一、Cobbler介绍:
Cobbler(补鞋匠)是一个快速网络安装Linux操作系统服务,并支持众多的Linux发行版:Red Hat、Fedora、CentOS、Debian、Ubuntu和SuSE,同样也支持网络安装windows系统。使用Cobbler,无需进行人工操作即可安装系统。
Cobbler为Python编写,具有小巧轻便的特点,提供了CLI和Web的管理形式,作为PXE的二次开发,将多种安装参数都集合封装到一个菜单里,实现了更便捷的系统无人批量安装。
以下为Cobbler组成结构:
安装包:
Cobbler
Cobbler服务集成:
PXE
DHCP
rsync
HTTP
DNS
Kickstart
IPMI电源管理
检查Cobbler环境:
Cobbler check
二、Cobbler工作流程
- Client裸机配置从网络启动后,开机会广播包请求DHCP服务器(Cobbler Server)发送其分配好的一个IP地址
- DHCP服务器(Cobbler Server)收到请求后发送responese,包括其IP地址
- Client裸机获取到IP地址后再向Cobbler Server发送请求OS引导文件的请求
- Client裸机通过上面告知的TFTP Server地址通信,下载引导文件
- Client裸机执行该引导文件,确定加载信息,选择要安装的OS,期间会再向Cobbler Server请求kickstart文件和OS image
- Client裸机加载kickstart文件
- Client裸机接收到OS image,安装该os image
三、Cobbler目录介绍
数据目录:
- /var/lib/cobbler/config/:用于存放distros,system,profiles等信息配置文件
- /var/lib/cobbler/triggers/:用于存放用户定义的cobbler命令
- /var/lib/cobbler/kickstart/:默认存放kickstart文件
- /var/lib/cobbler/loaders/:存放各种引导程序
镜像目录:
- /var/www/cobbler/ks_mirror/:导入的发行版本系统的所有数据
- /var/www/cobbler/images/:导入发行版的kernel和initrd镜像用于远程网络启动
- /var/www/cobbler/repo_mirror/:yum仓库存储目录
日志目录:
- /var/log/cobbler/installing:客户端安装日志
- /var/log/cobbler/cobbler.log:cobbler日志
四、命令介绍
- cobbler check :核对当前配置是否原问题
- cobbler list:列出所有的cobbler元素
- cobbler report:列出元素的详细详细
- cobbler sync:同步配置到数据目录,更改配置最好都要执行下
- cobbler reposync:同步yum仓库
- cobbler distro:查看导入的发行版系统信息
- cobbler system:查看添加的系统信息
- cobbler profile:查看配置信息
五、安装配置(以下安装配置均在Centos7.3下进行)
1.确保实验进行顺利,建议关闭SElinux、iptables
[root@CentOS7 ~]#setenforce 0 #临时关闭
[root@CentOS7 ~]#vim /etc/selinux/config
SELINUX=disabled #设置为disabled,永久生效
[root@CentOS7 ~]#systemctl disable firewalld.service #禁止Firewall开机启动
[root@CentOS7 ~]#systemctl stop firewalld.service #停止Firewall
[root@CentOS7 ~]#iptables -F #清空防火墙策略
2.通过yum安装相关程序包,并开启服务
[root@CentOS7 ~]#yum install cobbler dhcp
[root@CentOS7 ~]#systemctl enable cobblerd #设置服务开机启动
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.
[root@CentOS7 ~]#systemctl start cobblerd #启动服务
[root@CentOS7 ~]#systemctl enable tftp #设置服务开机启动
Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket.
[root@CentOS7 ~]#systemctl start tftp #启动服务
[root@CentOS7 ~]#systemctl enable httpd #设置服务开机启动
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@CentOS7 ~]#systemctl start httpd #启动服务
cobbler的运行依赖于dhcp、tftp、rsync及dns服务,其中dhcp可由dhcpd(isc)提供,可以由dnsmasq提供;tftp可由tftp-server程序包提供,也可由cobbler功能提供,rsync有rsync程序包提供,dns可由bind提供,也可由dnsmasq提供
3.cobbler check检查配置文件,并根据提示进行修改
[root@CentOS7 ~]#cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : change 'disable' to 'no' in /etc/xinetd.d/tftp
5 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
6 : enable and start rsyncd.service with systemctl
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : ksvalidator was not found, install pykickstart
9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
10 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
上述部分配置报错可以置之不理
根据提示修改/etc/cobbler/settings配置文件
default_password_crypted: "$1$8ckh4FrM$ayLsgQi85bi8Nt5Gj4Drj/" #openssl passwd -1 生成口令
next_server: 192.168.25.107
manage_dhcp: 1
server: 192.168.25.107
重新启动cobbler并同步数据响应的目录
[root@CentOS7 ~]#systemctl restart cobblerd
[root@CentOS7 ~]#cobbler sync
4.生成dhcp模板文件
[root@CentOS7 ~]#vim /etc/cobbler/dhcp.template
subnet 192.168.7.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.7.100 192.168.7.200;
5.准备启动文件和菜单风格文件
以下有两种方式:
连接internet:
[root@CentOS7 /var/lib/cobbler/loaders]#cobbler get-loaders
拷贝文件:
cp /var/lib/tftpboot/{menu.c32,pxelinux.0} /var/lib/cobbler/loaders
6.import导入yum
import将挂载的光盘镜像文件导入
[root@CentOS7 /var/lib/cobbler/loaders]#cobbler import --path=/mnt/cdrom --name=centos7.3 --arch=x86_64
[root@CentOS7 /var/lib/cobbler/loaders]#cobbler distro list #查看导入的发行版系统信息
centos7.3-x86_64
7.准备kickstart 文件并导入cobbler
如果有kickstart文件,可以使用--kickstart=/path/to/kickstart_file进行导入,因此import会自动为导入的distro生成一个profile
[root@CentOS7 /var/lib/cobbler/kickstarts]#cp /app/anaconda-ks.cfg centos7.cfg
将修改好的应答文件cp至当前目录
将应答文件与配置文件做关联
[root@CentOS7 /var/lib/cobbler/kickstarts]#cobbler profile remove --name=centos7.3-x86_64 #删除profile
[root@CentOS7 /var/lib/cobbler/kickstarts]#cobbler profile add --name=centos7.3_mini --distro=centos7.3-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg #与配置文件关联
[root@CentOS7 /var/lib/cobbler/kickstarts]#cobbler sync
[root@CentOS7 /var/lib/cobbler/kickstarts]#cobbler profile list
centos7.3_mini
8.测试:
image.png
9.使用cobbler_web
cobbler_web支持多种认证方式,如authn_configfil、authn_ldap或authn_pam等,默认为authn_denyall,既拒绝所有用户登陆。下面使用两种认证方式登陆cobbler_web方式。
首先安装cobbler-web
[root@CentOS7 ~]#yum install cobbler-web
安装完成后需重启httpd服务,不然无法显示cobbler界面
[root@CentOS7 ~]#systemctl restart httpd
打开/etc/cobbler/modules.conf查看默认认证方式
# cobbler module configuration file
# =================================
# authentication:
# what users can log into the WebUI and Read-Write XMLRPC?
# choices:
# authn_denyall -- no one (default)
# authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
# authn_passthru -- ask Apache to handle it (used for kerberos)
# authn_ldap -- authenticate against LDAP
# authn_spacewalk -- ask Spacewalk/Satellite (experimental)
# authn_pam -- use PAM facilities
# authn_testing -- username/password is always testing/testing (debug)
# (user supplied) -- you may write your own module
# WARNING: this is a security setting, do not choose an option blindly.
# for more information:
# https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
# https://github.com/cobbler/cobbler/wiki/Security-overview
# https://github.com/cobbler/cobbler/wiki/Kerberos
# https://github.com/cobbler/cobbler/wiki/Ldap
[authentication]
module = authn_configfile #默认的认证方式
9.1使用authn_configfile 模块认证cobbler_web用户,创建其认证文件/etc/cobbler/users.digest ,并添加所需的用户
[root@CentOS7 ~]#htdigest -c /etc/cobbler/users.digest Cobbler lai
Adding password for lai in realm Cobbler.
New password:
Re-type new password:
[root@CentOS7 ~]#cat /etc/cobbler/users.digest
lai:Cobbler:7d2dd34ccc1e2dfce76d8f0de1d74487
1f3 #创建的用户内容
[root@CentOS7 ~]#systemctl restart cobblerd #重启cobblerd服务
(注意:添加第一个用户时,使用“-c”选项,后续添加其他用户时不要再使用,cobbler_web的realm只能为cobber)
通过https://192.168.7.63/cobbler_web访问
image.png
9.2使用authn_pam模块认证cobbler_web用户
[root@CentOS7 ~]#vim /etc/cobbler/modules.conf
1 # cobbler module configuration file
2 # =================================
3
4 # authentication:
5 # what users can log into the WebUI and Read-Write XMLRPC?
6 # choices:
7 # authn_denyall -- no one (default)
8 # authn_configfile -- use /etc/cobbler/users.digest (for basic setups)
9 # authn_passthru -- ask Apache to handle it (used for kerbe ros)
10 # authn_ldap -- authenticate against LDAP
11 # authn_spacewalk -- ask Spacewalk/Satellite (experimental)
12 # authn_pam -- use PAM facilities
13 # authn_testing -- username/password is always testing/testing (debug)
14 # (user supplied) -- you may write your own module
15 # WARNING: this is a security setting, do not choose an option blindly.
16 # for more information:
17 # https://github.com/cobbler/cobbler/wiki/Cobbler-web-interface
18 # https://github.com/cobbler/cobbler/wiki/Security-overview
19 # https://github.com/cobbler/cobbler/wiki/Kerberos
20 # https://github.com/cobbler/cobbler/wiki/Ldap
21
22 [authentication]
23 module = authn_pam #修改为基于authn_pam模块
创建针对authn_pam模块认证的账号
[root@CentOS7 ~]#useradd cobbleruser
[root@CentOS7 ~]#echo centos | passwd --stdin cobbleruser
Changing password for user cobbleruser.
passwd: all authentication tokens updated successfully.
修改/etc/cobbler/users.conf文件,将设定的用户添加为admin参数的值即可。
[root@CentOS7 ~]#vim /etc/cobbler/users.conf
1 # Cobbler WebUI / Web Services authorization config file
2 #
3 # NOTICE:
4 # this file is only used when /etc/cobbler/modules.conf
5 # specifies an authorization mode of either:
6 #
7 # (A) authz_configfile
8 # (B) authz_ownership
9 #
10 # For (A), any user in this file, in any group, are allowed
11 # full access to any object in cobbler configuration.
12 #
13 # For (B), users in the "admins" group are allowed full access
14 # to any object, otherwise users can only edit an object if
15 # their username/group is listed as an owner of that object. If
a
16 # user is not listed in this file they will have no access.
17 #
18 # cobbler command line example:
19 #
20 # cobbler system edit --name=server1 --owner=dbas,mac,pete,j
ack
21 #
22 # NOTE: yes, you do need the equal sign after the names.
23 # don't remove that part. It's reserved for future use.
24
25 [admins]
26 admin = "cobbleruser" #添加用户
27 cobbler = ""
[root@CentOS7 ~]#systemctl restart cobblerd #重启cobblerd服务
cobbleruser登陆
1.png
总结:
Cobbler作为一款快速网络安装linux服务,实现了批量系统安装,无需进行人工干预即可安装,达到了基本的自动化运维需求
网友评论