标签(空格分隔): 未分类
简介
Cobbler可以看作是一个更多功能的PXE,部署过PXE会发现Cobber和PXE的实现方式和所需要的文件都是差不多的,Cobber还能提供WEB接口,配置起来更为方便。
cobbler所依赖的各服务
cobbler的运行依赖于dhcp、tftp、rsync及dns服务。其中dhcp可由dhcpd(isc)提供,也可由dnsmasq提供;tftp可由tftp-server程序包提供,也可由cobbler自带的tftp功能提供;rsync由rsync程序包提供;dns可由bind提供,也可由dnsmasq提供。实际上,dns并非必须。可以忽略。
cobbler可自行管理这些服务中的部分甚至是全部,但需要配置/etc/cobbler/settings文件中的“manage_dhcp”、“manage_tftpd”、“manage_rsync”和“manage_dns”分别进行定义。另外,由于每种服务都有着不同的实现方式,如若需要进行自定义,需要通过修改/etc/cobbler/modules.conf配置文件中各服务的模块参数的值来实现。
配置PXE+Cobbler
安装PXE和Cobbler环境所依赖的服务
安装以下服务程序:rsync,http,dhcp,tftp
[root@varnish ~]# yum install -y dhcpd httpd tftpd-server rsync
配置dhcp服务
[root@varnish ~]# vim /etc/dhcp/dhcpd.conf
option domain-name "li-zw.com";
option domain-name-servers 114.114.114.114;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.50 192.168.10.120;
option subnet-mask 255.255.255.0;
next-server 192.168.10.10; #tftp服务器
filename "pxelinux.0"; #pxelinux文件
}
启动dhcp服务器
[root@varnish ~]# systemctl start dhcpd
配置tftp服务器
我这里直接使用xinetd超级守护进程来管理tftpd
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot #TFTP的根目录
disable = no #改为no
per_source = 11
cps = 100 2
flags = IPv4
}
启动xinetd服务,由于设置上面的配置文件 disable = no 当启动xinetd服务时,会启动tftpd。
[root@varnish ~]# systemctl start xinetd
查看端口状态
[root@varnish ~]# ss -uan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:67 *:*
UNCONN 0 0 *:69
tftp所使用的udp69端口已经再监听了。
配置Cobbler
前面的操作只是部署PXE的环境,接下来部署Cobbler
Cobbler的基本概念
Cobbler最可观的效果是能集中化安装多个系统,包括不同发行版,它是PXE的2次封装,由PYTHON语言所研发。平常大多数情况下都是使用Cobbler的基本功能,而Cobbler的基本功能实现最起码需要2个组件的支持。distro和profile
distro组件:每个distro相当于一个发行版系统,它包含了内核和initrd的数据,以及内核参数等其他数据
profile组件:profile相当于一个配置文件了,每个distro下,可以有多个不同的profile,例如我们可以使用同一个distro(假设为Centos7.5)那么我可以配置多个profile文件,例如一个profile设置为最小化安装,一个profile设置为图形化安装.等等
Cobbler还有其他的一些组件,但不常用
Systems组件:表示对这个系统做出一些什么样的额外配置,例如帮它安装http服务等,不过一般都不会用,有专门的配置管理程序
Repository组件:保存一个yum或rsync存储库的镜像信息
Image组件(存储库):可替换一个包含不属于此类比的额文件的发行版对象(例如,无法分为内核和initrd的对象)。
由此可以看出,安装一个系统最起码需要一个distro和一个profile
安装Cobbler
[root@varnish ~]# yum install -y cobbler debmirror pykickstart
cobbler:cobbler程序
debmirror:维护debian源的工具,虽然用不上但有依赖关系,所以装上
pykickstart:检查kicstart文件语法错误
安装生成的文件有很多
[root@varnish cobbler]# ls
auth.conf completions import_rsync_whitelist modules.conf power rsync.exclude settings users.digest zone_templates
cheetah_macros dhcp.template iso mongodb.conf pxe rsync.template tftpd.template version
cobbler_bash dnsmasq.template ldap named.template reporting secondary.template users.conf zone.template
启动httpd服务
httpd服务会被Cobbler所依赖,直接启动即可
[root@varnish ~]# systemctl start httpd
启动cobbler
[root@varnish ~]# systemctl start cobbler
解决cobblerd的问题
启动服务后,要想正确使用cobbler还需要检查cobbler的环境,对检查出来的必须处理的问题都要解决掉
启动cobblerd
[root@varnish cobbler]# systemctl start cobblerd
检查cobbler
