Cobbler作为一个预备工具,
使部署RedHat/Centos/Fedora系统更容易,同时也支持Suse和Debian系统的部署。
它提供以下服务集成:
* PXE服务支持
* DHCP服务管理
* DNS服务管理
* Kickstart服务支持
* yum仓库管理
插张图,说明下无论在esxi的
虚拟机中还是物理机中全部测试成功,有了cobbler从此不再烦O(∩_∩)O!
Cobbler客户端Koan支持虚拟机安装和操作系统重新安装。
Cobbler服务器部署:
1、确保EPEL仓库可用,如果不可用先安装epel包:
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
#update 20120903
download.fedora.redhat.com 更换为 dl.fedoraproject.org 例如RHEL6
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm [rhel 5.x]
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
[rhel 6.x]
2、安装cobbler server需要的的所有包:
yum install cobbler httpd rsync tftp-server xinetd dhcp
3、启动httpd和cobblerd,并设置为开机自启动:
/sbin/service httpd start
/sbin/service cobblerd start
/sbin/chkconfig httpd on
/sbin/chkconfig dhcpd on
/sbin/chkconfig xinetd on
/sbin/chkconfig tftp on
/sbin/chkconfig cobblerd on
4、检查cobbler相关配置:
cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : you need to set some SELinux content rules to ensure cobbler works correctly in your SELinux environment, run the following: /usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && \ /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*"
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in /etc/xinetd.d/tftp
6 : change 'disable' to 'no' in /etc/xinetd.d/rsync
7 : since iptables may be running, ensure 69, 80, and 25151 are unblocked
8 : debmirror package is not installed, it will be required to manage debian deployments and repositories
9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
Restart cobblerd and then run 'cobbler sync' to apply changes.
修正上面错误:
1)、vi /etc/cobbler/settings
server: 192.168.0.2 #设置cobbler server的IP地址
next_server: 192.168.0.2 #设置PXE server的IP地址
manage_dhcp: 1 #开启管理DHCP服务
default_kickstart: /var/lib/cobbler/kickstarts/default.ks #设置默认的kickstart配置文件,此文件建议用system-config-kickstart(需要X环境)生成
2)、关闭防火墙和SElinux
3)、获取启动镜像
cobbler get-loaders
4)、启动tftp和rsync
vi /etc/xinetd.d/tftp
将disable = yes改为:disable = no
vi /etc/xinetd.d/rsync
将disable = yes改为:disable = no
重启xinetd服务:
/etc/init.d/xinetd restart
5)、修改DHCP模板,确保DHCP分配的地址和Cobbler在同一网段
vi
/etc/cobbler/dhcp.template
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
subnet
192.168.0.0 netmask
255.255.255.0 {
option routers
192.168.0.1;
# option domain-name-servers 192.168.0.2;
option subnet-mask
255.255.255.0;
range dynamic-bootp 192.168.0.100 192.168.0.200;
filename "/pxelinux.0";
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
hardware ethernet $mac;
#if $iface.ip_address:
fixed-address $iface.ip_address;
#end if
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.subnet:
option subnet-mask $iface.subnet;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
filename "$iface.filename";
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for
5、同步cobbler配置,使修改生效:
cobbler sync
6、挂载Linux安装盘,生成安装镜像:
mount /dev/cdrom /mnt/
cobbler import --path=/mnt/ --name=CentOS-5-i386
略
7、RPM仓库管理
相关阅读:https://fedorahosted.org/cobbler/wiki/ManageYumRepos
我们可以为cobbler添加RPM仓库:
cobbler repo add --name=CentOS-5-i386 --mirror=http://mirrors.163.com/centos/5/os/i386/
cobbler repo add --name=EPEL-5-i386 --mirror=http://download.fedoraproject.org/pub/epel/5/i386/
同步仓库到本地:
cobbler reposync
也可以通过设置--mirror-locally=0不下载到本地,而通过kickstart server去仓库下载rpm包。
添加计划任务,每天凌晨两点进行一次同步:
crontab -e
0 2 * * * cobbler reposync --tries=3 --no-fail
略
8、设置profile和system
profile可以理解为按角色进行分类。
cobbler profile add --name=webserver --distro=CentOS-5-i386 --repos=EPEL-5-i386 --kickstart=/var/lib/cobbler/kickstarts/webserver.ks
system是对待安装机器做具体设置,如设置主机名、IP地址、hostname等,这些设置根据MAC应用到具体机器上。
cobbler system add --name=webserver1 --ip=192.168.0.110 --mac=00:0C:29:77:89:c7 --profile=webserver --kickstart=/var/lib/cobbler/kickstarts/webserver.ks --static=1
cobbler system edit --name=webserver1 --dns-name=webserver1.grid.house.sina.com.cn --hostname=webserver1.grid.house.sina.com.cn
cobbler system edit --name=webserver1 --gateway=192.168.0.1 --subnet=255.255.255.0
cobbler system edit --name=webserver1 --interface=eth1 --static=0
可以通过访问http://192.168.0.2/cblr/svc/op/ks/system/webserver1来查看真正的kickstart配置。
9、启动待安装的服务器,开始安装。
10、重新安装
yum install koan
koan --server=192.168.0.2 --list=profiles
koan --replace-self --server=192.168.0.2 --profile=webserver
/sbin/reboot
11、设置Cobbler web界面
Cobbler web界面是一个很好的前端,非常容易管理很多Cobbler操作。可以用它列出和编辑distros, profiles, subprofiles, systems, repos and kickstart文件。
安装Cobbler web:
yum install cobbler-web
Cobbler web界面访问地址:
http://192.168.0.2/cobbler_web/
(192.168.0.2为Cobbler web server地址)
设置用户名密码:
为已存在的用户重置密码:
htdigest /etc/cobbler/users.digest "Cobbler" cobbler
添加新用户:
htdigest /etc/cobbler/users.digest "Cobbler" yourname
设置/etc/cobbler/modules如下:
[authentication]
module = authn_configfile
[authorization]
module = authz_allowall
重启Cobbler服务:
service cobblerd restart
12、Cobbler命令说明
cobbler check - 核对当前设置是否有问题
cobbler list - 列出所有的cobbler元素
cobbler report - 详细的列出个元素
cobbler sync - 同步配置到dhcp/pxe和数据目录
cobbler reposync - 同步yum仓库
13、Cobbler配置文件说明
Cobbler配置文件存放在/etc/cobbler下。/etc/cobbler/settings为主配置文件;在/etc/cobbler下你还 能看到dhcp、dns、pxe、dnsmasq的模板配置文件;/etc/cobbler/users.digest为用于web访问的用户名密码配置 文件;/etc/cobbler/modules.conf 为模块配置文件;/etc/cobbler/users.conf为Cobbler WebUI/Web service授权配置文件。
Repo数据目录/var/www/cobbler
导入的发行版,repos镜像和kickstart文件都放置在/var/www/cobbler目录下。确保/var目录有足够的空间来存储这些文件。
images/ - 存储所有导入发行版的Kernel和initrd镜像用于远程网络启动
ks_mirror/ - 存储导入的发行版
repo_mirror/ - yum repos存储目录
/var/log/cobbler用于存放日志文件/var/log/cobbler/cobbler.log
Cobbler数据目录/var/lib/cobbler,此目录存储和Cobbler profiles、systems、distros相关的配置。
configs/ - 此目录用于存储distros、repos、systems和profiles相关信息
backup/ - 备份目录
snippets/ - 用于放置一些可以在kickstarts导入的脚本小片段
triggers/ - 此目录用来放置一些可执行脚本
kickstarts/ - 此目录用来放置kickstart模板文件
略
14、与Puppet整合进行配置管理:
相关参考:https://fedorahosted.org/cobbler/wiki/UsingCobblerWithConfigMa nagementSystem
[root@puppetmaster ~]# vi /etc/puppet/puppet.conf
[main]
# 添加下面行,使puppet支持扩展节点
external_nodes = /usr/bin/cobbler-ext-nodes
node_terminus = exec
# 添加Puppet管理类basesclass,并设置dns name
[root@puppetmaster ~]# cobbler system edit --name=webserver1 --mgmt-classes="baseclass" --dns-name=webserver1.grid.house.sina.com.cn
# 确保下面命令的获得配置管理类(baseclass)及参数
[root@puppetmaster ~]# /usr/bin/cobbler-ext-nodes "webserver1.grid.house.sina.com.cn"
classes: [baseclass]
parameters: {from_cobbler: 1, tree: 'http://@@http_server@@/cblr/links/CentOS-5-i386'}
注意:上面给脚本提供的参数为你设置的dns name,不是cobbler system命令中设置的name。
kickstart参考:
[root@leju ~]# cat /var/lib/cobbler/kickstarts/webserver.ks
#platform=x86, AMD64, or Intel EM64T
# System authorization information
auth --useshadow --enablemd5
# System bootloader configuration
bootloader --location=mbr
# Partition clearing information
clearpart --all --initlabel
# Use text mode install
text
# Firewall configuration
firewall --disable
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# Use network installation
url --url=$tree
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# Network information
$SNIPPET('network_config')
# Reboot after installation
reboot
#Root password
rootpw --iscrypted $default_password_crypted
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# System timezone
timezone --utc Asia/Shanghai
# Install OS instead of upgrade
install
# Clear the Master Boot Record
zerombr
# Allow anaconda to partition the system as needed
autopart
clearpart --all --drives=sda --initlabel
part /boot --fstype ext3 --size=128
part /usr --fstype ext3 --size=4192
part / --fstype ext3 --size=2048
part /var --fstype ext3 --size=2048
part /tmp --fstype ext3 --size=2048
part swap --size=2048
part /data0 --fstype ext3 --size=100 --grow
%pre
$SNIPPET('log_ks_pre')
$kickstart_start
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%packages
@admin-tools
@base
@chinese-support
@core
@development-libs
@development-tools
@editors
@system-tools
@text-internet
OpenIPMI-tools
hardlink
kernel-PAE
kernel-PAE-devel
kernel-devel
libpng-devel
lrzsz
minicom
net-snmp-utils
pcre-devel
sysstat
x86info
puppet
$SNIPPET('func_install_if_enabled')
%post
$SNIPPET('log_ks_post')
kill_service_list='S00microcode_ctl S19rpcgssd S26hidd S11auditd S22messagebus S90xfs S12restorecond S28autofs S25bluetooth S95atd S05kudzu S25netfs S56cups S97yum-updatesd S06cpuspeed S13portmap S25pcscd S56rawdevices S98avahi-daemon S08ip6tables S14nfslock S26acpid S08iptables S15mdmonitor S26apmd S80sendmail S08mcstrans S18rpcidmapd S26haldaemon S85gpm S99smartd'
for service in $kill_service_list
do
k_service=`echo $service |sed 's/^S/K/'`
if [[ -f /etc/rc3.d/$service ]]; then
mv /etc/rc3.d/$service /etc/rc3.d/$k_service
fi
done
/sbin/chkconfig --level 345 puppet on
/usr/sbin/puppetd --test
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$kickstart_done
# End final steps
转自
扩展
Kickstart/Anaconda实现自动化安装原理探究
http://molinux.blog.51cto.com/2536040/548247
//20120420
关于 RHEL6.2/CENTOS6.2系统
由于 RHEL6.2/CENTOS6.2系统 在安装时 eth0 网卡名称变为 em1 ,所以kickstarts
需要更改,如下格式:
# Network information
network --bootproto=dhcp --device=em1 --onboot=on
PS:在vsphere 环境中请使用 ethx
//20120604
1 http://dl.fedoraproject.org/pub/epel/5/x86_64/
2 Invalid command 'WSGIScriptAliasMatch', perhaps misspelled or defined by a module not included in the server configuration
You can enable this module by editing /etc/httpd/conf.d/wsgi.conf
and un-commenting the "LoadModule wsgi_module modules/mod_wsgi.so" line.
//20120903 EPEL仓库 for rhel6
1 rhel6
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
2 kickstarts for cos5.8-i386