文章目录
- 实施步骤如下:
- 一、前置任务
- 二、安装cobbler
- 三、上传镜像
- 四、创建kickstart文件,用于服务器自动化安装
- 五、禁止cobbler接管DHCP
- 六、 注意: 下面是批量重装的操作步骤:
- 6.1、登陆192.168.3.55这台主机,来到目/root/system_redo下,先运行export_rec_srv.py这个python脚本,目的是从cmdb上获取buffer分组中状态为已回收的物理服务器信息,分别写入同目录下的system_redo.list和/var/www/html/ks_recognize目录下的init文件中。(system_redo.list文件中记录了物理服务器的ipmi地址、业务ip、原厂序列号。init文件中存放了物理机的业务ip和原厂序列号,该文件的用途是物理机在重装过程中根据自身的原厂序列号从init文件中获得对应的业务ip,并将bond网口配上这个业务ip)
实施步骤如下:
一、前置任务
1.1 关闭selinux和firewall
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/\(SELINUX=\)enforcing/\1disabled/g' /etc/selinux/config
1.2 双网卡地址
eth0: 192.168.3.55
eth1: 192.168.6.230
1.3 添加路由,vim /etc/rc.d/rc.local
ip route add 192.168.0.224/27 via 192.168.3.254 dev eth0
ip route add 192.168.1.128/25 via 192.168.3.254 dev eth0
ip route add 192.168.6.128/25 via 192.168.3.254 dev eth0
ip route add 192.168.0.28 via 192.168.3.254 dev eth0
ip route add 192.168.0.8 via 192.168.3.254 dev eth0
ip route add 192.168.1.224/27 via 192.168.3.254 dev eth0
二、安装cobbler
2.1 安装包
yum -y install epel-release
yum -y install cobbler cobbler-web tftp-server dhcp httpd xinetd
systemctl enable httpd cobblerd
systemctl start httpd cobblerd
2.2 检查配置
[root@cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
2.3 逐一解决上面检查结果中的问题
# 设置可以动态修改配置文件
[root@cobbler ~]# sed -ri '/allow_dynamic_settings:/c\allow_dynamic_settings: 1' /etc/cobbler/settings
[root@cobbler ~]# grep allow_dynamic_settings /etc/cobbler/settings
allow_dynamic_settings: 1
[root@cobbler ~]# systemctl restart cobblerd
1. server
[root@cobbler ~]# cobbler setting edit --name=server --value=192.168.3.55
2. next_server
[root@cobbler ~]# cobbler setting edit --name=next_server --value=192.168.3.55
3. tftp_server
[root@cobbler ~]# sed -ri '/disable/c\disable = no' /etc/xinetd.d/tftp
[root@cobbler ~]# systemctl enable xinetd
[root@cobbler ~]# systemctl restart xinetd
4. boot-loaders
[root@cobbler ~]# cobbler get-loaders
5. rsyncd
[root@cobbler ~]# systemctl start rsyncd
[root@cobbler ~]# systemctl enable rsyncd
6. debmirror [optional]
# 这个是可选项的,可以忽略。这里就忽略了
7. pykickstart
[root@cobbler ~]# yum -y install pykickstart
8. default_password_crypted #注意:这里设置的密码,也就是后面安装完系统的初始化登录密码
[root@cobbler ~]# openssl passwd -1 -salt `openssl rand -hex 4` 'admin'
$1$675f1d08$oJoAMVxdbdKHjQXbGqNTX0
[root@cobbler ~]# cobbler setting edit --name=default_password_crypted --value='$1$675f1d08$oJoAMVxdbdKHjQXbGqNTX0'
9. fencing tools [optional]
[root@cobbler ~]# yum -y install fence-agents
2.4 配置DHCP
[root@cobbler ~]# cobbler setting edit --name=manage_dhcp --value=1
# 修改cobbler的dhcp模块,不要直接修改dhcp本身的配置文件,因为cobbler会覆盖
[root@cobbler ~]# vim /etc/cobbler/dhcp.template
...
subnet 192.168.3.0 netmask 255.255.255.0 { #这里改为分配的网段和掩码
#option routers 192.168.3.254; #如果有网关,这里改为网关地址
#option domain-name-servers 192.168.10.78; #如果有DNS,这里改为DNS地址
option subnet-mask 255.255.255.0; #改为分配的IP的掩码
range dynamic-bootp 192.168.3.231 192.168.3.239; #改为分配的IP的范围
...
