补充:cobbler的核心组件
1.Distros
使用cobbler安装系统的第一步就是定义一个发行版到cobbler的配置文件;
如果有可用的mirror,DVD,NFS或者Filesystemtree,最好使用import定义distors,对于一个或多个发行版,cobbler import的目的就是设定一个网络安装服务;
在安装过程中导入mirror会节省时间,因为它们不必再去查找外部安装源,直接使用import的;
2.Profiles & Sub-Profiles
简单来讲就是定义好Distors就相当于定义了一个发行版(如centos6.7-x86_64),而定义profile就是通过kickstart结合distors来添加指定的安装选项,如第一个系统安装Nginx服务,第二个安装tomcat等;
profiles是配置的核心单元,对于配置发行版来说,至少应该存在一个profile;
一个profile可能代表一个web服务或桌面配置
3.Systems
有时候,在虚拟环境中,虚拟机的的MAC地址是随机生成的,如果不想让其随机而是指定一个MAC地址,使用Systems就有意义了;
System records map a piece of hardware (or a virtual machine) with the cobbler profile to be assigned to
run on it
This may be thought of as chosing a role for a specific system;
If provisioning via koan and PXE menus alone, it is not required to create system records in cobbler, though they are useful when system specific customizations are required;
One such customization would be defining the MAC address;
If there is a specific role inteded for a given machine, system records should be created for it;
System commands have a wider variety of control offered over network details
In order to use these to the fullest possible extent, the kickstart template used by cobbler must contain certain kickstart snippets (sections of code specifically written for Cobbler to make these values become reality);
Compare your kickstart templates with the stock ones in /var/lib/cobbler/kickstarts if you have upgraded, to make sure you can take
advantage of all options to their fullest potential;
4.Repos
Repository mirroring allows cobbler to mirror not only install trees ("cobbler import" does this for you) but also optional packages, 3rd party content, and even updates;
Mirroring all of this content locally on your network will result in faster, more up-to-date installations
and faster updates;
If you are only provisioning a home setup, this will probably be overkill, though it can be very useful for
larger setups (labs, datacenters, etc);
5.Images
Cobbler can help with booting images physically and virtually, though the usage of these commands varies
substantially by the type of image;
Non-image based deployments are generally easier to work with and lead to more sustaintable infrastructure
实验环境:
centos6.7 x86_64 192.168.85.132
一.安装cobbler
1.cobbler在EPEL源中,所以要直接安装的话要配置好EPEL源,当然也可以下载源码包编译安装
[root@localhost ~]# yum list all | grep cobbler
cobbler.x86_64 2.6.11-1.el6 epel
cobbler-web.noarch 2.6.11-1.el6 epel
直接安装相关依赖包:
[root@localhost ~]# yum install cobbler cobbler-web pykickstart debmirror -y
其中:
cobbler-web是cobbler的web接口;
kykickstart是用来检查kickstart文件中是否有语法错误的;
debmirror是用来定义debin应用的;
启动服务:
[root@localhost cobbler]# service cobblerd start
Starting cobbler daemon: [ OK ]
查看监听端口:
[root@localhost cobbler]# ss -ntlp | grep cobbler
LISTEN 0 5 127.0.0.1:25151 *:* users:(("cobblerd",2544,8))
还需要配置cobbler才能正常工作;
2.检查cobbler
[root@localhost cobbler]#
cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in /etc/xinetd.d/rsync
6 : file /etc/xinetd.d/rsync does not exist
7 : since iptables may be running, ensure 69, 80/443, and 25151 are unblocked
8 : comment out 'dists' on /etc/debmirror.conf for proper debian support
9 : comment out 'arches' on /etc/debmirror.conf for proper debian support
10 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
11 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
需要解决上述问题并cobbler sync后才能正常工作;
2.1 修改/etc/cobbler/settings中的server参数,不能是localhost;
server: 192.168.85.132
2.2修改/etc/cobbler/settings中的next_server参数,不能是127.0.0.1;
next_server: 192.168.85.132
2.3启用tftp
