0%

cobbler部署并自动化安装系统

一、安装部署

1.可以去阿里巴巴开源镜像站寻找所需镜像源(epel—>epel-release-latest-7.noarch.rpm),复制其链接

[root@localhost ~]# rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm

2.安装所需软件包

[root@localhost ~]# yum install -y httpd dhcp tftp cobbler cobbler-web pykickstart
[root@localhost kickstarts]# yum install xinetd -y

3.查看安装情况

[root@localhost ~]# cd /etc/httpd/conf.d/
#可看到cobbler的相关文件
[root@localhost conf.d]# ll
总用量 36
-rw-r--r--. 1 root root 2926 7月  30 01:18 autoindex.conf
-rw-r--r--. 1 root root 1087 11月 27 2018 cobbler.conf
-rw-r--r--. 1 root root 1165 11月 27 2018 cobbler_web.conf
-rw-r--r--. 1 root root  366 7月  30 01:19 README
-rw-r--r--. 1 root root 9443 7月  29 23:15 ssl.conf
-rw-r--r--. 1 root root 1252 7月  29 23:15 userdir.conf
-rw-r--r--. 1 root root  824 7月  29 23:15 welcome.conf

二、启动进程

[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl start cobblerd
[root@localhost kickstarts]# systemctl start xinetd
[root@localhost ~]# cobbler check

新装的系统在运行cobbler check命令后会报错,如图所示

解决方法如下:

[root@localhost ~]# getenforce
Enforcing
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# service httpd restart
Redirecting to /bin/systemctl restart httpd.service

再次查看,所列条数便是接下来的需要做的配置步骤

[root@localhost ~]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
    https://github.com/cobbler/cobbler/wiki/Selinux
4 : change 'disable' to 'no' in /etc/xinetd.d/tftp
5 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
6 : enable and start rsyncd.service with systemctl
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

三、配置文件

1.更改vim etc/cobbler/settings文件中的server,将其改成自己的IP

[root@localhost ~]# vim /etc/cobbler/settings
#需要更改的部分在文件的第272行和384行

2.将文件中的disable原来的yes改为no

[root@localhost ~]# vim /etc/xinetd.d/tftp

# default: off
# description: The tftp server serves files using the trivial file transfer \
#       protocol.  The tftp protocol is often used to boot diskless \
#       workstations, download configuration files to network-aware printers, \
#       and to start the installation process for some operating systems.
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /var/lib/tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

3.开启进程,使文件生效

[root@localhost ~]# systemctl start rsyncd
[root@localhost ~]# cobbler get-loaders

4.设置密码

#命令格式:
[root@localhost ~]# openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'
#将密码部分填入,命令即可为:
[root@localhost ~]# openssl passwd -1 -salt 'cobler' 'cobler'
#将生成的密码全部复制下来
$1$cobler$XJnisBweZJlhL651HxAM00
[root@localhost ~]# vim /etc/cobbler/settings
#将密码粘贴到文件的第101行
101 default_password_crypted: "$1$cobler$XJnisBweZJlhL651HxAM00"
#242行的0改为1
242 manage_dhcp: 1
[root@localhost ~]# systemctl restart cobblerd
[root@localhost ~]# cobbler check

5.配置dhcp文件

[root@localhost ~]# vim /etc/cobbler/dhcp.template
#将自己服务器的子网,网关,DNS改入
subnet 10.0.2.0 netmask 255.255.255.0 {
     option routers             10.0.2.15;
     option domain-name-servers 10.0.2.15;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        10.0.2.100 10.0.2.254;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;
     class "pxeclients" {
          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
#保存后重启服务,使之生效
[root@localhost ~]# systemctl restart cobblerd
[root@localhost ~]# cobbler sync
#可查看更改是否生效
[root@localhost ~]# cat /etc/dhcp/dhcpd.conf
subnet 10.0.2.0 netmask 255.255.255.0 {
     option routers             10.0.2.15;
     option domain-name-servers 10.0.2.15;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        10.0.2.100 10.0.2.254;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                10.0.2.15;

