前言
本篇文章介绍的是自动化运维-基于COBBLER自动安装操作系统,内容如下:
- COBBLER简介
- COBBLER部署
- COBBLER管理
- 安装操作系统
- WEB界面管理
- COBBLER简介
什么是COBBLER
Cobbler是一款快速的网络系统部署工具,其最大的特点是集合了所有系统部署所需要的服务,比如DHCP、DNS、TFTP,这样你在部署一台操作系统的时候不需要在各个服务之前协调切换,Cobbler都可以替你来管理。Cobbler内部集成了一个镜像版本仓库,你可以自定义相关配置文件,实现不同系统不同安装需求的选择。当然Cobbler还提供了包括yum源管理、Web界面管理、API接口、电源管理等功能,方便你自定义开发管理。
Cobbler客户端Koan支持虚拟机安装和操作系统重新安装,使重装系统更便捷。简单的说,Cobbler其实是对Kickstart的封装,简化安装步骤、使用流程,降低使用者的门槛。
COBBLER组成
Cobbler的配置结构基于一组注册的对象。每个对象表示一个与另一个实体相关联的实体(该对象指向另一个对象,或者另一个对象指向该对象)。当一个对象指向另一个对象时,它就继承了被指向对象的数据,并可覆盖或添加更多特定信息。
以下对象类型的定义为:
- 发行版(Distribution):表示一个操作系统。它承载了内核和 initrd 的信息,以及内核参数等其他数据;
- 配置文件(Profile):包含一个发行版、一个kickstart文件以及可能的存储库,还包含更多特定的内核参数等其他数据;
- 系统(System):表示要配给的机器。它包含一个配置文件或一个镜像,还包含IP和MAC地址、电源管理(地址、凭据、类型)以及更为专业的数据等信息;
- 存储库(Repository):保存一个yum或rsync存储库的镜像信息;
- 镜像(Image):可替换一个包含不属于此类别的文件的发行版对象(例如,无法分为内核和 initrd 的对象);
镜像(Image):可替换一个包含不属于此类别的文件的发行版对象(例如,无法分为内核和 initrd 的对象);
基于注册的对象以及各个对象之间的关联,Cobbler知道如何更改文件系统以反映具体配置。因为系统配置的内部是抽象的,所以我们可以仅关注想要执行的操作。
cobbler各对象的关系:
COBBLER工作流程
server端
第一步,启动Cobbler服务;
第二步,进行Cobbler错误检查——执行cobbler check命令;
第三步,进行配置同步——执行cobbler sync命令;
第四步,复制相关启动文件文件到TFTP目录中;
第五步,启动DHCP服务,提供地址分配;
第六步,DHCP服务分配IP地址;
第七步,TFTP传输启动文件;
第八步,Server端接收安装信息;
第九步,Server端发送ISO镜像与Kickstart文件;
客户端
第一步,客户端以PXE模式启动;
第二步,客户端获取IP地址;
第三步,通过TFTP服务器获取启动文件;
第四步,进入Cobbler安装选择界面;
第五步,客户端确定加载信息;
第六步,根据配置信息准备安装系统;
第七步,加载Kickstart文件;
第八步,传输系统安装的其它文件;
第九步,进行安装系统;
COBBLER部署
基础环境准备
系统和内核版本
[root@cobbler-node1 ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@cobbler-node1 ~]# uname -r
3.10.0-327.el7.x86_64
关闭selinux和防火墙
[root@cobbler-node1 ~]# getenforce
Disabled
[root@cobbler-node1 ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
主机名和IP地址
1
2
3
4
[root@cobbler-node1 ~]# ifconfig eth0|awk -F'[: ]+' 'NR==2{print $3}'
192.168.56.200
[root@cobbler-node1 ~]# hostname
cobbler-node1.devopssec.cn
修改epel源
cobbler安装必须使用epel源
[root@cobbler-node1 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
检查是否有epel源
[root@cobbler-node1 ~]# yum repolist epel
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
repo id repo name status
!epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,472
repolist: 13,472
安装cobbler所需软件
1
[root@cobbler-node1 ~]# yum install -y cobbler cobbler-web pykickstart httpd tftp dhcp xinetd
所安软件作用
cobbler #cobbler程序包
cobbler-web #cobbler的web服务包
pykickstart #cobbler检查kickstart语法错误
httpd #Apache web服务
tftp #tftp服务
dhcp #dhcp服务
cobbler安装的主要目录及配置文件
[root@Cobbler-node ~]# rpm -ql cobbler
/etc/cobbler # 配置文件目录
/etc/cobbler/settings # cobbler主配置文件
/etc/cobbler/dhcp.template # DHCP服务的配置模板
/etc/cobbler/tftpd.template # tftp服务的配置模板
/etc/cobbler/rsync.template # rsync服务的配置模板
/etc/cobbler/iso # iso模板配置文件目录
/etc/cobbler/pxe # pxe模板文件目录
/etc/cobbler/power # 电源的配置文件目录
