cobbler 安装部署测试

cobbler比pxe的优点在于一个cobbler支持多个发行版系统，服务只需一个cobbler平台，有web界面，支持客户端运行命令自己系统重装。

虚拟机自己创建一个Host-only Networ的网络，地址范围192.168.56.1-192.168.56.199，目的是防止自己当前物理环境存在dhcp服务，影响cobbler dhcp功能。如果是桥接物理网卡，注意当前wifi设备的dhcp服务。

虚拟机创建HostNetwor网络

将要部署cobbler服务的虚拟机加入cobbler网络

cobbler服务器的初始化配置如下：

关闭防火墙
iptables -F

关闭selinux
cat /etc/sysconfig/selinux  | grep -i selinux
SELINUX=disabled

1.安装软件包这块，需要自己挂载镜像，然后yum源file指定挂在镜像目录，就可以。

2.懒人办法，网卡改为桥接，把软件包安装了，然后再改为Host-only Networ网络。

安装epel源
[root@cobbler ~]#  yum install epel-release -y &&  yum makecache

cobbler软件安装
[root@cobbler ~]#  yum -y install httpd dhcp tftp python-ctypes cobbler  xinetd cobbler-web debmirror  pykickstart fence-agents

启动cobblerd服务并设置开机自动启动
[root@cobbler ~]# systemctl start cobblerd && systemctl enable cobblerd
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.

启动httpd服务和设置开机自启动，不启动httpd，
[root@cobbler ~]# systemctl start httpd && systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

注意：不启动httpd，cobbler check会报错，把check要修改的改完cobbler服务就可以正常服务启动。

cobbler服务配置检查，把下面的全部排除了，服务就可以正常启动了。
[root@cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders.  If you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot.
5 : enable and start rsyncd.service with systemctl
6 : comment out 'dists' on /etc/debmirror.conf for proper debian support
7 : comment out 'arches' on /etc/debmirror.conf for proper debian support
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one

Restart cobblerd and then run 'cobbler sync' to apply changes.

下面图片信息输出可以不理会，也可以处理，对cobbler服务没有影响，本文没做处理。

上面输出处理办法如下
安装syslinux
[root@inux-node1 ~]# yum -y install syslinux*
[root@inux-node1 ~]# cp /usr/share/syslinux/pxelinux.0 /var/lib/cobbler/loaders/
[root@inux-node1 ~]# cp /usr/share/syslinux/menu.c32 /var/lib/cobbler/loaders/
[root@inux-node1 ~]# ls /var/lib/cobbler/loaders/

cobbler check信息处理如下

[root@cobbler cobbler]# cat /etc/cobbler/settings | grep 192.168.56.4
next_server: 192.168.56.4
server: 192.168.56.4

[root@cobbler cobbler]# cat /etc/xinetd.d/tftp | grep "disable"
	disable			= no

vim /etc/debmirror.conf
下面2行注释掉
#@dists="sid";
#@arches="i386";

启动rsyncd服务

[root@192 cobbler]# systemctl restart rsyncd && systemctl enable rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.

[root@cobbler cobbler]# openssl passwd -1 -salt '123456' 'mew888666'
$1$123456$K3Pp/tqogQIsrdZKcHWPM/

上面生成的加密后的密码复制下来

[root@cobbler cobbler]# cat /etc/cobbler/settings | grep default_password_crypted
default_password_crypted: "$1$123456$K3Pp/tqogQIsrdZKcHWPM/"

[root@cobbler xinetd.d]# systemctl start xinetd && systemctl enable xinetd
[root@cobbler xinetd.d]#
[root@cobbler xinetd.d]# systemctl restart tftp && systemctl enable tftp
Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket.

