CloudBoot 之 Cobbler

一、Cobbler介绍

1.Cobbler

Cobbler是一个快速网络安装操作系统的服务软件。该工具使用Python开发,小巧轻便,使用简单的命令即可完成PXE网络安装环境的配置,同时还可以管理DHCP、DNS以及yum仓库,构造系统ISO镜像。

Cobbler命令行管理和Web界面管理,还提供了API接口,可以方便二次开发使用。

Cobbler 可以支持PXE启动, 操作系统重新安装, 以及虚拟化客户机创建,包括Xen, KVM or VMware. Cobbler透过koan程序以支持虚拟化客户机安装。Cobbler可以支持管理复杂网路环境,如创建在链路聚合以太网的桥接环境。

Cobbler提供以下服务集成:
  • PXE服务支持
  • DHCP服务管理
  • DNS服务管理
  • 电源管理
  • KickStart服务支持
  • Yum仓库管理


2. 使用和支持Cobbler的组织

1.png


2.png


3.系统支持

参见官网:https://cobbler.github.io/manuals/2.6.0/1/2_-_Distribution_Support.html
 
4. 常用架构

cobbler(1).jpg


5.Cobbler工作流程

流程(3).jpg


6.Cobbler模型

3.png


二、实验环境
  • Cobbler服务器系统:CentOS 6.7 64位 【VMWare】

 
  • IP地址:192.168.16.128


需要安装部署的Linux系统:
  • eth0(第一块网卡,用于外网)IP地址段:192.168.16.129-192.168.16.135

 
  • 子网掩码:255.255.255.0

 
  • 网关:192.168.16.1

 
  • DNS:8.8.8.8

 
  • 所有服务器均支持PXE网络启动

 
三、Cobbler安装和部署
 
3.1 Cobbler安装和环境部署

3.1.1Cobbler环境准备

前提:

  • 需要一个DVD或ISO文件的操作系统的分布;
  • 服务器有足够的本地磁盘可用空间在/var/www/cobbler解压缩DVD/ISO;
  • 服务器和客户端都有一个共同的IP网络;
  • 这个网络上的DHCP服务器是唯一的实例;
  • 在此网络上的客户端是支持PXE网络启动;


3.1.2 定义Yum源

对于CentOS本身源,可根据自己所在地选择离自己进的镜像源,比如mirrors.163.com或mirrors.sohu.com

相关配置文件: /etc/yum.repos.d/CentOS-Base.repo,采用网易的源
cd /etc/yum.repos.d/

mkdir backup

mv *.repo ./backup

wget -c -O CentOS-Base.repo
http://mirrors.163.com/.help/CentOS6-Base-163.repo

yum list
注:搭建本地Yum仓库,参考这里:http://jcenter.idcos.com/?/article/28
 
3.1.3 安装EPEL源

cobbler不在CentOS的基本源中,需要导入EPEL源升级软件包,确保epel-release包的版本为最新
Centos5 32位: rpm -Uvh http://mirrors.ustc.edu.cn/fed ... h.rpm

Centos5 64位: rpm -Uvh http://mirrors.ustc.edu.cn/fed ... h.rpm

Centos6 32位: rpm -Uvh http://mirrors.ustc.edu.cn/fed ... h.rpm

Centos6 64位: rpm -Uvh http://mirrors.ustc.edu.cn/fed ... h.rpm

  • 安装

rpm -Uvh 'http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm'

yum update (升级所有包,改变软件设置和系统设置,系统版本内核都升级)

yum upgrade (升级所有包,不改变软件设置和系统设置,系统版本升级,内核不改变)

  • 检查是否安装

yum list|grep -E "^epel"

epel-release.noarch 6-8 installed
3.1.4 关闭Selinux和iptables防火墙
  • 关闭防火墙

#Cobbler会使用到好几个端口,为了简化,直接把iptables关闭
chkconfig ip6tables off
chkconfig iptables off
/etc/init.d/ip6tables stop
/etc/init.d/iptables stop

