Cobbler部署

cobbler介绍

Cobbler是一个快速网络安装linux的服务，而且在经过调整也可以支持网络安装windows。该工具使用python开发，小巧轻便（才15k行代码），使用简单的命令即可完成PXE网络安装环境的配置，同时还可以管理DHCP，DNS，以及yum包镜像。
Cobbler支持命令行管理，web界面管理，还提供了API接口，可以方便二次开发使用。

cobbler安装准备

关闭iptables与selinux

chkconfig iptables off 
vim /etc/selinux/config
SELINUX=disabled

安装源准备并安装cobbler软件

yum -y install debmirror
yum -y install httpd rsync tftp-server xinetd dhcp python-ctypes pykickstart fence-agents
rpm -ivh http://download.Fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
 
yum -y install cobbler
wget http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/Django14-1.4.21-1.el6.noarch.rpm
yum -y install cobbler-web

配置tftp-server与rsync

开启tftp与rsync服务

chkconfig tftp on
chkconfig rsync on
chkconfig xinetd on

配置httpd配置文件

vim /etc/httpd/conf/httpd.conf
sed -i "/#ServerName/a\ServerName $ip:80" /etc/httpd/conf/httpd.conf

配置cobbler主配置文件

sed -i "s/next_server: 127.0.0.1/next_server: $ip/g" /etc/cobbler/settings
sed -i "s/server: 127.0.0.1/server: $ip/g" /etc/cobbler/settings
sed -i "s/manage_dhcp: 0/manage_dhcp: 1/g" /etc/cobbler/settings
sed -i "s/manage_rsync: 0/manage_rsync: 1/g" /etc/cobbler/settings

配置cobbler web登录认证配置文件

grep -B 1 "module = authn_configfile" /etc/cobbler/modules.conf --color
#sed -i 's/module = authn_denyall/module = authn_configfile/g' /etc/cobbler/modules.conf

设置Cobbler用户名密码

htdigest /etc/cobbler/users.digest "Cobbler" cobbler

备注：”Cobbler”务必大写，否则帐号虽然创建，会无法登录

生成Cobbler安装系统root初始密码

openssl passwd -1 -salt 'random-phrase-here' 'root'  $1$random-p$WbZ3JxhRzCS/1Ne4S9g4Z.

将上面的加密串加入cobbler配置文件中

配置DHCP

mv /etc/cobbler/dhcp.template /etc/cobbler/dhcp.template.bak
vim /etc/cobbler/dhcp.template
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
subnet 192.168.10.0 netmask 255.255.255.0 {
option routers 192.168.10.1;
option domain-name-servers 192.168.10.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.10.200 192.168.10.220;
filename "/pxelinux.0";
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
}

启动相关服务

chkconfig httpd on
chkconfig xinetd on
chkconfig dhcpd on
chkconfig cobblerd on
service httpd restart
service xinetd restart 
service dhcpd restart 
service cobblerd restart

检查配置，执行

cobbler check
 
执行完后出现下面的信息
The following are potential configuration items that you may want to fix:
 
The following are potential configuration items that you may want to fix:
1 : service dhcpd is not running
2 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
3 : file /etc/xinetd.d/rsync does not exist
4 : comment out 'dists' on /etc/debmirror.conf for proper debian support
5 : comment out 'arches' on /etc/debmirror.conf for proper debian support

暂时先忽略，因为/etc/dhcp/dhcpd.conf 文件没有配置，通过cobbler去同步配置
执行 cobbler get-loaders，系统将自动下载loader程序，完成提示2的修复工作。
忽略（感觉是系统误报）
修复debian/Ubuntu系统安装选项支持包
修复debian/Ubuntu系统安装选项支持包

vim /etc/debmirror.conf
注释掉如下两行。 
#@dists="sid"; 
#@arches="i386"

说明：前提是安装debmirror pykickstart这两个包!

所有提示全部修复之后，执行cobbler check

执行同步 cobbler sync

再次检查配置

重启所有服务

service cobblerd restart
service xinetd restart
service httpd restart
service dhcpd restart

导入linux ISO安装镜像

挂载ISO光盘镜像

mount /dev/sr0 /mnt

开始导入光盘镜像

cobbler import --path=/mnt/ --arch=x86_64 --name CentOS6.7

ks装机模版

#platform=x86, AMD64, or Intel EM64T
# System authorization information
auth  --useshadow  --enablemd5

# System bootloader configuration
bootloader --location=mbr

# Partition clearing information
clearpart --all --initlabel

# Use text mode install
text

# Firewall configuration
firewall --disable

# Run the Setup Agent on first boot
firstboot --disable

# System keyboard
keyboard us

# System language
lang en_US

# Use network installation
url --url=$tree

# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza

# Network information
$SNIPPET('network_config')

# Reboot after installation
reboot

#Root password
rootpw --iscrypted $default_password_crypted

# SELinux configuration
selinux --disabled

# Do not configure the X Window System
skipx

# System timezone
timezone  Asia/Shanghai

# Install OS instead of upgrade
install

# Clear the Master Boot Record
zerombr

# Allow anaconda to partition the system as needed
#autopart
part /boot  --fstype="ext4" --size=500 --ondisk=sda
part pv.01 --size=1 --grow --ondisk=sda
volgroup vg pv.01
logvol swap --vgname=vg --size=4096 --name=lv_swap
#logvol / --vgname=vg --size=20480 --name=lv_root
logvol / --vgname=vg --size=1 --grow --name=lv_root --fstype="ext4"
#logvol /opt --vgname=vg --size=1 --grow --name=lv_opt --fstype="ext4"
 
