cobbler自动批量部署Linux系统

最新推荐文章于 2023-08-18 20:19:29 发布

漠效

最新推荐文章于 2023-08-18 20:19:29 发布

阅读量688

点赞数 1

分类专栏：服务器硬件 Linux中的各类服务文章标签： cobbler自动批量部署Linux系统

本文链接：https://blog.csdn.net/GX_1_11_real/article/details/102911805

版权

Linux中的各类服务同时被 2 个专栏收录

72 篇文章 3 订阅

订阅专栏

服务器硬件

15 篇文章 1 订阅

订阅专栏

前言

感觉没什么需要介绍的，因为基本除了第一次装机的时候配置一下，后面基本上都不会有太大的调整，最多就是dhcp地址池以及网络的修改。通常是有自己物理机的公司使用的，用云服务器的就用不着了。。

下面介绍一下Cobbler的基本配置方法。

Cobbler安装

Cobbler是由python语言开发的，kickstart的升级版，相对于pxe+kickstart的装机组合，更为简单，且自带了web界面，使用时用户体验良好，装机方便。

环境介绍

系统：centos7.4
cobbler服务器：
eth0 192.168.10.212 内网1
eth1 10.20.10.212 内网2

【1】yum安装

注意查看系统版本和内核版本,安装对应版本软件

cat /etc/redhat-release

uname -r

<1>Centos6

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

<2>Centos7

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

<3>yum缓存更新

yum cleanall
yum makecache

<4>软件安装

yum -y install cobbler cobbler-web dhcp tftp-server pykickstart httpd rsync

【2】防火墙配置

由于处于内网环境，且配置内部dns.通常情况下这台是关闭防火墙的，但也可以配置防火墙规则

<1>关闭防火墙

***centos7***

getenforce
setenforce 0
systemctl stop firewalld
systemctl disable firewalld

vim /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted

***centos6***

getenforce 
setenforce 0
/etc/init.d/iptables stop
chkconfig iptables off

vim /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted

【3】cobbler文件介绍（可跳过）

/etc/cobbler                   配置文件目录
/etc/cobbler/settings          cobbler主配置文件
/etc/cobbler/dhcp.template     DHCP服务的配置模板
/etc/cobbler/tftpd.template    tftp服务的配置模板
/etc/cobbler/rsync.template    rsync服务的配置模板
/etc/cobbler/iso               iso模板配置文件目录
/etc/cobbler/pxe               pxe模板文件目录
/etc/cobbler/power             电源的配置文件目录
/etc/cobbler/users.conf        Web服务授权配置文件
/etc/cobbler/users.digest      用于web访问的用户名密码配置文件
/etc/cobbler/dnsmasq.template  DNS服务的配置模板
/etc/cobbler/modules.conf      Cobbler模块配置文件
/var/lib/cobbler               Cobbler数据目录
/var/lib/cobbler/config        配置文件
/var/lib/cobbler/kickstarts    默认存放kickstart文件
/var/lib/cobbler/loaders       存放的各种引导程序
/var/www/cobbler               系统安装镜像目录
/var/www/cobbler/ks_mirror     导入的系统镜像列表
/var/www/cobbler/images        导入的系统镜像启动文件
/var/www/cobbler/repo_mirror   yum源存储目录
/var/log/cobbler               日志目录
/var/log/cobbler/install.log   客户端系统安装日志
/var/log/cobbler/cobbler.log   cobbler日志

【4】cobbler启动并检查

centos7

systemctl start httpd
systemctl start cobblerd
cobbler check

centos6

/etc/init.d/httpd start
/etc/init.d/cobblerd start
/etc/init.d/xinted  start
cobbler check

由于cobbler没有进行详细的配置，当然会弹出大量的报错，需要根据提示进行修改。

如果要部署debian/ubuntu系统需要安装debmirror，否则忽略下方第6个提示；
如果使用电源管理功能的话需要安装 cman 或fence-agents，否则忽略下方第8个提示

cobbler check

The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.

2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.

3 : change 'disable' to 'no' in /etc/xinetd.d/tftp

4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.