cobbler同步配置并且重启cobbler服务。

[root@localhost ~]# cobbler sync && systemctl restart cobblerd

配置并开启 DHCP 服务

说明:dhcp服务配置分2种方式，二选一部署

1.第一种托管给cobbler服务来管理，需要配置的参数

#开启cobbler管理dhcp
vim /etc/cobbler/settings

manage_dhcp: 1

配置dhcp服务配置模版
vim /etc/cobbler/dhcp.template
subnet 192.168.56.0 netmask 255.255.255.0 {
     option routers             192.168.56.4;   ##本机网关
     option domain-name-servers 192.168.56.4;    ##本机dns
     option subnet-mask         255.255.255.0;    #子网
     range dynamic-bootp        192.168.56.100 192.168.56.150;  #ip范围

2.第二种方法如下:

自行配置dhcp服务,自己管理，使用下面配置。

vim /etc/cobbler/settings
manage_dhcp: 0

[root@192 doc]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp：是否覆盖"/etc/dhcp/dhcpd.conf"？ y
# 配置并开启 DHCP 服务
vim /etc/dhcp/dhcpd.conf

这2行可要可不要
#option domain-name "example.org";
#option domain-name-servers 192.168.1.1, 8.8.8.8;

default-lease-time 600;
max-lease-time 7200;

log-facility local7;
subnet 192.168.56.0 netmask 255.255.255.0 {
  range 192.168.56.100 192.168.56.200;
  option routers 192.168.56.4;
}
next-server 192.168.56.4;
filename="pxelinux.0";

启动dhcp服务

systemctl start dhcpd && systemctl enable dhcpd

dhcp服务报错如下：

1.看自己虚拟机是不是双网卡，第二网卡没配ip问题导致。

2.虚拟机网卡默认名称ens33，自己安装改了网卡名字eth0

cat /etc/sysconfig/dhcpd
DHCPDARGS=eth0

3.测试发现，在此之前没有执行过cobbler sync命令，这步直接启动dhcp也会是如下报错。

挂载centos镜像，从镜像导入cobbler发行版安装镜像

mkdir /mnt/cdrom

#挂在镜像
[root@localhost ~]#  mount -t iso9660 /dev/cdrom /mnt/cdrom/
mount: /dev/sr0 写保护，将以只读方式挂载

#cobbler导入镜像
[root@localhost ~]# cobbler import --name="centos7.9" --path=/mnt/cdrom/ --arch=x86_64
task started: 2023-06-06_130348_import
task started (id=Media import, time=Tue Jun  6 13:03:48 2023)
Found a candidate signature: breed=suse, version=opensuse15.0
Found a candidate signature: breed=suse, version=opensuse15.1
Found a candidate signature: breed=redhat, version=rhel6
Found a candidate signature: breed=redhat, version=rhel7
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/centos7.9-x86_64:
creating new distro: centos7.9-x86_64
trying symlink: /var/www/cobbler/ks_mirror/centos7.9-x86_64 -> /var/www/cobbler/links/centos7.9-x86_64
creating new profile: centos7.9-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/centos7.9-x86_64 for centos7.9-x86_64
processing repo at : /var/www/cobbler/ks_mirror/centos7.9-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/centos7.9-x86_64
looking for /var/www/cobbler/ks_mirror/centos7.9-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos7.9-x86_64/repodata
*** TASK COMPLETE ***

查看distro镜像,导入时默认生成一个profile。

[root@localhost ~]# cobbler distro list
   centos7.9-x86_64
[root@localhost ~]# cobbler profile list
   centos7.9-x86_64

默认这个profile指定的ks是不能装机的，可以修改也可以删除重新指定新的。

[root@localhost ~]# cobbler profile report

我们选择删除，当然你也可以后面上传完自己的ks文件，修改指定到自己的都行。

[root@localhost ~]# cobbler profile remove --name=centos7.9-x86_64
[root@localhost ~]# cobbler profile list
[root@localhost ~]# cobbler distro list
   centos7.9-x86_64

