說明:
Cobbler伺服器系統:CentOS 5.10 64位
IP位址:192.168.21.128
需要安裝部署的Linux系統:
eth0(第一塊網卡,用于外網)IP位址段:192.168.21.160-192.168.21.200
eth1(第二塊網卡,用于内網)IP位址段:10.0.0.160-10.0.0.200
子網路遮罩:255.255.255.0
網關:192.168.21.2
DNS:8.8.8.8 8.8.4.4
所有伺服器均支援PXE網絡啟動
實作目的:通過配置Cobbler伺服器,全自動批量安裝部署Linux系統
具體操作:
第一部分:在Cobbler伺服器上操作
一、關閉SELINUX
vi /etc/selinux/config
#SELINUX=enforcing #注釋掉
#SELINUXTYPE=targeted #注釋掉
SELINUX=disabled #增加
:wq! #儲存退出
setenforce 0 #使配置立即生效
二、配置防火牆,開啟TCP:80端口、TCP:25151端口、UDP:69端口
vi /etc/sysconfig/iptables #編輯
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #http服務需要此端口
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT #tftp服務需要此端口
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT #cobbler需要此端口
/etc/init.d/iptables restart #最後重新開機防火牆使配置生效
三、安裝Cobbler
cd /usr/local/src
wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm #CentOS 5.x 64位
rpm -ivh epel-release-5-4.noarch.rpm
備注:
wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm #CentOS 5.x 32位
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm #CentOS6.x 64位
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm #CentOS6.x 32位
yum install cobbler tftp tftp-server xinetd dhcp httpd rsync #安裝cobbler
yum install pykickstart debmirror python-ctypes cman #安裝運作cobbler需要的軟體包
四、配置Cobbler
1、設定http服務
vi /etc/httpd/conf.d/wsgi.conf
LoadModule wsgi_module modules/mod_wsgi.so #取消前面的注釋
:wq! #儲存退出
chkconfig httpd on #設定開機啟動
service httpd start #啟動
2、設定tftp服務開機啟動
vi /etc/cobbler/tftpd.template #編輯
service tftp
{
disable = no #修改為no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -B 1380 -v -s /tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
3、設定rsync服務開機啟動
vi /etc/xinetd.d/rsync #編輯配置檔案,設定開機啟動rsync
service rsync
disable = no #修改為no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
/etc/init.d/xinetd start #啟動(CentOS中是以xinetd 來管理Rsync和tftp服務的)
4、配置cobbler相關參數
vi /etc/debmirror.conf #注釋掉 @dists 和 @arches 兩行
#@dists="sid";
#@arches="i386";
openssl passwd -1 -salt 'osyunwei' '123456' #生成預設模闆下系統安裝完成之後root賬号登入密碼
$1$osyunwei$sEV8iwXXuR4CqzLXyLnzm0 #記錄下這行,下面會用到
vi /etc/cobbler/settings #編輯,修改
default_password_crypted: "$1$osyunwei$sEV8iwXXuR4CqzLXyLnzm0"
next_server: 192.168.21.128
server: 192.168.21.128
manage_dhcp: 1
default_kickstart: /var/lib/cobbler/kickstarts/default.ks
系統運維 www.osyunwei.com 溫馨提醒:qihang01原創内容©版權所有,轉載請注明出處及原文連結
5、配置dhcp伺服器
vi /etc/cobbler/dhcp.template #編輯,修改
subnet 192.168.21.0 netmask 255.255.255.0 { #設定網段
option routers 192.168.21.2; #設定網關
option domain-name-servers 8.8.8.8,8.8.4.4; #設定dns伺服器位址
option subnet-mask 255.255.255.0; #設定子網路遮罩
range dynamic-bootp 192.168.21.160 192.168.21.200; #設定dhcp伺服器IP位址租用的範圍
default-lease-time 21600; #預設租約時間
max-lease-time 43200; #最大租約時間
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
if option pxe-system-type = 00:02 {
filename "ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename "grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename "pxelinux.0";
vi /etc/sysconfig/dhcpd #指定DHCP服務的網絡接口
DHCPDARGS=eth0
dhcpd #測試dhcp伺服器配置是否正确
chkconfig dhcpd on #設定開機啟動
chkconfig cobblerd on #設定開機啟動
cobbler get-loaders #安裝cobbler相關工具包,否則檢查cobbler配置會報錯
service cobblerd start #啟動cobbler
cobbler sync #同步配置檔案到dhcp伺服器
service dhcpd start #啟動dhcp服務
6、設定cobbler相關服務啟動腳本
