46 puppet master-agent模型、运维工具介绍及pxe环境的实现、cobbler简单实现、CentOS7 cobbler

01 puppet master-agent模型

配置环境

node1 192.168.1.131 CentOS7.2

node2 192.168.1.132 CentOS7.2

node3 192.168.1.133 CentOS7.2

node4 192.168.1.134 CentOS7.2

1、agent节点扩展为master节点

[[email protected] ~]# yum -y install puppet-server-3.8.4-1.el7.noarch.rpm

[[email protected] ~]# rpm -ql puppet-server

/etc/puppet/environments

/etc/puppet/environments/example_env

/etc/puppet/environments/example_env/README.environment

/etc/puppet/environments/example_env/manifests

/etc/puppet/environments/example_env/modules

/etc/puppet/fileserver.conf

/etc/puppet/manifests

/usr/lib/systemd/system/puppetmaster.service

/usr/share/man/man8/puppet-ca.8.gz

/usr/share/man/man8/puppet-master.8.gz

[[email protected] ~]# cd /etc/puppet

[[email protected] puppet]# vim puppet.conf

[[email protected] puppet]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.1.131   node1

192.168.1.132   node2

192.168.1.133   node3

192.168.1.134   node4

[[email protected] puppet]# puppet master -v --no-daemonize

Info: Creating a new SSL key for ca

Info: Creating a new SSL certificate request for ca

Info: Certificate Request fingerprint (SHA256): 68:6E:25:1F:A2:C9:B9:25:D8:98:73:5E:2E:4B:8D:A9:D4:5C:30:DA:76:7E:55:0B:17:73:CC:56:CC:1D:CD:B1

Notice: Signed certificate request for ca

Info: Creating a new certificate revocation list

Info: Creating a new SSL key for node2

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for node2

Info: Certificate Request fingerprint (SHA256): 6B:D9:38:9C:F6:85:A7:FC:82:8C:D5:59:FA:73:6E:B0:84:F5:C7:AA:B9:F5:B5:4D:75:04:22:1A:2B:7F:99:0E

Notice: node2 has a waiting certificate request

Notice: Signed certificate request for node2

Notice: Removing file Puppet::SSL::CertificateRequest node2 at ‘/var/lib/puppet/ssl/ca/requests/node2.pem‘

Notice: Removing file Puppet::SSL::CertificateRequest node2 at ‘/var/lib/puppet/ssl/certificate_requests/node2.pem‘

Notice: Starting Puppet master version 3.8.4

[[email protected] puppet]# ls /var/lib/puppet/ssl/

ca                    certs    private       public_keys

certificate_requests  crl.pem  private_keys

[[email protected] puppet]# rm -rf /var/lib/puppet/ssl/*

#重新生成配置文件

[[email protected] puppet]# puppet master -v --no-daemonize

Info: Creating a new SSL key for ca

Info: Creating a new SSL certificate request for ca

Info: Certificate Request fingerprint (SHA256): F3:E1:22:ED:91:C4:40:C1:CF:03:70:2E:C8:95:00:72:39:9B:BF:AC:0F:B2:40:79:1E:ED:76:C1:09:A0:4D:2E

Notice: Signed certificate request for ca

Info: Creating a new certificate revocation list

Info: Creating a new SSL key for node2

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for node2

Info: Certificate Request fingerprint (SHA256): 48:91:99:06:65:B4:29:5C:B4:14:EA:20:B2:53:D6:30:55:78:56:65:B1:99:DA:15:CB:66:28:60:20:E6:1D:87

Notice: node2 has a waiting certificate request

Notice: Signed certificate request for node2

Notice: Removing file Puppet::SSL::CertificateRequest node2 at ‘/var/lib/puppet/ssl/ca/requests/node2.pem‘

Notice: Removing file Puppet::SSL::CertificateRequest node2 at ‘/var/lib/puppet/ssl/certificate_requests/node2.pem‘

Notice: Starting Puppet master version 3.8.4

[[email protected] puppet]# ls /usr/lib/systemd/system/pupp*

/usr/lib/systemd/system/puppetagent.service  /usr/lib/systemd/system/puppetmaster.service  /usr/lib/systemd/system/puppet.service

[[email protected] puppet]# systemctl start puppetmaster.service 

#配置agent

[[email protected] ~]# rpm -ivh epel-release-latest-7.noarch.rpm 

[[email protected] ~]# yum -y install facter-2.4.4-1.el7.x86_64.rpm puppet-3.8.4-1.el7.noarch.rpm