/etc/cobbler/users.conf # Web服务授权配置文件
/etc/cobbler/users.digest # web访问的用户名密码配置文件
/etc/cobbler/dnsmasq.template # DNS服务的配置模板
/etc/cobbler/modules.conf # Cobbler模块配置文件
/var/lib/cobbler # Cobbler数据目录
/var/lib/cobbler/config # 配置文件
/var/lib/cobbler/kickstarts # 默认存放kickstart文件
/var/lib/cobbler/loaders # 存放的各种引导程序
/var/www/cobbler # 系统安装镜像目录
/var/www/cobbler/ks_mirror # 导入的系统镜像列表
/var/www/cobbler/images # 导入的系统镜像启动文件
/var/www/cobbler/repo_mirror # yum源存储目录
/var/log/cobbler # 日志目录
/var/log/cobbler/install.log # 客户端系统安装日志
/var/log/cobbler/cobbler.log # cobbler日志
配置COBBLER
cobbler的运行依赖于dhcp、tftp、rsync及dns服务,其中dhcp可由dhcpd(isc)提供,也可由dnsmasq提供;tftp可由tftp-server程序包提供,也可由cobbler功能提供,rsync有rsync程序包提供,dns可由bind提供,也可由dnsmasq提供
cobbler可自行管理这些服务中的部分甚至是全部,但需要配置/etc/cobbler/settings文件中的“manange_dhcp”、“manager_tftpd”、“manager_rsync”、“manager_dns”分别来进行定义,另外,由于各种服务都有着不同的实现方式,如若需要进行自定义,需要通过修改/etc/cobbler/modules.conf配置文件中各服务的模块参数的值来实现。
修改httpd.conf配置文件
[root@cobbler-node1 ~]# sed -i.bak "s/#ServerName www.example.com:80/ServerName 127.0.0.1:80/g" /etc/httpd/conf/httpd.conf
[root@cobbler-node1 ~]# grep ^ServerName /etc/httpd/conf/httpd.conf
ServerName 127.0.0.1:80
启动httpd和cobbler
[root@cobbler-node1 ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@cobbler-node1 ~]# systemctl start httpd.service
[root@cobbler-node1 ~]# systemctl status cobblerd.service
● cobblerd.service - Cobbler Helper Daemon
Loaded: loaded (/usr/lib/systemd/system/cobblerd.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2019-01-22 10:58:54 CST; 30s ago
Process: 2439 ExecStartPost=/usr/bin/touch /usr/share/cobbler/web/cobbler.wsgi (code=exited, status=0/SUCCESS)
Main PID: 2438 (cobblerd)
CGroup: /system.slice/cobblerd.service
└─2438 /usr/bin/python2 -s /usr/bin/cobblerd -F
Jan 22 10:58:54 cobbler-node1.devopssec.cn systemd[1]: Starting Cobbler Helper Daemon...
Jan 22 10:58:54 cobbler-node1.devopssec.cn systemd[1]: Started Cobbler Helper Daemon.
[root@cobbler-node1 ~]# systemctl enable cobblerd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.
[root@cobbler-node1 ~]# systemctl start cobblerd.service
[root@cobbler-node1 ~]# systemctl status cobblerd.service
● cobblerd.service - Cobbler Helper Daemon
Loaded: loaded (/usr/lib/systemd/system/cobblerd.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2019-01-22 10:58:54 CST; 14s ago
Process: 2439 ExecStartPost=/usr/bin/touch /usr/share/cobbler/web/cobbler.wsgi (code=exited, status=0/SUCCESS)
Main PID: 2438 (cobblerd)
CGroup: /system.slice/cobblerd.service
└─2438 /usr/bin/python2 -s /usr/bin/cobblerd -F
Jan 22 10:58:54 cobbler-node1.devopssec.cn systemd[1]: Starting Cobbler Helper Daemon...
Jan 22 10:58:54 cobbler-node1.devopssec.cn systemd[1]: Started Cobbler Helper Daemon.