  • 关闭Selinux

sed -i '/^SELINUX=/ s/^SELINUX=.*/SELINUX=disabled/g'  /etc/selinux/config

  • 重启系统生效

reboot
3.2 Cobbler安装和配置

3.2.1安装Cobbler
  • 安装Cobbler包(需要支持web,则安装cobbler-web)

yum install -y cobbler cobbler-web

  • 安装Cobbler相关包

yum install -y tftp-server xinetd dhcp httpd rsync

  • 安装运行Cobbler需要的软件包

yum install -y pykickstart debmirror python-ctypes cma
注:
  • 如果要部署debian/ubuntu系统,则需要debmirror软件包;
  • 想使用电源管理功能的话需要安装cman或fence-agents;
  • 如果需要管理DNS,这需要安装bind软件包;
  • 打开服务需要使用的端口如下:

  1. udp ———> 69 ———> tftp
  2. udp ———> 53 ———> dns
  3. tcp ———> 80/443 ———> web【http】
  4. dhcp ———> 67 68

 
  • 启动Cobbler

/etc/init.d/cobblerd start

  • 启动完后,cobbler check命令检查错误【以下是常见错误】

cobbler check
The following are potential configuration items that you may want to fix:
#错误指出我们的cobbler不应该是本地的IP地址,而是一个可以被解析的hostname或者IP

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
#错误指出next_server的IP地址不应该是127.0.0.1的主机地址,而应该是一个真正的tftp服务器地址

2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
#错误是不一定要联网下载某些程序,而安装syslinux就可以;【安装完syslinux 问题依旧,可直接忽略...】

3 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
#更改tftp和rsync由cobbler管理

4 : change 'disable' to 'no' in /etc/xinetd.d/rsync
#debmrror没有定义好,yum install 安装即可

5 : debmirror package is not installed, it will be required to manage debian deployments and repositories
#需要额外安装pykickstart

6 : ksvalidator was not found, install pykickstart
#cobbler安装完成后的管理员密码需要替换,因为所有安装后的密码都是一致的

7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
#没有fencing设备,为可选的

8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
3.2.2配置Cobbler

3.2.2.1设置HTTP服务
  • 修改HTTP配置文件

vim /etc/httpd/conf/httpd.conf
ServerName 127.0.0.1:80

  • 启用wsgi模块【失败—可忽略】
  • 需要确认mod_wsgi已经正确安装,否则需要手动安装yum -y install mod_wsgi

rpm -qa |grep wsgi #检查
mod_wsgi-3.2-7.el6.x86_64

  • 启用wsgi模块只需要取消/etc/httpd/conf.d/wsgi.conf文件中 LoadModule wsgi_module modules/mod_wsgi.so 行的注释

sed -i 's*#LoadModule*LoadModule*g' /etc/httpd/conf.d/wsgi.conf
cat /etc/httpd/conf.d/wsgi.conf #查看
LoadModule wsgi_module modules/mod_wsgi.so
3.2.2.2配置tftp和rsync

修改rsync和tftp这两个服务的xinetd配置,只需修改rsync和tftp的配置文件,讲disable = yes 修改为 disable = no来开启tftp 和 rsync 服务的开机自启动
sed -i 's/ disable = yes/ disable = no/' /etc/xinetd.d/tftp
sed -i 's/ disable = yes/ disable = no/' /etc/xinetd.d/rsync
/etc/init.d/xinetd restart
3.2.2.3 配置cobbler主配置文件

在启动Cobbler服务之前,你需要修改一些配置文件。在修改每一个文件之前最好先备份下当前的文件。

Cobblerd的配置文件为/etc/cobbler/settings ,这个文件是YAML信息的格式文件。

根据需要修改 cobbler主配置文件: /etc/cobbler/settings

Server 和 Next_Server
  • server 选项设置IP用于为cobbler 服务器指定地址,请不要使用0.0.0.0,设置一个你希望和cobbler服务器通过http和tftp等协议链接的IP

sed -i 's/server: 127.0.0.1/server: 192.168.21.128/g' /etc/cobbler/settings

  • next_server选项是DHCP/PXE网络引导文件被下载的TFTP服务器的IP,它将和server设置为同一个IP

sed -i 's/next_server: 127.0.0.1/next_server: 192.168.21.128 /g' /etc/cobbler/settings

