解放勞動力—Cobbler批量自動化部署多版本系統
阿新 • • 發佈:2018-11-22
1 Cobbler 介紹
Cobbler 是一個 Linux 伺服器安裝的服務,可以通過網路啟動(PXE)的方式來快速安裝、重灌物理伺服器和虛擬機器,同時還可以管理 DHCP,DNS 等。
Cobbler 可以使用命令列方式管理,也提供了基於 Web 的介面管理工具(cobbler-web),還提供了API 介面,可以方便二次開發使用。
Cobbler 是較早前的 kickstart 的升級版,優點是比較容易配置,還自帶 web 介面比較易於管理。
Cobbler 內建了一個輕量級配置管理系統,但它也支援和其它配置管理系統整合,如 Puppet,暫時不支援 SaltStack。
Cobbler 官網:https://fedorahosted.org/cobbler/
1.1 Cobbler 整合的服務
PXE 服務支援
DHCP 服務管理
DNS 服務管理(可選 bind,dnsmasq)
電源管理
Kickstart 服務支援
YUM 倉庫管理
TFTP(PXE 啟動時需要)
Apache(提供 kickstart 的安裝源,並提供定製化的 kickstart 配置)
1.2 Cobbler的工作流程
2 Cobbler安裝
#必要服務
(1)cobbler (cobbler 的核心)
(2)httpd (提供 cobbler 的 web 介面)
(3)dhcpd (為自動安裝系統分配 IP 地址)
(4)epel-release (為之提供 yum 源)
(5)rsync (cobbler 需要同步資訊)
(6)cobbler-web (cobbler 的一個 web 外掛)
(7)xinetd (為 rsync 和 tftp 的守護程序)
(8)tftp (傳送安裝的一些檔案的類似 ftp)
1. 關閉防火牆和 selinux
/etc/init.d/iptables stop chkconfig iptables off getenforce sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
2.開始安裝cobbler
#1. 安裝第三方源:
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo yum repolist
升級Django大於1.4版本否則安裝cobbler-web時報以下錯(如果不用可以先忽略):
Error: Package: cobbler-web-2.6.11-7.git95749a6.el6.noarch (epel)
Requires: Django >= 1.4
升級Django方法如下:
wget "https://pypi.python.org/packages/source/p/pip/pip-1.5.4.tar.gz#md5=834b2904f92d46aaa333267fb1c922bb" --no-check-certificat tar -xf pip-1.5.4.tar.gz cd pip-1.5.4 python setup.py install pip install Django==1.5.1
#2.cobbler安裝相關服務
yum -y install cobbler dhcp tftp-server pykickstart httpd xinetd
#3.檢查
rpm -qa cobbler dhcp tftp-server pykickstart httpd xinetd
#4.檢視cobbler配置檔案
rpm -ql cobbler
/etc/cobbler # 配置檔案目錄 /etc/cobbler/settings # cobbler 主配置檔案,這個檔案是 YAML 格式,Cobbler 是 python 寫的程式。 /etc/cobbler/dhcp.template # DHCP 服務的配置模板 /etc/cobbler/tftpd.template # tftp 服務的配置模板 /etc/cobbler/rsync.template # rsync 服務的配置模板 /etc/cobbler/iso # iso 模板配置檔案目錄 /etc/cobbler/pxe # pxe 模板檔案目錄 /etc/cobbler/power # 電源的配置檔案目錄 /etc/cobbler/users.conf # Web 服務授權配置檔案 /etc/cobbler/users.digest #用於 web 訪問的使用者名稱密碼配置檔案 /etc/cobbler/dnsmasq.template #DNS 服務的配置模板 /etc/cobbler/modules.conf # Cobbler 模組配置檔案 /var/lib/cobbler # Cobbler 資料目錄 /var/lib/cobbler/config #配置檔案 /var/lib/cobbler/kickstarts # 預設存放 kickstart 檔案 /var/lib/cobbler/loaders # 存放的各種載入程式 /var/www/cobbler # 系統安裝映象目錄 /var/www/cobbler/ks_mirror # 匯入的系統映象列表 /var/www/cobbler/images # 匯入的系統映象啟動檔案 /var/www/cobbler/repo_mirror # yum 源儲存目錄 /var/log/cobbler # 日誌目錄 /var/log/cobbler/install.log # 客戶端系統安裝日誌 /var/log/cobbler/cobbler.log # cobbler 日誌
#啟動相關服務
/etc/init.d/httpd restart /etc/init.d/cobblerd restart /etc/init.d/xinetd restart
#4. 檢查cobbler配置會列出存在的問題,我們只要把問題都解決都ok了
#cobbler check的檢查命令
[[email protected] ~]# cobbler check
The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : change 'disable' to 'no' in /etc/xinetd.d/rsync 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.
#解決方法
1. /etc/cobbler/settings 中'server'配置成具體的伺服器 ip 地址,我這修改為內網的 2. /etc/cobbler/settings 中'next_server'也修改為具體的 ip 地址 3. /etc/xinetd.d/tftp 中把'disable' 從'yes' 'no' 4. 執行'cobbler get-loaders'網路引導載入程式 5. 開啟 rsync 服務並設定為開機啟動,systemctl start rsyncd、systemctl enable rsyncd 6. debian 系統需要安裝 debmirror 包,我們這裡是 centos 所以不用安裝 7. "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'"生成新密碼並修改配置/etc/cobbler/settings 中'default_password_crypted'欄位 8. 應用修改後執行service restart cobblerd、cobbler sync
針對以上問題進行整改:
cp /etc/cobbler/settings{,.ori} && ll /etc/cobbler/settings{,.ori}
sed -i 's/server: 127.0.0.1/server: 192.168.247.141/' /etc/cobbler/settings && grep "server: 192.168.247.141" /etc/cobbler/settings
sed -i 's/next_server: 127.0.0.1/next_server: 192.168.247.141/' /etc/cobbler/settings
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/' /etc/cobbler/settings && grep 'manage_dhcp: 1' /etc/cobbler/settings
sed -i 's/pxe_just_once: 0/pxe_just_once: 1/' /etc/cobbler/settings && grep 'pxe_just_once: 1' /etc/cobbler/settings
vim /etc/cobbler/settings
或者手動修改如下地方:
manage_dhcp: 1
manage_rsync: 1
#生成新密碼並修改配置/etc/cobbler/settings 中'default_password_crypted'欄位
hejianlai=`openssl passwd -1 -salt 'hejianlai' '123456'`
echo $hejianlai
#注意: "default_password_crypted: "後面有一個空格的,如果不留空格會報錯
sed -i "/default_password_crypted/c\default_password_crypted: \"$hejianlai"\" /etc/cobbler/settings
#網路引導載入程式會從官網自動下載
[[email protected] ~]# cobbler get-loaders
task started: 2018-11-21_005408_get_loaders task started (id=Download Bootloader Content, time=Wed Nov 21 00:54:08 2018) path /var/lib/cobbler/loaders/README already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/COPYING.elilo already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/COPYING.yaboot already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/COPYING.syslinux already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/elilo-ia64.efi already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/yaboot already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/pxelinux.0 already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/menu.c32 already exists, not overwriting existing content, use --force if you wish to update path /var/lib/cobbler/loaders/grub-x86.efi already exists, not overwriting existing content, use --force if you wish to update downloading http://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
#下載的內容
ll /var/lib/cobbler/loaders/
#修改rsync、tftp的配置檔案
[[email protected] ~]# vim /etc/xinetd.d/rsync disable = no [[email protected] ~]# vim /etc/xinetd.d/tftp disable = no #重啟 [[email protected] loaders]# /etc/init.d/xinetd restart Stopping xinetd: [FAILED] Starting xinetd: [ OK ] [[email protected] loaders]# /etc/init.d/cobblerd restart Stopping cobbler daemon: [ OK ] Starting cobbler daemon: [ OK ]
#再檢查
[[email protected] loaders]# cobbler check
# 修改cobbler的 dhcp 模版,不要直接修改 dhcp 本身的配置檔案,因為 cobbler 會覆蓋,下面只列出修改的部分
vim /etc/cobbler/dhcp.template
...
subnet 192.168.247.0 netmask 255.255.255.0 {
option routers 192.168.247.5;
option domain-name-servers 192.168.247.5;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.247.100 192.168.247.254;
...
5 同步cobbler配置出現TASK COMPLETE表示成功
# 同步最新 cobbler 配置,它會根據配置自動修改 dhcp 等服務。
[[email protected] ~]# cobbler sync ... *** TASK COMPLETE ***
#設定開機自啟動
chkconfig httpd on chkconfig xinetd on chkconfig cobblerd on chkconfig dhcpd on
#重啟所有服務
/etc/init.d/httpd restart /etc/init.d/xinetd restart /etc/init.d/cobblerd restart /etc/init.d/dhcpd restart
6 掛載光碟讓 cobbler 處理生成
#1.掛載光碟或者匯入系統映象的方式,匯入系統映象請看下面部署多個系統部分內容。
mount /dev/cdrom /mnt/
# 匯入系統映象
[[email protected] ~]# cobbler import --path=/mnt/ --name=CentOS-6.8-x86_64 --arch=x86_64 # --path 映象路徑 # --name 為安裝源定義一個名字 # --arch 指定安裝源是 32 位、64 位、ia64, 目前支援的選項有: x86│x86_64│ia64 # 安裝源的唯一標示就是根據 name 引數來定義,本例匯入成功後,安裝源的唯一標示就是
# 檢視映象列表
[[email protected] ~]# cobbler distro list CentOS-6.8-x86_64
# 映象存放目錄,cobbler 會將映象中的所有安裝檔案拷貝到本地一份,放在/var/www/cobbler/ks_mirror 下的 CentOS-6.8-x86_64 目錄下。因此/var/www/cobbler目錄必須具有足夠容納安裝檔案的空間
[[email protected] ~]# ll /var/www/cobbler/ks_mirror/CentOS-6.8-x86_64
total 276 -r--r--r-- 1 root root 14 May 22 2016 CentOS_BuildTag dr-xr-xr-x 3 root root 4096 May 22 2016 EFI -r--r--r-- 1 root root 212 Nov 27 2013 EULA -r--r--r-- 1 root root 18009 Nov 27 2013 GPL dr-xr-xr-x 3 root root 4096 May 23 2016 images dr-xr-xr-x 2 root root 4096 May 22 2016 isolinux dr-xr-xr-x 2 root root 212992 May 23 2016 Packages -r--r--r-- 1 root root 1359 May 22 2016 RELEASE-NOTES-en-US.html dr-xr-xr-x 2 root root 4096 May 23 2016 repodata -r--r--r-- 1 root root 1706 Nov 27 2013 RPM-GPG-KEY-CentOS-6 -r--r--r-- 1 root root 1730 Nov 27 2013 RPM-GPG-KEY-CentOS-Debug-6 -r--r--r-- 1 root root 1730 Nov 27 2013 RPM-GPG-KEY-CentOS-Security-6 -r--r--r-- 1 root root 1734 Nov 27 2013 RPM-GPG-KEY-CentOS-Testing-6 -r--r--r-- 1 root root 3380 May 23 2016 TRANS.TBL
開啟瀏覽器輸入 http://192.168.247.141/cobbler/ks_mirror/CentOS-6.8-x86_64/
7 指定ks.cfg檔案及調整核心引數
# Cobbler 的 ks.cfg 檔案存放位置
[[email protected] ~]# cd /var/lib/cobbler/kickstarts/ [[email protected] kickstarts]# ll total 60 -rw-r--r-- 1 root root 115 Nov 21 01:59 default.ks -rw-r--r-- 1 root root 22 Nov 21 01:59 esxi4-ks.cfg -rw-r--r-- 1 root root 22 Jul 14 2016 esxi5-ks.cfg drwxr-xr-x 2 root root 4096 Nov 21 00:37 install_profiles -rw-r--r-- 1 root root 1424 Jul 14 2016 legacy.ks -rw-r--r-- 1 root root 292 Jul 14 2016 pxerescue.ks -rw-r--r-- 1 root root 2916 Jul 14 2016 sample_autoyast.xml -rw-r--r-- 1 root root 1825 Nov 21 01:59 sample_end.ks -rw-r--r-- 1 root root 0 Jul 14 2016 sample_esx4.ks -rw-r--r-- 1 root root 324 Jul 14 2016 sample_esxi4.ks -rw-r--r-- 1 root root 386 Jul 14 2016 sample_esxi5.ks -rw-r--r-- 1 root root 1784 Jul 14 2016 sample.ks -rw-r--r-- 1 root root 3419 Jul 14 2016 sample_old.seed -rw-r--r-- 1 root root 5879 Jul 14 2016 sample.seed
# 在第一次匯入系統映象後,Cobbler 會給映象指定一個預設的 kickstart 自動安裝檔案在/var/lib/cobbler/kickstarts 下的 sample_end.ks。
預設用sample_end.ks檔案,以下是新建的一個名字為CentOS-6.8-x86_64.cfg:
# kickstart template for Fedora 8 and later.
# (includes %end blocks)
# do not use with earlier distros
#platform=x86, AMD64, or Intel EM64T
# System authorization information
#auth --useshadow --enablemd5
authconfig --enableshadow --passalgo=sha512
# System bootloader configuration
bootloader --location=mbr --driveorder=sda --append="nomodeset crashkernel=auto rhgb quiet"
# Partition clearing information
clearpart --all --initlabel
# Use text mode install
text
# Firewall configuration
firewall --disabled
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# Use network installation
url --url=$tree
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# Network information
$SNIPPET('network_config')
# Reboot after installation
reboot
logging --level=info
#Root password
rootpw --iscrypted $default_password_crypted
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# System timezone
timezone Asia/Shanghai
# Install OS instead of upgrade
install
# Clear the Master Boot Record
zerombr
# Allow anaconda to partition the system as needed
#autopart
part /boot --fstype=ext4 --asprimary --size=500
part swap --asprimary --size=1024
part / --fstype=ext4 --grow --asprimary --size=20480
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@base
@compat-libraries
@core
@debugging
@development
@dial-up
@hardware-monitoring
@performance
@server-policy
sgpio
device-mapper-persistent-data
systemtap-client
tree
lrzsz
telnet
nmap
dos2unix
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
%end
# 檢視安裝映象檔案資訊
cobbler distro report --name=CentOS-6.8-x86_64
# 檢視指定的 profile 設定
cobbler profile report --name=CentOS-6.8-x86_64
# 編輯profile,修改關聯的ks檔案
cobbler profile edit --name=CentOS-6.8-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-6.8-x86_64.cfg
# 每次修改完都要同步一次
cobbler sync
ok,這時我們新建虛擬機器配置分配高點就能成功自動安裝系統了!!
安裝中。。。
安裝完畢預設密碼:root/123456,IP地址會自動分配。耶。。。
3 部署多版本系統
1. 匯入光碟
(1)掛載光碟
給虛擬機器配置兩個光碟,分別掛載CentOS6和CentOS7的光碟,注意如果/mnt有掛載要先umonut。
掛載光碟到目錄:
mkdir /mnt/centos6 mkdir /mnt/centos7 mount /dev/sr0 /mnt/centos6 mount /dev/sr1 /mnt/centos7
如果是拷貝的iso檔案到伺服器,可以mount iso到目錄:
mkdir /mnt/centos6 mkdir /mnt/centos7 mount -o loop CentOS-6.9-x86_64-minimal.iso /mnt/centos6 mount -o loop CentOS-7-x86_64-Minimal-1708.iso /mnt/centos6
(2)cobbler import匯入光碟
cobbler import --name=CentOS6.9 --path=/mnt/centos6 && cobbler import --name=CentOS7.4 --path=/mnt/centos7
如圖可以看到,我們添加了兩個發行版本到distros,也建立了兩個profile(使用的是sample的ks檔案),名字都是CentOSx.x-x86_64,是cobblerd自動偵測了是x86_64的版本,自動新增到上面import命令的name後面。
#檢視發行版檔案
cobbler distro list cobbler profile list
#檢視匯入的發行版作業系統資訊(distro):
cobbler distro report --name=CentOS6.9-x86_64
#編寫ks檔案
放到/var/lib/cobbler/kickstarts目錄下:
ks-centos6-mini.cfg模板;
# kickstart template for Fedora 8 and later.
# (includes %end blocks)
# do not use with earlier distros
#platform=x86, AMD64, or Intel EM64T
# System authorization information
#auth --useshadow --enablemd5
authconfig --enableshadow --passalgo=sha512
# System bootloader configuration
bootloader --location=mbr --driveorder=sda --append="nomodeset crashkernel=auto rhgb quiet"
# Partition clearing information
clearpart --all --initlabel
# Use text mode install
text
# Firewall configuration
firewall --disabled
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# Use network installation
url --url=$tree
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# Network information
$SNIPPET('network_config')
# Reboot after installation
reboot
logging --level=info
#Root password
rootpw --iscrypted $default_password_crypted
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# System timezone
timezone Asia/Shanghai
# Install OS instead of upgrade
install
# Clear the Master Boot Record
zerombr
# Allow anaconda to partition the system as needed
#autopart
part /boot --fstype=ext4 --asprimary --size=500
part swap --asprimary --size=1024
part / --fstype=ext4 --grow --asprimary --size=20480
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@base
@compat-libraries
@core
@debugging
@development
@dial-up
@hardware-monitoring
@performance
@server-policy
sgpio
device-mapper-persistent-data
systemtap-client
tree
telnet
nmap
dos2unix
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
%end
ks-centos7-mini.cfg模板:
#platform=x86, AMD64, or Intel EM64T #version=DEVEL # System authorization information auth --enableshadow --passalgo=sha512 # Install OS instead of upgrade install # Use Cobbler's network installation url --url=$tree # Root password # Use graphical install text # ignore other disk ignoredisk --only-use=sda # Keyboard layouts keyboard --vckeymap=us --xlayouts='us' # System language lang en_US.UTF-8 --addsupport=zh_CN.UTF-8 # SELinux configuration selinux --disabled # Firewall configuration firewall --disabled # Do not configure the X Window System skipx # Reboot after installation reboot # Network information network --bootproto=dhcp --device=eth0 --onboot=on --ipv6=auto --activate # Root password rootpw --plaintext hejianlai # Add User # System services services --disabled="chronyd" # System timezone timezone Asia/Shanghai --nontp # System bootloader configuration bootloader --append=" crashkernel=auto" --location=mbr # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all # Disk partitioning information part /boot --fstype="xfs" --ondisk=sda --size=1024 part swap --fstype="swap" --ondisk=sda --size=4096 part / --fstype="xfs" --ondisk=sda --grow --size=1 # Agree EULA eula --agreed %post # config local yum %end %packages @^minimal @core kexec-tools %end %addon com_redhat_kdump --enable --reserve-mb='auto' %end %anaconda pwpolicy root --minlen=6 --minquality=50 --notstrict --nochanges --notempty pwpolicy user --minlen=6 --minquality=50 --notstrict --nochanges --notempty pwpolicy luks --minlen=6 --minquality=50 --notstrict --nochanges --notempty %end
刪掉預設例子,來重新新增新的kickstart檔案對應關係:
cobbler profile remove --name="CentOS6.9-x86_64" cobbler profile remove --name="CentOS7.4-x86_64" cobbler profile add --name=CentOS6.9-Mini-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks-centos6-mini.cfg --distro=CentOS6.9-x86_64 cobbler profile add --name=CentOS7.4-Mini-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks-centos7-mini.cfg --distro=CentOS7.4-x86_64
檢視pxelinux.cfg/default檔案就能看到選單選項也跟著變。
cat /var/lib/tftpboot/pxelinux.cfg/default
重新同步資料:
cobbler sync
新建虛擬機器:
安裝完成後:
