cobbler部署centos6與centos7系列
轉載自:http://www.jianshu.com/p/a4bed77bf40d
版權聲明:完全抄自 http://www.jianshu.com/p/a4bed77bf40d
自動化工具分為三大類
- 預備類(Os Provisioning)
-
PXE cobbler - 配置管理類(Os config & Devops )
-
cfengine chef puppet saltstack func fabric ansible - 監控類(Mointor)
-
Cacti Nagios Core Zabbix Zenoss core
網站灰度發布(依賴於前端的lb實現)
-
關閉Directory上一批服務器 關閉這些服務器要更新的應用 更新webapp代碼至目標主機 啟動目標應用 ,Dirtectory啟動這批服務器
發布大致流程
-
代碼控制(csv,svn,git)檢出要發布的代碼,發布至預發布服務器上 預發布服務器: 預發布服務器跟線上服務器環境一致,但不加入線上機器中,實施詳細的測試 自動化測試,使用webapp自動化測試工具(如thoughworks開發的selenium)可以進行完整的代碼,瀏覽器兼容性的測試 自動化灰度發布,線上批量分批次更新代碼
網站運行監控
-
監控數據采集,用戶行為日志,服務器性能監控,運行數據報告 監控管理 異常報警,失敗轉移,自動優雅降級
前言
運維自動化在生產環境中占據着舉足輕重的地位,尤其是面對幾百台,幾千台甚至幾萬台的服務器時,僅僅是安裝操作系統,如果不通過自動化來完成,根本是不可想象的。記得前面我們探究了基於PXE實現系統全自動安裝,但PXE同時只能提供單一操作系統的批量部署,面對生產環境中不同服務器的需求,該如何實現批量部署多版本的操作系統呢?Cobbler便可以的滿足這一實際需求,本文帶來的是基於Cobbler實現多版本操作系統批量部署。
cobbler 簡介
Cobbler是一款自動化操作系統部署的實現工具,由Python語言開發,是對PXE的二次封裝。融合多種特性,提供了CLI和Web的管理形式。同時,Cobbler也提供了API接口,方便二次開發使用。它不僅可以安裝物理機,同時也支持kvm、xen虛擬化、Guest OS的安裝。另外,它還能結合Puppet等集中化管理軟件,實現自動化管理。
組件
Cobbler的各主要組件間關系如圖所示
image
cobbler 服務集成
-
pxe 服務 DHCP Rsync Http DNS Kickstart IPMI 電源管理
cobbler 設計方式
-
發行版(distro) :表示一個操作系統,它承載了內核和initrd的信息,以及內核等其他數據 存儲庫 (repository):保存了一個yum或者rsync存儲庫的鏡像信息 配置文件(profile):包含了一個發行版(distro),一個kickstart文件以及可能的存儲庫(repository),還包含了更多的內核參數等其他數據 系統(system):表示要配給的機器,它包含了一個配置文件或一個鏡像,還包含了ip和mac地址,電源管理(地址,憑據,類型)以及更為專業的數據信息 鏡像(image):可替換一個包含不屬於此類別的文件的發行版對象(eg: 無法作為內核和initrd的對象) 以上各個組件中, 發行版,存儲庫, 配置文件為必須配置項 只有在虛擬環境中,必須要用cobbler來引導虛擬機啟動時候,才會用到系統組件 但事實上,在生產環境中需要大量的虛擬機實例的話,通常利用openstack等來實現虛擬機節點
cobbler 運行流程
-
dhcp client: 從dhcp中獲取地址,訪問next_server的ip地址 next_server : 獲取啟動內核,initrd等文件 tftp: pxe引導文件,啟動cobbler選擇界面 kickstart: 確定加載項,根據nfs,http,tfp等共享獲取資源
cobbler units
-
cobbler cobbler-web
配置cobbler 步驟
1 安裝cobbler,依據cobbler check檢查結果,對setting主配置文件,進行相關的修正配置
2 啟動相關的http,cobbler服務,使用cobbler sync同步設置
3 配置cobbler 所依賴的包
* dhcp * dns * rsync * tftp4 配置cobbler組件
針對步驟3 ,需要:
1 選定要使用的程序,選其一管理即可
2 確定是獨立管理這些服務,還有由cobbler代為管理
注意事項:
cobbler本身是不提供對應的服務程序的,因此還是需要安裝對應的程序服務的rpm包,並保證其開啟動的狀態,由cobbler管理這些服務
安裝cobbler
安裝epel源
[root@kvm ~]# yum install -y wget [root@kvm ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
設置ip轉發
[root@kvm ~]# echo 1 > /proc/sys/net/ipv4/ip_forward [root@kvm ~]# sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/' /etc/sysctl.conf [root@kvm ~]# sysctl -p
安裝cobbler
[root@kvm ~]# yum -y install cobbler dhcp httpd xinetd tftp-server syslinux pykickstart xinetd rsync cobbler-web
cobbler 各種配置目錄說明
配置文件目錄 /etc/cobbler
-
/etc/cobbler/settings : cobbler 主配置文件 /etc/cobbler/iso/: iso模板配置文件 /etc/cobbler/pxe: pxe模板文件 /etc/cobbler/power: 電源配置文件 /etc/cobbler/user.conf: web服務授權配置文件 /etc/cobbler/users.digest: web訪問的用戶名密碼配置文件 /etc/cobbler/dhcp.template : dhcp服務器的的配置末班 /etc/cobbler/dnsmasq.template : dns服務器的配置模板 /etc/cobbler/tftpd.template : tftp服務的配置模板 /etc/cobbler/modules.conf : 模塊的配置文件
數據目錄
-
/var/lib/cobbler/config/: 用於存放distros,system,profiles 等信息配置文件 /var/lib/cobbler/triggers/: 用於存放用戶定義的cobbler命令 /var/lib/cobbler/kickstart/: 默認存放kickstart文件 /var/lib/cobbler/loaders/: 存放各種引導程序
鏡像目錄
-
/var/www/cobbler/ks_mirror/: 導入的發行版系統的所有數據 /var/www/cobbler/images/ : 導入發行版的kernel和initrd鏡像用於遠程網絡啟動 /var/www/cobbler/repo_mirror/: yum 倉庫存儲目錄
日志目錄
-
/var/log/cobbler/installing: 客戶端安裝日志 /var/log/cobbler/cobbler.log : cobbler日志
cobbler commands
