前言
感觉没什么需要介绍的,因为基本除了第一次装机的时候配置一下,后面基本上都不会有太大的调整,最多就是dhcp地址池以及网络的修改。通常是有自己物理机的公司使用的,用云服务器的就用不着了。。
下面介绍一下Cobbler的基本配置方法。
Cobbler安装
Cobbler是由python语言开发的,kickstart的升级版,相对于pxe+kickstart的装机组合,更为简单,且自带了web界面,使用时用户体验良好,装机方便。
环境介绍
系统:centos7.4
cobbler服务器:
eth0 192.168.10.212 内网1
eth1 10.20.10.212 内网2
【1】yum安装
注意查看系统版本和内核版本,安装对应版本软件
cat /etc/redhat-release
uname -r
<1>Centos6
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
<2>Centos7
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
<3>yum缓存更新
yum cleanall
yum makecache
<4>软件安装
yum -y install cobbler cobbler-web dhcp tftp-server pykickstart httpd rsync
【2】防火墙配置
由于处于内网环境,且配置内部dns.通常情况下这台是关闭防火墙的,但也可以配置防火墙规则
<1>关闭防火墙
***centos7***
getenforce
setenforce 0
systemctl stop firewalld
systemctl disable firewalld
vim /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
***centos6***
getenforce
setenforce 0
/etc/init.d/iptables stop
chkconfig iptables off
vim /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
【3】cobbler文件介绍(可跳过)
/etc/cobbler 配置文件目录
/etc/cobbler/settings cobbler主配置文件
/etc/cobbler/dhcp.template DHCP服务的配置模板
/etc/cobbler/tftpd.template tftp服务的配置模板
/etc/cobbler/rsync.template rsync服务的配置模板
/etc/cobbler/iso iso模板配置文件目录
/etc/cobbler/pxe pxe模板文件目录
/etc/cobbler/power 电源的配置文件目录
/etc/cobbler/users.conf Web服务授权配置文件
/etc/cobbler/users.digest 用于web访问的用户名密码配置文件
/etc/cobbler/dnsmasq.template DNS服务的配置模板
/etc/cobbler/modules.conf Cobbler模块配置文件
/var/lib/cobbler Cobbler数据目录
/var/lib/cobbler/config 配置文件
/var/lib/cobbler/kickstarts 默认存放kickstart文件
/var/lib/cobbler/loaders 存放的各种引导程序
/var/www/cobbler 系统安装镜像目录
/var/www/cobbler/ks_mirror 导入的系统镜像列表
/var/www/cobbler/images 导入的系统镜像启动文件
/var/www/cobbler/repo_mirror yum源存储目录
/var/log/cobbler 日志目录
/var/log/cobbler/install.log 客户端系统安装日志
/var/log/cobbler/cobbler.log cobbler日志
【4】cobbler启动并检查
centos7
systemctl start httpd
systemctl start cobblerd
cobbler check
centos6
/etc/init.d/httpd start
/etc/init.d/cobblerd start
/etc/init.d/xinted start
cobbler check
由于cobbler没有进行详细的配置,当然会弹出大量的报错,需要根据提示进行修改。
如果要部署debian/ubuntu系统需要安装debmirror,否则忽略下方第6个提示;
如果使用电源管理功能的话需要安装 cman 或fence-agents,否则忽略下方第8个提示
cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
cobbler配置
【1】第1,2问题解决
(Server 和 Next_Server配置)
server 为指定cobbler服务器地址
sed -i 's/server: 127.0.0.1/server: 192.168.10.212/g' /etc/cobbler/settings
next_server 为dhcp/pxe网络中被下载引导文件的tftp服务器的地址,server设置为同一个IP
sed -i 's/next_server: 127.0.0.1/next_server: 192.168.10.212/g' /etc/cobbler/settings
用Cobbler管理DHCP
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/' /etc/cobbler/settings
防止循环装系统,适用于服务器第一启动项是PXE启动
sed -i 's/pxe_just_once: 0/pxe_just_once: 1/' /etc/cobbler/settings
注意":"后有一个空格
【2】第3、5问题解决
(tftp和rsync配置)
centos6和7的fttp由于软件版本不一致,配置方法也不一致,centos6还需配置xinetd.d/rsync ,配置完成后重启x;centos7无需配置rsync.
