4
一、介绍
Cobbler 可以用来快速批量安装 Linux 系统,这里我们在 centos 7 上部署它来引导批量安装 ubuntu 18.04.5-server 系统。
环境:
主机 | 系统 | IP地址 |
---|---|---|
server | centos 7.6.1810 | 10.0.0.5 |
node1 | 未安装操作系统 | – |
node2 | 未安装操作系统 | – |
二、配置
1、系统初始化
(1)关闭selinux和防火墙
setenforce 0
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld
(2)配置yum源
mkdir -p /etc/yum.repos.d/centos
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/centos
curl -o /etc/yum.repos.d/CentoS-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo
curl -o /etc/yum.repos.d/epel7.repo http://mirrors.aliyun.com/repo/epel-7.repo
2、安装Cobbler
需要安装相关一些软件。
• dhcp:用来给客户端主机分配可用的IP地址。
• tftp:用来给客户端主机提供引导及驱动文件。
• httpd:用来给客户端主机提供镜像、应答文件以及一些自定义的文件脚本之类的。
yum install -y cobbler cobbler-web dhcp tftp-server httpd pykickstart rsync xinetd
3、配置Cobbler
[root@server ~]# vim /etc/cobbler/settings # 修改以下配置
next_server: 10.0.0.5 # pxe引导地址
server: 10.0.0.5 # Cobbler服务地址
manage_dhcp: 1 # 启用Cobbler的DHCP管理功能
default_password_crypted: "$1$B8DvnqZY$ZtrEjkRM4JOJB.QzwPXmV." # 客户端root用户密码,使用下面加密后的值
# 加密密码
[root@server ~]# openssl passwd -1 '000000' # 最后面单引号里面是要加密的密码
$1$B8DvnqZY$ZtrEjkRM4JOJB.QzwPXmV.
# 可以采用sed替换
sed -ri 's/^(next_server:).*/\1 10.0.0.5/' /etc/cobbler/settings
sed -ri 's/^(server:).*/\1 10.0.0.5/' /etc/cobbler/settings
sed -ri 's/^(manage_dhcp:).*/\1 1/' /etc/cobbler/settings
sed -ri 's#^(default_password_crypted:).*#\1 "$1$B8DvnqZY$ZtrEjkRM4JOJB.QzwPXmV."#' /etc/cobbler/settings
启动 Cobbler 服务,并加载下载一些引导文件
systemctl start cobblerd httpd
cobbler get-loaders
4、配置dhcp
配置 DHCP 模板(注意根据实际网络环境进行修改)
[root@server ~]# vim /etc/cobbler/dhcp.template # 修改以下配置
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.2;
option domain-name-servers 114.114.114.114;
option subnet-mask 255.255.255.0;
range dynamic-bootp 10.0.0.100 10.0.0.200;
5、配置tftp
将 disable 设置为 no 就可以开启 tftp 了
[root@server ~]# vim /etc/xinetd.d/tftp
disable = no
6、同步模板文件
cobbler sync
7、配置seed文件
seed 预配置文件准备。在下面目录中有一些模板文件,一般常用 sample.seed 做标准模板,然后根据实际进行改动。以下 ubuntu18045.seed 就是根据 sample.seed 改动出来的。
[root@server ~]# cd /var/lib/cobbler/kickstarts/
[root@server kickstarts]# ls
default.ks install_profiles sample_autoyast.xml sample_esxi4.ks sample.ks sample.seed.28
esxi4-ks.cfg legacy.ks sample_end.ks sample_esxi5.ks sample_old.seed
esxi5-ks.cfg pxerescue.ks sample_esx4.ks sample_esxi6.ks sample.seed
[root@server kickstarts]# vim ubuntu18045.seed
下面是 ubuntu18045.seed 文件内容。(注意根据实际情况进行修改)
# Mostly based on the Ubuntu installation guide
# https://help.ubuntu.com/18.04/installation-guide/
# Debian sample
# https://www.debian.org/releases/stable/example-preseed.txt
# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US
# Keyboard selection.
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us
d-i keyboard-configuration/toggle select No toggling
d-i keyboard-configuration/layoutcode string us
d-i keyboard-configuration/variantcode string
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
#set $myhostname = $getVar('hostname',$getVar('name','cobbler')).replace("_","-")
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string $myhostname
# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
# d-i hw-detect/load_firmware boolean true
# NTP/Time Setup
d-i time/zone string Asia/Shanghai
d-i clock-setup/utc boolean true
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string ntp1.aliyun.com
# Setup the installation source
d-i mirror/country string manual
d-i mirror/http/hostname string $http_server
d-i mirror/http/directory string $install_source_directory
d-i mirror/http/proxy string
#set $os_v = $getVar('os_version','')
#if $breed == "ubuntu" and $os_v and $os_v.lower() != 'precise'
# Required at least for ubuntu 12.10+ , so test os_v is not precise. Olders versions are not supported anymore
d-i live-installer/net-image string http://$http_server/cobbler/links/$distro_name/install/filesystem.squashfs
