配置yum源
[root@localhost network-scripts]# rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
[root@localhost network-scripts]# yum makecache
开始安装Cobbler
安装cobbler以及相关的软件
[root@localhost network-scripts]# yum -y install httpd dhcp tftp python-ctypes cobbler xinetd cobbler-web
#启动服务
[root@localhost network-scripts]# systemctl start httpd
[root@localhost network-scripts]# systemctl enable httpd
[root@localhost network-scripts]# systemctl enable cobblerd
[root@localhost network-scripts]# systemctl start cobblerd
#cobbler check 检查相关配置
[root@localhost network-scripts]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
#问题4(先做此步骤)
[root@localhost network-scripts]# cobbler get-loaders
#问题1
#一定要填入当前联网的那个网卡IP,不然后面cobbler get-loaders时候无法联网,这里后面还会再改
[root@localhost network-scripts]# sed -i 's/^server: 127.0.0.1/server: 10.0.0.2/' /etc/cobbler/settings
#问题2
#一定要填入当前联网的那个网卡IP,不然后面cobbler get-loaders时候无法联网,这里后面还会再改
[root@localhost network-scripts]# sed -i 's/^next_server: 127.0.0.1/next_server: 10.0.0.2/' /etc/cobbler/settings
#问题3
[root@localhost network-scripts]# vim /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no #修改项
per_source = 11
cps = 100 2
flags = IPv4
}
#问题5
[root@localhost ~]# systemctl enable rsyncd
[root@localhost ~]# systemctl start rsyncd
#问题6
可以忽略
#问题7
[root@localhost ~]# openssl passwd -1 -salt '123456' '123456'
$1$123456$wOSEtcyiP2N/IfIl15W6Z0
[root@localhost ~]# vim /etc/cobbler/settings
default_password_crypted: "$1$123456$wOSEtcyiP2N/IfIl15W6Z0"
配置cobbler-DHCP
#修改cobbler配置
[root@localhost ~]# vim /etc/cobbler/settings
manage_dhcp: 1
#修改dhcp.templates配置文件
[root@localhost network-scripts]# vim /etc/cobbler/dhcp.template
#10.0.0.0为网段地址
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.2;
option domain-name-servers 10.0.0.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 10.0.0.100 10.0.0.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
[root@localhost ~]# systemctl restart cobblerd.service
[root@localhost ~]# cobbler sync
task started: 2018-06-28_125356_sync
task started (id=Sync, time=Thu Jun 28 12:53:56 2018)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout:
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
#检查
[root@localhost ~]# netstat -lnup|grep dhcp
udp 0 0 0.0.0.0:67 0.0.0.0:* 6668/dhcpd
更改nat让所有机器都能上网
iptables -F
iptables -t nat -F
#下面改成自己能连接外网的那个网卡
iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE
#或者用SNAT
iptables -t nat -A POSTROUTING -s 192.168.80.0/24 -j SNAT --to-source 10.144.235.10
#也可以转发到网卡
iptables-t nat -A POSTROUTING -s 192.168.80.0/24 -o eth0 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward
导入镜像
[root@localhost ~]# ls /root/ubuntu-18.04-server-amd64.iso
/root/ubuntu-18.04-server-amd64.iso
[root@localhost ~]# mkdir -p /mnt/ubuntu-18.04-server-amd64
[root@localhost ~]# mount -o loop /root/ubuntu-18.04-server-amd64.iso /mnt/ubuntu-18.04-server-amd64/
[root@localhost ~]# cobbler import --path=/mnt/ubuntu-18.04-server-amd64/ --name=ubuntu-18.04-7.9 --arch=x86_64
[root@localhost ~]# cobbler repo remove --name=ubuntu-18.04-7.2-x86_64
[root@PXE-Server ~]# cobbler list
distros:
ubuntu-18.04-7.2-x86_64
profiles:
ubuntu-18.04-7.9-x86_64
systems:
repos:
images:
mgmtclasses:
packages:
files:
[root@localhost kickstarts]# cobbler report
Name : ubuntu-18.04-7.9-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : ubuntu-18.04-7.2-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart : /var/lib/cobbler/kickstarts/sample.seed
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : xenpv
mgmtclasses:
==========
packages:
==========
files:
==========
#修改ks文件
[root@localhost kickstarts]# cobbler profile remove --name=ubuntu-18.04-7.6-x86_64
[root@localhost kickstarts]# cobbler profile add --name="ubuntu-18.04-7.6-x86_64" --distro=ubuntu-18.04-7.2-x86_64 --kickstart=/var/lib/cobbler/kickstarts/sample.seed.7.3
[root@localhost kickstarts]# cobbler sync
seed文件
由于自带源太慢了,我们删除了repo,所以只安装了自带的ssh,其它的可以等系统安装好后自行安装,同时文件中还添加了一个普通用户
d-i debian-installer/locale string en_US
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/layoutcode string us
d-i keyboard-configuration/variantcode string
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string $myhostname
d-i time/zone string US/Eastern
d-i clock-setup/utc boolean true
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string ntp.ubuntu.com
d-i mirror/country string manual
d-i mirror/http/hostname string $http_server
d-i mirror/http/directory string $install_source_directory
d-i mirror/http/proxy string
d-i live-installer/net-image string http://$http_server/cobbler/links/$distro_name/install/filesystem.squashfs
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select fsm
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-auto/expert_recipe string \
fsm :: \
1024 100% 1024 linux-swap method{ swap } \
format{ } \
. \
20480 20480 20480 ext4 method{ format } \
mountpoint{ /tmp } \
format{ } use_filesystem{ } filesystem{ ext4 } \
options/relatime{ relatime } \
. \
1 2048 1000000000 ext4 method{ format } \
mountpoint{ /data } \
format{ } use_filesystem{ } filesystem{ ext4 } \
options/relatime{ relatime } \
.
