環境介紹:
服務器:172.16.5.241
操作系統版本:centos7.4
客戶端:虛擬機客戶端,內存最少2GB
cobbler介紹:
運維自動化在生產環境中占據着舉足輕重的地位,尤其是面對幾百台,幾千台甚至幾萬台的服務器時,僅僅是安裝操作系統,如果不通過自動化來完成,根本是不可想象的。面對生產環境中不同服務器的需求,該如何實現批量部署多版本的操作系統呢?Cobbler便可以滿足這一實際需求,實現多版本操作系統批量部署
Cobbler是一個Linux服務器安裝的服務,可以通過網絡啟動(PXE)的方式來快速安裝、重裝物理服務器和虛擬機,同時還可以管理DHCP,DNS等。
Cobbler可以使用命令行方式管理,也提供了基於Web的界面管理工具(cobbler-web),還提供了API接口,可以方便二次開發使用。
Cobbler是較早前的kickstart的升級版,優點是比較容易配置,還自帶web界面比較易於管理。
Cobbler內置了一個輕量級配置管理系統。
Cobbler官網http://cobbler.github.io
在使用cobbler之前需要了解kickstart的使用: http://www.cnblogs.com/clsn/p/7833333.html
cobbler集成的服務:
PXE服務支持
DHCP服務管理
DNS服務管理(可選bind,dnsmasq)
電源管理
Kickstart服務支持
YUM倉庫管理
TFTP(PXE啟動時需要)
Apache(提供kickstart的安裝源,並提供定制化的kickstart配置)
一、服務器安裝。
注意我這里使用虛擬機實現的,因為cobbler需要搭建dhcp服務,所以我這里先安裝了所有的需要安裝包,啟動了所有應該啟動的服務,除了dhcp。測試的時候我使用虛擬機nat網卡模式,並關閉了虛擬機自帶的dhcp服務。
1、安裝基本組件
yum -y install wget net-tools curl epel-release
2、更新
yum -y update
3、關閉iptables與selinux,下面的所有操作完成后,重啟服務器,否則后面會報錯。
vim /etc/selinux/config
SELINUX=disabled
關閉iptables或者firewalld,開機不啟動。
二、安裝基礎服務
1、安裝所有依賴服務
yum -y install dhcp httpd xinetd tftp-server rsync fence-agents pykickstart
2、設置開機自啟動,dhcpd服務我們后面再啟動。
systemctl enable xinetd dhcpd httpd rsyncd systemctl start xinetd httpd rsyncd
3、安裝cobbler
yum -y install cobbler-web
設置開機啟動:
systemctl enable cobblerd systemctl start cobblerd
4、效驗cobbler安裝條件,注意觀察是否有報錯
cobbler check
[root@localhost ~]# cobbler check httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/cobbler/cli.py", line 251, in check_setup s.ping() File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.7/xmlrpclib.py", line 1591, in __request verbose=self.__verbose File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request return self.single_request(host, handler, request_body, verbose) File "/usr/lib64/python2.7/xmlrpclib.py", line 1321, in single_request response.msg, ProtocolError: <ProtocolError for 127.0.0.1:80/cobbler_api: 404 Not Found>
5、隨機生成一個密碼,這個密碼就是你待會兒自動安裝完操作系統以后的開機密碼。復制生成的密碼,待會兒需要寫到配置文件中。
openssl passwd -1 -salt "root" "yunwei.123"
6、更改cobbler配置文件
vim /etc/cobbler/settings
只需要改配置文件中的這幾項即可。
.......... default_password_crypted: "$1$cobbler$zPOuqy9SLOb87DIQb3RbQ." #第三步生成的密碼 manage_dhcp: 1 #dhcp服務 manage_tftpd: 1 #xinetd服務 manage_rsync: 1 #rsyncd服務 next_server: 172.16.5.241 #替換成本機IP地址,dhcp服務地址 server: 172.16.5.241 #替換為本機IP地址,cobber服務地址 ..........
