运维自动化系统部署
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了运维自动化系统部署相关的知识,希望对你有一定的参考价值。
自动化系统部署
TFTP服务:
TFTP是一种用于传输文件的简单高级协议,是文件传输协议FTP的简化版。用来传输比FTP更易于使用但功能较小的文件。
FTP与TFPT区别
1、 安全区别FTP支持登录安全,具有适当的身份验证和加密协议,与FTP通信需要验证
TFTP是一种开放协议,缺少安全性,没有加密机制,与TFTP通信时不需要认证。
2、 FTP使用TCP作为传输层协议,TFTP使用UDP作为传输层协议。
3、 FTP使用2个端口:TCP端口21,是个侦听端口;TCP端口20或更高TCP端口1024以上用于连接
TFTP仅使用一个具有停止和等待模式的端口:69/udp
4、 RFC的区别
FTP是基于RFC959文档,带有其他RFC涵盖安全措施;TFTP基于RFC1350文档
5、 执行命令的区别
FTP有许多可以执行的命令(get、put、ls、dir、lcd)并且可以列出目录等
TFTP只有5个指令可以执行(rrq、wrq、data、ack、error)
DHCP服务
DHCP(Dynamic Host Configuration Protocol,动态主机配置协议)是一个局域网
的网络协议,使用UDP协议工作, 主要有两个用途:给内部网络或网络服务供应商自动分
配IP地址,给用户或者内部网络管理员作为对所有服务器作中央管理的手段。DHCP有3个端
口,其中UDP67和UDP68为正常的DHCP服务端口,分别作为DHCP Server和DHCP Client的
服务端口;546号端口用于DHCPv6 Client,而不用于DHCPv4。
HTTPD服务
httpd是Apache超文本传输协议(HTTP)服务器的主程序。httpd是一个开源软件,且一般用作web服务器来使用。
syslinux包
syslinux是一个功能强大的引导加载程序,而且兼容各种介质。它的目的是简化首次安装Linux的时间,并建立修护或其它特殊用途的启动盘。(下面实验会提取/usr/share/syslinux/pxelinux.0)
system-config-kickstart
图形界面生成Kickstart安装应答文件
Kickstart格式
命令段:指明各种安装前配置。
必备命令:
authconfig: 认证方式配置
keyboard: 设定键盘类型
lang: 语言类型
part: 创建分区
rootpw: 指明root的密码
timezone: 时区
可选命令:
install OR upgrade
text: 文本安装界面
network
firewall
selinux
halt
poweroff
reboot
repo
user:安装完成后为系统创建新用户
url: 指明安装源
key –skip 跳过安装号码,适用于rhel版本
程序包段:指明要安装的程序包组或程序包,不安装的程序包等
%packages
@group_name
package
-package
%end
脚本段
%pre: 安装前脚本
运行环境:运行于安装介质上的微型Linux环境
%post: 安装后脚本
运行环境:安装完成的系统
PXE自动化安装系统
PXE工作原理:
1、客户端向PXE 服务器上的DHCP发送IP地址请求消息,DHCP检测客户端是否合法(主要检测客户端的网卡MAC地址),如果合法则返回客户端的ip地址,同时将启动文件pxelinux.0的位置信息一并传给客户端。
2、 客户端向PXE服务器上的TFTP发送获取pxelinux.0请求消息,TFTP接受到消息之后再向客户端发送pxelinux.0大小信息,试探客户端是否满意,当TFTP收到客户端发回的同意大小信息之后,正式向客户端发送pxelinux.0
3、 客户端执行接收到的pxelinux.0文件
4、 客户端向TFTP服务器端发送针对本机的配置信息文件(在TFTP服务的pxelinux.cfg目录下),TFTP服务器将配置文件发回客户端,继而客户端根据配置文件执行后续操作
5、 客户端向TFTP服务器发送内核请求信息,TFTP服务器接收到消息之后将内核发送给客户端
6、 客户端向TFTP发送根文件请求信息,TFTP接受到消息之后返回linux根文件系统
7、 客户端启动linux内核
8、 客户端下载安装源文件,读取自动化安装脚本
实验:PXE实现自动化安装系统的步骤
1、准备条件:
网卡:仅主机,关闭vmware 的dhcp服务,关闭防火墙和selinux
安装软件包 httpd,tftp-server,dhcp,syslinux,system-config-kickstart
2、打开system-config-kickstar配置ks应答文件
Package Selection显示包组被禁用
修改yum仓库名称为development
安装后脚本,
保存生成ks7.cfg文件
3、启动httpd服务 systemctl start httpd systemctl enable httpd
放入系统镜像和ks应答文件,用浏览器测试是否正常访问
4、打开kick start文件修改镜像路径(注意权限)
5、配置tftp服务
[[email protected] ksdir]# yum install tftp-server
[[email protected] ksdir]# systemctl start tftp
[[email protected] ksdir]# systemctl enable tftp
6、配置DHCP服务
[[email protected] ksdir]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf(copy模板)
[[email protected] ksdir]# vim /etc/dhcp/dhcpd.conf(打开配置文件)
option domain-name "baidu.com";
option domain-name-servers 114.114.114.114,223.5.5.5; (设置DNS)
default-lease-time 86400; (设置租期)
max-lease-time 864000; (最大租期)
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# This is a very basic subnet declaration.
