3- 利用 cobbler 实现自动化安装

7 利用 cobbler 实现自动化安装

7.1 Cobbler 简介

• Cobbler 是一款 Linux 生态的自动化运维工具，基于 Python2 开发，用于自动化批量部署安装操作系统；其提供基于 CLI 的管理方式和 WEB 配置界面，其中 WEB 配置界面是基于 Python2 和 Django 框架开发。另外，cobbler 还提供了 API，方便二次开发。Cobbler 属于 C/S 模型(客户端/服务器模型)
• Cobbler 主要用于快速网络安装 linux 操作系统，支持众多的 Linux 发行版如：Red Hat、Fedora、CentOS、Debian、Ubuntu 和 SuSE 等，甚至支持 windows 的安装
• Cobbler 实质是 PXE 的二次封装，将多种安装参数封装到一起，并提供统一的管理方法
• 官方文档:https://cobbler.readthedocs.io/en/latest/index.html

7.2 Cobbler 的相关服务

• 使用 Cobbler 安装系统需要一台专门提供各种服务的服务器，提供的服务包括(HTTP/FTP/NFS,TFTP,DHCP),也可以将这几个服务分别部署到不同服务器。事实上在实际应用中，总是将不同的服务分别部署到专门的服务器。
• Cobbler 是在 HTTP、TFTP、DHCP 等各种服务的基础上进行相关操作的，实际安装的大体过程类似于基于 PXE 的网络安装:客户端(裸机)开机使用网卡引导启动，其请求 DHCP 分配一个地址后从 TFTP 服务器获取启动文件,加载到客户端本地内存中运行，并显示出可安装的系统列表；在人为的选定安装的操作系统类型后,客服端会到 HTTP 服务器下载相应的系统安装文件并执行自动安装

7.3 Cobbler 的工作原理

• client 裸机配置了从网络启动后，开机后会广播包请求 DHCP 服务器（cobbler server）发送其分配好的一个 IP
• DHCP 服务器（cobbler server）收到请求后发送 responese，包括其 ip 地址
• client 裸机拿到 ip 后再向 cobbler server 发送请求 OS 引导文件的请求
• cobbler server 告诉裸机 OS 引导文件的名字和 TFTP server 的 ip 和 port
• client 裸机通过上面告知的 TFTP server 地址通信，下载引导文件 client 裸机执行执行该引导文件，确定加载信息，选择要安装的 os，期间会再向 cobbler server 请求 kickstart 文件和 os image
• cobbler server 发送请求的 kickstart 和 os iamge
• client 裸机加载 kickstart 文件
• client 裸机接收 os image，安装该 os image

7.4 安装 Cobbler 及其相关的服务和组件

Cobbler 所依赖的服务包括 HTTPD,TFTP,DHCP 等，如果有 web 界面要求，还需要安装相关的组件
CentOS 8 目前还没有提供 Cobbler 相关包

[18:57:52 root@centos7 ~]#yum install -y dhcp cobbler cobbler-web pykickstart
[19:00:53 root@centos7 ~]#systemctl enable --now cobblerd.service httpd.service tftp.socket dhcpd.service

相关包说明：

• httpd：提供 yum 源，并配合 cobbler-web 使得 cobbler 可以通过 web 网页界面进行配置管理
• tftp-server：提供启动和菜单等相关文件网络下载功能
• cobbler-web : 提供基于 web 的 cobbler 管理界面
• pykickstart.noarch : 基于 python 的管理 kickstart 文件的库

说明：

• Cobbler 依赖于 epel 源，在安装 cobbler 之前需要配置 epel 源
• 在安装 cobbler 时会自因为依赖而安装 httpd,tftp-server 相关包

7.5 Cobbler 配置文件及各目录情况

7.5.1 配置文件

/etc/cobbler/settings         #cobbler 主配置文件
/etc/cobbler/iso/             #iso模板配置文件
/etc/cobbler/pxe              #pxe模板文件
/etc/cobbler/power            #电源配置文件
/etc/cobbler/user.conf        #web服务授权配置文件
/etc/cobbler/users.digest     #web访问的用户名密码配置文件
/etc/cobbler/dhcp.template    #dhcp服务器的的配置模板
/etc/cobbler/dnsmasq.template #dns服务器的配置模板
/etc/cobbler/tftpd.template   #tftp服务的配置模板
/etc/cobbler/modules.conf    #cobbler模块的配置文件

