DHCP及cobbler系统自动化部署
系统自动化系统部署
系统安装过程
# CentOS系统安装
系统启动流程:
bootloader --> kernel(initramfs) --> rootfs --> /sbin/init
system-config-kickstart工具
下载安装system-config-kickstart
[root@localhost ~]#yum install system-config-kickstart -y
运行system-config-kickstart
[root@localhost ~]#system-config-kickstart
- / 100000MB
- swap 4000MB
- /boot 1000MB
包选择竟然是空的,centos7该选择是禁用的
解决方法:修改yum源
[base]#将此处的base更改为development
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
配置anaconda(安装向导程序)
ks7_mini.cfg 文件
[root@centos7 ~]# cat ks7_mini.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$MNh4wJLu$gUqsJa/UFTiRiO8tT/Hbr0
# System language
lang en_US
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --disabled
# Firewall configuration
firewall --disabled
# Network information
network --bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Africa/Abidjan
# Use network installation
url --url="http://192.168.33.130/centos/7/os/x86_64/"
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype="xfs" --size=1000
part / --fstype="xfs" --size=100000
part swap --fstype="swap" --size=4000
%post
mkdir /root/.ssh
chmod 700 /root/.ssh
cat>/root/.ssh/authorized_keys < /etc/yum.repos.d/test.repo << EOF
[base]
baseurl=http://192.168.33.130/centos/7/os/x86_64/
gpgcheck=0
EOF
%end
%packages
@^minimal
autofs
%end
安装包组位置,和找到最小化安装选项位置
[root@localhost repodata]# pwd
/misc/repodata
[root@localhost repodata]# cat 521f322f05f9802f2438d8bb7d97558c64ff3ff74c03322d77787ade9152d8bb-c7-x86_64-comps.xml |grep minimal
vim-minimal
kdeutils-minimal
Installation minimale d'hôte de virtualisation.
Hôte de virtualisation minimal.
minimal # 最小化安装
Installation minimale
# 我们将把他放入kickstart文件中
改好后的格式
...
%packages
@^minimal
autofs
%end
检查格式是否正确工具
[root@centos7 ~]# ksvalidator ks7_mini.cfg
使用kickstart文件
将kickstart文件放入网络共享文件中
[root@centos7 ~]# cd /var/www/html/
[root@centos7 html]# ls
centos
[root@centos7 html]# mkdir ksdir
[root@centos7 html]# mv /r
root/ run/
[root@centos7 html]# cp /root/ks7_mini.cfg ksdir/
[root@centos7 html]# ll ksdir/
total 4
-rw-r--r-- 1 root root 1726 Jun 11 23:03 ks7_mini.cfg
活动文件位置
http://192.168.33.130/ksdir/ks7_mini.cfg
准备新机器
成功!
没有IP怎么办,可以在内核中输入以下参数临时拥有一个IP
ip=IPADDR
netmask=MASK
gateway=GW
dns=DNS_SERVER_IP
ifname=NAME:MAC_ADDR
通过HTTP服务自动安装配置
httpd服务安装
配置/var/html/www文件
挂载光盘至文件下
设置开机自动挂载
制作引导光盘和U盘
PXE安装系统
cobbler企业级应用
DHCP 服务实现
网络配置
- 静态指定
- 动态获取
- bootp:MAC与IP——静态对应
- dhcp:增强的bootp,动态
你的机器启动时就分配IP不启动则收回IP
搭建DHCP服务
DHCP服务申请过程
八种通讯报文:
DHCP DISCOVER:客户端到服务器
DHCP OFFER :服务器到客户端
DHCP REQUEST:客户端到服务器
DHCP ACK :服务器到客户端
DHCP NAK:服务器到客户端,通知用户无法分配合适的IP地址
DHCP DECLINE :客户端到服务器,指示地址已被使用
DHCP RELEASE:客户端到服务器,放弃网络地址和取消剩余的租约时间
DHCP INFORM:客户端到服务器, 客户端如果需要从DHCP服务器端获取更为详细的配置信息,则发送Inform报文向服务器进行请求,极少用到
DHCP配置
更改完配置后重启服务
systemctl restart dhcpd
将网卡设置为自动获取
[root@centos7 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp #设置为dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=13cd8e7b-5fce-46f1-a2cb-f4ee2469df6f
DEVICE=ens33
ONBOOT=yes
DHCP实现自动分配IP
更改IP设置后重新启动NetworkManager服务
service NetworkManager restart
# 或者
service network restart
dhclient进程自动获取IP
ps aux |grep dhclient
# 检查dhclient有无自动获取
dhclient -d#前台运行
[root@localhost ~]# dhclient -d
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/pan0/fe:2c:7b:44:fe:57
Sending on LPF/pan0/fe:2c:7b:44:fe:57
Listening on LPF/eth0/00:0c:29:e5:c3:0b
Sending on LPF/eth0/00:0c:29:e5:c3:0b
Sending on Socket/fallback
DHCPDISCOVER on pan0 to 255.255.255.255 port 67 interval 8 (xid=0x3a2b410d)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0x6b190a07)
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 (xid=0x6b190a07)
DHCPOFFER from 192.168.33.254
DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x6b190a07)
DHCPACK from 192.168.33.254 (xid=0x6b190a07)
bound to 192.168.33.133 -- renewal in 894 seconds.