检查配置文件
注意:需要在cobblerd和httpd启动的情况下检查。然后检查存在的问题,逐一解决
[root@cobbler-node1 ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
解决问题方法
(1)修改/etc/cobbler/settings文件中的server参数的值为提供cobbler服务的主机相应的IP地址或主机名,如server: 192.168.56.200;
[root@cobbler-node1 ~]# grep ^server /etc/cobbler/settings
server: 127.0.0.1
[root@cobbler-node1 ~]# sed -i.bak ‘s/server: 127.0.0.1/server: 192.168.56.200/’ /etc/cobbler/settings
[root@cobbler-node1 ~]# grep ^server /etc/cobbler/settings
server: 192.168.56.200
(2)修改/etc/cobbler/settings文件中的next_server参数的值为提供PXE服务的主机相应的IP地址,如next_server: 192.168.56.200;
[root@cobbler-node1 ~]# sed -i 's/next_server: 127.0.0.1/next_server: 192.168.56.200/' /etc/cobbler/settings
node1
(3)开启TFTP服务修改/etc/xinetd.d/tftp文件中的disable参数修改为 disable = no
[root@cobbler-node1 ~]# sed -i "/disable/s#yes#no#g" /etc/xinetd.d/tftp
[root@cobbler-node1 ~]# cat /etc/xinetd.d/tftp
\# default: off
\# description: The tftp server serves files using the trivial file transfer \
\# protocol. The tftp protocol is often used to boot diskless \
\# workstations, download configuration files to network-aware printers, \
\# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
(4)运cobbler get-loader下载一些网络引导文件;否则,需要安装syslinux程序包,而后复制/usr/share/syslinux/{pxelinux.0,memu.c32}等文件至/var/lib/cobbler/loaders/目录中;
[root@cobbler-node1 ~]# ll /var/lib/cobbler/loaders/
total 0
[root@cobbler-node1 ~]# cobbler get-loaders
task started: 2019-01-22_110702_get_loaders
task started (id=Download Bootloader Content, time=Tue Jan 22 11:07:02 2019)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@cobbler-node1 ~]# ll /var/lib/cobbler/loaders/
total 1128
-rw-r--r-- 1 root root 631 Nov 23 18:11 COPYING.elilo
-rw-r--r-- 1 root root 18007 Nov 23 18:11 COPYING.syslinux
-rw-r--r-- 1 root root 626 Nov 23 18:11 COPYING.yaboot
-rw-r--r-- 1 root root 356493 Nov 23 18:11 elilo-ia64.efi
-rw-r--r-- 1 root root 243679 Nov 23 18:11 grub-x86_64.efi
-rw-r--r-- 1 root root 237224 Nov 23 18:11 grub-x86.efi
-rw-r--r-- 1 root root 54964 Nov 23 18:11 menu.c32
-rw-r--r-- 1 root root 16794 Nov 23 18:11 pxelinux.0
-rw-r--r-- 1 root root 1054 Nov 23 18:11 README
-rw-r--r-- 1 root root 198236 Nov 23 18:11 yaboot
(5)启动rsync命令即可,rsync服务启动脚本;
[root@cobbler-node1 ~]# systemctl start rsyncd.service
[root@cobbler-node1 ~]# systemctl enable rsyncd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.
(7)如果有强迫症可以选择yum install –y debmirror然后根据错误进行解决,一般错误如下。
注释/etc/dedmirror.conf文件中的@dists=”sid”; @arches=”i386”;
[root@cobbler-node1 ~]# yum install -y debmirror
[root@cobbler-node1 ~]# egrep "dists|arches" /etc/debmirror.conf
# @dists="sid";
# @arches="i386";
# @di_dists="dists";
# @di_archs="arches";
(8)创建系统初始化后的root密码
[root@cobbler-node1 ~]# openssl passwd -1 -salt 'cobbler' 'cobbler'
$1$cobbler$M6SE55xZodWc9.vAKLJs6.
[root@cobbler-node1 ~]# grep -n "default_password_crypted" /etc/cobbler/settings
101:default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
#替换/etc/cobbler/setting内的default_password_crypted
[root@cobbler-node1 ~]# grep -n "default_password_crypted" /etc/cobbler/settings
101:default_password_crypted: "$1$cobbler$M6SE55xZodWc9.vAKLJs6."
(9)电源模块支持
[root@cobbler-node1 ~]# yum install -y cman fence-agents
最后重启服务
[root@cobbler-node1 ~]# systemctl start xinetd.service
[root@cobbler-node1 ~]# systemctl restart cobblerd.service
#再次检查
[root@cobbler-node1 ~]# cobbler check
No configuration problems found. All systems go.