7.5.2 数据目录

/var/lib/cobbler/config/      #用于存放distros，system，profiles 等信息的配置文件
/var/lib/cobbler/triggers/    #用于存放用户定义的cobbler命令
/var/lib/cobbler/kickstarts/  # 默认存放kickstart文件
/var/lib/cobbler/loaders/     #存放各种引导程序

7.5.3 镜像目录

/var/www/cobbler/ks_mirror/     #导入的发行版系统的所有数据
/var/www/cobbler/images/        #导入发行版kernel和initrd镜像用于远程网络启动
/var/www/cobbler/repo_mirror/   #yum 仓库存储目录

7.5.4 日志目录

/var/log/cobbler/installing   #客户端安装日志
/var/log/cobbler/cobbler.log  #cobbler日志

7.6 配置及启动 cobblerd 服务

检测 cobbler 的运行环境,并根据提示逐步配置 cobbler

[19:03:38 root@centos7 ~]#cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

1.更改/etc/xinetd.d/tftp配置文件
vim /etc/xinetd.d/tftp
disable  =  yes  --> disable  = no
systemctl restart xinetd
2.联网下载boot引导程序文件
cobbler get-loaders
3.没有网络情况下拷贝启动文件到TFTP服务文件夹
cp -a /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot
4.更改/etc/cobbler/settings配置文件的server项为提供cobblerd服务的主机地址,也就是本机地址
sed -nri 's#server:127.0.0.1#server:192.168.100.100#' /etc/cobbler/settings
更改后的整行内容:server:192.168.100.100
5.更改/etc/cobbler/settings配置文件的next_server项，指明tftp服务器地址，使得客户端能够找
到TFTP服务器
sed -i 's/next_server: 127.0.0.1/next_server: 192.168.100.100/' /etc/cobbler/settings
更改后的整行内容:next_server:192.168.100.100
6.配置相应的选项来使用cobbler管理dhcp服务和tftp服务
manage_dhcp：1
manage_tftpd：1
7.pxe_just_once选项，该选项置1表示在pxe安装块结束时在cobbler系统中做相应的记录，这样会避免
如果客户机的BIOS选项中PXE启动处于第一位导致的循环重启；如果第一个启动硬件不是PXE启动那就置0。
pxe_just_once：1
配置完成后重启
systemctl restart cobblerd

7.7 cobbler 命令用法

[19:06:03 root@centos7 ~]#cobbler
usage
=====

cobbler  ...
[add|edit|copy|getks*|list|remove|rename|report] [options|--help]
cobbler  [options|--help]

可以使用下面的方式得到使用帮助

[19:07:39 root@centos7 ~]#cobbler distro --help
[19:07:39 root@centos7 ~]#cobbler distro add --help

常见用法：

#列出当前导入的linux发行版条目
[19:09:10 root@centos7 ~]#cobbler distro list
#报告当前所有的linux发行版详细信息
[19:09:18 root@centos7 ~]#cobbler distro report
#导入系统源文件生成仓库
[19:11:10 root@centos7 ~]#cobbler import --name=centos-8.0-x86_64 --path=/mnt --arch=x86_64
#将linux发行版系统镜像与其对应的ks文件建立关联
[19:11:26 root@centos7 ~]#cobbler profile --name=centos7 --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7.cfg

7.8 将 linux 发行版导入到 cobbler 在 httpd 服务的文件夹下

[19:12:44 root@centos7 ~]#cobbler import --name=centos6 --path=/var/www/html/centos6/isos/x86_64 --arch=x86_64
[19:12:44 root@centos7 ~]#cobbler import --name=centos7 --path=/var/www/html/centos7/isos/x86_64 --arch=x86_64
[19:12:44 root@centos7 ~]#cobbler import --name=centos8 --path=/var/www/html/centos8/isos/x86_64 --arch=x86_64

导入后重启并同步

[19:14:26 root@centos7 ~]#systemctl restart cobblerd
[19:15:23 root@centos7 ~]#cobbler sync

范例：

[19:16:05 root@centos7 ~]#du -sh /var/www/cobbler/ks_mirror/*
0	/var/www/cobbler/ks_mirror/centos6-x86_64
0	/var/www/cobbler/ks_mirror/centos-8.0-x86_64
0	/var/www/cobbler/ks_mirror/config

7.9 配置 linux 发行版和关联相应的 ks 文件

拷贝事先准备好的 ks 文件至/var/lib/cobbler/kickstarts 目录下

[root@centos7 ~]#cp /var/www/html/ks/centos{6,7,8}.ks /var/lib/cobbler/kickstarts

