运维自动化之系统部署
1 系统安装过程
1.1 运维自动化发展历程及技术应用
1.2 系统安装过程
Linux的安装过程如下:
加载boot loader
加载启动安装菜单
加载内核和initrd文件
加载根系统
运行anaconda的安装向导
1.2.1 Linux安装光盘的安装相关文件
在系统光盘的isolinux目录下有和安装相关的文件
boot.cat: 相当于grub的第一阶段
isolinux.bin:光盘引导程序,在mkisofs的选项中需要明确给出文件路径,这个文件属于
SYSLINUX项目
isolinux.cfg:启动菜单的配置文件,当光盘启动后(即运行isolinux.bin),会自动去找
isolinux.cfg文件
vesamenu.c32:是光盘启动后的启动菜单图形界面,也属于SYSLINUX项目,menu.c32提供纯文
本的菜单
memtest:内存检测程序
splash.png:光盘启动菜单界面的背景图
vmlinuz:是内核映像
initrd.img:ramfs文件
1.2.2 安装菜单的内核参数
安装光盘的启动菜单配置文件:isolinux/isolinux.cfg中设置相关的内核加载参数,实现不同的安装过程
isolinux.cfg文件中每个安装对应菜单选项:
加载内核:isolinuz/vmlinuz
向内核传递参数:append initrd=initrd.img 参数设置
指定内核参数方法
在启动菜单界面,选中一项安装方法,按tab键,在后面增加参数
在启动菜单界面,任意选中一项安装方法,按ESC键:boot: linux 参数设置
常见的内核参数:
text:默认启动GUI安装接口,可以指定文本方式的安装界面
rescue:进入救援模式
inst.repo=path:指定安装源文件的路径,可以是以下格式
Centos 6
DVD drive repo=cdrom :device
Hard Drive repo=hd:device/path
HTTP Server repo=http://host/path
HTTPS Server repo=https://host/path
FTP Server repo=ftp://username:password@host/path
NFS Server repo=nfs:server:/path
ISO images on an NFS Server repo=nfsiso:server:/path
Centos 7
Any CD/DVD drive inst.repo=cdrom
Hard Drive inst.repo=hd:device:/path
HTTP Server inst.repo=http://host/path
HTTPS Server inst.repo=https://host/path
FTP Server inst.repo=ftp://username:password@host/path
NFS Server inst.repo=nfs:[options:]server:/path
askmethod:选择安装源文件的获取方法,提供了光盘,本地硬盘,NFS,FTP,HTTP多种安装
源,此项Centos 7 以后版已废弃
ks=path: 指定自动化安装应答文件路径,如:initrd=initrd.img inst.ks=http://192.168.8.8/ksdir/ks8.cfg
ip= : 指定IP地址信息
ip=method,method 可以为dhcp
ip=interface:method 指定特定接口
ip=ip::gateway:netmask:hostname:interface:none 静态IP
1.2.3 anaconda安装向导
anaconda是Linux系统安装程序,可以提供两种风格的安装界面
gui:图形窗口
tui: 基于图形库curses的文本窗口
anaconda工作过程
安装过程使用的语言
键盘类型
时区和时间
安装源文件路径
选定要安装的程序包
安装目标存储设备及分区设置
Basic Storage:本地磁盘
特殊设备:iSCSI
KDUMP功能
设定主机名和配置网络接口
安全策略
管理员密码
创建一个普通用户
anaconda的配置方式:
交互式配置方式
通过读取事先给定的配置文件自动完成配置,加内核参数:ks=/path实现指明kickstart文件的位置,各种路径格式如下:
DVD drive: ks=cdrom:/PATH/TO/KICKSTART_FILE
Hard drive: ks=hd:device:/directory/KICKSTART_FILE
HTTP server: ks=http://host:port/path/to/KICKSTART_FILE
FTP server: ks=ftp://host:port/path/to/KICKSTART_FILE
HTTPS server: ks=https://host:port/path/to/KICKSTART_FILE
NFS server:ks=nfs:host:/path/to/KICKSTART_FILE
2 自动安装的应答文件
实现自动安装前,需要制作对应的安装应答文件,称为kickstart文件,用于保存安装过程需要指定的选项。
2.1 kickstart文件使用过程
1. Create a Kickstart file.
2. Make the Kickstart file available on removable media, a hard drive or a network location.
3. Create boot media, which will be used to begin the installation.
4. Make the installation source available.
5. Start the Kickstart installation.
2.2 kickstart文件的格式
2.2.1 Kickstart文件格式官方说明
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an
_advanced_rhel_installation/index
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_gui
de/sect-kickstart-syntax
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/installation_gui
de/s1-kickstart2-options
2.2.2 kickstart文件格式说明
kickstart文件主要包括三个部分:命令段,程序包段,脚本段
命令段:指明各种安装前配置,如键盘类型等
命令段中的常见命令:
keyboard: 设定键盘类型
lang: 语言类型
zerombr:清除mbr
clearpart:清除分区
part: 创建分区
rootpw: 指明root的密码
timezone: 时区
text: 文本安装界面
network:指定网络设置
firewall:设置防火墙设置
selinux:设置selinux设置
reboot:安装完自动重启
user:安装完成后为系统创建新用户
url: 指明安装源
程序包段:指明要安装的程序包组或程序包,不安装的程序包等
%packages
@^environment group: 指定环境包组,如:@^minimal-environment
@group_name
package
-package
%end
脚本段:
%pre: 安装前脚本
%post: 安装后脚本
注意:
CentOS 8,7,6 不同版本的kickstart文件格式不尽相同,不可混用
%addon, %packages, %onerror, %pre 、 %post 必须以%end结束,否则安装失败
范例:CentOS 8 的最小化安装kickstart文件
ignoredisk --only-use=sda
zerombr
text
reboot
clearpart --all --initlabel
selinux --disabled
firewall --disabled
url --url=http://10.0.0.8/centos/8/os/x86_64/
keyboard --vckeymap=us --xlayouts=‘us‘
lang en_US.UTF-8
network ?--bootproto=dhcp --device=ens160 --ipv6=auto --activate
network ?--hostname=centos8.magedu.com
rootpw --iscrypted
$6$j9YhzDUnQVnxaAk8$qv7rkMcPAEbV5yvwsP666DXWYadd3jYjkA9fpxAo9qYotjGGBUclCGoP1TRv
gHBpqgc5n0RypMsPTQnVDcpO01
firstboot --enable
skipx
services --disabled="chronyd"
timezone Asia/Shanghai --isUtc --nontp
user --name=wang --
password=6oUfb/02CWfLb5l8f$sgEZeR7c7DpqfpmFDH6huSmDbW1XQNR4qKl2EPns.gOXqlnAIgv9p
TogtFVaDtEpMOC.SWXKYqxfVtd9MCwxb1 --iscrypted --gecos="wang"
part / --fstype="xfs" --ondisk=sda --size=102400
part /data --fstype="xfs" --ondisk=sda --size=51200
part swap --fstype="swap" --ondisk=sda --size=2048
part /boot --fstype="ext4" --ondisk=sda --size=1024
%packages
@^minimal-environment
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb=‘auto‘
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
%post
useradd mage
echo magedu | passwd --stdin mage &> /dev/null
%end
范例:CentOS 7 的最小化安装kickstart文件
install
xconfig ?--startxonboot
keyboard --vckeymap=us --xlayouts=‘us‘
rootpw --iscrypted $1$bpNEv8S5$lK.CjNkf.YCpFPHskSNiN0
url --url="http://10.0.0.8/centos/7/os/x86_64"
lang en_US
auth ?--useshadow ?--passalgo=sha512
text
firstboot --enable
selinux --disabled
skipx
services --disabled="chronyd"
ignoredisk --only-use=sda
firewall --disabled
network ?--bootproto=dhcp --device=ens33
reboot
timezone Asia/Shanghai --nontp
bootloader --append="crashkernel=auto" --location=mbr --boot-drive=sda
zerombr
clearpart --all --initlabel
part swap --fstype="swap" --ondisk=sda --size=3072
part / --fstype="xfs" --ondisk=sda --size=51200
part /boot --fstype="xfs" --ondisk=sda --size=1024
part /data --fstype="xfs" --ondisk=sda --size=30720
%post
useradd wang
%end
%packages
@^minimal
vim-enhanced
%end
范例:CentOS 6 的最小化安装kickstart文件
install
text
reboot
url --url=http://10.0.0.8/centos/6/os/x86_64/
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp ?--noipv6
rootpw ?--iscrypted
$6$b6C5mM/BwOMBoK8H$cYZFrHoNlOL0iDsxOTRhwnWJ3yfFmf7mRJBOxEqGoI56UMrT8J7qlrGwX7tS
nOf7wKxYR2hAvAREILDgOgsFe1
firewall --disabled
authconfig --enableshadow --passalgo=sha512
selinux --disabled
timezone Asia/Shanghai
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb
quiet"
zerombr
clearpart --all --initlabel
part /boot --fstype=ext4 --size=1024
part / --fstype=ext4 --size=50000
part /data --fstype=ext4 --size=30000
part swap --size=2048
%packages
@core
@server-policy
@workstation-policy
autofs
vim-enhanced
%end
%post
useradd wang
echo magedu | passwd --stdin wang &> /dev/null
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/* /etc/yum.repos.d/bak
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
name=base
baseurl=file:///misc/cd
gpgcheck=0
EOF
%end
2.3 kickstart文件创建
创建kickstart文件的方式
可使用创建工具:system-config-kickstart ,注意:此方法 CentOS 8 不再支持
依据某模板修改并生成新配置,CentOS安装完后,会自动参考当前系统的安装过程,生成一个
kickstart文件 /root/anaconda-ks.cfg
检查ks文件的语法错误:
使用 ksvalidator 工具可以检查kickstart的文件格式是否有语法错误,来自于 pykickstart 包
格式:
ksvalidator /PATH/TO/KICKSTART_FILE
范例:使用 system-config-kickstart 一边来看看生成的 kickstart 配置文件,我们一页一页观察
1. Basic Configuration
配置文件如下
┌────────────────────────────────────────────────────────┐
│#Basic Configuration ???????????