配置DHCP
使用cobbler管理dhcp
[root@cobbler-node1 ~]# sed -i 's#manage_dhcp: 0#manage_dhcp: 1#g' /etc/cobbler/settings
#修改cobbler的dhcp模版
[root@cobbler-node1 ~]# egrep -v '#|^$' /etc/cobbler/dhcp.template
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.56.0 netmask 255.255.255.0 {
option routers 192.168.56.2;
option domain-name-servers 192.168.56.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.56.100 192.168.56.199;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
group {
host $iface.name {
option dhcp-client-identifier = $mac;
hardware ethernet $mac;
fixed-address $iface.ip_address;
option host-name "$iface.hostname";
option subnet-mask $iface.netmask;
option routers $iface.gateway;
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
filename "$iface.filename";
next-server $next_server;
}
}
同步COBBLER
# 重启cobbler服务
[root@cobbler-node1 ~]# systemctl restart cobblerd.service
# 同步最新cobbler配置,可以看具体做了哪些操作
[root@cobbler-node1 ~]# cobbler sync
task started: 2019-01-22_113201_sync
task started (id=Sync, time=Tue Jan 22 11:32:01 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
接下来,我们就可以在cobbler中加入一个完成的系统安装镜像
COBBLER管理
查看命令帮助
[root@cobbler-node1 ~]# cobbler
usage
=====
cobbler <distro|profile|system|repo|image|mgmtclass|package|file> ...
[add|edit|copy|getks*|list|remove|rename|report] [options|--help]
cobbler <aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version|signature|get-loaders|hardlink> [options|--help]
cobbler check 核对当前设置是否有问题
cobbler list 列出所有的cobbler元素
cobbler report 列出元素的详细信息
cobbler sync 同步配置到数据目录,更改配置最好都要执行下
cobbler reposync 同步yum仓库
cobbler distro 查看导入的发行版系统信息
cobbler system 查看添加的系统信息
cobbler profile 查看配置信息
管理distro
cobbler变得可用的第一步为定义distro,其可以通过为其指定外部的安装引导内核及ramdisk文件的方式实现。
如果已经有完成的安装树(如os的安装镜像)则推荐使用improt之间导入的方式进行。
# 挂在ISO光盘至服务器
[root@cobbler-node1 ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
# 导入镜像
[root@cobbler-node1 ~]# cobbler import --path=/mnt/ --name=CentOS-6.8-x86_64 --arch=x86_64
task started: 2019-01-23_195338_import
task started (id=Media import, time=Wed Jan 23 19:53:38 2019)
Found a candidate signature: breed=redhat, version=rhel6
Found a matching signature: breed=redhat, version=rhel6
Adding distros from path /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64:
creating new distro: CentOS-6.8-x86_64
trying symlink: /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64 -> /var/www/cobbler/links/CentOS-6.8-x86_64
creating new profile: CentOS-6.8-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64 for CentOS-6.8-x86_64
processing repo at : /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64
looking for /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/CentOS-6.8-x86_64/repodata
*** TASK COMPLETE ***
导入命令参数介绍:
cobbler import –path=/mnt/ –name=CentOS-6.8-x86_64 –arch=x86_64
–path:镜像路径
–name:为安装源定义一个名字
–arch:指定安装源是32位、64位、ia64, 目前支持的选项有: x86│x86_64│ia64
安装源的唯一标示就是根据name参数来定义,本例导入成功后,安装源的唯一标示就是:CentOS-6.8-x86_64。
镜像存放目录,cobbler会将镜像中的所有安装文件拷贝到本地一份,放在/var/www/cobbler/ks_mirror/下的CentOS-6.8-x86_64目录下。因此/var/www/cobbler目录必须具有足够容纳安装文件的空间。
[root@cobbler-node1 ~]# ll /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64
total 276
-r--r--r-- 1 root root 14 May 22 2016 CentOS_BuildTag
dr-xr-xr-x 3 root root 33 May 22 2016 EFI
-r--r--r-- 1 root root 212 Nov 27 2013 EULA
-r--r--r-- 1 root root 18009 Nov 27 2013 GPL
dr-xr-xr-x 3 root root 90 May 23 2016 images
dr-xr-xr-x 2 root root 4096 May 22 2016 isolinux
dr-xr-xr-x 2 root root 176128 May 23 2016 Packages
-r--r--r-- 1 root root 1359 May 22 2016 RELEASE-NOTES-en-US.html
dr-xr-xr-x 2 root root 4096 May 23 2016 repodata
