運維自動化對系統管理員十分重要性,尤其是對于在服務器數量按幾百臺、幾千臺增加的公司而言,單單是裝系統,如果不通過自動化來完成,根本是不可想象的。
運維自動化安裝方面,早期一般使用人工配置pxe+dhcp+tftp配合kickstart,現在開源工具就多了,如cobbler,OpenQRM和Spacewalk。本文重點介紹Cobbler。
Cobbler介紹
Cobbler是一個快速網絡安裝linux的服務,而且在經過調整也可以支持網絡安裝windows。該工具使用python開發,小巧輕便(才15k行代碼),使用簡單的命令
即可完成PXE網絡安裝環境的配置,同時還可以管理DHCP,DNS,以及yum包鏡像。Cobbler支持命令行管理,web界面管理,還提供了API接口,可以方便二次
開發使用。和Kickstart不同的是,使用cobbler不會因為在局域網中啟動了dhcp而導致有些機器因為默認從pxe啟動在重啟服務器后加載tftp內容導致啟動終止。
此次安裝的系統為:
CentOS release 6.9 (Final)
安裝服務,關閉selinux
禁用selinux:
Setenforce 0 臨時禁用,重啟失效,永久生效需要修改以下:
Shutdown -r now 重啟系統
額外需要的服務還有tftp,rsync,xinetd,httpd。所以如果安裝系統的時候如果這幾個包沒裝上,請手動安裝。
yum install tftp-server rsync xinetd httpd pykickstart dhcp
chkconfig xinetd on
chkconfig tftp on
service xinetd start
Cobber:協同各個模塊共同完成操作系統部署的一個平臺
httpd: 為cobbler提供一個可以使用http訪問的界面
rsync、tftp-server:用于在客戶機啟動時為客戶機傳輸啟動鏡像及安裝文件
xinetd:超級守護進程,用于管理rysnc和tftp這兩個瞬時守護進程
dhcp:為要安裝OS的機器啟動時分配IP地址
python-cypes:python的一個外部庫,提供和C語言兼容的數據類型
cobbler****安裝
Yum 源安裝
rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
解決方法如下:
yum clean all
rpm --rebuilddb
yum update
yum install cobbler -y
如果想要web界面還需要安裝cobbler-web
yum install cobbler-web -y 此yum源沒有cobbler-web的安裝包
啟動cobbler,啟動httpd服務
[root@node6 tmp]# /etc/init.d/cobblerd start
[root@node6 tmp]# /etc/init.d/httpd start
檢查配置,執行(如果check完有下列報錯,請執行cobbler重啟)
[root@node6 tmp]# cobbler check (不同的系統check出來信息是不一樣的,請仔細核對自己的信息,按照信息提示修改)
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a recent version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in /etc/xinetd.d/rsync
6 : since iptables may be running, ensure 69, 80/443, and 25151 are unblocked
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
根據check的內容,使用cobbler需要完成的9個步驟
修改 vim /etc/cobbler/settings
1****) 找到server這行,將ip地址修改,server參數的值為提供cobbler服務的主機相應的IP地址或主機名(server:)
2****) 找到next_server這行,將ip地址修改,next_server參數的值為提供PXE服務的主機相應的IP地址 (next_server:)
3) 關閉并確認SELinux 處于關閉狀態
Getenforce 查看selinux狀態
臨時關閉setenforce 0
vi /etc/sysconfig/selinux
SELINUX=disabled #修改為disabled
[
4****)****執行 cobbler get-loaders 命令
5****) vim /etc/xinetd.d/rsync
將disable設置為no
6) 放行防火墻端口 69,80/443,和25151
vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
重啟防火墻/etc/init.d/iptables restart
7)****生成一串密碼
openssl passwd -1 -salt 'cobbler' 'cobbler'
vim /etc/cobbler/settings
將生成的密碼寫入default_password_crypted
**8) **yum -y install cman fence-agents
9) 重啟/etc/init.d/cobblerd restart
配置dhcp
vim /etc/cobbler/settings
將manage_dhcp:的值改成1
修改dhcp的模板文件
vim /etc/cobbler/dhcp.template (安裝自己的需求修改)
subnet 192.168.30.0 netmask 255.255.255.0 { #設置網段
option routers 192.168.30.1; #設置網關
option domain-name-servers 192.168.30.5,192.168.30.6; #設置dns服務器地址
option subnet-mask 255.255.255.0; #設置子網掩碼
range dynamic-bootp 192.168.30.60 192.168.30.70; #設置dhcp服務器IP地址租用的范圍
default-lease-time 21600; #默認租約時間
max-lease-time 43200; #最大租約時間
