運維自動化系統部署
阿新 • • 發佈:2019-04-22
jinja 提取 根據 特殊 -s 簡化 file add commands sta 自動化系統部署
TFTP服務:
TFTP是一種用於傳輸文件的簡單高級協議,是文件傳輸協議FTP的簡化版。用來傳輸比FTP更易於使用但功能較小的文件。
FTP與TFPT區別
1、 安全區別FTP支持登錄安全,具有適當的身份驗證和加密協議,與FTP通信需要驗證
TFTP是一種開放協議,缺少安全性,沒有加密機制,與TFTP通信時不需要認證。
2、 FTP使用TCP作為傳輸層協議,TFTP使用UDP作為傳輸層協議。
3、 FTP使用2個端口:TCP端口21,是個偵聽端口;TCP端口20或更高TCP端口1024以上用於連接
TFTP僅使用一個具有停止和等待模式的端口:69/udp
4、 RFC的區別 FTP是基於RFC959文檔,帶有其他RFC涵蓋安全措施;TFTP基於RFC1350文檔
5、 執行命令的區別
FTP有許多可以執行的命令(get、put、ls、dir、lcd)並且可以列出目錄等
TFTP只有5個指令可以執行(rrq、wrq、data、ack、error)
DHCP服務
DHCP(Dynamic Host Configuration Protocol,動態主機配置協議)是一個局域網 的網絡協議,使用UDP協議工作, 主要有兩個用途:給內部網絡或網絡服務供應商自動分 配IP地址,給用戶或者內部網絡管理員作為對所有服務器作中央管理的手段。DHCP有3個端 口,其中UDP67和UDP68為正常的DHCP服務端口,分別作為DHCP Server和DHCP Client的 服務端口;546號端口用於DHCPv6 Client,而不用於DHCPv4。
HTTPD服務
httpd是Apache超文本傳輸協議(HTTP)服務器的主程序。httpd是一個開源軟件,且一般用作web服務器來使用。
syslinux包
syslinux是一個功能強大的引導加載程序,而且兼容各種介質。它的目的是簡化首次安裝Linux的時間,並建立修護或其它特殊用途的啟動盤。(下面實驗會提取/usr/share/syslinux/pxelinux.0)
system-config-kickstart
圖形界面生成Kickstart安裝應答文件
Kickstart格式
命令段:指明各種安裝前配置。 必備命令: authconfig: 認證方式配置 keyboard: 設定鍵盤類型 lang: 語言類型 part: 創建分區 rootpw: 指明root的密碼 timezone: 時區 可選命令: install OR upgrade text: 文本安裝界面 network firewall selinux halt poweroff reboot repo user:安裝完成後為系統創建新用戶 url: 指明安裝源 key –skip 跳過安裝號碼,適用於rhel版本 程序包段:指明要安裝的程序包組或程序包,不安裝的程序包等 %packages @group_name package -package %end 腳本段 %pre: 安裝前腳本 運行環境:運行於安裝介質上的微型Linux環境 %post: 安裝後腳本 運行環境:安裝完成的系統
PXE自動化安裝系統
PXE工作原理:
1、客戶端向PXE 服務器上的DHCP發送IP地址請求消息,DHCP檢測客戶端是否合法(主要檢測客戶端的網卡MAC地址),如果合法則返回客戶端的ip地址,同時將啟動文件pxelinux.0的位置信息一並傳給客戶端。
2、 客戶端向PXE服務器上的TFTP發送獲取pxelinux.0請求消息,TFTP接受到消息之後再向客戶端發送pxelinux.0大小信息,試探客戶端是否滿意,當TFTP收到客戶端發回的同意大小信息之後,正式向客戶端發送pxelinux.0
3、 客戶端執行接收到的pxelinux.0文件
4、 客戶端向TFTP服務器端發送針對本機的配置信息文件(在TFTP服務的pxelinux.cfg目錄下),TFTP服務器將配置文件發回客戶端,繼而客戶端根據配置文件執行後續操作
5、 客戶端向TFTP服務器發送內核請求信息,TFTP服務器接收到消息之後將內核發送給客戶端
6、 客戶端向TFTP發送根文件請求信息,TFTP接受到消息之後返回linux根文件系統
7、 客戶端啟動linux內核
8、 客戶端下載安裝源文件,讀取自動化安裝腳本
實驗:PXE實現自動化安裝系統的步驟
1、準備條件:
網卡:僅主機,關閉vmware 的dhcp服務,關閉防火墻和selinux
安裝軟件包 httpd,tftp-server,dhcp,syslinux,system-config-kickstart
2、打開system-config-kickstar配置ks應答文件
Package Selection顯示包組被禁用
修改yum倉庫名稱為development
安裝後腳本,
保存生成ks7.cfg文件
3、啟動httpd服務 systemctl start httpd systemctl enable httpd
放入系統鏡像和ks應答文件,用瀏覽器測試是否正常訪問
4、打開kick start文件修改鏡像路徑(註意權限)
5、配置tftp服務
[[email protected] ksdir]# yum install tftp-server
[[email protected] ksdir]# systemctl start tftp
[[email protected] ksdir]# systemctl enable tftp
6、配置DHCP服務
