您的位置：首页 > 运维架构 > Linux

Cobbler部署文档V1.0

2016-06-14 09:57 645 查看

一、Cobbler 简介

Cobbler由python语言开发，是对PXE和Kickstart以及DHCP的封装。融合很多特性，提供了CLI和Web的管理形式。使用简单的命令即可完成PXE网络安装环境的配置，同时还可以管理DHCP、DNS、以及yum仓库、构造系统ISO镜像，Cobbler客户端Koan支持虚拟机安装和操作系统重新安装。Cobbler服务是一个容器，它整合了以下几个开源软件:
1 Dhcp
2 Dns (可选bind,dnsmasq)
3 Kickstart/PXE
4 Apache（提供kickstart 的安装源，并提供定制化的kickstart配置)
5 Tftp (PXE启动时需要)

1.1 Cobbler的主要组件关系图（官方文档图案）：

1.2 Cobbler 工作原理

简单的说明一下，
Server端：
第一步，启动Cobbler服务
第二步，进行Cobbler错误检查，执行cobbler check命令
第三步，进行配置同步，执行cobbler sync命令
第四步，复制相关启动文件文件到TFTP目录中
第五步，启动DHCP服务，提供地址分配
第六步，DHCP服务分配IP地址
第七步，TFTP传输启动文件
第八步，Server端接收安装信息
第九步，Server端发送ISO镜像与Kickstart文件
Client端：
第一步，客户端以PXE模式启动
第二步，客户端获取IP地址
第三步，通过TFTP服务器获取启动文件
第四步，进入Cobbler安装选择界面
第五步，客户端确定加载信息
第六步，根据配置信息准备安装系统
第七步，加载Kickstart文件
第八步，传输系统安装的其它文件
第九步，进行安装系统

二、Cobbler环境部署安装

2.1 安装虚拟机操作系统

2.2 Cobbler安装

2.2.1 配置本地YUM源

#!/bin/bash
#/usr/bin/scp root@IP:/soft/rhel-server-6.5-x86_64-dvd.iso /soft
/bin/mkdir -p /soft/yum
/bin/mount -o loop -t iso9660 /soft/rhel-server-6.5-x86_64-dvd.iso /soft/yum
cat >> /etc/rc.d/rc.local << EOF
/bin/mount -o loop -t iso9660 /soft/rhel-server-6.5-x86_64-dvd.iso /soft/yum
EOF
cd /etc/yum.repos.d
/bin/mkdir -p bak
/bin/touch yum.repo
/bin/mv rhel-source.repo bak
cat >> yum.repo << EOF
[Server]
name=rhel6.5
baseurl=file:///soft/yum
enable=1
gpgcheck=0
gpgkey=file:///soft/yum/RPM-GPG-KEY-redhat-release
EOF

2.2.2 系统参数调整

关闭selinux iptables等服务，配置NameServer
service abrt-ccpp stop
service abrtd stop
service acpid stop
service atd stop
service buletooth stop
service caermanager stop
service cpuspeed stop
service cups stop
service ip6tables stop
service iptables stop
service libvirt-guests stop
service mdmonitor stop
service nfslock stop
service NetworkManager stop
chkconfig abrt-ccpp off
chkconfig abrtd off
chkconfig acpid off
chkconfig atd off
chkconfig buletooth off
chkconfig caermanager off
chkconfig cpuspeed off
chkconfig cups off
chkconfig ip6tables off
chkconfig iptables off
chkconfig libvirt-guests off
chkconfig mdmonitor off
chkconfig nfslock off
chkconfig NetworkManager off

配置/etc/selinux/config中的SELINUX为disabled，并且稍后重启
/etc/resolv.conf中增加nameserver 192.168.1.2 配置

2.2.3 安装其余RPM包

#rpm –ivh epel-release-6-8.noarch.rpm
#rpm –ivh libyaml-0.1.3-4.el6_6.x86_64
#rpm –ivh PyYAML-3.10-3.1.el6.x86_64

