Linux系統自動化安裝之cobbler實現
1、cobbler簡介html
cobbler是快速網絡安裝linux操做系統的服務,支持衆多的Linux發行版本,如redhat|、fedora、centos、debian、ubuntu和suse,也能夠支持網絡安裝Windows。它至關於pxe的二次封裝,將多中安裝參數封裝到一個菜單,用python編寫,提供了cli和web的管理形式。python
2、cobbler的工做流程linux
1)客戶端裸機配置了從網絡啓動後,開機後會廣播包請求dhcp服務器,請求dhcp給客戶端裸機一個可用的ip地址git
2)dhcp服務器收到請求後發送responese,包括其ip地址github
3)客戶端主機拿到ip地址後,再想cobbler 服務器發送請求OS引導文件的請求web
4)cobbler服務器收到請求後,會告訴客戶端主機os引導文件的名字和tftp服務器的ip和端口shell
5)客戶端主機拿到tftp的ip地址後,會主動去請求其地址,下載系統引導文件ubuntu
6)客戶端下載好引導文件後,就執行該引導文件,肯定加載信息,選擇要安裝的os,期間會再向cobbler服務器請求kickstart文件和os 鏡像vim
7)cobbler服務器收到請求後,將其對應的kickstart文件和os鏡像文件發送給客戶端主機centos
8)客戶端收到kickstart文件後,加載其文件並接受os鏡像,而後安裝該操做系統
以上就是cobbler的基本流程
3、安裝cobbler,以及各個配置文件目錄說明
[root@cobbler ~]# yum install cobbler dhcp -y
說明:cobbler默認安裝會安裝httpd、tftp-server、syslinux等這些包,沒有安裝dhcp包,因此要手動將dhcp一併安裝
配置文件目錄 /etc/cobbler
/etc/cobbler/settings : cobbler 主配置文件
/etc/cobbler/iso/: iso模板配置文件
/etc/cobbler/pxe: pxe模板文件
/etc/cobbler/power: 電源配置文件
/etc/cobbler/user.conf: web服務受權配置文件
/etc/cobbler/users.digest: web訪問的用戶名密碼配置文件
/etc/cobbler/dhcp.template : dhcp服務器的的配置末班
/etc/cobbler/dnsmasq.template : dns服務器的配置模板
/etc/cobbler/tftpd.template : tftp服務的配置模板
/etc/cobbler/modules.conf : 模塊的配置文件
數據目錄
/var/lib/cobbler/config/: 用於存放distros,system,profiles 等信息配置文件
/var/lib/cobbler/triggers/: 用於存放用戶定義的cobbler命令
/var/lib/cobbler/kickstart/: 默認存放kickstart文件
/var/lib/cobbler/loaders/: 存放各類引導程序
鏡像目錄
/var/www/cobbler/ks_mirror/: 導入的發行版系統的全部數據
/var/www/cobbler/images/ : 導入發行版kernel和initrd鏡像用於遠程網絡啓動
/var/www/cobbler/repo_mirror/: yum 倉庫存儲目錄
日誌目錄
/var/log/cobbler/installing: 客戶端安裝日誌
/var/log/cobbler/cobbler.log : cobbler日誌
4、啓動cobblerd、httpd服務
[root@cobbler ~]# systemctl start httpd cobblerd
5、檢查cobbler環境(在執行cobbler check命令前要先確保httpd服務的開啓,由於此命令可以執行的前提是cobbler已經正常啓動,cobbler的啓動又依賴httpd的啓動)
[root@cobbler ~]# cobbler check The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : enable and start rsyncd.service with systemctl 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : ksvalidator was not found, install pykickstart 8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes. [root@cobbler ~]#
說明:系統告訴咱們cobbler環境存在9條問題。其實這9條中第3條咱們不用管,若是是centos6做爲cobbler服務器就須要改,centos7上不用管,第5條也不用管,第6條也不用管,它說的是debian的系統,第9條不用管,它說沒有管理電源的工具;接下來咱們一條一條的去解決這些問題
第1條系統告訴咱們server配置失敗,說咱們配置的localhost不能正常的工做建議換成別的
vim /etc/cobbler/settings 搜索以server 開頭 把對應的ip改爲 server 192.168.0.105
第2條系統告訴咱們在/etc/cobbler/settings next_server 不能說127.0.0.1 。編輯/etc/cobbler/settings 搜索next_server 把對應的ip修改爲 next_server: 192.168.0.105
第4條系統告訴咱們須要運行cobbler get-loaders 命令去網絡上下載安裝系統的必要文件。
第7條系統告訴咱們沒有安裝pykickstart這個包,咱們能夠用yum install pykickstart -y 安裝便可
第8條系統說須要更改default_password_crypted ,不更改後續裝的系統的root口令不安全 ,咱們能夠用openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'命令來生成口令。編輯/etc/cobbler/settings 搜索default_passwd 將default_password_crypted 後面的字符串修改爲咱們剛纔用命令生成的加密口令字符串。
整改了以上幾條後咱們須要從新啓動cobblerd服務而後在運行cobbler check
[root@cobbler ~]# systemctl restart cobblerd
[root@cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : change 'disable' to 'no' in /etc/xinetd.d/tftp
2 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
3 : enable and start rsyncd.service with systemctl
4 : debmirror package is not installed, it will be required to manage debian deployments and repositories
5 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
[root@cobbler ~]# cobbler get-loaders
task started: 2019-12-23_032218_get_loaders
