01 Cobbler 系统部署
- 1.Cobbler服务安装
- 2.CobblerDistro应用
- 3.CobblerProfile应用
- 4.Cobbler自定义仓库
- 5.Cobbler自定义重装
- 6.Cobbler自定义安装
- 7.CobblerKS配置文件
- 8.Cobbler项目案例
徐亮伟, 江湖人称标杆徐。多年互联网运维工作经验,曾负责过大规模集群架构自动化运维管理工作。擅长Web集群架构与自动化运维,曾负责国内某大型电商运维工作。
个人博客"徐亮伟架构师之路"累计受益数万人。老男孩Linux云计算运维QQ交流群: 384467551 226199307
老男孩教育官网 http://www.oldboyedu.com
Cobbler是一个免费开源系统安装部署软件,用于自动化网络安装操作系统。
Cobbler集成了DNS DHCP软件包更新,以及配置管理,方便操作系统安装自动化。
Cobbler支持命令行管理, web界面管理, 同时提供API接口便于二次开发。
Cobbler客户端Koan支持虚拟机安装和操作系统重新安装,使重装系统更便捷。
Cobbler各个组件之间关系Cobbler设计模式
1.发行版(distro): 表示操作系统。它承载了内核和initrd引导程序
2.存储库(repository): 保存yum缓存文件的镜像仓库
3.配置文件(profile):定义操作系统的发行版的ks配置文件,也包含内核参数信息等
4.系统(system):主要配置网络接口, 固定IP以及MAC地址
distro->profile-system(可选)
1.Cobbler服务安装
| 系统 | 服务 | 地址 |
|---|---|---|
| CentOS7.5 | Cobbler-Server | 10.0.0.61 |
| CentOS6/7 | Cobbler-Client | DHCP|自定义 |
1.基础环境准备
//查看当前系统版本以及内核信息
[root@cobbler ~]# hostnamectl
Static hostname: xuliangwei.com
Icon name: computer-vm
Chassis: vm
Machine ID: 6878674c84644fd381a5e3a82d80cf18
Boot ID: 0ec917dac5804f3fa45587a4390fd4fe
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-693.el7.x86_64
Architecture: x86-64
//关闭selinux防火墙
[root@cobbler ~]# setenforce 0
[root@cobbler ~]# getenforce
Disabled
//关闭firewalld防火墙
[root@cobbler ~]# systemctl stop firewalld
[root@cobbler ~]# systemctl disable firewalld
2.安装Cobbler
//安装epel源
[root@cobbler ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
//安装cobbler及各个组件
[root@cobbler ~]# yum install cobbler cobbler-web pykickstart httpd dhcp tftp xinetd -y
3.启动httpd以及CobblerServer
[root@cobbler ~]# systemctl start httpd
[root@cobbler ~]# systemctl start cobblerd
4.执行cobbler check检测,将错误逐一进行解决
//启用cobbler动态配置,如不启动则可以通过手动或sed命令替换配置
[root@cobbler ~]# sed -ri '/allow_dynamic_settings:/c \allow_dynamic_settings: 1' /etc/cobbler/settings
[root@cobbler ~]# systemctl restart cobblerd
#1.配置CobblerServer地址
[root@cobbler ~]# cobbler setting edit --name=server --value=192.168.56.11
#2.修改next_server主机IP
[root@cobbler ~]# cobbler setting edit --name=next_server --value=192.168.56.11
#3.配置tftp
[root@cobbler ~]# sed -ri '/disable/c\disable = no' /etc/xinetd.d/tftp
[root@cobbler ~]# systemctl enable xinetd
[root@cobbler ~]# systemctl restart xinetd
#4.启动rsync
[root@cobbler ~]# systemctl start rsyncd
[root@cobbler ~]# systemctl enable rsyncd
#5.下载网络安装需要执行的文件
[root@cobbler ~]# cobbler get-loaders
#6.安装debmirror, 修改/etc/debmirror.conf
[root@cobbler ~]# yum -y install debmirror
[root@cobbler ~]# sed -ri '/@dists=/c#@dists="sid";' /etc/debmirror.conf
[root@cobbler ~]# sed -ri '/@arches=/c#@arches="i386";' /etc/debmirror.conf
#7.配置系统登录密码
[root@cobbler ~]# openssl passwd -1 -salt 'cobbler' 'Bgx123.com'
[root@cobbler ~]# cobbler setting edit --name=default_password_crypted --value='$1$cobbler$RTWR1S/XXjsj9af1IZGi/.'
