Centos6.7部署cobbler完成无人值守化安装部署 Cobbler是一个免费开源系统安装部署软件,用于自动化网络安装操作系统。在生产环境中,经常批量部署几十甚至上百台服务器时,实现自动化安装操作系统尤为重要,按照传统的光盘引导安装工作量是不可预估的;此前我们通过pxe+kickstart简单实现了自动化安装,但只能实现单一版本安装,当需要部署不同版本或不同引导模式(BIOS、EFI)时,此种方式就不够灵活。而Cobbler正是为了解决此问题而设计的。
Cobbler组件架构如下:
Cobbler服务集成以下:
*1*PXE服务 *2*DHCP服务管理 *3*TFTP服务管理 *4*Rsync服务(系统镜像可导入发行版镜像,也可以从互联网中通过rsync工具导入) *5*HTTP服务管理 *6*DNS服务管理 *7*Kickstart服务 *8*IPMI电源管理
二、工作流
cobbler为server端,裸机为client端
1:client裸机配置了从网络启动后,开机后会广播包请求DHCP服务器(cobbler server)发送其分配好的一个IP
2:DHCP服务器(cobbler server)收到请求后发送responese,包括其ip地址
3:client裸机拿到ip后再向cobbler server发送请求OS引导文件的请求
4:cobbler server告诉裸机OS引导文件的名字和TFTP server的ip和port
5:client裸机通过上面告知的TFTP server地址和port通信,下载引导文件
6:client裸机执行执行该引导文件,确定加载信息,选择要安装的os,期间会再向cobbler server请求kickstart文件和os image
7:cobbler server发送请求的kickstart和os iamge
8:client裸机加载kickstart文件
9:client裸机接收os image,安装该os image
详细的配置示例如下:
(1)安装EPEL源
#wgethttp://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm #wgethttp://rpms.famillecollet.com/enterprise/remi-release-6.rpm #rpm-Uvhremi-release-6.rpmepel-release-6-8.noarch.rpm
(2)安装cobbler及相关依赖包
#yum-yinstallhttpddhcptftp-serverxinetdrsynccmanpykickstartdebmirror #yuminstall-yedpatchperlperl-Compress-Zlibperl-Digest-SHA1perl-LockFile-Simpleperl-libwww-perl #yum-ygroupinstall"DevelopmentTools" #yum-yinstallsyslinuxpython-simplejsonpython-cheetahpyYAMLDjangoopenssl-develgenisoimagecreaterepomod_wsgimod_ssl #yum-yinstalllibyaml-0.1.3-4.el6_6.x86_64.rpmPyYAML-3.09-5.el6.x86_64.rpm #yum-yinstallcobblercobbler-web
(3)配置启动httpd、cobbler等服务
#chkconfig--level35httpdon #chkconfig--level35cobblerdon #chkconfig--level35tftpon #chkconfig--level35rsyncon #chkconfig--level35xinetdon #chkconfigdhcpdon #servicexinetdstart #servicehttpdstart #servicecobblerdstart
(4)Cobbler目录使用说明:
配置文件目录:/etc/cobbler
* * /etc/cobbler/settings : cobbler 主配置文件
* * /etc/cobbler/iso/ : iso模板配置文件
* * /etc/cobbler/pxe : pxe模板文件
* * /etc/cobbler/power : 电源配置文件
* * /etc/cobbler/users.conf : Web服务配置文件
* * /etc/cobbler/users.digest : 用于web访问的用户名密码配置文件
* * /etc/cobbler/dhcp.template : DHCP服务配置模板文件
* * /etc/cobbler/dnsmasq.template : DNS服务配置模板文件
* * /etc/cobbler/tftpd.template : tftp服务配置模板文件
* * /etc/cobbler/modules.conf : Cobbler模块配置文件
数据目录:/var/lib/cobbler
* * /var/lib/cobbler/config : 用于存放distros systems profiles等信息配置文件
* * /var/lib/cobbler/triggers : 用于存放用户自定义的cobbler命令
* * /var/lib/cobbler/kickstarts : 默认存放kickstart文件
* * /var/lib/cobbler/loaders : 存放各种引导程序
镜像数据目录: /var/www/cobbler
* * /var/www/cobbler/ks_mirror : 导入的发行版系统的所有数据
* * /var/www/cobbler/images : 导入发行版的kernel和initrd镜像用于远程网络启动
* * /var/www/cobbler/repo_mirror/ :yum仓库存储目录
日志目录:/var/log/cobbler
* * /var/log/cobbler/install.log : 客户端系统安装日志
* * /var/log/cobbler/cobbler.log : cobbler日志
(5)检查配置Cobbler
#cobbler check
运行cobbler check命令,会有如下提示出现
The following are potential configuration items that you may want to fix:
1 : The
'server'
field
in
/etc/cobbler/settings
must be
set
to something other than localhost,or kickstarting features will not work. This should be a resolvable
hostname
or IP
for
the boot server as reachable by all machines that will use it.