task started (id=Download Bootloader Content, time=Mon Dec 23 03:22:18 2019)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
Exception occured: <class 'urlgrabber.grabber.URLGrabError'>
Exception value: [Errno 14] curl#35 - "TCP connection reset by peer"
Exception Info:
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 82, in run
rc = self._run(self)
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 176, in runner
return self.remote.api.dlcontent(self.options.get("force",False), self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 735, in dlcontent
return grabber.run(force)
File "/usr/lib/python2.7/site-packages/cobbler/action_dlcontent.py", line 73, in run
urlgrabber.grabber.urlgrab(src, filename=dst, proxies=proxies)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 773, in urlgrab
return default_grabber.urlgrab(url, filename, **kwargs)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1220, in urlgrab
return _run_callback(opts.failfunc, opts)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1071, in _run_callback
return cb(obj)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1065, in _do_raise
raise obj.exception
!!! TASK FAILED !!!
[root@cobbler ~]# systemctl start tftp
[root@cobbler ~]# systemctl status tftp
● tftp.service - Tftp Server
Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; vendor preset: disabled)
Active: active (running) since 一 2019-12-23 03:23:40 CST; 6s ago
Docs: man:in.tftpd
Main PID: 7962 (in.tftpd)
CGroup: /system.slice/tftp.service
└─7962 /usr/sbin/in.tftpd -s /var/lib/tftpboot
12月 23 03:23:40 cobbler systemd[1]: Started Tftp Server.
[root@cobbler ~]# cobbler get-loaders
task started: 2019-12-23_032359_get_loaders
task started (id=Download Bootloader Content, time=Mon Dec 23 03:23:59 2019)
path /var/lib/cobbler/loaders/README already exists, not overwriting existing content, use --force if you wish to update
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@cobbler ~]#
說明:以上執行 cobbler get-loaders報了一個錯誤,緣由是tftp服務沒有啓動,啓動了tftp服務後恢復正常。從下載的信息能夠看到,cobbler默認把下載下來的文件放在了/var/lib/cobbler/loaders 這個目錄在後續咱們安裝系統時,基本上沒有用,咱們須要把這些文件移動到tftp服務器的工做目錄下。怎麼移動呢?執行cobbler sync便可
[root@cobbler ~]# cobbler sync task started: 2019-12-22_194040_sync task started (id=Sync, time=Sun Dec 22 19:40:40 2019) running pre-sync triggers cleaning trees removing: /var/lib/tftpboot/grub/images copying bootloaders trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32 trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros to tftpboot copying images generating PXE configuration files generating PXE menu structure rendering TFTPD files generating /etc/xinetd.d/tftp cleaning link caches running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.manage_genders running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE *** [root@cobbler ~]#
說明:執行cobbler sync命令後,咱們能夠看到系統給tftp的工做目錄/var/lib/tftpboot目錄下建立了一些鏈接文件,這裏須要注意一點,咱們在/etc/cobbler/settings文件中若配置了manage_dhcp:1,這裏執行cobbler sync會報一個錯誤,緣由是cobbler會嘗試的去啓動dhcp服務,在此以前咱們沒有配置任何dhcp的配置文件,因此dhcp服務是啓動不起來的,須要咱們去修改cobbler的dhcp的模板文件而後在同步就不會報錯
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
manage_dhcp: 1
"/etc/cobbler/settings" 468L, 19925C 已寫入
[root@cobbler ~]# systemctl restart cobblerd
[root@cobbler ~]# cobbler sync
task started: 2019-12-22_194934_sync
task started (id=Sync, time=Sun Dec 22 19:49:34 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.
