1.1 Cobbler集成的服务
PXE服务支持
DHCP服务管理
DNS服务管理(可选bind,dnsmasq)
电源管理
Kickstart服务支持
YUM仓库管理
TFTP(PXE启动时需要)
Apache(提供kickstart的安装源,并提供定制化的kickstart配置)#配置阿里云的epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
yum -y install dhcp tftp-server pykickstart httpd
yum -y install cobbler cobbler-web
#注意:报错Django >= 1.4
Error: Package: cobbler-web-2.6.11-6.git95749a6.el6.noarch (epel)
Requires: Django >= 1.4
yum install python-simplejson
wget https://kojipkgs.fedoraproject.org//packages/Django14/1.4.14/1.el6/noarch/Django14-1.4.14-1.el6.noarch.rpm
rpm -ivh Django14-1.4.14-1.el6.noarch.rpm
#如果缺少下列中的包,安装下
yum -y install mod_ssl python-cheetah createrepo python-netaddr genisoimage mod_wsgi syslinux PyYAML
[root@Cobbler ~]#yum -y install dhcp tftp-server pykickstart httpd cobbler cobbler-web
[root@Cobbler ~]#/etc/init.d/httpd restart
[root@Cobbler ~]#/etc/init.d/cobblerd restart
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[root@Cobbler ~]#vim /etc/httpd/conf/httpd.conf #添加以下一行
ServerName localhost:80
#检查Cobbler的配置,如果报销或看不到下面的结果,再次执行/etc/init.d/cobblerd restart
[root@Cobbler ~]#cobbler check 1条条的完成
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a recent version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in /etc/xinetd.d/rsync
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
1 2 7
[root@Cobbler ~]#vim /etc/cobbler/settings
原server: 127.0.0.1
server: 192.168.44.19
原next_server: 127.0.0.1
next_server: 192.168.44.19
原manage_dhcp: 0 #让cobbler管理DHCP
manage_dhcp: 1
原default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
default_password_crypted: "$1$cobbler$sqDDOBeLKJVmxTCZr52/11"
#密码设置方法
openssl passwd -1 -salt '随机值' '密码'
[root@Cobbler ~]#openssl passwd -1 -salt 'cobbler' '123456' $1$cobbler$sqDDOBeLKJVmxTCZr52/11
3.改/etc/xinetd.d/tftp的disable为no
原disable = yes
disable = on
4.[root@Cobbler ~]#cobbler get-loaders
task started: 2018-06-07_004722_get_loaders
task started (id=Download Bootloader Content, time=Thu Jun 7 00:47:22 2018)
.........
5.vim /etc/xinetd.d/rsync
原disable = yes
disable = on
#密码设置方法
openssl passwd -1 -salt '随机值' '密码'
[root@Cobbler ~]#openssl passwd -1 -salt 'cobbler' '123456' $1$cobbler$sqDDOBeLKJVmxTCZr52/11
快速修改配置文件
cp /etc/cobbler/settings{,.ori}
sed -i 's/server: 127.0.0.1/server: 192.168.44.19/' /etc/cobbler/settings
sed -i 's/next_server: 127.0.0.1/next_server: 192.168.44.19/' /etc/cobbler/settings
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/' /etc/cobbler/settings
sed -i 's/pxe_just_once: 0/pxe_just_once: 1/' /etc/cobbler/settings
sed -i 's/$1$mF86\/UHC$WvcIcX2t6crBz2onWxyac./$1$cobbler$sqDDOBeLKJVmxTCZr52\/11/' /etc/cobbler/settings
cp /etc/xinetd.d/rsync{,.ori}
sed -i 's/yes/no/' /etc/xinetd.d/rsync
cp /etc/cobbler/dhcp.template{,.ori}
[root@Cobbler ~]#vim /etc/cobbler/dhcp.template
subnet 192.168.44.0 netmask 255.255.255.0 {
option routers 192.168.44.2;
option domain-name-servers 192.168.44.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.44.100 192.168.44.254;
cp /etc/xinetd.d/tftp{,.ori}
vim /etc/xinetd.d/tftp
原disable = yes
disable = on
[root@Cobbler ~]#cobbler get-loaders
#改了dhcp的模板,就要同步一下配置
[root@Cobbler ~]#cobbler sync
#服务重启
/etc/init.d/httpd restart && /etc/init.d/xinetd restart && /etc/init.d/cobblerd restart && /etc/init.d/dhcpd restart
#服务开机自起动
chkconfig httpd on && chkconfig xinetd on && chkconfig cobblerd on && chkconfig dhcpd on
#域添加服务管理,一个服务控制4个服务,要加执行权限
#chmod +x /etc/init.d/cobbler-all
[root@Cobbler init.d]#vim /etc/init.d/cobbler-all
#!/bin/bash
#chkconfig: 345 80 90
#description:cobbler
case $1 in
start)
/etc/init.d/httpd start
/etc/init.d/xinetd start
/etc/init.d/dhcpd start
/etc/init.d/cobblerd start
;;
stop)
/etc/init.d/httpd stop
/etc/init.d/xinetd stop
/etc/init.d/dhcpd stop
/etc/init.d/cobblerd stop
;;
restart)
/etc/init.d/httpd restart
/etc/init.d/xinetd restart
/etc/init.d/dhcpd restart
/etc/init.d/cobblerd restart
;;
status)
/etc/init.d/httpd status
/etc/init.d/xinetd status
/etc/init.d/dhcpd status
/etc/init.d/cobblerd status
;;
sync)
cobbler sync
;;
*)
echo "Input error,please in put 'start|stop|restart|status|sync'!"