[root@localhost cobbler]# chkconfig --list tftp
tftp off
[root@localhost cobbler]# chkconfig tftp on
[root@localhost cobbler]# chkconfig --list tftp
tftp on
2.4运行cobbler get-loaders命令下载network boot-loaders
[root@localhost cobbler]# ls /var/lib/cobbler/loaders/
[root@localhost cobbler]# cobbler get-loaders
[root@localhost cobbler]# ls /var/lib/cobbler/loaders/
COPYING.elilo COPYING.yaboot grub-x86_64.efi menu.c32 README
COPYING.syslinux elilo-ia64.efi grub-x86.efi pxelinux.0 yaboot
2.5启用rsync
[root@localhost cobbler]# chkconfig --list rsync
rsync off
[root@localhost cobbler]# chkconfig rsync on
[root@localhost cobbler]# chkconfig --list rsync
rsync on
2.6说是rsync的文件不存在,但是包已经安装了,文件也确实存在,这个不知道怎么解决(没管它,最后也没什么问题)
Package rsync-3.0.6-12.el6.x86_64 already installed and latest version
[root@localhost cobbler]# service xinetd start
[root@localhost cobbler]# ls /etc/xinetd.d/ | grep rsync
rsync
2.7关闭iptables服务或是添加防火墙规则保证69, 80/443和25151端口通过
[root@localhost cobbler]# service iptables stop
2.8注释/etc/debmirror.conf文件中的@dists选项
#@dists="sid";
2.9注释/etc/debmirror.conf文件中的@arches选项
#@arches="i386";
2.10修改cobbler的默认密码
[root@localhost cobbler]#
openssl passwd -1 -salt `openssl rand -hex 4` 'redhat'
$1$722e3ad0$cFY2iOVuKnyUdYiM3Zwdd/
其中openssl rand -hex 4根据密码redhat随机生成8位密码;
然后修改/etc/cobbler/settings中的default_password_crypted参数为
default_password_crypted: "$1$722e3ad0$cFY2iOVuKnyUdYiM3Zwdd/"
2.11添加fence设备,这个也可以不添加的,但是想要添加的话需要安装如下包
[root@localhost cobbler]# yum install cman fence-agents
解决上述问题后再次check一下:
[root@localhost cobbler]# cobbler check
The following are potential configuration items that you may want to fix:
1 : file /etc/xinetd.d/rsync does not exist
Restart cobblerd and then run 'cobbler sync' to apply changes.
一直遇到这个问题,说是文件不存在,但是文件确实在的;
3.执行cobbler sync命令同步cobbler
[root@localhost cobbler]#
cobbler sync
task started: 2016-05-24_133815_sync
task started (id=Sync, time=Tue May 24 13:38:15 2016)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
三.配置及启动cobbler所依赖的各服务
cobbler的运行依赖于dhcp、tftp、rsync及dns服务(DNS也可以不安装),其中dhcp可由dhcpd(isc)提供,也可由dnsmasq提供;tftp可由tftp-server程序包提供,也可由cobbler功能提供,rsync有rsync程序包提供,dns可由bind提供,也可由dnsmasq提供;
cobbler可自行管理这些服务中的部分甚至是全部模块,但需要配置/etc/cobbler/settings文件中的“manange_dhcp”、“manager_tftpd”、“manager_rsync”、“manager_dns”分别来进行定义,另外,由于各种服务都有着不同的实现方式,如若需要进行自定义,需要通过修改/etc/cobbler/modules.conf配置文件中各服务的模块参数的值来实现;
1.详细说明
查看cobbler的模块配置文件modules.conf文件:
对于DNS服务,可以使用默认的bind也可以使用dnsmasq
# dns:
# chooses the DNS management engine if manage_dns is enabled
# in /etc/cobbler/settings, which is off by default.
# choices:
#
manage_bind -- default, uses BIND/named
#
manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dhcp below
# NOTE: more configuration is still required in /etc/cobbler
# for more information:
#
[dns]
module = manage_bind
对于dhcp服务,可以使用默认的dhcpd也可使用dnsmasq
# dhcp:
# chooses the DHCP management engine if manage_dhcp is enabled
# in /etc/cobbler/settings, which is off by default.
# choices:
#
manage_isc -- default, uses ISC dhcpd
#
manage_dnsmasq -- uses dnsmasq, also must select dnsmasq for dns above
# NOTE: more configuration is still required in /etc/cobbler
# for more information:
#
[dhcp]
module = manage_isc
对于tftpd服务,可以使用系统的tftp也可使用cobbler的tftp
# tftpd:
# chooses the TFTP management engine if manage_tftp is enabled
# in /etc/cobbler/settings, which is ON by default.
# choices:
#
manage_in_tftpd -- default, uses the system's tftp server
#
manage_tftpd_py -- uses cobbler's tftp server
[tftpd]
module = manage_in_tftpd
虽然上述定义了cobbler可以使用的服务类型,但是还需配置setting文件才能决定是否使用:
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
manage_dhcp: 0
# set to 1 to enable Cobbler's DNS management features.
# the choice of DNS mangement engine is in /etc/cobbler/modules.conf
manage_dns: 0
# set to 1 to enable Cobbler's TFTP management features.
# the choice of TFTP mangement engine is in /etc/cobbler/modules.conf
manage_tftpd: 1
# set to 1 to enable Cobbler's RSYNC management features.
manage_rsync: 0
总结起来就是modules.conf决定使用哪种服务模块,setting决定是否使用;
这里使用默认配置;
2.安装配置DHCP
检查依赖的tftp,DHCP和rsync服务,其中rsync和tftp由xinetd服务管理,已经启动,但DHCP未启动,检查发现DHCP还没有装:
[root@localhost dhcp]# ls
dhclient.d
直接装上即可:
[root@localhost dhcp]# yum install dhcp
配置DHCP:
[root@localhost dhcp]#
cp -p /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample ./dhcpd.conf
cp: overwrite `dhcpd.conf'? y
[root@localhost dhcp]# cat dhcpd.conf
# dhcpd.conf
# Sample configuration file for ISC dhcpd
option domain-name "a.com";
option domain-name-servers 192.168.85.132;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.85.0 netmask 255.255.255.0 {
option routers 192.168.85.132;
option subnet-mask 255.255.255.0;
range 192.168.85.200 192.168.85.220;
}
next-server 192.168.85.132; #如果不是使用cobbler的DHCP要加上这两项
filename "pxelinux.0";
启动DHCP服务:
[root@localhost dhcp]# service dhcpd start
Starting dhcpd: [ OK ]
四.配置cobbler(cobbler各目录说明见附录)
1.挂载ISO文件
虚拟机连接镜像文件并将其挂载:
[root@localhost ~]# mount /dev/cdrom /media/ -r
[root@localhost media]# ls
CentOS_BuildTag images repodata RPM-GPG-KEY-CentOS-Testing-6
EFI isolinux RPM-GPG-KEY-CentOS-6 TRANS.TBL
EULA Packages RPM-GPG-KEY-CentOS-Debug-6
GPL RELEASE-NOTES-en-US.html RPM-GPG-KEY-CentOS-Security-6
2.定义distors(采用import导入安装树)
[root@localhost media]#
cobbler import --path=/media/ --name="centos6.7-x86_64"
import的具体用法如下:
[root@localhost media]# cobbler import -h
Usage: cobbler [options]
Options:
-h, --help show this help message and exit
--arch=ARCH OS architecture being imported
--breed=BREED the breed being imported
--os-version=OS_VERSION
the version being imported
--path=PATH local path or rsync location
--name=NAME name, ex 'RHEL-5'
--available-as=AVAILABLE_AS
tree is here, don't mirror
--kickstart=KICKSTART_FILE
assign this kickstart file
--rsync-flags=RSYNC_FLAGS
pass additional flags to rsync
它会将/media/中的所有内容复制到一个位置上去,这个位置就是:
[root@localhost ~]# ls /var/www/ | grep cobbler
cobbler
cobbler_webui_content
复制完成后可以检查一下:
[root@localhost ~]# ls /var/www/cobbler
aux images ks_mirror links localmirror pub rendered repo_mirror svc
而且赋值的内容既然在/var/www下说明输出内容的方式是
http,可以打开浏览器访问测试(保证httpd服务开启):
其中
ks_mirror就是导入的发行版所在位置;
3.此时可以查看导入的distro和profile:
[root@localhost kickstarts]# cobbler distro list
centos6.7-x86_64
[root@localhost kickstarts]# cobbler profile list
centos6.7-x86_64 #默认定义的profile
或者在/var/lib/tftpboot/pxelinux.cfg/default文件中查看此时的安装显示信息;
4.添加profile(详细用法参考cobbler profile add -h)(cfg文件内容见附录)
[root@localhost ~]#
cobbler profile add --name=centos6.7-x86_64-common --distro=centos6.7-x86_64 --kickstart=/root/centos6.7-x86_64.cfg
exception on server: 'Invalid kickstart template file location /root/centos6.7-x86_64.cfg, it is not inside /var/lib/cobbler/kickstarts/'
添加时提示错误,看来cfg文件不能放在root下,应该放在/var/lib/cobbler/kickstarts/下;
[root@localhost ~]# mv centos6.7-x86_64.cfg /var/lib/cobbler/kickstarts/
[root@localhost ~]# cobbler profile add --name=centos6.7-x86_64-common --distro=centos6.7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos6.7-x86_64.cfg
5.再次查看可用的profile:
[root@localhost ~]# cobbler profile list
centos6.7-x86_64
centos6.7-x86_64-common #添加成功
6.每一次定义后要重新同步
[root@localhost ~]# cobbler sync
此时再在/var/lib/tftpboot/pxelinux.cfg/default文件中查看是否有对应的LABEL;
5.测试
新建一个虚拟机,开启时如果出现如下页面说明配置成功了
五.基于web管理cobbler
浏览器打开
提示要输入用户名和密码,但是密码在哪里呢?
