Cobbler系统部署平台搭建
2017-05-07 本文已影响195人
Lisong
Cobbler简介
运维自动化包括标准化、工具化、Web化、服务化、智能化等几个不同的层级,在一家规模稍大、拥有服务器上千台甚至是几万台的生产环境中,想要真正实现运维自动化,工具化系统安装流程、统一系统安装规范,是其中最不能忽略的重要环节。普通的自动化部署可以采用pxe+dhcp+tftp配合kickstart实现,但是面对多版本、多部署需求的情况下,这种普通的部署方式可能达不到我们的要求;这时候就需要借助cobbler开源自动化部署工具来实现。
Cobbler是一款快速的网络系统部署工具,其最大的特点是集合了所有系统部署所需服务,如DHCP、DNS、TFTP,这样你在部署一台操作系统的时候不需要在各个服务之前协调切换,Cobbler都可以替你来管理,Cobbler内部集成了一个镜像版本仓库,你可以自定义相关配置文件,实现不同系统不同安装需求的选择;当然,Cobbler还提供了包括yum源管理、Web界面管理、API接口、电源管理等功能,方便你自定义开发管理。
Cobbler设计方式
发行版:表示一个操作系统。它承载了内核和 initrd 的信息,以及内核参数等其他
配置文件:包含一个发行版、一个 kickstart 文件以及可能的存储库,还包含更多特定的内核参数等其他数据
系统:表示要配给的机器。它包含一个配置文件或一个镜像,还包含 IP 和 MAC 地址、电源管理(地址、凭据、类型)以及更为专业的数据等信息
存储库:保存一个 yum 或 rsync 存储库的镜像信息
镜像:可替换一个包含不属于此类别的文件的发行版对象(例如,无法分为内核和 initrd 的对象)
cobbler 安装
一、关闭SELINUX
vi /etc/selinux/config
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出
setenforce 0 #使配置立即生效
二、配置防火墙,开启TCP:80端口、TCP:25151端口、UDP:69端口
vi /etc/sysconfig/iptables #编辑
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #http服务需要此端口
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT #tftp服务需要此端口
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT #cobbler需要此端口
:wq! #保存退出
/etc/init.d/iptables restart #最后重启防火墙使配置生效
######## 关闭防火墙和selinux #######
#如果不想关闭防火墙,那么请打开 TCP ( 69、80、25151 ) 端口。
#关闭防火墙和selinux
service iptables stop
chkconfig iptables off
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
######################
三、安装 epel 源
yum -y install epel-release
或者
cd /usr/local/src
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm #CentOS 6.x 64位
rpm -ivh epel-release-6-8.noarch.rpm
备注:
centos5.x:
wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm #CentOS 5.x 32位
centos6.x:
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm #CentOS6.x 64位
centos7.x:
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm #CentOS6.x 32位
四、安装软件包
yum -y install cobbler cobbler-web httpd rsync tftp-server xinetd dhcp pykickstart fence-agents
五、配置 Tftp 、Rsync、http
配置tftp
vi /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no ## 原为 yes
per_source = 11
cps = 100 2
flags = IPv4
}
配置rsync
vi /etc/xinetd.d/rsync
service rsync
{
disable = no ## 原为 yes
flags = IPv6
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
配置 http
vi /etc/httpd/conf/httpd.conf
ServerName 127.0.0.1:80
六、配置 Cobbler
生成 cobbler管理密码
openssl passwd -1 -salt 'cobbler' '123456'
vi /etc/cobbler/settings
manage_dhcp: 1 ## 原为 0
manage_tftpd: 1
manage_rsync: 1 ## 原为 0
next_server: 192.168.85.133 ## 本机 IP
server: 192.168.85.133 ## 本机 IP
default_password_crypted: "$1$random-p$mzxQ/Sx848sXgvfwJCoZM0" ## 生成的 管理 密码
七、配置 DHCP
vi /etc/cobbler/dhcp.template #编辑,修改
subnet 192.168.21.0 netmask 255.255.255.0 { #设置网段
option routers 192.168.21.2; #设置网关
option domain-name-servers 8.8.8.8,8.8.4.4; #设置dns服务器地址
option subnet-mask 255.255.255.0; #设置子网掩码
range dynamic-bootp 192.168.21.160 192.168.21.200; #设置dhcp服务器IP地址租用的范围
