Cobbler学习文档 |
作者:perofu
|
Email:perofu.com@gmail.com
版本:version:2.0
|
2013/11/06 |
1、Cobbler(补鞋匠)是一个快速网络安装linux的服务,而且在经过调整也可以支持网络安装windows。该工具使用python开发,小巧轻便(才15k行代码),使用简单的命令即可完成PXE网络安装环境的配置,同时还可以管理DHCP,DNS,以及yum包镜像。
2、Cobbler支持命令行管理,web界面管理,还提供了API接口,可以方便二次开发使用。
3、和Kickstart不同的是,使用cobbler不会因为在局域网中启动了dhcp而导致有些机器因为默认从pxe启动在重启服务器后加载tftp内容导致启动终止。
4、Cobbler作为一个预备工具,使部署RedHat/Centos/Fedora系统更容易,同时也支持Suse和Debian系统的部署。
5、它提供以下服务集成:
* PXE服务支持
* DHCP服务管理
* DNS服务管理
* Kickstart服务支持
* yum仓库管理
6、Cobbler客户端Koan支持虚拟机安装和操作系统重新安装。
7、Cobbler web界面 可以更好得管理用户操作界面。
8、常用架构如下图:
9、工作流程:
10、Cobbler配置文件说明:
配置文件名称 |
作 用 |
/etc/cobbler/settings |
Cobbler主配置文件 |
/etc/cobbler/users.digest |
用于web访问的用户名密码配置文件 |
/etc/cobbler/modules.conf |
模块配置文件 |
/etc/cobbler/users.conf |
Cobbler WebUI/Web 服务授权配置文件 |
/etc/cobbler/iso/ |
Buildiso 模板配置文件 |
/etc/cobbler/power |
电源配置文件 |
/etc/cobbler/pxe |
Pxeprofile配置模板 |
/etc/cobbler |
此目录也包含rsync、dhcp、dns、pxe、dnsmasq等服务的模板配置文件 |
11、镜像数据目录/var/www/cobbler:
目录名称 |
作 用 |
/var/www/cobbler/images/ |
存储所有导入发行版的Kernel和initrd镜像用于远程网络启动 |
/var/www/cobbler/ks_mirror/ |
存储导入的发行版系统数据 |
/var/www/cobbler/repo_mirror/ |
仓库存储目录 |
/var/log/cobbler |
Cobbler日志文件 cobbler.log install.log |
12、Cobbler数据目录/var/lib/cobbler
目录名称 |
作 用 |
/var/lib/cobbler/config/ |
存放distros、repos、systems和profiles等信息配置文件,一般都是json文件 |
/var/lib/cobbler/snippets/ |
存放ks文件可以导入的脚本小片段,值得研究 |
/var/lib/cobbler/triggers |
存放用户定义的cobbler 命令 |
/var/lib/cobbler/kickstarts/ |
存放kickstart配置文件 |
13、Cobbler日志:
目录名称 |
作 用 |
/var/log/cobbler/install.log |
使用cobbler网络安装过的记录 |
/var/log/cobbler/cobbler.log |
Cobbler日志 |
14、cobbler命令:
命令名称 |
命令用途 |
cobbler check |
检查cobbler配置 |
cobbler list |
列出所有的cobbler元素 |
cobbler report |
列出元素的详细信息 |
cobbler distro |
查看导入的发行版系统信息 |
cobbler system |
查看添加的系统信息 |
cobbler profile |
查看配置信息 |
cobbler sync |
同步Cobbler配置,更改配置最好都要执行下 |
cobbler reposync |
同步yum仓库 |
wget http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum install cobbler httpd rsync tftp-server xinetd dhcp python-ctypes koan cobbler-web -y
setenforce 0
vi /etc/sysconfig/selinux
SELINUX=disabled
/etc/init.d/httpd start
/etc/init.d/cobblerd start
chkconfig --add httpd
chkconfig httpd on
chkconfig --add cobblerd
chkconfig cobblerd on
chkconfig dhcpd on
chkconfig xinetd on
chkconfig tftp on
打印想要完成cobbler配置的步骤,只需要按照步骤进行配置cobbler即可(除了第七和第九步以外)。如想使用脚本自动安装,此步骤可不用。
cobbler check
The following are potential configuration items that you may want to fix: 1 : The ‘server’ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the ‘next_server’ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders’ to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders’ command is the easiest way to resolve these requirements. 4 : change ‘disable’ to ‘no’ in /etc/xinetd.d/rsync 5 : since iptables may be running, ensure 69, 80/443, and 25151 are unblocked 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : ksvalidator was not found, install pykickstart 8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler’ and should be changed, try: “openssl passwd -1 -salt ‘random-phrase-here’ ‘your-password-here’” to generate new one 9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run ‘cobbler sync’ to apply changes.
