cobbler自动化系统安装配置_style

PXE工作原理:
    tftp:提供的是pxe环境
    dhcp:用来分配IP地址的
    http:用提供镜像文件
    客户端在安装的系统时会用网卡,进行获取IP地址,这是IP地址是有DHCP服务器分配得到,但dhcp服务器返回IP地址的同时会返回一个附加信息数据
    (新附加数据 如    next-server 172.16.3.2;filename="pxelinux.0";),来告诉客户端可以去找下一个服务器获取文件的。 tftp服务器会把请求的文件pxelinux.0提供的所  有文件(PXE的引导文件)返回给客户端。
    引导文件会被客户端理解为网卡的mbr,会被加载到内核中运行,获得到引导界面,会提示用户是否安装,
    如果是则会寻找kickstart文件并加载下来,根据引导mbr进而获取到http服务器上提供的镜像文件,进行完全完整,安装完成后,会根据kickstart文件应答进行重启。

PXE与cobbler区别:
    PXE环境是不能运行提供两个不同版本的镜像文件的安装的(只能提供一个发行版,一个kickstart文件)
    cobbler是什么?
        是个增强版的PXE:运行N个发行版的镜像文件仓库,并同时提供了不同的kickstart进行不同环境版本系统的安装。也支持一个镜像文件仓库,使用不同配置的kickstart文件来满足不同环境中的配置。
                一个发行版中提供了多种不同的系统

cobbler
    核心组件:
        Distribution  每一个distribution就相当于仓库(存放的一个发行版镜像)
        Repository:指定用户去那里访问distribution安装时所需要的程序的一个地址。
        Profile:指定那一个文件对应的Distribution仓库来定义的(把repositorise和distribution合并起来并附加一个kickstart文件,从而提供了一个自动化安装的过程)porfile可以有多个实现不同的安装环境
        System:指定IP、MAC和profile安装时是那个(不是必须的组件 )

实际配置案例cobbler:

    1、安装cobbler包   
        # yum install cobbler
    2、启动cobbler服务
        # tree /var/www/cobbler
        /var/www/cobbler
        ├── aux                 辅助文件的存放位置
        │?? ├── anamon
        │?? └── anamon.init
        ├── images           影响文件的存放位置
        ├── ks_mirror       导入存放的整个光盘文件(yum源仓库位置)
        │?? └── config
        ├── links
        ├── localmirror
        ├── pub
        ├── rendered
        ├── repo_mirror     repo的yum的比如说epel源的仓库等
        └── svc
            ├── services.py
            ├── services.pyc
            └── services.pyo

        # service cobblerd start
        # ss -tnlp | grep cobblerd (查看监听端口)
        LISTEN     0      5                 127.0.0.1:25151                    *:*      users:(("cobblerd",5010,9))

    3、修复cobbler并初始化
        # cobbler --help

        # cobbler check(检查环境并说明要解决的问题)
        执行“cobbler check命令检查存的问题,而后逐一按提示解决之。常见的问题如下所示:
        1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
        2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
        3 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
        4 : change 'disable' to 'no' in /etc/xinetd.d/rsync
        5 : comment 'dists' on /etc/debmirror.conf for proper debian support
        6 : comment 'arches' on /etc/debmirror.conf for proper debian support
        7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
        8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

        Restart cobblerd and then run 'cobbler sync' to apply changes.

        如上各问题的解决方法如下所示:
        1、修改/etc/cobbler/settings文件中的server参数的值为提供cobbler服务的主机相应的IP地址或主机名,如172.16.3.2;
        2、修改/etc/cobbler/settings文件中的next_server参数的值为提供PXE服务的主机相应的IP地址,如172.16.3.2;
        3、如果当前节点可以访问互联网,执行“cobbler get-loaders”命令即可;否则,需要安装syslinux程序包,而后复制/usr/share/syslinux/{pxelinux.0,menu.c32}等文件至/var/lib/cobbler/loaders/目录中;
        4、执行“chkconfig rsync on”命令即可;
        5、注释/etc/debmirror.conf文件中的“@dists="sid";”一行;
        6、注释/etc/debmirror.conf文件中的“@arches="i386";”一行;
        7、执行“openssl passwd -1 -salt $(openssl rand -hex 4)”生成密码,并用其替换/etc/cobbler/settings文件中default_password_crypted参数的值;
        8、执行“yum install cman fence-agents”命令安装相应的程序包即可;

        # cobbler sync

    4、配置cobber依赖的服务:       
        # yum install dhcp
        # cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp   
        # cd /etc/dhcp
        # mv dhcpd.conf.sample dhcpd.conf
        # cat dhcpd.conf
        option domain-name "ning.com";
        option domain-name-servers 172.16.0.1, 8.8.8.8;

        default-lease-time 43200;
        max-lease-time 86400;

        log-facility local7;

        subnet 172.16.3.0  netmask 255.255.255.0 {
          range 172.16.3.100 172.16.3.200;
          option routers 172.16.0.1;
        }
        next-server 172.16.3.2;
        filename="pxelinux.0";
        # service dhcpd start  启动服务查看监听接口67
        # ss -unlp | grep dhcpd
        UNCONN     0      0                         *:67                       *:*      users:(("dhcpd",6449,7))
    5、配置tftp
        # yum install tftp-server
        # service xinetd restart
        # ss -unlp | grep xinetd   查看监听接口
        UNCONN     0      0                         *:69                       *:*      users:(("xinetd",6540,8))

    6、cobbler配置
        管理distro
            # mount /dev/cdroom /media
            # cobbler import --path=/media --name=centos-6.5-x86_64 导入光盘数据导入的位置为/var/www/cobbler/ks_mirror/下名称为centos-6.5-x86_64的整个镜像文件也所以yum源
            # cobbler distro list(复制完成后,查看是否有这个导入的文件名称)
                centos-6.5-x86_64
    7、管理profile    

         # vim centos6.x86_64.cfg 根据自己的情况自己编辑kickstart文件
         # mv centos6.x86_64.cfg /tmp
         # ksvalidator centos6.x86_64.cfg   验证centos6.x86_64.cfg 有没有错误
         # cobbler profile list默认会自定义一个profile文件(导入的时候生成的)
            centos-6.5-x86_64
    自定义profile文件
        # cobbler profile add --name=centos-6.5-x86_64-basic --distro=centos-6.5-x86_64 --kickstart=/tmp/centos6.x86_64.cfg
        # cobbler profile list
           centos-6.5-x86_64
           centos-6.5-x86_64-basic
        # cobbler sync 同步下数据(同步生成的文件# vim /var/lib/tftpboot/pxelinux.cfg/default 同步生成的数据可以查看下)

        # service httpd restart (这里为什么要重新启动httpd服务器呢?因为cobbler是最为为httpd的模块安装的,当你修改了cobbler将需要重启httpd服务)
    8、测试即可
            新建个虚拟机我们这里的镜像是centos6.x86_64所以你创建的时候注意下架构问题
            我们这里对centos6.x86_64.cfg做个解释
    #platform=x86, AMD64, or Intel EM64T                              
    #version=DEVEL
    # Firewall configuration
    firewall --disabled
    # Install OS instead of upgrade
    install
    # Use network installation
    url --url="http://172.16.3.2/cobbler/ks_mirror/centos-6.5-x86_64/"   注意这里的路径可以用命令# lftp http://172.16.3.2/cobbler访问下yum源在什么位置
    # Root password
    rootpw --iscrypted $1$a0be1c29$FmI.wPqXAKYRinUJ42e1p0              这里指定的root用户的密钥可以用(openssl passwd -1 -salt $(openssl rand -hex 4))生成密钥
    # System authorization information
    auth  --useshadow  --passalgo=sha512
    # Use text mode install
    text
    firstboot --disable
    # System keyboard
    keyboard us
    # System language
    lang en_US
    # SELinux configuration
    selinux --disabled
    # Installation logging level
    logging --level=info --host=172.16.3.2                   主机172.16.3.2登入时的日志级别
    # Reboot after installation
    reboot
    # System timezone
    timezone  Asia/Shanghai
    # System bootloader configuration
    bootloader --append="rhgb crashkernel=auto quiet" --location=mbr --driveorder="sda"
    # Clear the Master Boot Record
    zerombr
    # Partition clearing information
    clearpart --all 
    # Disk partitioning information
    part /boot --fstype="ext4" --size=200
    part pv.008 --size=61440

    volgroup vg0 --pesize=8192 pv.008
    logvol / --fstype=ext4 --name=root --vgname=vg0 --size=20480
    logvol swap --name=swap --vgname=vg0 --size=2048
    logvol /usr --fstype=ext4 --name=usr --vgname=vg0 --size=10240
    logvol /var --fstype=ext4 --name=var --vgname=vg0 --size=20480

    #repo --name="Fedora EPEL"  --baseurl=http://172.16.3.2/fedora-epel/6/x86_64/ --cost=1000      这里是指定epel源的,如果下面没有自己指定的安装epel源中的软件,将不需要指定

    %post
    echo -e 'Mage Education Learning Services\nhttp://www.magedu.com\n' >> /etc/issue

    sed -i '1,$s@id:[0-9]:initdefault:@id:3:initdefault:@g' /etc/inittab

    [ ! -d /root/.ssh ] && mkdir /root/.ssh && chmod og=--- /root/.ssh

    cat >> /root/.ssh/authorized_keys << EOF                    这里指定的是添加主机的公钥信息到,远程安装的这个主机上,呵呵这是后门你懂的。
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3kJiempa6wCE4hBeaQ3/Z63LmYe5qMy/lXrk6jK6upX+9UoC6q+hNSq16vmR+uhr5PYF8gWYzCGVNhlxzz4/aRWOoyKMy9FbtoQWU5ay9wJhIOF+gwDgeEvuwpdOKWhhacIVr0Jr75TZGRSJCufv2IvQ5WzOVSusj2+PZ8pRDilR5zjjYHVxlqgG7RbID615lQ7CCn/Ywxnlp0UHXDhiuElHdvfbRO2XQ3VS3cEk2r5J/EUkG4c12Ao+li2EkIj1DrQ1yRHJ7c4TiOM+eYcdWWiGvYG9jxb8iofJSMzy/YJKQoJEl8PpgAokQ0M70KSZJdIIvdr0SoYZK6CCg3Vv6w== root@localhost.localdomain
    EOF