next-server $next_server;
重啟cobbler
/etc/init.d/cobblerd restart
啟動xinetd
/etc/init.d/xinetd start
同步cobbler
cobbler sync
cat /etc/dhcp/dhcpd.conf
查看生成的dhcp配置文件
管理cobbler
此掛載是掛載的本機系統的鏡像,一個范例:
mount /dev/cdrom /mnt/ #掛在ISO光盤至服務器
cobbler import --path=/mnt/ --name=CentOS-7.1-x86_64 --arch=x86_64 # 導入鏡像文件
--path 鏡像路徑 (/usr/local/src/)
--name 為安裝源定義一個名字
--arch 指定安裝源是32位、64位、ia64, 目前支持的選項有: x86│x86_64│ia64
鏡像存放目錄,cobbler會將鏡像中的所有安裝文件拷貝到本地一份,放在/var/www/cobbler/ks_mirror下的CentOS-7.1-x86_64-distro-x86_64目錄下。因此/var/www/cobbler目錄必須具有足夠容納安裝文件的空間。
實例掛載:
掛載系統安裝鏡像到http服務器站點目錄
上傳系統安裝鏡像文件CentOS-6.5-x86_64-minimal.iso到/usr/local/src/目錄
上傳系統安裝鏡像文件CentOS-7-x86_64-Minimal-1708.iso到/usr/local/src/目錄
mkdir -p /var/www/html/os/centos-6.5-x86_64 #創建掛載目錄
mkdir -p /var/www/html/os/centos-7.0-x86_64 #創建掛載目錄
mount -t iso9660 -o loop /usr/local/src/CentOS-6.5-x86_64-minimal.iso /var/www/html/os/centos-6.5-x86_64/ #掛載系統鏡像
mount -t iso9660 -o loop /usr/local/src/CentOS-7-x86_64-Minimal-1708.iso /var/www/html/os/centos-7.0-x86_64/ #掛載系統鏡像
vi /etc/fstab #添加以下代碼。實現開機自動掛載
/usr/local/src/CentOS-6.5-x86_64-minimal.iso /var/www/html/os/centos-6.5-x86_64/ iso9660 defaults,ro,loop 0 0
/usr/local/src/CentOS-7-x86_64-Minimal-1708.iso /var/www/html/os/centos-7.0-x86_64/ iso9660 defaults,ro,loop 0 0
備注:iso9660使用df -T 查看設備 卸載:umount /var/www/html/os/CentOS-5.10-x86_64
重復上面的操作,把自己需要安裝的CentOS系統鏡像文件都掛載到/var/www/html/os/目錄下
cobbler import --path=/var/www/html/os/centos-6.5-x86_64 --name=centos-6.5-x86_64 --arch=x86_64 # 導入鏡像文件
cobbler import --path=/var/www/html/os/centos-7.0-x86_64 --name=centos-7.0-x86_64 --arch=x86_64 # 導入鏡像文件
管理profile
cobbler profile
cobbler profile list 查看導入的鏡像文件
cobbler profile report 查看profile的內容
cobbler profile edit --name=centos-6.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos-6.5-x86_64
cobbler profile edit --name=centos-7.0-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos-7.0-x86_64
修改名稱為CentOS-7.1-x86_64和CentOS-6.8-x86_64的自定義的kickstart文件
centos-6.5-x86_64文件(標準)
#Kickstart Configurator for cobbler by Jason Zhao
#platform=x86, AMD64, or Intel EM64T
key --skip
#System language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr yes
#Partition clearing information
clearpart --all --initlabel
#Disk partitioning information
part /boot --fstype ext4 --size 1024 --ondisk sda
part swap --size 16384 --ondisk sda
part / --fstype ext4 --size 1 --grow --ondisk sda
#System authorization infomation
auth --useshadow --enablemd5
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=em1 --onboot=on
#Reboot after installation
reboot
#Firewall configuration
firewall --disabled
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx
#Package install information
%packages
@ base
@ chinese-support
@ core
sysstat
iptraf
ntp
e2fsprogs-devel
keyutils-libs-devel
krb5-devel
libselinux-devel
libsepol-devel
