Linux系統自動化安裝之cobbler實現
阿新 • • 發佈:2019-12-23
一、cobbler簡介
cobbler是快速網路安裝linux作業系統的服務,支援眾多的Linux發行版本,如redhat|、fedora、centos、debian、ubuntu和suse,也可以支援網路安裝Windows。它相當於pxe的二次封裝,將多中安裝引數封裝到一個選單,用python編寫,提供了cli和web的管理形式。
二、cobbler的工作流程
1)客戶端裸機配置了從網路啟動後,開機後會廣播包請求dhcp伺服器,請求dhcp給客戶端裸機一個可用的ip地址
2)dhcp伺服器收到請求後傳送responese,包括其ip地址
3)客戶端主機拿到ip地址後,再想cobbler 伺服器傳送請求OS引導檔案的請求
4)cobbler伺服器收到請求後,會告訴客戶端主機os引導檔案的名字和tftp伺服器的ip和埠
5)客戶端主機拿到tftp的ip地址後,會主動去請求其地址,下載系統引導檔案
6)客戶端下載好引導檔案後,就執行該引導檔案,確定載入資訊,選擇要安裝的os,期間會再向cobbler伺服器請求kickstart檔案和os 映象
7)cobbler伺服器收到請求後,將其對應的kickstart檔案和os映象檔案傳送給客戶端主機
8)客戶端收到kickstart檔案後,載入其檔案並接受os映象,然後安裝該作業系統
以上就是cobbler的基本流程
三、安裝cobbler,以及各個配置檔案目錄說明
[root@cobbler ~]# yum install cobbler dhcp -y
說明:cobbler預設安裝會安裝httpd、tftp-server、syslinux等這些包,沒有安裝dhcp包,所以要手動將dhcp一併安裝
配置檔案目錄 /etc/cobbler
/etc/cobbler/settings : cobbler 主配置檔案
/etc/cobbler/iso/: iso模板配置檔案
/etc/cobbler/pxe: pxe模板檔案
/etc/cobbler/power: 電源配置檔案
/etc/cobbler/user.conf: web服務授權配置檔案
/etc/cobbler/users.digest: web訪問的使用者名稱密碼配置檔案
/etc/cobbler/dhcp.template : dhcp伺服器的的配置末班
/etc/cobbler/tftpd.template : tftp服務的配置模板
/etc/cobbler/modules.conf : 模組的配置檔案
資料目錄
/var/lib/cobbler/config/: 用於存放distros,system,profiles 等資訊配置檔案
/var/lib/cobbler/triggers/: 用於存放使用者定義的cobbler命令
/var/lib/cobbler/kickstart/: 預設存放kickstart檔案
/var/lib/cobbler/loaders/: 存放各種載入程式
映象目錄
/var/www/cobbler/ks_mirror/: 匯入的發行版系統的所有資料
/var/www/cobbler/images/ : 匯入發行版kernel和initrd映象用於遠端網路啟動
/var/www/cobbler/repo_mirror/: yum 倉庫儲存目錄
日誌目錄
/var/log/cobbler/installing: 客戶端安裝日誌
/var/log/cobbler/cobbler.log : cobbler日誌
四、啟動cobblerd、httpd服務
[root@cobbler ~]# systemctl start httpd cobblerd
五、檢查cobbler環境(在執行cobbler check命令前要先確保httpd服務的開啟,因為此命令能夠執行的前提是cobbler已經正常啟動,cobbler的啟動又依賴httpd的啟動)
[root@cobbler ~]# cobbler check The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : enable and start rsyncd.service with systemctl 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : ksvalidator was not found, install pykickstart 8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes. [root@cobbler ~]#
說明:系統告訴我們cobbler環境存在9條問題。其實這9條中第3條我們不用管,如果是centos6作為cobbler伺服器就需要改,centos7上不用管,第5條也不用管,第6條也不用管,它說的是debian的系統,第9條不用管,它說沒有管理電源的工具;接下來我們一條一條的去解決這些問題
第1條系統告訴我們server配置失敗,說我們配置的localhost不能正常的工作建議換成別的
vim /etc/cobbler/settings 搜尋以server 開頭 把對應的ip改成 server 192.168.0.105
第2條系統告訴我們在/etc/cobbler/settings next_server 不能說127.0.0.1 。編輯/etc/cobbler/settings 搜尋next_server 把對應的ip修改成 next_server: 192.168.0.105
第4條系統告訴我們需要執行cobbler get-loaders 命令去網路上下載安裝系統的必要檔案。
第7條系統告訴我們沒有安裝pykickstart這個包,我們可以用yum install pykickstart -y 安裝即可
第8條系統說需要更改default_password_crypted ,不更改後續裝的系統的root口令不安全 ,我們可以用openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'命令來生成口令。編輯/etc/cobbler/settings 搜尋default_passwd 將default_password_crypted 後面的字串修改成我們剛才用命令生成的加密口令字串。
整改了以上幾條後我們需要重新啟動cobblerd服務然後在執行cobbler check
[root@cobbler ~]# systemctl restart cobblerd
[root@cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : change 'disable' to 'no' in /etc/xinetd.d/tftp
2 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
3 : enable and start rsyncd.service with systemctl
4 : debmirror package is not installed, it will be required to manage debian deployments and repositories
5 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
[root@cobbler ~]# cobbler get-loaders
task started: 2019-12-23_032218_get_loaders
