cobbler介绍
Cobbler:英文译:补鞋匠
快速网络安装linux操作系统的服务,支持众多的Linux发行版:Red Hat、 Fedora、CentOS、Debian、Ubuntu和SuSE,也可以支持网络安装windows
PXE的二次封装,将多种安装参数封装到一个菜单
Python编写
提供了CLI和Web的管理形式
cobbler 工作流程
client裸机配置了从网络启动后,开机后会广播包请求DHCP服务器(cobbler server) 发送其分配好的一个IP
DHCP服务器(cobbler server)收到请求后发送responese,包括其ip地址
client裸机拿到ip后再向cobbler server发送请求OS引导文件的请求
cobbler server告诉裸机OS引导文件的名字和TFTP server的ip和port
client裸机通过上面告知的TFTP server地址通信,下载引导文件
client裸机执行执行该引导文件,确定加载信息,选择要安装的os,期间会再向cobbler server请求kickstart文件和os image
cobbler server发送请求的kickstart和os iamge
client裸机加载kickstart文件
client裸机接收os image,安装该os image
cobbler安装包
安装包
cobbler 基于EPEL源
cobbler 服务集成
PXE
DHCP
rsync
Http
DNS
Kickstart
IPMI 电源管理
检查cobbler环境
cobbler check
实验cobbler
centos7有一个仅主机模式的网卡(192.168.31.7)和一个桥接网卡(连接外网,下载epel源)
cobbler安装及启动相应服务
配置yum仓库
[root@centos7:~ ]# vim /etc/yum.repos.d/base.repo
[epel]
name=aliyun
baseurl=https://mirrors.aliyun.com/epel/7/x86_64/
enable=1
gpgcheck=0
yum install cobbler dhcp #安装cobbler时自动解决依赖关系如:syslinux,tftp-server,httpd,python,*
[root@centos7:~ ]# yum install cobbler dhcp
[root@centos7:~ ]# rpm -ql cobbler
[root@centos7:~ ]# systemctl start cobblerd
[root@centos7:~ ]# systemctl status cobblerd
[root@centos7:tftpboot]# ls
boot etc grub images images2 ppc pxelinux.cfg s390x
[root@centos7:tftpboot]# systemctl start httpd tftp
[root@centos7:tftpboot]# ss -ntul
关闭selinux
cobbler check命令
[root@centos7:tftpboot]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : change 'disable' to 'no' in /etc/xinetd.d/tftp
5 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
6 : enable and start rsyncd.service with systemctl
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
------------
1、vim /etc/cobbler/settings 找到server 更改如下 #384行
server: 192.168.31.8 #虚拟机ip地址
[root@centos7:~]# systemctl restart cobblerd
[root@centos7:~]# cobbler sync
2、[root@centos7:~]# cobbler check #少了第一项
[root@centos7:~]# vim /etc/cobbler/settings #272行
next_server: 192.168.31.7
[root@centos7:cobbler]# systemctl restart cobblerd
[root@centos7:cobbler]# cobbler check
3、又少了一项
[root@centos7:tftpboot]# cobbler get-loaders
[root@centos7:tftpboot]# systemctl restart cobblerd
[root@centos7:cobbler]# cobbler check
[root@centos7:tftpboot]# ls /var/lib/cobbler/loaders
COPYING.elilo COPYING.yaboot grub-x86_64.efi menu.c32 README
COPYIN G.syslinux elilo-ia64.efi grub-x86.efi pxelinux.0 yaboot
[root@centos7:tftpboot]# tree
.
├── boot
├── etc
├── grub
├── images
├── images2
├── ppc
├── pxelinux.cfg
└── s390x
8 directories, 0 files
4、拷贝文件
[root@centos7:tftpboot]# cobbler sync
task started: 2018-07-17_175837_sync
task started (id=Sync, time=Tue Jul 17 17:58:37 2018)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
copying: /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
copying: /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
copying: /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
copying: /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
[root@centos7:tftpboot]# tree
.
├── boot
│ └── grub
│ └── menu.lst
├── etc
├── grub
│ ├── efidefault
│ ├── grub-x86_64.efi
│ ├── grub-x86.efi
│ └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│ └── default
├── s390x
│ └── profile_list
└── yaboot
10 directories, 10 files
5、[root@centos7:~]# cobbler check
[root@centos7:yum.repos.d]# vim /etc/cobbler/settings
# openssl passwd -1 #101行
# and put the output between the "" below.
default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac." #更改密码,$1为MD5加密的
[root@centos7:~]# openssl passwd -1
Password:
Verifying - Password:
$1$E5TY9/E6$7iZKy9B/di5KwC/2ZjYYI.