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
mysql
lockdev
minicom
nmap
%post
#/bin/sed -i 's/#Protocol 2,1/Protocol 2/' /etc/ssh/sshd_config
/bin/sed -i 's/^ca::ctrlaltdel:/#ca::ctrlaltdel:/' /etc/inittab
/sbin/chkconfig --level 3 diskdump off
/sbin/chkconfig --level 3 dc_server off
/sbin/chkconfig --level 3 nscd off
/sbin/chkconfig --level 3 netfs off
/sbin/chkconfig --level 3 psacct off
/sbin/chkconfig --level 3 mdmpd off
/sbin/chkconfig --level 3 netdump off
/sbin/chkconfig --level 3 readahead off
/sbin/chkconfig --level 3 wpa_supplicant off
/sbin/chkconfig --level 3 mdmonitor off
/sbin/chkconfig --level 3 microcode_ctl off
/sbin/chkconfig --level 3 xfs off
/sbin/chkconfig --level 3 lvm2-monitor off
/sbin/chkconfig --level 3 iptables off
/sbin/chkconfig --level 3 nfs off
/sbin/chkconfig --level 3 ipmi off
/sbin/chkconfig --level 3 autofs off
/sbin/chkconfig --level 3 iiim off
/sbin/chkconfig --level 3 cups off
/sbin/chkconfig --level 3 openibd off
/sbin/chkconfig --level 3 saslauthd off
/sbin/chkconfig --level 3 ypbind off
/sbin/chkconfig --level 3 auditd off
/sbin/chkconfig --level 3 rdisc off
/sbin/chkconfig --level 3 tog-pegasus off
/sbin/chkconfig --level 3 rpcgssd off
/sbin/chkconfig --level 3 kudzu off
/sbin/chkconfig --level 3 gpm off
/sbin/chkconfig --level 3 arptables_jf off
/sbin/chkconfig --level 3 dc_client off
/sbin/chkconfig --level 3 lm_sensors off
/sbin/chkconfig --level 3 apmd off
/sbin/chkconfig --level 3 sysstat off
/sbin/chkconfig --level 3 cpuspeed off
/sbin/chkconfig --level 3 rpcidmapd off
/sbin/chkconfig --level 3 rawdevices off
/sbin/chkconfig --level 3 rhnsd off
/sbin/chkconfig --level 3 nfslock off
/sbin/chkconfig --level 3 winbind off
/sbin/chkconfig --level 3 bluetooth off
/sbin/chkconfig --level 3 isdn off
/sbin/chkconfig --level 3 portmap off
/sbin/chkconfig --level 3 anacron off
/sbin/chkconfig --level 3 irda off
/sbin/chkconfig --level 3 NetworkManager off
/sbin/chkconfig --level 3 acpid off
/sbin/chkconfig --level 3 pcmcia off
/sbin/chkconfig --level 3 atd off
/sbin/chkconfig --level 3 sendmail off
/sbin/chkconfig --level 3 haldaemon off
/sbin/chkconfig --level 3 smartd off
/sbin/chkconfig --level 3 xinetd off
/sbin/chkconfig --level 3 netplugd off
/sbin/chkconfig --level 3 readahead_early off
/sbin/chkconfig --level 3 xinetd off
/sbin/chkconfig --level 3 ntpd on
/sbin/chkconfig --level 3 avahi-daemon off
/sbin/chkconfig --level 3 ip6tables off
/sbin/chkconfig --level 3 restorecond off
/sbin/chkconfig --level 3 postfix off
centos-7.0-x86_64文件(標準)
#Kickstart Configurator for cobbler by Jason Zhao
#platform=x86, AMD64, or Intel EM64T
#System language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr
#Partition clearing information
clearpart --all --initlabel
#Disk partitioning information
