運維自動化之Cobbler系統安裝詳解
原創【51CTO獨家特稿】SA們現在都知道運維自動化的重要性,尤其是對于在服務器數量按幾百臺、幾千臺增加的公司而言,單單是裝系統,如果不通過自動化來完成,根本是不可想象的。
運維自動化安裝方面,早期一般使用人工配置pxe+dhcp+tftp配合kickstart,現在開源工具就多了,如cobbler,OpenQRM和Spacewalk。本文重點介紹Cobbler。
Cobbler介紹
Cobbler是一個快速網絡安裝linux的服務,而且在經過調整也可以支持網絡安裝windows。該工具使用python開發,小巧輕便(才15k行代碼),使用簡單的命令即可完成PXE網絡安裝環境的配置,同時還可以管理DHCP,DNS,以及yum包鏡像。
Cobbler支持命令行管理,web界面管理,還提供了API接口,可以方便二次開發使用。
和Kickstart不同的是,使用cobbler不會因為在局域網中啟動了dhcp而導致有些機器因為默認從pxe啟動在重啟服務器后加載tftp內容導致啟動終止。
常用架構如下圖:
cobbler的安裝部署配置
cobbler安裝環境準備
對于centos本身源 ,可根據自己所在地選擇離自己近的鏡像源,比如mirrors.163.com或mirrors.sohu.com
1, 安裝epel
rpm -Uvh 'http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm'
2, 安裝dhcp服務
yum -y install dhcp
3, 其他服務的安裝
額外需要的服務還有tftp,rsync,xinetd,httpd。所以如果安裝系統的時候如果這幾個包沒裝上,請手動安裝。
關閉后最好重啟一下,讓selinux的設置生效
cobbler安裝配置
1, cobbler安裝
yum -y install cobbler
2, cobbler的配置
啟動cobbler
# /etc/init.d/cobblerd start
啟動httpd服務
# /etc/init.d/httpd start
檢查配置,執行
cobbler check
執行完后出現下面的信息
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost,or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : you need to set some SELinux content rules to ensure cobbler works correctly in your SELinux environment, run the following:
/usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && \
/usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*"
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot.The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : change 'disable' to 'no' in /etc/xinetd.d/tftp
6 : change 'disable' to 'no' in /etc/xinetd.d/rsync
7 : since iptables may be running, ensure 69, 80, and 25151 are unblocked
8 : debmirror package is not installed, it will be required to manage debian deployments and repositories
9 : The default password used by the sample templates for newly installed machines
(default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed,
try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
Restart cobblerd and then run 'cobbler sync' to apply changes.
上面這段信息大意就是:
1,編輯/etc/cobbler/settings文件,找到 server選項,修改為適當的ip地址,本實例配置ip為:192.168.10.1
2,編輯/etc/cobbler/settings文件,找到 next_server選項,修改為適當的ip地址,本實例配置ip為:192.168.10.1
3,SELinux的設置。如果上面已經關閉了SELinux就不用管了
4,執行 cobbler get-loaders,系統將自動下載loader程序,完成提示4的修復工作。
5,編輯/etc/xinetd.d/tftp文件,將文件中的disable字段的配置由yes改為no
6,編輯/etc/xinetd.d/rsync文件,將文件中的disable字段的配置由yes改為no
7,在iptables中將69,80,25151端口打開。如果僅僅只是在內部環境中使用,建議直接將防火墻關掉
8,提示說debmirror沒安裝。如果不是安裝 debian之類的系統,此提示可以忽略,如果需要安裝,下載地址為:
http://rpmfind.net/linux/rpm2html/search.php?query=debmirror
CentOS 6使用RHEL 5的包就可以。
9,修改cobbler用戶的默認密碼,可以使用如下命令生成密碼,并使用生成后的密碼替換/etc/cobbler/settings中的密碼。生成密碼命令:
openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'
其中“random-phrase-here”為干擾碼
所有提示全部fix之后,執行
/etc/init.d/cobblerd restart
#p#
cobbler的使用
導入安裝文件
執行如下命令