|
注:
上面这段信息大意就是:
1.编辑/etc/cobbler/settings文件,找到 server选项,修改为适当的ip地址,
2.编辑/etc/cobbler/settings文件,找到 next_server选项,修改为适当的ip地址,
3.SELinux的设置。如果上面已经关闭了SELinux就不用管了。
4.执行 cobbler get-loaders,系统将自动下载loader程序,完成提示4的修复工作。
5.编辑/etc/xinetd.d/tftp文件,将文件中的disable字段的配置由yes改为no。
6.编辑/etc/xinetd.d/rsync文件,将文件中的disable字段的配置由yes改为no。
7.在iptables中将69,80,25151端口打开。如果仅仅只是在内部环境中使用,建议直接将防火墙关掉。
8.提示说debmirror没安装。
vi /etc/cobbler/settings
server: 本机ip next_server: 本机ip manage_dhcp: 1
|
server: 172.22.2.97 next_server: 172.22.2.97 manage_dhcp: 1 |
此步骤是下载一些文件,可将下载的文件保存,应用到下一个cobbler,就可不用执行cobbler get-loaders了。
cobbler get-loaders
[root@localhost ~]# cobbler get-loaders task started: 2013-08-07_062050_get_loaders task started (id=Download Bootloader Content, time=Wed Aug 7 06:20:50 2013) downloading http://www.cobblerd.org/loaders/README to /var/lib/cobbler/loaders/README downloading http://www.cobblerd.org/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo downloading http://www.cobblerd.org/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot downloading http://www.cobblerd.org/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux downloading http://www.cobblerd.org/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi downloading http://www.cobblerd.org/loaders/yaboot-1.3.14-12 to /var/lib/cobbler/loaders/yaboot downloading http://www.cobblerd.org/loaders/pxelinux.0-3.61 to /var/lib/cobbler/loaders/pxelinux.0 downloading http://www.cobblerd.org/loaders/menu.c32-3.61 to /var/lib/cobbler/loaders/menu.c32 downloading http://www.cobblerd.org/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi downloading http://www.cobblerd.org/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi *** TASK COMPLETE ***
|
vim /etc/xinetd.d/rsync
disable = no
vim /etc/xinetd.d/tftp
disable = no
yum -y install pykickstart debmirror cman fence-agents
openssl passwd -1 -salt ‘'任意字符串' '密码'
[root@localhost ~]# openssl passwd -1 -salt ‘'asd asd asdccs' '123456' $1$‘asd a$MFZfPSaYJxyIu5eL48cl10 |
vi /etc/cobbler/settings
default_password_crypted: "$1$‘asd a$MFZfPSaYJxyIu5eL48cl10" |
vi /etc/debmirror.conf
#@dists=”sid”;
#@arches=”i386″;
@di_dists="dists";
@di_archs="arches";
vi /etc/cobbler/dhcp.template
ddns-update-style interim; allow booting; allow bootp; ignore client-updates; set vendorclass = option vendor-class-identifier; option pxe-system-type code 93 = unsigned integer 16; subnet 172.22.2.0 netmask 255.255.255.0 { option routers 172.22.2.97; option domain-name-servers 172.22.2.1; option subnet-mask 255.255.255.0; range dynamic-bootp 172.22.2.100 172.22.2.254; default-lease-time 21600; max-lease-time 43200; next-server $next_server; filename "/pxelinux.0"; }
|
vi /etc/dhcp/dhcpd.conf
ddns-update-style none; subnet 172.22.2.0 netmask 255.255.255.0 { option routers 172.22.2.79; option domain-name-servers 8.8.8.8; option subnet-mask 255.255.255.0; range dynamic-bootp 172.22.2.100 172.22.2.254; filename "/pxelinux.0"; default-lease-time 21600; max-lease-time 43200; next-server 172.22.2.79; } |