#8.电源控制模块安装[可选]
[root@cobbler ~]# yum -y install cman fence-agents
#9.开启dhcp地址分配
[root@cobbler ~]# cobbler setting edit --name=manage_dhcp --value=1
5.执行cobbler check检查
[root@cobbler ~]# cobbler check
No configuration problems found. All systems go.
6.配置cobbler的dhcp模板[不代表给主机分配一定是如下地址]
[root@cobbler ~]# vim /etc/cobbler/dhcp.template
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.2;
option domain-name-servers 10.0.0.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 10.0.0.100 10.0.0.200;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
7.重启并同步CobblerServer所有配置信息
[root@cobbler ~]# systemctl restart cobblerd
[root@cobbler ~]# cobbler sync
2.CobblerDistro应用
1.cobbler需要导入distro发行版系统。
#1.挂载CentOS7系统ISO光盘
[root@cobbler ~]# mount /dev/cdrom /mnt/
#2.import导入系统镜像,并指定名称与平台
[root@cobbler ~]# cobbler import --path=/mnt/ --name=centos7u5 --arch=x86_64
#3.查看cobbler distro
[root@cobbler ~]# cobbler distro list
centos7u5-x86_64
3.CobblerProfile应用
在distro基础上指定profile全局配置, 但真正安装系统还缺少kickstart应答文件, 因为kickstart文件才是安装服务器的过程。
1.首先移除默认的profile配置
[root@cobbler ~]# cobbler profile remove --name="centos7u5-x86_64"
2.添加新的profile名称, 指定对应的kickstart应答文件位置
[root@cobbler ~]# cobbler profile add \
--name=centos7u5-web \
--distro=centos7u5-x86_64 \
--kickstart=/var/lib/cobbler/kickstarts/centos7.cfg
3.启动同网段服务器, 系统会寻找dhcp, 然后进入Cobbler系统安装页面。
4.Cobbler自定义仓库
1.添加repo
[root@cobbler ~]# cobbler repo add --name=openstack-n-centos7 \
--mirror=https://mirrors.aliyun.com/centos/7.4.1708/cloud/x86_64/openstack-newton/
//或者同步本地仓库
[root@cobbler ~]# cobbler repo add --name=local-ftp-base \
--mirror=ftp://192.168.56.11/centos7/base/
2.同步repo
[root@cobbler ~]# cobbler reposync
3.添加repo到对应的profile
//http协议
[root@cobbler ~]# cobbler profile edit --name=centos7u4-x86_64 --repos=openstack-n-centos7
//本地ftp
[root@cobbler ~]# cobbler profile edit --name=centos7u4-x86_64 --repos=local-ftp-base
4.修改kickstart文件 (添加到%post %end中间)
%post
$yum_config_stanza
%end
5.在Cobbler服务器上添加定时任务, 定期同步公网rpm至本地
echo "00 3 * * * /usr/bin/cobbler reposync --tries=3 --no-fail" >> /var/spool/cron/root
5.Cobbler自定义重装
当现有虚拟机运行出现故障后, 需要进行重装操作, 可通过koan进行重装系统
1.客户端安装koan
//下载当前系统对应的epel源(Centos7)
[root@localhost ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
//安装koan
[root@localhost ~]# yum install -y koan
2.指定对应profile重装操作系统
//客户端列出`Cobbler Server`端存在的`profile`
[root@localhost ~]# koan --server=192.168.56.11 --list=profiles
//选择对应配置即可
[root@localhost ~]# koan --replace-self --server=192.168.56.11 --profile=centos7u4-x86_64
