本文介绍如何使用Cobbler进行自动化部署,包括安装所需软件包、配置动态设置、解决SELinux问题、设置DHCP管理及调整内核参数等关键步骤。
# wget http://mirrors.yun-idc.com/epel/6/i386/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
## It will auto install the following package:
## PyYAML apr apr-util apr-util-ldap genisoimage
## httpd httpd-tols libyaml mod_wsgi mtools
## python-cheetah python-markdown python-pygments python-simplejson syslinux tftp-server
##
# yum install cobbler pykickstart dhcp
## enable dynamic settings # vim /etc/cobbler/settings allow_dynamic_settings : 0
## change to allow_dynamic_settings : 1
## 修改webdir webdir : /data/wwwcobbler/cobbler
# chkconfig –add httpd # chkconfig –add cobblerd # /etc/init.d/cobblerd start
# /etc/init.d/httpd start
## or
# cobbler setting report | grep dynamic allow_dynamic_settings : 1
## CLI dnyamic modify key # cobbler setting edit –name=server –value=”192.168.201.6″ # cobbler setting report | grep server
server : 192.168.201.6
## 6.3系统下开启selinux时,启动cobblerd报错:
# /etc/init.d/cobblerd start Starting cobbler daemon: /bin/bash: line 1: 2049 Segmentation fault
(core dumped) cobblerd –daemonize [FAILED]
## You may disable iptables and SELinux or setsebool
# getsebool -a | grep cobbler | grep http httpd_can_network_connect_cobbler –> off
# setsebool -P httpd_can_network_connect_cobbler=1
# cobbler setting report
# cobbler check The following are potential configuration items that you may want to fix:
1 : The ‘server’ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the ‘next_server’ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment: https://github.com/cobbler/cobbler/wiki/Selinux
4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders’ to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders’ command is the easiest way to resolve these requirements.
5 : debmirror package is not installed, it will be required to manage debian deployments and repositories
6 : ksvalidator was not found, install pykickstart
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler’ and should be changed, try: “openssl passwd -1 -salt ‘random-phrase-here’ ‘your-password-here’” to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run ‘cobbler sync’ to apply changes.
## 修复
# cobbler setting edit –name=server –value=’192.168.201.6′
# cobbler setting edit –name=next_server –value=’192.168.201.6′
# yum install cman debmirror
## 修改支持deb系统的配置, 注释掉两项
# vim /etc/debmirror.conf#@dists=”sid“;#@arches=”i386“;
# cobbler get-loaders
# openssl passwd -1 -salt ‘cobbler’ ‘`1q`1q’ $1$cobbler$WdlWsZF3ZzhNNRYbOjAX/0
# cobbler setting edit –name=default_password_crypted –value=’$1$cobbler$WdlWsZF3ZzhNNRYbOjAX/0′
# cobbler check
# mount /root/CentOS-6.5-x86_64-bin-DVD1.iso -o loop /mnt/
# cobbler import –path=/mnt –name=CentOS-6.5-x86_64
# cobbler distro list
# cobbler distro report
# cobbler profile report
## 默认都使用/var/lib/cobbler/kickstarts/sample_end.ks这个kickstart配置文件,所以可能要修改
# cp /var/lib/cobbler/kickstarts/sample_end.ks /var/lib/cobbler/kickstarts/CentOS-6.5-x86_64.ks # vim /var/lib/cobbler/kickstarts/CentOS-6.5-x86_64.ks
# cobbler profile edit –name=CentOS-6.5-x86_64 –distro=CentOS-6.5-x86_64 –kickstart=/var/lib/cobbler/kickstarts/CentOS-6.5-x86_64.ks
##
## 检查自定义ks文件的语法,变量要转义
#cobbler validateks
# /etc/cobbler/dhcpd.templte # cp /etc/cobbler/dhcpd.templte /etc/dhcp/dhcpd.conf
# cobbler setting report | grep dhcp manage_dhcp : 0
# cobbler setting edit –name=manage_dhcp –value=1
#cat /var/lib/cobbler/kickstarts/CentOS-6.5-x86_64.ks
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration firewall –enabled –ssh –port=10007:tcp –service=ssh
# Install OS instead of upgrade install # Use network installation url –url=”http://192.168.0.160/ww”
# Root password rootpw –iscrypted $1$V3NjaCsw$SmihiiHtxxHS7JbsoiPt50
# System authorization information auth –useshadow –passalgo=sha512
# Use text mode install text firstboot –disable # System keyboard keyboard us
# System language lang en_US # SELinux configuration selinux –permissive
# Installation logging level logging –level=info
# Reboot after installation reboot
# System timezone timezone –isUtc Asia/Shanghai
# Network information ## dhcp network –onboot yes –device eth0 –bootproto dhcp –noipv6 –onboot=on
## static network –bootproto=static –device=eth0 –gateway=192.168.0.1 –ip=192.168.0.11 –nameserver=192.168.0.86 –netmask=255.255.255.0 –onboot=on
# System bootloader configuration bootloader –location=mbr
# Partition clearing information clearpart –all
# Disk partitioning information
part /boot –fstype=”ext4″ –ondisk=sda –size=200
