预备工具cobbler的配置与使用

Cobbler作为一个预备工具，使部署RedHat/Centos/Fedora系统更容易，同时也支持Suse和Debian系统的部署。

它提供以下服务集成：

* PXE服务支持

* DHCP服务管理

* DNS服务管理

* Kickstart服务支持

* yum仓库管理

Cobbler客户端Koan支持虚拟机安装和操作系统重新安装。

Cobbler服务器部署：

1、确保EPEL仓库可用，如果不可用先安装epel包：

rpm -Uvhhttp://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

2、安装cobbler server需要的的所有包：

yum install cobbler httpd rsync tftp-server xinetd dhcp

3、启动httpd和cobblerd，并设置为开机自启动：

/sbin/service httpd start

/sbin/service cobblerd start

/sbin/chkconfig httpd on

/sbin/chkconfig dhcpd on

/sbin/chkconfig xinetd on

/sbin/chkconfig tftp on

/sbin/chkconfig cobblerd on

4、检查cobbler相关配置：

cobbler check

The following are potential configuration items that you maywant to fix:

1 : The 'server' field in /etc/cobbler/settings must be set tosomething other than localhost, or kickstarting features will notwork. This should be a resolvable hostname or IP for the bootserver as reachable by all machines that will use it.

2 : For PXE to be functional, the 'next_server' field in/etc/cobbler/settings must be set to something other than127.0.0.1, and should match the IP of the boot server on the PXEnetwork.

3 : you need to set some SELinux content rules to ensurecobbler works correctly in your SELinux environment, run thefollowing: /usr/sbin/semanage fcontext -a -t public_content_t"/tftpboot/.*" && \/usr/sbin/semanage fcontext -a -t public_content_t"/var/www/cobbler/p_w_picpaths/.*"

4 : some network boot-loaders are missing from/var/lib/cobbler/loaders, you may run 'cobbler get-loaders' todownload them, or, if you only want to handle x86/x86_64netbooting, you may ensure that you have installed a *recent*version of the syslinux package installed and can ignore thismessage entirely. Files in this directory, should you want tosupport all architectures, should include pxelinux.0, menu.c32,elilo.efi, and yaboot. The 'cobbler get-loaders' command is theeasiest way to resolve these requirements.

5 : change 'disable' to 'no' in /etc/xinetd.d/tftp

6 : change 'disable' to 'no' in /etc/xinetd.d/rsync

7 : since iptables may be running, ensure 69, 80, and 25151are unblocked

8 : debmirror package is not installed, it will be required tomanage debian deployments and repositories

9 : The default password used by the sample templates fornewly installed machines (default_password_crypted in/etc/cobbler/settings) is still set to 'cobbler' and should bechanged, try: "openssl passwd -1 -salt 'random-phrase-here''your-password-here'" to generate new one

Restart cobblerd and then run 'cobbler sync' to applychanges.

修正上面错误：

1）vi /etc/cobbler/settings

   server: 192.168.0.2   #设置cobblerserver的IP地址

   next-server: 192.168.0.2  #设置PXEserver的IP地址

   manage_dhcp: 1   #开启管理DHCP服务

   default_kickstart: /var/lib/cobbler/kickstarts/default.ks #设置默认的kickstart配置文件，此文件建议用system-config-kickstart（需要X环境）生成

2)关闭防火墙和SElinux

3)获取启动镜像

   cobbler get-loaders

4)启动tftp和rsync

   vi /etc/xinetd.d/tftp

       将disable   =yes改为：disable   = no

   vi /etc/xinetd.d/rsync

       将disable   =yes改为：disable   = no

   重启xinetd服务：

       /etc/init.d/xinetd restart

5)修改DHCP模板，确保DHCP分配的地址和Cobbler在同一网段

   vi

   /etc/cobbler/dhcp.template

#******************************************************************

# Cobbler managed dhcpd.conf file

#

# generated from cobbler dhcp.conf template ($date)

# Do NOT make changes to /etc/dhcpd.conf. Instead, make yourchanges

# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf willbe

# overwritten.

#

#******************************************************************

ddns-update-style interim;

allow booting;

allow bootp;

ignore client-updates;

set vendorclass = option vendor-class-identifier;

subnet 192.168.0.0 netmask 255.255.255.0 {

optionrouters  192.168.0.1;

#option domain-name-servers 192.168.0.2;

optionsubnet-mask   255.255.255.0;

rangedynamic-bootp  192.168.0.100192.168.0.200;

filename  "/pxelinux.0";

default-lease-time   21600;

max-lease-time   43200;

next-server  $next_server;

}

#for dhcp_tag in $dhcp_tags.keys():

##group could be subnet if your dhcp tags line up with yoursubnets

## orreally any valid dhcpd.conf construct ... if you only use the

##default dhcp tag in cobbler, the group block can be deleted fora

## flatconfiguration

# group for Cobbler DHCP tag: $dhcp_tag

group {

#for mac in$dhcp_tags[$dhcp_tag].keys():

