测试环境:CentOS 6.4 64位
Cobbler是一个系统启动服务(boot server),可以通过网络启动(PXE) 的方式用来快速安装、重装物理服务器和虚拟机,支持安装不同的Linux发行版和Windows。
Cobbler是个轻量级Python程序,总共大概1.5万行代码,还可以用来管理DHCP、DNS、yum源等,Cobbler使用命令行方式管理,也提供了基于Web的界面管理工具(cobbler-web),不过命令行方式已经很方便了,实在没有必要为了web界面再添加一个web服务器。
Cobbler不在CentOS的基本源中,需要导入epel源升级软件包。当前最新版本是6-8
安装epel源
[root@centos Downloads]# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@centos Downloads]# rpm -ivh epel-release-6-8.noarch.rpm
安装epel源的好处:
epel这个项目是由fedora维护的,这个源中包含很多开源软件,如nagios cacti之类的,即可以直接用yum install nagios来安装了,不过这个针对RHEL及其衍生发行版(如CentOS、Fedora)系统,Ubuntu这类的应该不行。
安装Cobbler及一些必要软件
[root@centos Downloads]# yum -y install cobbler httpd rsync tftp-server xinetd dhcp python-ctypes pykickstart cman
设置开机启动
[root@centos Downloads]# chkconfig httpd on [root@centos Downloads]# chkconfig cobblerd on [root@centos Downloads]# chkconfig dhcpd on [root@centos Downloads]# chkconfig xinetd on
关闭SELinux和iptables
# vim /etc/sysconfig/selinux
SELINUX=enforcing更改为SELINUX=disabled
关闭防火墙
service iptables stop
服务控制脚本:
[root@centos Downloads]# vim cobbler_all.sh #!/bin/bash case $1 in start) /etc/init.d/httpd start /etc/init.d/xinetd start /etc/init.d/dhcpd start /etc/init.d/cobblerd start ;; stop) /etc/init.d/httpd stop /etc/init.d/xinetd stop /etc/init.d/dhcpd stop /etc/init.d/cobblerd stop ;; status) /etc/init.d/httpd status /etc/init.d/xinetd status /etc/init.d/dhcpd status /etc/init.d/cobblerd status ;; sync) cobbler sync ;; *) echo "Usage:./cobbler_all start|stop|status|sync" exit 1 ;; esac
[root@centos Downloads]# chmod a+x cobbler_all.sh [root@centos Downloads]# cp cobbler_all.sh /etc/init.d/cobbler_all
接下来用service来管理httpd、xinetd、dhcpd、cobblerd服务
[root@centos Downloads]# service cobbler_all status httpd (pid 2034) is running... xinetd (pid 1887) is running... dhcpd (pid 4966) is running... cobblerd (pid 2228) is running...
编辑vim /etc/cobbler/settings
[root@server1 ~]# vim /etc/cobbler/settings next_server: 127.0.0.1 修改为:next_server: 192.168.0.45(是cobbler服务器的地址) server: 127.0.0.1 修改为: server: 192.168.0.45(是cobbler服务器的地址) manage_dhcp: 0 修改为 manage_dhcp: 1 (1意思就是由cobbler自动管理dhcpd) manage_rsync: 0 修改为 manage_rsync: 1 (1意思就是由cobbler自动管理rsync)
编辑/etc/xinetd.d/tftp
修改disable = no
编辑/etc/xinetd.d/rsync
修改disable = no
编辑/etc/cobbler/dhcp.template(修改DHCP模板,确保DHCP分配的地址和Cobbler在同一网段)
ddns-update-style interim; allow booting; allow bootp; ignore client-updates; set vendorclass = option vendor-class-identifier; option pxe-system-type code 93 = unsigned integer 16; #修改为自己网段 subnet 192.168.246.0 netmask 255.255.255.0 { #修改为自己的路由 默认网关 option routers 192.168.246.254; #DNS域名服务器地址 option domain-name-servers 218.85.157.99, 218.85.152.99 ; #子网掩码 option subnet-mask 255.255.255.0; #分配IP地址范围 range dynamic-bootp 192.168.246.1 192.168.246.250; default-lease-time 21600; max-lease-time 43200; next-server $next_server; filename "/pxelinux.0"; }
启动httpd、xinetd、cobblerd、dhcpd服务(tftp、rsync服务由xinetd管理)
[root@centos Downloads]# service cobbler_all start Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 218.85.148.250 for ServerName [ OK ] Starting xinetd: [ OK ] Starting dhcpd: [ OK ] Starting cobbler daemon: [ OK ]
这里发现启动httpd服务的时候有个错误,
解决:
[root@centos Downloads]# vim /etc/httpd/conf/httpd.conf #在文件末尾添加 ServerName 218.85.148.250
重启httpd、xinetd、cobblerd、dhcpd服务
[root@centos Downloads]# service cobbler_all stop Stopping httpd: [ OK ] Stopping xinetd: [ OK ] Shutting down dhcpd: [ OK ] Stopping cobbler daemon: [ OK ] [root@centos Downloads]# service cobbler_all start Starting httpd: [ OK ] Starting xinetd: [ OK ] Starting dhcpd: [ OK ] Starting cobbler daemon: [ OK ] #发现都没错误了
加载部分缺失的网络boot-loaders
[root@server1 ~]# cobbler get-loaders task started: 2012-12-09_055900_get_loaders task started (id=Download Bootloader Content, time=Sun Dec 9 05:59:00 2012) downloading http://dgoodwin.fedorapeople.org/loaders/READMEto /var/lib/cobbler/loaders/README downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux downloading http://dgoodwin.fedorapeople.org/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi downloading http://dgoodwin.fedorapeople.org/loaders/yaboot-1.3.14-12 to /var/lib/cobbler/loaders/yaboot downloading http://dgoodwin.fedorapeople.org/loaders/pxelinux.0-3.61 to /var/lib/cobbler/loaders/pxelinux.0 downloading http://dgoodwin.fedorapeople.org/loaders/menu.c32-3.61 to /var/lib/cobbler/loaders/menu.c32 downloading http://dgoodwin.fedorapeople.org/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi downloading http://dgoodwin.fedorapeople.org/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi *** TASK COMPLETE *** <-看到这就代表成功完成
如果要部署Debian/ubuntu系统需要debmirror软件包
安装 debmirror-20090807-1.el5.noarch.rpm 前需要先安装依赖包,否则直接rpm debmirror的话会报依赖错误
yum -y install ed patch perl perl-Compress-Zlib perl-Cwd perl-Digest-MD5 \
perl-Digest-SHA1 perl-LockFile-Simple perl-libwww-perl
wget ftp://fr2.rpmfind.net/linux/epel/5/ppc/debmirror-20090807-1.el5.noarch.rpm
rpm -ivh debmirror-20090807-1.el5.noarch.rpm
修改/etc/debmirror.conf配置文件,注释掉@dists和@arches两行
... #@dists="sid"; @sections="main,main/debian-installer,contrib,non-free"; #@arches="i386"; ...
修改cobbler的默认密码(也就是安装的系统的root密码)
用 openssl 生成一串密码后加入到 cobbler 的配置文件(/etc/cobbler/settings)里,替换 default_password_crypted 字段:
[root@server1 ~]# openssl passwd -1 -salt 'thinkpad' '123456' $1$thinkpad$NIq68XbeN51UgdtXiSOAE.
# thinkpad 这个是随机的数字或字母用来干扰以免被人看到 123456为root密码
然后再次编辑/etc/cobbler/settings,把以上生成的密码替换原有的密码(下面红色部分) default_password_crypted: "$1$thinkpad$NIq68XbeN51UgdtXiSOAE."
服务重启
[root@centos Downloads]# service cobbler_all stop Stopping httpd: [ OK ] Stopping xinetd: [ OK ] Shutting down dhcpd: [ OK ] Stopping cobbler daemon: [ OK ] [root@centos Downloads]# service cobbler_all start Starting httpd: [ OK ] Starting xinetd: [ OK ] Starting dhcpd: [ OK ] Starting cobbler daemon: [ OK ]
检查Cobbler安装环境
# cobbler check
No configuration problems found. All systems go.
注意,一定要修复完全部的configuration problems,否则tftp会出现连接超时,cobbler无法通过PXE进行系统批量安装的操作。
文件同步
# cobbler sync
导入镜像文件
镜像文件会存在/var/www/cobbler/ks_mirror/ 这个目录下
mkdir -p /mnt/centos6.4 mount -o loop /root/CentOS-6.3-x86_64-bin-DVD1.iso /mnt/centos6.4
然后导入 cobbler import --path=/mnt/centos6.4 --name=centos6.4 此时耗时会比较长,会输出一大片信息,其中最后有个"*** TASK COMPLETE ***",那就说明ok了
# cobbler sync
[root@centos Downloads]# cobbler list distros: centos6.4-x86_64 profiles: centos6.4-x86_64 systems: repos: images: mgmtclasses: packages: files:
注:用cobbler安装操作系统时,cobbler真正执行的kickstart文件其实不是 /var/lib/cobbler/kickstarts/default.ks,而是 /var/lib/cobbler/kickstarts/sample.ks,当然,这是在默认没有手动指定profile的情况下。
为导入的CentOS 6.4镜像文件使用新的配置文件
[root@centos Downloads]# cobbler profile edit --name=centos6.4-x86_64 --distro=centos6.4-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos6.4-x86_64.ks
name:profiles的名称 distro:distros的名称
[root@centos Downloads]# cobbler list distros: centos6.4-x86_64 profiles: centos6.4-x86_64 systems: repos: images: mgmtclasses: packages: files:
/var/lib/cobbler/kickstart/centos6.4-x86_64.ks内容如下:
#platform=x86, AMD64, or Intel EM64T # System authorization information auth --useshadow --enablemd5 # System bootloader configuration bootloader --location=mbr # Partition clearing information clearpart --all --initlabel # Use text mode install text # Firewall configuration firewall --disable # Run the Setup Agent on first boot firstboot --disable # System keyboard keyboard us # System language lang zh_CN.UTF-8 # Use network installation url --url=$tree # If any cobbler repo definitions were referenced in the kickstart profile, include them here. $yum_repo_stanza # Network information $SNIPPET('network_config') # Reboot after installation reboot #Root password rootpw --iscrypted $default_password_crypted # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # System timezone timezone Asia/Shanghai # Install OS instead of upgrade install # Clear the Master Boot Record zerombr # Allow anaconda to partition the system as needed # autopart #NO LVM 这里的分区没有配置LVM part /boot --bytes-per-inode=4096 --fstype="ext3" --size=200 part swap --bytes-per-inode=4096 --fstype="swap" --size=800 part / --bytes-per-inode=4096 --fstype="ext3" --size=5000 part /data --bytes-per-inode=4096 --fstype="ext3" --grow --size=1 #LVM Setting 这的分区有配置LVM #part /boot --bytes-per-inode=4096 --fstype="ext3" --size=200 #part swap --bytes-per-inode=4096 --fstype="swap" --size=800 #part pv.01 --size=1 --grow #volgroup myvg pv.01 #logvol / --vgname=myvg --size=5000 --name=rootvol --bytes-per-inode=4096 --fstype="ext3" #logvol /data --vgname=myvg --size=1 --grow --name=datavol --bytes-per-inode=4096 --fstype="ext3" # network configure network --bootproto=dhcp --device=eth0 --noipv6 --onboot=on --hostname=test.com # network --bootproto=static --device=eth1 --ip=192.168.1.2 --netmask=255.255.255.0 --gateway=192.168.1.1 --noipv6 --onboot=on %pre $SNIPPET('log_ks_pre') $SNIPPET('kickstart_start') $SNIPPET('pre_install_network_config') # Enable installation monitoring $SNIPPET('pre_anamon') %packages #$SNIPPET('func_install_if_enabled') #$SNIPPET('puppet_install_if_enabled') @base @editors @development-libs @development-tools @x-software-development @system-tools @text-internet @chinese-support imake expect %post $SNIPPET('log_ks_post') # Start yum configuration $yum_config_stanza # End yum configuration $SNIPPET('post_install_kernel_options') $SNIPPET('post_install_network_config') $SNIPPET('func_register_if_enabled') $SNIPPET('puppet_register_if_enabled') $SNIPPET('download_config_files') $SNIPPET('koan_environment') $SNIPPET('redhat_register') $SNIPPET('cobbler_register') # Enable