将 linux 发行版系统镜像与其对应的 ks 文件建立关联

cobbler profile --name=centos6 --distro=centos6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos6.cfg
cobbler profile --name=centos7 --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg
cobbler profile --name=centos8 --distro=centos8-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos8.cfg

注意，在导入 distro 时，cobbler 会自动生成 distro 条目，这些并未和 ks 文件关联，可以使用

cobbler profile remove --name=PROFILE_NAME

删除后，再关联 ks 文件。

建立关联后重启并同步

[19:14:26 root@centos7 ~]#systemctl restart cobblerd
[19:15:23 root@centos7 ~]#cobbler sync

查看详细信息

cobbler report

7.10 启动菜单优化

修改/etc/cobbler/pxe/pxedefault.template 模板文件，重启同步

[root@centos7 ~]#vim /etc/cobbler/pxe/pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE Welcome! | www.wangxiaochun.com      # 自定义项
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT $pxe_timeout_profile
LABEL local
MENU LABEL (local installation) # 自定义项1
MENU DEFAULT
LOCALBOOT -1
$pxe_menu_items
MENU end
[root@centos7 ~]#systemctl restart cobblerd
[root@centos7 ~]#cobbler sync

重启同步后 cobbler 更新文件/var/lib/tftpboot/pxelinux.cfg/default

vim /var/lib/tftpboot/pxelinux.cfg/default

7.11 基于 web 界面来管理配置 cobbler

7.11.1 安装 cobbler-web

yum install cobbler-web
systemctl restart httpd

7.11.2 访问 web 界面

用浏览器访问：https://cobblerserver/cobbler_web

cobbler-web 界面的默认账号，用户名：cobbler 密码:cobbler

cobbler 访问图示

7.13 实战案例：CentOS 7 基于 cobbler 实现系统的自动化安装

7.13.1 环境准备

两台主机

一台主机：CentOS 7 充当 Cobbler，http，dhcp，tftp 服务器，并关闭防火墙和 SELinux

一台主机：充当测试机，用于实现自动化安装 Linux 系统

网络要求：关闭 Vmware 软件中的 NAT 模式中的 DHCP 服务，两个主机网卡基于 NAT 模式

7.13.2 安装相关包并启动服务

[19:29:34 root@centos7 ~]#yum install cobbler cobbler dhcp -y
[19:29:44 root@centos7 ~]#systemctl enable --now cobblerd httpd tftp dhcpd

7.13.3 修改 cobbler 相关的配置

[19:30:18 root@centos7 ~]#cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
4 : enable and start rsyncd.service with systemctl
5 : debmirror package is not installed, it will be required to manage debian deployments and repositories
6 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
7 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

#生成新密码，默认安装好的系统root密码为cobbler
[19:30:44 root@centos7 ~]#openssl passwd -1 '123456'
$1$4.EYMEZn$Qk6A2SYOJ260HO6kvg7ND0
#根据以上提示，只需要做1，2，8这三项即可，修改下面四行
[19:31:12 root@centos7 ~]#vim /etc/cobbler/settings
default_password_crypted: "$1$4.EYMEZn$Qk6A2SYOJ260HO6kvg7ND0"
next_server: 192.168.10.71   #tftp服务器的IP
server: 192.168.10.71        #cobbler服务器IP
manage_dhcp: 1               #设置为1，表示通过cobbler生成dhcpd.conf配置文件
pxe_just_once: 1             #设置为1,防止重复安装系统
[19:34:59 root@centos7 ~]#systemctl restart cobblerd.service

7.13.4 实现 dhcp 服务

#修改dhcp的模版文件下面的行，用来生成dhcp的配置文件
subnet 192.168.10.0 netmask 255.255.255.0 {
option routers             192.168.10.2;
option domain-name-servers 114.114.114.114;
option subnet-mask         255.255.255.0;
range dynamic-bootp        192.168.10.200 192.168.10.254;
[19:38:01 root@centos7 ~]#cobbler sync
[19:38:26 root@centos7 ~]#systemctl start dhcpd

7.13.5 下载启动的相关文件

[19:38:32 root@centos7 ~]#cobbler get-loaders
[19:40:13 root@centos7 ~]#ls /var/lib/cobbler/loaders/
COPYING.elilo     COPYING.yaboot  grub-x86_64.efi  menu.c32    README
COPYING.syslinux  elilo-ia64.efi  grub-x86.efi     pxelinux.0  yaboot
[19:40:32 root@centos7 ~]#tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│   └── grub
│       └── menu.lst
├── etc
├── grub
│   ├── efidefault
│   └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│   └── default
└── s390x
└── profile_list

