配置yum源
[root@localhost network-scripts]# rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
[root@localhost network-scripts]# yum makecache
开始安装Cobbler
安装cobbler以及相关的软件
[root@localhost network-scripts]# yum -y install httpd dhcp tftp python-ctypes cobbler xinetd cobbler-web
#启动服务
[root@localhost network-scripts]# systemctl start httpd
[root@localhost network-scripts]# systemctl enable httpd
[root@localhost network-scripts]# systemctl enable cobblerd
[root@localhost network-scripts]# systemctl start cobblerd
#cobbler check 检查相关配置
[root@localhost network-scripts]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
#问题4(先做此步骤)
[root@localhost network-scripts]# cobbler get-loaders
#问题1
#一定要填入当前联网的那个网卡IP,不然后面cobbler get-loaders时候无法联网,这里后面还会再改
[root@localhost network-scripts]# sed -i 's/^server: 127.0.0.1/server: 10.0.0.2/' /etc/cobbler/settings
#问题2
#一定要填入当前联网的那个网卡IP,不然后面cobbler get-loaders时候无法联网,这里后面还会再改
[root@localhost network-scripts]# sed -i 's/^next_server: 127.0.0.1/next_server: 10.0.0.2/' /etc/cobbler/settings
#问题3
[root@localhost network-scripts]# vim /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no #修改项
per_source = 11
cps = 100 2
flags = IPv4
}
#问题5
[root@localhost ~]# systemctl enable rsyncd
[root@localhost ~]# systemctl start rsyncd
#问题6
可以忽略
#问题7
[root@localhost ~]# openssl passwd -1 -salt '123456' '123456'
$1$123456$wOSEtcyiP2N/IfIl15W6Z0
[root@localhost ~]# vim /etc/cobbler/settings
default_password_crypted: "$1$123456$wOSEtcyiP2N/IfIl15W6Z0"
配置cobbler-DHCP
#修改cobbler配置
[root@localhost ~]# vim /etc/cobbler/settings
manage_dhcp: 1
#修改dhcp.templates配置文件
[root@localhost network-scripts]# vim /etc/cobbler/dhcp.template
#10.0.0.0为网段地址
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.2;
option domain-name-servers 10.0.0.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 10.0.0.100 10.0.0.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
[root@localhost ~]# systemctl restart cobblerd.service
[root@localhost ~]# cobbler sync
task started: 2018-06-28_125356_sync
task started (id=Sync, time=Thu Jun 28 12:53:56 2018)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
#检查
[root@localhost ~]# netstat -lnup|grep dhcp
udp 0 0 0.0.0.0:67 0.0.0.0:* 6668/dhcpd
更改nat让所有机器都能上网
iptables -F
iptables -t nat -F
#下面改成自己能连接外网的那个网卡
iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE
#或者用SNAT
iptables -t nat -A POSTROUTING -s 192.168.80.0/24 -j SNAT --to-source 10.144.235.10
#也可以转发到网卡
iptables-t nat -A POSTROUTING -s 192.168.80.0/24 -o eth0 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward
导入镜像
[root@localhost ~]# ls /root/ubuntu-18.04-server-amd64.iso
/root/ubuntu-18.04-server-amd64.iso
[root@localhost ~]# mkdir -p /mnt/ubuntu-18.04-server-amd64
[root@localhost ~]# mount -o loop /root/ubuntu-18.04-server-amd64.iso /mnt/ubuntu-18.04-server-amd64/
[root@localhost ~]# cobbler import --path=/mnt/ubuntu-18.04-server-amd64/ --name=ubuntu-18.04-7.9 --arch=x86_64
[root@localhost ~]# cobbler repo remove --name=ubuntu-18.04-7.2-x86_64
[root@PXE-Server ~]# cobbler list
distros:
ubuntu-18.04-7.2-x86_64
profiles:
ubuntu-18.04-7.9-x86_64
systems:
repos:
images:
mgmtclasses:
packages:
files:
[root@localhost kickstarts]# cobbler report
Name : ubuntu-18.04-7.9-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : ubuntu-18.04-7.2-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/sample.seed
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : xenpv
mgmtclasses:
==========
packages:
==========
files:
==========
#修改ks文件
[root@localhost kickstarts]# cobbler profile remove --name=ubuntu-18.04-7.6-x86_64
[root@localhost kickstarts]# cobbler profile add --name="ubuntu-18.04-7.6-x86_64" --distro=ubuntu-18.04-7.2-x86_64 --kickstart=/var/lib/cobbler/kickstarts/sample.seed.7.3
[root@localhost kickstarts]# cobbler sync
seed文件
由于自带源太慢了,我们删除了repo,所以只安装了自带的ssh,其它的可以等系统安装好后自行安装,同时文件中还添加了一个普通用户
d-i debian-installer/locale string en_US
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/layoutcode string us
d-i keyboard-configuration/variantcode string
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string $myhostname
d-i time/zone string US/Eastern
d-i clock-setup/utc boolean true
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string ntp.ubuntu.com
d-i mirror/country string manual
d-i mirror/http/hostname string $http_server
d-i mirror/http/directory string $install_source_directory
d-i mirror/http/proxy string
d-i live-installer/net-image string http://$http_server/cobbler/links/$distro_name/install/filesystem.squashfs
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select fsm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-auto/expert_recipe string \
fsm :: \
1024 100% 1024 linux-swap method{ swap } \
format{ } \
. \
20480 20480 20480 ext4 method{ format } \
mountpoint{ /tmp } \
format{ } use_filesystem{ } filesystem{ ext4 } \
options/relatime{ relatime } \
. \
1 2048 1000000000 ext4 method{ format } \
mountpoint{ /data } \
format{ } use_filesystem{ } filesystem{ ext4 } \
options/relatime{ relatime } \
.
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-lvm/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/confirm boolean true
d-i partman/choose_partition \
select Finish partitioning and write changes to disk
d-i passwd/root-login boolean true
d-i passwd/root-password-crypted paddssword $default_password_crypted
d-i passwd/make-user boolean true
d-i passwd/user-fullname string ksuser
d-i passwd/username string ksuser
d-i passwd/user-password-crypted password $1$GzKX2YeQ$0e1.0/A6SvTuVE0l8C3eT1
d-i passwd/user-uid string
d-i user-setup/allow-password-weak boolean false
d-i user-setup/encrypt-home boolean false
d-i passwd/user-default-groups string sudo adm cdrom dialout lpadmin plugdev sambashare
d-i apt-setup/services-select multiselect security
d-i apt-setup/security_host string mirrors.aliyun.com
d-i apt-setup/security_path string /ubuntu
d-i debian-installer/allow_unauthenticated string false
$SNIPPET('preseed_apt_repo_config')
# d-i pkgsel/include string ntp ssh wget vim
d-i pkgsel/include string ssh
d-i grub-installer/only_debian boolean true
d-i finish-install/reboot_in_progress note
d-i preseed/early_command string wget -O- \
http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_early_default | \
/bin/sh -s
d-i preseed/late_command string wget -O /target/etc/apt/sources.list http://$http_server/sources.list ; \
wget -O /target/etc/locale.conf http://$http_server/locale.conf ; \
wget -O /target/etc/default/locale http://$http_server/locale ; \
cd /target ; \
chroot ./ apt-get update
seed文件最后下载了三个文件,sources.list locale.conf locale
三个文件放在httpd的目录/var /www/html/中,
sources.list 存放apt的源
locale.conf locale 编码
sources.list
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
locale
# File generated by update-locale
LANG="en_US"
LANGUAGE="en_US:"
LANG="en_US.UTF-8"
locale.conf
LANG="en_US.UTF-8"
安装完成,下面是自己记录的文件分发脚本
写了三个文件用来做文件批量分发
wsl1.sh wsl2.sh install.sh
wsl1.sh 做端口扫描,用Cron跑wsl1.sh就好
#!/bin/bash
export TOP_PID=$$
trap 'exit 1' TERM
exit_script(){
kill -s TERM $TOP_PID
}
if [ -f "/root/install" ];then
exit_script
else
touch /root/install
nmap -sP 192.168.6.0/24 > /root/nampip
echo "" > /root/ip
cat /root/nampip |grep "Nmap scan report for" | while read myline
do
echo ${myline#*Nmap scan report for} >> /root/ip
done
cat /root/ip |while read myip
do
/root/wsl2.sh $myip
done
rm -rf /root/install
fi
wsl2.sh 用expect来连接做一些操作,在前面的seed文件中,我们添加了一个普通用户,而且只安装了ssh,所以我们需要安装后做一些操作
#!/usr/bin/expect
set host [lindex $argv 0]
set passwd "ABCabc123"
spawn ssh ksuser@$host
set timeout 5
expect {
"yes/no" { send "yes\r"; exp_continue}
"assword:" { send "$passwd\r" }
}
expect "@*"
send "sudo su\r"
expect "password*"
send "$passwd\r"
################
#下载脚本并执行#
################
expect "@*"
send "cd /root/\r"
expect "@*"
send "apt-get install -y wget\r"
set timeout 20
#expect "@*"
#send "apt-get install -y coreutils\r"
#set timeout 20
#expect "@*"
#send "apt-get install -y screen\r"
#set timeout 20
expect "@*"
send "wget http://192.168.6.1/install.sh\r"
set timeout 20
expect "@*"
send "chmod +x /root/install.sh\r"
expect "@*"
send "nohup /root/install.sh >/dev/null 2>&1 & \r"
send "\r"
#send "screen\r"
#expect "@*"
#send "./install.sh"
expect "@*"
send "exit\r"
install.sh 则是下载到目标机器自动跑的脚本,需要放到httpd中
#!/bin/bash
export TOP_PID=$$
trap 'exit 1' TERM
exit_script(){
kill -s TERM $TOP_PID
}
if [ -f "/usr/bin/vim" ];then
rm -rf /root/install.sh.1
exit_script
else
if [ -f "/root/install" ];then
rm -rf /root/install.sh.1
exit_script
else
rm -rf /root/install.sh.1
touch /root/install
apt-get update
apt-get update --fixing
apt-get install -y ubuntu-desktop
apt-get install -y vim
rm -fr /root/install*
reboot
fi
参考资料
cobbler http://www.cnblogs.com/chengtai/p/7161711.html
preseed https://blog.csdn.net/zouyee/article/details/48417775
网友评论