基于Cobbler实现多版本系统批量部署

稚锦

于 2024-07-31 23:24:37 发布

阅读量873

点赞数 6

文章标签：运维

本文链接：https://blog.csdn.net/huizhaohaha/article/details/140834780

版权

一、实验题目

基于Cobbler实现多版本操作系统的批量部署。

二、实验目的

掌握Cobbler服务器的安装与配置方法。
学会使用Cobbler进行多版本操作系统的批量部署。
理解PXE网络启动原理及其在操作系统部署中的应用。
提高在实际生产环境中快速部署和管理操作系统的能力。

三、实验环境

硬件环境:
- 一台安装有Linux系统（如CentOS或Ubuntu）的服务器，作为Cobbler服务器。
- 若干台客户端计算机，通过网络与Cobbler服务器连接。
软件环境:
- Cobbler 2.x版本
- DHCP服务器（通常集成在Cobbler中）
- TFTP服务器（通常集成在Cobbler中）
- Apache或其他Web服务器
- 操作系统安装镜像文件（如CentOS、Ubuntu等）

四、实验内容

安装和配置Cobbler服务器。
配置DHCP和TFTP服务。
导入多版本操作系统的安装镜像。
创建和配置Cobbler profiles和systems。
通过PXE启动批量部署操作系统。
验证部署结果，确保客户端计算机成功安装指定的操作系统。

五、实验步骤

前提条件：

1、能够访问互联网

[root@localhost ~]# ping -c1 www.baidu.com

2、firewalld selinux 关闭

[root@localhost ~]# sed -i '/^SELINUX=/ c SELINUX=disabled' /etc/selinux/config  
    [root@localhost ~]# setenforce 0
    
    如果不关闭selinux也可以  
    #getsebool -a|grep cobbler  
    #setsebool -P cobbler_can_network_connect 1 

    [root@cobbler-server ~]# systemctl disable --now firewalld

    [root@localhost ~]# systemctl is-enabled firewalld.service
    disabled

    或者
    firewall-cmd --permanent --add-port=67/udp
    firewall-cmd --permanent --add-port=68/udp
    firewall-cmd --permanent --add-port=80/tcp
    firewall-cmd --permanent --add-port=443/tcp
    firewall-cmd --reload
    firewall-cmd --permanent --list-ports

3、配置epel源

[root@localhost ~]# yum install epel-release -y

安装cobbler

1、安装dhcp httpd xinetd

[root@localhost ~]# yum install -y httpd dhcp xinetd tftp-server

2、安装cobbler

[root@localhost ~]# yum install -y cobbler cobbler-web

3、将cobbler httpd dhcp xinetd添加到开机自启

[root@localhost ~]# systemctl enable httpd dhcpd xinetd cobblerd

配置环境

cp /etc/cobbler/settings{,.bak}

环境检测：

[root@localhost ~]# systemctl start httpd cobblerd
    [root@localhost ~]# cobbler check
    The following are potential configuration items that you may want to fix:

    1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
    2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
    3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
        https://github.com/cobbler/cobbler/wiki/Selinux
    4 : change 'disable' to 'no' in /etc/xinetd.d/tftp
    5 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
    6 : enable and start rsyncd.service with systemctl
    7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
    8 : ksvalidator was not found, install pykickstart
    9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
    10 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

    Restart cobblerd and then run 'cobbler sync' to apply changes.
    
