Cobbler 自动化装机
介绍
Cobbler 是一个配置(安装)和更新服务器。它支持通过 PXE(网络引导)进行部署, 虚拟化(Xen、QEMU/KVM 或 VMware),并重新安装现有 Linux 系统。后两个功能是 通过在远程系统上使用“Koan”启用。更新服务器功能包括 yum 镜像和集成 带有自动安装文件的镜像。Cobbler有一个命令行界面,WebUI,以及广泛的Python和 用于与外部脚本和应用程序集成的 XML-RPC API。
Cobbler是较早前的kickstart的升级版,优点是比较容易配置,还自带web界面比较易于管理。
Cobbler内置了一个轻量级配置管理系统,但它也支持和其它配置管理系统集成,如Puppet,暂时不支持SaltStack。
官方文档教程:https://cobbler.readthedocs.io/en/latest/index.html
Cobbler 内置服务
- PXE服务支持
- DHCP服务管理
- DNS服务管理(可选bind,dnsmasq)
- 电源管理
- Kickstart服务支持
- YUM仓库管理
- TFTP(PXE启动时需要)
- Apache(提供kickstart的安装源,并提供定制化的kickstart配置)
Cobbler 工作原理
Server端
- 启动Cobbler服务
- 进行Cobbler错误检查,执行cobbler check命令
- 进行配置同步,执行cobbler sync命令
- 复制相关启动文件到TFTP目录中
- 启动DHCP服务,提供地址分配
- DHCP服务分配IP地址
- TFTP传输启动文件
- Server端接收安装信息
- Server端发送ISO镜像与Kickstart文件
Client端
- 客户端以PXE模式启动
- 客户端获取IP地址
- 通过TFTP服务器获取启动文件
- 进入Cobbler安装选择界面
- 根据配置信息准备安装系统
- 加载Kickstart文件
- 传输系统安装的其它文件
- 进行安装系统
Cobbler 命令管理、
cobbler
usage
=====
cobbler <distro|profile|system|repo|image|mgmtclass|package|file> ...
[add|edit|copy|getks*|list|remove|rename|report] [options|--help]
cobbler <aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version|signature|get-loaders|hardlink> [options|--help]
[root@linux-node1 ~]# cobbler import --help # 导入镜像
Usage: cobbler [options]
Options:
-h, --help show this help message and exit
--arch=ARCH OS architecture being imported
--breed=BREED the breed being imported
--os-version=OS_VERSION
the version being imported
--path=PATH local path or rsync location
--name=NAME name, ex 'RHEL-5'
--available-as=AVAILABLE_AS
tree is here, don't mirror
--kickstart=KICKSTART_FILE
assign this kickstart file
--rsync-flags=RSYNC_FLAGS
pass additional flags to rsync
cobbler check #核对当前设置是否有问题
cobbler list #列出所有的cobbler元素
cobbler report #列出元素的详细信息
cobbler sync #同步配置到数据目录,更改配置最好都要执行下
cobbler reposync #同步yum仓库
cobbler distro #查看导入的发行版系统信息
cobbler system #查看添加的系统信息
cobbler profile #查看配置信息
命令 | 说明 |
---|---|
cobbler check | 核对当前设置是否有问题 |
cobbler list | 列出所有的cobbler元素 |
cobbler report | 列出元素的详细信息 |
cobbler sync | 同步配置到数据目录,更改配置最好都执行一下 |
cobbler reposync | 同步yum仓库 |
cobbler distro | 查看导入的发行版系统信息 |
cobbler system | 查看添加的系统信息 |
cobbler profile | 查看配置信息 |
Cobbler 搭建
安装epel-release源
yum -y install epel-release
安装相关服务
yum -y install cobbler cobbler-web dhcp tftp-server pykickstart httpd xinetd python-ctypes tftp lrzsz vim wget fence-agents debmirror
关闭防火墙、selinux
systemctl disable firewalld;systemctl disable firewalld #关闭防火墙
setenforce 0 #临时关闭
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux #永久关闭
或
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
期待cobbler,并且设置开机自启
systemctl start httpd cobblerd;systemctl enable httpd cobblerd
cobbler安装完后相关文件
rpm -ql cobbler # 查看安装的文件,下面列出部分。
/etc/cobbler # 配置文件目录
/etc/cobbler/settings # cobbler主配置文件,这个文件是YAML格式,Cobbler是python写的程序。
/etc/cobbler/dhcp.template # DHCP服务的配置模板
/etc/cobbler/tftpd.template # tftp服务的配置模板
/etc/cobbler/rsync.template # rsync服务的配置模板
/etc/cobbler/iso # iso模板配置文件目录
/etc/cobbler/pxe # pxe模板文件目录
/etc/cobbler/power # 电源的配置文件目录
/etc/cobbler/users.conf # Web服务授权配置文件
/etc/cobbler/users.digest #用于web访问的用户名密码配置文件
/etc/cobbler/dnsmasq.template #DNS服务的配置模板
