自動化安裝部署
PXE+Kickstart工作原理
pxe+kickstart工作流程
- 網卡上的pxe晶片有512位元組,存放了DHCP和TFTP的用戶端
- 啟動計算機選擇網卡啟動,pxe上的DHCP用戶端會發出廣播包向DHCP伺服器申請IP位址
- DHCP伺服器配置設定給它IP位址的同時通過以下字段,告訴pxe,TFTP的位址和它要下載下傳的檔案(1.next-server x.x.x.x; 2.filename "pxelinux.0";)
- pxelinux.0告訴pxe要下載下傳的配置檔案是pxelinux.cfg目錄下的default
- pxe下載下傳并依據配置檔案的内容下載下傳啟動必須的檔案,并通過ks.cfg開始系統安裝
Cobbler部署安裝
環境 -CentOS7+Cobbler2.8.2
官網:http://cobbler.github.io/
[root@cobbler kickstarts]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@cobbler kickstarts]# uname -m
x86_64
[root@cobbler kickstarts]# uname -r
3.10.0-693.el7.x86_64
[root@cobbler ~]# cobbler version
Cobbler 2.8.2 Cobbler運作流程
dhcp
client: 從dhcp中擷取位址,通路next_server的ip位址
next_server : 擷取啟動核心,initrd等檔案
tftp: pxe引導檔案,啟動cobbler選擇界面
kickstart: 确定附加元件,根據nfs,http,tfp等共享擷取資源 部署過程
1.關閉selinux和防火牆
關閉SELINUX:
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
關閉防火牆:
systemctl stop firewalld 2.安裝epol源
rpm -ivh https://mirrors.aliyun.com/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm 3.安裝cobbler
yum install -y httpd dhcp tftp cobbler cobbler-web pykickstart xinetd 4.啟動httpd和cobbler服務
啟動httpd服務:
systemctl start httpd
啟動cobblerd服務:
systemctl start cobblerd 5.cobber check,完成要求
[root@cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
修改/etc/cobbler/settings中的server字段IP為本機網卡IP
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
修改/etc/cobbler/settings中next_server字段IP為本機IP
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
關閉SELinux
4 : change 'disable' to 'no' in /etc/xinetd.d/tftp
修改/etc/xinetd.d/tftp中disable為no
5 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
運作cobbler get-loaders加載引導程式
6 : enable and start rsyncd.service with systemctl
啟動rsyncd服務:systemctl start rsyncd
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
管理debian的部署和倉庫,此處不管
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
運作openssl passwd -1 -salt '鹽' '密碼' 加密密鑰字元串并替換掉/etc/cobbler/settings中default_password_crypted字段的值
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
電源管理,此處不管
Restart cobblerd and then run 'cobbler sync' to apply changes. 6.完成要求後重新開機cobbler服務并再此cobbler check檢查
systemctl restart cobblerd
cobbler check 7.編輯修改/etc/cobbler/settings第242行為manage_dhcp: 1
編輯/etc/cobbler/dhcp.template,修改DHCP釋出資訊,即隻修改
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.2;
option domain-name-servers 10.0.0.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 10.0.0.190 10.0.0.210; 8.重新開機cobblerd服務并執行cobbler sync
[root@cobbler ~]# systemctl restart cobblerd
[root@cobbler ~]# cobbler sync
task started: 2018-03-06_171312_sync
task started (id=Sync, time=Tue Mar 6 17:13:12 2018)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
copying: /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
copying: /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
copying: /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
copying: /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@cobbler ~]# 9.挂載系統鏡像并将系統鏡像導入cobbler
檢視CD光牒資訊:
[root@cobbler ~]# ll /dev/cdrom
lrwxrwxrwx. 1 root root 3 Mar 6 16:08 /dev/cdrom -> sr0
挂載并導入cobbler:
[root@cobbler ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@cobbler ~]#
[root@cobbler ~]# cobbler import --path=/mnt/ --name CentOS-7-x86_64 --arch=x86_64 10.自定義kickstarts檔案
/var/lib/cobbler/kickstarts/為系統預設存放kickstarts檔案的地方
cd /var/lib/cobbler/kickstarts/
rz
**上傳事先準備好的CentOS-7-x86_64.cfg檔案**
自定義kickstarts:
cobbler profile edit --name=CentOS-7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-7-x86_64.cfg
CentOS 7預設網卡不是eth開頭,修改核心參數使其成為eth開頭
cobbler profile edit --name=CentOS-7-x86_64 --kopts='net.ifnames=0 biosdevname' 11.重新開機httpd,xinetd,cobblerd服務
systemctl restart httpd
systemctl restart xinetd
systemctl restart cobblerd
cobbler sync 12.檢視DHCP日志,檢視自動安裝情況
[root@cobbler kickstarts]# tail -f /var/log/messages
Mar 6 17:51:57 localhost dhcpd: Copyright 2004-2013 Internet Systems Consortium.