#end if
# Suite to install.
# d-i mirror/suite string precise
# d-i mirror/udeb/suite string precise
# Components to use for loading installer components (optional).
#d-i mirror/udeb/components multiselect main, restricted
# Disk Partitioning
# Use LVM, and wipe out anything that already exists
#d-i partman-auto/disk string /dev/sda
#d-i partman/choose_partition select finish
#d-i partman/confirm boolean true
#d-i partman/confirm_nooverwrite boolean true
#d-i partman-auto/method string lvm
#d-i partman-auto/method string regular
#d-i partman-lvm/device_remove_lvm boolean true
#d-i partman-lvm/confirm boolean true
#d-i partman-lvm/confirm_nooverwrite boolean true
#d-i partman-md/device_remove_md boolean true
#d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman-auto/disk string /dev/sda
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-auto/method string regular
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-auto/choose_recipe select atomic
d-i partman-md/device_remove_md boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
#d-i partman/default_filesystem string ext4
#d-i partman/mount_style select uuid
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /usr, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
# If you just want to change the default filesystem from ext3 to something
# else, you can do that without providing a full recipe.
# d-i partman/default_filesystem string ext4
# root account and password
d-i passwd/root-login boolean true
d-i passwd/root-password-crypted password $default_password_crypted
# skip creation of a normal user account.
d-i passwd/make-user boolean false
# You can choose to install restricted and universe software, or to install
# software from the backports repository.
#d-i apt-setup/restricted boolean false
#d-i apt-setup/universe boolean false
#d-i apt-setup/backports boolean false
# Uncomment this if you don't want to use a network mirror.
# d-i apt-setup/use_mirror boolean false
# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
#d-i apt-setup/services-select multiselect security
#d-i apt-setup/security_host string mirrors.aliyun.com
#d-i apt-setup/security_path string /ubuntu
d-i apt-setup/services-select multiselect security
d-i apt-setup/security_host string 10.0.0.5
d-i apt-setup/security_path string /cobbler/ks_mirror/ubuntu-18.04.5-X86_64
$SNIPPET('preseed_apt_repo_config')
# Enable deb-src lines
# d-i apt-setup/local0/source boolean true
# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out
# d-i apt-setup/local0/key string http://local.server/key
# By default the installer requires that repositories be authenticated
# using a known gpg key. This setting can be used to disable that
# authentication. Warning: Insecure, not recommended.
# d-i debian-installer/allow_unauthenticated boolean true
# Package selection
# Default for minimal
tasksel tasksel/first multiselect standard
# Default for server
# tasksel tasksel/first multiselect standard, web-server
# Default for gnome-desktop
# tasksel tasksel/first multiselect standard, gnome-desktop
# Individual additional packages to install
# wget is REQUIRED otherwise quite a few things won't work
# later in the build (like late-command scripts)
#d-i pkgsel/include string wget ntp ssh
#d-i pkgsel/include string openssh-server
d-i pkgsel/include string wget ssh
#d-i pkgsel/upgrade select none
#d-i pkgsel/update-policy select none
# Debian needs this for the installer to avoid any question for grub
# Please verify that it suit your needs as it may overwrite any usb stick
#if $breed == "debian"
d-i grub-installer/grub2_instead_of_grub_legacy boolean true
d-i grub-installer/bootdev string default
#d-i grub-installer/timeout string 5
#end if
# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
d-i debian-installer/add-kernel-opts string $kernel_options_post
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
## Figure out if we're kickstarting a system or a profile
#if $getVar('system_name','') != ''
#set $what = "system"
#else
#set $what = "profile"
#end if
# This first command is run as early as possible, just after preseeding is read.
# d-i preseed/early_command string [command]
d-i preseed/early_command string wget -O- \
http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_early_default | \
/bin/sh -s
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
# d-i partman/early_command \
# string debconf-set partman-auto/disk "\$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
# d-i preseed/late_command string [command]
d-i preseed/late_command string wget -O- \
http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_late_default | \
chroot /target /bin/sh -s
d-i preseed/late_command string mkdir -p /target/root/.ssh ; \
wget -O /target/etc/apt/sources.list http://$http_server/cobbler/ks_mirror/bash/sources.list ; \
wget -P /target/etc/netplan/ http://$http_server/cobbler/ks_mirror/bash/50-cloud-init.yaml.bak ; \
wget -P /target/root/ http://$http_server/cobbler/ks_mirror/bash/ubuntu18.sh ; \
wget -P /target/root/ http://$http_server/cobbler/ks_mirror/bash/network.sh ; \
wget -P /target/root/ http://$http_server/cobbler/ks_mirror/bash/NVIDIA-Linux-x86_64-460.67.run ; \
wget -P /target/root/.ssh http://$http_server/cobbler/ks_mirror/bash/authorized_keys ; \
chmod 400 /target/root/.ssh/authorized_keys ; \
cd /target ; \
chroot ./ bash /root/ubuntu18.sh ; \
chroot ./ sh /root/NVIDIA-Linux-x86_64-460.67.run --no-x-check --no-nouveau-check --no-opengl-files -q -a -s --ui=none ; \
echo ""
8、导入镜像
(1)系统镜像准备
mkdir -p /mnt/ubuntu
mount -t iso9660 -r -o ro,loop ubuntu-18.04.5-server-amd64.iso /mnt/ubuntu/
(2)导入镜像
cobbler import --path=/mnt/ubuntu --name=ubuntu-18.04.5 --kickstart=/var/lib/cobbler/kickstarts/ubuntu18045.seed --arch=x86_64
验证:
[root@server kickstarts]# cobbler list
distros:
ubuntu-18.04.5-hwe-x86_64
ubuntu-18.04.5-x86_64
profiles:
ubuntu-18.04.5-hwe-x86_64
ubuntu-18.04.5-x86_64
systems:
repos:
ubuntu-18.04.5-hwe-x86_64
ubuntu-18.04.5-x86_64
images:
mgmtclasses:
packages:
files:
9、文件和脚本准备
注意根据实际情况进行修改。
[root@server ~]# mkdir -p /var/www/cobbler/ks_mirror/bash
[root@server ~]# cd /var/www/cobbler/ks_mirror/bash
秘钥准备,用作 cobbler 服务端与节点机的免密:
[root@server bash]# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
[root@server bash]# cp -a /root/.ssh/id_rsa.pub authorized_keys
系统初始化脚本:(要干什么自行添加修改)
[root@server bash]# vim ubuntu18.sh
#!/bin/bash
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
systemctl stop ufw.service
systemctl disable ufw.service
echo -e "NTP=ntp1.aliyun.com\nFallbackNTP=ntp.ubuntu.com" >> /etc/systemd/timesyncd.conf
systemctl restart systemd-timesyncd
apt update
apt install -y vim gcc make gparted net-tools htop screen
cat >> /etc/security/limits.conf << EOF
* soft nofile 655350
* hard nofile 655350
* soft nproc 655350
* hard nproc 655350
root soft nofile 655350
root hard nofile 655350
root soft nproc 655350
root hard nproc 655350
EOF
cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat > /etc/sysctl.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
EOF
/sbin/sysctl -p
#cd /root/
#chmod +x NVIDIA-Linux-x86_64-460.67.run
#./NVIDIA-Linux-x86_64-460.67.run --no-x-check --no-nouveau-check --no-opengl-files -q -a -s --ui=none
rm -rf /root/ubuntu18.sh
apt 源文件 sources.list,使用阿里源:
[root@server bash]# vim sources.list
deb https://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
显卡驱动准备
[root@server bash]# wget https://cn.download.nvidia.com/XFree86/Linux-x86_64/460.67/NVIDIA-Linux-x86_64-460.67.run
网卡配置模板文件:(根据实际修改)
[root@server bash]# vim 50-cloud-init.yaml.bak
network:
ethernets:
ens8f0:
addresses:
- 10.0.0.x/24
gateway4: 10.0.0.2
nameservers:
addresses:
- 114.114.114.114
enxb03af2b6059f:
dhcp4: true
version: 2
网络脚本,用于修改之前的网卡配置模板文件并应用。在装好的系统上执行此脚本,输入IP修改网卡IP地址,将动态地址换成静态地址。(根据实际修改)
[root@server bash]# vim network.sh
#!/bin/bash
cd /etc/netplan/
gzip 01-netcfg.yaml
read -p "please ip address: " IP
cat 50-cloud-init.yaml.bak | sed '/\/24$/c " - '"$IP"'/24' | sed 's/"//' > 50-cloud-init.yaml
chmod 644 50-cloud-init.yaml
netplan apply
cd
10、配置pxe默认启动项
只改动了timeout,其余用默认的没动。
(1)修改超时时间
[root@server ~]# vim /etc/cobbler/pxe/pxedefault.template # 修改以下配置
TIMEOUT 10
(2)设置pxe_timeout_profile变量启动项
[root@server ~]# cobbler system add --name=default --profile=ubuntu-18.04.5-hwe-x86_64
(3)同步
[root@server ~]# cobbler sync
11、多网卡环境网卡选择
当服务器有多块网卡时,会停在网卡选择哪里不动,需要人工进行选择。使用 seed 文件里的 netcfg/choose_interface select 选项指定网卡,并不会生效,这是一个已知的bug。
要解决这个问题,需要将此选项传递给内核,则它将按预期工作,如下:
其余不动,只添加 netcfg/choose_interface=auto 指令。
[root@server ~]# vim /var/lib/tftpboot/pxelinux.cfg/default
......省略
LABEL ubuntu-18.04.5-hwe-x86_64
kernel /images/ubuntu-18.04.5-hwe-x86_64/linux
MENU LABEL ubuntu-18.04.5-hwe-x86_64
append initrd=/images/ubuntu-18.04.5-hwe-x86_64/initrd.gz ksdevice=bootif netcfg/choose_interface=auto lang= text auto-install/enable=true priority=critical url=http://10.0.0.5/cblr/svc/op/ks/profile/ubuntu-18.04.5-hwe-x86_64 hostname=ubuntu-18.04.5-hwe-x8664 domain=local.lan suite=bionic
ipappend 2
......省略
12、启动服务
[root@server ~]# systemctl restart cobblerd dhcpd httpd rsyncd xinetd
[root@server ~]# systemctl enable cobblerd dhcpd httpd rsyncd xinetd
三、cobbler相关文件和常用命令
1、相关文件
1、Cobbler配置文件目录:/etc/cobbler
/etc/cobbler/settings # cobbler主配置文件
/etc/cobbler/dhcp.template # DHCP服务的配置模板
/etc/cobbler/tftpd.template # tftp服务的配置模板
/etc/cobbler/pxe # pxe模板文件,主要是 pxedefault.template
/etc/cobbler/dnsmasq.template # DNS服务的配置模板
2、Cobbler数据目录:/var/lib/cobbler
/var/lib/cobbler/kickstarts # 默认存放kickstart文件
/var/lib/cobbler/loaders # 存放的各种引导程序
3、系统安装镜像目录:/var/www/cobbler
/var/www/cobbler/ks_mirror # 导入的系统镜像列表
/var/www/cobbler/images # 导入的系统镜像启动文件
/var/www/cobbler/repo_mirror # repo源存储目录
4、日志目录:/var/log/cobbler
/var/log/cobbler/install.log # 客户端系统安装日志
/var/log/cobbler/cobbler.log # cobbler日志
5、dhcp和tftp相关
/etc/dhcp/dhcpd.conf # dhcp服务配置文件
/var/lib/tftpboot/ # tftp共享目录,存放引导文件
/var/lib/tftpboot/pxelinux.cfg/default # pxe网络安装选择菜单
/var/lib/tftpboot/grub/efidefault # pxe网络安装选择菜单(uefi)
2、常用命令
cobbler list # 列出所有的cobbler元素
cobbler check # 检查cobbler配置,主要用于检查cobbler配置是否有错
cobbler sync # 同步模板文件配置到dhcp、pxe和数据目录,更改某些配置后记得执行一下,同步一下配置。
cobbler import # 导入安装的系统光盘镜像
cobbler report # 列出各元素的详细信息
cobbler distro # 查看导入的发行版系统信息,不但可以查看导入的发行版系统信息还可以增加与修改等
cobbler profile # 查看配置信息,不但可以查看Kickstart文件而且还可以编辑与删除此文件
cobbler system # 查看添加的系统信息
cobbler reposync # 同步yum仓库到本地,同步远程的yum源到本地
cobbler signature update
cobbler --help # 获得cobbler的帮助
cobbler distro --help # 获得cobbler子命令的帮助
4
cobbler有很多网卡support不是很好, 基本是最大的痛点了吧;
而且cobbler现在好像不再支持boot loaders了;
博主能详细讲解下preseed的分区部分么?
文中分区是自动标准分区,它会自动识别 legacy 和 uefi 的方式,根据不同的方式自动处理去分区。至于配置项的意思去查阅官方文档吧。
一般来说:
legacy:自动分一个区,分配所有硬盘容量,挂载在 / 下。磁盘格式是dos,也就是mbr。
uefi:自动分两个分区,一个是特殊分区EFI分区,挂载在/ boot/efi 下;一个是根分区。磁盘格式是gpt。