Exception occured: <class 'cobbler.cexceptions.CX'>
Exception value: 'cobbler trigger failed: cobbler.modules.sync_post_restart_services'
Exception Info:
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 82, in run
rc = self._run(self)
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 181, in runner
return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 763, in sync
return sync.run()
File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line 144, in run
utils.run_triggers(self.api, None, "/var/lib/cobbler/triggers/sync/post/*", logger=self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 928, in run_triggers
raise CX("cobbler trigger failed: %s" % m.__name__)
!!! TASK FAILED !!!
[root@cobbler ~]# vim /etc/cobbler/dhcp.template
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.0.200 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
#if $iface.interface_type == "infiniband":
option dhcp-client-identifier = $mac;
#else
hardware ethernet $mac;
#end if
#if $iface.ip_address:
fixed-address $iface.ip_address;
#end if
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for
"/etc/cobbler/dhcp.template" 92L, 3177C 已寫入
[root@cobbler ~]#
說明:若是沒有配置manage_dhcp:1咱們須要本身手動的去寫dhcp的配置文件,配置manage_dhcp:1就表示cobbler用模板文件給咱們生成dhcp的配置文件,咱們只須要根據本身的環境來更改模板文件就好
[root@cobbler ~]# cobbler sync
task started: 2019-12-22_195414_sync
task started (id=Sync, time=Sun Dec 22 19:54:14 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@cobbler ~]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│ └── grub
│ └── menu.lst
├── etc
├── grub
│ ├── efidefault
│ ├── grub-x86_64.efi
│ ├── grub-x86.efi
│ └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│ └── default
├── s390x
│ └── profile_list
└── yaboot
10 directories, 10 files
[root@cobbler ~]# ss -ntlu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:67 *:*
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 :::69 :::*
udp UNCONN 0 0 ::1:323 :::*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 5 127.0.0.1:25151 *:*
tcp LISTEN 0 128 :::80 :::*
tcp LISTEN 0 32 :::21 :::*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 ::1:25 :::*
[root@cobbler ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2019-12-22 19:54:15 CST; 52s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PID: 8807 (dhcpd)
Status: "Dispatching packets..."
CGroup: /system.slice/dhcpd.service
└─8807 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
12月 22 19:54:15 cobbler dhcpd[8807]: Copyright 2004-2013 Internet Systems Consortium.
12月 22 19:54:15 cobbler dhcpd[8807]: All rights reserved.
12月 22 19:54:15 cobbler dhcpd[8807]: For info, please visit https://www.isc.org/software/dhcp/
12月 22 19:54:15 cobbler dhcpd[8807]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn we... file
12月 22 19:54:15 cobbler dhcpd[8807]: Wrote 0 class decls to leases file.
12月 22 19:54:15 cobbler dhcpd[8807]: Wrote 0 leases to leases file.
12月 22 19:54:15 cobbler dhcpd[8807]: Listening on LPF/ens33/00:0c:29:fb:66:a2/192.168.0.0/24
12月 22 19:54:15 cobbler dhcpd[8807]: Sending on LPF/ens33/00:0c:29:fb:66:a2/192.168.0.0/24
12月 22 19:54:15 cobbler systemd[1]: Started DHCPv4 Server Daemon.
12月 22 19:54:15 cobbler dhcpd[8807]: Sending on Socket/fallback/fallback-net
Hint: Some lines were ellipsized, use -l to show in full.