四、配置kickstart相关服务

1.磁盘挂载

[root@localhost ~]# mount /dev/cdrom /mnt
mount: /dev/sr0 写保护,将以只读方式挂载
(挂载光盘)
#此步骤要等待一段时间
[root@localhost ~]# cobbler import --path=/mnt/ --name=CentOS-7-x86_64 --arch=x86_64
task started: 2019-08-12_212801_import
task started (id=Media import, time=Mon Aug 12 21:28:01 2019)
Found a candidate signature: breed=redhat, version=rhel6
Found a candidate signature: breed=redhat, version=rhel7
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/CentOS-7-x86_64:
creating new distro: CentOS-7-x86_64
trying symlink: /var/www/cobbler/ks_mirror/CentOS-7-x86_64 -> /var/www/cobbler/links/CentOS-7-x86_64
creating new profile: CentOS-7-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/CentOS-7-x86_64 for CentOS-7-x86_64
processing repo at : /var/www/cobbler/ks_mirror/CentOS-7-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/CentOS-7-x86_64
looking for /var/www/cobbler/ks_mirror/CentOS-7-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/CentOS-7-x86_64/repodata
*** TASK COMPLETE ***

2.可查看完成情况,可发现清单已出现 CentOS-7-x86_64

[root@localhost ~]# cobbler profile list
   CentOS-7-x86_64

3.使用自己的kickstarts文件

[root@localhost ~]# cd /var/lib/cobbler/kickstarts
[root@localhost kickstarts]# vim CentOS-7-x86_64.cfg
#将如下内容添至文件中
install
url --url=$tree  
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr 
# Network information
$SNIPPET('network_config')
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw  --iscrypted $default_password_crypted
clearpart --all --initlabel
part /boot --fstype xfs --size 500  
part swap --size 2000
part / --fstype xfs --size 20000 
part /data --fstype xfs --size 30000 
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
iptraf
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
screen
%end
%post
systemctl disable postfix.service
%end
#保存后配置路径,如下指令
[root@localhost kickstarts]# cobbler profile edit --name=CentOS-7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-7-x86_64.cfg

4.CentOS7系统安装时使网卡为eth0需要加内核参数,可通过profile加内核参数

[root@localhost kickstarts]# cobbler profile edit --name=CentOS-7-x86_64 --kopts='net.ifnames=0 biosdevname=0'
[root@localhost kickstarts]# cobbler profile report
[root@localhost kickstarts]# cobbler sync
#以上命令使输出时清空重新生成一遍,使文件生效
[root@localhost kickstarts]# start xinetd
#开启tftp服务,如果自动安装时进程卡在tftp,可以尝试关闭防火墙

五、测试

1.VMvare上直接新建一个虚拟机,进入后选择相应系统即可自动安装

2.Virtualbox上则先需在管理>>主机网络管理器中,禁止启用DHCP服务,避免发生重复,之后即可新建,启动后自动安装系统。

六、自动化重装

#使用该工具实现自动化重装
[root@localhost ~]# yum install -y koan
#查看该服务器下可以重装的系统
[root@localhost ~]# koan --server=10.0.2.15 --list=profiles
- looking for Cobbler at http://10.0.2.15:80/cobbler_api
CentOS-7-x86_64
#--profile后指定想重装成的系统
[root@localhost ~]# koan --replace-self --server=10.0.2.15 --profile=CentOS-7-x86_64

重启即可将现系统重装为设定系统

七、自定义yum源

#启动相关服务
[root@localhost ~]# systemctl start httpd.service 
[root@localhost ~]# systemctl start cobblerd.service
#添加源
[root@localhost ~]# cobbler repo add --name=openstack-mitaka --mirror=https://mirrors.aliyun.com/centos/7.6.1810/cloud/x86_64/openstack-stein/ --arch=x86_64 --breed=yum
#进行同步
[root@localhost ~]# cobbler reposync