cobbler自动安装操作系统

cobbler是快速网络安装linux操作系统的服务,支持众多的Linux发行版:Red Hat、Fedora、CentOS、Debian、Ubuntu和SuSE,也可以支持网络安装windows

一、配置yum源

cobbler所在的源是epel源所以先配置yum源

1
2
3
4
5
6
7
8
9
[root@centos7 ~]# vim /etc/yum.repos.d/base.repo
[base]
name=base
baseurl=file:///mnt
gpgcheck=0
[epel]
name=epel
baseurl=http://mirrors.sohu.com/fedora-epel/7/x86_64
gpgcheck=0

二、安装cobbler和dhcp服务

1
[root@centos7 ~]# yum install cobbler dhcp -y

三、启动相关服务并设置为开机启动

1
2
[root@centos7 ~]# systemctl enable rsyncd httpd tftp cobblerd dhcpd
[root@centos7 ~]# systemctl start rsyncd httpd tftp cobblerd

四、配置cobbler

1.使用cobbler check查看所需配置的内容

1
2
3
4
5
6
7
8
9
10
11
12
root@centos7 ~]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : debmirror package is not installed, it will be required to manage debian deployments and repositories
6 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
7 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

2.在/etc/cobbler/setting文件中查找到以下几项并进行修改

1
2
3
4
5
6
7
8
9
10
server: 192.168.73.120                  #cobbler的服务器地址
next_server: 192.168.73.120             #tftp服务器地址
default_password_crypted: "$1$JZoCUmJG$PaPdl.tq3OW6KEXZbUaBP."      #修改默认密码
manage_dhcp: 1                          #dhcpg管理设置为1
````

3.下载boot-loaders

```bash
[root@centos7 ~]# cobbler get-loaders

4.修改cobbler的dhcp模板文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@centos7 ~]# vim /etc/cobbler/dhcp.template
...上面省略...
subnet 192.168.73.0 netmask 255.255.255.0 {                       #修改网段
     option routers             192.168.73.254;                   #指定网关
     option domain-name-servers 1.1.1.1;                          #指定dns
     option subnet-mask         255.255.255.0;                    #指定子网掩码
     range dynamic-bootp        192.168.73.1 192.168.73.100;      #指定地址池
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;
     class "pxeclients" {
          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
          if option pxe-system-type = 00:02 {
                  filename "ia64/elilo.efi";
          } else if option pxe-system-type = 00:06 {
                  filename "grub/grub-x86.efi";
          } else if option pxe-system-type = 00:07 {
                  filename "grub/grub-x86_64.efi";
          } else if option pxe-system-type = 00:09 {
                  filename "grub/grub-x86_64.efi";
          } else {
                  filename "pxelinux.0";
          }
     }

}
...下面省略...

5.将cobbler的DHCP文件进行同步

1
[root@centos7 ~]# cobbler sync

6.重启cobbler服务以及DHCP服务

1
2
[root@centos7 ~]# systemctl restart cobblerd
[root@centos7 ~]# systemctl start dhcpd

五、为cobbler配置系统镜像文件

1.将光盘挂载至一个空目录

1
[root@centos7 ~]# mount /dev/sr0 /mnt

2.将光盘内文件复制入cobbler,此步骤是将光盘的的文件复制至/var/www/cobbler/ks_mirror/目录下

1
[root@centos7 ~]# cobbler import --path=/mnt --name=Centos-6.10 --arch=x86_64

由于cobbler自带了KS文件,所以现在已经能够实现自动化安装系统了,若要实现使用自己定制的KS文件,来实现自动化安装看下面的补充。

补充

在实际生产环境中可能需要安装各种不同的定制化的系统,此时就需要准备各种不同的ks文件,并将文件与相对应的系统关联起来。

一、准备ks文件

1.ks文件可以在图形化界面通过system-config-kickstart进行生成,也手写(不建议)或使用已经装好的系统中,/root/anaconda-ks.cfg进行修改。此处以最小化安装ks文件为例。

此处需要注意的是在ks文件中使用network安装,要将url的路径设置为cobbler的内置变量$tree

1
2
# Use network installation
url --url=$tree

2.ks6mini.cfg文件内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
[root@centos7 ~]# vim ks6.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url=$tree
# Root password
rootpw --iscrypted $1$6oVXZR1R$QOASc6inirmHCZmQ.W9Hg0
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone  Asia/Shanghai
# Network information
network  --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel 
# Disk partitioning information
part /boot --fstype="ext4" --size=200
part / --fstype="ext4" --size=20000
part swap --fstype="swap" --size=1024