Mar 6 17:51:57 localhost dhcpd: All rights reserved.
Mar 6 17:51:57 localhost dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Mar 6 17:51:57 localhost dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Mar 6 17:51:57 localhost dhcpd: Wrote 0 class decls to leases file.
Mar 6 17:51:57 localhost dhcpd: Wrote 0 leases to leases file.
Mar 6 17:51:57 localhost dhcpd: Listening on LPF/ens33/00:0c:29:54:bf:8c/10.0.0.0/24
Mar 6 17:51:57 localhost dhcpd: Sending on LPF/ens33/00:0c:29:54:bf:8c/10.0.0.0/24
Mar 6 17:51:57 localhost dhcpd: Sending on Socket/fallback/fallback-net
Mar 6 17:51:57 localhost systemd: Started DHCPv4 Server Daemon. 13.開啟一個新機器,選擇網卡啟動(預設就是網卡啟動)
進入cobbler界面成功!!!
此時檢視cobbler伺服器DHCP日志資訊:
[root@cobbler kickstarts]# tail -f /var/log/messages
Mar 6 17:51:57 localhost dhcpd: Copyright 2004-2013 Internet Systems Consortium.
Mar 6 17:51:57 localhost dhcpd: All rights reserved.
Mar 6 17:51:57 localhost dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Mar 6 17:51:57 localhost dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Mar 6 17:51:57 localhost dhcpd: Wrote 0 class decls to leases file.
Mar 6 17:51:57 localhost dhcpd: Wrote 0 leases to leases file.
Mar 6 17:51:57 localhost dhcpd: Listening on LPF/ens33/00:0c:29:54:bf:8c/10.0.0.0/24
Mar 6 17:51:57 localhost dhcpd: Sending on LPF/ens33/00:0c:29:54:bf:8c/10.0.0.0/24
Mar 6 17:51:57 localhost dhcpd: Sending on Socket/fallback/fallback-net
Mar 6 17:51:57 localhost systemd: Started DHCPv4 Server Daemon.
Mar 6 17:55:29 localhost dhcpd: DHCPDISCOVER from 00:0c:29:50:15:83 via ens33
Mar 6 17:55:30 localhost dhcpd: DHCPOFFER on 10.0.0.190 to 00:0c:29:50:15:83 via ens33
Mar 6 17:55:32 localhost dhcpd: DHCPREQUEST for 10.0.0.190 (10.0.0.181) from 00:0c:29:50:15:83 via ens33
Mar 6 17:55:32 localhost dhcpd: DHCPACK on 10.0.0.190 to 00:0c:29:50:15:83 via ens33
Mar 6 17:55:32 localhost xinetd[17293]: START: tftp pid=17333 from=10.0.0.190
Mar 6 17:55:32 localhost in.tftpd[17334]: RRQ from 10.0.0.190 filename pxelinux.0
Mar 6 17:55:32 localhost in.tftpd[17334]: tftp: client does not accept options
Mar 6 17:55:32 localhost in.tftpd[17335]: RRQ from 10.0.0.190 filename pxelinux.0
Mar 6 17:55:32 localhost in.tftpd[17335]: Client 10.0.0.190 finished pxelinux.0
Mar 6 17:55:32 localhost in.tftpd[17336]: RRQ from 10.0.0.190 filename pxelinux.cfg/564d2383-4d62-184e-37d8-2d30ad501583
Mar 6 17:55:32 localhost in.tftpd[17336]: Client 10.0.0.190 File not found pxelinux.cfg/564d2383-4d62-184e-37d8-2d30ad501583
Mar 6 17:55:32 localhost in.tftpd[17337]: RRQ from 10.0.0.190 filename pxelinux.cfg/01-00-0c-29-50-15-83
Mar 6 17:55:32 localhost in.tftpd[17337]: Client 10.0.0.190 File not found pxelinux.cfg/01-00-0c-29-50-15-83
Mar 6 17:55:32 localhost in.tftpd[17338]: RRQ from 10.0.0.190 filename pxelinux.cfg/0A0000BE
Mar 6 17:55:32 localhost in.tftpd[17338]: Client 10.0.0.190 File not found pxelinux.cfg/0A0000BE
Mar 6 17:55:32 localhost in.tftpd[17339]: RRQ from 10.0.0.190 filename pxelinux.cfg/0A0000B
Mar 6 17:55:32 localhost in.tftpd[17339]: Client 10.0.0.190 File not found pxelinux.cfg/0A0000B
Mar 6 17:55:32 localhost in.tftpd[17340]: RRQ from 10.0.0.190 filename pxelinux.cfg/0A0000