-r--r--r-- 1 root root 1706 Nov 27 2013 RPM-GPG-KEY-CentOS-6
-r--r--r-- 1 root root 1730 Nov 27 2013 RPM-GPG-KEY-CentOS-Debug-6
-r--r--r-- 1 root root 1730 Nov 27 2013 RPM-GPG-KEY-CentOS-Security-6
-r--r--r-- 1 root root 1734 Nov 27 2013 RPM-GPG-KEY-CentOS-Testing-6
-r--r--r-- 1 root root 3380 May 23 2016 TRANS.TBL
# 列出所有的distro
[root@cobbler-node1 ~]# cobbler distro list
CentOS-6.8-x86_64
# 查看安装镜像文件信息
[root@cobbler-node1 ~]# cobbler distro report --name=CentOS-6.8-x86_64
Name : CentOS-6.8-x86_64
Architecture : x86_64
TFTP Boot Files : {}
Breed : redhat
Comment :
Fetchable Files : {}
Initrd : /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64/images/pxeboot/initrd.img
Kernel : /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64/images/pxeboot/vmlinuz
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart Metadata : {'tree': 'http://@@http_server@@/cblr/links/CentOS-6.8-x86_64'}
Management Classes : []
OS Version : rhel6
Owners : ['admin']
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Template Files : {}
# 导入distro会自动生成profile
[root@Cobbler-node ~]# cobbler profile list
CentOS-6.8-x86_64
# 查看cobbler系统仓库中的版本信息
[root@cobbler-node1 ~]# cobbler profile report
Name : CentOS-6.8-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : CentOS-6.8-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/sample_end.ks
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
# 这里显示此系统版本使用的是系统自带的kickstart文件
[root@cobbler-node1 ~]# ll /var/lib/cobbler/kickstarts/
total 56
-rw-r--r-- 1 root root 115 Nov 17 23:10 default.ks
-rw-r--r-- 1 root root 22 Nov 17 23:10 esxi4-ks.cfg
-rw-r--r-- 1 root root 22 Nov 17 23:10 esxi5-ks.cfg
drwxr-xr-x 2 root root 54 Jan 22 10:55 install_profiles
-rw-r--r-- 1 root root 1424 Nov 17 23:10 legacy.ks
-rw-r--r-- 1 root root 292 Nov 17 23:10 pxerescue.ks
-rw-r--r-- 1 root root 2825 Nov 17 23:10 sample_autoyast.xml
-rw-r--r-- 1 root root 1856 Nov 17 23:10 sample_end.ks
-rw-r--r-- 1 root root 0 Nov 17 23:10 sample_esx4.ks
-rw-r--r-- 1 root root 324 Nov 17 23:10 sample_esxi4.ks
-rw-r--r-- 1 root root 386 Nov 17 23:10 sample_esxi5.ks
-rw-r--r-- 1 root root 386 Nov 17 23:10 sample_esxi6.ks
-rw-r--r-- 1 root root 1913 Nov 17 23:10 sample.ks
-rw-r--r-- 1 root root 3419 Nov 17 23:10 sample_old.seed
-rw-r--r-- 1 root root 6658 Nov 17 23:10 sample.seed
如果有kickstart文件,也可以使用–kickstart=/path/to/kickstart_file进行导入,因此import会自动为导入的distro生成一个profile
管理profile
cobbler使用profile来为特定的需求类别提供锁需要安装的配置,即在distro的基础上通过提供kiskstart文件来生成一个特定的系统安装配置。distro的profile可以出现在pxe的引导菜单中作为安装的选择之一。默认是有kickstart文件的,所以edit,如果没有kickstart文件可以add
[root@cobbler-node1 ~]# cat /var/lib/cobbler/kickstarts/CentOS-6.8-x86_64.cfg
# Cobbler for Kickstart Configurator for CentOS 6.8 by Albert
# System language
lang en_US.UTF-8
# System keyboard
keyboard us
# System timezone
timezone --utc Asia/Shanghai
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree
#Clear the Master Boot Record
zerombr
#System bootloader configuration
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
$SNIPPET('network_config')
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $default_password_crypted
clearpart --all --initlabel
part /boot --fstype=ext4 --asprimary --size=200
part swap --size=1024
part / --fstype=ext4 --grow --asprimary --size=200
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@base
@compat-libraries
@core
@debugging
@development
@server-policy
@workstation-policy
python-dmidecode
sgpio
device-mapper-persistent-data
systemtap-client
tree
nmap
sysstat
lrzsz
dos2unix
telnet
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
%end
