cobbler安裝與配置(1)

cobbler安裝

一、先安裝epel
#  wget http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
# rpm -ivh epel-release-5-4.noarch.rpm
安裝完epel後，會發現多了一個epel.repo的倉庫配置文件

二、配置好你本機的倉庫，由於epel裏只有cobbler的RPM包，沒有其餘組件的包。
安裝相應的環境
# yum -y install cobbler cobbler-web httpd xinetd  tftp-server yum-utils rsync dhcp

三、啓動相關服務
# /etc/init.d/cobblerd start
Starting cobbler daemon:                                   [  OK  ]
# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]

四、執行cobbler配置檢查
# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
#修改server選項爲主機名或是IP地址
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
#修改next-server對應的IP 地址
3 : Must enable a selinux boolean to enable vital web services components, run: setsebool -P httpd_can_network_connect true
#修改SELINUX setsebool -P httpd_can_network_connect true

4 : you need to set some SELinux content rules to ensure cobbler serves content correctly in your SELinux environment, run the following: /usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/p_w_picpaths/.*"
#修改selinux安全上下文標籤

5 : you need to set some SELinux rules if you want to use cobbler-web (an optional package), run the following: /usr/sbin/semanage fcontext -a -t httpd_sys_content_rw_t "/var/lib/cobbler/webui_sessions/.*"
#修改  cobbler對應的安全上下文標籤

6 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
#運行cobbler get-loaders  以獲取PXE啓動須要的文件

7 : change 'disable' to 'no' in /etc/xinetd.d/tftp
#開啓tftp

8 : change 'disable' to 'no' in /etc/xinetd.d/rsync
#開啓rsync

9 : since iptables may be running, ensure 69, 80, and 25151 are unblocked
#確保69,80,25151這個幾個端口沒有iptables阻止

10 : debmirror package is not installed, it will be required to manage debian deployments and repositories
# debian的鏡像包沒有安裝，若是不安裝debian，這條可忽略

11 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
# 要求使用以上命令行建立新的密碼

12 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
# 沒有安裝fencing工具，

Restart cobblerd and then run 'cobbler sync' to apply changes.

操做：
一、關閉了iptables,selinux
二、開啓tftp,rsync
三、修改/etc/cobbler/setting對應的選項

四、獲取pxe啓動須要的loaders
# cobbler get-loaders
task started: 2011-10-10_102113_get_loaders
task started (id=Download Bootloader Content, time=Mon Oct 10 10:21:13 2011)
downloading http://dgoodwin.fedorapeople.org/loaders/README to /var/lib/cobbler/loaders/README
downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading http://dgoodwin.fedorapeople.org/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading http://dgoodwin.fedorapeople.org/loaders/yaboot-1.3.14-12 to /var/lib/cobbler/loaders/yaboot
downloading http://dgoodwin.fedorapeople.org/loaders/pxelinux.0-3.61 to /var/lib/cobbler/loaders/pxelinux.0
downloading http://dgoodwin.fedorapeople.org/loaders/menu.c32-3.61 to /var/lib/cobbler/loaders/menu.c32
downloading http://dgoodwin.fedorapeople.org/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading http://dgoodwin.fedorapeople.org/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***

五、生成新的密碼
# openssl passwd -1 -salt 'random-phrase-here' '123456'
$1$random-p$mzxQ/Sx848sXgvfwJCoZM0

替換/etc/cobbler/settings裏的系統裏的密碼


六、導入系統介質（網絡路徑，本地路徑都可以）
以本機中掛載的iso爲例，在/mnt中掛載了一個RHEL5的系統
# cobbler import --path=/mnt --name=RHEL5.4_i386
.......
.......省略一長串過程。
*** TASK COMPLETE ***
看到這個就OK了。


七、修改dhcp的配置
# vim /etc/cobbler/settings
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
manage_dhcp: 1
# 讓cobbler來接管dhcp服務


# vim /etc/cobbler/dhcp.template
========================================>
ddns-update-style interim;

allow booting;
allow bootp;

ignore client-updates;
set vendorclass = option vendor-class-identifier;

subnet 192.168.10.0 netmask 255.255.255.0 {
     option routers             192.168.10.2;
     option domain-name-servers 202.96.128.86;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.10.50 192.168.10.80;
     filename                   "/pxelinux.0";
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;
}

group {
        #for mac in $dhcp_tags[$dhcp_tag].keys():
            #set iface = $dhcp_tags[$dhcp_tag][$mac]
    host $iface.name {
        hardware ethernet $mac;
        #if $iface.ip_address:
        fixed-address $iface.ip_address;
        #end if
        #if $iface.hostname:
        option host-name "$iface.hostname";
        #end if
        #if $iface.subnet:
        option subnet-mask $iface.subnet;
        #end if
        #if $iface.gateway:
        option routers $iface.gateway;
        #end if
        filename "$iface.filename";
        ## Cobbler defaults to $next_server, but some users
        ## may like to use $iface.system.server for proxied setups
        next-server $next_server;
        ## next-server $iface.next_server;
    }
======================================================================<

八、執行同步,看看它都幹了些啥事情
# cobbler sync
它主要是讓修改的配置生效
*** TASK COMPLETE ***


九、服務自啓動
# chkconfig tftp on
# chkconfig rsync on
# chkconfig cobblerd on
# chkconfig httpd on
# chkconfig dhcpd on

# cobbler list
distros:  能夠用的發行版
   RHEL5.4-i386
   RHEL5.4-xen-i386

profiles:  對應的配置文件
   RHEL5.4-xen-i386
   RHEL5.4-i386

systems:   系統的設置，針對系統對應的主機名、IP、MAC進行系統安裝

repos:    軟件倉庫

p_w_picpaths:

十、配置profile和system

添加一個profile,名稱爲:RHEL5.4.i386,指定的鏡像爲RHEL5.4-i386
# cobbler profile add --name=RHEL5.4.i386 --distro=RHEL5.4-i386 --kickstart=/var/lib/cobbler/kickstarts/ks5.cfg

刪除以前的profile
cobbler profile remove --name=RHEL5.4-i386

# cobbler list
distros:  能夠用的發行版
   RHEL5.4-i386
   RHEL5.4-xen-i386

profiles:  對應的配置文件
   RHEL5.4-xen-i386
   RHEL5.4.i386 <客戶端PXE啓動後，會看到這個>


十一、關於認證(須要開啓認證文件選項)
# vim /etc/cobbler/modules.conf
[authentication]
#    authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
module = authn_configfile
默認是module = authn_denyall,永遠沒法登陸啊