  • 修改后,查看结果

grep -E "^server|next_server" /etc/cobbler/settings
next_server: 192.168.16.130
server: 192.168.16.130
3.2.2.4 Cobbler管理rsync 和 dhcp服务

为了pxe的启动,需要一个DHCP服务器地址,并直接引导系统,它可以在网络中下载引导文件到TFTP的服务器,cobbler可以通过manage_dhcp的设置来进行管理,让cobbler来管理dhcp服务,在做自定义配置时,需要修改dhcp相关配置,以配合PXE启动用,编辑文件/etc/cobbler/settings 
  • manage_dhcp: 1 (注:默认为0,表示不进行管理dhcp服务,可以修改为1,对其进行管理。此为使cobbler管理dhcp也就是后面用于同步更新配置信息[cobbler sync]) 默认为0,不对rsync进行管理,可以修改为1 进行管理

sed -i 's/manage_rsync: 0/manage_rsync: 1/g' /etc/cobbler/settings
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/g' /etc/cobbler/setting

  • 修改后,查看结果

grep -E "^manage_dhcp|^manage_rsync" /etc/cobbler/settings
manage_dhcp: 1
manage_rsync: 1
3.2.3 配置cobbler的web环境
  • 修改认证文件

grep "module = authn_configfile" /etc/cobbler/modules.conf
module = authn_configfile # 修改认证方式为密码文件类型

  • 用户和密码

htdigest /etc/cobbler/users.digest "Cobbler" tech
#添加tech用户,提示输入2遍密码确认
Adding user tech in realm Cobbler
New password: 123123 # 这里我设置的密码是 123123
Re-type new password: 123123

  • 生成cobbler安装系统root初始密码

openssl passwd -1 -salt 'random-phrase-here' ' 1234567890' # 该密码是用来登录通过cobbler安装后新机器的密码
$1$random-p$RkqDMTpuNlZZhJ7moLn3Q

  • 将上面的加密串加入cobbler配置文件中

vim /etc/cobbler/settings
#修改为如下配置
default_password_crypted: " $1$random-p$RkqDMTpuNlZZhJ7moLn3Q."

  • 查看

grep "default_password" /etc/cobbler/settings
default_password_crypted: " $1$random-p$RkqDMTpuNlZZhJ7moLn3Q."
3.2.4 配置dhcp与cobbler相关服务
  • 做任何修改操作前,先备份

cp /etc/cobbler/dhcp.template{,.bak}
ll /etc/cobbler/dhcp.template*
-rw-r--r-- 1 root root 2946 Jul 18 2014 /etc/cobbler/dhcp.template
-rw-r--r-- 1 root root 2946 Jul 7 17:01 /etc/cobbler/dhcp.template.bak

  • 修改dhcp配置文件

vim /etc/cobbler/dhcp.template 

ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;# 需要修改192.168.16.0为自己网段
subnet 192.168.16.0 netmask 255.255.255.0 {
option routers 192.168.16.1; # 修改自己的路由
option domain-name-servers 8.8.8.8; # 域名服务器地址
option subnet-mask 255.255.255.0; # 子网掩码
range dynamic-bootp 192.168.16.140 192.168.16.250;#指定IP范围
filename "/pxelinux.0";
default-lease-time 21600; #缺省租约时间
max-lease-time 43200; #最大租约时间
next-server 192.168.16.130; #指定引导服务器【cobbler服务器IP】
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
其余部分维持现状,将上述内容拷贝到/etc/dhcp/dhpcd.conf里。
  • 设置debmirror

#注释掉@dists和@arches的行
sed -i -e 's|@dists=.*|#@dists=|' /etc/debmirror.conf
sed -i -e 's|@arches=.*|#@arches=|' /etc/debmirror.conf

  • 下载引导操作系统文件

#加载部分缺失的网络boot-loaders
cobbler get-loaders

  • 检查Cobbler配置

cobbler check  

The following are potential configuration items that you may want to fix:
#dhcpd没有运行
1 : service dhcpd is not running
#执行cobbler get-loaders 系统将自动下载loader程序
2 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.

