Cobbler 简介:
Cobbler由python语言开发,是对PXE和Kickstart以及DHCP的封装。融合很多特性,提供了CLI和Web的管理形式。更加方便的实行网络安装。同时,Cobbler也提供了API接口,使用其它语言也很容易做扩展。它不紧可以安装物理机,同时也支持kvm、xen虚拟化、Guest OS的安装。更多的是它还能结合Puppet等集中化管理软件,实现自动化的管理。
Cobbler 提供的功能:
使用 Cobbler,您无需进行人工干预即可安装机器。Cobbler 设置一个 PXE 引导环境,并控制与安装相关的所有方面,比如网络引导服务(DHCP 和 TFTP)与存储库镜像。当希望安装一台新机器时,Cobbler 可以使用一个以前定义的模板来配置 DHCP 服务(如果启用了管理 DHCP) 将一个存储库(yum 或 rsync)建立镜像或解压缩一个媒介,以注册一个新操作系统 在 DHCP 配置文件中为需要安装的机器创建一个条目,并使用您指定的参数(IP 和 MAC 地址) 在 TFTFP 服务目录下创建适当的 PXE 文件 重新启动 DHCP 服务以反映更改 重新启动机器以开始安装(如果电源管理已启用)
Cobbler 工作原理:
Server端:
第一步,启动Cobbler服务
第二步,进行Cobbler错误检查,执行cobbler check命令
第三步,进行配置同步,执行cobbler sync命令
第四步,复制相关启动文件文件到TFTP目录中
第五步,启动DHCP服务,提供地址分配
第六步,DHCP服务分配IP地址
第七步,TFTP传输启动文件
第八步,Server端接收安装信息
第九步,Server端发送ISO镜像与kickstart文件
Client端:
第一步,客户端以PXE模式启动
第二步,客户端获取IP地址
第三步,通过TFTP服务器获取启动文件
第四步,进入Cobbler安装选择界面
第五步,客户端确定加载信息
第六步,根据配置信息准备安装系统
第七步,加载kickstart文件
第八步,传输系统安装的其它文件
第九步,进行安装系统
测试环境:
OS : rhel-6.5-x86_64
eth0 : 192.168.1.107 桥接网卡
eth1 : 192.168.10.254 Host only
一,Cobbler 的安装配置
1,关闭防火墙和selinux
# service iptables stop
# chkconfig iptables off
# sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/‘ /etc/selinux/config
# setenforce 0
2,Cobbler 由epel源提供,故此需要事先配置安装指向 epel 的 yum 源
# yum install http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
3,安装 Cobbler 和它需要的第三方工具包
# yum install -y cobbler cobbler-web debmirror pykickstart rsync httpd dhcp tftp-server
4,启动Cobbler 和httpd 服务
# service cobblerd start
# service httpd start
5,修改apache相关配置并重新启动
# vim /etc/httpd/conf/httpd.conf
ServerName localhost:80
# service httpd restart
6,添加服务至服务列表
# chkconfig --add cobblerd
# chkconfig --add httpd
# chkconfig cobblerd on
# chconfig httpd on
7,检测cobbler 的环境配置成功没
# cobbler check
错误:The following are potential configuration items that you may want to fix: 1 : The ‘server‘ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.2 : For PXE to be functional, the ‘next_server‘ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.3 : change ‘disable‘ to ‘no‘ in /etc/xinetd.d/tftp4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders‘ to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders‘ command is the easiest way to resolve these requirements.5 : change ‘disable‘ to ‘no‘ in /etc/xinetd.d/rsync6 : file /etc/xinetd.d/rsync does not exist7 : comment out ‘dists‘ on /etc/debmirror.conf for proper debian support8 : comment out ‘arches‘ on /etc/debmirror.conf for proper debian support9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler‘ and should be changed, try: "openssl passwd -1 -salt ‘random-phrase-here‘ ‘your-password-here‘" to generate new one10 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use themRestart cobblerd and then run ‘cobbler sync‘ to apply changes.
说明 :1,/etc/cobbler/setting 文件中的‘server‘ 配置项的值不能为localhost 必须是一个能够与外部主机交互的ip地址;2,需要修改/etc/cobbler/setting 文件中的‘net_server’的值为tftp 服务器的ip地址,不能使用127.0.0.1;3,需要启动tftp服务,修改/etc/xinetd.d/tftp 文件;4,执行 cobbler get-loaders 命令,获取不同发行版的bootloader;5,需要启动rsync服务,修改/etc/xinetd.d/rsync 文件;6,/etc/xinetd.d/rsync 文件不存在;7,8,注释/etc/debmirror.conf 文件中的 ‘dists‘ 和 ‘arches‘;9,需要修改默认的密码;10,cobbler支持电源管理,需要此功能需要安装 cman 和 fence-agents;配置成功后需要重启cobblerd 并且执行 cobbler sync 命令同步;
8,修改cobbler的主配置文件
# vim /etc/cobbler/setting
next_server: 192.168.10.254
server: 192.168.10.254
# service cobblerd restart
9,启动tftp服务
# chkconfig tftp on
# service xinetd restart
10,获取bootloader(需要能访问互联网)
# cobbler get-loaders
# ls /var/lib/cobbler/loaders/ ###bootloader 文件存放位置
# service cobblerd restart
11,启用rsync服务
# chkconfig rsync on
# service xinetd restart
12,编辑/etc/debmirror.conf
# vim /etc/debmirror.conf
# @dists="sid";
# @arches="i386";
13,生成密码
# openssl passwd -1 -salt `openssl rand -hex 4` 密码
# vim /etc/cobbler/setting
default_password_crypted: "生成密钥"
14,如果需要装cman 和fence-agents 如下:
# yum -y install cman fence-agents
15,重启检测
# service cobblerd restart
# cobbler check
16,执行cobbler同步
# cobbler sync
17,提供dhcp服务的主配置文件
# cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
18,编辑dhcp服务的配置文件
# vim /etc/dhcp/dhcpd.conf
option domain-name "luolinux.com";
option domain-name-servers 192.168.1.136;
default-lease-time 43200;
max-lease-time 86400;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.21 192.168.10.100;
option routers 192.168.10.254;
}
next-server 192.168.10.254;
filename="pxelinux.0";
19,重启dhcpd服务
# service dhcpd restart
# chkconfig dhcpd on
20,提供kickstart 文件
# vim /var/lib/cobbler/kickstarts/rhel-6.5-x86_64.cfgurl --url="http://192.168.1.107/cobbler/ks_mirror/rhel-6.5-x86_64" ###关键配置项lang en_US.UTF-8keyboard uskey --skipnetwork --onboot yes --device eth0 --bootproto dhcp --noipv6rootpw --iscrypted $1$19e9dd0e$S42Ccni9SSqRtpP.bXaQD.auth --useshadow --passalgo=sha512 textfirewall --disabledselinux --disabled #Reboot after instaiiationreboottimezone --utc Asia/Shanghai # The following is the partition information you requested# Note that any partitions you deleted are not expressed# here so unless you clear all partitions first, this is# not guaranteed to workzerombr yes part /boot --fstype=ext4 --size=200part / --fstype=ext4 --size=7000 %packages@Base%end%post echo -e ‘Luochen test Machine‘ >> /etc/issuesed -i ‘1,[email protected]:[0-9]:initdefault:@id:3:initdefault:@g‘ /etc/inittab # set the hostnameClientName="Director"sed -i "[email protected]=.*@[email protected]" /etc/sysconfig/networks%end
21,将光盘镜像文件导入到cobbler中
# mount -t iso9660 -o loop /dev/cdrom /media/cdrom
# cobbler import --name="rhel-6.5-x86_64" --path=/media/cdrom/
22,查看distro
# cobbler distro list
23,添加profile 主要有三个重要选项 --name , --kickstart , --distro
# cobbler profile add --name=rhel-6.5-x86_64-basic --distro=rhel-6.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.cfg
# cobbler profile list (默认在添加distro 时会生成一个profile 此profile不可用 没有指定kickstart文件)
# cobbler sync
24,查看所有的cobbler组件
# cobbler list
25,更换kickstart文件
# cobbler profile edit --name=rhel-6.5-x86_64-basic --distro=rhel-6.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.cfg(修改后的kickstart文件)
PS : http://192.168.1.107/cobbler/ks_mirror/ 目录里保存每一个制作好的发行版
二,测试
1,新建虚拟机,设置系统启动顺序为网络引导
2,设置网络 Host only
3,启动虚拟机
4,开始安装
三,Cobbler_web 的配置
1,cobbler_web的bug修复
当前epel源中提供的cobbler_web(程序包为cobbler-2.2.3-2.el6.noarch)存在bug,其/usr/share/cobbler/web/settings.py文件的内容需要修改为如下内容:# vim /usr/share/cobbler/web/settings.py # Django settings for cobbler-web project.import djangoDEBUG = TrueTEMPLATE_DEBUG = DEBUGADMINS = ( # (‘Your Name‘, ‘[email protected]‘),) MANAGERS = ADMINSDATABASE_ENGINE = ‘‘ # cobbler-web does not use a databaseDATABASE_NAME = ‘‘ DATABASE_USER = ‘‘ DATABASE_PASSWORD = ‘‘ DATABASE_HOST = ‘‘ DATABASE_PORT = ‘‘ # Force Django to use the systems timezoneTIME_ZONE = None # Language section# TBD.LANGUAGE_CODE = ‘en-us‘USE_I18N = False SITE_ID = 1 # not usedMEDIA_ROOT = ‘‘MEDIA_URL = ‘‘ADMIN_MEDIA_PREFIX = ‘/media/‘ SECRET_KEY = ‘‘ # code config if django.VERSION[0] == 1 and django.VERSION[1] < 4: TEMPLATE_LOADERS = ( ‘django.template.loaders.filesystem.load_template_source‘, ‘django.template.loaders.app_directories.load_template_source‘, )else: TEMPLATE_LOADERS = ( ‘django.template.loaders.filesystem.Loader‘, ‘django.template.loaders.app_directories.Loader‘, ) if django.VERSION[0] == 1 and django.VERSION[1] < 2: # Legacy django had a different CSRF method, which also had # different middleware. We check the vesion here so we bring in # the correct one. MIDDLEWARE_CLASSES = ( ‘django.middleware.common.CommonMiddleware‘, ‘django.contrib.csrf.middleware.CsrfMiddleware‘, ‘django.contrib.sessions.middleware.SessionMiddleware‘, ‘django.contrib.auth.middleware.AuthenticationMiddleware‘, )else: MIDDLEWARE_CLASSES = ( ‘django.middleware.common.CommonMiddleware‘, ‘django.middleware.csrf.CsrfViewMiddleware‘, ‘django.contrib.sessions.middleware.SessionMiddleware‘, ‘django.contrib.auth.middleware.AuthenticationMiddleware‘, ) ROOT_URLCONF = ‘urls‘ TEMPLATE_DIRS = ( ‘/usr/share/cobbler/web/templates‘,)INSTALLED_APPS = ( ‘django.contrib.auth‘, ‘django.contrib.contenttypes‘, ‘django.contrib.sessions‘, ‘django.contrib.sites‘, ‘cobbler_web‘,) from django.conf.global_settings import TEMPLATE_CONTEXT_PROCESSORS TEMPLATE_CONTEXT_PROCESSORS += ( ‘django.core.context_processors.request‘,) SESSION_ENGINE = ‘django.contrib.sessions.backends.file‘SESSION_FILE_PATH = ‘/var/lib/cobbler/webui_sessions‘
2,配置cobbler_web的认证功能
cobbler_web支持多种认证方式,如authn_configfile、authn_ldap或authn_pam等,默认为authn_denyall,即拒绝所有用户登录。下面说明两种能认证用户登录cobbler_web的方式:
3,使用authn_pam模块认证cobbler_web用户
首先修改/etc/cobbler/modules.conf 中[authentication]段的module参数的值为authn_pam
# vim /etc/cobbler/modules.conf
[authentication]
module = authn_pam
接着添加系统用户,用户名和密码按需设定即可,例如下面的命令所示 :
# useradd luochen
# echo ‘luochen‘ | passwd --stdin luochen
而后将cblradmin用户添加至cobbler_web的admin组中。修改/etc/cobbler/users.conf文件,将cblradmin用户名添加为admin参数的值即可,如下所示 :
# vim /etc/cobbler/users.conf
[admins]
admin = "luochen"
# service cobblerd restart
PS : 最后重启cobblerd服务,通过http://192.168.1.107/cobbler_web访问即可。
4,使用authn_configfile模块认证cobbler_web用户
首先修改modules中[authentication]段的module参数的值为authn_configfile
# vim /etc/cobbler/modules.conf
[authentication]
module = authn_configfile
接着创建其认证文件/etc/cobbler/users.digest,并添加所需的用户即可。需要注意的是,添加第一个用户时,需要为htdigest命令使用“-c”选项,后续添加其他用户时不能再使用;另外,cobbler_web的realm只能为Cobbler。如下所示 :
# htdigest -c /etc/cobbler/users.digest Cobbler ‘用户名‘
PS : 最后重启cobblerd服务,通过http://192.168.1.107/cobbler_web访问即可。
5,登录页
6,Cobbler-web 主界面