在运维自动化中Cobbler是一款重要的工具,其通过PXE来实现网络化的自动批量部署,可以用命令或web图形化界面来进行管理,并且提供API接口方便二次开发,同时还可以管理DHCP、DNS、TFTP、RSYNC以及yum仓库、构造系统ISO镜像。方便,快捷,灵活性高使其替代了前辈kickstart
环境
centos7.3
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@localhost ~]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@localhost ~]# yum clean all
[root@localhost ~]# yum make cache
[root@localhost ~]# yum install -y xinetd tftp-server rsync dhcp httpd cobbler pykickstart cobbler-web
[root@localhost ~]# systemctl enable httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl enable cobblerd
[root@localhost ~]# systemctl start cobblerd
配置cobbler
运行cobbler check
[root@localhost ~]# cobbler check The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : enable and start rsyncd.service with systemctl 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.
第6步要求是debian系统,第8步是电源管理,这两步可忽略。我们按顺序配置其他步骤。
1. 替换cobbler server 地址 [root@localhost ~]# vi /etc/cobbler/settings server: 192.168.214.107 2. 修改PXE network 地址 [root@localhost ~]# vi /etc/cobbler/settings next_server: 192.168.214.107 3. 激活tftp服务 [root@localhost ~]# vi /etc/xinetd.d/tftp disable = no 4.下载network boot-loaders [root@localhost ~]# cobbler get-loaders 4. 启动rsyncd服务 [root@localhost ~]# systemctl enable rsyncd.service [root@localhost ~]# systemctl start rsyncd.service 5. 修改kickstart templates 密码 [root@localhost ~]# openssl passwd -1 -salt 'root' 'cobbler' $1$root$8Er34Nz73T4s3x9lQOhPE/ [root@localhost ~]# vi /etc/cobbler/settings default_password_crypted: "$1$root$8Er34Nz73T4s3x9lQOhPE/"
配置完之后重启服务并检查
[root@localhost ~]# systemctl restart cobblerd [root@localhost ~]# cobbler check The following are potential configuration items that you may want to fix: 1 : debmirror package is not installed, it will be required to manage debian deployments and repositories 2 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.
配置dhcp
启用本机管理dhcp
[root@localhost ~]# vi /etc/cobbler/settings manage_dhcp: 1 manage_rsync: 1 manage_tftpd: 1 pxe_just_once: 1 #PXE的安装只有一次,防止不停从网络安装
配置dhcp文件模板
[root@localhost ~]# vi /etc/cobbler/dhcp.template subnet 192.168.214.0 netmask 255.255.255.0 { #需要分配IP的子网 option routers 192.168.214.254; #分配给客户机的网关 option domain-name-servers 202.96.209.133; #客户机DNS服务器 option subnet-mask 255.255.255.0; #客户机子网掩码 range dynamic-bootp 192.168.214.200 192.168.214.220; #分配的IP地址范围 default-lease-time 900; #默认租约时间 max-lease-time 43200; #最大租约时间 next-server $next_server; #PXE地址
[root@localhost ~]# cobbler sync
这个步骤运行成功之后,/etc/dhcp/dhcpd.conf文件会自动匹配/etc/cobbler/dhcp.template,如果之后dhcp的配置有误,必须要更改这两个文件。
[root@localhost ~]# systemctl enable xinetd
[root@localhost ~]# systemctl enable dhcpd
挂载镜像并导入到cobbler中
[root@localhost ~]# mount -t auto -o loop /tmp/CentOS-7.3-x86_64-DVD.iso /mnt/
[root@localhost ~]# cobbler import --path=/mnt/ --name=Centos7.3 —arch=x86_64
等待一段时间出现 TASK COMPLETE 表示成功
查看cobbler导入的镜像路径