[root@centos7:~]#
[root@centos7:tftpboot]# systemctl restart cobblerd
[root@centos7:tftpboot]# cobbler check
6、又少了一项
[root@centos7:tftpboot]# cobbler check
The following are potential configuration items that you may want to fix:
1 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
2 : enable and start rsyncd.service with systemctl
3 : debmirror package is not installed, it will be required to manage debian deployments and repositories
4 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
7、上面的几项可以不用更改,接着用cobbler更改dhcp服务
[root@centos7:~]# vim /etc/cobbler/settings #第242行
manage_dhcp: 1
[root@centos7:tftpboot]# vim /etc/cobbler/dhcp.template
subnet 192.168.31.0 netmask 255.255.255.0 {
option routers 192.168.31.254;
option domain-name-servers 192.168.31.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.31.100 192.168.31.150;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server; #此处系统会自动识别
cobbler sync命令此处会把/etc/cobbler/dhcp.template 摸版覆盖/etc/dhcp/dhcpd.conf
[root@centos7:tftpboot]# cobbler sync
[root@centos7:tftpboot]# systemctl restart cobblerd
[root@centos7:tftpboot]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
[root@centos7:tftpboot]# cobbler sync
[root@centos7:tftpboot]# cat /etc/dhcp/dhcpd.conf
已经变化
[root@centos7:tftpboot]# systemctl restart dhcpd
编辑菜单项
[root@centos7:tftpboot]# ls
boot grub images2 menu.c32 pxelinux.0 s390x
etc images memdisk ppc pxelinux.cfg yaboot
-------自此启动一个虚拟机(网卡为仅主机模式),从网卡引导,如图1但没有cobbler仓库源
图1
从centos7光盘拷贝到cobbler自己的yum源
[root@centos7:tftpboot]# cobbler import --path=/misc/cd --name=Centos-7.5-x86_64 --arch=x86_64
*** TASK COMPLETE *** #需要时间,结束时会显示此行
--------------------------------------------------------------------
[root@centos7:www]# du -sh /var/www/
24K /var/www/
[root@centos7:www]# du -sh /var/www/
137M /var/www/
[root@centos7:ks_mirror]# pwd
/var/www/cobbler/ks_mirror
[root@centos7:ks_mirror]# ls
Centos-7.5-x86_64 config
[root@centos7:ks_mirror]# du -sh /var/www/
8.8G /var/www/
[root@centos7:tftpboot]# cobbler distro list
Centos-7.5-x86_64 #cobbler的yum库
[root@centos7:tftpboot]# cobbler profile list
Centos-7.5-x86_64 #启动菜单
[root@centos7:tftpboot]# cobbler distro report --name=Centos-7.5-x86_64
Name : Centos-7.5-x86_64
Architecture : x86_64
TFTP Boot Files : {}
Breed : redhat
Comment :
Fetchable Files : {}
Initrd : /var/www/cobbler/ks_mirror/Centos-7.5-x86_64/images/pxeboot/initrd.img
Kernel : /var/www/cobbler/ks_mirror/Centos-7.5-x86_64/images/pxeboot/vmlinuz
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart Metadata : {'tree': 'http://@@http_server@@/cblr/links/Centos-7.5-x86_64'}
Management Classes : []
OS Version : rhel7
Owners : ['admin']
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Template Files : {}
[root@centos7:tftpboot]# cat pxelinux.cfg/default #cobbler复制完yum源,多了一个启动菜单项
LABEL Centos-7.5-x86_64
kernel /images/Centos-7.5-x86_64/vmlinuz
MENU LABEL Centos-7.5-x86_64
append initrd=/images/Centos-7.5-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.31.7/cblr/svc/op/ks/profile/Centos-7.5-x86_64
ipappend 2
--------已经可以自动安装(此时是最小化安装)
centos7上,把挂载的centos67.5的光盘改为centos6.9的光盘
[root@centos7:cd]# cobbler import --path=/misc/cd --name=Centos-6.9-x86_64 --arch=x86_64
-------------------------------------------------------------
[root@centos7:~]# cobbler distro list #cobbler yum源路径/var/www/cobbler/ks_mirror
