运维自动化系统部署

文章目录

一、CentOS8实现PXE自动化安装

1、安装前准备:

关闭防火墙和selinux 确保dhcp服务器地址是静态IP

2、安装相关软件包

[root@centos8 ~]#dnf -y install dhcp-server tftp-server httpd syslinuxnonlinux(或者syslinux-tftpboot)
[root@centos8 ~]#systemctl enable --now httpd tftp dhcpd

3、配置dhcp服务

[root@centos8 ~]#cp /usr/share/doc/dhcp-server/dhcpd.conf.example    /etc/dhcp/dhcpd.conf
[root@centos8 ~]#vim /etc/dhcp/dhcpd.conf
option domain-name "example.com";
option domain-name-servers 180.76.76.76,223.6.6.6;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.1 10.0.0.200;
option routers 10.0.0.1;
next-server 10.0.0.100;
filename "pxelinux.0";
}
[root@centos8 ~]#systemctl start dhcpd

4、准备yum源和相关目录

[root@centos8 ~]#mkdir -pv /var/www/html/centos/{6,7,8}/os/x86_64/
[root@centos8 ~]#mount /dev/sr0 /var/www/html/centos/6/os/x86_64/
[root@centos8 ~]#mount /dev/sr1 /var/www/html/centos/7/os/x86_64/
[root@centos8 ~]#mount /dev/sr2 /var/www/html/centos/8/os/x86_64/

5、准备kickstart文件

[root@centos8 ~]#mkdir /var/www/html/ks/
[root@centos8 ~]#vim /var/www/html/ks/centos6.cfg 
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$ALS9TIDA$V2TkFpdeH24/B/2Y/ILtJ0
# System language
lang en_US
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --disabled


# Firewall configuration
firewall --disabled
# Network information
network  --bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Africa/Abidjan
# Use network installation
url --url="http://10.0.0.7/centos/6/os/x86_64"
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part / --fstype="ext4" --size=20480
part /boot --fstype="ext4" --size=1024
part swap --fstype="swap" --size=2048
%packages
@core
@server-policy
@workstation-policy
autofs
vim-enhanced
%end
%post
useradd wang
echo magedu | passwd --stdin wang &> /dev/null
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/* /etc/yum.repos.d/bak
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
name=base
baseurl=file:///misc/cd
gpgcheck=0
EOF
%end

[root@centos8 ~]#vim /var/www/html/ks/centos7.cfg 
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$hf5nFgTY$cjAfchGqSckksjZccDZr30
# System language
lang en_US
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --disabled


# Firewall configuration
firewall --disabled
# Network information
network  --bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="http://10.0.0.7/centos/7/os/x86_64"
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part / --fstype="xfs" --size=10240
part /boot --fstype="xfs" --size=1024
part swap --fstype="swap" --size=2048

%post
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo  /etc/yum.repos.d/bak
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
name=CentOS
baseurl=file:///misc/cd
        https://mirrors.aliyun.com/centos/$releasever/os/$basearch
        https://mirrors.cloud.tencent.com/centos/$releasever/os/$basearch
        https://repo.huaweicloud.com/centos/$releasever/os/$basearch
        https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch
gpgcheck=0
[extras]
name=extras
baseurl=https://mirrors.aliyun.com/centos/$releasever/extras/$basearch
        https://mirrors.cloud.tencent.com/centos/$releasever/extras/$basearch
        https://repo.huaweicloud.com/centos/$releasever/extras/$basearch
        https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/extras/$basearch
gpgcheck=0
enabled=1
[epel]
name=EPEL
baseurl=https://mirrors.aliyun.com/epel/$releasever/$basearch
        https://mirrors.cloud.tencent.com/epel/$releasever/$basearch
        https://repo.huaweicloud.com/epel/$releasever/$basearch
        https://mirrors.tuna.tsinghua.edu.cn/epel/$releasever/$basearch
gpgcheck=0
enabled=1
EOF
mkdir /root/.ssh -m 700
useradd  linux44
echo 123456|passwd --stdin linux44
%end

[root@centos8 ~]#vim /var/www/html/ks/centos8.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$EP3HI3x1$wl6XOHQmmsm.MVcTZUiMJ.
# System language
lang en_US
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --disabled


# Firewall configuration
firewall --disabled
# Network information
network  --bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="http://10.0.0.7/centos/8/os/x86_64"
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part / --fstype="xfs" --size=20480
part /boot --fstype="xfs" --size=1024
part swap --fstype="swap" --size=2048
%packages
@^minimal-environment
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

6、准备PXE启动相关文件

[root@centos8 ~]#mkdir /var/lib/tftpboot/centos{6,7,8}
#准备CentOS6,7,8各自的内核相关文件
[root@centos8 ~]#cp  /var/www/html/centos/6/os/x86_64/isolinux/{vmlinuz,initrd.img}     /var/lib/tftpboot/centos6
[root@centos8 ~]#cp  /var/www/html/centos/7/os/x86_64/isolinux/{vmlinuz,initrd.img}     /var/lib/tftpboot/centos7
[root@centos8 ~]#cp  /var/www/html/centos/8/os/x86_64/isolinux/{vmlinuz,initrd.img}     /var/lib/tftpboot/centos8
[root@centos8 ~]#cp /usr/share/syslinux/{pxelinux.0,menu.c32}    /var/lib/tftpboot/

#以下三个文件是CentOS8安装所必须文件,CentOS6,7则不需要
[root@centos8 ~]#cp /var/www/html/centos/8/os/x86_64/isolinux/{ldlinux.c32,libcom32.c32,libutil.c32}   /var/lib/tftpboot/
#生成安装菜单文件
[root@centos8 ~]#mkdir /var/lib/tftpboot/pxelinux.cfg/
[root@centos8 ~]#cp /var/www/html/centos/8/os/x86_64/isolinux/isolinux.cfg  /var/lib/tftpboot/pxelinux.cfg/default

#最终目录结构如下
[root@centos8 ~]#tree /var/lib/tftpboot
.
├── centos6
│ ├── initrd.img
│ └── vmlinuz
├── centos7
│ ├── initrd.img
│ └── vmlinuz
├── centos8
│ ├── initrd.img
│ └── vmlinuz
├── ldlinux.c32
├── libcom32.c32
├── libutil.c32
├── menu.c32
├── pxelinux.0
└── pxelinux.cfg
└── default
4 directories, 12 files

7、准备启动菜单文件

[root@centos8 ~]#vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 600
menu title Install CentOS Linux

label linux8
menu label Auto Install CentOS Linux ^8
kernel centos8/vmlinuz
append initrd=centos8/initrd.img ks=http://10.0.0.100/ks/centos8.cfg

label linux7
menu label Auto Install CentOS Linux ^7
kernel centos7/vmlinuz
append initrd=centos7/initrd.img ks=http://10.0.0.100/ks/centos7.cfg

label linux6
menu label Auto Install CentOS Linux ^6
kernel centos6/vmlinuz
append initrd=centos6/initrd.img ks=http://10.0.0.100/ks/centos6.cfg

label manual
menu label ^Manual Install CentOS Linux 8.0
kernel centos8/vmlinuz
append initrd=centos8/initrd.img
inst.repo=http://10.0.0.100/centos/8/os/x86_64/

label rescue
menu label ^Rescue a CentOS Linux system 8
kernel centos8/vmlinuz
append initrd=centos8/initrd.img
inst.repo=http://10.0.0.100/centos/8/os/x86_64/ rescue

label local
menu default
menu label Boot from ^local drive
localboot 0xffff

8、测试客户端基于PXE实现自动安装

新准备一台主机,设置网卡引导,可看到看启动菜单,并实现自动安装
注意:VMware workstation 对于不同的CentOS 版本,生成的虚拟机的硬件并不兼容
运维自动化系统部署
运维自动化系统部署
运维自动化系统部署
运维自动化系统部署
运维自动化系统部署

二、利用cobbler实现自动化安装

1、环境准备

两台主机
一台主机:CentOS 7 充当 Cobbler,http,dhcp,tftp 服务器,并关闭防火墙和SELinux
一台主机:充当测试机,用于实现自动化安装Linux系统
网络要求:关闭Vmware软件中的NAT模式中的DHCP服务,两个主机网卡基于NAT模式

2、安装相关包并启动服务

[root@centos7 ~]#yum install cobbler dhcp -y
[root@centos7 ~]#systemctl enable --now cobblerd httpd tftp dhcpd

3、修改cobbler相关的配置

[root@centos7 ~]#cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other
than localhost, or kickstarting features will not work. This should be a
resolvable hostname or IP for the boot server as reachable by all machines that
will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings
must be set to something other than 127.0.0.1, and should match the IP of the
boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp

4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may
run 'cobbler get-loaders' to download them, or, if you only want to handle
x86/x86_64 netbooting, you may ensure that you have installed a *recent* version
of the syslinux package installed and can ignore this message entirely. Files
in this directory, should you want to support all architectures, should include
pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is
the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian
deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed
machines (default_password_crypted in /etc/cobbler/settings) is still set to
'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrasehere'
'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power
management features. install cman or fence-agents to use them



#生成新密码,默认安装好的系统root密码为cobbler
[root@centos7 ~]#openssl passwd -1 'magedu'
$1$1spuisnh$j34LNmyTQWs3l6xKxCZY60
#根据以上提示,只需要做1,2,8这三项即可,修改下面四行
[root@centos7 ~]#vim /etc/cobbler/settings
default_password_crypted: "$1$1spuisnh$j34LNmyTQWs3l6xKxCZY60"
next_server:< tftp服务器的 IP 地址>
server:<cobbler服务器的 IP 地址>
manage_dhcp:1 #设置为1,表示通过cobbler生成dhcpd.conf配置文件
pxe_just_once: 1 #设置为1,防止重复安装系统
[root@centos7 ~]#systemctl restart cobblerd

4、实现dhcp服务

#修改dhcp的模版文件下面的行,用来生成dhcp的配置文件
[root@centos7 ~]#vim /etc/cobbler/dhcp.template
subnet 192.168.100.0 netmask 255.255.255.0 {
option routers 192.168.100.1;
option domain-name-servers 180.76.76.76,223.6.6.6;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.100.1 192.168.100.200;
#自动生成dhcp配置文件并启动
[root@centos7 ~]#cobbler sync

5、下载启动的相关文件

[root@centos7 ~]#cobbler get-loaders
task started: 2020-02-10_163111_get_loaders
task started (id=Download Bootloader Content, time=Mon Feb 10 16:31:11 2020)
downloading https://cobbler.github.io/loaders/README to
/var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to
/var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to
/var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to
/var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to
/var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to
/var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to
/var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to
/var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to
/var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to
/var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***


[root@centos7 ~]#ls /var/lib/cobbler/loaders
COPYING.elilo COPYING.yaboot grub-x86_64.efi menu.c32 README
COPYING.syslinux elilo-ia64.efi grub-x86.efi pxelinux.0 yaboot
[root@centos7 ~]#tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
├── etc
├── grub
├── images
├── images2
├── ppc
├── pxelinux.cfg
└── s390x
8 directories, 0 files


[root@centos7 ~]#cobbler sync
task started: 2020-02-10_163219_sync
task started (id=Sync, time=Mon Feb 10 16:32:19 2020)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 ->
/var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi ->
/var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi ->
/var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***


[root@centos7 ~]#tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── boot
│ └── grub
│ └── menu.lst
├── etc
├── grub
│ ├── efidefault
│ ├── grub-x86_64.efi
│ ├── grub-x86.efi
│ └── images -> ../images
├── images
├── images2
├── memdisk
├── menu.c32
├── ppc
├── pxelinux.0
├── pxelinux.cfg
│ └── default
├── s390x
│ └── profile_list
└── yaboot
10 directories, 10 files

6、修改菜单的标题信息

[root@centos7 ~]#vim /etc/cobbler/pxe/pxedefault.template
MENU TITLE Cobbler | http://www.magedu.com/

[root@centos7 ~]#cobbler sync

[root@centos7 ~]#cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://www.magedu.com/ #默认为:http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
MENU end

[root@centos7 ~]#cobbler sync

7、导入centos系统的安装文件,生成相应的yum源

#导入yum源时,会自动生成菜单项并自动关联最小化安装系统的文件kickstart文件,默认root密码为cobbler
[root@centos7 ~]#cobbler import --name=centos-8.1-x86_64 --path=/misc/cd --arch=x86_64

[root@centos7 ~]#mount /dev/sr1 /mnt
mount: /dev/sr1 is write-protected, mounting read-only

#也可以在导入yum源的同时进行关联自定义的kickstart文件
[root@centos7 ~]#cobbler import --name=centos-7.7-x86_64 --path=/mnt --arch=x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg
[root@centos7 ~]#du -sh /var/www/cobbler/ks_mirror/*
11G /var/www/cobbler/ks_mirror/centos-7.7-x86_64
7.2G /var/www/cobbler/ks_mirror/centos-8.1-x86_64
12K /var/www/cobbler/ks_mirror/config
[root@centos7 ~]#cobbler distro list
centos-7.7-x86_64
centos-8.1-x86_64
[root@centos7 ~]#cobbler profile listsh
centos-7.7-x86_64
centos-8.1-x86_64

注意:CentOS8.3 的导入出错,需要修改文件

#默认直接导入CentOS8.3会出现下面错误
[root@centos7 ~]#cobbler import --name=centos-8.3-x86_64 --path=/mnt --
arch=x86_64
task started: 2021-01-18_162855_import
task started (id=Media import, time=Mon Jan 18 16:28:55 2021)
Found a candidate signature: breed=redhat, version=rhel8
No signature matched in /var/www/cobbler/ks_mirror/centos-8.3-x86_64
!!! TASK FAILED !!!

#解决方法
[root@centos7 ~]#vim /var/lib/cobbler/distro_signatures.json
#修改第70行添加centos-linux
68 "rhel8": {
69 "signatures":["BaseOS"],
70 "version_file":"(redhat|sl|slf|centos-linux|centos|oraclelinux|vzlinux)-
release-(?!notes)([\\w]*-)*8(Server)*[\\.-]+(.*)\\.rpm",
[root@centos7 ~]#systemctl restart cobblerd
[root@centos7 ~]#cobbler sync

8、准备kickstart文件,并关联至指定的yum源

#将kickstart文件,关联指定的YUM源和生成菜单列表
[root@centos7 ~]#cobbler profile add --name=CentOS-8.1_test --distro=CentOS-8.1-
x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos8.cfg
[root@centos7 ~]#cobbler profile add --name=CentOS-7.7_test --distro=CentOS-7.7-
x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg

#删除默认生成的菜单
[root@centos7 ~]#cobbler profile remove --name=centos-8.1-x86_64
[root@centos7 ~]#cobbler profile remove --name=centos-7.7-x86_64
[root@centos7 ~]#cobbler profile list
CentOS-7.7_test
CentOS-8.1_test
#删除默认的菜单列表
[root@centos7 ~]#cobbler profile remove --name=CentOS8.0-x86_64

#设置默认安装菜单, 这样未装系统的设备会自动从pxe引导启动你需要安装的系统, 不需要再手动接显示器
选了
[root@centos7 ~]#cobbler system add --name=default --profile=centos-8.1-x86_64

9、支持UEFI安装

注意:CentOS 6 的虚拟机不支持UEFI

修改文件设置时间,默认不显示菜单

#修改模版文件
[root@cobbler-centos7 ~]#vim /etc/cobbler/pxe/efidefault.template
[root@cobbler-centos7 ~]#cat /var/lib/tftpboot/grub/efidefault
default=0
timeout=60
$grub_menu_items
#使模版生效
[root@cobbler-centos7 ~]#cobbler sync
#验证生效
[root@cobbler-centos7 ~]#head -n 2 /var/lib/tftpboot/grub/efidefault
default=0
timeout=60

10、实现cobbler web 管理

[root@centos7 ~]#yum -y install cobbler-web
[root@centos7 ~]#systemctl restart httpd

通过浏览器访问下面地址: https://10.0.0.7/cobbler_web

用户名:cobbler

密码:cobbler

11、创建cobbler自定义用户

[root@centos7 ~]#cat /etc/cobbler/users.digest
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3
[root@centos7 ~]#htdigest -c /etc/cobbler/users.digest Cobbler admin
Adding password for admin in realm Cobbler.
New password:
Re-type new password:
[root@centos7 ~]#cat /etc/cobbler/users.digest
admin:Cobbler:461941848a17e1b412f94c100a79bf75
3
[root@centos7 ~]#htdigest /etc/cobbler/users.digest Cobbler admin2
Adding user admin2 in realm Cobbler
New password:
Re-type new password:
[root@centos7 ~]#cat /etc/cobbler/users.digest
admin:Cobbler:461941848a17e1b412f94c100a79bf75
3
admin2:Cobbler:8e3ab6cc196fac11dcf0512c200a672f
上一篇:实战-使用 Cobbler 定制化安装指定系统


下一篇:实战帖:使用Cobbler自定义安装系统