[root@localhost ~]# ll /var/www/cobbler/ks_mirror/Centos7.3-x86_64/ total 324 -rw-r--r-- 1 root root 14 Dec 5 2016 CentOS_BuildTag drwxr-xr-x 3 root root 4096 Dec 5 2016 EFI -rw-r--r-- 1 root root 215 Dec 10 2015 EULA -rw-r--r-- 1 root root 18009 Dec 10 2015 GPL drwxr-xr-x 3 root root 4096 Dec 5 2016 images drwxr-xr-x 2 root root 4096 Dec 5 2016 isolinux drwxr-xr-x 2 root root 4096 Dec 5 2016 LiveOS drwxrwxr-x 2 root root 270336 Dec 5 2016 Packages drwxrwxr-x 2 root root 4096 Dec 5 2016 repodata -rw-r--r-- 1 root root 1690 Dec 10 2015 RPM-GPG-KEY-CentOS-7 -rw-r--r-- 1 root root 1690 Dec 10 2015 RPM-GPG-KEY-CentOS-Testing-7 -r--r--r-- 1 root root 2883 Dec 5 2016 TRANS.TBL
配置kickstart文件,这里是centos7的配置,与centos6的有一些命令上的差异
[root@localhost ~]# vi /var/lib/cobbler/kickstarts/centos7.3 #version=DEVEL # System authorization information auth --enableshadow --passalgo=sha512 # Use network installation url --url="http://192.168.214.107/cobbler/ks_mirror/Centos7.3-x86_64" # Use text install text # Run the Setup Agent on first boot firstboot --disable # Keyboard layouts keyboard --vckeymap=us --xlayouts='us' # System language lang en_US.UTF-8 # Network information network --bootproto=dhcp --device=ens32 --onboot=on # Root password rootpw --iscrypted $6$2c4aqwGfZ3KeYtEi$ArRbx5G.KmI8UaY9OBY/q4EEghidahBwQ7JGx1f/As5obJNESxH1CVRBol.6tPJxiU80cWXg1WB6laftxQEUR. # System services services --disable chronyd,postfix,NetworkManager # System timezone timezone Asia/Shanghai --isUtc --nontp # System bootloader configuration bootloader --append=" crashkernel=auto" --location=mbr --driveorder=sda vda # Partition clearing information clearpart --all --initlabel # Install OS instead of upgrade install # Clear the Master Boot Record zerombr # Allow anaconda to partition the system as needed part /boot --fstype ext4 --size=200 part swap --size=1024 part / --fstype ext4 --size=2000 --grow # Firewall configuration firewall --disabled # selinux configuration selinux --disabled # Reboot after installation reboot %packages @^minimal @compat-libraries @core @development kexec-tools %end %addon com_redhat_kdump --enable --reserve-mb='auto' %end %post rm -fr /etc/yum.repos.d/CentOS-* curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo %end
rootpw加参数--iscrypted用密文显示root登录密码,密文生成命令python -c ‘import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass(“Confirm: “)) else exit())’
%开头的命令必须以%end结尾,否则会报错。例如最后的%post是安装系统之后运行的一些命令,末尾要以%end结尾,当然前面的%packages也是这样。
检查语法是否有误
[root@localhost ~]# cobbler validateks
查看profile
[root@localhost ~]# cobbler profile list
Centos7.3-x86_64
镜像与kickstart文件关联
[root@localhost ~]# cobbler profile edit --name Centos7.3-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.3
完成配置后生成的报告
[root@localhost ~]# cobbler profile report
再次重启服务
[root@localhost ~]# systemctl restart cobblerd
[root@localhost ~]# systemctl restart dhcpd
[root@localhost ~]# systemctl start tftp
开启一台空的机器从PXE启动,之后出现下面的图像,选择要安装的系统,当然你也可以多台同时安装:
从WEB登录cobbler进行管理,如下图:用户名和密码初始值都是cobbler
centos7访问只支持https
之后会有文章对cobbler做一个进阶讲解。
如果想了解更多,请关注我们的公众号
公众号ID:opdevos
扫码关注