Cobbler 部署使用

1. 环境描述

  • 系统环境: CentOS 7.3
  • 网络环境: 有两块网卡,第一块用来配置正常访问互联网,第二块配另一个网段,这里配置172.16.1.1,用来提供无人值守安装系统。
  • SELinux: 关闭状态
  • iptables、firewalld: 防火墙关闭状态

2. 安装部署

  1. 安装前请先配好epel源,然后使用yum进行安装:

    rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
yum install cobbler cobbler-web pykickstart debmirror dhcp tftp-server httpd syslinux

  2. 安装好后,把/var/lib/tftpboot/ 目标下所有文件移动到另一位置,因为此目录下的文件全部由cobbler自己来生成。

    mkdir /root/pxeboot
mv /var/lib/tftpboot/* /root/pxeboot/

  3. 这时再编辑/etc/dhcp/dhcpd.conf,内容如下:

    [root@localhost ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
option domain-name "localhost.localdomain";
option domain-name-servers 114.114.114.114,223.6.6.6;

default-lease-time 3600;
max-lease-time 7200;

log-facility local7;

subnet 172.16.1.0 netmask 255.255.255.0 {
    range 172.16.1.2 172.16.1.20;
    option routers 172.16.1.1;
    filename "pxelinux.0";
}

  4. 确保第二块网卡网络配置正确,这里仅作测试临时配置:

    ifconfig enp6s0f1 172.16.1.1/24

  5. 依次启动服务:

    systemctl start dhcpd.service && systemctl enable dhcpd.service
systemctl start cobblerd.service && systemctl enable cobblerd.service
systemctl start httpd.service && systemctl enable httpd.service
systemctl start rsyncd.service && systemctl enable rsyncd.service

  6. 环境检查修改:

    cobbler check

  • 报错:

      1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
  2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
  3 : change 'disable' to 'no' in /etc/xinetd.d/tftp.
  4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
  5 : comment out 'dists' on /etc/debmirror.conf for proper debian support
  6 : comment out 'arches' on /etc/debmirror.conf for proper debian support
  7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
  8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

  • 解决:

      1、2: 修改/etc/cobbler/settings
      server: 172.16.1.1
      next_server: 172.16.1.1
  3: 修改/etc/xinetd.d/tftp
      disable = no
  4: 此问题可忽略
  5、6:修改/etc/debmirror.conf,注释掉@dists="sid"和@arches="i386"
      #@dists="sid";
      #@arches="i386";
  7: 修改默认密码,注意,此密码是安装系统默认的管理员root密码
      生成密码串
          openssl passwd -1 -salt `openssl rand -hex 4`
          Password: 
          $1$0a7998bb$OrhhdGoYj.Ngr2yRzGuKB0
      将密码串粘贴在/etc/cobbler/settings的default_password_crypted 字段
          vim /etc/cobbler/settings
          default_password_crypted: "$1$0a7998bb$OrhhdGoYj.Ngr2yRzGuKB0"
  8: 此问题可忽略

接着重启cobblerd服务,然后再执行cobbler check进行检查,直到只剩可忽略的问题:

    systemctl restart cobblerd.service
    cobbler check
        The following are potential configuration items that you may want to fix:

        1 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
        2 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

        Restart cobblerd and then run 'cobbler sync' to apply changes.

3. cobbler_web

设置cobbler_web登录页面的用户和密码:

    htdigest /etc/cobbler/users.digest "Cobbler" cobbler
    Changing password for user cobbler in realm Cobbler
    New password: 
    Re-type new password:

  • 提示:
    "Cobbler":Rename提示信息
    cobbler : 这个是用户名
    /etc/cobbler/users.digest :帐号文件

  • 注意: 在cobbler-web-2.8.0-4.el7.noarch这个版本上,要通过https协议访问,用http协议访问提示403报错。

此时正常来说可以从浏览器中通过http(s)😕/YOUR_COBBLERD_IP/cobbler_web访问。

4. Cobbler 命令

  • cobbler import 导入iso镜像
  • cobbler distro 对iso镜像镜像管理,主要包含Initrd、Kernel的绝对路径
  • cobbler profile 对profile文件编辑,profile主要起 iso镜像与kickstart文件进行关联,同一个iso镜像可以有多个kickstart配置文件
  • cobbler system 可以对服务器进行定制化安装,例如根据网卡mac地址设定ip、主机名、电源管理等。

在系统中将CentOS 7.3 镜像导入,此功能在cobbler_web上也应该可以操作,但没有研究过:

    mkdir /media/cdrom
    mount /var/local/iso/CentOS-7-x86_64-DVD-1611.iso /media/cdrom
    cobbler import --name="CentOS-7-x86_64-DVD-1611" --path=/media/cdrom

接着以同样的方式导入CentOS 6.5,此时在命令行可执行cobbler distro list 可查看到已经导入进来的镜像。默认在导入镜像的同时,已经有创建好了对应的profile,可以安装使用了,默认是最小化安装。profile可执行cobbler profile list查看。
如果要自定义profile,可以用下面命令操作:

    cobbler profile add --name="CentOS-7-x86_64-web" --distro=CentOS-7-x86_64-DVD-1611 --kickstart=/var/lib/cobbler/kickstarts/centos7-web.ks
    cobbler sync

在有些场景下需要定制化安装,例如根据网卡的mac地址安装不同的系统,并设定主机名、网卡bonding等,此时可使用cobbler system,例如:

cobbler system add \
--name=SYSTEM_NAME \
--profile=PROFILE_NAME \
# 主机名配置
--hostname=HOSTNAME.example.com \
--dns-name=HOSTNAME.example.com \
# 网络及双网卡bond0 配置
--interface=bond0 \
--interface-type=bond \
--bonding-opts="mode=active-backup miimon=100" \
--ip-address=172.16.1.5 \
--subnet=255.255.255.0 \
--gateway=172.16.1.1 \
--name-servers="114.114.114.114 223.5.5.5" \
--static=1 \
--netboot-enabled=true \
# IPMI电源管理信息配置
--power-type=ipmilan \
--power-user=USER \
--power-pass=PASSWORD \
--power-address=192.168.X.X

# 网卡接口em1配置
cobbler system edit \
--name=SYSTEM_NAME \
--interface=em1 \
--mac=XX:XX:XX:XX:XX:01 \
--interface-type=bond_slave \
--interface-master=bond0 

# 网卡接口em2配置
cobbler system edit \
--name=SYSTEM_NAME \
--interface=em2 \
--mac=XX:XX:XX:XX:XX:02 \
--interface-type=bond_slave \
--interface-master=bond0

最后要特别注意,每次操作后都要执行cobbler sync来同步操作生效。

上面要用到的centos7-web.ks文件制作,这里不再介绍,可以通过system-config-kickstart图形化工具来生成和编辑,可以使用yum来安装:

    yum install system-config-kickstart
    
    # 启动可执行:
    system-config-kickstart

也可以在已经安装的CentOS系统root家目录下一般为anaconda-ks.cfg 进行编辑修改。可参考Kickstart Documentation

关于profile、ks文件制作、cobbler sync同步等,建议在cobbler_web界面上操作,比较方便。

Cobbler源码获取获取

posted @ 2017-07-13 17:34  追阳  阅读(3193)  评论(0编辑  收藏  举报