利用Cobbler 实现自动化安装

认识Cobbler

Cobbler 简介

Cobbler 是一款Linux 生态的自动化运维工具，基于python2 开发，用于自动化批量部署安装操作系统；其提供基于CLI 的管理方式和WEB配置界面，其中WEB配置界面基于python2 和Django 框架开发。另外，Cobbler 还提供了API，方便二次开发。

Cobbler 属于C/S(Client/Server)模型。主要用于快速网络安装Linux 操作系统，支持众多的Linux发行版，如：Red HAT,Fedora,CentOS,Debian,Ubuntu 和SuSE等，甚至支持windows 的安装。

Cobbler 实质是PXE 的二次封装，将多种安装参数封装到一起，并提供统一的管理方法。

Cobbler 的相关服务

使用Cobbler 安装系统安装需要一台专门提供各种服务的服务器，提供的服务包括HTTP/FTP/NFS,TFTP,DHCP，也可将这几个服务器分别部署到不同服务器。在实际应用中，总是将不同的服务分别部署到专门的服务器。

Cobbler 是在HTTP、TFTP、DHCP 等各种服务的基础上进行相关操作的，实际安装的大体过程类似于基于PXE 的网络安装：

客户端(裸机)开机使用网卡引导启动，其请求DHCP 分配一个地址后，从TFTP服务器中获取启动文件，加载到客户端本地内存中运行，并显示出可安装的系统列表；再人为的选定安装的操作系统类型后，客户端会到HTTP 服务器下载相应的系统安装文件并执行自动安装。

Cobbler 的工作原理

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-gY23BH6X-1600323638259)(C:\Users\dawn\AppData\Roaming\Typora\typora-user-images\1600089045028.png)]

• Client 裸机配置从网络启动，开机后会广播请求DHCP 服务器(Cobbler server) 发送其分配好的一个IP
• DHCP 服务器(Cobbler server)收到请求后发送response ，包括其ip 地址
• Client 裸机拿到ip 后再向cobbler server 发送请求OS 引导文件的请求
• cobbler server 告诉裸机OS 引导文件的名字和TFTP server 的ip 和port
• Client 裸机通过上面告知的TFTP server地址通信，下载引导文件
• Client 裸机执行该引导文件，确定加载信息，选择要安装的os，期间会再向cobbler server请求kickstart 文件和os image
• cobbler server 发送请求的kickstart 和os image
• Client 裸机加载kickstart 文件
• Client 裸机接收os image，安装该os image

Cobbler 的使用

安装Cobbler 及其相关的服务和组件

Cobbler 所依赖的服务包括HTTPD,TFTP,DHCP 等，如果有web 界面要求，还需安装相关的组件

CentOS8 目前还没有提供Cobbler 相关包

[root@centos7 ~]#yum -y install dhcp cobbler cobbler-web pykickstart
[root@centos7 ~]#systemctl enable --now cobblerd httpd tftp dhcpd

#注意：dhcpd 需要配置好配置文件才能成功开启服务

相关包说明

httpd： 提供yum 源，并配合cobbler-web 使得cobbler 可通过web 网页界面进行配置管理

tftp-server： 提供启动和菜单等相关文件网络下载功能

cobbler-web： 提供基于web的cobbler 管理界面

pykickstrat.noarch： 基于python 的管理kickstart 文件的库

注意

Cobbler 依赖于epel 源，在安装cobbler 之前需配置epel 源

在安装cobbler 时会因为依赖而安装httpd，tftp-server 相关包

Cobbler 配置文件及各目录情况

配置文件

/etc/cobbler/settings			#cobbler 主配置文件
/etc/cobbler/iso				#iso模板配置文件
/etc/cobbler/pxe				#pxe模板文件
/etc/cobbler/power				#电源配置文件
/etc/cobbler/users.conf			#web 服务授权配置文件
/etc/cobbler/users.digest		#web 访问的用户名密码配置文件
/etc/cobbler/dhcp.template		#dhcp 服务器的配置模板
/etc/cobbler/dnsmasq.template	#dns 服务器的配置模板
/etc/cobbler/tftpd.template		#tftp 服务的配置模板
/etc/cobbler/modules.conf		#cobbler 模块的配置文件

数据目录

/var/lib/cobbler/config			#存放distros，system，profiles 等信息配置文件
/var/lib/cobbler/kickstarts		#默认存放kickstart 文件
/var/lib/cobbler/loaders		#存放各种引导程序
/var/lib/cobbler/triggers		#存放用户定义的cobbler 命令

镜像目录

/var/www/cobbler/images			#导入发行版kernel和initrd镜像用于远程网络启动
/var/www/cobbler/ks_mirror		#导入发行版系统的所有数据
/var/www/cobbler/repo_mirror	#yum 仓库存储目录

