A, cobbler Profile
cobbler is quick network installation linux operating system services that support a large number of Linux distributions, such as redhat |, fedora, centos, debian, ubuntu and suse, also supports network installation Windows. It corresponds to the pxe second package, the package installation parameters to a multi-menu, written in Python, and cli provided in the form of web-based management.
Two, cobbler workflow
1) The client is configured with bare boot from the network after power on request broadcast packet dhcp server, a request to the client ip address dhcp bare available
2) DHCP server receives the request responese, including ip address
3) Get the client host ip address, think cobbler server sends a request requests the OS boot file
4) After the cobbler server receives the request, it will tell the client host ip and port os boot file name and tftp server
5) After the client host to get the tftp ip address, which will take the initiative to request address, the system boot files downloaded
After 6) client to download a good boot file, on the implementation of the boot file to determine loading information, select the os to install, will come back cobbler server requests during the kickstart file and image os
7) cobbler server receives the request, it sends the corresponding os kickstart file and the image file to client hosts.
8) The client receives the kickstart file, which loads the file and accepts os image, and then install the operating system
These are the basic flow of cobbler
Third, install cobbler, and each profile catalog description
[root@cobbler ~]# yum install cobbler dhcp -y
Description: cobbler default installation will install httpd, tftp-server, syslinux packages such as these, do not install dhcp package, so to manually install dhcp together
Profile directory / etc / Cobbler
/ etc / Cobbler / Settings: Cobbler main configuration file
/ etc / cobbler / iso /: iso template configuration file
/ etc / cobbler / pxe: pxe template file
/ etc / cobbler / power: Power Profiles
/etc/cobbler/user.conf: web service authorization profile
/etc/cobbler/users.digest: web access username and password in the configuration file
/etc/cobbler/dhcp.template: dhcp server configuration that last
/ etc / cobbler / dnsmasq.template: dns server configuration template
/etc/cobbler/tftpd.template: tftp services configuration template
/etc/cobbler/modules.conf: module configuration files
Data directory
/ var / lib / cobbler / config /: for storing distros, system, profiles and other information profile
/ var / lib / cobbler / triggers /: used to store the user-defined command cobbler
/ var / lib / cobbler / kickstart /: default storage kickstart file
/ var / lib / cobbler / loaders /: storing boot programs of various
Mirroring the directory
/ var / www / cobbler / ks_mirror /: all imported data release system
/ var / www / cobbler / images /: Import release kernel and initrd image used for remote network boot
/ var / www / cobbler / repo_mirror /: yum repository storage directory
Log directory,
/ var / log / cobbler / installing : Client installation log
/var/log/cobbler/cobbler.log: cobbler log
Fourth, start cobblerd, httpd service
[root@cobbler ~]# systemctl start httpd cobblerd
Fifth, check cobbler environment (before executing the cobbler check command httpd service must first ensure open, because the premise of this command can be executed cobbler has started normal, cobbler's start also dependent start the httpd)
[root@cobbler ~]# cobbler check The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : enable and start rsyncd.service with systemctl 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : ksvalidator was not found, install pykickstart 8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes. [root@cobbler ~]#
Description: The system tells us that there is a problem cobbler 9 environment. In fact, this 9 in Section 3 we do not control, if it is centos6 as a cobbler server needs to be changed, the centos7 not control, Article 5 do not control, Article 6 do not control, it said the debian system, the first 9 do not control, it says there is no management tools power; then we one by one to solve these problems
The first system is a server configuration failed to tell us that we can not properly configured localhost replaced by another work proposal
vim / etc / cobbler / settings begin the search server corresponding to the changed server 192.168.0.105 ip
Article 2 system tells us in / etc / cobbler / settings next_server not say 127.0.0.1. Edit / etc / cobbler / settings corresponding to the search next_server ip modified next_server: 192.168.0.105
Article 4 systems tell us need to run cobbler get-loaders command to download and install the necessary file system on the network.
Article 7 system tells us not installed pykickstart this package, we can use yum install pykickstart -y install it
Article 8 need to change said system default_password_crypted, root password is not changed subsequent unsafe loading system, we can use openssl passwd -1 -salt 'random-phrase-here' 'your-password-here' command to generate the password. Edit / etc / cobbler / settings default_passwd search string behind the default_password_crypted modified to use an encrypted password we just generated command string.