#set iface = $dhcp_tags[$dhcp_tag][$mac]

host$iface.name {

hardware ethernet $mac;

#if $iface.ip_address:

fixed-address$iface.ip_address;

#end if

#if $iface.hostname:

option host-name"$iface.hostname";

#end if

#if $iface.subnet:

option subnet-mask$iface.subnet;

#end if

#if $iface.gateway:

option routers$iface.gateway;

#end if

filename"$iface.filename";

## Cobbler defaults to$next_server, but some users

## may like to use$iface.system.server for proxied setups

next-server$next_server;

## next-server$iface.next_server;

}

#end for

}

#end for

5、同步cobbler配置，使修改生效：

   cobbler sync

6、挂载Linux安装盘，生成安装镜像：

   mount /dev/cdrom /mnt/

   cobbler import --path=/mnt/ --name=CentOS-5-i386

7、RPM仓库管理

   相关阅读：https://fedorahosted.org/cobbler/wiki/ManageYumRepos

   我们可以为cobbler添加RPM仓库：

   cobbler repo add --name=CentOS-5-i386--mirror=http://mirrors.163.com/centos/5/os/i386/

   cobbler repo add --name=EPEL-5-i386--mirror=http://download.fedoraproject.org/pub/epel/5/i386/

   同步仓库到本地：

       cobbler reposync

   也可以通过设置--mirror-locally=0不下载到本地，而通过kickstartserver去仓库下载rpm包。

   添加计划任务，每天凌晨两点进行一次同步：

       crontab -e

       0 2 * * * cobbler reposync --tries=3 --no-fail

8、设置profile和system

profile可以理解为按角色进行分类。

   cobbler profile add --name=webserver --distro=CentOS-5-i386--repos=EPEL-5-i386--kickstart=/var/lib/cobbler/kickstarts/webserver.ks

system是对待安装机器做具体设置，如设置主机名、IP地址、hostname等，这些设置根据MAC应用到具体机器上。cobbler system add --name=webserver1 --ip=192.168.0.110--mac=00:0C:29:77:89:c7 --profile=webserver--kickstart=/var/lib/cobbler/kickstarts/webserver.ks--static=1

cobbler system edit --name=webserver1--dns-name=webserver1.grid.house.sina.com.cn--hostname=webserver1.grid.house.sina.com.cn

cobbler system edit --name=webserver1 --gateway=192.168.0.1--subnet=255.255.255.0

cobbler system edit --name=webserver1 --interface=eth1--static=0

可以通过访问http://192.168.0.2/cblr/svc/op/ks/system/webserver1来查看真正的kickstart配置。

9、启动待安装的服务器，开始安装。

10、重新安装

   yum install koan

   koan --server=192.168.0.2 --list=profiles

   koan --replace-self --server=192.168.0.2--profile=webserver

   /sbin/reboot

11、设置Cobbler web界面

Cobbler web界面是一个很好的前端，非常容易管理很多Cobbler操作。可以用它列出和编辑distros,profiles, subprofiles, systems, repos and kickstart文件。

安装Cobbler web：

   yum install cobbler-web

Cobbler web界面访问地址：

   http://192.168.0.2/cobbler_web/

   （192.168.0.2为Cobbler webserver地址）

设置用户名密码：

为已存在的用户重置密码：

   htdigest /etc/cobbler/users.digest "Cobbler"cobbler

添加新用户：

   htdigest /etc/cobbler/users.digest "Cobbler" yourname

设置/etc/cobbler/modules如下：

   [authentication]  

       module = authn_configfile  

   [authorization]  

       module = authz_allowall

重启Cobbler服务：

   service cobblerd restart

12、Cobbler命令说明

   cobbler check - 核对当前设置是否有问题

   cobbler list - 列出所有的cobbler元素

   cobbler report - 详细的列出个元素

   cobbler sync - 同步配置到dhcp/pxe和数据目录

   cobbler reposync - 同步yum仓库

13、Cobbler配置文件说明

Cobbler配置文件存放在/etc/cobbler下。/etc/cobbler/settings为主配置文件；在/etc/cobbler下你还能看到dhcp、dns、pxe、dnsmasq的模板配置文件；/etc/cobbler/users.digest为用于web访问的用户名密码配置文件；/etc/cobbler/modules.conf为模块配置文件；/etc/cobbler/users.conf为Cobbler WebUI/Webservice授权配置文件。

Repo数据目录/var/www/cobbler

导入的发行版，repos镜像和kickstart文件都放置在/var/www/cobbler目录下。确保/var目录有足够的空间来存储这些文件。

p_w_picpaths/ - 存储所有导入发行版的Kernel和initrd镜像用于远程网络启动

ks_mirror/ - 存储导入的发行版  

repo_mirror/ - yum repos存储目录

/var/log/cobbler用于存放日志文件/var/log/cobbler/cobbler.log

Cobbler数据目录/var/lib/cobbler，此目录存储和Cobblerprofiles、systems、distros相关的配置。

configs/ - 此目录用于存储distros、repos、systems和profiles相关信息

backup/ - 备份目录

snippets/  -用于放置一些可以在kickstarts导入的脚本小片段

triggers/  - 此目录用来放置一些可执行脚本

kickstarts/  - 此目录用来放置kickstart模板文件

14、与Puppet整合进行配置管理：

相关参考：https://fedorahosted.org/cobbler/wiki/UsingCobblerWithConfigManagementSystem

