pxe+kickstart cobbler無人值守裝機

環境准備:

一台服務器

[root@admin tftpboot]# cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 
[root@admin tftpboot]# uname -a
Linux admin 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@admin tftpboot]# 

 ###########################pxe+kickstart###############################

pxe+kickstart自動裝機原理：

PXE(preboot execute environment，預啟動執行環境)是由Intel公司開發的最新技術，工作於Client/Server的網絡模式，支持工作站通過網絡從遠端服務器下載映像，並由此支持通過網絡啟動操作系統，在啟動過程中，終端要求服務器分配IP地址，再用TFTP（trivial file transfer protocol）或MTFTP(multicast trivial file transfer protocol)協議下載一個啟動軟件包到本機內存中執行，由這個啟動軟件包完成終端（客戶？）基本軟件設置，從而引導預先安裝在服務器中的終端操作系統。PXE可以引導多種操作系統，如：Windows95/98/2000/windows2003/windows2008/winXP/win7/win8,linux等。

原理圖

 

准備條件：

一個鏡像文件

httpd服務

tftp服務

dhcp服務

 

設置步驟：

掛載ISO鏡像
[root@admin tftpboot]# mount /dev/cdrom /mnt/
[root@admin tftpboot]# yum install httpd dhcp tftp-server createrepo xinetd -y    
[root@admin tftpboot]# mkdir /var/www/html/CentOS-7.1-x86_64/             /va/www/html是httpd默認的資源目錄
[root@admin tftpboot]# cp -a /mnt/* /var/www/html/CentOS-7.1-x86_64/
[root@admin tftpboot]# createrepo -pdo /var/www/html/CentOS-7.1-x86_64/ /var/www/html/CentOS-7.1-x86_64/                   制作yum倉庫
[root@admin tftpboot]# createrepo -g `ls /var/www/html/CentOS-7.1-x86_64/*-comps.xml` /var/www/html/CentOS-7.1-x86_64/     
[root@admin tftpboot]# vim /etc/xinetd.d/tftp 
disable                            = no
[root@admin dhcp-4.2.5]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf            設置dhcp服務

subnet 192.168.220.0 netmask 255.255.255.0 {
  range dynamic-bootp 192.168.220.10 192.168.220.90;
  option subnet-mask 255.255.255.0;
  next-server 192.168.220.165;
  filename "pxelinux.0";
}

[root@admin dhcp-4.2.5]# service dhcpd start
Redirecting to /bin/systemctl start  dhcpd.service
[root@admin dhcp-4.2.5]# service httpd start
Redirecting to /bin/systemctl start  httpd.service
[root@admin dhcp-4.2.5]# service xinetd start
Redirecting to /bin/systemctl start  xinetd.service
[root@admin dhcp-4.2.5]# 


上傳ks.cfg文件至/var/www/html/CentOS-7.1-x86_64/

[root@admin dhcp-4.2.5]# yum install syslinux -y                 安裝syslinux是為了得到 pxelinux.0文件
[root@admin dhcp-4.2.5]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
[root@admin dhcp-4.2.5]# cp /mnt/isolinux/* /var/lib/tftpboot/
[root@admin tftpboot]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@admin tftpboot]# cp /mnt/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default  
[root@admin pxelinux.cfg]# vim default 

label linux
  menu label ^AUTO Install CentOS 7
  kernel vmlinuz
  append initrd=initrd.img ks=http://192.168.220.165/CentOS-7.1-x86_64/CentOS-7.1-x86_64.cfg

[root@admin pxelinux.cfg]# getenforce 
Permissive
[root@admin pxelinux.cfg]# setenforce 0
[root@admin pxelinux.cfg]# vim /etc/selinux/config 
    SELINUX=disabled


[root@admin pxelinux.cfg]# service firewalld stop
Redirecting to /bin/systemctl stop  firewalld.service
[root@admin pxelinux.cfg]# 

