一、背景介绍

作为运维，在公司经常遇到一些机械性重复工作要做，例如：为新机器装系统，一台两台机器装系统，可以用光盘、U 盘等介质安装，1小时也完成了，但是如果有成百台的服务器还要用光盘、U盘去安装，就显得有些力不从心了。PXE技术就 能很好的解决这个问题，本文将会对PXE的工作原理有所介绍，而cobbler则是基于PXE技术的工作原理的二次封装，通过命 令的方式简化了PXE配置过程。

二、安装系统的方法

光盘（ISO文件，光盘的镜像文件）===>>每一台物理机都得给一个光驱，如果用外置光驱的话，是不是每台机器都 需要插一下
U盘：ISO镜像刻录到U盘==>>需要每台机器都需要插一下
并行安装==>>网络安装
自动化安装

三、PXE说明

PXE，全名Pre-boot Execution Environment，预启动执行环境；
通过网络接口启动计算机，不依赖本地存储设备（如硬盘）或本地已安装的操作系统；
由Intel和Systemsoft公司于1999年9月20日公布的技术；
客户端/Server的工作模式；
PXE客户端会调用网际协议(IP)、用户数据报协议(UDP)、动态主机设定协议(DHCP)、小型文件传输协议(TFTP)等网 络协议；
PXE客户端(客户端)这个术语是指机器在PXE启动过程中的角色。一个PXE客户端可以是一台服务器、笔记本电脑或者其 他装有PXE启动代码的机器（我们电脑的网卡）

PXE+cobbler工作步骤图

image.png

四、cobbler安装系统实践

环境准备

[root@cobbler ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core) [root@cobbler ~]# uname -r 
3.10.0-862.el7.x86_64 
[root@cobbler ~]# hostname
 cobbler 
[root@cobbler ~]# systemctl status firewalld.service 
● firewalld.service - firewalld - dynamic firewall daemon
 Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) 
Docs: man:firewalld(1) 
[root@cobbler ~]# getenforce 
Disabled 
[root@cobbler ~]# hostname -I 10.0.0.202 172.16.1.202

安装cobbler

[root@cobbler ~]# yum install -y cobbler cobbler-web dhcp tftp-server pykickstart httpd python-django

启动服务

[root@cobbler ~]# systemctl start httpd.service cobblerd.service

检测cobbler

[root@cobbler ~]# cobbler check

image.png

检查出8个问题，需要修改
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.
This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
cobbler配置文件中server参数信息要改为相应的指定信息,不能使用默认localhosts
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1,
and should match the IP of the boot server on the PXE network.
cobbler配置文件中next_server参数信息要改为相应指定的tftp服务器地址信息,不能使用默认的127.0.0.1
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
让tftp服务可以被xinetd服务管理
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a recent version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
需要进行下载系统启动时所需使用的启动引导文件信息,使用'cobbler get-loaders'命令
5 : enable and start rsyncd.service with systemctl
需要启动rsync服务,并且设置开机自启动
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
debian系统的一个管理软件包需要安装 debmirror
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
cobbler配置文件中default_password_crypted参数信息要改为相应指定的密码信息,不能使用默认
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
智能电源管理工具没有找到
解决相关检查问题

01. 解决问题一 
[root@cobbler ~]# cp /etc/cobbler/settings{,.ori} #备份配置文件 [root@cobbler ~]# vim +384 /etc/cobbler/settings 
[root@cobbler ~]# sed -i 's/server: 127.0.0.1/server: 172.16.1.202/' /etc/cobbler/settings 
02. 解决问题二 
[root@cobbler ~]# sed -i 's/next_server: 127.0.0.1/next_server: 172.16.1.202/' /etc/cobbler/settings 
03. 解决问题三 
[root@cobbler ~]# sed -i '/disabled/s#yes#no#' /etc/xinetd.d/tftp 
04. 解决问题四 
[root@cobbler ~]# cobbler get-loaders 
[root@cobbler ~]# tree /var/lib/cobbler/loaders/ 
05. 解决问题五 
[root@cobbler ~]# systemctl start rsyncd 
[root@cobbler ~]# systemctl enable rsyncd 
[root@cobbler ~]# systemctl status rsyncd 
06. 解决问题六 
debian系统才需要安装相应软件包, 课程使用centos系统无需安装 
07. 解决问题七 
[root@cobbler ~]# sed -ri "/default_password_crypted/s#(.*: ).*#\1\"`openssl passwd -1 -salt 'oldboy' '123456'`\"#" /etc/cobbler/settings 
[root@cobbler ~]# openssl passwd -1 -salt 'oldboy' '123456' 
08. 解决问题八 需要解决一些脑裂问题,需要安装智能电源软件(暂时无需处理)

重启服务！！！

解决完成后，再次的进行配置检查 
[root@cobbler ~]# cobbler check 
The following are potential configuration items that you may want to fix:
1 : debmirror package is not installed, it will be required to manage debian deployments and repositories 
2 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them Restart cobblerd and then run 'cobbler sync' to apply changes.