DHCPDISCOVER on pan0 to 255.255.255.255 port 67 interval 13 (xid=0x3a2b410d)
查看过期时间
[root@localhost ~]# cd /var/lib/dhclient/
[root@localhost dhclient]# ll -t
total 12
-rw-r--r--. 1 root root 1820 Jun 13 06:01 dhclient-d057cd84-199a-4096-8ea9-3296e687d3ad-eth0.lease
-rw-r--r--. 1 root root 455 Jun 13 05:59 dhclient.leases
-rw-r--r--. 1 root root 910 Jun 13 05:34 dhclient-eth0.leases
# dhclient.leases
[root@localhost dhclient]# cat dhclient.leases
lease {
interface "eth0";
fixed-address 192.168.33.133;
option subnet-mask 255.255.255.0;
option routers 192.168.33.2;
option dhcp-lease-time 1800;
option dhcp-message-type 5;
option domain-name-servers 192.168.33.2;
option dhcp-server-identifier 192.168.33.254;
option broadcast-address 192.168.33.255;
option domain-name "localdomain";
renew 6 2020/06/13 13:14:34;
rebind 6 2020/06/13 13:25:53;
expire 6 2020/06/13 13:29:38;
}
# 该时间为格林尼治时间
[root@localhost dhclient]# date
Sat Jun 13 06:05:07 PDT 2020
# 转化格林尼治时间
[root@localhost dhclient]# date -u
Sat Jun 13 13:05:12 UTC 2020
# 租期30min
实验:安装DHCP服务器
要求:
- VMnet下的NAT网络关闭dhcp功能
- 不要用桥接模式
安装DHCP服务
安装包
yum install dhcp -y
dhcp文件列表
[root@centos7 ~]# rpm -ql dhcp
/etc/NetworkManager
/etc/NetworkManager/dispatcher.d
/etc/NetworkManager/dispatcher.d/12-dhcpd
/etc/dhcp/dhcpd.conf # 配置文件
/etc/dhcp/dhcpd6.conf
/etc/dhcp/scripts
/etc/dhcp/scripts/README.scripts
/etc/openldap/schema/dhcp.schema
/etc/sysconfig/dhcpd
/usr/bin/omshell
/usr/lib/systemd/system/dhcpd.service # 服务名
/usr/lib/systemd/system/dhcpd6.service
/usr/lib/systemd/system/dhcrelay.service
/usr/sbin/dhcpd # 主程序
/usr/sbin/dhcrelay
/usr/share/doc/dhcp-4.2.5
/usr/share/doc/dhcp-4.2.5/dhcpd.conf.example
/usr/share/doc/dhcp-4.2.5/dhcpd6.conf.example
/usr/share/doc/dhcp-4.2.5/ldap
/usr/share/doc/dhcp-4.2.5/ldap/README.ldap
/usr/share/doc/dhcp-4.2.5/ldap/dhcp.schema
/usr/share/doc/dhcp-4.2.5/ldap/dhcpd-conf-to-ldap
/usr/share/man/man1/omshell.1.gz
/usr/share/man/man5/dhcpd.conf.5.gz
/usr/share/man/man5/dhcpd.leases.5.gz
/usr/share/man/man8/dhcpd.8.gz
/usr/share/man/man8/dhcrelay.8.gz
/usr/share/systemtap/tapset/dhcpd.stp
/var/lib/dhcpd
/var/lib/dhcpd/dhcpd.leases
/var/lib/dhcpd/dhcpd6.leases
启动服务,发现问题
[root@centos7 ~]# systemctl start dhcpd
Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.
查看错误提示
[root@centos7 ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-06-13 13:14:34 CST; 46s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Process: 10293 ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid (code=exited, status=1/FAILURE)
Main PID: 10293 (code=exited, status=1/FAILURE)
Jun 13 13:14:34 centos7 systemd[1]: Starting DHCPv4 Server Daemon...
Jun 13 13:14:34 centos7 dhcpd[10293]: Copyright 2004-2013 Internet Systems Consortium.
Jun 13 13:14:34 centos7 dhcpd[10293]: All rights reserved.
Jun 13 13:14:34 centos7 dhcpd[10293]: For info, please visit https://www.isc.org/softwa...cp/
Jun 13 13:14:34 centos7 dhcpd[10293]: Not searching LDAP since ldap-server, ldap-port a...ile
Jun 13 13:14:34 centos7 dhcpd[10293]: Wrote 0 leases to leases file.
Jun 13 13:14:34 centos7 systemd[1]: dhcpd.service: main process exited, code=exited, st...URE
Jun 13 13:14:34 centos7 systemd[1]: Failed to start DHCPv4 Server Daemon.
Jun 13 13:14:34 centos7 systemd[1]: Unit dhcpd.service entered failed state.
