1. cobbler簡介
cobbler官網:http://cobbler.github.io/
Cobbler是一個Linux伺服器安裝的服務,可以通過網絡啟動(PXE)的方式來快速安裝、重裝實體伺服器和虛拟機,同時還可以管理DHCP,DNS等。
Cobbler可以使用指令行方式管理,也提供了基于Web的界面管理工具(cobbler-web),還提供了API接口,可以友善二次開發使用。
Cobbler是較早前的kickstart的更新版,優點是比較容易配置,還自帶web界面比較易于管理。
Cobbler内置了一個輕量級配置管理系統,但它也支援和其它配置管理系統內建,如Puppet,暫時不支援SaltStack。
2、cobbler內建的服務
- PXE服務支援
- DHCP服務管理
- DNS服務管理(可選bind,dnsmasq)
- 電源管理
- Kickstart服務支援
- YUM倉庫管理
- TFTP(PXE啟動時需要)
- Apache(提供kickstart的安裝源,并提供定制化的kickstart配置)
3、cobbler配置檔案詳解
cobbler配置檔案目錄在/etc/cobbler
配置檔案 作用
/etc/cobbler/settings cobbler 主配置檔案
/etc/cobbler/iso/ iso模闆配置檔案
/etc/cobbler/pxe pxe模闆配置檔案
/etc/cobbler/power 電源配置檔案
/etc/cobbler/user.conf web服務授權配置檔案
/etc/cobbler/users.digest web通路的使用者名密碼配置檔案
/etc/cobbler/dhcp.template dhcp伺服器的的配置模闆
/etc/cobbler/dnsmasq.templat e dns伺服器的配置模闆
/etc/cobbler/tftpd.template tftp服務的配置模闆
/etc/cobbler/modules.conf 子產品的配置檔案
- cobbler資料目錄
目錄 作用 /var/lib/cobbler/config/ 用于存放distros,system,profiles等資訊配置檔案 /var/lib/cobbler/triggers/ 用于存放使用者定義的cobbler指令 /var/lib/cobbler/kickstart/ 預設存放kickstart檔案 /var/lib/cobbler/loaders/ 存放各種引導程式以鏡像目錄 /var/www/cobbler/ks_mirror/ 導入的發行版系統的所有資料 /var/www/cobbler/images/ 導入發行版的kernel和initrd鏡像用于遠端網絡啟動 /var/www/cobbler/repo_mirror/ yum倉庫存儲目錄
- cobbler的日志檔案
日志檔案路徑 說明 /var/log/cobbler/installing 用戶端安裝日志 /var/log/cobbler/cobbler.log cobbler日志
- cobbler指令詳解
cobbler check //核對目前設定是否有問題 cobbler list //列出所有的cobbler元素 cobbler report //列出元素的詳細資訊 cobbler sync //同步配置到資料目錄,更改配置最好都要執行下 cobbler reposync //同步yum倉庫 cobbler distro //檢視導入的發行版系統資訊 cobbler system //檢視添加的系統資訊 cobbler profile //檢視配置資訊
4.cobbler 部署
4.2cobbler 部署
//關閉防火牆
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config
**//将第六行中的 enforcing 改為 disabled**
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
[root@localhost ~]# setenforce 0
//配置yum源
//下載下傳之前請確定電腦有網和本地倉庫可用
//163網絡源下載下傳好後請将原來的源移走或删除
[root@localhost yum.repos.d]# yum install -y wget
[root@server ~]# curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@server ~]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@server ~]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@server ~]# yum install -y epel-release
//安裝cobbler以及相關的軟體
[root@server ~]# yum -y install httpd dhcp tftp python-ctypes cobbler xinetd cobbler-web pykickstart
//啟動服務并設定開機自啟
[root@server ~]# systemctl start httpd
[root@server ~]# systemctl start cobblerd
[root@server ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@sever ~]# systemctl enable cobblerd
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.