/etc/cobbler/modules.conf # Cobbler模块配置文件
/var/lib/cobbler # Cobbler数据目录
/var/lib/cobbler/config #配置文件
/var/lib/cobbler/kickstarts # 默认存放kickstart文件
/var/lib/cobbler/loaders # 存放的各种引导程序
/var/www/cobbler # 系统安装镜像目录
/var/www/cobbler/ks_mirror # 导入的系统镜像列表
/var/www/cobbler/images # 导入的系统镜像启动文件
/var/www/cobbler/repo_mirror # yum源存储目录
/var/log/cobbler # 日志目录
/var/log/cobbler/install.log # 客户端系统安装日志
/var/log/cobbler/cobbler.log # cobbler日志
....
配置cobbler,使用cobbler check 检查
cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders. If you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
根据以上列出问题逐一解决
sed -ri '/allow_dynamic_settings:/c\allow_dynamic_settings: 1' /etc/cobbler/settings
grep allow_dynamic_settings /etc/cobbler/settings
sed -i 's#^server: 127.0.0.1#server: 172.16.10.10#' /etc/cobbler/settings
sed -i 's#^next_server: 127.0.0.1#next_server: 172.16.10.10#' /etc/cobbler/settings
#设置tftp
sed -ri '/disable/c\disable = no' /etc/xinetd.d/tftp
systemctl restart xinetd tftp rsyncd
systemctl enable xinetd tftp rsyncd
sed -i 's|@dists=.*|#@dists=|' /etc/debmirror.conf
sed -i 's|@arches=.*|#@arches=|' /etc/debmirror.conf
#设置安装完系统初始化密码
openssl passwd -1 -salt `openssl rand -hex 4` 'redhat'
cobbler setting edit --name=default_password_crypted --value='$1$f613c458$1SFWNGkzYja4pbpemudIX.'
或
IPADDR=172.16.10.10
sed -i 's/server: 127.0.0.1/server: '${IPADDR}'/' /etc/cobbler/settings && grep "server: ${IPADDR}" /etc/cobbler/settings
sed -i 's/next_server: 127.0.0.1/next_server: '${IPADDR}'/' /etc/cobbler/settings && grep "next_server: ${IPADDR}" /etc/cobbler/settings
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/' /etc/cobbler/settings && grep 'manage_dhcp: 1' /etc/cobbler/settings
sed -i 's/pxe_just_once: 0/pxe_just_once: 1/' /etc/cobbler/settings && grep 'pxe_just_once: 1' /etc/cobbler/settings
sed -i "s#manage_rsync: 0#manage_rsync: 1#g" /etc/cobbler/settings && grep "manage_rsync: 1" /etc/cobbler/settings
sed -i 's|@dists=.*|#@dists=|' /etc/debmirror.conf
sed -i 's|@arches=.*|#@arches=|' /etc/debmirror.conf
#设置新装系统的默认root密码123456
vim /etc/cobbler/settings
#最终修改的结果
default_password_crypted: "$1$root$j0bp.KLPyr.u9kgQ428D10"
#生产秘钥的方式
openssl passwd -1 -salt 'root' '123456'
设置通过cobbler管理dhcp
cobbler setting edit --name=manage_dhcp --value=1
或
sed -i 's#manage_dhcp: 0#manage_dhcp: 1#' /etc/cobbler/settings
配置dhcp
vim /etc/cobbler/dhcp.template
subnet 172.16.10.0 netmask 255.255.255.0 {
option routers 172.16.10.10;
option domain-name-servers 172.16.10.10;
option subnet-mask 255.255.255.0;
range dynamic-bootp 172.16.10.10 172.16.10.200;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
使用cobbler sync 同步
cobbler sync
task started: 2023-05-06_042445_sync
task started (id=Sync, time=Sat May 6 04:24:45 2023)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /usr/share/syslinux/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /usr/share/syslinux/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-0.97-x86_64.efi -> /var/lib/tftpboot/grub/grub-0.97-x86_64.efi
trying hardlink /var/lib/cobbler/loaders/grub-0.97-x86.efi -> /var/lib/tftpboot/grub/grub-0.97-x86.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
