運維自動化系統部署
自動化系統部署
TFTP服務:
TFTP是一種用於傳輸文件的簡單高級協議,是文件傳輸協議FTP的簡化版。用來傳輸比FTP更易於使用但功能較小的文件。
FTP與TFPT區別
一、 安全區別FTP支持登陸安全,具備適當的身份驗證和加密協議,與FTP通訊須要驗證 TFTP是一種開放協議,缺乏安全性,沒有加密機制,與TFTP通訊時不須要認證。
二、 FTP使用TCP做爲傳輸層協議,TFTP使用UDP做爲傳輸層協議。
三、 FTP使用2個端口:TCP端口21,是個偵聽端口;TCP端口20或更高TCP端口1024以上用於鏈接 TFTP僅使用一個具備中止和等待模式的端口:69/udp
四、 RFC的區別 FTP是基於RFC959文檔,帶有其餘RFC涵蓋安全措施;TFTP基於RFC1350文檔
五、 執行命令的區別 FTP有許多能夠執行的命令(get、put、ls、dir、lcd)而且能夠列出目錄等 TFTP只有5個指令能夠執行(rrq、wrq、data、ack、error)
DHCP服務
DHCP(Dynamic Host Configuration Protocol,動態主機配置協議)是一個局域網 的網絡協議,使用UDP協議工做, 主要有兩個用途:給內部網絡或網絡服務供應商自動分 配IP地址,給用戶或者內部網絡管理員做爲對全部服務器做中央管理的手段。DHCP有3個端 口,其中UDP67和UDP68爲正常的DHCP服務端口,分別做爲DHCP Server和DHCP Client的 服務端口;546號端口用於DHCPv6 Client,而不用於DHCPv4。
HTTPD服務
httpd是Apache超文本傳輸協議(HTTP)服務器的主程序。httpd是一個開源軟件,且通常用做web服務器來使用。
syslinux包
syslinux是一個功能強大的引導加載程序,並且兼容各類介質。它的目的是簡化首次安裝Linux的時間,並創建修護或其它特殊用途的啓動盤。(下面實驗會提取/usr/share/syslinux/pxelinux.0)
system-config-kickstart
圖形界面生成Kickstart安裝應答文件
Kickstart格式
命令段:指明各類安裝前配置。
必備命令:
authconfig: 認證方式配置
keyboard: 設定鍵盤類型
lang: 語言類型
part: 建立分區
rootpw: 指明root的密碼
timezone: 時區
可選命令:
install OR upgrade
text: 文本安裝界面
network
firewall
selinux
halt
poweroff
reboot
repo
user:安裝完成後爲系統建立新用戶
url: 指明安裝源
key –skip 跳過安裝號碼,適用於rhel版本
程序包段:指明要安裝的程序包組或程序包,不安裝的程序包等
%packages
@group_name
package
-package
%end
腳本段
%pre: 安裝前腳本
運行環境:運行於安裝介質上的微型Linux環境
%post: 安裝後腳本
運行環境:安裝完成的系統
PXE自動化安裝系統
PXE工做原理:
一、客戶端向PXE 服務器上的DHCP發送IP地址請求消息,DHCP檢測客戶端是否合法(主要檢測客戶端的網卡MAC地址),若是合法則返回客戶端的ip地址,同時將啓動文件pxelinux.0的位置信息一併傳給客戶端。
二、 客戶端向PXE服務器上的TFTP發送獲取pxelinux.0請求消息,TFTP接受到消息以後再向客戶端發送pxelinux.0大小信息,試探客戶端是否滿意,當TFTP收到客戶端發回的贊成大小信息以後,正式向客戶端發送pxelinux.0
三、 客戶端執行接收到的pxelinux.0文件
四、 客戶端向TFTP服務器端發送針對本機的配置信息文件(在TFTP服務的pxelinux.cfg目錄下),TFTP服務器將配置文件發回客戶端,繼而客戶端根據配置文件執行後續操做
五、 客戶端向TFTP服務器發送內核請求信息,TFTP服務器接收到消息以後將內核發送給客戶端
六、 客戶端向TFTP發送根文件請求信息,TFTP接受到消息以後返回linux根文件系統
七、 客戶端啓動linux內核
八、 客戶端下載安裝源文件,讀取自動化安裝腳本
實驗:PXE實現自動化安裝系統的步驟
一、準備條件:
網卡:僅主機,關閉vmware 的dhcp服務,關閉防火牆和selinux
安裝軟件包 httpd,tftp-server,dhcp,syslinux,system-config-kickstart
二、打開system-config-kickstar配置ks應答文件
Package Selection顯示包組被禁用
修改yum倉庫名稱爲development
安裝後腳本,
保存生成ks7.cfg文件
三、啓動httpd服務 systemctl start httpd systemctl enable httpd
放入系統鏡像和ks應答文件,用瀏覽器測試是否正常訪問
四、打開kick start文件修改鏡像路徑(注意權限)
五、配置tftp服務 [root@centos7 ksdir]# yum install tftp-server [root@centos7 ksdir]# systemctl start tftp [root@centos7 ksdir]# systemctl enable tftp
六、配置DHCP服務
[root@centos7 ksdir]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf(copy模板)
[root@centos7 ksdir]# vim /etc/dhcp/dhcpd.conf(打開配置文件)
option domain-name "baidu.com";
option domain-name-servers 114.114.114.114,223.5.5.5; (設置DNS)
default-lease-time 86400; (設置租期)
max-lease-time 864000; (最大租期)
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
subnet 192.168.2.0 netmask 255.255.255.0 { (網絡)
range dynamic-bootp 192.168.2.10 192.168.2.60; (地址池)
option broadcast-address 192.168.2.254; (網關)
next-server 192.168.2.200; (tftp地址,這裏就是本機)
filename "pxelinux.0"; (下載的文件名,pxelinux.0是引導啓動文件)
}
[root@centos7 ksdir]# systemctl start dhcpd (啓動dhcp服務)
