利用cobbler實現自動化安裝

Cobbler簡介

Cobbler是一款Linux生態的自動化運維工具，基于Python2開發，用于自動化批量部署安裝操作系
統；其提供基于CLI的管理方式和WEB配置界面，其中WEB配置界面是基于Python2和Django框架開
發。另外，cobbler還提供了API，方便二次開發。Cobbler屬于C/S模型(客戶端/服務器模型)

Cobbler主要用于快速網絡安裝linux操作系統，支持眾多的Linux發行版如：Red Hat、Fedora、CentOS、Debian、Ubuntu和SuSE等，甚至支持windows的安裝

Cobbler實質是PXE的二次封裝，將多種安裝參數封裝到一起，并提供統一的管理方法

Cobbler的相關服務

使用Cobbler安裝系統需要一臺專門提供各種服務的服務器，提供的服務包括(HTTP/FTP/NFS,
TFTP,DHCP),也可以將這幾個服務分別部署到不同服務器。事實上在實際應用中，總是將不同的服務分別
部署到專門的服務器。

Cobbler是在HTTP、TFTP、DHCP等各種服務的基礎上進行相關操作的，實際安裝的大體過程類似于基
于PXE的網絡安裝:客戶端(裸機)開機使用網卡引導啟動，其請求DHCP分配一個地址后從TFTP服務器獲取
啟動文件,加載到客戶端本地內存中運行，并顯示出可安裝的系統列表；在人為的選定安裝的操作系統類
型后,客服端會到HTTP服務器下載相應的系統安裝文件并執行自動安裝

Cobbler的工作原理

• client裸機配置了從網絡啟動后，開機后會廣播包請求DHCP服務器（cobbler server）發送其分配好的一個IP
• DHCP服務器（cobbler server）收到請求后發送responese，包括其ip地址
• client裸機拿到ip后再向cobbler server發送請求OS引導文件的請求
• cobbler server告訴裸機OS引導文件的名字和TFTP server的ip和port
• client裸機通過上面告知的TFTP server地址通信，下載引導文件
• client裸機執行執行該引導文件，確定加載信息，選擇要安裝的os，期間會再向cobbler server請求kickstart文件和os image
• cobbler server發送請求的kickstart和os iamge
• client裸機加載kickstart文件
• client裸機接收os image，安裝該os image

安裝Cobbler及其相關的服務和組件

Cobbler所依賴的服務包括HTTPD,TFTP,DHCP等，如果有web界面要求，還需要安裝相關的組件

CentOS 8目前還沒有提供Cobbler相關包

[root@centos7 ~]#yum install dhcp cobbler cobbler-web pykickstart 
[root@centos7 ~]#systemctl enable --now cobbler httpd tftp dhcpd 

相關包說明：

• httpd：提供yum源，并配合cobbler-web使得cobbler可以通過web網頁界面進行配置管理
• tftp-server：提供啟動和菜單等相關文件網絡下載功能
• cobbler-web : 提供基于web的cobbler管理界面
• pykickstart.noarch : 基于python的管理kickstart文件的庫

說明：

• Cobbler依賴于epel源，在安裝cobbler之前需要配置epel源
• 在安裝cobbler時會自因為依賴而安裝httpd,tftp-server相關包

Cobbler配置文件及各目錄情況

配置文件

/etc/cobbler/settings  #cobbler 主配置文件 
/etc/cobbler/iso/  #iso模板配置文件
/etc/cobbler/pxe   #pxe模板文件
/etc/cobbler/power  #電源配置文件 
/etc/cobbler/user.conf   #web服務授權配置文件 
/etc/cobbler/users.digest  #web訪問的用戶名密碼配置文件 
/etc/cobbler/dhcp.template #dhcp服務器的的配置模板
/etc/cobbler/dnsmasq.template #dns服務器的配置模板
/etc/cobbler/tftpd.template  #tftp服務的配置模板
/etc/cobbler/modules.conf #cobbler模塊的配置文件

數據目錄

/var/lib/cobbler/config/     #用于存放distros，system，profiles 等信息的配置文件
/var/lib/cobbler/triggers/   #用于存放用戶定義的cobbler命令
/var/lib/cobbler/kickstarts/  # 默認存放kickstart文件
/var/lib/cobbler/loaders/     #存放各種引導程序

鏡像目錄

/var/www/cobbler/ks_mirror/    #導入的發行版系統的所有數據
/var/www/cobbler/images/       #導入發行版kernel和initrd鏡像用于遠程網絡啟動
/var/www/cobbler/repo_mirror/   #yum 倉庫存儲目錄

日志目錄

/var/log/cobbler/installing  #客戶端安裝日志 
/var/log/cobbler/cobbler.log #cobbler日志

配置及啟動cobblerd服務

檢測cobbler的運行環境,并根據提示逐步配置cobbler

cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

1.更改/etc/xinetd.d/tftp配置文件
vim /etc/xinetd.d/tftp
disable  =  yes  -->  disable  =  no
systemctl restart xinetd
2.聯網下載boot引導程序文件
cobbler get-loaders
3.沒有網絡情況下拷貝啟動文件到TFTP服務文件夾
cp -a /usr/share/syslinux/{pxelinux.0,menu.c32}  /var/lib/tftpboot
4.更改/etc/cobbler/settings配置文件的server項為提供cobblerd服務的主機地址,也就是本機地址
sed -nri 's#server:127.0.0.1#server:192.168.100.100#' /etc/cobbler/settings
更改后的整行內容:server:192.168.100.100
5.更改/etc/cobbler/settings配置文件的next_server項，指明tftp服務器地址，使得客戶端能夠找
到TFTP服務器
sed -i 's/next_server: 127.0.0.1/next_server: 192.168.100.100/' /etc/cobbler/settings
更改后的整行內容:next_server:192.168.100.100
6.配置相應的選項來使用cobbler管理dhcp服務和tftp服務
manage_dhcp：1
manage_tftpd：1
7.pxe_just_once選項，該選項置1表示在pxe安裝塊結束時在cobbler系統中做相應的記錄，這樣會避免如果客戶機的BIOS選項中PXE啟動處于第一位導致的循環重啟；如果第一個啟動硬件不是PXE啟動那就置0。
pxe_just_once：1  

配置完成后重啟
systemctl restart cobblerd

cobbler命令用法

[root@centos7 ~]#cobbler
usage
=====
cobbler <distro|profile|system|repo|image|mgmtclass|package|file> ...
        [add|edit|copy|getks*|list|remove|rename|report] [options|--help]

cobbler <aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version|signature|get-loaders|hardlink> [options|--help]

可以使用下面的方式得到使用幫助

[root@centos7 ~]#cobbler distro --help
usage
=====
cobbler distro add
cobbler distro copy
cobbler distro edit
cobbler distro find
cobbler distro list
cobbler distro remove
cobbler distro rename
cobbler distro report
[root@old_centos7 ~]#cobbler distro add --help
Usage: cobbler [options]

Options:
  -h, --help            show this help message and exit
  --name=NAME           Name (Ex: Fedora-11-i386)
  --ctime=CTIME
  --mtime=MTIME
  --uid=UID       Owners (Owners list for authz_ownership (space delimited))
...省略...

常見用法：

#列出當前導入的linux發行版條目
cobbler distro list 
#報告當前所有的linux發行版詳細信息
cobbler distro report 

#導入系統源文件生成倉庫
cobbler import --name=centos-8.0-x86_64 --path=/mnt --arch=x86_64

#將linux發行版系統鏡像與其對應的ks文件建立關聯
cobbler profile --name=centos7 --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7.cfg 

將linux發行版導入到cobbler在httpd服務的文件夾下

cobbler將系統yum源文件存放在 /var/www/cobbler/ks_mirror目錄下

cobbler import --name=centos6 --path=/var/www/html/centos/6/isos/x86_64/ --arch=x86_64
cobbler import --name=centos7 --path=/var/www/html/centos/7/isos/x86_64/ --arch=x86_64
cobbler import --name=centos8 --path=/var/www/html/centos/8/isos/x86_64/ --arch=x86_64

導入后重啟并同步

systemctl restart cobblerd
cobbler sync

范例：

[root@centos7 ~]#du -sh /var/www/cobbler/ks_mirror/*
11G /var/www/cobbler/ks_mirror/centos-7.7-x86_64
7.2G    /var/www/cobbler/ks_mirror/centos-8.1-x86_64
12K /var/www/cobbler/ks_mirror/config

配置linux發行版和關聯相應的ks文件

拷貝事先準備好的ks文件至/var/lib/cobbler/kickstarts目錄下

[root@centos7 ~]#cp /var/www/html/ks/centos{6,7,8}.ks /var/lib/cobbler/kickstarts

將linux發行版系統鏡像與其對應的ks文件建立關聯

cobbler profile --name=centos6 --distro=centos6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos6.cfg 
cobbler profile --name=centos7 --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg 
cobbler profile --name=centos8 --distro=centos8-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos8.cfg

注意，在導入distro時，cobbler會自動生成distro條目，這些并未和ks文件關聯，可以使用

cobbler profile remove --name=PROFILE_NAME

刪除后，再關聯ks文件。

建立關聯后重啟并同步

systemctl restart cobblerd
cobbler sync

查看詳細信息

cobbler report

范例：

[root@centos7 ~]#cobbler report
distros:
==========
Name                           : centos7-x86_64
Architecture                   : x86_64
TFTP Boot Files                : {}
Breed                          : redhat
Comment                        : 
Fetchable Files                : {}
Initrd                         : /var/www/cobbler/ks_mirror/centos7-x86_64/images/pxeboot/initrd.img
Kernel                         : /var/www/cobbler/ks_mirror/centos7-x86_64/images/pxeboot/vmlinuz
Kernel Options                 : {}
Kernel Options (Post Install)  : {}
Kickstart Metadata             : {'tree': 'http://@@http_server@@/cblr/links/centos7-x86_64'}
Management Classes             : []
OS Version                     : rhel7
Owners                         : ['admin']
Red Hat Management Key         : <<inherit>>
Red Hat Management Server      : <<inherit>>
Template Files                 : {}

Name                           : centos8-x86_64
Architecture                   : x86_64
TFTP Boot Files                : {}
Breed                          : redhat
Comment                        : 
Fetchable Files                : {}
Initrd                         : /var/www/cobbler/ks_mirror/centos8-x86_64/images/pxeboot/initrd.img
Kernel                         : /var/www/cobbler/ks_mirror/centos8-x86_64/images/pxeboot/vmlinuz
Kernel Options                 : {}
Kernel Options (Post Install)  : {}
Kickstart Metadata             : {'tree': 'http://@@http_server@@/cblr/links/centos8-x86_64'}
Management Classes             : []
OS Version                     : rhel8
Owners                         : ['admin']
Red Hat Management Key         : <<inherit>>
Red Hat Management Server      : <<inherit>>
Template Files                 : {}

Name                           : centos6-x86_64
Architecture                   : x86_64
TFTP Boot Files                : {}
Breed                          : redhat
Comment                        : 
Fetchable Files                : {}
Initrd                         : /var/www/cobbler/ks_mirror/centos6-x86_64/images/pxeboot/initrd.img
Kernel                         : /var/www/cobbler/ks_mirror/centos6-x86_64/images/pxeboot/vmlinuz
Kernel Options                 : {}
Kernel Options (Post Install)  : {}
Kickstart Metadata             : {'tree': 'http://@@http_server@@/cblr/links/centos6-x86_64'}
Management Classes             : []
OS Version                     : rhel6
Owners                         : ['admin']
Red Hat Management Key         : <<inherit>>
Red Hat Management Server      : <<inherit>>
Template Files                 : {}

profiles:
Owners                         : ['admin']
Parent Profile                 : 
Internal proxy                 : 
Red Hat Management Key         : <<inherit>>
Red Hat Management Server      : <<inherit>>
Repos                          : []
Server Override                : <<inherit>>
Template Files                 : {}
Virt Auto Boot                 : 1
Virt Bridge                    : xenbr0
Virt CPUs                      : 1
Virt Disk Driver Type          : raw
Virt File Size(GB)             : 5
Virt Path                      : 
Virt RAM (MB)                  : 512
Virt Type                      : xenpv

Name                           : Install_centos6
TFTP Boot Files                : {}
Comment                        : 
DHCP Tag                       : default
Distribution                   : centos6-x86_64
Enable gPXE?                   : 0
Enable PXE Menu?               : 1
Fetchable Files                : {}
Kernel Options                 : {}
Kernel Options (Post Install)  : {}
Kickstart                      : /var/lib/cobbler/kickstarts/ks6.cfg
Kickstart Metadata             : {}
Management Classes             : []
Management Parameters          : <<inherit>>
Name Servers                   : []
Name Servers Search Path       : []
Owners                         : ['admin']
Parent Profile                 : 
Internal proxy                 : 
Red Hat Management Key         : <<inherit>>
Red Hat Management Server      : <<inherit>>
Repos                          : []
Server Override                : <<inherit>>
Template Files                 : {}
Virt Auto Boot                 : 1
Virt Bridge                    : xenbr0
Virt CPUs                      : 1
Virt Disk Driver Type          : raw
Virt File Size(GB)             : 5
Virt Path                      : 
Virt RAM (MB)                  : 512
Virt Type                      : xenpv

systems:
==========

repos:
==========

images:
==========

mgmtclasses:
==========

packages:
==========

files:
==========

上面信息中有一行如下：

Kickstart Metadata             : {'tree': 'http://@@http_server@@/cblr/links/centos8-x86_64'}

