一、概述
在日常的维护中,不管是测试还在系统运营,都会有快速安装系统的需求,这时使用网络批量部署能够大大节约时间和工作成本,此时就有cobbler解决方案,能够让管理员快速生成pxe部署服务器。
二、部署
1、环境准备
因为cobbler目前在centos8的镜像仓库中是没有rpm包的,我查看当前centos7支持的最新的yum源的包是2.8.5版本,显然这个版本过于陈旧了,目前官方最新版本是3.2.1,我们这次就安装最新版来实现pxe的部署搭建。在初始yum源我使用的是华为的公有镜像站。
2、下载cobbler源码
3、下载依赖组件的包,最新版是依赖于python3,老系统不支持python3的就别折腾了,我这次是用centos8做为服务器端。使用yum安装所有依赖的包,其中有部分包已经安装过。
yum install -y createrepo_c httpd xorriso python3-mod_wsgi mod_ssl python3-cheetah python3-netaddr python3-librepo python3-schema python3-pyyaml syslinux tftp-server dnf-plugins-core python3-tornado python3-dns python3-magic python3-ldap3 python3-pymongo python3-simplejson python3-django3 fence-agents python3-gssapi
已经成功安装完成
4、为了以后安装方便,本次生成rpm包,其中官方已经提供好makefile,需要再安装一些依赖包。
yum install -y git make python3-devel python3-cheetah python3-sphinx python3-coverage openssl httpd-devel
5、安装python3的wheel模块
pip3 install wheel
6、开始生成rpms包,需要安装rpmbuild工具
yum install -y rpm-build epel-rpm-macros python3-distro
7、安装rpm包
8、配置cobbler的基础配置
我的测试环境没有另外的可以使用dhcp服务器,本机为dhcp服务器,需要dhcp-server软件包
yum install -y dhcp-server
9、启动cobbler、dhcpd、tftp服务
systemctl enable --now cobblerd httpd tftp dhcpd
其中启动dhcp过程中报错服务没有启动成功,这个是因为dhcp配置文件还不存在
10、开启cobbler检查
[root@localhost ~]# cobbler check
The following are potential configuration items that you may want to fix:
1: The ‘server‘(此处需要改服务器地址) field in /etc/cobbler/settings must be set to something other than localhost, or automatic installation features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2: For PXE to be functional, the ‘next_server‘(tftp启动文件服务器) field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3: some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders‘ (需要执行这个命令下载启动文件)to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, and yaboot. The ‘cobbler get-loaders‘ command is the easiest way to resolve these requirements.
4: reposync is not installed, install yum-utils or dnf-plugins-core
5: yumdownloader is not installed, install yum-utils or dnf-plugins-core
6: debmirror package is not installed, it will be required to manage debian deployments and repositories
7: ksvalidator was not found, install pykickstart
8: The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler‘ and should be changed, try: "openssl passwd -1 -salt ‘random-phrase-here‘ ‘your-password-here‘" to generate new one
Restart cobblerd and then run ‘cobbler sync‘ to apply changes.
以上的几个问题项:1、2、3是必须修改,4、5、6、8为可选项。其中第8项推荐修改,关系到系统的缺省密码。
第1个
第2个
第3个执行cobbler get-loaders(目前经过测试github已经不能下载完整,后面还需要自己补充文件)
cp /usr/share/syslinux/{menu.c32,pxelinux.0,libutil.c32,ldlinux.c32} /var/lib/cobbler/loaders/
修改/etc/cobbler/dhcp.template
修改/etc/cobbler/setting.yaml文件开启cobbler管理dhcp
如果需要修改首页提示
/etc/cobbler/boot_loader_conf/pxedefault.template
执行cobbler sync同步配置文件
11、升级签名库
cobbler signature update
如果不升级,会导致导入部分镜像报错
12、导入镜像文件,在导入前已经将8.3光盘挂载/mnt下
cobbler import --name=centos8.3-x86_64 --path=/mnt --arch=x86_64
13、定义专属配置文件,配置前需要将kickstart文件放在/var/lib/cobbler/templates目录,并且将url值改为$tree
cobbler profile add --name=centos8-mylinux-86_64 --distro centos8.3-x86_64 --autoinstall ks-std.ks
14、UEFI支持插件安装
yum install grub2-efi*
本环境源码包中有脚本mkgrub
/root/cobbler-3.2.1/scripts/mkgrub.sh
15、客户端系统验证
BIOS传统模式验证
UEFI模式验证
ks文件参考
#version=RHEL8
# Use graphical install
#graphical
text
#repo --name="AppStream" --baseurl=http://mirrors.163.com/centos/8/AppStream/x86_64/os
%packages
@^minimal-environment
@standard
%end
selinux --disable
firewall --disable
# Keyboard layouts
keyboard --xlayouts=‘us‘
# System language
lang en_US.UTF-8
# Network information
network --bootproto=dhcp --device=ens33 --ipv6=auto --activate
network --hostname=localhost.test.com
# Use network installation
url --url=$tree
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=sda
autopart
# Partition clearing information
clearpart --none --initlabel
# System timezone
timezone Asia/Shanghai --isUtc --nontp
# Root password
rootpw --iscrypted $6$kRTX4Ap5.9Hede.S$1Gq48Rd16HmkOYy5bB6YC7tbdlHmxiaRZERx0nh9yxVS7D5DwFDUJaCEvqGl0CdO5XI0GmGquxmetCcUUexDJ.
%addon com_redhat_kdump --disable --reserve-mb=‘auto‘
%end
reboot
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
三、总结
通过以上步骤可以轻松完成BIOS的系统自动化部署,随着技术在演进,大部分客户环境已经在使用UEFI,因为cobbler缺包较多。后续再做UEFI部分测试。