default-lease-time 21600; #默认租约时间
max-lease-time 43200; #最大租约时间
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
八、启动服务
chkconfig --add httpd
chkconfig --add xinetd
chkconfig --add dhcpd
chkconfig --add cobblerd
service httpd start
正在启动 httpd:
service xinetd start
正在启动 xinetd: [确定]
service dhcpd start
正在启动 dhcpd: [失败]
service cobblerd start
Starting cobbler daemon: [确定]
cobbler check ## 检查配置
下载引导文件(网速比较慢,可能需要翻墙等代理工具)
cobbler get-loaders
cobbler check ## 再次检查
cobbler sync ## 同步操作
九、导入镜像
mkdir /mnt/cdrom
接下来,我们就可以在cobbler中加入一个完成的系统安装镜像
mount /dev/cdrom /mnt/cdrom #在光驱中加载一个完成的centos6 ISO文件
cobbler import --path=/mnt/cdrom --name=/CentOS-6-x86_64 --arch=x86_64 ##使用import导入,需要等待一段时间
cobbler import --path=/mnt/cdrom --name=/CentOS-7-x86_64 --arch=x86_64 ##Centos7 的镜像导入方法一样使用import导入
cobbler profile list #查看镜像目录
cobbler profile report #查看cobbler系统仓库中的版本信息
############## 删除导入的系统 ######################
cobbler profile find --distro=CentOS-6-x86_644 #查看配置是否存在
CentOS-6-x86_64
cobbler profile remove --name=CentOS-6-x86_64 #删除配置文件
cobbler distro remove --name=CentOS-6-x86_64 #删除distro
cobbler profile find --distro=CentOS-6-x86_64 #再查看配置已无
十、创建 ks 文件
ks.cfg 中一定不能有中文,注释行也不可以
########### ks文件一 (这个ks 文件有点问题,无法成功) #################
vi /var/lib/cobbler/kickstarts/CentOS-6-x86_64.ks
#platform=x86, AMD64, 或 Intel EM64T
#version=DEVEL
firewall --enabled --ssh
install
url --url="http://192.168.85.133/cobbler/ks_mirror/CentOS-6-x86_64/"
rootpw --iscrypted a123456!
auth --useshadow --passalgo=sha512
graphical
firstboot --disable
keyboard us
lang zh_CN
selinux --enforcing
logging --level=info
reboot
timezone --isUtc Asia/Shanghai
network --bootproto=dhcp --device=eth0 --onboot=on
bootloader --location=mbr
zerombr
## clearpart --all --initlabel
## part /boot --asprimary --fstype="ext4" --size=200
## part swap --fstype="swap" --size=1024
## part / --fstype="ext4" --grow --size=1
%include /tmp/pre-install.ks
%packages
@core
@chinese-support
@server-policy
@workstation-policy
%end
%pre --interpreter=/bin/bash
var_mem=`cat /proc/meminfo | grep MemTotal | awk '{printf("%d",$2/1024*1.5)}'`
echo "" > /tmp/pre-install.ks
echo "clearpart --all --initlabel" >> /tmp/pre-install.ks
echo "part /boot --fstype=\"ext4\" --asprimary --size=200" >> /tmp/pre-install.ks
echo "part swap --fstype=\"swap\" --size=${var_mem}" >> /tmp/pre-install.ks
echo "part / --fstype=\"ext4\" --grow --size=1" >> /tmp/pre-install.ks
%end
%post
(
echo "*/1 * * * * root ntpdate ntp.api.bz" >> /etc/crontab
echo "*/1 * * * * root hwclock --systohc" >> /etc/crontab
cd /etc/yum.repos.d/
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
) 2>&1 >> /root/post-intall.log
%end
########### ks文件二 (无误) #################
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url="http://192.168.85.133/cobbler/ks_mirror/CentOS-6-x86_64/"