准备一个centos7的kickstart文件,放在/var/lib/cobbler/kickstarts/目录下：

#Kickstart Configurator by Jason Zhao
#platform=x86, AMD64, or Intel EM64T
#System  language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#rootpw --iscrypted $1$ops-node$7hqdpgEmIE7Z0RbtQkxW20
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
#url --url=$tree  #使用tree变量也行，cobbler distro report查看tree变量值
url --url="http://192.168.56.4/cobbler/ks_mirror/centos7.9-x86_64/"
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr
#Partition clearing information
clearpart --all --initlabel 
#Disk partitioning information
part /boot --fstype xfs --size 1024 --ondisk sda
part swap --size 4000 --ondisk sda
part / --fstype xfs --size 1 --grow --ondisk sda
#System authorization infomation
auth  --useshadow  --enablemd5 
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=eth0 --onboot=on
# Reboot after installation
reboot
#Firewall configuration
firewall --disabled 
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
#Package install information
%packages
@^minimal
@core
net-tools
vim
wget
epel-release
koan
%end

注意：上面centos7.cfg中有自定义软件包，如果你下载的镜像是minimal，里面没有net-tools....kona软件包，pxe装机会报错呦，😂，解决办法删了这几个软件包就欧克。

上面kickstarts文件中可以使用:url --url=$tree,也可以指定写死url， 查看tree变量

给发行版镜像centos7.9-x86_64添加profile

[root@localhost kickstarts]# cobbler profile add --name=centos7.9_mew --distro=centos7.9-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg
[root@localhost kickstarts]# cobbler profile list
   centos7.9_mew

如果之前默认profile没有删除，也可以修改centos7.9-x86_64镜像的profile指定的kickstart，刚才上面操作删除，下面这条不用执行，和上面2选1操作.

cobbler profile edit --name centos7.9-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.9.ks

配置使用kickstart安装出来的机器默认网卡是eth0，所以需要修改内核参数，不然pxe启动失败，识别不到网卡。上面centos7的kickstart文件文件也制定了装出来的虚拟机网卡是eth0，如果你不想使用eth0，那就不指定网卡，也不用再设置下面参数了。

[root@localhost kickstarts]# cobbler profile edit --name centos7.9_mew --kopts='net.ifnames=0 biosdevname=0'
[root@localhost kickstarts]# cobbler profile report

可以查看cobbler定义哪些配置

[root@localhost kickstarts]# cobbler list
distros:
   centos7.9-x86_64

profiles:
   centos7.9_mew

systems:

repos:

images:

mgmtclasses:

packages:

files:

配置完成，cobbler同步配置，一定要同步配置。

[root@localhost kickstarts]# cobbler sync && systemctl restart cobblerd

可以看到kickstart的tftp web连接，注意ip地址是不是自己的ip

cat /var/lib/tftpboot/pxelinux.cfg/default

新机器设置从网络启动就可以选择pxe安装系统了

修改cobbler的界面,pxe安装时自己定义界面

vim /etc/cobbler/pxe/pxedefault.template

做了修改一定要同步配置。

cobbler sync && systemctl restart cobblerd

cobbler安装新机器

创建新的虚拟机，加入cobbler同一个网络的Host-only Networ，然后选择网络安装即可。

新机器启动看到cobbler安装界面。

cobbler web页

默认使用https访问,使用http访问会报没权限，无法访问等。https:访问提示私密连接，点击高级，确认访问就行。 cobbler web页面默认用户密码cobbler:cobbler https://192.168.56.4/cobbler_web

怎么修改默认的密码，有些大佬很在意安全方面问题。

/etc/cobbler/users.digest  #用户和密码文件
/etc/cobbler/users.conf #用户权限文件
/etc/cobbler/modules.conf #用户认证模块，dhcp/dns/tftp 模块管理权限

如果只是想修改cobbler默认密码

[root@localhost cobbler]# htdigest /etc/cobbler/users.digest "Cobbler" cobbler
Adding user cobbler in realm cobbler
New password:
Re-type new password:

如果说想新增一个具有管理员权限的其他用户，这步我尝试失败。

第一种方法如下：失败了。

#    authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
[authentication]
module = authn_configfile

按照authz_allowall翻译是授权所有用户所有权限.但是发现创建好几个用户，重启服务，同步配置吊作用没有，除了cobbler用户其余依旧登录不了。
#    authz_allowall   -- full access for all authneticated users (default)
#    authz_ownership  -- use users.conf, but add object ownership semantics
#    (user supplied)  -- you may write your own module
[authorization]
module = authz_allowall