%packages
@core

%end

二、将ks文件复制到cobbler的ks的仓库中

cobbler有自带的ks仓库,其目录在/var/lib/cobbler/kickstarts/,将所准备好的ks文件复制到此目录下

1
[root@centos7 ~]# cp ks6mini.cfg /var/lib/cobbler/kickstarts/

三、将ks文件与cobbler中的系统镜像相关联

1.首先查看下cobbler仓库中的ks文件关联列表以及cobbler中所存在的系统镜像

1
2
3
4
[root@centos7 ~]# cobbler profile list          #此命令可以查看ks关联安装列表
   Centos-6.10-x86_64                           #此为刚才创建的安装列表
[root@centos7 ~]# cobbler distro list           #此命令可以查看所存在的系统镜像
   Centos-6.10-x86_64                           #此为刚才导入的镜像

2.将ks6mini.cfg文件进行关联

1
2
3
4
5
6
7
[root@centos7 ~]# cobbler profile add --name=Centos-6.10-mini-x86_64 --distro=Centos-6.10-x86_64 --ks=/var/lib/cobbler/kickstarts/ks6mini.cfg
#--name:指定新的安装列表的名称
#--distro:指定所要关联的镜像名称
#--ks:指定ks文件所在的路径
[root@centos7 ~]# cobbler profile list          #查看安装列表
   Centos-6.10-mini-x86_64                      #此为刚才所关联的项
   Centos-6.10-x86_64

3.删除ks关联

由于cobbler所自带的关联安装方法,并不是我们想要的,所以我们需要将其从列表中删除,删除方法

1
2
3
[root@centos7 ~]# cobbler profile remove --name=Centos-6.10-x86_64      #删除列表
[root@centos7 ~]# cobbler profile list
   Centos-6.10-mini-x86_64                                              #此时只剩下mini

基于web的cobbler管理

由于文本形式的cobbler的管理不太友好,我们也可以使用基于web的管理方法

一、安装cobbler-web

1
[root@centos7 mnt]# yum install cobbler-web -y

二、重启httpd服务

1
[root@centos7 mnt]# systemctl restart httpd

三、此时已经能访问cobbler的web界面

cobbler_web是基于ssl的,所以需要使用https协议,访问地址为:https://XXX.XXX.XXX.XXX/cobbler_web

cobbler_web.png

cobbler_web的账户和密码

cobbler默认账户和密码都为cobbler,此密码不够安全,我们需要对其加以修改。

一、authn_configfile验证方法

cobbler的验证文件存放在/etc/cobbler/modules.conf内部详细的说明了各种验证方法,默认的验证方法为configfile。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@centos7 mnt]# cat /etc/cobbler/modules.conf
# cobbler module configuration file
# =================================

# authentication: 
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
#    authn_denyall    -- no one (default)
#    authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
#    authn_passthru   -- ask Apache to handle it (used for kerberos)
#    authn_ldap       -- authenticate against LDAP
#    authn_spacewalk  -- ask Spacewalk/Satellite (experimental)
#    authn_pam        -- use PAM facilities
#    authn_testing    -- username/password is always testing/testing (debug)
#    (user supplied)  -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Kerberos
# https://github.com/cobbler/cobbler/wiki/Ldap

[authentication]
module = authn_configfile

添加用户和删除用户

auth_confile的用户名和密码存放在/etc/cobbler/users.digest中使用一下命令可以创建Cobbler的用户和密码

1
2
3
4
[root@centos7 mnt]# htdigest /etc/cobbler/users.digest Cobbler admin   #注意此处Cobbler的C必须为大写
Adding user admin in realm cobbler
New password: 
Re-type new password:

Cobbler删除用户只需要在/etc/cobbler/users.digest中找到用户相对应的行将其删除。

二、authn_pam的验证方法

1.修改验证文件/etc/cobbler/modules.conf中的authentication项,pam验证方法的用户名和密码存放在/etc/cobbler/users.conf文件中

1
2
[authentication]
module = authn_pam

2.基于pam验证的用户名和密码的创建

创建一个Linux用户

1
2
3
4
[root@centos7 mnt]# useradd -s /sbin/nologin cobbleradmin
[root@centos7 mnt]# echo 111111 | passwd --stdin cobbleradmin
Changing password for user cobbleradmin.
passwd: all authentication tokens updated successfully.

此时可以使用Linxu账户进行登陆cobbler_web