[root@centos7 ksdir]# systemctl enable dhcpd
七、準備相關文件 [root@centos7 ksdir]# yum -y install syslinux [root@centos7 ksdir]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot [root@centos7 ksdir]# cp /usr/share/syslinux/menu.c32 /var/lib/tftpboot [root@centos7 ksdir]# cp /mnt/cdrom/isolinux/vmlinuz /var/lib/tftpboot/ [root@centos7 ksdir]# cp /mnt/cdrom/isolinux/initrd.img /var/lib/tftpboot/ [root@centos7 ksdir]# mkdir /var/lib/tftpboot/pxelinux.cfg/ [root@centos7 ksdir]# cp /mnt/cdrom/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default 查看目錄結構 [root@centos7 ksdir]# tree /var/lib/tftpboot/ /var/lib/tftpboot/ ├── initrd.img ├── menu.c32 ├── pxelinux.0 ├── pxelinux.cfg │ └── default └── vmlinuz
八、準備啓動菜單 [root@centos7 ksdir]# vim /var/lib/tftpboot/pxelinux.cfg/default default menu.c32 timeout 60 menu title Auto Install CentOS label centos7 menu label Install CentOS ^Mini 7 kernel vmlinuz append initrd=initrd.img ks=http://192.168.2.200/ksdir/ks7.cfg label local menu default menu label Boot from ^local drive localboot 0xffff
九、準備機器開始測試網絡安裝
安裝完成
十、修改支持多系統安裝(修改目錄結構和啓動菜單)
[root@centos7 ksdir]# mkdir /var/lib/tftpboot/kernel{6,7}
[root@centos7 ksdir]# cd /var/lib/tftpboot/
[root@centos7 tftpboot]# mv vmlinuz initrd.img kernel7/
[root@centos7 tftpboot]# cp /var/www/html/centos/6/os/x86_64/isolinux/vmlinuz kernel6
[root@centos7 tftpboot]# cp /var/www/html/centos/6/os/x86_64/isolinux/initrd.img kernel6
[root@centos7 tftpboot]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── kernel6
│ ├── initrd.img
│ └── vmlinuz
├── kernel7
│ ├── initrd.img
│ └── vmlinuz
├── menu.c32
├── pxelinux.0
└── pxelinux.cfg
└── default
3 directories, 7 files
[root@centos7 tftpboot]# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 60
menu title Auto Install CentOS
label centos7
menu label Install CentOS ^Mini 7
kernel kernel7/vmlinuz
append initrd=kernel7/initrd.img ks=http://192.168.2.200/ksdir/ks7.cfg
label centos6
menu label Install CentOS Mi^ni 6
kernel kernel6/vmlinuz
append initrd=kernel6/initrd.img ks=http://192.168.2.200/ksdir/ks6.cfg
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
十一、客戶機繼續測試
Cobbler自動化安裝系統
Cobbler工做流程 客戶端裸機配置了從網絡啓動後,開機後會廣播包請求DHCP服務器(cobbler server)發送其分配好的一個ip DHCP服務器(cobbler server)收到請求後發送responese,包括其ip地址 客戶端裸機拿到ip後再向DHCP服務器發送請求OS引導文件的請求 DHCP服務器告訴裸機OS引導文件的名字和TFTP服務器的ip和端口 客戶端裸機經過上面告知的TFTP服務器地址通訊,下載引導文件 客戶端裸機執行改引導文件,肯定加載信息,選擇要安裝的os,期間會再向DHCP服務器請 求kickstart和os iamge 客戶端裸機加載kick start文件 客戶端裸機接受os image,安裝os image
配置文件目錄 /etc/cobbler
/etc/cobbler/settings : cobbler 主配置文件
/etc/cobbler/iso/: iso模板配置文件
/etc/cobbler/pxe: pxe模板文件
/etc/cobbler/power: 電源配置文件
/etc/cobbler/user.conf: web服務受權配置文件
/etc/cobbler/users.digest: web訪問的用戶名密碼配置文件
/etc/cobbler/dhcp.template : dhcp服務器的的配置末班
/etc/cobbler/dnsmasq.template : dns服務器的配置模板
/etc/cobbler/tftpd.template : tftp服務的配置模板
/etc/cobbler/modules.conf : 模塊的配置文件
數據目錄
/var/lib/cobbler/config/: 用於存放distros,system,profiles 等信息配置文件