Jun 13 13:14:34 centos7 systemd[1]: dhcpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
查看配置文件/etc/dhcp/dhcpd.conf
[root@centos7 ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# 文件中啥也没有,下一步查看范例
# see dhcpd.conf(5) man page
#
查看范例
[root@centos7 ~]# vim /usr/share/doc/dhcp*/dhcpd.conf.example
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org";
# 配置dns,百度DNS为:180.76.76.76
# option domain-name-servers ns1.example.org, ns2.example.org;
option domain-name-servers 114.114.114.114,180.76.76.76;
# 租期默认600秒,现改为1day:86400
default-lease-time 86400;
# 最大租期改为10day
max-lease-time 864000;
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# 加入本台主机的网段192.168.33.0,该网段变成地址池
subnet 192.168.33.0 netmask 255.255.255.0 {
range 192.168.33.33 192.168.33.99;
option routers 192.168.33.1;
}
# This is a very basic subnet declaration.
# 需要制定地址范围,网关
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 10.5.5.1;
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.fugue.com";
}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
##############################################################
# 当MAC地址为08:00:07:26:c0:a5时,IP就固定设置为fantasia.fugue.com
##############################################################
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
直接先拷贝过来作为dhcp的配置文件
[root@centos7 ~]# cp /usr/share/doc/dhcp*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite ‘/etc/dhcp/dhcpd.conf’? y
重新启动
[root@centos7 ~]# systemctl start dhcpd
# 成功
虽然启动成功,但还需要配置哪些地址是可以分配的以及其他信息
[root@centos7 ~]# ss -ntlup
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
...
udp UNCONN 0 0 *:67 *:* users:(("dhcpd",pid=10688,fd=7))
:67是dhcp服务器的端口号,:68是dhcp客户端的端口号
配置好后,在centos6中重启网络服务
[root@localhost Desktop]# service NetworkManager restart
Stopping NetworkManager daemon: [ OK ]
Setting network parameters... [ OK ]
Starting NetworkManager daemon: [ OK ]
[root@localhost Desktop]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:e5:c3:0b brd ff:ff:ff:ff:ff:ff
inet 192.168.33.50/24 brd 192.168.33.255 scope global eth0
inet6 fe80::20c:29ff:fee5:c30b/64 scope link
valid_lft forever preferred_lft forever
3: pan0: mtu 1500 qdisc noqueue state UNKNOWN
link/ether fe:2c:7b:44:fe:57 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc2c:7bff:fe44:fe57/64 scope link
valid_lft forever preferred_lft forever
# 获取地址成功
#######################
# 检查网关是否拿到
[root@localhost Desktop]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.33.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
0.0.0.0 192.168.33.1 0.0.0.0 UG 0 0 0 eth0
#######################
# 检查DNS
[root@localhost Desktop]# cat /etc/resolv.conf
# Generated by NetworkManager
domain example.org
search example.org
nameserver 180.76.76.76
nameserver 114.114.114.114
#########################
# 查看租期
[root@localhost Desktop]# cat /var/lib/dhclient/dhclient-d057cd84-199a-4096-8ea9-3296e687d3ad-eth0.lease
lease {
interface "eth0";
fixed-address 192.168.33.50;
option subnet-mask 255.255.255.0;
option dhcp-lease-time 86400;
option routers 192.168.33.1;
option dhcp-message-type 5;
option dhcp-server-identifier 192.168.33.130;
option domain-name-servers 180.76.76.76,114.114.114.114;
option domain-name "example.org";
renew 0 2020/06/14 02:17:59;
rebind 0 2020/06/14 11:26:25;
expire 0 2020/06/14 14:26:25;
}
lease {
interface "eth0";
fixed-address 192.168.33.50;
option subnet-mask 255.255.255.0;
option routers 192.168.33.1;
option dhcp-lease-time 86400;
option dhcp-message-type 5;
option domain-name-servers 180.76.76.76,114.114.114.114;
option dhcp-server-identifier 192.168.33.130;
option domain-name "example.org";
renew 0 2020/06/14 01:08:06;
rebind 0 2020/06/14 11:29:41;
expire 0 2020/06/14 14:29:41;
}
查询dhcpd服务器记录
[root@centos7 ~]# cd /var/lib/dhcpd
[root@centos7 dhcpd]# ls
dhcpd6.leases dhcpd.leases dhcpd.leases~
[root@centos7 dhcpd]# cat dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.5
server-duid "\000\001\000\001&w-\257\000\014)\323`$";
lease 192.168.33.50 {
starts 6 2020/06/13 06:26:24;
ends 0 2020/06/14 06:26:24;
cltt 6 2020/06/13 06:26:24;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:e5:c3:0b;
}
lease 192.168.33.50 {
starts 6 2020/06/13 06:29:41;
ends 0 2020/06/14 06:29:41;
cltt 6 2020/06/13 06:29:41;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:e5:c3:0b;
}
lease 192.168.33.51 {
starts 6 2020/06/13 06:48:51;
ends 0 2020/06/14 06:48:51;
cltt 6 2020/06/13 06:48:51;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:d3:60:24;
client-hostname "centos7";
}
续约:
- 租期到一半时申请续约
- 或租期到7/8时申请续约
通过DHCP还可以进行其他配置…
DHCP配置MAC地址的绑定
在配置中
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
##############################################################
# 当MAC地址为08:00:07:26:c0:a5时,IP就固定设置为fantasia.fugue.com
##############################################################
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.fugue.com;
}
##修改
host test {
hardware ethernet 00:0c:29:e5:c3:0b;
fixed-address 192.168.33.131;
}
# 改地址超过dhcp配置中地址池的范围
[root@centos7 dhcpd]# systemctl restart dhcpd
# 重启服务
dhcp客户端上
[root@localhost Desktop]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:e5:c3:0b brd ff:ff:ff:ff:ff:ff
inet 192.168.33.50/24 brd 192.168.33.255 scope global eth0
inet6 fe80::20c:29ff:fee5:c30b/64 scope link
valid_lft forever preferred_lft forever
3: pan0: mtu 1500 qdisc noqueue state UNKNOWN
link/ether fe:2c:7b:44:fe:57 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc2c:7bff:fe44:fe57/64 scope link
valid_lft forever preferred_lft forever
[root@localhost Desktop]# service NetworkManager stop
Stopping NetworkManager daemon: [ OK ]
[root@localhost Desktop]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0... done.