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don‘t really recommend.
subnet 192.168.2.0 netmask 255.255.255.0 { (网络)
range dynamic-bootp 192.168.2.10 192.168.2.60; (地址池)
option broadcast-address 192.168.2.254; (网关)
next-server 192.168.2.200; (tftp地址,这里就是本机)
filename "pxelinux.0"; (下载的文件名,pxelinux.0是引导启动文件)
}
[[email protected] ksdir]# systemctl start dhcpd (启动dhcp服务)
[[email protected] ksdir]# systemctl enable dhcpd
7、准备相关文件
[[email protected] ksdir]# yum -y install syslinux
[[email protected] ksdir]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot
[[email protected] ksdir]# cp /usr/share/syslinux/menu.c32 /var/lib/tftpboot
[[email protected] ksdir]# cp /mnt/cdrom/isolinux/vmlinuz /var/lib/tftpboot/
[[email protected] ksdir]# cp /mnt/cdrom/isolinux/initrd.img /var/lib/tftpboot/
[[email protected] ksdir]# mkdir /var/lib/tftpboot/pxelinux.cfg/
[[email protected] ksdir]# cp /mnt/cdrom/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
查看目录结构
[[email protected] ksdir]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── initrd.img
├── menu.c32
├── pxelinux.0
├── pxelinux.cfg
│?? └── default
└── vmlinuz
8、准备启动菜单
[[email protected] ksdir]# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 60
menu title Auto Install CentOS
label centos7
menu label Install CentOS ^Mini 7
kernel vmlinuz
append initrd=initrd.img ks=http://192.168.2.200/ksdir/ks7.cfg
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
9、准备机器开始测试网络安装
安装完成
10、修改支持多系统安装(修改目录结构和启动菜单)
[[email protected] ksdir]# mkdir /var/lib/tftpboot/kernel{6,7}
[[email protected] ksdir]# cd /var/lib/tftpboot/
[[email protected] tftpboot]# mv vmlinuz initrd.img kernel7/
[[email protected] tftpboot]# cp /var/www/html/centos/6/os/x86_64/isolinux/vmlinuz kernel6
[[email protected] tftpboot]# cp /var/www/html/centos/6/os/x86_64/isolinux/initrd.img kernel6
[[email protected] tftpboot]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── kernel6
│?? ├── initrd.img
│?? └── vmlinuz
├── kernel7
│?? ├── initrd.img
│?? └── vmlinuz
├── menu.c32
├── pxelinux.0
└── pxelinux.cfg
└── default
3 directories, 7 files
[[email protected] tftpboot]# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 60
menu title Auto Install CentOS
label centos7
menu label Install CentOS ^Mini 7
kernel kernel7/vmlinuz
append initrd=kernel7/initrd.img ks=http://192.168.2.200/ksdir/ks7.cfg
label centos6
menu label Install CentOS Mi^ni 6
kernel kernel6/vmlinuz
append initrd=kernel6/initrd.img ks=http://192.168.2.200/ksdir/ks6.cfg
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
11、客户机继续测试
Cobbler自动化安装系统
Cobbler工作流程
客户端裸机配置了从网络启动后,开机后会广播包请求DHCP服务器(cobbler server)发送其分配好的一个ip
DHCP服务器(cobbler server)收到请求后发送responese,包括其ip地址
客户端裸机拿到ip后再向DHCP服务器发送请求OS引导文件的请求
DHCP服务器告诉裸机OS引导文件的名字和TFTP服务器的ip和端口
客户端裸机通过上面告知的TFTP服务器地址通信,下载引导文件