vi /etc/rc.d/init.d/cobbler #編輯,添加以下代碼
#!/bin/sh
# chkconfig: - 80 90
# description:cobbler
case $1 in
start)
/etc/init.d/httpd start
/etc/init.d/xinetd start
/etc/init.d/dhcpd start
/etc/init.d/cobblerd start
;;
stop)
/etc/init.d/httpd stop
/etc/init.d/xinetd stop
/etc/init.d/dhcpd stop
/etc/init.d/cobblerd stop
restart)
/etc/init.d/httpd restart
/etc/init.d/xinetd restart
/etc/init.d/dhcpd restart
/etc/init.d/cobblerd restart
status)
/etc/init.d/httpd status
/etc/init.d/xinetd status
/etc/init.d/dhcpd status
/etc/init.d/cobblerd status
sync)
cobbler sync
*)
echo "Input error,please in put 'start|stop|restart|status|sync'!";
exit 2>&1 >/dev/null &
esac
chmod +x /etc/rc.d/init.d/cobbler #添加腳本執行權限
chkconfig cobbler on #添加開機啟動
service cobbler restart #重新開機cobbler
cobbler check #檢查cobbler配置,出現下面的提示,SELinux和防火牆前面已經設定過了,不用理會
=====================================================================================
The following are potential configuration items that you may want to fix:
1 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
2 : since iptables may be running, ensure 69, 80/443, and 25151 are unblocked
Restart cobblerd and then run 'cobbler sync' to apply changes
五、挂載系統安裝鏡像到http伺服器站點目錄
上傳系統安裝鏡像檔案CentOS-5.10-x86_64-bin-DVD-1of2.iso到/usr/local/src/目錄
mkdir -p /var/www/html/os/CentOS-5.10-x86_64 #建立挂載目錄
mount -t iso9660 -o loop /usr/local/src/CentOS-5.10-x86_64-bin-DVD-1of2.iso /var/www/html/os/CentOS-5.10-x86_64 #挂載系統鏡像
vi /etc/fstab #添加以下代碼。實作開機自動挂載
/usr/local/src/CentOS-5.10-x86_64-bin-DVD-1of2.iso /var/www/html/os/CentOS-5.10-x86_64 iso9660 defaults,ro,loop 0 0
備注:iso9660使用df -T 檢視裝置 解除安裝:umount /var/www/html/os/CentOS-5.10-x86_64
重複上面的操作,把自己需要安裝的CentOS系統鏡像檔案都挂載到/var/www/html/os/目錄下
例如:
CentOS-5.10-x86_64-bin-DVD-1of2.iso
CentOS-6.5-x86_64-bin-DVD1.iso
六、建立kickstarts自動安裝腳本
cd /var/lib/cobbler/kickstarts #進入預設Kickstart模闆目錄
vi /var/lib/cobbler/kickstarts/CentOS-5.10-x86_64.ks #建立CentOS-5.10-x86_64安裝腳本
# Kickstart file automatically generated by anaconda.
install
url --url=http://192.168.21.128/cobbler/ks_mirror/CentOS-5.10-x86_64-x86_64/
lang en_US.UTF-8
zerombr yes
key --skip
keyboard us
network --device eth0 --bootproto dhcp --onboot on
#network --device eth0 --bootproto static --ip 192.168.21.250 --netmask 255.255.255.0 --gateway 192.168.21.2 --nameserver 8.8.8.8 --hostname CentOS5.10
rootpw --iscrypted $1$QqobZZ1g$rYnrawi9kYlEeUuq1vcRS/
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --disabled
timezone Asia/Shanghai
bootloader --location=mbr --driveorder=sda
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --linux
clearpart --all --initlabel
part / --bytes-per-inode=4096 --fstype="ext3" --size=2048
part /boot --bytes-per-inode=4096 --fstype="ext3" --size=128
part swap --bytes-per-inode=4096 --fstype="swap" --size=500
part /data --bytes-per-inode=4096 --fstype="ext3" --grow --size=1
reboot
%packages
ntp
@base
@core
@dialup
@editors
@text-internet
keyutils
trousers
fipscheck
device-mapper-multipath
%post
#同步系統時間
ntpdate cn.pool.ntp.org
hwclock --systohc
echo -e "0 1 * * * root /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null" >> /etc/crontab
service crond restart
#添加使用者組
groupadd maintain
groupadd develop
mkdir -p /home/maintain
mkdir -p /home/develop
#添加使用者