7、更新load信息
cobbler get-loaders
[root@bogon ~]# cobbler get-loaders task started: 2018-08-07_103302_get_loaders task started (id=Download Bootloader Content, time=Tue Aug 7 10:33:02 2018) downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0 downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32 downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi *** TASK COMPLETE ***
8、vim /etc/xinetd.d/tftp,設置tftp配置文件,‘disable'為'no'
service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -B 1380 -v -s /var/lib/tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
9、修改dhcp配置文件,先不要啟動dhcp。
vim /etc/cobbler/dhcp.template
ddns-update-style interim; allow booting; allow bootp; ignore client-updates; set vendorclass = option vendor-class-identifier; option pxe-system-type code 93 = unsigned integer 16; subnet 172.16.5.0 netmask 255.255.255.0 { option routers 172.16.5.1; option domain-name-servers 202.96.209.5,202.96.209.133; option subnet-mask 255.255.255.0; range dynamic-bootp 172.16.5.60 172.16.5.100; default-lease-time 21600; max-lease-time 43200; next-server $next_server; class "pxeclients" { match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; if option pxe-system-type = 00:02 { filename "ia64/elilo.efi"; } else if option pxe-system-type = 00:06 { filename "grub/grub-x86.efi"; } else if option pxe-system-type = 00:07 { filename "grub/grub-x86_64.efi"; } else if option pxe-system-type = 00:09 { filename "grub/grub-x86_64.efi"; } else { filename "pxelinux.0"; } } }
10、同步Cobbler,這里會把/etc/cobbler/dhcp.template這個文件我們配置好的內容同步到/etc/dhcp/dhcpd.conf文件中,否則dhcp不能正常使用。
cobbler sync
[root@bogon dhcp]# cobbler sync task started: 2018-08-07_120115_sync task started (id=Sync, time=Tue Aug 7 12:01:15 2018) running pre-sync triggers cleaning trees removing: /var/lib/tftpboot/grub/images copying bootloaders trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32 trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros to tftpboot copying images generating PXE configuration files generating PXE menu structure rendering DHCP files generating /etc/dhcp/dhcpd.conf rendering TFTPD files generating /etc/xinetd.d/tftp cleaning link caches rendering Rsync files running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running: dhcpd -t -q received on stdout: received on stderr: running: service dhcpd restart received on stdout: received on stderr: Redirecting to /bin/systemctl restart dhcpd.service running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE ***
allow booting; allow bootp; ignore client-updates; set vendorclass = option vendor-class-identifier; option pxe-system-type code 93 = unsigned integer 16; subnet 172.16.5.0 netmask 255.255.255.0 { option routers 172.16.5.1; option domain-name-servers 172.16.5.1; option subnet-mask 255.255.255.0; range dynamic-bootp 172.16.5.100 172.16.5.254; default-lease-time 21600; max-lease-time 43200; next-server 172.16.5.241; class "pxeclients" { match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; if option pxe-system-type = 00:02 { filename "ia64/elilo.efi"; } else if option pxe-system-type = 00:06 { filename "grub/grub-x86.efi"; } else if option pxe-system-type = 00:07 { filename "grub/grub-x86_64.efi"; } else if option pxe-system-type = 00:09 { filename "grub/grub-x86_64.efi"; } else { filename "pxelinux.0"; } } } # group for Cobbler DHCP tag: default group { }
三、導入鏡像
1、創建操作系統文件夾,虛擬機添加對應的操作系統iso文件,然后掛載。
mkdir -p /data/iso/centos7.4 #掛載 mount /dev/cdrom /data/iso/centos7.4
2、把掛載光盤鏡像的mnt目錄中的內容導入到cobbler
cobbler import --path=/data/iso/centos7.4 --name=centos7.4
3、接着同步cobber report查看導入信息
cobbler report
[root@bogon centos7.4]# cobbler import --path=/data/iso/centos7.4 --name=centos7.4 task started: 2018-08-07_103802_import task started (id=Media import, time=Tue Aug 7 10:38:02 2018) Found a candidate signature: breed=redhat, version=rhel6 Found a candidate signature: breed=redhat, version=rhel7 Found a matching signature: breed=redhat, version=rhel7 Adding distros from path /var/www/cobbler/ks_mirror/centos7.4: creating new distro: centos7.4-x86_64 trying symlink: /var/www/cobbler/ks_mirror/centos7.4 -> /var/www/cobbler/links/centos7.4-x86_64 creating new profile: centos7.4-x86_64 associating repos checking for rsync repo(s) checking for rhn repo(s) checking for yum repo(s) starting descent into /var/www/cobbler/ks_mirror/centos7.4 for centos7.4-x86_64 processing repo at : /var/www/cobbler/ks_mirror/centos7.4 need to process repo/comps: /var/www/cobbler/ks_mirror/centos7.4 looking for /var/www/cobbler/ks_mirror/centos7.4/repodata/*comps*.xml Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos7.4/repodata *** TASK COMPLETE ***
web界面查看,已經看到了我們剛才生成的操作系統。
注意:
前面我們不是執行cobbler check命令報錯么,現在我們在check一下,
cobbler check
[root@bogon centos7.4]# cobbler check The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : debmirror package is not installed, it will be required to manage debian deployments and repositories 4 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one Restart cobblerd and then run 'cobbler sync' to apply changes.
四、測試
1、前面服務器都支直接連接互聯網的,這里面是有dhcp服務器,如果我啟動cobbler的dhcp,那同事就得“炸鍋了”,所以這里我先把服務器網卡換NAT模式,並關閉vmware workstation里面的DHCP服務。
2、檢查前面我們安裝的服務是否正常。
3、啟動DHCP服務。
4、新建一個虛擬機,網卡選擇NAT,不需要掛載操作系統光盤,直接開機即可。
5、啟動客戶端,這里如果等待時間很長的話,證明的你的tftp服務有問題,重啟一下服務器,客戶端在重新啟動就OK了。
6、開始安裝,剛才我們生成的鏡像,上下鍵選擇要安裝的操作系統,回車即可,剩下的只有等。
7、默認分區
五、web界面
https://服務器IP地址/cobbler_web默認用戶名和密碼是cobbler,在這里面我們能看到剛才我們創建的這個centos7的鏡像。
如果想修改cobbler登錄密碼使用如下命令:
htdigest /etc/cobbler/users.digest "Cobbler" cobbler
查看一下我們的版本庫列表
cobbler distro list
#report詳細查看一下庫信息
cobbler distro report
#查看配置的詳細信息,這個就非常有用了,標紅的文件是默認配置文件,。
cobbler profile report
參考地址:
1、https://www.linuxidc.com/Linux/2018-03/151347.htm
2、https://www.cnblogs.com/clsn/p/7839965.html?utm_source=debugrun&utm_medium=referral
問題一:
設置安裝密碼,上面我們設置了cobbler的頁面密碼,如果我們有很多的操作系統,隨便一個服務器啟動后dhcp就可以安裝操作系統,沒有密碼很危險。
1、創建密碼
#生成密碼(yunwei.123才是密碼,前面的root隨意) openssl passwd -1 -salt root yunwei.123
#生成的密碼 $1$root$vQ5iF/QlePLjafcRq8lCw/
第二步:編輯文件pxedefault:
# vim /etc/cobbler/pxe/pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/ #細心的同學發現,http是安裝界面的顯示內容
MENU MASTER PASSWD $1$root$vQ5iF/QlePLjafcRq8lCw/ #加入這一行,把前面的密碼加進來
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT $pxe_timeout_profile
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
$pxe_menu_items
MENU end
第三步:配置pxeprofile:
#vim /etc/cobbler/pxe/pxeprofile.template
LABEL $profile_name
MENU PASSWD #只需要加這一行即可
kernel $kernel_path
$menu_label
$append_line
ipappend 2
第四步:檢查、同步配置使其生效
#cobbler check
#cobbler sync
#/etc/init.d/cobblerd restart
第五步:PXE裝機選擇版本查看效果:
問題二:
自定義配置和分區
這個功能我們必須得會,因為默認操作系統會.ks文件加參數autopart,意思就是自動分區。我們生產中哪怕是試驗,也沒有這么分區的(/var/lib/cobbler/kickstarts/sample_end.ks,我這里的centos7.4是這個默認安裝配置文件)
1、首先我們得知道我們安裝的這個操作系統默認用的是哪個.ks文件,圈紅色的全都是默認的ks文件。
那我們的操作系統默認用的是哪個呢?
我這里默認是這個配置文件
2、首先我們點擊sample_end.ks這個我們默認的配置文件,然后全選里面的內容。最后按照如下,我們新建一個自己ks文件,把剛才復制的內容全部粘貼到里面。
這里還設置了默認關閉selinux,當然,你還可以寫默認要安裝哪些軟件。
# This kickstart file should only be used with EL > 5 and/or Fedora > 7. # For older versions please use the sample.ks kickstart file. #platform=x86, AMD64, or Intel EM64T # System authorization information auth --useshadow --enablemd5 # System bootloader configuration bootloader --location=mbr # Partition clearing information clearpart --all --initlabel part /boot --fstype xfs --size 500 part swap --size 2048 part / --fstype xfs --size 3000 part /data --fstype xfs --size 1 --grow # Use text mode install text # Firewall configuration firewall --enabled # Run the Setup Agent on first boot firstboot --disable # System keyboard keyboard us # System language lang en_US # Use network installation url --url=$tree # If any cobbler repo definitions were referenced in the kickstart profile, include them here. $yum_repo_stanza # Network information $SNIPPET('network_config') # Reboot after installation reboot #Root password rootpw --iscrypted $default_password_crypted # SELinux configuration selinux --disabled firewall --disabled # Do not configure the X Window System skipx # System timezone timezone Asia/Shanghai # Install OS instead of upgrade install # Clear the Master Boot Record zerombr # Allow anaconda to partition the system as needed #autopart %pre $SNIPPET('log_ks_pre') $SNIPPET('kickstart_start') $SNIPPET('pre_install_network_config') # Enable installation monitoring $SNIPPET('pre_anamon') %end %packages $SNIPPET('func_install_if_enabled') %end %post --nochroot $SNIPPET('log_ks_post_nochroot') %end %post $SNIPPET('log_ks_post') # Start yum configuration $yum_config_stanza # End yum configuration $SNIPPET('post_install_kernel_options') $SNIPPET('post_install_network_config') $SNIPPET('func_register_if_enabled') $SNIPPET('download_config_files') $SNIPPET('koan_environment') $SNIPPET('redhat_register') $SNIPPET('cobbler_register') # Enable post-install boot notification $SNIPPET('post_anamon') # Start final steps $SNIPPET('kickstart_done') # End final steps %end
其它配置參考:https://www.cnblogs.com/clsn/p/7839965.html?utm_source=debugrun&utm_medium=referral#auto_id_15
錯誤收集:
1、No space left on device
客戶端在安裝操作系統的時候報下面這個錯誤,那是因為你的機器內存太少了,最少也得2GB內存。
將內存調為2G即可(這個錯誤只會出現在CentOS7.3之上)