基于Centos7的cobbler批量化部署

图为开源自动化运维体系链

 

1、cobbler实现自动装机

2、saltstack实现工程自动化配置

3、kubernetes实现容器自动化编排

4、zabbix实现自动化监控

5、elastic实现应用日志自动化收集

6、jenkins实现开发持续化交付

 

 

原理分析

 

cobbler简介


Cobbler通过将设置和管理一个安装服务器所涉及的任务集中在一起,从而简化了系统配置。相当于Cobbler封装了DHCP、TFTP、XINTED等服务,结合了PXE、kickstart等安装方法,可以实现自动化安装操作系统,并且可以同时提供多种版本,以实现在线安装不同版本的系统。

 

cobbler相关服务

 

DHCP:DHCP(Dynamic Host Configuration Protocol,动态主机配置协议)是一个局域网的网络协议,使用UDP协议工作, 主要有两个用途:给内部网络或网络服务供应商自动分配IP地址,给用户或者内部网络管理员作为对所有计算机作*管理的手段。DHCP有3个端口,其中UDP67和UDP68为正常的DHCP服务端口,分别作为DHCP Server和DHCP Client的服务端口;546号端口用于DHCPv6 Client,而不用于DHCPv4,是为DHCP failover服务,这是需要特别开启的服务,DHCP failover是用来做“双机热备”的。

 

TFTP:TFTP是一种比较特殊的文件传输协议。相对于FTP和目前经常使用的SFTP,TFTP是基于TCP/IP协议簇,用于进行简单文件传输,提供简单、低开销的传输服务。TFTP的端口设置为69。
相对于常见的FTP,TFTP有两个比较好的优势:

  1. TFTP基于UDP协议,如果环境中没有TCP协议,是比较合适的;
  2. TFTP执行和代码占用内存量比较小;

默认情况下,Linux内部是安装了tftp服务器包的。但是默认是不启动的。

 

PXE:预启动执行环境(Preboot eXecution Environment,PXE,也被称为预执行环境)提供了一种使用网络接口(Network Interface)启动计算机的机制。这种机制让计算机的启动可以不依赖本地数据存储设备(如硬盘)或本地已安装的操作系统。

 

PXE当初是作为Intel的有线管理体系的一部分,Intel 和 Systemsoft于1999年9月20日公布其规格(版本2.1)[1]。通过使用像网际协议(IP)、用户数据报协议(UDP)、动态主机设定协定(DHCP)、小型文件传输协议(TFTP)等几种网络协议和全局唯一标识符(GUID)、通用网络驱动接口(UNDI)、通用唯一识别码(UUID)的概念并通过对客户机(通过PXE自检的电脑)固件扩展预设的API来实现目的。

 

交互过程

 

基于Centos7的cobbler批量化部署

裸机配置了从网络启动后,开机后会广播包请求DHCP服务器(cobbler server)发送其分配好的一个IP

DHCP服务器(cobbler server)收到请求后发送responese,包括其ip地址

裸机拿到ip后再向cobbler server发送请求OS引导文件的请求

cobbler server告诉裸机OS引导文件的名字和TFTP server的ip和port

裸机通过上面告知的TFTP server地址和port通信,下载引导文件

裸机执行执行该引导文件,确定加载信息,选择要安装的os,期间会再向cobbler server请求kickstart文件和os image

cobbler server发送请求的kickstart和os iamge

裸机加载kickstart文件

裸机接收os image,安装该os image

部署cobbler服务器

1.准备环境

使用nat或者仅主机模式

2.配置yum源

3.下载相关软件

yum install httpd tftp-server xinetd syslinux dhcp pykickstart -y

4.启动tftp服务

vim /etc/xinetd.d/tftp

disable = no

systemctl restart xinetd

5.配置dhcp服务

subnet 192.168.182.0 netmask 255.255.255.0 {
range 192.168.182.10 192.168.182.20;
default-lease-time 600;
max-lease-time 7200;
filename “pxelinux.0”;
}

 

[root@ken ~]# systemctl restart dhcpd

6.启动httpd,cobbler

systemctl restart httpd cobblerd

7.cobbler检测

cobbler check

 

8. 修改提示信息

 

1 : The ‘server’ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.

 

把server指定的本地IP改为提供cobbler服务的IP地址

2 : For PXE to be functional, the ‘next_server’ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.

把next_server指定的本地IP改为提供cobbler服务的IP地址

 

4 : enable and start rsyncd.service with systemctl

 

systemctl restart rsyncd
systemctl enable rsyncd


Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.