[root@cobbler-node1 ~]# cobbler profile edit --name=CentOS-6.8-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-6.8-x86_64.cfg #指定ks路径
[root@cobbler-node1 ~]# cobbler profile report --name=CentOS-6.8-x86_64
Name : CentOS-6.8-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : CentOS-6.8-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/CentOS-6.8-x86_64.cfg
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
如果系统是CentOS7系统网卡名变成eno…这种,为了运维标准化,我们需要修改为我们常用的eth0,使用下面的参数。但要注意是CentOS7才需要下面的步骤,CentOS6不需要。
# 挂载CentOS-7.5镜像,然后导入
[root@cobbler-node1 ~]# cobbler import --path=/mnt/ --name=CentOS-7.5-x86_64 --arch=x86_64
# 创建自动应答文件
[root@cobbler-node1 ~]# cat /var/lib/cobbler/kickstarts/CentOS-7.5-x86_64.cfg
# Cobbler for Kickstart Configurator for CentOS 7.5 by Albert
# System language
lang en_US.UTF-8
# System keyboard
keyboard us
# System timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree
#Clear the Master Boot Record
zerombr
#System bootloader configuration
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
# Network information
$SNIPPET('network_config')
#System authorization --enablemd5
authconfig --enableshadow --passalgo=sha512
#Partition clearing information
clearpart --all --initlabel
part /boot --fstype=xfs --asprimary --size=1024
part swap --size=1024
part / --fstype=xfs --grow --asprimary --size=200
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
iptraf
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
screen
gcc
glibc
gcc-c++
make
net-tools
psmisc
ntpdate
wget
curl
mtr
ethtool
tcpdump
bash-completion
%end
%post
systemctl disable postfix.service
%end
[root@cobbler-node1 ~]# cobbler profile edit --name=CentOS-7.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-7.5-x86_64.cfg
# 修改centos7内核,使网卡名称为eth0开始
[root@cobbler-node1 ~]# cobbler profile edit --name=CentOS-7.5-x86_64 --kopts='net.ifnames=0 biosdevname=0'
同步yum源
新部署机器安装yum源,并同步。建议使用内网yum源,在这里使用阿里云yum源
[root@cobbler-node1 ~]# cobbler repo add --name=base --mirror=http://mirrors.aliyun.com/centos/6/os/x86_64/Packages/ --arch=x86_64 --breed=yum
[root@cobbler-node1 ~]# cobbler reposync # 同步yum源
# 每次修改profile都需要同步
[root@cobbler-node1 ~]# cobbler sync
task started: 2017-03-11_225928_sync
task started (id=Sync, time=Sat Mar 11 22:59:28 2017)
running pre-sync triggers
cleaning trees
removing: /var/www/cobbler/images/opt-CentOS-6.8-x86_64
removing: /var/www/cobbler/images/CentOS-6.8-x86_64
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/images/opt-CentOS-6.8-x86_64
removing: /var/lib/tftpboot/images/CentOS-6.8-x86_64
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
copying distros to tftpboot
copying files for distro: opt-CentOS-6.8-x86_64
trying hardlink /var/www/cobbler/ks_mirror/opt/CentOS-6.8-x86_64/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/opt-CentOS-6.8-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/opt/CentOS-6.8-x86_64/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/opt-CentOS-6.8-x86_64/initrd.img
copying files for distro: CentOS-6.8-x86_64
trying hardlink /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/CentOS-6.8-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/CentOS-6.8-x86_64/initrd.img
copying images
generating PXE configuration files
generating PXE menu structure
copying files for distro: opt-CentOS-6.8-x86_64
trying hardlink /var/www/cobbler/ks_mirror/opt/CentOS-6.8-x86_64/images/pxeboot/vmlinuz -> /var/www/cobbler/images/opt-CentOS-6.8-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/opt/CentOS-6.8-x86_64/images/pxeboot/initrd.img -> /var/www/cobbler/images/opt-CentOS-6.8-x86_64/initrd.img