实际解决需要根据cobbler check提示解决
sed -i '/disable/c disable = no' /etc/xinetd.d/tftp
or
sed -i 's#yes#no#' /etc/xinetd.d/tftp
xinetd的wait也可设置为no,选择第2条命令(wait = no表示服务将以多线程的方式运行)
systemctl start rsyncd
【3】第4问题解决
安装缺少的软件,如yum无法安装,可去官网下载cobbler_load
cobbler get-loaders
在/var/lib/cobbler/loaders下,下载引导操作系统文件
【4】第6问题解决(不配置debian可忽略)
yum -y install debmirror
vim /etc/debmirror.conf
#@dists="sid";
@sections="main,main/debian-installer,contrib,non-free";
#@arches="i386";
【5】第7问题解决
设置Cobbler安装系统的root初始密码
sed -ri "/default_password_crypted/s#(.*: ).*#\1\"`openssl passwd -1 -salt '任意字符' '密码'`\"#" /etc/cobbler/settings
任意字符实际上是可随便填写的,重点是密码
密码即为设置的密码
【6】第8问题解决
配置电源管理
yum -y install cman
or
yum -y install fence-agents
【7】修改Cobbler的dhcp模板
cobbler会根据此模版将配置同步到dhcp的配置文件中(/etc/dhcp/dhcpd.conf)
可手动配置,也可使用sed命令配置。通常有几个可使用的网卡,可配置几个地址池
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 10.20.10.0 netmask 255.255.255.0 { #配置要分配的地址段及netmask, 需要修改为自己的网段
option routers 10.20.10.254; #配置网关,如dhcp有问题,注意网关的配置
option domain-name-servers 223.5.5.5; #配置dns,也可配置自己内部的dns
option subnet-mask 255.255.254.0; #配置netmask
range dynamic-bootp 10.20.10.50 10.20.10.250; #分配的ip范围
default-lease-time 21600; #缺省租约时间
max-lease-time 43200; #最大租约时间
next-server $next_server; #指定引导装机的ip
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
subnet 192.168.10.0 netmask 255.255.255.0 {
option routers 192.168.10.254;
option domain-name-servers 223.5.5.5;
option subnet-mask 255.255.254.0;
range dynamic-bootp 192.168.10.50 192.168.10.250;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
hardware ethernet $mac;
#if $iface.ip_address:
fixed-address $iface.ip_address;
#end if
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for
【8】Cobbler同步配置及启动
<1>修改完成后,再次检测
cobbler check
<2>配置同步
cobbler sync
<3>服务重启
systemctl restart httpd
systemctl restart cobblerd
systemctl restart dhcpd
systemctl restart rsyncd
systemctl restart tftp.socket
systemctl enable httpd
systemctl enable dhcpd
systemctl enable cobblerd
systemctl enable rsyncd
systemctl enable tftp.socket
【9】导入镜像
<1>从官网上或其他渠道下载iso镜像并上传到cobbler服务器
<2>创建挂载目录
mkdir -p /usr/local/mount{1…2}
<3>挂载镜像
mount -t -o loop /root/CentOS-6.7-x86_64-bin-DVD.iso /usr/local/mount1
mount -t -o loop /root/CentOS-7-x86_64-Minimal-1708.iso /usr/local/mount2
Cobbler web配置
【1】登录
浏览器访问http://cobbler服务器IP/cobbler_web
默认用户名cobbler 密码cobbler
centos7 需要用https访问
<1>添加用户操作
htdigest /etc/cobbler/users.digest "Cobbler" 用户名
htdigest /etc/cobbler/users.digest "Cobbler" gstest
【2】导入镜像
<1>web配置方法
选择Import DVD
Prefix 名称
Arch 版本
Breed 系统
Path 从什么地方导入
点击run后,镜像就会使用rsync导入到cobbler统一管理镜像的位置/var/www/cobbler/ks_mirror/
Events内为导入产生的日志
<2>命令配置方法
上面的步骤可用命令行来实现
当导入镜像到cobbler完成后,就可使用umount解除挂载了,wget下的镜像如不需要也可删除
cobbler import --path=/usr/local/mount1 --name=Centos-6.7-x86_64 --arch=x86_64
定制化安装操作系统
【1】配置内核参数
<1>查看导入的镜像,点击edit编辑
<2>配置内核参数(可让网卡变为eth格式)
biosdevname=0 net.ifnames=0
【2】配置ks文件
<1>点击Kickstart Templates ,Create New Kickstart File ,配置新的ks文件