2.2.4 安装cobbler

#yum -y install cobbler httpd cobbler-webdebmirror pykickstart tftp-serverrsync xinetd python-ctyoes cobbler-web
执行cobbler check 解决如下问题
The following are potential configurationitems that you may want to fix:
1 : The 'server' field in /etc/cobbler/settingsmust be set to something other than localhost, or kickstarting features willnot work. This should be a resolvablehostname or IP for the boot server as reachable by all machines that will useit.
2 : For PXE to be functional, the'next_server' field in /etc/cobbler/settings must be set to something otherthan 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in/etc/xinetd.d/tftp
4 : some network boot-loaders are missingfrom /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to downloadthem, or, if you only want to handle x86/x86_64 netbooting, you may ensure thatyou have installed a *recent* version of the syslinux package installed and canignore this message entirely. Files inthis directory, should you want to support all architectures, should includepxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' commandis the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in/etc/xinetd.d/rsync
6 : since iptables may be running, ensure69, 80/443, and 25151 are unblocked
7 : comment out 'dists' on/etc/debmirror.conf for proper debian support
8 : comment out 'arches' on/etc/debmirror.conf for proper debian support
9 : ksvalidator was not found, installpykickstart
10 : The default password used by thesample templates for newly installed machines (default_password_crypted in/etc/cobbler/settings) is still set to 'cobbler' and should be changed, try:"openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'"to generate new one
11 : fencing tools were not found, and arerequired to use the (optional) power management features. install cman orfence-agents to use them
Restart cobblerd and then run 'cobblersync' to apply changes.
问题1：修改/etc/cobbler/settings 中的server 参数为192.168.0.150
问题2：修改/etc/cobbler/settings 中的next_server参数为192.168.0.150
问题3：修改/etc/xinet.d/tftp，激活tftp
问题4：执行cobbler get-loaders 来下载最新的boot-loaders文件，或者是安装syslinux，安装完后cp /usr/share/syslinux中的pxelinux.0,menu.c32等文件至/var/lib/cobbler/loaders目录中。问题5：修改/etc/xinet.d/rsync，激活rsync
问题6：关闭iptables
问题7：注释掉/etc/debmirror.conf中的dists
问题8：注释掉/etc/debmirror.conf中的arches
问题9：yum install pykickstart
问题10：openssl passwd -1 -salt 'random-phrase-here' '123456' 修改默认密码，并替换/etc/cobbler/settings中的默认密码文件问题11：yum install fence-agents 解决如上问题后，重启cobbler，并执行cobbler sync

2.2.5 安装dhcp服务

#yum install dhcp在setting中不需要cobbler 来管理dhcp服务，默认都是0，需要则为改为1#cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample/etc/dhcp/#mv dhcpd.conf.sample dhcpd.conf修改 option domain-name optiondomain-name-servers修改 default-lease-time 43200 max-lease-time 86400 添加 subnet192.168.0.0 netmask 255.255.255.0 { range192.168.0.100 192.168.0.140; optionrouters 192.168.0.200; } next-server192.168.0.200; filename="pxelinux.0"; 应用不同的网络接口:vi /etc/sysconfig/dhcpdDHCPDARGS=eth0 //DHCPDARGS=eth1 #仅在eth0上提供dhcp服务

2.2.6 定义distro

import 命令来定义发行版，内核和initrd文件#cobbler import --name="rhel-6.5-x86_64" --path=/yum/从http://192.168.1.200/cobbler/ks_mirror/查看生成信息

2.2.7 定义profile

#cobblerprofile add --name=rhel-6.5-x86_64-basic --distro=rhel-6.5-x86_64 --kickstart=路径#cobblerprofile add --name=rhel-6.5-x86_64-basic --distro=rhel-6.5-x86_64--kickstart=/var/lib/cobbler/kickstarts/fenbushi.cfg
修改profile方法
#cobblerprofile edit --name=rhel-6.5-x86_64-basic --distro=rhel-6.5-x86_64 --kickstart=新路径
#cobblersync
# ksvalidator /var/lib/cobbler/kickstarts/fenbushi.cfg检查是否有语法错误
会在/var/lib/tftpboot/pxelinux.cfg/default