日志目录

/var/log/cobbler/installing 	#客户端安装日志
/var/log/cobbler/cobbler.log 	#cobbler日志

Cobbler 命令用法

cobbler 命令

cobbler check 核对当前设置是否有问题
cobbler list 列出所有的cobbler 元素
cobbler report 列出元素的详细信息
cobbler sync 同步配置到数据目录，更改配置最好都要执行下
cobbler reposync 同步yum仓库
cobbler distro 查看导入的发行版本系统信息
cobbler system 查看添加的系统信息
cobbler profile 查看配置信息

distro 查看安装源

cobbler distro list 查看安装源列表

[root@centos7 ~]#cobbler distro --help
usage
=====
cobbler distro add
cobbler distro copy
cobbler distro edit
cobbler distro find
cobbler distro list
cobbler distro remove
cobbler distro rename
cobbler distro report		#报告当前所有的linux发行版详细信息

profile 查看菜单

查看菜单列表
cobbler profile list

增加菜单
cobbler profile add --name=自定义菜单名 --distro=安装源路径(从cobbler distro list 中获取) --kickstart=/var/lib/cobbler/kickstart

移除菜单
cobbler profile remove --name=需删除的菜单名

# 将Linux 发行版系统镜像与其对应的ks 文件建立关联
[root@centos7 ~]#cobbler profile --name=centos7 --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7.cfg

其他命令

# 查看引导文件
[root@centos7 ~]#cat /var/lib/tftpboot/pxelinux.cfg/default

# 导入系统源文件生成仓库
[root@centos7 ~]#cobbler import --name=centos7-x86_64 --path=/mnt/cdrom -arch=x86_64

Cobbler 主配置文件的重要参数

# 文件存放位置：/etc/cobbler/settings
default_password_crypted	#cobbler-web 的默认密码
manage_dhcp:1	#是否使用cobbler 管理dhcp 服务；1：使用 0：不使用
manage_tftpd:1	#是否使用cobbler 管理tftpd 服务；1：使用 0：不使用
pxe_just_once	#避免如果客户机的BIOS 选项中PXE 启动处于第一位导致的循环重启，设置为1；如不是第一位，则设置为0
next_server		#tftp 服务器的IP地址
server			#cobbler 服务器的IP地址

Cobbler 相关管理

下载启动菜单

# 联网
cobbler get-loaders
# 不联网
cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/cobbler/tftpboot

管理distro

cobbler import --name=centos-8.2-x86_64 --path=/mnt/cdrom --arch=x86_64

管理profile

cobbler profile add --name=centos-8.2 --distro=centos-8.2-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos8.cfg

配置及启动cobblerd 服务

检测cobbler 的运行环境，并根据提示逐步配置cobbler（建议开启两个xshell界面）

[root@centos7 ~]#cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

#1 更改/etc/xinetd.d/tftp 配置文件
[root@centos7 ~]#vim /etc/xinetd.d/tftp
[root@centos7 ~]#cat /etc/xinetd.d/tftp
...省略部分信息...
disable         = no
...省略部分信息...

[root@centos7 ~]#systemctl restart xinetd

#2.1 联网下载boot 引导程序文件
[root@centos7 ~]#cobbler get-loaders

#2.2 没有网络情况下拷贝启动文件到TFTP 服务文件夹
[root@centos7 ~]#cp -a /usr/share/syslinux/{menu.c32,pxelinux.0} /var/lib/tftpboot/

#3 更改/etc/cobbler/settings 配置文件的server 项为提供cobbler 服务的主机地址，也就是本机地址
[root@centos7 ~]#sed -nri 's#server:127.0.0.1#server:10.0.0.7#' /etc/cobbler/settings

#4 更改/etc/cobbler/settings 配置文件的next_server 项，指明tftp 服务器地址，使得客户端能够找到TFTP 服务器
[root@centos7 ~]#sed -nri 's#next_server:127.0.0.1#server:10.0.0.7#' /etc/cobbler/settings

#5 配置相应的选项来使用cobbler 管理dhcp 服务和tftp 服务
manage_dchp:1
manage_tftpd:1

#6 pxe_just_once 选项，该选项设置1 表示在pxe 安装块结束时在cobbler 系统中做响应的记录，这样会避免如果客户机的BIOS 选项中PXE 启动处于第一位导致的循环重启；如果第一个启动硬件不是PXE 启动那就设置为0
pxe_just_once:1

Cobbler 实战：CentOS7 基于cobbler 实现自动化安装

环境准备

服务器：10.0.0.7
CentOS7 系统，充当cobbler,http,dhcp,tftp 服务器，一定要关闭防火墙和SELinux

测试机：
CentOS8 系统，用于实现自动化安装Linux 系统

网络要求
关闭VMware 软件中的NAT 模式中的DHCP 服务，两个主机网卡基于NAT 模式

服务器准备

1 关闭防火墙和SELinux
[root@centos7 ~]#systemctl stop firewalld;systemctl disable --now firewalld
[root@centos7 ~]#sed -i '/enforcing$/cSELINUX=disabled' /etc/selinux/config