客户端裸机执行改引导文件,确定加载信息,选择要安装的os,期间会再向DHCP服务器请
求kickstart和os iamge
客户端裸机加载kick start文件
客户端裸机接受os image,安装os image
配置文件目录 /etc/cobbler
/etc/cobbler/settings : cobbler 主配置文件
/etc/cobbler/iso/: iso模板配置文件
/etc/cobbler/pxe: pxe模板文件
/etc/cobbler/power: 电源配置文件
/etc/cobbler/user.conf: web服务授权配置文件
/etc/cobbler/users.digest: web访问的用户名密码配置文件
/etc/cobbler/dhcp.template : dhcp服务器的的配置末班
/etc/cobbler/dnsmasq.template : dns服务器的配置模板
/etc/cobbler/tftpd.template : tftp服务的配置模板
/etc/cobbler/modules.conf : 模块的配置文件
数据目录
/var/lib/cobbler/config/: 用于存放distros,system,profiles 等信息配置文件
/var/lib/cobbler/triggers/: 用于存放用户定义的cobbler命令
/var/lib/cobbler/kickstart/: 默认存放kickstart文件
/var/lib/cobbler/loaders/: 存放各种引导程序
镜像目录
/var/www/cobbler/ks_mirror/: 导入的发行版系统的所有数据
/var/www/cobbler/images/ : 导入发行版kernel和initrd镜像用于远程网络启动
/var/www/cobbler/repo_mirror/: yum 仓库存储目录
日志目录
/var/log/cobbler/installing: 客户端安装日志
/var/log/cobbler/cobbler.log : cobbler日志
cobbler commands介绍
cobbler check 核对当前设置是否有问题
cobbler list 列出所有的cobbler元素
cobbler report 列出元素的详细信息
cobbler sync 同步配置到数据目录,更改配置最好都要执行下
cobbler reposync 同步yum仓库
cobbler distro 查看导入的发行版系统信息
cobbler system 查看添加的系统信息
cobbler profile 查看配置信息
## 实验:利用cobbler 实现系统自动化安装 ##
实验准备 两块网卡:仅主机和桥接,关闭vmware 的dhcp服务,关闭防火墙和selinux
1、搭建yum源(建议选择老版本)
[[email protected] yum.repos.d]# vi base.repo
[base]
name=base
baseurl=http://mirrors.sohu.com/centos/7.5.1804/os/x86_64/
gpgcheck=1
gpgkey=http://mirrors.sohu.com/centos/7.5.1804/os/x86_64/RPM-GPG-KEY-CentOS-7
[epel]
name=epel
baseurl=http://mirrors.sohu.com/fedora-epel/7/x86_64/
gpgcheck=0
2、[[email protected] yum.repos.d]# yum -y install cobbler dhcp
安装cobbler有依赖性,会自动把httpd、tftp-server安装
3、启动服务(dhcp需要配置才能启动)
[[email protected] yum.repos.d]# systemctl enable tftp httpd cobblerd
Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket.
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.
[[email protected] yum.repos.d]# systemctl start tftp httpd cobblerd
[[email protected] yum.repos.d]# ss -ntlu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 ::1:323 :::*
udp UNCONN 0 0 :::69 :::*
tcp LISTEN 0 5 127.0.0.1:25151 *:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 128 :::80 :::*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 ::1:25 :::*
4、环境检查
[[email protected] yum.repos.d]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The ‘server‘ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the ‘next_server‘ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change ‘disable‘ to ‘no‘ in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders‘ to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders‘ command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler‘ and should be changed, try: "openssl passwd -1 -salt ‘random-phrase-here‘ ‘your-password-here‘" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run ‘cobbler sync‘ to apply changes.
[[email protected] yum.repos.d]#
5、根据cobbler check的环境检查来修改
找到server也就是384行,此处是cobbler server地址,修改正确地址
[[email protected] yum.repos.d]# vim /etc/cobbler/settings
0 # or hostname of the system as those systems can see the server.
381 # if you have a server that appears differently to different subnets
382 # (dual homed, etc), you need to read the --server-override section
383 # of the manpage for how that works.
384 server: 192.168.2.200
385
386 # If set to 1, all commands will be forced to use the localhost address
387 # instead of using the above value which can force commands like
388 # cobbler sync to open a connection to a remote address if one is in the
389 # configuration and would traceback.
390 client_use_localhost: 0
找到next_server也是就是272行,此处是TFTP地址,修改正确
[[email protected] yum.repos.d]# vim /etc/cobbler/settings
265 # See the Wiki (https://github.com/cobbler/cobbler/wiki/Dns-management) for more info
266 manage_forward_zones: []
267 manage_reverse_zones: []
268
269 # if using cobbler with manage_dhcp, put the IP address
270 # of the cobbler server here so that PXE booting guests can find it
271 # if you do not set this correctly, this will be manifested in TFTP open timeouts.
272 next_server: 192.168.2.200
273
274 # settings for power management features. optional.
275 # see https://github.com/cobbler/cobbler/wiki/Power-management to learn more
276 # choices (refer to codes.py):
277 # apc_snmp bladecenter bullpap drac ether_wake ilo integrity
278 # ipmilan ipmitool lpar rsa virsh wti
279 power_management_default_type: ‘ipmitool‘
6、下载启动菜单
[[email protected] yum.repos.d]# systemctl restart cobblerd
[[email protected] yum.repos.d]# cobbler get-loaders
task started: 2019-04-21_055619_get_loaders
task started (id=Download Bootloader Content, time=Sun Apr 21 05:56:19 2019)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
7、同步cobbler配置(copy到/var/lib/tftpboot/目录下)
[[email protected] yum.repos.d]# cobbler sync
[[email protected] yum.repos.d]# cobbler sync
task started: 2019-04-21_060112_sync
task started (id=Sync, time=Sun Apr 21 06:01:12 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
查看目录结构
[[email protected] ~]# cd /var/lib/tftpboot/
[[email protected] tftpboot]# tree
.
├── boot
│?? └── grub
│?? └── menu.lst
├── etc
├── grub
│?? ├── efidefault
│?? ├── grub-x86_64.efi
│?? ├── grub-x86.efi
│?? └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│?? └── default
├── s390x
│?? └── profile_list
└── yaboot
8、打开/etc/cobbler/settings找到passwd这一行101设置密码
(生成密钥)
[[email protected] ~]# openssl passwd -1
Password:
Verifying - Password:
$1$B0Ut4bO2$7HIAc9p4syYjfr6l4sryQ.
[[email protected] tftpboot]# vim /etc/cobbler/settings
97 # this is not changed.
98 # The simplest way to change the password is to run
99 # openssl passwd -1
100 # and put the output between the "" below.
101 default_password_crypted: "$1$B0Ut4bO2$7HIAc9p4syYjfr6l4sryQ."
102
103 # the default template type to use in the absence of any
104 # other detected template. If you do not specify the template
105 # with ‘#template=<template_type>‘ on the first line of your
106 # templates/snippets, cobbler will assume try to use the
107 # following template engine to parse the templates.
108 #
109 # Current valid values are: cheetah, jinja2
9、重启cobbler服务,重新环境检查
[[email protected] tftpboot]# systemctl restart cobblerd
[[email protected] tftpboot]# cobbler check
The following are potential configuration items that you may want to fix:
1 : enable and start rsyncd.service with systemctl
2 : debmirror package is not installed, it will be required to manage debian deployments and repositories
3 : ksvalidator was not found, install pykickstart
4 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run ‘cobbler sync‘ to apply changes.