│========================================================
│#platform=x86, AMD64, or Intel EM64T ?????????
│#Default Language默认语言 ???????????????
│lang en_US ??????????????????????
│# Keyboard 键盘
│keyboard ‘us‘
│# timezone 时区(勾选了"Use UTC clock" 会追加[--isUtc])
│timezone Asia/Shanghai
│# Root password
│rootpw --iscrypted $1$DBk7xfJp$Agxd303XUAfRKIf7gB8DG/
└──────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────┐
│#Advanced Configuration ??
│勾选就有,不勾没有
│========================================================
│# Reboot after installation
│reboot
│# Use text mode install
│text
└────────────────────────────────────────────────────────┘
2. Installation Method
配置文件如下
┌────────────────────────────────────────────────────────┐
│#Installation Method ????????
│========================================================
│# Install OS instead of upgrade
│install
│# Upgrade existing installation
│upgrade
└────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────┐
│#Installation source ?
│选了哪项就写哪项
│========================================================
│# Use CDROM installation media
│cdrom
│# Use NFS installation media
│nfs --server=服务器 --dir=目录
│# Use network installation
│url --url="ftp://用户名:密码@服务器/目录"
│# Use network installation
│url --url="http://服务器/目录"
│# Use hard drive installation media
│harddrive --dir=目录 --partition=分区
└────────────────────────────────────────────────────────┘
3. Boot Loader Options
配置文件如下
┌────────────────────────────────────────────────────────────────┐
│#Installation Method&GRUB options&Install Options
│=================================================================
│ ┌────────────────────────────────────┐
│ │ 选择了Do not install a boot loader │
│ └────────────────────────────────────┘
│ # System bootloader configuration
│ bootloader --location=none
│
│ ┌────────────────────────────────────┐
│ │ ?选择了install new boot loader ??│
│ └────────────────────────────────────┘
│ bootloader --append="ker" --location=mbr --password="123"
│#append是内核参数,location是bootloader安装位置,password是GRUB密码
└────────────────────────────────────────────────────────────────┘
4. Partition Information
配置文件如下
┌─────────────────────────────────────────────────────┐
│# Master Boot Record
│#Master Boot Record选择了clear... 否则就没有 ??????
│======================================================
│# Clear the Master Boot Record
│zerombr
└─────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────┐
│# Partitions&Disk Label ?????
│======================================================
│# Partition clearing information
│clearpart --linux --initlabel
└─────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────┐
│# Layout 分区
│part 挂载点 ?--fstype=文件系统 ?--size=大小(单位M) ???
│======================================================
│# Disk partitioning information
│part / --fstype="xfs" --size=10240
│part /boot --fstype="ext4" --size=1024
│part swap --fstype="swap" --size=2048
└─────────────────────────────────────────────────────┘
5. Network Configuration
配置文件如下
┌─────────────────────────────────────────────────────┐
│# Network Configuration
│Centos7如果要写eth0,要加内核参数net.ifnames=0
│======================================================
│# Network information
│network ?--bootproto=dhcp --device=eth0
└─────────────────────────────────────────────────────┘
6. Authentication
配置文件如下
┌───────────────────────────────────────────────────────────────┐
│# Authentication
│如果勾选Enable Fingerprint reader则追加参数 --enablefingerprint
│===============================================================
│# System authorization information
│auth ?--useshadow ?--passalgo=md5
└───────────────────────────────────────────────────────────────┘
7. Firewall Configuration
配置文件如下
┌───────────────────────────────────────────────────────────────┐
│# Firewall Configuration
│===============================================================
│# SELinux configuration
│selinux ?--disabled或permissive或enforcing
│
│# Firewall configuration
│firewall ?--disabled或enabled
│#如果是enable,可以在追加:--http --ftp --telnet --smtp --ssh
│#还可以追加端口:--port=555:tcp,444:udp
└───────────────────────────────────────────────────────────────┘
8. Display Configuration
配置文件如下
┌───────────────────────────────────────────────────────────────┐
│# Display Configuration
│===============================================================
│如果选了安装图形界面,就没有下面这句话
│# Do not configure the X Window System
│skipx
│# Run the Setup Agent on first boot
│firstboot --enable或disable
└───────────────────────────────────────────────────────────────┘
9. Package Selection
如果你的界面是什么都没有,那么需要把你现使用的yum仓库配置文件改一下
[root]#vim /etc/yum.repos.d/***.repo
[development]
#把原来"[]"内的内容改成development就可以了,其它不变
配置文件如下
%packages
@development
-byacc
-cscope
-ctags
-diffstat
-doxygen
-elfutils
-gcc-gfortran
-git
-indent
-intltool
-patchutils
-rcs
-subversion
-swig
-systemtap
%end
10. Pre-Installation Script
配置文件如下
%pre
i am pre
%end
11. Post-Installation Script
配置文件如下
%post --nochroot
i am post
%end
12 以上system-config-kickstart 执行后最终生成的kickstart文件如下
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard ‘us‘
# Root password
rootpw --iscrypted $1$2TeoFGRN$EeykyMirEiMIya57QmbG71
# Use network installation
url --url="http://192.168.100.7/Centos/7/os/x86_64"
# System language
lang zh_CN
# System authorization information
auth ?--useshadow ?--passalgo=sha512
# Use text mode install
text
# Run the Setup Agent on first boot
firstboot --enable
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Firewall configuration
firewall --disabled
# Network information
network ?--bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --fstype="ext4" --size=2048
part / --fstype="xfs" --size=10240
part swap --fstype="swap" --size=2048
%pre
i am pre
%end
%post --nochroot
i am post
%end
%packages
@development
-byacc
-cscope
-ctags
-diffstat
-doxygen
-elfutils
-gcc-gfortran
-git
-indent
-intltool
-patchutils
-rcs
-subversion
-swig
-systemtap
%end
3 制作引导光盘和U盘
可以将定制安装光盘,并结合kickstart实现基于光盘启动的半自动化安装
实现过程
[root@centos8 ~]#mkdir –pv /data/myiso
[root@centos8 ~]#cp -r /mnt/isolinux/ /data/myiso/
[root@centos8 ~]#tree /data/myiso/
/data/myiso/
└── isolinux
?├── boot.cat
?├── boot.msg
?├── grub.conf
?├── initrd.img
?├── isolinux.bin
?├── isolinux.cfg
?├── ldlinux.c32
?├── libcom32.c32
?├── libutil.c32
?├── memtest
?├── splash.png
?├── TRANS.TBL
?├── vesamenu.c32
?└── vmlinuz
1 directory, 14 files
[root@centos8 ~]#vim /data/myiso/isolinux/isolinux.cfg
#方法1:应答方件放在ISO文件里
label linux
menu label ^Auto Install CentOS Linux 8
kernel vmlinuz
?initrd=initrd.img text ks=cdrom:/myks.cfg
#方法2:应答方件放在http服务器上
label linux
menu label ^Auto Install CentOS Linux 8
kernel vmlinuz
append initrd=initrd.img quiet ks=http://10.0.0.8/ksdir/centos8.cfg
label rescue
menu label ^Rescue a CentOS Linux system
kernel vmlinuz
append initrd=initrd.img inst.repo=http://10.0.0.8/centos/8 rescue quiet
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
[root@centos8 ~]#cp /root/myks.cfg /data/myiso/
[root@centos8 ~]#dnf -y install mkisofs
[root@centos8 ~]#mkisofs -R -J -T -v --no-emul-boot --boot-load-size 4 --boot-
info-table -V "CentOS 8.0 x86_64 boot" -b isolinux/isolinux.bin -c
isolinux/boot.cat -o /root/boot.iso /data/myiso/
注意:以上相对路径都是相对于光盘的根,和工作目录无关
mkisofs选项说明
[OPTION] 意义
-o 指定映像文件的名称。
-b 指定在制作可开机光盘时所需的开机映像文件。
-c 制作可开机光盘时,会将开机映像文件中的 no-eltorito-catalog 全部内容作成一个文件。
-no-emul-boot 非模拟模式启动。
-boot-load-size 4 设置载入部分的数量
-boot-info-table 在启动的图像中现实信息
-R 或 -rock 使用 Rock RidgeExtensions
-J 或 -joliet 使用 Joliet 格式的目录与文件名称
-v 或 -verbose 执行时显示详细的信息
-T 或 -translation-
table 建立文件名的转换表,适用于不支持 Rock Ridge
4 实现DHCP服务
主机获取网络配置可以通过两种方式:
静态指定
动态获取:
bootp:boot protocol MAC与IP一一静态对应
dhcp:增强的bootp,支持静态和动态
4.1 DHCP工作原理
DHCP: Dynamic Host Configuration Protocol,动态主机配置协议,UDP协议,C/S模式,dhcp
server:67/udp,dhcpv4c client :68/udp,dhcpv6 client:546/udp
主要用途:
用于内部网络和网络服务供应商自动分配IP地址给用户
用于内部网络管理员作为对所有电脑作集中管理的手段
自动化安装系统
解决IPV4资源不足问题
DHCP共有八种报文
DHCP DISCOVER:客户端到服务器
DHCP OFFER :服务器到客户端
DHCP REQUEST:客户端到服务器
DHCP ACK :服务器到客户端
DHCP NAK:服务器到客户端,通知用户无法分配合适的IP地址
DHCP DECLINE :客户端到服务器,指示地址已被使用
DHCP RELEASE:客户端到服务器,放弃网络地址和取消剩余的租约时间
DHCP INFORM:客户端到服务器, 客户端如果需要从DHCP服务器端获取更为详细的配置信息,则发送Inform报文向服务器进行请求,极少用到
DHCP服务续租
50% :租赁时间达到50%时来续租,刚向DHCP服务器发向新的DHCPREQUEST请求。如果dhcp服务没有拒绝的理由,则回应DHCPACK信息。当DHCP客户端收到该应答信息后,就重新开始新的租用周期
87.5%:如果之前DHCP Server没有回应续租请求,等到租约期的7/8时,主机会再发送一次广播请求
同网段多DHCP服务
DHCP服务必须基于本地
先到先得的原则
跨网段
RFC 1542 Compliant Routers
dhcp relay agent: 中继代理
相关协议
arp
rarp
租期:
长租期:IP相对稳定,网络资源消耗较少,但是浪费IP资源
短租期:IP相对不稳定,网络资源消耗较多,但是IP资源可以充分利用,可以实现较少IP为较多的主机服务
4.2 DHCP实现
注意:实现DHCP服务前,先将网络已有DHCP服务,如:mware中的DHCP关闭,访止冲突
DHCP服务的实现软件:
dhcp(CentOS 7 之前版本) 或 dhcp-server(CentOS 8 中的包名)
dnsmasq:小型服务软件,可以提供dhcp和dns功能
4.2.1 DHCP相关文件组成
dhcp-server 包文件组成
/usr/sbin/dhcpd dhcp服务主程序
/etc/dhcp/dhcpd.conf dhcp服务配置文件
/usr/share/doc/dhcp-server/dhcpd.conf.example #dhcp服务配置范例文件
/usr/lib/systemd/system/dhcpd.service #dhcp服务service文件
/var/lib/dhcpd/dhcpd.leases 地址分配记录
dhcp-client客户端包
/usr/sbin/dhclient #客户端程序
/var/lib/dhclient #自动获取的IP信息
windows 工具
ipconfig /release #释放DHCP获取的IP,重新申请IP
ipconfig/renew #刷新租约,续约
4.2.2 DHCP服务器配置文件
帮助参考:man 5 dhcpd.conf
/etc/dhcp/dhcpd.conf 格式
全局配置
subnet {
...
