Cobbler 简介:

                     Cobbler由python语言开发,是对PXE和Kickstart以及DHCP的封装。融合很多特性,提供了CLI和Web的管理形式。更加方便的实行网络安装。同时,Cobbler也提供了API接口,使用其它语言也很容易做扩展。它不紧可以安装物理机,同时也支持kvm、xen虚拟化、Guest OS的安装。更多的是它还能结合Puppet等集中化管理软件,实现自动化的管理。

Cobbler 提供的功能:

                     使用 Cobbler,您无需进行人工干预即可安装机器。Cobbler 设置一个 PXE 引导环境,并控制与安装相关的所有方面,比如网络引导服务(DHCP 和 TFTP)与存储库镜像。当希望安装一台新机器时,Cobbler 可以使用一个以前定义的模板来配置 DHCP 服务(如果启用了管理 DHCP) 将一个存储库(yum 或 rsync)建立镜像或解压缩一个媒介,以注册一个新操作系统 在 DHCP 配置文件中为需要安装的机器创建一个条目,并使用您指定的参数(IP 和 MAC 地址) 在 TFTFP 服务目录下创建适当的 PXE 文件 重新启动 DHCP 服务以反映更改 重新启动机器以开始安装(如果电源管理已启用)

Cobbler 工作原理:

Server端:

    第一步,启动Cobbler服务

    第二步,进行Cobbler错误检查,执行cobbler check命令

    第三步,进行配置同步,执行cobbler sync命令

    第四步,复制相关启动文件文件到TFTP目录中

    第五步,启动DHCP服务,提供地址分配

    第六步,DHCP服务分配IP地址

    第七步,TFTP传输启动文件

    第八步,Server端接收安装信息

    第九步,Server端发送ISO镜像与kickstart文件

Client端:

    第一步,客户端以PXE模式启动

    第二步,客户端获取IP地址

    第三步,通过TFTP服务器获取启动文件

    第四步,进入Cobbler安装选择界面

    第五步,客户端确定加载信息

    第六步,根据配置信息准备安装系统

    第七步,加载kickstart文件

    第八步,传输系统安装的其它文件

    第九步,进行安装系统


测试环境:

OS : rhel-6.5-x86_64

eth0 : 192.168.1.107     桥接网卡

eth1 : 192.168.10.254   Host only


一,Cobbler 的安装配置

1,关闭防火墙和selinux

# service iptables stop

# chkconfig iptables off

# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

# setenforce 0

2,Cobbler 由epel源提供,故此需要事先配置安装指向 epel 的 yum 源

# yum install http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm 

3,安装 Cobbler 和它需要的第三方工具包

# yum install -y cobbler cobbler-web debmirror pykickstart rsync httpd dhcp tftp-server

4,启动Cobbler 和httpd 服务

# service cobblerd start

# service httpd start

5,修改apache相关配置并重新启动

# vim /etc/httpd/conf/httpd.conf

        ServerName localhost:80

# service httpd restart

6,添加服务至服务列表

# chkconfig --add cobblerd

# chkconfig --add httpd

# chkconfig cobblerd on

# chconfig httpd on

7,检测cobbler 的环境配置成功没

# cobbler check

错误:
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in /etc/xinetd.d/rsync
6 : file /etc/xinetd.d/rsync does not exist
7 : comment out 'dists' on /etc/debmirror.conf for proper debian support
8 : comment out 'arches' on /etc/debmirror.conf for proper debian support
9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
10 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
说明 :
1,/etc/cobbler/setting 文件中的'server' 配置项的值不能为localhost 必须是一个能够与外部主机交互的ip地址;
2,需要修改/etc/cobbler/setting 文件中的‘net_server’的值为tftp 服务器的ip地址,不能使用127.0.0.1;
3,需要启动tftp服务,修改/etc/xinetd.d/tftp 文件;
4,执行 cobbler get-loaders 命令,获取不同发行版的bootloader;
5,需要启动rsync服务,修改/etc/xinetd.d/rsync 文件;
6,/etc/xinetd.d/rsync 文件不存在;
7,8,注释/etc/debmirror.conf 文件中的 'dists' 和 'arches';
9,需要修改默认的密码;
10,cobbler支持电源管理,需要此功能需要安装 cman 和 fence-agents;
配置成功后需要重启cobblerd 并且执行 cobbler sync 命令同步;

8,修改cobbler的主配置文件

# vim /etc/cobbler/setting

next_server: 192.168.10.254

server: 192.168.10.254

# service cobblerd restart

9,启动tftp服务

# chkconfig tftp on

# service xinetd restart

10,获取bootloader(需要能访问互联网)