剩余四项可以忽略
10、虽然环境检查没有提示,但是建议将242行dhcp的值改为1(这样的话会自动同步)
[[email protected] tftpboot]# vim /etc/cobbler/settings
238 #puppet_parameterized_classes: 1
239
240 # set to 1 to enable Cobbler‘s DHCP management features.
241 # the choice of DHCP management engine is in /etc/cobbler/modules.conf
242 manage_dhcp: 1
243
244 # set to 1 to enable Cobbler‘s DNS management features.
245 # the choice of DNS mangement engine is in /etc/cobbler/modules.conf
246 manage_dns: 0
247
248 # set to path of bind chroo
11、打开vim /etc/cobbler/dhcp.template修改dhcp配置(修改后要重启)
[[email protected] tftpboot]# vim /etc/cobbler/dhcp.template
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.254;
option domain-name-servers 1.1.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.2.100 192.168.2.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
[[email protected] tftpboot]# systemctl restart cobblerd
12、修改好之后使用cobbler sync命令自动更改/etc/dhcp/dhcpd.conf并启动dhcp服务
[[email protected] tftpboot]# cobbler sync
task started: 2019-04-21_062541_sync
task started (id=Sync, time=Sun Apr 21 06:25:41 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[[email protected] tftpboot]# vim /etc/dhcp/dhcpd.conf
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.254;
option domain-name-servers 1.1.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.2.100 192.168.2.254;
default-lease-time 21600;
max-lease-time 43200;
next-server 192.168.2.200;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
13、挂载一个光盘
[[email protected] tftpboot]# mount /dev/sr0 /mnt/cdrom
mount: /dev/sr0 is write-protected, mounting read-only
[[email protected] tftpboot]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 19G 0 part
├─centos-root 253:0 0 17G 0 lvm /
└─centos-swap 253:1 0 2G 0 lvm [SWAP]
sr0 11:0 1 4.2G 0 rom /mnt/cdrom
14、查看帮助
[[email protected] tftpboot]# cobbler import --help
Usage: cobbler import [options]
Options:
-h, --help show this help message and exit
--arch=ARCH OS architecture being imported
--breed=BREED the breed being imported
--os-version=OS_VERSION
the version being imported
--path=PATH local path or rsync location
--name=NAME name, ex ‘RHEL-5‘
--available-as=AVAILABLE_AS
tree is here, don‘t mirror
--kickstart=KICKSTART_FILE
assign this kickstart file
--rsync-flags=RSYNC_FLAGS
pass additional flags to rsync
14、cobbler import --path=/mnt/cdrom --name=Centos-7.5 --arch=x86_64
指定光盘路径,它会copy到相应的目录起名叫Centos-6.10 架构x86_64(导入)
[[email protected] tftpboot]# cobbler import --path=/mnt/cdrom --name=Centos-7.5 --arch=x86_64
task started: 2019-04-21_081139_import
task started (id=Media import, time=Sun Apr 21 08:11:39 2019)
Found a candidate signature: breed=redhat, version=rhel6
Found a candidate signature: breed=redhat, version=rhel7
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/Centos-7.5-x86_64:
creating new distro: Centos-7.5-x86_64
trying symlink: /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 -> /var/www/cobbler/links/Centos-7.5-x86_64
creating new profile: Centos-7.5-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/Centos-7.5-x86_64 for Centos-7.5-x86_64
processing repo at : /var/www/cobbler/ks_mirror/Centos-7.5-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/Centos-7.5-x86_64
looking for /var/www/cobbler/ks_mirror/Centos-7.5-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos-7.5-x86_64/repodata
*** TASK COMPLETE ***
导入到的目录地址
