cobbler是一个使用python开发的开源项目,通过部署系统所设计的所有服务集中在一起,来提供一个全自动批量安装快速建立Linux系统的网络安装环境。Cobbler提供了DHCP管理、YUM源管理、电源管理等功能,除此之外还支持命令行管理、WEB界面管理,并且提供了API接口,方便进行二次开发。
下面将利用一台CentOS系统虚拟机搭建Cobbler服务平台,为其他新机器安装Linux操作系统。
部署Cobbler环境
1、导入epel源
服务端共享安装:
epel-release-latest-7.noarch.rpm
//软件仓库项目
该软件包可以使得yum仓库可以在线升级或者下载所需软件包;
2、正式部署服务
yum install cobbler cobbler-web dhcp tftp-server pykickstart httpd rsync xinetd
//安装所需服务(此处各项服务功能在PXE装机中有所介绍,并且功能作相似)
// rsync为远程同步管理服务
systemctl restart httpd.service
//启动httpd服务systemctl start cobblerd.service
//启动cobbler服务,只有安装好cobbler服务后,启动服务,才能对后面cobbler自动装机所需服务进行优化。vim /etc/cobbler/settings //修改cobbler服务配置文件
next_server: 192.168.144.130 //指定PXE位置
server: 192.168.144.130
//指定自动装机服务器地址
manage_dhcp: 1
//管理dhcp启动(因为本服务器也需要提供DHCP服务,所以通过cobbler平台一起管理)
systemctl stop firewalld.service //关闭防火墙
setenforce 0 //关闭增强安全功能
systemctl restart cobblerd.service
上述cobbler服务配置完成后,重启服务,利用cobbler check 继续优化其他服务
cobbler check
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:https://github.com/cobbler/cobbler/wiki/Selinux
4 : change 'disable' to 'no' in /etc/xinetd.d/tftp
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
//根据上述提示优化信息进行进一步优化。
下面三条可以忽略不去处理
1 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:https://github.com/cobbler/cobbler/wiki/Selinux
2 : debmirror package is not installed, it will be required to manage debian deployments and repositories
3 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
根据上述优化提示可知:
1、需要在/etc/cobbler/settings中
设置PXE位置和服务器地址,即next-server和server地址;
2、在/etc/xinetd.d/tftp打开tftp服务
3、在/etc/cobbler/settings中设置自动装机管理员密码(利用盐值加密工具)
4、设置rsync远程同步管理,并且完成同步。
设置自动装机管理员登陆密码
openssl passwd -1 -salt '123123' '123123' //盐值加密工具加密
$1$123123$kDle2KnwbPHdm1UZEE79V. //加密结果继续回settings文件中:
default_password_crypted: "$1$123123$kDle2KnwbPHdm1UZEE79V." //粘贴
保存退出settings文件
下载安装引导文件
cobbler get-loaders //利用cobbler服务自动下载引导操作系统文件
启动远程同步管理服务
systemctl start rsyncd.service
打开tftp服务
vim /etc/xinetd.d/tftp
disable = no //启用tftp
systemctl restartxinetd.service//重启服务
配置Cobbler服务控制dhcp模板
vim /etc/cobbler/dhcp.template
subnet 192.168.144.0 netmask 255.255.255.0 { //设置分配网段
option routers 192.168.144.1; //修改网关
option domain-name-servers 192.168.144.2; //修改DNS
option subnet-mask 255.255.255.0; //设置子网掩码
range dynamic-bootp 192.168.144.100 192.168.144.200; //修改地址池
同步dhcp
cobbler sync
//帮助同步生成DHCP配置文件systemctl restart dhcpd.service
//重启dhcpd服务
到此,服务部署完成,接下来需要利用cobbler平台复制系统镜像文件,方便系统自动安装。
cobbler import --path=/mnt/ --name=CentOS-7-x86_64 --arch=x86_64 //导入iso镜像
(这里我将光盘镜像挂载到/mnt下,因此从/mnt下导入)
/var/www/cobbler/ks_mirror/CentOS-7-x86_64 //默认导入存放位置
导入完成后,重启所有服务:
systemctl restart xinetd.service
systemctl restart httpd.service
systemctl restart rsyncd.service
systemctl restart dhcpd.service
systemctl restart cobblerd.service
然后,找一台新的机器连接自动安装即可;
新机器安装界面如下:选择操作系统即可安装!
cobbler web页面管理
第一种
/etc/cobbler/modules.conf //authn_configfile 模块认证
htdigest -c /etc/cobbler/users.digest Cobbler cbadmin
输入两次确认密码 例如:abc123
systemctl restart cobblerd.service
systemctl restart httpd.service
web账户为 cbadmin 密码为 abc123
浏览器中访问https://192.168.144.130/cobbler_web
第二种 pam认证
vim /etc/cobbler/modules.conf
module = authn_pam //修改pam认证
module = authz_ownership //在users.conf指定访问权限
useradd webuser
passwd webuser
vim /etc/cobbler/users.conf