安裝 Cobbler

關於 Cobbler 請參考 https://benjr.tw/97916

測試環境為 CentOS 7 x86_64 (固定 IP: 192.168.1.1)

Firewall , selinux

為了避免除錯上的困惱,先把 Firewall , Selinux 關閉.

[root@localhost ~]$ systemctl stop firewalld.service
[root@localhost ~]$ systemctl disable firewalld.service

SELINUX 預設為 enforcing 需要修改成為 disabled .

[root@localhost ~]# vi /etc/sysconfig/selinux 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
#SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

[root@localhost ~]$ reboot

selinux 只能設定開機後不要啟動.所以必須重新開機來生效.

安裝 Cobbler

預設的 YUM Repo 並沒有 Cobbler 這些套件,需要新增 Repo 檔 (epel-release, Extra Packages for Enterprise Linux) .

[root@localhost ~]$ yum install -y epel-release
[root@localhost ~]$ yum install -y cobbler cobbler-web dhcp xinetd tftp-server python-ctypes pykickstart fence-agents

啟動 Cobbler 服務.

[root@localhost ~]$ systemctl enable cobblerd.service
[root@localhost ~]$ systemctl start cobblerd.service

因為有安裝 Cobbler Web , Cobbler 的管理可以透過 CLI (文字指令介面),或是直接透過 web 來管理.請參考 https://benjr.tw/97841

[root@localhost ~]$ systemctl enable httpd.service
[root@localhost ~]$ systemctl start httpd.service

PXE 所需 netboot loader

下載需要的 PXE netboot loader ,包含了 Legacy (pxelinux.0 , menu.c32) , UEFI (elilo-ia64.efi , grub-x86.efi , grub-x86_64.efi) 所需的檔案.以及 yaboot ( PowerPC 使用).

[root@localhost ~]$ cobbler get-loaders
task started: 2017-07-27_160948_get_loaders
task started (id=Download Bootloader Content, time=Thu Jul 27 16:09:48 2017)
path /var/lib/cobbler/loaders/README already exists, not overwriting existing content, use --force if you wish to update
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***

Cobbler check

開始進行 Cobbler 的設定,透過 Cobbler check 可以得知需要設定什麼.

[root@localhost ~]$ cobbler check

1. The ‘server’ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2. For PXE to be functional, the ‘next_server’ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.

   步驟一與二是要設定 /etc/cobbler/settings

   • server:
     可為 IP 或是為 Hostname, 很多設定檔都是透過 cobbler 產生,需把 server 指定到這一台伺服器 (192.168.1.1).
   • next_server:
     可為 IP ,DHCP 透過 next_server 設定值告知 PXE 須去哪裡存取檔案,一樣都是指定到這一台伺服器 (192.168.1.1).

   [root@localhost ~]$ vi /etc/cobbler/settings
   manage_dhcp: 1
   manage_tftpd: 1
   pxe_just_once: 1
   next_server: 192.168.1.1
   server: 192.168.1.1
   

   其他額外設定為:

   • manage_dhcp: 1
     DHCP 的設定檔 (/etc/cobbler/dhcp.template) 會由 Cobbler 來產生與管理.
   • manage_tftpd: 1
     雖然有設定,但需要去參考 /etc/cobbler/modules.conf ,裡面定義 manage_in_tftpd (預設使用系統的 tftp 服務) 或是 manage_tftpd_py (使用 cobbler 提供的 tftp 服務)
   • pxe_just_once: 1
     安裝完作業系統後 Cobbler 會幫我們切換 –netboot-enabled 設定.避免下次開機到 PXE 環境.
3. change ‘disable’ to ‘no’ in /etc/xinetd.d/tftp
   這一步就設定 tftp 服務.將 disable 設定為 no.

   [root@localhost ~]$ vi /etc/xinetd.d/tftp
   service tftp
   {
     socket_type	= dgram
     protocol	= udp
     wait		= no
     user		= root
     server	= /usr/sbin/in.tftpd
     server_args	= -s /var/lib/tftpboot
     disable	= no
     per_source	= 11
     cps		= 100 2
     flags		= IPv4
   }
   

   tftp 服務是由 xinetd 管理,所以需要將此服務啟動.

   [root@localhost ~]$ systemctl enable xinetd.service
   [root@localhost ~]$ systemctl start xinetd.service
   

4. enable and start rsyncd.service with systemctl
   Cobbler 會使用到 rsync (資料夾同步)服務.一樣需要啟動.

   [root@localhost ~]$ systemctl enable rsyncd.service
   [root@localhost ~]$ systemctl start rsyncd.service
   

5. debmirror package is not installed, it will be required to manage debian deployments and repositories
   設定 deb mirror deployments 以及 repositories 所需資料.把 dists=”sid” 與 arches=”i386″ 註記.

   [root@localhost ~]$ yum install -y debmirror
   [root@localhost ~]$ sed -i 's/@dists="sid";/#@dists="sid";/g' /etc/debmirror.conf
   [root@localhost ~]$ sed -i 's/@arches="i386";/#@arches="i386";/g' /etc/debmirror.conf
   

6. The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler’ and should be changed, try: “openssl passwd -1 -salt ‘random-phrase-here’ ‘your-password-here'” to generate new one
   設定 Cobbler 密碼為 cobbler(請自行修改).如果是在純文字介面下可以使用下面的指令來修改 cobbler 設定檔密碼,關於 openssl 加密請參考https://benjr.tw/97814

   [root@localhost ~]$ OldPWD=$(grep default_password_crypted /etc/cobbler/settings | awk '{ print$2 }')
   [root@localhost ~]$ NewPWD=$(openssl passwd -1 -salt 'salt' 'cobbler')
   [root@localhost ~]$ sed -i "s|$OldPWD|$NewPWD|g" /etc/cobbler/settings
   

Restart cobblerd and then run ‘cobbler sync’ to apply changes.
大功告成,並重新啟動服務.Cobbler 修改過設定後,需執行同步指令.

[root@localhost ~]$ systemctl restart cobblerd.service

[root@localhost ~]$ cobbler sync
task started: 2017-07-25_120737_sync
task started (id=Sync, time=Tue Jul 25 12:07:37 2017)
running pre-sync triggers
cleaning trees
removing: /var/lib/tftpboot/grub/images
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32
trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot
trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***

再次檢查一下,確定設定都沒有問題.

[root@localhost ~]$ cobbler check
No configuration problems found.  All systems go.

如何新增一筆可供 PXE 開機的 linux distribution 請參考 https://benjr.tw/97922