[[email protected] ksdir]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf(copy模板)
[[email protected] ksdir]# vim /etc/dhcp/dhcpd.conf(打開配置文件)
option domain-name "baidu.com";
option domain-name-servers 114.114.114.114,223.5.5.5; (設置DNS)
default-lease-time 86400; (設置租期)
max-lease-time 864000; (最大租期)
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don‘t really recommend.
subnet 192.168.2.0 netmask 255.255.255.0 { (網絡)
range dynamic-bootp 192.168.2.10 192.168.2.60; (地址池)
option broadcast-address 192.168.2.254; (網關)
next-server 192.168.2.200; (tftp地址,這裏就是本機)
filename "pxelinux.0"; (下載的文件名,pxelinux.0是引導啟動文件)
}
[[email protected] ksdir]# systemctl start dhcpd (啟動dhcp服務)
[[email protected] ksdir]# systemctl enable dhcpd
7、準備相關文件
[[email protected] ksdir]# yum -y install syslinux
[[email protected] ksdir]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot
[[email protected] ksdir]# cp /usr/share/syslinux/menu.c32 /var/lib/tftpboot
[[email protected] ksdir]# cp /mnt/cdrom/isolinux/vmlinuz /var/lib/tftpboot/
[[email protected] ksdir]# cp /mnt/cdrom/isolinux/initrd.img /var/lib/tftpboot/
[[email protected] ksdir]# mkdir /var/lib/tftpboot/pxelinux.cfg/
[[email protected] ksdir]# cp /mnt/cdrom/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
查看目錄結構
[[email protected] ksdir]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── initrd.img
├── menu.c32
├── pxelinux.0
├── pxelinux.cfg
│?? └── default
└── vmlinuz
8、準備啟動菜單
[[email protected] ksdir]# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 60
menu title Auto Install CentOS
label centos7
menu label Install CentOS ^Mini 7
kernel vmlinuz
append initrd=initrd.img ks=http://192.168.2.200/ksdir/ks7.cfg
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
9、準備機器開始測試網絡安裝
安裝完成
10、修改支持多系統安裝(修改目錄結構和啟動菜單)
[[email protected] ksdir]# mkdir /var/lib/tftpboot/kernel{6,7}
[[email protected] ksdir]# cd /var/lib/tftpboot/
[[email protected] tftpboot]# mv vmlinuz initrd.img kernel7/
[[email protected] tftpboot]# cp /var/www/html/centos/6/os/x86_64/isolinux/vmlinuz kernel6
[[email protected] tftpboot]# cp /var/www/html/centos/6/os/x86_64/isolinux/initrd.img kernel6
[[email protected] tftpboot]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── kernel6
│?? ├── initrd.img
│?? └── vmlinuz
├── kernel7
│?? ├── initrd.img
│?? └── vmlinuz
├── menu.c32
├── pxelinux.0
└── pxelinux.cfg
└── default
3 directories, 7 files
[[email protected] tftpboot]# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 60