/var/lib/cobbler/triggers/: 用於存放用戶定義的cobbler命令
/var/lib/cobbler/kickstart/: 默認存放kickstart文件
/var/lib/cobbler/loaders/: 存放各類引導程序
鏡像目錄
/var/www/cobbler/ks_mirror/: 導入的發行版系統的全部數據
/var/www/cobbler/images/ : 導入發行版kernel和initrd鏡像用於遠程網絡啓動
/var/www/cobbler/repo_mirror/: yum 倉庫存儲目錄
日誌目錄
/var/log/cobbler/installing: 客戶端安裝日誌
/var/log/cobbler/cobbler.log : cobbler日誌
cobbler commands介紹
cobbler check 覈對當前設置是否有問題
cobbler list 列出全部的cobbler元素
cobbler report 列出元素的詳細信息
cobbler sync 同步配置到數據目錄,更改配置最好都要執行下
cobbler reposync 同步yum倉庫
cobbler distro 查看導入的發行版系統信息
cobbler system 查看添加的系統信息
cobbler profile 查看配置信息
## 實驗:利用cobbler 實現系統自動化安裝 ##
實驗準備 兩塊網卡:僅主機和橋接,關閉vmware 的dhcp服務,關閉防火牆和selinux
一、搭建yum源(建議選擇老版本) [root@localhost yum.repos.d]# vi base.repo [base] name=base baseurl=http://mirrors.sohu.com/centos/7.5.1804/os/x86_64/ gpgcheck=1 gpgkey=http://mirrors.sohu.com/centos/7.5.1804/os/x86_64/RPM-GPG-KEY-CentOS-7 [epel] name=epel baseurl=http://mirrors.sohu.com/fedora-epel/7/x86_64/ gpgcheck=0
二、[root@localhost yum.repos.d]# yum -y install cobbler dhcp
安裝cobbler有依賴性,會自動把httpd、tftp-server安裝
三、啓動服務(dhcp須要配置才能啓動) [root@localhost yum.repos.d]# systemctl enable tftp httpd cobblerd Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket. Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service. [root@localhost yum.repos.d]# systemctl start tftp httpd cobblerd [root@localhost yum.repos.d]# ss -ntlu Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port udp UNCONN 0 0 127.0.0.1:323 *:* udp UNCONN 0 0 ::1:323 :::* udp UNCONN 0 0 :::69 :::* tcp LISTEN 0 5 127.0.0.1:25151 *:* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 100 127.0.0.1:25 *:* tcp LISTEN 0 128 :::80 :::* tcp LISTEN 0 128 :::22 :::* tcp LISTEN 0 100 ::1:25 :::*
四、環境檢查 [root@localhost yum.repos.d]# cobbler check The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : enable and start rsyncd.service with systemctl 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : ksvalidator was not found, install pykickstart 8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes. [root@localhost yum.repos.d]#
五、根據cobbler check的環境檢查來修改 找到server也就是384行,此處是cobbler server地址,修改正確地址 [root@localhost yum.repos.d]# vim /etc/cobbler/settings 0 # or hostname of the system as those systems can see the server. 381 # if you have a server that appears differently to different subnets 382 # (dual homed, etc), you need to read the --server-override section 383 # of the manpage for how that works. 384 server: 192.168.2.200 385 386 # If set to 1, all commands will be forced to use the localhost address 387 # instead of using the above value which can force commands like 388 # cobbler sync to open a connection to a remote address if one is in the 389 # configuration and would traceback. 