[[email protected] ~]# cd /etc/puppet/

[[email protected] puppet]# puppet agent --server=node2 --no-daemonize --noop --test --verboseInfo: Creating a new SSL key for node3

Info: Caching certificate for ca

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for node3

Info: Certificate Request fingerprint (SHA256): 70:FA:2D:17:6A:52:9F:EC:AE:7B:83:CD:F6:91:42:3D:4B:DE:79:61:7C:46:E4:D6:1E:65:4D:8F:8B:D0:A4:E1

Info: Caching certificate for ca

Exiting; no certificate found and waitforcert is disabled

[[email protected] puppet]# puppet cert list

  "node3" (SHA256) 70:FA:2D:17:6A:52:9F:EC:AE:7B:83:CD:F6:91:42:3D:4B:DE:79:61:7C:46:E4:D6:1E:65:4D:8F:8B:D0:A4:E1

[[email protected] puppet]# puppet cert sign node3

Notice: Signed certificate request for node3

Notice: Removing file Puppet::SSL::CertificateRequest node3 at ‘/var/lib/puppet/ssl/ca/requests/node3.pem‘

[[email protected] puppet]# puppet agent --server=node2 --no-daemonize --noop --test --verboseInfo: Creating a new SSL key for node3

Info: Caching certificate for ca

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for node3

Info: Certificate Request fingerprint (SHA256): 70:FA:2D:17:6A:52:9F:EC:AE:7B:83:CD:F6:91:42:3D:4B:DE:79:61:7C:46:E4:D6:1E:65:4D:8F:8B:D0:A4:E1

Info: Caching certificate for ca

Exiting; no certificate found and waitforcert is disabled

[[email protected] puppet]# puppet agent --server=node2 --no-daemonize  --verboseInfo: Caching certificate for node3

Info: Caching certificate_revocation_list for ca

Info: Caching certificate for node3

Notice: Starting Puppet client version 3.8.4

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for node3

Info: Applying configuration version ‘1481204536‘

Info: Creating state file /var/lib/puppet/state/state.yaml

Notice: Finished catalog run in 0.03 seconds

#列出所有证书

[[email protected] puppet]# puppet cert list --all

+ "node2" (SHA256) 2E:C8:71:41:A2:74:B9:41:20:85:30:7D:28:D2:5A:0D:4E:5C:CF:DD:54:F1:9F:82:C7:CB:1F:FD:42:31:91:81

+ "node3" (SHA256) EA:F3:56:95:E1:61:DD:63:B9:07:F0:0B:A9:CC:99:62:4C:1F:E1:7E:CF:83:1B:D7:B3:9A:B4:D9:B4:F5:27:8B

#清除node3结点证书

[[email protected] puppet]# puppet cert clean node3

Notice: Revoked certificate with serial 3

Notice: Removing file Puppet::SSL::Certificate node3 at ‘/var/lib/puppet/ssl/ca/signed/node3.pem‘

Notice: Removing file Puppet::SSL::Certificate node3 at ‘/var/lib/puppet/ssl/certs/node3.pem‘

[[email protected] puppet]# rm -f /var/run/puppet/agent.pid 

#重新签

[[email protected] puppet]# puppet agent --server=node2 --no-daemonize --verbose

Info: Creating a new SSL key for node3

Info: Caching certificate for ca

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for node3

Info: Certificate Request fingerprint (SHA256): 27:C9:FD:B5:64:F9:B7:22:94:CD:84:0B:20:24:3F:55:3A:FB:AB:24:CD:8F:CB:A2:CD:B9:54:DC:EB:FB:E0:B1

Info: Caching certificate for ca

[[email protected] puppet]# puppet cert list

  "node3" (SHA256) 27:C9:FD:B5:64:F9:B7:22:94:CD:84:0B:20:24:3F:55:3A:FB:AB:24:CD:8F:CB:A2:CD:B9:54:DC:EB:FB:E0:B1

[[email protected] puppet]# puppet cert sign node3

Notice: Signed certificate request for node3

Notice: Removing file Puppet::SSL::CertificateRequest node3 at ‘/var/lib/puppet/ssl/ca/requests/node3.pem‘