5 : enable and start rsyncd.service with systemctl

6 : debmirror package is not installed, it will be required to manage debian deployments and repositories

7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one

8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

cobbler配置

【1】第1，2问题解决

（Server 和 Next_Server配置）

server 为指定cobbler服务器地址
sed -i 's/server: 127.0.0.1/server: 192.168.10.212/g' /etc/cobbler/settings

next_server 为dhcp/pxe网络中被下载引导文件的tftp服务器的地址，server设置为同一个IP
sed -i 's/next_server: 127.0.0.1/next_server: 192.168.10.212/g' /etc/cobbler/settings

用Cobbler管理DHCP
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/' /etc/cobbler/settings

防止循环装系统，适用于服务器第一启动项是PXE启动
sed -i 's/pxe_just_once: 0/pxe_just_once: 1/' /etc/cobbler/settings

注意":"后有一个空格

【2】第3、5问题解决

(tftp和rsync配置)

centos6和7的fttp由于软件版本不一致，配置方法也不一致，centos6还需配置xinetd.d/rsync ，配置完成后重启x;centos7无需配置rsync.
实际解决需要根据cobbler check提示解决

sed -i '/disable/c disable = no' /etc/xinetd.d/tftp
or 
sed -i 's#yes#no#' /etc/xinetd.d/tftp

xinetd的wait也可设置为no,选择第2条命令(wait = no表示服务将以多线程的方式运行)

systemctl start rsyncd

【3】第4问题解决

安装缺少的软件，如yum无法安装，可去官网下载cobbler_load

cobbler get-loaders

在/var/lib/cobbler/loaders下，下载引导操作系统文件

【4】第6问题解决(不配置debian可忽略)

yum -y install debmirror 


vim /etc/debmirror.conf

#@dists="sid";
@sections="main,main/debian-installer,contrib,non-free";
#@arches="i386";

【5】第7问题解决

设置Cobbler安装系统的root初始密码

sed -ri "/default_password_crypted/s#(.*: ).*#\1\"`openssl passwd -1 -salt '任意字符' '密码'`\"#" /etc/cobbler/settings

任意字符实际上是可随便填写的，重点是密码
密码即为设置的密码

【6】第8问题解决

配置电源管理

yum -y install cman
or 
yum -y install fence-agents

【7】修改Cobbler的dhcp模板

cobbler会根据此模版将配置同步到dhcp的配置文件中（/etc/dhcp/dhcpd.conf）
可手动配置，也可使用sed命令配置。通常有几个可使用的网卡，可配置几个地址池

# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************

ddns-update-style interim;

allow booting;
allow bootp;

ignore client-updates;
set vendorclass = option vendor-class-identifier;

option pxe-system-type code 93 = unsigned integer 16;

subnet 10.20.10.0 netmask 255.255.255.0 {                          #配置要分配的地址段及netmask, 需要修改为自己的网段
     option routers             10.20.10.254;                      #配置网关，如dhcp有问题，注意网关的配置
     option domain-name-servers 223.5.5.5;                         #配置dns,也可配置自己内部的dns
     option subnet-mask         255.255.254.0;                     #配置netmask     
     range dynamic-bootp        10.20.10.50 10.20.10.250;          #分配的ip范围
     default-lease-time         21600;                             #缺省租约时间
     max-lease-time             43200;                             #最大租约时间
     next-server                $next_server;                      #指定引导装机的ip
     class "pxeclients" {
          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
          if option pxe-system-type = 00:02 {
                  filename "ia64/elilo.efi";
          } else if option pxe-system-type = 00:06 {
                  filename "grub/grub-x86.efi";
          } else if option pxe-system-type = 00:07 {
                  filename "grub/grub-x86_64.efi";
          } else {
                  filename "pxelinux.0";
          }
     }

}

subnet 192.168.10.0 netmask 255.255.255.0 {
     option routers             192.168.10.254;
     option domain-name-servers 223.5.5.5;
     option subnet-mask         255.255.254.0;
     range dynamic-bootp        192.168.10.50 192.168.10.250;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;
     class "pxeclients" {
          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
          if option pxe-system-type = 00:02 {
                  filename "ia64/elilo.efi";
          } else if option pxe-system-type = 00:06 {
                  filename "grub/grub-x86.efi";
          } else if option pxe-system-type = 00:07 {
                  filename "grub/grub-x86_64.efi";
          } else {
                  filename "pxelinux.0";
          }
     }

