个人博客地址:http://www.pojun.tech/ 欢迎访问
前言
在实际生产中,我们常常会遇到这样一种情况,就是我们需要同时安装几十甚至上百台服务器,如果我们使用U盘或者光盘的方式的话,或许老板直接就将我们辞退了。这里我们介绍一种能够实现自动化安装操作系统的方式。
我们搭建Cobbler的实验环境是基于CentOS 7.3 -1611 的基础的。
同时这个实验可以帮助你一步步的完成所有的操作,不过,如果你想自定义安装的内容的话,建议你先看本文 自定义kickstart文件 部分,以便有所印象。
Cobbler 简介
Cobbler项目是在2008年由RedHat发布的网络安装服务器套件。是一种快速网络安装linux操作系统的服务,支持众多的Linux发行版:Red Hat、Fedora、CentOS、Debian、Ubuntu和SuSE,也可以支持网络安装windows。
PXE 是由Intel开发的技术,基于Client/Server的网络模式,支持远程主机通过网络从远端服务器下载映像,并由此支持通过网络启动操作系统。也可以实现通过网络批量的安装操作系统。
Cobbler 正是基于PXE的二次封装,将多种安装参数封装到一个菜单当中。Cobbller提供了CLI和WEB两种安装方式,使用起来更加的友好。
Cobbler 工作流程
关于Cobbler的工作流程,可以用下面的图进行概括。
实验环境准备
因为我们正在搭建的是网络服务,所以需要有至少两台主机,其中一台主机承担服务器的角色。我在在这个实验中,使用的CentOS 7 搭建的网络服务,承担Server角色。
关闭防火墙和SELinux
防火墙和SELinux 在实验过程中有可能会导致意想不到的问题,所以我们这里将其关闭,实际生产中,请根据自己的实际情况进行调整。至于关闭防火墙和SELinux就不列出了,这很简单。
安装Cobbler
Cobbler 默认不在附带在光盘中,所以要通过EPEL源进行下载安装。 配置好epel源以后,执行
yum install cobbler
就可以安装Cobbler了。
在安装好Cobbler之后,我们就会发现,Cobbler还附带安装了很多其他的服务,如下图所示 。这也就是解释了在Cobbler的工作流程中为什么能够用到那么多服务,从图中可以看出,还缺少DHCP服务,所以接下里我们也要安装一下。其中,syslinux 就是安装的就是PXE服务。
设置常用服务
将Cobbler服务设为开机启动
systemctl enable cobblerd systemctl start cobblerd
将tftp 设为开机启动
systemctl enable tftp systemctl start tftp
将http 设为开机启动
systemctl enable httpd systemctl start httpd
安装DHCP服务 为稍后使用Cobbler来管理DHCP做准备
在稍后,我们会利用Cobbler来自动管理DHCP。
yum install dhcp
运行Cobbler Check 进行环境检查
Cobbler Check
命令能够非常迅速的帮助我们找到目前环境中还缺少的配置,然后我们根据这里的提示进行相应的配置调整。 这里出现了很多的问题,看到之后不要惊慌,根据提示一点一点去处理就好了。另外,因为实际生产环境中,所有的主机都会有所不同,所以这里的提示信息应该也会有所不同,我们这里只是根据实验环境进行解决,其余的问题,可以留言一起讨论。
# 执行Cobbler check 检查目前环境还缺少哪些东西 [root@localhost ~]#cobbler check The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : enable and start rsyncd.service with systemctl 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.
首先我们来看第一个问题。信息提示,在
/etc/cobbler/settings
这个配置文件中的server 字段一定要有一个其他主机能够访问到的主机名或者IP地址,否则KickStart的一些特性将无法使用。其实也很好理解,我们目前的主机是用来提供网络服务的。其他主机通过访问我们的Cobbler服务,进行下载安装操作系统,如果我们的Server字段别人不能访问,那怎么可以呢! 所以打开该配置文件,修改server字段为本机的IP地址。
修改完成之后,我们注意到,之前的提示信息末尾有一段提示信息
Restart cobblerd and then run 'cobbler sync' to apply changes.
,所以我们运行一下这两个命令。
#重启服务 [root@localhost ~]#systemctl restart cobblerd #同步信息 [root@localhost ~]#cobbler sync ........... # 中间省略输出信息 # 重新检查一遍,看看还缺少哪些东西。 [root@localhost ~]#cobbler check The following are potential configuration items that you may want to fix: 1 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 2 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 3 : enable and start rsyncd.service with systemctl 4 : debmirror package is not installed, it will be required to manage debian deployments and repositories 5 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 6 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.
