Cobbler無人值守安裝centos6

1.1 Cobbler集成的服務

PXE服務支持
DHCP服務管理
DNS服務管理(可選bind,dnsmasq)
電源管理
Kickstart服務支持
YUM倉庫管理
TFTP(PXE啟動時需要)
Apache(提供kickstart的安裝源，並提供定制化的kickstart配置)

#配置阿裏雲的epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

yum -y install dhcp tftp-server pykickstart httpd

yum -y install cobbler cobbler-web

#註意：報錯Django >= 1.4
Error: Package: cobbler-web-2.6.11-6.git95749a6.el6.noarch (epel)
Requires: Django >= 1.4

yum install python-simplejson
wget https://kojipkgs.fedoraproject.org//packages/Django14/1.4.14/1.el6/noarch/Django14-1.4.14-1.el6.noarch.rpm
rpm -ivh Django14-1.4.14-1.el6.noarch.rpm

#如果缺少下列中的包，安裝下

yum -y install mod_ssl python-cheetah createrepo python-netaddr genisoimage mod_wsgi syslinux PyYAML

[root@Cobbler ~]#yum -y install dhcp tftp-server pykickstart httpd cobbler cobbler-web

[root@Cobbler ~]#/etc/init.d/httpd restart
[root@Cobbler ~]#/etc/init.d/cobblerd restart

httpd: Could not reliably determine the server‘s fully qualified domain name, using 127.0.0.1 for ServerName

[root@Cobbler ~]#vim /etc/httpd/conf/httpd.conf #添加以下一行
ServerName localhost:80

#檢查Cobbler的配置，如果報銷或看不到下面的結果，再次執行/etc/init.d/cobblerd restart
[root@Cobbler ~]#cobbler check 1條條的完成

1 : The ‘server‘ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the ‘next_server‘ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change ‘disable‘ to ‘no‘ in /etc/xinetd.d/tftp
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders‘ to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a recent version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders‘ command is the easiest way to resolve these requirements.
5 : change ‘disable‘ to ‘no‘ in /etc/xinetd.d/rsync
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler‘ and should be changed, try: "openssl passwd -1 -salt ‘random-phrase-here‘ ‘your-password-here‘" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

1 2 7
[root@Cobbler ~]#vim /etc/cobbler/settings
原server: 127.0.0.1
server: 192.168.44.19

原next_server: 127.0.0.1
next_server: 192.168.44.19

原manage_dhcp: 0 #讓cobbler管理DHCP
manage_dhcp: 1

原default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
default_password_crypted: "$1$cobbler$sqDDOBeLKJVmxTCZr52/11"

#密碼設置方法
openssl passwd -1 -salt ‘隨機值‘ ‘密碼‘
[root@Cobbler ~]#openssl passwd -1 -salt ‘cobbler‘ ‘123456‘ $1$cobbler$sqDDOBeLKJVmxTCZr52/11

3.改/etc/xinetd.d/tftp的disable為no
原disable = yes
disable = on

4.[root@Cobbler ~]#cobbler get-loaders
task started: 2018-06-07_004722_get_loaders
task started (id=Download Bootloader Content, time=Thu Jun 7 00:47:22 2018)
.........

5.vim /etc/xinetd.d/rsync
原disable = yes
disable = on

#密碼設置方法
openssl passwd -1 -salt ‘隨機值‘ ‘密碼‘
[root@Cobbler ~]#openssl passwd -1 -salt ‘cobbler‘ ‘123456‘ $1$cobbler$sqDDOBeLKJVmxTCZr52/11

快速修改配置文件
cp /etc/cobbler/settings{,.ori}
sed -i ‘s/server: 127.0.0.1/server: 192.168.44.19/‘ /etc/cobbler/settings
sed -i ‘s/next_server: 127.0.0.1/next_server: 192.168.44.19/‘ /etc/cobbler/settings
sed -i ‘s/manage_dhcp: 0/manage_dhcp: 1/‘ /etc/cobbler/settings
sed -i ‘s/pxe_just_once: 0/pxe_just_once: 1/‘ /etc/cobbler/settings
sed -i ‘s/$1$mF86\/UHC$WvcIcX2t6crBz2onWxyac./$1$cobbler$sqDDOBeLKJVmxTCZr52\/11/‘ /etc/cobbler/settings

cp /etc/xinetd.d/rsync{,.ori}
sed -i ‘s/yes/no/‘ /etc/xinetd.d/rsync

cp /etc/cobbler/dhcp.template{,.ori}
[root@Cobbler ~]#vim /etc/cobbler/dhcp.template
subnet 192.168.44.0 netmask 255.255.255.0 {
option routers 192.168.44.2;
option domain-name-servers 192.168.44.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.44.100 192.168.44.254;

cp /etc/xinetd.d/tftp{,.ori}
vim /etc/xinetd.d/tftp
原disable = yes
disable = on

[root@Cobbler ~]#cobbler get-loaders

#改了dhcp的模板,就要同步一下配置
[root@Cobbler ~]#cobbler sync

#服務重啟
/etc/init.d/httpd restart && /etc/init.d/xinetd restart && /etc/init.d/cobblerd restart && /etc/init.d/dhcpd restart

#服務開機自起動
chkconfig httpd on && chkconfig xinetd on && chkconfig cobblerd on && chkconfig dhcpd on

#域添加服務管理，一個服務控制4個服務,要加執行權限
#chmod +x /etc/init.d/cobbler-all
[root@Cobbler init.d]#vim /etc/init.d/cobbler-all
#!/bin/bash
#chkconfig: 345 80 90
#description:cobbler
case $1 in
start)
/etc/init.d/httpd start
/etc/init.d/xinetd start
/etc/init.d/dhcpd start
/etc/init.d/cobblerd start
;;
stop)
/etc/init.d/httpd stop
/etc/init.d/xinetd stop
/etc/init.d/dhcpd stop
/etc/init.d/cobblerd stop
;;
restart)
/etc/init.d/httpd restart
/etc/init.d/xinetd restart
/etc/init.d/dhcpd restart
/etc/init.d/cobblerd restart
;;
status)
/etc/init.d/httpd status
/etc/init.d/xinetd status
/etc/init.d/dhcpd status
/etc/init.d/cobblerd status
;;
sync)
cobbler sync
;;
*)
echo "Input error,please in put ‘start|stop|restart|status|sync‘!"
exit 2
;;
esac

[root@Cobbler ~]#cobbler check #這2個不需要處理
1 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

#Centos7.4導入
[root@Cobbler ~]#mount /dev/cdrom /mnt/
[root@Cobbler ~]#ls /mnt/
CentOS_BuildTag GPL LiveOS RPM-GPG-KEY-CentOS-7
EFI images Packages RPM-GPG-KEY-CentOS-Testing-7
EULA isolinux repodata TRANS.TBL

[root@Cobbler ~]#cobbler import --path=/mnt/ --name=Centos7.4 --arch=x86_64
#--path 鏡像路徑
#--name 為安裝源定義一個名字
#--arch 指定安裝源是32位、64位、ia64, 目前支持的選項有: x86│x86_64│ia64
#安裝源的唯一標示就是根據name參數來定義，本例導入成功後，安裝源的唯一標示就是：Centos6.9，如果重復，系統會提示導入失敗。

#原7.4系統導入成功
[root@Cobbler ~]#du -h /|grep /var/www/cobbler/ks_mirror/Centos7.4-x86_64
4.2G /var/www/cobbler/ks_mirror/Centos7.4-x86_64

#Centos6.9導入
[root@Cobbler ~]#mount /dev/cdrom /mnt/
[root@Cobbler ~]#ls /mnt/
CentOS_BuildTag isolinux RPM-GPG-KEY-CentOS-Debug-6
EFI Packages RPM-GPG-KEY-CentOS-Security-6
EULA RELEASE-NOTES-en-US.html RPM-GPG-KEY-CentOS-Testing-6
GPL repodata TRANS.TBL
images RPM-GPG-KEY-CentOS-6