三、编辑kickstart

3.1 图形化配置kickstart

#yuminstall system-config-kickstart
打开电脑的xmanager passive
#exportDISPLAY=IP:0.0
#system-config-kickstart &
注意：如需要创建LVM磁盘，需要用命令来创建

3.2 模板文件创建

安装模板机系统，在/目录中会有anaconda-ks.cfg的文件，可参照此文件修改

3.3 kickstart文件解析

其中配置选择了basic模式，选择所有开发包，创建磁盘分区，对磁盘进行PV/VG/LV划分，并部署了安装后执行脚本。

kickstart文件配置说明如下#Kickstart file automatically generated by anaconda.
#version=DEVEL
#指定告诉系统来安装全新的系统而不是在现有系统上升级.这是缺省的模式
install
#cdrom
#指定安装源的路径
url--url=http://192.168.0.150/cobbler/ks_mirror/rhel-6.5-x86_64/
#指定安装语言
langen_US.UTF-8
#指定键盘类型
keyboardus
#network--onboot no --device eth0 --bootproto dhcp --noipv6
#network--onboot no --device eth1 --bootproto dhcp --noipv6
#指定root用户密码，密码已加密，密码为root123
rootpw --iscrypted$6$zox.KoZJZpHB0Rfx$snRjk4fxDbclsD0TtnpX0F6tLeOesXG4rYkbHkUjUEmHPsS.heSBvwcvdwPnTW.uwK801mP.3V4JVtY.DB5px1
#决定是否在系统第一次引导时启动"设置代理".如果不指定,这个选项是缺省为禁用的.
firstboot–disable
#禁用selinux
selinux –disabled
#关闭防火墙
firewall–disabled
#为系统设置验证选项.这和在安装后运行的authconfig命令相似.在缺省情况下,密码通常被加密但不使用影子文件(shadowed).
authconfig--enableshadow --passalgo=sha512
#设置时区
timezoneAsia/Shanghai
#指定引导装载程序怎样被安装.对于安装和升级,这个选项都是必需的.
bootloader--append="crashkernel=auto rhgb quiet" --location=mbr--driveorder="sda,sdb,sdc,sdd,sde,sdf,sdg,sdh,sdi,sdj,sdk,sdl,sdm"
#如果指定zerombr并且yes是它的唯一参数，任何磁盘上的无效分区表都将被初始化，这会损坏无效分区表的磁盘上所有的内容
zerombr
#安装完后重启操作系统
reboot
#删除系统上所有的分区，并根据不同体系结构把磁盘标签初始化为缺省设置
clearpart--all –initlabel
#指定磁盘分区，并指定挂载点
part/boot --fstype="ext4" --ondisk=sda --size=200
#指定磁盘创建pv，其中—grow参数为使用最大值，pv.01这次名称可以随便定义
partpv.01 --grow --ondisk=sda --size=15150
#指定磁盘创建vg
volgroupvg00 pv.01
#创建LV，并指定挂载点
logvol/ --fstype=ext4 --vgname=vg00 --size=10000 --name=lv_root
#对磁盘进行分区，并指定挂载点，该环境中的单盘有4T
part/data/data01 --fstype="ext4" --grow --ondisk=sdb --size=20470
part/data/data02 --fstype="ext4" --grow --ondisk=sdc --size=20470
part/data/data03 --fstype="ext4" --grow --ondisk=sdd --size=20470
part/data/data04 --fstype="ext4" --grow --ondisk=sde --size=20470
part/data/data05 --fstype="ext4" --grow --ondisk=sdf --size=20470
part/data/data06 --fstype="ext4" --grow --ondisk=sdg --size=20470
part/data/data07 --fstype="ext4" --grow --ondisk=sdh --size=20470
part/data/data08 --fstype="ext4" --grow --ondisk=sdi --size=20470
part/data/data09 --fstype="ext4" --grow --ondisk=sdj --size=20470
part/data/data10 --fstype="ext4" --grow --ondisk=sdk --size=20470
part/data/data11 --fstype="ext4" --grow --ondisk=sdl --size=20470
part/data/data12 --fstype="ext4" --grow --ondisk=sdm --size=20470
#bootloader--location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
# Thefollowing is the partition information you requested
# Notethat any partitions you deleted are not expressed
# hereso unless you clear all partitions first, this is
# notguaranteed to work
#clearpart--none

