技術原理解析:
- Client向PXE Server上的DHCP發送IP地址請求消息,DHCP檢測Client是否合法(主要是檢測Client的網卡MAC地址),如果合法則返回Client的IP地址,同時將啟動文件pxelinux.0的位置信息一併傳送給Client
- Client向PXE Server上的TFTP發送獲取pxelinux.0請求消息,TFTP接收到消息之後再向Client發送pxelinux.0大小信息,試探Client是否滿意,當TFTP收到Client發回的同意大小信息之後,正式向Client發送pxelinux.0
- Client執行接收到的pxelinux.0文件
- Client向TFTP Server發送針對本機的配置信息文件(在TFTP服務的pxelinux.cfg目錄下,這是系統菜單文件,格式和isolinux.cfg格式一樣,功能也是類似),TFTP將配置文件發回Client,繼而Client根據配置文件執行後續操作。
- Client向TFTP發送Linux內核請求信息,TFTP接收到消息之後將內核文件發送給Client
- Client向TFTP發送根文件請求信息,TFTP接收到消息之後返回Linux根文件系統
- Client啟動Linux內核
- Client下載安裝源文件,讀取自動化安裝腳本
Cobbler簡單介紹:
- Cobbler是一個Linux服務器快速網絡安裝的服務,由python開發,小巧輕便(15k行python代碼),可以通過PXE的方式來快速安裝、重裝物理服務器和虛擬機,同時還可以管理DHCP,DNS,TFTP、RSYNC以及yum倉庫、構造系統ISO鏡像。
- Cobbler可以使用命令行方式管理,也提供了基於Web的界面管理工具(cobbler-web),還提供了API接口,可以方便二次開發使用。
Cobbler工作流程:
流程
- Client裸機配置了從網絡啟動後,開機後會廣播包請求DHCP服務器 (Cobbler server)發送其分配好的一個IP
- DHCP服務器(Cobbler server)收到請求後發送responese,包括其ip地址
- Client裸機拿到ip後再向Cobbler server發送請求OS引導文件的請求
- Cobbler server告訴裸機OS引導文件的名字和TFTP server的ip和port
- Client裸機通過上面告知的TFTP server地址通信,下載引導文件
- Client裸機執行執行該引導文件,確定加載信息,選擇要安裝的OS, 期間會再向cobbler server請求kickstart文件和OS image
- Cobbler server發送請求的kickstart和OS iamge
- Client裸機加載kickstart文件
- Client裸機接收os image,安裝該OS image
Cobbler集成的服務:
- PXE服務支持
- DHCP服務管理
- DNS服務管理(可選bind,dnsmasq)
- 電源管理
- Kickstart服務支持
- YUM倉庫管理
- TFTP(PXE啟動時需要)
- Apache(提供kickstart的安裝源,並提供定製化的kickstart配置)
Cobbler 設計方式:
- 發行版(distro) :表示一個操作系統,它承載了內核和initrd的信息,以及內核等其他數據
- 存儲庫 (repository):保存了一個yum或者rsync存儲庫的鏡像信息
- 配置文件(profile):包含了一個發行版(distro),一個kickstart文件以及可能的存儲庫(repository),還包含了更多的內核參數等其他數據
- 系統(system):表示要配給的機器,它包含了一個配置文件或一個鏡像,還包含了ip和mac地址,電源管理(地址,憑據,類型)以及更為專業的數據信息
- 鏡像(image):可替換一個包含不屬於此類別的文件的發行版對象(eg: 無法作為內核和initrd的對象)
- 以上各個組件中, 發行版,存儲庫, 配置文件為必須配置項,只有在虛擬環境中,必須要用cobbler來引導虛擬機啟動時候,才會用到系統組件但事實上,在生產環境中需要大量的虛擬機實例的話,通常利用openstack等來實現虛擬機節點
Cobbler配置目錄文件說明:
- /etc/cobbler
- /etc/cobbler/settings # cobbler 主配置文件
- /etc/cobbler/iso/ # iso模板配置文件
- /etc/cobbler/pxe # pxe模板文件
- /etc/cobbler/power # 電源配置文件
- /etc/cobbler/user.conf # web服務授權配置文件
- /etc/cobbler/users.digest # web訪問的用戶名密碼配置文件
- /etc/cobbler/dhcp.template # dhcp服務器的的配置末班
- /etc/cobbler/dnsmasq.template # dns服務器的配置模板
- /etc/cobbler/tftpd.template # tftp服務的配置模板
- /etc/cobbler/modules.conf # 模塊的配置文件
Cobbler數據目錄:
- /var/lib/cobbler/config/ # 用於存放distros,system,profiles 等信 息配置文件
- /var/lib/cobbler/triggers/ # 用於存放用戶定義的cobbler命令
- /var/lib/cobbler/kickstart/ # 默認存放kickstart文件
- /var/lib/cobbler/loaders/ # 存放各種引導程序 鏡像目錄
- /var/www/cobbler/ks_mirror/ # 導入的發行版系統的所有數據
- /var/www/cobbler/images/ # 導入發行版的kernel和initrd鏡像用於 遠程網絡啟動
- /var/www/cobbler/repo_mirror/ # yum 倉庫存儲目錄
Cobbler鏡像目錄:
- /var/www/cobbler/ks_mirror/ # 導入的發行版系統的所有數據
- /var/www/cobbler/images/ # 導入發行版的kernel和initrd鏡像用於遠程網絡啟動
- /var/www/cobbler/repo_mirror/ # yum 倉庫存儲目錄
Cobbler日誌目錄:
- /var/log/cobbler/installing # 客戶端安裝日誌
- /var/log/cobbler/cobbler.log # cobbler日誌
Cobbler命令介紹:
- cobbler check # 核對當前設置是否有問題
- cobbler list # 列出所有的cobbler元素
- cobbler report # 列出元素的詳細信息
- cobbler sync # 同步配置到數據目錄,更改配置最好都要執行下
- cobbler reposync # 同步yum倉庫
- cobbler distro # 查看導入的發行版系統信息
- cobbler system # 查看添加的系統信息
- cobbler profile # 查看配置信息
/etc/cobbler/settings中重要的參數設置:
default_password_crypted: "$1$gEc7ilpP$pg5iSOj/mlxTxEslhRvyp/"
manage_dhcp:1
manage_tftpd:1
pxe_just_once:1
next_server:< tftp服務器的 IP 地址>
server:
Cobble安裝:
系統信息
[root@cobbler ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@cobbler ~]# uname -a
Linux cobbler 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@cobbler ~]# getenforce # 必須關閉selinux
Disabled
# 如果沒有關閉
[root@cobbler ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# 必須關閉防火牆
[root@cobbler ~]# systemctl status firewalld.service
[root@cobbler ~]# systemctl stop firewalld.service
# 查看主機名
[root@cobbler ~]# hostname
cobbler
[root@cobbler ~]# hostnamectl status
Static hostname: cobbler
Pretty hostname: Cobbler
Transient hostname: status
Icon name: computer-vm
Chassis: vm
Machine ID: 40c2831030cd4f069fe0a67aa2810eb9
Boot ID: 46c8b815d67f414d931f5e3a8a9dbad8
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-693.21.1.el7.x86_64
Architecture: x86-64
[root@cobbler ~]# hostnamectl --static set-hostname cobbler
# 查看本機IP
[root@cobbler ~]# ifconfig ens160 | awk -F "[ :]+" 'NR==2 {print $3}'
10.94.2.240
配置yum源:
[root@cobbler ~]# yum install wget -y # 下載wget
添加阿里鏡像源:
https://opsx.alibaba.com/mirror
##epel 配置方法(擴展源)
###1、備份(如有配置其他epel源)
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
2、下載新repo 到/etc/yum.repos.d/
epel(RHEL 7):
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
epel(RHEL 6):
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
開始安裝Cobbler:
[root@cobbler ~]# yum -y install cobbler dhcp httpd xinetd tftp-server syslinux pykickstart rsync cobbler-web python-ctypes
# 啟動相關服務
[root@cobbler ~]# systemctl start httpd
[root@cobbler ~]# systemctl enable httpd
[root@cobbler ~]# systemctl enable cobblerd
[root@cobbler ~]# systemctl start cobblerd
# 通過cobbler check 核對當前設置是否有問題
[root@cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
一般都有8到9個問題需要修復。
# 按照提示一個一個的解決問題:
# 問題1:
[root@cobbler ~]# sed -i 's/^server: 127.0.0.1/server: 10.94.2.240/' /etc/cobbler/settings # 修改server的ip地址為本機ip
# 問題2:
[root@cobbler ~]# sed -i 's/^next_server: 127.0.0.1/next_server: 10.94.2.240/' /etc/cobbler/settings # TFTP Server 的IP地址
# 問題3:
[root@cobbler ~]# vim /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no # 修改為no
per_source = 11
cps = 100 2
flags = IPv4
}
# 問題4:
[root@cobbler ~]# cobbler get-loaders # 下載缺失的文件
# 問題5:
# 添加rsync到自啟動並啟動rsync
[root@cobbler ~]# systemctl enable rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.
[root@cobbler ~]# systemctl start rsyncd
# 問題6:
[root@cobbler ~]# yum install debmirror -y #安裝debian
註釋掉@dists和@arches的行
[root@cobbler ~]# sed -i -e 's|@dists=.*|#@dists=|' /etc/debmirror.conf
[root@cobbler ~]# sed -i -e 's|@arches=.*|#@arches=|' /etc/debmirror.conf
[root@cobbler ~]# vim /etc/debmirror.conf
28 #@dists="sid";
30 #@arches="i386";
註釋掉這兩行,重新check後沒有報錯了
# 問題7:
# 修改密碼為123456 ,salt後面是常用的加密方式加密
[root@localhost ~]# openssl passwd -1 -salt '123456' '123456'
$1$123456$wOSEtcyiP2N/IfIl15W6Z0
[root@localhost ~]# vim /etc/cobbler/settings # 修改settings配置文件中下面位置,把新生成的密碼加進去
default_password_crypted: "$1$123456$wOSEtcyiP2N/IfIl15W6Z0
# 問題8:
[root@cobbler ~]#
yum install fence-agents -y # fence設備相關,電源管理模塊# 再次執行cobbler check
[root@cobbler ~]# cobbler check
# dhcp利用cobbler管理
[root@cobbler ~]# sed -i 's/manage_dhcp: 0/manage_dhcp: 1/g' /etc/cobbler/settings # 命令
[root@cobbler ~]# vim /etc/cobbler/settings # 修改settings中參數,由cobbler控制dhcp
manage_dhcp: 1
[root@cobbler ~]# cp /etc/cobbler/dhcp.template{,.bak} # 備份
[root@cobbler ~]# vim /etc/cobbler/dhcp.template
# 修改dhcp.templates配置文件(僅列出修改部分)
subnet 10.94.2.0 netmask 255.255.255.0 {
option routers 10.94.2.1;
option domain-name-servers 10.94.2.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 10.94.2.210 10.94.2.220;
# 重啟服務並同步配置,改完dhcp必須要sync同步配置
# cobbler管理rsync
[root@cobbler ~]# sed -i 's/manage_rsync: 0/manage_rsync: 1/g' /etc/cobbler/settings
[root@cobbler ~]# systemctl restart cobblerd.service
[root@cobbler ~]# cobbler sync
# 檢查dhcp
[root@cobbler ~]# netstat -tulp | grep dhcp
udp 0 0 0.0.0.0:18742 0.0.0.0:* 1585/dhcpd
udp 0 0 0.0.0.0:bootps 0.0.0.0:* 1585/dhcpd
udp6 0 0 [::]:16128 [::]:* 1585/dhcpd
# 開啟服務
#設置開機自動啟動,避免白辛苦一場
[root@cobbler ~]# systemctl enable dhcpd.service
[root@cobbler ~]# systemctl enable rsyncd.service
[root@cobbler ~]# systemctl enable tftp.service
[root@cobbler ~]# systemctl enable httpd.service
[root@cobbler ~]# systemctl enable cobblerd.service
#將所有的服務重啟一遍,避免有服務忘了開啟
[root@cobbler ~]# systemctl restart dhcpd.service
[root@cobbler ~]# systemctl restart rsyncd.service
[root@cobbler ~]# systemctl restart tftp.service
[root@cobbler ~]# systemctl restart httpd.service
[root@cobbler ~]# systemctl restart cobblerd.service
導入CentOS 7.4的鏡像:
# 掛載光盤鏡像:
[root@cobbler ~]# mount /dev/cdrom /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
# 查看是否掛載成功:
[root@cobbler ~]# ls /mnt/
# cobbler導入鏡像:
[root@cobbler ~]# cobbler import --path=/mnt/ --name=CentOS-7-x86_64 --arch=x86_64
- # --path 鏡像路徑
- # --name 為安裝源定義一個名字
- # --arch 指定安裝源是32位、64位、ia64, 目前支持的選項有: x86│x86_64│ia64
- # 安裝源的唯一標示就是根據name參數來定義,本例導入成功後,安裝源的唯一標示就是:CentOS-7.1-x86_64,如果重複,系統會提示導入失敗
# 導入完鏡像以後,那麼就使查看下cobbler
[root@cobbler ~]# cobbler list
distros:
CentOS-7-x86_64
profiles:
CentOS-7-x86_64
systems:
repos:
images:
mgmtclasses:
packages:
files:
# 導入kickstarts配置文件
[root@cobbler ~]# cd /var/lib/cobbler/kickstarts/
[root@cobbler kickstarts]# ls
CentOS-7-x86_64.cfg esxi4-ks.cfg install_profiles pxerescue.ks sample_end.ks sample_esxi4.ks sample_esxi6.ks sample_old.seed
default.ks esxi5-ks.cfg legacy.ks sample_autoyast.xml sample_esx4.ks sample_esxi5.ks sample.ks sample.seed
[root@cobbler kickstarts]# pwd
/var/lib/cobbler/kickstarts #kickstart配置文件路徑
[root@cobbler kickstarts]# rz #在Xshell下安裝lrzsz yum install lrzsz -y
# kickstarts配置文件詳細(CentOS 7.4)
#cobbler for Kickstart Configurator for CentOS 7.1 by yanghua
# Install OS instead of upgarde
install
# Use NFS installation Media
url --url=$tree
# url --ur=http://10.94.2.240/CentOS-7.1-x86_64
text
lang en_US.UTF-8
keyboard us
# Clear the master boot record
zerombr
# System bootloader configuration
bootloader --location=mbr
# Network information
$SNIPPET('network_config')
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $default_password_crypted
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype xfs --size 500 --ondisk sda
part swap --size 2000 --ondisk sda
part / --fstype xfs --size 20000 --grow --ondisk sda
part /data --fstype xfs --size 30000 --ondisk sda
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
# Do not configuration XWindows
skipx
reboot
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
iptraf
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
screen
%end
%post
systemctl disable postfix.service
%end
檢測ks文件:
# 寫完 ks 文件之後,先通過 validateks 測試一下有沒有語法錯誤
# cobbler validateks
# 通過下面這個命令查看 ks 文件,發現一些邏輯上的問題
# cobbler system getks --name=test
# 編輯修改指定ks文件為我們剛剛上傳的ks
[root@cobbler kickstarts]# cobbler profile list
CentOS-7-x86_64
# 編輯profile,修改ks文件為我們剛剛上傳的Centos7.2-x86_64.cfg
[root@cobbler kickstarts]# cobbler profile edit --name=Centos-7.4-x86_64 --kickstart=/var/lib/cobbler/kickstarts/Centos7.4-x86_64.cfg
# 統一網卡的名字
[root@cobbler kickstarts]# cobbler profile edit --name=Centos-7.2-x86_64 --kopts='net.ifnames=0 biosdevname=0'
# 修改安裝系統的內核參數,在CentOS7系統有一個地方變了,就是網卡名變成eno16777736這種形式,但是為了運維標準化,我們需要將它變成我們常用的eth0,因此使用上面的參數。但要注意是CentOS7才需要上面的步驟,CentOS6不需要。
[root@cobbler kickstarts]# cobbler profile report
Name : CentOS-7-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : CentOS-7-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {'biosdevname': '0', 'net.ifnames': '0'}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/CentOS-7-x86_64.cfg
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <
Red Hat Management Server : <
Repos : []
Server Override : <
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
# 進入系統桌面,使用 command 安裝kickstart軟件
[root@cobbler kickstarts]# yum install system-config-kickstart -y
啟動圖形界面設置配置,生產配置文件。
cd /var/lib/tftpboot/grub/ #修改efidefault的菜單超時時間
sed -ri 's/^(timeout=).*/\160/' efidefault #修改成60秒,不然太快,看不到菜單
同步cobbler
[root@cobbler kickstarts]# cobbler sync
ks文件圖形界面配置方式:
Ubuntu:
root@cobbler:~# apt-get update
root@cobbler:~# apt-get install system-config-kickstart
CentOS:
[root@cobbler ~]# yum update
[root@cobbler ~]# yum list *kic*
[root@cobbler ~]# yum install system-config-kickstart.noarch
製作簡單的完成。
閱讀更多 心欲無痕 的文章