2 : For PXE to be functional,the
'next_server'
field
in
/etc/cobbler/settings
must be
set
to something other than 127.0.0.1,and should match the IP of the boot server on the PXE network.
3 : some network boot-loaders are missing from
/var/lib/cobbler/loaders
,you may run
'cobbler get-loaders'
to download them,or,
if
you only want to handle x86
/x86_64
netbooting,you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files
in
this directory,should you want to support all architectures,should include pxelinux.0,menu.c32,elilo.efi,and yaboot. The
'cobbler get-loaders'
command
is the easiest way to resolve these requirements.
4 : change
'disable'
to
'no'
in
/etc/xinetd
.d
/rsync
5 : comment out
'dists'
on
/etc/debmirror
.conf
for
proper debian support
6 : comment out
'arches'
on
/etc/debmirror
.conf
for
proper debian support
7 : The default password used by the sample templates
for
newly installed machines (default_password_crypted
in
/etc/cobbler/settings
) is still
set
to
'cobbler'
and should be changed,try:
"openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'"
to generate new one
Restart cobblerd and
then
run
'cobbler sync'
to apply changes.
下面根据cobbler配置信息的检查结果,逐个修复相关问题项。
从Cobbler 2.4开始,有一个重要的功能,就是让你不需要手工编辑配置setting配置文件,直接使用命令修改相关配置,默认这个功能是不启用,启用需要进行一下配置:
**建议采用修改/etc/cobbler/settings配置文件的方式修改配置选项。
**在采用命令方式动态更新配置时,Cobbler会将配置文件中带"#"注释的行全部删除
#cd/etc/cobbler/
#cp-afsettings{,.default}
#sed-i'/^allow_dynamic_settings:/s/0/1/'settings
#servicecobblerdrestart
(1).错误1,修改/etc/cobbler/settings 里面的 server 为Cobbler Server的IP地址 ;
#vim/etc/cobbler/settings server;192.168.18.202 or
#cobblersettingedit--name=server--value=192.168.18.202
(2).错误2,修改/etc/cobbler/settings 里面的 next_serverw 为next_server选项是DHCP/PXE网络引导文件被下载的TFTP服务器的IP,它将和server设置为同一个IP;
#vim/etc/cobbler/settings next_server=192.168.18.202 or
#cobblersettingedit--name=next_server--value=192.168.18.202
(3).错误3,下载启动引导文件
#cobblerget-loaders
(4).错误4,修改/etc/xinetd.d/tftp 把'disable' 修改为'no';修改/etc/xinetd.d/rsync 把'disable' 修改为'no';
#sed-i's/disable.*$/disable=no/g'/etc/xinetd.d/tftp #sed-i's/disable.*$/disable=no/g'/etc/xinetd.d/rsync #servicexinetdstart
(5).错误5和6,debmirror有错误
#yum-yinstalldebmirror #sed-i'/^@dists="sid";/s/^/#/'/etc/debmirror.conf#sed-i'/^@arches="i386";/s/^/#/'/etc/debmirror.conf #vim/etc/debmirror.conf #注释掉@dists="sid"与@arches="i386即可 #@dists="sid"; #@arches="i386"; #yum-yinstallpykickstart
(6).错误7,设置客户端默认root密码;生成你想要的密码的加密字符串,然后复制运行命令之后的加密代码;
#opensslpasswd-1-salt'cobbler''123456' $1$hahaha$hSxFjZSHRoiEn4DYrrGUI.
|
然后替换/etc/cobbler/settings 中选项双引号中的加密代码; #vim/etc/cobbler/settings default_password_crypted:"$1$hahaha$hSxFjZSHRoiEn4DYrrGUI." or #cobblersettingedit--name=default_password_crypted--value=$1$hahaha$hSxFjZSHRoiEn4DYrrGUI |
(7),错误8,如果需要电源管理特性的话,则需要安装cman及fence-agents包
#yum-yinstallcmanfence-agents
如果cobbler服务器启用防火墙功能,需要开启以下端口:
#iptables-AINPUT-mstate--stateNEW-mtcp-ptcp-mmultiport--dports80,443,25151-jACCEPT #iptables-AINPUT-mstate--stateNEW-mudp-pudp-mmultiport--dports53,67:69,25151-jACCEPT
新启动Cobbler并运行检查命令
#servicecobblerdrestart Stoppingcobblerdaemon:[确定] Startingcobblerdaemon:[确定] #cobblercheck Noconfigurationproblemsfound.Allsystemsgo.