設置開機關閉防火牆
[root@admin pxelinux.cfg]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@admin pxelinux.cfg]# systemctl list-unit-files|grep firewalld
firewalld.service                           disabled
[root@admin pxelinux.cfg]# 

 所需要的kickstart配置文件

[root@admin pxelinux.cfg]# cat /var/www/html/CentOS-7.1-x86_64/CentOS-7.1-x86_64.cfg 
#Kickstart Configurator by Jason Zhao
#platform=x86, AMD64, or Intel EM64T
#System  language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
#rootpw --iscrypted $default_password_crypted
rootpw --iscrypted $1$ops-node$7hqdpgEmIE7Z0RbtQkxW20
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
#url --url=$tree
url --url=http://192.168.220.165/CentOS-7.1-x86_64
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr
#Partition clearing information
clearpart --all --initlabel 
#Disk partitioning information
part /boot --fstype xfs --size 1024 --ondisk sda
part swap --size 16384 --ondisk sda
part / --fstype xfs --size 1 --grow --ondisk sda
#System authorization infomation
auth  --useshadow  --enablemd5 
#Network information
#$SNIPPET('network_config')
network --bootproto=dhcp --device=eth0 --onboot=on
# Reboot after installation
reboot
#Firewall configuration
firewall --disabled 
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx

#Package install information
%packages
@ base
@ core
sysstat
iptraf
ntp
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
mysql
nmap
screen
%end

%post
systemctl disable postfix.service
%end
[root@admin pxelinux.cfg]# 

 

###########################cobbler###############################

一.環境准備

yum install net-tools -y

　　CentOS7需要更換epel源   詳見博客： http://www.cnblogs.com/along1226/p/5317833.html

更換epel源，epel是yum的一個軟件用源，包含了很多基本源中沒有的軟件，cobbler就屬於基本源中沒有的軟件，所以需要安裝epel源

yum源：

　　wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

epel源：

　　wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

二.安裝cobbler

[root@admin ~]# yum install cobbler cobbler-web dhcp tftp-server pykickstart httpd -y

看看都裝了什么東西

[root@linux-node1 ~]# rpm -ql cobbler     #查看安裝了什么文件，下面列出重要部分來注釋
/etc/cobbler                               #配置文件目錄
/etc/cobbler/settings                    #cobbler主配置文件，這個文件是YAML格式，cobbler是Python寫的程序
/etc/cobbler/dhcp.template            #DHCP服務的配置模板
/etc/cobbler/tftpd.template          #tftp服務的配置模板
/etc/cobbler/rsync.template           #rsync服務的配置模板
/etc/cobbler/iso              # iso模板配置文件目錄
/etc/cobbler/pxe              # pxe模板文件目錄
/etc/cobbler/power            # 電源的配置文件目錄
/etc/cobbler/users.conf       # Web服務授權配置文件
/etc/cobbler/users.digest     # 用於web訪問的用戶名密碼配置文件
/etc/cobbler/dnsmasq.template # DNS服務的配置模板
/etc/cobbler/modules.conf     # Cobbler模塊配置文件

/var/lib/cobbler              # Cobbler數據目錄
/var/lib/cobbler/config       # 配置文件
/var/lib/cobbler/kickstarts   # 默認存放kickstart文件
/var/lib/cobbler/loaders      # 存放的各種引導程序

/var/www/cobbler              # 系統安裝鏡像目錄
/var/www/cobbler/ks_mirror    # 導入的系統鏡像列表
/var/www/cobbler/images       # 導入的系統鏡像啟動文件
/var/www/cobbler/repo_mirror  # yum源存儲目錄

/var/log/cobbler              # 日志目錄
/var/log/cobbler/install.log  # 客戶端系統安裝日志
/var/log/cobbler/cobbler.log  # cobbler日志

 

三.啟動cobbler 　　

啟動cobbler之前應該先啟動httpd

systemctl restart httpd.servie

注意：第一次啟動cobbler的時候如果報錯，只需要重新啟動即可

四.配置cobbler

啟動之后還不能立即就用，還需要修改cobbler的配置文件，使用命令cobbler check命令查看我們需要修改哪些配置。

[root@admin yum.repos.d]# ps -ef|grep cobbler
apache    5925  5924  0 14:00 ?        00:00:00 (wsgi:cobbler_w -DFOREGROUND
root      5976     1  4 14:01 ?        00:00:00 /usr/bin/python2 /usr/bin/cobblerd -F
root      5985  2279  0 14:02 pts/1    00:00:00 grep --color=auto cobbler
[root@admin yum.repos.d]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
4 : enable and start rsyncd.service with systemctl
5 : debmirror package is not installed, it will be required to manage debian deployments and repositories
6 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
7 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.
[root@admin yum.repos.d]# 

 

sed -i 's/server: 127.0.0.1/server: 10.0.0.6/' /etc/cobbler/settings     
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/' /etc/cobbler/settings
sed -i 's/pxe_just_once: 0/pxe_just_once: 1/' /etc/cobbler/settings
cobbler get-loaders   

[root@admin yum.repos.d]# openssl passwd -1 -salt 'chenyao' 123456 ---->  123456就是我們系統被自動安裝之后的初始密碼
$1$chenyao$QHgE3Wwj5X6DFyEP1YifY0       
[root@admin yum.repos.d]#

default_password_crypted: "$1$test$at615QShYKduQlx5z9Zm7/"     //修改setting中的這個一行，替換為生成的密碼，

注意：如果是CentOS7中在/etc/xinetd.d/目錄下是沒有rsync這個文件的，需要創建並加入如下的參數，CentOS6中有rsync文件，只需修改即可

# default: off
# # description: The rsync server is a good addition to an ftp server, as it \
# #       allows crc checksumming etc.
 service rsync
 {
    disable = no
    flags           = IPv6
    socket_type     = stream
    wait            = no
    user            = root
    server          = /usr/bin/rsync
    server_args     = --daemon
    log_on_failure  += USERID
 }

 配置dhcp

 vim /etc/cobbler/dhcp.template

subnet 192.168.220.0 netmask 255.255.255.0 {
     option routers             192.168.220.2;
     option domain-name-servers 192.168.220.2;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.220.10 192.168.220.90;

執行以上操作之后，就已經改的差不多了，就算執行了cobbler check還有報錯葉不用理會，當修改了cobbler的配置之后需要執行cobbler sync讓配置生效。

[root@admin yum.repos.d]# cobbler sync

[root@admin yum.repos.d]# cobbler sync
task started: 2016-03-24_143129_sync
task started (id=Sync, time=Thu Mar 24 14:31:29 2016)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout: 
received on stderr: 
running: service dhcpd restart
received on stdout: 
received on stderr: Redirecting to /bin/systemctl restart  dhcpd.service

running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@admin yum.repos.d]#  

同步完成之后可以執行less /etc/dhcp/dhcpd.conf   查看一下dhcp的設置是否生效了

cobbler的日志

[root@admin cobbler]# ll
total 20
drwxr-xr-x 2 root root     6 Jan 24 09:40 anamon
-rw-r--r-- 1 root root 16209 Mar 24 14:31 cobbler.log
drwxr-xr-x 2 root root     6 Jan 24 09:40 kicklog
drwxr-xr-x 2 root root     6 Jan 24 09:40 syslog
drwxr-xr-x 2 root root  4096 Mar 24 14:31 tasks
[root@admin cobbler]# 

五.啟動相關的服務 

因為cobbler的使用需要httpd，tftp，dhcp，xinetd，cobblerd服務的配合，所以想要成功實現自動化裝機，就需要啟動這么多個服務，那我們就通過一個腳本來啟動，關閉，重啟這些服務。

