系统安装过程
MBR:isolinux/boot.cat
stage2: isolinux/isolinux.bin
配置文件:isolinux/isolinux.cfg
装载根文件系统,并启动anaconda:默认启动GUI接口,若是显式指定使用TUI接口:向内核传递text参数即可(按tab键,在后面增加text;按ESC键:boot: linux text)
anaconda
工作过程
分为三个阶段:
-
安装前配置阶段
安装过程使用的语言 键盘类型 安装目标存储设备 Basic Storage:本地磁盘 特殊设备:iSCSI 设定主机名 配置网络接口 时区 管理员密码 设定分区方式及MBR的安装位置 创建一个普通用户 选定要安装的程序包 -
安装阶段
在目标磁盘创建分区,执行格式化操作等 将选定的程序包安装至目标位置 安装bootloader和initramfs -
图形模式首次启动
iptables selinux core dump
配置方式
指定安装源:
centos6
DVD drive repo=cdrom :device
Hard Drive repo=hd:device/path
HTTP Server repo=http://host/path
HTTPS Server repo=https://host/path
FTP Server repo=ftp://username:password@ host/path
NFS Server repo=nfs:server:/path
ISO images on an NFS Server repo=nfsiso:server:/path
centos7
Any CD/DVD drive inst.repo=cdrom
Hard Drive inst.repo=hd:device:/path
HTTP Server inst.repo=http://host/path
HTTPS Server inst.repo=https://host/path
FTP Server inst.repo=ftp://username:password@ host/path
NFS Server inst.repo=nfs:[options:]server:/path
指明kickstart文件的位置:
DVD drive: ks=cdrom:/PATH/TO/KICKSTART_FILE
Hard drive: ks=hd:device:/directory/KICKSTART_FILE
HTTP server: ks=http://host:port/path/to/KICKSTART_FILE
FTP server: ks=ftp://host:port/path/to/KICKSTART_FILE
HTTPS server: ks=https://host:port/path/to/KICKSTART_FILE
NFS server:ks=nfs:host:/path/to/KICKSTART_FILE
kickstart
格式
命令段:指明各种安装前配置,如键盘类型等
必备命令:
authconfig: 认证方式配置
authconfig --useshadow --passalgo=sha512
bootloader:bootloader的安装位置及相关配置
bootloader --location=mbr --driveorder=sda –append="crashkernel=auto rhgb quiet"
keyboard: 设定键盘类型
lang: 语言类型
part: 创建分区
rootpw: 指明root的密码
timezone: 时区
可选命令:
install OR upgrade
text: 文本安装界面
network
firewall
selinux
halt
poweroff
reboot
repo
user:安装完成后为系统创建新用户
url: 指明安装源
key –skip 跳过安装号码,适用于rhel版本(rehl版本不加这个,中途会卡在要求输入序列号的页面)
程序包段:指明要安装的程序包组或程序包,不安装的程序包等
%packages
@group_name
package
-package
%end
脚本段:
%pre: 安装前脚本,运行于安装介质上的微型Linux环境
%post: 安装后脚本,运行环境:安装完成的系统
创建
- 直接手动编辑,依据某模板修改
- 可使用创建工具:system-config-kickstart
检查ks文件的语法错误:ksvalidator /PATH/TO/KICKSTART_FILE
isolinux目录列表
solinux.bin:光盘引导程序,在mkisofs的选项中需要明确给出文件路径,这个文件属于SYSLINUX项目
isolinux.cfg:isolinux.bin的配置文件,当光盘启动后(即运行isolinux.bin),会自动去找isolinux.cfg文件
vesamenu.c32:是光盘启动后的安装图形界面,也属于SYSLINUX项目,menu.c32版本是纯文本的菜单
Memtest:内存检测,这是一个独立的程序
splash.jgp:光盘启动界面的背景图
vmlinuz是内核映像
initrd.img是ramfs (先cpio,再gzip压缩)
自动化安装系统
-
yum install -y httpd
systemctl start httpd
mkdir /var/www/html/centos6
mount /dev/sr0 /var/www/html/centos6
iptables -F
-
yum install -y system-config-kickstart
system-config-kickstart:启动图形化工具生成ks。cfg文件,格式如下:
#platform=x86, AMD64, or Intel EM64T #version=DEVEL # Firewall configuration firewall --disabled # Install OS instead of upgrade install # Use network installation url --url="http://192.168.39.128/centos6" # System authorization information auth --useshadow --passalgo=sha512 # Use graphical install graphical # System keyboard keyboard us # System language lang en_US # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # Installation logging level logging --level=info # System timezone timezone Africa/Abidjan # Network information network --bootproto=dhcp --device=eth0 --onboot=on # System bootloader configuration bootloader --location=mbr # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel # Disk partitioning information part /boot --fstype="ext4" --size=300 part / --fstype="ext4" --size=20480 part /app --fstype="ext4" --size=10240 part swap --fstype="ext4" --size=2048 %post service autofs restart rm -rf /etc/yum.repos.d/* cat > /etc/yum.repos.d/env.repo <<EOF [base] name=base baseurl=file:///misc/cd/ enable=1 gpgcheck=0 [tsinghua] name=tsinghua baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/$releasever/$basearch/ enabled=0 gpgcheck=0 EOF mkdir /root/.ssh echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyiSx2z8+qn22AfKVrOieIHRfa+O78RlHDJU5kMy6u1SVD86qRINAnIYgW4BTj02hI3xH6TKJeKgEnV8UxlnZtbGBhCM0wo4j20XQ1Mh/yhaAc1QaCFJqh4vbDMkLhA0T6dSfUTC7N1drhOMVVTHtQYFyRsylWP3Li435fzO6zXFBH/We6MmXu0OyAiMF+3cWQc0nCHA4xZGX9qep5DsMKc0UX4RWUORAnIIN98JuHSYtHj3yvrx+qbIBGXNXWNr9zBPAa3r7WWgITgL9BshI9/gHjw+H1kTuhb2njGqGECUgIF6M+PBk50uoZpbDilw7QJ7zjz3cDEwt+qcvL24yXQ== root@centos6.magedu.com' > /root/.ssh/authorized_keys %end %packages @base autofs %end -
光盘启动ESC
boot:linux ks=http://server/ks.cfg ip=192.168.31.200 netmask=255.255.255.0
制作引导光盘和U盘
-
yum install -y httpd
service httpd start
iptables -F
mkdir /var/www/html/centos6
mount /dev/sr0 /var/www/html/centos6/
-
yum install -y system-config-kickstart
system-config-kickstart:启动图形化工具生成ks。cfg文件
mkdir /app/boot
cp -r /misc/cd/isolinux /app/boot
mkdir /app/boot/ksdir
cp /root/ks6.cfg /app/boot/ksdir
-
vim /app/boot/isolinux/isolinux.cfg
default vesamenu.c32 #prompt 1 timeout 600 display boot.msg menu background splash.jpg menu title Welcome to CentOS 6.9! menu color border 0 #ffffffff #00000000 menu color sel 7 #ffffffff #ff000000 menu color title 0 #ffffffff #00000000 menu color tabmsg 0 #ffffffff #00000000 menu color unsel 0 #ffffffff #00000000 menu color hotsel 0 #ff000000 #ffffffff menu color hotkey 7 #ffffffff #ff000000 menu color scrollbar 0 #ffffffff #00000000 label linux menu label ^Auto Install an system # ^标记快捷键 menu default # 默认菜单 kernel vmlinuz append initrd=initrd.img ks=cdrom:/ksdir/ks6.cfg label vesa menu label Install ^Manual Centos kernel vmlinuz append initrd=initrd.img nomodeset repo=http://192.168.39.128/centos6 label local # 本地启动 menu label Boot from ^local drive localboot 0xffff mkisofs -R -J -T -v --no-emul-boot --boot-load-size 4 --boot-info-table -V "CentOS 6.9 x86_64 boot" -b isolinux/isolinux.bin -c isolinux/boot.cat -o /root/boot.iso /app/boot/:生成iso镜像文件
-
yum install -y lrzsz
sz /root/boot.iso
开机用boot.iso引导,测试(注意网卡问题)
mkisofs
用来将指定的目录与文件做成ISO 9660格式的映像文件,以供刻录光盘。常用选项:
- -o:指定映像文件的名称
- -b:指定在制作可开机光盘时所需的开机映像文件
- -c:制作可开机光盘时,会将开机映像文件中的 no-eltorito-catalog 全部内容作成一个文件
- -no-emul-boot:非模拟模式启动
- -boot-load-size 4:设置载入部分的数量
- -boot-info-table:在启动的图像中现实信息
- -R/-rock:使用 Rock RidgeExtensions
- -J/-joliet:使用 Joliet 格式的目录与文件名称
- -v/-verbose:执行时显示详细的信息
- -T/-translation-table:建立文件名的转换表,适用于不支持 Rock Ridge Extensions 的系统上
DHCP服务
Dynamic Host Configuration Protocol,动态主机配置协议,局域网协议,UDP协议
主要用于内部网络和网络服务供应商自动分配IP地址给用户,也可以用于内部网络管理员作为对所有电脑作集中管理的手段
工作流程
DHCP.jpg
DHCP共有八种报文:
DHCP DISCOVER:客户端到服务器
DHCP OFFER :服务器到客户端
DHCP REQUEST:客户端到服务器
DHCP ACK :服务器到客户端
DHCP NAK:服务器到客户端,通知用户无法分配合适的IP地址
DHCP DECLINE :客户端到服务器,指示地址已被使用
DHCP RELEASE:客户端到服务器,放弃网络地址和取消剩余的租约时间
DHCP INFORM:客户端到服务器, 客户端如果需要从DHCP服务器端获取更为详细的配置信息,则发送Inform报文向服务器进行请求,极少用到
续约
50% :租赁时间达到50%时来续租,刚向DHCP服务器发向新的DHCPREQUEST请求。如果dhcp服务没有拒绝的理由,则回应DHCPACK信息。当DHCP客户端收到该应答信息后,就重新开始新的租用周期
87.5%:如果之前DHCP Server没有回应续租请求,等到租约期的7/8时,主机会再发送一次广播请求
简介
Linux DHCP协议的实现程序:dhcp, dnsmasq(dhcp,dns)
Dhcp Server:
dhcpd
ipv4配置文件:/usr/sbin/dhcpdconf
/usr/sbin/dhcrelay # 可以提供中继DHCP和BOOTP请求,从一个没有DHCP服务器的子网直接连接到其它子网内的一个或多个DHCP服务器。该命令在DHCP中继服务器上使用,同时支持DHCPv4/BOOTP和DHCPv6协议
dhcp server:67/udp
dhcp client: 68/udp
dhcpv6 client:546/udp
Dhcp client:
dhclient
自动获取的IP信息: /var/lib/dhclient
配置文件
dhcpd.conf:man 5 dhcpd.conf
option domain-name "magedu.com";
option domain-name-servers 192.168.0.1,8.8.8.8;
default-lease-time 86400;
max-lease-time 86400;
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.1 192.168.100.200;
option routers 192.168.100.1;
filename "pxelinux.0"; # 指明引导文件名称
next-server 192.168.100.100; # 提供引导文件的服务器IP地址
}
/var/lib/dhcpd/dhcpd.leases:地址分配记录
检查语法
service dhcpd configtest
PXE安装系统
Preboot Excution Environment 预启动执行环境,Intel公司研发,基于Client/Server的网络模式,支持远程主机通过网络从远端服务器下载映像,并由此支持通过网络启动操作系统,PXE可以引导和安装Windows,linux等多种操作系统。
工作原理
PXE工作原理.png
- Client向PXE Server上的DHCP发送IP地址请求消息,DHCP检测Client是否合法(主要是检测Client的网卡MAC地址),如果合法则返回Client的IP地址,同时将启动文件pxelinux.0的位置信息一并传送给Client
- Client向PXE Server上的TFTP发送获取pxelinux.0请求消息,TFTP接收到消息之后再向Client发送pxelinux.0大小信息,试探Client是否满意,当TFTP收到Client发回的同意大小信息之后,正式向Client发送pxelinux.0
- Client执行接收到的pxelinux.0文件
- Client向TFTP Server发送针对本机的配置信息文件(在TFTP 服务的pxelinux.cfg目录下),TFTP将配置文件发回Client,继而Client根据配置文件执行后续操作。
- Client向TFTP发送Linux内核请求信息,TFTP接收到消息之后将内核文件发送给Client
- Client向TFTP发送根文件请求信息,TFTP接收到消息之后返回Linux根文件系统
- Client启动Linux内核
- Client下载安装源文件,读取自动化安装脚本
示例
配置pxe服务器端,支持CentOS6和CentOS7的安装(pxe+dhcpd+tftp-server+httpd)
注意网络问题,不要冲突
-
准备
准备环境:CentOS6.9,静态IP(必须):192.168.0.6,CentOS6.9和CentOS7.5的ISO镜像
关闭防火墙和selinux
yum install -y dhcp tftp-server httpd syslinux
mkdir /media/centos{6,7}
mount -r /dev/sr0 /media/centos6/
mount -r /dev/sr1 /media/centos7/
-
配置dhcp
vim /etc/dhcp/dhcpd.conf
log-facility local7; #记录日志级别 subnet 192.168.0.0 netmask 255.255.255.0 { #分配子网,和自己主机一个网段 range 192.168.0.100 192.168.0.254; #地址池 option domain-name-servers 114.114.114.114; #DNS option domain-name "pxe.test.org"; #搜索域 option routers 192.168.0.1; #路由网关 default-lease-time 600; #默认租约时间 max-lease-time 7200; #最大租约时间 next-server 192.168.0.6; #*指向tftp服务器地址,此处指向本机 filename "pxelinux.0"; #pxe文件名,系统默认为pxelinux.0 }service dhcpd start
chkconfig dhcpd on
-
配置tftp-server
chkconfig tftp on
service xinetd start
-
准备启动文件
cd /var/lib/tftpboot/
mkdir centos{6,7}
mkdir pxelinux.cfg/
cp /media/centos6/isolinux/{initrd.img,vmlinuz} centos6/
cp /media/centos7/isolinux/{initrd.img,vmlinuz} centos7/
cp /media/centos6/isolinux/{boot.msg,splash.jpg,vesamenu.c32} .
cp /usr/share/syslinux/pxelinux.0 .
install -m 644 /media/centos6/isolinux/isolinux.cfg pxelinux.cfg/default
vim pxelinux.cfg/default
default vesamenu.c32 timeout 60 display boot.msg menu background splash.jpg menu title Welcome to CentOS ! label linux menu label ^Install centos6.9_mini kernel centos6/vmlinuz append initrd=centos6/initrd.img ks=http://192.168.0.6/ksdir/ks6.cfg label linux menu label ^Install centos7.5_mini kernel centos7/vmlinuz append initrd=centos7/initrd.img ks=http://192.168.0.6/ksdir/ks7.cfg label local menu default menu label Boot from ^local drive localboot 0xfffftree
├── boot.msg ├── centos6 │ ├── initrd.img │ └── vmlinuz ├── centos7 │ ├── initrd.img │ └── vmlinuz ├── pxelinux.0 ├── pxelinux.cfg │ └── default ├── splash.jpg └── vesamenu.c32 -
准备安装源
mkdir -p /var/www/html/centos/{6,7}
mount -r /dev/sr0 /var/www/html/centos/6/
mount -r /dev/sr1 /var/www/html/centos/7/
mkdir -p /var/www/html/ksdir/
cp ks6.cfg ks7.cfg /var/www/html/ksdir/
service httpd start
chkconfig httpd on
-
ss -tnul:查看端口是否打开
选择网络引导
Cobbler
介绍
Cobbler由python语言开发,是对PXE和Kickstart以及DHCP的封装。融合很多特性,提供了CLI和Web的管理形式。更加方便的实行网络安装,。同时,Cobbler也提供了API接口,使用其它语言也很容易做扩展。它不紧可以安装物理机,同时也支持kvm、xen虚拟化、Guest OS的安装。更多的是它还能结合Puppet等集中化管理软件,实现自动化的管理。
Cobbler 提供以下服务集成:
- PXE 服务支持
- DHCP 服务管理
- DNS 服务管理
- 电源管理
- Kickstart 服务管理
- yum 仓库管理
组成
Cobbler 的配置结构基于一组注册的对象。每个对象表示一个与另一个实体相关联的实体(该对象指向另一个对象,或者另一个对象指向该对象)。当一个对象指向另一个对象时,它就继承了被指向对象的数据,并可覆盖或添加更多特定信息。以下对象类型的定义为:
- 发行版:表示一个操作系统。它承载了内核和 initrd 的信息,以及内核参数等其他数据。
- 配置文件:包含一个发行版、一个 kickstart 文件以及可能的存储库,还包含更多特定的内核参数等其他数据。
- 系统:表示要配给的机器。它包含一个配置文件或一个镜像,还包含 IP 和 MAC 地址、电源管理(地址、凭据、类型)以及更为专业的数据等信息。
- 存储库:保存一个 yum 或 rsync 存储库的镜像信息。
- 镜像:可替换一个包含不属于此类别的文件的发行版对象(例如,无法分为内核和 initrd 的对象)。
基于注册的对象以及各个对象之间的关联,Cobbler知道如何更改文件系统以反映具体配置。因为系统配置的内部是抽象的,所以您可以仅关注想要执行的操作。 下面是Cobbler各对象之间的关系图
cobbler各对象关系图.jpg
原理
cobbler原理.jpg
Server端:
- 启动Cobbler服务
- 进行Cobbler错误检查,执行cobbler check命令
- 进行配置同步,执行cobbler sync命令
- 复制相关启动文件文件到TFTP目录中
- 启动DHCP服务,提供地址分配
- DHCP服务分配IP地址
- TFTP传输启动文件
- Server端接收安装信息
- Server端发送ISO镜像与Kickstart文件
Client端:
- 客户端以PXE模式启动
- 客户端获取IP地址
- 通过TFTP服务器获取启动文件
- 进入Cobbler安装选择界面
- 客户端确定加载信息
- 根据配置信息准备安装系统
- 加载Kickstart文件
- 传输系统安装的其它文件
- 传输系统安装的其它文件
命令
cobbler check:检查cobbler配置
cobbler sync:同步配置到dhcp/pxe和数据目录
cobbler list:列出所有的cobbler元素
cobbler import:导入安装的系统镜像
cobbler report:列出各元素的详细信息
cobbler distro:查看导入的发行版系统信息
cobbler profile:查看配置信息
cobbler system:查看添加的系统信息
cobbler reposync:同步yum仓库到本地
[root@Cobbler ~]# cobbler--help
usage
=====
cobbler<distro|profile|system|repo|image|mgmtclass|package|file> ...
[add|edit|copy|getks*|list|remove|rename|report] [options|--help]
cobbler <aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version|signature|get-loaders|hardlink>[options|--help]
[root@Cobbler ~]# cobblerimport --help
Usage: cobbler [options]
Options:
-h, --help show this help message and exit
--arch=ARCH OS architecture being imported