[ OK ]
[root@localhost Desktop]# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
####################IP地址已经更换完毕##########################################
2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:e5:c3:0b brd ff:ff:ff:ff:ff:ff
inet 192.168.33.131/24 brd 192.168.33.255 scope global eth0
inet6 fe80::20c:29ff:fee5:c30b/64 scope link
valid_lft forever preferred_lft forever
# 注意超网段的地址无法更改
####################IP地址已经更换完毕##########################################
3: pan0: mtu 1500 qdisc noqueue state UNKNOWN
link/ether fe:2c:7b:44:fe:57 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc2c:7bff:fe44:fe57/64 scope link
valid_lft forever preferred_lft forever
DHCP工作过程
-
第一个请求DISCOVER是利用广播实现的
-
收到请求后返回的OFFER是单播
-
客户端收到OFFER后发送的REQUEST也是广播
-
服务器收到后给的ACK是单播
所以客户端与服务器不应该有路由器隔绝广播,故超网段的地址无法更改
跨网段DHCP服务的解决方案
- RFC 1542 Compliant Routers:硬件路由
- dhcrelay:中继,另外找一台机器作为中继代理DHCP AGENT RELAY
- 代理由广播变成单播申请,并将结果发给客户端
- 有些路由器自带此功能
另一种DHCP配置文件方法
其他配置选项:
filename:指明引导文件名称
next-server:提供引导文件的服务器IP地址
示例:
fliename "pxelinux.0"基于网络的BootLoader文件
next-server 192.168.1.100;TFTP服务器地址
检查语法:
service dhcpd configtest
文件传输协议
FTP
PXE(Preboot Excution Environment)
预启动执行环境
PXE网卡具有引导功能
轻量级的FTP——TFTP服务
可以使用UDP传输协议,网卡中内置TFTP程序,端口号:69
搭建TFTP服务器
安装
[root@localhost ~]# yum install tftp-server
内容
[root@localhost ~]# rpm -ql tftp-server
/etc/xinetd.d/tftp
/usr/lib/systemd/system/tftp.service
/usr/lib/systemd/system/tftp.socket
/usr/sbin/in.tftpd
/usr/share/doc/tftp-server-5.2
/usr/share/doc/tftp-server-5.2/CHANGES
/usr/share/doc/tftp-server-5.2/README
/usr/share/doc/tftp-server-5.2/README.security
/usr/share/man/man8/in.tftpd.8.gz
/usr/share/man/man8/tftpd.8.gz
/var/lib/tftpboot
启动tftp
[root@localhost ~]# systemctl start tftp
查看端口
[root@localhost ~]# ss -ntlup
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 [::]:69 [::]:* users:(("in.tftpd",pid=6974,fd=0),("systemd",pid=1,fd=96))
tftp共享文件目录
/var/lib/tftpboot
设为开机启动
systemctl enable tftp
tftp客户端是不能查看共享目录内容的
实现基于PXE安装CentOS7系统
第一步:配置好dhcp服务器
在配置文件中加入TFCP服务器地址及文件
subnet 192.168.33.0 netmask 255.255.255.0 {
range 192.168.33.33 192.168.33.99;
option routers 192.168.33.1;
next-server 192.168.33.34;
filename "pxelinux.0";
# pxelinux.0 该文件名为约定俗成,不是特别指定的
}
# 重启服务
第二步:pexlinux.0文件
安装syslinux软件,该文件中带有pexlinux.0文件
yum install -y syslinux
将pexlinux.0文件拷贝到/var/lib/tftpboot文件夹中
isolinux.cfg文件订制
# 通过更改其文件内容达到对文件的订制
插眼:待填坑…
实现基于cobbler+PXE的自动化安装
1.Cobbler翻译为中文是补鞋匠,在linux方面则一个免费的用于系统安装部署的开源软件,官方地址 http://cobbler.github.io/,
2.cobbler是对技术的二次基于python的开发,提供了CLI(命令行)和Web的管理方式,另外还提供了API(应用程序编程接口)接口,方便二次开发使用,
3.相比PXE,cobbler支持多系统同时引导,而PXE只能一次引导一个系统的安装,
4.cobbler通常与开源软件puppet、saltstack配合使用,进行操作系统的批量安装与部署优化,从而实现大批量linux系统的无人值守安装与服务部署,大大提升运维的工作效率,
4.cobbler工作于服务端,结合DHCP/TFTP/saltstack等服务提供批量系统安装部署,
5.cobbler需要结合PXE技术对客户端进行操作系统的安装
Cobbler是由python开发,基于PXE二次封装,可以通过web方式管理安装。
cobbler工作原理
1.client裸机配置了从网络启动后,开机后会广播包请求DHCP服务器(cobbler server)发送其分配好的一个IP
2.DHCP服务器(cobbler server)收到请求后发送responese,包括其ip地址
3.client裸机拿到ip后再向cobbler server发送请求OS引导文件的请求
4.cobbler server告诉裸机OS引导文件的名字和TFTP server的ip和port
5.client裸机通过上面告知的TFTPserver地址通信,下载引导文件
6.client裸机执行执行该引导文件,确定加载信息,选择要安装的os,期间会再向cobbler server请求kickstart文件和os image
7.cobbler server发送请求的kickstart和os iamge.