-
import sync reposync build iso (使用發行版,配置文件,制作系統鏡像) command line search replication valication kickstart
檢查需要安裝的配置
[root@note1 ~]# service httpd start
[root@note1 ~]# service cobblerd start
[root@note1 ~]# cobbler check
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : change 'disable' to 'no' in /etc/xinetd.d/rsync 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one Restart cobblerd and then run 'cobbler sync' to apply changes.
解決:
vim /etc/cobbler/settings next_server: 10.1.1.243 server: 10.1.1.243 manage_dhcp: 1 default_password_crypted: "$1$panpan52$CZn1h8wYDYvYIIMzjq7Vg/" #openssl passwd -1 -salt 'panpan520' 'panwenbin'命令獲得
cobbler get-loaders grep "disable" /etc/xinetd.d/tftp #將yes改為no disable = no /etc/init.d/xinetd restart /etc/init.d/cobblerd restart
防止誤重裝系統,選項pxe_just_one
[root@note1 cobbler]# cobbler setting edit --name=pxe_just_once --value=1
配置rsync,tftp 服務 由cobbler管理
- 默認情況下,cobbler安裝完后,會自己去管理tftp服務器,因manage_tftp
和managed_tftpd 的值默認為1 - 配置tftp rsync 服務,保證服務已經安裝,並且設置為開機自動啟動
- 需要保證xinetd服務為開機自動啟動狀態,因rsync,tftp 服務由xinetd服務統一管理
前面執行chkconfig rysnc on 和chkconfig tftp on,diable 應該就是yes了,配置文件/etc/xinetd.d/rsync[root@note1 cobbler]# chkconfig --level 35 xinetd on
配置dhcp服務由cobbler來管理(這里使用cobbler管理dhcp器,也可以使用dnsmasq來管理)
[root@note1 cobbler]# vim /etc/cobbler/dhcp.template #其他暫時不需要動,只修改下面的幾個內容 subnet 10.10.10.0 netmask 255.255.255.0 { option routers 10.10.10.10; option domain-name-servers 114.114.114.114 ; option subnet-mask 255.255.255.0; range dynamic-bootp 10.10.10.20 10.10.10.50; default-lease-time 21600; max-lease-time 43200; next-server $next_server;
cobbler sync
同步cobbler
[root@kvm cobbler]# service cobblerd restart Stopping cobbler daemon: [ OK ] Starting cobbler daemon: [ OK ] [root@kvm cobbler]# cobbler sync task started: 2015-11-06_094656_sync task started (id=Sync, time=Fri Nov 6 09:46:56 2015) running pre-sync triggers cleaning trees removing: /var/lib/tftpboot/grub/images copying bootloaders trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32 trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi copying distros to tftpboot copying images generating PXE configuration files generating PXE menu structure rendering TFTPD files generating /etc/xinetd.d/tftp cleaning link caches running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE ***
[root@note1 cobbler]# vim /etc/dhcp/dhcpd.conf #查看cobbler是否接管DHCP # ****************************************************************** # Cobbler managed dhcpd.conf file # generated from cobbler dhcp.conf template (Sun Jan 31 15:47:49 2016) # Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes # in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be # overwritten. # ***************************************************************** ddns-update-style interim; allow booting allow bootp ignore client-updates; set vendorclass = option vendor-class-identifier option pxe-system-type code 93 = unsigned integer 16; subnet 10.10.10.0 netmask 255.255.255.0 { --------
再次檢查
[root@localhost ~]# cobbler check The following are potential configuration items that you may want to fix: 1 : file /etc/xinetd.d/rsync does not exist 2 : debmirror package is not installed, it will be required to manage debian deployments and repositories 3 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.
