Cobbler的安装部署配置
Cobbler实验环境及目的
Cobbler服务器系统:CentOS 6.7 64位
IP地址:192.168.18.222
需要安装部署的Linux系统:
eth0:IP地址段:192.168.18.21-192.168.18.29
子网掩码:255.255.255.0
网关:192.168.18.1
DNS:114.114.114.114
所有服务器均支持PXE网络启动
实现目的:通过配置Cobbler服务器,全自动批量安装部署Linux系统
服务器基本配置:
操作系统CentOS-6.7-x86_64以mimnal方式安装
ip及子网掩码:
------------------------------------------------------------------------------------------
# tail -2 /etc/sysconfig/network-scripts/ifcfg-eth0
此处若有DNS配置会覆盖resolv.conf里的配置
IPADDR=192.168.18.180
NETMASK=255.255.255.0
主机名及网关:
------------------------------------------------------------------------------------------
# cat /etc/sysconfig/network
HOSTNAME=rennbackup
GATEWAY=192.168.18.1
# echo rennbackup > /proc/sys/kernel/hostname
------------------------------------------------------------------------------------------
dns:
------------------------------------------------------------------------------------------
# cat /etc/resolv.conf
options timeout:1 attempts:1 rotate
nameserver 114.114.114.114
nameserver 223.5.5.5
#echo "192.168.18.222 rennbackup cobbler" >> /etc/hosts
#tail -1 /etc/hosts
192.168.18.222 rennbackup cobbler
防火墙:
------------------------------------------------------------------------------------------
# chkconfig iptables off
# chkconfig --list iptables
iptables 0:off1:off2:off3:off4:off5:off6:off
selinux:
------------------------------------------------------------------------------------------
sed -i '/^SELINUX=.*/c SELINUX=disabled' /etc/selinux/config
sed -i '/^SELINUX=/ s/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
grep --color=auto '^SELINUX' /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
#setenforce 0 # 使配置立即生效
这个需要重启机器才能生效,所以建议修改完重启
[root@cobbler ~]# sestatus
SELinux status: disabled
二 Cobbler安装环境准备
(1)使用前提
1、你有一个DVD或ISO文件,您的操作系统的分布。
2、服务器有足够的本地磁盘的可用空间在/var/www/cobbler 解压缩DVD/ISO。
3、服务器和客户端都有一个共同的IP段。
4、这是网络上唯一的DHCP服务器实例。
5、在此网络上的客户端是支持PXE网络启动。
(2)主机换源(阿里或者网易)+epel
yum -y install wget vim
wget http://mirrors.163.com/.help/CentOS6-Base-163.repo -O /etc/yum.repos.d/163.repo
rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
mv /etc/yum.repos.d/C* /tmp 或 rm -f /etc/yum.repos.d/*
yum clean all
yum makecache
--------------------------------------------------------------------
(3)为了不占用/分区的空间在分区/data下建立www目录,然后做个软链接到/var/www
cobbler默认使用的是http
安装cobbler的时候会默认安装httpd服务,并在/var/www目录下生成一个cobbler目录
#mkdir -p /data/www
#ln -s /data/www /var/www
三 Cobbler下载安装及配置
------------------------------------------------------------------------------------------
http://download.opensuse.org/repositories/home:/libertas-ict:
https://cobbler.github.io //cobbler项目主页,目前最新版为v2.6.11 或者2.8.x
#wget https://codeload.github.com/cobbler/cobbler/tar.gz/v2.6.11
(1) 安装cobbler
tar -xf v2.6.11
cd cobbler-2.6.11
yum -y install rpm-build git python-devel redhat-rpm-config
make rpms
cd rpm-build/ && ls -l
total 2152
drwxr-xr-x. 2 root root 4096 Feb 17 16:48 BUILDROOT