ks默认配置文件位置为 /var/lib/cobbler/kickstarts
也可在此目录下编辑一个ks文件,就无需web上配置了
<2>编辑一个名称,空白处填入ks文件内容(内容根据需求配置)
注意ks文件中,最好不要有中文字符,可能导致报错
如果不会写ks文件,也可安装kickstart,生成ks文件(自行搜索)
<3>点击profiles,部署工程
客户端使用pex时,会选择对应的工程文件开始自动部署
选择镜像及对应的ks文件,如无特殊配置ks文件也可以使用ks模板
【3】命令行配置
上面的过程可直接使用命令配置
profile配置
cobbler profile edit --name=Centos6.7-x86_64 --distro=Centos6.7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/Centos6.7-x86_64.cfg
内核配置
cobbler profile edit --name=Centos6.7-x86_64 --kopts='net.ifnames=0 biosdevname=0'
cobbler profile add|edit|remove --name=安装引导名 --distro=镜像名 --kickstart=指定ks文件
【4】自定义PXE菜单
修改安装时pex显示的地址
vim /etc/cobbler/pxe/pxedefault.template
MENU TITLE Cobbler | http://www.自己填.com
同步配置
cobbler sync
【5】检查
cobbler list 查看导入结果
cobbler distro list 查看发行版本
cobbler profile report 查看配置
tree /var/lib/tftpboot/images 查看内核和初始化文件在tftp server 共享目录
实际上,完成上面的步骤后,新机使用pxe,进入界面后即可,根据需求选择自己要安装的版本了
【5】ks文件参考
下方文件仅供参考(如果是web界面添加,内部不要有中文字符,易导致报错)
(不方便贴的都删了,所以看着理解就行)
install
url --url=http://192.168.10.212/cobbler/ks_mirror/Centos6.7-x86_64
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
network --bootproto=dhcp --device=eth1 --onboot=yes --noipv6 --hostname=CentOS6
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $6$X20eRtuZhkHznTb4$dK0BJByOSAWSDD8jccLVFzdMWwpoCw/ZEjYw2BTQYGWlgKsn945fFTjRC658UX
clearpart --all --initlabel
part /boot --fstype=ext4 --asprimary --size=200
part swap --size=1024
part / --fstype=ext4 --grow --asprimary --size=200
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
%post
chkconfig acpid off
chkconfig atd off
chkconfig autofs off
chkconfig bluetooth off
chkconfig cpuspeed off
chkconfig firstboot off
chkconfig gpm off
chkconfig haldaemon off
chkconfig hidd off
chkconfig ip6tables off
chkconfig isdn off
chkconfig messagebus off
chkconfig nfslock off
chkconfig pcscd off
chkconfig portmap off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig yum-updatesd off
chkconfig sendmail off
#允许开机启动的服务
chkconfig crond on
chkconfig kudzu on
chkconfig network on
chkconfig readahead_early on
chkconfig sshd on
chkconfig syslog on
#禁止使用Ctrl+Alt+Del快捷键重启服务器
sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/g" '/etc/inittab'
telinit q
#优化系统内核
echo -e "ulimit -c unlimited" >> /etc/profile
echo -e "ulimit -s unlimited" >> /etc/profile
echo -e "ulimit -SHn 65535" >> /etc/profile
source /etc/profile
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf'
echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_max = 131072" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf
echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_conntrack_max = 819200" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_local_port_range = 10024 65535" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_len = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
/sbin/sysctl -p
#执行外部的初始化脚本(改为静态IP/bond/其他调优参数)
cd /root
wget http://192.168.10.212/cobbler/ks_mirror/config/auto.sh
sh /root/auto.sh
%end