[root@cobbler ~]#
說明:能夠看到tftp的工做目錄裏也有東西了,dhcpd服務也啓動了,到此cobbler的基礎服務都已搭建配置完畢,接下來是導入系統鏡像
6、導入系統鏡像(前提是先掛載系統鏡像)
[root@cobbler ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 40G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 39G 0 part ├─centos-root 253:0 0 37G 0 lvm / └─centos-swap 253:1 0 2G 0 lvm [SWAP] sr0 11:0 1 3.7G 0 rom sr1 11:1 1 4.2G 0 rom [root@cobbler ~]# mount /dev/sr0 centos6 mount: /dev/sr0 寫保護,將以只讀方式掛載 [root@cobbler ~]# mount /dev/sr1 centos7 mount: /dev/sr1 寫保護,將以只讀方式掛載 [root@cobbler ~]#
導入鏡像
[root@cobbler ~]# cobbler import --path=/root/centos7 --name=centos7-x86_64 --arch=x86_64 task started: 2019-12-22_200632_import task started (id=Media import, time=Sun Dec 22 20:06:32 2019) Found a candidate signature: breed=redhat, version=rhel6 Found a candidate signature: breed=redhat, version=rhel7 Found a matching signature: breed=redhat, version=rhel7 Adding distros from path /var/www/cobbler/ks_mirror/centos7-x86_64: creating new distro: centos7-x86_64 trying symlink: /var/www/cobbler/ks_mirror/centos7-x86_64 -> /var/www/cobbler/links/centos7-x86_64 creating new profile: centos7-x86_64 associating repos checking for rsync repo(s) checking for rhn repo(s) checking for yum repo(s) starting descent into /var/www/cobbler/ks_mirror/centos7-x86_64 for centos7-x86_64 processing repo at : /var/www/cobbler/ks_mirror/centos7-x86_64 need to process repo/comps: /var/www/cobbler/ks_mirror/centos7-x86_64 looking for /var/www/cobbler/ks_mirror/centos7-x86_64/repodata/*comps*.xml Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos7-x86_64/repodata *** TASK COMPLETE *** [root@cobbler ~]# [root@cobbler ~]# cobbler import --path=/root/centos6 --name=centos6.9-x86_64 --arch=x86_64 task started: 2019-12-22_200752_import task started (id=Media import, time=Sun Dec 22 20:07:52 2019) Found a candidate signature: breed=redhat, version=rhel6 Found a matching signature: breed=redhat, version=rhel6 Adding distros from path /var/www/cobbler/ks_mirror/centos6.9-x86_64: creating new distro: centos6.9-x86_64 trying symlink: /var/www/cobbler/ks_mirror/centos6.9-x86_64 -> /var/www/cobbler/links/centos6.9-x86_64 creating new profile: centos6.9-x86_64 associating repos checking for rsync repo(s) checking for rhn repo(s) checking for yum repo(s) starting descent into /var/www/cobbler/ks_mirror/centos6.9-x86_64 for centos6.9-x86_64 processing repo at : /var/www/cobbler/ks_mirror/centos6.9-x86_64 need to process repo/comps: /var/www/cobbler/ks_mirror/centos6.9-x86_64 looking for /var/www/cobbler/ks_mirror/centos6.9-x86_64/repodata/*comps*.xml Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos6.9-x86_64/repodata *** TASK COMPLETE *** [root@cobbler ~]#
說明:若沒有指定kickstart應答文件,默認會生成一個最小安裝的應答文件
查看啓動菜單文件
root@cobbler ~]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos6.9-x86_64
kernel /images/centos6.9-x86_64/vmlinuz
MENU LABEL centos6.9-x86_64
append initrd=/images/centos6.9-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos6.9-x86_64
ipappend 2
LABEL centos7-x86_64
kernel /images/centos7-x86_64/vmlinuz
MENU LABEL centos7-x86_64
append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos7-x86_64
ipappend 2
MENU end
[root@cobbler ~]#
說明:導入了鏡像cobbler默認添加鏡像信息到啓動菜單文件裏
至此基於CLI的cobbler服務器就搭建好了
測試
說明:能夠看到咱們導入的鏡像的菜單已經出來了
說明:到此基於CLI管理的cobbler服務器測試已經經過,能夠正常的實現自動化安裝系統
7、cobbler管理
1)查看已經導入的鏡像列表
[root@cobbler ~]# cobbler distro list centos6.9-x86_64 centos7-x86_64
2)查看啓動菜單列表
[root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-x86_64 [root@cobbler ~]#
3)增長新的菜單項
[root@cobbler ~]# cobbler profile add --name=centos7-desktop --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7-desktop.cfg