part / –fstype=”ext4″ –ondisk=sda –size=4096
part swap –fstype=”swap” –ondisk=sda –size=1024
%post
## configure sshd, root password incorrect 3 times to lock 180 seconds
sed -i ‘s/^#Port 22/Port 10007/’ /etc/ssh/sshd_config
sed -i ‘s/^#X11Forwarding no/X11Forwarding no/’ /etc/ssh/sshd_config
sed -i ‘s/^X11Forwarding yes/#X11Forwarding yes/’ /etc/ssh/sshd_config
sed -i ‘/pam_sepermit/a ‘auth required pam_tally2.so deny=3 unlock_time=180 even_deny_root” /etc/pam.d/sshd
## configure system resource limit
sed -i ‘/End/i ‘*\\t\\tsoft\\tnofile\\t\\t65500” /etc/security/limits.conf
sed -i ‘/End/i ‘*\\t\\thard\\tnofile\\t\\t65500” /etc/security/limits.conf
sed -i ‘/End/i ‘*\\t\\tsoft\\tnproc\\t\\t65500” /etc/security/limits.conf
sed -i ‘/End/i ‘*\\t\\thard\\tnproc\\t\\t65500” /etc/security/limits.conf
## disable Ctrl-Alt-Del sed -i ‘s/^start/#start/’ /etc/init/control-alt-delete.conf
sed -i ‘s/^exec/#exec/’ /etc/init/control-alt-delete.conf
## only start 2 gttys sed -i ‘s/1-6/1-2/’ /etc/init/start-ttys.conf
sed -i ‘s/1-6/1-2/’ /etc/sysconfig/init
## configure profile sed -i ‘s/^HISTSIZE=1000/#HISTSIZE=1000/’ profile
sed -i ‘/#HISTSIZE=1000/a HISTSIZE=100′ profile
## configure kernel parameters
cat >> /etc/sysctl.conf <<EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0 kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 8192
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 5
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 9000 65500
EOF
sysctl -p
## disable some server start on boot
chkconfig –level 123456 atd off
chkconfig –level 123456 autofs off
chkconfig –level 123456 atd off
chkconfig –level 123456 certmonger off
chkconfig –level 123456 cups off
chkconfig –level 123456 ip6tables off
chkconfig –level 123456 kdump off
chkconfig –level 123456 lvm2-monitor off
chkconfig –level 123456 netfs off
chkconfig –level 123456 nfslock off
chkconfig –level 123456 rpcbind off
chkconfig –level 123456 rpcgssd off
chkconfig –level 123456 rpcidmapd off
chkconfig –level 123456 postfix off
## configure hostname and the static IP
IP=·ifconfig eth0 | grep ‘inet addr’ | awk ‘{print $2}’ | cut -d: -f2·
MAC=·ifconfig eth0 | grep ‘HWaddr’|awk ‘{print $5′}·
NUM=·ifconfig eth0 | grep ‘inet addr’ | awk ‘{print $2}’ | cut -d. -f4·
if [ -z "$NUM" ]
then
echo -e “\033[31mWrong number, please check network settings\033[0m”
exit 2
else
echo -e “NETWORKING=yes” > /etc/sysconfig/network
echo -e “HOSTNAME=server$NUM” >> /etc/sysconfig/network
echo -e “$IP server$NUM” >> /etc/hosts
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE=eth0 BOOTPROTO=static
HWADDR=$MAC
IPADDR=$IP
NETMASK=255.255.255.0
GATEWAY=192.168.201.2
DNS1=192.168.201.2
IPV6INIT=no MTU=1500
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
EOF
fi
## clean installation log #rm -rf /root/anaconda-ks.cfg #rm -rf /root/install.log #rm -rf /root/install.log.syslog
%end
%packages
@additional-devel
@base
@chinese-support
@compat-libraries
@development
ElectricFence
babel
bzr
chrpath
cjkuni-fonts-ghostscript
cmake
compat-gcc-34
compat-gcc-34-c++
compat-gcc-34-g77
dejagnu
expect
gcc-gnat
gcc-java
gcc-objc
gcc-objc++
imake
jpackage-utils
kdewebdev
libXau-devel
libXaw-devel
libXinerama-devel
libXmu-devel
libXpm-devel
libXrandr-devel
libaio-devel
libbonobo-devel
libcap-devel
libdrm-devel
libgcrypt-devel
libglade2-devel
libgnomeui-devel
libgudev1-devel
libhugetlbfs-devel
libibverbs-devel
libnl-devel
libstdc++-docs
libtiff-devel
libxslt-devel
mercurial
mod_dav_svn
nasm
pcre-devel
perltidy
python-docs
rpmdevtools
rpmlint
systemtap-sdt-devel
systemtap-server
unixODBC-devel
-java-1.6.0-openjdk-devel
-mysql-devel -postgresql-devel
%end
扫一扫
1099
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