useradd -g maintain user01 -d /home/maintain/user01 -m
echo "123456"|passwd user01 --stdin
useradd -g maintain user02 -d /home/maintain/user02 -m
echo "123456"|passwd user02 --stdin
useradd -g maintain user03 -d /home/maintain/user03 -m
echo "123456"|passwd user03 --stdin
useradd -g maintain user04 -d /home/maintain/user04 -m
echo "123456"|passwd user04 --stdin
#禁止root使用者直接登入系統
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/g" '/etc/ssh/sshd_config'
service sshd restart
#禁止開機啟動的服務
chkconfig acpid off
chkconfig atd off
chkconfig autofs off
chkconfig bluetooth off
chkconfig cpuspeed off
chkconfig firstboot off
chkconfig gpm off
chkconfig haldaemon off
chkconfig hidd off
chkconfig ip6tables off
chkconfig isdn off
chkconfig messagebus off
chkconfig nfslock off
chkconfig pcscd off
chkconfig portmap off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig yum-updatesd off
chkconfig sendmail off
#允許開機啟動的服務
chkconfig crond on
chkconfig kudzu on
chkconfig network on
chkconfig readahead_early on
chkconfig sshd on
chkconfig syslog on
#禁止使用Ctrl+Alt+Del快捷鍵重新開機伺服器
sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/g" '/etc/inittab'
telinit q
#優化系統核心
echo -e "ulimit -c unlimited" >> /etc/profile
echo -e "ulimit -s unlimited" >> /etc/profile
echo -e "ulimit -SHn 65535" >> /etc/profile
source /etc/profile
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf'
echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_max = 131072" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf
echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_conntrack_max = 819200" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_local_port_range = 10024 65535" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_len = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
/sbin/sysctl -p
#執行外部腳本
cd /root
wget http://192.168.21.128/cobbler/ks_mirror/config/autoip.sh
sh /root/autoip.sh
vi /var/www/cobbler/ks_mirror/config/autoip.sh #建立腳本,自動設定Linux系統靜态IP位址、DNS、網關、計算機名稱
ROUTE=$(route -n|grep "^0.0.0.0"|awk '{print $2}')
BROADCAST=$(/sbin/ifconfig eth0|grep -i bcast|awk '{print $3}'|awk -F":" '{print $2}')
HWADDR=$(/sbin/ifconfig eth0|grep -i HWaddr|awk '{print $5}')
IPADDR=$(/sbin/ifconfig eth0|grep "inet addr"|awk '{print $2}'|awk -F":" '{print $2}')
NETMASK=$(/sbin/ifconfig eth0|grep "inet addr"|awk '{print $4}'|awk -F":" '{print $2}')
cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF
DEVICE=eth0
BOOTPROTO=static
BROADCAST=$BROADCAST
HWADDR=$HWADDR
IPADDR=$IPADDR
NETMASK=$NETMASK
GATEWAY=$ROUTE
ONBOOT=yes
EOF
IPADDR1=$(echo $IPADDR|awk -F"." '{print $4}')
cat >/etc/sysconfig/network-scripts/ifcfg-eth1<<EOF
DEVICE=eth1
BROADCAST=10.0.0.255
HWADDR=$(/sbin/ifconfig eth1|grep -i HWaddr|awk '{print $5}')
IPADDR=10.0.0.$IPADDR1
NETMASK=255.255.255.0
HOSTNAME=OsYunWei_HZ_$(echo $IPADDR|awk -F"." '{print $4}')
cat >/etc/sysconfig/network<<EOF
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=$HOSTNAME
echo "127.0.0.1 $HOSTNAME" >> /etc/hosts
hostname=$HOSTNAME
echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
七、導入系統鏡像到cobbler
cobbler import --path=/var/www/html/os/CentOS-5.10-x86_64 --name=CentOS-5.10-x86_64 --arch=x86_64 #導入系統鏡像檔案,需要一段時間
cd /var/www/cobbler/ks_mirror #進入系統鏡像導入目錄
指令格式:cobbler import --path=鏡像路徑 -- name=安裝引導名 --arch=32位或64位