 

6 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler’ and should be changed, try: “openssl passwd -1 -salt ‘random-phrase-here’ ‘your-password-here'” to generate new one

 

openssl passwd -1 -salt ‘123’ ‘123’

$1$123$nE5gIYTYiF1PIXVOFjQaW/

把这个随机密码配置到/etc/cobbler/settings内default_password后

 

9. 重启cobbler并在此检测

 

systemctl restart cobblerd
cobbler check


The following are potential configuration items that you may want to fix:

1 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders’ to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders’ command is the easiest way to resolve these requirements.
2 : debmirror package is not installed, it will be required to manage debian deployments and repositories
3 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run ‘cobbler sync’ to apply changes.

这3条不用修改

 

10.同步

cobbler sync

11.导入镜像

cobbler import –path=/mnt –name=”centos7″

12.查看生成的distro

cobbler distro list
centos7-x86_64

13.查看生成的profile

[root@ken ~]# cobbler profile list
centos7-x86_64

14.准备kickstart文件

 cp anaconda-ks.cfg /var/lib/cobbler/kickstarts/ks.cfg

15.编辑kickstart文件

url –url=http://192.168.182.128/cobbler/ks_mirror/centos7/

16.制作自己的profile

cobbler profile add –distro=centos7-x86_64 –kickstart=/var/lib/cobbler/kickstarts/ks.cfg –name=”cent7_ken”

17. 删除默认的profile

cobbler profile remove –name=centos7-x86_64
cobbler profile list

cent7_ken

18.开启客户端进行验证

注意:

1.客户端模式需要与服务器模式一致

2. 内存最少3个G

cobbler实现单台服务器提供安装不同操作系统

1.虚拟机挂载新的光盘

2.开启所有相关的服务

systemctl restart httpd cobblerd xinetd dhcpd

3.在linux系统中挂载光盘

mount /dev/cdrom /mnt


mount: /dev/sr0 is write-protected, mounting read-only

4.导入一个新的镜像

cobbler import –path=/mnt –name=”centos7.3″

查看生成的distro

5.cobbler distro list
centos7-x86_64
centos7.3-x86_64

6.删除默认的profile

cobbler profile list
cent7_ken
centos7.3-x86_64
centos7.3_ken

cobbler profile remove –name=centos7.3-x86_64
cobbler profile list

cent7_ken
centos7.3_ken

7.开启客户端进行验证

 

 

find详解

 

1.name: 指定文件名

例子1. 找到以ken结尾的文件

[root@ken ~]# find / -name “*ken”
/sys/firmware/dmi/entries/15-0/system_event_log/change_token
/etc/yum.repos.d/ken
/var/spool/mail/ken
/home/ken

 

例子2:找到包含ken的文件

[root@ken ~]# find / -name “*ken*” | head -3
/sys/bus/hid/drivers/kensington
/sys/devices/pci0000:00/0000:00:00.0/broken_parity_status
/sys/devices/pci0000:00/0000:00:01.0/broken_parity_status

 

2. perm:指定文件权限

例子1:找到所有644权限的文件

[root@ken ~]# find / -perm 644 | head -3
/boot/grub2/device.map
/boot/grub2/i386-pc/gcry_rmd160.mod
/boot/grub2/i386-pc/acpi.mod
[root@ken ~]# ls -l /boot/grub2/device.map
-rw-r–r–. 1 root root 64 Feb 26 22:25 /boot/grub2/device.map

 

例子2:模糊匹配644权限

[root@ken ~]# find / -perm -644 | head -3
/boot/efi
/boot/efi/EFI
/boot/efi/EFI/centos
[root@ken ~]# ls -l /boot/efi
total 0
drwxr-xr-x. 3 root root 20 Feb 26 22:21 EFI

 

3. user:指定属主

例子1:找到属主是ken的文件

[root@ken ~]# find /etc -user ken
[root@ken ~]# find / -user ken
find: ‘/proc/1672/task/1672/fd/6’: No such file or directory
find: ‘/proc/1672/task/1672/fdinfo/6’: No such file or directory
find: ‘/proc/1672/fd/5’: No such file or directory
find: ‘/proc/1672/fdinfo/5’: No such file or directory
/var/spool/mail/ken
[root@ken ~]# ls -l /var/spool/mail/ken
-rw-rw—- 1 ken mail 0 Mar 11 18:16 /var/spool/mail/ken

 

4.group:指定属组

例子1:

[root@ken ~]# ls -l /var/spool/mail/ken
-rw-rw—- 1 ken mail 0 Mar 11 18:16 /var/spool/mail/ken
[root@ken ~]# find / -group ken
find: ‘/proc/1709/task/1709/fd/6’: No such file or directory
find: ‘/proc/1709/task/1709/fdinfo/6’: No such file or directory
find: ‘/proc/1709/fd/5’: No such file or directory
find: ‘/proc/1709/fdinfo/5’: No such file or directory
/home/ken
/home/ken/.bash_logout
/home/ken/.bash_profile
/home/ken/.bashrc
/home/ken/.bash_history

[root@ken ~]# ls -l /home/ken -d
drwx—— 2 ken ken 83 Mar 11 18:16 /home/ken

 

5. nouser:指定无属主

例子1:

[root@ken ~]# useradd kenken

[root@ken ~]# touch test
[root@ken ~]# chown kenken: test
[root@ken ~]# userdel kenken
[root@ken ~]# find / -nouser
find: ‘/proc/1811/task/1811/fd/6’: No such file or directory
find: ‘/proc/1811/task/1811/fdinfo/6’: No such file or directory
find: ‘/proc/1811/fd/5’: No such file or directory
find: ‘/proc/1811/fdinfo/5’: No such file or directory
/root/test
/var/spool/mail/kenken
/home/kenken
/home/kenken/.bash_logout
/home/kenken/.bash_profile

 

6. nogroup:指定无属主

[root@ken ~]# find / -nogroup
find: ‘/proc/1848/task/1848/fd/6’: No such file or directory
find: ‘/proc/1848/task/1848/fdinfo/6’: No such file or directory
find: ‘/proc/1848/fd/5’: No such file or directory
find: ‘/proc/1848/fdinfo/5’: No such file or directory
/root/test
/home/kenken
/home/kenken/.bash_logout
/home/kenken/.bash_profile
/home/kenken/.bashrc

 

7.type:指定文件类型

例子1:找到所有的链接文件

[root@ken ~]# find / -type l | head -3
/dev/cdrom
/dev/snd/by-path/pci-0000:02:02.0
/dev/initctl
[root@ken ~]# ls -l /dev/cdrom
lrwxrwxrwx 1 root root 3 May 24 19:19 /dev/cdrom -> sr0
[root@ken ~]#

 

例子2: 找到所有普通文件

[root@ken ~]# find / -type f | head -3
/boot/grub2/device.map
/boot/grub2/i386-pc/gcry_rmd160.mod
/boot/grub2/i386-pc/acpi.mod
[root@ken ~]# ls -l /boot/grub2/device.map
-rw-r–r–. 1 root root 64 Feb 26 22:25 /boot/grub2/device.map
[root@ken ~]#

 

8. size:指定文件大小

例子1:找到大于100M的文件

[root@ken ~]# find / -size +100M
/proc/kcore
find: ‘/proc/2018/task/2018/fd/6’: No such file or directory
find: ‘/proc/2018/task/2018/fdinfo/6’: No such file or directory
find: ‘/proc/2018/fd/5’: No such file or directory
find: ‘/proc/2018/fdinfo/5’: No such file or directory
/sys/devices/pci0000:00/0000:00:0f.0/resource1_wc
/sys/devices/pci0000:00/0000:00:0f.0/resource1
/root/gitlab-ce-8.9.5-ce.0.el7.x86_64.rpm
^C
[root@ken ~]# ls -lh /root/gitlab-ce-8.9.5-ce.0.el7.x86_64.rpm
-rw-r–r– 1 root root 265M Nov 13 2018 /root/gitlab-ce-8.9.5-ce.0.el7.x86_64.rpm

 

9. mtime: 指文件修改时间,权限,属主,属组

例子1:找到文件修改时间一天以上的

[root@ken ~]# find / -mtime +1 | head -3
/boot
/boot/efi
/boot/efi/EFI
[root@ken ~]# stat /boot
File: ‘/boot’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 64 Links: 5
Access: (0555/dr-xr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-05-24 19:31:37.453000000 +0800
Modify: 2019-02-26 22:25:57.574000000 +0800
Change: 2019-03-14 18:49:48.066000000 +0800
Birth: –

 

10. atime:指定文件访问时间

[root@ken ~]# find / -atime +1 | head -3
/boot/grub2/device.map
/boot/grub2/i386-pc/gcry_rmd160.mod
/boot/grub2/i386-pc/acpi.mod
^C
[root@ken ~]# stat /boot/grub2/device.map
File: ‘/boot/grub2/device.map’
Size: 64 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 1572929 Links: 1
Access: (0644/-rw-r–r–) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-02-26 22:25:05.730000000 +0800
Modify: 2019-02-26 22:25:05.582000000 +0800
Change: 2019-02-26 22:25:05.582000000 +0800
Birth: –

 

11.ctime:指定文件内容

例子1:指定文件内容修改一天以上

[root@ken ~]# find / -ctime +1 | head -3
/boot
/boot/efi
/boot/efi/EFI
^C^
[root@ken ~]# stat /boot
File: ‘/boot’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 64 Links: 5
Access: (0555/dr-xr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-05-24 19:31:37.453000000 +0800
Modify: 2019-02-26 22:25:57.574000000 +0800
Change: 2019-03-14 18:49:48.066000000 +0800
Birth: –

 

12. exec: 执行命令

例子1:删除无属主的文件

[root@ken ~]# find / -nouser
find: ‘/proc/2395/task/2395/fd/6’: No such file or directory
find: ‘/proc/2395/task/2395/fdinfo/6’: No such file or directory
find: ‘/proc/2395/fd/5’: No such file or directory
find: ‘/proc/2395/fdinfo/5’: No such file or directory
/root/test
/var/spool/mail/kenken
/home/kenken
/home/kenken/.bash_logout
/home/kenken/.bash_profile
/home/kenken/.bashrc
[root@ken ~]# find / -nouser -exec rm -rf {} ;
find: missing argument to `-exec’
[root@ken ~]# find / -nouser -exec rm -rf {} \;
find: ‘/proc/2451/task/2451/fd/6’: No such file or directory
find: ‘/proc/2451/task/2451/fdinfo/6’: No such file or directory
find: ‘/proc/2451/fd/5’: No such file or directory
find: ‘/proc/2451/fdinfo/5’: No such file or directory
find: ‘/home/kenken’: No such file or directory
[root@ken ~]# find / -nouser
find: ‘/proc/2463/task/2463/fd/6’: No such file or directory
find: ‘/proc/2463/task/2463/fdinfo/6’: No such file or directory
find: ‘/proc/2463/fd/5’: No such file or directory
find: ‘/proc/2463/fdinfo/5’: No such file or directory

 

例子2:xargs

[root@ken ~]# touch {1..100}.txt
[root@ken ~]# powd
-bash: powd: command not found
[root@ken ~]# pwd
/root
[root@ken ~]# ls
100.txt 19.txt 28.txt 37.txt 46.txt 55.txt 64.txt 73.txt 82.txt 91.txt anaconda-ks.cfg
10.txt 1.txt 29.txt 38.txt 47.txt 56.txt 65.txt 74.txt 83.txt 92.txt a.out
11.txt 20.txt 2.txt 39.txt 48.txt 57.txt 66.txt 75.txt 84.txt 93.txt gitlab-ce-8.9.5-ce.0.el7.x86_64.rpm
12.txt 21.txt 30.txt 3.txt 49.txt 58.txt 67.txt 76.txt 85.txt 94.txt ken1
13.txt 22.txt 31.txt 40.txt 4.txt 59.txt 68.txt 77.txt 86.txt 95.txt
14.txt 23.txt 32.txt 41.txt 50.txt 5.txt 69.txt 78.txt 87.txt 96.txt
15.txt 24.txt 33.txt 42.txt 51.txt 60.txt 6.txt 79.txt 88.txt 97.txt
16.txt 25.txt 34.txt 43.txt 52.txt 61.txt 70.txt 7.txt 89.txt 98.txt
17.txt 26.txt 35.txt 44.txt 53.txt 62.txt 71.txt 80.txt 8.txt 99.txt
18.txt 27.txt 36.txt 45.txt 54.txt 63.txt 72.txt 81.txt 90.txt 9.txt
[root@ken ~]# find /root -name “*txt” | xargs rm -rf
[root@ken ~]# ls
anaconda-ks.cfg a.out gitlab-ce-8.9.5-ce.0.el7.x86_64.rpm ken1

 

13.find可以使用-a和-o或!

例子1:找到所有事普通文件并且权限是777

[root@ken ~]# find / -type f -a -perm 644 | head -3
/boot/grub2/device.map
/boot/grub2/i386-pc/gcry_rmd160.mod
/boot/grub2/i386-pc/acpi.mod
[root@ken ~]# ls -l /boot/grub2/device.map
-rw-r–r–. 1 root root 64 Feb 26 22:25 /boot/grub2/device.map

上一篇:1091. Shortest Path in Binary Matrix


下一篇:SIOCDELRT: No such process