重新检查之后,我们发现解决了2个问题。然后我们接着来看第一个问题。这个问题是说,next_server 字段也应该是一个具体的地址,而不应该是127.0.0.1.其实这个问题和上面我们修改过的问题是一样的。所以我们重新将next_server的地址修改为我们本机的地址。
修改之后,重新启动服务,并进行同步。
#重启服务 [root@localhost ~]#systemctl restart cobblerd #同步信息[root@localhost ~]#cobbler sync ........... # 中间省略输出信息 # 重新检查一遍,看看还缺少哪些东西。 [root@localhost ~]#cobbler check The following are potential configuration items that you may want to fix: 1 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 2 : enable and start rsyncd.service with systemctl 3 : debmirror package is not installed, it will be required to manage debian deployments and repositories 4 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 5 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.
出现的问题继续减少了。我们接着来看第一个信息。这个信息是说,在
/var/lib/cobbler/loaders
路径下,少了一些必须的文件,可以使用cobbler get-loaders
命令从网络中下载相关的文件。所以,接下来我们运行一下cobbler get-loaders
# 可以看到 /var/lib/cobbler/loaders 目录下没有任何内容 [root@localhost ~]#ls /var/lib/cobbler/loaders [root@localhost ~]#cobbler get-loaders task started: 2017-09-20_084605_get_loaders task started (id=Download Bootloader Content, time=Wed Sep 20 08:46:05 2017)downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0 downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32 downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi *** TASK COMPLETE ***
此时查看
/var/lib/cobbler/loaders
目录下,会发现,已经下载了很多的内容。然后重启和同步服务,并运行cobbler check
查看还剩下一些什么问题,我们接着一个个去解决。
#这个目录下最关键的文件就是 menu.c32 pxelinux.0 [root@localhost ~]#ls /var/lib/cobbler/loaders COPYING.elilo COPYING.yaboot grub-x86_64.efi menu.c32 README COPYING.syslinux elilo-ia64.efi grub-x86.efi pxelinux.0 yaboot [root@localhost ~]#cobbler check The following are potential configuration items that you may want to fix: 1 : enable and start rsyncd.service with systemctl 2 : debmirror package is not installed, it will be required to manage debian deployments and repositories 3 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 4 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.
接下来,我来看剩下的问题。前两个问题不是很重要,我们先忽略过去。来看第三个问题,这个问题是说,应该为每一个新安装的主机设置一个默认的用户口令。并且信息中提示了使用
openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'
命令来生成加密的用户口令。 如果不设置,默认的用户口令就是
cobbler
。
#生成密码是123456 的用户口令 [root@localhost ~] openssl passwd -1 123456$1$wuX5VyFf$a0Y/HdzHRCbVWhSFnbV8n/
然后将生成的口令替换到
/etc/cobbler/settings
中default_password_crypted
字段中。
重新启用并同步服务,然后看看还有什么问题。
[root@localhost ~]#cobbler check The following are potential configuration items that you may want to fix: 1 : enable and start rsyncd.service with systemctl 2 : debmirror package is not installed, it will be required to manage debian deployments and repositories 3 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.