post-install boot notification $SNIPPET('post_anamon') # Start final steps $SNIPPET('kickstart_done') # End final steps %post echo "ulimit -SHn 102400" >> /etc/rc.local sed -i 's/HISTSIZE\=1000/HISTSIZE\=50/' /etc/profile sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/" /etc/inittab sed -i '48,50 s/^/#/' /etc/inittab /sbin/init q sed -i "8 s/^/alias vi='vim'/" /root/.bashrc cat >> /root/.vimrc << EOF syntax on set number set autoindent set shiftwidth=4 set encoding=utf-8 fileencodings=ucs-bom,utf-8,cp936 EOF sed -i -e '74 s/^/#/' -i -e '76 s/^/#/' /etc/ssh/sshd_config sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config sed -i -e '44 s/^/#/' -i -e '48 s/^/#/' /etc/ssh/sshd_config for i in `ls /etc/rc3.d/S*` do CURSRV=`echo $i|cut -c 15-` echo $CURSRV case $CURSRV in crond | irqbalance | microcode_ctl | network | random | sshd | syslog | local ) echo "Base services, Skip!" ;; *) echo "change $CURSRV to off" chkconfig --level 235 $CURSRV off service $CURSRV stop ;; esac done true > /etc/sysctl.conf cat >> /etc/sysctl.conf << EOF kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 1024 65535 EOF /sbin/sysctl -p
部署测试
设置客户端的BIOS启动项,改为从网卡启动,即PXE。
接下来就让它自己安装。
安装完毕后,登录客户端,查看安装日志。
[root@localhost ~]# cat cobbler.ks | grep -v "#" | sed '/^$/d' auth --useshadow --enablemd5 bootloader --location=mbr clearpart --all --initlabel text firewall --enabled firstboot --disable keyboard us lang en_US url --url=http://192.168.246.22/cblr/links/centos6.4-x86_64 network --bootproto=dhcp --device=eth0 --onboot=on reboot rootpw --iscrypted $1$random-p$vIgDAuXog7BZbQi9H2JCA1 selinux --disabled skipx timezone America/New_York install zerombr autopart %pre set -x -v exec 1>/tmp/ks-pre.log 2>&1 while : ; do sleep 10 if [ -d /mnt/sysimage/root ]; then cp /tmp/ks-pre.log /mnt/sysimage/root/ logger "Copied %pre section log to system" break fi done & wget "http://192.168.246.22/cblr/svc/op/trig/mode/pre/profile/centos6.4-x86_64" -O /dev/null %end %packages %end %post set -x -v exec 1>/root/ks-post.log 2>&1 wget "http://192.168.246.22/cblr/svc/op/yum/profile/centos6.4-x86_64" --output-document=/etc/yum.repos.d/cobbler-config.repo echo "export COBBLER_SERVER=192.168.246.22" > /etc/profile.d/cobbler.sh echo "setenv COBBLER_SERVER 192.168.246.22" > /etc/profile.d/cobbler.csh wget "http://192.168.246.22/cblr/svc/op/ks/profile/centos6.4-x86_64" -O /root/cobbler.ks wget "http://192.168.246.22/cblr/svc/op/trig/mode/post/profile/centos6.4-x86_64" -O /dev/null %end
常见错误:
较验cobbler check出错 Traceback (most recent call last): File "/usr/bin/cobbler", line 35, in ? sys.exit(app.main()) File "/usr/lib/python2.4/site-packages/cobbler/cli.py", line 558, in main rc = cli.run(sys.argv) File "/usr/lib/python2.4/site-packages/cobbler/cli.py", line 202, in run self.token = self.remote.login("", self.shared_secret) File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request verbose=self.__verbose File "/usr/lib64/python2.4/xmlrpclib.py", line 1147, in request return self._parse_response(h.getfile(), sock) File "/usr/lib64/python2.4/xmlrpclib.py", line 1286, in _parse_response return u.close() File "/usr/lib64/python2.4/xmlrpclib.py", line 744, in close raise Fault(**self._stack[0]) xmlrpclib.Fault: <Fault 1: "cobbler.cexceptions.CX:'login failed'">
个人测试的环境中已经有一台DHCP服务器,导致在客户端安装的时候TFTP一直连接不上
解决:
先停止同一网段内的其它DHCP服务
解决方法:
service cobblerd restart
cobbler get-loaders
参考文献:
http://my.oschina.net/alanlqc/blog/14704
http://linux5588.blog.51cto.com/65280/1085345
http://inbank2012.blog.51cto.com/6302802/12555