--breed=BREED the breed being imported
--os-version=OS_VERSION
the version beingimported
--path=PATH local path or rsync location
--name=NAME name, ex ‘RHEL-5‘
--available-as=AVAILABLE_AS
tree is here, don‘tmirror
--kickstart=KICKSTART_FILE
assign this kickstartfile
--rsync-flags=RSYNC_FLAGS
pass additional flagsto rsync
示例
安装
-
配置epel的yum源
[root@Cobbler~]# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm Retrievinghttp://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm warning:/var/tmp/rpm-tmp.PiRbIQ: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY Preparing... ########################################### [100%] 1:epel-release ########################################### [100%] -
关闭防火墙和禁用selinux
[root@Cobbler~]# service iptables stop [root@Cobbler~]# chkconfig iptables off [root@Cobbler~]# service iptables status iptables: Firewall is notrunning. [root@Cobbler~]# chkconfig --list | grep iptables iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@Cobbler~]# getenforce Disabled 补充:禁用selinux的方法: setenfore 0 临时禁用 sed -i ‘/SELINUX=/d‘/etc/selinux/config && echo"SELINUX=disabled">> /etc/selinux/config 永久禁用,重启生效 -
安装cobbler的必备软件和cobbler
[root@Cobbler~]# yum -y install httpd rsync tftp-server xinetd dhcp cman pykickstart debmirror [root@Cobbler~]# yum -y install cobbler -
执行cobbler check,然后依次解决检查出的问题
[root@Cobbler~]# cobbler check The following are potentialconfiguration items that you may want to fix: 1 : The ‘server‘ field in/etc/cobbler/settings must be set to something other than localhost, orkickstarting features will not work. This should be a resolvable hostname or IP for the boot server asreachable by all machines that will use it. 2 : For PXE to be functional,the ‘next_server‘ field in /etc/cobbler/settings must be set to something otherthan 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : some network boot-loadersare missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders‘ todownload them, or, if you only want to handle x86/x86_64 netbooting, you mayensure that you have installed a *recent* version of the syslinux packageinstalled and can ignore this message entirely. Files in this directory, should you want to support all architectures,should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobblerget-loaders‘ command is the easiest way to resolve these requirements. 4 : change ‘disable‘ to ‘no‘in /etc/xinetd.d/rsync 5 : comment out ‘dists‘ on/etc/debmirror.conf for proper debian support 6 : comment out ‘arches‘ on/etc/debmirror.conf for proper debian support 7 : The default password usedby the sample templates for newly installed machines (default_password_cryptedin /etc/cobbler/settings) is still set to ‘cobbler‘ and should be changed, try:"openssl passwd -1 -salt ‘random-phrase-here‘ ‘your-password-here‘"to generate new one Restart cobblerd and then run‘cobbler sync‘ to apply changes. 解决办法: 1:在settings里面设置server 的IP 2:在settings里面设置next_server的IP 3:如果当前节点可以访问互联网,执行“cobblerget-loader”命令下载pxelinux.0,menu.c32,elilo.efi, 或yaboot文件,否则,需要安装syslinux程序包,而后复制/usr/share/syslinux/中的pxelinux.0,menu.c32等文件至/var/lib/cobbler/loaders目录中 4:把/etc/xinetd.d/rsync中的disable的值改为no 5: 注释/etc/dedmirror.conf文件中的“@dists="sid";”一行 6: 注释/etc/dedmirror.conf文件中的“@arches="i386";”一行 7: 执行“openssl passwd -1 -salt$(openssl rand -hex 4)”生成密码,并用其替换/etc/cobbler/settings文件中default_password_crypted参数
配置
-
修改/etc/xinetd.d/下rsync和tftp中disable值为no
[root@Cobbler~]# sed -i -e 's/= yes/= no/g' /etc/xinetd.d/rsync [root@Cobbler~]# sed -i '/disable/c\\tdisable\t\t\t= no' /etc/xinetd.d/tftp [root@Cobbler~]# grep "disable" /etc/xinetd.d/rsync /etc/xinetd.d/tftp /etc/xinetd.d/rsync: disable = no /etc/xinetd.d/tftp: disable = no -
修改/etc/cobbler/settings文件相关参数
[root@Cobbler~]# sed -i "s/manage_dhcp: 0/manage_dhcp: 1/g" /etc/cobbler/settings [root@Cobbler~]# sed -i "s/manage_rsync: 0/manage_rsync: 1/g" /etc/cobbler/settings [root@Cobbler ~]# sed -i "s/next_server: 127.0.0.1/next_server: 192.168.255.10/g" /etc/cobbler/settings [root@Cobbler~]# sed -i "s/server: 127.0.0.1/server: 192.168.255.10/g" /etc/cobbler/settings [root@Cobbler~]# egrep "manage_dhcp|manage_rsync|server:|next_server" /etc/cobbler/settings manage_dhcp:1 #启用cobbler对dhcp的管理 manage_rsync:1 #启用cobbler对rsync的管理 next_server:192.168.255.10 #指定next_server的地址 server:192.168.255.10 #指定cobbler的服务器的ip -
/etc/dedmirror.conf文件注释掉@dists="sid";@arches="i386
[root@Cobbler~]# sed -i "s/@dists/#@dists/g" /etc/debmirror.conf [root@Cobbler~]# sed -i "s/@arches/#@arches/g" /etc/debmirror.conf [root@Cobbler~]# egrep "@dists|@arches" /etc/debmirror.conf #@dists="sid"; #@arches="i386"; -
修改/etc/cobbler/dhcp.template,配置dhcp相关参数
subnet 192.168.255.0 netmask 255.255.255.0 { option routers 192.168.255.10; option domain-name-servers 192.168.255.10; option subnet-mask 255.255.255.0; range dynamic-bootp 192.168.255.100 192.168.255.254; default-lease-time 21600; max-lease-time 43200; next-server $next_server; -
生成新的密码文件
[root@Cobbler~]# openssl passwd -1 -salt 'cobbler' "123.com" $1$cobbler$rK3/2t1JZHrwohtqCqcmg. [root@Cobbler ~]# sed -i '/default_password_crypted/c\default_password_crypted:\"$1$cobbler$rK3/2t1JZHrwohtqCqcmg.\"' /etc/cobbler/settings [root@Cobbler~]# grep "default_password_crypted" /etc/cobbler/settings default_password_crypted:"$1$cobbler$rK3/2t1JZHrwohtqCqcmg." -
启动cobbler的各个组件,并设置开机自动启动
[root@Cobbler~]# /etc/init.d/httpd start Startinghttpd: httpd: apr_sockaddr_info_get() failed for Cobbler httpd:Could not reliably determine the server‘s fully qualified domain name, using127.0.0.1 for ServerName [ OK ] [root@Cobbler~]# /etc/init.d/xinetd start Startingxinetd: [ OK ] [root@Cobbler~]# /etc/init.d/cobblerd start Startingcobbler daemon: [ OK ] [root@Cobbler~]# /sbin/chkconfig httpd on [root@Cobbler~]# /sbin/chkconfig dhcpd on [root@Cobbler~]# /sbin/chkconfig xinetd on [root@Cobbler~]# /sbin/chkconfig cobblerd on [root@Cobbler~]# service dhcpd start Startingdhcpd: [FAILED] dhcp启动失败,原因是没有同步cobbler的配置,现在cobbler还没接管dhcp,执行cobbler rsync之后就可以 -
执行cobbler get-loaders命令,在线下载pxelinux.0,menu.c32,elilo.efi,或yaboot文件
[root@Cobbler~]# cobbler get-loaders task started:2015-06-01_170259_get_loaders task started (id=DownloadBootloader Content, time=Mon Jun 117:02:59 2015) path/var/lib/cobbler/loaders/README already exists, not overwriting existingcontent, use --force if you wish to update path/var/lib/cobbler/loaders/COPYING.elilo already exists, not overwriting existingcontent, use --force if you wish to update path/var/lib/cobbler/loaders/COPYING.yaboot already exists, not overwritingexisting content, use --force if you wish to update path/var/lib/cobbler/loaders/COPYING.syslinux already exists, not overwritingexisting content, use --force if you wish to update path/var/lib/cobbler/loaders/elilo-ia64.efi already exists, not overwritingexisting content, use --force if you wish to update path/var/lib/cobbler/loaders/yaboot already exists, not overwriting existingcontent, use --force if you wish to update path/var/lib/cobbler/loaders/pxelinux.0 already exists, not overwriting existingcontent, use --force if you wish to update path/var/lib/cobbler/loaders/menu.c32 already exists, not overwriting existingcontent, use --force if you wish to update path/var/lib/cobbler/loaders/grub-x86.efi already exists, not overwriting existingcontent, use --force if you wish to update path/var/lib/cobbler/loaders/grub-x86_64.efi already exists, not overwritingexisting content, use --force if you wish to update *** TASK COMPLETE *** -
重启cobbler,并执行cobbler sync使其同步
[root@Cobbler~]# service cobblerd restart Stoppingcobbler daemon: [ OK ] Startingcobbler daemon: [ OK ] [root@Cobbler~]# cobbler sync taskstarted: 2015-06-01_170502_sync taskstarted (id=Sync, time=Mon Jun 117:05:02 2015) runningpre-sync triggers cleaningtrees removing:/var/lib/tftpboot/grub/images copyingbootloaders tryinghardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 tryinghardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32 tryinghardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot tryinghardlink /var/lib/cobbler/loaders/grub-x86.efi ->/var/lib/tftpboot/grub/grub-x86.efi tryinghardlink /var/lib/cobbler/loaders/grub-x86_64.efi ->/var/lib/tftpboot/grub/grub-x86_64.efi copyingdistros to tftpboot copyingimages generatingPXE configuration files generatingPXE menu structure renderingDHCP files generating/etc/dhcp/dhcpd.conf renderingTFTPD files generating/etc/xinetd.d/tftp cleaninglink caches renderingRsync files runningpost-sync triggers runningpython triggers from /var/lib/cobbler/triggers/sync/post/* runningpython trigger cobbler.modules.sync_post_restart_services running:dhcpd -t -q receivedon stdout: receivedon stderr: running:service dhcpd restart receivedon stdout: Starting dhcpd: [ OK ] receivedon stderr: runningshell triggers from /var/lib/cobbler/triggers/sync/post/* runningpython triggers from /var/lib/cobbler/triggers/change/* runningpython trigger cobbler.modules.scm_track runningshell triggers from /var/lib/cobbler/triggers/change/* ***TASK COMPLETE *** 同步完成没报错之后,现在重新启动dhcp,发现可以正常启动了 [root@Cobbler~]# service dhcpd restart Shuttingdown dhcpd: [ OK ] Startingdhcpd: [ OK ] 最后执行cobblercheck重新检查一下,没有报错 [root@Cobbler~]# cobbler check Noconfiguration problems found. Allsystems go. 此时cobbler已经安装配置完成,下面开始进行导入镜像等管理操作
使用
-
导入镜像文件,使用命令cobbler import
# 查看帮助信息 [root@Cobbler~]# cobbler import --help Usage:cobbler [options] Options: -h, --help show this help message and exit --arch=ARCH OS architecture being imported --breed=BREED the breed being imported --os-version=OS_VERSION the version being imported --path=PATH local path or rsync location --name=NAME name, ex ‘RHEL-5‘ --available-as=AVAILABLE_AS tree is here, don‘t mirror --kickstart=KICKSTART_FILE assign this kickstart file --rsync-flags=RSYNC_FLAGS pass additional flags to rsync # 挂载镜像文件到/media下 [root@Cobbler~]# mount /dev/cdrom /media/ mount:block device /dev/sr0 is write-protected, mounting read-only # 导入镜像 [root@Cobbler~]# cobbler import --path=/media --name=CentOS6.4 --arch=x86_64 taskstarted: 2015-06-01_172716_import taskstarted (id=Media import, time=Mon Jun 117:27:16 2015) Founda candidate signature: breed=redhat, version=rhel6 Founda matching signature: breed=redhat, version=rhel6 Addingdistros from path /var/www/cobbler/ks_mirror/CentOS6.4-x86_64: creatingnew distro: CentOS6.4-x86_64 tryingsymlink: /var/www/cobbler/ks_mirror/CentOS6.4-x86_64 ->/var/www/cobbler/links/CentOS6.4-x86_64 creatingnew profile: CentOS6.4-x86_64 associatingrepos checkingfor rsync repo(s) checkingfor rhn repo(s) checkingfor yum repo(s) startingdescent into /var/www/cobbler/ks_mirror/CentOS6.4-x86_64 for CentOS6.4-x86_64 processingrepo at : /var/www/cobbler/ks_mirror/CentOS6.4-x86_64 need toprocess repo/comps: /var/www/cobbler/ks_mirror/CentOS6.4-x86_64 lookingfor /var/www/cobbler/ks_mirror/CentOS6.4-x86_64/repodata/*comps*.xml Keepingrepodata as-is :/var/www/cobbler/ks_mirror/CentOS6.4-x86_64/repodata ***TASK COMPLETE *** # 查看导入的镜像 [root@Cobbler~]# cobbler distro list CentOS6.4-x86_64 [root@Cobbler~]# cobbler list distros: CentOS6.4-x86_64 profiles: CentOS6.4-x86_64 systems: repos: images: mgmtclasses: packages: files: -
生成kickstart文件,并绑定到profile中
# Kickstart的模版文件在/var/lib/cobbler/kickstarts中,在导入镜像的时候不指定kickstart文件,就会使用默认的模版文件,现在我们拷贝 一份,进行自定义修改 [root@Cobbler~]# cd /var/lib/cobbler/kickstarts [root@Cobblerkickstarts]# cp sample.ks centos6.4x86_64.cfg [root@Cobbler kickstarts]# cobbler profile edit --name=CentOS6.4-x86_64--kickstart=/var/lib/cobbler/kickstarts/centos6.4x86_64.cfg -
修改centos6.4x86_64.cfg文件进行定制
# 默认的kickstart文件sampl.ks注释: #platform=x86, AMD64, or Intel EM64T # System authorization information auth --useshadow --enablemd5 #用户登录认证 # System bootloader configuration bootloader --location=mbr #mbr引导 # Partition clearing information clearpart --all --initlabel#默认清除所以分区 # Use text mode install text #默认以文本模式安装 # Firewall configuration firewall --enabled #防火墙默认开启 # Run the Setup Agent on first boot firstboot --disable #禁用启动代理 # System keyboard keyboard us #默认英文键盘 # System language lang en_US #默认语言英文 # Use network installation url --url=$tree #网络安装路径 # If any cobbler repo definitions were referenced in thekickstart profile, include them here. $yum_repo_stanza #默认的yum仓库 # Network information $SNIPPET(‘network_config‘) # Reboot after installation reboot #安装完成后重启 #Root password rootpw --iscrypted $default_password_crypted #密码是我们/etc/cobbler/settings设置密码 # SELinux configuration selinux --disabled #默认关闭selinux # Do not configure the X Window System skipx #默认没有安装图形界面 # System timezone timezone America/New_York #默认时区是美国/纽约 # Install OS instead of upgrade install #定义的是安装系统而不是升级系统 # Clear the Master Boot Record zerombr #默认清空所有的mbr # Allow anaconda to partition the system as needed autopart #默认自动分区 #下面就是Cobbler自定执行的一些脚本,我就不解释了。 %pre $SNIPPET(‘log_ks_pre‘) $SNIPPET(‘kickstart_start‘) $SNIPPET(‘pre_install_network_config‘) # Enable installation monitoring $SNIPPET(‘pre_anamon‘) %packages $SNIPPET(‘func_install_if_enabled‘) $SNIPPET(‘puppet_install_if_enabled‘) %post $SNIPPET(‘log_ks_post‘) # Start yum configuration $yum_config_stanza # End yum configuration $SNIPPET(‘post_install_kernel_options‘) $SNIPPET(‘post_install_network_config‘) $SNIPPET(‘func_register_if_enabled‘) $SNIPPET(‘puppet_register_if_enabled‘) $SNIPPET(‘download_config_files‘) $SNIPPET(‘koan_environment‘) $SNIPPET(‘redhat_register‘) $SNIPPET(‘cobbler_register‘) # Enable post-install boot notification $SNIPPET(‘post_anamon‘) # Start final steps $SNIPPET(‘kickstart_done‘) # End final steps# 自定义的centos6.4x86_64.cfg文件 auth --useshadow --enablemd5 bootloader--location=mbr clearpart--all --initlabel text firewall--enabled firstboot--disable keyboardus langen_US url--url=$tree $yum_repo_stanza $SNIPPET(‘network_config‘) reboot rootpw--iscrypted $default_password_crypted selinux--disabled skipx timezone Asia/Shanghai install zerombr autopart part/boot --fstype="ext4" --size=200 partswap --fstype="swap" --size=4096 part /--fstype="ext4" --grow --size=1 %pre $SNIPPET(‘log_ks_pre‘) $SNIPPET(‘kickstart_start‘) $SNIPPET(‘pre_install_network_config‘) $SNIPPET(‘pre_anamon‘) %packages $SNIPPET(‘func_install_if_enabled‘) $SNIPPET(‘puppet_install_if_enabled‘) @base @chinese-support @development @system-admin-tools %post--nochroot $SNIPPET(‘log_ks_post_nochroot‘) %end %post $SNIPPET(‘log_ks_post‘) $yum_config_stanza $SNIPPET(‘post_install_kernel_options‘) $SNIPPET(‘post_install_network_config‘) $SNIPPET(‘func_register_if_enabled‘) $SNIPPET(‘puppet_register_if_enabled‘) $SNIPPET(‘download_config_files‘) $SNIPPET(‘koan_environment‘) $SNIPPET(‘redhat_register‘) $SNIPPET(‘cobbler_register‘) $SNIPPET(‘post_anamon‘) $SNIPPET(‘kickstart_done‘) -
重启cobbler,并同步
[root@Cobbler~]# service cobblerd restart Stoppingcobbler daemon: [ OK ] Startingcobbler daemon: [ OK ] [root@Cobbler~]# cobbler check Noconfiguration problems found. All systemsgo. [root@Cobbler~]# cobbler sync taskstarted: 2015-06-01_175813_sync taskstarted (id=Sync, time=Mon Jun 117:58:13 2015) runningpre-sync triggers cleaningtrees removing:/var/www/cobbler/images/CentOS6.4-x86_64 removing:/var/lib/tftpboot/pxelinux.cfg/default removing:/var/lib/tftpboot/grub/grub-x86.efi removing:/var/lib/tftpboot/grub/efidefault removing:/var/lib/tftpboot/grub/images removing:/var/lib/tftpboot/grub/grub-x86_64.efi removing:/var/lib/tftpboot/images/CentOS6.4-x86_64 removing:/var/lib/tftpboot/s390x/profile_list copyingbootloaders tryinghardlink /var/lib/cobbler/loaders/grub-x86.efi ->/var/lib/tftpboot/grub/grub-x86.efi tryinghardlink /var/lib/cobbler/loaders/grub-x86_64.efi ->/var/lib/tftpboot/grub/grub-x86_64.efi copyingdistros to tftpboot copyingfiles for distro: CentOS6.4-x86_64 tryinghardlink /var/www/cobbler/ks_mirror/CentOS6.4-x86_64/images/pxeboot/vmlinuz-> /var/lib/tftpboot/images/CentOS6.4-x86_64/vmlinuz tryinghardlink /var/www/cobbler/ks_mirror/CentOS6.4-x86_64/images/pxeboot/initrd.img-> /var/lib/tftpboot/images/CentOS6.4-x86_64/initrd.img copyingimages generatingPXE configuration files generatingPXE menu structure copyingfiles for distro: CentOS6.4-x86_64 tryinghardlink /var/www/cobbler/ks_mirror/CentOS6.4-x86_64/images/pxeboot/vmlinuz-> /var/www/cobbler/images/CentOS6.4-x86_64/vmlinuz tryinghardlink /var/www/cobbler/ks_mirror/CentOS6.4-x86_64/images/pxeboot/initrd.img-> /var/www/cobbler/images/CentOS6.4-x86_64/initrd.img Writingtemplate files for CentOS6.4-x86_64 renderingDHCP files generating/etc/dhcp/dhcpd.conf renderingTFTPD files generating/etc/xinetd.d/tftp processingboot_files for distro: CentOS6.4-x86_64 cleaninglink caches renderingRsync files runningpost-sync triggers runningpython triggers from /var/lib/cobbler/triggers/sync/post/* runningpython trigger cobbler.modules.sync_post_restart_services running:dhcpd -t -q receivedon stdout: receivedon stderr: running:service dhcpd restart receivedon stdout: Shutting down dhcpd: [ OK ] Startingdhcpd: [ OK ] receivedon stderr: runningshell triggers from /var/lib/cobbler/triggers/sync/post/* runningpython triggers from /var/lib/cobbler/triggers/change/* runningpython trigger cobbler.modules.scm_track runningshell triggers from /var/lib/cobbler/triggers/change/* ***TASK COMPLETE *** 客户机开机从网卡启动,测试
补充
cobbler添加pxe菜单密码
-
生成hash密码
支持两种不同类型的密码: sha1passmypassword 或 opensslpasswd -1 -salt sXiKzkus mypassword 我这里选择后者 [root@Cobblercobbler]# openssl passwd -1 -salt cobbler cobbler $1$cobbler$M6SE55xZodWc9.vAKLJs6. -
编辑配置文件pxedefault.template,添加如下
[root@Cobblercobbler]# vim /etc/cobbler/pxe/pxedefault.template DEFAULTmenu PROMPT0 MENUTITLE Cobbler | http://www.cobblerd.org/ MENU MASTERPASSWD $1$cobbler$M6SE55xZodWc9.vAKLJs6. ######## TIMEOUT200 TOTALTIMEOUT6000 ONTIMEOUT$pxe_timeout_profile LABELlocal MENU LABEL (local) MENU DEFAULT LOCALBOOT -1 $pxe_menu_items MENUend -
编辑pxeprofile文件,添加如下
[root@Cobblercobbler]# vim /etc/cobbler/pxe/pxeprofile.template LABEL$profile_name MENU PASSWD ######## kernel $kernel_path $menu_label $append_line ipappend 2 -
重新检查配置,并同步使其生效
[root@Cobblercobbler]# cobbler check [root@Cobblercobbler]# cobbler sync
下次客户端装系统的时候,选择系统菜单时就需要输入密码了
配置文件
cobbler配置文件目录:
/etc/cobbler/settings:cobbler主配置文件
/etc/cobbler/dhcp.template:DHCP服务的配置模板
/etc/cobbler/tftpd.template:tftp服务的配置模板
/etc/cobbler/rsync.template:rsync服务的配置模板
/etc/cobbler/iso:iso模板配置文件
/etc/cobbler/pxe:pxe模板文件
/etc/cobbler/power:电源的配置文件
/etc/cobbler/users.conf:Web服务授权配置文件
/etc/cobbler/users.digest:用于web访问的用户名密码配置文件
/etc/cobbler/dnsmasq.template:DNS服务的配置模板
/etc/cobbler/modules.conf:Cobbler模块配置文件
cobbler数据目录:
- /var/lib/cobbler/config:配置文件
- /var/lib/cobbler/triggers:Cobbler命令
- /var/lib/cobbler/kickstarts :默认存放kickstart文件
- /var/lib/cobbler/loaders:存放的各种引导程序
- /var/lib/dhcpd/dhcpd.leases :dhcp租期缓存文件
- /tftpboot/pxelinux.cfg/default :pxe配置文件
- /var/lib/cobbler/kickstarts_*.ks:ks模板文件
系统镜像目录:
- /var/www/cobbler/ks_mirror:导入的系统镜像列表
- /var/www/cobbler/images:导入的系统镜像启动文件
- /var/www/cobbler/repo_mirror :yum源存储目录
日志目录:
- /var/log/cobbler/install.log:客户端系统安装日志
- /var/log/cobbler/cobbler.log:cobbler日志
web端
-
安装web端
yum install cobbler-web -y -
设置用户名和密码
为已存在的用户cobbler重置密码 htdigest /etc/cobbler/users.digest "Cobbler" cobbler 添加新用户 htdigest /etc/cobbler/users.digest "Cobbler" your_newname -
修改配置文件,允许cobbler从web登录
sed-i ‘s/authn_denyall/authn_configfile/g‘ /etc/cobbler/modules.conf -
重启Cobbler与http
/etc/init.d/cobblerd restart /etc/init.d/httpd restart -
访问cobbler web界面,配置管理
-
在浏览器上输入http://cobber_ip/cobber_web打开web界面,输入刚才设置的用户名和密码,进入后台
1.jpg -
后台界面2.jpg
-
导入镜像
选择Import DVD, 在prefix项中要填写导入光盘的名字,只有不与先前的名字冲突,这里可以随意填。 在Arch项中选择光盘的类型,是i386、x86_64、ai64等。 在Breed项中选择系统的类型,CentOS、Debian、Ubuntu中的一种。 在Path项中填写光盘或ISO镜像包挂载的位置,路径一定要填写正确。 最后点击 run开始导入,过程很慢,可以通过日志查看导入状态3.jpg -
查看日志中的导入状态,可以发现正在运行,第二个是之前用命令导入的,现在状态为complate完成 等到state状态为complate时,导入已完成4.1.jpg查看生成的distros,若生成刚导入的系统,表示没问题,如没有生成需要查看日志,了解具体情况4.2.jpg5.jpg
-
下面我们开始配置kickstart文件。点击kickstart template,在右边点击创建新的kickstart文件,填写你准备好的kickstart内容即可 5.1.jpg修改profile文件,让刚导入的镜像和刚创建的kickstart文件相关联,选择redhat6.4x86_64。点击edit5.2.jpg修改kickstart的路径,把刚才我们创建的kickstart的文件路径写进去,保存即可。5.3.jpg5.4.jpg
-