Restart cobblerd and then run 'cobbler sync' to apply changes

  • DHCP启动成功后,执行sync同步得到如下结果表示成功

cobbler sync

task started: 2014-12-29_184104_sync
task started (id=Sync, time=Mon Dec 29 18:41:04 2014)
running pre-sync triggers
cleaning trees
removing: /var/www/cobbler/images/CentOS6.6-x86_64
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/images/CentOS6.6-x86_64
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
copying: /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
copying distros to tftpboot
copying files for distro: CentOS6.6-x86_64
trying hardlink /var/www/cobbler/ks_mirror/CentOS6.6-x86_64/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/CentOS6.6-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/CentOS6.6-x86_64/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/CentOS6.6-x86_64/initrd.img
copying images
generating PXE configuration files
generating PXE menu structure
copying files for distro: CentOS6.6-x86_64
trying hardlink /var/www/cobbler/ks_mirror/CentOS6.6-x86_64/images/pxeboot/vmlinuz -> /var/www/cobbler/images/CentOS6.6-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/CentOS6.6-x86_64/images/pxeboot/initrd.img -> /var/www/cobbler/images/CentOS6.6-x86_64/initrd.img
Writing template files for CentOS6.6-x86_64
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
processing boot_files for distro: CentOS6.6-x86_64
cleaning link caches
rendering Rsync files
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout: Shutting down dhcpd: [ OK ]
Starting dhcpd: [ OK ]

received on stderr:
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE *** → 出现此行提示,表示sync同步dhcp成功
3.2.5重启cobbler和更新相关配置
  • 重启服务

/etc/init.d/cobblerd restart

  • 同步最新cobbler配置,它会根据配置自动修改dhcp,bind等服务,因此我称之为容器的原因

cobbler sync # 同步配置文件到dhcp服务器

  • 启动相关服务并设置开机启动

chkconfig httpd on
chkconfig xinetd on
chkconfig cobblerd on
chkconfig dhcpd on
/etc/init.d/httpd restart
/etc/init.d/xinetd restart
/etc/init.d/cobblerd restart
/etc/init.d/dhcpd restart

  • 设置Cobbler相关服务启动脚本

 
vim /etc/init.d/coobler

#!/bin/sh
# chkconfig: - 80 90
# description:cobbler
case $1 in
start)
/etc/init.d/httpd start
/etc/init.d/xinetd start
/etc/init.d/dhcpd start
/etc/init.d/cobblerd start
;;
stop)
/etc/init.d/httpd stop
/etc/init.d/xinetd stop
/etc/init.d/dhcpd stop
/etc/init.d/cobblerd stop
;;
restart)
/etc/init.d/httpd restart
/etc/init.d/xinetd restart
/etc/init.d/dhcpd restart
/etc/init.d/cobblerd restart
;;
status)
/etc/init.d/httpd status
/etc/init.d/xinetd status
/etc/init.d/dhcpd status
/etc/init.d/cobblerd status
;;
sync)
cobbler sync
;;
*)
echo "Input error,please in put 'start|stop|restart|status|sync'!";
exit 2>&1 >/dev/null &
;;
esac
EOF

