PXE+Kickstart+Cobbler

PXE+Kickstart+Cobbler

八月 14, 2019

搭建PXE+Kickstart+Cobbler无人值守安装

导读:新来一批机器,需要批量安装系统,搭建一台PXE系统,实现无人主值守安装,方便系统的快速部署。
建议:使用虚拟机的话,使用两块网卡,一块设置为NAT模式用于安装软件包,一块设置为仅主机模式,用于DHCP服务用。

  1. 关闭防火墙和selinux

    1
    2
    3
    4
    systemctl stop firewalld
    systemctl disable firewalld
    sed -ri '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
    setenforce 0
  2. 安装软件包

    1
    2
    yum -y install kernel-devel
    yum -y install dhcp tftp-server vsftpd xinetd syslinux

注:
a. syslinux提供pxelinux.0文件
b. dhcp为客户机分配IP地址
c. xinetd为tftp的超级守护进程
d. tftp简单文件传输协议

  1. 挂在光驱

    1
    2
    mkdir /var/ftp/centos7
    mount /dev/sr0 /var/ftp/centos7

    启动vsftpd

1
2
systemctl start vsftpd
systemctl enable vsftpd
  1. 配置DHCP

    注意:虚拟机网卡需要取消DHCP服务,而是使用本地安装的DHCP服务

1
2
3
4
5
6
vim /etc/dhcp/dhcpd.conf
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.128 192.168.100.254;
next-server 192.168.100.100;
filename "pxelinux.0";
}
1
2
systemctl enable dhcpd
systemctl restart dhcpd
  1. 配置tftp-server

添加初始启动文件pxelinux.0

1
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

提供引导菜单所需的文件(从Centos7光盘上的isolinux目录下复制)

1
2
3
4
cp -rf /var/ftp/centos7/isolinux/* /var/lib/tftpboot/
cd /var/lib/tftpboot/
mkdir pxelinux.cfg
cp isolinux.cfg pxelinux.cfg/default

编辑菜单启动项

1
2
3
4
5
vim pxelinux.cfg/default
label linux
menu label ^Install centos 7
kernel vmlinuz
append initrd=initrd.img inst.stage2=ftp://192.168.100.100/centos7 inst.repo=ftp://192.168.100.100/centos7

启动超级守护进程

1
2
3
4
5
sed -ri '/disable/{s/yes/no/g}' /etc/xinetd.d/tftp
systemctl enable xinetd
systemctl restart xinetd

ss -anput |egrep '21|67|69'

注意:安装客户机时,最好给客户机分配2G左右的内存

====================================================================================

Kickstart实现自动化安装

1.kickstart自动化安装脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
vim /var/ftp/centos7u4-ks.cfg
#version=DEVEL

# System authorization information

auth --enableshadow --passalgo=sha512
firstboot --enable

# Install OS instead of upgrade

install

# Run the Setup Agent on first boot

firstboot --enable
ignoredisk --only-use=sda

# Keyboard layouts

keyboard --vckeymap=us --xlayouts='us'

# System language

lang en_US.UTF-8

# Network information

network --bootproto=dhcp --device=ens33 --onboot=on
network --hostname=localhost.localdomain

# Use network installation

url --url="ftp://192.168.100.100/centos7"

# Root password

rootpw --iscrypted $6$EJ65iFvZvzoW7C3g$pBxA6FB1eQ2mTRE0WK7ClyQkBqc9IpZ9FulHWukSLfj7in4gYrLwKvJ3vE/EqYWsIcRNPyA.IHBg2YZYO5pqe0

# System services

services --disabled="chronyd"

# System timezone

timezone Asia/Shanghai

# System bootloader configuration

bootloader --location=mbr --boot-drive=sda
autopart --type=lvm

# Partition clearing information

clearpart --none --initlabel

%packages
@^minimal
@compat-libraries
@core
@debugging
@development
@security-tools
@smart-card

%end

%addon com_redhat_kdump --disable --reserve-mb='auto'

%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

添加启动项

1
2
3
4
5
6
vim /var/lib/tftpboot/pxelinux.cfg/default
最后一行添加:
label linux
menu label ^Install centos 7
kernel vmlinuz
append initrd=initrd.img inst.stage2=ftp://192.168.100.100/centos7 inst.repo=ftp://192.168.100.100/centos7 inst.ks=ftp://192.168.100.100/centos7u4-ks.cfg
1
systemctl restart xinetd

=======================================================================================

cobbler安装配置

  1. 1
    cobbler安装
    1
    2
    3
    yum -y install cobbler cobbler-web httpd
    systemctl start httpd cobblerd
    systemctl enable httpd cobblerd
  2. 1
    配置cobbler
    1
    2
    3
    4
    5
    6
    1. sed -ri '/^allow_dynamic_settings:.*$/{s/0/1/g}' /etc/cobbler/settings

    cobbler setting edit --name=server --value=192.168.100.100
    cobbler setting edit --name=next_server --value=192.168.100.100
    cobbler get-loaders
    systemctl start rsyncd
1
2
systemctl enable rsyncd
yum -y install pykickstart

设置模板密码

1
2
3
openssl passwd -1 -salt `openssl rand -hex 4` 'centos'
$1$980db4b0$q67CuM/JE5VuswCs5HkP./
cobbler setting edit --name=default_password_crypted --value='$1$980db4b0$q67CuM/JE5VuswCs5HkP./'
1
2
yum -y install fence-agents
cobbler setting edit --name=manage_dhcp --value=1
1
2
3
4
5
6
7
8
9
10
vim /etc/cobbler/dhcp.template
修改一下部分:
subnet 192.168.100.0 netmask 255.255.255.0 {
#option routers 192.168.1.5;
#option domain-name-servers 192.168.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.100.128 192.168.100.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
1
2
cobbler sync
systemctl restart cobblerd

=======================================================================================

cobbler web

  1. cobbler认证

    1
    2
    3
    4
    5
    6
    7
    useradd weihu
    echo "weihu123#1" | passwd --stdin weihu
    Changing password for user weihu.
    passwd: all authentication tokens updated successfully.
    vim /etc/cobbler/modules.conf
    [authentication]
    module = authn_pam
1
2
3
vim /etc/cobbler/users.conf
[admins]
admin = "weihu"
1
2
systemctl restart cobblerd
cobbler sync

HTTP访问地址

1
https://192.168.100.100/cobbler_web

======================================================================================

1
cobbler kickstart
  1. 挂在光盘

    1
    mount /dev/sr0 /var/ftp/centos7
  2. 导入光盘镜像

    1
    2
    3
    cobbler import --path=/var/ftp/centos7 --name=centos7.4 --arch=x86_64
    cobbler distro list
    centos7.4-x86_64
  3. 创建ks文件

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    1. cd /var/lib/cobbler/kickstarts
    vim centos7.4.ks
    install
    text
    keyboard us
    lang en_US.UTF-8
    timezone Asia/ShangHai
    rootpw --iscrypted $default_password_crypted
    auth --useshadow --enablemd5
    firewall --disabled
    selinux --disabled
    url --url=$tree

    zerombr
    bootloader --location=mbr
    clearpart --all --initlabel
    part /boot --fstype=xfs --size=500
    part swap --size=1024
    part / --fstype=xfs --grow --size=200

    $yum_repo_stanza
    $SNIPPET('network_config')
    skipx
    firstboot --disable
    reboot

    %pre
    $SNIPPET('log_ks_pre')
    $SNIPPET('kickstart_start')
    $SNIPPET('pre_install_network_config')

    # Enable installation monitoring

    $SNIPPET('pre_anamon')
    %end

    %packages
    $SNIPPET('func_install_if_enabled')
    @^minimal
    @core
    httpd
    wget
    lftp
    vim-enhanced
    bash-completion
    %end

    %post --nochroot
    $SNIPPET('log_ks_post_nochroot')
    %end

    %post
    $SNIPPET('log_ks_post')

    # Start yum configuration

    $yum_config_stanza

    # End yum configuration

    $SNIPPET('post_install_kernel_options')
    $SNIPPET('post_install_network_config')
    $SNIPPET('func_register_if_enabled')
    $SNIPPET('download_config_files')
    $SNIPPET('koan_environment')
    $SNIPPET('redhat_register')
    $SNIPPET('cobbler_register')

    # Enable post-install boot notification

    $SNIPPET('post_anamon')

    # Start final steps

    $SNIPPET('kickstart_done')

    # End final steps

    sed -ri "/^#UseDNS/c\UseDNS no" /etc/ssh/sshd_config
    sed -ri "/^GSSAPIAuthentication/c\GSSAPIAuthentication no" /etc/ssh/sshd_config
    systemctl enable httpd
    %end

    cobbler profile edit --name=centos7.4-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.4.ks
    cobbler profile report --name=centos7.4-x86_64 | grep kickstarts
    Kickstart : /var/lib/cobbler/kickstarts/centos7.4.ks

修改网卡名

1
2
3
4
5
cobbler profile edit --name=centos7.4-x86_64 --kopts='net.ifnames=0 biosdevname=0'

cobbler profile list

systemctl restart cobblerd