Writing template files for opt-CentOS-6.8-x86_64
copying files for distro: CentOS-6.8-x86_64
trying hardlink /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64/images/pxeboot/vmlinuz -> /var/www/cobbler/images/CentOS-6.8-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64/images/pxeboot/initrd.img -> /var/www/cobbler/images/CentOS-6.8-x86_64/initrd.img
Writing template files for CentOS-6.8-x86_64
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
processing boot_files for distro: opt-CentOS-6.8-x86_64
processing boot_files for distro: CentOS-6.8-x86_64
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout: Shutting down dhcpd: [ OK ]
Starting dhcpd: [ OK ]
received on stderr:
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
安装操作系统
安装CentOS6.8操作系统
之前我们经上传过镜像和kickstarts自动应答文件,现在我们新建一台虚拟机,通过网络启动即可安装CentOS6.8操作系统。
我这里虚拟机使用的是NAT模式,并且关闭DHCP功能,打开VMware -> 编辑 -> 虚拟网络编辑器,点击NAT模式,然后取消“使用本地DHCP服务奖IP地址分配给虚拟机”勾选,然后点击‘确定’
定制化安装
由于kickstart指定某台服务器使用某个ks文件比较复杂,所以引用Cobbler就很简单。通过物理MAC地址来区分。
自定义安装
system主要目的配置网络接口,通过system来固定机器的IP、掩码、网关、DNS、主机名、等等实现基础环境标准化
指定MAC地址的机器安装,自动绑定配置IP地址、网关、DNS、主机名等
[root@cobbler-node1 ~]# cobbler system add --name=cobbler \
--mac=00:0C:29:C5:13:0E \
--profile=CentOS-6.8-x86_64 \
--ip-address=192.168.56.100 \
--subnet=255.255.255.0 \
--gateway=192.168.56.2 \
--interface=eth0 \
--static=1 \
--hostname=cobbler.devopssec.cn \
--name-servers="114.114.114.114 8.8.8.8"
[root@cobbler-node1 ~]# cobbler system list
cobbler
[root@cobbler-node1 ~]# cobbler system report --name=cobbler
Name : cobbler
TFTP Boot Files : {}
Comment :
Enable gPXE? : <<inherit>>
Fetchable Files : {}
Gateway : 192.168.56.2
Hostname : cobbler.devopssec.cn
Image :
IPv6 Autoconfiguration : False
IPv6 Default Device :
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : <<inherit>>
Kickstart Metadata : {}
LDAP Enabled : False
LDAP Management Type : authconfig
Management Classes : <<inherit>>
Management Parameters : <<inherit>>
Monit Enabled : False
Name Servers : ['114.114.114.114', '8.8.8.8']
Name Servers Search Path : []
Netboot Enabled : True
Owners : <<inherit>>
Power Management Address :
Power Management ID :
Power Management Password :
Power Management Type : ipmitool
Power Management Username :
Profile : CentOS-6.8-x86_64
Internal proxy : <<inherit>>
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos Enabled : False
Server Override : <<inherit>>
Status : production
Template Files : {}
Virt Auto Boot : <<inherit>>
Virt CPUs : <<inherit>>
Virt Disk Driver Type : <<inherit>>
Virt File Size(GB) : <<inherit>>
Virt Path : <<inherit>>
Virt PXE Boot : 0
Virt RAM (MB) : <<inherit>>
Virt Type : <<inherit>>
Interface ===== : eth0
Bonding Opts :
Bridge Opts :
CNAMES : []
InfiniBand Connected Mode : False
DHCP Tag :
DNS Name :
Per-Interface Gateway :
Master Interface :
Interface Type :
IP Address : 192.168.56.100
IPv6 Address :
IPv6 Default Gateway :
IPv6 MTU :
IPv6 Prefix :
IPv6 Secondaries : []
IPv6 Static Routes : []
MAC Address : 00:0C:29:C5:13:0E
Management Interface : False
MTU :
Subnet Mask : 255.255.255.0
Static : True
Static Routes : []
Virt Bridge :
[root@cobbler-node1 ~]# cobbler sync
启动服务器,无需选择,直接可以获取ip地址安装操作系统
自定义登陆界面
修改/etc/cobbler/pxe/pxedefault.template文件,执cobbler sync自定义登陆界面
[root@cobbler-node1 ~]# cat /etc/cobbler/pxe/pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE devopssec | http://www.devopssec.cn
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT $pxe_timeout_profile
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
$pxe_menu_items
MENU end
