已授权给51CTO,首发地址:http://os.51cto.com/art/201109/288604.htm,此链接文章为完全版,此篇文章略有删改。
《摩登时代》这部片子大家应该都很熟习,在工业大生产下,每一个工序都需要人为的操作来完成,工人的压力之大,强度之高是有目共睹的。
在当今时代,各种自动化营运而生,工人、技术员只需要在操作台操纵几个按钮,所有产品便可以自动的生产,而技术人员只需要定期的进行检查即可。
试想,我们的SA们要如何从烦杂的事务性工作中解放出来呢。运维自动化这条路非走不可。
Cobbler是一个快速网络安装linux的服务,当然在经过调整也可以支持网络安装windows,配合koan工具,能更便捷的完成linux系统的重新安装。
Cobbler使用python开发,是一款小巧轻便的应用(才1.5w行代码),使用简单的命令即可完成PXE网络安装环境的配置,同时cobbler还可以管理DHCP,DNS,yum包镜像。
Cobbler支持命令行管理,web界面管理(如右图),甚至提供了API接口,可以方便二次开发使用。
使用cobbler不会因为在局域网中启动了dhcp而导致有些机器因为默认从pxe启动在重启服务器后加载tftp内容导致启动终止。常用架构如下图:
对于centos本身源 ,可根据自己所在地选择离自己近的镜像源,比如mirrors.163.com或mirrors.sohu.com
1,安装epel
rpm -Uvh 'http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm'
2,安装dhcp服务
yum -y install dhcp
3,其他服务的安装
额外需要的服务还有tftp,rsync,xinetd,httpd所以如果安装系统的时候如果这几个包没装上,请手动安装。
4,关闭selinux
建议最好重启一下,让selinux的设置生效
1,cobbler安装
yum -y install cobbler
2,cobbler的配置
启动cobbler
# /etc/init.d/cobblerd start
启动httpd服务
# /etc/init.d/httpd start
检查配置,执行
cobbler check
执行完后出现下面的信息
The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost,or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : you need to set some SELinux content rules to ensure cobbler works correctly in your SELinux environment, run the following: /usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && \ /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*" 4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot.The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : change 'disable' to 'no' in /etc/xinetd.d/tftp 6 : change 'disable' to 'no' in /etc/xinetd.d/rsync 7 : since iptables may be running, ensure 69, 80, and 25151 are unblocked 8 : debmirror package is not installed, it will be required to manage debian deployments and repositories 9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one Restart cobblerd and then run 'cobbler sync' to apply changes.
接下来就来逐一的解决上面出现的情况。
1,编辑/etc/cobbler/settings文件,找到 server选项,修改为适当的ip地址,本实例配置ip为:192.168.10.1
2,同样编辑/etc/cobbler/settings文件,找到 next_server选项,修改为适当的ip地址,本实例配置ip为:192.168.10.1
3,如果在之前的准备工作中将selinux设置为disabled并重启过服务器的话,提示3应该不会出现,建议将selinux设置为disabled,如果必须保留,请根据3中的提示进行设置。
4,执行 cobbler get-loaders,系统将自动下载loader程序,完成提示4的修复工作。
5,编辑/etc/xinetd.d/tftp文件,将文件中的disable字段的配置由yes改为no
6,编辑/etc/xinetd.d/rsync文件,将文件中的disable字段的配置由yes改为no
7,如果仅仅只是在内部环境中使用,建议直接将防火墙关掉
8,如果不是安装 debian之类的系统,此提示可以忽略,如果需要安装,下载地址http://rpmfind.net/linux/rpm2html/search.php?query=debmirror,centos6使用rhel5的包就可以。
9,修改cobbler用户的默认密码,可以使用如下命令生成密码,并使用生成后的密码替换/etc/cobbler/settings中的密码
生成密码命令:openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'
其中“random-phrase-here”为扰码
所有提示全部fix之后,执行
/etc/init.d/cobblerd restart
执行如下命令
cobbler import --path=rsync://mirrors.163.com/centos/6.0/os/i386/ --name=centos-6.0-i386
task started: 2011-08-12_143009_import task started (id=Media import, time=Fri Aug 12 14:30:09 2011) running: rsync -a 'rsync://10.4.8.1/centos/6.0/os/i386/' /var/www/cobbler/ks_mirror/centos-6.0-i386 --exclude-from=/etc/cobbler/rsync.exclude --progress received on stdout: receiving file list ... 4555 files to consider 中间部分省略…………………… sent 100341 bytes received 4633547466 bytes 8784166.46 bytes/sec total size is 4632564894 speedup is 1.00 received on stderr: adding distros scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature found content (breed=redhat) at /v creating new distro: centos-6.0-i386 creating new profile: centos-6.0-i386 associating repos traversing distro centos-6.0-i386 scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature found content (breed=redhat) at /v descent into /var/www/cobbler/ks_mirror/centos-6.0-i386 processing repo at : /var/www/cobbler/ks_mirror/centos-6.0-i386 