390 client_use_localhost: 0 找到next_server也是就是272行,此處是TFTP地址,修改正確 [root@localhost yum.repos.d]# vim /etc/cobbler/settings 265 # See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info 266 manage_forward_zones: [] 267 manage_reverse_zones: [] 268 269 # if using cobbler with manage_dhcp, put the IP address 270 # of the cobbler server here so that PXE booting guests can find it 271 # if you do not set this correctly, this will be manifested in TFTP open timeouts. 272 next_server: 192.168.2.200 273 274 # settings for power management features. optional. 275 # see https://github.com/cobbler/cobbler/wiki/Power-management to learn more 276 # choices (refer to codes.py): 277 # apc_snmp bladecenter bullpap drac ether_wake ilo integrity 278 # ipmilan ipmitool lpar rsa virsh wti 279 power_management_default_type: 'ipmitool'
六、下載啓動菜單 [root@localhost yum.repos.d]# systemctl restart cobblerd [root@localhost yum.repos.d]# cobbler get-loaders task started: 2019-04-21_055619_get_loaders task started (id=Download Bootloader Content, time=Sun Apr 21 05:56:19 2019) downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0 downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32 downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi *** TASK COMPLETE ***
七、同步cobbler配置(copy到/var/lib/tftpboot/目錄下) [root@localhost yum.repos.d]# cobbler sync [root@localhost yum.repos.d]# cobbler sync task started: 2019-04-21_060112_sync task started (id=Sync, time=Sun Apr 21 06:01:12 2019) running pre-sync triggers cleaning trees removing: /var/lib/tftpboot/grub/images copying bootloaders trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32 trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros to tftpboot copying images generating PXE configuration files generating PXE menu structure rendering TFTPD files generating /etc/xinetd.d/tftp cleaning link caches running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE *** 查看目錄結構 [root@localhost ~]# cd /var/lib/tftpboot/ [root@localhost tftpboot]# tree . ├── boot │ └── grub │ └── menu.lst ├── etc ├── grub │ ├── efidefault │ ├── grub-x86_64.efi │ ├── grub-x86.efi │ └── images -> ../images ├── images ├── images2 ├── memdisk ├── menu.c32 ├── ppc ├── pxelinux.0 ├── pxelinux.cfg │ └── default ├── s390x │ └── profile_list └── yaboot
八、打開/etc/cobbler/settings找到passwd這一行101設置密碼 (生成密鑰) [root@localhost ~]# openssl passwd -1 Password: Verifying - Password: $1$B0Ut4bO2$7HIAc9p4syYjfr6l4sryQ. [root@localhost tftpboot]# vim /etc/cobbler/settings 97 # this is not changed. 98 # The simplest way to change the password is to run 99 # openssl passwd -1 100 # and put the output between the "" below. 101 default_password_crypted: "$1$B0Ut4bO2$7HIAc9p4syYjfr6l4sryQ." 102 103 # the default template type to use in the absence of any 104 # other detected template. If you do not specify the template 105 # with '#template=<template_type>' on the first line of your 106 # templates/snippets, cobbler will assume try to use the 107 # following template engine to parse the templates. 108 # 109 # Current valid values are: cheetah, jinja2