}

#for dhcp_tag in $dhcp_tags.keys():
    ## group could be subnet if your dhcp tags line up with your subnets
    ## or really any valid dhcpd.conf construct ... if you only use the
    ## default dhcp tag in cobbler, the group block can be deleted for a
    ## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
        #for mac in $dhcp_tags[$dhcp_tag].keys():
            #set iface = $dhcp_tags[$dhcp_tag][$mac]
    host $iface.name {
        hardware ethernet $mac;
        #if $iface.ip_address:
        fixed-address $iface.ip_address;
        #end if
        #if $iface.hostname:
        option host-name "$iface.hostname";
        #end if
        #if $iface.netmask:
        option subnet-mask $iface.netmask;
        #end if
        #if $iface.gateway:
        option routers $iface.gateway;
        #end if
        #if $iface.enable_gpxe:
        if exists user-class and option user-class = "gPXE" {
            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
        } else if exists user-class and option user-class = "iPXE" {
            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
        } else {
            filename "undionly.kpxe";
        }
        #else
        filename "$iface.filename";
        #end if
        ## Cobbler defaults to $next_server, but some users
        ## may like to use $iface.system.server for proxied setups
        next-server $next_server;
        ## next-server $iface.next_server;
    }
        #end for
}
#end for

【8】Cobbler同步配置及启动

<1>修改完成后，再次检测

cobbler check

<2>配置同步

cobbler sync

<3>服务重启

systemctl restart httpd
systemctl restart cobblerd
systemctl restart dhcpd
systemctl restart rsyncd
systemctl restart tftp.socket

systemctl enable httpd
systemctl enable dhcpd
systemctl enable cobblerd
systemctl enable rsyncd
systemctl enable tftp.socket

【9】导入镜像

<1>从官网上或其他渠道下载iso镜像并上传到cobbler服务器

<2>创建挂载目录

mkdir -p /usr/local/mount{1…2}

<3>挂载镜像

mount -t  -o loop /root/CentOS-6.7-x86_64-bin-DVD.iso  /usr/local/mount1
mount -t  -o loop /root/CentOS-7-x86_64-Minimal-1708.iso /usr/local/mount2

Cobbler web配置

【1】登录

浏览器访问http://cobbler服务器IP/cobbler_web
默认用户名cobbler 密码cobbler
centos7 需要用https访问

在这里插入图片描述

<1>添加用户操作

htdigest /etc/cobbler/users.digest "Cobbler" 用户名

htdigest /etc/cobbler/users.digest "Cobbler" gstest

【2】导入镜像

<1>web配置方法

选择Import DVD  
Prefix  名称
Arch    版本
Breed   系统
Path    从什么地方导入

在这里插入图片描述

点击run后，镜像就会使用rsync导入到cobbler统一管理镜像的位置/var/www/cobbler/ks_mirror/
Events内为导入产生的日志
在这里插入图片描述

<2>命令配置方法

上面的步骤可用命令行来实现
当导入镜像到cobbler完成后，就可使用umount解除挂载了，wget下的镜像如不需要也可删除

cobbler import --path=/usr/local/mount1 --name=Centos-6.7-x86_64  --arch=x86_64

定制化安装操作系统

【1】配置内核参数

<1>查看导入的镜像，点击edit编辑
在这里插入图片描述

<2>配置内核参数(可让网卡变为eth格式)

 biosdevname=0 net.ifnames=0

在这里插入图片描述

【2】配置ks文件

<1>点击Kickstart Templates ,Create New Kickstart File ,配置新的ks文件

ks默认配置文件位置为 /var/lib/cobbler/kickstarts
也可在此目录下编辑一个ks文件，就无需web上配置了

在这里插入图片描述

<2>编辑一个名称，空白处填入ks文件内容(内容根据需求配置)

注意ks文件中，最好不要有中文字符，可能导致报错
如果不会写ks文件，也可安装kickstart，生成ks文件（自行搜索）

在这里插入图片描述

<3>点击profiles，部署工程

客户端使用pex时，会选择对应的工程文件开始自动部署

选择镜像及对应的ks文件,如无特殊配置ks文件也可以使用ks模板
在这里插入图片描述

【3】命令行配置

上面的过程可直接使用命令配置

profile配置
cobbler profile edit --name=Centos6.7-x86_64 --distro=Centos6.7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/Centos6.7-x86_64.cfg

