Cobbler 无值守自动按照操作系统

对于需要安装操作系统的任务，反复安装操作系统是否的繁琐，有没有一种方法可以自动化安装操作系统呢？本文介绍如何使用 Cobbler 无值守自动按照操作系统

介绍

• PXE (Preboot eXecution Environment) 技术提供了一种使用网络接口（Network Interface）启动计算机的机制。 这种机制让计算机的启动可以不依赖本地数据存储设备（如硬盘）或本地已安装的操作系统。
• DHCP (Dynamic Host Configuration Protocol) 常用语内部网或网络服务供应商自动分配IP地址给计算机
• TFTP (Trivial File Transfer Protocol) 简单文件传输协议
• Cobbler 是基于 PXE 通过封装 DHCP、TFTP 等技术，实现自动按照操作系统的一个软件，代码开源在 cobbler/cobbler

安装

• 设置hostname

hostnamectl set-hostname cobbler

• 部署

yum install -y cobbler cobbler-web xinetd dhcp*

• 启动服务

systemctl start cobblerd
systemctl enable cobblerd
systemctl status cobblerd

# tftp 监听在 69 端口
systemctl start tftp
systemctl enable tftp
systemctl status tftp

systemctl start httpd
systemctl enable httpd
systemctl status httpd

systemctl start xinetd
systemctl enable xinetd
systemctl status xinetd

• 配置 DHCP

vim /etc/cobbler/dhcp.template

subnet 172.20.0.0 netmask 255.255.255.0 {
     option routers             172.20.0.1;
     option domain-name-servers 172.20.0.1;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        172.20.0.100 172.20.0.254;
...

命令

• cobbler check # 检查cobbler配置
• cobbler sync # 步配置到dhcp pxe和数据目录
• cobbler list # 列出所有的cobbler元素
• cobbler import # 导入安装的系统光盘镜像
• cobbler report # 列出各元素的详细信息
• cobbler distro # 查看导入的发行版系统信息
• cobbler profile # 查看配置信息
• cobbler system # 查看添加的系统信息
• cobbler reposync # 同步yum仓库到本地

错误检查

# 解决好这里输出的需求，就可以使用 cobbler
$ cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : ksvalidator was not found, install pykickstart
8 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
9 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

• 解决1、2、8

生产随机密码，iamsalt 为随机混淆码：

$ openssl passwd -1 -salt 'iamsalt' '123456'
$1$iamsalt$5BvmyuwLd.7ReNQzw7LLv1

vim /etc/cobbler/settings

default_password_crypted: "$1$iamsalt$5BvmyuwLd.7ReNQzw7LLv1"
manage_dhcp: 1
next_server: 172.20.0.15
server: 172.20.0.15

• 解决3

vim /etc/xinetd.d/tftp

disable no  # yes -> no

重启服务

systemctl restart tftp

• 解决4

cobbler get-loaders 会报404错误，该问题后边导入镜像后可以解决

• 解决5

yum install -y rsync
systemctl start rsyncd.service
systemctl enable rsyncd.service
systemctl status rsyncd.service

• 解决6、7、9

yum install -y debmirror pykickstart fence-agents

导入 CentOS 镜像

以 CentOS7 为例：

# 本地目录挂载
wget http://mirrors.aliyun.com/centos/7.7.1908/isos/x86_64/CentOS-7-x86_64-DVD-2009.iso

mkdir /mnt/CentOS-7-x86_64-DVD-2009
mount -t iso9660 -o loop,ro CentOS-7-x86_64-DVD-2009.iso /mnt/CentOS-7-x86_64-DVD-2009
cobbler import --name=CentOS-7-x86_64-DVD-2009 --arch=x86_64 --path=/mnt/CentOS-7-x86_64-DVD-2009