注:网上有的是配置/etc/dhcp/dhcpd.conf的,就会出现无法启动dhcpd。
vi /etc/sysconfig/dhcpd
DHCPDARGS=eth1
/etc/init.d/cobblerd restart
/etc/init.d/xinetd restart
/etc/init.d/dhcpd restart
/etc/init.d/httpd restart
每次修改dhcp的配置(/etc/dhcp/dhcpd.conf)后,必须cobbler sync同步配置。
cobbler sync
[root@localhost ~]# cobbler sync task started: 2013-08-07_064126_sync task started (id=Sync, time=Wed Aug 7 06:41:26 2013) running pre-sync triggers cleaning trees removing: /var/www/cobbler/images/CentOS6.3-x86_64 removing: /var/lib/tftpboot/pxelinux.cfg/default removing: /var/lib/tftpboot/grub/efidefault removing: /var/lib/tftpboot/grub/images removing: /var/lib/tftpboot/images/CentOS6.3-x86_64 removing: /var/lib/tftpboot/s390x/profile_list copying bootloaders trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32 trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros to tftpboot copying files for distro: CentOS6.3-x86_64 trying hardlink /var/www/cobbler/ks_mirror/CentOS6.3/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/CentOS6.3-x86_64/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/CentOS6.3/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/CentOS6.3-x86_64/initrd.img copying images generating PXE configuration files generating PXE menu structure copying files for distro: CentOS6.3-x86_64 trying hardlink /var/www/cobbler/ks_mirror/CentOS6.3/images/pxeboot/vmlinuz -> /var/www/cobbler/images/CentOS6.3-x86_64/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/CentOS6.3/images/pxeboot/initrd.img -> /var/www/cobbler/images/CentOS6.3-x86_64/initrd.img Writing template files for CentOS6.3-x86_64 rendering DHCP files generating /etc/dhcp/dhcpd.conf rendering TFTPD files generating /etc/xinetd.d/tftp cleaning link caches running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running: dhcpd -t -q received on stdout: received on stderr: running: service dhcpd restart received on stdout: Starting dhcpd: [ OK ] received on stderr: running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE ***
|
光盘:(--path:光盘挂载路径 --name:显示名称)
cobbler import --path=/mnt/ --name=CentOS6.3
注:被导入的镜像存在:/var/www/cobbler/ks_mirror/。
镜像:
cobbler import --path=rsync://mirrors.163.com/centos/6.0/os/i386/ --name=centos-6.0-i386
注:如删除镜像,删除后,本地/var/www/cobbler/ks_mirror/centos6.0 目录被移除。
/etc/init.d/cobblerd restart
/etc/init.d/xinetd restart
/etc/init.d/dhcpd restart
/etc/init.d/httpd restart
设置profile,关联镜像和kickstart文件,profile可以理解为按角色进行分类。
用cobbler安装操作系统时,cobbler真正执行的kickstart文件其实不是 /var/lib/cobbler/kickstarts/default.ks,
而是 /var/lib/cobbler/kickstarts/sample.ks,可在配置文件/etc/cobbler/settings中看到。
添加profile文件,即指定名为centos5.5,使用某个kickstart文件:
cobbler profile add --name=centos5.5 --distro=centos5.5-i386 --kickstart=/var/lib/cobbler/kickstarts/centos55.ks |
变更profile配置名称,名称由CenOS5.5修改为CentOS5.5-i386
cobbler profile rename --name=CentOS5.5 –newname=CentOS5.5-i386 |
删除profile配置,需要删除的profile名称为CenOS5.5
cobbler profile remove --name=CentOS5.5 |
system是对待安装机器做具体设置,如设置主机名、IP地址、hostname等,这些设置根据MAC应用到具体机器上。
