時鐘同步和cobbler實現自動化安裝操做系統

一、配置chrony服務，實現服務器時間自動同步

• centos7默認已經安裝chrony服務：

[root@centos7 ~]# rpm -qa |grep chrony
chrony-3.2-2.el7.x86_64

• 配置並啓動chrony服務

[root@centos7 ~]# cat /etc/chrony.conf |grep -v "#"
server ntp1.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 0.0.0.0/0
local stratum 10
logdir /var/log/chrony
[root@centos7 ~]# systemctl start chronyd

• 測試

[root@centos6 ~]# date
Thu Mar 19 20:58:01 CST 2020
[root@centos6 ~]# date -s "-1 day"
Wed Mar 18 20:58:18 CST 2020
[root@centos6 ~]# ntpdate 10.1.1.109
19 Mar 21:14:55 ntpdate[18813]: step time server 10.1.1.109 offset 86400.000022 sec
[root@centos6 ~]# date
Thu Mar 19 21:15:03 CST 2020

二、實現cobbler+pxe自動化裝機

• 安裝並啓動cobbler、http、tftp、dhcp服務

[root@centos7 ~]#yum install cobbler dhcp -y
[root@centos7 ~]# systemctl start httpd cobblerd tftp

• cobbler 環境檢查

[root@centos7 ~]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

1) 按提示（一、二、四、7）修改配置文件：

[root@centos7 ~]# grep -E "^server|^next_server|default_password_crypted|^manage_dhcp" /etc/cobbler/settings 
default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac." #系統安裝完後root密碼
manage_dhcp: 0
next_server: 127.0.0.1
server: 127.0.0.1

改爲

[root@centos7 ~]# grep -E "^server|^next_server|default_password_crypted|^manage_dhcp" /etc/cobbler/settings 
default_password_crypted: "$1$KFx0CqiI$z0WYvzWP3ixmlXnDIzdSt1" #此密鑰用openssl工具生成
manage_dhcp: 1
next_server: 10.1.1.109
server: 10.1.1.109

2) 生成密碼的加密密鑰：

[root@centos7 ~]# openssl passwd -1
Password: 
Verifying - Password: 
$1$KFx0CqiI$z0WYvzWP3ixmlXnDIzdSt1
[root@centos7 ~]# systemctl restart cobblerd

3) 下載boot-loaders並同步到相對應目錄：

[root@centos7 ~]#cobbler get-loaders
[root@centos7 ~]#cobbler sync
[root@centos7 ~]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│   └── grub
│       └── menu.lst
├── etc
├── grub
│   ├── efidefault
│   ├── grub-x86_64.efi
│   ├── grub-x86.efi
│   └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│   └── default
├── s390x
│   └── profile_list
└── yaboot

4) 準備dhcp的配置文件：

[root@centos7 ~]# vim /etc/cobbler/dhcp.template

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.5;
option domain-name-servers 192.168.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.1.100 192.168.1.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;

修改成：

subnet 10.1.1.0 netmask 255.255.255.0 {
option routers 10.1.1.254;
option domain-name-servers 202.96.128.166;
option subnet-mask 255.255.255.0;
range dynamic-bootp 10.1.1.240 10.1.1.250;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;

5) 同步dhcp配置文件：

[root@centos7 ~]# cobbler sync

[root@centos7 ~]# cat /etc/dhcp/dhcpd.conf #驗證配置文件

• 導入centos六、7的相關安裝文件並生成yum源

[root@centos7 ~]# cobbler import --name=Centos7.3-x86_64 --path=/mnt --arch=x86_64
task started: 2020-03-22_182915_import
task started (id=Media import, time=Sun Mar 22 18:29:15 2020)
Found a candidate signature: breed=redhat, version=rhel6
Found a matching signature: breed=redhat, version=rhel6
Adding distros from path /var/www/cobbler/ks_mirror/Centos7.3-x86_64:
creating new distro: Centos7.3-x86_64
trying symlink: /var/www/cobbler/ks_mirror/Centos7.3-x86_64 -> /var/www/cobbler/links/Centos7.3-x86_64
creating new profile: Centos7.3-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/Centos7.3-x86_64 for Centos7.3-x86_64
processing repo at : /var/www/cobbler/ks_mirror/Centos7.3-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/Centos7.3-x86_64
looking for /var/www/cobbler/ks_mirror/Centos7.3-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos7.3-x86_64/repodata
*** TASK COMPLETE ***
[root@centos7 ~]# cobbler import --name=Centos6.10-x86_64 --path=/misc/cd --arch=x86_64 
task started: 2020-03-22_212758_import
task started (id=Media import, time=Sun Mar 22 21:27:58 2020)
Found a candidate signature: breed=redhat, version=rhel6
Found a matching signature: breed=redhat, version=rhel6
Adding distros from path /var/www/cobbler/ks_mirror/Centos6.10-x86_64:
creating new distro: Centos6.10-x86_64
trying symlink: /var/www/cobbler/ks_mirror/Centos6.10-x86_64 -> /var/www/cobbler/links/Centos6.10-x86_64
creating new profile: Centos6.10-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/Centos6.10-x86_64 for Centos6.10-x86_64
processing repo at : /var/www/cobbler/ks_mirror/Centos6.10-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/Centos6.10-x86_64
looking for /var/www/cobbler/ks_mirror/Centos6.10-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos6.10-x86_64/repodata
*** TASK COMPLETE ***
[root@centos7 ~]# cobbler distro list
   Centos6.10-x86_64
   Centos7.3-x86_64
[root@centos7 ~]# cobbler profile list   #默認的安裝菜單
   Centos6.10-x86_64
   Centos7.3-x86_64