[[email protected] puppet]# cd manifests/

[[email protected] manifests]# vim /etc/puppet/modules/nginx/mainfets/init.pp 

class nginx {

package {‘nginx‘:

ensure  =>  latest,

name    =>  nginx,

} ->

service{‘nginx‘:

enable      =>  true,

ensure      =>  running,

hasrestart  =>  true,

restart     =>  ‘service nginx reload‘,

}   

}

class nginx::webserver inherits nginx {

file{‘/etc/nginx/nginx.conf‘:

source  => ‘puppet:///modules/nginx/nginx_web.conf‘,

ensure  =>  file,

notify  =>  Service[‘nginx‘],

require =>  Package[‘nginx‘],

}   

}

class nginx::proxy inherits nginx {

file{‘/etc/nginx/nginx.conf‘:

content => template(‘nginx/nginx_proxy.conf.erb‘),

ensure  =>  file,

notify  =>  Service[‘nginx‘],

require =>  Package[‘nginx‘],

}   

}

[[email protected] manifests]# pwd

/etc/puppet/manifests

[[email protected] manifests]# vim site.pp

node "node3" {

include nginx::proxy

}   

[[email protected] manifests]# systemctl restart puppetmaster.service 

[[email protected] puppet]#  puppet agent --server=node2 --no-daemonize --verbose

Notice: Starting Puppet client version 3.8.4

Info: Caching certificate_revocation_list for ca

Info: Retrieving pluginfacts

Info: Retrieving plugin

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class nginx::proxy for node3 on node node3

Notice: Using cached catalog

Info: Applying configuration version ‘1481204536‘

Notice: Finished catalog run in 0.04 seconds

[[email protected] puppet]# systemctl start puppetagent.service

02 puppet master-agent模型

[[email protected] puppet]# puppet config print environment

production

[[email protected] puppet]# vim autosign.conf

*.magedu.com

[[email protected] puppet]# systemctl restart puppetmaster.service

#自动签署agent证书

[[email protected] ~]# rpm -ivh epel-release-latest-7.noarch.rpm 

[[email protected] ~]# yum -y install facter-2.4.4-1.el7.x86_64.rpm puppet-3.8.4-1.el7.noarch.rpm 

[[email protected] ~]# puppet agent --server=node2.magedu.com --noop --no-daemonize --verbose --test

Info: Creating a new SSL key for node4

Info: Caching certificate for ca

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for node4

Info: Certificate Request fingerprint (SHA256): 4B:CE:22:CB:18:E7:E3:0E:B9:A5:24:0B:21:76:92:AE:A7:19:D4:4A:B1:FE:88:28:D6:07:85:15:DD:72:E8:35

Info: Caching certificate for ca

Exiting; no certificate found and waitforcert is disabled

[[email protected] puppet]# puppet cert list --all 

+ "node2.magedu.com" (SHA256) 45:11:FF:B1:0D:D8:27:A9:A3:29:9C:BC:F6:B8:67:80:4E:81:9A:7D:18:90:EF:8E:5B:98:C9:67:44:DF:40:54 (alt names: "DNS:node2.magedu.com", "DNS:puppet", "DNS:puppet.magedu.com")

+ "node3.magedu.com"            (SHA256) BD:C3:B5:8B:3D:D5:56:FF:D7:A5:19:AD:47:E9:04:94:B9:D9:78:49:84:6E:E3:AB:AE:9C:5D:B4:8C:B8:F8:C2

+ "node4.magedu.com" (SHA256) 9A:87:F9:8F:EC:9E:00:ED:C7:13:7B:4C:14:4D:E5:6F:11:7B:E4:C8:54:C8:B8:18:39:75:27:19:3D:67:0D:D3

[[email protected] puppet]# vim manifests/site.pp

node "node3.magedu.com" {

include nginx::proxy

}

node "node4.magedu.com" {

}

[[email protected] puppet]# systemctl restart puppetmaster.service 

[[email protected] ~]# puppet agent --server=node2.magedu.com --noop --no-daemonize --verbose --test

Info: Caching certificate for ca

Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml

Info: Creating a new SSL certificate request for node4.magedu.com

Info: Certificate Request fingerprint (SHA256): 4F:47:81:34:B7:66:24:80:81:EE:F0:7D:41:B8:D2:43:57:74:D4:A7:C9:87:6C:59:D4:63:98:B3:D4:49:0A:E8

Info: Caching certificate for node4.magedu.com

Info: Caching certificate_revocation_list for ca

Info: Caching certificate for ca

Info: Retrieving pluginfacts

Info: Retrieving plugin

Info: Caching catalog for node4.magedu.com

Info: Applying configuration version ‘1481293129‘

Info: Creating state file /var/lib/puppet/state/state.yaml

puppet kick模式

[[email protected] ~]# puppet agent --configprint environment

production

[[email protected] ~]# puppet config print | grep listen

listen = false

[[email protected] ~]# cd /etc/puppet/

[[email protected] puppet]# vim puppet.conf 

末行添加

listen = true

[[email protected] puppet]# systemctl restart puppetagent.service 

[[email protected] puppet]# vim namespaceauth.conf

[puppetrun]

allow node2.magedu.com

[[email protected] puppet]# systemctl restart puppetagent.service 

[[email protected] puppet]# mkdir -p /etc/puppet/modules/varnish/{manifests,files,templates,lib,tests,spec}

[[email protected] puppet]# vim /etc/puppet/modules/varnish/manifests/init.pp

class varnish {

package{‘varnish‘:

ensure  =>  latest,

}   

}   

[[email protected] puppet]# vim /etc/puppet/manifests/site.pp 

node "node3.magedu.com" {

include varnish

include nginx::proxy

}

node "node4.magedu.com" {

}

[[email protected] puppet]# systemctl restart puppetmaster.service

[[email protected] puppet]# vim auth.conf 

在倒数第四行# deny之前添加

path /run

method save

allow node2.magedu.com

[[email protected] puppet]# systemctl restart puppetagent.service 

[[email protected] puppet]# puppet kick node3.magedu.com

Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation

Warning: Failed to load ruby LDAP library. LDAP functionality will not be available

Triggering node3.magedu.com

Getting status

status is success

node3.magedu.com finished with exit code 0

Finished

[[email protected] puppet]# puppet apply -e ‘include varnish‘ --noop -v

Notice: Compiled catalog for node2.magedu.com in environment production in 0.95 seconds

Info: Applying configuration version ‘1481332757‘

Notice: /Stage[main]/Varnish/Package[varnish]/ensure: current_value absent, should be latest (noop)

Notice: Class[Varnish]: Would have triggered ‘refresh‘ from 1 events

Notice: Stage[main]: Would have triggered ‘refresh‘ from 1 events

Notice: Finished catalog run in 0.55 seconds

[[email protected] puppet]# vim namespaceauth.conf 

[puppetrunner]

allow node2.magedu.com

[[email protected] puppet]# systemctl restart puppetagent.service

03 运维工具介绍及pxe环境的实现

1、配置dhcp服务器

环境配置：

server: 192.168.1.151 CentOS release 6.5 

eth0: 192.168.1.151 bridge

eth1: vmnet2

[[email protected] ~]# yum install dhcp  -y

[[email protected] ~]# ifconfig eth1 10.0.10.1/24 up

[[email protected] ~]# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:06:DE:28  

          inet addr:192.168.1.151  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe06:de28/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2712 errors:0 dropped:0 overruns:0 frame:0

          TX packets:107 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:295129 (288.2 KiB)  TX bytes:12335 (12.0 KiB)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:06:DE:32  

          inet addr:10.0.10.1  Bcast:10.0.10.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe06:de32/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:0 (0.0 b)  TX bytes:468 (468.0 b)

[[email protected] ~]# cd /etc/dhcp/

[[email protected] dhcp]# cp  /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample dhcpd.conf

[[email protected] dhcp]# vim dhcpd.conf

option domain-name "magedu.com";

option domain-name-servers 192.168.1.1;

default-lease-time 43200;

max-lease-time 86400;

log-facility local7;

subnet 10.0.10.0 netmask 255.255.255.0 {

 range 10.0.10.21 10.0.10.50;

 option routers 10.0.10.1;

}  

[[email protected] dhcp]# service dhcpd start

查看客户端自动获得IP地址

[[email protected] dhcp]# tail /var/lib/dhcpd/dhcpd.leases

server-duid "\000\001\000\001\037\336a\327\000\014)\006\3362";

lease 10.0.10.21 {

  starts 6 2016/12/10 06:51:32;

  ends 6 2016/12/10 18:51:32;

  cltt 6 2016/12/10 06:51:32;

  binding state active;

  next binding state free;

  hardware ethernet 00:0c:29:bb:ea:bf;

}

为客户端分配指定IP地址：

[[email protected] dhcp]# vim dhcpd.conf

添加

host ftpserver {

 hardware ethernet 00:0c:29:bb:ea:bf;

 fixed-address 10.0.10.55;

}

[[email protected] dhcp]# service dhcpd restart

配置pxe

1、dhcp

[[email protected] dhcp]# vim dhcpd.conf

修改

subnet 10.0.10.0 netmask 255.255.255.0 {

 range 10.0.10.21 10.0.10.50;

 option routers 10.0.10.1;

}  

为 

subnet 10.0.10.0 netmask 255.255.255.0 {

 range 10.0.10.21 10.0.10.50;

 option routers 10.0.10.1;

 next-server 10.0.10.1;

 filename "pxelinux.0";

}

[[email protected] dhcp]# service dhcpd restart

2、tftp

[[email protected] dhcp]# yum -y install tftp-server tftp

[[email protected] dhcp]# chkconfig tftp on

[[email protected] dhcp]# service xinetd start

[[email protected] dhcp]# cp /etc/fstab /var/lib/tftpboot/

[[email protected] dhcp]# tftp 10.0.10.1

[[email protected] dhcp]# cd /var/lib/tftpboot/

[[email protected] tftpboot]# yum -y install syslinux

[[email protected] tftpboot]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

[[email protected] ~]# mount -r /dev/cdrom /mnt/

[[email protected] ~]# cd /mnt/isolinux/

[[email protected] isolinux]# ls

boot.cat  grub.conf   isolinux.bin  memtest     TRANS.TBL     vmlinuz

boot.msg  initrd.img  isolinux.cfg  splash.jpg  vesamenu.c32

[[email protected] isolinux]# cd ../images/pxeboot/

[[email protected] pxeboot]# ls

initrd.img  TRANS.TBL  vmlinuz

[[email protected] pxeboot]# cp vmlinuz initrd.img /var/lib/tftpboot/

[[email protected] pxeboot]# cd ../../isolinux/

[[email protected] isolinux]# cp isolinux.cfg vesamenu.c32 splash.jpg boot.msg /var/lib/tftpboot/

[[email protected] isolinux]# mkdir /var/lib/tftpboot/pxelinux.cfg

[[email protected] isolinux]# cp isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/

[[email protected] isolinux]# cd /var/lib/tftpboot/pxelinux.cfg/

[[email protected] pxelinux.cfg]# mv isolinux.cfg default

[[email protected] pxelinux.cfg]# vim default 

修改

menu title Welcome to CentOS 6.6!

为 

menu title Welcome to CentOS 6.6 Magedu!

新建一个虚拟机，设置网卡为VMnet2

[[email protected] pxelinux.cfg]# cd

[[email protected] ~]# yum -y install httpd

[[email protected] ~]# mkdir /var/www/html/centos6

[[email protected] ~]# umount /dev/cdrom 

[[email protected] ~]# mount -r /dev/cdrom /var/www/html/centos6/

[[email protected] ~]# service httpd start

安装模式选择“URL”，配置自动获得IP地址

配置url地址为：http://10.0.10.1/centos6

04 cobbler简单实现

1、cobbler安装

[[email protected] ~]# rpm -Uvh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm 

[[email protected] ~]# yum -y install cobbler cobbler-web pykickstart debmirror httpd syslinux

[[email protected] ~]# cd /var/lib/tftpboot/ 

[[email protected] tftpboot]# mkdir /root/pxeboot

[[email protected] tftpboot]# mv ./* /root/pxeboot/

[[email protected] tftpboot]# cd

[[email protected] ~]# vim /etc/dhcp/dhcpd.conf

修改

subnet 10.0.10.0 netmask 255.255.255.0 {

 range 10.0.10.21 10.0.10.50;

 option routers 10.0.10.1;

 next-server 10.0.10.1;

 filename "pxelinux.0";

}

为

subnet 10.0.10.0 netmask 255.255.255.0 {

 range 10.0.10.21 10.0.10.50;

 option routers 10.0.10.1;

 filename "pxelinux.0";  

}

[[email protected] ~]# service dhcpd restart

[[email protected] ~]# service httpd start

[[email protected] ~]# service cobblerd start

[[email protected] ~]# cd /etc/cobbler/

[[email protected] ~]# openssl passwd -1 -salt `openssl rand -hex 4` #密码设为‘magedu‘

Password: 

$1$f5673d2f$v4u767ixJnzbYp3XsW4.81

[[email protected] cobbler]# vim settings 

修改

server: 127.0.0.1

为

server: 10.0.10.1

修改

next_server: 127.0.0.1

为 

next_server: 10.0.10.1

修改

default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."

为 

default_password_crypted: "$1$f5673d2f$v4u767ixJnzbYp3XsW4.81" #用上面生成的密码替换配置文件中的密码

[[email protected] cobbler]# service cobblerd restart

[[email protected] cobbler]# cobbler sync

[[email protected] tftpboot]# cobbler repo help

usage

=====

cobbler repo add

cobbler repo copy

cobbler repo edit

cobbler repo find

cobbler repo list

cobbler repo remove

cobbler repo rename

cobbler repo report

[[email protected] tftpboot]# umount /dev/cdrom 

[[email protected] tftpboot]# mount /dev/cdrom /media/ -r

[[email protected] tftpboot]# cobbler import --path=/media/ --name=centos6.6-x86_64

[[email protected] ~]# cd /var/www/cobbler/ks_mirror/

[[email protected] ks_mirror]# ls

centos6.6-x86_64  config

[[email protected] ks_mirror]# cd centos6.6-x86_64/

[[email protected] centos6.6-x86_64]# ls

CentOS_BuildTag  isolinux                  RPM-GPG-KEY-CentOS-Debug-6

EFI              Packages                  RPM-GPG-KEY-CentOS-Security-6

EULA             RELEASE-NOTES-en-US.html  RPM-GPG-KEY-CentOS-Testing-6

GPL              repodata                  TRANS.TBL

images           RPM-GPG-KEY-CentOS-6

[[email protected] centos6.6-x86_64]# cd /etc/httpd/conf.d/

[[email protected] conf.d]# ls

cobbler.conf  cobbler_web.conf  README  ssl.conf  welcome.conf  wsgi.conf

[[email protected] cobbler]# chkconfig rsync on

[[email protected] cobbler]# service xinetd restart

[[email protected] cobbler]# vim /etc/debmirror.conf

修改

@dists="sid";

为 

#@dists="sid";

修改

@arches="i386";

为 

#@arches="i386";

[[email protected] ~]# cobbler profile list

  centos6.6-x86_64

[[email protected] ~]# cobbler distro list

  centos6.6-x86_64

[[email protected] ~]# cobbler sync

[[email protected] ~]# service cobblerd restart

启动测试客户端，可以正常安装操作系统

2、新增一个kickstart安装项

[[email protected] ~]# cobbler profile help add

usage

=====

cobbler profile add

cobbler profile copy

cobbler profile dumpvars

cobbler profile edit

cobbler profile find

cobbler profile getks

cobbler profile list

cobbler profile remove

cobbler profile rename

cobbler profile report

[[email protected] ~]# vim centos6.x86_64.cfg #CentOS安装的kickstart文件

# Kickstart file automatically generated by anaconda.

#version=DEVEL

install

url --url="http://10.0.10.1/cobbler/ks_mirror/centos6.6-x86_64/"

lang zh_CN.UTF-8

keyboard us

rootpw  --iscrypted $6$dxqrElMVBdEAZWfC$dZOGcI8vfpUUMx.jsSh2BbCukKthMKnnKHs5GUGJTuzYgVx4ZFXIbigqg61xyiTId0XDqyqZ/kiX7hTnaEAzq0

firewall --service=ssh

authconfig --enableshadow --passalgo=sha512

selinux --disable

timezone --utc Asia/Shanghai

bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"

# The following is the partition information you requested

# Note that any partitions you deleted are not expressed

# here so unless you clear all partitions first, this is

# not guaranteed to work

#clearpart --none

#part /boot --fstype=ext4 --size=500

#part swap --size=2000

#part / --fstype=ext4 --grow --size=200

repo --name="CentOS"  --baseurl=cdrom:sr0 --cost=100

%packages

@base

@chinese-support

@core

@debugging

@basic-desktop

@desktop-debugging

@desktop-platform

@directory-client

@fonts

@general-desktop

@graphical-admin-tools

@input-methods

@internet-applications

@internet-browser

@java-platform

@legacy-x

@network-file-system-client

@office-suite

@print-client

@remote-desktop-clients

@server-platform

@server-policy

@workstation-policy

@x11

mtools

pax

oddjob

wodim

sgpio

genisoimage

device-mapper-persistent-data

abrt-gui

samba-winbind

certmonger

pam_krb5

krb5-workstation

libXmu

%end

[[email protected] ~]# cp centos6.x86_64.cfg /var/lib/cobbler/kickstarts/

[[email protected] ~]# cobbler distro list

  centos6.6-x86_64

[[email protected] ~]# cobbler profile add --name "centos6.6-x86_64-web" --distro=centos6.6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos6.x86_64.cfg 

[[email protected] ~]# cobbler profile list

  centos6.6-x86_64

  centos6.6-x86_64-web

[[email protected] ~]# cobbler sync

启动客户机测试，安装成功！

3、cobbler_web

1）生成cobbler登录账号、密码

[[email protected] ~]# cd /etc/cobbler/

[[email protected] cobbler]# htdigest /etc/cobbler/users.digest "Cobbler" cobbler

Changing password for user cobbler in realm Cobbler

New password: 

Re-type new password: 

#注：cobbler为登录账号，密码通过终端输入，这里为123456

命令执行完成后生成users.digest文件

[[email protected] cobbler]# ll users.digest

-rw-r--r-- 1 root root 49 Dec 11 09:51 users.digest

[[email protected] ~]# cobbler sync

[[email protected] ~]# service httpd restart

[[email protected] ~]# service cobblerd restart

登录：  http://192.168.1.151/cobbler_web （用户名cobbler,密码：123456）

登录成功！

05 CentOS 7 cobbler

配置环境：

node1 192.168.1.131 CentOS Linux release 7.2

1、cobbler安装配置

[[email protected] ~]# rpm -ivh http://192.168.56.2/epel/epel-release-latest-7.noarch.rpm

[[email protected] ~]# yum install cobbler -y

[[email protected] ~]# systemctl start cobblerd.service 

[[email protected] ~]# systemctl start httpd.service 

[[email protected] ~]# openssl passwd -1 -salt $(openssl rand -hex 4) 生成密码

Password: 

$1$3cc52881$nUzvLXIkX6mXBytq/INg0/

[[email protected] ~]# vim /etc/cobbler/settings 

修改

default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."

为 

default_password_crypted: "$1$3cc52881$nUzvLXIkX6mXBytq/INg0/" #用上面生成的密码替换配置文件中的密码

修改

next_server: 127.0.0.1

为 

next_server: 192.168.1.131

修改

server: 127.0.0.1

为 

server: 192.168.1.131

[[email protected] ~]# yum -y install tftp-server tftp xinetd

[[email protected] ~]# chkconfig tftp on

[[email protected] ~]# vim /etc/xinetd.d/tftp

修改

disable         = yes

为 

disable         = no

[[email protected] ~]# systemctl restart xinetd.service

[[email protected] ~]# systemctl start rsyncd.service

[[email protected] ~]# cobbler sync

[[email protected] ~]# systemctl restart cobblerd.service

[[email protected] ~]# cp /usr/share/syslinux/pxelinux.0 /usr/share/syslinux/menu.c32 /var/lib/cobbler/loaders/

[[email protected] ~]# systemctl restart cobblerd.service

[[email protected] ~]# systemctl enable rsyncd.service 

[[email protected] dhcp]# cobbler sync

[[email protected] ~]# yum -y install dhcp

[[email protected] ~]# cd /etc/dhcp/

[[email protected] dhcp]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example dhcpd.conf 

[[email protected] dhcp]# vim dhcpd.conf 

option domain-name "magedu.com";

option domain-name-servers 192.168.1.1;

default-lease-time 600;

max-lease-time 7200;

log-facility local7;

subnet 192.168.1.0 netmask 255.255.255.0 {

 range 192.168.1.10 192.168.1.20;

 option routers 192.168.1.1;

 next-server 192.168.1.131;

 filename "pxelinux.0";  

}

[[email protected] dhcp]# systemctl start dhcpd.service

[[email protected] dhcp]# cd

[[email protected] ~]# vim centos6.x86_64.cfg

# Kickstart file automatically generated by anaconda.

#version=DEVEL

install

url --url="http://192.168.1.131/cobbler/ks_mirror/centos6.6-x86_64/"

lang zh_CN.UTF-8

keyboard us

rootpw  --iscrypted $6$dxqrElMVBdEAZWfC$dZOGcI8vfpUUMx.jsSh2BbCukKthMKnnKHs5GUGJTuzYgVx4ZFXIbigqg61xyiTId0XDqyqZ/kiX7hTnaEAzq0

firewall --service=ssh

authconfig --enableshadow --passalgo=sha512

selinux --disable

timezone --utc Asia/Shanghai

bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"

