Satellite (experimental)
# authn_pam -- use PAM facilities
# authn_testing -- username/password is always testing/testing (debug)
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Kerberos
# https://github.com/cobbler/cobbler/wiki/Ldap
[authentication]
module = authn_configfile #當前使用的認證方式
...[root@CentOS7 ~]# htdigest -c /etc/cobbler/users.digest Cobbler jiangbowen #創建用戶、密碼
Adding password for jiangbowen in realm Cobbler.
New password:
Re-type new password:
[root@CentOS7 ~]# cat /etc/cobbler/users.digest
jiangbowen:Cobbler:eae015f6102a12efa5c23613d191b7be htdigest 命令是Apache的Web服務器工具,用於創建和更新儲存用戶名、域和用於摘要認證的密碼文件。
語法:htdigest -c 文件 對象 用戶
3)通過訪問發現證書不受信任,無視這個問題或者將證書裝進受信任的根證書列表。 注意:必須通過 https 訪問。
根據選項就可以創建和管理 cobbler 了。