修改dhcp服务配置文件

01. 修改配置文件信息 
[root@cobbler ~]# vim /etc/cobbler/dhcp.template 
22 # option routers 172.16.1.5; 
23 # option domain-name-servers 172.16.1.1; 
:%s#192.168.1#172.16.1#g 
#说明: 修改模板配置文件的时候,即可把/etc/dhcp/dhcpd.conf文件进行修改 [root@cobbler ~]#grep 172.16.1 /etc/cobbler/dhcp.template 
subnet 172.16.1.0 netmask 255.255.255.0 { 
# option routers 172.16.1.5; 
# option domain-name-servers 172.16.1.1;
   range dynamic-bootp 172.16.1.100 172.16.1.254; 
02. 使用cobbler服务管理dhcp服务 
[root@cobbler ~]# sed -i 's/manage_dhcp: 0/manage_dhcp: 1/g' /etc/cobbler/settings [root@cobbler ~]# vim /etc/cobbler/settings 
242 manage_dhcp: 1 #将默认数值0改为1,即表示使用cobbler服务管理dhcp服务

启动应有cbbler服务

[root@cobbler ~]# systemctl restart httpd.service rsyncd.service tftp.socket cobblerd.service dhcpd
[root@cobbler ~]# cobbler sync

五、cobbler软件web页面配置

加载cobbler网页信息

image.png

解决方法

[root@cobbler ~]# tailf /var/log/httpd/ssl_error_log #查看日志

image.png

初步判断应该是python-django版本问题

#下载pip.py 
[root@cobbler ~]# wget https://bootstrap.pypa.io/get-pip.py 
#安装pip 
[root@cobbler ~]# yum install python-pip -y 
#调用本地python运行pip.py脚本 
[root@cobbler ~]# python get-pip.py 
#安装Django 
[root@cobbler ~]# pip install Django==1.8.9 
#查看Django版本号 
[root@cobbler ~]# python -c "import django; print(django.get_version())" 
#重启httpd 
[root@cobbler ~]# systemctl restart httpd 
web界面再重新加载

登录cobbler
默认用户名：cobbler 默认密码：cobbler
将光盘导入到系统

image.png

进行改在光盘镜像

[root@cobbler ~]# mount /dev/cdrom /mnt 
mount: /dev/sr0 is write-protected, mounting read-only 
[root@cobbler ~]# df -h

web界面进行导入

image.png

检查到如情况

[root@cobbler ~]# ps -ef|grep rsync

image.png

已经同步成功了 
[root@cobbler ~]# du -sh /var/www/cobbler/ks_mirror/centos7.5_x86_64bit-x86_64/ 
4.2G /var/www/cobbler/ks_mirror/centos7.5_x86_64bit-x86_64/

image.png

六、系统安装过程的配置

修改网络系统安装后主机网卡信息

image.png

image.png

编写网络安装系统时的自动应答文件信息

image.png

image.png

配置文件
install
url --url=$tree
text
lang en_US.UTF-8
keyboard us 
zerombr 
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet" 
#Network information 
$SNIPPET('network_config') 
#network --bootproto=dhcp --device=eth0 --onboot=yes --noipv6 --hostname=CentOS7 
#network --bootproto=dhcp --device=eth1 --onboot=yes --noipv6 --hostname=CentOS7 
timezone --utc Asia/Shanghai 
authconfig --enableshadow --passalgo=sha512 
rootpw --iscrypted $default_password_crypted 
clearpart --all --initlabel
part /boot --fstype xfs --size 1024 
part swap --size 1024 
part / --fstype xfs --size 1 --grow 
firstboot --disable 
selinux --disabled 
firewall --disabled 
logging --level=info 
reboot 
%pre 
$SNIPPET('log_ks_pre') 
$SNIPPET('kickstart_start') 
$SNIPPET('pre_install_network_config') 
# Enable installation monitoring 
$SNIPPET('pre_anamon') 
%end 
%packages 
@^minimal 
@compat-libraries 
@core 
@debugging 
@development 
bash-completion 
chrony 
net-tools 
lrzsz 
nmap 
sysstat 
telnet 
tree 
vim 
wget 
%end 
%post 
systemctl disable postfix.service 
%end

加载配置完成的自动应答配置文件

image.png

image.png

配置主机安装系统完成后获取的IP地址信息

image.png

image.png

配置主机名

image.png

image.png

image.png

image.png

image.png

image.png

配置完成

image.png

使之所有配置信息生效

image.png

image.png

image.png