# Root password a123456!
rootpw --iscrypted qJFIEmXitznOc
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
# System keyboard
keyboard us
# System language
lang zh_CN
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone --isUtc Asia/Shanghai
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype="ext4" --size=200
part swap --fstype="swap" --size=1024
part / --fstype="ext4" --grow --size=1
```
```
验证ks有效性,剩下的就是PXE引导测试了
cobbler validateks
```
####十一、关联 ks 文件
```
系统版本列表
cobbler distro list
```
```
查看配置信息
cobbler profile report --name CentOS-6-x86_64
```
```
修改系统和ks 文件的关联
cobbler profile edit --name=CentOS-6-x86_64 --distro=CentOS-6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-6-x86_64.ks
```
```
关联后,再次查看是否关联成功
cobbler profile report --name CentOS-6-x86_64
```
```
##同步配置,后开启客户端测试
# 从网络引导进入后,会有一个选择列表,选择要安装 profile ,就可以自动完成安装。
cobbler sync
```
####十二、Cobbler Web
```
#设置Cobbler Web登录用户登录密码
htdigest /etc/cobbler/users.digest "Cobbler" cobbler
访问地址
http://{IP}/cobbler_web
```
```
现在可以启动测试机器冲pxe 启动,就可以自动安装了
由于忘记截图,图片使用的网络上的
进入Cobbler选择对应操作系统安装,这里好像只能手动选一下
```
####Cobbler自定义重装
```
rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-6.noarch.rpm
yum install koan -y #安装koan服务
koan --replace-self --server=192.168.86.133 --profile=CentOS-6-x86_64
#指定这台主机需要被重装,指定cobbler服务器地址和profile文件
reboot
#重启后就会自动重新安装
```
####Cobbler 常用命令详解
```
cobbler check #检查cobbler配置
cobbler sync #同步配置到dhcp/pxe和数据目录
cobbler list #列出所有的cobbler元素
cobbler import #导入安装的系统镜像
cobbler report #列出各元素的详细信息
cobbler distro #查看导入的发行版系统信息
cobbler profile #查看配置信息
cobbler system #查看添加的系统信息
cobbler reposync #同步yum仓库到本地
cobbler profile add
cobbler profile copy
cobbler profile dumpvars
cobbler profile edit
cobbler profile find
cobbler profile getks
cobbler profile list
cobbler profile remove
cobbler profile rename
cobbler profile report
```
####错误解决方法
```
错误提示
Traceback (most recent call last):
File "/usr/bin/cobbler", line 36, in <module>
sys.exit(app.main())
File "/usr/lib/python2.6/site-packages/cobbler/cli.py", line 657, in main
rc = cli.run(sys.argv)
File "/usr/lib/python2.6/site-packages/cobbler/cli.py", line 270, in run
self.token = self.remote.login("", self.shared_secret)
File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request
verbose=self.__verbose
File "/usr/lib64/python2.6/xmlrpclib.py", line 1253, in request
return self._parse_response(h.getfile(), sock)
File "/usr/lib64/python2.6/xmlrpclib.py", line 1392, in _parse_response
return u.close()
File "/usr/lib64/python2.6/xmlrpclib.py", line 838, in close
raise Fault(**self._stack[0])
xmlrpclib.Fault: <Fault 1: "<class 'cobbler.cexceptions.CX'>:'login failed'">
解决方法
重启cobblerd
service cobblerd restart
cobbler check
```
```
执行cobbler check
cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
解决方法:修改/etc/cobbler/settings,将server对应的IP改为cobbler安装主机的IP,即将server: 127.0.0.1改成server: 192.168.56.12,切记切记,server: 后面有空格!!
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
解决方法:修改/etc/cobbler/settings,将next_server对应的IP改为cobbler安装主机的IP,即将server: 127.0.0.1改成server: 192.168.56.12
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
解决方法:将/etc/xinetd.d/tftp中disable对应值改成no
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
解决方法:执行cobbler get-loaders
5 : enable and start rsyncd.service with systemctl
解决方法:执行systemctl enable rsyncd;systemctl start rsyncd
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
解决方法:大便的包,可以不下载
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
解决方法:给密码加盐,把生成的密码串添加到/etc/cobbler/settings里,切记切记,一定要全盘复制,连黑点也别放过。
openssl passwd -1 -salt 'cobbler' 'cobbler'
$1$cobbler$M6SE55xZodWc9.vAKLJs6.
vi /etc/cobbler/settings #修改default_password_crypted: 注意空格
default_password_crypted: "$1$cobbler$M6SE55xZodWc9.vAKLJs6."
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
解决办法:电源管理工具,下载fence-agents
yum -y install fence-agents
Restart cobblerd and then run 'cobbler sync' to apply changes.
```