[root@cobbler ~]# cobbler profile list
centos6.9-x86_64
centos7-desktop
centos7-x86_64
[root@cobbler ~]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos6.9-x86_64
kernel /images/centos6.9-x86_64/vmlinuz
MENU LABEL centos6.9-x86_64
append initrd=/images/centos6.9-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos6.9-x86_64
ipappend 2
LABEL centos7-desktop
kernel /images/centos7-x86_64/vmlinuz
MENU LABEL centos7-desktop
append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos7-desktop
ipappend 2
LABEL centos7-x86_64
kernel /images/centos7-x86_64/vmlinuz
MENU LABEL centos7-x86_64
append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos7-x86_64
ipappend 2
MENU end
[root@cobbler ~]#
說明:指定kickstart應答文件,須要將其直接製做好的應答文件放入到/var/lib/cobbler/kickstarts/目錄下;若是是本身製做的kickstart應答文件,還須要將其裏的url 改爲url --url=$tree,這樣cobbler就能夠根據本身的環境去找yum倉庫;有關kickstart應答文件的製做請參考本人博客http://www.javashuo.com/article/p-zgayjhad-by.html
4)刪除原有的菜單啓動項
[root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-desktop centos7-x86_64 [root@cobbler ~]# cobbler profile remove --name=centos7-x86_64 [root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-desktop [root@cobbler ~]#
5)更改現有的菜單啓動項的名稱
[root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-desktop [root@cobbler ~]# cobbler profile rename --name=centos6.9-x86_64 --newname=centos6-mini-x86_64 [root@cobbler ~]# cobbler profile list centos6-mini-x86_64 centos7-desktop [root@cobbler ~]#
6)顯示菜單項的詳細內容
[root@cobbler ~]# cobbler profile report --name=centos7-desktop
Name : centos7-desktop
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : centos7-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/centos7-desktop.cfg
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : xenpv
[root@cobbler ~]#
8、實現cobbler基於web管理
1)安裝cobbler-web
[root@cobbler ~]# yum install cobbler-web -y
2)查看cobbler-web安裝了那些東西
[root@cobbler ~]# rpm -ql cobbler-web /etc/httpd/conf.d/cobbler_web.conf /usr/share/cobbler/web
省略部份內容……
說明:能夠看到cobbler-web包生成了一個http的子配置文件,要想子配置文件生效須要重啓httpd服務
3)重啓httpd服務
[root@cobbler ~]# systemctl restart httpd
4)用瀏覽器登陸
說明:cobbler基於web管理是走的https,證書是自簽名證書,瀏覽器默認會提示用戶訪問此網站有危險存在,咱們能夠選擇安裝證書來信任此網站,也能夠點高級繼續瀏覽
說明:cobbler基於web的方式默認登陸用戶名是cobbler,密碼也是cobbler
說明:至此cobbler基於web管理方式就搭建完畢,接下來再說說cobbler-web的用戶驗證
9、cobbler-web的用戶驗證配置
1)認證方式配置文件:/etc/cobbler/modules.conf
[root@cobbler ~]# cat /etc/cobbler/modules.conf # cobbler module configuration file # ================================= # authentication: # what users can log into the WebUI and Read-Write XMLRPC? # choices: # authn_denyall -- no one (default) # authn_configfile -- use /etc/cobbler/users.digest (for basic setups) # authn_passthru -- ask Apache to handle it (used for kerberos) # authn_ldap -- authenticate against LDAP # authn_spacewalk -- ask Spacewalk/Satellite (experimental) # authn_pam -- use PAM facilities # authn_testing -- username/password is always testing/testing (debug) # (user supplied) -- you may write your own module # WARNING: this is a security setting, do not choose an option blindly. # for more information: # https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface # https://github.com/cobbler/cobbler/wiki/Security-overview # https://github.com/cobbler/cobbler/wiki/Kerberos # https://github.com/cobbler/cobbler/wiki/Ldap [authentication] module = authn_configfile
說明:cobbler-web默認配置方式是authn_configfile,從上面的註釋信息能夠了解到 /etc/cobbler/users.digest是保存cobbler-web的用戶信息
2)查看/etc/cobbler/users.digest文件
[root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 [root@cobbler ~]#