need to process repo/comps: /var/www/cobbler/ks_mirror/centos-6.0-i386 looking for /var/www/cobbler/ks_mirror/centos-6.0-i386/repodata/*comps*.xml running: createrepo -c cache -s sha --groupfile /var/www/cobbler/ks_mirror/centos-6.0-i386/repodata/73a3b7e0741eba6cafa8d5404b02565060e7f2293caab10657074186c48e713b-c6-i386-comps.xml /var/www/cobbler/ks_mirror/centos-6.0-i386 1278/4519 - Packages/clutter-1.0.6-3.el6.i686.rpm iso-8859-1 encoding on Ville Skytt - 2.8.2-2 4519/4519 - Packages/xorg-x11-twm-1.0.3-5.1.el6.i686.rpm Saving Primary metadata Saving file lists metadata Saving other metadata received on stderr: associating kickstarts scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature found content (breed=redhat) at /v *** TASK COMPLETE ***
从上面显示信息所知,cobbler会将镜像中的拷贝到本地一份,放-在/var/www/cobbler/ks_mirrors下的centos-6.0-i386目录下。同时会创建一个名字为centos-6.0-i386的一个发布版本,一个名字为centos-6.0-i386的profile文件。
首先修改cobbler配置,让cobbler来管理dhcp服务,编辑文件/etc/cobbler/settings
manage_dhcp: 1
修改上面的设置,由0改为1,如果已经是1可以忽略此步。
接下来修改/etc/cobbler/dhcp.template,文件,此文件是cobbler管理dhcp的模板
对于此文件,本例中只需要修改如下部分
subnet 192.168.10.0 netmask 255.255.255.0 { option routers 192.168.10.1; option domain-name-servers 8.8.8.8; option subnet-mask 255.255.255.0; range dynamic-bootp 192.168.10.100 192.168.10.254; filename "/pxelinux.0"; default-lease-time 21600; max-lease-time 43200; next-server $next_server; }
其余部分维持默认值即可。
到目前为止,全部的准备工作已经就算全部完成了。接下来要做的就是启动服务了,因在之前的调试过程中,很多服务已经启动过了,这里只需要启动xinetd服务即可
/etc/init.d/xinetd start
执行
# cobbler sync
会看到如下列提示。cobbler会自动进行初始化工作。会移除已经存在的启动项。然后根据模板拷贝loader文件。生成pxe的配置文件,生成dhcp的配置文件,最后在重启dhcp服务。
task started: 2011-08-11_170706_sync task started (id=Sync, time=Thu Aug 11 17:07:06 2011) running pre-sync triggers cleaning trees removing: /var/www/cobbler/images/centos-6.0-i386 removing: /var/lib/tftpboot/pxelinux.cfg/default removing: /var/lib/tftpboot/grub/images removing: /var/lib/tftpboot/grub/grub-x86.efi removing: /var/lib/tftpboot/grub/efidefault removing: /var/lib/tftpboot/grub/grub-x86_64.efi removing: /var/lib/tftpboot/images/centos-6.0-i386 removing: /var/lib/tftpboot/s390x/profile_list copying bootloaders trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros copying files for distro: centos-6.0-i386 trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/centos-6.0-i386/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/centos-6.0-i386/initrd.img trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/vmlinuz -> /var/www/cobbler/images/centos-6.0-i386/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/initrd.img -> /var/www/cobbler/images/centos-6.0-i386/initrd.img copying images generating PXE configuration files rendering DHCP files generating /etc/dhcp/dhcpd.conf cleaning link caches generating PXE menu structure running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running: dhcpd -t -q received on stdout: received on stderr: running: /etc/rc.d/init.d/dhcpd restart received on stdout: Shutting down dhcpd: [ OK ] Starting dhcpd: [ OK ] received on stderr: running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE ***
至此,就可以使用虚拟机来测试cobbler安装了。
在启动的时候选择PXE的模式。
然后就能看到下面的图示内容。虚拟机通过dhcp获得了122段的ip,然后通过tftp获得到pxe的启动文件。
如下图,就是cobbler的pxe安装启动菜单,这里有我们刚刚创建好的centos的版本。
在之后的内容就不用我介绍了。系统安装或使用默认的ks文件,经过短暂的等待,系统就自动被安装好了。
安装好的如下图所示。
以上所有内容虽然是在kvm虚拟机上测试的,但完全可以直接使用于生产环境中,不会给现有环境带来任何影响。唯一需要做的就是规划好现有网络。
对于很多人担心的生成环境开启DHCP服务问题,我也考虑过了,我认为,不会对现有生产环境产生任何影响,理由有2
1,没有人会在装好系统后让网卡使用dhcp模式,通常都是为网卡配置静态ip
2,从测试过程中看到,就算是服务器默认设置成了通过pxe启动,而且也顺利的通过pxe启动了,但之后会收到cobbler的引导菜单,如果默认没有任何选择的话,20秒后会使用local方式加载,也就是启动硬盘上的系统。
从上两条解释来看,cobbler还是很安全的。
© 2011, 深夜的蚊子. 版权所有. 如转载,请注明:转载自 蚊子空间[http://www.wenzizone.cn]