8.client裸机加载kickstart文件 .client裸机接收os image,安装该os image
准备内容
-
Cobbler所一代的服务包括httpd,tftp,dhcp,如果有文本界面要求还需要安装cobbler-web
相关包说明:
- httpd:提供yum源,并配合cobbler-web使得cobbler可以通过web网页进行配置管理
- tftp-server:提供启动和菜单等相关文件网络下载功能
- cobbler-web:提供基于web的cobbler管理界面
- pykickstart.noarch:基于Python的管理kickstart文件的库
说明:
-
cobbler依赖于epel源,在安装前要配置epel源
-
在安装cobbler时会因为依赖而安装httpd,tftp-server相关包
-
设置为开机启动
[root@centos7 /]# systemctl enable --now cobblerd httpd tftp dhcpd Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service. Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket. Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service. Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details. # dhcpd报错暂时没有关系,待会配置一下就行 -
查看cobbler配置文件及各个目录情况
| 配置文件 | 功能说明 |
|---|---|
/etc/cobbler |
cobbler的主配置文件,保存了与cobbler相关的配置文件 |
/etc/cobbler/setting |
cobbler服务的默认主配置文件 |
/etc/cobbler/dhcp.template |
DHCP服务的配置模板,打开DHCP管理后可以根据该文件生成dhcpd.conf |
/etc/cobbler/tftpd.template |
tftp服务配置文件 |
/etc/cobbler/rsync.template |
rsync服务的配置模板 |
/etc/cobbler/iso |
iso模板配置文件目录 |
/etc/cobbler/pxe |
pxe模板文件目录 |
/etc/cobbler/power |
电源配置文件目录 |
/etc/cobbler/users.conf |
Web服务授权配置文件 |
/etc/cobbler/users.digest |
web访问的用户名密码配置文件 |
/etc/cobbler/dnsmasq.template |
DNS服务的配置模板 |
/etc/cobbler/modules.conf |
cobbler模块配置目录 |
/var/lib/cobbler |
cobbler数据目录 |
/var/lib/cobbler/config |
配置文件 |
/var/lib/cobbler/kickstarts |
默认存放kickstart文件目录 |
/var/lib/cobbler/loaders |
存放各种引导程序 |
/var/www/cobbler |
系统安装镜像目录 |
/var/www/cobbler/ks_mirror |
导入系统镜像列表 |
/var/www/cobbler/images |
导入系统镜像启动文件 |
/var/www/cobbler/repo_mirror |
yum源存储目录 |
/var/log/cobbler |
日志目录 |
/var/log/cobbler/install.log |
客户端系统安装日志 |
/var/log/cobbler/cobbler.log |
cobbler日志 |
cobbler用法
[root@centos7 ~]# cobbler --help
usage
=====
cobbler <distro|profile|system|repo|image|mgmtclass|package|file> ...
[add|edit|copy|getks*|list|remove|rename|report] [options|--help]
cobbler <aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version|signature|get-loaders|hardlink> [options|--help]
cobbler distro
[root@centos7 ~]# cobbler distro
usage
=====
cobbler distro add
cobbler distro copy
cobbler distro edit
cobbler distro find
cobbler distro list
cobbler distro remove
cobbler distro rename
cobbler distro report
查看可安装系统
cobbler distro list
配置阶段
检测cobbler的运行环境,并根据提示逐步配置cobbler
[root@centos7 /]# cobbler check
httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cobbler/cli.py", line 251, in check_setup
s.ping()
File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1591, in __request
verbose=self.__verbose
File "/usr/lib64/python2.7/xmlrpclib.py", line 1273, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1321, in single_request
response.msg,
ProtocolError: <ProtocolError for 127.0.0.1:80/cobbler_api: 404 Not Found>
更改/etc/xinetd.d/tftp配置文件,该服务为非独立服务,要将其设置为启动则
[root@centos7 /]# vim /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no #由yes改为no
per_source = 11
cps = 100 2
flags = IPv4
}
联网下载boot引导文件
测试阶段
环境准备:
两台主机
- 一台主机:CentOS7充当cobbler,http,dhcp,tftp服务器,并关闭防火墙和SELinux
- 另一台充当测试机,实习自动化安装Linux系统
安装cobbler;
[root@centos7 /]# yum install cobbler httpd tftp-server dhcp
[root@centos7 /]# systemctl enable --now cobblerd httpd tftp dhcpd
检查端口是否开启
[root@centos7 /]# ss -ntul
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 [::]:69 [::]:*
tcp LISTEN 0 5 127.0.0.1:25151 *:*
tcp LISTEN 0 128 [::]:80 [::]:* # 69是tftp端口 #25151为cobbler的监听端口 #80是http
执行cobbler check
[root@centos7 /]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
# 修改文件/etc/cobbler/settings,指定server指向
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
4 : enable and start rsyncd.service with systemctl
5 : debmirror package is not installed, it will be required to manage debian deployments and repositories