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-lvm/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/confirm boolean true
d-i partman/choose_partition \
select Finish partitioning and write changes to disk
d-i passwd/root-login boolean true
d-i passwd/root-password-crypted paddssword $default_password_crypted
d-i passwd/make-user boolean true
d-i passwd/user-fullname string ksuser
d-i passwd/username string ksuser
d-i passwd/user-password-crypted password $1$GzKX2YeQ$0e1.0/A6SvTuVE0l8C3eT1
d-i passwd/user-uid string
d-i user-setup/allow-password-weak boolean false
d-i user-setup/encrypt-home boolean false
d-i passwd/user-default-groups string sudo adm cdrom dialout lpadmin plugdev sambashare
d-i apt-setup/services-select multiselect security
d-i apt-setup/security_host string mirrors.aliyun.com
d-i apt-setup/security_path string /ubuntu
d-i debian-installer/allow_unauthenticated string false
$SNIPPET('preseed_apt_repo_config')
# d-i pkgsel/include string ntp ssh wget vim
d-i pkgsel/include string ssh
d-i grub-installer/only_debian boolean true
d-i finish-install/reboot_in_progress note
d-i preseed/early_command string wget -O- \
http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_early_default | \
/bin/sh -s
d-i preseed/late_command string wget -O /target/etc/apt/sources.list http://$http_server/sources.list ; \
wget -O /target/etc/locale.conf http://$http_server/locale.conf ; \
wget -O /target/etc/default/locale http://$http_server/locale ; \
cd /target ; \
chroot ./ apt-get update
seed文件最后下载了三个文件,sources.list locale.conf locale
三个文件放在httpd的目录/var /www/html/中,
sources.list 存放apt的源
locale.conf locale 编码
sources.list
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
locale
# File generated by update-locale
LANG="en_US"
LANGUAGE="en_US:"
LANG="en_US.UTF-8"
locale.conf
LANG="en_US.UTF-8"
安装完成,下面是自己记录的文件分发脚本
写了三个文件用来做文件批量分发
wsl1.sh wsl2.sh install.sh
wsl1.sh 做端口扫描,用Cron跑wsl1.sh就好
#!/bin/bash
export TOP_PID=$$
trap 'exit 1' TERM
exit_script(){
kill -s TERM $TOP_PID
}
if [ -f "/root/install" ];then
exit_script
else
touch /root/install
nmap -sP 192.168.6.0/24 > /root/nampip
echo "" > /root/ip
cat /root/nampip |grep "Nmap scan report for" | while read myline
do
echo ${myline#*Nmap scan report for} >> /root/ip
done
cat /root/ip |while read myip
do
/root/wsl2.sh $myip
done
rm -rf /root/install
fi
wsl2.sh 用expect来连接做一些操作,在前面的seed文件中,我们添加了一个普通用户,而且只安装了ssh,所以我们需要安装后做一些操作
#!/usr/bin/expect
set host [lindex $argv 0]
set passwd "ABCabc123"
spawn ssh ksuser@$host
set timeout 5
expect {
"yes/no" { send "yes\r"; exp_continue}
"assword:" { send "$passwd\r" }
}
expect "@*"
send "sudo su\r"
expect "password*"
send "$passwd\r"
################
#下载脚本并执行#
################
expect "@*"
send "cd /root/\r"
expect "@*"
send "apt-get install -y wget\r"
set timeout 20
#expect "@*"
#send "apt-get install -y coreutils\r"
#set timeout 20
#expect "@*"
#send "apt-get install -y screen\r"
#set timeout 20
expect "@*"
send "wget http://192.168.6.1/install.sh\r"
set timeout 20
expect "@*"
send "chmod +x /root/install.sh\r"
expect "@*"
send "nohup /root/install.sh >/dev/null 2>&1 & \r"
send "\r"
#send "screen\r"
#expect "@*"
#send "./install.sh"
expect "@*"
send "exit\r"
install.sh 则是下载到目标机器自动跑的脚本,需要放到httpd中
#!/bin/bash
export TOP_PID=$$
trap 'exit 1' TERM
exit_script(){
kill -s TERM $TOP_PID
}
if [ -f "/usr/bin/vim" ];then
rm -rf /root/install.sh.1
exit_script
else
if [ -f "/root/install" ];then
rm -rf /root/install.sh.1
exit_script
else