九、重啓cobbler服務,從新環境檢查 [root@localhost tftpboot]# systemctl restart cobblerd [root@localhost tftpboot]# cobbler check The following are potential configuration items that you may want to fix: 1 : enable and start rsyncd.service with systemctl 2 : debmirror package is not installed, it will be required to manage debian deployments and repositories 3 : ksvalidator was not found, install pykickstart 4 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes. 剩餘四項能夠忽略
十、雖然環境檢查沒有提示,可是建議將242行dhcp的值改成1(這樣的話會自動同步) [root@localhost tftpboot]# vim /etc/cobbler/settings 238 #puppet_parameterized_classes: 1 239 240 # set to 1 to enable Cobbler's DHCP management features. 241 # the choice of DHCP management engine is in /etc/cobbler/modules.conf 242 manage_dhcp: 1 243 244 # set to 1 to enable Cobbler's DNS management features. 245 # the choice of DNS mangement engine is in /etc/cobbler/modules.conf 246 manage_dns: 0 247 248 # set to path of bind chroo
十一、打開vim /etc/cobbler/dhcp.template修改dhcp配置(修改後要重啓)
[root@localhost tftpboot]# vim /etc/cobbler/dhcp.template
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.254;
option domain-name-servers 1.1.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.2.100 192.168.2.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
[root@localhost tftpboot]# systemctl restart cobblerd
十二、修改好以後使用cobbler sync命令自動更改/etc/dhcp/dhcpd.conf並啓動dhcp服務
[root@localhost tftpboot]# cobbler sync
task started: 2019-04-21_062541_sync
task started (id=Sync, time=Sun Apr 21 06:25:41 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@localhost tftpboot]# vim /etc/dhcp/dhcpd.conf
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.254;
option domain-name-servers 1.1.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.2.100 192.168.2.254;
default-lease-time 21600;
max-lease-time 43200;
next-server 192.168.2.200;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
1三、掛載一個光盤 [root@localhost tftpboot]# mount /dev/sr0 /mnt/cdrom mount: /dev/sr0 is write-protected, mounting read-only [root@localhost tftpboot]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 20G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 19G 0 part ├─centos-root 253:0 0 17G 0 lvm / └─centos-swap 253:1 0 2G 0 lvm [SWAP] sr0 11:0 1 4.2G 0 rom /mnt/cdrom
1四、查看幫助
[root@localhost tftpboot]# cobbler import --help
Usage: cobbler import [options]
Options:
-h, --help show this help message and exit
--arch=ARCH OS architecture being imported
--breed=BREED the breed being imported
--os-version=OS_VERSION
the version being imported
--path=PATH local path or rsync location
--name=NAME name, ex 'RHEL-5'
--available-as=AVAILABLE_AS
tree is here, don't mirror
--kickstart=KICKSTART_FILE
assign this kickstart file
--rsync-flags=RSYNC_FLAGS
pass additional flags to rsync
