PXE工作原理:
tftp:提供的是pxe环境
dhcp:用来分配IP地址的
http:用提供镜像文件
客户端在安装的系统时会用网卡,进行获取IP地址,这是IP地址是有DHCP服务器分配得到,但dhcp服务器返回IP地址的同时会返回一个附加信息数据
(新附加数据 如 next-server 172.16.3.2;filename="pxelinux.0";),来告诉客户端可以去找下一个服务器获取文件的。 tftp服务器会把请求的文件pxelinux.0提供的所 有文件(PXE的引导文件)返回给客户端。
引导文件会被客户端理解为网卡的mbr,会被加载到内核中运行,获得到引导界面,会提示用户是否安装,
如果是则会寻找kickstart文件并加载下来,根据引导mbr进而获取到http服务器上提供的镜像文件,进行完全完整,安装完成后,会根据kickstart文件应答进行重启。
PXE与cobbler区别:
PXE环境是不能运行提供两个不同版本的镜像文件的安装的(只能提供一个发行版,一个kickstart文件)
cobbler是什么?
是个增强版的PXE:运行N个发行版的镜像文件仓库,并同时提供了不同的kickstart进行不同环境版本系统的安装。也支持一个镜像文件仓库,使用不同配置的kickstart文件来满足不同环境中的配置。
一个发行版中提供了多种不同的系统
cobbler
核心组件:
Distribution 每一个distribution就相当于仓库(存放的一个发行版镜像)
Repository:指定用户去那里访问distribution安装时所需要的程序的一个地址。
Profile:指定那一个文件对应的Distribution仓库来定义的(把repositorise和distribution合并起来并附加一个kickstart文件,从而提供了一个自动化安装的过程)porfile可以有多个实现不同的安装环境
System:指定IP、MAC和profile安装时是那个(不是必须的组件 )
实际配置案例cobbler:
1、安装cobbler包
# yum install cobbler
2、启动cobbler服务
# tree /var/www/cobbler
/var/www/cobbler
├── aux 辅助文件的存放位置
│?? ├── anamon
│?? └── anamon.init
├── images 影响文件的存放位置
├── ks_mirror 导入存放的整个光盘文件(yum源仓库位置)
│?? └── config
├── links
├── localmirror
├── pub
├── rendered
├── repo_mirror repo的yum的比如说epel源的仓库等
└── svc
├── services.py
├── services.pyc
└── services.pyo
# service cobblerd start
# ss -tnlp | grep cobblerd (查看监听端口)
LISTEN 0 5 127.0.0.1:25151 *:* users:(("cobblerd",5010,9))
3、修复cobbler并初始化
# cobbler --help
# cobbler check(检查环境并说明要解决的问题)
执行“cobbler check命令检查存的问题,而后逐一按提示解决之。常见的问题如下所示:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
4 : change 'disable' to 'no' in /etc/xinetd.d/rsync
5 : comment 'dists' on /etc/debmirror.conf for proper debian support
6 : comment 'arches' on /etc/debmirror.conf for proper debian support
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
如上各问题的解决方法如下所示:
1、修改/etc/cobbler/settings文件中的server参数的值为提供cobbler服务的主机相应的IP地址或主机名,如172.16.3.2;
2、修改/etc/cobbler/settings文件中的next_server参数的值为提供PXE服务的主机相应的IP地址,如172.16.3.2;
3、如果当前节点可以访问互联网,执行“cobbler get-loaders”命令即可;否则,需要安装syslinux程序包,而后复制/usr/share/syslinux/{pxelinux.0,menu.c32}等文件至/var/lib/cobbler/loaders/目录中;
4、执行“chkconfig rsync on”命令即可;
5、注释/etc/debmirror.conf文件中的“@dists="sid";”一行;
6、注释/etc/debmirror.conf文件中的“@arches="i386";”一行;
7、执行“openssl passwd -1 -salt $(openssl rand -hex 4)”生成密码,并用其替换/etc/cobbler/settings文件中default_password_crypted参数的值;
8、执行“yum install cman fence-agents”命令安装相应的程序包即可;
# cobbler sync
4、配置cobber依赖的服务:
# yum install dhcp
# cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp
# cd /etc/dhcp
# mv dhcpd.conf.sample dhcpd.conf
# cat dhcpd.conf
option domain-name "ning.com";
option domain-name-servers 172.16.0.1, 8.8.8.8;
default-lease-time 43200;
max-lease-time 86400;
log-facility local7;
subnet 172.16.3.0 netmask 255.255.255.0 {
range 172.16.3.100 172.16.3.200;
option routers 172.16.0.1;
}
next-server 172.16.3.2;