[root@localhost cobbler]# htdigest -c /etc/cobbler/users.digest "Test" test
Adding password for test in realm Test.
New password:
Re-type new password:
[root@localhost cobbler]# systemctl restart cobblerd && systemctl restart httpd
[root@localhost cobbler]# cobbler sync

第二种方法：失败

[root@localhost cobbler]# cat modules.conf | grep -v ^#
配置authn_configfile使用/etc/cobbler/users.digest
#    authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
[authentication]
module = authn_configfile

配置authz_ownership 使用sers.conf文件。
#    authz_ownership  -- use users.conf, but add object ownership semantics
[authorization]
module = authz_ownership

vim users.conf
#   (A) authz_configfile
#   (B) authz_ownership
#
# For (A), any user in this file, in any group, are allowed
# full access to any object in cobbler configuration.
#
# For (B), users in the "admins" group are allowed full access
# to any object, otherwise users can only edit an object if
# their username/group is listed as an owner of that object. If a
# user is not listed in this file they will have no access.
[admins]
[admins]
admin = "mew"
cobbler = ""
#mew = ""   #2种配置都试了，这样写和上面写都不行

[root@localhost cobbler]# htdigest  /etc/cobbler/users.digest "admin" mew
Changing password for user mew in realm admin
New password:
Re-type new password:
[root@localhost cobbler]# systemctl restart cobblerd && systemctl restart httpd
[root@localhost cobbler]# cobbler sync

客户端虚拟机重装系统

说明：当前虚拟机需要重新安装系统，当前前提需要和cobbler服务端是互通的。

需要epel源

[root@192 conf.d]# yum install koan

使用安装过koan客户端的机器，指定cobbler server地址，查看你机器重装可以使用的profile

[root@localhost ~]# koan --server=192.168.56.3 --list=profiles

- looking for Cobbler at http://192.168.56.3:80/cobbler_api
  centos7.9_mew

运行成功后，当重启系统就会重新安装系统

说明：从重启输出的信息和pxe执行看出，像是在boot启动文件中加了一些东西，当系统重启引导就会执行，重启执行pxe 也是多了一项pxe kickstart的引导项。

[root@localhost ~]# koan --replace-self --server=192.168.56.4 --profile=centos7.9_mew
- looking for Cobbler at http://192.168.56.4:80/cobbler_api
- reading URL: http://192.168.56.4/cblr/svc/op/ks/profile/centos7.9_mew
  install_tree: http://192.168.56.4/cobbler/ks_mirror/centos7.9-x86_64/
  downloading initrd initrd.img to /boot/initrd.img_koan
  url=http://192.168.56.4/cobbler/images/centos7.9-x86_64/initrd.img
- reading URL: http://192.168.56.4/cobbler/images/centos7.9-x86_64/initrd.img
  downloading kernel vmlinuz to /boot/vmlinuz_koan
  url=http://192.168.56.4/cobbler/images/centos7.9-x86_64/vmlinuz
- reading URL: http://192.168.56.4/cobbler/images/centos7.9-x86_64/vmlinuz
- ['/sbin/grubby', '--add-kernel', '/boot/vmlinuz_koan', '--initrd', '/boot/initrd.img_koan', '--args', '"ksdevice=link lang= text net.ifnames=0 ks=http://192.168.56.4/cblr/svc/op/ks/profile/centos7.9_mew biosdevname=0 kssendmac "', '--copy-default', '--make-default', '--title=kick1685864302']
- ['/sbin/grubby', '--update-kernel', '/boot/vmlinuz_koan', '--remove-args=root']
- reboot to apply changes

/boot/grub2/grub.cfg文件多了一行配置：

/boot目录下多了配置：

重启虚拟机，默认第一个开始自动重装系统。