1. 介绍与原理
2. Cobbler自动最小化安装CentOS7概述
- Server端
1 启动Cobbler服务
2 进行Cobbler错误检查,执行cobbler check命令
3 进行配置同步,执行cobbler sync命令
4 复制相关启动文件到TFTP目录中
5 启动DHCP服务,提供地址分配
6 DHCP服务分配IP地址
7 TFTP传输启动文件
8 Server端接收安装信息
9 Server端发送ISO镜像与Kickstart文件
- Client端
1 客户端以PXE模式启动
2 客户端获取IP地址
3 通过TFTP服务器获取启动文件
4 进入Cobbler安装选择界面
5 根据配置信息准备安装系统
6 加载Kickstart文件
7 传输系统安装的其它文件
8 进行安装系统
- 基本概念
1 distros 是发行版本,即光盘镜像信息。
2 profiles 指的是 ks(kick-start) 应答文件。
3 systems 是指通过 Cobbler 安装好的物理机名称。
3. Cobbler服务器端的配置
- 设置虚拟网络(主要是关闭DHCP Server)
- 在运行Cobbler的服务器上关闭防火墙和selinux
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/'
- 在运行Cobbler的服务器上安装Cobbler
yum -y install epel-release
yum -y install cobbler cobbler-web tftp-server dhcp httpd xinetd
systemctl start httpd cobblerd
systemctl enable
安装的文件如下:
# 配置文件
rpm -qc cobbler
# 所有安装的文件
- 在运行Cobbler的服务器上配置Cobbler
# 检查服务进程是否正常启动
cobbler check
--------------回显如下----------------
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : change 'disable' to 'no' in /etc/xinetd.d/tftp
5 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
6 : enable and start rsyncd.service with systemctl
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : ksvalidator was not found, install pykickstart
9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
10 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync'
修改主配置文件:
vim /etc/cobbler/settings
-------------------修改以下内容------------------------
# if 1, cobbler will allow settings to be changed dynamically without
# a restart of the cobblerd daemon. You can only change this variable
# by manually editing the settings file, and you MUST restart cobblerd
# after changing it.
allow_dynamic_settings: 0 <-----改为 1
------------------------------------------------------
systemctl restart cobblerd
依据cobbler check命令回显中提到的9项内容进行配置:
# 1. server
cobbler setting edit --name=server --value=192.168.30.6
# 2. next_server
cobbler setting edit --name=next_server --value=192.168.30.6
# 4. tftp
# 把包含disable的行替换(c\)为 disable = no
sed -ri '/disable/c\disable = no' /etc/xinetd.d/tftp
systemctl restart xinetd
systemctl enable xinetd
# 5. boot-loaders
cobbler get-loaders
---------------开始下载-------------
downloading https://cobbler.github.io/loaders/......
等到
*** TASK COMPLETE ***
# 6. rsyncd.service
systemctl start rsyncd
systemctl enable rsyncd
# 7. debmirror 忽略
# 8. ksvalidator
yum -y install pykickstart
# 9. default password(安装系统的root初始密码)
openssl passwd -1 -salt `openssl rand -hex 4` '你的密码'
cobbler setting edit --name=default_password_crypted --value='上边命令的回显'
# 10. fencing tools (optional)
yum -y install fence-agents
# 查看配置结果
- 在运行Cobbler的服务器上配置DHCP
cobbler setting edit --name=manage_dhcp --value=1
# 修改cobbler的dhcp模块,不要直接修改dhcp本身的配置文件,因为cobbler会覆盖
vim /etc/cobbler/dhcp.template
-------------------------------------------
......
subnet 192.168.30.0 netmask 255.255.255.0 {
option routers 192.168.30.1;
#option domain-name-servers 114.114.114.114;
option domain-name-servers 114.114.114.114, 8.8.8.8;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.30.100 192.168.30.254;
......
- 同步cobbler配置
cobbler sync
# 如果成功会显示 *** TASK COMPLETE ***
4. 配置安装文件
- 在Cobbler服务器上准备操作系统安装文件
# 通过iso镜像文件(最好是准备DVD全量安装包)
mount -o loop iso/CentOS-7-x86_64-Minimal-1810.iso centos7/
mount 或 df -h 查看挂载结果
# 回显如下
/root/software/iso/CentOS-7-x86_64-Minimal-1810.iso on /root/software/centos7 type iso9660 (ro,relatime)
# 或者通过挂载光盘
mount /dev/cdrom /media/cdrom/
mount /dev/sr0 /media/cdrom/
# 导入镜像
cobbler import --path=/root/software/centos7 --name=centos7mini --arch=x86_64
----------------回显--------------------
creating new distro: centos7mini-x86_64
......
creating new profile: centos7mini-x86_64
......
成功则显示*** TASK COMPLETE ***
# 查看导入后镜像信息
cobbler distro report --name=centos7mini-x86_64
# 查看profile信息
cobbler profile report --name=centos7mini-x86_64
- 修改profile文件( ks,kick-start文件 ),进行修改。
默认ks文件:/var/lib/cobbler/kickstarts/sample_end.ks,可以修改它。当然具体配置还可以参考/root/anaconda-ks.cfg。
cd /var/lib/cobbler/kickstarts/
cp
ks文件配置参考1:
# This kickstart file should only be used with EL > 5 and/or Fedora > 7.
# For older versions please use the sample.ks kickstart file.
#platform=x86, AMD64, or Intel EM64T
# System authorization information
auth --useshadow --enablemd5
# System bootloader configuration
bootloader --location=mbr
# Partition clearing information
clearpart --all --initlabel
part /boot --fstype=xfs --size=500
part swap --fstype=swap --size=2048
part / --fstype=xfs --grow --size=5000
#LVM分区才亏考虑一下的分区
# part /boot --fstype ext4 --size=100
# part swap --fstype=swap --size=2048
# part pv26 --size=100 --grow
# volgroup VG00 --pesize=32768 pv26
# logvol / --fstype ext4 --name=LVroot --vgname=VG00 --size=29984
# logvol /data --fstype ext4 --name=LVdata --vgname=VG00 --size=100 --grow
# Use text mode install
text
# Firewall configuration
firewall --disabled
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8 --addsupport=zh_CN.UTF-8
# Use network installation
url --url=$tree
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# Network information
$SNIPPET('network_config')
# Reboot after installation
reboot
#Root password
rootpw --iscrypted $default_password_crypted
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# System timezone
timezone Asia/ShangHai
# Install OS instead of upgrade
install
# Clear the Master Boot Record
zerombr
# Allow anaconda to partition the system as needed
autopart
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
$SNIPPET('func_install_if_enabled')
# 这里的设置在安装过程中会造成停顿(要求人工确认!!)
@core
@base
tree
nmap
nmap-ncat
vim-enhanced
wget
lrzsz
lftp
net-tools
tcpdump
lsof
fuse
git
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
rm -f /etc/yum.repos.d/*
cat << EOF > /etc/yum.repos.d/centos7mini.repo
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
EOF
sed -ri "/^#UseDNS/c\UseDNS no" /etc/ssh/sshd_config
sed -ri "/^#PubkeyAuthentication/c\PubkeyAuthentication yes"
ks文件配置参考2:
# This kickstart file should only be used with EL > 5 and/or Fedora > 7.
# For older versions please use the sample.ks kickstart file.
#platform=x86, AMD64, or Intel EM64T
# System authorization information
auth --enableshadow --passalgo=sha512
# System bootloader configuration
bootloader --location=mbr
# Partition clearing information
clearpart --all --initlabel
# Use text mode install
text
# Firewall configuration
firewall --disabled
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8 --addsupport=zh_CN.UTF-8
# Use network installation
url --url=$tree
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# Network information
$SNIPPET('network_config')
# Reboot after installation
reboot
#Root password
rootpw --iscrypted $default_password_crypted
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# System timezone
timezone Asia/Shanghai
# Install OS instead of upgrade
install
# Clear the Master Boot Record
zerombr
# Allow anaconda to partition the system as needed
autopart
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
$SNIPPET('func_install_if_enabled')
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
sed -ri "/^#UseDNS/c\UseDNS no" /etc/ssh/sshd_config
sed -ri "/^#PubkeyAuthentication/c\PubkeyAuthentication yes"
ks文件配置参考3:
# Cobbler for Kickstart Configurator for CentOS 7 by bee
install
url --url=$tree
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=eth0 --onboot=yes --noipv6 --hostname=CentOS7
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $default_password_crypted
clearpart --all --initlabel
part /boot --fstype xfs --size 1024
part swap --size 1024
part / --fstype xfs --size 1 --grow
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@additional-devel
@development
@platform-devel
bash-completion
chrony
dos2unix
kexec-tools
lrzsz
sysstat
tree
vim
wget
git
可以使用命令 cobbler profile list 查看当前启动项,使用的配置文件。
- 修改关于ks及内核的参数
# 设定要使用的ks文件
cobbler profile edit --name=centos7mini-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7mini.ks
# 加上内核启动参数netifnames和biosdevname使网卡名使用“ethN”形式
cobbler profile edit --name=centos7mini-x86_64 --kopts="biosdevname=0 net.ifnames=0"
cobbler profile report --name=centos7mini-x86_64 | grep -Pi 'kernel|kickstart'
cobbler sync
- 修改安装界面菜单(需在cobbler sync之后进行修改,否则会被覆盖)
vim /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/ <----MENU TITLE之后的内容也可以修改
TIMEOUT 20 <----改这里
TOTALTIMEOUT 6000
ONTIMEOUT centos7mini-x86_64 <----改这里
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos7mini-x86_64
kernel /images/centos7mini-x86_64/vmlinuz
MENU LABEL centos7mini-x86_64
append initrd=/images/centos7mini-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.30.6/cblr/svc/op/ks/profile/centos7mini-x86_64
ipappend 2
MENU end
5. 新建虚拟机进行测试
- 在Cobbler客户端系统安装时,可以在Cobbler服务端上查看日志 tail -f /var/log/messages。
可以通过日志来确定自动安装系统的主机(MAC&IP):
Jan 19 18:20:18 node01 dhcpd: Listening on LPF/ens33/00:0c:29:a5:8e:9a/192.168.91.0/24
Jan 19 18:20:18 node01 dhcpd: Sending on LPF/ens33/00:0c:29:a5:8e:9a/192.168.91.0/24
Jan 19 18:20:18 node01 dhcpd: Sending on Socket/fallback/fallback-net
Jan 19 18:20:18 node01 systemd: Started DHCPv4 Server Daemon.
Jan 19 18:24:49 node01 dhcpd: DHCPDISCOVER from 00:0c:29:4b:b5:2c via ens33
Jan 19 18:24:50 node01 dhcpd: DHCPOFFER on 192.168.91.101 to 00:0c:29:4b:b5:2c via ens33
Jan 19 18:24:51 node01 dhcpd: DHCPREQUEST for 192.168.91.101 (192.168.91.88) from 00:0c:29:4b:b5:2c via ens33
Jan 19 18:24:51 node01 dhcpd: DHCPACK on 192.168.91.101 to 00:0c:29:4b:b5:2c via ens33
Jan 19 18:24:51 node01 xinetd[2843]: START: tftp pid=6426 from=192.168.91.101
Jan 19 18:24:51 node01 in.tftpd[6427]: Error code 0: TFTP Aborted
Jan 19 18:24:51 node01 in.tftpd[6428]: Client 192.168.91.101 finished pxelinux.0
Jan 19 18:24:51 node01 in.tftpd[6439]: Client 192.168.91.101 finished pxelinux.cfg/default
Jan 19 18:24:51 node01 in.tftpd[6444]: Client 192.168.91.101 finished menu.c32
Jan 19 18:24:51 node01 in.tftpd[6445]: Client 192.168.91.101 finished pxelinux.cfg/default
Jan 19 18:24:56 node01 in.tftpd[6448]: Client 192.168.91.101 finished /images/centos7mini-x86_64/vmlinuz
Jan 19 18:25:18 node01 in.tftpd[6450]: Client 192.168.91.101 finished /images/centos7mini-x86_64/initrd.img
Jan 19 18:25:31 node01 dhcpd: DHCPDISCOVER from 00:0c:29:4b:b5:2c via ens33
Jan 19 18:25:31 node01 dhcpd: DHCPOFFER on 192.168.91.101 to 00:0c:29:4b:b5:2c via ens33
Jan 19 18:25:31 node01 dhcpd: DHCPREQUEST for 192.168.91.101 (192.168.91.88)
或者使用命令
tail -f /var/log/messages | grep 'dhcpd: DHCPACK on'
- 也可以通过DHCP服务的记录地址分配的日志文件 /var/lib/dhcpd/dhcpd.leases 来获取分配的IP地址和MAC,从而得知自动安装了哪些主机。
命令如下
cat dhcpd.leases | egrep -v '^#|server' | awk 'BEGIN{RS="}"}{print $2,$NF}' | grep -v '^$'
或者
cat dhcpd.leases | grep -v '^#' | grep -E 'lease|hardware' | awk 'BEGIN{RS=";"}{print $2,$NF}' | grep -v '^$'
- 安装过程如下:
- 安装过程中出现“
write error: No space left on device”的解决
需要在虚拟机上给多一点内存——大于等于1.8G(安装完成后可再改回1G)。
6. Cobbler Web管理界面配置
对应的软件是cobbler-web,访问地址:https://cobbler-server-ip/cobbler_web。默认账号为cobbler,密码也为cobbler。
- 修改默认用户cobbler的密码
# Web服务授权配置文件(不用管)
/etc/cobbler/users.conf
------------------------------------
[admins]
admin = ""
cobbler = ""
------------------------------------
# 用于存储访问cobbler web的用户名和密码
/etc/cobbler/users.digest
cat /etc/cobbler/users.digest
-------------回显-------------------
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3
# 修改cobbler的密码(Cobbler域realm,cobbler用户)
htdigest /etc/cobbler/users.digest "Cobbler" cobbler
-------------回显-------------------
Adding user cobbler in realm Cobbler
New password:
Re-type new password:
# 重启httpd和cobbler
- 更改web登陆的默认Cobbler组用户及密码
# 使用默认的认证方式 authn_configfile
/etc/cobbler/modules.conf
-----------------------------------------
[authentication]
module = authn_configfile
-----------------------------------------
# 将cobbler默认登陆用户改为bee
htdigest -c /etc/cobbler/users.digest Cobbler bee
Adding password for bee in realm Cobbler.
New password:
Re-type new password:
# 修改结果
cat /etc/cobbler/users.digest
bee:Cobbler:1e844979843dc7d85a4cd121df7687c0d84
# 重启httpd和cobbler
- 新增Cobbler域(realm)用户bbc
htdigest /etc/cobbler/users.digest Cobbler bbc
Adding user bbc in realm Cobbler
New password:
Re-type new password:
cat
