cobbler部署
设置防火墙:
1.关闭firewall并禁止开机启动
#1、关闭firewall并禁止开机启动
#关闭firewall
[root@BF0124 ~]# systemctl stop firewalld.service
#禁止firewall开机启动
[root@BF0124 ~]# systemctl disable firewalld.service
#2、查看默认防火墙状态
[root@BF0124 ~]# firewall-cmd --state
#3、安装iptables-services
[root@BF0124 ~]# yum install iptables-services
#4、重启防火墙使配置生效并开机启动
#重启防火墙使配置生效
[root@BF0124 ~]# systemctl restart iptables.service
#设置防火墙开机启动
[root@BF0124 ~]# systemctl enable iptables.service
#5.查看防火墙配置文件
[root@BF0124 ~]# vi /etc/sysconfig/iptables vim /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Thu May 23 18:27:17 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:512]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 67 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 68 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 69 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 67 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 68 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 69 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 139 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 443 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 445 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu May 23 18:27:17 2019
关闭selinux:
#1、查看selinux
[root@BF0124 ~]# cat /etc/selinux/config
#2、修改selinux
[root@BF0124 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
#3、重启
[root@BF0124 ~]# reboot
#4、查看selinux
[root@BF0124 ~]# cat /etc/selinux/config
安装时间服务器,并半小时同步一次时间
echo -e "\e[33m安装时间服务器\e[0m" \
&& yum -y install ntp ntpdate \
&& ln -sf /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime \
&& ntpdate us.pool.ntp.org \
&& echo "*/30 * * * * /usr/sbin/ntpdate us.pool.ntp.org >> /var/log/crontab.log 2>&1">>/var/spool/cron/root \
&& systemctl restart crond \
&& systemctl stop ntpd.service \
&& systemctl disable ntpd.service
安装步骤:
#1、系统升级
[root@BF0124 ~]# yum update -y
#2、安装epel包
[root@BF0124 ~]# yum install epel-release -y
[root@BF0124 ~]# yum makecache#3、安装所需的服务
[root@BF0124 ~]# yum install cobbler cobbler-web pykickstart dhcp xinetd tftp-server pykickstart httpd -y
#4、启动httpd
[root@BF0124 ~]# systemctl start httpd
[root@BF0124 ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
#5、启动cobbler
[root@BF0124 ~]# systemctl start cobblerd
[root@BF0124 ~]# systemctl enable cobblerd
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.
#6、检查cobbler的配置(按提示将未配置的步骤配置完)
[root@BF0124 ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
第一步+第二步:
[root@BF0124 ~]# vim /etc/cobbler/settings
server: 10.0.0.134
next_server: 10.0.0.134
manage_dhcp: 1
第三步:
[root@BF0124 ~]# vim /etc/selinux/config
SELINUX=disabled
[root@BF0124 ~]# setenforce 0
[root@BF0124 ~]# getenforce
Permissive
第四步:
[root@BF0124 ~]# vim /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no(将yes修改为no)
per_source = 11
cps = 100 2
flags = IPv4
}
第五步:
下载缺少的文件
[root@BF0124 ~]# cobbler get-loaders
task started: 2018-06-08_101543_get_loaders
task started (id=Download Bootloader Content, time=Fri Jun 8 10:15:43 2018)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
第六步:
[root@BF0124 ~]# systemctl start rsyncd.service
[root@BF0124 ~]# systemctl enable rsyncd.service
第八步:
[root@BF0124 ~]# openssl passwd -1 -salt 'cobbler' '000000'
$1$cobbler$yvUCMps1IlTa5ocamRXv1.
[root@BF0124 ~]# vim /etc/cobbler/settings
default_password_crypted: "$1$cobbler$yvUCMps1IlTa5ocamRXv1."
第九步:
[root@liang ~]# systemctl restart xinetd
[root@liang ~]# systemctl restart cobblerd
[root@BF0124 ~]# vim /etc/cobbler/dhcp.template
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
shared-network name {
option domain-name-servers 8.8.8.8;
subnet 103.97.229.0 netmask 255.255.255.0 {
option routers 103.97.229.137;
option subnet-mask 255.255.255.0;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
#if $iface.interface_type == "infiniband":
option dhcp-client-identifier = $mac;
#else
hardware ethernet $mac;
#end if
#if $iface.ip_address:
fixed-address $iface.ip_address;
#end if
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for
扫一扫
15万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
