|
|
01puppet master-agent模型
配置环境
node1192.168.1.131CentOS7.2
node2192.168.1.132CentOS7.2
node3192.168.1.133CentOS7.2
node4192.168.1.134CentOS7.2
1、agent节点扩展为master节点
[root@node2 ~]# yum -y install puppet-server-3.8.4-1.el7.noarch.rpm
[root@node2 ~]# rpm -ql puppet-server
/etc/puppet/environments
/etc/puppet/environments/example_env
/etc/puppet/environments/example_env/README.environment
/etc/puppet/environments/example_env/manifests
/etc/puppet/environments/example_env/modules
/etc/puppet/fileserver.conf
/etc/puppet/manifests
/usr/lib/systemd/system/puppetmaster.service
/usr/share/man/man8/puppet-ca.8.gz
/usr/share/man/man8/puppet-master.8.gz
[root@node2 ~]# cd /etc/puppet
[root@node2 puppet]# vim puppet.conf
[root@node2 puppet]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.131 node1
192.168.1.132 node2
192.168.1.133 node3
192.168.1.134 node4
[root@node2 puppet]# puppet master -v --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): 68:6E:25:1F:A2:C9:B9:25:D8:98:73:5E:2E:4B:8D:A9:D4:5C:30:DA:76:7E:55:0B:17:73:CC:56:CC:1D:CD:B1
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for node2
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node2
Info: Certificate Request fingerprint (SHA256): 6B:D9:38:9C:F6:85:A7:FC:82:8C:D5:59:FA:73:6E:B0:84:F5:C7:AA:B9:F5:B5:4D:75:04:22:1A:2B:7F:99:0E
Notice: node2 has a waiting certificate request
Notice: Signed certificate request for node2
Notice: Removing file Puppet::SSL::CertificateRequest node2 at '/var/lib/puppet/ssl/ca/requests/node2.pem'
Notice: Removing file Puppet::SSL::CertificateRequest node2 at '/var/lib/puppet/ssl/certificate_requests/node2.pem'
Notice: Starting Puppet master version 3.8.4
[root@node2 puppet]# ls /var/lib/puppet/ssl/
ca certs private public_keys
certificate_requests crl.pem private_keys
[root@node2 puppet]# rm -rf /var/lib/puppet/ssl/*
#重新生成配置文件
[root@node2 puppet]# puppet master -v --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): F3:E1:22:ED:91:C4:40:C1:CF:03:70:2E:C8:95:00:72:39:9B:BF:AC:0F:B2:40:79:1E:ED:76:C1:09:A0:4D:2E
Notice: Signed certificate request for ca
Info: Creating a new certificate revocation list
Info: Creating a new SSL key for node2
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node2
Info: Certificate Request fingerprint (SHA256): 48:91:99:06:65:B4:29:5C:B4:14:EA:20:B2:53:D6:30:55:78:56:65:B1:99:DA:15:CB:66:28:60:20:E6:1D:87
Notice: node2 has a waiting certificate request
Notice: Signed certificate request for node2
Notice: Removing file Puppet::SSL::CertificateRequest node2 at '/var/lib/puppet/ssl/ca/requests/node2.pem'
Notice: Removing file Puppet::SSL::CertificateRequest node2 at '/var/lib/puppet/ssl/certificate_requests/node2.pem'
Notice: Starting Puppet master version 3.8.4
[root@node2 puppet]# ls /usr/lib/systemd/system/pupp*
/usr/lib/systemd/system/puppetagent.service /usr/lib/systemd/system/puppetmaster.service /usr/lib/systemd/system/puppet.service
[root@node2 puppet]# systemctl start puppetmaster.service
#配置agent
[root@node3 ~]# rpm -ivh epel-release-latest-7.noarch.rpm
[root@node3 ~]# yum -y install facter-2.4.4-1.el7.x86_64.rpm puppet-3.8.4-1.el7.noarch.rpm
[root@node3 ~]# cd /etc/puppet/
