13、chrony时间同步与cobbler自动化装机

1、配置chrony服务，实现服务器时间自动同步

1. 准备工作
   服务器：192.168.45.202，CentOS7系统，系统已禁用selinux和firewall
   客户端：192.168.45.203，CentOS7系统，系统已禁用selinux和firewall
2. 服务器端配置
   2.1 由于CentOS7中已默认安装chrony包，因此无需安装，直接启动即可

[root@s202 ~]# systemctl start chronyd
[root@s202 ~]# systemctl enable chronyd

2.2 配置chrony
　vim /etc/chrony.conf

[root@s202 ~]# cat /etc/chrony.conf |sed '/^$/d'|sed '/^#/d'
server 192.168.45.202 iburst #设置作为NTP的IP或域名
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.45.0/16 #设置允许同步的IP段
local stratum 10  ##开启，即使server指令中时间服务器不可用，也允许将本地时间作为标准时间授予其他客户端
logdir /var/log/chrony

2.3 重启chronyd服务

[root@s202 ~]# systemctl restart chronyd

3. 客户端配置
   3.1 启动chronyd服务

[root@s203 ~]# systemctl start chronyd

3.2 修改/etc/chrony.conf

[root@s203 ~]# vim /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.45.202 iburst

3.3 重新启动chronyd服务

[root@s203 ~]# systemctl restart chronyd

查看时间源的同步信息

[root@s203 ~]# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.45.202               11   7   377    88   +161us[ +168us] +/-   87ms

4. 验证：
   修改客户端的时间为2021/07/12

[root@s203 ~]# date -s 07/12/2021
Mon Jul 12 00:00:00 CST 2021
[root@s203 ~]# date
Mon Jul 12 00:00:02 CST 2021

然后等待一会儿查看结果：

[root@centos7 ~]# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? 192.168.45.202               11   6    37    65  +43272m[+43272m] +/- 6218us
[root@centos7 ~]# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.45.202               11   6   177     3  -1229ns[+43272m] +/-   12ms
[root@centos7 ~]# date
Sun Jul 12 22:51:13 CST 2020

2、实现cobbler+pxe自动化装机

1) 安装cobbler包及相关依赖程序

注：cobbler需要启用epel源安装

[root@centos7 ~]#yum install cobbler dhcp tftp tftp-server httpd -y

2) 启动cobbler

[root@centos7 ~]# systemctl start cobblerd
[root@centos7 ~]# systemctl enable cobblerd
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.

3) 对cobbler配置项进行检查

[root@centos7 ~]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

4) 根据cobbler检查结果进行完善

①修改/etc/cobbler/settings

manage_dhcp: 1
next_server: 192.168.45.135
server: 192.168.45.135

②修改/etc/cobbler/settings中默认密码
首先生成一个加密密码

[root@centos7 ~]# openssl passwd -1
Password: 
Verifying - Password: 
$1$7xkUcdUT$TMeUcl5TOEztKxCuPdX5N.

对default_password_crypted进行替换

default_password_crypted: "$1$7xkUcdUT$TMeUcl5TOEztKxCuPdX5N."

③执行cobbler get-loaders

[root@centos7 ~]# cobbler get-loaders
task started: 2020-07-19_215436_get_loaders
task started (id=Download Bootloader Content, time=Sun Jul 19 21:54:36 2020)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***

执行同步操作cobbler sync，但报dhcp错误

received on stdout: 
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.

Exception occured: 
Exception value: 'cobbler trigger failed: cobbler.modules.sync_post_restart_services'
Exception Info:
  File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 82, in run
    rc = self._run(self)
   File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 181, in runner
    return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger)
   File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 763, in sync
    return sync.run()
   File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line 144, in run
    utils.run_triggers(self.api, None, "/var/lib/cobbler/triggers/sync/post/*", logger=self.logger)
   File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 928, in run_triggers
    raise CX("cobbler trigger failed: %s" % m.__name__)

!!! TASK FAILED !!!