重複上面的操作,把其他的系統鏡像檔案導入到cobbler
八、設定profile,按照作業系統版本分别關聯系統鏡像檔案和kickstart自動安裝檔案
在第一次導入系統鏡像時,cobbler會給安裝鏡像指定一個預設的kickstart自動安裝檔案
例如:CentOS-5.10-x86_64版本的kickstart自動安裝檔案為:/var/lib/cobbler/kickstarts/sample.ks
cobbler profile report --name CentOS-5.10-x86_64 #檢視profile設定
cobbler distro report --name CentOS-5.10-x86_64 #檢視安裝鏡像檔案資訊
cobbler profile remove --name=CentOS-5.10-x86_64 #移除profile
cobbler profile add --name=CentOS-5.10-x86_64 --distro=CentOS-5.10-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-5.10-x86_64.ks #添加
cobbler profile edit --name=CentOS-5.10-x86_64 --distro=CentOS-5.10-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-5.10-x86_64.ks #編輯
指令:cobbler profile add|edit|remove --name=安裝引導名 --distro=系統鏡像名 --kickstart=kickstart自動安裝檔案路徑
--name:自定義的安裝引導名,注意不能重複
--distro:系統安裝鏡像名,用cobbler distro list可以檢視
--kickstart:與系統鏡像檔案相關聯的kickstart自動安裝檔案
#檢視Cobbler清單
cobbler list
cobbler report
cobbler profile report
cobbler distro list
#通過profile查找對應的kickstart自動安裝檔案檔案
ksfile=$( cobbler profile report --name CentOS-5.10-x86_64|grep -E '^Kickstart' |head -n 1|cut -d ':' -f 2 );cat $ksfile;
重複上面的操作,把其他的系統鏡像檔案和kickstart自動安裝檔案關聯起來
注意:
1、kickstart自動安裝檔案需要預先配置好
2、每次修改完配置檔案,需要執行一次同步操作:cobbler sync 配置才能生效
3、kickstart自動安裝檔案可以用工具生成(需要用到圖形界面操作)
yum install system-config-kickstart #安裝
yum groupinstall "X Window System" #安裝X Window圖形界面
system-config-kickstart #運作kickstart配置
service cobbler sync #與cobbler sync作用相同
service cobbler restart #重新開機cobbler
第二部分:設定要安裝的伺服器從網絡啟動
開機之後,如下圖所示,根據需要選擇相應的系統版本進行安裝,安裝完成之後,系統會自動重新開機
![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiInBnaucTM5IzLcRDMvwFNxAjMvw1ckF2bsBXdvwFduVGdu92YtA3dvwVbvNmLpV2duVXez9mL3d3dvw1LcpDc0RHaiojIsJye.jpg)
重新安裝系統:
在需要重裝系統的伺服器上安裝koan
wget http://dl.fedoraproject.org/pub/epel/5/x86_64/koan-2.4.0-1.el5.noarch.rpm #CentOS 5.X
rpm -ivh koan-2.4.0-1.el5.noarch.rpm #安裝koan
http://dl.fedoraproject.org/pub/epel/6/x86_64/koan-2.4.0-1.el6.noarch.rpm #CentOS 6.X
yum install cobbler debmirror pykickstart python-ctypes cman #安裝koan運作依賴包(需要設定epel源)
koan --list=profiles --server=192.168.21.128 #檢視Cobbler伺服器系統鏡像清單
koan --replace-self --server=192.168.21.128 --profile=CentOS-5.10-x86_64 #選擇要重裝的系統
reboot #重新啟動系統進行自動安裝
擴充閱讀:
Cobbler目錄說明:
1、Cobbler配置檔案目錄:/etc/cobbler
/etc/cobbler/settings #cobbler主配置檔案
/etc/cobbler/dhcp.template #DHCP服務的配置模闆
/etc/cobbler/tftpd.template #tftp服務的配置模闆
/etc/cobbler/rsync.template #rsync服務的配置模闆
/etc/cobbler/iso #iso模闆配置檔案
/etc/cobbler/pxe #pxe模闆檔案
/etc/cobbler/power #電源的配置檔案
/etc/cobbler/users.conf #Web服務授權配置檔案
/etc/cobbler/users.digest #用于web通路的使用者名密碼配置檔案
/etc/cobbler/dnsmasq.template #DNS服務的配置模闆
/etc/cobbler/modules.conf #Cobbler子產品配置檔案
2、Cobbler資料目錄:/var/lib/cobbler
/var/lib/cobbler/config #配置檔案
/var/lib/cobbler/triggers #Cobbler指令
/var/lib/cobbler/kickstarts #預設存放kickstart檔案
/var/lib/cobbler/loaders #存放的各種引導程式
3、系統安裝鏡像目錄:/var/www/cobbler
/var/www/cobbler/ks_mirror #導入的系統鏡像清單
/var/www/cobbler/images #導入的系統鏡像啟動檔案
/var/www/cobbler/repo_mirror #yum源存儲目錄
4、日志目錄:/var/log/cobbler
/var/log/cobbler/install.log #用戶端系統安裝日志
/var/log/cobbler/cobbler.log #cobbler日志
至此,Cobbler全自動批量安裝部署Linux系統完成。
***************當你發現自己的才華撐不起野心時,就請安靜下來學習吧***************
本文轉自散盡浮華部落格園部落格,原文連結:http://www.cnblogs.com/kevingrace/p/5685480.html,如需轉載請自行聯系原作者