menu title Auto Install CentOS
label centos7
menu label Install CentOS ^Mini 7
kernel kernel7/vmlinuz
append initrd=kernel7/initrd.img ks=http://192.168.2.200/ksdir/ks7.cfg
label centos6
menu label Install CentOS Mi^ni 6
kernel kernel6/vmlinuz
append initrd=kernel6/initrd.img ks=http://192.168.2.200/ksdir/ks6.cfg
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
11、客戶機繼續測試
Cobbler自動化安裝系統
Cobbler工作流程
客戶端裸機配置了從網絡啟動後,開機後會廣播包請求DHCP服務器(cobbler server)發送其分配好的一個ip
DHCP服務器(cobbler server)收到請求後發送responese,包括其ip地址
客戶端裸機拿到ip後再向DHCP服務器發送請求OS引導文件的請求
DHCP服務器告訴裸機OS引導文件的名字和TFTP服務器的ip和端口
客戶端裸機通過上面告知的TFTP服務器地址通信,下載引導文件
客戶端裸機執行改引導文件,確定加載信息,選擇要安裝的os,期間會再向DHCP服務器請
求kickstart和os iamge
客戶端裸機加載kick start文件
客戶端裸機接受os image,安裝os image
配置文件目錄 /etc/cobbler
/etc/cobbler/settings : cobbler 主配置文件
/etc/cobbler/iso/: iso模板配置文件
/etc/cobbler/pxe: pxe模板文件
/etc/cobbler/power: 電源配置文件
/etc/cobbler/user.conf: web服務授權配置文件
/etc/cobbler/users.digest: web訪問的用戶名密碼配置文件
/etc/cobbler/dhcp.template : dhcp服務器的的配置末班
/etc/cobbler/dnsmasq.template : dns服務器的配置模板
/etc/cobbler/tftpd.template : tftp服務的配置模板
/etc/cobbler/modules.conf : 模塊的配置文件
數據目錄
/var/lib/cobbler/config/: 用於存放distros,system,profiles 等信息配置文件
/var/lib/cobbler/triggers/: 用於存放用戶定義的cobbler命令
/var/lib/cobbler/kickstart/: 默認存放kickstart文件
/var/lib/cobbler/loaders/: 存放各種引導程序
鏡像目錄
/var/www/cobbler/ks_mirror/: 導入的發行版系統的所有數據
/var/www/cobbler/images/ : 導入發行版kernel和initrd鏡像用於遠程網絡啟動
/var/www/cobbler/repo_mirror/: yum 倉庫存儲目錄
日誌目錄
/var/log/cobbler/installing: 客戶端安裝日誌
/var/log/cobbler/cobbler.log : cobbler日誌
cobbler commands介紹
cobbler check 核對當前設置是否有問題
cobbler list 列出所有的cobbler元素
cobbler report 列出元素的詳細信息
cobbler sync 同步配置到數據目錄,更改配置最好都要執行下
cobbler reposync 同步yum倉庫
cobbler distro 查看導入的發行版系統信息
cobbler system 查看添加的系統信息
cobbler profile 查看配置信息
## 實驗:利用cobbler 實現系統自動化安裝 ##
實驗準備 兩塊網卡:僅主機和橋接,關閉vmware 的dhcp服務,關閉防火墻和selinux
1、搭建yum源(建議選擇老版本)
[[email protected] yum.repos.d]# vi base.repo
[base]
name=base
baseurl=http://mirrors.sohu.com/centos/7.5.1804/os/x86_64/
gpgcheck=1
gpgkey=http://mirrors.sohu.com/centos/7.5.1804/os/x86_64/RPM-GPG-KEY-CentOS-7
[epel]
name=epel
baseurl=http://mirrors.sohu.com/fedora-epel/7/x86_64/
gpgcheck=0
2、[[email protected] yum.repos.d]# yum -y install cobbler dhcp
安裝cobbler有依賴性,會自動把httpd、tftp-server安裝
3、啟動服務(dhcp需要配置才能啟動)
[[email protected] yum.repos.d]# systemctl enable tftp httpd cobblerd
Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket.
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.