实验步骤

1 安装相关软件包并启动服务

[root@centos7 ~]#yum -y install dhcp tftp-server cobbler pykickstart
[root@centos7 ~]#systemctl start cobblerd httpd tftp;systemctl enable --now cobblerd httpd tftp dhcpd

2.1 检查cobbler 配置

[root@centos7 ~]#cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

2.2 根据提示信息修改配置文件/etc/cobbler/settings 中的信息(修改1，2，8三项即可)

#生成新密码，默认安装好的额系统root 密码是cobbler
[root@centos7 ~]#openssl passwd -1 'Ad1234'
$1$qPHtdY8F$t1qSEi8JrZWa.7eY14vTB1

[root@centos7 ~]#vim /etc/cobbler/settings
[root@centos7 ~]#cat /etc/cobbler/settings
#修改默认root 密码
default_password_crypted: "$1$qPHtdY8F$t1qSEi8JrZWa.7eY14vTB1"
#修改手动配置DHCP
manage_dhcp: 1
#修改next_server:<tftp服务器的IP地址>
next_server: 10.0.0.7
#修改server:<cobbler server的IP地址>
server: 10.0.0.7

#为了避免查找麻烦，可通过以下命令行来修改参数
[root@centos7 ~]#sed -nri 's#manage_dhcp: 0#manage_dhcp: 1#' /etc/cobbler/settings
[root@centos7 ~]#sed -nri 's#next_server:127.0.0.1#server:10.0.0.7#' /etc/cobbler/settings
[root@centos7 ~]#sed -nri 's#server:127.0.0.1#server:10.0.0.7#' /etc/cobbler/settings

#重启cobbler服务
[root@centos7 ~]#systemctl restart cobblerd

2.3 下载启动的相关文件

# 注意：该操作建立在服务器联网的情况下操作的，否则只能复制syslinux 程序包中的内容了
[root@centos7 ~]#cobbler get-loaders
task started: 2020-09-15_142822_get_loaders
task started (id=Download Bootloader Content, time=Tue Sep 15 14:28:22 2020)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***

#没有联网，配置启动相关文件采单
[root@centos7 ~]#cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/cobbler/tftpboot
[root@centos7 ~]#ls /var/lib/cobbler/loaders/
COPYING.elilo     COPYING.yaboot  grub-x86_64.efi  menu.c32    README
COPYING.syslinux  elilo-ia64.efi  grub-x86.efi     pxelinux.0  yaboot

#下载完毕后，文件下载位置不对的问题，同步一下
[root@centos7 ~]#cobbler sync
#最终目录结构
[root@centos7 ~]#tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│   └── grub
│       └── menu.lst
├── etc
├── grub
│   ├── efidefault
│   ├── grub-x86_64.efi
│   ├── grub-x86.efi
│   └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│   └── default
├── s390x
│   └── profile_list
└── yaboot

10 directories, 10 files

3 实现dhcp 服务，修改配置文件/etc/cobbler/dhcp.template ,用于生成dhcp 的配置文件

[root@centos7 ~]#vim /etc/cobbler/dhcp.template
subnet 10.0.0.0 netmask 255.255.255.0 {
     option routers             10.0.0.1;
     option domain-name-servers 180.76.76.76,223.5.5.5;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        10.0.0.1 10.0.0.100;
};   

[root@centos7 ~]#cobbler sync
[root@centos7 ~]#systemctl start dhcpd

4 修改菜单的标题信息（此步骤可选）

[root@centos7 ~]#vim /etc/cobbler/pxe/pxedefault.template
#默认为：http://cobbler.github.io/
MENU TITLE Cobbler | http://www.magedu.com/

[root@centos7 ~]#cobbler sync
[root@centos7 ~]#cat /var/lib/tftpboot/pxelinux.cfg/default 
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://www.magedu.com/ 
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local

LABEL local
        MENU LABEL (local)
        MENU DEFAULT
        LOCALBOOT -1



MENU end

5 导入CentOS 的安装源，生成相应的yum 源

#导入centos7 的源
[root@centos7 ~]#cobbler import --name=centos-7.8-x86_64 --path=/misc/cd --arch=x86_64
#导入centos8 的源
[root@centos7 ~]#mount /dev/sr1 /mnt
[root@centos7 ~]#cobbler import --name=centos-8.2-x86_64 --path=/mnt --arch=x86_64

#查看导入结果
[root@centos7 ~]#cobbler profile list
   centos-7.8-x86_64
   centos-8.2-x86_64
[root@centos7 ~]#cobbler distro list
   centos-7.8-x86_64
   centos-8.2-x86_64