#第一個是bug,不用管,第二個如果是Debian系統可以安裝,第三是電源fencing工具,可以不安裝
啟動相關服務
[root@kvm ~]# chkconfig httpd on [root@kvm ~]# chkconfig cobblerd on [root@kvm Data]# chkconfig tftp on [root@kvm Data]# chkconfig rsync on [root@kvm Data]# chkconfig xinetd on [root@kvm Data]# service xinetd start [root@kvm Data]# service cobblerd start [root@kvm Data]# service httpd start
編寫啟動腳本
cat >>/etc/init.d/cobbler<<EOF #!/bin/bash # chkconfig: 345 80 90 # description:cobbler case \$1 in start) /etc/init.d/httpd start /etc/init.d/xinetd start /etc/init.d/dhcpd start /etc/init.d/cobblerd start ;; stop) /etc/init.d/httpd stop /etc/init.d/xinetd stop /etc/init.d/dhcpd stop /etc/init.d/cobblerd stop ;; restart) /etc/init.d/httpd restart /etc/init.d/xinetd restart /etc/init.d/dhcpd restart /etc/init.d/cobblerd restart ;; status) /etc/init.d/httpd status /etc/init.d/xinetd status /etc/init.d/dhcpd status /etc/init.d/cobblerd status ;; sync) cobbler sync ;; *) echo "Input error,please in put 'start|stop|restart|status|sync'!" exit 2 ;; esac EOF
# chmod +x /etc/init.d/cobbler # chkconfig cobbler on
配置命令
[root@linux-node1 ~]# cobbler usage ===== cobbler <distro|profile|system|repo|image|mgmtclass|package|file> ... [add|edit|copy|getks*|list|remove|rename|report] [options|--help] cobbler <aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version|signature|get-loaders|hardlink> [options|--help] [root@linux-node1 ~]# cobbler import --help # 導入鏡像 Usage: cobbler [options] Options: -h, --help show this help message and exit --arch=ARCH OS architecture being imported --breed=BREED the breed being imported --os-version=OS_VERSION the version being imported --path=PATH local path or rsync location --name=NAME name, ex 'RHEL-5'
--available-as=AVAILABLE_AS tree is here, don't mirror
--kickstart=KICKSTART_FILE assign this kickstart file --rsync-flags=RSYNC_FLAGS pass additional flags to rsync cobbler check 核對當前設置是否有問題 cobbler list 列出所有的cobbler元素 cobbler report 列出元素的詳細信息 cobbler sync 同步配置到數據目錄,更改配置最好都要執行下 cobbler reposync 同步yum倉庫 cobbler distro 查看導入的發行版系統信息 cobbler system 查看添加的系統信息 cobbler profile 查看配置信息
導入系統到cobbler
centos6.5:
[root@kvm cobbler]# mount /dev/cdrom /mnt [root@note1 cobbler]# cobbler import --path=/mnt/ --name=Centos-6.5-x86_64 --arch=x86_64 [root@note1 cobbler]# cobbler distro report --name=Centos-6.5-x86_64 Name : Centos-6.5-x86_64 Architecture : x86_64 TFTP Boot Files : {} Breed : redhat Comment : Fetchable Files : {} Initrd : /var/www/cobbler/ks_mirror/Centos-6.5-x86_64/images/pxeboot/initrd.img Kernel : /var/www/cobbler/ks_mirror/Centos-6.5-x86_64/images/pxeboot/vmlinuz Kernel Options : {} Kernel Options (Post Install) : {} Kickstart Metadata : {'tree': 'http://@@http_server@@/cblr/links/Centos-6.5-x86_64'} Management Classes : [] OS Version : rhel6 Owners : ['admin'] Red Hat Management Key : <<inherit>> Red Hat Management Server : <<inherit>> Template Files : {}
centos7:
[root@note1 ~]# umount /mnt [root@note1 cobbler]# cobbler import --path=/mnt/ --name=Centos-7-x86_64 --arch=x86_64 [root@note1 kickstarts]# cobbler distro report --name=Centos-7-x86_64 Name : Centos-7-x86_64 Architecture : x86_64 TFTP Boot Files : {} Breed : redhat Comment : Fetchable Files : {} Initrd : /var/www/cobbler/ks_mirror/Centos-7-x86_64/images/pxeboot/initrd.img Kernel : /var/www/cobbler/ks_mirror/Centos-7-x86_64/images/pxeboot/vmlinuz Kernel Options : {} Kernel Options (Post Install) : {} Kickstart Metadata : {'tree': 'http://@@http_server@@/cblr/links/Centos-7-x86_64'} Management Classes : [] OS Version : rhel7 Owners : ['admin'] Red Hat Management Key : <<inherit>> Red Hat Management Server : <<inherit>> Template Files : {}
