系统自动化系统部署
系统安装过程
# CentOS系统安装
系统启动流程:
bootloader --> kernel(initramfs) --> rootfs --> /sbin/init
system-config-kickstart工具
下载安装system-config-kickstart
[root@localhost ~]#yum install system-config-kickstart -y
运行system-config-kickstart
[root@localhost ~]#system-config-kickstart
- / 100000MB
- swap 4000MB
- /boot 1000MB
包选择竟然是空的,centos7该选择是禁用的
解决方法:修改yum源
[base]#将此处的base更改为development
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
配置anaconda(安装向导程序)
ks7_mini.cfg 文件
[root@centos7 ~]# cat ks7_mini.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$MNh4wJLu$gUqsJa/UFTiRiO8tT/Hbr0
# System language
lang en_US
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --disabled
# Firewall configuration
firewall --disabled
# Network information
network --bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Africa/Abidjan
# Use network installation
url --url="http://192.168.33.130/centos/7/os/x86_64/"
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype="xfs" --size=1000
part / --fstype="xfs" --size=100000
part swap --fstype="swap" --size=4000
%post
mkdir /root/.ssh
chmod 700 /root/.ssh
cat>/root/.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFGEy7Esw+RBOf4HAyob5hHpsLegLKDiLngwJB/1A7Zu3/NRbiPLAAMz3tH97HDjPfZpW4OCJCmLSQEUmh9uj9r58GEDHzaTfVvS39S6rFny5RcOzyPAIbozOlxpAyuiaFiea2xaMDHOY4KZeyTQ78ECwNCUm40o+be3nrxBwjk8WHVmfIeV9oiBHl+LWFbTrVNP0oiQjo/uIFoB6/GQ7/6e9iop/UV1qJaQ+X3ecfclAedEw7aqdjZCdWW9XLgSHzKsDBIX/Z5MRFNWeOd7PDrdX+edqVYi10nGEziInTUIJcmvRIw8XQ0Cj0DahaoA55zYQjDuq1WxmSDW61ve1b root@centos7
EOF
chmod 600 /root/.ssh/authorized_keys
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
cat > /etc/yum.repos.d/test.repo << EOF
[base]
baseurl=http://192.168.33.130/centos/7/os/x86_64/
gpgcheck=0
EOF
%end
%packages
@^minimal
autofs
%end
安装包组位置,和找到最小化安装选项位置
[root@localhost repodata]# pwd
/misc/repodata
[root@localhost repodata]# cat 521f322f05f9802f2438d8bb7d97558c64ff3ff74c03322d77787ade9152d8bb-c7-x86_64-comps.xml |grep minimal
<packagereq type="mandatory">vim-minimal</packagereq>
<packagereq type="mandatory">kdeutils-minimal</packagereq>
<description xml:lang="fr">Installation minimale d'hôte de virtualisation.</description>
<description xml:lang="fr">Hôte de virtualisation minimal.</description>
<id>minimal</id># 最小化安装
<name xml:lang="fr">Installation minimale</name>
# 我们将把他放入kickstart文件中
改好后的格式
...
%packages
@^minimal
autofs
%end
检查格式是否正确工具
[root@centos7 ~]# ksvalidator ks7_mini.cfg
使用kickstart文件
将kickstart文件放入网络共享文件中
[root@centos7 ~]# cd /var/www/html/
[root@centos7 html]# ls
centos
[root@centos7 html]# mkdir ksdir
[root@centos7 html]# mv /r
root/ run/
[root@centos7 html]# cp /root/ks7_mini.cfg ksdir/
[root@centos7 html]# ll ksdir/
total 4
-rw-r--r-- 1 root root 1726 Jun 11 23:03 ks7_mini.cfg
活动文件位置
http://192.168.33.130/ksdir/ks7_mini.cfg
准备新机器
成功!