个人感觉用处不大,因为这些完全在ks中可配置。
#添加system配置,配置文件名称:webserver1,机器IP地址192.168.0.110,机器MAC地址:00:0C:29:77:89:c7,使用配置文件名称:webserver,kickstart文件为:/var/lib/cobbler/kickstarts/webserver.ks
cobbler system add --name=webserver1 --ip=192.168.0.110 --mac=00:0C:29:77:89:c7 --profile=webserver --kickstart=/var/lib/cobbler/kickstarts/webserver.ks --static=1 |
#删除system配置,需要删除的profile名称为dberver1
cobbler system remove --name=dbserver1 |
sed -i 's/authn_denyall/authn_configfile/g' /etc/cobbler/modules.conf
注:vi /etc/cobbler/modules.conf
[authentication]
module = authn_configfile
[authorization]
module = authz_allowall
/etc/init.d/cobblerd restart
htdigest /etc/cobbler/users.digest "Cobbler" 用户名
https://172.22.2.97/cobbler_web
yum install koan -y
koan --list=profiles --server=ip
koan --replace-self --server=192.168.2.142 --profile=列表
reboot
注:从测试过程中看到,就算是服务器默认设置成了通过pxe启动,而且也顺利的通过pxe启动了,但之后会收到cobbler的引导菜单。如果默认没有任何选择的话,20秒后会使用local方式加载,也就是启动硬盘上的系统。
同pxe,只需新建虚拟机,并启动,即可。
vi /etc/init.d/cobbler_all
#!/bin/sh
case $1 in
start)
/etc/init.d/httpd start
/etc/init.d/xinetd start
/etc/init.d/dhcpd start
/etc/init.d/cobblerd start
;;
stop)
/etc/init.d/httpd stop
/etc/init.d/xinetd stop
/etc/init.d/dhcpd stop
/etc/init.d/cobblerd stop
;;
status)
/etc/init.d/httpd status
/etc/init.d/xinetd status
/etc/init.d/dhcpd status
/etc/init.d/cobblerd status
;;
sync)
cobbler sync
;;
*)
echo "Input error,please in put 'start|stop|status|sync'!";
exit 2>&1 >/dev/null &
;;
esac
chmod +x /etc/init.d/cobbler_all
/etc/init.d/cobbler_all start|stop|startus|sync
cobblerd does not appear to be running/accessible
|
解决方法:
service cobblerd restart service httpd restart
|
Starting httpd: Syntax error on line 10 of /etc/httpd/conf.d/cobbler.conf: Invalid command 'WSGIScriptAliasMatch', perhaps misspelled or defined by a module not included in the server configuration
|
解决方法:
vi /etc/httpd/conf.d/wsgi.conf #去掉#号 LoadModule wsgi_module modules/mod_wsgi.so |
httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback: Traceback (most recent call last):
|
解决方法:
service httpd start vi /etc/sysconfig/selinux SELINUX=enforcing更改为SELINUX=disabled,重启使之生效。 |
Traceback (most recent call last): File "/usr/bin/cobbler", line 35, in ? sys.exit(app.main()) File "/usr/lib/python2.4/site-packages/cobbler/cli.py", line 558, in main rc = cli.run(sys.argv) File "/usr/lib/python2.4/site-packages/cobbler/cli.py", line 202, in run self.token = self.remote.login("", self.shared_secret) File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request verbose=self.__verbose File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request return self._parse_response(h.getfile(), sock) File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response return u.close() File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close raise Fault(**self._stack[0]) xmlrpclib.Fault: <Fault 1: "cobbler.cexceptions.CX:'login failed'">
|
解决方法:此为BUG,按下方操作执行即可。
service cobblerd restart cobbler get-loaders |
解决方法:停止iptables ,即可。
iptables -F chkconfig iptables off |