part /boot --fstype xfs --size 1024 --ondisk sda
part swap --size 16384 --ondisk sda
part / --fstype xfs --size 1 --grow --ondisk sda
#System authorization infomation
auth --useshadow --enablemd5
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=em1 --onboot=on
# Reboot after installation
reboot
#Firewall configuration
firewall --disabled
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx
#Package install information
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@ base
@ core
sysstat
iptraf
ntp
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
mysql
nmap
screen
%end
%post
systemctl disable postfix.service
%end
在此附上公司大數據系統的配置文件(centos7.2-1511,雙盤6002=riad1,單盤2.4T14=單盤riad0)
)
#Kickstart Configurator for cobbler by Jason Zhao
#platform=x86, AMD64, or Intel EM64T
#System language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree
#System bootloader configuration
bootloader --location=mbr --driveorder=sda
#Clear the Master Boot Record
zerombr
#Partition clearing information
clearpart --all --initlabel
#fstab
clearpart --all --drives=sda,sdb,sdc,sdd,sde,sdf,sdg,sdh,sdi,sdj,sdk,sdl,sdm,sdn,sdo
part / --fstype ext4 --size 51200 --ondisk sda
part swap --size 8192 --ondisk sda
part /data --fstype ext4 --size 1 --grow --ondisk sda
part /data1 --fstype ext4 --size 1 --grow --ondisk sdb
part /data2 --fstype ext4 --size 1 --grow --ondisk sdc
part /data3 --fstype ext4 --size 1 --grow --ondisk sdd
part /data4 --fstype ext4 --size 1 --grow --ondisk sde
part /data5 --fstype ext4 --size 1 --grow --ondisk sdf
part /data6 --fstype ext4 --size 1 --grow --ondisk sdg
part /data7 --fstype ext4 --size 1 --grow --ondisk sdh
part /data8 --fstype ext4 --size 1 --grow --ondisk sdi
part /data9 --fstype ext4 --size 1 --grow --ondisk sdj
part /data10 --fstype ext4 --size 1 --grow --ondisk sdk
part /data11 --fstype ext4 --size 1 --grow --ondisk sdl
part /data12 --fstype ext4 --size 1 --grow --ondisk sdm
part /data13 --fstype ext4 --size 1 --grow --ondisk sdn
part /data14 --fstype ext4 --size 1 --grow --ondisk sdo
firstboot --disable
#System authorization infomation
auth --useshadow --enablemd5
#Network information
#$SNIPPET('network_config')
network --bootproto=dhcp --device=em1 --onboot=on
# Reboot after installation
reboot
#Firewall configuration
firewall --disabled
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx
#Package install information
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
@ base
@ core
#sysstat
#iptraf
lrzsz
wget
ntp
ntpdate
bash-completion
#ncurses-devel
#openssl-devel
#zlib-devel
#OpenIPMI-tools
#mysql
#nmap
screen
%end
%post
systemctl disable postfix.service
%end
cobbler profile edit --name=centos-7.0-x86_64 --kopts='net.ifnames=0 biosdevname=0'
修改centos7內核
cobbler profile report centos-7.0-x86_64 查看centos-7.0-x86_64的更改內容是否完成
cobbler sync ****每次修改profile都需要同步