rm -rf /root/install.sh.1
touch /root/install
apt-get update
apt-get update --fixing
apt-get install -y ubuntu-desktop
apt-get install -y vim
rm -fr /root/install*
reboot
fi
参考资料
cobbler http://www.cnblogs.com/chengtai/p/7161711.html
preseed https://blog.csdn.net/zouyee/article/details/48417775
补充:
cobbler介绍
cobbler是一个linux服务器快速网络安装的服务,由python开发,小巧轻便,可以通过PXE方式来快速安装、重装物理服务器,同时还可以管理dhcp、DNS、TFTP、RSYNC以及yum仓库、构造系统镜像,也提供了web界面管理工具(cobbler-web),还提供了API接口,方便二次开发
cobbler的工作流程
[图片上传失败...(image-ed7dee-1565857896188)]
<figcaption></figcaption>
cobbler集成的服务
- pxe服务
- DHCP服务
- DNS服务管理
- kickstart服务支持
- yum
- TFTP
- 电源管理
- apache
配置目录
文件目录
/etc/cobbler
/etc/cobbler/settings : cobbler 主配置文件
/etc/cobbler/iso/: iso模板配置文件
/etc/cobbler/pxe: pxe模板文件
/etc/cobbler/power: 电源配置文件
/etc/cobbler/user.conf: web服务授权配置文件
/etc/cobbler/users.digest: web访问的用户名密码配置文件
/etc/cobbler/dhcp.template : dhcp服务器的的配置末班
/etc/cobbler/dnsmasq.template : dns服务器的配置模板
/etc/cobbler/tftpd.template : tftp服务的配置模板
/etc/cobbler/modules.conf : 模块的配置文件
数据目录:
/var/lib/cobbler/config/: 用于存放distros,system,profiles 等信 息配置文件
/var/lib/cobbler/triggers/: 用于存放用户定义的cobbler命令
/var/lib/cobbler/kickstart/: 默认存放kickstart文件
/var/lib/cobbler/loaders/: 存放各种引导程序 镜像目录
/var/www/cobbler/ks_mirror/: 导入的发行版系统的所有数据
/var/www/cobbler/images/ : 导入发行版的kernel和initrd镜像用于 远程网络启动
/var/www/cobbler/repo_mirror/: yum 仓库存储目录
日志目录:
/var/log/cobbler/installing: 客户端安装日志
/var/log/cobbler/cobbler.log : cobbler日志
命令介绍
cobbler check 核对当前设置是否有问题
cobbler list 列出所有的cobbler元素
cobbler report 列出元素的详细信息
cobbler sync 同步配置到数据目录,更改配置最好都要执行下
cobbler reposync 同步yum仓库
cobbler distro 查看导入的发行版系统信息
cobbler system 查看添加的系统信息
cobbler profile 查看配置信息
cobbler的安装
-
查看系统信息
# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core) # uname -r 3.10.0-862.el7.x86_64 # hostname -I 192.168.1.110 172.17.0.1 复制代码 关闭防火墙、selinux等
-
配置epel源
rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-10.noarch.rpm 复制代码 -
安装cobbler等软件
yum -y install httpd dhcp tftp python-ctypes cobbler xinetd cobbler-web 复制代码 -
启动相关服务
systemctl start httpd systemctl enable httpd systemctl start cobblerd systemctl enable cobblerd 复制代码 -
检查当前配置存在的错误
corrbler check 复制代码 -
解决存在的问题
1.sed -i 's/^server: 127.0.0.1/server: 192.168.1.110/' /etc/cobbler/settings 2.sed -i 's/^next_server: 127.0.0.1/next_server: 192.168.1.110/' /etc/cobbler/settings 3.修改/etc/xinetc/xinetd.d/tftp中disable的yes为no 4.cobbler get-loaders 下载缺失的文件 5.systemctl enable rsync 6.openssl passwd -1 -salt '123123' '123123' 7.vim /etc/cobbler/setting default_password_crypted:'上一步生成的密码' 8.cobbler check 9.systemctl restart cobblerd 10.cobbler sync 复制代码 -
配置cobbler-DHCP
1.vim /etc/cobbler/settings manage_dhcp: 1 2.vim /etc/cobbler/dhcp.template subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.1; option domain-name-servers 114.114.114.114; option subnet-mask 255.255.255.0; range dynamic-bootp 192.168.1.100 192.168.1.250; 3.systemctl restart cobblerd 4.cobbler sync 复制代码 -
导入镜像
mount /dev/cdrom /mnt cobbler import --path=/mnt --name=--name=CentOS7-X86_64 --arch=x86_64 cobbler list cobbler distro list yum install tree -y tree /var/lib/tftpboot/images cobbler profile report cobbler sync 复制代码
10.重启各服务
systemctl restart cobblerd.service
systemctl restart dhcpd.service
systemctl restart xinetd.service
systemctl restart httpd.service
ubuntu seed配置详解
https://www.debian.org/releases/etch/arm/apbs04.html.zh_CN
https://help.ubuntu.com/lts/installation-guide/armhf/apbs04.html
https://www.debian.org/releases/etch/example-preseed.txt
