第十三週
阿新 • • 發佈:2020-07-12
1、配置chrony服務,實現伺服器時間自動同步
1、檢查軟體包
centos7已經預安裝了chrony軟體包,centos6預設沒有安裝,需要使用epel源安裝,我使用的是centos7系統
使用一臺centos7作為ntpserver,ip地址為192.168.10.130
2、檢查時區是否正確
在伺服器端和客戶端都要檢查
# 檢查時區是否是shanghai [root@ntpserver ~]# timedatectl Local time: Sat 2020-07-11 11:17:50 CST Universal time: Sat 2020-07-11 03:17:50 UTC RTC time: Sat 2020-07-11 03:17:50 Time zone: Asia/Shanghai (CST, +0800) NTP enabled: no NTP synchronized: yes RTC in local TZ: no DST active: n/a # 可以使用下面的命令修改時區 [root@ntpserver ~]# timedatectl set-timezone Asia/Shanghai
3、修改chrony伺服器的配置檔案/etc/chrony.conf
# 把原來的自帶ntp伺服器註釋掉,新增一臺aliyun的ntp伺服器,也可以新增多臺 [root@ntpserver ~]# vim /etc/chrony.conf 3 #server 0.centos.pool.ntp.org iburst 4 #server 1.centos.pool.ntp.org iburst 5 #server 2.centos.pool.ntp.org iburst 6 #server 3.centos.pool.ntp.org iburst 7 server ntp1.aliyun.com iburst # 修改第29行,寫上需要時間同步的網段 29 allow 192.168.10.0/24 # 取消第32行註釋,作用是如果無法連線到aliyun的ntp伺服器,自己仍然可以為網路內的裝置同步時間 32 local stratum 10
4、啟動chrony服務,並設定開機啟動
[root@ntpserver ~]# systemctl start chronyd
[root@ntpserver ~]# systemctl enable chronyd
Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.
5、修改客戶端的配置檔案,並設定chronyd服務為開機啟動
這裡先不啟動服務,等測試時啟動服務,效果比較明顯
# 註釋掉原來的ntp伺服器配置,新增上自己配置的ntp伺服器地址 [root@ntpclient ~]#vim /etc/chrony.conf 3 #server 0.centos.pool.ntp.org iburst 4 #server 1.centos.pool.ntp.org iburst 5 #server 2.centos.pool.ntp.org iburst 6 #server 3.centos.pool.ntp.org iburst 7 server 192.168.10.130 iburst [root@ntpclient ~]#systemctl enable chronyd Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.
6、在客戶端同步測試
測試結果的一點反饋:在chronyd服務啟動之後,我把系統時間再改為1年後,等了很長時間都沒有同步,需要重啟chronyd服務才能同步;如果把時間改為幾分鐘後,則大概等了一兩分鐘,時間同步成功;如果是相差幾秒鐘應該同步更快。看來如果不是故意修改時間,實時同步應該是可以保證的。
# 修改系統時間為1年後,然後啟動chronyd服務,可以看到時間同步成功
[root@ntpclient ~]#date -s '1 year'
Sun Jul 11 11:39:29 CST 2021
[root@ntpclient ~]#systemctl start chronyd
[root@ntpclient ~]#date
Sun Jul 11 11:39:39 CST 2021
[root@ntpclient ~]#date
Sun Jul 11 11:39:41 CST 2021
[root@ntpclient ~]#date
Sat Jul 11 11:39:43 CST 2020
# 可以使用chronyc sources -v命令檢視同步資訊,如果時間伺服器前面帶“*”,則說明同步成功
[root@ntpclient ~]#chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.10.130 3 6 177 24 -33us[ -107us] +/- 19ms
2、實現cobbler+pxe自動化裝機
1、安裝相關軟體包
安裝cobbler軟體包需要啟用epel源
cobbler軟體包會把相關的http、tftp、syslinux軟體包安裝上,但是dhcp需要單獨安裝
[root@server ~]# yum install cobbler dhcp
2、啟動需要的服務
先啟動cobbler、httpd和tftp,dhcp需要配置之後才可以啟動
[root@server ~]# systemctl start cobblerd httpd tftp
[root@server ~]# systemctl enable cobblerd httpd tftp
3、執行cobbler check命令
cobbler check命令,可以檢查操作環境和檢視操作步驟
在centos7的系統環境中,只需要做1、2、4、7
[root@server ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
4、按照cobbler check的要求修改/etc/cobbler/settings檔案
# 通過openssl生成一個md5的密碼,這個密碼用於安裝好系統後的使用者密碼
[root@server ~]# openssl passwd -1
Password:
Verifying - Password:
$1$vAMs7hlD$JRSj8wKKBG74ie6zP/Y/51
# 修改settings檔案,default_password_crypted寫剛才生成的密碼,server和next_server都寫成本機的ip地址,manage_dhcp改為1是可以自動生成dhcp的配置檔案
[root@server ~]# vim /etc/cobbler/settings
101 default_password_crypted: "$1$vAMs7hlD$JRSj8wKKBG74ie6zP/Y/51"
242 manage_dhcp: 1
278 next_server: 192.168.10.130
390 server: 192.168.10.130
# 重啟cobbler服務
[root@server ~]# systemctl restart cobblerd
5、修改cobbler自帶的dhcp模板檔案
# 修改模板檔案中的網段為自己所在的實際網段
[root@server ~]# vim /etc/cobbler/dhcp.template
subnet 192.168.10.0 netmask 255.255.255.0 {
option routers 192.168.10.2;
option domain-name-servers 192.168.10.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.10.100 192.168.10.254;
6、執行cobbler get-loaders下載相應配置檔案
這一步需要連外網
[root@server ~]# cobbler get-loaders
# 執行同步命令,可以把下載的檔案拷貝到/var/lib/tftpboot/對應的目錄中,同時通過dhcp模板檔案生成dhcp的配置檔案
[root@server ~]# cobbler sync
7、生成yum源
需要先掛載centos的光碟,我是自動掛載在/misc/cd目錄中
執行cobbler import命令就是把光碟中的內容拷貝到/var/www/cobbler/ks_mirror/Centos-x86_64/目錄中
匯入完成之後,/var/lib/tftpboot/pxelinux.cfg/default檔案中就會產生一個名字為Centos7.6-x86_64的啟動選單選項
# 匯入安裝光碟,指定掛載的路徑/misc/cd,指定啟動選單對應的名稱Centos7.6-x86_64,指定系統架構為x86_64
[root@server ~]# cobbler import --path=/misc/cd --name=Centos7.6-x86_64 --arch=x86_64
8、定製應答檔案
此時已經可以安裝了系統了,cobbler會自動生成一個最小化安裝的應答檔案,如果沒有特別要求直接安裝即可,如果有系統安裝要求,需要自己製作應答檔案
# 把自己準備的應答檔案拷貝到/var/lib/cobbler/kickstarts/目錄下
[root@server ~]# cp ks7_mini.cfg /var/lib/cobbler/kickstarts/
# 修改應答檔案的url路徑為$tree
[root@server ~]# vim /var/lib/cobbler/kickstarts/ks7_mini.cfg
url --url=$tree
9、關聯yum源
自己定製的應答檔案需要關聯yum源,才可以使用
# 檢視當前已經存在的yum源名稱
[root@server ~]# cobbler distro list
Centos7.6-x86_64
# 管理yum源和應答檔案,選單名稱命名為Centos7.6-x86_64_mini,關聯的yum源為Centos7.6-x86_64,應答檔案為/var/lib/cobbler/kickstarts/ks7_mini.cfg,這裡應答檔案路徑要寫絕對路徑
[root@server ~]# cobbler profile add --name Centos7.6-x86_64_mini --distro=Centos7.6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7_mini.cfg
# 現在的啟動選單檔案內容如下,Centos7.6-x86_64為cobbler自帶的最小化安裝,Centos7.6-x86_64_mini為剛才新增的安裝選單
[root@server ~]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL Centos7.6-x86_64
kernel /images/Centos7.6-x86_64/vmlinuz
MENU LABEL Centos7.6-x86_64
append initrd=/images/Centos7.6-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.10.130/cblr/svc/op/ks/profile/Centos7.6-x86_64
ipappend 2
LABEL Centos7.6-x86_64_mini
kernel /images/Centos7.6-x86_64/vmlinuz
MENU LABEL Centos7.6-x86_64_mini
append initrd=/images/Centos7.6-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.10.130/cblr/svc/op/ks/profile/Centos7.6-x86_64_mini
ipappend 2
MENU end
# 刪除cobbler自動生成的安裝選單Centos7.6-x86_64
[root@server ~]# cobbler profile remove --name=Centos7.6-x86_64
[root@server ~]# cobbler profile list
Centos7.6-x86_64_mini
10、安裝測試
新建一臺虛擬機器,硬碟選擇200g,最小化安裝記憶體1g即可,如果帶桌面安裝需要至少1.5g記憶體
預設是local啟動,選擇第二項最小化安裝
安裝過程
安裝成功