  • 添加脚本执行权限

chmod +x /etc/rc.d/init.d/cobbler

  • 添加开机启动

chkconfig cobbler on

  • 重启

cobblerservice cobbler restart

  • 挂载系统安装镜像到http服务器站点目录

  1. 上传ISO镜像到服务器的/server/iso/目录
  2. 创建目录/var/www/html/os/{CentOS-6.6-x86_64}

mkdir -p /var/www/html/os/CentOS-6.6-x86_64    # 创建挂载目录
提示:如果是本地iso镜像则挂载用 loop方式; 如果是挂载光盘则直接挂载到指定目录即可
mount -t iso9660 -o loop /root/CentOS-6.6-x86_64-bin-DVD1.iso /var/www/html/os/CentOS-6.6-x86_64/

mount /dev/cdrom /var/www/html/os/CentOS-6.6-x86_64/
挂载完之后,要编辑开机自挂载项
vi /etc/fstab
/server/iso/CentOS-6.6-x86_64-bin-DVD1.iso /var/www/html/os/CentOS-6.6-x86_64 iso9660 defaults 0 0
或者
/dev/cdrom /var/www/html/os/CentOS-6.6-x86_64 iso9660 defaults 0 0
备注:
  • iso9660使用df -T 查看设备 卸载:umount /var/www/html/os/CentOS-6.5-x86_64
  • 重复上面的操作,把自己需要安装的CentOS系统镜像文件都挂载到/var/www/html/os/目录下

 
  • 例如: CentOS-5.10-x86_64-bin-DVD-1of2.iso CentOS-7.0-1406-x86_64-DVD.iso

 
 导入系统镜像到cobbler

从DVD中导入客户端的OS; 将自动设置了“x86_64”,并将其命名为CentOS6.6-x86_64,导入需要时间,可查看/var/www/cobbler/ks_mirror/CentOS-6.6-x86_64/目录文件生成情况
cobbler import --path=/var/www/html/os/CentOS-6.6-x86_64 --name=CentOS-6.6-x86_64 --arch=x86_64 
命令格式:cobbler import --path=镜像路径 -- name=安装引导名 --arch=32位或64位
参数说明:
--name 为安装源定义一个名字
--arch 指定安装源是32位还是64位、ia64, 目前支持的选项有: x86│x86_64│ia64
导入成功的结果如下:
task started: 2014-12-28_214043_import
task started (id=Media import, time=Sun Dec 28 21:40:43 2014)
Found a candidate signature: breed=redhat, version=rhel6
Found a matching signature: breed=redhat, version=rhel6
Adding distros from path /var/www/cobbler/ks_mirror/CentOS-6.6-x86_64:
creating new distro: CentOS-6.6-x86_64
trying symlink: /var/www/cobbler/ks_mirror/CentOS-6.6-x86_64 -> /var/www/cobbler/links/CentOS-6.6-x86_64
creating new profile: CentOS-6.6-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
sta将需要安装系统的服务器网卡启用 PXE,启动服务器从 PXE 引导 默认从本地硬盘引导,可以修改,建议还是保持此默认 rting descent into /var/www/cobbler/ks_mirror/CentOS-6.6-x86_64 for CentOS-6.6-x86_64
processing repo at : /var/www/cobbler/ks_mirror/CentOS-6.6-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/CentOS-6.6-x86_64
looking for /var/www/cobbler/ks_mirror/CentOS-6.6-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/CentOS-6.6-x86_64/repodata
*** TASK COMPLETE ***
四、安装系统
 
4.1 命令行安装
 
将需要安装系统的服务器网卡启用 PXE,启动服务器从 PXE 引导 默认从本地硬盘引导,可以修改,建议还是保持此默认

选择对应的系统即可安装:
15.png

 
4.2 Web安装
 
Cobbler web 界面是一个很好的前端,非常容易管理 Cobbler,可以添加和删除 system distro profile,可 以 查 看 、 编 辑 distros, profiles,subprofiles, systems, repos 、 kickstart 文件 。
 
浏览器访问登录页面https://ip/cobbler_web ,输入用户名密码即可

screenshot_2.png

 
登录后的页面

screenshot.png

 
web 管理相对易于使用管理这里就不再赘述。 
 
====>Cobbler就介绍到这里了,详情可参见官方网站:https://cobbler.github.io/manuals/2.6.0/

0 个评论

要回复文章请先登录注册