[[email protected] tftpboot]# du -sh /var/www/cobbler/
4.2G /var/www/cobbler/
default菜单已经生成
[[email protected] tftpboot]# cd /var/lib/tftpboot/
[[email protected] tftpboot]# ls
boot etc grub images images2 memdisk menu.c32 ppc pxelinux.0 pxelinux.cfg s390x yaboot
[[email protected] tftpboot]# cd pxelinux.cfg/
[[email protected] pxelinux.cfg]# ls
default
15、客户机选择网卡启动
cobbler profile list 查看菜单名 应答文件名称
cobbler distro list 安装源文件名称
删除多余菜单cobbler profile remove -name=images-x86_64
删除多余的源文件cobbler distro remove -name=images-x86_64
1、挂载另一块光盘
[[email protected] cobbler]# mount /dev/sr1 /mnt/cdrom2/
2、导入cobbler(/var/www/cobbler/)
[[email protected] cobbler]# cobbler import --path=/mnt/cdrom2 --name=Centos-6.10 --arch=x86_64
task started: 2019-04-21_083855_import
task started (id=Media import, time=Sun Apr 21 08:38:55 2019)
Found a candidate signature: breed=redhat, version=rhel6
Found a matching signature: breed=redhat, version=rhel6
Adding distros from path /var/www/cobbler/ks_mirror/Centos-6.10-x86_64:
creating new distro: Centos-6.10-x86_64
trying symlink: /var/www/cobbler/ks_mirror/Centos-6.10-x86_64 -> /var/www/cobbler/links/Centos-6.10-x86_64
creating new profile: Centos-6.10-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/Centos-6.10-x86_64 for Centos-6.10-x86_64
processing repo at : /var/www/cobbler/ks_mirror/Centos-6.10-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/Centos-6.10-x86_64
looking for /var/www/cobbler/ks_mirror/Centos-6.10-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/Centos-6.10-x86_64/repodata
*** TASK COMPLETE ***
3、选择网卡启动就会出现两个菜单,可以正常安装啦。
1、手动制作应答文件
[[email protected] ~]# cp anaconda-ks.cfg ks7_mini.cfg
[[email protected] ~]# vim ks7_mini.cfg
1 #version=DEVEL
2 # System authorization information
3 auth --enableshadow --passalgo=sha512
4 # Use CDROM installation media
5 url --url=$tree (cobbler自动导入应答文件)
6 # Use graphical install
7 text (字符界面安装)
8 reboot
9 # Run the Setup Agent on first boot
10 firstboot --enable
11 ignoredisk --only-use=sda
12 # Keyboard layouts
13 keyboard --vckeymap=us --xlayouts=‘us‘
14 # System language
15 lang en_US.UTF-8
16 selinux --disabled
17 firewall --disabled
18 # Network information
19 network --bootproto=dhcp --device=ens33 --onboot=on --ipv6=auto --no-activate
20 network --hostname=localhost.localdomain
21
22 # Root password
23 rootpw --iscrypted $6$OjcypZdOFW5EDMut$77V.RjoDpM.ZGDtC3XxEo5cy4aTQFyobuTF6YDs62E8wYqgt5fWwaWmTvZ6ZYCyHmf/RHZZjh KAIhMxb1pFLw/
24 # System services
25 services --enabled="chronyd"
26 # System timezone
27 timezone America/New_York --isUtc
28 # System bootloader configuration
29 bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
30 autopart --type=lvm
31 # Partition clearing information
32 zerombr (清理mbr)
33 clearpart --all --initlabel (清除硬盘标签)
34 %packages
35 @^minimal
36 @core
37 chrony
38 kexec-tools
39
40 %end
41
42 %addon com_redhat_kdump --enable --reserve-mb=‘auto‘
43
44 %end
45
46 %anaconda
47 pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
48 pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
49 pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
50 %end
2、然后将应答文件放入cobbler相应的位置
[[email protected] ~]# ll
total 8
-rw-------. 1 root root 1260 Apr 21 2019 anaconda-ks.cfg
-rw------- 1 root root 1315 Apr 21 09:02 ks7_mini.cfg
[[email protected] ~]# chmod 644 ks7_mini.cfg
[[email protected] ~]# cp ks7_mini.cfg /var/lib/cobbler/kickstarts/