[root@varnish cobbler]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
4 : enable and start rsyncd.service with systemctl
5 : comment out 'dists' on /etc/debmirror.conf for proper debian support
6 : comment out 'arches' on /etc/debmirror.conf for proper debian support
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
在Cobbler初次启动时,会有很多问题,只要把问题都解决掉,cobbler就能运行了
问题1:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use
cobbler服务器的地址,默认配置成127.0.0.1,这样无法对外提供服务的,所以需要修改
解决方法:
编辑主配文件
[root@varnish cobbler]# vim settings
server: 192.168.10.10 #改成能提供cobbler服务的主机
问题2:
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
设置谁提供PXE的引导文件,也即tftp服务器
[root@varnish cobbler]# vim settings
next_server: 192.168.10.10
问题3:
3 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
需要提供PXE环境的引导文件,可以联网使用cobbler get-loaders来获取,也可以通过安装syslinux
rpm包来获取引导文件,也即'pexlinux.0'文件。
解决方法1:
我安装了syslinuxRPM包,所以我直接提取包里的文件,可以只提取pxelinux.0和menu.c32两个文件,也可以复制整个文件夹的文件,简单粗暴。
[root@varnish cobbler]# cd /usr/share/syslinux/
[root@varnish syslinux]# cp -R * /var/lib/cobbler/loaders/
解决方法2:
[root@varnish syslinux]#cobbler get-loaders
问题4:
4 : enable and start rsyncd.service with systemctl
开启rsysnc即可
[root@varnish loaders]# systemctl restart rsyncd
问题5、6
注释掉/etc/debmirror.conf相关项
[root@varnish loaders]# vim /etc/debmirror.conf
# @dists="sid";
# @arches="i386";
问题7:
让我们不要使用默认的密码
可以使用命令成生密码后替换
[root@varnish loaders]# openssl passwd -1 -salt `openssl rand -hex 8` '523569'
$1$e3f6285c$97SXxy9VqGKTJxdEft1hD.
[root@varnish loaders]# vim /etc/cobbler/settings
default_password_crypted: "$1$e3f6285c$97SXxy9VqGKTJxdEft1hD."
#替换密码
问题8
电源相关的问题,可以忽略
重启cobblerd
[root@varnish loaders]# systemctl restart cobblerd
[root@varnish loaders]# cobbler check
The following are potential configuration items that you may want to fix:
1 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
2 : enable and start rsyncd.service with systemctl
3 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
问题1,2其实都已经解决了,问题3可以忽略
问题1,已经复制了syslinux的所有和引导相关的文件到该目录下
问题2,Cobbler使用xined服务来检查rsync,但是rsync是以守护进程rsyncd来启动,所以检测失效。
制作distro
我准备了Centos7.5光盘,使用Cobbler import导入光盘成为disrto
[root@varnish loaders]# mount /dev/cdrom /media/
mount: /dev/sr0 写保护,将以只读方式挂载
导入光盘文件
[root@varnish loaders]# cobbler import --name=centos_7.5_x86_64 --path=/media
task started: 2018-07-11_233038_import
task started (id=Media import, time=Wed Jul 11 23:30:38 2018)
#此过程相当于复制光盘文件到/var/www/cobbler/ks_mirror/下的以distro命名的目录下,所以时间稍长
当导入光盘文件后,在/var/www/cobbler/ks_mirror里会新增一些文件和目录
首先是distro同名的目录,里面存放内核,initrd和数据的文件
然后是config目录下会有一个distro同名的repo文件
此时可以使用命令查看distro list
[root@varnish cobbler]# cobbler distro list
centos_7.5-x86_64
此外,对于一些常见的发行版,Cobbler会自动为其新增一个最小化安装的profile。
[root@varnish cobbler]# cobbler profile list
centos_7.5-x86_64
