第1章 Cobbler 自動化部署系統
1.1 環境準備
1.1.1 查看系統版本
[root@Cobbler ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
1.1.2 內核版本
[root@Cobbler ~]# uname -a
Linux Cobbler 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
1.1.3 確保關閉selinux
[root@Cobbler ~]# getenforce
Disabled
1.1.4 關閉防火牆
[root@Cobbler ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
1.1.5 主機名
[root@Cobbler ~]# hostname
Cobbler
1.1.6 hosts本地解析
[root@Cobbler ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.60 Cobbler
172.16.1.60 Cobbler
1.1.7 安裝yum源
[root@Cobbler ~]# rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
第2章 安裝cobbler
2.1 安裝cobbler
[root@Cobbler ~]# yum install cobbler cobbler-web pykickstart httpd dhcp tftp xinetd -y
安裝包說明:
cobbler #Cobbler程序包
cobbler-web #Cobbler的web服務包
pykickstart #Cobbler檢查kickstart語法錯誤
httpd #Apache web服務
dhcp #Dhcp服務
tftp #Tftp服務
2.2 重要配置文件註釋
[root@Cobbler ~]# rpm -ql cobbler
/etc/cobbler # 配置文件目錄
/etc/cobbler/settings # cobbler主配置文件,這個文件是YAML格式,Cobbler是python寫的程序。
/etc/cobbler/dhcp.template # DHCP服務的配置模板
/etc/cobbler/tftpd.template # tftp服務的配置模板
/etc/cobbler/rsync.template # rsync服務的配置模板
/etc/cobbler/iso # iso模板配置文件目錄
/etc/cobbler/pxe # pxe模板文件目錄
/etc/cobbler/power # 電源的配置文件目錄
/etc/cobbler/users.conf # Web服務授權配置文件
/etc/cobbler/users.digest # 用於web訪問的用戶名密碼配置文件
/etc/cobbler/dnsmasq.template # DNS服務的配置模板
/etc/cobbler/modules.conf # Cobbler模塊配置文件
/var/lib/cobbler # Cobbler數據目錄
/var/lib/cobbler/config # 配置文件
/var/lib/cobbler/kickstarts # 默認存放kickstart文件
/var/lib/cobbler/loaders # 存放的各種引導程序
/var/www/cobbler # 系統安裝鏡像目錄
/var/www/cobbler/ks_mirror # 導入的系統鏡像列表
/var/www/cobbler/images # 導入的系統鏡像啓動文件
/var/www/cobbler/repo_mirror # yum源存儲目錄
/var/log/cobbler # 日誌目錄
/var/log/cobbler/install.log # 客戶端系統安裝日誌
/var/log/cobbler/cobbler.log # cobbler日誌
2.3 啓動服務
cobbler的運行依賴於dhcp、tftp、rsync及dns服務
[root@Cobbler ~]# systemctl start httpd
[root@Cobbler ~]# systemctl start cobblerd
[root@Cobbler ~]# ss -tlunp
2.4 檢查Cobbler的配置,如果看不到下面的結果,再次執行systemctl start cobblerd
[root@Cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kckstarting features will not work. This should be a resolvable hostname or IP for the boot server s reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to someting other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-laders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that ou have installed a *recent* version of the syslinux package installed and can ignore this message ntirely. Files in this directory, should you want to support all architectures, should include pxeinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to reolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and reposiories
7 : The default password used by the sample templates for newly installed machines (default_passwor_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl psswd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features.install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
2.4.1 針對上方問題的逐一解決:
1.修改/etc/cobbler/settings文件中的server參數的值爲提供cobbler服務的主機相應的IP地址或主機名"如server: 10.0.0.60";
此命令可以更改兩個參數解決 1,2問題。
sed -i 's/server: 127.0.0.1/server: 172.16.1.60/' /etc/cobbler/settings
檢查:
[root@linux-node1 ~]# grep 172.16.1.60 /etc/cobbler/settings
next_server: 172.16.1.60
server: 172.16.1.60
2. 見上條命令結果檢查;
3. 修改/etc/xinetd.d/tftp中的disable的參數修改爲"disable = no";
4. 按照提示執行"cobbler get-loaders"下載loaders;
查看下載的內容
[root@Cobbler ~]# ls /var/lib/cobbler/loaders/
COPYING.elilo COPYING.yaboot grub-x86_64.efi menu.c32 README
COPYING.syslinux elilo-ia64.efi grub-x86.efi pxelinux.0 yaboot
5. 安裝提示執行 "systemctl enable rsyn
[root@Cobbler ~]# systemctl enable rsyncd
6. 待定;
7. 創建默認系統用戶及密碼:
[root@Cobbler ~]# openssl passwd -1 -salt 'root' '123456' (此爲系統root的密碼)
$1$root$j0bp.KLPyr.u9kgQ428D10
將生成的密碼添加到配置文件
[root@Cobbler ~]# grep default_password /etc/cobbler/settings
default_password_crypted: "$1$root$j0bp.KLPyr.u9kgQ428D10"
8. 待定;
2.4.2 重啓cobblerd後再做檢查:
還差兩項(6,8),一個爲debian系統相關,一個爲電源管理設備相關,此處暫不做調整;
[root@Cobbler ~]# systemctl restart cobblerd
[root@Cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : debmirror package is not installed, it will be required to manage debian deployments and reposiories
2 : fencing tools were not found, and are required to use the (optional) power management features.install cman or fence-agents to use them
2.5 配置DHCP
[root@Cobbler ~]# sed -i 's#manage_dhcp: 0#manage_dhcp: 1#g' /etc/cobbler/settings
[root@Cobbler ~]# vim /etc/cobbler/dhcp.template
……
subnet 172.16.1.0 netmask 255.255.255.0 {
#option routers 192.168.1.5;
#option domain-name-servers 192.168.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 172.16.1.100 172.16.1.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
……
2.6 同步Cobbler配置
同步最新cobbler配置,它會根據配置自動修改dhcp等服務
[root@Cobbler ~]# systemctl restart xinetd
[root@Cobbler ~]# systemctl restart cobblerd
[root@Cobbler ~]# cobbler rync
No such command: rync
[root@Cobbler ~]# cobbler sync
task started: 2017-12-21_125119_sync
task started (id=Sync, time=Thu Dec 21 12:51:19 2017)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
#查看dhcp配置文件的標註開頭證明自己由Cobbler管理
[root@Cobbler ~]# less /etc/dhcp/dhcpd.conf
# ******************************************************************
# Cobbler managed dhcpd.conf file
# generated from cobbler dhcp.conf template (Thu Dec 21 04:51:20 2017)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
# ******************************************************************
2.7 導入鏡像參數
[root@Cobbler ~]# cobbler import --help
Usage: cobbler import [options]
Options:
-h, --help show this help message and exit
--arch=ARCH OS architecture being imported
--breed=BREED the breed being imported
--os-version=OS_VERSION
the version being imported
--path=PATH local path or rsync location
--name=NAME name, ex 'RHEL-5'
--available-as=AVAILABLE_AS
tree is here, don't mirror
--kickstart=KICKSTART_FILE
assign this kickstart file
--rsync-flags=RSYNC_FLAGS
pass additional flags to rsync
2.8 常見參數註釋:
cobbler check 覈對當前設置是否有問題
cobbler list 列出所有的cobbler元素
cobbler report 列出元素的詳細信息
cobbler sync 同步配置到數據目錄,更改配置最好都要執行下
cobbler reposync 同步yum倉庫
cobbler distro 查看導入的發行版系統信息
cobbler system 查看添加的系統信息
cobbler profile 查看配置信息
2.9 可單個執行查看幫助信息
[root@Cobbler ~]# cobbler distro
usage
cobbler distro add
cobbler distro copy
cobbler distro edit
cobbler distro find
cobbler distro list
cobbler distro remove
cobbler distro rename
cobbler distro report
第3章 網頁登陸配置cobbler
瀏覽器地址欄輸入:https://10.0.0.60/cobbler_web即可打開cobbler網頁
默認用戶:cobbler
默認密碼:cobbler
3.1.1 修改cobbler網頁默認登陸用戶和密碼
/etc/cobbler/users.conf # Web服務授權配置文件
/etc/cobbler/users.digest # 用於web訪問的用戶名密碼配置文件
[root@nfs01 ~]# cat /etc/cobbler/users.digest
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3
# 設置Cobbler web用戶登陸密碼
# 在Cobbler組添加cobbler用戶,提示輸入2遍密碼確認
htdigest /etc/cobbler/users.digest "Cobbler" cobbler
Changing password for user cobbler in realm Cobbler
New password: 123456
Re-type new password:123456
cobbler sync 同步配置文件
3.2 web界面管理
3.2.1 掛載光盤
3.2.1.1 檢查掛在詳情
mount /dev/cdrom /mnt/ 將光盤掛載到/mnt目錄下面
df –h 通過df –h命令查看掛載結果
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.6G 1.6G 4.8G 25% /
tmpfs 364M 0 364M 0% /dev/shm
/dev/sda1 190M 35M 146M 19% /boot
/dev/sr0 3.7G 3.7G 0 100% /mnt
3.2.1.2 光盤掛載完之後在web頁面進行以下操作
3.2.1.3 在命令行通過以下命令查看同步結果
[root@nfs01 ~]# ps -ef |grep rsync
root 29425 28711 23 16:56 ? 00:00:04 rsync -a /mnt/ /var/www/cobbler/ks_mirror/CentOS6.9-x86_64 --progress
root 29426 29425 0 16:56 ? 00:00:00 rsync -a /mnt/ /var/www/cobbler/ks_mirror/CentOS6.9-x86_64 --progress
root 29427 29426 20 16:56 ? 00:00:03 rsync -a /mnt/ /var/www/cobbler/ks_mirror/CentOS6.9-x86_64 –progress
看到上面三個進程說明正在同步到/var/www/cobbler/ks_mirror/CentOS6.9-x86_64目錄中
3.2.1.4 查看同步結果
[root@nfs01 CentOS6.9-x86_64]# ls /var/www/cobbler/ks_mirror/CentOS6.9-x86_64/
CentOS_BuildTag GPL Packages RPM-GPG-KEY-CentOS-6 RPM-GPG-KEY-CentOS-Testing-6
EFI images RELEASE-NOTES-en-US.html RPM-GPG-KEY-CentOS-Debug-6 TRANS.TBL
EULA isolinux repodata RPM-GPG-KEY-CentOS-Security-6
[root@nfs01 CentOS6.9-x86_64]# du -sh
3.8G .
已經將光盤中的內容同步到cobbler服務器中
3.2.2 查看鏡像信息
3.2.2.1 以下信息都是默認的,不需要填寫
3.2.3 屬性信息 ks.cfg配置文件信息
3.2.4 添加Kickstart Templates
3.2.4.1 ks文件內容如下(CentOS6.x)
cat /var/lib/cobbler/kickstarts/CentOS-6.9-x86_64.cfg
# Cobbler for Kickstart Configurator for CentOS 6.9 by jx Liu
install
url --url=$tree
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
$SNIPPET('network_config')
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $default_password_crypted
clearpart --all --initlabel
part /boot --fstype=ext4 --asprimary --size=200
part swap --size=1024
part / --fstype=ext4 --grow --asprimary --size=200
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
#wget -O /tmp/optimization.sh http://10.0.0.31/ks_config/optimization.sh &>/dev/null
#/bin/sh /tmp/optimization.sh 此腳本需要自己定義
%end
3.2.4.2 ks配置文件(CentOS7.x)
cat /var/lib/cobbler/kickstarts/CentOS-7.2-x86_64.cfg
# Cobbler for Kickstart Configurator for CentOS 7.2 by jx Liu
install
url --url=$tree
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
$SNIPPET('network_config')
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $default_password_crypted
clearpart --all --initlabel
part /boot --fstype xfs --size 1024
part swap --size 1024
part / --fstype xfs --size 1 --grow
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
wget -O /tmp/optimization.sh http://10.0.0.31/ks_config/optimization.sh &>/dev/null
/bin/sh /tmp/optimization.sh
%end
3.2.4.3 腳本文件存放路徑
[root@nfs01 ks_config]# ls /var/www/html/ks_config/ #只要在網頁能顯示出來就能執行
CentOS-Base.repo epel.repo hosts optimization.sh sshd_config sysctl.conf
3.2.4.4 涉及到修改ip的文件
/var/lib/cobbler/kickstarts/CentOS-6.9-x86_64.cfg 需要將裏面涉及到的ip地址改爲當前服務器的即可
/var/www/html/ks_config/optimization.sh 需要將裏面涉及到的ip地址改爲當前服務器的即可
3.2.4.5 腳本/var/www/html/ks_config/optimization.sh內容如下:
#!/bin/bash
. /etc/init.d/functions
Ip=172.16.1.61
Port=80
ConfigDir=ks_config
# Judge Http server is ok?
PortNum=`nmap $Ip -p $Port 2>/dev/null|grep open|wc -l`
[ $PortNum -lt 1 ] && {
echo "Http server is bad!"
exit 1
}
# Defined result function
function Msg(){
if [ $? -eq 0 ];then
action "$1" /bin/true
else
action "$1" /bin/false
fi
}
# Defined IP function
function ConfigIP(){
Suffix=`ifconfig eth1|awk -F "[ .]+" 'NR==2 {print $6}'`
cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<-END
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=10.0.0.$Suffix
PREFIX=24
GATEWAY=10.0.0.254
DNS1=10.0.0.254
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
END
Msg "config eth0"
cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<-END
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=172.16.1.$Suffix
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth1"
END
Msg "config eth1"
}
# Defined Yum source Functions
function yum(){
YumDir=/etc/yum.repos.d
[ -f "$YumDir/CentOS-Base.repo" ] && cp $YumDir/CentOS-Base.repo{,.ori}
wget -O $YumDir/CentOS-Base.repo http://$Ip:$Port/$ConfigDir/CentOS-Base.repo &>/dev/null &&\
wget -O $YumDir/epel.repo http://$Ip:$Port/$ConfigDir/epel.repo &>/dev/null &&\
Msg "YUM source"
}
# Defined add Ordinary users Functions
function AddUser(){
useradd oldboy &>/dev/null &&\
echo "123456"|passwd --stdin oldboy &>/dev/null &&\
sed -i '98a oldboy ALL=(ALL) NOPASSWD:ALL' /etc/sudoers &&\
visudo -c &>/dev/null
Msg "AddUser oldboy"
}
# Defined Hide the system version number Functions
function HideVersion(){
[ -f "/etc/issue" ] && >/etc/issue
Msg "Hide issue"
[ -f "/etc/issue.net" ] && > /etc/issue.net
Msg "Hide issue.net"
}
# Defined SSHD config Functions
function sshd(){
SshdDir=/etc/ssh
[ -f "$SshdDir/sshd_config" ] && /bin/mv $SshdDir/sshd_config{,.ori}
wget -O $SshdDir/sshd_config http://$Ip:$Port/$ConfigDir/sshd_config &>/dev/null &&\
chmod 600 $SshdDir/sshd_config
Msg "sshd config"
}
# Defined OPEN FILES Functions
function openfiles(){
[ -f "/etc/security/limits.conf" ] && {
echo '* - nofile 65535' >> /etc/security/limits.conf
Msg "open files"
}
}
# Defined Kernel parameters Functions
function kernel(){
KernelDir=/etc
[ -f "$KernelDir/sysctl.conf" ] && /bin/mv $KernelDir/sysctl.conf{,.ori}
wget -O $KernelDir/sysctl.conf http://$Ip:$Port/$ConfigDir/sysctl.conf &>/dev/null
Msg "Kernel config"
}
# Defined hosts file Functions
function hosts(){
HostsDir=/etc
[ -f "$HostsDir/hosts" ] && /bin/mv $HostsDir/hosts{,.ori}
wget -O $HostsDir/hosts http://$Ip:$Port/$ConfigDir/hosts &>/dev/null
Msg "Hosts config"
}
# Defined System Startup Services Functions
function boot(){
for oldboy in `chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "crond|network|rsyslog|sshd"`
do
chkconfig $oldboy off
done
Msg "BOOT config"
}
# Defined Time Synchronization Functions
function Time(){
echo "#time sync by zhangyao at $(date +%F)" >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null' >>/var/spool/cron/root
Msg "Time Synchronization"
}
# Defined main Functions
function main(){
ConfigIP
yum
#AddUser
HideVersion
#sshd
openfiles
kernel
hosts
boot
Time
}
main
3.2.5 配置systems
3.2.5.1 systems選項用來指定客戶端的ip地址,主機名等信息
3.2.5.2 CentOS7.x需要在Kernel Options加入如下內容
修改CentOS7的內核-修改網卡的名字
net.ifnames=0 biosdevname=0
3.3 安裝系統過程
查找dhcp服務分配ip地址
安裝界面截圖