#!/bin/bash
# chkconfig: 345 80 90
# description:cobbler
case $1 in
  start)
    /etc/init.d/httpd start
    /etc/init.d/xinetd start
    /etc/init.d/dhcpd start
    /etc/init.d/cobblerd start
    ;;
  stop)
    /etc/init.d/httpd stop
    /etc/init.d/xinetd stop
    /etc/init.d/dhcpd stop
    /etc/init.d/cobblerd stop
    ;;
  restart)
    /etc/init.d/httpd restart
    /etc/init.d/xinetd restart
    /etc/init.d/dhcpd restart
    /etc/init.d/cobblerd restart
    ;;
  status)
    /etc/init.d/httpd status
    /etc/init.d/xinetd status
    /etc/init.d/dhcpd status
    /etc/init.d/cobblerd status
    ;;
  sync)
    cobbler sync
    ;;
  *)
    echo "Input error,please in put 'start|stop|restart|status|sync'!"
    exit 2
    ;;
esac

 

六.cobbler的常用命令

[root@linux-node1 ~]# cobbler
usage
=====
cobbler <distro|profile|system|repo|image|mgmtclass|package|file> ... 
        [add|edit|copy|getks*|list|remove|rename|report] [options|--help]
cobbler <aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version|signature|get-loaders|hardlink> [options|--help]

cobbler  check     核對當前設置是否有問題

cobbler  list       列出所有的cobbler元素

cobbler   report    列出元素的詳細信息

cobbler   sync       同步配置到數據目錄，更改配置之后最好都執行一下

cobbler   reposync    同步yum倉庫

cobbler   distro       查看導入的發行版系統信息

cobbler   system     查看添加的系統信息

cobbler   profile      查看配置信息

 

七.准備原材料

執行到這一步，就相當於我們開飯店已經把店面裝修好了，下面就需要准備做飯的原材料了，導入鏡像文件。

准備鏡像文件，如果是光盤的話執行：

 　　mount /dev/cdrom /mnt/

如果有linux的iso鏡像文件的話，就執行

　　mount -o loop /path/xxxx.iso  /mnt/

 向cobber中導入鏡像文件執行，進貨，准備原材料,此過程會耗費一點時間：

　　　　cobbler import --path=/mnt/ --name=CentOS-6.7-x86_64 --arch=x86_64

# --path    鏡像路徑

#--name   為安裝源定義一個名字

# --arch   指定安裝源是32位、64位、ia64，目前支持的選項有:x86 |x86_64|ia64

#安裝源的唯一標示就是根據name參數來定義，想定義啥就定義啥，因為cobbler可以多樣化安裝，pxe+kickstart只能有一種，我們可以導入CentOS6.7的，還可以導入CentOS7.1的，所以--name就是不同鏡像源的標識，可以使用cobbler distro list來查看，所以如果name重復，系統會提示導入失敗。  

鏡像文件被導入到這里

[root@admin ks_mirror]# pwd
/var/www/cobbler/ks_mirror
[root@admin ks_mirror]# ll
total 4
dr-xr-xr-x 8 root root 4096 Dec 9 18:14 CentOS-6.7-x86_64
drwxr-xr-x 2 root root 6 Jan 24 09:40 config
[root@admin ks_mirror]#

八.准備菜譜

原材料已經准備好了，下面就因該准備菜譜了，其實就是配置文件，在自動化安裝的過程中，有設置時區，密碼，分區.....等等作，如何做這些操作就是在配置文件中定義的。

當我們將鏡像導入進去之后，cobbler就會自動為這個鏡像准備了一個菜譜了，就是這個文件/var/lib/cobbler/kickstarts/sample_end.ks，默認的不隨我願，所以我們使用自定義的配置文件