#默认生成的是最小化安装

**6 准备kickstart 文件导入cobbler，并关联至指定的yum 源 **

#将准备好的centos7.cfg 和centos8.cfg 文件移动到/var/lib/cobbler/kickstarts/ 中
[root@centos7 ~]#cp centos*.cfg /var/lib/cobbler/kickstarts/

#编辑kickstart 文件
[root@centos7 ~]#vim /var/lib/cobbler/kickstarts/centos7.cfg
url --url=$tree		#此行必须指定$tree
[root@centos7 ~]#vim /var/lib/cobbler/kickstarts/centos8.cfg
url --url=$tree		#此行必须指定$tree

#将kickstart 文件，关联指定的yum 源并生成菜单列表
[root@centos7 ~]#cobbler profile add --name=CentOS-8.2_mini --distro=CentOS-8.2-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos8.cfg
[root@centos7 ~]#cobbler profile add --name=CentOS-7.8_mini --distro=CentOS-7.8-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg

#删除默认生成的菜单列表
[root@centos7 ~]#cobbler profile remove --name=centos-8.2-x86_64
[root@centos7 ~]#cobbler profile remove --name=centos-7.8-x86_64

#查看当前的菜单列表
[root@centos7 ~]#cobbler profile list
   CentOS-7.8_mini
   CentOS-8.2_mini

7 测试：客户端基于Cobbler 实现自动安装

注意：客户端的内存必须大于2G！必须大于2G！必须大于2G！

7.1 支持UEFI 安装

注意：CentOS6 的虚拟机不支持UEFI

7.1.1 修改文件设置时间，默认不显示菜单

#修改模版文件
[root@cobbler-centos7 ~]#vim /etc/cobbler/pxe/efidefault.template
[root@cobbler-centos7 ~]#cat /var/lib/tftpboot/grub/efidefault
default=0
timeout=60  
$grub_menu_items
#使模版生效
[root@cobbler-centos7 ~]#cobbler sync
#验证生效
[root@cobbler-centos7 ~]#head -n 2 /var/lib/tftpboot/grub/efidefault
default=0
timeout=60

7.1.2 设置客户端的启动使用UEFI

7.1.3 启动客户机可看到界面

8 故障总结：

8.1 故障1

原因及解决方案

ks文件中的安装源路径出错，可修改如下

#编辑kickstart 文件
[root@centos7 ~]#vim /var/lib/cobbler/kickstarts/centos7.cfg
url --url=$tree		#此行必须指定$tree
#或者
url --url=http://httpserver/ksdir/centos7.cfg #http服务器的存放路径

8.2 故障2

原因及解决方式

在安装cobbler 时httpd 服务一直在运行中，没有正确的为cobbler 提供服务，重启httpd 服务就ok了

[root@centos7 ~]#systemctl restart httpd

Cobbler 的web 管理实现

前期了解

认证方式

认证方式配置文件：/etc/cobbler/modules.conf

认证方法：authn_configfile 、authn_pam

认证cobbler 的自定义web用户

1 使用authn_configfile 模块认证cobbler_web 用户

[root@centos7 ~]#vim /etc/cobbler/modules.conf
[authentication]
module = authn_configfile

#查看自定义用户认证文件
[root@centos7 ~]#cat /etc/cobbler/users.digest 
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3

#添加自定义用户
#需要注意的是：
#1 添加第一个用户时，使用“-c” 选项，后续添加其他用户时不要再使用，否则将原账号覆盖了，cobbler_web 的realm 只能是Cobbler
[root@centos7 ~]#htdigest -c /etc/cobbler/users.digest Cobbler admin
Adding password for admin in realm Cobbler.
New password: 
Re-type new password:

[root@centos7 ~]#htdigest /etc/cobbler/users.digest Cobbler cobbler
Adding password for cobbler in realm Cobbler.
New password: 
Re-type new password:
[root@centos7 ~]#cat /etc/cobbler/users.digest 
admin:Cobbler:37206d0326b3b76bb1045a72adbedd49
3
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3

2 使用authn_pam 模块认证cobbler_web 用户

[root@centos7 ~]#vim /etc/cobbler/modules.conf
[authentication]
module = authn_pam

[root@centos7 ~]#vim /etc/cobbler/users.conf
[admins]
admin = "Ad1234"

[root@centos7 ~]#systemctl restart cobblerd

操作步骤

1 提供cobbler的基于web管理界面

[root@centos7 ~]#yum -y install cobbler-web
[root@centos7 ~]#systemctl restart httpd

2 通过浏览器访问以下地址：https://cobblerserver/cobbler_web

3 用户名：cobbler，默认密码：cobbler


**4 新增用户admin **

[root@centos7 ~]#htdigest -c /etc/cobbler/users.digest Cobbler admin
Adding password for admin in realm Cobbler.
New password: 
Re-type new password: