Cobbler是自动化运维的必备工具,可通过网络启动(PXE)方式实现操作系统快速批量安装
Cobbler快速安装操作系统基于kickstart实现,但Cobbler功能更完善,管理更加简便、高效
Cobbler通过将安装系统所涉及的服务(tftp、dhcp、kickstart)集中管理,提供全自动化批量快速安装系统的网络环境,以实现大规模机房设备的统一管理
Cobbler是一种网络安装方式,可以实现BIOS、UEFI方式安装
也可以安装Ubuntu、Centos系统
Cobbler原理
Server端
- 启动Cobbler服务
- 进行Cobbler错误检查,执行cobbler check命令
- 进行配置同步,执行cobbler sync命令
- 复制相关启动文件到TFTP目录中
- 启动DHCP服务,提供地址分配
- DHCP服务分配IP地址
- TFTP传输启动文件
- Server端接收安装信息
- Server端发送ISO镜像与Kickstart文件
Client端
- 客户端以PXE模式启动
- 客户端获取IP地址
- 通过TFTP服务器获取启动文件
- 进入Cobbler安装选择界面
- 根据配置信息准备安装系统
- 加载Kickstart文件
- 传输系统安装的其它文件
- 进行安装系统
Cobbler支持CLI与WEB两种管理方式。要求所有被安装系统的服务器与Cobbler服务器在同一局域网内,且该网络环境中有且只有Cobbler服务器中具有DHCP服务,以防止多个DHCP服务冲突。
本次实验环境将Cobbler部署在虚拟机中,需要关闭虚拟化自带的DHCP功能。
VMware Workstation关闭方法:编辑—虚拟网络编辑器—更改设置—使用本地DHCP服务将IP地址分配给虚拟机,去掉选中的对勾后应用保存即可。其他虚拟化环境请自行寻找关闭办法。
安装cobbler
cobbler最新是2.8.5,python2.6以上任何版本都可以使用
# 关闭防火墙、selinux等
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux
yum -y install epel-release
yum -y install cobbler cobbler-web tftp-server dhcp httpd xinetd
yum install cman
yum -y install git make python-devel python-setuptools python-cheetah openssl
yum -y install fence-agents
yum -y install python-simplejson
systemctl start httpd dhcpd cobblerd xinetd
systemctl enable httpd dhcpd cobblerd xinetd
配置cobbler
检查cobbler需要的配置
[root@cobbler ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
修改cobbler配置
修改配置文件/etc/cobbler/settings
server=192.168.30.3
#next_server是tftp服务器地址
next_server=192.168.2.128
manage_dhcp: 1 #原先0改成1
tftp_server
sed -ri '/disable/c\disable = no' /etc/xinetd.d/tftp
systemctl enable xinetd
systemctl restart xinetd
boot-loaders:pxe相关文件下载
cobbler get-loaders
- 开启rsyncd
systemctl start rsyncd
systemctl enable rsyncd
- debmirror镜像,用于管理ubuntu、debian的镜像安装。修改/etc/debmirror.conf配置文件,注释掉@dists和@arches两行
yum -y install debmirror
sed -i 's/@dists="sid";/#@dists="sid";/' /etc/debmirror.conf
sed -i 's/@arches="i386";/#@arches="i386";/' /etc/debmirror.conf
- pykickstart
yum -y install pykickstart
- default_password_crypted
注意:这里设置的密码,也就是后面安装完系统的初始化登录密码
[root@cobbler ~]# openssl passwd -1 -salt `openssl rand -hex 4` 'admin'
$1$675f1d08$oJoAMVxdbdKHjQXbGqNTX0
[root@cobbler ~]# cobbler setting edit --name=default_password_crypted --value='$1$675f1d08$oJoAMVxdbdKHjQXbGqNTX0'
- fencing tools [optional]
yum -y install fence-agents
开启DHCP
- subnet:子网段的,建议写网络号,而不是当前IP
- option routers:网关地址
- option domain-name-server:DNS服务器,写网关地址就可以了
- range dynamic-bootp:dhcp分配地址范围
- default-lease-time:默认续租
- max-lease-time:最大续租
- next-server:tftp服务器地址,写当前IP
subnet 192.168.30.0 netmask 255.255.255.0 {
option routers 192.168.30.3;
option domain-name-servers 192.168.30.3;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.30.100 192.168.30.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
::: warn
Cobbler可能会和原有DHCP服务器:虚拟机没有实验,需要自己验证
不开启Cobbler的DHCP,使用原有DHCP:没有实验,需要自己验证
:::
修改cobbler的工作路径(可选)
webdir: /var/www/cobbler
将您已经拥有的所有内容复制/var/www/cobbler到另一个位置,例如,/opt/cobbler_data
现在,只需在/var/www/cobbler该点创建一个符号链接或绑定安装即可/opt/cobbler_data。
如果您决定通过NFS(不推荐)访问cobbler的数据存储(不推荐),则您真的想将SEFS上下文作为参数传递给SECODE上下文,从而将NFS挂载在/ var/www/cobbler上。
您可能还需要处理与西葫芦有关的问题。但是,如果要为多站点设置制作Cobbler服务器的镜像,则可以以只读方式安装。
/var/lib/cobbler 不能在NFS上运行,因为这会干扰补鞋匠在其存储文件周围进行的锁定(“锁定”)。
systemctl restart cobblerd
cobbler check
cobbler sync
导入镜像
导入镜像
cobbler signature update
cobbler import --name=ubuntu1604 --path=/var/www/html/ubuntu80 --arch=x86_64
删除镜像
cobbler profile remove --name=ubuntu808-x86_64
cobbler distro remove --name=ubuntu808-x86_64
指定ks文件
cobbler profile edit --name=ubuntu-16.04.4-x86_64 --kickstart=/var/www/cobbler/ks/ubuntuserver16.cfg
网卡变为eth0 ,而不是CentOS7中的ens33
cobbler profile edit --name=CentOS-x86_64 --kopts='net.ifnames=0 biosdevname=0'
常见操作
cobbler distro report
cobbler list
cobbler distro list
cobbler distro remove --name=ubuntu-16.04.4-x86_64
cobbler distro --help
cobbler validateks #
cd /var/lib/tftpboot/grub/ #修改efidefault的菜单超时时间
sed -ri ‘s/^(timeout=).*/\160/‘ efidefault
确认服务是否正常启动,物理机、虚拟机测试需要开启网络模式启动,
自定义启动选择界面
编辑 /etc/cobbler/pxe/pxedefault.template BIOS方式
编辑 /etc/cobbler/pxe/efidefault.template UEFI方式
[root@cobbler ~]# yum -y install fence-agents
如果在导入镜像包以下错误则需要更新一下cobbler
cobbler signature update
自定义cobbler安装系统菜单界面 (注意不能用中文标题哦。)
vim /etc/cobbler/pxe/pxedefault.template
UEFI方式启动
读取安装系统的相关文件比较慢,耐心等待
/var/lib/tftpboot/grub/efidefault
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
WEB访问
用户:cobbler
密码:cobbler