Mar 6 17:55:32 localhost in.tftpd[17340]: Client 10.0.0.190 File not found pxelinux.cfg/0A0000
Mar 6 17:55:32 localhost in.tftpd[17341]: RRQ from 10.0.0.190 filename pxelinux.cfg/0A000
Mar 6 17:55:32 localhost in.tftpd[17341]: Client 10.0.0.190 File not found pxelinux.cfg/0A000
Mar 6 17:55:32 localhost in.tftpd[17342]: RRQ from 10.0.0.190 filename pxelinux.cfg/0A00
Mar 6 17:55:32 localhost in.tftpd[17342]: Client 10.0.0.190 File not found pxelinux.cfg/0A00
Mar 6 17:55:32 localhost in.tftpd[17343]: RRQ from 10.0.0.190 filename pxelinux.cfg/0A0
Mar 6 17:55:32 localhost in.tftpd[17343]: Client 10.0.0.190 File not found pxelinux.cfg/0A0
Mar 6 17:55:32 localhost in.tftpd[17344]: RRQ from 10.0.0.190 filename pxelinux.cfg/0A
Mar 6 17:55:32 localhost in.tftpd[17344]: Client 10.0.0.190 File not found pxelinux.cfg/0A
Mar 6 17:55:32 localhost in.tftpd[17345]: RRQ from 10.0.0.190 filename pxelinux.cfg/0
Mar 6 17:55:32 localhost in.tftpd[17345]: Client 10.0.0.190 File not found pxelinux.cfg/0
Mar 6 17:55:32 localhost in.tftpd[17346]: RRQ from 10.0.0.190 filename pxelinux.cfg/default
Mar 6 17:55:32 localhost in.tftpd[17346]: Client 10.0.0.190 finished pxelinux.cfg/default
Mar 6 17:55:32 localhost in.tftpd[17347]: RRQ from 10.0.0.190 filename menu
Mar 6 17:55:32 localhost in.tftpd[17347]: Client 10.0.0.190 File not found menu
Mar 6 17:55:32 localhost in.tftpd[17348]: RRQ from 10.0.0.190 filename menu.cbt
Mar 6 17:55:32 localhost in.tftpd[17348]: Client 10.0.0.190 File not found menu.cbt
Mar 6 17:55:32 localhost in.tftpd[17349]: RRQ from 10.0.0.190 filename menu.0
Mar 6 17:55:32 localhost in.tftpd[17349]: Client 10.0.0.190 File not found menu.0
Mar 6 17:55:32 localhost in.tftpd[17350]: RRQ from 10.0.0.190 filename menu.com
Mar 6 17:55:32 localhost in.tftpd[17350]: Client 10.0.0.190 File not found menu.com
Mar 6 17:55:32 localhost in.tftpd[17351]: RRQ from 10.0.0.190 filename menu.c32
Mar 6 17:55:32 localhost in.tftpd[17351]: Client 10.0.0.190 finished menu.c32
Mar 6 17:55:32 localhost in.tftpd[17352]: RRQ from 10.0.0.190 filename pxelinux.cfg/default
Mar 6 17:55:32 localhost in.tftpd[17352]: Client 10.0.0.190 finished pxelinux.cfg/default CentOS-7-x86_64.cfg檔案内容
[root@cobbler kickstarts]# cat CentOS-7-x86_64.cfg
#### cobbler for Kickstart Configurator for CentOS 7.4 by ChenTaicheng
install
url --url=$tree
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr
\# Network information
$SNIPPET('network_config')
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $default_password_crypted
clearpart --all --initlabel
part /boot --fstype xfs --size 200
part swap --size 200
part / --fstype xfs --size 9500
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
\#Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
iptraf
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
screen
%end
%post
systemctl disable postfix.service
%end[root@cobbler kickstarts]# \#platform=x86, AMD64, or Intel EM64T
\#System authorization information
auth --useshadow --enablemd5
\#System bootloader configuration
bootloader --location=mbr
\#Partition clearing information
clearpart --all --initlabel
\#Partition information
part /boot --fstype ext4 --size 1024 --ondisk sda
part swap --size=1500