10 directories, 7 files
[19:41:01 root@centos7 ~]#tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│   └── grub
│       └── menu.lst
├── etc
├── grub
│   ├── efidefault
│   ├── grub-x86_64.efi
│   ├── grub-x86.efi
│   └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│   └── default
├── s390x
│   └── profile_list
└── yaboot

10 directories, 10 files

7.13.6 修改菜单的标题信息（可选）

[19:42:12 root@centos7 ~]#vim /etc/cobbler/pxe/pxedefault.template
ENU TITLE Cobbler | http://zhangzhuo.ltd/
[19:42:19 root@centos7 ~]#cobbler sync
[19:42:50 root@centos7 ~]#cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://zhangzhuo.ltd/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local

LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1

MENU end

7.13.7 导入 CentOS 系统的安装文件，生成相应的 YUM 源

[19:48:45 root@centos7 ~]#cobbler import --name=centos-8.2-x86_64 --path=/mnt/centos8 --arch=x86_64
[19:53:52 root@centos7 ~]#cobbler import --name=centos-7-x86_64 --path=/mnt/centos7 --arch=x86_64
[20:01:29 root@centos7 ~]#cobbler import --name=centos-6-x86_64 --path=/mnt/centos6 --arch=x86_64
[20:03:46 root@centos7 ~]#du -sh /var/www/cobbler/ks_mirror/*
3.8G	/var/www/cobbler/ks_mirror/centos-6-x86_64
9.6G	/var/www/cobbler/ks_mirror/centos-7-x86_64
7.8G	/var/www/cobbler/ks_mirror/centos-8.2-x86_64
[20:04:04 root@centos7 ~]#cobbler distro list
centos-6-x86_64
centos-7-x86_64
centos-8.2-x86_64
[20:05:30 root@centos7 ~]#cobbler profile list
centos-6-x86_64
centos-7-x86_64
centos-8.2-x86_64
#默认生成的是最小化安装

7.13.8 准备 kickstart 文件,并关联至指定的 YUM 源

[20:12:53 root@centos7 ~]#vim ks-centos8.cfg
url --url=$tree    #注意此行必须指定
[20:15:30 root@centos7 ~]#cp ks-centos* /var/lib/cobbler/kickstarts/
#将kickstart文件，关联指定的YUM源和生成菜单列表，先删除在新建
[20:14:00 root@centos7 ~]#cobbler profile remove --name=centos-8.2-x86_64
[20:14:40 root@centos7 ~]#cobbler profile add --name=centos-8.2-x86_64  --distro=centos-8.2-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks-centos8.cfg
[20:16:55 root@centos7 ~]#cobbler profile remove --name=centos-7-x86_64
[20:17:21 root@centos7 ~]#cobbler profile add --name=centos-7-x86_64  --distro=centos-7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks-centos7.cfg
[20:17:23 root@centos7 ~]#cobbler profile remove --name=centos-6-x86_64
[20:17:59 root@centos7 ~]#cobbler profile add --name=centos-6-x86_64  --distro=centos-6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks-centos6.cfg

7.13.9 测试客户端基于 Cobbler 实现自动安装

7.13.10 支持 UEFI 安装

修改文件设置时间，默认不显示菜单，最好使用默认应答脚本

#修改模版文件
[root@cobbler-centos7 ~]#vim /etc/cobbler/pxe/efidefault.template
[root@cobbler-centos7 ~]#cat /var/lib/tftpboot/grub/efidefault
default=0
timeout=60
$grub_menu_items
#使模版生效
[root@cobbler-centos7 ~]#cobbler sync
#验证生效
[root@cobbler-centos7 ~]#head -n 2 /var/lib/tftpboot/grub/efidefault
default=0
timeout=0

#应答文件中必须该的
%pre
parted -s /dev/sda mklabel gpt     安装前脚本格式化硬盘为gpt格式
%end

#boot分区格式必须是这样
part /boot/efi --fstype="efi" --ondisk=sda --size=1024 --fsoptions="defaults,uid=0,gid=0,umask=0077,shortname=winnt"

7.13.11 实现 cobbler 的 web 管理

[root@centos7 ~]#yum -y install cobbler-web
[root@centos7 ~]#systemctl restart httpd

通过浏览器访问下面地址： https://cobblerserver/cobbler_web