[root@node3 puppet]# puppet agent --server=node2 --no-daemonize --noop --test --verboseInfo: Creating a new SSL key for node3
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node3
Info: Certificate Request fingerprint (SHA256): 70:FA:2D:17:6A:52:9F:EC:AE:7B:83:CD:F6:91:42:3D:4B:DE:79:61:7C:46:E4:D6:1E:65:4D:8F:8B:D0:A4:E1
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@node2 puppet]# puppet cert list
"node3" (SHA256) 70:FA:2D:17:6A:52:9F:EC:AE:7B:83:CD:F6:91:42:3D:4B:DE:79:61:7C:46:E4:D6:1E:65:4D:8F:8B:D0:A4:E1
[root@node2 puppet]# puppet cert sign node3
Notice: Signed certificate request for node3
Notice: Removing file Puppet::SSL::CertificateRequest node3 at '/var/lib/puppet/ssl/ca/requests/node3.pem'
[root@node3 puppet]# puppet agent --server=node2 --no-daemonize --noop --test --verboseInfo: Creating a new SSL key for node3
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node3
Info: Certificate Request fingerprint (SHA256): 70:FA:2D:17:6A:52:9F:EC:AE:7B:83:CD:F6:91:42:3D:4B:DE:79:61:7C:46:E4:D6:1E:65:4D:8F:8B:D0:A4:E1
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@node3 puppet]# puppet agent --server=node2 --no-daemonize --verboseInfo: Caching certificate for node3
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for node3
Notice: Starting Puppet client version 3.8.4
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node3
Info: Applying configuration version '1481204536'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.03 seconds
#列出所有证书
[root@node2 puppet]# puppet cert list --all
+ "node2" (SHA256) 2E:C8:71:41:A2:74:B9:41:20:85:30:7D:28:D2:5A:0D:4E:5C:CF:DD:54:F1:9F:82:C7:CB:1F:FD:42:31:91:81
+ "node3" (SHA256) EA:F3:56:95:E1:61:DD:63:B9:07:F0:0B:A9:CC:99:62:4C:1F:E1:7E:CF:83:1B:D7:B3:9A:B4:D9:B4:F5:27:8B
#清除node3结点证书
[root@node2 puppet]# puppet cert clean node3
Notice: Revoked certificate with serial 3
Notice: Removing file Puppet::SSL::Certificate node3 at '/var/lib/puppet/ssl/ca/signed/node3.pem'
Notice: Removing file Puppet::SSL::Certificate node3 at '/var/lib/puppet/ssl/certs/node3.pem'
[root@node3 puppet]# rm -f /var/run/puppet/agent.pid
#重新签
[root@node3 puppet]# puppet agent --server=node2 --no-daemonize --verbose
Info: Creating a new SSL key for node3
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node3
Info: Certificate Request fingerprint (SHA256): 27:C9:FD:B5:64:F9:B7:22:94:CD:84:0B:20:24:3F:55:3A:FB:AB:24:CD:8F:CB:A2:CD:B9:54:DC:EB:FB:E0:B1
Info: Caching certificate for ca
[root@node2 puppet]# puppet cert list
"node3" (SHA256) 27:C9:FD:B5:64:F9:B7:22:94:CD:84:0B:20:24:3F:55:3A:FB:AB:24:CD:8F:CB:A2:CD:B9:54:DC:EB:FB:E0:B1
[root@node2 puppet]# puppet cert sign node3
Notice: Signed certificate request for node3
Notice: Removing file Puppet::SSL::CertificateRequest node3 at '/var/lib/puppet/ssl/ca/requests/node3.pem'
[root@node2 puppet]# cd manifests/
[root@node2 manifests]# vim /etc/puppet/modules/nginx/mainfets/init.pp
class nginx {
package {'nginx':
ensure => latest,
name => nginx,
} ->
service{'nginx':
enable => true,
ensure => running,
hasrestart => true,
restart => 'service nginx>
}
}
class nginx::webserver inherits nginx {
file{'/etc/nginx/nginx.conf':
source => 'puppet:///modules/nginx/nginx_web.conf',
ensure => file,
notify => Service['nginx'],
require => Package['nginx'],
}
}
class nginx::proxy inherits nginx {
file{'/etc/nginx/nginx.conf':
content => template('nginx/nginx_proxy.conf.erb'),
ensure => file,
notify => Service['nginx'],
require => Package['nginx'],
}
}
[root@node2 manifests]# pwd
/etc/puppet/manifests
[root@node2 manifests]# vim site.pp
node "node3" {
include nginx::proxy
}
[root@node2 manifests]# systemctl restart puppetmaster.service
[root@node3 puppet]# puppet agent --server=node2 --no-daemonize --verbose
Notice: Starting Puppet client version 3.8.4
Info: Caching certificate_revocation_list for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find>
Notice: Using cached catalog
Info: Applying configuration version '1481204536'
Notice: Finished catalog run in 0.04 seconds
[root@node3 puppet]# systemctl start puppetagent.service
02puppet master-agent模型
[root@node3 puppet]# puppet config print environment
production
[root@node2 puppet]# vim autosign.conf
*.magedu.com
[root@node2 puppet]# systemctl restart puppetmaster.service
#自动签署agent证书
[root@node4 ~]# rpm -ivh epel-release-latest-7.noarch.rpm
[root@node4 ~]# yum -y install facter-2.4.4-1.el7.x86_64.rpm puppet-3.8.4-1.el7.noarch.rpm
[root@node4 ~]# puppet agent --server=node2.magedu.com --noop --no-daemonize --verbose --test
Info: Creating a new SSL key for node4
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node4
Info: Certificate Request fingerprint (SHA256): 4B:CE:22:CB:18:E7:E3:0E:B9:A5:24:0B:21:76:92:AE:A7:19:D4:4A:B1:FE:88:28:D6:07:85:15:DD:72:E8:35
Info: Caching certificate for ca
Exiting; no certificate found and waitforcert is disabled
[root@node2 puppet]# puppet cert list --all
+ "node2.magedu.com" (SHA256) 45:11:FF:B1:0D:D8:27:A9:A3:29:9C:BC:F6:B8:67:80:4E:81:9A:7D:18:90:EF:8E:5B:98:C9:67:44:DF:40:54 (alt names: "DNS:node2.magedu.com", "DNS:puppet", "DNS:puppet.magedu.com")
+ "node3.magedu.com" (SHA256) BD:C3:B5:8B:3D:D5:56:FF:D7:A5:19:AD:47:E9:04:94:B9:D9:78:49:84:6E:E3:AB:AE:9C:5D:B4:8C:B8:F8:C2
+ "node4.magedu.com" (SHA256) 9A:87:F9:8F:EC:9E:00:ED:C7:13:7B:4C:14:4D:E5:6F:11:7B:E4:C8:54:C8:B8:18:39:75:27:19:3D:67:0D:D3
[root@node2 puppet]# vim manifests/site.pp
node "node3.magedu.com" {
include nginx::proxy
}
node "node4.magedu.com" {
}
[root@node2 puppet]# systemctl restart puppetmaster.service
[root@node4 ~]# puppet agent --server=node2.magedu.com --noop --no-daemonize --verbose --test
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for node4.magedu.com
Info: Certificate Request fingerprint (SHA256): 4F:47:81:34:B7:66:24:80:81:EE:F0:7D:41:B8:D2:43:57:74:D4:A7:C9:87:6C:59:D4:63:98:B3:D4:49:0A:E8
Info: Caching certificate for node4.magedu.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for ca
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node4.magedu.com
Info: Applying configuration version '1481293129'
Info: Creating state file /var/lib/puppet/state/state.yaml
puppet kick模式
[root@node3 ~]# puppet agent --configprint environment
production
[root@node3 ~]# puppet config print | grep listen
listen = false
[root@node3 ~]# cd /etc/puppet/
[root@node3 puppet]# vim puppet.conf
末行添加
listen = true
[root@node3 puppet]# systemctl restart puppetagent.service
[root@node3 puppet]# vim namespaceauth.conf
[puppetrun]
allow node2.magedu.com
[root@node3 puppet]# systemctl restart puppetagent.service
[root@node2 puppet]# mkdir -p /etc/puppet/modules/varnish/{manifests,files,templates,lib,tests,spec}
[root@node2 puppet]# vim /etc/puppet/modules/varnish/manifests/init.pp
class varnish {
package{'varnish':
ensure => latest,
}
}
[root@node2 puppet]# vim /etc/puppet/manifests/site.pp
node "node3.magedu.com" {
include varnish
include nginx::proxy
}
node "node4.magedu.com" {
}
[root@node2 puppet]# systemctl restart puppetmaster.service
[root@node3 puppet]# vim auth.conf
在倒数第四行# deny之前添加
path /run
method save
allow node2.magedu.com
[root@node3 puppet]# systemctl restart puppetagent.service
[root@node2 puppet]# puppet kick node3.magedu.com
Warning: Puppet kick is deprecated. See http://links.puppetlabs.com/puppet-kick-deprecation
Warning: Failed to load ruby LDAP library. LDAP functionality will not be available
Triggering node3.magedu.com
Getting status
status is success
node3.magedu.com finished with exit code 0
Finished
[root@node2 puppet]# puppet apply -e 'include varnish' --noop -v
Notice: Compiled catalog for node2.magedu.com in environment production in 0.95 seconds
Info: Applying configuration version '1481332757'
Notice: /Stage[main]/Varnish/Package[varnish]/ensure: current_value absent, should be latest (noop)
Notice:>
Notice: Stage[main]: Would have triggered 'refresh' from 1 events
Notice: Finished catalog run in 0.55 seconds
[root@node3 puppet]# vim namespaceauth.conf
[puppetrunner]
allow node2.magedu.com
[root@node3 puppet]# systemctl restart puppetagent.service
03运维工具介绍及pxe环境的实现
1、配置dhcp服务器
环境配置:
server:192.168.1.151 CentOS>
eth0:192.168.1.151bridge
eth1:vmnet2
[root@node1 ~]# yum install dhcp -y
[root@node1 ~]# ifconfig eth1 10.0.10.1/24 up
[root@node1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:06:DE:28
inet addr:192.168.1.151 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe06:de28/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2712 errors:0 dropped:0 overruns:0 frame:0
TX packets:107 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:295129 (288.2 KiB) TX bytes:12335 (12.0 KiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:06:DE:32
inet addr:10.0.10.1 Bcast:10.0.10.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe06:de32/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:468 (468.0 b)
[root@node1 ~]# cd /etc/dhcp/
[root@node1 dhcp]# cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample dhcpd.conf
[root@node1 dhcp]# vim dhcpd.conf
option domain-name "magedu.com";
option domain-name-servers 192.168.1.1;
default-lease-time 43200;
max-lease-time 86400;
log-facility local7;
subnet 10.0.10.0 netmask 255.255.255.0 {
range 10.0.10.21 10.0.10.50;
option routers 10.0.10.1;
}
[root@node1 dhcp]# service dhcpd start
查看客户端自动获得IP地址
[root@node1 dhcp]# tail /var/lib/dhcpd/dhcpd.leases
server-duid "\000\001\000\001\037\336a\327\000\014)\006\3362";
lease 10.0.10.21 {
starts 6 2016/12/10 06:51:32;
ends 6 2016/12/10 18:51:32;
cltt 6 2016/12/10 06:51:32;
binding state active;
next binding state free;
hardware ethernet 00:0c:29:bb:ea:bf;
}
为客户端分配指定IP地址:
[root@node1 dhcp]# vim dhcpd.conf
添加
host ftpserver {
hardware ethernet 00:0c:29:bb:ea:bf;
fixed-address 10.0.10.55;
}