[[email protected] yum.repos.d]# systemctl start tftp httpd cobblerd
[[email protected] yum.repos.d]# ss -ntlu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 ::1:323 :::*
udp UNCONN 0 0 :::69 :::*
tcp LISTEN 0 5 127.0.0.1:25151 *:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 128 :::80 :::*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 ::1:25 :::*
4、環境檢查
[[email protected] yum.repos.d]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The ‘server‘ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the ‘next_server‘ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change ‘disable‘ to ‘no‘ in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders‘ to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders‘ command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler‘ and should be changed, try: "openssl passwd -1 -salt ‘random-phrase-here‘ ‘your-password-here‘" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run ‘cobbler sync‘ to apply changes.
[[email protected] yum.repos.d]#
5、根據cobbler check的環境檢查來修改
找到server也就是384行,此處是cobbler server地址,修改正確地址
[[email protected] yum.repos.d]# vim /etc/cobbler/settings
0 # or hostname of the system as those systems can see the server.
381 # if you have a server that appears differently to different subnets
382 # (dual homed, etc), you need to read the --server-override section
383 # of the manpage for how that works.
384 server: 192.168.2.200
385
386 # If set to 1, all commands will be forced to use the localhost address
387 # instead of using the above value which can force commands like
388 # cobbler sync to open a connection to a remote address if one is in the
389 # configuration and would traceback.
390 client_use_localhost: 0
找到next_server也是就是272行,此處是TFTP地址,修改正確
[[email protected] yum.repos.d]# vim /etc/cobbler/settings
265 # See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info
266 manage_forward_zones: []
267 manage_reverse_zones: []
268
269 # if using cobbler with manage_dhcp, put the IP address
270 # of the cobbler server here so that PXE booting guests can find it
271 # if you do not set this correctly, this will be manifested in TFTP open timeouts.
272 next_server: 192.168.2.200
273
274 # settings for power management features. optional.
275 # see https://github.com/cobbler/cobbler/wiki/Power-management to learn more
276 # choices (refer to codes.py):
277 # apc_snmp bladecenter bullpap drac ether_wake ilo integrity
278 # ipmilan ipmitool lpar rsa virsh wti
279 power_management_default_type: ‘ipmitool‘
6、下載啟動菜單
[[email protected] yum.repos.d]# systemctl restart cobblerd
[[email protected] yum.repos.d]# cobbler get-loaders
task started: 2019-04-21_055619_get_loaders
task started (id=Download Bootloader Content, time=Sun Apr 21 05:56:19 2019)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
7、同步cobbler配置(copy到/var/lib/tftpboot/目錄下)
[[email protected] yum.repos.d]# cobbler sync
[[email protected] yum.repos.d]# cobbler sync
task started: 2019-04-21_060112_sync
task started (id=Sync, time=Sun Apr 21 06:01:12 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
查看目錄結構
[[email protected] ~]# cd /var/lib/tftpboot/
[[email protected] tftpboot]# tree
.
├── boot
│?? └── grub
│?? └── menu.lst
├── etc
├── grub
│?? ├── efidefault
│?? ├── grub-x86_64.efi
│?? ├── grub-x86.efi
│?? └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│?? └── default
├── s390x
│?? └── profile_list
└── yaboot
8、打開/etc/cobbler/settings找到passwd這一行101設置密碼
(生成密鑰)
[[email protected] ~]# openssl passwd -1
Password:
Verifying - Password:
$1$B0Ut4bO2$7HIAc9p4syYjfr6l4sryQ.
[[email protected] tftpboot]# vim /etc/cobbler/settings
97 # this is not changed.
98 # The simplest way to change the password is to run
99 # openssl passwd -1
100 # and put the output between the "" below.
101 default_password_crypted: "$1$B0Ut4bO2$7HIAc9p4syYjfr6l4sryQ."
102
103 # the default template type to use in the absence of any
104 # other detected template. If you do not specify the template
105 # with ‘#template=<template_type>‘ on the first line of your
106 # templates/snippets, cobbler will assume try to use the
107 # following template engine to parse the templates.
