Cobbler 配置

1. 環(huán)境描述

• 系統(tǒng)環(huán)境： CentOS 7.3
• 網(wǎng)絡(luò)環(huán)境： 有兩塊網(wǎng)卡，第一塊用來配置正常訪問互聯(lián)網(wǎng)，第二塊配另一個(gè)網(wǎng)段，這里配置172.16.1.1，用來提供無人值守安裝系統(tǒng)。
• SELinux： 關(guān)閉狀態(tài)
• iptables、firewalld： 防火墻關(guān)閉狀態(tài)

2. 安裝部署

1. 安裝前請(qǐng)先配好epel源，然后使用yum進(jìn)行安裝：

   rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
   yum install cobbler cobbler-web pykickstart debmirror dhcp tftp-server httpd syslinux xinetd
   

2. 安裝好后，把/var/lib/tftpboot/ 目標(biāo)下所有文件移動(dòng)到另一位置，因?yàn)榇四夸浵碌奈募坑蒫obbler自己來生成。

   mkdir /root/pxeboot
   mv /var/lib/tftpboot/* /root/pxeboot/
   

3. 這時(shí)再編輯/etc/dhcp/dhcpd.conf，內(nèi)容如下：

   [root@localhost ~]# cat /etc/dhcp/dhcpd.conf
   #
   # DHCP Server Configuration file.
   #   see /usr/share/doc/dhcp*/dhcpd.conf.example
   #   see dhcpd.conf(5) man page
   #
   option domain-name "localhost.localdomain";
   option domain-name-servers 114.114.114.114,223.6.6.6;
   
   default-lease-time 3600;
   max-lease-time 7200;
   
   log-facility local7;
   
   subnet 172.16.1.0 netmask 255.255.255.0 {
       range 172.16.1.2 172.16.1.20;
       option routers 172.16.1.1;
       filename "pxelinux.0";
   }
   

4. 確保第二塊網(wǎng)卡網(wǎng)絡(luò)配置正確，這里僅作測試臨時(shí)配置：

   ifconfig enp6s0f1 172.16.1.1/24
   

5. 依次啟動(dòng)服務(wù)：

   systemctl start dhcpd.service && systemctl enable dhcpd.service
   systemctl start cobblerd.service && systemctl enable cobblerd.service
   systemctl start httpd.service && systemctl enable httpd.service
   systemctl start rsyncd.service && systemctl enable rsyncd.service
   systemctl start xinetd.service && systemctl enable xinetd.service
   

6. 環(huán)境檢查修改：

   cobbler check
   

• 報(bào)錯(cuò)：

  1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
  2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
  3 : change 'disable' to 'no' in /etc/xinetd.d/tftp.
  4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
  5 : comment out 'dists' on /etc/debmirror.conf for proper debian support
  6 : comment out 'arches' on /etc/debmirror.conf for proper debian support
  7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
  8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
  

• 解決：
  1、2： 修改/etc/cobbler/settings
  server: 172.16.1.1
  next_server: 172.16.1.1
  3： 修改/etc/xinetd.d/tftp
  disable = no
  4： 此問題可忽略
  5、6：修改/etc/debmirror.conf，注釋掉@dists="sid"和@arches="i386"
  #@dists="sid";
  #@arches="i386";
  7： 修改默認(rèn)密碼，注意，此密碼是安裝系統(tǒng)默認(rèn)的管理員root密碼
  生成密碼串
  openssl passwd -1 -salt openssl rand -hex 4
  Password:
  0a7998bb1OrhhdGoYj.Ngr2yRzGuKB0"
  8： 此問題可忽略

接著重啟cobblerd服務(wù)，然后再執(zhí)行cobbler check進(jìn)行檢查，直到只?？珊雎缘膯栴}:

    systemctl restart cobblerd.service
    cobbler check
        The following are potential configuration items that you may want to fix:

        1 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
        2 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

        Restart cobblerd and then run 'cobbler sync' to apply changes.

3. cobbler_web

設(shè)置cobbler_web登錄頁面的用戶和密碼：

    htdigest /etc/cobbler/users.digest "Cobbler" cobbler
    Changing password for user cobbler in realm Cobbler
    New password: 
    Re-type new password: 

• 提示：
  "Cobbler"：Rename提示信息
  cobbler : 這個(gè)是用戶名
  /etc/cobbler/users.digest ：帳號(hào)文件

• 注意： 在cobbler-web-2.8.0-4.el7.noarch這個(gè)版本上，要通過https協(xié)議訪問，用http協(xié)議訪問提示403報(bào)錯(cuò)。

此時(shí)正常來說可以從瀏覽器中通過http(s)://YOUR_COBBLERD_IP/cobbler_web訪問。

4. 鏡像導(dǎo)入

在系統(tǒng)中將CentOS 7.3 鏡像導(dǎo)入，此功能在cobbler_web上也應(yīng)該可以操作，但沒有研究過：

    mkdir /media/cdrom
    mount /var/local/iso/CentOS-7-x86_64-DVD-1611.iso /media/cdrom
    cobbler import --name="CentOS-7-x86_64-DVD-1611" --path=/media/cdrom

接著以同樣的方式導(dǎo)入CentOS 6.5，此時(shí)在命令行可執(zhí)行cobbler distro list 可查看到已經(jīng)導(dǎo)入進(jìn)來的鏡像。默認(rèn)在導(dǎo)入鏡像的同時(shí)，已經(jīng)有創(chuàng)建好了對(duì)應(yīng)的profile，可以安裝使用了，默認(rèn)是最小化安裝。profile可執(zhí)行cobbler profile list查看。
如果要自定義profile，可以用下面命令操作：

    cobbler profile add --name="CentOS-7-x86_64-web" --distro=CentOS-7-x86_64-DVD-1611 --kickstart=/var/lib/cobbler/kickstarts/centos7-web.ks
    cobbler sync

最后要特別注意，每次操作后都要執(zhí)行cobbler sync來同步操作生效。上面要用到的centos7-web.ks文件制作，這里不再介紹，可以通過system-config-kickstart圖形化工具來生成和編輯，可以使用yum來安裝：

    yum install system-config-kickstart
    
    # 啟動(dòng)可執(zhí)行：
    system-config-kickstart

關(guān)于profile、ks文件制作、cobbler sync同步等，建議在cobbler_web界面上操作，比較方便。

個(gè)人同步博客地址。