2.5 同步cobbler配置
[root@cobbler ~]cobbler sync
完成上面步骤后,客户端的服务器此时以pxe网络引导启动的话,就可以看到cobbler的引导界面,但此时由于还没有上传系统镜像和添加Kickstart文件,所以还不能引导安装,接下进行镜像上传操作。
三、上传镜像
3.1 创建挂载目录,并挂载上传到cobbler服务器的系统镜像
[root@cobbler ~]mkdir /home/mnt/centos-7.5
[root@cobbler ~]mount -t iso9660 /home/iso/CentOS-7-x86_64-1804.iso /home/mnt/centos-7.5/
3.2 导入镜像
cobbler import --path=/home/mnt/centos-7.5 --name=centos7.5 --arch=x86_64 # 上传镜像
cobbler distro report --name=centos-7.5-x86_64 # 查看上传的镜像详情
在CentOS7上以yum方式安装的cobbler,在执行上传镜像时可能会报错,这里请按下面的方法解决
cd /usr/lib/python2.7/site-packages/cobbler/modules
cat -n sync_post_restart_services.py
35行 dhcp_restart_command = "service %s restart" % dhcp_service_name
#拷贝到临时目录,后面用于修改
cp sync_post_restart_services.py /tmp/
#备份三个原文件
mv sync_post_restart_services.py{,.ori}
mv sync_post_restart_services.pyc{,.ori}
mv sync_post_restart_services.pyo{,.ori}
cd /tmp/
vim sync_post_restart_services.py
#将35行改成下面这样
dhcp_restart_command = "/usr/bin/systemctl restart %s " % dhcp_service_name
#然后编译python文件
python -m compileall sync_post_restart_services.py
python -O -m compileall sync_post_restart_services.py
#最后把编译后的文件拷回原目录
cp sync_post_restart_services.py* /usr/lib/python2.7/site-packages/cobbler/modules
#重启cobblerd服务
systemctl restart cobblerd
四、创建kickstart文件,用于服务器自动化安装
4.1 kickstart文件的内容如下:
# platform=x86, AMD64, or Intel EM64T
# version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$Vz4b/XkU$ZSziSKua9YavcOiEr6C680
# Use network installation
#url --url="http://192.168.3.55/cblr/links/CentOS7-x86_64/"
#url --url="http://192.168.3.55/CentOS-7.2/"
url --url="http://192.168.3.55/centos-7.5/"
# System language
lang zh_CN
# Firewall configuration
firewall --disabled
# System authorization information
auth --useshadow --passalgo=sha512
# Use graphical install
#logging
#logging --host=192.168.3.58 --port=514 --level=error
#graphical
text
firstboot --disable
# SELinux configuration
selinux --disabled
# Reboot after installation
#reboot
# System timezone
timezone Asia/Shanghai
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
#part /boot --fstype="xfs" --size=200 --onbiosdisk=80
#part pv.10 --fstype="lvmpv" --grow --size=1 --onbiosdisk=80
# new one
ignoredisk --only-use=sda
#part /boot --fstype="xfs" --size=200
part /boot --fstype="ext4" --size=200
part pv.10 --fstype="lvmpv" --grow --size=1
# done
volgroup centos --pesize=4096 pv.10
logvol / --fstype="xfs" --size=20480 --name=root --vgname=centos
logvol /usr --fstype="xfs" --size=20480 --name=usr --vgname=centos
logvol /var --fstype="xfs" --size=20480 --name=var --vgname=centos
logvol swap --fstype="swap" --size=4096 --name=swap --vgname=centos
logvol /home --fstype="xfs" --grow --size=1 --name=home --vgname=centos
%packages
@^minimal
@core
%end
# %pre
# echo '*.* @@192.168.3.58:514' > /etc/rsyslog.d/remote.conf
# systemctl restart rsyslog
# %end
%post --interpreter=/usr/bin/python
#!/usr/bin/env python
import os
import urllib2
import re
import copy
ls = os.linesep
# 获取服务器的出厂序列号,用于根据序列号来获得该服务器的原有IP地址
def find_SN_no():
sn = os.popen("dmidecode -s system-serial-number | grep -v '#'").read().strip('\n')
return sn
# 访问192.168.3.55/ks_recognize/init这个url,上面有本次要重装系统的服务器的IP和SN号对应关第,根据SN号查到该服务器的业务IP
def self_recognize():
sn = find_SN_no()
url = 'http://192.168.3.55/ks_recognize/init'
response = urllib2.urlopen(url)
for line in response:
if re.search(sn, line.rstrip().decode('utf-8')):
ip = line.split()[0]
break
return ip
# 根据服务器的IP地址所处网段,返回包含两个DNS地址的列表
def get_dns(ip):
str = '.'