#part/boot --fstype=ext4 --size=200
#partpv.008002 --grow --size=200

#volgroupvg00 --pesize=4096 pv.008002
#logvol/ --fstype=ext4 --name=lv_root --vgname=vg00 --size=40756

#安装所有的包
%packages
@additional-devel
@base
@chinese-support
@client-mgmt-tools
@console-internet
@core
@debugging
@desktop-platform-devel
@development
@directory-client
@eclipse
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
@server-platform
@server-platform-devel
@server-policy
httpd-devel
pcre-devel
libcap-devel
libXinerama-devel
openmotif-devel
net-snmp-devel
libgudev1-devel
kdelibs-apidocs
xz-devel
libtopology-devel
freeglut-devel
kdegraphics-devel
libibverbs-devel
libuuid-devel
kdepimlibs-devel
libblkid-devel
papi-devel
libXmu-devel
unique-devel
xorg-x11-proto-devel
gmp-devel
kdepim-devel
sane-backends-devel
perl-Test-Pod
kdemultimedia-devel
startup-notification-devel
libudev-devel
cups-devel
gstreamer-plugins-base-devel
unixODBC-devel
tcl-devel
numactl-devel
libgnomeui-devel
libbonobo-devel
perl-Test-Pod-Coverage
libtiff-devel
junit
SDL-devel
libXau-devel
tcp_wrappers-devel
PyQt4-devel
kdenetwork-devel
kdelibs-devel
libgcrypt-devel
popt-devel
gnome-python2-desktop
hunspell-devel
iptables-devel
libdrm-devel
libXrandr-devel
snappy-devel
libxslt-devel
kdebase-devel
tk-devel
libnl-devel
libXpm-devel
mpfr-devel
expat-devel
e2fsprogs-devel
kdebase-workspace-devel
libglade2-devel
libaio-devel
libusb-devel
gnutls-devel
kdesdk-devel
fuse-devel
libXaw-devel
libhugetlbfs-devel
mtools
pax
python-dmidecode
oddjob
sgpio
device-mapper-persistent-data
cjkuni-fonts-ghostscript
systemtap-client
kdesdk
gnome-common
qt-doc
gtk2-devel-docs
glade3
desktop-file-utils
gnome-devel-docs
systemtap-sdt-devel
dejagnu
ElectricFence
ant
libstdc++-docs
gcc-gnat
expect
mod_dav_svn
perltidy
cmake
imake
babel
ksc
kdewebdev
rpmdevtools
compat-gcc-34
systemtap-server
cvs-inetd
gcc-java
compat-gcc-34-g77
jpackage-utils
bzr
mercurial
chrpath
gcc-objc
rpmlint
gcc-objc++
compat-gcc-34-c++
python-docs
nasm
samba-winbind
certmonger
pam_krb5
krb5-workstation
eclipse-mylyn-cdt
eclipse-mylyn-pde
eclipse-mylyn-wikitext
eclipse-mylyn-trac
eclipse-subclipse-graph
eclipse-mylyn-webtasks
papi
perl-DBD-SQLite
%end
#安装后所执行的脚本信息
%post
#修改操作系统的打开的文件数
cat>>/etc/security/limits.conf <<EOF
* soft nofile 204800
* hard nofile 204800
* soft nproc 204800
* hard nproc 204800
EOF
#shutdownuseless services
#关闭不需要的服务
serviceabrt-ccpp stop
serviceabrtd stop
serviceacpid stop
serviceatd stop
servicebuletooth stop
servicecaermanager stop
servicecpuspeed stop
