2. 程式人生 > 實用技巧 >20.第15章 運維自動化之系統部署

20.第15章 運維自動化之系統部署

阿新 發佈:2020-12-30

一.kickstart檔案製作過程

[root@centos7 isolinux]# system-config-kickstart
-bash: system-config-kickstart: command not found
[root@centos7 isolinux]# yum -y install system-config-kickstart

[root@centos7 isolinux]# system-config-kickstart
Could not open display because no X server is running.
Try running 'system-config-kickstart --help' for a list of options.

開啟Xmanager – Passive檔案
[root@centos7 isolinux]# export DISPLAY=10.0.0.1:0.0
[root@centos7 isolinux]# system-config-kickstart
/usr/share/system-config-kickstart/kickstartGui.py:104: GtkWarning: GtkSpinButton: setting an adjustment with non-zero page size is deprecated
  xml = gtk.glade.XML ("/usr/share/system-config-kickstart/system-config-kickstart.glade", domain="system-config-kickstart")
Loaded plugins: fastestmirror

 

[root@centos7 ~]# yum -y install httpd;systemctl enable --now httpd
[root@centos7 ~]# mkdir -pv /var/www/html/centos/{6,7,8}
mkdir: created directory ‘/var/www/html/centos’
mkdir: created directory ‘/var/www/html/centos/6’
mkdir: created directory ‘/var/www/html/centos/7’
mkdir: created directory ‘/var/www/html/centos/8’

[root@centos7 ~]# mount /dev/sr0 /var/www/html/centos/7
mount: /dev/sr0 is write-protected, mounting read-only

http://10.0.0.7/centos/7/

net.ifnames=0,系統安裝後網絡卡是eth0、eth1網絡卡名


網路設定


驗證方法


SElinux和防火牆


顯示


軟體包安裝,這裡不能選

[root@centos7 isolinux]# cd /etc/yum.repos.d/
[root@centos7 yum.repos.d]# vim base.repo 
把[base]改成[development]  
:wq

[root@centos7 yum.repos.d]# system-config-kickstart


現在就可以選擇軟體包了


安裝前指令碼

root@centos7 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Eg2jx10UZw1uyQcTcNaKaitaryyynwLRh1l32KZyxY4 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|      o+ .=oX=   |
|    .oo=*. B +o  |
| . +..+Bo  .=..  |
|. + o.E.. ....   |
| . . o. S.       |
|.      .o        |
| .    .. .       |
|  o .+...        |
|  .=+ooo.        |
+----[SHA256]-----+

[root@centos7 ~]# cd .ssh
[root@centos7 .ssh]# ls
id_rsa  id_rsa.pub
[root@centos7 .ssh]# ssh-copy-id 127.0.0.1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:zb/8mo/ptS0h8eHVY1FDRuvh6aQj1opzpsD7khnYjSo.
ECDSA key fingerprint is MD5:f1:ee:83:81:26:e8:ed:a5:39:d5:fd:41:bc:a8:23:38.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '127.0.0.1'"
and check to make sure that only the key(s) you wanted were added.
[root@centos7 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

[root@centos7 .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnsdSfIrGqy9pyJmiuRPRZYF834zr2TcSneCfcysCqiiNet19z4CS6ynbTY5RX7qD7dBOJhNUjTT7xB8xel6CTUfTL6Dw+gqpbVBNggU7sxyvePTsRVSU95uHcClO/Nq0EXV3T+0KAEZ0KVYWJHfzLihn5YML4xXwcLGAAFHt/lHUBX7IjUmwHMHk+fxD0g6+HkWhHB84HOPPSs3ZANiMdvU6SZHZM1kMt+53BXrdKFZiP/PZUIvDcRV2Ilk5uuYzJMyeuAXcFuUJZKQupMdwi6c4jyryy8NMavMJFMm0uAF3bhNzYvdXwZ5ENGEpTU8ZqtGMl6Z02cRi5RIWfUlFn [email protected]
[root@centos7 .ssh]# pwd
/root/.ssh
[root@centos7 .ssh]# cd
[root@centos7 ~]# ll -hd .ssh
drwx------ 2 root root 80 Dec 30 14:36 .ssh


安裝後腳本

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --plaintext 123456
# System language
lang en_US
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --disabled


# Firewall configuration
firewall --disabled
# Network information
network  --bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="http://10.0.0.7/centos/7"
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part / --fstype="ext4" --size=102400
part /boot --fstype="ext4" --size=1024
part /data --fstype="ext4" --size=51200
part swap --fstype="swap" --size=2048

%post
mkdir -m 700 /root/.ssh
cat > /root/.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnsdSfIrGqy9pyJmiuRPRZYF834zr2TcSneCfcysCqiiNet19z4CS6ynbTY5RX7qD7dBOJhNUjTT7xB8xel6CTUfTL6Dw+gqpbVBNggU7sxyvePTsRVSU95uHcClO/Nq0EXV3T+0KAEZ0KVYWJHfzLihn5YML4xXwcLGAAFHt/lHUBX7IjUmwHMHk+fxD0g6+HkWhHB84HOPPSs3ZANiMdvU6SZHZM1kMt+53BXrdKFZiP/PZUIvDcRV2Ilk5uuYzJMyeuAXcFuUJZKQupMdwi6c4jyryy8NMavMJFMm0uAF3bhNzYvdXwZ5ENGEpTU8ZqtGMl6Z02cRi5RIWfUlFn [email protected]
EOF
chmod 600 /root/.ssh/authorized_keys
%end

%packages
vim
wget
curl
%end

[root@centos7 ~]# ksvalidator ks7.cfg
#檢查語法格式

二.在CentOS 8上實現PXE自動化安裝CentOS 6,7,8

1.安裝前準備

關閉防火牆和SELinux,伺服器設定靜態IP地址

網路要求:關閉vmware軟體中的DHCP服務,基於NAT模式

注意:使用1G以下記憶體的主機安裝centos7,8會提示空間不足,建議2G以上記憶體

2.安裝相關軟體包並啟動

[root@centos8 ~]# dnf -y install dhcp-server tftp-server httpd syslinux-nonlinux
[root@centos8 ~]# systemctl enable --now httpd tftp dhcpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
Created symlink /etc/systemd/system/sockets.target.wants/tftp.socket → /usr/lib/systemd/system/tftp.socket.
Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service.
Job for dhcpd.service failed because the control process exited with error code.
See "systemctl status dhcpd.service" and "journalctl -xe" for details.
#dhcp服務不能啟動,因為沒有設定dhcp配置檔案

3.配置DHCP服務

[root@centos8 ~]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf 
cp: overwrite '/etc/dhcp/dhcpd.conf'? y
[root@centos8 ~]# vim /etc/dhcp/dhcpd.conf
option domain-name "example.org";         #設定域名,這裡可以不設定                                             
option domain-name-servers 180.76.76.76, 223.6.6.6;		#設定DNS
default-lease-time 86400;		#設定DHCP租期
max-lease-time 100000;			#設定最大DHCP租期
subnet 10.0.0.0 netmask 255.255.255.0 {    #DHCP獲取網路段
  range 10.0.0.100 10.0.0.200;	#DHCP獲取地址範圍
  option routers 10.0.0.2;		#閘道器
  next-server 10.0.0.8;			#tftp 服務地址
  filename "pxelinux.0";		#pxe獲取檔名
}
:wq
[root@centos8 ~]# systemctl enable --now dhcpd

4.準備yum源和相關目錄

[root@centos8 ~]# mkdir -pv /var/www/html/centos/{6,7,8}/os/x86_64
mkdir: created directory '/var/www/html/centos'
mkdir: created directory '/var/www/html/centos/6'
mkdir: created directory '/var/www/html/centos/6/os'
mkdir: created directory '/var/www/html/centos/6/os/x86_64'
mkdir: created directory '/var/www/html/centos/7'
mkdir: created directory '/var/www/html/centos/7/os'
mkdir: created directory '/var/www/html/centos/7/os/x86_64'
mkdir: created directory '/var/www/html/centos/8'
mkdir: created directory '/var/www/html/centos/8/os'
mkdir: created directory '/var/www/html/centos/8/os/x86_64'
[root@centos8 ~]# lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda      8:0    0  200G  0 disk 
├─sda1   8:1    0    1G  0 part /boot
├─sda2   8:2    0  100G  0 part /
├─sda3   8:3    0   50G  0 part /data
├─sda4   8:4    0    1K  0 part 
└─sda5   8:5    0    2G  0 part [SWAP]
sr0     11:0    1  3.7G  0 rom  
sr1     11:1    1  9.5G  0 rom  
sr2     11:2    1  8.6G  0 rom  
[root@centos8 ~]# mount /dev/sr0 /var/www/html/centos/6/os/x86_64/
mount: /var/www/html/centos/6/os/x86_64: WARNING: device write-protected, mounted read-only.
[root@centos8 ~]# mount /dev/sr1 /var/www/html/centos/7/os/x86_64/
mount: /var/www/html/centos/7/os/x86_64: WARNING: device write-protected, mounted read-only.
[root@centos8 ~]# mount /dev/sr2 /var/www/html/centos/8/os/x86_64/
mount: /var/www/html/centos/8/os/x86_64: WARNING: device write-protected, mounted read-only.

http://10.0.0.8/centos/6/os/x86_64/

5.準備kickstart檔案

[root@centos8 ~]# mkdir /var/www/html/ks
[root@centos8 ~]# rz
#把事先準備好的kickstart檔案傳到系統
[root@centos8 ~]# ls
anaconda-ks.cfg  centos6.cfg  centos7.cfg  centos8.cfg
[root@centos8 ~]# mv centos* /var/www/html/ks/
[root@centos8 ~]# ls /var/www/html/ks/
centos6.cfg  centos7.cfg  centos8.cfg

[root@centos8 ~]# cat /var/www/html/ks/centos6.cfg 
install
text
reboot
url --url=http://10.0.0.8/centos/6/os/x86_64/
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp  --noipv6
rootpw --plaintext 123456
firewall --disabled
authconfig --enableshadow --passalgo=sha512
selinux --disabled
timezone Asia/Shanghai
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
zerombr
clearpart --all --initlabel
part /boot --fstype=ext4 --size=1024
part / --fstype=ext4 --size=50000
part /data --fstype=ext4 --size=30000
part swap --size=2048
%packages
@core
@server-policy
@workstation-policy
autofs
vim-enhanced
%end
%post
useradd neteagle 
echo 123456 | passwd --stdin neteagle &> /dev/null
mkdir  /etc/yum.repos.d/backup
mv /etc/yum.repos.d/* /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
name=base
baseurl=file:///misc/cd
gpgcheck=0
EOF
%end



[root@centos8 ~]# cat /var/www/html/ks/centos7.cfg 
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --plaintext 123456
# System language
lang en_US
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --disabled


# Firewall configuration
firewall --disabled
# Network information
network  --bootproto=static --device=eth0 --ip=10.0.0.123 --netmask=255.255.255.0
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="http://10.0.0.8/centos/7/os/x86_64"
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Partition clearing information
clearpart --all
# Disk partitioning information
part / --fstype="xfs" --size=100000

%post
useradd neteagle
echo 123456 |passwd --stdin neteagle
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
        http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
EOF
%end

%packages
vim
wget
lrzsz
tree
curl
%end


[root@centos8 ~]# cat /var/www/html/ks/centos8.cfg 
ignoredisk --only-use=sda
zerombr
text
reboot
clearpart --all --initlabel
selinux --disabled
firewall --disabled
url --url=http://10.0.0.8/centos/8/os/x86_64/
keyboard --vckeymap=us --xlayouts='us'
lang en_US.UTF-8
network  --bootproto=dhcp --device=ens160 --ipv6=auto --activate
network  --hostname=centos8.magedu.com
rootpw --plaintext 123456
firstboot --enable
skipx
services --disabled="chronyd"
timezone Asia/Shanghai --isUtc --nontp
user --name=wang --password=6oUfb/02CWfLb5l8f$sgEZeR7c7DpqfpmFDH6huSmDbW1XQNR4qKl2EPns.gOXqlnAIgv9pTogtFVaDtEpMOC.SWXKYqxfVtd9MCwxb1 --iscrypted --gecos="wang"
part / --fstype="xfs" --ondisk=sda --size=102400
part /data --fstype="xfs" --ondisk=sda --size=51200
part swap --fstype="swap" --ondisk=sda --size=2048
part /boot --fstype="ext4" --ondisk=sda --size=1024
%packages
@^minimal-environment
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

%post
useradd neteagle
echo 123456 | passwd --stdin neteagle &> /dev/null
%end

6.準備PXE啟動相關檔案

[root@centos8 ~]# mkdir /var/lib/tftpboot/centos{6,7,8}

#準備centos 6,7,8各自的核心相關檔案
[root@centos8 ~]# cp /var/www/html/centos/6/os/x86_64/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/centos6/
[root@centos8 ~]# cp /var/www/html/centos/7/os/x86_64/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/centos7/
[root@centos8 ~]# cp /var/www/html/centos/8/os/x86_64/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/centos8/
[root@centos8 ~]# cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot/

#以下三個檔案是CentOS 8安裝所必須檔案,CentOS 6,7則不需要
[root@centos8 ~]# cp /var/www/html/centos/8/os/x86_64/isolinux/{ldlinux.c32,libcom32.c32,libutil.c32} /var/lib/tftpboot/

#生成安裝選單檔案
[root@centos8 ~]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@centos8 ~]# cp /var/www/html/centos/8/os/x86_64/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default

#最終目錄結構如下
[root@centos8 ~]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── centos6
│ ├── initrd.img
│ └── vmlinuz
├── centos7
│ ├── initrd.img
│ └── vmlinuz
├── centos8
│ ├── initrd.img
│ └── vmlinuz
├── ldlinux.c32
├── libcom32.c32
├── libutil.c32
├── menu.c32
├── pxelinux.0
└── pxelinux.cfg
    └── default

4 directories, 12 files

7.準備啟動選單檔案

[root@centos8 ~]# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 600

menu title CentOS Linux

label linux8
  menu label Auto Install CentOS Linux ^8
  kernel centos8/vmlinuz
  append initrd=centos8/initrd.img ks=http://10.0.0.8/ks/centos8.cfg

label linux7
  menu label Auto Install CentOS Linux ^7
  kernel centos7/vmlinuz
  append initrd=centos7/initrd.img ks=http://10.0.0.8/ks/centos7.cfg

label linux6
  menu label Auto Install CentOS Linux ^6
  kernel centos6/vmlinuz
  append initrd=centos6/initrd.img ks=http://10.0.0.8/ks/centos6.cfg

label manual
  menu label ^Manual Install CentOS Linux 8.3
  kernel centos8/vmlinuz
  append initrd=centos8/initrd.img inst.repo=http://10.0.0.8/centos/8/os/x86_64/

label rescue
  menu label ^Rescue a CentOS Linux system 8
  kernel centos8/vmlinuz
  append initrd=centos8/initrd.img inst.repo=http://10.0.0.8/centos/8/os/x86_64/ rescue

label local
  menu label Boot from ^local drive
  localboot 0xffff
menu end
:wq!  #需要強制儲存

8.測試客戶機基於PXE實現自動化安裝

新準備一臺虛擬機器,設定網絡卡引導,可看到啟動選單,並實現自動安裝

自動安裝CentOS8


正在安裝


安裝完成,並啟動


正常登入

自動安裝CentOS7

自動安裝CentOS6

相關推薦

20.15 自動化系統部署

一.kickstart檔案製作過程 [root@centos7 isolinux]# system-config-kickstart -bash: system-config-kickstart: command not found

自動化ANSIBLE

自動化ANSIBLE 本內容 自動化發展歷程及技術應用 Ansible命令使用 Ansible常用模組詳解

自動化釋出系統

2019獨角獸企業重金招聘Python工程師標準>>> 遊戲的版本釋出是運維日常工作中的主要部門,而且這工作頻繁、重複、重複的進行著,運維必須採用一些自動化運維手段來處理版本更新發布;實現自動

自動化工具ansible

一、什麼樣的情形需要批量部署1、作業系統的安裝常見的有collber,red hat satelite(redhat)系統專用。2、作業系統的配置常見的有cfengine,puppet,chef,func。其中puppet最受歡迎3、批量程式的部署4、批量命

自動化工具Puppet基礎入門

  一、簡介   puppet是什麼?它能做什麼?   puppet是一個IT基礎設施自動化運維工具,它能夠幫助系統管理員管理基礎設施的整個生命週期;比如,安裝服務,提供配置檔案,啟動服務等等一系列操作;基於puppet,

自動化工具Puppet常用資源(二)

  前文我們瞭解了部分puppet的資源的使用,以及資源和資源的依賴關係的定義,回顧請參考https://www.cnblogs.com/qiuhom-1874/p/14071459.html;今天我們繼續puppet常用資源的使用相關話題;

自動化工具Puppet master/agent模型、站點清單和puppet多環境設定

  前文我們瞭解了puppe中模組的使用,回顧請參考https://www.cnblogs.com/qiuhom-1874/p/14086315.html;今天我來了解下puppet的master/agent模型以及站點清單的相關話題;

3版emWin教程】15 emWin6.x的2D圖形庫繪製點陣圖

教程不斷更新中:http://www.armbbs.cn/forum.php?mod=viewthread&tid=98429 15 emWin6.x的2D圖形庫繪製點陣圖

轉型路 —手工到無人值守的自動化,從根本實現降本增效

伴隨資訊科技的發展而生,經歷了從手工管理到工具化,發展至平臺化,最終實現自動化、智慧化的四個階段。

Spring Cloud微服務神器Consul Template?

Spring Cloud微服務架構淺析 這篇文章中要和大家分享下的就是在Spring Cloud微服務架構模式中被小哥用的很爽的一個工具Consul Template?

【STM32F407開發板使用者手冊】15 STM32F407的GPIO基礎知識(重要)

最新教程下載:http://www.armbbs.cn/forum.php?mod=viewthread&tid=93255 15 STM32F407的GPIO基礎知識(重要)

【STM32F407開發板使用者手冊】15 STM32F429的GPIO基礎知識(重要)

最新教程下載:http://www.armbbs.cn/forum.php?mod=viewthread&tid=93255 15 STM32F429的GPIO基礎知識(重要)

15(聯結表)、16(建立高階聯結)

《MySQL必知必會》學習筆記 15-17 15 聯結表 更多內容參考:https://blog.csdn.net/Michaelwubo/article/details/80923248

011 --- 15 抽象工廠模式

簡述:   抽象工廠模式:提供一個建立一系列相關或相互依賴的物件的介面,而無需指定它們具體的類。

三劍客--過濾命令

目錄三劍客grep命令一 grep介紹二 選項三 正則表示式3.1 正則表示式介紹3.2 正則表示式元字元3.2.1 基本正則元字符集3.2.2 擴充套件正則元字符集3.2.3 posix定義的字元分類四 練習

三劍客sed流式編輯器

目錄三劍客grep命令一 sed介紹二 sed選項與基本用法示例2.1 sed選項2.2 基本用法示例2.3 sed擴充套件指定地址三 sed命令四 模式空間與保持空間五 sed指令碼六 練習

安全入侵檢測

  入侵檢測   本地平臺檢測方法   雲平臺檢測方法   檢視系統日誌   檢視安全相關日誌

學習DNS配置快取記憶體

一、DNS DNS(Domain Name System,域名系統),因特網上作為域名和IP地址相互對映的一個分散式資料庫,能夠使使用者更方便的訪問網際網路,而不用去記住能夠被機器直接讀取的IP數串。通過主機名,最終得到

【STM32F429】4 ThreadX GUIX上手STM32F429 LTDC基礎知識

最新教程下載:http://www.armbbs.cn/forum.php?mod=viewthread&tid=98429 4 ThreadX GUIX上手STM32F429 LTDC基礎知識

【STM32F429】5 ThreadX GUIX上手電阻觸控和電容觸控

最新教程下載:http://www.armbbs.cn/forum.php?mod=viewthread&tid=98429 5 ThreadX GUIX上手電阻觸控和電容觸控