filename="pxelinux.0";
# service dhcpd start 启动服务查看监听接口67
# ss -unlp | grep dhcpd
UNCONN 0 0 *:67 *:* users:(("dhcpd",6449,7))
5、配置tftp
# yum install tftp-server
# service xinetd restart
# ss -unlp | grep xinetd 查看监听接口
UNCONN 0 0 *:69 *:* users:(("xinetd",6540,8))
6、cobbler配置
管理distro
# mount /dev/cdroom /media
# cobbler import --path=/media --name=centos-6.5-x86_64 导入光盘数据导入的位置为/var/www/cobbler/ks_mirror/下名称为centos-6.5-x86_64的整个镜像文件也所以yum源
# cobbler distro list(复制完成后,查看是否有这个导入的文件名称)
centos-6.5-x86_64
7、管理profile
# vim centos6.x86_64.cfg 根据自己的情况自己编辑kickstart文件
# mv centos6.x86_64.cfg /tmp
# ksvalidator centos6.x86_64.cfg 验证centos6.x86_64.cfg 有没有错误
# cobbler profile list默认会自定义一个profile文件(导入的时候生成的)
centos-6.5-x86_64
自定义profile文件
# cobbler profile add --name=centos-6.5-x86_64-basic --distro=centos-6.5-x86_64 --kickstart=/tmp/centos6.x86_64.cfg
# cobbler profile list
centos-6.5-x86_64
centos-6.5-x86_64-basic
# cobbler sync 同步下数据(同步生成的文件# vim /var/lib/tftpboot/pxelinux.cfg/default 同步生成的数据可以查看下)
# service httpd restart (这里为什么要重新启动httpd服务器呢?因为cobbler是最为为httpd的模块安装的,当你修改了cobbler将需要重启httpd服务)
8、测试即可
新建个虚拟机我们这里的镜像是centos6.x86_64所以你创建的时候注意下架构问题
我们这里对centos6.x86_64.cfg做个解释
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url="http://172.16.3.2/cobbler/ks_mirror/centos-6.5-x86_64/" 注意这里的路径可以用命令# lftp http://172.16.3.2/cobbler访问下yum源在什么位置
# Root password
rootpw --iscrypted $1$a0be1c29$FmI.wPqXAKYRinUJ42e1p0 这里指定的root用户的密钥可以用(openssl passwd -1 -salt $(openssl rand -hex 4))生成密钥
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Installation logging level
logging --level=info --host=172.16.3.2 主机172.16.3.2登入时的日志级别
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# System bootloader configuration
bootloader --append="rhgb crashkernel=auto quiet" --location=mbr --driveorder="sda"
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part /boot --fstype="ext4" --size=200
part pv.008 --size=61440
volgroup vg0 --pesize=8192 pv.008
logvol / --fstype=ext4 --name=root --vgname=vg0 --size=20480
logvol swap --name=swap --vgname=vg0 --size=2048
logvol /usr --fstype=ext4 --name=usr --vgname=vg0 --size=10240
logvol /var --fstype=ext4 --name=var --vgname=vg0 --size=20480
#repo --name="Fedora EPEL" --baseurl=http://172.16.3.2/fedora-epel/6/x86_64/ --cost=1000 这里是指定epel源的,如果下面没有自己指定的安装epel源中的软件,将不需要指定
%post
echo -e 'Mage Education Learning Services\nhttp://www.magedu.com\n' >> /etc/issue
sed -i '1,$s@id:[0-9]:initdefault:@id:3:initdefault:@g' /etc/inittab
[ ! -d /root/.ssh ] && mkdir /root/.ssh && chmod og=--- /root/.ssh
cat >> /root/.ssh/authorized_keys << EOF 这里指定的是添加主机的公钥信息到,远程安装的这个主机上,呵呵这是后门你懂的。