[email protected] ~]# cobbler profile list(查看菜单有哪些选项)
Centos-6.10-x86_64
Centos-7.5-x86_64
[[email protected] ~]# cobbler distro list(查看加载的源文件名称)
Centos-6.10-x86_64
Centos-7.5-x86_64
3、生成新的菜单选项=把制作好的应答文件关联到安装源文件
[[email protected] ~]# cobbler profile add --name=Centos-7.6-x86_64_mini --distro=Centos-7.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7_mini.cfg
[[email protected] ~]# cobbler profile list
Centos-6.10-x86_64
Centos-7.5-x86_64
Centos-7.6-x86_64_mini (新生成的菜单)
删除菜单项
[[email protected] ~]# cobbler profile remove --name=Centos-7.5-x86_64
[[email protected] ~]# cobbler profile list
Centos-6.10-x86_64
Centos-7.6-x86_64_mini
4、启动客户端网卡启动,可以看到刚刚创建的菜单
1、把以前做好的应答文件copy到cobbler
[[email protected] ~]# cp ks6.cfg /var/lib/cobbler/kickstarts/
[[email protected] ~]# vim /var/lib/cobbler/kickstarts/ks6.cfg
url --url=$tree (只修改此行)
2、删除默认的菜单选项关联的应答文件
[[email protected] ~]# cobbler profile list
Centos-6.10-x86_64
Centos-7.6-x86_64_mini
[[email protected] ~]# cobbler profile remove --name=Centos-6.10-x86_64
[[email protected] ~]# cobbler profile list
Centos-7.6-x86_64_mini
3、创建新的菜单关联应答文件和安装源文件
[[email protected] ~]# cobbler profile add --name=Centos-6.10 --distro=Centos-6.10-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks6.cfg
[[email protected] ~]# cobbler profile list
Centos-6.10
Centos-7.6-x86_64_mini
4、客户机选择网络引导,开始安装
## Cobbler基于web管理 ##
1、[[email protected] ~]# yum -y install cobbler-web
2、[[email protected] ~]# systemctl restart httpd (安装cobbler增加了/etc/httpd/conf.d/cobbler_web.conf,所以重启)
3、浏览器中打开https://192.168.2.200/cobbler_web
默认账号密码cobbler
/etc/cobbler/modules.conf验证文件
[[email protected] ~]# vim /etc/cobbler/modules.conf
# cobbler module configuration file
# =================================
# authentication:
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
# authn_denyall -- no one (default)
# authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
# authn_passthru -- ask Apache to handle it (used for kerberos)
# authn_ldap -- authenticate against LDAP
# authn_spacewalk -- ask Spacewalk/Satellite (experimental)
# authn_pam -- use PAM facilities
# authn_testing -- username/password is always testing/testing (debug)
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Kerberos
# https://github.com/cobbler/cobbler/wiki/Ldap
[authentication]
module = authn_configfile (默认认证方法)
# authorization:
# once a user has been cleared by the WebUI/XMLRPC, what can they do?
# choices:
# authz_allowall -- full access for all authneticated users (default)
# authz_ownership -- use users.conf, but add object ownership semantics
/etc/cobbler/users.digest用来存放authn_configfile验证的用户名密码
创建新的账号密码
[[email protected] ~]# htdigest /etc/cobbler/users.digest Cobbler huahua
Adding user huahua in realm Cobbler
New password:
Re-type new password:
使用huahua登录
更改验证方法(其他验证方法就无效了,存放账号密码文件也变了)
[[email protected] ~]# vim /etc/cobbler/modules.conf
[authentication]
module = authn_pam
Pam用户名在vim /etc/cobbler/users.conf文件
[[email protected] ~]# vim /etc/cobbler/users.conf
[admins]
admin = "lili"
使用pam验证需要先成为系统用户(避免安全隐患,建议shell类型为nologin)
[[email protected] ~]# useradd -s /sbin/nologin lili
[[email protected] ~]# echo qwe123 | passwd --stdin lili
Changing password for user lili.
passwd: all authentication tokens updated successfully.
[[email protected] ~]# systemctl restart cobblerd
以上是关于运维自动化系统部署的主要内容,如果未能解决你的问题,请参考以下文章