//修改server的ip位址為本機ip
[root@server ~]# sed -i 's/^server: 127.0.0.1/server: 192.168.66.130/' /etc/cobbler/settings
//設定tftp的ip位址為本機ip
[root@server ~]# sed -i 's/^next_server: 127.0.0.1/next_server: 192.168.66.130/' /etc/cobbler/settings
//開啟tftp
[root@server ~]# sed -i '/disable/s/yes/no/g' /etc/xinetd.d/tftp
//下載下傳缺失檔案
[root@server ~]# cobbler get-loaders
task started: 2020-05-28_172454_get_loaders
task started (id=Download Bootloader Content, time=Thu May 28 17:24:54 2020)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
//啟動rsync并設定開機自啟
[root@server ~]# systemctl start rsyncd
[root@server ~]# systemctl enable rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.
//生成加密的密碼
[root@server ~]# openssl passwd -1 -salt "$RANDOM" 'wlw123!'
$1$30214$snHY66HJF6ZeMh8ul1eW..//這是密碼加密後的形式
//将新生成的加密密碼加入到配置檔案
[root@server ~]# vim /etc/cobbler/settings
//修改密碼
default_password_crypted: "$1$30214$snHY66HJF6ZeMh8ul1eW.."
//重新開機cobbler
[root@server ~]# systemctl restart cobblerd
[root@server ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 5 127.0.0.1:25151 *:*
LISTEN 0 5 *:873 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::443 :::*
LISTEN 0 5 :::873 :::*
//通過cobbler check 核對目前設定是否有問題
//要是有Seliux錯誤要重新開機虛拟機
[root@wan ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : debmirror package is not installed, it will be required to manage debian deployments and repositories
2 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
//以上兩個是關于debian系統的錯誤,請忽略
//配置cobbler dhcp
//修改cobbler配置檔案,讓cobbler控制dhcp
[root@wan ~]# sed -i '/^manage_dhcp/s/0/1/g' /etc/cobbler/settings
[root@wan ~]# sed -n '/^manage_dhcp/p' /etc/cobbler/settings
manage_dhcp: 1
//配置dhcp
[root@wan ~]# vim /etc/cobbler/dhcp.template
subnet 192.168.66.0 netmask 255.255.255.0 {
option routers 192.168.66.2; // 指定網關
option domain-name-servers 192.168.66.2; // 此處為系統安裝好後指定的dns位址
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.66.100 192.168.66.200; // 配置設定的ip位址範圍(批量安裝機子,最多252,253台)
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
//重新開機服務并同步配置,改完dhcp必須要sync同步配置
[root@wan ~]# systemctl restart cobblerd
[root@wan ~]# cobbler sync
.......
*** TASK COMPLETE *** #最後出現這個表示正常
//檢查dhcp是否正常
[root@wan ~]# netstat -anulp | grep dhcp
udp 0 0 0.0.0.0:67 0.0.0.0:* 1392/dhcpd
//導入redhat7鏡像
[root@wan ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 寫保護,将以隻讀方式挂載
[root@wan ~]# cobbler import --path=/mnt --name=rhel-7 --arch=x86_64
.......
