cobbler

Cobbler介绍:

快速网络安装linux操作系统的服务，支持众多的Linux发行版：Red Hat、Fedora、CentOS、Debian、Ubuntu和SuSE，也可以支持网络安装windows
PXE的二次封装，将多种安装参数封装到一个菜单
Python编写
提供了CLI和Web的管理形式

cobbler 工作流程

在这里插入图片描述

client裸机配置了从网络启动后，开机后会广播包请求DHCP服务器（cobbler server）发送其分配好的一个IP
DHCP服务器（cobbler server）收到请求后发送responese，包括其ip地址
client裸机拿到ip后再向cobbler server发送请求OS引导文件的请求
cobbler server告诉裸机OS引导文件的名字和TFTP server的ip和port
client裸机通过上面告知的TFTP server地址通信，下载引导文件
client裸机执行执行该引导文件，确定加载信息，选择要安装的os，期间会再向cobbler server请求kickstart文件和os image
cobbler server发送请求的kickstart和os iamge
client裸机加载kickstart文件
client裸机接收os image，安装该os image

安装包
yum install cobbler 基于EPEL源
cobbler 服务集成
1. PXE
2. DHCP
3. rsync
4. Http
5. DNS
6. Kickstart
7. IPMI 电源管理
检查cobbler环境
cobbler check

cobbler 各种配置目录说明

/etc/cobbler/settings : cobbler 主配置文件
/etc/cobbler/iso/: iso模板配置文件
/etc/cobbler/pxe: pxe模板文件
/etc/cobbler/power: 电源配置文件
/etc/cobbler/user.conf: web服务授权配置文件
/etc/cobbler/users.digest: web访问的用户名密码配置文件
/etc/cobbler/dhcp.template : dhcp服务器的的配置末班
/etc/cobbler/dnsmasq.template : dns服务器的配置模板
/etc/cobbler/tftpd.template : tftp服务的配置模板
/etc/cobbler/modules.conf : 模块的配置文件

/var/lib/cobbler/config/: 用于存放distros，system，profiles 等信息配置文件
/var/lib/cobbler/triggers/: 用于存放用户定义的cobbler命令
/var/lib/cobbler/kickstart/: 默认存放kickstart文件
/var/lib/cobbler/loaders/: 存放各种引导程序

/var/www/cobbler/ks_mirror/: 导入的发行版系统的所有数据
/var/www/cobbler/images/ : 导入发行版kernel和initrd镜像用于远程网络启动
/var/www/cobbler/repo_mirror/: yum 仓库存储目录

/var/log/cobbler/installing: 客户端安装日志
/var/log/cobbler/cobbler.log : cobbler日志

cobbler 命令介绍

cobbler commands
cobbler check 核对当前设置是否有问题
cobbler list 列出所有的cobbler元素
cobbler report 列出元素的详细信息
cobbler sync 同步配置到数据目录,更改配置最好都要执行下
cobbler reposync 同步yum仓库
cobbler distro 查看导入的发行版系统信息
cobbler system 查看添加的系统信息
cobbler profile 查看配置信息
distro查看安装源
cobbler distro list
profiles查看菜单

#查看菜单列表
cobbler profile list
#添加菜单
cobbler profile add --name=你的菜单名 --distro=(安装源：从cobbler distro list找)   --kickstart=/var/lib/cobbler/kickstart 
#移除菜单
cobbler profile remove --name=(你选个名)

查看引导文件
cat /var/lib/tftpboot/pxelinux.cfg/default
同步cobbler配置
cobbler sync
多系统引导方案
cobbler import --name=CentOS-7-x86_64 --path=/media/cdrom cobbler distro list cobbler profile list cobbler sync

cobbler 重要的参数

/etc/cobbler/settings中重要的参数设置
default_password_crypted: “ $1$ gEc7ilpP$pg5iSOj/mlxTxEslhRvyp/”
manage_dhcp：1
manage_tftpd：1
pxe_just_once：1
next_server：< tftp服务器的 IP 地址>
server：<cobbler服务器的 IP 地址>

cobbler 相关管理

下载启动菜单：
联网：cobbler get-loaders
不联网：cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot
管理distro
cobbler import --name=centos-7.5-x86_64 --path=/media/cdrom --arch=x86_64
管理profile
cobbler profile add --name=centos-7.5 --distro=centos-7.5-x86_64
–kickstart= /var/lib/cobbler/kickstarts/centos7_x86_64.cfg

yum install PyYAML tftp-server createrepo mod_wsgi yum-utils httpd rsync python-netaddr genisoimage python-pygments syslinux libyaml
yum install python2-pyyaml cobbler

实验：cobbler 实现自动化安装

安装包，并设置服务

#不知道为啥我的EPEL装不了cobbler，说是缺少依赖包，依赖包还装不上，没办法我就手动一个一个装了。
#下面是光盘装的
yum install PyYAML tftp-server createrepo mod_wsgi yum-utils httpd rsync python-netaddr genisoimage python-pygments syslinux  libyaml dhcp
#下面是EPEL装的，用的aliyun的EPEL源
yum install python2-pyyaml cobbler pykickstart


##
#如果用epel源能直接装上cobbler的话。还要一个dhcp
yum install cobbler dhcp

然后就可以把服务启动了

systemctl start cobblerd httpd tftp
systemctl start rsyncd
systemctl enable rsyncd

执行Cobbler check命令检查配置会报如下异常

[]$ cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

根据上面提示修改配置

(1)修改/etc/cobbler/settings文件。

#在这之前。先用下面的命令生成你的密码的md5，复制下来，有用
[root]$ openssl passwd -1
[root]$ vim /etc/cobbler/setting
#找到下面这条，把后面的""的内容替换成你上面生成的密码的MD5
default_password_crypted: "$1$RFO.hOYF$g79MJdrxFJMgpggQlhjev/"
#修改成手动配置DHCP
manage_dhcp: 1
#参数的值为提供cobbler服务的主机相应的IP地址或主机名
server: 192.168.99.11
#参数的值为提供PXE服务的主机相应的IP地址，也就还是你的cobbler服务器的IP
next_server: 192.168.99.11

[root]$ systemctl restart cobblerd

(3)执行命令下载启动相关文件菜单：

#如果你的服务器可以联网，执行下面的命令
cobbler get-loaders
#否则你就需要安装syslinux程序包，而后复制/usr/share/syslinux/{pxelinux.0,memu.c32}等文件至/var/lib/cobbler/loaders/目录中。

#文件下载的位置不对，要同步一下
cobbler sync

配置DHCP服务
修改文件/etc/cobbler/dhcp.template

[root]$ vim /etc/cobbler/dhcp.template
subnet 192.168.37.0 netmask 255.255.255.0 {
     option routers             192.168.37.2;
     option domain-name-servers 192.168.37.2;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.37.100 192.168.37.254;
...
[root]$ cobbler sync
#如果没有上一步的同步，配置文件就写不到dhcpd服务，就会启动失败
[root]$ systemctl start dhcpd

分别导入centos的安装源,并查看

#因为安装源是指向自己的，所以要把安装源导进来
[root]$ cobbler import --path=/misc/cd --name=CentOS7.6-x86_64 --arch=x86_64
#可以查看下导入的结果
[root]$ cobbler profile list
[root]$ cobbler distro list

准备kickstart文件并导入cobbler

#把你准备好的ks文件复制到这个路径下
[root]$ cp ks7_mini.cfg /var/lib/cobbler/kickstarts/
#不过要编辑下，改一下url这条。
[root]$ vim /var/lib/cobbler/kickstarts/ks7_mini.cfg
    url --url=$tree

#编辑完了导入到cobbler吧
[root]$ cobbler profile add --name=CentOS7.6-x86_64_mini --distro=CentOS7.6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7_mini.cfg

#重启下服务
[root]$ systemctl restart cobblerd
[root]$ cobbler sync

enjoy!再说一遍，内存要大于1.5G才能去安装

cobbler的web管理实现

使用http://mirrors.sohu.com/fedora-epel/7/x86_64/这个epel安装，因为最新的python2-django.1.11.21有点问题，访问不了(2019-6-30测试)
提供cobbler的基于web管理界面，epel源，sohu源安装的pthon2-django版本应该是1.6的

yum install cobbler-web

认证方式
认证方法配置文件：/etc/cobbler/modules.conf

支持多种认证方法：
authn_configfile
authn_pam

使用authn_configfile模块认证cobbler_web用户

vim /etc/cobbler/modules.conf
    [authentication]
    module=authn_configfile

创建其认证文件/etc/cobbler/users.digest，并添加所需的用户
htdigest -c /etc/cobbler/users.digest Cobbler admin
注意:添加第一个用户时,使用“-c”选项，后续添加其他用户时不要再使用，cobbler_web的realm只能为Cobbler

使用authn_pam模块认证cobbler_web用户

vim /etc/cobbler/modules.conf
    [authentication]
    module = authn_pam

创建cobbler用户：useradd cobbler

vim /etc/cobbler/users.conf
    [admins]
    admin = "cobbler"

Web访问cobbler

systemctl restart cobblerd

通过https://你的IP/cobbler_web访问

一步一步_cobbler自动化部署详解