20.第15章 運維自動化之系統部署
阿新 • • 發佈:2020-12-30
一.kickstart檔案製作過程
[root@centos7 isolinux]# system-config-kickstart -bash: system-config-kickstart: command not found [root@centos7 isolinux]# yum -y install system-config-kickstart [root@centos7 isolinux]# system-config-kickstart Could not open display because no X server is running. Try running 'system-config-kickstart --help' for a list of options. 開啟Xmanager – Passive檔案 [root@centos7 isolinux]# export DISPLAY=10.0.0.1:0.0 [root@centos7 isolinux]# system-config-kickstart /usr/share/system-config-kickstart/kickstartGui.py:104: GtkWarning: GtkSpinButton: setting an adjustment with non-zero page size is deprecated xml = gtk.glade.XML ("/usr/share/system-config-kickstart/system-config-kickstart.glade", domain="system-config-kickstart") Loaded plugins: fastestmirror
[root@centos7 ~]# yum -y install httpd;systemctl enable --now httpd [root@centos7 ~]# mkdir -pv /var/www/html/centos/{6,7,8} mkdir: created directory ‘/var/www/html/centos’ mkdir: created directory ‘/var/www/html/centos/6’ mkdir: created directory ‘/var/www/html/centos/7’ mkdir: created directory ‘/var/www/html/centos/8’ [root@centos7 ~]# mount /dev/sr0 /var/www/html/centos/7 mount: /dev/sr0 is write-protected, mounting read-only http://10.0.0.7/centos/7/
net.ifnames=0,系統安裝後網絡卡是eth0、eth1網絡卡名
網路設定
驗證方法
SElinux和防火牆
顯示
軟體包安裝,這裡不能選
[root@centos7 isolinux]# cd /etc/yum.repos.d/
[root@centos7 yum.repos.d]# vim base.repo
把[base]改成[development]
:wq
[root@centos7 yum.repos.d]# system-config-kickstart
現在就可以選擇軟體包了
安裝前指令碼
root@centos7 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Eg2jx10UZw1uyQcTcNaKaitaryyynwLRh1l32KZyxY4 [email protected] The key's randomart image is: +---[RSA 2048]----+ | o+ .=oX= | | .oo=*. B +o | | . +..+Bo .=.. | |. + o.E.. .... | | . . o. S. | |. .o | | . .. . | | o .+... | | .=+ooo. | +----[SHA256]-----+ [root@centos7 ~]# cd .ssh [root@centos7 .ssh]# ls id_rsa id_rsa.pub [root@centos7 .ssh]# ssh-copy-id 127.0.0.1 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:zb/8mo/ptS0h8eHVY1FDRuvh6aQj1opzpsD7khnYjSo. ECDSA key fingerprint is MD5:f1:ee:83:81:26:e8:ed:a5:39:d5:fd:41:bc:a8:23:38. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '127.0.0.1'" and check to make sure that only the key(s) you wanted were added. [root@centos7 .ssh]# ls authorized_keys id_rsa id_rsa.pub known_hosts [root@centos7 .ssh]# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnsdSfIrGqy9pyJmiuRPRZYF834zr2TcSneCfcysCqiiNet19z4CS6ynbTY5RX7qD7dBOJhNUjTT7xB8xel6CTUfTL6Dw+gqpbVBNggU7sxyvePTsRVSU95uHcClO/Nq0EXV3T+0KAEZ0KVYWJHfzLihn5YML4xXwcLGAAFHt/lHUBX7IjUmwHMHk+fxD0g6+HkWhHB84HOPPSs3ZANiMdvU6SZHZM1kMt+53BXrdKFZiP/PZUIvDcRV2Ilk5uuYzJMyeuAXcFuUJZKQupMdwi6c4jyryy8NMavMJFMm0uAF3bhNzYvdXwZ5ENGEpTU8ZqtGMl6Z02cRi5RIWfUlFn [email protected] [root@centos7 .ssh]# pwd /root/.ssh [root@centos7 .ssh]# cd [root@centos7 ~]# ll -hd .ssh drwx------ 2 root root 80 Dec 30 14:36 .ssh
安裝後腳本
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --plaintext 123456
# System language
lang en_US
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --disabled
# Firewall configuration
firewall --disabled
# Network information
network --bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="http://10.0.0.7/centos/7"
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part / --fstype="ext4" --size=102400
part /boot --fstype="ext4" --size=1024
part /data --fstype="ext4" --size=51200
part swap --fstype="swap" --size=2048
%post
mkdir -m 700 /root/.ssh
cat > /root/.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnsdSfIrGqy9pyJmiuRPRZYF834zr2TcSneCfcysCqiiNet19z4CS6ynbTY5RX7qD7dBOJhNUjTT7xB8xel6CTUfTL6Dw+gqpbVBNggU7sxyvePTsRVSU95uHcClO/Nq0EXV3T+0KAEZ0KVYWJHfzLihn5YML4xXwcLGAAFHt/lHUBX7IjUmwHMHk+fxD0g6+HkWhHB84HOPPSs3ZANiMdvU6SZHZM1kMt+53BXrdKFZiP/PZUIvDcRV2Ilk5uuYzJMyeuAXcFuUJZKQupMdwi6c4jyryy8NMavMJFMm0uAF3bhNzYvdXwZ5ENGEpTU8ZqtGMl6Z02cRi5RIWfUlFn [email protected]
EOF
chmod 600 /root/.ssh/authorized_keys
%end
%packages
vim
wget
curl
%end
[root@centos7 ~]# ksvalidator ks7.cfg
#檢查語法格式
二.在CentOS 8上實現PXE自動化安裝CentOS 6,7,8
1.安裝前準備
關閉防火牆和SELinux,伺服器設定靜態IP地址
網路要求:關閉vmware軟體中的DHCP服務,基於NAT模式
注意:使用1G以下記憶體的主機安裝centos7,8會提示空間不足,建議2G以上記憶體
2.安裝相關軟體包並啟動
[root@centos8 ~]# dnf -y install dhcp-server tftp-server httpd syslinux-nonlinux
[root@centos8 ~]# systemctl enable --now httpd tftp dhcpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
Created symlink /etc/systemd/system/sockets.target.wants/tftp.socket → /usr/lib/systemd/system/tftp.socket.
Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service.
Job for dhcpd.service failed because the control process exited with error code.
See "systemctl status dhcpd.service" and "journalctl -xe" for details.
#dhcp服務不能啟動,因為沒有設定dhcp配置檔案
3.配置DHCP服務
[root@centos8 ~]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp: overwrite '/etc/dhcp/dhcpd.conf'? y
[root@centos8 ~]# vim /etc/dhcp/dhcpd.conf
option domain-name "example.org"; #設定域名,這裡可以不設定
option domain-name-servers 180.76.76.76, 223.6.6.6; #設定DNS
default-lease-time 86400; #設定DHCP租期
max-lease-time 100000; #設定最大DHCP租期
subnet 10.0.0.0 netmask 255.255.255.0 { #DHCP獲取網路段
range 10.0.0.100 10.0.0.200; #DHCP獲取地址範圍
option routers 10.0.0.2; #閘道器
next-server 10.0.0.8; #tftp 服務地址
filename "pxelinux.0"; #pxe獲取檔名
}
:wq
[root@centos8 ~]# systemctl enable --now dhcpd
4.準備yum源和相關目錄
[root@centos8 ~]# mkdir -pv /var/www/html/centos/{6,7,8}/os/x86_64
mkdir: created directory '/var/www/html/centos'
mkdir: created directory '/var/www/html/centos/6'
mkdir: created directory '/var/www/html/centos/6/os'
mkdir: created directory '/var/www/html/centos/6/os/x86_64'
mkdir: created directory '/var/www/html/centos/7'
mkdir: created directory '/var/www/html/centos/7/os'
mkdir: created directory '/var/www/html/centos/7/os/x86_64'
mkdir: created directory '/var/www/html/centos/8'
mkdir: created directory '/var/www/html/centos/8/os'
mkdir: created directory '/var/www/html/centos/8/os/x86_64'
[root@centos8 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 200G 0 disk
├─sda1 8:1 0 1G 0 part /boot
├─sda2 8:2 0 100G 0 part /
├─sda3 8:3 0 50G 0 part /data
├─sda4 8:4 0 1K 0 part
└─sda5 8:5 0 2G 0 part [SWAP]
sr0 11:0 1 3.7G 0 rom
sr1 11:1 1 9.5G 0 rom
sr2 11:2 1 8.6G 0 rom
[root@centos8 ~]# mount /dev/sr0 /var/www/html/centos/6/os/x86_64/
mount: /var/www/html/centos/6/os/x86_64: WARNING: device write-protected, mounted read-only.
[root@centos8 ~]# mount /dev/sr1 /var/www/html/centos/7/os/x86_64/
mount: /var/www/html/centos/7/os/x86_64: WARNING: device write-protected, mounted read-only.
[root@centos8 ~]# mount /dev/sr2 /var/www/html/centos/8/os/x86_64/
mount: /var/www/html/centos/8/os/x86_64: WARNING: device write-protected, mounted read-only.
http://10.0.0.8/centos/6/os/x86_64/
5.準備kickstart檔案
[root@centos8 ~]# mkdir /var/www/html/ks
[root@centos8 ~]# rz
#把事先準備好的kickstart檔案傳到系統
[root@centos8 ~]# ls
anaconda-ks.cfg centos6.cfg centos7.cfg centos8.cfg
[root@centos8 ~]# mv centos* /var/www/html/ks/
[root@centos8 ~]# ls /var/www/html/ks/
centos6.cfg centos7.cfg centos8.cfg
[root@centos8 ~]# cat /var/www/html/ks/centos6.cfg
install
text
reboot
url --url=http://10.0.0.8/centos/6/os/x86_64/
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp --noipv6
rootpw --plaintext 123456
firewall --disabled
authconfig --enableshadow --passalgo=sha512
selinux --disabled
timezone Asia/Shanghai
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
zerombr
clearpart --all --initlabel
part /boot --fstype=ext4 --size=1024
part / --fstype=ext4 --size=50000
part /data --fstype=ext4 --size=30000
part swap --size=2048
%packages
@core
@server-policy
@workstation-policy
autofs
vim-enhanced
%end
%post
useradd neteagle
echo 123456 | passwd --stdin neteagle &> /dev/null
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/* /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
name=base
baseurl=file:///misc/cd
gpgcheck=0
EOF
%end
[root@centos8 ~]# cat /var/www/html/ks/centos7.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --plaintext 123456
# System language
lang en_US
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --disabled
# Firewall configuration
firewall --disabled
# Network information
network --bootproto=static --device=eth0 --ip=10.0.0.123 --netmask=255.255.255.0
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="http://10.0.0.8/centos/7/os/x86_64"
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Partition clearing information
clearpart --all
# Disk partitioning information
part / --fstype="xfs" --size=100000
%post
useradd neteagle
echo 123456 |passwd --stdin neteagle
mkdir /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
EOF
%end
%packages
vim
wget
lrzsz
tree
curl
%end
[root@centos8 ~]# cat /var/www/html/ks/centos8.cfg
ignoredisk --only-use=sda
zerombr
text
reboot
clearpart --all --initlabel
selinux --disabled
firewall --disabled
url --url=http://10.0.0.8/centos/8/os/x86_64/
keyboard --vckeymap=us --xlayouts='us'
lang en_US.UTF-8
network --bootproto=dhcp --device=ens160 --ipv6=auto --activate
network --hostname=centos8.magedu.com
rootpw --plaintext 123456
firstboot --enable
skipx
services --disabled="chronyd"
timezone Asia/Shanghai --isUtc --nontp
user --name=wang --password=6oUfb/02CWfLb5l8f$sgEZeR7c7DpqfpmFDH6huSmDbW1XQNR4qKl2EPns.gOXqlnAIgv9pTogtFVaDtEpMOC.SWXKYqxfVtd9MCwxb1 --iscrypted --gecos="wang"
part / --fstype="xfs" --ondisk=sda --size=102400
part /data --fstype="xfs" --ondisk=sda --size=51200
part swap --fstype="swap" --ondisk=sda --size=2048
part /boot --fstype="ext4" --ondisk=sda --size=1024
%packages
@^minimal-environment
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
%post
useradd neteagle
echo 123456 | passwd --stdin neteagle &> /dev/null
%end
6.準備PXE啟動相關檔案
[root@centos8 ~]# mkdir /var/lib/tftpboot/centos{6,7,8}
#準備centos 6,7,8各自的核心相關檔案
[root@centos8 ~]# cp /var/www/html/centos/6/os/x86_64/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/centos6/
[root@centos8 ~]# cp /var/www/html/centos/7/os/x86_64/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/centos7/
[root@centos8 ~]# cp /var/www/html/centos/8/os/x86_64/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/centos8/
[root@centos8 ~]# cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot/
#以下三個檔案是CentOS 8安裝所必須檔案,CentOS 6,7則不需要
[root@centos8 ~]# cp /var/www/html/centos/8/os/x86_64/isolinux/{ldlinux.c32,libcom32.c32,libutil.c32} /var/lib/tftpboot/
#生成安裝選單檔案
[root@centos8 ~]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@centos8 ~]# cp /var/www/html/centos/8/os/x86_64/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
#最終目錄結構如下
[root@centos8 ~]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── centos6
│ ├── initrd.img
│ └── vmlinuz
├── centos7
│ ├── initrd.img
│ └── vmlinuz
├── centos8
│ ├── initrd.img
│ └── vmlinuz
├── ldlinux.c32
├── libcom32.c32
├── libutil.c32
├── menu.c32
├── pxelinux.0
└── pxelinux.cfg
└── default
4 directories, 12 files
7.準備啟動選單檔案
[root@centos8 ~]# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 600
menu title CentOS Linux
label linux8
menu label Auto Install CentOS Linux ^8
kernel centos8/vmlinuz
append initrd=centos8/initrd.img ks=http://10.0.0.8/ks/centos8.cfg
label linux7
menu label Auto Install CentOS Linux ^7
kernel centos7/vmlinuz
append initrd=centos7/initrd.img ks=http://10.0.0.8/ks/centos7.cfg
label linux6
menu label Auto Install CentOS Linux ^6
kernel centos6/vmlinuz
append initrd=centos6/initrd.img ks=http://10.0.0.8/ks/centos6.cfg
label manual
menu label ^Manual Install CentOS Linux 8.3
kernel centos8/vmlinuz
append initrd=centos8/initrd.img inst.repo=http://10.0.0.8/centos/8/os/x86_64/
label rescue
menu label ^Rescue a CentOS Linux system 8
kernel centos8/vmlinuz
append initrd=centos8/initrd.img inst.repo=http://10.0.0.8/centos/8/os/x86_64/ rescue
label local
menu label Boot from ^local drive
localboot 0xffff
menu end
:wq! #需要強制儲存
8.測試客戶機基於PXE實現自動化安裝
新準備一臺虛擬機器,設定網絡卡引導,可看到啟動選單,並實現自動安裝
自動安裝CentOS8
正在安裝
安裝完成,並啟動
正常登入
自動安裝CentOS7
自動安裝CentOS6