fencing tools
是在集群环境中才会使用到的工具,我们暂且先不用管。这样一来,关于Cobbler的check
工作我们就完成了。
通过Cobbler 管理DHCP
我们利用DHCP的cobbler 功能来自动管理DHCP,修改
/etc/cobbler/settings
配置文件中的manage_dhcp
字段。 设置为1,则由Cobbler 来管理DHCP
修改Cobbler下 /etc/cobbler/dhcp.template
模板文件
/etc/cobbler/dhcp.template
这个文件是配置DHCP的内容的。但是这个文件是Cobbler来提供的。也就是说,配置好了这个文件,重新启动Cobbler 服务,Cobbler就会自动地替我们管理DHCP。
# 在/etc/cobbler/dhcp.template 找到下面地这段内容进行修改整理。 # 按照自己地要求进行DHCP地配置。 subnet 172.18.2.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; range dynamic-bootp 172.18.2.100 172.18.2.254; default-lease-time 21600; max-lease-time 43200; next-server $next_server; class "pxeclients" { match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; if option pxe-system-type = 00:02 { filename "ia64/elilo.efi"; } else if option pxe-system-type = 00:06 { filename "grub/grub-x86.efi"; } else if option pxe-system-type = 00:07 { filename "grub/grub-x86_64.efi"; } else { filename "pxelinux.0"; } }}
重新启动和同步Cobbler 服务。
# 重新启动服务 [root@localhost ~]#systemctl restart cobblerd [root@localhost ~]#cobbler sync ........#中间省略很多输出 #查看DHCP的配置文件 [root@localhost ~]#cat /etc/dhcp/dhcpd.conf # ****************************************************************** # Cobbler managed dhcpd.conf file # generated from cobbler dhcp.conf template (Wed Sep 20 01:36:15 2017) # Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes # in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be # overwritten. # ****************************************************************** ddns-update-style interim; allow booting; allow bootp; ignore client-updates;set vendorclass = option vendor-class-identifier; option pxe-system-type code 93 = unsigned integer 16; subnet 172.18.2.0 netmask 255.255.255.0 { option subnet-mask 255.255.255.0; range dynamic-bootp 172.18.2.100 172.18.2.254; default-lease-time 21600; max-lease-time 43200; next-server 172.18.2.77; class "pxeclients" { match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; if option pxe-system-type = 00:02 { filename "ia64/elilo.efi"; } else if option pxe-system-type = 00:06 { filename "grub/grub-x86.efi"; } else if option pxe-system-type = 00:07 { filename "grub/grub-x86_64.efi"; } else { filename "pxelinux.0"; } }} # group for Cobbler DHCP tag: default group { }
制作 yum 源
与PXE不同,Cobbler可以自动帮助我们生成系统安装的yum 源,而不需要我们自己去制作,我们只要指定光盘路径就好了
# 执行下面的命令制作 CentOS 7.3 的启动光盘 [root@localhost ~]#cobbler import --path=/misc/cd --name=centos7.3 # 然后更换ISO镜像,制作6.9的光盘内容 [root@localhost ~]#cobbler import --path=/misc/cd --name=centos6.9
Cobbler 制作的光盘yum源到底放在了什么地方呢??
#进入到下面的这个路径下,可以看到这里生成了两个源,其实也就是将光盘里的内容复制过来了而已。 [root@localhost ~]#cd /var/www/cobbler/ks_mirror/ [root@localhost ks_mirror]#ls centos6.9 centos7.3 config # 执行下面的命令可以看到,这里已经成功的制作了两个系统yum源。 [root@localhost ks_mirror]#cobbler distro list centos6.9-x86_64 centos7.3-x86_64
修改启动菜单
yum 源文件创建成功之后,可以进行自定义的配置修改。
# 查看生成的启动菜单文件 [root@localhost tftpboot]#cat /var/lib/tftpboot/pxelinux.cfg/default DEFAULT menu PROMPT 0 MENU TITLE Cobbler | http://cobbler.github.io/ #可以修改为自己的标签。 TIMEOUT 200 TOTALTIMEOUT 6000 ONTIMEOUT local LABEL local MENU LABEL (local) MENU DEFAULT LOCALBOOT -1 LABEL centos6.9-x86_64 kernel /p_w_picpaths/centos6.9-x86_64/vmlinuz MENU LABEL centos6.9-x86_64 append initrd=/p_w_picpaths/centos6.9-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://172.18.2.77/cblr/svc/op/ks/profile/centos6.9-x86_64 ipappend 2 LABEL centos7.3-x86_64 kernel /p_w_picpaths/centos7.3-x86_64/vmlinuz MENU LABEL centos7.3-x86_64 append initrd=/p_w_picpaths/centos7.3-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://172.18.2.77/cblr/svc/op/ks/profile/centos7.3-x86_64 ipappend 2 MENU end
启动网络安装
重新新建一个虚拟机,作为客户端,然后启动网络安装,就可以看到我们刚刚制作的界面了。
自定义KickStart文件
首先准备KickStart文件
在上面的实验中,我们没有进行任何的安装配置,全部都是Cobbler帮助我们完成的。可是在实际生产中,我们对每台主机的硬盘分区,安装的软件都有相应的要求,所以我们需要自己来定制KickStart文件,这样我们就能够定制地批量安装操作系统了。
我们就利用实验环境(CentOS 7.3)中的KickStart文件来定制我们自己的KickStart文件。
# 首先进入到Cobbler 的KickStart 目录下 [root@localhost] cd /var/lib/cobbler/kickstarts/ # 将根目录下的ks 文件复制到当前目录下 [root@localhost kickstarts]cp /root/anaconda-ks.cfg centos7.cfg [root@localhost kickstarts]#cat centos7.cfg #version=DEVEL # System authorization information auth --enableshadow --passalgo=sha512 # Use CDROM installation mediaurl --url=$tree # url可以指定详细路径也可以使用$tree变量来进行替代 # Use graphical install reboot #安装成功之后可以重启 text #采用字符界面进行安装 # Run the Setup Agent on first boot firstboot --enable ignoredisk --only-use=sda # Keyboard layouts keyboard --vckeymap=us --xlayouts='us' # System language lang en_US.UTF-8 # Network information #修改网络环境 network --bootproto=dhcp --device=ens33 --onboot=yes --ipv6=auto --activate network --hostname=localhost.localdomain selinux --disabled #禁用SElinux 也可以禁用防火墙 # Root password #设置root用户的初始密码rootpw --iscrypted $6$BlwRFg7fgO1i8eQa$F9yjtePt1aOnsIwmNO7mexdnBOsJTVSSyTnwp2hS2lSY87thmNylXw43.Ycj6lfY1wk2NmoQjO/WzEEGBUlZt. # System services services --disabled="chronyd" # System timezone timezone Asia/Shanghai --isUtc --nontp # X Window System configuration information xconfig --startxonboot # System bootloader configuration bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda # Partition clearing information zerombr #清楚MBR分区 clearpart --all #清楚系统中原有分区 # Disk partitioning information part / --fstype="xfs" --ondisk=sda --size=56320 part swap --fstype="swap" --ondisk=sda --size=2000 part /app --fstype="xfs" --ondisk=sda --size=51200 part /boot --fstype="xfs" --ondisk=sda --size=1024 %packages @^graphical-server-environment @base @core @desktop-debugging @dial-up @fonts @gnome-desktop @guest-agents @guest-desktop-agents @hardware-monitoring @input-methods @internet-browser @multimedia @print-client @x11 kexec-tools %end %post #删除旧的yum仓库#可根据实际情况稍作调整。 rm -rf /etc/yum.repos.d/* cat > /etc/yum.repos.d/base.repo <将KickStart文件和yum源做关联
在Cobbler 自动创建了yum源之后,会自动有一个ks文件与该源相对应。现在我们需要将自己制作的KS文件与原有的yum源进行关联。
# --name 我们需要添加的启动菜单的名字 # --distro 我们自定制的ks文件关联的yum库 # --kickstart 我们自定制的ks文件的路径 [root@localhost kickstarts]#cobbler profile add --name=centos7.3-x86_64-desktop --distro=centos7.3-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg # 查看Cobbler中现在还有多少个启动项 [root@localhost kickstarts]#cobbler profile list centos6.9-x86_64 centos7.3-x86_64 centos7.3-x86_64-desktop重新修改/var/lib/tftpboot/pxelinux.cfg/default文件
在执行Cobbler sync 同步操作之后,Cobbler会自动的将
/var/lib/tftpboot/pxelinux.cfg/default
文件重新生成,所以,最好重新按照自己的需求修改一下这个文件。然后就可以开始进行网络安装操作系统了。从图中可以清楚地看到我们新增地一个启动选项。至此,我们搭建Cobbler 的环境就成功了。
注意事项
在实际生产中,一般是局域网环境,所以在配置DHCP服务的时候,要注意局域网的工作环境。
Cobbler实际上就是对PXE的封装,它帮助我们实现了很多的内容,免去了我们很多的手动配置,但是这样的话,我们也不能清楚的了解底层的运行机制,出了问题,不便于处理,所以最好还是尝试手动配置一下PXE来搭建网络操作系统安装环境,以便了解的更详细一下其中的运行机制。
最好手动配置ks文件,这样能够最大限度上定制自己的集群操作系统。
结语
Cobbler 其实还支持基于Web的管理方式。在配置好Cobbler 服务环境之后,安装一个
cobbler-web
的软件包,然后就可以进行相应的配置管理了,这里我们不做详细介绍,感兴趣的朋友可以去查阅一下资料。 Cobbler_web 的图形管理界面如下图所示,从图中我们能够看到我们自己指定的菜单和系统yum源。通过上面的操作,我们已经能够完全搭建一个基于Cobbler的网络服务,用来给生产环境中批量的安装操作系统了。
个人博客地址:http://www.pojun.tech/ 欢迎访问