1.默认密码
cobbler提供了默认的登录用户和密码(均为cobbler):
[root@localhost cobbler]# vim
users.digest
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3
在这个文件可以添加密码
在Cobbler组添加cobb用户,提示输入2遍密码确认:
[root@localhost cobbler]#
htdigest ./users.digest "Cobbler" "cobb"
Adding user cobb in realm Cobbler
New password:
Re-type new password:
[root@localhost cobbler]# cat users.digest
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 #默认的cobbler用户
cobb:Cobbler:0bee4438ed0f0f9104310371bada56d0 #自己添加的cobb用户
重启cobblerd服务后测试:
2.密码方式
cobbler提供了几种登录方式,使用时要先指定
[root@localhost cobbler]# cat users.conf
# authentication:
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
# authn_denyall -- no one (default) #禁止登陆
# choices:
# authn_denyall -- no one (default)
# authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
# authn_passthru -- ask Apache to handle it (used for kerberos)
# authn_ldap -- authenticate against LDAP
# authn_spacewalk -- ask Spacewalk/Satellite (experimental)
# authn_pam -- use PAM facilities #可以使用系统用户登录
# authn_testing -- username/password is always testing/testing (debug)
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
#
# https://github.com/cobbler/cobbler/wiki/Security-overview
#
#
[authentication]
module = authn_configfile #指定登录方式
3.使用系统账户登录
使用系统账户登录要使用authn_pam方式,先修改登录方式:
[root@localhost cobbler]# vim modules.conf
module =
authz_pam
然后添加系统用户:
[root@localhost cobbler]# useradd
cobbleruser
[root@localhost cobbler]# passwd cobbleruser
Changing password for user cobbleruser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
最后将用户添加到对应的管理组中:
编辑
users.conf 文件将其中的admin改为:
admin = "cobbleruser"
重启服务后测试:
以后就可以使用web页面来配置cobbler了,具体配置方法不再介绍;
附录:
1.Cobbler目录说明(摘自网络文章)
Cobbler配置文件目录:/etc/cobbler
/etc/cobbler/settings ##cobbler主配置文件
/etc/cobbler/dhcp.template ##DHCP服务的配置模板
/etc/cobbler/tftpd.template ##tftp服务的配置模板
/etc/cobbler/rsync.template ##rsync服务的配置模板
/etc/cobbler/iso ##iso模板配置文件
/etc/cobbler/pxe ##pxe模板文件
/etc/cobbler/power ##电源的配置文件
/etc/cobbler/users.conf ##Web服务授权配置文件
/etc/cobbler/users.digest ##用于web访问的用户名密码配置文件
/etc/cobbler/dnsmasq.template ##DNS服务的配置模板
/etc/cobbler/modules.conf ##Cobbler模块配置文件
Cobbler数据目录:/var/lib/cobbler
/var/lib/cobbler/config ##配置文件
/var/lib/cobbler/triggers ##Cobbler命令
/var/lib/cobbler/kickstarts ##默认存放kickstart文件
/var/lib/cobbler/loaders ##存放的各种引导程序
系统安装镜像目录:/var/www/cobbler
/var/www/cobbler/ks_mirror ##导入的系统镜像列表
/var/www/cobbler/images ##导入的系统镜像启动文件
/var/www/cobbler/repo_mirror ##yum源存储目录
日志目录:/var/log/cobbler
/var/log/cobbler/install.log ##客户端系统安装日志
/var/log/cobbler/cobbler.log ##cobbler日志
2.自己根据网上资料和/root/anaconda-ks.cfg做的修改,也可以根据/var/lib/cobbler/kickstart/下的文件修改
[root@localhost ~]# cat /var/lib/cobbler/kickstarts/centos6.7-x86_64.cfg
firewall --disabled
install
url --url=""
rootpw --iscrypted $1$ANqjKkke$m4YaxiBen/wN1k6LgMOwN0
authconfig --useshadow --enablemd5
text
firstboot --disable
keyboard us
lang en_US
selinux --disabled
reboot
timezone Asia/Shanghai
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
zerombr
clearpart --all
part /boot --fstype=ext4 --size=300
part / --fstype=ext4 --grow --size=3000
part swap --grow --maxsize=1984 --size=1984
repo --name="CentOS" --baseurl= --cost=100
%packages
@Base
@Core
@Desktop
@Fonts
@General Purpose Desktop
@Internet Browser
@Printing client
@X Window System
binutils
gcc
lftp
kernel-devel
make
patch
python
%end
参考文章:
官方资料:
