用docker快速佈署cobbler裝機系統

時間 2020-08-04

標籤 docker 快速佈署 cobbler 裝機系統欄目 Docker 简体版

原文原文鏈接

很久沒寫過博客了，上來擼一篇。。。。
最近在看K8s,恰好機房環境裏須要加個cobbler 裝機系統，便有了下面的折騰python

環境：原有cobbler幾臺（因有多個機房，故有多個cobbler)
需求：新機房須要cobbler 自動裝機系統git

先作個cobbler2.8的鏡像（爲何用2.8版本？2.6版本安裝exsi會報錯）github

docker file 參照https://github.com/jasonlix5/docker-cobbler 修改web

FROM bd2fd3afdba2
ADD cobbler-*  /
ADD entrypoint.sh  /entrypoint.sh
ADD supervisord.d/conf.ini /etc/supervisord.d/conf.ini
RUN yum localinstall cobbler-2.8.0-4.el7.x86_64.rpm cobbler-web-2.8.0-4.el7.noarch.rpm -y  && yum install  tftp-server dhcp supervisor -y && yum clean a
ll &&  rm -rf /var/cache/yum/* /tmp/*

CMD /entrypoint.sh

其中bd2fd3afdba2是我本身的centos7鏡像，須要更改成本身環境的鏡像，好比官方的鏡像docker

cat entrypoint.sh
#!/bin/sh

set -ex

if [ ! $SERVER_IP ]
then
        echo "Please use $SERVER_IP set the IP address of the need to monitor."
        exit 1
elif [ ! $DHCP_RANGE ]
then
        echo "Please use $DHCP_RANGE set up DHCP network segment."
        exit 1
elif [ ! $NEXT_SERVER ]
then
        echo "Please use $NEXT_SERVER set TFTP PXE booting ."
        exit 1
elif [ ! $ROOT_PASSWORD ]
then
        echo "Please use $ROOT_PASSWORD set the root password."
        exit 1
elif [ ! $DHCP_SUBNET ]
then
        echo "Please use $DHCP_SUBNET set the dhcp subnet."
        exit 1
elif [ ! $DHCP_ROUTER ]
then
        echo "Please use $DHCP_ROUTER set the dhcp router."
        exit 1
elif [ ! $DHCP_DNS ]
then
        echo "Please use $DHCP_DNS set the dhcp dns."
        exit 1
elif [ ! $COBBLER_MASTER ]
then
        echo "Please use $COBBLER_MASTER set the cobbler master to rsync."
        exit 1
else
        PASSWORD=`openssl passwd -1 -salt hLGoLIZR $ROOT_PASSWORD`
        sed -i "s/^server: 127.0.0.1/server: $SERVER_IP/g" /etc/cobbler/settings
        sed -i "s/^next_server: 127.0.0.1/next_server: $NEXT_SERVER/g" /etc/cobbler/settings
        sed -i 's/pxe_just_once: 0/pxe_just_once: 1/g' /etc/cobbler/settings
        sed -i 's/manage_dhcp: 0/manage_dhcp: 1/g' /etc/cobbler/settings
        sed -i "s#^default_password.*#default_password_crypted: \"$PASSWORD\"#g" /etc/cobbler/settings
        sed -i 's/$pxe_menu_items//' /etc/cobbler/pxe/pxedefault.template
        sed -i "s/192.168.1.0/$DHCP_SUBNET/" /etc/cobbler/dhcp.template
        sed -i "s/192.168.1.5/$DHCP_ROUTER/" /etc/cobbler/dhcp.template
        sed -i "s/192.168.1.1;/$DHCP_DNS;/" /etc/cobbler/dhcp.template
        sed -i "s/192.168.1.100 192.168.1.254/$DHCP_RANGE/" /etc/cobbler/dhcp.template
        sed -i "s/^#ServerName www.example.com:80/ServerName localhost:80/" /etc/httpd/conf/httpd.conf
        sed -i "s/service %s restart/supervisorctl restart %s/g" /usr/lib/python2.7/site-packages/cobbler/modules/sync_post_restart_services.py

        rm -rf /run/httpd/*
        apachectl
        cobblerd

        cobbler sync
        cobbler replicate --master=$COBBLER_MASTER --distros=* --profiles=*
        pkill cobblerd
        pkill httpd
        rm -rf /run/httpd/*

        exec supervisord -n -c /etc/supervisord.conf
fi

supervisord 管理進程apache

supervisord.d/conf.ini     
參照       https://github.com/jasonlix5/docker-cobbler/blob/master/supervisord.d/conf.ini

docker build -t cobbler:2.8 .vim

把建立的鏡像上傳到本身的私有倉庫centos

爲了使用原cobbler資源，避免大量的文件同步
新的cobbler 掛載舊cobbler的幾個文件和目錄
掛載文件（web_api 用戶名密碼）api

/etc/cobbler/users.digest

NFS共享文件夾，只讀

/var/www/cobbler/repo_mirror/

/var/www/cobbler/ks_mirror/
/var/lib/cobbler/loaders

在原有的cobbler 安裝nfs服務，用於新的cobbler掛載
NFS 服務器服務器

yum install rpcbind nfs-utils -y

vim /etc/exports
/opt/data/cobbler/ks_mirror  10.0.0.0/8(ro,sync) 
/opt/data/cobbler/repo_mirror  10.0.0.0/8(ro,sync) 
/var/lib/cobbler/loaders      10.0.0.0/8(ro,sync)

啓動NFS服務

在新的cobbler主機上安裝docker-ce

啓動docker

copy kubelet 二進制文件到/bin/kubelet

建立kubelet監視目錄

mkdir /etc/kubernetes/manifests/

啓動kubelet

nohup kubelet --allow-privileged=true --pod-manifest-path=/etc/kubernetes/manifests/   --fail-swap-on=false --pod-infra-container-image=10.8.15.127:5000/rhel7/pod-infrastructure:latest --v=2 --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice &

最好放supervisord 管理

把老的web api密碼文件放到主機 /etc/cobbler/users.digest ，我這樣作是保持用戶名密碼一致，看官須要根據本身的環境更改
新建cobbler配置文件

vim /etc/kubernetes/manifests/cobbler.yaml

apiVersion: v1
kind: Pod
metadata:
  name: cobbler28
  labels:
    app: cobbler28
spec:
  hostNetwork: true
  containers:
  - image: 10.8.15.127:5000/cobbler:2.8
    name: cobbler28
    volumeMounts:
    - mountPath: /etc/cobbler/users.digest
      name: webaccess
    - mountPath: /var/www/cobbler/repo_mirror
      name: repo
    - mountPath: /var/www/cobbler/ks_mirror
      name: ksmirror
    - mountPath: /var/lib/cobbler/loaders
      name: loaders
    env:
        - name: SERVER_IP
          value: "10.8.14.234"
        - name: NEXT_SERVER
          value: "20.8.14.234"
        - name: ROOT_PASSWORD
          value: "xxx"
        - name: DHCP_RANGE
          value: "20.8.14.230 20.8.14.235"
        - name: DHCP_SUBNET
          value: "20.8.14.0"
        - name: DHCP_ROUTER
          value: "20.8.14.234"
        - name: DHCP_DNS
          value: "20.8.14.234"
        - name: COBBLER_MASTER
          value: "10.8.15.234"

  volumes:
  - name: webaccess
    hostPath:
      path: /etc/cobbler/users.digest
      type: File
      readOnly: true
  - name: ksmirror
    nfs:
      server: 10.20.10.61
      path: "/var/www/cobbler/ks_mirror"
      readOnly: true
  - name: repo
    nfs:
      server: 10.20.10.61
      path: "/var/www/cobbler/repo_mirror"
      readOnly: true
  - name: loaders
    nfs:
      server: 10.20.10.61
      path: "/var/lib/cobbler/loaders"
      readOnly: true

注意上面的 DHCP_RANGE 等部分，我這裏是cobbler配置了第二個20網段的ip，是爲了不分配Ip地址衝突

COBBLER_MASTER 是須要同步的舊cobbler

查看cobbler容器是否啓動
docker ps

docker logs cobbler-contain 查看同步是否完成

同步完成後
使用登陸cobbler_web查看Distros和Profiles 是否同步過來了