逐个解决以上问题

1、配置文件设置server（cobbler服务器地址）
    [root@localhost ~]# sed -i 's#server: 127.0.0.1#server: 172.16.110.91#g' /etc/cobbler/settings

2、设置'next_server'（DHCP服务器地址）
    [root@localhost ~]# sed -i 's#next_server: 127.0.0.1#next_server: 172.16.110.91#g' /etc/cobbler/settings
    
3、关闭selinux
    [root@localhost ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
    #系统重启后生效

4、开启tftp
    修改/etc/xinetd.d/tftp，disable ‘yes’ 改为 ‘no’
    
5、准备引导操作系统文件
            
    #如果没有互联网，引导文件通过安装syslinux包获取。
    安装syslinux程序包，而后复制/usr/share/syslinux/{pxelinux.0,memu.c32}等文件至/var/lib/cobbler/loaders/目录中
    [root@localhost ~]# cp /usr/share/syslinux/{pxelinux.0,memu.c32} /var/lib/cobbler/loaders/
    
    或者用提供的压缩包解压到指定文件夹
    [root@localhost ~]# tar xf loaders.tar.gz -C /var/lib/cobbler/loaders/

6、启动并开机自启动rsyncd.service
    [root@localhost ~]# systemctl start rsyncd.service
    [root@localhost ~]# systemctl enable rsyncd.service 
    
7、如果不安装debian系统可以不配置

8、安装pykickstart
    [root@localhost ~]# yum install pykickstart -y

9、生成cobbler安装系统root初始化密码
    #这里生成密钥和配置默认密钥，ks文件引用(前面是干扰字符,后面的是密码)
    [root@localhost ~]# openssl passwd -1 -salt 'random-phrase-here' 'redhat'
    $1$random-p$MvGDzDfse5HkTwXB2OLNb.
    
    #更复杂安全密码
    [root@localhost ~]# openssl passwd -1 -salt $(openssl rand -hex 8) 'redaht'
    $1$4990cb90$jnQShir2NWVl23tbwpnFO0
    
    #加入到cobbler配置
    [root@localhost ~]# sed -i '/default_password_crypted:/cdefault_password_crypted: "$1$random-p$MvGDzDfse5HkTwXB2OLNb."' /etc/cobbler/settings 

10、安装cman or fence-agents
    [root@localhost ~]# yum install cman fence-agents -y

配置DHCP：
    #启用cobbler管理DHCP功能
    [root@localhost ~]# sed -i 's#manage_dhcp: 0#manage_dhcp: 1#g' /etc/cobbler/settings
    #manage_dhcp: 0 #设置为1时，开启cobbler的dhcp管理器
    
    修改DHCP配置文件
    [root@localhost ~]# vim /etc/cobbler/dhcp.template 
    ...
    subnet 172.16.110.0 netmask 255.255.255.0 {
    option routers             172.16.110.254;
    option domain-name-servers 114.114.114.114;
    option subnet-mask         255.255.255.0;
    range dynamic-bootp        172.16.110.50 172.16.110.80;;
    default-lease-time         21600;
    max-lease-time             43200;
    ...

配置pxe
    [root@localhost ~]# sed -i 's/pxe_just_once: 0/pxe_just_once: 1/' /etc/cobbler/settings

重启机器，再次测试：

[root@localhost ~]# cobbler check

同步cobbler配置

[root@localhost ~]# cobbler sync
    task started: 2016-12-02_045946_sync
    task started (id=Sync, time=Fri Dec  2 04:59:46 2016)
    running pre-sync triggers
    cleaning trees
    removing: /var/lib/tftpboot/grub/images
    copying bootloaders
    trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
    trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
    trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
    trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
    trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
    trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
    copying distros to tftpboot
    copying images
    generating PXE configuration files
    generating PXE menu structure
    rendering DHCP files
    generating /etc/dhcp/dhcpd.conf
    rendering TFTPD files
    generating /etc/xinetd.d/tftp
    cleaning link caches
    running post-sync triggers
    running python triggers from /var/lib/cobbler/triggers/sync/post/*
    running python trigger cobbler.modules.sync_post_restart_services
    running: dhcpd -t -q
    received on stdout: 
    received on stderr: 
    running: service dhcpd restart
    received on stdout: 
    received on stderr: Redirecting to /bin/systemctl restart  dhcpd.service
    
    running shell triggers from /var/lib/cobbler/triggers/sync/post/*
    running python triggers from /var/lib/cobbler/triggers/change/*
    running python trigger cobbler.modules.scm_track
    running shell triggers from /var/lib/cobbler/triggers/change/*
    *** TASK COMPLETE ***