6 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
7 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
- 修改文件/etc/cobbler/settings
# this is the address of the cobbler server -- as it is used
# by systems during the install process, it must be the address
# or hostname of the system as those systems can see the server.
# if you have a server that appears differently to different subnets
# (dual homed, etc), you need to read the --server-override section
# of the manpage for how that works.
# server: 127.0.0.1
server: 192.168.33.130
# 指定服务器地址,390行
- 改完服务后重新启动cobbler,执行cobbler check,变为6项
[root@centos7 /]# systemctl restart cobblerd
[root@centos7 /]# cobbler check
The following are potential configuration items that you may want to fix:
1 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
2 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
3 : enable and start rsyncd.service with systemctl
4 : debmirror package is not installed, it will be required to manage debian deployments and repositories
# debian系统相关设置
5 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
# 系统应答文件的口令
6 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
# 集群相关设置
Restart cobblerd and then run 'cobbler sync' to apply changes.
# 变为6项
- 修改next-server为当前地址
# if using cobbler with manage_dhcp, put the IP address
# of the cobbler server here so that PXE booting guests can find it
# if you do not set this correctly, this will be manifested in TFTP open timeouts.
#next_server: 127.0.0.1
next_server:192.168.33.130
# 278行
- 在CentOS7中,tftp服务已经通过
systemctl enable --now tftp开机自启了,不需要在改配置文件
[root@centos7 /]# systemctl is-enabled tftp.socket
enabled
- 设置boot-loader
[root@centos7 /]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
├── etc
├── grub
├── images
├── images2
├── ppc
├── pxelinux.cfg
└── s390x
# 现在文件是空文件,像一些内核文件还没有,我们通过cobbler get-loaders来下载文件至该文件夹下
[root@centos7 ~]# cobbler get-loaders
task started: 2020-06-14_210159_get_loaders
task started (id=Download Bootloader Content, time=Sun Jun 14 21:01:59 2020)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@centos7 ~]# ls /var/lib/cobbler/loaders/
COPYING.elilo COPYING.yaboot grub-x86_64.efi menu.c32 README
COPYING.syslinux elilo-ia64.efi grub-x86.efi pxelinux.0 yaboot
# 下载的文件暂时存放于此目录,我们要通过cobbler sync将其放置于/var/lib/tftpboot/目录下
[root@centos7 ~]# cobbler sync
task started: 2020-06-14_210609_sync
task started (id=Sync, time=Sun Jun 14 21:06:09 2020)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
#################同步成功######################
[root@centos7 ~]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│ └── grub
│ └── menu.lst
├── etc
├── grub
│ ├── efidefault
│ ├── grub-x86_64.efi
│ ├── grub-x86.efi
│ └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│ └── default
├── s390x
│ └── profile_list
└── yaboot
10 directories, 10 files
#################配置文件中的default_password###############
[root@centos7 ~]# vim /etc/cobbler/settings
# cobbler has various sample kickstart templates stored
# in /var/lib/cobbler/kickstarts/. This controls
# what install (root) password is set up for those
# systems that reference this variable. The factory
# default is "cobbler" and cobbler check will warn if
# this is not changed.
# The simplest way to change the password is to run
# openssl passwd -1
# and put the output between the "" below.
default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
####通过openssl生成口令,替换默认口令
[root@centos7 ~]# openssl passwd -1
Password: centos
Verifying - Password: centos
$1$dne2pvmG$QjmWnhyMolFe0n3BbvszG/
- 实现dhcp服务
[root@centos7 ~]# vim /etc/cobbler/settings
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
#manage_dhcp: 0
##############将0改为1,通过cobbler生成dhcp配置文件#################
manage_dhcp: 1
# 改完后重启cobbler服务
[root@centos7 ~]# systemctl restart cobblerd
# 通过cobbler模板得到dhcp配置文件
[root@centos7 ~]# rpm -ql cobbler |grep dhcp
/etc/cobbler/dhcp.template
# 查看该模板
[root@centos7 ~]# vim /etc/cobbler/dhcp.template
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
################配置这部分的内容###############################
subnet 192.168.33.0 netmask 255.255.255.0 {
option routers 192.168.33.2;
option domain-name-servers 180.76.76.76;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.33.10 192.168.33.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
#############################################################
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
#if $iface.interface_type == "infiniband":
option dhcp-client-identifier = $mac;
#else
hardware ethernet $mac;
#end if
#if $iface.ip_address:
fixed-address $iface.ip_address;
#end if