a = ip.split(str)[:2]
a.append('0')
b = copy.deepcopy(a)
a.append('3')
b.append('13')
print str.join(a), str.join(b)
return [str.join(a), str.join(b)]
# 根据服务器所处网段,返回该网段的网关地址
def get_gw(ip):
str = '.'
a = ip.split(str)[:2]
a.append('254')
print str.join(a)
return str.join(a)
# 该方法为物理服务器使用,将物理网卡绑定,并给绑定后的网卡配置IP
def set_bond_network():
base_path = '/etc/sysconfig/network-scripts'
if not os.path.isdir(os.path.join(base_path, 'backup')):
os.system('mkdir -p ' + os.path.join(base_path, 'backup')) # 创建备份目录
nic_name = [] # 存放物理网卡名的临时序列
pattern = re.compile('eno[012]|ens[01]|em[12]|eth[01]') # 创建用于筛选物理网卡名的正则模式
for i in os.popen('ls ' + base_path).readlines(): # ls出/etc/sysconfig/network-scripts/目录下的文件,挑出物理网卡配置文件
if pattern.search(i):
os.system('mv ' + os.path.join(base_path, i.strip('\n')) + " " + os.path.join(base_path, "backup")) # 备份网卡的原文件
nic_name.append(i.strip('\n')) # 将网卡名添加到一个列表中,让下面的for循环来遍历这些网卡,并修改配置
# 下面开始设置物理网卡,遍历物理网卡,将它们绑定到bond0网卡上
for i in nic_name:
f = open(os.path.join(base_path, i), 'w')
realname = pattern.search(i).group()
line_1 = "DEVICE=" + realname + '\n'
lines = line_1 = 'TYPE=Ethernet\nBOOTPROTO=none\nONBOOT=yes\nMASTER=bond0\nSLAVE=yes'
f.write(lines)
f.close()
# 下面开始给bond0绑定网卡配置IP、子网掩码、网关
ip = self_recognize() # 提取物理机的IP
dns = get_dns(ip) # 根据物理机的IP,提取DNS
gw = get_gw(ip) # 根据物理机的IP,提取网关
bond0_line = 'DEVICE=bond0\nTYPE=Ethernet\nBOOTPROTO=static\nONBOOT=yes\nUSERCTL=no\nBONDING_OPTS="miimon=100 mode=4 xmit_hash_policy=layer3+4"\nBONDING_MASTER=yes\n' + "IPADDR=" + ip + '\n' + 'PREFIX=24\n' + 'GATEWAY=' + gw + '\n' + 'DOMAIN=aliyiyun.net\n'
for i in range(len(dns)):
line = "DNS" + str(i+1) + "=" + dns[i] + '\n'
bond0_line = bond0_line + line
f = open(os.path.join(base_path, "ifcfg-bond0"), 'w')
f.write(bond0_line)
f.close()
set_hostname(ip)
# 下面的方法用于设定虚拟机的IP,因为虚拟机不需要网卡绑定,所以直接在网卡上设定IP、子网掩码、网关和DNS
def set_single_network():
base_path = '/etc/sysconfig/network-scripts'
pattern = re.compile('eno0|ens0|em1|eth0')
nic_name = pattern.findall(os.popen("ls " + base_path).read().strip('\n'))[0]
f = open(os.path.join(base_path, "ifcfg-" + nic_name), 'a')
ip = self_recognize()
dns = get_dns(ip)
gw = get_gw(ip)
ip_line = "IPADDR=" + ip + '\n' + 'NETMASK=255.255.255.0\n' + 'GATEWAY=' + gw + '\n' + 'DOMAIN=aliyiyun.net\n'
f.write(ip_line)
for i in range(len(dns)):
line = "DNS" + str(i+1) + "=" + dns[i] + '\n'
f.write(line)
f.close()
os.system("sed -i 's/ONBOOT=no/ONBOOT=yes/g' " + os.path.join(base_path, "ifcfg-" + nic_name))
os.system("sed -i 's/BOOTPROTO=dhcp/BOOTPROTO=static/g' " + os.path.join(base_path, "ifcfg-" + nic_name))
set_hostname(ip)
# 下面的方法给服务器(包括物理机和虚拟机)配置yum源文件
def set_yum_repo():
line = '''
[centos]
name=CentOS RPMS Repo
baseurl=http://yum.aliyiyun.net/centos/$releasever/$basearch/
gpgcheck=0
enable=1
[epel]
name=CentOS epel-release Repo
baseurl=http://yum.aliyiyun.net/epel-release/$releasever/
gpgcheck=0
enable=1
[centos7-1611-update]
name=CentOS-Update RPMS Repo
baseurl=http://yum.aliyiyun.net/centos/$releasever/$basearch/update
gpgcheck=0
enable=1
'''
os.system("rm -rf /etc/yum.repos.d/*")
f = open("/etc/yum.repos.d/Centos-LW.repo", 'w')
f.write(line)
f.close
os.system("yum clean all")
os.system("yum repolist")
# 安装salt-minion包的脚本
def install_salt_minion():
os.system("yum repolist")
os.system("yum install -y salt-minion")
os.system("systemctl enable salt-minion")
# 设定主机前缀的方法
def distinguish_type():
flag = os.popen("dmidecode | grep 'Product Name' | grep 'HVM' | wc -l").read().strip('\n')
if flag == '1':
host_prefix = 'v'
else:
host_prefix = 's'
return host_prefix
# 设定主机名的方法
def set_hostname(ip):
ip_list = ip.split('.')