1四、cobbler import --path=/mnt/cdrom --name=Centos-7.5 --arch=x86_64 指定光盤路徑,它會copy到相應的目錄起名叫Centos-6.10 架構x86_64(導入) [root@localhost tftpboot]# cobbler import --path=/mnt/cdrom --name=Centos-7.5 --arch=x86_64 task started: 2019-04-21_081139_import task started (id=Media import, time=Sun Apr 21 08:11:39 2019) Found a candidate signature: breed=redhat, version=rhel6 Found a candidate signature: breed=redhat, version=rhel7 Found a matching signature: breed=redhat, version=rhel7 Adding distros from path /var/www/cobbler/ks_mirror/Centos-7.5-x86_64: creating new distro: Centos-7.5-x86_64 trying symlink: /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 -> /var/www/cobbler/links/Centos-7.5-x86_64 creating new profile: Centos-7.5-x86_64 associating repos checking for rsync repo(s) checking for rhn repo(s) checking for yum repo(s) starting descent into /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 for Centos-7.5-x86_64 processing repo at : /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 need to process repo/comps: /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 looking for /var/www/cobbler/ks_mirror/Centos-7.5-x86_64/repodata/*comps*.xml Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos-7.5-x86_64/repodata *** TASK COMPLETE *** 導入到的目錄地址 [root@localhost tftpboot]# du -sh /var/www/cobbler/ 4.2G /var/www/cobbler/ default菜單已經生成 [root@localhost tftpboot]# cd /var/lib/tftpboot/ [root@localhost tftpboot]# ls boot etc grub images images2 memdisk menu.c32 ppc pxelinux.0 pxelinux.cfg s390x yaboot [root@localhost tftpboot]# cd pxelinux.cfg/ [root@localhost pxelinux.cfg]# ls default
1五、客戶機選擇網卡啓動
cobbler profile list 查看菜單名 應答文件名稱 cobbler distro list 安裝源文件名稱 刪除多餘菜單cobbler profile remove -name=images-x86_64 刪除多餘的源文件cobbler distro remove -name=images-x86_64
一、掛載另外一塊光盤
[root@localhost cobbler]# mount /dev/sr1 /mnt/cdrom2/
二、導入cobbler(/var/www/cobbler/)
[root@localhost cobbler]# cobbler import --path=/mnt/cdrom2 --name=Centos-6.10 --arch=x86_64
task started: 2019-04-21_083855_import
task started (id=Media import, time=Sun Apr 21 08:38:55 2019)
Found a candidate signature: breed=redhat, version=rhel6
Found a matching signature: breed=redhat, version=rhel6
Adding distros from path /var/www/cobbler/ks_mirror/Centos-6.10-x86_64:
creating new distro: Centos-6.10-x86_64
trying symlink: /var/www/cobbler/ks_mirror/Centos-6.10-x86_64 -> /var/www/cobbler/links/Centos-6.10-x86_64
creating new profile: Centos-6.10-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/Centos-6.10-x86_64 for Centos-6.10-x86_64
processing repo at : /var/www/cobbler/ks_mirror/Centos-6.10-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/Centos-6.10-x86_64
looking for /var/www/cobbler/ks_mirror/Centos-6.10-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos-6.10-x86_64/repodata
*** TASK COMPLETE ***
三、選擇網卡啓動就會出現兩個菜單,能夠正常安裝啦。
一、手動製做應答文件 [root@localhost ~]# cp anaconda-ks.cfg ks7_mini.cfg [root@localhost ~]# vim ks7_mini.cfg 1 #version=DEVEL 2 # System authorization information 3 auth --enableshadow --passalgo=sha512 4 # Use CDROM installation media 5 url --url=$tree (cobbler自動導入應答文件) 6 # Use graphical install 7 text (字符界面安裝) 8 reboot 9 # Run the Setup Agent on first boot 10 firstboot --enable 11 ignoredisk --only-use=sda 12 # Keyboard layouts 13 keyboard --vckeymap=us --xlayouts='us' 14 # System language 15 lang en_US.UTF-8 16 selinux --disabled 17 firewall --disabled 18 # Network information 19 network --bootproto=dhcp --device=ens33 --onboot=on --ipv6=auto --no-activate 20 network --hostname=localhost.localdomain 21 22 # Root password 23 rootpw --iscrypted $6$OjcypZdOFW5EDMut$77V.RjoDpM.ZGDtC3XxEo5cy4aTQFyobuTF6YDs62E8wYqgt5fWwaWmTvZ6ZYCyHmf/RHZZjh KAIhMxb1pFLw/ 24 # System services 25 services --enabled="chronyd" 26 # System timezone 27 timezone America/New_York --isUtc 28 # System bootloader configuration 29 bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda 30 autopart --type=lvm 31 # Partition clearing information 32 zerombr (清理mbr) 33 clearpart --all --initlabel (清除硬盤標籤) 34 %packages 35 @^minimal 36 @core 37 chrony 38 kexec-tools 39 40 %end 41 42 %addon com_redhat_kdump --enable --reserve-mb='auto' 43 44 %end 45 46 %anaconda 47 pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty 48 pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok 49 pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty 50 %end 二、而後將應答文件放入cobbler相應的位置 [root@localhost ~]# ll total 8 -rw-------. 1 root root 1260 Apr 21 2019 anaconda-ks.cfg -rw------- 1 root root 1315 Apr 21 09:02 ks7_mini.cfg [root@localhost ~]# chmod 644 ks7_mini.cfg [root@localhost ~]# cp ks7_mini.cfg /var/lib/cobbler/kickstarts/
root@localhost ~]# cobbler profile list(查看菜單有哪些選項) Centos-6.10-x86_64 Centos-7.5-x86_64 [root@localhost ~]# cobbler distro list(查看加載的源文件名稱) Centos-6.10-x86_64 Centos-7.5-x86_64 三、生成新的菜單選項=把製做好的應答文件關聯到安裝源文件 [root@localhost ~]# cobbler profile add --name=Centos-7.6-x86_64_mini --distro=Centos-7.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7_mini.cfg [root@localhost ~]# cobbler profile list Centos-6.10-x86_64 Centos-7.5-x86_64 Centos-7.6-x86_64_mini (新生成的菜單) 刪除菜單項 [root@localhost ~]# cobbler profile remove --name=Centos-7.5-x86_64 [root@localhost ~]# cobbler profile list Centos-6.10-x86_64 Centos-7.6-x86_64_mini
四、啓動客戶端網卡啓動,能夠看到剛剛建立的菜單
一、把之前作好的應答文件copy到cobbler [root@localhost ~]# cp ks6.cfg /var/lib/cobbler/kickstarts/ [root@localhost ~]# vim /var/lib/cobbler/kickstarts/ks6.cfg url --url=$tree (只修改此行) 二、刪除默認的菜單選項關聯的應答文件 [root@localhost ~]# cobbler profile list Centos-6.10-x86_64 Centos-7.6-x86_64_mini [root@localhost ~]# cobbler profile remove --name=Centos-6.10-x86_64 [root@localhost ~]# cobbler profile list Centos-7.6-x86_64_mini 三、建立新的菜單關聯應答文件和安裝源文件 [root@localhost ~]# cobbler profile add --name=Centos-6.10 --distro=Centos-6.10-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks6.cfg [root@localhost ~]# cobbler profile list Centos-6.10 Centos-7.6-x86_64_mini 四、客戶機選擇網絡引導,開始安裝