# The following is the partition information you requested

# Note that any partitions you deleted are not expressed

# here so unless you clear all partitions first, this is

# not guaranteed to work

#clearpart --none

#part /boot --fstype=ext4 --size=500

#part swap --size=2000

#part / --fstype=ext4 --grow --size=200

repo --name="CentOS"  --baseurl=cdrom:sr0 --cost=100

%packages

@base

@chinese-support

@core

@debugging

@basic-desktop

@desktop-debugging

@desktop-platform

@directory-client

@fonts

@general-desktop

@graphical-admin-tools

@input-methods

@internet-applications

@internet-browser

@java-platform

@legacy-x

@network-file-system-client

@office-suite

@print-client

@remote-desktop-clients

@server-platform

@server-policy

@workstation-policy

@x11

lftp

%end

在光驱插入CentOS6.7光盘

[[email protected] ~]# mount -r /dev/sr0 /mnt/

[[email protected] ~]# ls /mnt/

CentOS_BuildTag  isolinux                  RPM-GPG-KEY-CentOS-Debug-6

EFI              Packages                  RPM-GPG-KEY-CentOS-Security-6

EULA             RELEASE-NOTES-en-US.html  RPM-GPG-KEY-CentOS-Testing-6

GPL              repodata                  TRANS.TBL

images           RPM-GPG-KEY-CentOS-6

[[email protected] ~]# mv centos6.x86_64.cfg /var/lib/cobbler/kickstarts/

[[email protected] ~]# cobbler import --path=/mnt --name="CentOS-6.7-x86_64" --kickstart=/var/lib/cobbler/kickstarts/centos6.x86_64.cfg

[[email protected] ~]# ls /var/www/cobbler/ks_mirror/CentOS-6.7-x86_64/ #上面创建的文件在此处

CentOS_BuildTag  isolinux                  RPM-GPG-KEY-CentOS-Debug-6

EFI              Packages                  RPM-GPG-KEY-CentOS-Security-6

EULA             RELEASE-NOTES-en-US.html  RPM-GPG-KEY-CentOS-Testing-6

GPL              repodata                  TRANS.TBL

images           RPM-GPG-KEY-CentOS-6

[[email protected] ~]# cobbler distro list

  CentOS-6.7-x86_64

[[email protected] ~]# cobbler profile list

  CentOS-6.7-x86_64   

[[email protected] ~]# cobbler sync

[[email protected] ~]# vim /var/lib/tftpboot/pxelinux.cfg/default 

上面生成的文件如下：

LABEL CentOS-6.7-x86_64

kernel /images/CentOS-6.7-x86_64/vmlinuz

MENU LABEL CentOS-6.7-x86_64

append initrd=/images/CentOS-6.7-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.1.131/cblr/svc/op/ks/profile/CentOS-6.7-x86_64

[[email protected] ~]# vim /var/lib/cobbler/kickstarts/centos6.x86_64.cfg 

修改

url --url="http://192.168.1.131/cobbler/ks_mirror/centos6.6-x86_64/"

为

url --url="http://192.168.1.131/cobbler/ks_mirror/centos-6.7-x86_64/"

默认yum源保存位置：

[[email protected] ~]# ls /var/www/cobbler/ks_mirror/

CentOS-6.7-x86_64  config

[[email protected] ~]# cobbler profile list

  CentOS-6.7-x86_64

[[email protected] ~]# cobbler profile remove --name=CentOS-6.7-x86_64

[[email protected] ~]# cobbler profile add --name=CentOS-6.7-x86_64 --distro=CentOS-6.7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos6.x86_64.cfg

[[email protected] ~]# cobbler sync

创建一个新的虚拟机，进行测试

2、安装配置cobbler-web

[[email protected] ~]# yum -y install cobbler-web

[[email protected] ~]# cd /etc/cobbler/

#生成认证用户密码（用户名：cblradmin,密码：123456）

[[email protected] cobbler]# htdigest /etc/cobbler/users.digest Cobbler cblradmin

Adding user cblradmin in realm Cobbler

New password: 

Re-type new password: 

[[email protected] cobbler]# systemctl restart httpd.service 

登录网址：

https://192.168.1.131/cobbler_web