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for
####配置好后同步,并重新启动cobbler服务####
[root@centos7 ~]# cobbler sync
task started: 2020-06-14_212503_sync
task started (id=Sync, time=Sun Jun 14 21:25:03 2020)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
# 此时dhcp配置文件已经替换
- 启动菜单优化(修改启动菜单的标题信息)
# 修改模板文件/etc/cobbler/pxe/pxedefault.template,重启同步
[root@centos7 ~]# vim /etc/cobbler/pxe/pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://www.coralloveme.com/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT $pxe_timeout_profile
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
$pxe_menu_items
MENU end
[root@centos7 ~]# systemctl restart cobblerd
[root@centos7 ~]# cobbler sync
###检查###
[root@centos7 ~]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://www.coralloveme.com/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
MENU end
8. 导入系统
[root@centos7 ~]# mount /dev/cdrom /mnt
mount: /dev/sr0 is write-protected, mounting read-only
[root@centos7 ~]# cobbler import --name=centos-7-x86_64 --path=/mnt --arch=x86_64
[root@centos7 /]# cobbler import --name=centos-6.9-x86_64 --path=/misc --arch=x86_64
[root@localhost ~]# cobbler distro list
centos-6-x86_64
centos-7-x86_64
# 查看菜单内容
[root@localhost ~]# cobbler profile list
centos-6-x86_64
centos-7-x86_64
[root@localhost ~]# cobbler profile --help
usage
=====
cobbler profile add
cobbler profile copy
cobbler profile dumpvars
cobbler profile edit
cobbler profile find
cobbler profile getks
cobbler profile list
cobbler profile remove
cobbler profile rename
cobbler profile report
# 根据菜单内容查看应答文件
[root@localhost ~]# cobbler profile report
Name : centos-7-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : centos-7-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/sample_end.ks
# 该文件是系统最小化安装应答文件
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
Name : centos-6-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : centos-6-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/sample_end.ks
# 该文件是系统最小化安装应答文件
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
# 查看生成的菜单default文件
[root@localhost ~]# cd /var/lib/tftpboot/pxelinux.cfg/
[root@localhost pxelinux.cfg]# ls
default
[root@localhost pxelinux.cfg]# cat default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://www.coralloveme.com/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos-6-x86_64
kernel /images/centos-6-x86_64/vmlinuz
MENU LABEL centos-6-x86_64
append initrd=/images/centos-6-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.33.33/cblr/svc/op/ks/profile/centos-6-x86_64
ipappend 2
LABEL centos-7-x86_64
kernel /images/centos-7-x86_64/vmlinuz
MENU LABEL centos-7-x86_64
append initrd=/images/centos-7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.33.33/cblr/svc/op/ks/profile/centos-7-x86_64
ipappend 2
MENU end
# 菜单中的ks应答文件默认是最小化应答文件,我们可以自己配置应答文件内容
- 配置linux发行版和关联相应的ks文件
[root@localhost pxelinux.cfg]# cd /var/lib/cobbler/kickstarts/
# 应答文件必须存放在此目录下
将linux发现版系统镜像与其对应的ks文件建立关联
cobbler profile add --name=centos7 --distro=centos-7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg
如果之前有自动生成的distro菜单条目,可以用
cobbler profile remove --name=PROFILE_NAME
删除后再关联ks文件,留下新的菜单
是cobbler自己定义安装源路径的特有语法规定的,因此可以在ks文件中指定安装源时直接指定$tree变量
url --url=$tree
建立关联后重启并同步
systemctl restart cobblerd
cobbler sync
注意事项
[root@localhost ~]# cobbler report
distros:
==========
Name : centos-7-x86_64
Architecture : x86_64
TFTP Boot Files : {}
Breed : redhat
Comment :
Fetchable Files : {}
Initrd : /var/www/cobbler/ks_mirror/centos-7-x86_64/images/pxeboot/initrd.img
Kernel : /var/www/cobbler/ks_mirror/centos-7-x86_64/images/pxeboot/vmlinuz
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart Metadata : {'tree': 'http://@@http_server@@/cblr/links/centos-7-x86_64'}
Management Classes : []
OS Version : rhel7
Owners : ['admin']
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Template Files : {}
注意有一行配置如下
Kickstart Metadata : {'tree': 'http://@@http_server@@/cblr/links/centos-7-x86_64'}
该行的定义为/var/www/cobbler/ks_mirror/config/centos-7-x86_64
[root@localhost ~]# cat /var/www/cobbler/ks_mirror/config/centos-7-x86_64.repo
[core-0]
name=core-0
baseurl=http://@@http_server@@/cobbler/ks_mirror/centos-7-x86_64
enabled=1
gpgcheck=0
priority=$yum_distro_priority
我的centos7.cfg
[root@localhost ~]# cat centos7.cfg
#version=DEVEL
# System authorization information
auth --enableshadow --passalgo=sha512
# Use network installation
url --url=$tree
# Use graphical install
graphical
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=sda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8
# firewall and selinux
firewall --disabled