[root@Cobbler ~]#cobbler import --path=/mnt/ --name=Centos6.9 --arch=x86_64

#原6.9系統導入成功
[root@Cobbler ~]#du -h /|grep /var/www/cobbler/ks_mirror/Centos6.9-x86_64
3.8G /var/www/cobbler/ks_mirror/Centos6.9-x86_64

#查看鏡像列表
[root@Cobbler ~]#cobbler distro list
Centos6.9-x86_64
Centos7.4-x86_64

#查看鏡像的目錄
[root@Cobbler ~]# ls /var/www/cobbler/ks_mirror/
Centos6.9-x86_64 Centos7.4-x86_64 config

#查看ks文件存放位置 sample_end.ks（默認使用的ks文件）
[root@Cobbler ~]#ls /var/lib/cobbler/kickstarts/
default.ks legacy.ks sample_esx4.ks sample_old.seed
esxi4-ks.cfg pxerescue.ks sample_esxi4.ks sample.seed
esxi5-ks.cfg sample_autoyast.xml sample_esxi5.ks
install_profiles sample_end.ks sample.ks

#Cetnos6.9的cfg配置文件
[root@Cobbler kickstarts]#cat /var/lib/cobbler/kickstarts/Centos6.9-x86_64.cfg
#kickstart template for Fedora 8 and later.
#(includes %end blocks)
#do not use with earlier distros
#platform=x86, AMD64, or Intel EM64T
#System authorization information
#auth --useshadow --enablemd5
authconfig --enableshadow --passalgo=sha512
#System bootloader configuration
bootloader --location=mbr --driveorder=sda --append="nomodeset crashkernel=auto rhgb quiet"
#Partition clearing information
clearpart --all --initlabel
#Use text mode install
text
#Firewall configuration
firewall --disabled
#Run the Setup Agent on first boot
firstboot --disable
#System keyboard
keyboard us
#System language
lang en_US
#Use network installation
url --url=$tree
#If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
#Network information
$SNIPPET(‘network_config‘)
#Reboot after installation
reboot
logging --level=info

#Root password
rootpw --iscrypted $default_password_crypted
#SELinux configuration
selinux --disabled
#Do not configure the X Window System
skipx
#System timezone
timezone Asia/Shanghai
#Install OS instead of upgrade
install
#Clear the Master Boot Record
zerombr
#Allow anaconda to partition the system as needed
#autopart
part /boot --fstype=ext4 --asprimary --size=200
part swap --asprimary --size=1024
part / --fstype=ext4 --grow --asprimary --size=200

%pre
$SNIPPET(‘log_ks_pre‘)
$SNIPPET(‘kickstart_start‘)
$SNIPPET(‘pre_install_network_config‘)
#Enable installation monitoring
$SNIPPET(‘pre_anamon‘)
%end

%packages@base
br/>@base
@Development tools
@debugging Tools
@Dial-up Networking Support
wget
%end

%post --nochroot
$SNIPPET(‘log_ks_post_nochroot‘)
%end

%post
$SNIPPET(‘log_ks_post‘)
#Start yum configuration
$yum_config_stanza
#End yum configuration
$SNIPPET(‘post_install_kernel_options‘)
$SNIPPET(‘post_install_network_config‘)
$SNIPPET(‘func_register_if_enabled‘)
$SNIPPET(‘download_config_files‘)
$SNIPPET(‘koan_environment‘)
$SNIPPET(‘redhat_register‘)
$SNIPPET(‘cobbler_register‘)
#Enable post-install boot notification
$SNIPPET(‘post_anamon‘)
#Start final steps
$SNIPPET(‘kickstart_done‘)
#End final stepsi
mkdir -p /srv/scripts
wget -O /tmp/Initialization-install.sh http://192.168.44.19/cobbler/ks_mirror/Centos6.9-x86_64/Initialization-install.sh
wget -O /srv/scripts/backup.sh http://192.168.44.19/cobbler/ks_mirror/Centos6.9-x86_64/backup.sh
chmod +x /srv/scripts/backup.sh
chmod +x /tmp/Initialization-install.sh
/bin/sh /tmp/Initialization-install.sh
%end