drwxr-xr-x. 14 root root 4096 Feb 17 16:48 cobbler-2.6.11
-rw-r--r--. 1 root root 538436 Feb 17 16:48 cobbler-2.6.11-1.el6.noarch.rpm
-rw-r--r--. 1 root root 660050 Feb 17 16:48 cobbler-2.6.11-1.el6.src.rpm
-rw-r--r--. 1 root root 651601 Feb 17 16:48 cobbler-2.6.11.tar.gz
-rw-r--r--. 1 root root 206004 Feb 17 16:48 cobbler-web-2.6.11-1.el6.noarch.rpm
-rw-r--r--. 1 root root 123456 Feb 17 16:48 koan-2.6.11-1.el6.noarch.rpm
#yum deplist cobbler-2.6.11-1.el6.noarch.rpm
#yum -y localinstall cobbler-2.6.11-1.el6.noarch.rpm
#yum -y localinstall cobbler-web-2.6.11-1.el6.noarch.rpm
查看cobbler的目录结构:
# tree /var/www/cobbler
(2)安装cobbler相关的包
-------------------------------------------------------------------------------------------
额外需要的服务还有httpd rsync tftp-server xinetd,dhcp,如果系统没有装上的话,可以执行以下命令安装
#yum -y install tftp-server xinetd dhcp httpd rsync
安装运行cobbler需要的软件包(这些包都在epel有)
#yum -y install pykickstart debmirror fence-agents python-ctypes cman
部署 debian/ubuntu 系统(只支持server版)需要 debmirror 软件包;
使用电源管理功能需要安装 cman 或fence-agents;
(3)配置Cobbler
-------------------------------------------------------------------------------------------
1. 设置http服务
配置httpd配置文件
# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.18.222:80 # 276
2. 启用wsgi模块
启用wsgi模块只需要取消 /etc/httpd/conf.d/wsgi.conf 文件中
LoadModule wsgi_module modules/mod_wsgi.so 行的注释(默认开启)
#sed -i 's*#LoadModule*LoadModule*g' /etc/httpd/conf.d/wsgi.conf
3. 配置tftp与rsync
修改 rsync 和 tftp 这两个服务的 xinetd 配置,默认启动用户为root。
将 disable = yes 修改为 no ,来开启tftp与rsync服务的开机启动
# chkconfig tftp on 或sed -i '/disable/c \\tdisable \t\t= no' /etc/xinetd.d/tftp
# chkconfig rsync on 或 sed -i -e 's/= yes/= no/g' /etc/xinetd.d/rsync
# grep --color=auto '^[[:blank:]]*disable' /etc/xinetd.d/tftp
grep --color=auto 'disable' /etc/xinetd.d/rsync
# service xinetd start
4. 配置Cobbler主配置文件
在启动Cobbler服务之前,你需要修改一些配置文件。在修改每一个文件之前最好先备份下当前的文件。
Cobblerd的配置文件为/etc/cobbler/settings ,这个文件是YAML信息的格式文件。
根据需要修改 cobbler主配置文件: /etc/cobbler/settings
Server 和 Next_Server
server 选项用于为cobbler 服务器指定ip地址,请不要使用0.0.0.0,设置DHCP所在网段IP。
# sed -i 's/server: 127.0.0.1/server: 192.168.18.222/g' /etc/cobbler/settings
grep -n '^server' /etc/cobbler/settings
next_server选项是DHCP/PXE网络引导文件被下载的TFTP服务器的IP,在本例中它将和server设置为同一个IP
# sed -i 's/next_server: 127.0.0.1/next_server: 192.168.18.222/g' /etc/cobbler/settings
grep '^next_server' /etc/cobbler/settings
----------------------------------------------
防止误重装系统
pxe安装只允许一次,防止误操作 ( 在正式环境有用。实际测试来看,这个功能可以屏蔽掉 )
# sed -i 's/pxe_just_once: 0/pxe_just_once: 1/g' /etc/cobbler/settings
grep '^pxe_just_once' /etc/cobbler/settings
---------------------------------------------
生成Cobbler安装系统root初始密码
(1)生成密钥和配置默认密钥。配置文件(/etc/cobbler/settings)
替换 default_password_crypted 字段
# openssl passwd -1 -salt 'random-phrase-here' 'XXXXXX'
XXXXXXXXXXXXXXXX
openssl passwd -1 -salt ‘任间字符’ ‘密码’ (是数字1 不是字母L)
这个命令的用法叫做"加点盐",任意字符可以随便写,这个密码就是安装完系统root的密码了。
(2) 将上面的加密串加入cobbler配置文件中。
# vim /etc/cobbler/settings
# 修改为如下配置(第101行)
default_password_crypted: "XXXXXXXXXXXXXXXX"
