知识点

• Razor
• microkernel
• repository
• tags
• broker
• policy
• winPE

Razor安装

• Database安置
• Razor Server安置
• Razor Client安置

自动化部署centos7

• 安装配置dnsmasq DHCP/TFTP/iPXE
• 导入iPXE软件
• 通过microkernel注册裸机节点
• 创建镜像文件repository
• 创建节点tags
• 创建broker
• 创建policy

自动化部署win7（失败）

• 配置samba
• 通过microkernel注册裸机节点（方法同上）
• 创建镜像文件repository
• 创建win7PE（失败）
• 创建节点tags
• 创建broker
• 创建policy

---

---

知识点

---

• Razor
  Razor is a provisioning application that deploys bare-metal systems. Policy-based provisioning lets you use characteristics of the hardware as well as user-provided data to make provisioning decisions. You can automatically discover bare-metal hardware, dynamically configure operating systems and hypervisors, and hand off nodes to Puppet for workload configuration.

Whenever a new node gets added, Razor discovers its characteristics by booting it with the Razor microkernel and inventorying its facts. The node is tagged based on its characteristics. Tags contain a match condition — a Boolean expression that has access to the node’s facts and determines whether the tag should be applied to the node or not. Node tags are compared to tags in the policy table. The first policy with tags that match the node’s tags is applied to the node.

• microkernel
  razor定制的小型linux，用于启动裸机节点并收集信息

• repository
  用于存放系统安装文件的库

• 可通过以下三种参数创建不同类型的库

      url           – Points to content available on another server, for example, on a mirror that you maintain.
      iso-url       – Downloads and unpacks an ISO on the Razor server.
      no_content    – Creates a stub directory on the Razor server that you can manually fill with content.
  

• 创建库的语法：
  razor create-repo --name=<repo name> --task <task name> --iso-url <URL>

• 获取帮助：
  razor create-repo --help

• tags
  由唯一的名称和匹配规则组成，用于归类满足匹配规则的裸机节点。

• 将内存小于2G的节点归类为OldPC
  razor create-tag --name OldPC --rule '["<", ["num", ["fact", "memorysize_mb"]], 2048]'

• 大于4个cpu（以上规则还可以这样写）
  [">", ["num", ["fact", "processorcount"]], 4]

• 包含相关mac地址（也可以这样写）
  ["has_macaddress", "00:1a:4a:16:01:54", "00:1a:4a:16:01:55"]

• 获取帮助
  razor create-tag --help

• broker

• 默认三种类型

     puppet-pe  – Hands off node management to Puppet Enterprise. This broker specifies the address of the Puppet server, the Puppet Enterprise version, and for Windows, the location of the Windows agent installer.
     puppet   – Hands off management to open source Puppet. This broker specifies the address of the Puppet server, the node certname, and the environment.
     noop  – Doesn’t hand off management. A no-op broker can be useful for getting started quickly or doing a basic installation without configuration management.
  

• 可以自行创建类型
  参考：https://docs.puppet.com/pe/latest/razor_brokers.html

  • policy
    告诉Razor该装什么系统（软件），哪里获取安装文件以及如何配置此系统。

• 创建方法
  razor create-policy --name centos-for-OldPC --repo centos-6 --broker noop --tag OldPC --root-password secret --max-count 20

• winPE

Razor安装

---

Database安置

主机centos7对应库的postgresql版本太低，从postgresql官方站点安装最新版postgresql
yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-redhat96-9.6-3.noarch.rpm
查看相关postgresql包名称
yum list postgresql*
安装新版postgresql
yum install postgresql96-server
初始化postgresql-9.6
/usr/pgsql-9.6/bin/postgresql96-setup initdb
设置postgresql-9.6开机自启动
systemctl enable postgresql-9.6.service
启动postgresql-9.6服务
systemctl start postgresql-9.6.service

允许本地通过用户名密码连接postgresql数据库
vim /var/lib/pgsql/9.6/data/pg_hba.conf

local   all             all                                     trust
host    all             all             127.0.0.1/32            trust

为razor服务器创建数据库razor_prd和用户razor
su - postgres
createuser -P razor #password:razor
createdb -O razor razor_prd

安装razor-server

将安装相关文件并创建用户razor来运行服务
yum install http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
yum install razor-server

配置razor连接到razor_prd数据库的参数
vim /etc/razor/config.yaml

  production:
    database_url: 'jdbc:postgresql:razor_prd?user=razor&password=razor'

将数据导入到数据库
razor-admin -e production migrate-database

启动razor-server服务
service razor-server start

验证服务是否已正常启动
wget http://localhost:8150/api

安装razor-client

yum install -y gem
gem install razor-client
razor -u http://razor:8150/api --help #验证是否正确安装

导入microkernel到razor库
cd /var/lib/razor/repo-store
wget https://s3-us-west-2.amazonaws.com/razor-releases/microkernel-007.tar
tar xvf /root/microkernel-007.tar

自动化部署centos7

---

安装配置dnsmasq DHCP/TFTP/iPXE

yum install -y dnsmasq
vim /etc/dnsmasq.conf

conf-dir=/etc/dnsmasq.d
listen-address=192.168.122.217,127.0.0.1
dhcp-range=192.168.122.50,192.168.122.55,12h

mkdir /var/lib/tftpboot
chmod 655 /var/lib/tftpboot

vim /etc/dnsmasq.d/razor

# This works for dnsmasq 2.45
# iPXE sets option 175, mark it for network IPXEBOOT
dhcp-match=IPXEBOOT,175
dhcp-boot=net:IPXEBOOT,bootstrap.ipxe
dhcp-boot=undionly.kpxe

# TFTP setup
enable-tftp
tftp-root=/var/lib/tftpboot

导入iPXE软件

wget http://boot.ipxe.org/undionly.kpxe -O /var/lib/tftpboot/undionly.kpxe

wget http://razor:8150/api/microkernel/bootstrap?nic_max=1 -O /var/lib/tftpboot/bootstrap.ipxe

通过microkernel注册安装节点

将裸机节点以PXE启动

在Razor服务器上查看节点信息razor nodes
[root@razor repo-store]# razor nodes

From http://localhost:8150/api/collections/nodes:

+-------+-------------------+-------+------------------+----------------+
| name  | dhcp_mac          | tags  | policy           | metadata count |
+-------+-------------------+-------+------------------+----------------+
| node1 | 00:1a:4a:16:01:54 | small | centos-for-small | 0              |
+-------+-------------------+-------+------------------+----------------+
Query an entry by including its name, e.g. `razor nodes node1`

razor nodes <NODE_NAME> facts
输出裸机的相关信息，后续可以参考这些项目来定义tags
[root@razor repo-store]# razor nodes node1 facts

From http://localhost:8150/api/collections/nodes/node1:

                virtual: kvm
            is_virtual: true
            hardwareisa: x86_64
            processors: 
                                models: [Intel Celeron_4x0 (Conroe/Merom Class Core 2)]
                                    count: 1
                            physicalcount: 1
        system_uptime: 
                            seconds: 4348
                            hours: 1
                            days: 0
                            uptime: 1:12 hours
            dhcp_servers: 
                            system: 192.168.122.217
                            eth0: 192.168.122.217
            network_eth0: 192.168.122.0
            network_lo: 127.0.0.0
            macaddress: 00:1a:4a:16:01:54
            architecture: x86_64
        hardwaremodel: x86_64
                    os: 
                            name: CentOS
                            family: RedHat
                            release: 
                                    major: 7
                                    minor: 1
                                        full: 7.1.1503
        facterversion: 2.4.4
            bios_vendor: SeaBIOS
            bios_version: seabios-1.7.5-11.el7
    bios_release_date: 04/01/2014
            manufacturer: oVirt
            productname: oVirt Node
            serialnumber: 4C4C4544-004C-4710-8032-B3C04F373232
                    uuid: A4DBC573-34AE-4BD3-9626-739C68A0AD08
                    type: Other
physicalprocessorcount: 1
    blockdevice_sr0_size: 1073741312
blockdevice_sr0_vendor: QEMU
blockdevice_sr0_model: QEMU DVD-ROM
            blockdevices: sr0
            processor0: Intel Celeron_4x0 (Conroe/Merom Class Core 2)
        processorcount: 1
            ipaddress: 192.168.122.54
            rubyplatform: x86_64-linux
            interfaces: eth0,lo
        ipaddress_eth0: 192.168.122.54
        macaddress_eth0: 00:1a:4a:16:01:54
            netmask_eth0: 255.255.255.0
                mtu_eth0: 1500
            ipaddress_lo: 127.0.0.1
            netmask_lo: 255.0.0.0
                mtu_lo: 65536
                    gid: root
        memorysize_mb: 991.59
        memoryfree_mb: 903.64
                uniqueid: 007f0100
                netmask: 255.255.255.0

Query additional details via: `razor nodes node1 facts [dhcp_servers, os, processors, system_uptime]`

创建镜像文件repository

因为本地已有iso镜像文件，所以采用file协议传文件，但要注意razor用户是否有目录和文件的读权限。
razor create-repo --name centos-7.0 --task centos --iso-url file:///root/CentOS-7.0-1406-x86_64-Minimal.iso

可以通过命令 razor commands来查看以上操作的执行状态。

如果以上执行状态为fail，可以重建名为centos-7.0的库，并手动将iso文件挂载到razor的repository
razor create-repo --name centos-7.0 --no-content --task centos
cd /var/lib/razor/repo-store
mkdir centos-7.0
mount /root/CentOS-7.0-1406-x86_64-Minimal.iso centos-7.0

创建节点tags

通过tags可以将裸机归类，以便按不同机器类型来部署不同OS发行版
razor create-tag --name small --rule '["<",["num",["fact","memorysize_mb"]],2048]'

查看哪些机器被标记为small
razor tags small nodes

创建broker

因没有安装puppet,所有就将broker类型配置为noop
razor create-broker --name nobroker --broker-type noop

创建policy

razor create-policy --name centos-for-small --repo centos-7.0 --tag small --root-password centec --hostname 'node1_vm.ctcnet.com' --broker nobroker

再次pxe启动裸机节点，将自动部署centos-7.0-minimal系统

自动化部署win7(失败)

---

前提条件

   要先准备安装win7的机器，在这台主机上制作包含razor脚本的winPE盘。同时服务器上要部署samba，以便winPE能访问win7系统安装文件。

安装配置samba

yum install samba -y

vim /etc/samba/smb.conf

     security = user
 #   passdb backend = tdbsam
     map to guest = bad user

    [razor]
        comment   = Windows Installers
        path      = /var/lib/razor/repo-store
        guest ok  = yes
        writable  = no
        browsable = yes

重启samba服务: systemctl restart smb

创建镜像文件repository

razor create-repo --name win7 --no-content --task win7
yum install http://mirrors.kernel.org/fedora-epel/epel-release-latest-7.noarch.rpm
yum install p7zip p7zip-plugins -y
cd /var/lib/razor/repo-store
mkdir win7&&cd win7
7z x /root/cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso

进入准备好的win7主机

安装ADK

https://download.microsoft.com/download/6/A/E/6AEA92B0-A412-4622-983E-5B305D2EBE56/adk/adksetup.exe

制作win7PE(失败)

 从Razor服务器拷贝/opt/razor/build-winpe/下所有文件到win7中，使用命令调用powershell脚本来制作PE镜像（制作失败）