# CD/DVE 挂载
mkdir /mnt/CentOS-7-x86_64-DVD-2009
mount -t iso9660 /dev/sr0 /mnt/CentOS-7-x86_64-DVD-2009

cobbler import --name=CentOS-7-x86_64-DVD-2009 --arch=x86_64 --path=/mnt/CentOS-7-x86_64-DVD-2009
...
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64:
creating new distro: CentOS-7-DVD-2009-x86_64
trying symlink: /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64 -> /var/www/cobbler/links/CentOS-7-DVD-2009-x86_64
creating new profile: CentOS-7-DVD-2009-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64 for CentOS-7-DVD-2009-x86_64
processing repo at : /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64
need to process repo/comps: /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64
looking for /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64/repodata
*** TASK COMPLETE ***

• 查看发行版系统信息和配置信息

$ cobbler distro list
   CentOS-7-DVD-2009-x86_64
$ cobbler profile list
   CentOS-7-DVD-2009-x86_64

配置同步

$ cobbler sync
...
running pre-sync triggers
cleaning trees
removing: /var/www/cobbler/images/CentOS-7-DVD-2009-x86_64
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/images/CentOS-7-DVD-2009-x86_64
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
copying distros to tftpboot
copying files for distro: CentOS-7-DVD-2009-x86_64
trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/CentOS-7-DVD-2009-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/CentOS-7-DVD-2009-x86_64/initrd.img
copying images
generating PXE configuration files
generating PXE menu structure
copying files for distro: CentOS-7-DVD-2009-x86_64
trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64/images/pxeboot/vmlinuz -> /var/www/cobbler/images/CentOS-7-DVD-2009-x86_64/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64-DVD-2009-x86_64/images/pxeboot/initrd.img -> /var/www/cobbler/images/CentOS-7-DVD-2009-x86_64/initrd.img
Writing template files for CentOS-7-DVD-2009-x86_64
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
processing boot_files for distro: CentOS-7-DVD-2009-x86_64
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service

running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.manage_genders
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***

验证

新建另一个虚机，选择网络启动（PXE）

cobber web

• https://172.20.0.15/cobbler_web

• 账号密码：cobbler/cobbler

• cobbler 资源文件 http://172.20.0.15/cobbler/

FAQ

No signature matched 问题

cobbler import --name=CentOS-8.4.2105-x86_64 --arch=x86_64 --path=/mnt/CentOS-8.4.2105-x86_64
task started: 2021-07-01_231829_import
task started (id=Media import, time=Thu Jul  1 23:18:29 2021)
No signature matched in /var/www/cobbler/ks_mirror/CentOS-8.4.2105-x86_64
!!! TASK FAILED !!!

查看当前的 distro 类型

cobbler signature report --name=redhat

• 在线更新

$ cobbler signature update
task started: 2021-07-03_232303_sigupdate
task started (id=Updating Signatures, time=Sat Jul  3 23:23:03 2021)
Successfully got file from https://cobbler.github.io/signatures/2.8.x/latest.json
*** TASK COMPLETE ***

vim /var/lib/cobbler/distro_signatures.json

      "rhel8": {
        ...
        "version_file": "(redhat|sl|slf|almalinux|centos|oraclelinux|rocky|vzlinux)-release-(?!notes)([\\w]*-)*8(Server)*[\\.-]+(.*)\\.rpm",
...

为：

      "rhel8": {
        ...
        "version_file": "(redhat|sl|slf|centos|centos-linux|centos-stream|oraclelinux|vzlinux)-release-(?!notes)([\\w]*-)8[\\.-]+(.)\\.rpm",
...

重启

systemctl restart cobblerd.service

PXE 安装失败

• 错误日志

PXE-E11: ARP timeout
PXE-E38: TFTP cannot open connection
PXE-MOF: Exiting PXE ROM

• 排查方向

如果是使用 VMware 等虚拟化工具，可能是由于 Mac 地址冲突导致的，如当前节点和 Cobbler 节点的 Mac 地址相同

扩展

创建 ks 文件

• 自动生成

$ yum install -y system-config-kickstart
$ system-config-kickstart

# 动态编辑新的kickstart文件
[root@cobbler ~]# cobbler profile edit --name=CentOS-7-DVD-2009-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.ks

• 查看

$ cobbler profile report --name=CentOS-7-DVD-2009-x86_64 | grep Kickstart
Kickstart                      : /var/lib/cobbler/kickstarts/sample_end.ks
Kickstart Metadata             : {}