chrony和cobbler实现
2020-03-27 本文已影响0人
jamas
chrony实验,实现时间同步
1.chrony简介
Chrony是NTP(Network Time Protocol,网络时间协议,服务器时间同步的一种协议)的另一种实现,与ntpd不同,它可以更快且更准确地同步系统时钟,最大程度的减少时间和频率误差。
2.实验环境:
(1)ntp-server
192.168.42.130 centos 8.1 chrony
(2)ntp-client
192.168.42.128 centos 7.6 chrony
3.服务端设置
- 关闭防火墙、selinux
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# setenforce 0
- 安装chrony
[root@localhost ~]# yum install -y chrony
- 查看生成文件
[root@localhost ~]# rpm -ql chrony
/etc/NetworkManager/dispatcher.d/20-chrony
/etc/chrony.conf //配置文件
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
/usr/bin/chronyc //主程序
/usr/lib/.build-id
/usr/lib/.build-id/9a
/usr/lib/.build-id/9a/91fc5f84c9a7dfc41b114c7c9a28581a74b2bb
/usr/lib/.build-id/e1
/usr/lib/.build-id/e1/f1bac1dc701342a9f8aad225f91928a5f0181a
/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/chrony-dnssrv@.service
/usr/lib/systemd/system/chrony-dnssrv@.timer
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service //服务
/usr/libexec/chrony-helper
/usr/sbin/chronyd
/usr/share/doc/chrony
/usr/share/doc/chrony/FAQ
/usr/share/doc/chrony/NEWS
/usr/share/doc/chrony/README
/usr/share/doc/chrony/ntp2chrony.py
/usr/share/licenses/chrony
/usr/share/licenses/chrony/COPYING
/usr/share/man/man1/chronyc.1.gz
/usr/share/man/man5/chrony.conf.5.gz
/usr/share/man/man8/chronyd.8.gz
/var/lib/chrony
/var/lib/chrony/drift
/var/lib/chrony/rtc
/var/log/chrony
- 修改配置文件
[root@localhost ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server ntp1.aliyun.com iburst //修改外部ntp server地址
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 192.168.0.0/16 //设置允许同步的网段
# Serve time even if not synchronized to a time source.
local stratum 10 //开启为本地提供服务
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
- 重启服务
[root@localhost ~]# systemctl restart chronyd
- 查看同步状态
[root@localhost ~]# chronyc sources -v
210 Number of sources = 2
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ 120.25.115.20 2 6 7 1 -1833us[-2264us] +/- 21ms
^* 203.107.6.88 2 6 7 1 -250us[ -681us] +/- 19ms
- 查看监听端口
[root@localhost ~]# ss -tunl
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:* //utp 123端口已监听
udp UNCONN 0 0 127.0.0.1:323 0.0.0.0:*
udp UNCONN 0 0 [::1]:323 [::]:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 128 [::]:22 [::]:*
4.客户端设置
- 安装chrony
[root@centos7 ~]# yum install -y chrony
- 修改配置文件
[root@centos7 ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.42.130 iburst //修改成本地ntp server地址
- 重启服务,查看同步状态
[root@centos7 ~]# systemctl restart chronyd
[root@centos7 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.42.130 3 6 17 24 -15us[ -47us] +/- 22ms
- 改错本地时间,验证同步状态
[root@centos7 ~]# date -s "1 month" //设置时间为1月后
Sat Apr 25 22:55:19 CST 2020
[root@centos7 ~]# systemctl restart chronyd
[root@centos7 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 192.168.42.130 3 6 3 0 +44640m[+44640m] +/- 19ms
[root@centos7 ~]# date
Wed Mar 25 23:00:04 CST 2020 //已同步完成
[root@centos7 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.42.130 3 6 17 19 +21us[ +92us] +/- 19ms //查看同步状态
cobbler自动化装机实验
1.cobbler简介
Cobbler是一个Linux服务器安装的服务,可以通过网络启动(PXE)的方式来快速安装、重装物理服务器和虚拟机,同时还可以管理DHCP,DNS等。
2.cobbler工作原理
image.png
Server端:
- 启动Cobbler服务
- 进行Cobbler错误检查,执行cobbler check命令
- 进行配置同步,执行cobbler sync命令
- 复制相关启动文件到TFTP目录中
- 启动DHCP服务,提供地址分配
- DHCP服务分配IP地址
- TFTP传输启动文件
- Server端接收安装信息
- Server端发送ISO镜像与Kickstart文件
Client端:
- 客户端以PXE模式启动
- 客户端获取IP地址
- 通过TFTP服务器获取启动文件
- 进入Cobbler安装选择界面
- 根据配置信息准备安装系统
- 加载Kickstart文件
- 传输系统安装的其它文件
- 进行安装系统
3.实验环境:
(1)cobbler-server
ip:192.168.42.130 os: centos 7.6 安装服务及软件 cobbler http dhcp tftp system-config-kickstart syslinux 准备文件:centos7.6安装光盘
(2)client
dhcp获取地址 安装centos7.6
4.实验前准备
- 关闭防火墙、selinux等
[root@centos7 ~]# systemctl stop firewalld
[root@centos7 ~]# systemctl disable firewalld
[root@centos7 ~]# setenforce 0
- 挂载安装光盘
[root@centos7 ~]# mount /dev/sr0 /mnt
ps:vmware环境中不要使用桥接模式,并关闭VMware中的dhcp服务
5.安装所需软件
- 安装所需软件
[root@centos7 ~]# yum install cobbler cobbler-web dhcp system-config-kickstart syslinux
- 查看安装后相关文件
[root@centos7 ~]# rpm -ql cobbler
/etc/cobbler # 配置文件目录
/etc/cobbler/settings # cobbler主配置文件,这个文件是YAML格式,Cobbler是python写的程序。
/etc/cobbler/dhcp.template # DHCP服务的配置模板
/etc/cobbler/tftpd.template # tftp服务的配置模板
/etc/cobbler/rsync.template # rsync服务的配置模板
/etc/cobbler/iso # iso模板配置文件目录
/etc/cobbler/pxe # pxe模板文件目录
/etc/cobbler/power # 电源的配置文件目录
/etc/cobbler/users.conf # Web服务授权配置文件
/etc/cobbler/users.digest # 用于web访问的用户名密码配置文件
/etc/cobbler/dnsmasq.template # DNS服务的配置模板
/etc/cobbler/modules.conf # Cobbler模块配置文件
/var/lib/cobbler # Cobbler数据目录
/var/lib/cobbler/config # 配置文件
/var/lib/cobbler/kickstarts # 默认存放kickstart文件
/var/lib/cobbler/loaders # 存放的各种引导程序
/var/www/cobbler # 系统安装镜像目录
/var/www/cobbler/ks_mirror # 导入的系统镜像列表
/var/www/cobbler/images # 导入的系统镜像启动文件
/var/www/cobbler/repo_mirror # yum源存储目录
/var/log/cobbler # 日志目录
/var/log/cobbler/install.log # 客户端系统安装日志
/var/log/cobbler/cobbler.log # cobbler日志
- 启动服务
[root@centos7 ~]# systemctl start httpd cobblerd tftp rsyncd //启动相应服务,dhcp暂不开启。
[root@centos7 ~]# systemctl enable httpd cobblerd tftp rsyncd
6.利用system-config-kickstart制作ks文件
需要在图形界面下打开
image.png
image.png
image.png
image.png
image.png
image.png
ps:如果此界面无法显示,需修改yum源repo文件将base改成development
[development] //此处改为development
name=base
baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/7/os/x86_64/RPM-GPG-KEY-CentOS-7
image.png
image.png
image.png
7.运行cobbler check命令检查配置,根据结果,修改配置。
- 运行cobbler check
[root@centos7 mnt]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
- 根据提示修改/etc/cobbler/settings 文件
server: 192.168.42.128 //修改server ip
next_server: 192.168.42.128 //修改next_server ip
default_password_crypted: "$1$123456$gamFwYL4FNVxPZKa7gbR5/" //修改密码 ,密码可以用openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'生成
- 运行cobbler get-loaders命令下载所需文件
[root@centos7 ~]# cobbler get-loaders
task started: 2020-03-26_230612_get_loaders
task started (id=Download Bootloader Content, time=Thu Mar 26 23:06:12 2020)
path /var/lib/cobbler/loaders/README already exists, not overwriting existing content, use --force if you wish to update
path /var/lib/cobbler/loaders/COPYING.elilo already exists, not overwriting existing content, use --force if you wish to update
path /var/lib/cobbler/loaders/COPYING.yaboot already exists, not overwriting existing content, use --force if you wish to update
path /var/lib/cobbler/loaders/COPYING.syslinux already exists, not overwriting existing content, use --force if you wish to update
path /var/lib/cobbler/loaders/elilo-ia64.efi already exists, not overwriting existing content, use --force if you wish to update
path /var/lib/cobbler/loaders/yaboot already exists, not overwriting existing content, use --force if you wish to update
path /var/lib/cobbler/loaders/pxelinux.0 already exists, not overwriting existing content, use --force if you wish to update
path /var/lib/cobbler/loaders/menu.c32 already exists, not overwriting existing content, use --force if you wish to update
path /var/lib/cobbler/loaders/grub-x86.efi already exists, not overwriting existing content, use --force if you wish to update
path /var/lib/cobbler/loaders/grub-x86_64.efi already exists, not overwriting existing content, use --force if you wish to update
*** TASK COMPLETE ***
- 修改dhcp模板
subnet 192.168.42.0 netmask 255.255.255.0 {
option routers 192.168.42.2;
option domain-name-servers 114.114.114.114;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.42.200 192.168.42.254;
根据实际情况修改ip网段
- 导入系统安装文件
[root@centos7 ~]# cobbler import --path=/mnt --name=centos7.6 --arch=x86_64
# --path 镜像路径
# --name 为安装源定义一个名字
# --arch 指定安装源是32位、64位、ia64, 目前支持的选项有: x86│x86_64│ia64
task started: 2020-03-26_231826_import
task started (id=Media import, time=Thu Mar 26 23:18:26 2020)
Found a candidate signature: breed=redhat, version=rhel6
Found a matching signature: breed=redhat, version=rhel6
Adding distros from path /var/www/cobbler/ks_mirror/centos7.6-x86_64:
creating new distro: centos7.6-x86_64
trying symlink: /var/www/cobbler/ks_mirror/centos7.6-x86_64 -> /var/www/cobbler/links/centos7.6-x86_64
creating new profile: centos7.6-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/centos7.6-x86_64 for centos7.6-x86_64
processing repo at : /var/www/cobbler/ks_mirror/centos7.6-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/centos7.6-x86_64
looking for /var/www/cobbler/ks_mirror/centos7.6-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos7.6-x86_64/repodata
*** TASK COMPLETE ***
- 关联profile,ks文件
[root@centos7 ~]# cp /root/ks.cfg /var/lib/cobbler/kickstarts/centos7.ks //copy ks文件至指定位置
[root@centos7 ~]#vim /var/lib/cobbler/kickstarts/centos7.ks
# Use network installation
url --url=$tree //url要改成$tree
[root@centos7 ~]# cobbler profile edit --name=centos7.6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.ks //关联profile,ks文件
[root@centos7 ~]# cobbler profile report --name=centos7.6-x86_64 //查看是否生效
Name : centos7.6-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : centos7.6-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/centos7.ks
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
- 同步配置,启动dhcp
[root@centos7 ~]# cobbler sync
task started: 2020-03-26_234103_sync
task started (id=Sync, time=Thu Mar 26 23:41:03 2020)
running pre-sync triggers
cleaning trees
removing: /var/www/cobbler/images/centos7.6-x86_64
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/images/centos7.6-x86_64
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying files for distro: centos7.6-x86_64
trying hardlink /var/www/cobbler/ks_mirror/centos7.6-x86_64/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/centos7.6-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/centos7.6-x86_64/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/centos7.6-x86_64/initrd.img
copying images
generating PXE configuration files
generating PXE menu structure
copying files for distro: centos7.6-x86_64
trying hardlink /var/www/cobbler/ks_mirror/centos7.6-x86_64/images/pxeboot/vmlinuz -> /var/www/cobbler/images/centos7.6-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/centos7.6-x86_64/images/pxeboot/initrd.img -> /var/www/cobbler/images/centos7.6-x86_64/initrd.img
Writing template files for centos7.6-x86_64
rendering TFTPD files
generating /etc/xinetd.d/tftp
processing boot_files for distro: centos7.6-x86_64
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@centos7 ~]# systemctl start dhcpd
8.启动client,验证结果
-
网卡启动,出现选择菜单
image.png
-
开始安装
image.png
-
安装完成,输入密码进入系统
image.png