108 #
109 # Current valid values are: cheetah, jinja2
9、重啟cobbler服務,重新環境檢查
[[email protected] tftpboot]# systemctl restart cobblerd
[[email protected] tftpboot]# cobbler check
The following are potential configuration items that you may want to fix:
1 : enable and start rsyncd.service with systemctl
2 : debmirror package is not installed, it will be required to manage debian deployments and repositories
3 : ksvalidator was not found, install pykickstart
4 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run ‘cobbler sync‘ to apply changes.
剩余四項可以忽略
10、雖然環境檢查沒有提示,但是建議將242行dhcp的值改為1(這樣的話會自動同步)
[[email protected] tftpboot]# vim /etc/cobbler/settings
238 #puppet_parameterized_classes: 1
239
240 # set to 1 to enable Cobbler‘s DHCP management features.
241 # the choice of DHCP management engine is in /etc/cobbler/modules.conf
242 manage_dhcp: 1
243
244 # set to 1 to enable Cobbler‘s DNS management features.
245 # the choice of DNS mangement engine is in /etc/cobbler/modules.conf
246 manage_dns: 0
247
248 # set to path of bind chroo
11、打開vim /etc/cobbler/dhcp.template修改dhcp配置(修改後要重啟)
[[email protected] tftpboot]# vim /etc/cobbler/dhcp.template
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.254;
option domain-name-servers 1.1.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.2.100 192.168.2.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
[[email protected] tftpboot]# systemctl restart cobblerd
12、修改好之後使用cobbler sync命令自動更改/etc/dhcp/dhcpd.conf並啟動dhcp服務
[[email protected] tftpboot]# cobbler sync
task started: 2019-04-21_062541_sync
task started (id=Sync, time=Sun Apr 21 06:25:41 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[[email protected] tftpboot]# vim /etc/dhcp/dhcpd.conf
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.254;
option domain-name-servers 1.1.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.2.100 192.168.2.254;
default-lease-time 21600;
max-lease-time 43200;
next-server 192.168.2.200;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
13、掛載一個光盤
[[email protected] tftpboot]# mount /dev/sr0 /mnt/cdrom
mount: /dev/sr0 is write-protected, mounting read-only
[[email protected] tftpboot]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 19G 0 part
├─centos-root 253:0 0 17G 0 lvm /
└─centos-swap 253:1 0 2G 0 lvm [SWAP]
sr0 11:0 1 4.2G 0 rom /mnt/cdrom
14、查看幫助
[[email protected] tftpboot]# cobbler import --help
Usage: cobbler import [options]
Options:
-h, --help show this help message and exit
--arch=ARCH OS architecture being imported
--breed=BREED the breed being imported
--os-version=OS_VERSION
the version being imported
--path=PATH local path or rsync location
--name=NAME name, ex ‘RHEL-5‘
--available-as=AVAILABLE_AS
tree is here, don‘t mirror
--kickstart=KICKSTART_FILE
assign this kickstart file
--rsync-flags=RSYNC_FLAGS
pass additional flags to rsync
14、cobbler import --path=/mnt/cdrom --name=Centos-7.5 --arch=x86_64
指定光盤路徑,它會copy到相應的目錄起名叫Centos-6.10 架構x86_64(導入)
[[email protected] tftpboot]# cobbler import --path=/mnt/cdrom --name=Centos-7.5 --arch=x86_64
task started: 2019-04-21_081139_import
task started (id=Media import, time=Sun Apr 21 08:11:39 2019)
Found a candidate signature: breed=redhat, version=rhel6
Found a candidate signature: breed=redhat, version=rhel7
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/Centos-7.5-x86_64:
creating new distro: Centos-7.5-x86_64
trying symlink: /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 -> /var/www/cobbler/links/Centos-7.5-x86_64