selinux --disabled
# Network information
network --bootproto=dhcp --device=eth0 --onboot=yes --ipv6=auto --no-activate
network --hostname=localhost.localdomain
# Root password
rootpw --iscrypted $6$6uNGLsloTDzglpSO$UvFU7hzHd9AReFxbOV7ToRkLeS.hYo1wGfy2VPG9IgFdJrzsXhDH9R92UBtNoqfeYfyJqz9DbJJyj9GVLuVbQ0
# System services
services --disabled="chronyd"
# System timezone
timezone Asia/Shanghai --isUtc --nontp
user --name=flamenca --password=$6$2MTD2y1eRUUbuELU$1RWWo9LLzalMJJOdjHp8eGXt6xVYIzz6qiZCqDTPurQo/w8NJyjjkWe9Gq2kZXgMjgXRyQUrm60UkIs5kjPFj1 --iscrypted --gecos="flamenca"
# X Window System configuration information
xconfig --startxonboot
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr --boot-drive=sda
autopart --type=lvm
# Partition clearing information
clearpart --none --initlabel
%packages
@^gnome-desktop-environment
@base
@core
@desktop-debugging
@dial-up
@directory-client
@fonts
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@java-platform
@multimedia
@network-file-system-client
@networkmanager-submodules
@print-client
@x11
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
%post
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/* /etc/yum.repos.d/bak
cat > /yum.repos.d/Base.repo << EOF
[base]
name=Centos 7 Base
baseurl=http://192.168.33.33/centos/7/os/x86_64/mnt/
gpgcheck=0
[epel]
name=Centos 7 Epel
baseurl=https://mirrors.aliyun.com/epel/7/x86_64/
gpgcheck=0
EOF
%end
[root@localhost ~]# mv centos7.cfg /var/lib/cobbler/kickstarts/;cd /var/lib/cobbler/kickstarts/
[root@localhost kickstarts]# ls
centos7.cfg pxerescue.ks sample_esxi6.ks
default.ks sample_autoyast.xml sample.ks
esxi4-ks.cfg sample_end.ks sample_old.seed
esxi5-ks.cfg sample_esx4.ks sample.seed
install_profiles sample_esxi4.ks sample.seed.28
legacy.ks sample_esxi5.ks
[root@localhost kickstarts]# cobbler profile add --name=centos7-test --distro=centos-7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg
[root@localhost kickstarts]# cobbler profile list
centos-6-x86_64
centos-7-x86_64
centos7-test
移除原cento7菜单
[root@localhost kickstarts]# cobbler profile remove --name=centos-7-x86_64
[root@localhost kickstarts]# cobbler profile list
centos-6-x86_64
centos7-test
检查/var/lib/tftpboot/pxelinux.cfg/default文件
[root@localhost kickstarts]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://www.coralloveme.com/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos-6-x86_64
kernel /images/centos-6-x86_64/vmlinuz
MENU LABEL centos-6-x86_64
append initrd=/images/centos-6-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.33.33/cblr/svc/op/ks/profile/centos-6-x86_64
ipappend 2
LABEL centos7-test
kernel /images/centos-7-x86_64/vmlinuz
MENU LABEL centos7-test
append initrd=/images/centos-7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.33.33/cblr/svc/op/ks/profile/centos7-test
ipappend 2
MENU end
总结
# 将tftp-server设置成为开机自动运行,在centos7中
systemctl enable --now tftp-server
# centos6中需要修改配置文件
vim /etc/xinetd.d/tftp
disable = yes --> disable = no
# 需要配置epel源才可以下载cobbler和cobbler-web
[epel]
name=EPEL
baseurl=https://mirrors.aliyun.com/epel/7/x86_64/
gpgcheck=0
# 如果事先已经安装好httpd,安装完cobbler以及cobbler-web后需要restart httpd
# 联网下载boot引导程序
cobbler get-loaders
# 没有联网的情况下拷贝syslinux中的pxelinux.0,menu.c32到tftp服务文件中
cp -a /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot
# cobbler check,按照步骤修改配置文件 /etc/cobbler/settings 中的 next_server信息,指明tftp服务器地址
# 配置相应选项来管理dhcp服务和tftp服务
manage_dhcp: 1
manage_tftpd: 1
# pxe_just_once选项,该选项为1表示pxe安装快结束时在cobbler系统中做相应的记录,这样会避免客户端的BIOS选项中PXE启动如果是第一位则会导致循环重启,如果第一个启动硬件不是PXE启动则置0
pxe_just_once: 1
# 配置dhcp服务
# 剩下的内容基本都在笔记中了
实现基于cobbler-web的管理
下载cobbler-web
[root@localhost /]# yum install cobbler-web
重新启动httpd服务
[root@localhost /]# systemctl restart httpd
端口号
[root@localhost /]# ss -ntulp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 [::]:443 [::]:* users:(("httpd",pid=57813,fd=6),("httpd",pid=57812,fd=6),("httpd",pid=57811,fd=6),("httpd",pid=57810,fd=6),("httpd",pid=57809,fd=6),("httpd",pid=57807,fd=6))
# https端口,http+ssl
网址:
http://192.168.33.33/cobbler_web
错误原因:需要走https
https://192.168.33.33/cobbler_web
这错误的原因是因为该页面的证书是自己颁发的证书
所以不用管它,继续前往
默认账户密码都是cobbler
账户认证方法
- authn_configfile,默认
- authn_pam
配置认证方法文件
[root@localhost /]# vim /etc/cobbler/modules.conf
[authentication]
module = authn_configfile
用户认证文件/etc/cobbler/users.digest
[root@localhost /]# cat /etc/cobbler/users.digest
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3
#username | realm | passwd
添加用户
htdigest -c /etc/cobbler/users.conf Cobbler admin
# realm #username
注意
添加第一个用户时,使用 -c 选项(重新创建),后续添加其他用户时不要再使用
cobbler_web的realm只能为Cobbler