After rectification of the more than a few we need to restart the service and then check in cobblerd run cobbler
[root@cobbler ~]# systemctl restart cobblerd
[root@cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : change 'disable' to 'no' in /etc/xinetd.d/tftp
2 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
3 : enable and start rsyncd.service with systemctl
4 : debmirror package is not installed, it will be required to manage debian deployments and repositories
5 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
[root@cobbler ~]# cobbler get-loaders
task started: 2019-12-23_032218_get_loaders
task started (id=Download Bootloader Content, time=Mon Dec 23 03:22:18 2019)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
Exception occured: <class 'urlgrabber.grabber.URLGrabError'>
Exception value: [Errno 14] curl#35 - "TCP connection reset by peer"
Exception Info:
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 82, in run
rc = self._run(self)
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 176, in runner
return self.remote.api.dlcontent(self.options.get("force",False), self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 735, in dlcontent
return grabber.run(force)
File "/usr/lib/python2.7/site-packages/cobbler/action_dlcontent.py", line 73, in run
urlgrabber.grabber.urlgrab(src, filename=dst, proxies=proxies)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 773, in urlgrab
return default_grabber.urlgrab(url, filename, **kwargs)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1220, in urlgrab
return _run_callback(opts.failfunc, opts)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1071, in _run_callback
return cb(obj)
File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1065, in _do_raise
raise obj.exception
!!! TASK FAILED !!!
[root@cobbler ~]# systemctl start tftp
[root@cobbler ~]# systemctl status tftp
● tftp.service - Tftp Server
Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; vendor preset: disabled)
Active: active (running) since 一 2019-12-23 03:23:40 CST; 6s ago
Docs: man:in.tftpd
Main PID: 7962 (in.tftpd)
CGroup: /system.slice/tftp.service
└─7962 /usr/sbin/in.tftpd -s /var/lib/tftpboot
12月 23 03:23:40 cobbler systemd[1]: Started Tftp Server.
[root@cobbler ~]# cobbler get-loaders
task started: 2019-12-23_032359_get_loaders
task started (id=Download Bootloader Content, time=Mon Dec 23 03:23:59 2019)
path /var/lib/cobbler/loaders/README already exists, not overwriting existing content, use --force if you wish to update
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@cobbler ~]#
Note: The above execution cobbler get-loaders report an error because the tftp service is not started, start the service back to normal after tftp. You can see the download information from, cobbler default the downloaded files in the / var / lib / cobbler / loaders directory on a subsequent installation of our system, basically useless, we need to move the files to the tftp server working directory. How to move it? Cobbler sync to perform
[root@cobbler ~]# cobbler sync task started: 2019-12-22_194040_sync task started (id=Sync, time=Sun Dec 22 19:40:40 2019) running pre-sync triggers cleaning trees removing: /var/lib/tftpboot/grub/images copying bootloaders trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32 trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros to tftpboot copying images generating PXE configuration files generating PXE menu structure rendering TFTPD files generating /etc/xinetd.d/tftp cleaning link caches running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.manage_genders running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE *** [root@cobbler ~]#
Description: After executing the command cobbler sync, we can see the system working to tftp directory / var / lib / tftpboot directory created some connection file, to note here that we are in / etc / cobbler / settings file, if configured manage_dhcp: 1, performed here cobbler sync will report an error because the cobbler will try to start dhcp service before that we do not have to configure any dhcp configuration file, so dhcp service is not started up, we need to modify the cobbler the dhcp template file and then synchronize the error will not
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
manage_dhcp: 1
"/ Etc / cobbler / settings" 468L, 19925C has been written
[root@cobbler ~]# systemctl restart cobblerd
[root@cobbler ~]# cobbler sync
task started: 2019-12-22_194934_sync
task started (id=Sync, time=Sun Dec 22 19:49:34 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.
Exception occured: <class 'cobbler.cexceptions.CX'>
Exception value: 'cobbler trigger failed: cobbler.modules.sync_post_restart_services'
Exception Info:
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 82, in run
rc = self._run(self)
File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 181, in runner
return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 763, in sync
return sync.run()
File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line 144, in run
utils.run_triggers(self.api, None, "/var/lib/cobbler/triggers/sync/post/*", logger=self.logger)
File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 928, in run_triggers
raise CX("cobbler trigger failed: %s" % m.__name__)
!!! TASK FAILED !!!
[root@cobbler ~]# vim /etc/cobbler/dhcp.template
# ******************************************************************
# Cobbler managed dhcpd.conf file
#
# generated from cobbler dhcp.conf template ($date)
# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
# overwritten.
#
# ******************************************************************
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.0.200 192.168.0.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else if option pxe-system-type = 00:09 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
}
}
}
#for dhcp_tag in $dhcp_tags.keys():
## group could be subnet if your dhcp tags line up with your subnets
## or really any valid dhcpd.conf construct ... if you only use the
## default dhcp tag in cobbler, the group block can be deleted for a
## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
#for mac in $dhcp_tags[$dhcp_tag].keys():
#set iface = $dhcp_tags[$dhcp_tag][$mac]
host $iface.name {
#if $iface.interface_type == "infiniband":
option dhcp-client-identifier = $mac;
#else
hardware ethernet $mac;
#end if
#if $iface.ip_address:
fixed-address $iface.ip_address;
#end if
#if $iface.hostname:
option host-name "$iface.hostname";
#end if
#if $iface.netmask:
option subnet-mask $iface.netmask;
#end if
#if $iface.gateway:
option routers $iface.gateway;
#end if
#if $iface.enable_gpxe:
if exists user-class and option user-class = "gPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else if exists user-class and option user-class = "iPXE" {
filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
} else {
filename "undionly.kpxe";
}
#else
filename "$iface.filename";
#end if
## Cobbler defaults to $next_server, but some users
## may like to use $iface.system.server for proxied setups
next-server $next_server;
## next-server $iface.next_server;
}
#end for
}
#end for
"/Etc/cobbler/dhcp.template" 92L, 3177C has been written
[root@cobbler ~]#
Note: If you do not manage_dhcp configuration: We need to manually go write dhcp configuration file, configuration manage_dhcp: 1 says cobbler with a template file to us to generate dhcp configuration file, we only need to change the template file for your environment on it is good
[root@cobbler ~]# cobbler sync
task started: 2019-12-22_195414_sync
task started (id=Sync, time=Sun Dec 22 19:54:14 2019)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@cobbler ~]# tree /var/lib/tftpboot/
/ Var / lib / tftpboot /
├── boot
│ └── grub
│ └── menu.lst
├── etc
├── grub
│ ├── efidefault
│ ├── grub-x86_64.efi
│ ├── grub-x86.efi
│ └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│ └── default
├── s390x
│ └── profile_list
└── yaboot
10 directories, 10 files
[root@cobbler ~]# ss -ntlu
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 *:67 *:*
udp UNCONN 0 0 127.0.0.1:323 *:*
udp UNCONN 0 0 :::69 :::*
udp UNCONN 0 0 ::1:323 :::*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 127.0.0.1:25 *:*
tcp LISTEN 0 5 127.0.0.1:25151 *:*
tcp LISTEN 0 128 :::80 :::*
tcp LISTEN 0 32 :::21 :::*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 ::1:25 :::*
[root@cobbler ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: active (running) since 日 2019-12-22 19:54:15 CST; 52s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PID: 8807 (dhcpd)
Status: "Dispatching packets..."
CGroup: /system.slice/dhcpd.service
└─8807 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
12月 22 19:54:15 cobbler dhcpd[8807]: Copyright 2004-2013 Internet Systems Consortium.
12月 22 19:54:15 cobbler dhcpd[8807]: All rights reserved.
12月 22 19:54:15 cobbler dhcpd[8807]: For info, please visit https://www.isc.org/software/dhcp/
12月 22 19:54:15 cobbler dhcpd[8807]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn we... file
12月 22 19:54:15 cobbler dhcpd[8807]: Wrote 0 class decls to leases file.
12月 22 19:54:15 cobbler dhcpd[8807]: Wrote 0 leases to leases file.
12月 22 19:54:15 cobbler dhcpd[8807]: Listening on LPF/ens33/00:0c:29:fb:66:a2/192.168.0.0/24
12月 22 19:54:15 cobbler dhcpd[8807]: Sending on LPF/ens33/00:0c:29:fb:66:a2/192.168.0.0/24
12月 22 19:54:15 cobbler systemd[1]: Started DHCPv4 Server Daemon.
12月 22 19:54:15 cobbler dhcpd[8807]: Sending on Socket/fallback/fallback-net
Hint: Some lines were ellipsized, use -l to show in full.
[root@cobbler ~]#
Note: You can see the working directory tftp where there are things, dhcpd service also launched, this cobbler basic services have been set up configuration is completed, followed by the import system image
Six, into the system image (provided to mount the mirror system)
[root@cobbler ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8: 0 0 40G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 39G 0 part ├─centos-root 253:0 0 37G 0 lvm / └─centos-swap 253:1 0 2G 0 lvm [SWAP] sr0 11: 0 1 0 3.7G rom sr1 11: 1:01 4.2G 0 accommodations [root@cobbler ~]# mount /dev/sr0 centos6 mount: / dev / sr0 write protection, will be mounted read-only [root@cobbler ~]# mount /dev/sr1 centos7 mount: / dev / sr1 write protection, will be mounted read-only [root@cobbler ~]#
Import image
[root@cobbler ~]# cobbler import --path=/root/centos7 --name=centos7-x86_64 --arch=x86_64 task started: 2019-12-22_200632_import task started (id=Media import, time=Sun Dec 22 20:06:32 2019) Found a candidate signature: breed=redhat, version=rhel6 Found a candidate signature: breed=redhat, version=rhel7 Found a matching signature: breed=redhat, version=rhel7 Adding distros from path /var/www/cobbler/ks_mirror/centos7-x86_64: creating new distro: centos7-x86_64 trying symlink: /var/www/cobbler/ks_mirror/centos7-x86_64 -> /var/www/cobbler/links/centos7-x86_64 creating new profile: centos7-x86_64 associating repos checking for rsync repo(s) checking for rhn repo(s) checking for yum repo(s) starting descent into /var/www/cobbler/ks_mirror/centos7-x86_64 for centos7-x86_64 processing repo at : /var/www/cobbler/ks_mirror/centos7-x86_64 need to process repo/comps: /var/www/cobbler/ks_mirror/centos7-x86_64 looking for /var/www/cobbler/ks_mirror/centos7-x86_64/repodata/*comps*.xml Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos7-x86_64/repodata *** TASK COMPLETE *** [root@cobbler ~]# [root@cobbler ~]# cobbler import --path=/root/centos6 --name=centos6.9-x86_64 --arch=x86_64 task started: 2019-12-22_200752_import task started (id=Media import, time=Sun Dec 22 20:07:52 2019) Found a candidate signature: breed=redhat, version=rhel6 Found a matching signature: breed=redhat, version=rhel6 Adding distros from path /var/www/cobbler/ks_mirror/centos6.9-x86_64: creating new distro: centos6.9-x86_64 trying symlink: /var/www/cobbler/ks_mirror/centos6.9-x86_64 -> /var/www/cobbler/links/centos6.9-x86_64 creating new profile: centos6.9-x86_64 associating repos checking for rsync repo(s) checking for rhn repo(s) checking for yum repo(s) starting descent into /var/www/cobbler/ks_mirror/centos6.9-x86_64 for centos6.9-x86_64 processing repo at : /var/www/cobbler/ks_mirror/centos6.9-x86_64 need to process repo/comps: /var/www/cobbler/ks_mirror/centos6.9-x86_64 looking for /var/www/cobbler/ks_mirror/centos6.9-x86_64/repodata/*comps*.xml Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos6.9-x86_64/repodata *** TASK COMPLETE *** [root@cobbler ~]#
Note: If you do not specify kickstart answer file, the default answer file will generate a minimal installation
View startup menu file
root@cobbler ~]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTAL TIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos6.9-x86_64
kernel /images/centos6.9-x86_64/vmlinuz
MENU LABEL centos6.9-x86_64
append initrd=/images/centos6.9-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos6.9-x86_64
ipappend 2
LABEL centos7-x86_64
kernel /images/centos7-x86_64/vmlinuz
MENU LABEL centos7-x86_64
append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos7-x86_64
ipappend 2
MENU end
[root@cobbler ~]#
Description: cobbler import mirrored image information is added by default to the boot menu file
So far CLI-based cobbler server build better
test
Note: You can see a mirror image of our import menu has come out
Note: this test server-based cobbler CLI management has passed, you can automate the normal installation system
Seven, cobbler management
1) List View image has been imported
[root@cobbler ~]# cobbler distro list centos6.9-x86_64 centos7-x86_64
2) Check Start menu list
[root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-x86_64 [root@cobbler ~]#
3) add new menu items
[root@cobbler ~]# cobbler profile add --name=centos7-desktop --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7-desktop.cfg
[root@cobbler ~]# cobbler profile list
centos6.9-x86_64
centos7-desktop
centos7-x86_64
[root@cobbler ~]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTAL TIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL centos6.9-x86_64
kernel /images/centos6.9-x86_64/vmlinuz
MENU LABEL centos6.9-x86_64
append initrd=/images/centos6.9-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos6.9-x86_64
ipappend 2
LABEL centos7-desktop
kernel /images/centos7-x86_64/vmlinuz
MENU LABEL centos7-desktop
append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos7-desktop
ipappend 2
LABEL centos7-x86_64
kernel /images/centos7-x86_64/vmlinuz
MENU LABEL centos7-x86_64
append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.105/cblr/svc/op/ks/profile/centos7-x86_64
ipappend 2
MENU end
[root@cobbler ~]#
说明:指定kickstart应答文件,需要将其直接制作好的应答文件放入到/var/lib/cobbler/kickstarts/目录下;如果是自己制作的kickstart应答文件,还需要将其里的url 改成url --url=$tree,这样cobbler就可以根据自己的环境去找yum仓库;有关kickstart应答文件的制作请参考本人博客https://www.cnblogs.com/qiuhom-1874/p/11789583.html
4)删除原有的菜单启动项
[root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-desktop centos7-x86_64 [root@cobbler ~]# cobbler profile remove --name=centos7-x86_64 [root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-desktop [root@cobbler ~]#
5)更改现有的菜单启动项的名称
[root@cobbler ~]# cobbler profile list centos6.9-x86_64 centos7-desktop [root@cobbler ~]# cobbler profile rename --name=centos6.9-x86_64 --newname=centos6-mini-x86_64 [root@cobbler ~]# cobbler profile list centos6-mini-x86_64 centos7-desktop [root@cobbler ~]#
6)显示菜单项的详细内容
[root@cobbler ~]# cobbler profile report --name=centos7-desktop
Name : centos7-desktop
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : centos7-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/centos7-desktop.cfg
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : xenpv
[root@cobbler ~]#
八、实现cobbler基于web管理
1)安装cobbler-web
[root@cobbler ~]# yum install cobbler-web -y
2)查看cobbler-web安装了那些东西
[root@cobbler ~]# rpm -ql cobbler-web /etc/httpd/conf.d/cobbler_web.conf /usr/share/cobbler/web
省略部分内容……
说明:可以看到cobbler-web包生成了一个http的子配置文件,要想子配置文件生效需要重启httpd服务
3)重启httpd服务
[root@cobbler ~]# systemctl restart httpd
4)用浏览器登录
说明:cobbler基于web管理是走的https,证书是自签名证书,浏览器默认会提示用户访问此网站有危险存在,我们可以选择安装证书来信任此网站,也可以点高级继续浏览
说明:cobbler基于web的方式默认登录用户名是cobbler,密码也是cobbler
说明:至此cobbler基于web管理方式就搭建完毕,接下来再说说cobbler-web的用户验证
九、cobbler-web的用户验证配置
1)认证方式配置文件:/etc/cobbler/modules.conf
[root@cobbler ~]# cat /etc/cobbler/modules.conf # cobbler module configuration file # ================================= # authentication: # what users can log into the WebUI and Read-Write XMLRPC? # choices: # authn_denyall -- no one (default) # authn_configfile -- use /etc/cobbler/users.digest (for basic setups) # authn_passthru -- ask Apache to handle it (used for kerberos) # authn_ldap -- authenticate against LDAP # authn_spacewalk -- ask Spacewalk/Satellite (experimental) # authn_pam -- use PAM facilities # authn_testing -- username/password is always testing/testing (debug) # (user supplied) -- you may write your own module # WARNING: this is a security setting, do not choose an option blindly. # for more information: # https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface # https://github.com/cobbler/cobbler/wiki/Security-overview # https://github.com/cobbler/cobbler/wiki/Kerberos # https://github.com/cobbler/cobbler/wiki/Ldap [authentication] module = authn_configfile
说明:cobbler-web默认配置方式是authn_configfile,从上面的注释信息可以了解到 /etc/cobbler/users.digest是保存cobbler-web的用户信息
2)查看/etc/cobbler/users.digest文件
[root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 [root@cobbler ~]#
说明:此文件的格式用户名:领域:加密的口令
3)添加用户
[root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 [root@cobbler ~]# htdigest /etc/cobbler/users.digest Cobbler admin Adding user admin in realm Cobbler New password: Re-type new password: [root@cobbler ~]# cat /etc/cobbler/users.digest cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 admin:Cobbler:ea0fd5384fa2ee91ab834bba50fc90a4 [root@cobbler ~]#
说明:htdigest添加用户的时候,需要指明存用户信息的文件,领域(cobbler_web的领域必须是Cobbler),用户,然后回车输入口令,它就会在指定存放用户名口令的文件里记录我们创建的用户信息
4)用新创建的用户登录
说明:可以看到我们刚才创建的用户是可以正常登录系统的
5) 使用authn_pam模块认证cobbler_web用户
1)编辑/etc/cobbler/modules.conf,将[authentication]语句下的 module = authn_configfile 修改为 module = authn_pam
[root@cobbler ~]# oot@cobbler ~]# vim /etc/cobbler/modules.conf ▽ # cobbler module configuration file # ================================= # authentication: # what users can log into the WebUI and Read-Write XMLRPC? # choices: # authn_denyall -- no one (default) # authn_configfile -- use /etc/cobbler/users.digest (for basic setups) # authn_passthru -- ask Apache to handle it (used for kerberos) # authn_ldap -- authenticate against LDAP # authn_spacewalk -- ask Spacewalk/Satellite (experimental) # authn_pam -- use PAM facilities # authn_testing -- username/password is always testing/testing (debug) # (user supplied) -- you may write your own module # WARNING: this is a security setting, do not choose an option blindly. # for more information: # https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface # https://github.com/cobbler/cobbler/wiki/Security-overview # https://github.com/cobbler/cobbler/wiki/Kerberos # https://github.com/cobbler/cobbler/wiki/Ldap [authentication] module = authn_pam "/etc/cobbler/modules.conf" 83L, 3069C 已写入 [root@cobbler ~]#
2)创建系统用户
[root@cobbler ~]# useradd -r -s /sbin/nologin cobbleradmin [root@cobbler ~]# id cobbleradmin uid=997(cobbleradmin) gid=993(cobbleradmin) 组=993(cobbleradmin) [root@cobbler ~]# getent passwd cobbleradmin cobbleradmin:x:997:993::/home/cobbleradmin:/sbin/nologin [root@cobbler ~]#
[root@cobbler ~]# passwd cobbleradmin
更改用户 cobbleradmin 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@cobbler ~]#
3)编辑/etc/cobbler/users.conf
oot@cobbler ~]# vim /etc/cobbler/users.conf ▽ # Cobbler WebUI / Web Services authorization config file # # NOTICE: # this file is only used when /etc/cobbler/modules.conf # specifies an authorization mode of either: # # (A) authz_configfile # (B) authz_ownership # # For (A), any user in this file, in any group, are allowed # full access to any object in cobbler configuration. # # For (B), users in the "admins" group are allowed full access # to any object, otherwise users can only edit an object if # their username/group is listed as an owner of that object. If a # user is not listed in this file they will have no access. # # cobbler command line example: # # cobbler system edit --name=server1 --owner=dbas,mac,pete,jack # # NOTE: yes, you do need the equal sign after the names. # don't remove that part. It's reserved for future use. [admins] admin = "cobbleradmin" cobbler = "" "/etc/cobbler/users.conf" 28L, 860C 已写入 [root@cobbler ~]#
4)重启cobblerd服务后登录
[root@cobbler ~]# systemctl restart cobblerd
到此cobbler-web用户基于pam验证配置就完成了,后续我们就可以开心的在网页上点点来管理cobbler了