原文链接:http://os.51cto.com/art/201109/288604_all.htm
2011-09-01 10:22 蚊子
运维自动化安装方面,早期一般使用人工配置pxe+dhcp+tftp配合kickstart,现在开源工具就多了,如cobbler,OpenQRM和Spacewalk。本文重点介绍Cobbler。和Kickstart不同的是,使用cobbler不会因为在局域网中启动了dhcp而导致有些机器在重启服务器后启动终止。
AD:WOT2014:用户标签系统与用户数据化运营培训专场
【51CTO独家特稿】SA们现在都知道运维自动化的重要性,尤其是对于在服务器数量按几百台、几千台增加的公司而言,单单是装系统,如果不通过自动化来完成,根本是不可想象的。
运维自动化安装方面,早期一般使用人工配置pxe+dhcp+tftp配合kickstart,现在开源工具就多了,如cobbler,OpenQRM和Spacewalk。本文重点介绍Cobbler。
Cobbler介绍
Cobbler是一个快速网络安装linux的服务,而且在经过调整也可以支持网络安装windows。该工具使用python开发,小巧轻便(才15k行代码),使用简单的命令即可完成PXE网络安装环境的配置,同时还可以管理DHCP,DNS,以及yum包镜像。
Cobbler支持命令行管理,web界面管理,还提供了API接口,可以方便二次开发使用。
和Kickstart不同的是,使用cobbler不会因为在局域网中启动了dhcp而导致有些机器因为默认从pxe启动在重启服务器后加载tftp内容导致启动终止。
常用架构如下图:
cobbler的安装部署配置
cobbler安装环境准备
对于centos本身源 ,可根据自己所在地选择离自己近的镜像源,比如mirrors.163.com或mirrors.sohu.com
1, 安装epel
rpm -Uvh 'http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm'
2, 安装dhcp服务
yum -y install dhcp
3, 其他服务的安装
额外需要的服务还有tftp,rsync,xinetd,httpd。所以如果安装系统的时候如果这几个包没装上,请手动安装。
4,关闭selinux
关闭后最好重启一下,让selinux的设置生效
cobbler安装配置
1, cobbler安装
yum -y install cobbler
2, cobbler的配置
启动cobbler
# /etc/init.d/cobblerd start
启动httpd服务
# /etc/init.d/httpd start
检查配置,执行
cobbler check
执行完后出现下面的信息
The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost,or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : you need to set some SELinux content rules to ensure cobbler works correctly in your SELinux environment, run the following: /usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && \ /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*" 4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot.The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : change 'disable' to 'no' in /etc/xinetd.d/tftp 6 : change 'disable' to 'no' in /etc/xinetd.d/rsync 7 : since iptables may be running, ensure 69, 80, and 25151 are unblocked 8 : debmirror package is not installed, it will be required to manage debian deployments and repositories 9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one Restart cobblerd and then run 'cobbler sync' to apply changes.
上面这段信息大意就是:
1,编辑/etc/cobbler/settings文件,找到 server选项,修改为适当的ip地址,本实例配置ip为:192.168.10.1
2,编辑/etc/cobbler/settings文件,找到 next_server选项,修改为适当的ip地址,本实例配置ip为:192.168.10.1
3,SELinux的设置。如果上面已经关闭了SELinux就不用管了
4,执行 cobbler get-loaders,系统将自动下载loader程序,完成提示4的修复工作。
5,编辑/etc/xinetd.d/tftp文件,将文件中的disable字段的配置由yes改为no
6,编辑/etc/xinetd.d/rsync文件,将文件中的disable字段的配置由yes改为no
7,在iptables中将69,80,25151端口打开。如果仅仅只是在内部环境中使用,建议直接将防火墙关掉
8,提示说debmirror没安装。如果不是安装 debian之类的系统,此提示可以忽略,如果需要安装,下载地址为:
http://rpmfind.net/linux/rpm2html/search.php?query=debmirror
CentOS 6使用RHEL 5的包就可以。
9,修改cobbler用户的默认密码,可以使用如下命令生成密码,并使用生成后的密码替换/etc/cobbler/settings中的密码。生成密码命令:
openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'
其中“random-phrase-here”为干扰码
所有提示全部fix之后,执行
/etc/init.d/cobblerd restart
cobbler的使用
导入安装文件
执行如下命令
cobbler import --path=rsync://mirrors.163.com/centos/6.0/os/i386/ --name=centos-6.0-i386 task started: 2011-08-12_143009_import task started (id=Media import, time=Fri Aug 12 14:30:09 2011) running: rsync -a 'rsync://10.4.8.1/centos/6.0/os/i386/' /var/www/cobbler/ks_mirror/centos-6.0-i386 --exclude-from=/etc/cobbler/rsync.exclude --progress received on stdout: receiving file list ... 4555 files to consider 中间部分省略…………………… sent 100341 bytes received 4633547466 bytes 8784166.46 bytes/sec total size is 4632564894 speedup is 1.00 received on stderr: adding distros scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature found content (breed=redhat) at /v creating new distro: centos-6.0-i386 creating new profile: centos-6.0-i386 associating repos traversing distro centos-6.0-i386 scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature found content (breed=redhat) at /v descent into /var/www/cobbler/ks_mirror/centos-6.0-i386 processing repo at : /var/www/cobbler/ks_mirror/centos-6.0-i386 need to process repo/comps: /var/www/cobbler/ks_mirror/centos-6.0-i386 looking for /var/www/cobbler/ks_mirror/centos-6.0-i386/repodata/*comps*.xml running: createrepo -c cache -s sha --groupfile /var/www/cobbler/ks_mirror/centos-6.0-i386/repodata/73a3b7e0741eba6cafa8d5404b02565060e7f2293caab10657074186c48e713b-c6-i386-comps.xml /var/www/cobbler/ks_mirror/centos-6.0-i386 1278/4519 - Packages/clutter-1.0.6-3.el6.i686.rpm iso-8859-1 encoding on Ville Skytt <[email protected]> - 2.8.2-2 4519/4519 - Packages/xorg-x11-twm-1.0.3-5.1.el6.i686.rpm Saving Primary metadata Saving file lists metadata Saving other metadata received on stderr: associating kickstarts scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature found content (breed=redhat) at /v *** TASK COMPLETE ***
从上面显示信息所知,cobbler会将镜像中的拷贝到本地一份,放在/var/www/cobbler/ks_mirrors下的centos-6.0-i386目录下。同时会创建一个名字为centos-6.0-i386的一个发布版本,以及一个名字为centos-6.0-i386的profile文件。
配置dhcp服务
首先修改cobbler配置,让cobbler来管理dhcp服务,编辑文件/etc/cobbler/settings
manage_dhcp: 1
接下来修改/etc/cobbler/dhcp.template,此文件是cobbler管理dhcp的模板
对于此文件,本例中只需要修改如下部分
subnet 192.168.10.0 netmask 255.255.255.0 { option routers 192.168.10.1; option domain-name-servers 8.8.8.8; option subnet-mask 255.255.255.0; range dynamic-bootp 192.168.10.100 192.168.10.254; filename "/pxelinux.0"; default-lease-time 21600; max-lease-time 43200; next-server $next_server; }
其余部分维持默认值即可。
到目前为止,全部的准备工作已经就算全部完成,接下来要做的就是启动服务了。在之前的调试过程中,很多服务已经启动过了,这里只需要启动xinetd服务即可:
/etc/init.d/xinetd start
同步cobbler配置
执行
# cobbler sync
会看到如下列提示:
task started: 2011-08-11_170706_sync task started (id=Sync, time=Thu Aug 11 17:07:06 2011) running pre-sync triggers cleaning trees removing: /var/www/cobbler/images/centos-6.0-i386 removing: /var/lib/tftpboot/pxelinux.cfg/default removing: /var/lib/tftpboot/grub/images removing: /var/lib/tftpboot/grub/grub-x86.efi removing: /var/lib/tftpboot/grub/efidefault removing: /var/lib/tftpboot/grub/grub-x86_64.efi removing: /var/lib/tftpboot/images/centos-6.0-i386 removing: /var/lib/tftpboot/s390x/profile_list copying bootloaders trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros copying files for distro: centos-6.0-i386 trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/centos-6.0-i386/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/centos-6.0-i386/initrd.img trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/vmlinuz -> /var/www/cobbler/images/centos-6.0-i386/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/initrd.img -> /var/www/cobbler/images/centos-6.0-i386/initrd.img copying images generating PXE configuration files rendering DHCP files generating /etc/dhcp/dhcpd.conf cleaning link caches generating PXE menu structure running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running: dhcpd -t -q received on stdout: received on stderr: running: /etc/rc.d/init.d/dhcpd restart received on stdout: Shutting down dhcpd: [ OK ] Starting dhcpd: [ OK ] received on stderr: running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE ***
cobbler会自动进行初始化工作,移除已经存在的启动项,然后根据模板拷贝loader文件。之后再生成pxe的配置文件,生成dhcp的配置文件,最后再重启dhcp服务。
至此,就可以使用虚拟机来测试cobbler安装了。
Cobbler测试安装
在启动的时候选择PXE的模式。
然后就能看到下面的图示内容。虚拟机通过dhcp获得了122段的ip,然后通过tftp获得到pxe的启动文件。
下图是cobbler的pxe安装启动菜单,这里有我们刚刚创建好的CentOS版本。
系统安装使用默认的ks文件,经过短暂的等待,系统就自动被安装好了。
安装好的系统如下图所示。
Linux系统重装测试
1,先确定当前linux系统中已经安装了koan软件。对于koan的安装可以放到ks文件中在安装系统的过程中完成安装操作。执行如下命令检查
koan-2.0.11-2.el6.noarch
2,有了koan软件后可以执行如下操作,查看cobbler上的系统版本列表
- looking for Cobbler at http://192.168.10.1/cobbler_api centos-6.0-i386 centos-6.0-i386-kvm centos6-vm centos-6.0-x86_64
这里我们选择centos-6.0-i386来重装。可以执行如下命令
- looking for Cobbler at http://192.168.10.1/cobbler_api - reading URL: http://192.168.10.1/cblr/svc/op/ks/profile/centos-6.0-i386 install_tree: http://192.168.10.1/cobbler/ks_mirror/centos-6.0-i386 downloading initrd initrd.img to /boot/initrd.img url=http://192.168.10.1/cobbler/images/centos-6.0-i386/initrd.img - reading URL: http://192.168.10.1/cobbler/images/centos-6.0-i386/initrd.img downloading kernel vmlinuz to /boot/vmlinuz url=http://192.168.10.1/cobbler/images/centos-6.0-i386/vmlinuz - reading URL: http://192.168.10.1/cobbler/images/centos-6.0-i386/vmlinuz - ['/sbin/grubby', '--add-kernel', '/boot/vmlinuz', '--initrd', '/boot/initrd.img', '--args', '"ks=http://192.168.10.1/cblr/svc/op/ks/profile/centos-6.0-i386 ksdevice=link kssendmac lang= text "', '--copy-default', '--make-default', '--title=kick1313675750'] - reboot to apply changes
红色部分是手工输入的,从其他部分信息可以看到,koan帮我们做了很多本该人工操作的内容。
接下来看下重启的过程:
由此看到,系统已经进入重装的状态了。
安装使用心得
以上所有内容虽然是在kvm虚拟机上测试的,但完全可以直接使用于生产环境中,不会给现有环境带来任何影响。唯一需要做的就是规划好现有网络。
对于很多人担心的生成环境开启DHCP服务问题,我认为不会对现有生产环境产生任何影响,理由有二:
1, 没有人会在装好系统后让网卡使用dhcp模式,通常都是为网卡配置静态ip
2, 从测试过程中看到,就算是服务器默认设置成了通过pxe启动,而且也顺利的通过pxe启动了,但之后会收到cobbler的引导菜单。如果默认没有任何选择的话,20秒后会使用local方式加载,也就是启动硬盘上的系统。
综上所述,cobbler还是很安全的。