---

#Centos6.9初始化和優化腳本
[root@Cobbler Centos6.9-x86_64]#cat /var/www/cobbler/ks_mirror/Centos6.9-x86_64/Initialization-install.sh
#/bin/sh
#備份源有的yum倉庫
mv /etc/yum.repos.d/CentOS-Base.repo{,.ori}
mv /etc/yum.repos.d/CentOS-Debuginfo.repo{,.ori}
mv /etc/yum.repos.d/CentOS-fasttrack.repo{,.ori}
mv /etc/yum.repos.d/CentOS-Media.repo{,.ori}
mv /etc/yum.repos.d/CentOS-Vault.repo{,.ori}

#創建局域網yum倉庫
cat > /etc/yum.repos.d/yum-http.repo << EOF
[yumserver]
name=yum01
baseurl=http://192.168.44.71/centos6.9/
enabled=1
gpgcheck=0
EOF

#安裝阿裏雲源 阿裏雲EPEL源 zabbix3.0源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
rpm -i http://repo.zabbix.com/zabbix/3.0/rhel/6/x86_64/zabbix-release-3.0-1.el6.noarch.rpm

#局域網yum源和互聯網yum源切換
cat > /etc/yum.repos.d/wnayum.sh << EOF
mv CentOS-Base.repo1 CentOS-Base.repo
mv epel.repo1 epel.repo
mv zabbix.repo1 zabbix.repo
mv yum-http.repo yum-http.repo1
EOF

cat > /etc/yum.repos.d/lanyum.sh << EOF
mv CentOS-Base.repo CentOS-Base.repo1
mv epel.repo epel.repo1
mv zabbix.repo zabbix.repo1
EOF

chmod +x /etc/yum.repos.d/wnayum.sh
chmod +x /etc/yum.repos.d/lanyum.sh

#安裝常用工具
yum -y install tree links samba-client cifs-utils lrzsz wget vim

#安裝服務軟件
yum -y install zabbix-agent rsync salt-minion ntp httpd

#安裝nginx依賴包
yum -y install gcc gcc-c++ glibc make autoconf openssl openssl-devel pcre pcre-devel zlib zlib-devel

#安裝mysql依賴包
yum -y install gcc gcc-c++ ncurses ncurses-devel cmake bison

#安裝php相關包
yum -y install libmcrypt libmcrypt-devel mhash mhash-devel php-mcrypt libevent libevent-devel libxml2 libxml2-devel bzip2-devel libpng-devel freetype-devel libxslt-devel net-snmp-devel readline-devel aspell-devel unixODBC-devel libicu-devel libc-client libc-client-devel libXpm-devel libvpx-devel enchant-devel openldap openldap-devel postgresql-devel db4-devel gmp-devel sqlite-devel pcre-devel mysql-devel openssl-devel swig libjpeg-turbo libjpeg-turbo-devel libpng freetype zlib zlib-devel

#開啟所需要的服務
chkconfig --list |egrep "ntpd|ntpdate|salt-minion|zabbix-agent|crond|httpd|sshd|network|rsyslog|sysstal"|awk ‘{print "chkconfig",$1,"on"}‘ |bash

#關閉不必要的服務
chkconfig --list |egrep -v "ntpd|ntpdate|salt-minion|zabbix-agent|crond|httpd|sshd|network|rsyslog|sysstal" |awk ‘{print "chkconfig",$1,"off"}‘|bash

#命令別名
echo "alias rm=‘echo Please backup before deleting‘" >>/root/.bashrc
echo "alias grep=‘grep --color=auto‘" >>/root/.bashrc
echo "namedate=.terry.$(date +%F)v1" >> /root/.bash_profile

#系統優化

/etc/issue && > /etc/issue.net
echo ‘welcome to linux‘ > /etc/motd
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g‘ /etc/selinux/config
sed -i ‘13 iPort 52222\nPermitRootLogin yes\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no‘ /etc/ssh/sshd_config
/etc/init.d/iptables stop >/dev/null
chkconfig iptables off >/dev/null