如果自己额外准备了kickstart文件的化,可以为其新增一个profile
[root@varnish html]# cp /var/www/html/an.cfg /var/lib/cobbler/kickstarts/centos_7.5-x86_64_mytest.cfg #复制kickstart文件到cobbler的/var/lib/cobbler/kickstarts目录下
[root@varnish html]# cobbler profile add --name=centos_7.5-x86_64_mytest --distro=centos_7.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos_7.5-x86_64_mytest.cfg #--name是profile的名字,配置在centos_7.5-x86_64这个distro下,最后指明kickstart文件路径
最后执行cobbler sync同步
[root@varnish pxelinux.cfg]# cobbler sync
cobbler sync同步其中有个操作就是修改pxelinux.0的配置文件
[root@varnish pxelinux.cfg]# cd /var/lib/tftpboot/pxelinux.cfg
[root@varnish pxelinux.cfg]# cat default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos_7.5-x86_64
kernel /images/centos_7.5-x86_64/vmlinuz
MENU LABEL centos_7.5-x86_64
append initrd=/images/centos_7.5-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.10.10/cblr/svc/op/ks/profile/centos_7.5-x86_64
ipappend 2
LABEL centos_7.5-x86_64_mytest
kernel /images/centos_7.5-x86_64/vmlinuz
MENU LABEL centos_7.5-x86_64_mytest
append initrd=/images/centos_7.5-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.10.10/cblr/svc/op/ks/profile/centos_7.5-x86_64_mytest
ipappend 2
MENU end
客户端测试
测试前应该检查所有配置
[root@varnish pxelinux.cfg]# systemctl status httpd
[root@varnish pxelinux.cfg]# systemctl status dhcpd
[root@varnish pxelinux.cfg]# systemctl status rsyncd
[root@varnish pxelinux.cfg]# systemctl status cobblerd
注意:对于Centos7.5测试虚拟机的内存必须2G以上 其他系统没有尝试,但最好设置在2G以上,以免出现错误
出现选择菜单
配合profile,能自动安装系统
自动安装成功
基于WEB接口配置Cobbler
Cobbler可以基于WEB GUI来管理配置。
安装cobbler-web
[root@varnish ~]# yum install -y cobbler-web
[root@varnish ~]# rpm -ql cobbler-web #查看rpm创建的文件
/etc/httpd/conf.d/cobbler_web.conf #安装完后,自动在httpd的conf.d目录下创建配置文件
/usr/share/cobbler/web
/usr/share/cobbler/web/__init__.py
/usr/share/cobbler/web/__init__.pyc
/usr/share/cobbler/web/__init__.pyo
/usr/share/cobbler/web/cobbler.wsgi
/usr/share/cobbler/web/cobbler_web
...
配置Cobbler认证方式
使用authn_configfile模块认证cobbler_web用户
首先修改modules.conf中[authentication]段的module参数的值为authn_configfile。
接着创建其认证文件/etc/cobbler/users.digest,并添加所需的用户即可。需要注意的是,添加第一个用户时,需要为htdigest命令使用“-c”选项,后续添加其他用户时不能再使用;另外,cobbler_web的realm只能为Cobbler。如下所示。
[root@varnish conf.d]# htdigest -c /etc/cobbler/users.digest Cobbler_test cbladmin
Adding password for cbladmin in realm Cobbler_test.
New password:
Re-type new password:
最后重启http和cobblerd服务
[root@varnish conf.d]# systemctl restart httpd cobblerd
访问地址
访问cobblers的地址是https://YOUR_COBBLERD_IP/cobbler_web
或者http://YOUR_COBBLERD_IP/cobbler_web
在/etc/httpd/conf.d/cobbler_web.conf的配置中有一项别名配置WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
,对于访问该目录,Cobller有对于该目录的一些默认配置
<Directory "/usr/share/cobbler/web/">
<IfModule mod_ssl.c> #当我们httpd安装有SSL时,就使用SSL访问,如果没有就使用http访问
SSLRequireSSL
</IfModule>
登陆页面
管理页面