内核配置
cobbler profile edit --name=Centos6.7-x86_64 --kopts='net.ifnames=0 biosdevname=0'

cobbler profile add|edit|remove --name=安装引导名 --distro=镜像名 --kickstart=指定ks文件

【4】自定义PXE菜单

修改安装时pex显示的地址

vim /etc/cobbler/pxe/pxedefault.template

MENU TITLE Cobbler | http://www.自己填.com

同步配置

cobbler sync

【5】检查

cobbler list                       查看导入结果
cobbler distro list                查看发行版本
cobbler profile report             查看配置
tree /var/lib/tftpboot/images      查看内核和初始化文件在tftp server 共享目录

实际上，完成上面的步骤后，新机使用pxe，进入界面后即可，根据需求选择自己要安装的版本了

【5】ks文件参考

下方文件仅供参考（如果是web界面添加,内部不要有中文字符，易导致报错）

（不方便贴的都删了，所以看着理解就行）


install
url --url=http://192.168.10.212/cobbler/ks_mirror/Centos6.7-x86_64
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
network --bootproto=dhcp --device=eth1 --onboot=yes --noipv6 --hostname=CentOS6
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw  --iscrypted $6$X20eRtuZhkHznTb4$dK0BJByOSAWSDD8jccLVFzdMWwpoCw/ZEjYw2BTQYGWlgKsn945fFTjRC658UX
clearpart --all --initlabel
part /boot --fstype=ext4 --asprimary --size=200
part swap --size=1024
part / --fstype=ext4 --grow --asprimary --size=200
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot

%packages                
@base
@compat-libraries
@debugging
@development
tree                                 
nmap
sysstat
lrzsz
dos2unix
telnet


%post   
chkconfig acpid off

chkconfig atd off

chkconfig autofs off

chkconfig bluetooth off

chkconfig cpuspeed off

chkconfig firstboot off

chkconfig gpm off

chkconfig haldaemon off

chkconfig hidd off

chkconfig ip6tables off

chkconfig isdn off

chkconfig messagebus off

chkconfig nfslock off

chkconfig pcscd off

chkconfig portmap off

chkconfig rpcgssd off

chkconfig rpcidmapd off

chkconfig yum-updatesd off

chkconfig sendmail off

#允许开机启动的服务

chkconfig crond on

chkconfig kudzu on

chkconfig network on

chkconfig readahead_early on

chkconfig sshd on

chkconfig syslog on

#禁止使用Ctrl+Alt+Del快捷键重启服务器

sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/g" '/etc/inittab'

telinit q

#优化系统内核

echo -e "ulimit -c unlimited"  >> /etc/profile

echo -e "ulimit -s unlimited"  >> /etc/profile

echo -e "ulimit -SHn 65535"  >> /etc/profile

source  /etc/profile

sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf'

echo -e "net.core.somaxconn = 262144"  >> /etc/sysctl.conf

echo -e "net.core.netdev_max_backlog = 262144"  >> /etc/sysctl.conf

echo -e "net.core.wmem_default = 8388608"  >> /etc/sysctl.conf

echo -e "net.core.rmem_default = 8388608"  >> /etc/sysctl.conf

echo -e "net.core.rmem_max = 16777216"  >> /etc/sysctl.conf

echo -e "net.core.wmem_max = 16777216"  >> /etc/sysctl.conf

echo -e "net.ipv4.netfilter.ip_conntrack_max = 131072"  >> /etc/sysctl.conf

echo -e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180"  >> /etc/sysctl.conf

echo -e "net.ipv4.route.gc_timeout = 20"  >> /etc/sysctl.conf

echo -e "net.ipv4.ip_conntrack_max = 819200"  >> /etc/sysctl.conf

echo -e "net.ipv4.ip_local_port_range = 10024  65535"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_retries2 = 5"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_fin_timeout = 30"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_syn_retries = 1"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_synack_retries = 1"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_timestamps = 0"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_tw_recycle = 1"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_tw_len = 1"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_tw_reuse = 1"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_keepalive_time = 120"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_keepalive_probes = 3"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_keepalive_intvl = 15"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_max_tw_buckets = 36000"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_max_orphans = 3276800"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_max_syn_backlog = 262144"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216"  >> /etc/sysctl.conf

echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000"  >> /etc/sysctl.conf

/sbin/sysctl -p

#执行外部的初始化脚本（改为静态IP/bond/其他调优参数）

cd /root

wget http://192.168.10.212/cobbler/ks_mirror/config/auto.sh

sh /root/auto.sh

%end