前言
感覺沒什麼需要介紹的,因爲基本除了第一次裝機的時候配置一下,後面基本上都不會有太大的調整,最多就是dhcp地址池以及網絡的修改。通常是有自己物理機的公司使用的,用雲服務器的就用不着了。。
下面介紹一下Cobbler的基本配置方法。
Cobbler安裝
Cobbler是由python語言開發的,kickstart的升級版,相對於pxe+kickstart的裝機組合,更爲簡單,且自帶了web界面,使用時用戶體驗良好,裝機方便。
環境介紹
系統:centos7.4
cobbler服務器:
eth0 192.168.10.212 內網1
eth1 10.20.10.212 內網2
【1】yum安裝
注意查看系統版本和內核版本,安裝對應版本軟件
cat /etc/redhat-release
uname -r
<1>Centos6
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
<2>Centos7
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
<3>yum緩存更新
yum cleanall
yum makecache
<4>軟件安裝
yum -y install cobbler cobbler-web dhcp tftp-server pykickstart httpd rsync
【2】防火牆配置
由於處於內網環境,且配置內部dns.通常情況下這臺是關閉防火牆的,但也可以配置防火牆規則
<1>關閉防火牆
***centos7***
getenforce
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
vim /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
***centos6***
getenforce
setenforce 0
/etc/init.d/iptables stop
chkconfig iptables off
vim /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
【3】cobbler文件介紹(可跳過)
/etc/cobbler 配置文件目錄
/etc/cobbler/settings cobbler主配置文件
/etc/cobbler/dhcp.template DHCP服務的配置模板
/etc/cobbler/tftpd.template tftp服務的配置模板
/etc/cobbler/rsync.template rsync服務的配置模板
/etc/cobbler/iso iso模板配置文件目錄
/etc/cobbler/pxe pxe模板文件目錄
/etc/cobbler/power 電源的配置文件目錄
/etc/cobbler/users.conf Web服務授權配置文件
/etc/cobbler/users.digest 用於web訪問的用戶名密碼配置文件
/etc/cobbler/dnsmasq.template DNS服務的配置模板
/etc/cobbler/modules.conf Cobbler模塊配置文件
/var/lib/cobbler Cobbler數據目錄
/var/lib/cobbler/config 配置文件
/var/lib/cobbler/kickstarts 默認存放kickstart文件
/var/lib/cobbler/loaders 存放的各種引導程序
/var/www/cobbler 系統安裝鏡像目錄
/var/www/cobbler/ks_mirror 導入的系統鏡像列表
/var/www/cobbler/images 導入的系統鏡像啓動文件
/var/www/cobbler/repo_mirror yum源存儲目錄
/var/log/cobbler 日誌目錄
/var/log/cobbler/install.log 客戶端系統安裝日誌
/var/log/cobbler/cobbler.log cobbler日誌
【4】cobbler啓動並檢查
centos7
systemctl start httpd
systemctl start cobblerd
cobbler check
centos6
/etc/init.d/httpd start
/etc/init.d/cobblerd start
/etc/init.d/xinted start
cobbler check
由於cobbler沒有進行詳細的配置,當然會彈出大量的報錯,需要根據提示進行修改。
如果要部署debian/ubuntu系統需要安裝debmirror,否則忽略下方第6個提示;
如果使用電源管理功能的話需要安裝 cman 或fence-agents,否則忽略下方第8個提示
cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
cobbler配置
【1】第1,2問題解決
(Server 和 Next_Server配置)
server 爲指定cobbler服務器地址
sed -i 's/server: 127.0.0.1/server: 192.168.10.212/g' /etc/cobbler/settings
next_server 爲dhcp/pxe網絡中被下載引導文件的tftp服務器的地址,server設置爲同一個IP
sed -i 's/next_server: 127.0.0.1/next_server: 192.168.10.212/g' /etc/cobbler/settings
用Cobbler管理DHCP
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/' /etc/cobbler/settings
防止循環裝系統,適用於服務器第一啓動項是PXE啓動
sed -i 's/pxe_just_once: 0/pxe_just_once: 1/' /etc/cobbler/settings
注意":"後有一個空格
【2】第3、5問題解決
(tftp和rsync配置)
centos6和7的fttp由於軟件版本不一致,配置方法也不一致,centos6還需配置xinetd.d/rsync ,配置完成後重啓x;centos7無需配置rsync.