④配置DHCP，修改/etc/cobbler/dhcp.template模板文件

subnet 192.168.45.0 netmask 255.255.255.0 {
     option routers             192.168.45.2;
     option domain-name-servers 192.168.45.2;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.45.210 192.168.45.230;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;

⑤执行同步cobbler sync,并启动DHCP服务

[root@centos7 ~]# cobbler sync

5) 启动dhcp/tftp/httpd等服务

[root@centos7 ~]# systemctl start dhcpd tftp httpd

6) 导入要安装的系统文件

[root@centos7 ~]# mount /dev/sr0 /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@centos7 ~]# cobbler import --name=centos7 --path=/mnt
task started: 2020-07-19_221235_import
task started (id=Media import, time=Sun Jul 19 22:12:35 2020)

Found a candidate signature: breed=redhat, version=rhel7
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/centos7:
creating new distro: centos7-x86_64
trying symlink: /var/www/cobbler/ks_mirror/centos7 -> /var/www/cobbler/links/centos7-x86_64
creating new profile: centos7-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/centos7 for centos7-x86_64
processing repo at : /var/www/cobbler/ks_mirror/centos7
need to process repo/comps: /var/www/cobbler/ks_mirror/centos7
looking for /var/www/cobbler/ks_mirror/centos7/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos7/repodata
*** TASK COMPLETE ***

此时cobbler已经自动将导入的系统加入菜单，系统已可以进行最小化自动化安装

[root@centos7 ~]# cat /var/lib/tftpboot/pxelinux.cfg/default 
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local

LABEL local
        MENU LABEL (local)
        MENU DEFAULT
        LOCALBOOT -1

LABEL centos7-x86_64
        kernel /images/centos7-x86_64/vmlinuz
        MENU LABEL centos7-x86_64
        append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.45.135/cblr/svc/op/ks/profile/centos7-x86_64
        ipappend 2

MENU end

7) 设置自定义kickstart文件，可以手工设置，也可以使用kickstart工具，这里使用kickstart工具

kickstart工具需要安装
[root@centos7 ~]# yum install system-config-kickstart
[root@centos7 ~]# system-config-kickstart 
/usr/share/system-config-kickstart/kickstartGui.py:104: GtkWarning: GtkSpinButton: setting an adjustment with non-zero page size is deprecated
  xml = gtk.glade.XML ("/usr/share/system-config-kickstart/system-config-kickstart.glade", domain="system-config-kickstart")
Loaded plugins: fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration

在弹出的配置界面按步骤进行设置即可，设置完成后保存至/var/lib/cobbler/kickstarts中备用（cobbler中的kickstart文件均放置在/var/lib/cobbler/kickstarts中）

kickstart设置界面

结果：

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$7WGID/oq$shmwTbH1j6Thxir1ceo/u.
# System language
lang en_US
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use graphical install
graphical
firstboot --disable
# SELinux configuration
selinux --disabled


# Firewall configuration
firewall --disabled
# Network information
network  --bootproto=dhcp --device=ens33
# Halt after installation
reboot
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url=$tree
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part / --fstype="xfs" --size=102400
part /boot --fstype="xfs" --size=1024
part swap --fstype="swap" --size=4096
part /data --fstype="xfs" --grow --size=1

%packages
@^gnome-desktop-environment
@base
@core
@desktop-debugging
@dial-up
@directory-client
@fonts
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@java-platform
@multimedia
@network-file-system-client
@networkmanager-submodules
@print-client
@x11
kexec-tools
autofs
%end

8) 新增自定义启动菜单，将自定义的kickstart文件添加到启动项中（自定义kickstart为自动安装桌面版系统）

[root@centos7 kickstarts]# cobbler profile add --name=centos7.6-x86_64_desktop --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.ks

此时启动菜单中已自动新增一行菜单

[root@centos7 kickstarts]# cat /var/lib/tftpboot/pxelinux.cfg/default 
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local

LABEL local
        MENU LABEL (local)
        MENU DEFAULT
        LOCALBOOT -1

LABEL centos7-x86_64
        kernel /images/centos7-x86_64/vmlinuz
        MENU LABEL centos7-x86_64
        append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.45.135/cblr/svc/op/ks/profile/centos7-x86_64
        ipappend 2

LABEL centos7.6-x86_64_desktop
        kernel /images/centos7-x86_64/vmlinuz
        MENU LABEL centos7.6-x86_64_desktop
        append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.45.135/cblr/svc/op/ks/profile/centos7.6-x86_64_desktop
        ipappend 2

至此cobbler配置完成，新建一个虚拟机进行安装测试

启动，选择自定义的配置进行安装测试

开始执行引导

根据kickstart设置进行自动配置

开始安装

安装完成后自动重启

根据DHCP的IP范围设定自动分配有效IP地址

测试成功，完成。