配置cobbler依赖服务由cobbler进行管理:
默认情况下,若开机未将相关的服务设置成开启启动,即使cobblerd服务启动时,相关服务也是未启动状态。因此,需要确认dhcp、tftp、rsync等服务是否设置为开启自启动。tftp、rsync服务由xinetd管理,需要保证xinetd服务为开机自启动状态.
#sed-i'/disable/cdisable=no'/etc/xinetd.d/tftp #sed-i-e's/=yes/=no/g'/etc/xinetd.d/rsync #servicexinetdrestart
Cobbler管理rsync
默认为0,不对rsync进行管理,可以修改为1 进行管理
#sed-i's/manage_rsync:0/manage_rsync:1/g'/etc/cobbler/settings
防止误重装系统,选项:pxe_just_once
#cobblersettingedit--name=pxe_just_once--value=1
1.让Cobbler来管理DHCP服务器
#vim/etc/cobbler/settings manage_dhcp:1
2.修改DHCP模板
#vim/etc/cobbler/dhcp.template
subnet192.168.18.0netmask255.255.255.0{需要修改192.168.18.0为自己网段
optionrouters192.168.18.1;修改自己的路由
optiondomain-name-servers8.8.8.8;
optionsubnet-mask255.255.255.0;
rangedynamic-bootp192.168.18.100192.168.18.200;
filename"/pxelinux.0";
default-lease-time21600;
max-lease-time43200;
next-server$next_server;
}
| 如果是多网卡需要指定DHCP服务的网络接口 |
#vi/etc/sysconfig/dhcpd 修改内容如下: #CommandlineoptionshereDHCPDARGS=eth0 DHCPDARGS=eth0
#servicecobblerdrestart Stoppingcobblerdaemon:[确定] Startingcobblerdaemon:[确定]
完成后一定要运行cobbler sync 命令让配置生效,使dhcp、http被cobbler接管
设置http服务
#vi/etc/httpd/conf/httpd.conf ServerName127.0.0.1:80 #yum-yinstallmod_wsgi #sed-i's*#LoadModule*LoadModule*g'/etc/httpd/conf.d/wsgi.conf
导入系统镜像到Cobbler
#mkdir-p/mnt/CentOS/6.5#mount-oloop/root/CentOS-6.5-x86_64-bin-DVD1.iso/mnt/CentOS/6.5/ #cobblerimport--name=CentOS-6.5-x86_64--path=/mnt/CentOS/6.5
正常导完之后会给出如下提示:
……(省略) associatingkickstarts ***TASKCOMPLETE*** cobblerlist来查看导入的结果
准备kisckstart文件
kickstart自动安装文件可以用工具生成(需要用到图形界面操作)
#yuminstallsystem-config-kickstart#安装 #yumgroupinstall"XWindowSystem"#安装XWindow图形界面 #system-config-kickstart#运行kickstart配置 #servicecobblersync#与cobblersync作用相同 #servicecobblerrestart#重启cobbler
系统镜像文件和kickstart自动安装文件关联起来
#cobblerprofileadd--name=CentOS-6.5-basic--distro=CentOS-6.5-x86_64--kickstart=/var/lib/cobbler/kickstarts/cetos6.x86_64.cfg #cobblerprofilelist
为Cobbler添加RPM仓库
#cobblerrepoadd --name=EPEL --mirror=http://download.fedoraproject.org/pub/epel/6/x86_64/ #cobblerrepoadd --name=Local --mirror=http://mirrors.163.com/centos/6.7/extras/x86_64/
#添加repo到profile会自动添加到节点上的repo上,指向内网,非常方便。
#cobblerprofileedit--name==CentOS-6.5-basic--repos="epellocal"
#cobblerreposync
也可以通过设置�Cmirror-locally=0不下载到本地,而通过kickstart server去仓库下载rpm包。
#cobblersync
客户端安装测试:
参考http://www.3mu.me/centos6-5%E5%AE%89%E8%A3%85%E5%92%8C%E9%85%8D%E7%BD%AEcobbler-2-6%E5%AE%9E%E7%8E%B0%E8%87%AA%E5%8A%A8%E5%8C%96%E6%97%A0%E4%BA%BA%E5%80%A4%E5%AE%88%E7%BD%91%E7%BB%9C%E6%89%B9%E9%87%8F%E5%AE%89%E8%A3%85/