   [root@puppetmaster ~]# vi /etc/puppet/puppet.conf

       [main]

           # 添加下面行，使puppet支持扩展节点

           external_nodes = /usr/bin/cobbler-ext-nodes

           node_terminus = exec

# 添加Puppet管理类basesclass，并设置dns name

[root@puppetmaster ~]# cobbler system edit --name=webserver1--mgmt-classes="baseclass"--dns-name=webserver1.grid.house.sina.com.cn

# 确保下面命令的获得配置管理类（baseclass）及参数

[root@puppetmaster ~]# /usr/bin/cobbler-ext-nodes"webserver1.grid.house.sina.com.cn"

classes: [baseclass]

parameters: {from_cobbler: 1, tree:'http://@@http_server@@/cblr/links/CentOS-5-i386'}

注意：上面给脚本提供的参数为你设置的dns name，不是cobbler system命令中设置的name。

kickstart参考：

[root@leju ~]# cat/var/lib/cobbler/kickstarts/webserver.ks

#platform=x86, AMD64, or Intel EM64T

# System authorization information

auth  --useshadow --enablemd5

# System bootloader configuration

bootloader --location=mbr

# Partition clearing information

clearpart --all --initlabel

# Use text mode install

text

# Firewall configuration

firewall --disable

# Run the Setup Agent on first boot

firstboot --disable

# System keyboard

keyboard us

# System language

lang en_US

# Use network installation

url --url=$tree

# If any cobbler repo definitions were referenced in thekickstart profile, include them here.

$yum_repo_stanza

# Network information

$SNIPPET('network_config')

# Reboot after installation

reboot

#Root password

rootpw --iscrypted $default_password_crypted

# SELinux configuration

selinux --disabled

# Do not configure the X Window System

skipx

# System timezone

timezone  --utc Asia/Shanghai

# Install OS instead of upgrade

install

# Clear the Master Boot Record

zerombr

# Allow anaconda to partition the system as needed

autopart

clearpart --all --drives=sda --initlabel

part /boot --fstype ext3 --size=128

part /usr --fstype ext3 --size=4192

part / --fstype ext3 --size=2048

part /var --fstype ext3 --size=2048

part /tmp --fstype ext3 --size=2048

part swap --size=2048

part /data0 --fstype ext3 --size=100 --grow

%pre

$SNIPPET('log_ks_pre')

$kickstart_start

$SNIPPET('pre_install_network_config')

# Enable installation monitoring

$SNIPPET('pre_anamon')

%packages

@admin-tools

@base

@chinese-support

@core

@development-libs

@development-tools

@editors

@system-tools

@text-internet

OpenIPMI-tools

hardlink

kernel-PAE

kernel-PAE-devel

kernel-devel

libpng-devel

lrzsz

minicom

net-snmp-utils

pcre-devel

sysstat

x86info

puppet

$SNIPPET('func_install_if_enabled')

%post

$SNIPPET('log_ks_post')

kill_service_list='S00microcode_ctl S19rpcgssd S26hiddS11auditd S22messagebus S90xfs S12restorecond S28autofsS25bluetooth S95atd S05kudzu S25netfs S56cups S97yum-updatesdS06cpuspeed S13portmap S25pcscd S56rawdevices S98avahi-daemonS08ip6tables S14nfslock S26acpid S08iptables S15mdmonitor S26apmdS80sendmail S08mcstrans S18rpcidmapd S26haldaemon S85gpmS99smartd'

for service in $kill_service_list

do

k_service=`echo $service |sed 's/^S/K/'`

if [[-f /etc/rc3.d/$service ]]; then

mv/etc/rc3.d/$service /etc/rc3.d/$k_service

fi

done

/sbin/chkconfig --level 345 puppet on

/usr/sbin/puppetd --test

# Start yum configuration

$yum_config_stanza

# End yum configuration

$SNIPPET('post_install_kernel_options')

$SNIPPET('post_install_network_config')

$SNIPPET('func_register_if_enabled')

$SNIPPET('download_config_files')

$SNIPPET('koan_environment')

$SNIPPET('redhat_register')

$SNIPPET('cobbler_register')

# Enable post-install boot notification

$SNIPPET('post_anamon')

# Start final steps

$kickstart_done

# End final steps

参考:

UserDocs: https://fedorahosted.org/cobbler/wiki/UserDocs

Cobbler on Centos with Vmware:http://www.jedi.be/blog/2009/03/19/cobbler-on-centos-with-vmware/

Cobbler Documentation, examples and use of Cobbler LinuxProvisioning System: http://openskill.info/topic.php?ID=201

转载于:https://blog.51cto.com/jiangzhi2013/1254031