task started (id=Download Bootloader Content, time=Mon Dec 23 03:22:18 2019)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
Exception occured: <class 'urlgrabber.grabber.URLGrabError'>
Exception value: [Errno 14] curl#35 - "TCP connection reset by peer"
Exception Info:
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 82, in run
rc = self._run(self)
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 176, in runner
return self.remote.api.dlcontent(self.options.get("force",False), self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 735, in dlcontent
return grabber.run(force)
File "/usr/lib/python2.7/site-packages/cobbler/action_dlcontent.py", line 73, in run
urlgrabber.grabber.urlgrab(src, filename=dst, proxies=proxies)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 773, in urlgrab
return default_grabber.urlgrab(url, filename, **kwargs)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1220, in urlgrab
return _run_callback(opts.failfunc, opts)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1071, in _run_callback
return cb(obj)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1065, in _do_raise
raise obj.exception
!!! TASK FAILED !!!
[root@cobbler ~]# systemctl start tftp
[root@cobbler ~]# systemctl status tftp
● tftp.service - Tftp Server
Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; vendor preset: disabled)
Active: active (running) since 一 2019-12-23 03:23:40 CST; 6s ago
Docs: man:in.tftpd
Main PID: 7962 (in.tftpd)
CGroup: /system.slice/tftp.service
└─7962 /usr/sbin/in.tftpd -s /var/lib/tftpboot
12月 23 03:23:40 cobbler systemd[1]: Started Tftp Server.
[root@cobbler ~]# cobbler get-loaders
task started: 2019-12-23_032359_get_loaders
task started (id=Download Bootloader Content, time=Mon Dec 23 03:23:59 2019)
path /var/lib/cobbler/loaders/README already exists, not overwriting existing content, use --force if you wish to update
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@cobbler ~]#
說明:以上執行 cobbler get-loaders報了一個錯誤,原因是tftp服務沒有啟動,啟動了tftp服務後恢復正常。從下載的資訊可以看到,cobbler預設把下載下來的檔案放在了/var/lib/cobbler/loaders 這個目錄在後續我們安裝系統時,基本上沒有用,我們需要把這些檔案移動到tftp伺服器的工作目錄下。怎麼移動呢?執行cobbler sync即可
[root@cobbler ~]# cobbler sync task started: 2019-12-22_194040_sync task started (id=Sync, time=Sun Dec 22 19:40:40 2019) running pre-sync triggers cleaning trees removing: /var/lib/tftpboot/grub/images copying bootloaders trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32 trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros to tftpboot copying images generating PXE configuration files generating PXE menu structure rendering TFTPD files generating /etc/xinetd.d/tftp cleaning link caches running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.manage_genders running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE *** [root@cobbler ~]#
說明:執行cobbler sync命令後,我們可以看到系統給tftp的工作目錄/var/lib/tftpboot目錄下建立了一些連線檔案,這裡需要注意一點,我們在/etc/cobbler/settings檔案中若配置了manage_dhcp:1,這裡執行cobbler sync會報一個錯誤,原因是cobbler會嘗試的去啟動dhcp服務,在此之前我們沒有配置任何dhcp的配置檔案,所以dhcp服務是啟動不起來的,需要我們去修改cobbler的dhcp的模板檔案然後在同步就不會報錯
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
manage_dhcp: 1
"/etc/cobbler/settings" 468L, 19925C 已寫入
[root@cobbler ~]# systemctl restart cobblerd
[root@cobbler ~]# cobbler sync
task started: 2019-12-22_194934_sync
task started (id=Sync, time=Sun Dec 22 19:49:34 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.