說明:此文件的格式用戶名:領域:加密的口令
3)添加用戶
[root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 [root@cobbler ~]# htdigest /etc/cobbler/users.digest Cobbler admin Adding user admin in realm Cobbler New password: Re-type new password: [root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 admin:Cobbler:ea0fd5384fa2ee91ab834bba50fc90a4 [root@cobbler ~]#
說明:htdigest添加用戶的時候,須要指明存用戶信息的文件,領域(cobbler_web的領域必須是Cobbler),用戶,而後回車輸入口令,它就會在指定存放用戶名口令的文件裏記錄咱們建立的用戶信息
4)用新建立的用戶登陸
說明:能夠看到咱們剛纔建立的用戶是能夠正常登陸系統的
5) 使用authn_pam模塊認證cobbler_web用戶
1)編輯/etc/cobbler/modules.conf,將[authentication]語句下的 module = authn_configfile 修改成 module = authn_pam
[root@cobbler ~]# oot@cobbler ~]# vim /etc/cobbler/modules.conf ▽ # cobbler module configuration file # ================================= # authentication: # what users can log into the WebUI and Read-Write XMLRPC? # choices: # authn_denyall -- no one (default) # authn_configfile -- use /etc/cobbler/users.digest (for basic setups) # authn_passthru -- ask Apache to handle it (used for kerberos) # authn_ldap -- authenticate against LDAP # authn_spacewalk -- ask Spacewalk/Satellite (experimental) # authn_pam -- use PAM facilities # authn_testing -- username/password is always testing/testing (debug) # (user supplied) -- you may write your own module # WARNING: this is a security setting, do not choose an option blindly. # for more information: # https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface # https://github.com/cobbler/cobbler/wiki/Security-overview # https://github.com/cobbler/cobbler/wiki/Kerberos # https://github.com/cobbler/cobbler/wiki/Ldap [authentication] module = authn_pam "/etc/cobbler/modules.conf" 83L, 3069C 已寫入 [root@cobbler ~]#
2)建立系統用戶
[root@cobbler ~]# useradd -r -s /sbin/nologin cobbleradmin [root@cobbler ~]# id cobbleradmin uid=997(cobbleradmin) gid=993(cobbleradmin) 組=993(cobbleradmin) [root@cobbler ~]# getent passwd cobbleradmin cobbleradmin:x:997:993::/home/cobbleradmin:/sbin/nologin [root@cobbler ~]#
[root@cobbler ~]# passwd cobbleradmin
更改用戶 cobbleradmin 的密碼 。
新的 密碼:
無效的密碼: 密碼少於 8 個字符
從新輸入新的 密碼:
passwd:全部的身份驗證令牌已經成功更新。
[root@cobbler ~]#
3)編輯/etc/cobbler/users.conf
oot@cobbler ~]# vim /etc/cobbler/users.conf ▽ # Cobbler WebUI / Web Services authorization config file # # NOTICE: # this file is only used when /etc/cobbler/modules.conf # specifies an authorization mode of either: # # (A) authz_configfile # (B) authz_ownership # # For (A), any user in this file, in any group, are allowed # full access to any object in cobbler configuration. # # For (B), users in the "admins" group are allowed full access # to any object, otherwise users can only edit an object if # their username/group is listed as an owner of that object. If a # user is not listed in this file they will have no access. # # cobbler command line example: # # cobbler system edit --name=server1 --owner=dbas,mac,pete,jack # # NOTE: yes, you do need the equal sign after the names. # don't remove that part. It's reserved for future use. [admins] admin = "cobbleradmin" cobbler = "" "/etc/cobbler/users.conf" 28L, 860C 已寫入 [root@cobbler ~]#
4)重啓cobblerd服務後登陸
[root@cobbler ~]# systemctl restart cobblerd
到此cobbler-web用戶基於pam驗證配置就完成了,後續咱們就能夠開心的在網頁上點點來管理cobbler了
相關文章
- 1. Linux----------cobbler自動化安裝系統
- 2. cobbler實現系統自動安裝
- 3. cobbler自動化安裝linux
- 4. 運維自動化之使用Cobbler自動化安裝系統
- 5. cobbler自動安裝系統
- 6. cobbler 一鍵自動化安裝系統
- 7. Cobbler自動化安裝Centos7系統
- 8. cobbler自動化系統安裝配置
- 9. 系統運維自動化---cobbler安裝
- 10. s33 cobbler自動化安裝系統
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • Spring自動裝配Bean - Spring教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
