配置chrony服务,实现服务器时间自动同步
实验机器
根时间服务器 10.160.212.70、 10.160.212.71
ansible-manager 10.177.96.4 作为10.177.96.0/24的时间服务器
ansible-client1 10.177.96.14 客户端,想要使用ansible-manager 作为时间服务器
1、安装chrony包
[root@ansible-manager ~]# yum -y install chrony
#查看chrony的文件列表信息
[root@ansible-manager ~]# rpm -ql chrony
/etc/NetworkManager/dispatcher.d/20-chrony
/etc/chrony.conf #配置文件
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
/usr/bin/chronyc #服务客户端应用
/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/chrony-dnssrv@.service
/usr/lib/systemd/system/chrony-dnssrv@.timer
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service #服务名
/usr/libexec/chrony-helper
/usr/sbin/chronyd #服务主程序
...
/var/log/chrony #日志文件
------------------------------------
[root@ansible-manager ~]# systemctl start chronyd
2、ansible-manager作为chrony时间服务器 配置文件配置
‘
[root@ansible-manager ~]# cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#iburst 选项当服务器可达时,发送一个八个数据包而不是通常的一个数据包。 包间隔通常为2秒,可加快初始同步速度
server 10.160.212.70 iburst #设置时间服务器,作为同步时间的源
server 10.160.212.71 iburst #设置时间服务器,作为同步时间的源
# Record the rate at which the system clock gains/losses time.
#根据实际时间计算出计算机增减时间的比率,将它记录到一个文件中,会在重启后为系统时钟作出补偿
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
#启用内核模式,系统时间每11分钟会拷贝到实时时钟(RTC)
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
#allow / deny - 指定一台主机、子网,或者网络以允许或拒绝访问本服务器
# Allow NTP client access from local network.
#允许访问的NTP客户端IP,由于要让10.177.96.14访问,所以此处允许10.177.96.0/24网段访问
allow 10.177.96.0/24
#allow 0.0.0.0/0 #允许所以网段将此作为NTP 时间服务器
# Serve time even if not synchronized to a time source.
local stratum 10 #外部时间服务器不可用时,以本地时间作为时间服务;10:通常表示局域网主机提供时间服务;如果作为NTP服务的话,此项建议打开
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
3、ansible-manager 自身检测chrony 的同步效率
#设置时间为一年后
[root@ansible-manager ~]# date -s "1 years"
Sun Apr 18 11:51:06 CST 2021
#启动chrony服务
[root@ansible-manager ~]# systemctl start chronyd
#同步超级快!刚启动 再查询 就同步了
[root@ansible-manager ~]# date "+%F %T"
2020-04-18 11:51:31
#查看时间同步情况
[root@ansible-manager ~]# chronyc sources -v
210 Number of sources = 2
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ 10.160.212.70 4 6 377 27 -968us[ -865us] +/- 125ms
^* 10.160.212.71 3 6 377 24 +800us[ +903us] +/- 101ms
4、ansible-client1 同步时间
4.1、单次同步:ntpdate
[root@ansible-client1 ~]# date -s "-2 years"
Wed Apr 18 13:57:17 HKT 2018
[root@ansible-client1 ~]# date "+%F %T"
2018-04-18 13:57:22
[root@ansible-client1 ~]# ntpdate 10.177.96.4
18 Apr 13:57:37 ntpdate[19954]: step time server 10.177.96.4 offset 63158399.999941 sec
[root@ansible-client1 ~]# date "+%F %T"
2020-04-18 13:57:41
4.2、永久同步
yum -y install chrony
vim /etc/chrony.conf
添加如下内容即可
server 10.177.96.4 iburst
实现cobbler+pxe自动化装机
开始安装cobbler
我们采用yum安装的方式来安装:
1.安装cobbler以及相关的软件
[root@linux-node1 ~]# yum -y install httpd dhcp tftp python-ctypes cobbler xinetd
2.启动服务(先起服务是因为这样才知道我们没有配置哪些)
[root@linux-node1 ~]# systemctl start httpd
[root@linux-node1 ~]# systemctl enable httpd
[root@linux-node1 ~]# systemct1 enable cobblerd
[root@linux-node1 ~]# systemctl start cobblerd
3.看看哪些配置文件没有改,下面的工作就是要处理掉这些提示信息。这样cobbler就能够正常工作了。
[root@linux-node1 ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
# 设置PXE文件
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
# 设置tftp
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
