自动化系统部署

TFTP服务:

TFTP是一种用于传输文件的简单高级协议,是文件传输协议FTP的简化版。用来传输比FTP更易于使用但功能较小的文件。  

FTP与TFPT区别

1、  安全区别FTP支持登录安全,具有适当的身份验证和加密协议,与FTP通信需要验证
TFTP是一种开放协议,缺少安全性,没有加密机制,与TFTP通信时不需要认证。
2、  FTP使用TCP作为传输层协议,TFTP使用UDP作为传输层协议。
3、  FTP使用2个端口:TCP端口21,是个侦听端口;TCP端口20或更高TCP端口1024以上用于连接
TFTP仅使用一个具有停止和等待模式的端口:69/udp
4、  RFC的区别
FTP是基于RFC959文档,带有其他RFC涵盖安全措施;TFTP基于RFC1350文档
5、  执行命令的区别
FTP有许多可以执行的命令(get、put、ls、dir、lcd)并且可以列出目录等
TFTP只有5个指令可以执行(rrq、wrq、data、ack、error)

DHCP服务

  DHCP(Dynamic Host Configuration Protocol,动态主机配置协议)是一个局域网

的网络协议,使用UDP协议工作, 主要有两个用途:给内部网络或网络服务供应商自动分

配IP地址,给用户或者内部网络管理员作为对所有服务器作中央管理的手段。DHCP有3个端

口,其中UDP67和UDP68为正常的DHCP服务端口,分别作为DHCP Server和DHCP Client的

服务端口;546号端口用于DHCPv6 Client,而不用于DHCPv4。

HTTPD服务

  httpd是Apache超文本传输协议(HTTP)服务器的主程序。httpd是一个开源软件,且一般用作web服务器来使用。

syslinux包

syslinux是一个功能强大的引导加载程序,而且兼容各种介质。它的目的是简化首次安装Linux的时间,并建立修护或其它特殊用途的启动盘。(下面实验会提取/usr/share/syslinux/pxelinux.0)  

system-config-kickstart

图形界面生成Kickstart安装应答文件

Kickstart格式

命令段:指明各种安装前配置。
    必备命令:
        authconfig: 认证方式配置
        keyboard: 设定键盘类型
        lang: 语言类型
        part: 创建分区
        rootpw: 指明root的密码
        timezone: 时区
    可选命令:
        install OR upgrade
        text: 文本安装界面
        network
        firewall
        selinux
        halt
        poweroff
        reboot
        repo
        user:安装完成后为系统创建新用户
        url: 指明安装源
        key –skip 跳过安装号码,适用于rhel版本
程序包段:指明要安装的程序包组或程序包,不安装的程序包等
    %packages
    @group_name
    package
    -package
    %end
脚本段
    %pre: 安装前脚本
        运行环境:运行于安装介质上的微型Linux环境
    %post: 安装后脚本
        运行环境:安装完成的系统

PXE自动化安装系统

PXE工作原理:

1、客户端向PXE 服务器上的DHCP发送IP地址请求消息,DHCP检测客户端是否合法(主要检测客户端的网卡MAC地址),如果合法则返回客户端的ip地址,同时将启动文件pxelinux.0的位置信息一并传给客户端。  
2、  客户端向PXE服务器上的TFTP发送获取pxelinux.0请求消息,TFTP接受到消息之后再向客户端发送pxelinux.0大小信息,试探客户端是否满意,当TFTP收到客户端发回的同意大小信息之后,正式向客户端发送pxelinux.0  
3、  客户端执行接收到的pxelinux.0文件  
4、  客户端向TFTP服务器端发送针对本机的配置信息文件(在TFTP服务的pxelinux.cfg目录下),TFTP服务器将配置文件发回客户端,继而客户端根据配置文件执行后续操作  
5、  客户端向TFTP服务器发送内核请求信息,TFTP服务器接收到消息之后将内核发送给客户端  
6、  客户端向TFTP发送根文件请求信息,TFTP接受到消息之后返回linux根文件系统  
7、  客户端启动linux内核  
8、  客户端下载安装源文件,读取自动化安装脚本  

运维自动化系统部署_第1张图片


实验:PXE实现自动化安装系统的步骤

    1、准备条件:
        网卡:仅主机,关闭vmware 的dhcp服务,关闭防火墙和selinux
        安装软件包 httpd,tftp-server,dhcp,syslinux,system-config-kickstart

运维自动化系统部署_第2张图片

运维自动化系统部署_第3张图片

运维自动化系统部署_第4张图片

    2、打开system-config-kickstar配置ks应答文件

运维自动化系统部署_第5张图片
运维自动化系统部署_第6张图片
运维自动化系统部署_第7张图片
运维自动化系统部署_第8张图片
运维自动化系统部署_第9张图片

Package Selection显示包组被禁用

运维自动化系统部署_第10张图片

修改yum仓库名称为development

运维自动化系统部署_第11张图片
运维自动化系统部署_第12张图片

安装后脚本,

运维自动化系统部署_第13张图片

保存生成ks7.cfg文件
    3、启动httpd服务 systemctl start httpd      systemctl enable httpd
        放入系统镜像和ks应答文件,用浏览器测试是否正常访问

运维自动化系统部署_第14张图片
运维自动化系统部署_第15张图片
运维自动化系统部署_第16张图片

    4、打开kick start文件修改镜像路径(注意权限)

运维自动化系统部署_第17张图片
运维自动化系统部署_第18张图片

    5、配置tftp服务
[root@centos7 ksdir]# yum install tftp-server
[root@centos7 ksdir]# systemctl start tftp
[root@centos7 ksdir]# systemctl enable  tftp
    6、配置DHCP服务
[root@centos7 ksdir]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf(copy模板)
[root@centos7 ksdir]# vim /etc/dhcp/dhcpd.conf(打开配置文件)
            option domain-name "baidu.com";
option domain-name-servers 114.114.114.114,223.5.5.5;    (设置DNS)

default-lease-time 86400;                                (设置租期)
max-lease-time 864000;                                   (最大租期)

# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.

# This is a very basic subnet declaration.

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

subnet 192.168.2.0 netmask 255.255.255.0 {               (网络)
  range dynamic-bootp 192.168.2.10 192.168.2.60;         (地址池)
  option broadcast-address 192.168.2.254;                (网关)
  next-server 192.168.2.200;      (tftp地址,这里就是本机)
  filename "pxelinux.0";         (下载的文件名,pxelinux.0是引导启动文件)
}

[root@centos7 ksdir]# systemctl start dhcpd           (启动dhcp服务)
[root@centos7 ksdir]# systemctl enable dhcpd
    7、准备相关文件
[root@centos7 ksdir]# yum -y install syslinux
[root@centos7 ksdir]# cp /usr/share/syslinux/pxelinux.0  /var/lib/tftpboot
[root@centos7 ksdir]# cp /usr/share/syslinux/menu.c32    /var/lib/tftpboot
[root@centos7 ksdir]# cp /mnt/cdrom/isolinux/vmlinuz  /var/lib/tftpboot/
[root@centos7 ksdir]# cp /mnt/cdrom/isolinux/initrd.img  /var/lib/tftpboot/
[root@centos7 ksdir]# mkdir /var/lib/tftpboot/pxelinux.cfg/
[root@centos7 ksdir]# cp /mnt/cdrom/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
查看目录结构
[root@centos7 ksdir]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── initrd.img
├── menu.c32
├── pxelinux.0
├── pxelinux.cfg
│   └── default
└── vmlinuz
    8、准备启动菜单
[root@centos7 ksdir]# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 60
menu title Auto Install CentOS 
label centos7 
  menu label Install CentOS ^Mini 7
  kernel vmlinuz
  append initrd=initrd.img ks=http://192.168.2.200/ksdir/ks7.cfg
label local
  menu default
  menu label Boot from ^local drive
  localboot 0xffff
    9、准备机器开始测试网络安装

运维自动化系统部署_第19张图片
运维自动化系统部署_第20张图片
运维自动化系统部署_第21张图片
运维自动化系统部署_第22张图片

安装完成

运维自动化系统部署_第23张图片

    10、修改支持多系统安装(修改目录结构和启动菜单)
[root@centos7 ksdir]# mkdir /var/lib/tftpboot/kernel{6,7}
[root@centos7 ksdir]# cd /var/lib/tftpboot/
[root@centos7 tftpboot]# mv vmlinuz initrd.img kernel7/
[root@centos7 tftpboot]# cp /var/www/html/centos/6/os/x86_64/isolinux/vmlinuz kernel6
[root@centos7 tftpboot]# cp /var/www/html/centos/6/os/x86_64/isolinux/initrd.img kernel6
[root@centos7 tftpboot]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── kernel6
│   ├── initrd.img
│   └── vmlinuz
├── kernel7
│   ├── initrd.img
│   └── vmlinuz
├── menu.c32
├── pxelinux.0
└── pxelinux.cfg
    └── default

3 directories, 7 files

[root@centos7 tftpboot]# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 60
menu title Auto Install CentOS 
label centos7 
  menu label Install CentOS ^Mini 7
  kernel kernel7/vmlinuz
  append initrd=kernel7/initrd.img ks=http://192.168.2.200/ksdir/ks7.cfg
label centos6
  menu label Install CentOS Mi^ni 6
  kernel kernel6/vmlinuz
  append initrd=kernel6/initrd.img ks=http://192.168.2.200/ksdir/ks6.cfg
label local
  menu default
  menu label Boot from ^local drive
  localboot 0xffff
    11、客户机继续测试

运维自动化系统部署_第24张图片
运维自动化系统部署_第25张图片
运维自动化系统部署_第26张图片
运维自动化系统部署_第27张图片
运维自动化系统部署_第28张图片



Cobbler自动化安装系统

运维自动化系统部署_第29张图片

Cobbler工作流程

客户端裸机配置了从网络启动后,开机后会广播包请求DHCP服务器(cobbler server)发送其分配好的一个ip

DHCP服务器(cobbler server)收到请求后发送responese,包括其ip地址

客户端裸机拿到ip后再向DHCP服务器发送请求OS引导文件的请求

DHCP服务器告诉裸机OS引导文件的名字和TFTP服务器的ip和端口

客户端裸机通过上面告知的TFTP服务器地址通信,下载引导文件

客户端裸机执行改引导文件,确定加载信息,选择要安装的os,期间会再向DHCP服务器请
求kickstart和os iamge

客户端裸机加载kick start文件

客户端裸机接受os image,安装os image
配置文件目录 /etc/cobbler 
    /etc/cobbler/settings : cobbler 主配置文件 
    /etc/cobbler/iso/: iso模板配置文件 
    /etc/cobbler/pxe: pxe模板文件 
    /etc/cobbler/power: 电源配置文件 
    /etc/cobbler/user.conf: web服务授权配置文件 
    /etc/cobbler/users.digest: web访问的用户名密码配置文件 
    /etc/cobbler/dhcp.template : dhcp服务器的的配置末班 
    /etc/cobbler/dnsmasq.template : dns服务器的配置模板 
    /etc/cobbler/tftpd.template : tftp服务的配置模板 
    /etc/cobbler/modules.conf : 模块的配置文件
数据目录
    /var/lib/cobbler/config/: 用于存放distros,system,profiles 等信息配置文件
    /var/lib/cobbler/triggers/: 用于存放用户定义的cobbler命令 
    /var/lib/cobbler/kickstart/: 默认存放kickstart文件 
    /var/lib/cobbler/loaders/: 存放各种引导程序
镜像目录
    /var/www/cobbler/ks_mirror/: 导入的发行版系统的所有数据 
    /var/www/cobbler/images/ : 导入发行版kernel和initrd镜像用于远程网络启动 
    /var/www/cobbler/repo_mirror/: yum 仓库存储目录
日志目录
    /var/log/cobbler/installing: 客户端安装日志 
    /var/log/cobbler/cobbler.log : cobbler日志

cobbler commands介绍 
cobbler check 核对当前设置是否有问题 
cobbler list 列出所有的cobbler元素 
cobbler report 列出元素的详细信息 
cobbler sync 同步配置到数据目录,更改配置最好都要执行下 
cobbler reposync 同步yum仓库 
cobbler distro 查看导入的发行版系统信息 
cobbler system 查看添加的系统信息 
cobbler profile 查看配置信息
## 实验:利用cobbler 实现系统自动化安装  ##
    实验准备 两块网卡:仅主机和桥接,关闭vmware 的dhcp服务,关闭防火墙和selinux 
    1、搭建yum源(建议选择老版本)
[root@localhost yum.repos.d]# vi base.repo
[base]
name=base
baseurl=http://mirrors.sohu.com/centos/7.5.1804/os/x86_64/
gpgcheck=1
gpgkey=http://mirrors.sohu.com/centos/7.5.1804/os/x86_64/RPM-GPG-KEY-CentOS-7

[epel]
name=epel
baseurl=http://mirrors.sohu.com/fedora-epel/7/x86_64/
gpgcheck=0
    2、[root@localhost yum.repos.d]# yum -y install cobbler dhcp
    安装cobbler有依赖性,会自动把httpd、tftp-server安装
    3、启动服务(dhcp需要配置才能启动)
[root@localhost yum.repos.d]# systemctl enable tftp httpd cobblerd
Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket.
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.
[root@localhost yum.repos.d]# systemctl start tftp httpd cobblerd

[root@localhost yum.repos.d]# ss -ntlu
Netid  State      Recv-Q Send-Q          Local Address:Port                         Peer Address:Port              
udp    UNCONN     0      0                   127.0.0.1:323                                     *:*                  
udp    UNCONN     0      0                         ::1:323                                    :::*                  
udp    UNCONN     0      0                          :::69                                     :::*                  
tcp    LISTEN     0      5                   127.0.0.1:25151                                   *:*                  
tcp    LISTEN     0      128                         *:22                                      *:*                  
tcp    LISTEN     0      100                 127.0.0.1:25                                      *:*                  
tcp    LISTEN     0      128                        :::80                                     :::*                  
tcp    LISTEN     0      128                        :::22                                     :::*                  
tcp    LISTEN     0      100                       ::1:25                                     :::*                  
     4、环境检查 
[root@localhost yum.repos.d]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.
[root@localhost yum.repos.d]# 
    5、根据cobbler check的环境检查来修改

找到server也就是384行,此处是cobbler server地址,修改正确地址

[root@localhost yum.repos.d]# vim /etc/cobbler/settings
0 # or hostname of the system as those systems can see the server.
381 # if you have a server that appears differently to different subnets
382 # (dual homed, etc), you need to read the --server-override section
383 # of the manpage for how that works.
384 server: 192.168.2.200
385 
386 # If set to 1, all commands will be forced to use the localhost address
387 # instead of using the above value which can force commands like
388 # cobbler sync to open a connection to a remote address if one is in the
389 # configuration and would traceback.
390 client_use_localhost: 0

找到next_server也是就是272行,此处是TFTP地址,修改正确

[root@localhost yum.repos.d]# vim /etc/cobbler/settings
265 # See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info
266 manage_forward_zones: []
267 manage_reverse_zones: []
268 
269 # if using cobbler with manage_dhcp, put the IP address
270 # of the cobbler server here so that PXE booting guests can find it
271 # if you do not set this correctly, this will be manifested in TFTP open timeouts.
272 next_server: 192.168.2.200
273 
274 # settings for power management features.  optional.
275 # see https://github.com/cobbler/cobbler/wiki/Power-management to learn more
276 # choices (refer to codes.py):
277 #    apc_snmp bladecenter bullpap drac ether_wake ilo integrity
278 #    ipmilan ipmitool lpar rsa virsh wti
279 power_management_default_type: 'ipmitool'

    6、下载启动菜单

[root@localhost yum.repos.d]# systemctl restart cobblerd
[root@localhost yum.repos.d]# cobbler get-loaders
task started: 2019-04-21_055619_get_loaders
task started (id=Download Bootloader Content, time=Sun Apr 21 05:56:19 2019)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***

    7、同步cobbler配置(copy到/var/lib/tftpboot/目录下)

[root@localhost yum.repos.d]# cobbler sync
[root@localhost yum.repos.d]# cobbler sync
task started: 2019-04-21_060112_sync
task started (id=Sync, time=Sun Apr 21 06:01:12 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***

查看目录结构

[root@localhost ~]# cd /var/lib/tftpboot/
[root@localhost tftpboot]# tree
.
├── boot
│   └── grub
│       └── menu.lst
├── etc
├── grub
│   ├── efidefault
│   ├── grub-x86_64.efi
│   ├── grub-x86.efi
│   └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│   └── default
├── s390x
│   └── profile_list
└── yaboot

    8、打开/etc/cobbler/settings找到passwd这一行101设置密码

(生成密钥)
[root@localhost ~]# openssl passwd -1
Password: 
Verifying - Password: 
$1$B0Ut4bO2$7HIAc9p4syYjfr6l4sryQ.

[root@localhost tftpboot]# vim /etc/cobbler/settings
97 # this is not changed.
 98 # The simplest way to change the password is to run 
 99 # openssl passwd -1
100 # and put the output between the "" below.
101 default_password_crypted: "$1$B0Ut4bO2$7HIAc9p4syYjfr6l4sryQ."
102 
103 # the default template type to use in the absence of any
104 # other detected template. If you do not specify the template 
105 # with '#template=' on the first line of your
106 # templates/snippets, cobbler will assume try to use the
107 # following template engine to parse the templates.
108 #
109 # Current valid values are: cheetah, jinja2

    9、重启cobbler服务,重新环境检查

[root@localhost tftpboot]# systemctl restart cobblerd
[root@localhost tftpboot]# cobbler check
The following are potential configuration items that you may want to fix:

1 : enable and start rsyncd.service with systemctl
2 : debmirror package is not installed, it will be required to manage debian deployments and repositories
3 : ksvalidator was not found, install pykickstart
4 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

剩余四项可以忽略

    10、虽然环境检查没有提示,但是建议将242行dhcp的值改为1(这样的话会自动同步)

[root@localhost tftpboot]# vim /etc/cobbler/settings
238 #puppet_parameterized_classes: 1
239 
240 # set to 1 to enable Cobbler's DHCP management features.
241 # the choice of DHCP management engine is in /etc/cobbler/modules.conf
242 manage_dhcp: 1
243 
244 # set to 1 to enable Cobbler's DNS management features.
245 # the choice of DNS mangement engine is in /etc/cobbler/modules.conf
246 manage_dns: 0
247 
248 # set to path of bind chroo

    11、打开vim /etc/cobbler/dhcp.template修改dhcp配置(修改后要重启)

[root@localhost tftpboot]# vim /etc/cobbler/dhcp.template
option pxe-system-type code 93 = unsigned integer 16;

subnet 192.168.2.0 netmask 255.255.255.0 {
     option routers             192.168.2.254;
     option domain-name-servers 1.1.1.1;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.2.100 192.168.2.254;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;
     class "pxeclients" {
          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
          if option pxe-system-type = 00:02 {
                  filename "ia64/elilo.efi";
          } else if option pxe-system-type = 00:06 {
                  filename "grub/grub-x86.efi";
          } else if option pxe-system-type = 00:07 {
                  filename "grub/grub-x86_64.efi";
          } else if option pxe-system-type = 00:09 {
                  filename "grub/grub-x86_64.efi";
          } else {
                  filename "pxelinux.0";
          }
     }

}

[root@localhost tftpboot]# systemctl restart cobblerd

    12、修改好之后使用cobbler sync命令自动更改/etc/dhcp/dhcpd.conf并启动dhcp服务
[root@localhost tftpboot]# cobbler sync
task started: 2019-04-21_062541_sync
task started (id=Sync, time=Sun Apr 21 06:25:41 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***

[root@localhost tftpboot]# vim /etc/dhcp/dhcpd.conf
set vendorclass = option vendor-class-identifier;

option pxe-system-type code 93 = unsigned integer 16;

subnet 192.168.2.0 netmask 255.255.255.0 {
     option routers             192.168.2.254;
     option domain-name-servers 1.1.1.1;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.2.100 192.168.2.254;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                192.168.2.200;
     class "pxeclients" {
          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
          if option pxe-system-type = 00:02 {
                  filename "ia64/elilo.efi";
          } else if option pxe-system-type = 00:06 {
                  filename "grub/grub-x86.efi";
          } else if option pxe-system-type = 00:07 {
                  filename "grub/grub-x86_64.efi";
          } else if option pxe-system-type = 00:09 {
                  filename "grub/grub-x86_64.efi";
          } else {
                  filename "pxelinux.0";
          }
     }
    13、挂载一个光盘

[root@localhost tftpboot]# mount /dev/sr0 /mnt/cdrom
mount: /dev/sr0 is write-protected, mounting read-only
[root@localhost tftpboot]# lsblk
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda               8:0    0   20G  0 disk 
├─sda1            8:1    0    1G  0 part /boot
└─sda2            8:2    0   19G  0 part 
  ├─centos-root 253:0    0   17G  0 lvm  /
  └─centos-swap 253:1    0    2G  0 lvm  [SWAP]
sr0              11:0    1  4.2G  0 rom  /mnt/cdrom
    14、查看帮助

[root@localhost tftpboot]# cobbler import --help
Usage: cobbler import [options]

Options:
  -h, --help            show this help message and exit
  --arch=ARCH           OS architecture being imported
  --breed=BREED         the breed being imported
  --os-version=OS_VERSION
                        the version being imported
  --path=PATH           local path or rsync location
  --name=NAME           name, ex 'RHEL-5'
  --available-as=AVAILABLE_AS
                        tree is here, don't mirror
  --kickstart=KICKSTART_FILE
                        assign this kickstart file
  --rsync-flags=RSYNC_FLAGS
                        pass additional flags to rsync
    14、cobbler import --path=/mnt/cdrom --name=Centos-7.5 --arch=x86_64
指定光盘路径,它会copy到相应的目录起名叫Centos-6.10 架构x86_64(导入)

[root@localhost tftpboot]# cobbler import --path=/mnt/cdrom --name=Centos-7.5 --arch=x86_64
task started: 2019-04-21_081139_import
task started (id=Media import, time=Sun Apr 21 08:11:39 2019)
Found a candidate signature: breed=redhat, version=rhel6
Found a candidate signature: breed=redhat, version=rhel7
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/Centos-7.5-x86_64:
creating new distro: Centos-7.5-x86_64
trying symlink: /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 -> /var/www/cobbler/links/Centos-7.5-x86_64
creating new profile: Centos-7.5-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 for Centos-7.5-x86_64
processing repo at : /var/www/cobbler/ks_mirror/Centos-7.5-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/Centos-7.5-x86_64
looking for /var/www/cobbler/ks_mirror/Centos-7.5-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos-7.5-x86_64/repodata
*** TASK COMPLETE ***

导入到的目录地址
[root@localhost tftpboot]# du -sh /var/www/cobbler/
4.2G    /var/www/cobbler/

default菜单已经生成
[root@localhost tftpboot]# cd /var/lib/tftpboot/
[root@localhost tftpboot]# ls
boot  etc  grub  images  images2  memdisk  menu.c32  ppc  pxelinux.0  pxelinux.cfg  s390x  yaboot
[root@localhost tftpboot]# cd pxelinux.cfg/
[root@localhost pxelinux.cfg]# ls
default

运维自动化系统部署_第30张图片

    15、客户机选择网卡启动

运维自动化系统部署_第31张图片
运维自动化系统部署_第32张图片
运维自动化系统部署_第33张图片



cobbler profile list 查看菜单名    应答文件名称          
cobbler distro list              安装源文件名称

删除多余菜单cobbler profile remove -name=images-x86_64
删除多余的源文件cobbler distro remove -name=images-x86_64