creating new profile: Centos-7.5-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 for Centos-7.5-x86_64
processing repo at : /var/www/cobbler/ks_mirror/Centos-7.5-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/Centos-7.5-x86_64
looking for /var/www/cobbler/ks_mirror/Centos-7.5-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos-7.5-x86_64/repodata
*** TASK COMPLETE ***
導入到的目錄地址
[[email protected] tftpboot]# du -sh /var/www/cobbler/
4.2G /var/www/cobbler/
default菜單已經生成
[[email protected] tftpboot]# cd /var/lib/tftpboot/
[[email protected] tftpboot]# ls
boot etc grub images images2 memdisk menu.c32 ppc pxelinux.0 pxelinux.cfg s390x yaboot
[[email protected] tftpboot]# cd pxelinux.cfg/
[[email protected] pxelinux.cfg]# ls
default
15、客戶機選擇網卡啟動
cobbler profile list 查看菜單名 應答文件名稱
cobbler distro list 安裝源文件名稱
刪除多余菜單cobbler profile remove -name=images-x86_64
刪除多余的源文件cobbler distro remove -name=images-x86_64
1、掛載另一塊光盤
[[email protected] cobbler]# mount /dev/sr1 /mnt/cdrom2/
2、導入cobbler(/var/www/cobbler/)
[[email protected] cobbler]# cobbler import --path=/mnt/cdrom2 --name=Centos-6.10 --arch=x86_64
task started: 2019-04-21_083855_import
task started (id=Media import, time=Sun Apr 21 08:38:55 2019)
Found a candidate signature: breed=redhat, version=rhel6
Found a matching signature: breed=redhat, version=rhel6
Adding distros from path /var/www/cobbler/ks_mirror/Centos-6.10-x86_64:
creating new distro: Centos-6.10-x86_64
trying symlink: /var/www/cobbler/ks_mirror/Centos-6.10-x86_64 -> /var/www/cobbler/links/Centos-6.10-x86_64
creating new profile: Centos-6.10-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/Centos-6.10-x86_64 for Centos-6.10-x86_64
processing repo at : /var/www/cobbler/ks_mirror/Centos-6.10-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/Centos-6.10-x86_64
looking for /var/www/cobbler/ks_mirror/Centos-6.10-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos-6.10-x86_64/repodata
*** TASK COMPLETE ***
3、選擇網卡啟動就會出現兩個菜單,可以正常安裝啦。
1、手動制作應答文件
[[email protected] ~]# cp anaconda-ks.cfg ks7_mini.cfg
[[email protected] ~]# vim ks7_mini.cfg
1 #version=DEVEL
2 # System authorization information
3 auth --enableshadow --passalgo=sha512
4 # Use CDROM installation media
5 url --url=$tree (cobbler自動導入應答文件)
6 # Use graphical install
7 text (字符界面安裝)
8 reboot
9 # Run the Setup Agent on first boot
10 firstboot --enable
11 ignoredisk --only-use=sda
12 # Keyboard layouts
13 keyboard --vckeymap=us --xlayouts=‘us‘
14 # System language
15 lang en_US.UTF-8
16 selinux --disabled
17 firewall --disabled
18 # Network information
19 network --bootproto=dhcp --device=ens33 --onboot=on --ipv6=auto --no-activate
20 network --hostname=localhost.localdomain
21
22 # Root password
23 rootpw --iscrypted $6$OjcypZdOFW5EDMut$77V.RjoDpM.ZGDtC3XxEo5cy4aTQFyobuTF6YDs62E8wYqgt5fWwaWmTvZ6ZYCyHmf/RHZZjh KAIhMxb1pFLw/
24 # System services
25 services --enabled="chronyd"
26 # System timezone
27 timezone America/New_York --isUtc
28 # System bootloader configuration
29 bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
30 autopart --type=lvm
31 # Partition clearing information
32 zerombr (清理mbr)
33 clearpart --all --initlabel (清除硬盤標簽)
34 %packages
35 @^minimal
36 @core
37 chrony
38 kexec-tools
39
40 %end
41
42 %addon com_redhat_kdump --enable --reserve-mb=‘auto‘
43
44 %end
45
46 %anaconda
47 pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
48 pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
49 pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
50 %end
2、然後將應答文件放入cobbler相應的位置
[[email protected] ~]# ll
total 8