exit 2
;;
esac
[root@Cobbler ~]#cobbler check #这2个不需要处理
1 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
#Centos7.4导入
[root@Cobbler ~]#mount /dev/cdrom /mnt/
[root@Cobbler ~]#ls /mnt/
CentOS_BuildTag GPL LiveOS RPM-GPG-KEY-CentOS-7
EFI images Packages RPM-GPG-KEY-CentOS-Testing-7
EULA isolinux repodata TRANS.TBL
[root@Cobbler ~]#cobbler import --path=/mnt/ --name=Centos7.4 --arch=x86_64
#--path 镜像路径
#--name 为安装源定义一个名字
#--arch 指定安装源是32位、64位、ia64, 目前支持的选项有: x86│x86_64│ia64
#安装源的唯一标示就是根据name参数来定义,本例导入成功后,安装源的唯一标示就是:Centos6.9,如果重复,系统会提示导入失败。
#原7.4系统导入成功
[root@Cobbler ~]#du -h /|grep /var/www/cobbler/ks_mirror/Centos7.4-x86_64
4.2G /var/www/cobbler/ks_mirror/Centos7.4-x86_64
#Centos6.9导入
[root@Cobbler ~]#mount /dev/cdrom /mnt/
[root@Cobbler ~]#ls /mnt/
CentOS_BuildTag isolinux RPM-GPG-KEY-CentOS-Debug-6
EFI Packages RPM-GPG-KEY-CentOS-Security-6
EULA RELEASE-NOTES-en-US.html RPM-GPG-KEY-CentOS-Testing-6
GPL repodata TRANS.TBL
images RPM-GPG-KEY-CentOS-6
[root@Cobbler ~]#cobbler import --path=/mnt/ --name=Centos6.9 --arch=x86_64
#原6.9系统导入成功
[root@Cobbler ~]#du -h /|grep /var/www/cobbler/ks_mirror/Centos6.9-x86_64
3.8G /var/www/cobbler/ks_mirror/Centos6.9-x86_64
#查看镜像列表
[root@Cobbler ~]#cobbler distro list
Centos6.9-x86_64
Centos7.4-x86_64
#查看镜像的目录
[root@Cobbler ~]# ls /var/www/cobbler/ks_mirror/
Centos6.9-x86_64 Centos7.4-x86_64 config
#查看ks文件存放位置 sample_end.ks(默认使用的ks文件)
[root@Cobbler ~]#ls /var/lib/cobbler/kickstarts/
default.ks legacy.ks sample_esx4.ks sample_old.seed
esxi4-ks.cfg pxerescue.ks sample_esxi4.ks sample.seed
esxi5-ks.cfg sample_autoyast.xml sample_esxi5.ks
install_profiles sample_end.ks sample.ks
#Cetnos6.9的cfg配置文件
[root@Cobbler kickstarts]#cat /var/lib/cobbler/kickstarts/Centos6.9-x86_64.cfg
#kickstart template for Fedora 8 and later.