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
#$SNIPPET('func_install_if_enabled')
#$SNIPPET('puppet_install_if_enabled')
@base
@development
%end
%post
$SNIPPET('log_ks_post')

# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('puppet_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')

#system service
/sbin/chkconfig --level 345 abrt-ccpp off
/sbin/chkconfig --level 345 abrtd off
/sbin/chkconfig --level 345 abrt-oops off
/sbin/chkconfig --level 345 acpid off
/sbin/chkconfig --level 345 atd off
/sbin/chkconfig --level 345 auditd off
/sbin/chkconfig --level 345 avahi-daemon off
/sbin/chkconfig --level 345 cpuspeed off
/sbin/chkconfig --level 345 haldaemon off
/sbin/chkconfig --level 345 ip6tables off
/sbin/chkconfig --level 345 iptables off
/sbin/chkconfig --level 345 kdump off
/sbin/chkconfig --level 345 mdmonitor off
/sbin/chkconfig --level 345 messagebus off
/sbin/chkconfig --level 345 postfix off
/sbin/chkconfig --level 345 udev-post off

#limit.conf
cat <<EOF >> /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
* soft nproc  5000
* hard nproc  5000
* soft memlock  unlimited
* hard memlock  unlimited
EOF

#kernel
cat <<EOF >> /etc/sysctl.conf
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_tw_buckets = 100000
EOF

#create log dir
/bin/mkdir  -p /opt/genewiznj/logs/{apache,php,nginx}
/bin/mkdir  -p /etc/rsyncd/

#restart network
/etc/init.d/network restart

#install laohulab.com-repo
wget http://10.105.42.17/repo/genewiznj.repo -P  /etc/yum.repos.d/
mv /etc/yum.repos.d/CentOS*.repo /tmp/
mv /etc/yum.repos.d/cobbler*.repo  /tmp/
mv /etc/yum.repos.d/epel*  /tmp/
yum clean all && yum update

#install zabbix agent
#yum -y install zabbix-agent

#install puppet
yum -y install puppet 

#install ipmitool
#yum -y install OpenIPMI-devel.x86_64 ipmitool.x86_64
#/etc/init.d/ipmi start
#chkconfig ipmi on
 
#install lrzsz
yum -y install lrzsz

# install mysql client
yum -y install mysql

#install  telnet
yum -y install telnet

#install iptraf
yum -y install iptraf

#install screen
yum -y install screen

#install nc
yum -y install nc

#yum install python mysql module
yum -y install MySQL-python

#install htop iftop
yum -y install htop iftop

yum -y install yum-plugin-priorities

yum -y install tree

$SNIPPET('post_install_network_config')

# Enable post-install boot notification
$SNIPPET('post_anamon')

# Start final steps
$SNIPPET('kickstart_done')

# End final steps
%end

批量新增装机信息

对文本app.txt格式做如下约定

sn	ks-profile	hostname	mac	ip
6QZKXD2	CentOS6.7-x86_64	test.com	28:F1:0E:58:53:6E	10.40.100.101

#/usr/bin/env python
#encoding=utf-8
import os,sys
def add_server():
	f = file('/root/app.txt','rb')
	f_list = f.readlines()
	f.close()
	s = os.popen('cobbler system list')
	v = s.read()
	for line in f_list:
		l = line.split()
		sn = l[0]
		profile = l[1]
		hostname = l[2]
		mac = l[3]
		ip = l[4]
		gw = '.'.join(f_list[0].split()[4].split('.')[0:3]) + '.250'
		if sn in v.split():
			print '\033[31;1mError,%s exist!\033[0m' % sn
			continue
		else:
			os.system('cobbler system add --name=%s --profile=%s --hostname=%s --name-servers=192.168.1.246 --mac=%s --ip-address=%s --gateway=%s --subnet=255.255.255.0 --static=1 --interface=eth0 --name-servers-search=laohulab.com --owners=admin --kopts=biosdevname=0,net.ifnames=0 --kopts-post=biosdevname=0,net.ifnames=0 --virt-bridge=xenbr0 --netboot-enabled=Y  ' % (sn,profile,hostname,mac,ip,gw))
			if sn in os.popen('cobbler system list').read().split():
				print '\033[32;1madd %s succeful!\033[0m' % sn
			else:
				print '\033[31;1madd %s failer!\033[0m' % sn
if __name__ == '__main__':
	try:
		add_server()
	except TypeError:
		print 'Please input valid data!'