# 把网络的boot-loaders通过cobbler get-loaders后放在/var/lib/cobbler/loaders
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
# 启动rsync服务
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
# 生成一个默认的密码对于新安装的设备
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
#
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
4.修改配置文件
[root@linux-node1 ~]# vim /etc/cobbler/settings
server: 192.168.56.11 # 把这些地址都改为本机的IP
next_server: 192.168.56.11
5.再次检测配置文件,显然这提示的数量下降到了5,我们在逐个击破。
[root@linux-node1 ~]# cobbler check #
The following are potential configuration items that you may want to fix:
1 : change 'disable' to 'no' in /etc/xinetd.d/tftp
2 : enable and start rsyncd.service with systemctl
3 : debmirror package is not installed, it will be required to manage debian deployments and repositories
4 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
5 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
6.修改xinetd的配置文件以及启动和启动rsync
[root@linux-node1 ~]# vim /etc/xinetd.d/tftp
disable : no
[root@linux-node1 ~]# systemctl start rsyncd
[root@linux-node1 ~]# systemctl enable rsyncd.service
[root@linux-node1 ~]# systemctl restart xinetd
7.配置cobbler的密码
[root@linux-node1 ~]# openssl passwd -1 -salt '123123' '123123'
$1$123123$MAV.kVI/b3swmFLErPD2b0
[root@linux-node1 ~]# vim /etc/cobbler/settings
default_password_crypted: "$1$123123$MAV.kVI/b3swmFLErPD2b0"
为什么我们这样设置密码呢?因为我们看cobbler这样提示的:try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one,所以我们使用这个命令来做。
8.下载loader
[root@cobbler ~]# cobbler get-loaders
9.最后查看cobbler check
[root@linux-node1 ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : debmirror package is not installed, it will be required to manage debian deployments and repositories
2 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
我们可以看到还有2条提示信息,我们可以暂且忽略他们。不需要关注。
配置cobbler-DHCP
我们配置cobbler的DHCP,使其cobbler来控制dhcp服务在进行装机的时候。
1.修改cobbler配置:
[root@linux-node1 cobbler]# vim /etc/cobbler/settings
manage_dhcp: 1 # set to 1 to enable Cobbler's DHCP management features.
2.修改dhcp.templates配置文件
[root@linux-node1 ~]# cd /etc/cobbler/
[root@linux-node1 cobbler]# vim dhcp.template # 主要是修改了下面几项
subnet 192.168.56.0 netmask 255.255.255.0 { # 子网
option routers 192.168.56.2; # 网关
option domain-name-servers 192.168.56.2; # dns-server
option subnet-mask 255.255.255.0; # 子网掩码
range dynamic-bootp 192.168.56.100 192.168.56.254; # 地址池
3.重启服务并同步配置,改完dhcp必须要sync同步配置。
[root@linux-node1 cobbler]# systemctl restart cobblerd
[root@linux-node1 cobbler]# cobbler sync
task started: 2017-02-25_051458_sync
task started (id=Sync, time=Sat Feb 25 05:14:58 2017)
...省略N行提示
generating /etc/dhcp/dhcpd.conf # 注意这个dhcp,会自动生成我们刚才的配置。
*** TASK COMPLETE ***
4.检测dhcp端口
[root@linux-node1 cobbler]# netstat -lnup |grep dhcp
udp 0 0 0.0.0.0:67 0.0.0.0:* 31034/dhcpd
udp 0 0 0.0.0.0:55385 0.0.0.0:* 31034/dhcpd
udp6 0 0 :::35318 :::* 31034/dhcpd
导入CentOs-7的镜像
我们先上传一个镜像到linux-node1.example.com上。然后开始导入:
[root@linux-node1 cobbler]# mount -o loop /opt/CentOS-7.0-1406-x86_64-DVD.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@linux-node1 cobbler]# cobbler import --path=/mnt --name=CentOS-7.0-1406-x86_64 --arch=x86_64
导入时间有点长,稍等下。
导入的文件是放在这里/var/www/cobbler/ks_mirror的:
[root@linux-node1 ks_mirror]# pwd
/var/www/cobbler/ks_mirror
[root@linux-node1 ks_mirror]# ls
CentOS-7.0-1406-x86_64 config
之所以导入到这里,是因为apache的配置文件,详情可看/etc/httpd/conf.d/cobbler.conf.
导入完镜像以后,那么就使查看下cobbler
[root@linux-node1 cobbler]# cobbler list
distros:
CentOS-7.0-1406-x86_64
profiles:
CentOS-7.0-1406-x86_64
systems:
repos:
images:
mgmtclasses:
packages:
files:
导入kickstarts配置文件
上面有了镜像,那么下一步我们就需要导入kickstarts了。
[root@linux-node1 kickstarts]# pwd
/var/lib/cobbler/kickstarts
[root@linux-node1 kickstarts]# ll -rt
total 52
-rw-r--r-- 1 root root 5879 Nov 16 11:09 sample.seed
-rw-r--r-- 1 root root 3419 Nov 16 11:09 sample_old.seed
-rw-r--r-- 1 root root 1784 Nov 16 11:09 sample.ks
-rw-r--r-- 1 root root 386 Nov 16 11:09 sample_esxi5.ks
-rw-r--r-- 1 root root 324 Nov 16 11:09 sample_esxi4.ks
-rw-r--r-- 1 root root 0 Nov 16 11:09 sample_esx4.ks
-rw-r--r-- 1 root root 1825 Nov 16 11:09 sample_end.ks
-rw-r--r-- 1 root root 2916 Nov 16 11:09 sample_autoyast.xml
-rw-r--r-- 1 root root 292 Nov 16 11:09 pxerescue.ks
-rw-r--r-- 1 root root 1424 Nov 16 11:09 legacy.ks
-rw-r--r-- 1 root root 22 Nov 16 11:09 esxi5-ks.cfg
-rw-r--r-- 1 root root 22 Nov 16 11:09 esxi4-ks.cfg
-rw-r--r-- 1 root root 115 Nov 16 11:09 default.ks
drwxr-xr-x 2 root root 54 Feb 25 04:09 install_profiles
到了这一步,我把自己写的kickstart文件给上传上去,然后执行下面命令导入刚才的:
[root@linux-node1 kickstarts]# cobbler profile report
[root@linux-node1 kickstarts]# cobbler profile list
CentOS-7.0-1406-x86_64
[root@linux-node1 kickstarts]# cobbler profile edit --name CentOS-7.0-1406-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-7.1-x86_64_cobbler.cfg #这里写我们刚才上传的配置文件。
[root@linux-node1 kickstarts]# cobbler profile edit --name CentOS-7.0-1406-x86_64 --kopts='net.ifnames=0 biosdevname=0' # 添加内核参数在grub配置文件里面,换句话说就是系统启动的时候。
[root@linux-node1 kickstarts]# cobbler profile report # 再次执行这个,看有没有修改成功
我的kickstart文件内容如下:
#platform=x86, AMD64, or Intel EM64T
#System language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#rootpw --iscrypted $1$ops-node$7hqdpgEmIE7Z0RbtQkxW20
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree
#url --url=http://192.168.56.11/CentOS-7.1-x86_64
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr
#Partition clearing information
clearpart --all --initlabel
#Disk partitioning information
part /boot --fstype xfs --size 1024 --ondisk sda
part swap --size 1024 --ondisk sda
part / --fstype xfs --size 1 --grow --ondisk sda
#System authorization infomation
auth --useshadow --enablemd5
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=eth0 --onboot=on
# Reboot after installation
reboot
#Firewall configuration
firewall --disabled
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx
#Package install information
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@ base
@ core
sysstat
iptraf
ntp
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
mysql
nmap
screen
%end
%post
systemctl disable postfix.service
# Start yum configuration
$yum_config_stanza
# End yum configuration
rpm -ihv https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
%end
最后一步同步数据:
[root@linux-node1 kickstarts]# cobbler sync
安装CentOs-7操作系统。
1、此时Cobbler已经能够安装操作系统了,下一步我们就创建一台虚拟机来安装操作系统吧。
2、我们使用vmware来创建一个虚拟机,同时调整vmware的网络参数,关闭vmware的DHCP功能,同事确保新创建的虚拟机和cobbler主机在同一网段。
3、启动刚才新创建的虚拟机,选择网络安装操作系统就可以了。
借鉴文章
https://www.cnblogs.com/liaojiafa/p/6445759.html
1528
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