Centos-6.9-x86_64
Centos-7.5-x86_64
[root@centos7:ks_mirror]# pwd
/var/www/cobbler/ks_mirror
[root@centos7:ks_mirror]# ls
Centos-6.9-x86_64 Centos-7.5-x86_64 config
----------------------------------------------------------------
最小化安装满足不了需求,自己制作应答文件ks7.cfg;把url这一行改为url --url=$tree
[root@centos7:html]# mv ks7.cfg /var/lib/cobbler/kickstarts/
[root@centos7:pxelinux.cfg]# pwd
/var/lib/tftpboot/pxelinux.cfg
[root@centos7:pxelinux.cfg]# ls
default #cobbler生成了两个启动菜单命令cobbler profile list可以查看
==================================================================
做关联
[root@centos7:~]# cobbler profile add --name=Centos-7.5-x86_64-zhaoliying --distro=Centos-7.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7.cfg
增加一个启动菜单项,yum源指向cobbler的Centos-7.5-x86_64;(cobbler distro list命令查看), 应答文件路径为kiscstart=/****
[root@centos7:~]# cobbler profile list
Centos-6.9-x86_64
Centos-7.5-x86_64
Centos-7.5-x86_64-zhaoliying
再添加要给centos6.9的应答文件,ks6.cfg把url改为url --url=$tree
[root@centos7:html]# mv ks6.cfg /var/lib/cobbler/kickstarts/
==================================================================
做关联
[root@centos7:~]# cobbler profile add --name=Centos-6.9-x86_64-yingbao669 --distro=Centos-6.9-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks6.cfg
[root@centos7:~]# cobbler profile list
Centos-6.9-x86_64
Centos-6.9-x86_64-yingbao669
Centos-7.5-x86_64
Centos-7.5-x86_64-zhaoliying
删除菜单
[root@centos7:~]# cobbler profile --help
[root@centos7:~]# cobbler profile remove --name=Centos-6.9-x86_64
[root@centos7:~]# cobbler profile list
Centos-6.9-x86_64-yingbao669
Centos-7.5-x86_64
Centos-7.5-x86_64-zhaoliying
[root@centos7:~]#
启动默认选项更改
[root@centos7:~]# cd /var/lib/tftpboot/pxelinux.cfg/
[root@centos7:pxelinux.cfg]# cat default
MENU DEFAULT
再次启动图1的虚拟机
==============================
cobbler的图形界面安装
yum install cobbler-web #epel源
systemctl start httpd
https://192.168.31.7/cobbler_web
登录用户名和密码验证文件vim /etc/cobbler/modules.conf中有一个[authentication]默认验证模块,且上面的行注释里面写的有用户名密码存放位置为/etc/cobbler/users.digest
默认给的模块用户名密码为cobbler cobbler
第一种添加用户名密码方法
添加用户名密码有专门的命令
which htdigest
rpm -ql /usr/bin/htdigest
htdigest --help
htdigest /etc/cobbler/users.digest Cobbler test1 #test1用户,下面会让输入密码
第二中验证方法
vim /etc/cobbler/modules.conf
[authentication]
module = authn_pam
useradd -r -s /sbin/nologin test66
passwd test2
vim /etc/cobbler/users.conf
[admins]
admin = "test66"
systemctl restart cobblerd
https://192.168.31.7/cobbler_web
cobbler 相关术语
发行版:
表示一个操作系统版本,它承载了内核和 initrd 的信息,以及内核参数等其他数据
配置文件:
包含一个发行版、一个 kickstart 文件以及可能的存储库,还包含更多特定的内核参数等其他数据
系统:
表示要配置的主机,它包含一个配置文件或一个镜像,还包含 IP 和 MAC 地址、电源管理(地址、凭据、类型)以及更为专业的数据等信息
存储库:
保存一个 yum 或 rsync 存储库的镜像信息
镜像:
可替换一个包含不属于此类别的文件的发行版对象(例如,无法分为内核和 initrd 的对象)
cobbler 各种配置目录说明
安装:yum install cobbler dhcp
配置文件目录 /etc/cobbler
/etc/cobbler/settings : cobbler 主配置文件
/etc/cobbler/iso/: iso模板配置文件
/etc/cobbler/pxe: pxe模板文件
/etc/cobbler/power: 电源配置文件
/etc/cobbler/user.conf: web服务授权配置文件
/etc/cobbler/users.digest: web访问的用户名密码配置文件
/etc/cobbler/dhcp.template : dhcp服务器的的配置摸版
/etc/cobbler/dnsmasq.template : dns服务器的配置模板
/etc/cobbler/tftpd.template : tftp服务的配置模板
/etc/cobbler/modules.conf : 模块的配置文件
cobbler 目录介绍
数据目录
/var/lib/cobbler/config/: 用于存放distros,system,profiles 等信息配置文件 /var/lib/cobbler/triggers/: 用于存放用户定义的cobbler命令
/var/lib/cobbler/kickstart/: 默认存放kickstart文件
/var/lib/cobbler/loaders/: 存放各种引导程序
镜像目录
/var/www/cobbler/ks_mirror/: 导入的发行版系统的所有数据
/var/www/cobbler/images/ : 导入发行版的kernel和initrd镜像用于远程网络启动 /var/www/cobbler/repo_mirror/: yum 仓库存储目录
日志目录
/var/log/cobbler/installing: 客户端安装日志
/var/log /cobbler/cobbler.log : cobbler日志
cobbler 命令介绍
cobbler commands介绍
cobbler check 核对当前设置是否有问题
cobbler list 列出所有的cobbler元素
cobbler report 列出元素的详细信息
cobbler sync 同步配置到数据目录,更改配置最好都要执行下
cobbler reposync 同步yum仓库
cobbler distro 查看导入的发行版系统信息
cobbler system 查看添加的系统信息
cobbler profile 查看配置信息
cobbler 重要的参数
/etc/cobbler/settings中重要的参数设置
default_password_crypted: "$1$gEc7ilpP$pg5iSOj/mlxTxEslhRvyp/"
manage_dhcp:1
manage_tftpd:1
pxe_just_once:1
next_server:< tftp服务器的 IP 地址>
server:<cobbler服务器的 IP 地址>
cobbler 环境检查
执行Cobbler check命令会报如下异常
1 : The ‘server’ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the ‘next_server’ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders’ to download them, o r, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a recent version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders’ command is the easiest way to resolve these requirements.
4 : change ‘disable’ to ‘no’ in /etc/xinetd.d/rsync
5 : comment ‘dists’ on /etc/debmirror.conf for proper debian support
6 : comment ‘arches’ on /etc/debmirror.conf for proper debian support
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler’ and should be changed, try: “openssl passwd -1 -salt ‘random-phrase-here’ ‘your-password-here’” to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
cobbler 报错解决
执行Cobbler check报错解决方式
修改/etc/cobbler/settings文件中的server参数的值为提供cobbler服务的主机相 应的IP地址或主机名
修改/etc/cobbler/settings文件中的next_server参数的值为提供PXE服务的主机 相应的IP地址
如果当前节点可以访问互联网,执行“cobbler get-loaders”命令即可;否则,需要安装syslinux程序包,而后复制/usr/share/syslinux/{pxelinux.0,memu.c32}等文件至/var/lib/cobbler/loaders/目录中
执行“chkconfig rsync on”命令即可
执行“openssl passwd -1 生成密码,并用其替换/etc/cobbler/settings文件中 default_password_crypted参数的值
cobbler 相关管理
下载启动菜单:
联网:cobbler get-loaders
不联网:cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot
管理distro
cobbler import --name=centos-6.9-x86_64 --path=/media/cdrom --arch=x86_64
管理profile
cobbler profile add --name=centos-6.9-x86_64-basic
--distro=centos-6.9-x86_64 --kickstart= /var/lib/cobbler/kickstarts/centos-6.9- x86_64.cfg
cobbler 命令
查看profiles
cobbler profile list
查看引导文件
cat /var/lib/tftpboot/pxelinux.cfg/default
同步cobbler配置
cobbler sync
多系统引导方案
cobbler import --name=CentOS-7-x86_64 --path=/media/cdrom
cobbler distro list
cobbler profile list
cobbler sync
cobbler 实现步骤
安装包,并设置服务
检查配置
根据上面提示修改配置
下载启动相关文件菜单
配置DHCP服务
分别导入centos的安装源,并查看
准备kickstart文件并导入cobbler
测试
cobbler的web管理实现
cobbler-web
提供cobbler的基于web管理界面,epel源
yum install cobbler-web
认证方式
认证方法配置文件:/etc/cobbler/modules.conf
支持多种认证方法:
authn_configfile
authn_pam
1、使用authn_configfile模块认证cobbler_web用户
vim /etc/cobbler/modules.conf
[authentication]
module=authn_configfile
创建其认证文件/etc/cobbler/users.digest,并添加所需的用户
htdigest -c /etc/cobbler/users.digest Cobbler admin
注意:添加第一个用户时,使用“-c”选项,后续添加其他用户时不要再使 用,cobbler_web的realm只能为Cobbler
2、使用authn_pam模块认证cobbler_web用户
vim /etc/cobbler/modules.conf
[authentication]
module = authn_pam
创建cobbler用户:useradd cobbler
vim /etc/cobbler/users.conf
[admins]
admin = "cobbler"
Web访问cobbler
重启cobblerd服务
通过https://cobblerserver/cobbler_web访问