part / --fstype ext4 --size 1 --grow --ondisk sda
\#Use text mode install
text
\#Firewall configuration
firewall --disable
\#Run the Setup Agent on first boot
firstboot --disable
\#System keyboard
keyboard us
\#System language
lang en_US
\#Use network installation
url --url=$tree
\#If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
\#Network information
$SNIPPET('network_config')
\#network --bootproto=dhcp --device=em1
\#Reboot after installation
reboot
\#Root password
rootpw --iscrypted $default_password_crypted
\#SELinux configuration
selinux --disabled
\#Do not configure the X Window System
skipx
\#System timezone
timezone Asia/Shanghai
\#Install OS instead of upgrade
install
\#Clear the Master Boot Record
zerombr
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
\#Enable installation monitoring
$SNIPPET('pre_anamon')
%post
%end
###定制開始顯示網站
[root@cobbler ~]# cd /etc/cobbler/pxe
[root@cobbler pxe]# cat pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT $pxe_timeout_profile
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
$pxe_menu_items
MENU end 擴充
客戶機自動重新安裝
yum install -y koan
koan --server=10.0.0.181 --list=profiles
koan --replace-self --server=10.0.0.181 --profile=CentOS-7-x86_64 搭建yum源
1.添加repo
cobbler repo add --name=openstack-queens --mirror=https://mirrors.aliyun.com/centos/7.4.1708/cloud/x86_64/openstack-queens/ --arch=x86_64 --breed=yum
2.同步repo
cobbler reposync
3.添加repo到對應的profile
cobbler profile edit --name=CentOS-7-x86_64 --repos="openstack-queens"
4.修改kickstart檔案,添加下面内容到%post %end中間
systemctl disable postfix.service
%yum_config_stanza 根據MAC定制化裝機
cobbler system add --name=linux-node2.oldboyedu.com --mac=00:50:56:21:AF:72 --profile=CentOS-7-x86_64 \
--ip-address=10.0.0.199 --subnet=255.255.255.0 --gateway=10.0.0.2 --interface=eth0 \
--static=1 --hostname=linux-node2.oldboyedu.com --name-servers="10.0.0.2" \
--kickstart=/var/lib/cobbler/kickstarts/CentOS-7-x86_64.cfg 相關指令及檔案
cobbler \#cobbler程式包
cobbler-web \#cobbler的web服務包
pykickstart \#cobbler檢查kickstart文法錯誤
httpd \#Apache web服務
/etc/cobbler \# 配置檔案目錄
/etc/cobbler/settings \# cobbler主配置檔案
/etc/cobbler/dhcp.template \# DHCP服務的配置模闆
/etc/cobbler/tftpd.template \# tftp服務的配置模闆
/etc/cobbler/rsync.template \# rsync服務的配置模闆
/etc/cobbler/iso \# iso模闆配置檔案目錄
/etc/cobbler/pxe \# pxe模闆檔案目錄
/etc/cobbler/power \# 電源的配置檔案目錄
/etc/cobbler/users.conf \# Web服務授權配置檔案
/etc/cobbler/users.digest \# web通路的使用者名密碼配置檔案
/etc/cobbler/dnsmasq.template \# DNS服務的配置模闆
/etc/cobbler/modules.conf \# Cobbler子產品配置檔案
/var/lib/cobbler \# Cobbler資料目錄
/var/lib/cobbler/config \# 配置檔案
/var/lib/cobbler/kickstarts \# 預設存放kickstart檔案
/var/lib/cobbler/loaders \# 存放的各種引導程式
/var/www/cobbler \# 系統安裝鏡像目錄
/var/www/cobbler/ks_mirror \# 導入的系統鏡像清單
/var/www/cobbler/images \# 導入的系統鏡像啟動檔案
/var/www/cobbler/repo_mirror \# yum源存儲目錄
/var/log/cobbler \# 日志目錄
/var/log/cobbler/install.log \# 用戶端系統安裝日志
/var/log/cobbler/cobbler.log \# cobbler日志
導入鏡像指令
cobbler import --path=/mnt/ --name Centos-6.6-x86_64 --arch=x86_64
####--path 鏡像路徑
####--name 為安裝源定義一個名稱
####--arch 指定安裝源是32位、64位、ia64, 目前支援的選項有: x86│x86_64│ia64
檢視導入資訊
cobbler profile report ![完整的IT系統釋出流程是什麼将系統部署到生産環境是確定系統可以可靠地提供服務的最後一步。以下是部署系統到生産環境需要做的[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)