没有IP怎么办,可以在内核中输入以下参数临时拥有一个IP
ip=IPADDR
netmask=MASK
gateway=GW
dns=DNS_SERVER_IP
ifname=NAME:MAC_ADDR
通过HTTP服务自动安装配置
httpd服务安装
配置/var/html/www文件
挂载光盘至文件下
设置开机自动挂载
制作引导光盘和U盘
PXE安装系统
cobbler企业级应用
DHCP 服务实现
网络配置
- 静态指定
- 动态获取
- bootp:MAC与IP——静态对应
- dhcp:增强的bootp,动态
你的机器启动时就分配IP不启动则收回IP
搭建DHCP服务
DHCP服务申请过程
八种通讯报文:
DHCP DISCOVER:客户端到服务器
DHCP OFFER :服务器到客户端
DHCP REQUEST:客户端到服务器
DHCP ACK :服务器到客户端
DHCP NAK:服务器到客户端,通知用户无法分配合适的IP地址
DHCP DECLINE :客户端到服务器,指示地址已被使用
DHCP RELEASE:客户端到服务器,放弃网络地址和取消剩余的租约时间
DHCP INFORM:客户端到服务器, 客户端如果需要从DHCP服务器端获取更为详细的配置信息,则发送Inform报文向服务器进行请求,极少用到
DHCP配置
更改完配置后重启服务
systemctl restart dhcpd
将网卡设置为自动获取
[root@centos7 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp #设置为dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=13cd8e7b-5fce-46f1-a2cb-f4ee2469df6f
DEVICE=ens33
ONBOOT=yes
DHCP实现自动分配IP
更改IP设置后重新启动NetworkManager服务
service NetworkManager restart
# 或者
service network restart
dhclient进程自动获取IP
ps aux |grep dhclient
# 检查dhclient有无自动获取
dhclient -d#前台运行
[root@localhost ~]# dhclient -d
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/pan0/fe:2c:7b:44:fe:57
Sending on LPF/pan0/fe:2c:7b:44:fe:57
Listening on LPF/eth0/00:0c:29:e5:c3:0b
Sending on LPF/eth0/00:0c:29:e5:c3:0b
Sending on Socket/fallback
DHCPDISCOVER on pan0 to 255.255.255.255 port 67 interval 8 (xid=0x3a2b410d)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x6b190a07)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 (xid=0x6b190a07)
DHCPOFFER from 192.168.33.254
DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x6b190a07)
DHCPACK from 192.168.33.254 (xid=0x6b190a07)
bound to 192.168.33.133 -- renewal in 894 seconds.
DHCPDISCOVER on pan0 to 255.255.255.255 port 67 interval 13 (xid=0x3a2b410d)
查看过期时间
[root@localhost ~]# cd /var/lib/dhclient/
[root@localhost dhclient]# ll -t
total 12
-rw-r--r--. 1 root root 1820 Jun 13 06:01 dhclient-d057cd84-199a-4096-8ea9-3296e687d3ad-eth0.lease
-rw-r--r--. 1 root root 455 Jun 13 05:59 dhclient.leases
-rw-r--r--. 1 root root 910 Jun 13 05:34 dhclient-eth0.leases
# dhclient.leases
[root@localhost dhclient]# cat dhclient.leases
lease {
interface "eth0";
fixed-address 192.168.33.133;
option subnet-mask 255.255.255.0;
option routers 192.168.33.2;
option dhcp-lease-time 1800;
option dhcp-message-type 5;
option domain-name-servers 192.168.33.2;
option dhcp-server-identifier 192.168.33.254;
option broadcast-address 192.168.33.255;
option domain-name "localdomain";
renew 6 2020/06/13 13:14:34;
rebind 6 2020/06/13 13:25:53;
expire 6 2020/06/13 13:29:38;
}
# 该时间为格林尼治时间
[root@localhost dhclient]# date
Sat Jun 13 06:05:07 PDT 2020
# 转化格林尼治时间
[root@localhost dhclient]# date -u
Sat Jun 13 13:05:12 UTC 2020
# 租期30min
实验:安装DHCP服务器
要求:
- VMnet下的NAT网络关闭dhcp功能
- 不要用桥接模式
安装DHCP服务
安装包
yum install dhcp -y
dhcp文件列表
[root@centos7 ~]# rpm -ql dhcp
/etc/NetworkManager
/etc/NetworkManager/dispatcher.d
/etc/NetworkManager/dispatcher.d/12-dhcpd
/etc/dhcp/dhcpd.conf # 配置文件
/etc/dhcp/dhcpd6.conf
/etc/dhcp/scripts
/etc/dhcp/scripts/README.scripts
/etc/openldap/schema/dhcp.schema
/etc/sysconfig/dhcpd
/usr/bin/omshell
/usr/lib/systemd/system/dhcpd.service # 服务名
/usr/lib/systemd/system/dhcpd6.service
/usr/lib/systemd/system/dhcrelay.service
/usr/sbin/dhcpd # 主程序
/usr/sbin/dhcrelay
/usr/share/doc/dhcp-4.2.5
/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example
/usr/share/doc/dhcp-4.2.5/dhcpd6.conf.example
/usr/share/doc/dhcp-4.2.5/ldap
/usr/share/doc/dhcp-4.2.5/ldap/README.ldap
/usr/share/doc/dhcp-4.2.5/ldap/dhcp.schema
/usr/share/doc/dhcp-4.2.5/ldap/dhcpd-conf-to-ldap
/usr/share/man/man1/omshell.1.gz
/usr/share/man/man5/dhcpd.conf.5.gz
/usr/share/man/man5/dhcpd.leases.5.gz
/usr/share/man/man8/dhcpd.8.gz
/usr/share/man/man8/dhcrelay.8.gz
/usr/share/systemtap/tapset/dhcpd.stp
/var/lib/dhcpd
/var/lib/dhcpd/dhcpd.leases
/var/lib/dhcpd/dhcpd6.leases
启动服务,发现问题
[root@centos7 ~]# systemctl start dhcpd
Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.