4、重启客户端, 客户端自动进入重装
[root@localhost ~]# reboot
6.Cobbler自定义安装
由于kickstart指定某台服务器使用某个具体的ks文件比较复杂,所以引用Cobbler就变得非常的简单。通过物理MAC地址来区分。
Cobbler system主要目的配置网络接口, 通过system指定服务器MAC地址来固定机器的IP、掩码、网关、DNS、主机名等实现基础环境的标准化
1.服务器采购
2.服务器验收并配置raid
3.服务商提供验收单, 运维验收负责人签字
4.服务器上架
5.资产录入
6.服务器加入装机VLAN
7.根据资产清单MAC进行自定义安装
配置指令如下:
IP地址: 10.0.0.150
掩码: 255.255.255.0
网关: 10.0.0.2
DNS: 10.0.0.2
主机名:linux-node2.com
//Cobbler具体指令
[root@cobbler ~]# cobbler system add --name=linux-node2.com \
--mac=00:0C:29:D2:A3:B0 \
--profile=centos7u5-web \
--ip-address=10.0.0.150 \
--subnet=255.255.255.0 \
--gateway=10.0.0.2 \
--interface=eth0 \
--static=1 \
--hostname=linux-node2.com \
--name-servers="10.0.0.2"
//同步配置信息
[root@cobbler ~]# cobbler sync
[root@cobbler ~]# cobbler system list
linux-node2.com
7.CobblerKS配置文件
Kickstart将整个安装过程中要做的事全部写入应答文件中, 包含所有操作系统安装的过程
%Pre部分: 安装前解析的脚本,通常用来生成特殊的
ks配置,比如由一段程序决定磁盘分区等;
%Package部分: 安装包的选择,可以是@base这样的组的形式,也可以是这样 http-* 包的形式;
%Post部分: 安装后执行的脚本,通常用来做系统的初始化设置。比如启动的服务,相关的设定等。
centos7u5.cfg主要使用的配置文件[重要]
cat centos7.cfg
#CentOS7
#Kickstart Configurator by xuliangwei
#platform=x86, AMD64, or Intel EM64T
#System language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree
#System bootloader configuration
bootloader --location=mbr --append="net.ifnames=0 biosdevname=0"
#Clear the Master Boot Record
zerombr
#Partition clearing information
clearpart --all --initlabel
#Disk partitioning information
part /boot --fstype xfs --size 1024 --ondisk sda
part swap --size 1024 --ondisk sda
part / --fstype xfs --size 1 --grow --ondisk sda
#System authorization infomation
auth --useshadow --enablemd5
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=eth0 --onboot=on
# Reboot after installation
reboot
#Firewall configuration
firewall --disabled
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
#Package install information
%packages
@base
@core
sysstat
iptraf
ntp
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
tree
nmap
screen
wget
%end
%post
$yum_config_stanza
systemctl disable postfix.service
# Firewalld
systemctl disable firewalld.service
sed -i '/^SELINUX=/cSELINUX=disabled' /etc/selinux/config
# SSH Config
sed -ri '/#UseDNS/cUseDNS no' /etc/ssh/sshd_config
systemctl restart sshd
%end
8.Cobbler项目案例
背景
现有5台机器,需要自动化安装Centos7.5系统,并根据不同的业务配置不同的Cobbler profile,根据不同的profile定义不同的ks文件master.ks 安装
salt-master、zabbix-server并启动服务
minion.ks 安装salt-minion、zabbix-agent指向masterIP地址,启动服务
操作流程
1.