    1、挂载另一块光盘
[root@localhost cobbler]# mount /dev/sr1 /mnt/cdrom2/
    2、导入cobbler(/var/www/cobbler/)
[root@localhost cobbler]# cobbler import --path=/mnt/cdrom2 --name=Centos-6.10 --arch=x86_64
task started: 2019-04-21_083855_import
task started (id=Media import, time=Sun Apr 21 08:38:55 2019)
Found a candidate signature: breed=redhat, version=rhel6
Found a matching signature: breed=redhat, version=rhel6
Adding distros from path /var/www/cobbler/ks_mirror/Centos-6.10-x86_64:
creating new distro: Centos-6.10-x86_64
trying symlink: /var/www/cobbler/ks_mirror/Centos-6.10-x86_64 -> /var/www/cobbler/links/Centos-6.10-x86_64
creating new profile: Centos-6.10-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/Centos-6.10-x86_64 for Centos-6.10-x86_64
processing repo at : /var/www/cobbler/ks_mirror/Centos-6.10-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/Centos-6.10-x86_64
looking for /var/www/cobbler/ks_mirror/Centos-6.10-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos-6.10-x86_64/repodata
*** TASK COMPLETE ***
    3、选择网卡启动就会出现两个菜单,可以正常安装啦。

运维自动化系统部署_第34张图片



  1、手动制作应答文件
[root@localhost ~]# cp anaconda-ks.cfg ks7_mini.cfg
[root@localhost ~]# vim ks7_mini.cfg 
  1 #version=DEVEL
  2 # System authorization information
  3 auth --enableshadow --passalgo=sha512
  4 # Use CDROM installation media
  5 url --url=$tree                 (cobbler自动导入应答文件)
  6 # Use graphical install
  7 text                             (字符界面安装)
  8 reboot
  9 # Run the Setup Agent on first boot
 10 firstboot --enable
 11 ignoredisk --only-use=sda
 12 # Keyboard layouts
 13 keyboard --vckeymap=us --xlayouts='us'
 14 # System language
 15 lang en_US.UTF-8
 16 selinux --disabled
 17 firewall --disabled
 18 # Network information
 19 network  --bootproto=dhcp --device=ens33 --onboot=on --ipv6=auto --no-activate
 20 network  --hostname=localhost.localdomain
 21 
 22 # Root password
 23 rootpw --iscrypted $6$OjcypZdOFW5EDMut$77V.RjoDpM.ZGDtC3XxEo5cy4aTQFyobuTF6YDs62E8wYqgt5fWwaWmTvZ6ZYCyHmf/RHZZjh    KAIhMxb1pFLw/
 24 # System services
 25 services --enabled="chronyd"
 26 # System timezone
 27 timezone America/New_York --isUtc
 28 # System bootloader configuration
29 bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
 30 autopart --type=lvm
 31 # Partition clearing information
 32 zerombr                                (清理mbr)
 33 clearpart --all --initlabel         (清除硬盘标签)
 34 %packages
 35 @^minimal
 36 @core
 37 chrony
 38 kexec-tools
 39 
 40 %end
 41 
 42 %addon com_redhat_kdump --enable --reserve-mb='auto'
 43 
 44 %end
 45 
 46 %anaconda
 47 pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
 48 pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
 49 pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
 50 %end

2、然后将应答文件放入cobbler相应的位置
[root@localhost ~]# ll
total 8
-rw-------. 1 root root 1260 Apr 21  2019 anaconda-ks.cfg
-rw-------  1 root root 1315 Apr 21 09:02 ks7_mini.cfg
[root@localhost ~]# chmod 644 ks7_mini.cfg 
[root@localhost ~]# cp ks7_mini.cfg /var/lib/cobbler/kickstarts/
root@localhost ~]# cobbler profile list(查看菜单有哪些选项)
   Centos-6.10-x86_64
   Centos-7.5-x86_64
[root@localhost ~]# cobbler distro list(查看加载的源文件名称)
   Centos-6.10-x86_64
   Centos-7.5-x86_64