[root@cobbler-node1 ~]# grep "devopssec" /etc/cobbler/pxe/pxedefault.template
MENU TITLE devopssec | http://www.devopssec.cn
[root@cobbler-node1 ~]# cobbler sync
1. 添加epel源
[root@cobbler ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
2. 安装koan服务
[root@cobbler ~]# yum install -y koan
3. 通过API查看cobbler server上的配置文件
[root@cobbler ~]# koan --server=192.168.56.200 --list=profiles
- looking for Cobbler at http://192.168.56.200:80/cobbler_api
CentOS-6.8-x86_64
4. 指定这台主机需要被重装,指定cobbler服务器地址和profile文件
[root@cobbler ~]# koan --replace-self --server=192.168.56.200 --profile=CentOS-6.8-x86_64
- looking for Cobbler at http://192.168.56.200:80/cobbler_api
- reading URL: http://192.168.56.200/cblr/svc/op/ks/profile/CentOS-6.8-x86_64
install_tree: http://192.168.56.200/cblr/links/CentOS-6.8-x86_64
downloading initrd initrd.img to /boot/initrd.img_koan
url=http://192.168.56.200/cobbler/images/CentOS-6.8-x86_64/initrd.img
- reading URL: http://192.168.56.200/cobbler/images/CentOS-6.8-x86_64/initrd.img
downloading kernel vmlinuz to /boot/vmlinuz_koan
url=http://192.168.56.200/cobbler/images/CentOS-6.8-x86_64/vmlinuz
- reading URL: http://192.168.56.200/cobbler/images/CentOS-6.8-x86_64/vmlinuz
- ['/sbin/grubby', '--add-kernel', '/boot/vmlinuz_koan', '--initrd', '/boot/initrd.img_koan', '--args', '"ks=http://192.168.56.200/cblr/svc/op/ks/profile/CentOS-6.8-x86_64 ksdevice=link kssendmac lang= text "', '--copy-default', '--make-default', '--title=kick1548255103']
- ['/sbin/grubby', '--update-kernel', '/boot/vmlinuz_koan', '--remove-args=root']
- reboot to apply changes
5. 查看grup.conf文件
[root@cobbler ~]# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title kick1548255103
root (hd0,0)
kernel /vmlinuz_koan ro rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=us LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16
rd_NO_LVM crashkernel=auto rhgb quiet rd_NO_DM rhgb quiet ks=http://192.168.56.200/cblr/svc/op/ks/profile/CentOS-6.8-x86_64 ksdevice=link kssendmac lang= text
initrd /initrd.img_koan
title CentOS 6 (2.6.32-642.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-642.el6.x86_64 ro root=UUID=a11565e3-7c34-43a9-9217-e33edcd5a4cc rd_NO_LUKS KEYBOARDTYPE=pc
KEYTABLE=us LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 rd_NO_LVM crashkernel=auto rhgb quiet rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-642.el6.x86_64.img
提示:执行koan命令完成后会在grup.conf文件中添加一个“title kick1548255103”的启动菜单,,其中kick1548255103后的数字是时间戳
6. reboot重启服务器后,客户端服务器会自动重新安装操作系统
[root@cobbler ~]# reboot
WEB界面管理
web界面管理需要安装cobbler-web软件包,之前我们在部署cobbler的时候已经安装。
[root@cobbler-node1 ~]# rpm -qa|grep cobbler-web
cobbler-web-2.8.4-4.el7.noarch
web界面是Django框架开发的,默认用户名和密码都是cobbler,新版cobbler的web界面使用的是https,访问https://192.168.56.200/cobbler_web
修改WEB密码
cobbler_web支持多种认证方式,如authn_configfil、authn_ldap或authn_pam等,默认为authn_denyall,即拒绝所有用户登陆。
下面说明三种能认证用户登录cobbler_web的方式
1.使用authn_pam模块认证cobbler_web用户
首先修改modules中的[authentication]段中的module参数的值为authn_pam
接着创建系统用户,并为用户设定密码
而后将设定的系统用户添加至cobbler_web的admin组中,修改/etc/cobbler/users.conf 文件,将设定的用户添加为admin参数的值即可
2.使用authn_configfile模块认证cobbler_web用户
首先修改modules中的[authentication]段中的module参数的值为authn_configfile
添加第一用户时,需要为htdigest命令使用“-c” etc/cobbler/users.digest,后续添加其他用户则不能再使用,同步cobbler重启httpd以及cobbler
3.使用cobbler设置的web账号密码认证
[root@cobbler-node1 ~]# egrep -v "^$|^#" /etc/cobbler/users.conf
[admins]
admin = ""
cobbler = ""
# 更改cobbler密码为123456
[root@cobbler-node1 ~]# htdigest /etc/cobbler/users.digest "Cobbler" cobbler
Changing password for user cobbler in realm Cobbler
New password:
Re-type new password:
410
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