## Cobbler基於web管理 ## 一、[root@localhost ~]# yum -y install cobbler-web 二、[root@localhost ~]# systemctl restart httpd (安裝cobbler增長了/etc/httpd/conf.d/cobbler_web.conf,因此重啓) 三、瀏覽器中打開https://192.168.2.200/cobbler_web 默認帳號密碼cobbler
/etc/cobbler/modules.conf驗證文件 [root@localhost ~]# vim /etc/cobbler/modules.conf # cobbler module configuration file # ================================= # authentication: # what users can log into the WebUI and Read-Write XMLRPC? # choices: # authn_denyall -- no one (default) # authn_configfile -- use /etc/cobbler/users.digest (for basic setups) # authn_passthru -- ask Apache to handle it (used for kerberos) # authn_ldap -- authenticate against LDAP # authn_spacewalk -- ask Spacewalk/Satellite (experimental) # authn_pam -- use PAM facilities # authn_testing -- username/password is always testing/testing (debug) # (user supplied) -- you may write your own module # WARNING: this is a security setting, do not choose an option blindly. # for more information: # https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface # https://github.com/cobbler/cobbler/wiki/Security-overview # https://github.com/cobbler/cobbler/wiki/Kerberos # https://github.com/cobbler/cobbler/wiki/Ldap [authentication] module = authn_configfile (默認認證方法) # authorization: # once a user has been cleared by the WebUI/XMLRPC, what can they do? # choices: # authz_allowall -- full access for all authneticated users (default) # authz_ownership -- use users.conf, but add object ownership semantics
/etc/cobbler/users.digest用來存放authn_configfile驗證的用戶名密碼 建立新的帳號密碼 [root@localhost ~]# htdigest /etc/cobbler/users.digest Cobbler huahua Adding user huahua in realm Cobbler New password: Re-type new password: 使用huahua登陸
更改驗證方法(其餘驗證方法就無效了,存放帳號密碼文件也變了) [root@localhost ~]# vim /etc/cobbler/modules.conf [authentication] module = authn_pam Pam用戶名在vim /etc/cobbler/users.conf文件 [root@localhost ~]# vim /etc/cobbler/users.conf [admins] admin = "lili" 使用pam驗證須要先成爲系統用戶(避免安全隱患,建議shell類型爲nologin) [root@localhost ~]# useradd -s /sbin/nologin lili [root@localhost ~]# echo qwe123 | passwd --stdin lili Changing password for user lili. passwd: all authentication tokens updated successfully. [root@localhost ~]# systemctl restart cobblerd
相關文章
- 1. 運維自動化之系統部署
- 2. 運維自動化——系統部署
- 3. 運維自動化部署
- 4. Linux自動化運維部署+運維
- 5. 自動化運維之Cobbler部署系統
- 6. 運維自動化之系統部署 PXE(二)
- 7. Linux進階_運維自動化之系統部署
- 8. 3.1 運維自動化之系統部署
- 9. 運維自動化之系統部署(一)
- 10. 自動化部署系統
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • 操作系統(OS)平臺 統計 - 瀏覽器信息
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 外部其他進程嵌入到qt FindWindow獲得窗口句柄 報錯無法鏈接的外部符號 [email protected] 無法被([email protected]@[email protected]@@引用
- 2. UVa 11524 - InCircle
- 3. The Monocycle(bfs)
- 4. VEC-C滑窗
- 5. 堆排序的應用-TOPK問題
- 6. 實例演示ElasticSearch索引查詢term,match,match_phase,query_string之間的區別
- 7. 數學基礎知識 集合
- 8. amazeUI 復擇框問題解決
- 9. 揹包問題理解
- 10. 算數平均-幾何平均不等式的證明,從麥克勞林到柯西
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 運維自動化之系統部署
- 2. 運維自動化——系統部署
- 3. 運維自動化部署
- 4. Linux自動化運維部署+運維
- 5. 自動化運維之Cobbler部署系統
- 6. 運維自動化之系統部署 PXE(二)
- 7. Linux進階_運維自動化之系統部署
- 8. 3.1 運維自動化之系統部署
- 9. 運維自動化之系統部署(一)
- 10. 自動化部署系統