-rw-------. 1 root root 1260 Apr 21 2019 anaconda-ks.cfg
-rw------- 1 root root 1315 Apr 21 09:02 ks7_mini.cfg
[[email protected] ~]# chmod 644 ks7_mini.cfg
[[email protected] ~]# cp ks7_mini.cfg /var/lib/cobbler/kickstarts/
[email protected] ~]# cobbler profile list(查看菜單有哪些選項)
Centos-6.10-x86_64
Centos-7.5-x86_64
[[email protected] ~]# cobbler distro list(查看加載的源文件名稱)
Centos-6.10-x86_64
Centos-7.5-x86_64
3、生成新的菜單選項=把制作好的應答文件關聯到安裝源文件
[[email protected] ~]# cobbler profile add --name=Centos-7.6-x86_64_mini --distro=Centos-7.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7_mini.cfg
[[email protected] ~]# cobbler profile list
Centos-6.10-x86_64
Centos-7.5-x86_64
Centos-7.6-x86_64_mini (新生成的菜單)
刪除菜單項
[[email protected] ~]# cobbler profile remove --name=Centos-7.5-x86_64
[[email protected] ~]# cobbler profile list
Centos-6.10-x86_64
Centos-7.6-x86_64_mini
4、啟動客戶端網卡啟動,可以看到剛剛創建的菜單
1、把以前做好的應答文件copy到cobbler
[[email protected] ~]# cp ks6.cfg /var/lib/cobbler/kickstarts/
[[email protected] ~]# vim /var/lib/cobbler/kickstarts/ks6.cfg
url --url=$tree (只修改此行)
2、刪除默認的菜單選項關聯的應答文件
[[email protected] ~]# cobbler profile list
Centos-6.10-x86_64
Centos-7.6-x86_64_mini
[[email protected] ~]# cobbler profile remove --name=Centos-6.10-x86_64
[[email protected] ~]# cobbler profile list
Centos-7.6-x86_64_mini
3、創建新的菜單關聯應答文件和安裝源文件
[[email protected] ~]# cobbler profile add --name=Centos-6.10 --distro=Centos-6.10-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks6.cfg
[[email protected] ~]# cobbler profile list
Centos-6.10
Centos-7.6-x86_64_mini
4、客戶機選擇網絡引導,開始安裝
## Cobbler基於web管理 ##
1、[[email protected] ~]# yum -y install cobbler-web
2、[[email protected] ~]# systemctl restart httpd (安裝cobbler增加了/etc/httpd/conf.d/cobbler_web.conf,所以重啟)
3、瀏覽器中打開https://192.168.2.200/cobbler_web
默認賬號密碼cobbler
/etc/cobbler/modules.conf驗證文件
[[email protected] ~]# vim /etc/cobbler/modules.conf
# cobbler module configuration file
# =================================
# authentication:
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
# authn_denyall -- no one (default)
# authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
# authn_passthru -- ask Apache to handle it (used for kerberos)
# authn_ldap -- authenticate against LDAP
# authn_spacewalk -- ask Spacewalk/Satellite (experimental)
# authn_pam -- use PAM facilities
# authn_testing -- username/password is always testing/testing (debug)
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Kerberos
# https://github.com/cobbler/cobbler/wiki/Ldap
[authentication]
module = authn_configfile (默認認證方法)
# authorization:
# once a user has been cleared by the WebUI/XMLRPC, what can they do?
# choices:
# authz_allowall -- full access for all authneticated users (default)
# authz_ownership -- use users.conf, but add object ownership semantics
/etc/cobbler/users.digest用來存放authn_configfile驗證的用戶名密碼
創建新的賬號密碼
[[email protected] ~]# htdigest /etc/cobbler/users.digest Cobbler huahua
Adding user huahua in realm Cobbler
New password:
Re-type new password:
使用huahua登錄
更改驗證方法(其他驗證方法就無效了,存放賬號密碼文件也變了)
[[email protected] ~]# vim /etc/cobbler/modules.conf
[authentication]
module = authn_pam
Pam用戶名在vim /etc/cobbler/users.conf文件
[[email protected] ~]# vim /etc/cobbler/users.conf
[admins]
admin = "lili"
使用pam驗證需要先成為系統用戶(避免安全隱患,建議shell類型為nologin)
[[email protected] ~]# useradd -s /sbin/nologin lili
[[email protected] ~]# echo qwe123 | passwd --stdin lili
Changing password for user lili.
passwd: all authentication tokens updated successfully.
[[email protected] ~]# systemctl restart cobblerd
運維自動化系統部署