該行的定義在文件 /var/www/cobbler/ks_mirror/config/centos8-x86_64.repo中

是cobbler自己定義安裝源路徑的特有語法規定的，因此可以在ks文件中指定安裝
源時直接指定為$tree變量。

url --url=$tree

范例：

[root@centos7 ~]#vim /var/www/cobbler/ks_mirror/config/centos8-x86_64.repo
[core-0]
name=core-0
baseurl=http://@@http_server@@/cobbler/ks_mirror/centos8-x86_64/AppStream
enabled=1
gpgcheck=0
priority=$yum_distro_priority

啟動菜單優化

修改/etc/cobbler/pxe/pxedefault.template模板文件，重啟同步

[root@centos7 ~]#vim /etc/cobbler/pxe/pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE Welcome! | www.wangxiaochun.com      # 自定義項
TIMEOUT 200 
TOTALTIMEOUT 6000
ONTIMEOUT pxe_timeout_profile

LABEL local
        MENU LABEL (local installation) # 自定義項1
        MENU DEFAULT
        LOCALBOOT -1pxe_menu_items

MENU end
[root@centos7 ~]#systemctl restart cobblerd
[root@centos7 ~]#cobbler sync

重啟同步后cobbler更新文件/var/lib/tftpboot/pxelinux.cfg/default

[root@centos7 ~]#vim /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Welcome! | www.wangxiaochun.com
TIMEOUT 200 
TOTALTIMEOUT 6000
ONTIMEOUT local

LABEL local
        MENU LABEL (local installation)
        MENU DEFAULT
        LOCALBOOT -1
LABEL Install_centos6
        kernel /images/centos6-x86_64/vmlinuz
        MENU LABEL Install_centos6
        append initrd=/images/centos6-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.100.100/cblr/svc/op/ks/profile/Install_centos6
        ipappend 2

LABEL Install_centos7
        kernel /images/centos7-x86_64/vmlinuz
        MENU LABEL Install_centos7
        append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.100.100/cblr/svc/op/ks/profile/Install_centos7
        ipappend 2

LABEL Install_centos8
        kernel /images/centos8-x86_64/vmlinuz
        MENU LABEL Install_centos8
        append initrd=/images/centos8-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.100.100/cblr/svc/op/ks/profile/Install_centos8
        ipappend 2
MENU end 

基于web界面來管理配置cobbler

安裝cobbler-web

yum install cobbler-web`
systemctl restart httpd

訪問web界面

用瀏覽器訪問：https://cobblerserver/cobbler_web

cobbler-web界面的默認賬號，用戶名：cobbler 密碼:cobbler

cobbler訪問圖示

默認賬戶密碼都是:cobbler

WEB的登錄認證方式

認證方法配置文件：/etc/cobbler/modules.conf
支持多種認證方法：

• authn_configfile，此為默認的認證方法
• authn_pam

使用authn_configfile模塊認證cobbler_web用戶

vim /etc/cobbler/modules.conf 
[authentication]
module=authn_configfile

創建其認證文件/etc/cobbler/users.digest，并添加所需的用戶

htdigest -c /etc/cobbler/users.digest Cobbler admin 

使用已有用戶文件，在其中添加新用戶

htdigest  /etc/cobbler/users.digest Cobbler admin2 

注意：

• 使用“-c”選項用于創建用戶文件，如果文件已存在，將覆蓋原文件
• cobbler_web的realm只能為Cobbler

使用authn_pam模塊認證cobbler_web用戶

vim /etc/cobbler/modules.conf
[authentication] 
module = authn_pam

systemctl restart cobblerd

創建cobbler用戶：

useradd -s /sbin/nologin cobbleruser
echo magedu | passwd --stdin cobbleruser 
vim  /etc/cobbler/users.conf 
[admins]
admin = "cobbleruser"

本文鏈接：http://www.avtobanya.com/36150.html