5. Cobbler管理rsync
默认为0,不对rsync进行管理,可以修改为1 进行管理
# sed -i 's/manage_rsync: 0/manage_rsync: 1/g' /etc/cobbler/settings
grep '^manage_rsync' /etc/cobbler/settings
6. Cobbler管理dhcp
# sed -i 's/manage_dhcp: 0/manage_dhcp: 1/g' /etc/cobbler/settings
grep '^manage_dhcp' /etc/cobbler/settings
cat /etc/sysconfig/dhcpd
DHCPDARGS=eth0
接下来修改/etc/cobbler/dhcp.template,此文件是cobbler管理dhcp的模板
# 需要修改192.168.18.0为自己网段
subnet 192.168.18.0 netmask 255.255.255.0 {
option routers 192.168.18.1; # 修改自己的路由
option domain-name-servers 114.114.114.114; # 域名服务器地址
option subnet-mask 255.255.255.0; # 子网掩码
range dynamic-bootp 192.168.18.21 192.168.18.29; # 设置dhcp服务器IP地址租用的范围
default-lease-time 21600; #缺省租约时间
max-lease-time 43200; #最大租约时间
next-server $next_server; #指定引导服务器
# 测试dhcp服务器配置是否正确
#service cobblerd restart
#cobbler sync //没同步之前文件/etc/dhcp/dhcpd.conf还没有东东。
# dhcpd
Listening on LPF/eth0/00:0c:29:14:7a:ee/192.168.18.0/24
Sending on LPF/eth0/00:0c:29:14:7a:ee/192.168.18.0/24
Sending on Socket/fallback/fallback-net
There's already a DHCP server running.
# cat /etc/dhcp/dhcpd.conf
设置debmirror
注释掉@dists和@arches的行
sed -i -e 's|@dists=.*|#@dists=|' /etc/debmirror.conf
sed -i -e 's|@arches=.*|#@arches=|' /etc/debmirror.conf
7 下载引导操作系统文件
------------------------------------------------------------------------------------------
加载部分缺失的网络boot-loaders,注意/etc/resolve.conf的dns配置
# cobbler get-loaders //先启动httpd
*** TASK COMPLETE ***
# service cobblerd restart
# cobbler sync && cobbler check
# ss -tnulp | grep cobbler
四启动相关服务并设置开机启动
下载引导操作系统文件
------------------------------------------------------------------------------------------
chkconfig httpd on
chkconfig xinetd on
chkconfig cobblerd on
chkconfig dhcpd on
/etc/init.d/httpd restart
/etc/init.d/xinetd restart
/etc/init.d/cobblerd restart
/etc/init.d/dhcpd restart
----------------------------------------------------------------------------------------
(可选)1 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
# getsebool -a|grep cobbler
cobbler_anon_write --> off
cobbler_can_network_connect --> off
# setsebool -P cobbler_can_network_connect 1
# getsebool -a|grep cobbler
cobbler_anon_write --> off
cobbler_can_network_connect --> on
# restorecon -R /var/lib/cobbler/
----------------------------------------------------------------------------------------
设置Cobbler相关服务启动脚本(以上功能也可以使用以下脚本一次完成)
------------------------------------------------------------------------------------------
#注意case 后面$1要用vi添加一下。
cat << EOF > /etc/rc.d/init.d/cobbler
#!/bin/sh
# chkconfig: - 80 90
# description:cobbler
case $1 in
start)
/etc/init.d/httpd start
/etc/init.d/xinetd start
/etc/init.d/dhcpd start
/etc/init.d/cobblerd start
;;
stop)
/etc/init.d/httpd stop
/etc/init.d/xinetd stop
/etc/init.d/dhcpd stop
/etc/init.d/cobblerd stop
;;
restart)
/etc/init.d/httpd restart
/etc/init.d/xinetd restart
/etc/init.d/dhcpd restart
/etc/init.d/cobblerd restart
;;