*** TASK COMPLETE *** #最後出現這個表示正常
# 說明:
--path //鏡像路徑
--name //為安裝源定義一個名字
--arch //指定安裝源平台
//安裝源的唯一标示就是根據name參數來定義,本例導入成功後,安裝源的唯一标示就是CentOS-7-x86_64,如果重複,系統會提示導入失敗
//檢視cobbler鏡像清單
[root@wan ~]# cobbler list
distros:
rhel-7-x86_64
profiles:
rhel-7-x86_64
systems:
repos:
images:
mgmtclasses:
packages:
files:
//建立kickstarts自動安裝腳本
[root@wan ~]# cat > /var/lib/cobbler/kickstarts/rhel-7-x86_64.ks <<'EOF'
auth --enableshadow --passalgo=sha512
bootloader --location=mbr
clearpart --all --initlabel
part /boot --asprimary --fstype="ext4" --size=500
part swap --fstype="swap" --size=4096
part / --fstype="ext4" --grow --size=15000
text
firewall --disabled
firstboot --disable
keyboard us
lang en_US
url --url=http://192.168.66.130/cobbler/ks_mirror/rhel-7-x86_64
$yum_repo_stanza
reboot
## 此處密碼應為本機系統anaconda-ks.cfg檔案裡的 # Root password
rootpw --iscrypted $6$2WTFvfNvAMgCUPuC$MJgWGzhakgxrRObcEbAwSe8vkz0s//xyiTllGwxRsHHruQhcskO69u2LVTU9u0eemHXH2pzcGawyAJ54R2E/x0
selinux --disabled
skipx
timezone Asia/Shanghai --isUtc --nontp
install
zerombr
%packages
@^minimal
@core
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
EOF
# 檢查ks檔案文法是否有誤
[root@localhost ~]# cobbler validateks
task started: 2018-08-21_171616_validateks
task started (id=Kickstart Validation, time=Tue Aug 21 17:16:16 2018)
----------------------------
osversion: rhel7
checking url: http://192.168.100.96/cblr/svc/op/ks/profile/rhel-7-x86_64
running: /usr/bin/ksvalidator -v "rhel7" "http://192.168.100.96/cblr/svc/op/ks/profile/rhel-7-x86_64"
received on stdout:
received on stderr:
*** all kickstarts seem to be ok ***
*** TASK COMPLETE ***
# 檢視目前cobbler有哪些配置檔案
[root@localhost ~]# cobbler profile list
rhel-7-x86_64
# 修改profile,将我們建立的ks檔案設為預設的kickstarts安裝檔案
[root@localhost ~]# cobbler profile edit --name rhel-7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-7-x86_64.ks
# 配置網卡名稱為傳統網卡名稱eth0
[root@localhost ~]# cobbler profile edit --name rhel-7-x86_64 --kopts='net.ifnames=0 biosdevname=0'
# 檢查目前系統cobbler配置檔案資訊
[root@localhost ~]# cobbler profile report
Name : rhel-7-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : rhel-7-x86_64 //倉庫名字
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {'biosdevname': '0', 'net.ifnames': '0'} //網卡設為傳統命名方式
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/rhel-7-x86_64.ks //使用的kickstarts配置檔案的路徑,必須為我們建立的ks檔案的路徑
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
# 同步cobbler
[root@localhost ~]# cobbler sync
.......
*** TASK COMPLETE *** ##出現此表示成功
# 為避免發生未知問題,先把服務端所有服務重新開機
[root@localhost ~]# systemctl restart xinetd
[root@localhost ~]# systemctl restart cobblerd
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 5 127.0.0.1:25151 *:*
LISTEN 0 5 *:873 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::443 :::*
LISTEN 0 5 :::873 :::*
5.用戶端安裝系統
手動驗證:
建立一個虛拟機,模式和服務端模式一樣,(這裡我使用的是nat,是以要安裝的虛拟機模式也是nat),然後設定虛拟機
然後,直接開啟虛拟機,看到以下界面,選擇第二個,回車,然後等待系統自動安裝完成即可。
因為這種方式需要手動選擇,如果機器太多,每台伺服器都要選擇,還是很麻煩,是以采用web界面配置定制安裝
# 配置完成後可能導緻通路不了web頁面,猜測python-django版本有問題
[root@localhost ~]# yum -y install python2-pip
[root@localhost ~]# pip install --upgrade pip
[root@localhost ~]# pip install Django==1.9.13
#用pip安裝指定版本的Django
重新開機httpd服務 ,再次通路https://192.168.100.96/cobbler_web出現登入頁面
6.定制安裝
- 統計伺服器mac位址
- 配置cobbler
- 安裝
6.1 擷取mac位址
6.2 配置cobbler
- 直接在浏覽器上搜尋:https://本機ip+/cobbler_web
- 使用者名與密碼都是cobbler
6.3 安裝
編寫腳本部署cobbler服務端
#!/bin/bash
#配置yum源
curl -o /etc/yum.repos.d/CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
yum install -y epel-release
#安裝cobbler以及相關的軟體
yum -y install httpd dhcp tftp python-ctypes cobbler xinetd cobbler-web pykickstart
#啟動服務并設定開機自啟
systemctl start httpd
systemctl start cobblerd
systemctl enable httpd
systemctl enable cobblerd
#關閉防火牆
firewall()
{
systemctl stop firewalld
systemctl disable firewalld
systemctl mask firewalld
setenforce 0
}
#修改server的ip位址為本機ip
sed -i 's/^server: 127.0.0.1/server: 192.168.66.130/' /etc/cobbler/settings
#設定tftp的ip位址為本機ip
sed -i 's/^next_server: 127.0.0.1/next_server: 192.168.66.130/' /etc/cobbler/settings
#開啟tftp
sed -i '/disable/s/yes/no/g' /etc/xinetd.d/tftp
#下載下傳缺失檔案
cobbler get-loaders
#啟動rsync并設定開機自啟
systemctl start rsyncd
systemctl enable rsyncd
#生成加密密碼并添加到配置檔案
configure_passwd()
{
if [$? -eq 0];then
passwd=`openssl passwd -1 -salt "$RANDOM" 'wlw123!'`
sed -i "101idefault_password_crypted: \"$pass\"" /etc/cobbler/settings
sed -i '102d' /etc/cobbler/settings
fi
}
#重新開機cobbler
systemctl restart cobblerd
#配置cobbler dhcp
#修改cobbler配置檔案,讓cobbler控制dhcp
sed -i '/^manage_dhcp/s/0/1/g' /etc/cobbler/settings
sed -n '/^manage_dhcp/p' /etc/cobbler/settings
#配置cobbler dhcp
configure_dhcp()
{
if [$? -eq 0];then
sed -i '21s/192.168.1/192.168.66/g' /etc/cobbler/dhcp.template
sed -i '22s/192.168.1.5/192.168.66.2/g' /etc/cobbler/dhcp.template
sed -i '23s/192.168.1.1/192.168.66.2/g' /etc/cobbler/dhcp.template
sed -i '25s/192.168.1.100 192.168.1.254/192.168.66.100 192.168.66.200/' /etc/cobbler/dhcp.template
fi
}
#重新開機服務并同步配置,改完dhcp必須要sync同步配置
systemctl restart cobblerd
cobbler sync
main()
{
firewall&&configure_cobbler&&configure_passwd&&configure_dhcp
}
#導入redhat7鏡像
mount /dev/cdrom /mnt/
cobbler import --path=/mnt --name=rhel-7 --arch=x86_64
#提取root密碼
root=`awk 'NR==23{print}' anaconda-ks.cfg`
#建立kickstarts自動安裝腳本
cat > /var/lib/cobbler/kickstarts/rhel-7-x86_64.ks <<'EOF'
auth --enableshadow --passalgo=sha512
bootloader --location=mbr
clearpart --all --initlabel
part /boot --asprimary --fstype="ext4" --size=500
part swap --fstype="swap" --size=4096
part / --fstype="ext4" --grow --size=15000
text
firewall --disabled
firstboot --disable
keyboard us
lang en_US
url --url=http://192.168.66.130/cobbler/ks_mirror/rhel-7-x86_64
$yum_repo_stanza
reboot
## 此處密碼應為本機系統anaconda-ks.cfg檔案裡的 # Root password
rootpw --iscrypted $6$2WTFvfNvAMgCUPuC$MJgWGzhakgxrRObcEbAwSe8vkz0s//xyiTllGwxRsHHruQhcskO69u2LVTU9u0eemHXH2pzcGawyAJ54R2E/x0
selinux --disabled
skipx
timezone Asia/Shanghai --isUtc --nontp
install
zerombr
%packages
@^minimal
@core
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
EOF
# 修改profile,将我們建立的ks檔案設為預設的kickstarts安裝檔案
cobbler profile edit --name rhel-7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-7-x86_64.ks
# 配置網卡名稱為傳統網卡名稱eth0
cobbler profile edit --name rhel-7-x86_64 --kopts='net.ifnames=0 biosdevname=0'
# 同步cobbler
cobbler sync
# 為避免發生未知問題,先把服務端所有服務重新開機
systemctl restart xinetd
systemctl restart cobblerd
systemctl restart httpd