2021-05-12 14:32:11
Cobbler自動化安裝部署作業系統
2020-06-16 16:36:09
Cobbler是快速網路安裝linux作業系統的服務,支援眾多的Linux發行版:Red Hat、Fedora、CentOS、Debian、Ubuntu和SUSE,也可以支援網路安裝windows。
一、設定yum源
cobbler所在的源是epel源所以先設定yum源
[root@centos7 ~]# vim /etc/yum.repos.d/base.repo
[base]
name=base
baseurl=file:///mnt
gpgcheck=0
[epel]
name=epel
baseurl=http://mirrors.sohu.com/fedora-epel/7/x86_64
gpgcheck=0二、安裝cobbler和dhcp服務
[root@centos7 ~]# yum install cobbler dhcp -y三、啟動相關服務並設定為開機啟動
[root@centos7 ~]# systemctl enable rsyncd httpd tftp cobblerd dhcpd
[root@centos7 ~]# systemctl start rsyncd httpd tftp cobblerd四、設定cobbler
1.使用cobbler check檢視所需設定的內容
root@centos7 ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : debmirror package is not installed, it will be required to manage debian deployments and repositories
6 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
7 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.2.在/etc/cobbler/setting檔案中查詢到以下幾項並進行修改
server: 192.168.73.120 #cobbler的伺服器地址
next_server: 192.168.73.120 #tftp伺服器地址
default_password_crypted: "$1$JZoCUmJG$PaPdl.tq3OW6KEXZbUaBP." #修改預設密碼
manage_dhcp: 1 #dhcpg管理設定為13.下載boot-loaders
[root@centos7 ~]# cobbler get-loaders4.修改cobbler的dhcp模板檔案
[root@centos7 ~]# vim /etc/cobbler/dhcp.template
...上面省略...
subnet 192.168.73.0 netmask 255.255.255.0 { #修改網段
option routers 192.168.73.254; #指定閘道器
option domain-name-servers 1.1.1.1; #指定dns
option subnet-mask 255.255.255.0; #指定子網掩碼
range dynamic-bootp 192.168.73.1 192.168.73.100; #指定地址池
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
...下面省略...5.將cobbler的DHCP檔案進行同步
[root@centos7 ~]# cobbler sync6.重新啟動cobbler服務以及DHCP服務
[root@centos7 ~]# systemctl restart cobblerd
[root@centos7 ~]# systemctl start dhcpd五、為cobbler設定系統映象檔案
1.將光碟掛載至一個空目錄
[root@centos7 ~]# mount /dev/sr0 /mnt2.將光碟內檔案複製入cobbler,此步驟是將光碟的的檔案複製至/var/www/cobbler/ks_mirror/目錄下
[root@centos7 ~]# cobbler import --path=/mnt --name=Centos-6.10 --arch=x86_64由於cobbler自帶了KS檔案,所以現在已經能夠實現自動化安裝系統了,若要實現使用自己客製化的KS檔案,來實現自動化安裝看下面的補充。
補充
在實際生產環境中可能需要安裝各種不同的客製化化的系統,此時就需要準備各種不同的ks檔案,並將檔案與相對應的系統關聯起來。
一、準備ks檔案
1.ks檔案可以在圖形化介面通過system-config-kickstart進行生成,也手寫(不建議)或使用已經裝好的系統中,/root/anaconda-ks.cfg進行修改。此處以最小化安裝ks檔案為例。
此處需要注意的是在ks檔案中使用network安裝,要將url的路徑設定為cobbler的內建變數$tree
# Use network installation
url --url=$tree2.ks6mini.cfg檔案內容
[root@centos7 ~]# vim ks6.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url=$tree
# Root password
rootpw --iscrypted $1$6oVXZR1R$QOASc6inirmHCZmQ.W9Hg0
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype="ext4" --size=200
part / --fstype="ext4" --size=20000
part swap --fstype="swap" --size=1024
%packages
@core
%end二、將ks檔案複製到cobbler的ks的倉庫中
cobbler有自帶的ks倉庫,其目錄在/var/lib/cobbler/kickstarts/,將所準備好的ks檔案複製到此目錄下