status)
/etc/init.d/httpd status
/etc/init.d/xinetd status
/etc/init.d/dhcpd status
/etc/init.d/cobblerd status
;;
sync)
cobbler sync
;;
*)
echo "Input error,please in put 'start|stop|restart|status|sync'!";
exit 2>&1 >/dev/null &
;;
esac
EOF
chmod +x /etc/init.d/cobbler
chkconfig cobbler on
service cobbler restart
五Cobbler的使用 -- 一定要看到*** TASK COMPLETE ***
-----------------------------------------------------------------------------------------
1.导入系统镜像到Cobbler
从DVD中导入客户端的OS。这将自动设置为“x86_64”,并将其命名为CentOS-6.6
{注:这需要一点时间,不要急。可查看/var/www/cobbler/ks_mirror/CentOS-6.6-x86_64/目录文件生成情况。}
# mount -t iso9660 -o loop /dev/cdrom /mnt
or
#mount -t iso9660 -o loop CentOS-6.7-minimal.iso /mnt
#cobbler import --path=/mnt --name=CentOS-6.7 --arch=x86_64 #导入系统镜像文件,需要一段时间
命令格式:cobbler import --path=镜像路径 -- name=安装引导名 --arch=32位或64位
---------
starting descent into /var/www/cobbler/ks_mirror/CentOS-6.7-x86_64 for CentOS-6.7-x86_64
processing repo at : /var/www/cobbler/ks_mirror/CentOS-6.7-x86_64
directory /var/www/cobbler/ks_mirror/CentOS-6.7-x86_64 is missing xml comps file, skipping
*** TASK COMPLETE ***
比对文件大小的方法
# du -sh /var/www/cobbler/ks_mirror/CentOS-6.7-x86_64/
# du -sh /mnt
#cat /var/lib/cobbler/kickstarts/CentOS-6.7-x86_64.ks
---------------------------------
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# SELinux configuration
selinux --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url="http://192.168.18.222/cobbler/ks_mirror/CentOS-6.7-x86_64"
# Root password perl -e "print crypt('password','sa');"
#openssl passwd -crypt 123456
#openssl passwd -1 -salt 'random-phrase-here' 'cqrenneng'
rootpw --iscrypted $1$random-p$CDx/CQP1.3o.m/zC4df2Y.
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --enforcing
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --asprimary --fstype="ext4" --size=200
part / --asprimary --fstype="ext4" --size=40000
part swap --fstype="swap" --size=8096
%packages --ignoremissing
@core
@development
%end
------------------------------------
注意:kickstarts自动安装脚本中不允许有中文(注释有中文也不行),否则会报错
CentOS-6.7-x86_64版本的kickstart自动安装文件为:
/var/lib/cobbler/kickstarts/sample_end.ks
#查看profile设置
cobbler profile report --name CentOS-6.7-x86_64
#查看安装镜像文件信息
cobbler distro report --name CentOS-6.7-x86_64
#移除profile
cobbler profile remove --name=CentOS-6.7-x86_64
#添加
cobbler profile add --name=CentOS-6.7-x86_64 --distro=CentOS-6.7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-6.7-x86_64.ks
#编辑
cobbler profile edit --name=CentOS-6.7-x86_64 --distro=CentOS-6.7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-6.7-x86_64.ks
#先移除在添加,然后就可以网络安装系统了
Cobbler 子命令介绍
-------------------------------------------------------------------------------------------
cobbler check #检查cobbler配置
cobbler sync #步配置到dhcp pxe和数据目录
cobbler list #列出所有的cobbler元素
cobbler import #导入安装的系统光盘镜像
cobbler report #列出各元素的详细信息
cobbler distro #查看导入的发行版系统信息
cobbler profile #查看配置信息
cobbler system #查看添加的系统信息