#內核參數優化
[ -f /etc/sysctl.conf.bak ] && /bin/cp /etc/sysctl.conf.bak /etc/sysctl.conf.bak.$(date +%F) ||/bin/cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat >> /etc/sysctl.conf <<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
EOF
sysctl -p >/dev/null 2>&1

#更新別名配置文件
source /root/.bash_profile
source /etc/profile
source /root/.bashrc

#配置rsync密碼文件
echo "yehaixiao" >/etc/rsync.password
chmod 600 /etc/rsync.password

#計劃任務
echo ‘/5 /usr/sbin/ntpdate -u time.nist.gov >/dev/null 2>&1‘ >> /var/spool/cron/root
echo ‘00 10 /bin/sh /srv/scripts/backup.sh >/dev/null 2>&1‘ >> /var/spool/cron/root

#調整文件描述符數量
/bin/cp /etc/security/limits.conf /etc/security/limits.conf.bak
echo ‘* - nofile 65535‘>>/etc/security/limits.conf

#服務器重要文件備份腳本
[root@Cobbler Centos6.9-x86_64]#cat /var/www/cobbler/ks_mirror/Centos6.9-x86_64/backup.sh
#/bin/sh
#backup
hostn=$(hostname)
ip=$(grep -i ipaddr /etc/sysconfig/network-scripts/ifcfg-eth0|awk -F "=" ‘{print $2}‘)
Path="/backup/$hostn-$ip"

if [ $(date +%w) -eq 0 ]
then
Time="week$(date +%F%w -d "-1day")"
else
Time=$(date +%F)
fi
mkdir -p /$Path
#tar
tar zcf /$Path/www$Time.tar.gz /var/www/html/ &&\
tar zcf /$Path/log$Time.tar.gz /var/log/ &&\
tar zcf /$Path/conf$Time.tar.gz /var/spool/cron/root /etc/rc.local /etc/sysconfig/iptables /srv/scripts/ &&\
find /$Path/ -type f -name "$Time.tar.gz"|xargs md5sum > /$Path/flag_$Time.txt
rsync -avz --password-file=/etc/rsync.password /backup/ rsync@BACKUP::backup
find /backup/ -type f -mtime +7 ( -name ".tar.gz" -o -name "*.txt" )|xargs rm -f

[root@Cobbler kickstarts]#cobbler list
distros: #倉庫
Centos6.9-x86_64

profiles: #配置
Centos6.9-x86_64
......

#修改ks文件的路徑，
[root@Cobbler ~]#cobbler profile edit --name=Centos6.9-x86_64 --kickstart=/var/lib/cobbler/kickstarts/Centos7.4-x86_64.cfg

#查看profile配置參數
[root@Cobbler ~]#cobbler profile report
Name : Centos6.9-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : Centos6.9-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/Centos6.9-x86_64.cfg
Kickstart Metadata : {}

#修改開機提示
[root@Cobbler kickstarts]#cat /etc/cobbler/pxe/pxedefault.template
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler By Terry | http://www.yehaixiao.com
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT $pxe_timeout_profile

LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1

$pxe_menu_items

MENU end

#重啟動服務
[root@Cobbler ~]#/etc/init.d/cobbler-all restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
Shutting down dhcpd: [ OK ]
Starting dhcpd: [ OK ]
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: [ OK ]

#執行同步
[root@Cobbler kickstarts]#cobbler sync

#自動化安裝，配置IP，主機名，DNS
[root@Cobbler kickstarts]#cobbler system add --name=test001 --mac=00:50:56:28:69:F0 --profile=Centos6.9-x86_64 --ip-address=192.168.44.68 --subnet=255.255.255.0 --gateway=192.168.44.2 --interface=eth0 --static=1 --hostname=cobbler02 --name-servers="192.168.44.2"

#查看自動安裝列表
[root@Cobbler kickstarts]#cobbler system list
test001

#web端管理方法
http://192.168.0.2/cobbler_web/
設置用戶名密碼：
為已存在的用戶重置密碼：
htdigest /etc/cobbler/users.digest "Cobbler" cobbler
添加新用戶：
htdigest /etc/cobbler/users.digest "Cobbler" yourname

Cobbler無人值守安裝centos6.9