[root@centos7 ~]# cp ks6mini.cfg /var/lib/cobbler/kickstarts/三、將ks檔案與cobbler中的系統映象相關聯
1.首先檢視下cobbler倉庫中的ks檔案關聯列表以及cobbler中所存在的系統映象
[root@centos7 ~]# cobbler profile list #此命令可以檢視ks關聯安裝列表
Centos-6.10-x86_64 #此為剛才建立的安裝列表
[root@centos7 ~]# cobbler distro list #此命令可以檢視所存在的系統映象
Centos-6.10-x86_64 #此為剛才匯入的映象2.將ks6mini.cfg檔案進行關聯
[root@centos7 ~]# cobbler profile add --name=Centos-6.10-mini-x86_64 --distro=Centos-6.10-x86_64 --ks=/var/lib/cobbler/kickstarts/ks6mini.cfg
#--name:指定新的安裝列表的名稱
#--distro:指定所要關聯的映象名稱
#--ks:指定ks檔案所在的路徑
[root@centos7 ~]# cobbler profile list #檢視安裝列表
Centos-6.10-mini-x86_64 #此為剛才所關聯的項
Centos-6.10-x86_643.刪除ks關聯
由於cobbler所自帶的關聯安裝方法,並不是我們想要的,所以我們需要將其從列表中刪除,刪除方法
[root@centos7 ~]# cobbler profile remove --name=Centos-6.10-x86_64 #刪除列表
[root@centos7 ~]# cobbler profile list
Centos-6.10-mini-x86_64 #此時只剩下mini基於web的cobbler管理
由於文字形式的cobbler的管理不太友好,我們也可以使用基於web的管理方法
一、安裝cobbler-web
[root@centos7 mnt]# yum install cobbler-web -y二、重新啟動httpd服務
[root@centos7 mnt]# systemctl restart httpd三、此時已經能存取cobbler的web介面
cobbler_web是基於ssl的,所以需要使用https協定,存取地址為:https://XXX.XXX.XXX.XXX/cobbler_web
cobbler_web的賬戶和密碼
cobbler預設賬戶和密碼都為cobbler,此密碼不夠安全,我們需要對其加以修改。
一、authn_configfile驗證方法
cobbler的驗證檔案存放在/etc/cobbler/modules.conf內部詳細的說明了各種驗證方法,預設的驗證方法為configfile。
[root@centos7 mnt]# cat /etc/cobbler/modules.conf
# cobbler module configuration file
# =================================
# authentication:
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
# authn_denyall -- no one (default)
# authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
# authn_passthru -- ask Apache to handle it (used for kerberos)
# authn_ldap -- authenticate against LDAP
# authn_spacewalk -- ask Spacewalk/Satellite (experimental)
# authn_pam -- use PAM facilities
# authn_testing -- username/password is always testing/testing (debug)
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Kerberos
# https://github.com/cobbler/cobbler/wiki/Ldap
[authentication]
module = authn_configfile新增使用者和刪除使用者
auth_confile的使用者名稱和密碼存放在/etc/cobbler/users.digest中使用一下命令可以建立Cobbler的使用者和密碼
[root@centos7 mnt]# htdigest /etc/cobbler/users.digest Cobbler admin #注意此處Cobbler的C必須為大寫
Adding user admin in realm cobbler
New password:
Re-type new password: Cobbler刪除使用者只需要在/etc/cobbler/users.digest中找到使用者相對應的行將其刪除。
二、authn_pam的驗證方法
1.修改驗證檔案/etc/cobbler/modules.conf中的authentication項,pam驗證方法的使用者名稱和密碼存放在/etc/cobbler/users.conf檔案中
[authentication]
module = authn_pam2.基於pam驗證的使用者名稱和密碼的建立
建立一個Linux使用者
[root@centos7 mnt]# useradd -s /sbin/nologin cobbleradmin
[root@centos7 mnt]# echo 111111 | passwd --stdin cobbleradmin
Changing password for user cobbleradmin.
passwd: all authentication tokens updated successfully.此時可以使用Linxu賬戶進行登陸cobbler_web
相關文章