cobbler reposync #同步yum仓库到本地
cobbler signature update
cobbler --help #获得cobbler的帮助
cobbler distro --help #获得cobbler子命令的帮助
Cobbler的Web管理界面的安装与配置
-------------------------------------------------------------------------------------------
1.用web 界面进行管理Cobbler是一个非常简便的方法, 只需要安装cobbler_web 软件包即可
yum -y install cobbler-web
2.设置cobbler web登陆,用户登陆密码
为cobbler添加cobbler用户,并设置密码
htdigest /etc/cobbler/users.digest "Cobbler" cobbler # 添加cobbler用户,提示输入2遍密码确认
3. 配置cobbler web 登录认证
vim /etc/cobbler/modules.conf
修改authentication 部分中的module,修改后如下:
module = authn_configfile # 修改认证方式为密码文件类型
命令自动修改
sed -i 's/authn_denyall/authn_configfile/g' /etc/cobbler/modules.conf
4. 同步cobbler
# cobbler sync /输出*** TASK COMPLETE *** 表示配置无错误
5. 重启cobbler 与http
# /etc/init.d/httpd restart
# /etc/init.d/cobblerd restart
或
service cobbler restart
6. 访问web页面: http://192.168.18.222/cobbler_web 使用刚才创建的用户登录,密码就是上面设置的。
Cobbler目录说明
1、Cobbler配置文件目录:/etc/cobbler
/etc/cobbler/settings #cobbler主配置文件
/etc/cobbler/dhcp.template #DHCP服务的配置模板
/etc/cobbler/tftpd.template #tftp服务的配置模板
/etc/cobbler/rsync.template #rsync服务的配置模板
/etc/cobbler/iso #iso模板配置文件
/etc/cobbler/pxe #pxe模板文件
/etc/cobbler/power #电源的配置文件
/etc/cobbler/users.conf #Web服务授权配置文件
/etc/cobbler/users.digest #用于web访问的用户名密码配置文件
/etc/cobbler/dnsmasq.template #DNS服务的配置模板
/etc/cobbler/modules.conf #Cobbler模块配置文件
2、Cobbler数据目录:/var/lib/cobbler
/var/lib/cobbler/config #配置文件
/var/lib/cobbler/triggers #Cobbler命令
/var/lib/cobbler/kickstarts #默认存放kickstart文件
/var/lib/cobbler/loaders #存放的各种引导程序
3、系统安装镜像目录:/var/www/cobbler
/var/www/cobbler/ks_mirror #导入的系统镜像列表
/var/www/cobbler/images #导入的系统镜像启动文件
/var/www/cobbler/repo_mirror #yum源存储目录
4、日志目录:/var/log/cobbler
/var/log/cobbler/install.log #客户端系统安装日志
/var/log/cobbler/cobbler.log #cobbler日志
centos7.ks
-----------------------------
#version=RHEL7
# System authorization information
auth --enableshadow --passalgo=sha512
# Install OS instead of upgrade
install
url --url=http://192.168.18.42/cobbler/ks_mirror/CentOS-7.1-x86_64
# Use graphical install
graphical
# Run the Setup Agent on first boot
firstboot --enable
firewall --disabled
ignoredisk --only-use=sda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8 --addsupport=zh_CN.UTF-8
# Network information
network --bootproto=dhcp --device=eth0 --onboot=yes --ipv6=auto
network --hostname=localhost.localdomain
# Reboot after installation
reboot
# Root password
rootpw --iscrypted $1$random-p$CDx/CQP1.3o.m/zC4df2Y.
# System services
services --disabled="chronyd"
# System timezone
timezone Asia/Shanghai --isUtc --nontp
# System bootloader configuration
bootloader --location=mbr --boot-drive=sda
# Partition clearing information
zerombr
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype="xfs" --ondisk=sda --size=500
part / --asprimary --fstype="xfs" --size=40000
part swap --fstype="swap" --size=8096
%packages --ignoremissing
@core
@development
%end
%addon com_redhat_kdump --disable --reserve-mb='auto'
%end