3、生成新的菜单选项=把制作好的应答文件关联到安装源文件
[root@localhost ~]# cobbler profile add --name=Centos-7.6-x86_64_mini --distro=Centos-7.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7_mini.cfg
[root@localhost ~]# cobbler profile list
   Centos-6.10-x86_64
   Centos-7.5-x86_64
   Centos-7.6-x86_64_mini           (新生成的菜单)

删除菜单项
[root@localhost ~]# cobbler profile remove --name=Centos-7.5-x86_64
[root@localhost ~]# cobbler profile list
   Centos-6.10-x86_64
   Centos-7.6-x86_64_mini
4、启动客户端网卡启动,可以看到刚刚创建的菜单

运维自动化系统部署_第35张图片
运维自动化系统部署_第36张图片


1、把以前做好的应答文件copy到cobbler
[root@localhost ~]# cp ks6.cfg /var/lib/cobbler/kickstarts/
[root@localhost ~]# vim /var/lib/cobbler/kickstarts/ks6.cfg
url --url=$tree (只修改此行)

2、删除默认的菜单选项关联的应答文件
[root@localhost ~]# cobbler profile list
   Centos-6.10-x86_64
   Centos-7.6-x86_64_mini
[root@localhost ~]# cobbler profile remove --name=Centos-6.10-x86_64
[root@localhost ~]# cobbler profile list
   Centos-7.6-x86_64_mini

3、创建新的菜单关联应答文件和安装源文件
[root@localhost ~]# cobbler profile add --name=Centos-6.10 --distro=Centos-6.10-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks6.cfg
[root@localhost ~]# cobbler profile list
   Centos-6.10
   Centos-7.6-x86_64_mini

4、客户机选择网络引导,开始安装

运维自动化系统部署_第37张图片



## Cobbler基于web管理 ##
1、[root@localhost ~]# yum -y install cobbler-web
2、[root@localhost ~]# systemctl restart httpd  (安装cobbler增加了/etc/httpd/conf.d/cobbler_web.conf,所以重启)
3、浏览器中打开https://192.168.2.200/cobbler_web
默认账号密码cobbler

运维自动化系统部署_第38张图片
运维自动化系统部署_第39张图片

/etc/cobbler/modules.conf验证文件

[root@localhost ~]# vim /etc/cobbler/modules.conf
# cobbler module configuration file
# =================================

# authentication: 
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
#    authn_denyall    -- no one (default)
#    authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
#    authn_passthru   -- ask Apache to handle it (used for kerberos)
#    authn_ldap       -- authenticate against LDAP
#    authn_spacewalk  -- ask Spacewalk/Satellite (experimental)
#    authn_pam        -- use PAM facilities
#    authn_testing    -- username/password is always testing/testing (debug)
#    (user supplied)  -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Kerberos
# https://github.com/cobbler/cobbler/wiki/Ldap

[authentication]
module = authn_configfile       (默认认证方法)

# authorization: 
# once a user has been cleared by the WebUI/XMLRPC, what can they do?
# choices:
#    authz_allowall   -- full access for all authneticated users (default)
#    authz_ownership  -- use users.conf, but add object ownership semantics                          
/etc/cobbler/users.digest用来存放authn_configfile验证的用户名密码

创建新的账号密码
[root@localhost ~]# htdigest /etc/cobbler/users.digest Cobbler huahua
Adding user huahua in realm Cobbler
New password: 
Re-type new password: 

使用huahua登录

运维自动化系统部署_第40张图片

更改验证方法(其他验证方法就无效了,存放账号密码文件也变了)
[root@localhost ~]# vim /etc/cobbler/modules.conf
[authentication]
module = authn_pam

Pam用户名在vim /etc/cobbler/users.conf文件
[root@localhost ~]# vim /etc/cobbler/users.conf 
[admins]
admin = "lili"

使用pam验证需要先成为系统用户(避免安全隐患,建议shell类型为nologin)
[root@localhost ~]# useradd -s /sbin/nologin lili
[root@localhost ~]# echo qwe123 | passwd --stdin lili
Changing password for user lili.
passwd: all authentication tokens updated successfully.

[root@localhost ~]# systemctl restart cobblerd

运维自动化系统部署_第41张图片