　　注意：在分區的時候菜譜中有規定文件系統，CentOS6的ext4，CentOS是xfs，所以，留意你裝的系統版本

#Kickstart Configurator by Jason Zhao
#platform=x86, AMD64, or Intel EM64T
#System  language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#rootpw --iscrypted $1$ops-node$7hqdpgEmIE7Z0RbtQkxW20
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree          #這些$開頭的變量都是調用配置文件里的值。
#url --url=http://192.168.56.11/CentOS-7.1-x86_64
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr
#Partition clearing information
clearpart --all --initlabel 
#Disk partitioning information
part /boot --fstype xfs --size 1024 --ondisk sda   #centos7系統磁盤默認格式xfs
part swap --size 16384 --ondisk sda
part / --fstype xfs --size 1 --grow --ondisk sda
#System authorization infomation
auth  --useshadow  --enablemd5 
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=eth0 --onboot=on
# Reboot after installation
reboot
#Firewall configuration
firewall --disabled 
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
#Package install information
%packages
@ base
@ core
sysstat
iptraf
ntp
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
mysql
nmap
screen
%end
%post
systemctl disable postfix.service
%end

 

菜譜的存放位置：

 　　/var/lib/cobbler/kickstarts

查看一下我們都已經准備了什么東西：

[root@admin ~]# cobbler list
distros:
   CentOS-7.2-x86_64                      //原材料（鏡像）的名字

profiles:
   CentOS-7.2-x86_64　　　　　　　　　　　　//菜譜（配置文件的名字）

systems:

repos:

images:

mgmtclasses:

packages:

files:
[root@admin ~]# cobbler profile report
Name                           : CentOS-7.2-x86_64
TFTP Boot Files                : {}
Comment                        : 
DHCP Tag                       : default
Distribution                   : CentOS-7.2-x86_64
Enable gPXE?                   : 0
Enable PXE Menu?               : 1
Fetchable Files                : {}
Kernel Options                 : {}
Kernel Options (Post Install)  : {}
Kickstart : /var/lib/cobbler/kickstarts/sample_end.ks //這就默認的
Kickstart Metadata             : {}
Management Classes             : []
Management Parameters          : <<inherit>>
Name Servers                   : []
Name Servers Search Path       : []
Owners                         : ['admin']
Parent Profile                 : 
Internal proxy                 : 
Red Hat Management Key         : <<inherit>>
Red Hat Management Server      : <<inherit>>
Repos                          : []
Server Override                : <<inherit>>
Template Files                 : {}
Virt Auto Boot                 : 1
Virt Bridge                    : xenbr0
Virt CPUs                      : 1
Virt Disk Driver Type          : raw
Virt File Size(GB)             : 5
Virt Path                      : 
Virt RAM (MB)                  : 512
Virt Type                      : kvm

九.什么樣的原材料使用什么樣的菜譜

   我們前面也說了，cobbler可以導入多個鏡像文件，提供多樣化的安裝，並且菜譜也可以有多個，那么不同的鏡像就需要使用不同的配置文件，比如centos6分區的類型應該是ext4，centos7應該是xfs，所以我們需要將不用的鏡像和不同的配置文件對應起來。

執行：

cobbler profile edit --name=CentOS-7.1-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-7.1-x86_64.cfg

 

CentOS7的特殊性：

修改安裝系統的內核參數，在centos7系統有一個地方變了，就是網卡名變為eno16777736這種形式，但是為了運維標准化，我們需要將它變成我們常用的eth0，因此使用下面的參數。但是注意是centOS7才需要下面的步驟，centOS6不需要！！

cobbler profile edit --name=CentOS-7.1-x86_64 --kopts='net.ifnames=0 biosdevname=0'

 

十.自定義系統

雖然是自動化安裝，但是有時候還是避免不了對某些機器做一些特殊化操作，但是這些裸機都還沒有系統，主機名等信息，如何將他們區別對待，好對某一台進行特殊化設置呢？OK,那就是MAC地址，都能做哪些設置呢，見下文。

[root@admin kickstarts]# cobbler system add --name=chenyao --mac=00:0C:29:82:8D:1F --profile=CentOS-7.2-x86_64 --ip-address=192.168.220.10 --subnet=255.255.255.0 --gateway=192.168.220.2 --interface=eth0 --static=1 --hostname=lvs --name-servers="114.114.114.144 8.8.8.8" 
[root@admin kickstarts]# cobbler system list
   chenyao
[root@admin kickstarts]#