运维自动化之Cobbler安装配置
系统版本 CentOS release 6.9 (Final)
内核版本 2.6.32-696.el6.x86_64
首次编辑 2017-11-14
Cobbler是一个快速网络安装linux的服务,而且在经过调整也可以支持网络安装windows。该工具使用python开发,小巧轻便(才15k行代码),使用简单的命令即可完成PXE网络安装环境的配置,同时还可以管理DHCP,DNS,以及yum包镜像。
Cobbler支持命令行管理,web界面管理,还提供了API接口,可以方便二次开发使用。
和Kickstart不同的是,使用cobbler不会因为在局域网中启动了dhcp而导致有些机器因为默认从pxe启动在重启服务器后加载tftp内容导致启动终止。
1 Cobbler的安装部署配置
1.1环境准备:
Cobbler is packaged for RHEL variants through the Fedora EPEL (Extra Packages for Enterprise Linux) system. Follow the directions there to install the correct repo RPM for your RHEL version and architecture
1.1.1安装epel源
yum install -y epel* lrzsz
1.1.2安装dhcp服务
yum -y install dhcp tftp rsync xinetd httpd pykickstart fence-agents
1.1.3其他服务的安装
额外需要的服务还有tftp,rsync,xinetd,httpd。所以如果安装系统的时候如果这几个包没装上,请手动安装。
1.1.4关闭selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0
关闭后最好重启一下,让selinux的设置生效
1.1.5安装Cobbler
yum -y install cobbler
2.配置Cobbler
2.1 启动cobbler
/etc/init.d/cobblerd restart
/etc/init.d/httpd restart
2.2检查配置
cobbler check
2.2.1 检查后会出现类似于这样的日志
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in /etc/xinetd.d/rsync
6 : since iptables may be running, ensure 69, 80/443, and 25151 are unblocked
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
10:file /etc/xinetd.d/rsync dose not exist.
Restart cobblerd and then run 'cobbler sync' to apply changes.
2.2.2 检查故障
2.2.2.1解决需求1
openssl passwd -1 -salt 'werwqerwqr' 'yourpassword'
$1$werwqerw$yourpassword
–yourpassword为密码(这是自动安装客户端系统成功后的root登录密码),werwqerwqr为随机字节干扰码(随便写)
1
1
1werwqerw$.prcfrYFbwuvkD8XspayN.
2.2.2.2需求2,需求8:
vim /etc/cobbler/settings
384 server: 192.168.0.111 --换成cobbler服务器端的IP
272 next_server: 192.168.0.111 --同上
101 default_password_crypted: "$1$werwqerw$.prcfrYFbwussadsadfvkD8XspayN."
--把密码字符串换成你上面产生的字符串(此密码为客户机安装后的root登录密码)
可以通过以下命令
cp /etc/cobbler/settings{,.bak}
sed -i 's/server:\ 127.0.0.1/server:\ 192.168.0.111/' /etc/cobbler/settings
sed -i 's/next_server:\ 127.0.0.1/next_server:\ 192.168.0.111/' /etc/cobbler/settings
sed -i 's/\$1\$mF86\/UHC\$WvcIcX2t6crBz2onWxyac./\$1\$werwqerw\$VZwu4WrasdGTASDWs2f8ivssssa1UPOIL1/' /etc/cobbler/settings
/etc/init.d/cobblerd restart
--修改后重启
2.2.2.3解决需求3
关闭selinux
vim /etc/selinux/config
--把下面的改成disabled,然后reboot你的系统
SELINUX=disabled
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
–如果真的要完全关闭,必须按上面的操作并重启生效;如果你觉得麻烦,可以使用setenforce 0
暂时代替
2.2.2.4解决需求5
vim /etc/xinetd.d/rsync
disable = no --yes改为no
sed -i 's/disable\t=\ yes/disable\t=\ no/g' /etc/xinetd.d/rsync
sed -i 's/disable\t\t\t=\ yes/disable\t\t\t=\ no/g' /etc/xinetd.d/tftp
2.2.2.5解决需求6
/etc/init.d/iptables stop
chkconfig iptables off
或者开启iptables,但要开放69, 80/443, 25151这几个端口
2.2.2.6解决需求9
yum install fence-agents
2.2.2.7解决需求10
chkconfig rsync on
重启 xinetd
service xinetd restart
命令整合
cp /etc/cobbler/settings{,.bak}
sed -i 's/server:\ 127.0.0.1/server:\ 192.168.0.111/' /etc/cobbler/settings
sed -i 's/next_server:\ 127.0.0.1/next_server:\ 192.168.0.111/' /etc/cobbler/settings
sed -i 's/\$1\$mF86\/UHC\$WvcIcX2t6crBz2onWxyac./\$1\$werwqerw\$VZwu4WrGTA2f8iv15553UPOIL1/' /etc/cobbler/settings
sed -i 's/disable\t=\ yes/disable\t=\ no/g' /etc/xinetd.d/rsync
sed -i 's/disable\t\t\t=\ yes/disable\t\t\t=\ no/g' /etc/xinetd.d/tftp
/etc/init.d/iptables stop
chkconfig iptables off
cobbler get-loaders
service xinetd restart
/etc/init.d/cobblerd restart
1.2.8.1主要的修改:
1,编辑/etc/cobbler/settings文件,找到 server选项,修改为适当的ip地址,本实例配置ip为:192.168.0.111
2,编辑/etc/cobbler/settings文件,找到 next_server选项,修改为适当的ip地址,本实例配置ip为:192.168.0.111
3,SELinux的设置。如果上面已经关闭了SELinux就不用管了
4,执行 cobbler get-loaders,系统将自动下载loader程序,完成提示4的修复工作。
5,编辑/etc/xinetd.d/tftp文件,将文件中的disable字段的配置由yes改为no
6,编辑/etc/xinetd.d/rsync文件,将文件中的disable字段的配置由yes改为no
7,在iptables中将69,80,25151端口打开。如果仅仅只是在内部环境中使用,建议直接将防火墙关掉
8,提示说debmirror没安装。如果不是安装 debian之类的系统,此提示可以忽略,如果需要安装,下载地址为:http://rpmfind.net/linux/rpm2html/search.php?query=debmirrorCentOS 6使用RHEL 5的包就可以。
9,修改cobbler用户的默认密码,可以使用如下命令生成密码,并使用生成后的密码替换/etc/cobbler/settings中的密码。生成密码命令:openssl passwd -1 -salt ‘random-phrase-here’ 'your-password-here’其中“random-phrase-here”为干扰码
所有提示全部fix之后,执行
/etc/init.d/cobblerd restart
mkdir /iso
mount -o loop /dev/cdrom /iso
ls /var/www/cobbler/ks_mirror/
config
cobbler import --path=/iso/ --name=centos6.9
ls /var/www/cobbler/ks_mirror/
centos6.9
sed -i '242s/0/1/' /etc/cobbler/settings
只修改下面这一段,改成你自己对应的IP和网段就可以了 见图
vim /etc/cobbler/dhcp.template
subnet 192.168.0.0 netmask 255.255.255.0 { --改你分配的网段,掩码
option routers 192.168.0.2; --改你分配的网关
option domain-name-servers 192.168.0.2; --改你分配的DNS指向
option subnet-mask 255.255.255.0; --改你分配的IP的掩码
range dynamic-bootp 192.168.0.200 192.168.0.254; --改你分配的IP的范围
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}