cobbler import --path=rsync://mirrors.163.com/centos/6.0/os/i386/ --name=centos-6.0-i386 task started: 2011-08-12_143009_import task started (id=Media import, time=Fri Aug 12 14:30:09 2011) running: rsync -a 'rsync://10.4.8.1/centos/6.0/os/i386/' /var/www/cobbler/ks_mirror/centos-6.0-i386 --exclude-from=/etc/cobbler/rsync.exclude --progress received on stdout: receiving file list ... 4555 files to consider 中間部分省略…………………… sent 100341 bytes received 4633547466 bytes 8784166.46 bytes/sec total size is 4632564894 speedup is 1.00 received on stderr: adding distros scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature found content (breed=redhat) at /v creating new distro: centos-6.0-i386 creating new profile: centos-6.0-i386 associating repos traversing distro centos-6.0-i386 scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature found content (breed=redhat) at /v descent into /var/www/cobbler/ks_mirror/centos-6.0-i386 processing repo at : /var/www/cobbler/ks_mirror/centos-6.0-i386 need to process repo/comps: /var/www/cobbler/ks_mirror/centos-6.0-i386 looking for /var/www/cobbler/ks_mirror/centos-6.0-i386/repodata/*comps*.xml running: createrepo -c cache -s sha --groupfile /var/www/cobbler/ks_mirror/centos-6.0-i386/repodata/73a3b7e0741eba6cafa8d5404b02565060e7f2293caab10657074186c48e713b-c6-i386-comps.xml /var/www/cobbler/ks_mirror/centos-6.0-i386 1278/4519 - Packages/clutter-1.0.6-3.el6.i686.rpm iso-8859-1 encoding on Ville Skytt <ville.skytta@iki.fi> - 2.8.2-2 4519/4519 - Packages/xorg-x11-twm-1.0.3-5.1.el6.i686.rpm Saving Primary metadata Saving file lists metadata Saving other metadata received on stderr: associating kickstarts scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature found content (breed=redhat) at /v *** TASK COMPLETE ***
從上面顯示信息所知,cobbler會將鏡像中的拷貝到本地一份,放在/var/www/cobbler/ks_mirrors下的centos-6.0-i386目錄下。同時會創建一個名字為centos-6.0-i386的一個發布版本,以及一個名字為centos-6.0-i386的profile文件。
配置dhcp服務
首先修改cobbler配置,讓cobbler來管理dhcp服務,編輯文件/etc/cobbler/settings
manage_dhcp: 1
接下來修改/etc/cobbler/dhcp.template,此文件是cobbler管理dhcp的模板
對于此文件,本例中只需要修改如下部分
subnet 192.168.10.0 netmask 255.255.255.0 {
option routers 192.168.10.1;
option domain-name-servers 8.8.8.8;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.10.100 192.168.10.254;
filename "/pxelinux.0";
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
}
其余部分維持默認值即可。
到目前為止,全部的準備工作已經就算全部完成,接下來要做的就是啟動服務了。在之前的調試過程中,很多服務已經啟動過了,這里只需要啟動xinetd服務即可:
/etc/init.d/xinetd start
同步cobbler配置
執行
# cobbler sync
會看到如下列提示:
task started: 2011-08-11_170706_sync task started (id=Sync, time=Thu Aug 11 17:07:06 2011) running pre-sync triggers cleaning trees removing: /var/www/cobbler/images/centos-6.0-i386 removing: /var/lib/tftpboot/pxelinux.cfg/default removing: /var/lib/tftpboot/grub/images removing: /var/lib/tftpboot/grub/grub-x86.efi removing: /var/lib/tftpboot/grub/efidefault removing: /var/lib/tftpboot/grub/grub-x86_64.efi removing: /var/lib/tftpboot/images/centos-6.0-i386 removing: /var/lib/tftpboot/s390x/profile_list copying bootloaders trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros copying files for distro: centos-6.0-i386 trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/centos-6.0-i386/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/centos-6.0-i386/initrd.img trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/vmlinuz -> /var/www/cobbler/images/centos-6.0-i386/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/initrd.img -> /var/www/cobbler/images/centos-6.0-i386/initrd.img copying images generating PXE configuration files rendering DHCP files generating /etc/dhcp/dhcpd.conf cleaning link caches generating PXE menu structure running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running: dhcpd -t -q received on stdout: received on stderr: running: /etc/rc.d/init.d/dhcpd restart received on stdout: Shutting down dhcpd: [ OK ] Starting dhcpd: [ OK ] received on stderr: running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE ***
cobbler會自動進行初始化工作,移除已經存在的啟動項,然后根據模板拷貝loader文件。之后再生成pxe的配置文件,生成dhcp的配置文件,最后再重啟dhcp服務。
至此,就可以使用虛擬機來測試cobbler安裝了。
#p#
Cobbler測試安裝
在啟動的時候選擇PXE的模式。
然后就能看到下面的圖示內容。虛擬機通過dhcp獲得了122段的ip,然后通過tftp獲得到pxe的啟動文件。
下圖是cobbler的pxe安裝啟動菜單,這里有我們剛剛創建好的CentOS版本。
系統安裝使用默認的ks文件,經過短暫的等待,系統就自動被安裝好了。
安裝好的系統如下圖所示。
#p#
Linux系統重裝測試
1,先確定當前linux系統中已經安裝了koan軟件。對于koan的安裝可以放到ks文件中在安裝系統的過程中完成安裝操作。執行如下命令檢查
# rpm -qa|grep koan
koan-2.0.11-2.el6.noarch
2,有了koan軟件后可以執行如下操作,查看cobbler上的系統版本列表
# koan --server=192.168.10.1 --list=profiles
- looking for Cobbler at http://192.168.10.1/cobbler_api
centos-6.0-i386
centos-6.0-i386-kvm
centos6-vm
centos-6.0-x86_64
這里我們選擇centos-6.0-i386來重裝。可以執行如下命令
# koan --server=192.168.10.1 --profile=centos-6.0-i386 --replace-self - looking for Cobbler at http://192.168.10.1/cobbler_api - reading URL: http://192.168.10.1/cblr/svc/op/ks/profile/centos-6.0-i386 install_tree: http://192.168.10.1/cobbler/ks_mirror/centos-6.0-i386 downloading initrd initrd.img to /boot/initrd.img url=http://192.168.10.1/cobbler/images/centos-6.0-i386/initrd.img - reading URL: http://192.168.10.1/cobbler/images/centos-6.0-i386/initrd.img downloading kernel vmlinuz to /boot/vmlinuz url=http://192.168.10.1/cobbler/images/centos-6.0-i386/vmlinuz - reading URL: http://192.168.10.1/cobbler/images/centos-6.0-i386/vmlinuz - ['/sbin/grubby', '--add-kernel', '/boot/vmlinuz', '--initrd', '/boot/initrd.img', '--args', '"ks=http://192.168.10.1/cblr/svc/op/ks/profile/centos-6.0-i386 ksdevice=link kssendmac lang= text "', '--copy-default', '--make-default', '--title=kick1313675750'] - reboot to apply changes # reboot
紅色部分是手工輸入的,從其他部分信息可以看到,koan幫我們做了很多本該人工操作的內容。
接下來看下重啟的過程:
由此看到,系統已經進入重裝的狀態了。
安裝使用心得
以上所有內容雖然是在kvm虛擬機上測試的,但完全可以直接使用于生產環境中,不會給現有環境帶來任何影響。唯一需要做的就是規劃好現有網絡。
對于很多人擔心的生成環境開啟DHCP服務問題,我認為不會對現有生產環境產生任何影響,理由有二:
1, 沒有人會在裝好系統后讓網卡使用dhcp模式,通常都是為網卡配置靜態ip
2, 從測試過程中看到,就算是服務器默認設置成了通過pxe啟動,而且也順利的通過pxe啟動了,但之后會收到cobbler的引導菜單。如果默認沒有任何選擇的話,20秒后會使用local方式加載,也就是啟動硬盤上的系統。
綜上所述,cobbler還是很安全的。
【編輯推薦】