#(includes %end blocks)
#do not use with earlier distros
#platform=x86, AMD64, or Intel EM64T
#System authorization information
#auth --useshadow --enablemd5
authconfig --enableshadow --passalgo=sha512
#System bootloader configuration
bootloader --location=mbr --driveorder=sda --append="nomodeset crashkernel=auto rhgb quiet"
#Partition clearing information
clearpart --all --initlabel
#Use text mode install
text
#Firewall configuration
firewall --disabled
#Run the Setup Agent on first boot
firstboot --disable
#System keyboard
keyboard us
#System language
lang en_US
#Use network installation
url --url=$tree
#If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
#Network information
$SNIPPET('network_config')
#Reboot after installation
reboot
logging --level=info
#Root password
rootpw --iscrypted $default_password_crypted
#SELinux configuration
selinux --disabled
#Do not configure the X Window System
skipx
#System timezone
timezone Asia/Shanghai
#Install OS instead of upgrade
install
#Clear the Master Boot Record
zerombr
#Allow anaconda to partition the system as needed
#autopart
part /boot --fstype=ext4 --asprimary --size=200
part swap --asprimary --size=1024
part / --fstype=ext4 --grow --asprimary --size=200
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
#Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
%post
$SNIPPET('log_ks_post')
#Start yum configuration
$yum_config_stanza
#End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
#Enable post-install boot notification
$SNIPPET('post_anamon')
#Start final steps
$SNIPPET('kickstart_done')
#End final stepsi
mkdir -p /srv/scripts
wget -O /tmp/Initialization-install.sh http://192.168.44.19/cobbler/ks_mirror/Centos6.9-x86_64/Initialization-install.sh
wget -O /srv/scripts/backup.sh http://192.168.44.19/cobbler/ks_mirror/Centos6.9-x86_64/backup.sh
chmod +x /srv/scripts/backup.sh
chmod +x /tmp/Initialization-install.sh
/bin/sh /tmp/Initialization-install.sh
%end
#Centos6.9初始化和优化脚本
[root@Cobbler Centos6.9-x86_64]#cat /var/www/cobbler/ks_mirror/Centos6.9-x86_64/Initialization-install.sh
#/bin/sh
#备份源有的yum仓库
mv /etc/yum.repos.d/CentOS-Base.repo{,.ori}
mv /etc/yum.repos.d/CentOS-Debuginfo.repo{,.ori}
mv /etc/yum.repos.d/CentOS-fasttrack.repo{,.ori}
mv /etc/yum.repos.d/CentOS-Media.repo{,.ori}
mv /etc/yum.repos.d/CentOS-Vault.repo{,.ori}
#创建局域网yum仓库
cat > /etc/yum.repos.d/yum-http.repo << EOF
[yumserver]
name=yum01
baseurl=http://192.168.44.71/centos6.9/
enabled=1
gpgcheck=0
EOF
#安装阿里云源 阿里云EPEL源 zabbix3.0源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
rpm -i http://repo.zabbix.com/zabbix/3.0/rhel/6/x86_64/zabbix-release-3.0-1.el6.noarch.rpm
#局域网yum源和互联网yum源切换
cat > /etc/yum.repos.d/wnayum.sh << EOF
mv CentOS-Base.repo1 CentOS-Base.repo
mv epel.repo1 epel.repo
mv zabbix.repo1 zabbix.repo
mv yum-http.repo yum-http.repo1
EOF
cat > /etc/yum.repos.d/lanyum.sh << EOF
mv CentOS-Base.repo CentOS-Base.repo1
mv epel.repo epel.repo1
mv zabbix.repo zabbix.repo1
EOF
chmod +x /etc/yum.repos.d/wnayum.sh
chmod +x /etc/yum.repos.d/lanyum.sh
#安装常用工具
yum -y install tree links samba-client cifs-utils lrzsz wget vim
#安装服务软件
yum -y install zabbix-agent rsync salt-minion ntp httpd
#安装nginx依赖包
yum -y install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre pcre-devel zlib zlib-devel
#安装mysql依赖包
yum -y install gcc gcc-c++ ncurses ncurses-devel cmake bison
#安装php相关包
yum -y install libmcrypt libmcrypt-devel mhash mhash-devel php-mcrypt libevent libevent-devel libxml2 libxml2-devel bzip2-devel libpng-devel freetype-devel libxslt-devel net-snmp-devel readline-devel aspell-devel unixODBC-devel libicu-devel libc-client libc-client-devel libXpm-devel libvpx-devel enchant-devel openldap openldap-devel postgresql-devel db4-devel gmp-devel sqlite-devel pcre-devel mysql-devel openssl-devel swig libjpeg-turbo libjpeg-turbo-devel libpng freetype zlib zlib-devel
#开启所需要的服务
chkconfig --list |egrep "ntpd|ntpdate|salt-minion|zabbix-agent|crond|httpd|sshd|network|rsyslog|sysstal"|awk '{print "chkconfig",$1,"on"}' |bash
#关闭不必要的服务
chkconfig --list |egrep -v "ntpd|ntpdate|salt-minion|zabbix-agent|crond|httpd|sshd|network|rsyslog|sysstal" |awk '{print "chkconfig",$1,"off"}'|bash
#命令别名
echo "alias rm='echo Please backup before deleting'" >>/root/.bashrc
echo "alias grep='grep --color=auto'" >>/root/.bashrc
echo "namedate=.terry.$(date +%F)v1" >> /root/.bash_profile
#系统优化
/etc/issue && > /etc/issue.net
echo 'welcome to linux' > /etc/motd
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
sed -i '13 iPort 52222\nPermitRootLogin yes\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no' /etc/ssh/sshd_config
/etc/init.d/iptables stop >/dev/null
chkconfig iptables off >/dev/null
#内核参数优化
[ -f /etc/sysctl.conf.bak ] && /bin/cp /etc/sysctl.conf.bak /etc/sysctl.conf.bak.$(date +%F) ||/bin/cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
EOF
sysctl -p >/dev/null 2>&1
#更新别名配置文件
source /root/.bash_profile
source /etc/profile
source /root/.bashrc
#配置rsync密码文件
echo "yehaixiao" >/etc/rsync.password
chmod 600 /etc/rsync.password
#计划任务
echo '/5 /usr/sbin/ntpdate -u time.nist.gov >/dev/null 2>&1' >> /var/spool/cron/root
echo '00 10 /bin/sh /srv/scripts/backup.sh >/dev/null 2>&1' >> /var/spool/cron/root
#调整文件描述符数量
/bin/cp /etc/security/limits.conf /etc/security/limits.conf.bak
echo '* - nofile 65535'>>/etc/security/limits.conf
#服务器重要文件备份脚本
[root@Cobbler Centos6.9-x86_64]#cat /var/www/cobbler/ks_mirror/Centos6.9-x86_64/backup.sh
#/bin/sh
#backup
hostn=$(hostname)
ip=$(grep -i ipaddr /etc/sysconfig/network-scripts/ifcfg-eth0|awk -F "=" '{print $2}')
Path="/backup/$hostn-$ip"
if [ $(date +%w) -eq 0 ]
then
Time="week$(date +%F%w -d "-1day")"
else
Time=$(date +%F)
fi
mkdir -p /$Path
#tar
tar zcf /$Path/www$Time.tar.gz /var/www/html/ &&\
tar zcf /$Path/log$Time.tar.gz /var/log/ &&\
tar zcf /$Path/conf$Time.tar.gz /var/spool/cron/root /etc/rc.local /etc/sysconfig/iptables /srv/scripts/ &&\
find /$Path/ -type f -name "$Time.tar.gz"|xargs md5sum > /$Path/flag_$Time.txt
rsync -avz --password-file=/etc/rsync.password /backup/ rsync@BACKUP::backup
find /backup/ -type f -mtime +7 ( -name ".tar.gz" -o -name "*.txt" )|xargs rm -f
[root@Cobbler kickstarts]#cobbler list
distros: #仓库
Centos6.9-x86_64
profiles: #配置
Centos6.9-x86_64
......
#修改ks文件的路径,
[root@Cobbler ~]#cobbler profile edit --name=Centos6.9-x86_64 --kickstart=/var/lib/cobbler/kickstarts/Centos7.4-x86_64.cfg
#查看profile配置参数
[root@Cobbler ~]#cobbler profile report
Name : Centos6.9-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : Centos6.9-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/Centos6.9-x86_64.cfg
Kickstart Metadata : {}
#修改开机提示
[root@Cobbler kickstarts]#cat /etc/cobbler/pxe/pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler By Terry | http://www.yehaixiao.com
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT $pxe_timeout_profile
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
$pxe_menu_items
MENU end
#重启动服务
[root@Cobbler ~]#/etc/init.d/cobbler-all restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
Shutting down dhcpd: [ OK ]
Starting dhcpd: [ OK ]
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: [ OK ]
#执行同步
[root@Cobbler kickstarts]#cobbler sync
#自动化安装,配置IP,主机名,DNS
[root@Cobbler kickstarts]#cobbler system add --name=test001 --mac=00:50:56:28:69:F0 --profile=Centos6.9-x86_64 --ip-address=192.168.44.68 --subnet=255.255.255.0 --gateway=192.168.44.2 --interface=eth0 --static=1 --hostname=cobbler02 --name-servers="192.168.44.2"
#查看自动安装列表
[root@Cobbler kickstarts]#cobbler system list
test001
#web端管理方法
http://192.168.0.2/cobbler_web/
设置用户名密码:
为已存在的用户重置密码:
htdigest /etc/cobbler/users.digest "Cobbler" cobbler
添加新用户:
htdigest /etc/cobbler/users.digest "Cobbler" yourname