Exception occured: <class 'cobbler.cexceptions.CX'>
Exception value: 'cobbler trigger failed: cobbler.modules.sync_post_restart_services'
Exception Info:
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 82, in run
rc = self._run(self)
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 181, in runner
return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 763, in sync
return sync.run()
File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line 144, in run
utils.run_triggers(self.api, None, "/var/lib/cobbler/triggers/sync/post/*", logger=self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 928, in run_triggers
raise CX("cobbler trigger failed: %s" % m.__name__)
!!! TASK FAILED !!!
[root@cobbler ~]# vim /etc/cobbler/dhcp.template
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.0.200 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
#if $iface.interface_type == "infiniband":
option dhcp-client-identifier = $mac;
#else
hardware ethernet $mac;
#end if
#if $iface.ip_address:
fixed-address $iface.ip_address;
#end if
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for
"/etc/cobbler/dhcp.template" 92L, 3177C 已寫入
[root@cobbler ~]#
說明:如果沒有配置manage_dhcp:1我們需要自己手動的去寫dhcp的配置檔案,配置manage_dhcp:1就表示cobbler用模板檔案給我們生成dhcp的配置檔案,我們只需要根據自己的環境來更改模板檔案就好
[root@cobbler ~]# cobbler sync
task started: 2019-12-22_195414_sync
task started (id=Sync, time=Sun Dec 22 19:54:14 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@cobbler ~]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│ └── grub
│ └── menu.lst
├── etc
├── grub
│ ├── efidefault
│ ├── grub-x86_64.efi
│ ├── grub-x86.efi
│ └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│ └── default
├── s390x
│ └── profile_list
└── yaboot
10 directories, 10 files
[root@cobbler ~]# ss -ntlu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:67 *:*
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 :::69 :::*
udp UNCONN 0 0 ::1:323 :::*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 5 127.0.0.1:25151 *:*
tcp LISTEN 0 128 :::80 :::*
tcp LISTEN 0 32 :::21 :::*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 ::1:25 :::*
[root@cobbler ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2019-12-22 19:54:15 CST; 52s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PID: 8807 (dhcpd)
Status: "Dispatching packets..."
CGroup: /system.slice/dhcpd.service
└─8807 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
12月 22 19:54:15 cobbler dhcpd[8807]: Copyright 2004-2013 Internet Systems Consortium.
12月 22 19:54:15 cobbler dhcpd[8807]: All rights reserved.
12月 22 19:54:15 cobbler dhcpd[8807]: For info, please visit https://www.isc.org/software/dhcp/
12月 22 19:54:15 cobbler dhcpd[8807]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn we... file
12月 22 19:54:15 cobbler dhcpd[8807]: Wrote 0 class decls to leases file.
12月 22 19:54:15 cobbler dhcpd[8807]: Wrote 0 leases to leases file.
12月 22 19:54:15 cobbler dhcpd[8807]: Listening on LPF/ens33/00:0c:29:fb:66:a2/192.168.0.0/24
12月 22 19:54:15 cobbler dhcpd[8807]: Sending on LPF/ens33/00:0c:29:fb:66:a2/192.168.0.0/24
12月 22 19:54:15 cobbler systemd[1]: Started DHCPv4 Server Daemon.
12月 22 19:54:15 cobbler dhcpd[8807]: Sending on Socket/fallback/fallback-net
Hint: Some lines were ellipsized, use -l to show in full.
[root@cobbler ~]#
說明:可以看到tftp的工作目錄裡也有東西了,dhcpd服務也啟動了,到此cobbler的基礎服務都已搭建配置完畢,接下來是匯入系統映象
六、匯入系統映象(前提是先掛載系統映象)
[root@cobbler ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 40G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 39G 0 part ├─centos-root 253:0 0 37G 0 lvm / └─centos-swap 253:1 0 2G 0 lvm [SWAP] sr0 11:0 1 3.7G 0 rom sr1 11:1 1 4.2G 0 rom [root@cobbler ~]# mount /dev/sr0 centos6 mount: /dev/sr0 防寫,將以只讀方式掛載 [root@cobbler ~]# mount /dev/sr1 centos7 mount: /dev/sr1 防寫,將以只讀方式掛載 [root@cobbler ~]#
匯入映象
[root@cobbler ~]# cobbler import --path=/root/centos7 --name=centos7-x86_64 --arch=x86_64 task started: 2019-12-22_200632_import task started (id=Media import, time=Sun Dec 22 20:06:32 2019) Found a candidate signature: breed=redhat, version=rhel6 Found a candidate signature: breed=redhat, version=rhel7 Found a matching signature: breed=redhat, version=rhel7 Adding distros from path /var/www/cobbler/ks_mirror/centos7-x86_64: creating new distro: centos7-x86_64 trying symlink: /var/www/cobbler/ks_mirror/centos7-x86_64 -> /var/www/cobbler/links/centos7-x86_64 creating new profile: centos7-x86_64 associating repos checking for rsync repo(s) checking for rhn repo(s) checking for yum repo(s) starting descent into /var/www/cobbler/ks_mirror/centos7-x86_64 for centos7-x86_64 processing repo at : /var/www/cobbler/ks_mirror/centos7-x86_64 need to process repo/comps: /var/www/cobbler/ks_mirror/centos7-x86_64 looking for /var/www/cobbler/ks_mirror/centos7-x86_64/repodata/*comps*.xml Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos7-x86_64/repodata *** TASK COMPLETE *** [root@cobbler ~]# [root@cobbler ~]# cobbler import --path=/root/centos6 --name=centos6.9-x86_64 --arch=x86_64 task started: 2019-12-22_200752_import task started (id=Media import, time=Sun Dec 22 20:07:52 2019) Found a candidate signature: breed=redhat, version=rhel6 Found a matching signature: breed=redhat, version=rhel6 Adding distros from path /var/www/cobbler/ks_mirror/centos6.9-x86_64: creating new distro: centos6.9-x86_64 trying symlink: /var/www/cobbler/ks_mirror/centos6.9-x86_64 -> /var/www/cobbler/links/centos6.9-x86_64 creating new profile: centos6.9-x86_64 associating repos checking for rsync repo(s) checking for rhn repo(s) checking for yum repo(s) starting descent into /var/www/cobbler/ks_mirror/centos6.9-x86_64 for centos6.9-x86_64 processing repo at : /var/www/cobbler/ks_mirror/centos6.9-x86_64 need to process repo/comps: /var/www/cobbler/ks_mirror/centos6.9-x86_64 looking for /var/www/cobbler/ks_mirror/centos6.9-x86_64/repodata/*comps*.xml Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos6.9-x86_64/repodata *** TASK COMPLETE *** [root@cobbler ~]#
說明:若沒有指定kickstart應答檔案,預設會生成一個最小安裝的應答檔案
檢視啟動選單檔案
root@cobbler ~]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos6.9-x86_64
kernel /images/centos6.9-x86_64/vmlinuz
MENU LABEL centos6.9-x86_64
append initrd=/images/centos6.9-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos6.9-x86_64
ipappend 2
LABEL centos7-x86_64
kernel /images/centos7-x86_64/vmlinuz
MENU LABEL centos7-x86_64
append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos7-x86_64
ipappend 2
MENU end
[root@cobbler ~]#
說明:匯入了映象cobbler預設新增映象資訊到啟動選單檔案裡
至此基於CLI的cobbler伺服器就搭建好了
測試
說明:可以看到我們匯入的映象的選單已經出來了
說明:到此基於CLI管理的cobbler伺服器測試已經通過,可以正常的實現自動化安裝系統
七、cobbler管理
1)檢視已經匯入的映象列表
[root@cobbler ~]# cobbler distro list centos6.9-x86_64 centos7-x86_64
2)檢視啟動選單列表
[root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-x86_64 [root@cobbler ~]#
3)增加新的選單項
[root@cobbler ~]# cobbler profile add --name=centos7-desktop --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7-desktop.cfg
[root@cobbler ~]# cobbler profile list
centos6.9-x86_64
centos7-desktop
centos7-x86_64
[root@cobbler ~]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos6.9-x86_64
kernel /images/centos6.9-x86_64/vmlinuz
MENU LABEL centos6.9-x86_64
append initrd=/images/centos6.9-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos6.9-x86_64
ipappend 2
LABEL centos7-desktop
kernel /images/centos7-x86_64/vmlinuz
MENU LABEL centos7-desktop
append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos7-desktop
ipappend 2
LABEL centos7-x86_64
kernel /images/centos7-x86_64/vmlinuz
MENU LABEL centos7-x86_64
append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos7-x86_64
ipappend 2
MENU end
[root@cobbler ~]#
說明:指定kickstart應答檔案,需要將其直接製作好的應答檔案放入到/var/lib/cobbler/kickstarts/目錄下;如果是自己製作的kickstart應答檔案,還需要將其裡的url 改成url --url=$tree,這樣cobbler就可以根據自己的環境去找yum倉庫;有關kickstart應答檔案的製作請參考本人部落格https://www.cnblogs.com/qiuhom-1874/p/11789583.html
4)刪除原有的選單啟動項
[root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-desktop centos7-x86_64 [root@cobbler ~]# cobbler profile remove --name=centos7-x86_64 [root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-desktop [root@cobbler ~]#
5)更改現有的選單啟動項的名稱
[root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-desktop [root@cobbler ~]# cobbler profile rename --name=centos6.9-x86_64 --newname=centos6-mini-x86_64 [root@cobbler ~]# cobbler profile list centos6-mini-x86_64 centos7-desktop [root@cobbler ~]#
6)顯示選單項的詳細內容
[root@cobbler ~]# cobbler profile report --name=centos7-desktop
Name : centos7-desktop
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : centos7-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/centos7-desktop.cfg
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : xenpv
[root@cobbler ~]#
八、實現cobbler基於web管理
1)安裝cobbler-web
[root@cobbler ~]# yum install cobbler-web -y
2)檢視cobbler-web安裝了那些東西
[root@cobbler ~]# rpm -ql cobbler-web /etc/httpd/conf.d/cobbler_web.conf /usr/share/cobbler/web
省略部分內容……
說明:可以看到cobbler-web包生成了一個http的子配置檔案,要想子配置檔案生效需要重啟httpd服務
3)重啟httpd服務
[root@cobbler ~]# systemctl restart httpd
4)用瀏覽器登入
說明:cobbler基於web管理是走的https,證書是自簽名證書,瀏覽器預設會提示使用者訪問此網站有危險存在,我們可以選擇安裝證書來信任此網站,也可以點高階繼續瀏覽
說明:cobbler基於web的方式預設登入使用者名稱是cobbler,密碼也是cobbler
說明:至此cobbler基於web管理方式就搭建完畢,接下來再說說cobbler-web的使用者驗證
九、cobbler-web的使用者驗證配置
1)認證方式配置檔案:/etc/cobbler/modules.conf
[root@cobbler ~]# cat /etc/cobbler/modules.conf # cobbler module configuration file # ================================= # authentication: # what users can log into the WebUI and Read-Write XMLRPC? # choices: # authn_denyall -- no one (default) # authn_configfile -- use /etc/cobbler/users.digest (for basic setups) # authn_passthru -- ask Apache to handle it (used for kerberos) # authn_ldap -- authenticate against LDAP # authn_spacewalk -- ask Spacewalk/Satellite (experimental) # authn_pam -- use PAM facilities # authn_testing -- username/password is always testing/testing (debug) # (user supplied) -- you may write your own module # WARNING: this is a security setting, do not choose an option blindly. # for more information: # https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface # https://github.com/cobbler/cobbler/wiki/Security-overview # https://github.com/cobbler/cobbler/wiki/Kerberos # https://github.com/cobbler/cobbler/wiki/Ldap [authentication] module = authn_configfile
說明:cobbler-web預設配置方式是authn_configfile,從上面的註釋資訊可以瞭解到 /etc/cobbler/users.digest是儲存cobbler-web的使用者資訊
2)檢視/etc/cobbler/users.digest檔案
[root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 [root@cobbler ~]#
說明:此檔案的格式使用者名稱:領域:加密的口令
3)新增使用者
[root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 [root@cobbler ~]# htdigest /etc/cobbler/users.digest Cobbler admin Adding user admin in realm Cobbler New password: Re-type new password: [root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 admin:Cobbler:ea0fd5384fa2ee91ab834bba50fc90a4 [root@cobbler ~]#
說明:htdigest新增使用者的時候,需要指明存使用者資訊的檔案,領域(cobbler_web的領域必須是Cobbler),使用者,然後回車輸入口令,它就會在指定存放使用者名稱口令的檔案裡記錄我們建立的使用者資訊
4)用新建立的使用者登入
說明:可以看到我們剛才建立的使用者是可以正常登入系統的
5) 使用authn_pam模組認證cobbler_web使用者
1)編輯/etc/cobbler/modules.conf,將[authentication]語句下的 module = authn_configfile 修改為 module = authn_pam
[root@cobbler ~]# oot@cobbler ~]# vim /etc/cobbler/modules.conf ▽ # cobbler module configuration file # ================================= # authentication: # what users can log into the WebUI and Read-Write XMLRPC? # choices: # authn_denyall -- no one (default) # authn_configfile -- use /etc/cobbler/users.digest (for basic setups) # authn_passthru -- ask Apache to handle it (used for kerberos) # authn_ldap -- authenticate against LDAP # authn_spacewalk -- ask Spacewalk/Satellite (experimental) # authn_pam -- use PAM facilities # authn_testing -- username/password is always testing/testing (debug) # (user supplied) -- you may write your own module # WARNING: this is a security setting, do not choose an option blindly. # for more information: # https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface # https://github.com/cobbler/cobbler/wiki/Security-overview # https://github.com/cobbler/cobbler/wiki/Kerberos # https://github.com/cobbler/cobbler/wiki/Ldap [authentication] module = authn_pam "/etc/cobbler/modules.conf" 83L, 3069C 已寫入 [root@cobbler ~]#
2)建立系統使用者
[root@cobbler ~]# useradd -r -s /sbin/nologin cobbleradmin [root@cobbler ~]# id cobbleradmin uid=997(cobbleradmin) gid=993(cobbleradmin) 組=993(cobbleradmin) [root@cobbler ~]# getent passwd cobbleradmin cobbleradmin:x:997:993::/home/cobbleradmin:/sbin/nologin [root@cobbler ~]#
[root@cobbler ~]# passwd cobbleradmin
更改使用者 cobbleradmin 的密碼 。
新的 密碼:
無效的密碼: 密碼少於 8 個字元
重新輸入新的 密碼:
passwd:所有的身份驗證令牌已經成功更新。
[root@cobbler ~]#
3)編輯/etc/cobbler/users.conf
oot@cobbler ~]# vim /etc/cobbler/users.conf ▽ # Cobbler WebUI / Web Services authorization config file # # NOTICE: # this file is only used when /etc/cobbler/modules.conf # specifies an authorization mode of either: # # (A) authz_configfile # (B) authz_ownership # # For (A), any user in this file, in any group, are allowed # full access to any object in cobbler configuration. # # For (B), users in the "admins" group are allowed full access # to any object, otherwise users can only edit an object if # their username/group is listed as an owner of that object. If a # user is not listed in this file they will have no access. # # cobbler command line example: # # cobbler system edit --name=server1 --owner=dbas,mac,pete,jack # # NOTE: yes, you do need the equal sign after the names. # don't remove that part. It's reserved for future use. [admins] admin = "cobbleradmin" cobbler = "" "/etc/cobbler/users.conf" 28L, 860C 已寫入 [root@cobbler ~]#
4)重啟cobblerd服務後登入
[root@cobbler ~]# systemctl restart cobblerd
到此cobbler-web使用者基於pam驗證配置就完成了,後續我們就可以開心的在網頁上點點來管理cobble