# cobbler get-loaders

# ls /var/lib/cobbler/loaders/   ###bootloader 文件存放位置

# service cobblerd restart

11,启用rsync服务 

# chkconfig rsync on

# service xinetd restart

12,编辑/etc/debmirror.conf

# vim /etc/debmirror.conf

    # @dists="sid";

    # @arches="i386";

13,生成密码

# openssl passwd -1 -salt `openssl rand -hex 4`    密码

# vim /etc/cobbler/setting

  default_password_crypted: "生成密钥"

14,如果需要装cman 和fence-agents 如下:

# yum -y install cman fence-agents

15,重启检测

# service cobblerd restart

# cobbler check

16,执行cobbler同步

# cobbler sync

17,提供dhcp服务的主配置文件

# cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf

18,编辑dhcp服务的配置文件

# vim /etc/dhcp/dhcpd.conf

    option domain-name "luolinux.com";

    option domain-name-servers 192.168.1.136;

    default-lease-time 43200;

    max-lease-time 86400;

    subnet 192.168.10.0 netmask 255.255.255.0 {

    range 192.168.10.21 192.168.10.100;

    option routers 192.168.10.254;

    }

    next-server 192.168.10.254;

    filename="pxelinux.0";

19,重启dhcpd服务

# service dhcpd restart

# chkconfig dhcpd on

20,提供kickstart 文件

# vim /var/lib/cobbler/kickstarts/rhel-6.5-x86_64.cfg
url --url="http://192.168.1.107/cobbler/ks_mirror/rhel-6.5-x86_64"     ###关键配置项
lang en_US.UTF-8
keyboard us
key --skip
network --onboot yes --device eth0 --bootproto dhcp --noipv6
rootpw  --iscrypted     $1$19e9dd0e$S42Ccni9SSqRtpP.bXaQD.
auth --useshadow --passalgo=sha512

text
firewall --disabled
selinux --disabled

#Reboot after instaiiation
reboot
timezone --utc Asia/Shanghai

# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
zerombr yes

part /boot --fstype=ext4 --size=200
part /     --fstype=ext4 --size=7000

%packages
@Base
%end
%post

echo -e 'Luochen test Machine' >> /etc/issue
sed -i '1,$s@id:[0-9]:initdefault:@id:3:initdefault:@g' /etc/inittab

# set the hostname
ClientName="Director"
sed -i "s@HOSTNAME=.*@HOSTNAME=$ClientNAME@" /etc/sysconfig/networks
%end

21,将光盘镜像文件导入到cobbler中

# mount -t iso9660 -o loop /dev/cdrom /media/cdrom

# cobbler import --name="rhel-6.5-x86_64" --path=/media/cdrom/

22,查看distro

# cobbler distro list

wKioL1cGEGXT1GvCAAARzxdGgkk535.png

23,添加profile 主要有三个重要选项 --name , --kickstart , --distro

# cobbler profile add --name=rhel-6.5-x86_64-basic --distro=rhel-6.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.cfg

wKiom1cGD9HAkYrNAACeqX9WZec292.png


# cobbler profile list  (默认在添加distro 时会生成一个profile 此profile不可用 没有指定kickstart文件)

# cobbler sync

24,查看所有的cobbler组件

# cobbler list

25,更换kickstart文件

# cobbler profile edit --name=rhel-6.5-x86_64-basic --distro=rhel-6.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.cfg(修改后的kickstart文件)

PS : http://192.168.1.107/cobbler/ks_mirror/  目录里保存每一个制作好的发行版

二,测试

1,新建虚拟机,设置系统启动顺序为网络引导

wKiom1cGDcCwZyD4AABY9uYshhQ331.png

2,设置网络 Host only

wKiom1cGDgWSc6iFAABMwYyXXU0077.png

3,启动虚拟机

wKiom1cGF1qi4zUXAABGj6mOu78617.png

4,开始安装

wKioL1cGD0iB1bshAAAXsT6TeEY330.png


wKioL1cGD1ah5EGPAAAYI3pu6AA724.png

三,Cobbler_web 的配置

1,cobbler_web的bug修复

当前epel源中提供的cobbler_web(程序包为cobbler-2.2.3-2.el6.noarch)存在bug,其/usr/share/cobbler/web/settings.py文件的内容需要修改为如下内容:
# vim /usr/share/cobbler/web/settings.py