• 準備kickstart文件，並關聯到指定的yum源

注：kickstart文件centos7.3_ks.cfg，centos6.10_ks.cfg分別在centos7.3，centos6.10使用system-config-kickstart工具生成（須要圖形界面）
修改kickstart文件：
[root@centos7 ~]# cat /var/lib/cobbler/kickstarts/centos7.3_ks.cfg 
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$2wqI4hYH$Yiw88hIOZN4pYghwSWgws0
# System language
lang en_US
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use network installation 
url --url=$tree     ###此處須要修改
# Use text mode install
text
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx

# Firewall configuration
firewall --disabled
# Network information
network  --bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Partition clearing information
clearpart --all
# Disk partitioning information
part /boot --asprimary --fstype="xfs" --size=500
part swap --fstype="swap" --size=8192
part / --asprimary --fstype="xfs" --grow --size=1

%post
%end 
[root@centos7 ~]# cat /var/lib/cobbler/kickstarts/centos_6.10ks.cfg 
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url=$tree
# Root password
rootpw --iscrypted $1$Xs/QyzK3$ZPt802waNGe8mTJ/KXAX0.
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone  Africa/Abidjan
# Network information
network  --bootproto=static --device=eth0 --gateway=10.0.1.254 --ip=10.0.1.250 --nameserver=202.96.128.166 --netmask=255.255.255.0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel 
# Disk partitioning information
part /boot --asprimary --fstype="ext4" --size=500
part swap --fstype="swap" --size=2048
part / --asprimary --fstype="ext4" --grow --size=1

%post
yum install httpd -y
%end
關聯到自定義的kickstart文件
[root@centos7 ~]# cobbler profile add --name=Centos-7.3 --distro=Centos7.3-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.3_ks.cfg
[root@centos7 ~]# cobbler profile add --name=Centos-6.10 --distro=Centos6.10-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos_6.10ks.cfg
[root@centos7 ~]# cobbler profile list
   Centos-6.10
   Centos-7.3
   Centos6.10-x86_64
   Centos7.3-x86_64

修改菜單的默認標題：
[root@centos7 pxe]# cat /etc/cobbler/pxe/pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | https://blog.51cto.com/rickzhu
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT $pxe_timeout_profile

LABEL local
        MENU LABEL (local)
        MENU DEFAULT
        LOCALBOOT -1

$pxe_menu_items

MENU end
[root@centos7 pxe]# cobbler sync  #同步菜單文件
[root@centos7 pxe]# cat /var/lib/tftpboot/pxelinux.cfg/default #檢查是否同步成功
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | https://blog.51cto.com/rickzhu
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local

LABEL local
        MENU LABEL (local)
        MENU DEFAULT
        LOCALBOOT -1

LABEL Centos-7.3
        kernel /images/Centos7.3-x86_64/vmlinuz
        MENU LABEL Centos-7.3
        append initrd=/images/Centos7.3-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://10.0.1.109/cblr/svc/op/ks/profile/Centos-7.3
        ipappend 2

MENU end

刪除默認的菜單：
[root@centos7 ~]# cobbler profile remove --name=Centos7.3-x86_64
[root@centos7 ~]# cobbler profile remove --name=Centos6.10-x86_64
[root@centos7 ~]# cobbler profile list
   Centos-6.10
   Centos-7.3

• 測試

1) 檢查相應服務是否啓動：

[root@centos7 tftpboot]# ss -tnluap |grep -E "dhcpd|httpd"
udp    UNCONN     0      0         *:67                    *:*                   users:(("dhcpd",pid=11950,fd=7))
tcp    LISTEN     0      128      :::80                   :::*                   users:(("httpd",pid=11201,fd=4),("httpd",pid=11168,fd=4),("httpd",pid=11167,fd=4),("httpd",pid=11166,fd=4),("httpd",pid=11165,fd=4),("httpd",pid=11164,fd=4),("httpd",pid=11153,fd=4))
[root@centos7 tftpboot]# systemctl status tftp.socket 
● tftp.socket - Tftp Server Activation Socket
   Loaded: loaded (/usr/lib/systemd/system/tftp.socket; disabled; vendor preset: disabled)
   Active: active (listening) since Sun 2020-03-22 17:04:36 CST; 3h 38min ago
   Listen: [::]:69 (Datagram)

Mar 22 17:04:36 centos7.6 systemd[1]: Listening on Tftp Server Activation Socket.
[root@centos7 tftpboot]# systemctl status cobblerd
● cobblerd.service - Cobbler Helper Daemon
   Loaded: loaded (/usr/lib/systemd/system/cobblerd.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-03-22 17:42:46 CST; 3h 0min ago
  Process: 11842 ExecStartPost=/usr/bin/touch /usr/share/cobbler/web/cobbler.wsgi (code=exited, status=1/FAILURE)
 Main PID: 11841 (cobblerd)
    Tasks: 1
   CGroup: /system.slice/cobblerd.service
           └─11841 /usr/bin/python2 -s /usr/bin/cobblerd -F

Mar 22 17:42:46 centos7.6 systemd[1]: Starting Cobbler Helper Daemon...
Mar 22 17:42:46 centos7.6 touch[11842]: /usr/bin/touch: cannot touch ‘/usr/share/c…tory
Mar 22 17:42:46 centos7.6 systemd[1]: Started Cobbler Helper Daemon.
Mar 22 17:48:40 centos7.6 dhcpd[11939]: Not searching LDAP since ldap-server, ldap...le
Hint: Some lines were ellipsized, use -l to show in full

2) VMware Workstations新建一個虛擬機，啓動虛擬機，選擇從網絡中啓動,看是否自動安裝系統成功。