cobbler服务导入centos7系统
2.定义不同的profile (master|minion)
3.自动化创建KVM虚拟机, 获取对应的mac,写入指定文件
4.使用脚本自动化的创建system对应kvm虚拟机
5.启动KVM虚拟机,自动化安装开始,测试
环境准备
| 系统 | 服务 | 地址 |
|---|---|---|
| centos7.4 | Cobbler-Server | 192.168.56.11 |
| centos7 | Salt-Master | 192.168.56.100 |
| centos7 | Salt-Minion | 192.168.56.101 |
| centos7 | Salt-Minion | 192.168.56.102 |
| centos7 | Salt-Minion | 192.168.56.103 |
| centos7 | Salt-Minion | 192.168.56.104 |
1.自动化创建KVM虚拟机
for i in {0..4};do
Name=salt${i}_master_56_10$i
virt-install --name $Name \
--virt-type kvm \
--ram 2048 \
--pxe --disk size=20,bus=virtio \
--network bridge=br1 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
done
2.配置cobbler的profile
Master对应的profile
cobbler profile add \
--name=centos7u4-master \
--distro=centos7u4-x86_64 \
--kickstart=/var/lib/cobbler/kickstarts/centos7_master.ks
Minion对应的profile
cobbler profile add \
--name=centos7u4-minion \
--distro=centos7u4-x86_64 \
--kickstart=/var/lib/cobbler/kickstarts/centos7_minion.ks
3.Cobbler的Ks文件以及脚本文件
注意:KVM虚拟机是vda和vdb,如果使用vmware请注意磁盘名称为sda、sdb
Master使用的ks配置文件
cat /var/lib/cobbler/kickstarts/centos7_master.ks
#CentOS7
#Kickstart Configurator by xuliangwei
#platform=x86, AMD64, or Intel EM64T
#System language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree
#System bootloader configuration
bootloader --location=mbr --append="net.ifnames=0 biosdevname=0"
#Clear the Master Boot Record
zerombr
#Partition clearing information
clearpart --all --initlabel
#Disk partitioning information
part /boot --fstype xfs --size 1024 --ondisk vda
part swap --size 1024 --ondisk vda
part / --fstype xfs --size 1 --grow --ondisk vda
#System authorization infomation
auth --useshadow --enablemd5
#Network information
$SNIPPET('network_config')
# Reboot after installation
reboot
#Firewall configuration
firewall --disabled
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
#Package install information
%packages
@base
@core
sysstat
iptraf
ntp
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
tree
nmap
screen
wget
%end
%post
$yum_config_stanza
systemctl disable postfix.service
# Firewalld
systemctl disable firewalld.service
sed -i '/^SELINUX=/cSELINUX=disabled' /etc/selinux/config
# SSH Config
sed -ri '/#UseDNS/cUseDNS no' /etc/ssh/sshd_config
systemctl restart sshd
#Install Zabbix Saltstack MInion Repo
# epel
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# Saltstack
yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
sed -i "s/repo.saltstack.com/mirrors.aliyun.com\/saltstack/g" /etc/yum.repos.d/salt-latest.repo
# Zabbix
yum install -y https://mirrors.aliyun.com/zabbix/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm
# YUM Install Zabbix-agent And SaltStack-minion
yum clean all && yum makecache
yum install salt-master mariadb-server mariadb zabbix-server-mysql zabbix-web-mysql -y
# Config Zabbix-SaltStack-Master
systemctl enable salt-master zabbix-server httpd mariadb
systemctl start salt-master zabbix-server httpd mariadb
%end
Minion使用的ks配置文件
cat /var/lib/cobbler/kickstarts/centos7_minion.ks
#CentOS7
#Kickstart Configurator by xuliangwei
#platform=x86, AMD64, or Intel EM64T
#System language
lang en_US
#System keyboard
keyboard us
#Sytem timezone
timezone Asia/Shanghai
#Root password
rootpw --iscrypted $default_password_crypted
#Use text mode install
text
#Install OS instead of upgrade
install
#Use NFS installation Media
url --url=$tree
#System bootloader configuration
bootloader --location=mbr --append="net.ifnames=0 biosdevname=0"
#Clear the Master Boot Record
zerombr
#Partition clearing information
clearpart --all --initlabel
#Disk partitioning information
part /boot --fstype xfs --size 1024 --ondisk vda
part swap --size 1024 --ondisk vda
part / --fstype xfs --size 1 --grow --ondisk vda
#System authorization infomation
auth --useshadow --enablemd5
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=eth0 --onboot=on
# Reboot after installation
reboot
#Firewall configuration
firewall --disabled
#SELinux configuration
selinux --disabled
#Do not configure XWindows
skipx
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
#Package install information
%packages
@base
@core
sysstat
iptraf
ntp
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
tree
nmap
screen
wget
%end
%post
$yum_config_stanza
systemctl disable postfix.service
# Firewalld
systemctl disable firewalld.service
sed -i '/^SELINUX=/cSELINUX=disabled' /etc/selinux/config
# SSH Config
sed -ri '/#UseDNS/cUseDNS no' /etc/ssh/sshd_config
systemctl restart sshd
#Install Zabbix Saltstack MInion Repo
# epel
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# Saltstack
yum install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
sed -i "s/repo.saltstack.com/mirrors.aliyun.com\/saltstack/g" /etc/yum.repos.d/salt-latest.repo
# Zabbix
yum install -y https://mirrors.aliyun.com/zabbix/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-2.el7.noarch.rpm
# YUM Install Zabbix-agent And SaltStack-minion
yum clean all && yum makecache
yum install salt-minion zabbix-agent -y
# Config Zabbix-Agent And SaltStack-Minion
sed -ri '/#master: /cmaster: 192.168.56.100' /etc/salt/minion
sed -i 's/Server=127.0.0.1/Server=192.168.56.100/g' /etc/zabbix/zabbix_agentd.conf
systemctl enable salt-minion zabbix-agent
systemctl start salt-minion zabbix-agent
%end
4.实现简单的CMDB资产记录
[root@Cobbler ~]# cat cobbler_file.txt
salt0-master.bgx.com 192.168.56.100 00:50:56:25:5C:57
salt1-minion.bgx.com 192.168.56.101 00:50:56:27:99:6A
salt2-minion.bgx.com 192.168.56.102 00:50:56:2B:4A:8C
5.使用脚本自动化添加system
cat cobbler_auto.sh
#!/usr/bin/bash
# 定义常量
net="255.255.255.0"
gate="192.168.56.2"
interface=eth0
dns=192.168.56.2
# 循环处理文件,提取关键字
while read line
do
len1=$(echo $line|awk '{print $1}')
len2=$(echo $line|awk '{print $2}')
len3=$(echo $line|awk '{print $3}')
# 根据主机名判断是master或minion
host=$(echo $line|awk -F '[-.]' '{print $2}')
# 判断是否存在system
exis_minion=$(cobbler system list|grep "$len1"|wc -l)
exis_master=$(cobbler system list|grep "$len1"|wc -l)
# 检查system中是否存在minion
if [ $exis_minion -eq 1 ];then
echo "已存在 $len1" && continue
fi
# 检查system中是否存在master
if [ $exis_master -eq 1 ];then
echo "已存在 $len1" && continue
fi
# 检查cmdb中的名称,然后定义对应的变量
if [ $host == "master" ];then
profile="centos7u4-master"
elif [ $host == "minion" ];then
profile="centos7u4-minion"
fi
# 使用cobbler进行添加system自定义
cobbler system add \
--name="$len1" \
--mac="$len3" \
--profile="$profile" \
--ip-address=$len2 \
--subnet=$net \
--gateway=$gate \
--interface=$interface \
--static=1 \
--hostname=$len1 \
--name-servers=$dns
# 检查执行后对应的信息
if [ $? -eq 0 ];then
echo "$len1 创建system成功, 主机对应的profile是 $profile"
fi
done<cobbler_file.txt
6.验证执行后的结果
[root@bgx ~]# sh cobbler_auto.sh
salt0-master.bgx.com 创建system成功, 主机对应的profile是 centos7u4-master
salt1-minion.bgx.com 创建system成功, 主机对应的profile是 centos7u4-minion
salt2-minion.bgx.com 创建system成功, 主机对应的profile是 centos7u4-minion
#再次执行
[root@bgx ~]# sh cobbler_auto.sh
已存在 salt0-master.bgx.com
已存在 salt1-minion.bgx.com
已存在 salt2-minion.bgx.com
7.验证Cobbler装机状态
6.使用Xshell添加连接主机标签
7.验证Saltstack和Zabbix