查看错误提示
[root@centos7 ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-06-13 13:14:34 CST; 46s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Process: 10293 ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid (code=exited, status=1/FAILURE)
Main PID: 10293 (code=exited, status=1/FAILURE)
Jun 13 13:14:34 centos7 systemd[1]: Starting DHCPv4 Server Daemon...
Jun 13 13:14:34 centos7 dhcpd[10293]: Copyright 2004-2013 Internet Systems Consortium.
Jun 13 13:14:34 centos7 dhcpd[10293]: All rights reserved.
Jun 13 13:14:34 centos7 dhcpd[10293]: For info, please visit https://www.isc.org/softwa...cp/
Jun 13 13:14:34 centos7 dhcpd[10293]: Not searching LDAP since ldap-server, ldap-port a...ile
Jun 13 13:14:34 centos7 dhcpd[10293]: Wrote 0 leases to leases file.
Jun 13 13:14:34 centos7 systemd[1]: dhcpd.service: main process exited, code=exited, st...URE
Jun 13 13:14:34 centos7 systemd[1]: Failed to start DHCPv4 Server Daemon.
Jun 13 13:14:34 centos7 systemd[1]: Unit dhcpd.service entered failed state.
Jun 13 13:14:34 centos7 systemd[1]: dhcpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
查看配置文件/etc/dhcp/dhcpd.conf
[root@centos7 ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# 文件中啥也没有,下一步查看范例
# see dhcpd.conf(5) man page
#
查看范例
[root@centos7 ~]# vim /usr/share/doc/dhcp*/dhcpd.conf.example
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org";
# 配置dns,百度DNS为:180.76.76.76
# option domain-name-servers ns1.example.org, ns2.example.org;
option domain-name-servers 114.114.114.114,180.76.76.76;
# 租期默认600秒,现改为1day:86400
default-lease-time 86400;
# 最大租期改为10day
max-lease-time 864000;
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# 加入本台主机的网段192.168.33.0,该网段变成地址池
subnet 192.168.33.0 netmask 255.255.255.0 {
range 192.168.33.33 192.168.33.99;
option routers 192.168.33.1;
}
# This is a very basic subnet declaration.
# 需要制定地址范围,网关
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 10.5.5.1;
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
##############################################################
# 当MAC地址为08:00:07:26:c0:a5时,IP就固定设置为fantasia.fugue.com
##############################################################
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
直接先拷贝过来作为dhcp的配置文件
[root@centos7 ~]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
重新启动
[root@centos7 ~]# systemctl start dhcpd
# 成功
虽然启动成功,但还需要配置哪些地址是可以分配的以及其他信息
[root@centos7 ~]# ss -ntlup
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
...
udp UNCONN 0 0 *:67 *:* users:(("dhcpd",pid=10688,fd=7))
:67
是dhcp服务器的端口号,:68
是dhcp客户端的端口号
配置好后,在centos6中重启网络服务
[root@localhost Desktop]# service NetworkManager restart
Stopping NetworkManager daemon: [ OK ]
Setting network parameters... [ OK ]
Starting NetworkManager daemon: [ OK ]
[root@localhost Desktop]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:e5:c3:0b brd ff:ff:ff:ff:ff:ff
inet 192.168.33.50/24 brd 192.168.33.255 scope global eth0
inet6 fe80::20c:29ff:fee5:c30b/64 scope link
valid_lft forever preferred_lft forever
3: pan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fe:2c:7b:44:fe:57 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc2c:7bff:fe44:fe57/64 scope link
valid_lft forever preferred_lft forever
# 获取地址成功
#######################
# 检查网关是否拿到
[root@localhost Desktop]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.33.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 192.168.33.1 0.0.0.0 UG 0 0 0 eth0
#######################
# 检查DNS
[root@localhost Desktop]# cat /etc/resolv.conf
# Generated by NetworkManager
domain example.org
search example.org
nameserver 180.76.76.76
nameserver 114.114.114.114
#########################
# 查看租期
[root@l