查看:
[root@note1 cobbler]# cobbler distro list Centos-6.5-x86_64 Centos-7-x86_64
修改默認ks文件
centos6.6:
# kickstart template for Fedora 8 and later. # (includes %end blocks) # do not use with earlier distros #platform=x86, AMD64, or Intel EM64T # Install OS instead of upgrade install # Use network installation url --url=$tree # Use text mode install text # System language lang en_US # System keyboard keyboard us # Clear the Master Boot Record zerombr # System bootloader configuration bootloader --location=mbr # System timezone timezone America/Shanghai # System authorization information auth --useshadow --enablemd5 #Root password rootpw --iscrypted $default_password_crypted # Network information $SNIPPET('network_config') # Partition clearing information clearpart --all --initlabel # Allow anaconda to partition the system as needed part /boot --fstype ext4 --size 200 part swap --fstype swap --size 2000 part / --fstype ext4 --size 20000 part /data --fstype ext4 --size 1 --grow # Firewall configuration firewall --enabled # Run the Setup Agent on first boot firstboot --disable # SELinux configuration selinux --disabled # If any cobbler repo definitions were referenced in the kickstart profile, include them here. $yum_repo_stanza # Reboot after installation reboot # Do not configure the X Window System skipx %pre $SNIPPET('log_ks_pre') $SNIPPET('kickstart_start') $SNIPPET('pre_install_network_config') # Enable installation monitoring $SNIPPET('pre_anamon') %end %packages $SNIPPET('func_install_if_enabled') lrzsz tree wget curl openssh openssl %end %post --nochroot $SNIPPET('log_ks_post_nochroot') %end %post $SNIPPET('log_ks_post') # Start yum configuration $yum_config_stanza # End yum configuration $SNIPPET('post_install_kernel_options') $SNIPPET('post_install_network_config') $SNIPPET('func_register_if_enabled') $SNIPPET('cobbler_register') # Enable post-install boot notification $SNIPPET('post_anamon') # Start final steps $SNIPPET('kickstart_done') # End final steps mkdir /root/backup sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config yum -y install git lrzsz %end
到此centos6.5系統就可以裝機了
centos7:
[root@note1 kickstarts]# cat CentOS-7-x86_64.cfg #obbler for Kickstart Configurator for CentOS 7.1 by yao zhang install url --url=$tree text lang en_US.UTF-8 keyboard us zerombr bootloader --location=mbr # Network information $SNIPPET('network_config') timezone --utc Asia/Shanghai authconfig --enableshadow --passalgo=sha512 rootpw --iscrypted $default_password_crypted clearpart --all --initlabel part /boot --fstype xfs --size 500 part swap --size 2000 part / --fstype xfs --size 20000 part /data --fstype xfs --size 30000 firstboot --disable selinux --disabled firewall --disabled logging --level=info reboot %pre $SNIPPET('log_ks_pre') $SNIPPET('kickstart_start') $SNIPPET('pre_install_network_config') # Enable installation monitoring $SNIPPET('pre_anamon') %end %packages @base @compat-libraries @debugging @development tree nmap sysstat lrzsz dos2unix telnet iptraf ncurses-devel openssl-devel zlib-devel OpenIPMI-tools screen %end %post systemctl disable postfix.service %end