# Django settings for cobbler-web project.
import django
DEBUG = True
TEMPLATE_DEBUG = DEBUG
ADMINS = (
   # ('Your Name', 'your_email@domain.com'),
)

MANAGERS = ADMINS
DATABASE_ENGINE = ''     # cobbler-web does not use a database
DATABASE_NAME = ''      
DATABASE_USER = ''      
DATABASE_PASSWORD = ''  
DATABASE_HOST = ''      
DATABASE_PORT = ''      

# Force Django to use the systems timezone
TIME_ZONE = None

# Language section
# TBD.
LANGUAGE_CODE = 'en-us'
USE_I18N = False

SITE_ID = 1

# not used
MEDIA_ROOT = ''
MEDIA_URL = ''
ADMIN_MEDIA_PREFIX = '/media/'

SECRET_KEY = ''

# code config

if django.VERSION[0] == 1 and django.VERSION[1] < 4:
   TEMPLATE_LOADERS = (
       'django.template.loaders.filesystem.load_template_source',
       'django.template.loaders.app_directories.load_template_source',
   )
else:
   TEMPLATE_LOADERS = (
       'django.template.loaders.filesystem.Loader',
       'django.template.loaders.app_directories.Loader',
   )

if django.VERSION[0] == 1 and django.VERSION[1] < 2:
   # Legacy django had a different CSRF method, which also had
   # different middleware. We check the vesion here so we bring in
   # the correct one.
   MIDDLEWARE_CLASSES = (
       'django.middleware.common.CommonMiddleware',
       'django.contrib.csrf.middleware.CsrfMiddleware',
       'django.contrib.sessions.middleware.SessionMiddleware',
       'django.contrib.auth.middleware.AuthenticationMiddleware',
   )
else:
   MIDDLEWARE_CLASSES = (
       'django.middleware.common.CommonMiddleware',
       'django.middleware.csrf.CsrfViewMiddleware',
       'django.contrib.sessions.middleware.SessionMiddleware',
       'django.contrib.auth.middleware.AuthenticationMiddleware',
   )

ROOT_URLCONF = 'urls'

TEMPLATE_DIRS = (
   '/usr/share/cobbler/web/templates',
)
INSTALLED_APPS = (
   'django.contrib.auth',
   'django.contrib.contenttypes',
   'django.contrib.sessions',
   'django.contrib.sites',
   'cobbler_web',
)

from django.conf.global_settings import TEMPLATE_CONTEXT_PROCESSORS

TEMPLATE_CONTEXT_PROCESSORS += (
    'django.core.context_processors.request',
)
   
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
SESSION_FILE_PATH = '/var/lib/cobbler/webui_sessions'

2,配置cobbler_web的认证功能

cobbler_web支持多种认证方式,如authn_configfile、authn_ldap或authn_pam等,默认为authn_denyall,即拒绝所有用户登录。下面说明两种能认证用户登录cobbler_web的方式:

3,使用authn_pam模块认证cobbler_web用户

首先修改/etc/cobbler/modules.conf 中[authentication]段的module参数的值为authn_pam

# vim /etc/cobbler/modules.conf

            [authentication]

            module = authn_pam

接着添加系统用户,用户名和密码按需设定即可,例如下面的命令所示 : 

# useradd luochen

# echo 'luochen' | passwd --stdin luochen


而后将cblradmin用户添加至cobbler_web的admin组中。修改/etc/cobbler/users.conf文件,将cblradmin用户名添加为admin参数的值即可,如下所示 : 

# vim /etc/cobbler/users.conf

        [admins]

        admin = "luochen"

# service cobblerd restart

PS : 最后重启cobblerd服务,通过http://192.168.1.107/cobbler_web访问即可。


4,使用authn_configfile模块认证cobbler_web用户

首先修改modules中[authentication]段的module参数的值为authn_configfile

# vim /etc/cobbler/modules.conf

            [authentication]

            module = authn_configfile

接着创建其认证文件/etc/cobbler/users.digest,并添加所需的用户即可。需要注意的是,添加第一个用户时,需要为htdigest命令使用“-c”选项,后续添加其他用户时不能再使用;另外,cobbler_web的realm只能为Cobbler。如下所示  : 

# htdigest -c /etc/cobbler/users.digest Cobbler  '用户名'

PS : 最后重启cobblerd服务,通过http://192.168.1.107/cobbler_web访问即可。

5,登录页

wKioL1cGFtWCUIRMAABM6CcPK9c856.png

6,Cobbler-web 主界面

wKiom1cGGB_DYw40AACBENiCk7k085.png