    # Enable funcd
    #sed -i 's@certmaster =.*@certmaster = 172.16.0.1@g' /etc/certmaster/minion.conf
    #/sbin/chkconfig funcd off

    # Set the hostname
    ClientName=`ifconfig eth0 | awk '/inet addr:/{print $2}' | awk -F. '{print $NF}'`
    sed -i "s@HOSTNAME=.*@HOSTNAME=client$ClientName.magelinux.com@g" /etc/sysconfig/networks

    # set puppet agent
    #sed -i '/\[main\]/a server=server.magelinux.com' /etc/puppet/puppet.conf
    #/sbin/chkconfig puppet off

    # set hosts
    echo '172.16.0.1  server.magelinux.com server' >> /etc/hosts    指定172.16.0.1地址对应的主机名为server.magelinux.com server

    %end

    %packages
    @base
    @basic-desktop
    @chinese-support
    @client-mgmt-tools
    @core
    @desktop-platform
    @fonts
    @general-desktop
    @graphical-admin-tools
    @legacy-x
    @network-file-system-client
    @perl-runtime
    @remote-desktop-clients
    @x11
    #func
    lftp
    ibus-table-cangjie
    ibus-table-erbi
    ibus-table-wubi
    #puppet

    %end
    手动修改了kickstart文件
    # cobbler profile edit --name=centos-6.5-x86_64-basic --distro=centos-6.5-x86_64 --kickstart=/tmp/centos6.x86_64.cfg
    # cobbler profile list
    # cobbler sync        

    下面我们解释下cobbler sync同步生成的文件
    vim /var/lib/tftpboot/pxelinux.cfg/default

    DEFAULT menu
    PROMPT 0
    MENU TITLE Cobbler | http://www.cobblerd.org/    这里指定的cobblerd的网址,是可以修改的
    TIMEOUT 200                          定义时间
    TOTALTIMEOUT 6000
    ONTIMEOUT local                    上面的时间设置是设置在local上的

    LABEL local
            MENU LABEL (local)
            MENU DEFAULT                指定的默认启动菜单
            LOCALBOOT -1            -1显示说是从不本地磁盘启动

    LABEL centos-6.5-x86_64
            kernel /images/centos-6.5-x86_64/vmlinuz
            MENU LABEL centos-6.5-x86_64
            append initrd=/images/centos-6.5-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://172.16.3.2/cblr/svc/op/ks/profile/centos-6.5-x86_64
            ipappend 2

    LABEL centos-6.5-x86_64-basic
            kernel /images/centos-6.5-x86_64/vmlinuz
            MENU LABEL centos-6.5-x86_64-basic
            append initrd=/images/centos-6.5-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://172.16.3.2/cblr/svc/op/ks/profile/centos-6.5-x86_64-basic
            ipappend 2

    MENU end   

cobbler-web配置操作   
        1、安装包:
            # yum install cobbler-web
            # rpm -ql cobbler-web
            /etc/httpd/conf.d/cobbler_web.conf 主配置文件
        2、配置cobbler-web的用户验证功能
        # vim /etc/cobbler/modules.conf
            [authentication]
            module = authn_pam   我们这里使用pam来进行用户验证
        3、创建用户
            [root@localhost ~]# useradd cobbleradmin
            [root@localhost ~]# passwd cobbleradmin
            Changing password for user cobbleradmin.
            New password:
            BAD PASSWORD: it is too short
            BAD PASSWORD: is too simple
            Retype new password:
            passwd: all authentication tokens updated successfully.
        4、在用户验证的配置文件中添加用户
            # vim /etc/cobbler/user.conf
            [admins]
            admin = "cobbleradmin"
            cobbler = ""

        5、以上配置完成后重启服务:
            # service cobblerd restart
            # service httpd restart(这里为什么重启httpd呢?# ls /etc/httpd/conf.d/因为cobbler_web是以模块的形式安装到httpd中的
                                        cobbler.conf  cobbler_web.conf  mod_dnssd.conf  README  ssl.conf  welcome.conf  wsgi.conf)
        6、测试:
http://172.16.3.2/cobbler_web(有图)

cobbler自动化系统安装配置_border_02

cobbler自动化系统安装配置_style_03

cobbler自动化系统安装配置_style_04