實際解決需要根據cobbler check提示解決
sed -i '/disable/c disable = no' /etc/xinetd.d/tftp
or
sed -i 's#yes#no#' /etc/xinetd.d/tftp
xinetd的wait也可設置爲no,選擇第2條命令(wait = no表示服務將以多線程的方式運行)
systemctl start rsyncd
【3】第4問題解決
安裝缺少的軟件,如yum無法安裝,可去官網下載cobbler_load
cobbler get-loaders
在/var/lib/cobbler/loaders下,下載引導操作系統文件
【4】第6問題解決(不配置debian可忽略)
yum -y install debmirror
vim /etc/debmirror.conf
#@dists="sid";
@sections="main,main/debian-installer,contrib,non-free";
#@arches="i386";
【5】第7問題解決
設置Cobbler安裝系統的root初始密碼
sed -ri "/default_password_crypted/s#(.*: ).*#\1\"`openssl passwd -1 -salt '任意字符' '密碼'`\"#" /etc/cobbler/settings
任意字符實際上是可隨便填寫的,重點是密碼
密碼即爲設置的密碼
【6】第8問題解決
配置電源管理
yum -y install cman
or
yum -y install fence-agents
【7】修改Cobbler的dhcp模板
cobbler會根據此模版將配置同步到dhcp的配置文件中(/etc/dhcp/dhcpd.conf)
可手動配置,也可使用sed命令配置。通常有幾個可使用的網卡,可配置幾個地址池
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 10.20.10.0 netmask 255.255.255.0 { #配置要分配的地址段及netmask, 需要修改爲自己的網段
option routers 10.20.10.254; #配置網關,如dhcp有問題,注意網關的配置
option domain-name-servers 223.5.5.5; #配置dns,也可配置自己內部的dns
option subnet-mask 255.255.254.0; #配置netmask
range dynamic-bootp 10.20.10.50 10.20.10.250; #分配的ip範圍
default-lease-time 21600; #缺省租約時間
max-lease-time 43200; #最大租約時間
next-server $next_server; #指定引導裝機的ip
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
subnet 192.168.10.0 netmask 255.255.255.0 {
option routers 192.168.10.254;
option domain-name-servers 223.5.5.5;
option subnet-mask 255.255.254.0;
range dynamic-bootp 192.168.10.50 192.168.10.250;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
hardware ethernet $mac;
#if $iface.ip_address:
fixed-address $iface.ip_address;
#end if
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for
【8】Cobbler同步配置及啓動
<1>修改完成後,再次檢測
cobbler check
<2>配置同步
cobbler sync
<3>服務重啓
systemctl restart httpd
systemctl restart cobblerd
systemctl restart dhcpd
systemctl restart rsyncd
systemctl restart tftp.socket
systemctl enable httpd
systemctl enable dhcpd
systemctl enable cobblerd
systemctl enable rsyncd
systemctl enable tftp.socket
【9】導入鏡像
<1>從官網上或其他渠道下載iso鏡像並上傳到cobbler服務器
<2>創建掛載目錄
mkdir -p /usr/local/mount{1…2}
<3>掛載鏡像
mount -t -o loop /root/CentOS-6.7-x86_64-bin-DVD.iso /usr/local/mount1
mount -t -o loop /root/CentOS-7-x86_64-Minimal-1708.iso /usr/local/mount2
Cobbler web配置
【1】登錄
瀏覽器訪問http://cobbler服務器IP/cobbler_web
默認用戶名cobbler 密碼cobbler
centos7 需要用https訪問
<1>添加用戶操作
htdigest /etc/cobbler/users.digest "Cobbler" 用戶名
htdigest /etc/cobbler/users.digest "Cobbler" gstest
【2】導入鏡像
<1>web配置方法
選擇Import DVD
Prefix 名稱
Arch 版本
Breed 系統
Path 從什麼地方導入
點擊run後,鏡像就會使用rsync導入到cobbler統一管理鏡像的位置/var/www/cobbler/ks_mirror/
Events內爲導入產生的日誌
<2>命令配置方法
上面的步驟可用命令行來實現
當導入鏡像到cobbler完成後,就可使用umount解除掛載了,wget下的鏡像如不需要也可刪除
cobbler import --path=/usr/local/mount1 --name=Centos-6.7-x86_64 --arch=x86_64
定製化安裝操作系統
【1】配置內核參數
<1>查看導入的鏡像,點擊edit編輯
<2>配置內核參數(可讓網卡變爲eth格式)
biosdevname=0 net.ifnames=0
【2】配置ks文件
<1>點擊Kickstart Templates ,Create New Kickstart File ,配置新的ks文件
ks默認配置文件位置爲 /var/lib/cobbler/kickstarts
也可在此目錄下編輯一個ks文件,就無需web上配置了
<2>編輯一個名稱,空白處填入ks文件內容(內容根據需求配置)
注意ks文件中,最好不要有中文字符,可能導致報錯
如果不會寫ks文件,也可安裝kickstart,生成ks文件(自行搜索)
<3>點擊profiles,部署工程
客戶端使用pex時,會選擇對應的工程文件開始自動部署
選擇鏡像及對應的ks文件,如無特殊配置ks文件也可以使用ks模板
【3】命令行配置
上面的過程可直接使用命令配置
profile配置
cobbler profile edit --name=Centos6.7-x86_64 --distro=Centos6.7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/Centos6.7-x86_64.cfg
內核配置
cobbler profile edit --name=Centos6.7-x86_64 --kopts='net.ifnames=0 biosdevname=0'
cobbler profile add|edit|remove --name=安裝引導名 --distro=鏡像名 --kickstart=指定ks文件
【4】自定義PXE菜單
修改安裝時pex顯示的地址
vim /etc/cobbler/pxe/pxedefault.template
MENU TITLE Cobbler | http://www.自己填.com
同步配置
cobbler sync
【5】檢查
cobbler list 查看導入結果
cobbler distro list 查看發行版本
cobbler profile report 查看配置
tree /var/lib/tftpboot/images 查看內核和初始化文件在tftp server 共享目錄
實際上,完成上面的步驟後,新機使用pxe,進入界面後即可,根據需求選擇自己要安裝的版本了
【5】ks文件參考
下方文件僅供參考(如果是web界面添加,內部不要有中文字符,易導致報錯)
(不方便貼的都刪了,所以看着理解就行)
install
url --url=http://192.168.10.212/cobbler/ks_mirror/Centos6.7-x86_64
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
network --bootproto=dhcp --device=eth1 --onboot=yes --noipv6 --hostname=CentOS6
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $6$X20eRtuZhkHznTb4$dK0BJByOSAWSDD8jccLVFzdMWwpoCw/ZEjYw2BTQYGWlgKsn945fFTjRC658UX
clearpart --all --initlabel
part /boot --fstype=ext4 --asprimary --size=200
part swap --size=1024
part / --fstype=ext4 --grow --asprimary --size=200
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
%post
chkconfig acpid off
chkconfig atd off
chkconfig autofs off
chkconfig bluetooth off
chkconfig cpuspeed off
chkconfig firstboot off
chkconfig gpm off
chkconfig haldaemon off
chkconfig hidd off
chkconfig ip6tables off
chkconfig isdn off
chkconfig messagebus off
chkconfig nfslock off
chkconfig pcscd off
chkconfig portmap off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig yum-updatesd off
chkconfig sendmail off
#允許開機啓動的服務
chkconfig crond on
chkconfig kudzu on
chkconfig network on
chkconfig readahead_early on
chkconfig sshd on
chkconfig syslog on
#禁止使用Ctrl+Alt+Del快捷鍵重啓服務器
sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/g" '/etc/inittab'
telinit q
#優化系統內核
echo -e "ulimit -c unlimited" >> /etc/profile
echo -e "ulimit -s unlimited" >> /etc/profile
echo -e "ulimit -SHn 65535" >> /etc/profile
source /etc/profile
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf'
echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_max = 131072" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf
echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_conntrack_max = 819200" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_local_port_range = 10024 65535" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_len = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
/sbin/sysctl -p
#執行外部的初始化腳本(改爲靜態IP/bond/其他調優參數)
cd /root
wget http://192.168.10.212/cobbler/ks_mirror/config/auto.sh
sh /root/auto.sh
%end