Cobbler 安装Centos7
导入系统镜像
cobbler import --path=/media/ --name=CentOS-7.6-x86_64 --arch=x86_64
# --path 镜像路径
# --name 为安装源定义一个名字
# --arch 指定安装源是32位、64位、ia64, 目前支持的选项有: x86│x86_64│ia64
# 安装源的唯一标示就是根据name参数来定义,本例导入成功后,安装源的唯一标示就是:CentOS-7.6-x86_64,如果重复,系统会提示导入失败。
# 镜像存放目录,cobbler会将镜像中的所有安装文件拷贝到本地一份,放在/var/www/cobbler/ks_mirror下的CentOS-7.1-x86_64目录下。因此/var/www/cobbler目录必须具有足够容纳安装文件的空间。
浏览器访问测试
http://192.168.10.14/cobbler/ks_mirror/CentOS-7.6-x86_64/
查看导入后镜像信息
cobbler distro report --name=CentOS-7.6-x86_64
Name : CentOS-7.6-x86_64
Architecture : x86_64
TFTP Boot Files : {}
Breed : redhat
Comment :
Fetchable Files : {}
Initrd : /var/www/cobbler/ks_mirror/CentOS-7.6-x86_64/images/pxeboot/initrd.img
Kernel : /var/www/cobbler/ks_mirror/CentOS-7.6-x86_64/images/pxeboot/vmlinuz
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart Metadata : {'tree': 'http://@@http_server@@/cblr/links/CentOS-7.6-x86_64'}
Management Classes : []
OS Version : rhel6
Owners : ['admin']
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Template Files : {}
创建ks 文件
# This kickstart file should only be used with EL > 5 and/or Fedora > 7.
# For older versions please use the sample.ks kickstart file.
# Install OS instead of upgrade
install
# Use text mode install
text
# System keyboard
keyboard us
# System language
lang en_US
# System timezone
timezone Asia/ShangHai
#Root password
rootpw --iscrypted $default_password_crypted
# System authorization information
auth --useshadow --enablemd5
# Firewall configuration
firewall --disabled
# SELinux configuration
selinux --disabled
# Use network installation
url --url=$tree
# Clear the Master Boot Record
zerombr
# System bootloader configuration
bootloader --location=mbr
# Partition clearing information
clearpart --all --initlabel
part /boot --fstype=xfs --size=500
part swap --fstype=swap --size=2048
part / --fstype=xfs --grow --size=200
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# Network information
$SNIPPET('network_config')
# Do not configure the X Window System
skipx
# Run the Setup Agent on first boot
firstboot --disable
# Reboot after installation
reboot
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
$SNIPPET('func_install_if_enabled')
@core
@base
tree
nmap
wget
lftp
lrzsz
telnet
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
sed -ri "/^#UseDNS/c\UseDNS no" /etc/ssh/sshd_config
sed -ri "/^GSSAPIAuthentication/c\GSSAPIAuthentication no" /etc/ssh/sshd_config
%end
设置ks 文件
cobbler profile edit --name=CentOS-7.6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.ks
验证ks 文件是否设置成功
cobbler profile report --name=CentOS-7.6-x86_64 |grep Kickstart
Cobbler Web 管理
安装 cobbler-web
yum -y install cobbler-web
访问地址,默认账号cobbler,密码cobbler
https://IP/cobbler_web
UseDNS/c\UseDNS no" /etc/ssh/sshd_config
sed -ri “/^GSSAPIAuthentication/c\GSSAPIAuthentication no” /etc/ssh/sshd_config
%end
设置ks 文件
```bash
cobbler profile edit --name=CentOS-7.6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.ks
验证ks 文件是否设置成功
cobbler profile report --name=CentOS-7.6-x86_64 |grep Kickstart
Cobbler Web 管理
安装 cobbler-web
yum -y install cobbler-web
访问地址,默认账号cobbler,密码cobbler
https://IP/cobbler_web