cobbler安装与配置(1)

原创

Bnsen 2011-10-10 18:46:15 博主文章分类：RedHat5 ©著作权

©著作权归作者所有：来自51CTO博客作者Bnsen的原创作品，请联系作者获取转载授权，否则将追究法律责任

cobbler安装

1、先安装epel
# wget http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
# rpm -ivh epel-release-5-4.noarch.rpm
安装完epel后，会发现多了一个epel.repo的仓库配置文件

2、配置好你本机的仓库，因为epel里只有cobbler的RPM包，没有其他组件的包。
安装相应的环境
# yum -y install cobbler cobbler-web httpd xinetd tftp-server yum-utils rsync dhcp

3、启动相关服务
# /etc/init.d/cobblerd start
Starting cobbler daemon:                                   [ OK ]
# /etc/init.d/httpd start
Starting httpd:                                            [ OK ]

4、执行cobbler配置检查
# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
#修改server选项为主机名或是IP地址
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
#修改next-server对应的IP 地址
3 : Must enable a selinux boolean to enable vital web services components, run: setsebool -P httpd_can_network_connect true
#修改SELINUX setsebool -P httpd_can_network_connect true

4 : you need to set some SELinux content rules to ensure cobbler serves content correctly in your SELinux environment, run the following: /usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/p_w_picpaths/.*"
#修改selinux安全上下文标签

5 : you need to set some SELinux rules if you want to use cobbler-web (an optional package), run the following: /usr/sbin/semanage fcontext -a -t httpd_sys_content_rw_t "/var/lib/cobbler/webui_sessions/.*"
#修改 cobbler对应的安全上下文标签

6 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
#运行cobbler get-loaders 以获取PXE启动需要的文件

7 : change 'disable' to 'no' in /etc/xinetd.d/tftp
#开启tftp

8 : change 'disable' to 'no' in /etc/xinetd.d/rsync
#开启rsync

9 : since iptables may be running, ensure 69, 80, and 25151 are unblocked
#确保69,80,25151这个几个端口没有iptables阻止

10 : debmirror package is not installed, it will be required to manage debian deployments and repositories
# debian的镜像包没有安装，如果不安装debian，这条可忽略

11 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
# 要求使用以上命令行创建新的密码

12 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
# 没有安装fencing工具，

Restart cobblerd and then run 'cobbler sync' to apply changes.

操作：
1、关闭了iptables,selinux
2、开启tftp,rsync
3、修改/etc/cobbler/setting对应的选项

4、获取pxe启动需要的loaders
# cobbler get-loaders
task started: 2011-10-10_102113_get_loaders
task started (id=Download Bootloader Content, time=Mon Oct 10 10:21:13 2011)
downloading http://dgoodwin.fedorapeople.org/loaders/README to /var/lib/cobbler/loaders/README
downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading http://dgoodwin.fedorapeople.org/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading http://dgoodwin.fedorapeople.org/loaders/yaboot-1.3.14-12 to /var/lib/cobbler/loaders/yaboot
downloading http://dgoodwin.fedorapeople.org/loaders/pxelinux.0-3.61 to /var/lib/cobbler/loaders/pxelinux.0
downloading http://dgoodwin.fedorapeople.org/loaders/menu.c32-3.61 to /var/lib/cobbler/loaders/menu.c32
downloading http://dgoodwin.fedorapeople.org/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading http://dgoodwin.fedorapeople.org/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***

5、生成新的密码
# openssl passwd -1 -salt 'random-phrase-here' '123456'
$1$random-p$mzxQ/Sx848sXgvfwJCoZM0

替换/etc/cobbler/settings里的系统里的密码

6、导入系统介质（网络路径，本地路径均可以）
以本机中挂载的iso为例，在/mnt中挂载了一个RHEL5的系统
# cobbler import --path=/mnt --name=RHEL5.4_i386
.......
.......省略一长串过程。
*** TASK COMPLETE ***
看到这个就OK了。

7、修改dhcp的配置
# vim /etc/cobbler/settings
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
manage_dhcp: 1
# 让cobbler来接管dhcp服务

# vim /etc/cobbler/dhcp.template
========================================>
ddns-update-style interim;

allow booting;
allow bootp;

ignore client-updates;
set vendorclass = option vendor-class-identifier;

subnet 192.168.10.0 netmask 255.255.255.0 {
     option routers             192.168.10.2;
     option domain-name-servers 202.96.128.86;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.10.50 192.168.10.80;
     filename                   "/pxelinux.0";
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;
}

group {
        #for mac in $dhcp_tags[$dhcp_tag].keys():
            #set iface = $dhcp_tags[$dhcp_tag][$mac]
    host $iface.name {
        hardware ethernet $mac;
        #if $iface.ip_address:
        fixed-address $iface.ip_address;
        #end if
        #if $iface.hostname:
        option host-name "$iface.hostname";
        #end if
        #if $iface.subnet:
        option subnet-mask $iface.subnet;
        #end if
        #if $iface.gateway:
        option routers $iface.gateway;
        #end if
        filename "$iface.filename";
        ## Cobbler defaults to $next_server, but some users
        ## may like to use $iface.system.server for proxied setups
        next-server $next_server;
        ## next-server $iface.next_server;
    }
======================================================================<

8、执行同步,看看它都干了些啥事情
# cobbler sync
它主要是让修改的配置生效
*** TASK COMPLETE ***

9、服务自启动
# chkconfig tftp on
# chkconfig rsync on
# chkconfig cobblerd on
# chkconfig httpd on
# chkconfig dhcpd on

# cobbler list
distros: 可以用的发行版
   RHEL5.4-i386
   RHEL5.4-xen-i386

profiles: 对应的配置文件
   RHEL5.4-xen-i386
   RHEL5.4-i386

systems:   系统的设置，针对系统对应的主机名、IP、MAC进行系统安装

repos:    软件仓库

p_w_picpaths:

10、配置profile和system

添加一个profile,名称为:RHEL5.4.i386,指定的镜像为RHEL5.4-i386
# cobbler profile add --name=RHEL5.4.i386 --distro=RHEL5.4-i386 --kickstart=/var/lib/cobbler/kickstarts/ks5.cfg

删除之前的profile
cobbler profile remove --name=RHEL5.4-i386

# cobbler list
distros: 可以用的发行版
   RHEL5.4-i386
   RHEL5.4-xen-i386

profiles: 对应的配置文件
   RHEL5.4-xen-i386
   RHEL5.4.i386 <客户端PXE启动后，会看到这个>

11、关于认证(需要开启认证文件选项)
# vim /etc/cobbler/modules.conf
[authentication]
#    authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
module = authn_configfile
默认是module = authn_denyall,永远无法登录啊