WEB访问 https://IP/cobbler_web 账号密码：cobbler/cobbler

cobbler批量部署CentOS 7和8

1、创建用于上传iso文件目录
[root@localhost ~]# mkdir /software/iso -p
然后上传centos6 和 centos7 的dvd iso镜像，过程略。
上传好后如下：
[root@localhost iso]# ll
total 13648896
-rw-r--r-- 1 root root 4712300544 May 28 16:45 CentOS-7-x86_64-DVD-2009.iso
-rw-r--r-- 1 root root 7554990080 May 28 16:46 CentOS-8.1.1911-x86_64-dvd1.iso

2、创建镜像导入存放目录
# mkdir -p /data/os/Linux/CentOS/X86_64/CentOS{7..8}/dvd

3、挂载 ISO 镜像并导入dvd 数据
[root@localhost iso]# mount /software/iso/CentOS-7-x86_64-DVD-2009.iso /data/os/Linux/CentOS/X86_64/CentOS7/dvd/
[root@localhost iso]# mount /software/iso/CentOS-8.1.1911-x86_64-dvd1.iso /data/os/Linux/CentOS/X86_64/CentOS8/dvd/

导入时间较久，耐心等待
cobbler import --path=/data/os/Linux/CentOS/X86_64/CentOS7/dvd/ --name=CentOS7.9 --arch=x86_64
cobbler import --path=/data/os/Linux/CentOS/X86_64/CentOS8/dvd/ --name=CentOS8.1 --arch=x86_64

4、列出导入后的配置
[root@localhost iso]# cobbler list
distros:
   CentOS7.9-x86_64
   CentOS8.1-x86_64

profiles:
   CentOS7.9-x86_64
   CentOS8.1-x86_64

systems:

repos:

images:

mgmtclasses:

packages:

files:


卸载
[root@localhost ~]# umount /data/os/Linux/CentOS/X86_64/CentOS7/dvd/
[root@localhost ~]# umount /data/os/Linux/CentOS/X86_64/CentOS8/dvd/

同步cobbler配置
[root@localhost ~]# cobbler sync

参考文件

# Cobbler for Kickstart Configurator for CentOS 7 by yao zhang
install
url --url=$tree
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=eth0 --onboot=yes --noipv6 --hostname=CentOS7
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw  --iscrypted $default_password_crypted
clearpart --all --initlabel
part /boot --fstype xfs --size 1024
part swap --size 1024
part / --fstype xfs --size 1 --grow
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot

%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end

%packages
@^minimal
@compat-libraries
@core
@debugging
@development
bash-completion
chrony
dos2unix
kexec-tools
lrzsz
nmap
sysstat
telnet
tree
vim
wget
%end

%post
systemctl disable postfix.service
%end

#version=RHEL8
install
ignoredisk --only-use=sda
# Partition clearing information
clearpart --all --initlabel
# Use graphical install
text
# Use CDROM installation media
url --url=$tree
 
reboot
# Keyboard layouts
keyboard --vckeymap=cn --xlayouts='cn'
# System language
lang en_US.UTF-8
 
selinux --disabled
firewall --disabled
# Network information
network  --bootproto=dhcp --device=ens160 --ipv6=auto --activate
network  --hostname=wenzi.localhost
# Root password
rootpw --iscrypted $default_password_crypted
# Run the Setup Agent on first boot
firstboot --enable
# Do not configure the X Window System
skipx
# System services
services --disabled="chronyd"
# System timezone
timezone Asia/Shanghai --isUtc --nontp
# Disk partitioning information
zerombr
 
part /boot --fstype="ext4" --ondisk=sda --size=1024
part /swap --fstype="swap" --ondisk=sda --size=2048
part / --fstype="xfs" --ondisk=sda --grow --size=1
 
 
%packages
@^minimal-environment
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%post
%end 
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end