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3kJiempa6wCE4hBeaQ3/Z63LmYe5qMy/lXrk6jK6upX+9UoC6q+hNSq16vmR+uhr5PYF8gWYzCGVNhlxzz4/aRWOoyKMy9FbtoQWU5ay9wJhIOF+gwDgeEvuwpdOKWhhacIVr0Jr75TZGRSJCufv2IvQ5WzOVSusj2+PZ8pRDilR5zjjYHVxlqgG7RbID615lQ7CCn/Ywxnlp0UHXDhiuElHdvfbRO2XQ3VS3cEk2r5J/EUkG4c12Ao+li2EkIj1DrQ1yRHJ7c4TiOM+eYcdWWiGvYG9jxb8iofJSMzy/YJKQoJEl8PpgAokQ0M70KSZJdIIvdr0SoYZK6CCg3Vv6w== root@localhost.localdomain
EOF
# Enable funcd
#sed -i 's@certmaster =.*@certmaster = 172.16.0.1@g' /etc/certmaster/minion.conf
#/sbin/chkconfig funcd off
# Set the hostname
ClientName=`ifconfig eth0 | awk '/inet addr:/{print $2}' | awk -F. '{print $NF}'`
sed -i "s@HOSTNAME=.*@HOSTNAME=client$ClientName.magelinux.com@g" /etc/sysconfig/networks
# set puppet agent
#sed -i '/\[main\]/a server=server.magelinux.com' /etc/puppet/puppet.conf
#/sbin/chkconfig puppet off
# set hosts
echo '172.16.0.1 server.magelinux.com server' >> /etc/hosts 指定172.16.0.1地址对应的主机名为server.magelinux.com server
%end
%packages
@base
@basic-desktop
@chinese-support
@client-mgmt-tools
@core
@desktop-platform
@fonts
@general-desktop
@graphical-admin-tools
@legacy-x
@network-file-system-client
@perl-runtime
@remote-desktop-clients
@x11
#func
lftp
ibus-table-cangjie
ibus-table-erbi
ibus-table-wubi
#puppet
%end
手动修改了kickstart文件
# cobbler profile edit --name=centos-6.5-x86_64-basic --distro=centos-6.5-x86_64 --kickstart=/tmp/centos6.x86_64.cfg
# cobbler profile list
# cobbler sync
下面我们解释下cobbler sync同步生成的文件
vim /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://www.cobblerd.org/ 这里指定的cobblerd的网址,是可以修改的
TIMEOUT 200 定义时间
TOTALTIMEOUT 6000
ONTIMEOUT local 上面的时间设置是设置在local上的
LABEL local
MENU LABEL (local)
MENU DEFAULT 指定的默认启动菜单
LOCALBOOT -1 -1显示说是从不本地磁盘启动
LABEL centos-6.5-x86_64
kernel /images/centos-6.5-x86_64/vmlinuz
MENU LABEL centos-6.5-x86_64
append initrd=/images/centos-6.5-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://172.16.3.2/cblr/svc/op/ks/profile/centos-6.5-x86_64
ipappend 2
LABEL centos-6.5-x86_64-basic
kernel /images/centos-6.5-x86_64/vmlinuz
MENU LABEL centos-6.5-x86_64-basic
append initrd=/images/centos-6.5-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://172.16.3.2/cblr/svc/op/ks/profile/centos-6.5-x86_64-basic
ipappend 2
MENU end
cobbler-web配置操作
1、安装包:
# yum install cobbler-web
# rpm -ql cobbler-web
/etc/httpd/conf.d/cobbler_web.conf 主配置文件
2、配置cobbler-web的用户验证功能
# vim /etc/cobbler/modules.conf
[authentication]
module = authn_pam 我们这里使用pam来进行用户验证
3、创建用户
[root@localhost ~]# useradd cobbleradmin
[root@localhost ~]# passwd cobbleradmin
Changing password for user cobbleradmin.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
4、在用户验证的配置文件中添加用户
# vim /etc/cobbler/user.conf
[admins]
admin = "cobbleradmin"
cobbler = ""
5、以上配置完成后重启服务:
# service cobblerd restart
# service httpd restart(这里为什么重启httpd呢?# ls /etc/httpd/conf.d/因为cobbler_web是以模块的形式安装到httpd中的
cobbler.conf cobbler_web.conf mod_dnssd.conf README ssl.conf welcome.conf wsgi.conf)
6、测试:
http://172.16.3.2/cobbler_web(有图)