part_3 = "%03d" %int(ip_list[2])
part_4 = "%03d" %int(ip_list[3])
host_prefix = distinguish_type()
if ip_list[1] == '17':
site = 'mc3'
elif ip_list[1] == '15':
site = 'mc2'
elif ip_list[1] == '16' and not re.search('13[0-9]', ip_list[2]):
site = 'mc1'
elif ip_list[1] == '16' and re.search('13[0-9]', ip_list[2]):
site = 'yn1'
else:
site = 'unknown'
hostname = host_prefix + part_3 + part_4 + '.' + site
os.system("hostnamectl set-hostname " + hostname)
os.system("echo " + hostname + " > /etc/hostname")
if __name__ == '__main__':
host_type = distinguish_type()
ip = self_recognize()
set_hostname(ip)
if host_type == 'v':
set_single_network()
else:
set_bond_network()
# install_salt_minion()
# set
%end
五、禁止cobbler接管DHCP
5.1 因为cobbler安装完成后默认会接管DHCP,但是在生产环境中启动DHCP可能会造成服务器意外获得IP并造成一些问题,如不需重装的服务器重启意外进入PXE引导并自动重装系统,这是不安全的。所以需要禁止cobbler服务接管DHCP服务。要实现这个目的,需要关闭cobbler的DHCP功能,方法如下:
5.1.1 修改/etc/cobbler/settings这个配置文件,将下面的选项值改为0
manage_dhcp: 0
restart_dns: 0
restart_dhcp: 0
always_write_dhcp_entries: 0
5.1.2 修改DHCP配置文件/etc/dhcp/dhcpd.conf,文件内容改成如下:
subnet 192.168.3.0 netmask 255.255.255.0 {
option routers 192.168.3.254;
option domain-name-servers 192.168.10.78;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.3.231 192.168.3.239;
default-lease-time 21600;
max-lease-time 43200;
next-server 192.168.3.55
filename "pxelinux.0";
}
subnet 192.168.6.0 netmask 255.255.255.0 {
option routers 192.168.6.254
option domain-name-servers 192.168.10.78;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.16.6.150 192.168.6.229;
default-lease-time 60;
max-lease-time 43200;
next-server 192.168.3.55;
filename "pxelinux.0";
}
注意:只在需要进行批量安装时启动dhcp服务,平时则务必确保关闭dhcp服务,否则会出大事!!
[root@cobbler ~]systemctl restart dhcpd
六、 注意: 下面是批量重装的操作步骤:
6.1、登陆192.168.3.55这台主机,来到目/root/system_redo下,先运行export_rec_srv.py这个python脚本,目的是从cmdb上获取buffer分组中状态为已回收的物理服务器信息,分别写入同目录下的system_redo.list和/var/www/html/ks_recognize目录下的init文件中。(system_redo.list文件中记录了物理服务器的ipmi地址、业务ip、原厂序列号。init文件中存放了物理机的业务ip和原厂序列号,该文件的用途是物理机在重装过程中根据自身的原厂序列号从init文件中获得对应的业务ip,并将bond网口配上这个业务ip)
./export_rec_srv.py
6.2、再执行ipmi_t_connect.sh脚本,目的是测system_redo.list清单文件中记录的物理主机的ipmi端口是否连通
sh ipmi_t_connect.sh
6.3、最后执行ipmi_pxe_reboot.sh这个脚本,脚本将会将system_redo.list清单中列出的服务器重启并使用PXE引导,进行远程重装
sh ipmi_pxe_reboot.sh