修改centos7 網卡label
# 修改安裝系統的內核參數,在CentOS7系統有一個地方變了,就是網卡名變成eno16777736這種形式,但是為了運維標准化, # 我們需要將它變成我們常用的eth0,因此使用下面的參數。但要注意是CentOS7才需要下面的步驟,CentOS6不需要。 [root@note1 kickstarts]# cobbler profile edit --name=CentOS-7.1-x86_64 --kopts='net.ifnames=0 biosdevname=0' [root@note1 kickstarts]# cobbler profile report --name=CentOS-7-x86_64 Name : CentOS-7-x86_64 TFTP Boot Files : {} Comment : DHCP Tag : default Distribution : Centos-7-x86_64 Enable gPXE? : 0 Enable PXE Menu? : 1 Fetchable Files : {} Kernel Options : {'biosdevname': '0', 'net.ifnames': '0'} Kernel Options (Post Install) : {} Kickstart : /var/lib/cobbler/kickstarts/CentOS-7-x86_64.cfg Kickstart Metadata : {} Management Classes : [] Management Parameters : <<inherit>> Name Servers : [] Name Servers Search Path : [] Owners : ['admin'] Parent Profile : Internal proxy : Red Hat Management Key : <<inherit>> Red Hat Management Server : <<inherit>> Repos : [] Server Override : <<inherit>> Template Files : {} Virt Auto Boot : 1 Virt Bridge : xenbr0 Virt CPUs : 1 Virt Disk Driver Type : raw Virt File Size(GB) : 5 Virt Path : Virt RAM (MB) : 512 Virt Type : kvm
查看:
[root@note1 kickstarts]# cobbler profile report Centos-7-x86_64 [root@note1 kickstarts]# cobbler profile report Centos-6.5-x86_64 [root@note1 kickstarts]# cobbler list distros: Centos-6.5-x86_64 Centos-7-x86_64 profiles: Centos-6.5-x86_64 Centos-7-x86_64 systems: budongshu repos: images: mgmtclasses: packages: files
同步:
[root@note1 kickstarts]# cobbler sync
配置repo倉庫
配置本地yum倉庫 (選配,可以不配置)
[root@localhost ~]# mkdir /tmp/rpms [root@localhost ~]# createrepo /tmp/rpms #放入rpm包,執行此步驟 [root@localhost ~]# cobbler repo add --mirror=/tmp/rpms --name=local [root@localhost ~]# cobbler reposync
配置本地epel倉庫(選配,可以不配置)
[root@localhost ~]# cobbler repo add --mirror=http://mirrors.aliyun.com/epel/6/x86_64/ --name=epel
[root@localhost ~]# cobbler reposync --tries=3 --no-fail #同步epel倉庫到本地,需要較長時間
查看已添加的repo(選配,可以不配置)
[root@localhost ~]# cobbler repo list epel local
添加repo到profile(選配,可以不配置)
[root@localhost ~]# cobbler profile edit --name=Centos-6.5-x86_64 --repos="epel local" [root@localhost ~]# cobbler sync
綁定mac地址 ,實現開機自動選擇
image
配置綁定mac地址和IP地址 ,開機自動選擇
[root@note1 kickstarts]# cobbler system add --name=budongshu --mac=00:0C:29:48:1D:75 --profile=Centos-7-x86_64 \ --ip-address=10.10.10.23 --subnet=255.255.255.0 --gateway=10.10.10.10 --interface=eth0 \ --static=1 --hostname=budongshu --name-servers="114.114.114.114 8.8.8.8" [root@note1 kickstarts]# cobbler sync
到此cento7系統的也可以裝機了,並且綁定了mac地址,固定了ip地址
web界面配置
cobbler-web支持多種認證方式,如authn_configfil、authn_ldap或authn_pam等,下面我們基於authn_pam做認證
修改認證方式
[root@note1 web]# vim /etc/cobbler/modules.conf [authentication] module = authn_pam
添加系統用戶
[root@note1 web]# useradd cobbler [root@note1 web]# echo "cobbler" | passwd --stdin cobbler
添加用戶到管理組
[root@note1 web]# vim /etc/cobbler/modules.conf [admins] admin = "cobbler"
重啟服務
[root@note1 web]# service cobblerd restart
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: [ OK ]
[root@note1 web]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
2016-02-06_013919.png