}
host {
}
检查语法命令:service dhcpd configtest (CentOS 6 之前版本支持)
范例:dhcpd.conf
[root@centos8 ~]#grep -v "#" /etc/dhcp/dhcpd.conf
option domain-name "magedu.org";
option domain-name-servers 180.76.76.76, 223.6.6.6;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.10 10.0.0.100;
range 10.0.0.110 10.0.0.200;
option routers 10.0.0.2;
next-server 10.0.0.8;
filename "pxelinux.0";
}
host testclient {
hardware ethernet 00:0c:29:33:b4:1a;
fixed-address 10.0.0.106;
default-lease-time 86400;
max-lease-time 864000;
option routers 10.0.0.254;
option domain-name-servers 114.114.114.114,8.8.8.8 ;
option domain-name "magedu.net";
}
DHCP配置文件其它配置选项:
next-server:提供引导文件的服务器IP地址
filename: 指明引导文件名称
范例:
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.10 ?192.168.100.100;
range 192.168.100.150 ?192.168.100.200;
option routers 192.168.100.1;
next-server 192.168.1.100; #TFTP服务器地址
filename "pxelinux.0"; ??#bootloader启动文件的名称
}
范例:dhcp 客户端申请地址的过程
[root@centos7 ~]#dhclient -d
Internet Systems Consortium DHCP Client 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/00:0c:29:01:f9:48
Sending on ?LPF/eth0/00:0c:29:01:f9:48
Sending on ?Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 (xid=0x4147178b)
DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x4147178b)
DHCPOFFER from 10.0.0.8
DHCPACK from 10.0.0.8 (xid=0x4147178b)
bound to 10.0.0.100 -- renewal in 32740 seconds.
#DHCP客户端的日志
[root@centos7 ~]#ls /var/lib/dhclient/
dhclient.leases
[root@centos7 ~]#cat /var/lib/dhclient/dhclient.leases
lease {
interface "eth0";
fixed-address 10.0.0.100;
option subnet-mask 255.255.255.0;
option routers 10.0.0.2;
option dhcp-lease-time 86400;
option dhcp-message-type 5;
option domain-name-servers 180.76.76.76,223.5.5.5,223.6.6.6;
option dhcp-server-identifier 10.0.0.8;
option domain-name "magedu.com";
renew 3 2020/05/27 16:18:15;
rebind 4 2020/05/28 04:12:33;
expire 4 2020/05/28 07:12:33;
}
#DHCP服务器的日志
[root@centos8 ~]#tail -f /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.3.6
# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;
server-duid "\000\001\000\001&`\315\277\000\014)?s\225";
lease 10.0.0.100 {
starts 3 2020/05/27 07:12:33;
ends 4 2020/05/28 07:12:33;
cltt 3 2020/05/27 07:12:33;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 00:0c:29:01:f9:48;
}
5 实现TFTP服务
5.1 TFTP介绍
TFTP:Trivial File Transfer Protocol ,是一种用于传输文件的简单高级协议,是文件传输协议(FTP)的简化版本。用来传输比文件传输协议(FTP)更易于使用但功能较少的文件
TFTP和FTP的区别
1、安全性区别
FTP支持登录安全,具有适当的身份验证和加密协议,在建立连接期间需要与FTP身份验证通信
TFTP是一种开放协议,缺乏安全性,没有加密机制,与TFTP通信时不需要认证
2、传输层协议的区别
FTP使用TCP作为传输层协议,TFTP使用UDP作为传输层协议
3、使用端口的区别
FTP使用2个端口:TCP端口21,是个侦听端口;TCP端口20或更高TCP端口1024以上用于源连接
TFTP仅使用一个具有停止和等待模式的端口:端口:69/udp
4、RFC的区别
FTP是基于RFC 959文档,带有其他RFC涵盖安全措施;TFTP基于RFC 1350文档
5、执行命令的区别
FTP有许多可以执行的命令(get,put,ls,dir,lcd)并且可以列出目录等
TFTP只有5个指令可以执行(rrq,wrq,data,ack,error)
5.2 安装和使用TFTP
安装包:
tftp-server #服务器包
tftp #客户端包
范例:安装并使用tftp下载文件
#安装tftp服务器包
[root@centos8 ~]#dnf install tftp-server -y
[root@centos8 ~]#rpm -ql tftp-server
/usr/lib/.build-id
/usr/lib/.build-id/8c
/usr/lib/.build-id/8c/6921a9fb21d66da4fb299d516bce9ee6afea34
/usr/lib/systemd/system/tftp.service #tftp service文件
/usr/lib/systemd/system/tftp.socket #tftp socket文件
/usr/sbin/in.tftpd ?#tftp主程序
/usr/share/doc/tftp-server
/usr/share/doc/tftp-server/CHANGES
/usr/share/doc/tftp-server/README
/usr/share/doc/tftp-server/README.security
/usr/share/man/man8/in.tftpd.8.gz
/usr/share/man/man8/tftpd.8.gz
/var/lib/tftpboot ?#TFTP服务数据目录
#启动服务
[root@centos8 ~]#systemctl enable --now tftp.service
Created symlink /etc/systemd/system/sockets.target.wants/tftp.socket →
/usr/lib/systemd/system/tftp.socket.
[root@centos8 ~]#ss -nulp|grep tftp
UNCONN ?0 ????0 ????????????*:69 ??????????*:* ??
users:(("in.tftpd",pid=10100,fd=0),("systemd",pid=1,fd=32))
#准备测试文件
[root@centos8 ~]#cp /etc/fstab /var/lib/tftpboot/f1.txt
[root@centos8 ~]#mkdir /var/lib/tftpboot/dir
[root@centos8 ~]#cp /etc/password /var/lib/tftpboot/dir/f2.txt
#安装tftp客户端包
[root@centos7 ~]#yum -y install tftp
#客户端通过tftp测试下载文件
[root@centos7 ~]#tftp 10.0.0.8
tftp> ls
?Invalid command
tftp> help
tftp-hpa 5.2
Commands may be abbreviated. Commands are:
connect connect to remote tftp
mode ?set file transfer mode
put ??send file
get ??receive file
quit ?exit tftp
verbose toggle verbose mode
trace ?toggle packet tracing
literal toggle literal mode, ignore ‘:‘ in file name
status show current status
binary set mode to octet
ascii ?set mode to netascii
rexmt ?set per-packet transmission timeout
timeout set total retransmission timeout
? ???print help information
help ?print help information
tftp> get f1.txt
tftp> get dir/f2.txt
tftp> quit
[root@centos7 ~]#ls
anaconda-ks.cfg f1.txt f2.txt
#以下在tftp服务器执行,当用户下载文件后,可以观察到服务器端自动打开in.tftpd主程序
[root@centos8 tftpboot]#ps aux|grep in.tftp
root ???1276 ?0.0 ?0.2 ?14912 ?1720 ? ???Ss ?12:03 ?0:00
/usr/sbin/in.tftpd -s /var/lib/tftpboot
root ???1282 ?0.0 ?0.1 ?12108 ?960 pts/0 ?R+ ?12:04 ?0:00 grep --
color=auto in.tftp
6 利用 PXE 实现自动化系统部署
6.1 PXE介绍
PXE:Preboot Excution Environment,预启动执行环境,是由Intel公司研发,基于Client/Server的网
络模式,支持远程主机通过网络从远端服务器下载映像,并由此支持通过网络启动操作系统,可以引导
和安装Windows,linux等多种操作系统
PXE启动工作原理
6.2 利用PXE实现自动化安装流程
1. Client向PXE Server上的DHCP发送IP地址请求消息,DHCP检测Client是否合法(主要是检测Client的网卡MAC地址),如果合法则返回Client的IP地址,同时将启动文件pxelinux.0的所在TFTP服务器地址信息一并传送给Client
2. Client向TFTP服务器发送获取pxelinux.0请求消息,TFTP服务器接收到消息之后,向Client发送pxelinux.0大小信息,试探Client是否满意,当TFTP收到Client发回的同意大小信息之后,正式向Client发送pxelinux.0
3. Client执行接收到的pxelinux.0文件,并利用此文件启动
4. Client向TFTP 服务器发送请求针对本机的配置信息文件(在TFTP 服务器的pxelinux.cfg目录
下),TFTP服务器将启动菜单配置文件发回Client,继而Client根据启动菜单配置文件执行后续操作
5. Client根据启动菜单配置文件里的信息,向TFTP发送Linux内核和initrd文件请求信息,TFTP接收到消息之后将内核和initrd文件发送给Client
6. Client向TFTP发送根文件请求信息,TFTP接收到消息之后返回Linux根文件系统
7. Client启动Linux内核,加载相关的内核参数
8. Client通过内核参数下载kickstart文件,并根据kickstart文件里的安装信息,下载安装源文件进行自动化安装
UEFI 客户端的安装文档:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an
_advanced_rhel_installation/preparing-for-a-network-install_installing-rhel-as-an-experienced-use
r#configuring-a-tftp-server-for-uefi-based-clients_preparing-for-a-network-install
6.3 在CentOS 6 上实现PXE自动化安装CentOS
6.3.1 安装前准备
关闭防火墙和SELINUX,DHCP服务器静态IP
网络要求:关闭Vmware软件中的DHCP服务
6.3.2 安装相关软件包并启动
[root@centos6 ~]#yum install dhcp httpd tftp-server syslinux
[root@centos6 ~]#chkconfig tftp on
[root@centos6 ~]#chkconfig httpd on
[root@centos6 ~]#chkconfig dhcpd on
[root@centos6 ~]#service httpd start
[root@centos6 ~]#service xneted start?
6.3.3 准备yum 源和相关目录
[root@centos6 ~]#mkdir -pv /var/www/html/centos/6/os/x86_64
[root@centos6 ~]#mount /dev/sr0 /var/www/html/centos/6/os/x86_64
6.3.4 准备kickstart文件
[root@centos6 ~]#mkdir /var/www/html/ks/
[root@centos6 ~]#vim /var/www/html/centos/ks/centos6.cfg
[root@centos6 ~]#grep -vE ‘^#|^$‘ /var/www/html/centos/ks/centos6.cfg
install
text
reboot
url --url=http://10.0.0.100/centos/6/os/x86_64/
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp ?--noipv6
rootpw ?--iscrypted
$6$b6C5mM/BwOMBoK8H$cYZFrHoNlOL0iDsxOTRhwnWJ3yfFmf7mRJBOxEqGoI56UMrT8J7qlrGwX7tS
nOf7wKxYR2hAvAREILDgOgsFe1
firewall --disabled
authconfig --enableshadow --passalgo=sha512
selinux --disabled
timezone Asia/Shanghai
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb
quiet"
zerombr
clearpart --all --initlabel
part /boot --fstype=ext4 --size=1024
part / --fstype=ext4 --size=50000
part /data --fstype=ext4 --size=30000
part swap --size=2048
%packages
@core
@server-policy
@workstation-policy
autofs
vim-enhanced
%end
%post
useradd wang
echo magedu | passwd --stdin wang &> /dev/null
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/* /etc/yum.repos.d/bak
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
name=base
baseurl=file:///misc/cd
gpgcheck=0
EOF
%end
6.3.5 配置DHCP服务
[root@centos6 ~]#cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample
/etc/dhcp/dhcpd.conf
[root@centos6 ~]#vim /etc/dhcp/dhcpd.conf
[root@centos6 ~]#cat /etc/dhcp/dhcpd.conf
option domain-name "example.com";
option domain-name-servers 10.0.0.1;
subnet 10.0.0.0 netmask 255.255.255.0 {
?range 10.0.0.1 10.0.0.200;
?option routers 10.0.0.1;
?filename "pxelinux.0";
?next-server 10.0.0.100;
}
[root@centos6 ~]#service dhcpd start
6.3.6 准备PXE启动相关文件
[root@centos6 ~]#mkdir /var/lib/tftpboot/pxelinux.cfg/
[root@centos6 ~]#cp /usr/share/syslinux/pxelinux.0 ?/var/lib/tftpboot/
[root@centos6 ~]#cd /misc/cd/images/pxeboot/
[root@centos6 ~]#cp vmlinuz initrd.img /var/lib/tftpboot
[root@centos6 ~]#Cd /misc/cd/isolinux/
[root@centos6 ~]#cp boot.msg vesamenu.c32 splash.jpg /var/lib/tftpboot
[root@centos6 ~]#cp /misc/cd/isolinux/isolinux.cfg
/var/lib/tftpboot/pxelinux.cfg/default
[root@centos6 ~]#tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot.msg
├── initrd.img
├── pxelinux.0
├── pxelinux.cfg
│ ??└── default
├── splash.jpg
├── vesamenu.c32
└── vmlinuz
1 directory, 7 files
6.3.7 准备启动菜单文件
[root@centos6 ~]#vim /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32 #指定菜单风格
#prompt 1
timeout 600?
display boot.msg?
menu background splash.jpg
menu title Welcome to wang CentOS 6
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000?
label auto
menu label ^Automatic Install Centos6
kernel vmlinuz
append initrd=initrd.img ks=http://10.0.0.100/ks/centos6.cfg
label manual
menu label ^Manual Install Centos
kernel vmlinuz
append initrd=initrd.img inst.repo=http://10.0.0.100/centos/6/isos/x86_64/
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
6.3.8 测试客户端基于PXE实现自动安装
新准备一台主机,设置网卡引导,可看到看启动菜单,并实现自动安装
6.4 在CentOS7 上实现PXE自动化安装CentOS
6.4.1 安装前准备
关闭防火墙和SELINUX,DHCP服务器静态IP
网络要求:关闭Vmware软件中的DHCP服务
6.4.2 安装相关软件包并启动服务
[root@centos7 ~]#yum -y install httpd tftp-server dhcp syslinux system-config-kickstart
[root@centos7 ~]#systemctl enable --now httpd tftp dhcpd
注意:由于dhcp还没有配置,此时还无法立即启动
6.4.3 准备yum源和相关目录
[root@centos7 ~]#mkdir -pv /var/www/html/centos/7/os/x86_64
[root@centos7 ~]#mount /dev/sr0 /var/www/html/centos/7/os/x86_64
6.4.4 准备kickstart文件
[root@centos7 ~]#mkdir /var/www/html/ks/
[root@centos7 ~]#vim /var/www/html/ks/centos7.cfg
[root@centos7 ~]#grep -vE ‘^#|^$‘ /var/www/html/ks/centos7.cfg
install
xconfig ?--startxonboot
keyboard --vckeymap=us --xlayouts=‘us‘
rootpw --iscrypted $1$bpNEv8S5$lK.CjNkf.YCpFPHskSNiN0
url --url="http://10.0.0.100/centos/7/os/x86_64"
lang en_US
auth ?--useshadow ?--passalgo=sha512
text
firstboot --enable
selinux --disabled
skipx
services --disabled="chronyd"
ignoredisk --only-use=sda
firewall --disabled
network ?--bootproto=dhcp --device=ens33
reboot
timezone Asia/Shanghai --nontp
bootloader --append="crashkernel=auto" --location=mbr --boot-drive=sda
zerombr
clearpart --all --initlabel
part swap --fstype="swap" --ondisk=sda --size=3072
part / --fstype="xfs" --ondisk=sda --size=51200
part /boot --fstype="xfs" --ondisk=sda --size=1024
part /data --fstype="xfs" --ondisk=sda --size=30720
%post
useradd wang
%end
%packages
@core
%end
6.4.5 配置DHCP服务
[root@centos7 ~]#vim /etc/dhcp/dhcpd.conf
option domain-name "example.com";
default-lease-time 600;
max-lease-time 7200;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.1 10.0.0.200;
option routers 10.0.0.1;
next-server 10.0.0.100;
filename "pxelinux.0";
}
[root@centos7 ~]#systemctl start dhcpd
6.4.6 准备PXE启动相关文件
[root@centos7 ~]#mkdir /var/lib/tftpboot/pxelinux.cfg/
[root@centos7 ~]#cp /usr/share/syslinux/{pxelinux.0,menu.c32}
/var/lib/tftpboot/
[root@centos7 ~]#cp /misc/cd/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/
[root@centos7 ~]#cp /misc/cd/isolinux/isolinux.cfg
/var/lib/tftpboot/pxelinux.cfg/default
最终目录文件列表如下:
/var/lib/tftpboot/
├── initrd.img
├── menu.c32
├── pxelinux.0
├── pxelinux.cfg
│ └── default
└── vmlinuz
6.4.7 准备启动菜单
[root@centos7 ~]#Vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 600
menu title PXE INSTALL MENU
label auto
menu label ^Auto Install CentOS 7
kernel vmlinuz
append initrd=initrd.img ks=http://10.0.0.100/ks/centos7.cfg
label manual
menu label ^Manual Install CentOS 7
kernel vmlinuz
append initrd=initrd.img inst.repo=http://10.0.0.100/centos/7/os/x86_64
label local
?menu default
?menu label ^Boot from local drive
?localboot 0xffff
6.4.8 测试客户端基于PXE实现自动安装
新准备一台主机,设置网卡引导,可看到看启动菜单,并实现自动安装
6.5 在 CentOS 8 上实现PXE自动化安装 CentOS 6,7,8
6.5.1 安装前准备
关闭防火墙和SELINUX,DHCP服务器静态IP
网络要求:关闭Vmware软件中的DHCP服务,基于NAT模式
注意:CentOS 7,8使用 1G 内存会提示空间不足,建议2G
6.5.2 安装相关软件包并启动
[root@centos8 ~]#dnf -y install dhcp-server tftp-server httpd syslinux-nonlinux
[root@centos8 ~]#systemctl enable --now httpd tftp dhcpd
6.5.3 配置DHCP服务
[root@centos8 ~]#cp /usr/share/doc/dhcp-server/dhcpd.conf.example
/etc/dhcp/dhcpd.conf
[root@centos8 ~]#vim /etc/dhcp/dhcpd.conf
option domain-name "example.com";
option domain-name-servers 180.76.76.76,223.6.6.6;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.1 10.0.0.200;
option routers 10.0.0.1;
next-server 10.0.0.100;
filename "pxelinux.0";
}
[root@centos8 ~]#systemctl start dhcpd
6.5.4 准备yum 源和相关目录
[root@centos8 ~]#mkdir -pv /var/www/html/centos/{6,7,8}/os/x86_64/
[root@centos8 ~]#mount /dev/sr0 /var/www/html/centos/6/os/x86_64/
[root@centos8 ~]#mount /dev/sr1 /var/www/html/centos/7/os/x86_64/
[root@centos8 ~]#mount /dev/sr2 /var/www/html/centos/8/os/x86_64/
6.5.5 准备kickstart文件
[root@centos8 ~]#mkdir /var/www/html/ks/
[root@centos8 ~]#vim /var/www/html/ks/centos6.cfg #内容参看6.3.4
[root@centos8 ~]#vim /var/www/html/ks/centos7.cfg #内容参看6.4.4
[root@centos8 ~]#vim /var/www/html/ks/centos8.cfg
[root@centos8 ~]#grep -Ev " (#|)" /var/www/html/ks/centos8.cfg
ignoredisk --only-use=sda
zerombr
text
reboot
clearpart --all --initlabel
selinux --disabled
firewall --disabled
url --url=http://10.0.0.100/centos/8/os/x86_64/
keyboard --vckeymap=us --xlayouts=‘us‘
lang en_US.UTF-8
network ?--bootproto=dhcp --device=ens160 --ipv6=auto --activate
network ?--hostname=centos8.magedu.com
rootpw --iscrypted
$6$j9YhzDUnQVnxaAk8$qv7rkMcPAEbV5yvwsP666DXWYadd3jYjkA9fpxAo9qYotjGGBUclCGoP1TRv
gHBpqgc5n0RypMsPTQnVDcpO01
firstboot --enable
skipx
services --disabled="chronyd"
timezone Asia/Shanghai --isUtc --nontp
user --name=wang --
password=6oUfb/02CWfLb5l8f$sgEZeR7c7DpqfpmFDH6huSmDbW1XQNR4qKl2EPns.gOXqlnAIgv9p
TogtFVaDtEpMOC.SWXKYqxfVtd9MCwxb1 --iscrypted --gecos="wang"
part / --fstype="xfs" --ondisk=sda --size=102400
part /data --fstype="xfs" --ondisk=sda --size=51200
part swap --fstype="swap" --ondisk=sda --size=2048
part /boot --fstype="ext4" --ondisk=sda --size=1024
%packages
@^minimal-environment
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb=‘auto‘
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
6.5.6 准备PXE启动相关文件
[root@centos8 ~]#mkdir /var/lib/tftpboot/centos{6,7,8}
#准备CentOS6,7,8各自的内核相关文件
[root@centos8 ~]#cp
/var/www/html/centos/6/os/x86_64/isolinux/{vmlinuz,initrd.img}
/var/lib/tftpboot/centos6
[root@centos8 ~]#cp
/var/www/html/centos/7/os/x86_64/isolinux/{vmlinuz,initrd.img}
/var/lib/tftpboot/centos7
[root@centos8 ~]#cp
/var/www/html/centos/8/os/x86_64/isolinux/{vmlinuz,initrd.img}
/var/lib/tftpboot/centos8
[root@centos8 ~]#cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot/
#以下三个文件是CentOS8安装所必须文件,CentOS6,7则不需要
[root@centos8 ~]#cp
/var/www/html/centos/8/os/x86_64/isolinux/{ldlinux.c32,libcom32.c32,libutil.c32}
/var/lib/tftpboot/
#生成安装菜单文件
[root@centos8 ~]#mkdir /var/lib/tftpboot/pxelinux.cfg/
[root@centos8 ~]#cp /var/www/html/centos/8/os/x86_64/isolinux/isolinux.cfg
/var/lib/tftpboot/pxelinux.cfg/default
#最终目录结构如下
[root@centos8 ~]#tree /var/lib/tftpboot
.
├── centos6
│ ?├── initrd.img
│ ?└── vmlinuz
├── centos7
│ ?├── initrd.img
│ ?└── vmlinuz
├── centos8
│ ?├── initrd.img
│ ?└── vmlinuz
├── ldlinux.c32
├── libcom32.c32
├── libutil.c32
├── menu.c32
├── pxelinux.0
└── pxelinux.cfg
?└── default
4 directories, 12 files
6.5.7 准备启动菜单文件
[root@centos8 ~]#vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 600
menu title Install CentOS Linux
label linux8
menu label Auto Install CentOS Linux ^8
kernel centos8/vmlinuz
append initrd=centos8/initrd.img ks=http://10.0.0.100/ks/centos8.cfg
label linux7
menu label Auto Install CentOS Linux ^7
kernel centos7/vmlinuz
append initrd=centos7/initrd.img ks=http://10.0.0.100/ks/centos7.cfg
label linux6
menu label Auto Install CentOS Linux ^6
kernel centos6/vmlinuz
append initrd=centos6/initrd.img ks=http://10.0.0.100/ks/centos6.cfg
label manual
menu label ^Manual Install CentOS Linux 8.0
kernel centos8/vmlinuz
append initrd=centos8/initrd.img
inst.repo=http://10.0.0.100/centos/8/os/x86_64/
label rescue
menu label ^Rescue a CentOS Linux system 8
kernel centos8/vmlinuz
append initrd=centos8/initrd.img
inst.repo=http://10.0.0.100/centos/8/os/x86_64/ rescue
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
6.5.8 测试客户端基于PXE实现自动安装
新准备一台主机,设置网卡引导,可看到看启动菜单,并实现自动安装
注意:VMware workstation 对于不同的CentOS 版本,生成的虚拟机的硬件并不兼容
7 利用cobbler实现自动化安装
7.1 Cobbler简介
Cobbler是一款Linux生态的自动化运维工具,基于Python2开发,用于自动化批量部署安装操作
系
统;其提供基于CLI的管理方式和WEB配置界面,其中WEB配置界面是基于Python2和Django框架
开
发。另外,cobbler还提供了API,方便二次开发。Cobbler属于C/S模型(客户端/服务器模型)
Cobbler主要用于快速网络安装linux操作系统,支持众多的Linux发行版如:Red Hat、Fedora、CentOS、Debian、Ubuntu和SuSE等,甚至支持windows的安装
Cobbler实质是PXE的二次封装,将多种安装参数封装到一起,并提供统一的管理方法
7.2 Cobbler的相关服务
使用Cobbler安装系统需要一台专门提供各种服务的服务器,提供的服务包括(HTTP/FTP/NFS,TFTP,DHCP),也可以将这几个服务分别部署到不同服务器。事实上在实际应用中,总是将不同的服务分别部署到专门的服务器。
Cobbler是在HTTP、TFTP、DHCP等各种服务的基础上进行相关操作的,实际安装的大体过程类似于基于PXE的网络安装:客户端(裸机)开机使用网卡引导启动,其请求DHCP分配一个地址后从TFTP服务器获取启动文件,加载到客户端本地内存中运行,并显示出可安装的系统列表;在人为的选定安装的操作系统类型后,客服端会到HTTP服务器下载相应的系统安装文件并执行自动安装
7.3 Cobbler的工作原理
client裸机配置了从网络启动后,开机后会广播包请求DHCP服务器(cobbler server)发送其分配
好的一个IP
DHCP服务器(cobbler server)收到请求后发送responese,包括其ip地址
client裸机拿到ip后再向cobbler server发送请求OS引导文件的请求
cobbler server告诉裸机OS引导文件的名字和TFTP server的ip和port
client裸机通过上面告知的TFTP server地址通信,下载引导文件
client裸机执行执行该引导文件,确定加载信息,选择要安装的os,期间会再向cobbler server请
求kickstart文件和os image
cobbler server发送请求的kickstart和os iamge
client裸机加载kickstart文件
client裸机接收os image,安装该os image
7.4 安装Cobbler及其相关的服务和组件
Cobbler所依赖的服务包括HTTPD,TFTP,DHCP等,如果有web界面要求,还需要安装相关的组件
CentOS 8目前还没有提供Cobbler相关包
[root@centos7 ~]#yum install dhcp cobbler cobbler-web pykickstart
[root@centos7 ~]#systemctl enable --now cobbler httpd tftp dhcpd
相关包说明:
httpd:提供yum源,并配合cobbler-web使得cobbler可以通过web网页界面进行配置管理
tftp-server:提供启动和菜单等相关文件网络下载功能
cobbler-web : 提供基于web的cobbler管理界面
pykickstart.noarch : 基于python的管理kickstart文件的库
说明:
Cobbler依赖于epel源,在安装cobbler之前需要配置epel源
在安装cobbler时会自因为依赖而安装httpd,tftp-server相关包
7.5 Cobbler配置文件及各目录情况
7.5.1 配置文件
/etc/cobbler/settings #cobbler 主配置文件
/etc/cobbler/iso/ #iso模板配置文件
/etc/cobbler/pxe ?#pxe模板文件
/etc/cobbler/power #电源配置文件
/etc/cobbler/user.conf ?#web服务授权配置文件
/etc/cobbler/users.digest #web访问的用户名密码配置文件
/etc/cobbler/dhcp.template #dhcp服务器的的配置模板
/etc/cobbler/dnsmasq.template #dns服务器的配置模板
/etc/cobbler/tftpd.template #tftp服务的配置模板
/etc/cobbler/modules.conf #cobbler模块的配置文件
7.5.2 数据目录
/var/lib/cobbler/config/ ??#用于存放distros,system,profiles 等信息的配置文件
/var/lib/cobbler/triggers/ ?#用于存放用户定义的cobbler命令
/var/lib/cobbler/kickstarts/ # 默认存放kickstart文件
/var/lib/cobbler/loaders/ ??#存放各种引导程序
7.5.3 镜像目录
/var/www/cobbler/ks_mirror/ ?#导入的发行版系统的所有数据
/var/www/cobbler/images/ ???#导入发行版kernel和initrd镜像用于远程网络启动
/var/www/cobbler/repo_mirror/ ?#yum 仓库存储目录
7.5.4 日志目录
/var/log/cobbler/installing #客户端安装日志
/var/log/cobbler/cobbler.log #cobbler日志
7.6 配置及启动cobblerd服务
检测cobbler的运行环境,并根据提示逐步配置cobbler
cobbler check
The following are potential configuration items that you may want to fix:
1 : The ‘server‘ field in /etc/cobbler/settings must be set to something other
than localhost, or kickstarting features will not work. This should be a
resolvable hostname or IP for the boot server as reachable by all machines that
will use it.
2 : For PXE to be functional, the ‘next_server‘ field in /etc/cobbler/settings
must be set to something other than 127.0.0.1, and should match the IP of the
boot server on the PXE network.
3 : change ‘disable‘ to ‘no‘ in /etc/xinetd.d/tftp
7.7 cobbler命令用法
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may
run ‘cobbler get-loaders‘ to download them, or, if you only want to handle
x86/x86_64 netbooting, you may ensure that you have installed a *recent* version
of the syslinux package installed and can ignore this message entirely. Files
in this directory, should you want to support all architectures, should include
pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders‘ command
is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian
deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed
machines (default_password_crypted in /etc/cobbler/settings) is still set to
‘cobbler‘ and should be changed, try: "openssl passwd -1 -salt ‘random-phrase-
here‘ ‘your-password-here‘" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power
management features. install cman or fence-agents to use them
Restart cobblerd and then run ‘cobbler sync‘ to apply changes.
1.更改/etc/xinetd.d/tftp配置文件
vim /etc/xinetd.d/tftp
disable ?= ?yes ?--> disable ?= no
systemctl restart xinetd
2.联网下载boot引导程序文件
cobbler get-loaders
3.没有网络情况下拷贝启动文件到TFTP服务文件夹
cp -a /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot
4.更改/etc/cobbler/settings配置文件的server项为提供cobblerd服务的主机地址,也就是本机地址
sed -nri ‘s#server:127.0.0.1#server:192.168.100.100#‘ /etc/cobbler/settings
更改后的整行内容:server:192.168.100.100
5.更改/etc/cobbler/settings配置文件的next_server项,指明tftp服务器地址,使得客户端能够找
到TFTP服务器
sed -i ‘s/next_server: 127.0.0.1/next_server: 192.168.100.100/‘
/etc/cobbler/settings
更改后的整行内容:next_server:192.168.100.100
6.配置相应的选项来使用cobbler管理dhcp服务和tftp服务
manage_dhcp:1
manage_tftpd:1
7.pxe_just_once选项,该选项置1表示在pxe安装块结束时在cobbler系统中做相应的记录,这样会避免
如果客户机的BIOS选项中PXE启动处于第一位导致的循环重启;如果第一个启动硬件不是PXE启动那就置0。
pxe_just_once:1
配置完成后重启
systemctl restart cobblerd
7.7 cobbler命令用法
[root@centos7 ~]#cobbler
usage
=====
cobbler <distro|profile|system|repo|image|mgmtclass|package|file> ...
???[add|edit|copy|getks*|list|remove|rename|report] [options|--help]
cobbler
<aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version
|signature|get-loaders|hardlink> [options|--help]
可以使用下面的方式得到使用帮助
[root@centos7 ~]#cobbler distro --help
usage
=====
cobbler distro add
cobbler distro copy
cobbler distro edit
cobbler distro find
cobbler distro list
cobbler distro remove
cobbler distro rename
cobbler distro report
[root@old_centos7 ~]#cobbler distro add --help
Usage: cobbler [options]
Options:
?-h, --help ?????show this help message and exit
?--name=NAME ?????Name (Ex: Fedora-11-i386)
?--ctime=CTIME
?--mtime=MTIME
?--uid=UID ???Owners (Owners list for authz_ownership (space delimited))
...省略...
常见用法:
#列出当前导入的linux发行版条目
cobbler distro list
#报告当前所有的linux发行版详细信息
cobbler distro report
#导入系统源文件生成仓库
cobbler import --name=centos-8.0-x86_64 --path=/mnt --arch=x86_64
#将linux发行版系统镜像与其对应的ks文件建立关联
cobbler profile --name=centos7 --distro=centos7-x86_64 --
kickstart=/var/lib/cobbler/kickstarts/ks7.cfg
7.8 将linux发行版导入到cobbler在httpd服务的文件夹下
cobbler将系统yum源文件存放在 /var/www/cobbler/ks_mirror目录下
cobbler import --name=centos6 --path=/var/www/html/centos/6/isos/x86_64/ --arch=x86_64
cobbler import --name=centos7 --path=/var/www/html/centos/7/isos/x86_64/ --arch=x86_64
cobbler import --name=centos8 --path=/var/www/html/centos/8/isos/x86_64/ --arch=x86_64
导入后重启并同步
systemctl restart cobblerd
cobbler sync
范例:
[root@centos7 ~]#du -sh /var/www/cobbler/ks_mirror/*
11G /var/www/cobbler/ks_mirror/centos-7.7-x86_64
7.2G /var/www/cobbler/ks_mirror/centos-8.1-x86_64
12K /var/www/cobbler/ks_mirror/config
7.9 配置linux发行版和关联相应的ks文件
拷贝事先准备好的ks文件至/var/lib/cobbler/kickstarts目录下
[root@centos7 ~]#cp /var/www/html/ks/centos{6,7,8}.ks
/var/lib/cobbler/kickstarts
将linux发行版系统镜像与其对应的ks文件建立关联
cobbler profile --name=centos6 --distro=centos6-x86_64 --
kickstart=/var/lib/cobbler/kickstarts/centos6.cfg
cobbler profile --name=centos7 --distro=centos7-x86_64 --
kickstart=/var/lib/cobbler/kickstarts/centos7.cfg
cobbler profile --name=centos8 --distro=centos8-x86_64 --
kickstart=/var/lib/cobbler/kickstarts/centos8.cfg
注意,在导入distro时,cobbler会自动生成distro条目,这些并未和ks文件关联,可以使用
cobbler profile remove --name=PROFILE_NAME
删除后,再关联ks文件。
建立关联后重启并同步
systemctl restart cobblerd
cobbler sync
查看详细信息
cobbler report
范例:
[root@centos7 ~]#cobbler report
distros:
==========
Name ?????????????: centos7-x86_64
Architecture ?????????: x86_64
TFTP Boot Files ???????: {}
Breed ????????????: redhat
Comment ???????????:
Fetchable Files ???????: {}
Initrd ????????????: /var/www/cobbler/ks_mirror/centos7-
x86_64/images/pxeboot/initrd.img
Kernel ????????????: /var/www/cobbler/ks_mirror/centos7-
x86_64/images/pxeboot/vmlinuz
Kernel Options ????????: {}
Kernel Options (Post Install) : {}
Kickstart Metadata ??????: {‘tree‘:
‘http://@@http_server@@/cblr/links/centos7-x86_64‘}
Management Classes ??????: []
OS Version ??????????: rhel7
Owners ????????????: [‘admin‘]
Red Hat Management Key ????: <<inherit>>
Red Hat Management Server ??: <<inherit>>
Template Files ????????: {}
Name ?????????????: centos8-x86_64
Architecture ?????????: x86_64
TFTP Boot Files ???????: {}
Breed ????????????: redhat
Comment ???????????:
Fetchable Files ???????: {}
Initrd ????????????: /var/www/cobbler/ks_mirror/centos8-
x86_64/images/pxeboot/initrd.img
Kernel ????????????: /var/www/cobbler/ks_mirror/centos8-
x86_64/images/pxeboot/vmlinuz
Kernel Options ????????: {}
Kernel Options (Post Install) : {}
Kickstart Metadata ??????: {‘tree‘:
‘http://@@http_server@@/cblr/links/centos8-x86_64‘}
Management Classes ??????: []
OS Version ??????????: rhel8
Owners ????????????: [‘admin‘]
Red Hat Management Key ????: <<inherit>>
Red Hat Management Server ??: <<inherit>>
Template Files ????????: {}
Name ?????????????: centos6-x86_64
Architecture ?????????: x86_64
TFTP Boot Files ???????: {}
Breed ????????????: redhat
Comment ???????????:
Fetchable Files ???????: {}
Initrd ????????????: /var/www/cobbler/ks_mirror/centos6-
x86_64/images/pxeboot/initrd.img
Kernel ????????????: /var/www/cobbler/ks_mirror/centos6-
x86_64/images/pxeboot/vmlinuz
Kernel Options ????????: {}
Kernel Options (Post Install) : {}
Kickstart Metadata ??????: {‘tree‘:
‘http://@@http_server@@/cblr/links/centos6-x86_64‘}
Management Classes ??????: []
OS Version ??????????: rhel6
Owners ????????????: [‘admin‘]
Red Hat Management Key ????: <<inherit>>
Red Hat Management Server ??: <<inherit>>
Template Files ????????: {}
profiles:
Owners ????????????: [‘admin‘]
Parent Profile ????????:
Internal proxy ????????:
Red Hat Management Key ????: <<inherit>>
Red Hat Management Server ??: <<inherit>>
Repos ????????????: []
Server Override ???????: <<inherit>>
Template Files ????????: {}
Virt Auto Boot ????????: 1
Virt Bridge ?????????: xenbr0
Virt CPUs ??????????: 1
Virt Disk Driver Type ????: raw
Virt File Size(GB) ??????: 5
Virt Path ??????????:
Virt RAM (MB) ????????: 512
Virt Type ??????????: xenpv
Name ?????????????: Install_centos6
TFTP Boot Files ???????: {}
Comment ???????????:
DHCP Tag ???????????: default
Distribution ?????????: centos6-x86_64
Enable gPXE? ?????????: 0
Enable PXE Menu? ???????: 1
Fetchable Files ???????: {}
Kernel Options ????????: {}
Kernel Options (Post Install) : {}
Kickstart ??????????: /var/lib/cobbler/kickstarts/ks6.cfg
Kickstart Metadata ??????: {}
Management Classes ??????: []
Management Parameters ????: <<inherit>>
Name Servers ?????????: []
Name Servers Search Path ???: []
Owners ????????????: [‘admin‘]
Parent Profile ????????:
Internal proxy ????????:
Red Hat Management Key ????: <<inherit>>
Red Hat Management Server ??: <<inherit>>
Repos ????????????: []
Server Override ???????: <<inherit>>
Template Files ????????: {}
Virt Auto Boot ????????: 1
Virt Bridge ?????????: xenbr0
Virt CPUs ??????????: 1
Virt Disk Driver Type ????: raw
Virt File Size(GB) ??????: 5
Virt Path ??????????:
Virt RAM (MB) ????????: 512
Virt Type ??????????: xenpv
systems:
==========
repos:
==========
images:
==========
mgmtclasses:
==========
packages:
==========
files:
==========
上面信息中有一行如下:
Kickstart Metadata ??????: {‘tree‘:
‘http://@@http_server@@/cblr/links/centos8-x86_64‘}
该行的定义在文件 /var/www/cobbler/ks_mirror/config/centos8-x86_64.repo中
是cobbler自己定义安装源路径的特有语法规定的,因此可以在ks文件中指定安装
源时直接指定为$tree变量。
url --url=$tree
范例:
[root@centos7 ~]#vim /var/www/cobbler/ks_mirror/config/centos8-x86_64.repo
[core-0]
name=core-0
baseurl=http://@@http_server@@/cobbler/ks_mirror/centos8-x86_64/AppStream
enabled=1
gpgcheck=0
priority=$yum_distro_priority
7.10 启动菜单优化
修改/etc/cobbler/pxe/pxedefault.template模板文件,重启同步
[root@centos7 ~]#vim /etc/cobbler/pxe/pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE Welcome! | www.wangxiaochun.com ??# 自定义项
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT $pxe_timeout_profile
LABEL local
???MENU LABEL (local installation) # 自定义项1
???MENU DEFAULT
???LOCALBOOT -1
$pxe_menu_items
MENU end
[root@centos7 ~]#systemctl restart cobblerd
[root@centos7 ~]#cobbler sync
重启同步后cobbler更新文件/var/lib/tftpboot/pxelinux.cfg/default
[root@centos7 ~]#vim /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Welcome! | www.wangxiaochun.com
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
???MENU LABEL (local installation)
???MENU DEFAULT
???LOCALBOOT -1
LABEL Install_centos6
???kernel /images/centos6-x86_64/vmlinuz
???MENU LABEL Install_centos6
???append initrd=/images/centos6-x86_64/initrd.img ksdevice=bootif lang=
kssendmac text ?ks=http://192.168.100.100/cblr/svc/op/ks/profile/Install_centos6
???ipappend 2
LABEL Install_centos7
???kernel /images/centos7-x86_64/vmlinuz
???MENU LABEL Install_centos7
???append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang=
kssendmac text ?ks=http://192.168.100.100/cblr/svc/op/ks/profile/Install_centos7
???ipappend 2
LABEL Install_centos8
???kernel /images/centos8-x86_64/vmlinuz
???MENU LABEL Install_centos8
???append initrd=/images/centos8-x86_64/initrd.img ksdevice=bootif lang=
kssendmac text ?ks=http://192.168.100.100/cblr/svc/op/ks/profile/Install_centos8
???ipappend 2
MENU end
7.11 基于web界面来管理配置cobbler
7.11.1 安装cobbler-web
yum install cobbler-web
systemctl restart httpd
7.11.2 访问web界面
用浏览器访问:https://cobblerserver/cobbler_web
cobbler-web界面的默认账号,用户名:cobbler 密码:cobbler
cobbler访问图示
默认账户密码都是:cobbler
7.11.3 WEB的登录认证方式
认证方法配置文件:/etc/cobbler/modules.conf
支持多种认证方法:
authn_configfile,此为默认的认证方法
authn_pam
使用authn_configfile模块认证cobbler_web用户
vim /etc/cobbler/modules.conf
[authentication]
module=authn_configfile
创建其认证文件/etc/cobbler/users.digest,并添加所需的用户
htdigest -c /etc/cobbler/users.digest Cobbler admin
使用已有用户文件,在其中添加新用户
htdigest /etc/cobbler/users.digest Cobbler admin2
注意:
使用“-c”选项用于创建用户文件,如果文件已存在,将覆盖原文件
cobbler_web的realm只能为Cobbler
使用authn_pam模块认证cobbler_web用户
vim /etc/cobbler/modules.conf
[authentication]
module = authn_pam
systemctl restart cobblerd
创建cobbler用户:
useradd -s /sbin/nologin cobbleruser
echo magedu | passwd --stdin cobbleruser
vim /etc/cobbler/users.conf
[admins]
admin = "cobbleruser"
7.12 Trouble Shooting
7.12.1 故障1
这种情况是ks文件中的安装源路径出错,改为如下:
centos6: url --url=http://httpserver/ksdir/ks.cfg 或者 url --url=$tree
centos7: url --url=http://httpserver/ksdir/ks.cfg 或者 url --url=$tree
centos8: url --url=http://httpserver/ksdir/ks.cfg 或者 url --url=$tree
7.12.2 故障2
这种情况是因为在安装配置cobbler时httpd服务一直在运行中,没有正确的为cobbler提供服务,因此重启httpd服务就ok了 systemctl restart httpd
7.12.3 故障3
httpd服务运行中安装cobbler-web包后无法访问https://cobblerserver/cobbler-web管理界面?
yum源更新后的Django版本和cobbler不兼容,更新cobbler 2.8.5新版后,此故障已修复
#提示如果无法打开web页面,可以执行面操作
[root@centos7 ~]#yum install python2-pip
#安装指定版本的Django
[root@centos7 ~]#pip install Django==1.8.17
[root@centos7 ~]#systemctl restart httpd
7.13 实战案例:CentOS 7 基于cobbler实现系统的自动化安装
7.13.1 环境准备
两台主机
一台主机:CentOS 7 充当 Cobbler,http,dhcp,tftp 服务器,并关闭防火墙和SELinux
一台主机:充当测试机,用于实现自动化安装Linux系统
网络要求:关闭Vmware软件中的NAT模式中的DHCP服务,两个主机网卡基于NAT模式
7.13.2 安装相关包并启动服务
[root@centos7 ~]#yum install cobbler dhcp -y
[root@centos7 ~]#systemctl enable --now cobblerd httpd tftp dhcpd
7.13.3 修改cobbler相关的配置
[root@centos7 ~]#cobbler check
The following are potential configuration items that you may want to fix:
1 : The ‘server‘ field in /etc/cobbler/settings must be set to something other
than localhost, or kickstarting features will not work. This should be a
resolvable hostname or IP for the boot server as reachable by all machines that
will use it.
2 : For PXE to be functional, the ‘next_server‘ field in /etc/cobbler/settings
must be set to something other than 127.0.0.1, and should match the IP of the
boot server on the PXE network.
3 : change ‘disable‘ to ‘no‘ in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may
run ‘cobbler get-loaders‘ to download them, or, if you only want to handle
x86/x86_64 netbooting, you may ensure that you have installed a *recent* version
of the syslinux package installed and can ignore this message entirely. Files
in this directory, should you want to support all architectures, should include
pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders‘ command
is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian
deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed
machines (default_password_crypted in /etc/cobbler/settings) is still set to
‘cobbler‘ and should be changed, try: "openssl passwd -1 -salt ‘random-phrase-
here‘ ‘your-password-here‘" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power
management features. install cman or fence-agents to use them
#生成新密码,默认安装好的系统root密码为cobbler
[root@centos7 ~]#openssl passwd -1 ‘magedu‘
$1$1spuisnh$j34LNmyTQWs3l6xKxCZY60
#根据以上提示,只需要做1,2,8这三项即可,修改下面四行
[root@centos7 ~]#vim /etc/cobbler/settings
default_password_crypted: "$1$1spuisnh$j34LNmyTQWs3l6xKxCZY60"
next_server:< tftp服务器的 IP 地址>
server:<cobbler服务器的 IP 地址>
manage_dhcp:1 ?#设置为1,表示通过cobbler生成dhcpd.conf配置文件
[root@centos7 ~]#systemctl restart cobblerd
7.13.4 实现dhcp服务
#修改dhcp的模版文件下面的行,用来生成dhcp的配置文件
[root@centos7 ~]#vim /etc/cobbler/dhcp.template
subnet 192.168.100.0 netmask 255.255.255.0 {
??option routers ??????192.168.100.1;
??option domain-name-servers 180.76.76.76,223.6.6.6;
??option subnet-mask ????255.255.255.0;
??range dynamic-bootp ???192.168.100.1 192.168.100.200;
[root@centos7 ~]#cobbler sync
[root@centos7 ~]#systemctl start dhcpd
7.13.5 下载启动的相关文件
[root@centos7 ~]#cobbler get-loaders
task started: 2020-02-10_163111_get_loaders
task started (id=Download Bootloader Content, time=Mon Feb 10 16:31:11 2020)
downloading https://cobbler.github.io/loaders/README to
/var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to
/var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to
/var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to
/var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to
/var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to
/var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to
/var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to
/var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to
/var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to
/var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@centos7 ~]#ls /var/lib/cobbler/loaders
COPYING.elilo ??COPYING.yaboot grub-x86_64.efi menu.c32 ?README
COPYING.syslinux elilo-ia64.efi grub-x86.efi ??pxelinux.0 yaboot
[root@centos7 ~]#tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
├── etc
├── grub
├── images
├── images2
├── ppc
├── pxelinux.cfg
└── s390x
8 directories, 0 files
[root@centos7 ~]#cobbler sync
task started: 2020-02-10_163219_sync
task started (id=Sync, time=Mon Feb 10 16:32:19 2020)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 ->
/var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi ->
/var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi ->
/var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@centos7 ~]#tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│??└── grub
│????└── menu.lst
├── etc
├── grub
│??├── efidefault
│??├── grub-x86_64.efi
│??├── grub-x86.efi
│??└── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│??└── default
├── s390x
│??└── profile_list
└── yaboot
10 directories, 10 files
7.13.6 修改菜单的标题信息(可选)
[root@centos7 ~]#vim /etc/cobbler/pxe/pxedefault.template
MENU TITLE Cobbler | http://www.magedu.com/
[root@centos7 ~]#cobbler sync
[root@centos7 ~]#cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://www.magedu.com/ ?#默认为:http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
???MENU LABEL (local)
???MENU DEFAULT
???LOCALBOOT -1
MENU end
[root@centos7 ~]#cobbler sync
7.13.7 导入CentOS系统的安装文件,生成相应的YUM源
[root@centos7 ~]#cobbler import --name=centos-8.1-x86_64 --path=/misc/cd --
arch=x86_64
[root@centos7 ~]#mount /dev/sr1 /mnt
mount: /dev/sr1 is write-protected, mounting read-only
[root@centos7 ~]#cobbler import --name=centos-7.7-x86_64 --path=/mnt --
arch=x86_64
[root@centos7 ~]#du -sh /var/www/cobbler/ks_mirror/*
11G /var/www/cobbler/ks_mirror/centos-7.7-x86_64
7.2G /var/www/cobbler/ks_mirror/centos-8.1-x86_64
12K /var/www/cobbler/ks_mirror/config
[root@centos7 ~]#cobbler distro list
?centos-7.7-x86_64
?centos-8.1-x86_64
[root@centos7 ~]#cobbler profile list
?centos-7.7-x86_64
?centos-8.1-x86_64
#默认生成的是最小化安装
7.13.8 准备 kickstart文件,并关联至指定的YUM源
[root@centos7 ~]#vim /var/lib/cobbler/kickstarts/centos8.cfg
[root@centos7 ~]#cat /var/lib/cobbler/kickstarts/centos8.cfg
ignoredisk --only-use=sda
zerombr
text
reboot
clearpart --all --initlabel
selinux --disabled
firewall --disabled
url --url=$tree ?#注意此行必须指定
keyboard --vckeymap=us --xlayouts=‘us‘
lang en_US.UTF-8
network ?--bootproto=dhcp --device=ens160 --ipv6=auto --activate
network ?--hostname=centos8.magedu.com
rootpw --iscrypted
$6$nOPs5JTMlP4mhQeW$R/o62B6SXAh3RR.zrZ3U0X4xYX9/u5nSLrR/vqCB6kdO2XFfMk2a4yAgrHJQ
pXK/e4jzRb0jiLBv2nFMXaBjB/
firstboot --enable
skipx
services --disabled="chronyd"
timezone Asia/Shanghai --isUtc --nontp
user --name=wang --
password=$6$oUfb/02CWfLb5l8f$sgEZeR7c7DpqfpmFDH6huSmDbW1XQNR4qKl2EPns.gOXqlnAIgv
9pTogtFVaDtEpMOC.SWXKYqxfVtd9MCwxb1 --iscrypted --gecos="wang"
part / --fstype="xfs" --ondisk=sda --size=102400
part /data --fstype="xfs" --ondisk=sda --size=51200
part swap --fstype="swap" --ondisk=sda --size=2048
part /boot --fstype="ext4" --ondisk=sda --size=1024
%packages
@^minimal-environment
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb=‘auto‘
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
#将kickstart文件,关联指定的YUM源和生成菜单列表
[root@centos7 ~]#cobbler profile add --name=CentOS-8.1_test --distro=CentOS-8.1-
x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos8.cfg
[root@centos7 ~]#cobbler profile add --name=CentOS-7.7_test --distro=CentOS-7.7-
x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg
#删除默认生成的菜单
[root@centos7 ~]#cobbler profile remove --name=centos-8.1-x86_64
[root@centos7 ~]#cobbler profile remove --name=centos-7.7-x86_64
[root@centos7 ~]#cobbler profile list
?CentOS-7.7_test
?CentOS-8.1_test
#删除默认的菜单列表
[root@centos7 ~]#cobbler profile remove --name=CentOS8.0-x86_64
7.13.9 测试客户端基于Cobbler实现自动安装
7.13.10 支持UEFI安装
注意:CentOS6的虚拟机不支持UEFI
修改文件设置时间,默认不显示菜单
#修改模版文件
[root@cobbler-centos7 ~]#vim /etc/cobbler/pxe/efidefault.template
[root@cobbler-centos7 ~]#cat /var/lib/tftpboot/grub/efidefault
default=0
timeout=60
$grub_menu_items
#使模版生效
[root@cobbler-centos7 ~]#cobbler sync
#验证生效
[root@cobbler-centos7 ~]#head -n 2 /var/lib/tftpboot/grub/efidefault
default=0
timeout=0
设置客户端的启动使用UEFI
启动客户机可以看到面界面
选择对应的菜单进行自动安装
7.13.11 实现cobbler 的web管理
[root@centos7 ~]#yum -y install cobbler-web
[root@centos7 ~]#systemctl restart httpd
通过浏览器访问下面地址: https://cobblerserver/cobbler_web
用户名:cobbler,默认密码:cobbler
7.13.12 创建cobbler的自定义的web用户
[root@centos7 ~]#cat /etc/cobbler/users.digest
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3
[root@centos7 ~]#htdigest -c /etc/cobbler/users.digest Cobbler admin
Adding password for admin in realm Cobbler.
New password:
Re-type new password:
[root@centos7 ~]#cat /etc/cobbler/users.digest
admin:Cobbler:461941848a17e1b412f94c100a79bf75
3
[root@centos7 ~]#htdigest /etc/cobbler/users.digest Cobbler admin2
Adding user admin2 in realm Cobbler
New password:
Re-type new password:
[root@centos7 ~]#cat /etc/cobbler/users.digest
admin:Cobbler:461941848a17e1b412f94c100a79bf75
3
admin2:Cobbler:8e3ab6cc196fac11dcf0512c200a672f
使用上面命令创建的用户登录web界面
登录成功后,可以看到下面界面
原文:https://www.cnblogs.com/zhaihongyu/p/13019783.html