servicecups stop
serviceip6tables stop
servicelibvirt-guests stop
servicemdmonitor stop
servicenfslock stop
serviceNetworkManager stop
serviceiptables stop
chkconfigabrt-ccpp off
chkconfigabrtd off
chkconfigacpid off
chkconfigatd off
chkconfigbuletooth off
chkconfigcaermanager off
chkconfigcpuspeed off
chkconfigcups off
chkconfigip6tables off
chkconfigiptables off
chkconfiglibvirt-guests off
chkconfigmdmonitor off
chkconfignfslock off
chkconfigNetworkManager off
#EditYUM&NTP
#配置YUM源和NTP时钟同步
sed -i's/server 0/#server 0/' /etc/ntp.conf
sed -i's/server 1/#server 1/' /etc/ntp.conf
sed -i's/server 2/#server 2/' /etc/ntp.conf
sed -i's/server 3/#server 3/' /etc/ntp.conf
echo"server 10.128.252.9 prefer" >>/etc/ntp.conf
echo"server 10.128.252.8" >>/etc/ntp.conf
ntpdate10.128.252.8
servicentpd start
chkconfigntpd on
ntpq -p
mv/etc/yum.repos.d/rhel-source.repo /etc/yum.repos.d/rhel-source.repo.bak
touch/etc/yum.repos.d/rhel-source.repo
cat>> /etc/yum.repos.d/rhel-source.repo << EOF
[rhel-source]
name=RedHat Enterprise Linux $releasever - $basearch - Source
baseurl=ftp://10.128.92.123
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
EOF
#blkid |awk -F ':' '{print $1$2}' |awk '{print $1,$2}'|sed 's/"//g'|grep'/dev/sd[b-m]'|sort|awk '{print $2}'>/tmp/a.sh
#cat>>/tmp/b.sh <<EOF
#/data/data01 ext4 defaults 0 0
#/data/data02 ext4 defaults 0 0
#/data/data03 ext4 defaults 0 0
#/data/data04 ext4 defaults 0 0
#/data/data05 ext4 defaults 0 0
#/data/data06 ext4 defaults 0 0
#/data/data07 ext4 defaults 0 0
#/data/data08 ext4 defaults 0 0
#/data/data09 ext4 defaults 0 0
#/data/data10 ext4 defaults 0 0
#/data/data11 ext4 defaults 0 0
#/data/data12 ext4 defaults 0 0
#EOF
#paste-d " " /tmp/a.sh /tmp/b.sh>/tmp/c.sh
#cat/tmp/c.sh>>/etc/fstab
mkdir/tmp/install
mkdir/tmp/bugfix
cd/tmp/install
#获取配置文件和脚本
wget http://192.168.0.150/bash-4.1.2-15.el6_5.1.x86_64.rpm wget http://192.168.0.150/bond wget http://192.168.0.150/open6.6.tar
#升级SSH
tar -xvf/tmp/install/open6.6.tar
sh/tmp/install/open6.5/copy.sh
servicesshd restart
#修改SSH端口
cat>>/etc/ssh/ssh_config <<EOF
Port5151
EOF
cat>>/etc/ssh/sshd_config <<EOF
Port5151
EOF
servicesshd restart
#创建jtitsm监控账户
useraddjtitsm -d /jtitsm
echo"itsm123" |passwd --stdin jtitsm
chmod644 /var/log/messages
cp -Rf /etc/skel/.bash* /jtitsm
cp -Rf /etc/skel/.em* /jtitsm
cp -Rf /etc/skel/.gnom* /jtitsm
cp -Rf /etc/skel/.mo* /jtitsm
chown-R jtitsm:jtitsm /jtitsm
%end

四、Cobbler WEB配置
#yuminstall cobbler_web
浏览器登陆http://192.168.1.150/cobbler_web/
默认用户口令cobbler
图形化界面更容易添加修改distro和profile