[root@node1 dhcp]# service dhcpd restart
配置pxe
1、dhcp
[root@node1 dhcp]# vim dhcpd.conf
修改
subnet 10.0.10.0 netmask 255.255.255.0 {
range 10.0.10.21 10.0.10.50;
option routers 10.0.10.1;
}
为
subnet 10.0.10.0 netmask 255.255.255.0 {
range 10.0.10.21 10.0.10.50;
option routers 10.0.10.1;
next-server 10.0.10.1;
filename "pxelinux.0";
}
[root@node1 dhcp]# service dhcpd restart
2、tftp
[root@node1 dhcp]# yum -y install tftp-server tftp
[root@node1 dhcp]# chkconfig tftp on
[root@node1 dhcp]# service xinetd start
[root@node1 dhcp]# cp /etc/fstab /var/lib/tftpboot/
[root@node1 dhcp]# tftp 10.0.10.1
[root@node1 dhcp]# cd /var/lib/tftpboot/
[root@node1 tftpboot]# yum -y install syslinux
[root@node1 tftpboot]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
[root@node1 ~]# mount -r /dev/cdrom /mnt/
[root@node1 ~]# cd /mnt/isolinux/
[root@node1 isolinux]# ls
boot.cat grub.conf isolinux.bin memtest TRANS.TBL vmlinuz
boot.msg initrd.img isolinux.cfg splash.jpg vesamenu.c32
[root@node1 isolinux]# cd ../images/pxeboot/
[root@node1 pxeboot]# ls
initrd.img TRANS.TBL vmlinuz
[root@node1 pxeboot]# cp vmlinuz initrd.img /var/lib/tftpboot/
[root@node1 pxeboot]# cd ../../isolinux/
[root@node1 isolinux]# cp isolinux.cfg vesamenu.c32 splash.jpg boot.msg /var/lib/tftpboot/
[root@node1 isolinux]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@node1 isolinux]# cp isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/
[root@node1 isolinux]# cd /var/lib/tftpboot/pxelinux.cfg/
[root@node1 pxelinux.cfg]# mv isolinux.cfg default
[root@node1 pxelinux.cfg]# vim default
修改
menu>
为
menu>
新建一个虚拟机,设置网卡为VMnet2
[root@node1 pxelinux.cfg]# cd
[root@node1 ~]# yum -y install httpd
[root@node1 ~]# mkdir /var/www/html/centos6
[root@node1 ~]# umount /dev/cdrom
[root@node1 ~]# mount -r /dev/cdrom /var/www/html/centos6/
[root@node1 ~]# service httpd start
安装模式选择“URL”,配置自动获得IP地址
配置url地址为:http://10.0.10.1/centos6
04cobbler简单实现
1、cobbler安装
[root@node1 ~]# rpm -Uvh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@node1 ~]# yum -y install cobbler cobbler-web pykickstart debmirror httpd syslinux
[root@node1 ~]# cd /var/lib/tftpboot/
[root@node1 tftpboot]# mkdir /root/pxeboot
[root@node1 tftpboot]# mv ./* /root/pxeboot/
[root@node1 tftpboot]# cd
[root@node1 ~]# vim /etc/dhcp/dhcpd.conf
修改
subnet 10.0.10.0 netmask 255.255.255.0 {
range 10.0.10.21 10.0.10.50;
option routers 10.0.10.1;
next-server 10.0.10.1;
filename "pxelinux.0";
}
为
subnet 10.0.10.0 netmask 255.255.255.0 {
range 10.0.10.21 10.0.10.50;
option routers 10.0.10.1;
filename "pxelinux.0";
}
[root@node1 ~]# service dhcpd restart
[root@node1 ~]# service httpd start
[root@node1 ~]# service cobblerd start
[root@node1 ~]# cd /etc/cobbler/
[root@node1 ~]# openssl passwd -1 -salt `openssl rand -hex 4` #密码设为'magedu'
Password:
$1$f5673d2f$v4u767ixJnzbYp3XsW4.81
[root@node1 cobbler]# vim settings
修改
server: 127.0.0.1
为
server: 10.0.10.1
修改
next_server: 127.0.0.1
为
next_server: 10.0.10.1
修改
default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
为
default_password_crypted: "$1$f5673d2f$v4u767ixJnzbYp3XsW4.81"#用上面生成的密码替换配置文件中的密码
[root@node1 cobbler]# service cobblerd restart
[root@node1 cobbler]# cobbler sync
[root@node1 tftpboot]# cobbler repo help
usage
=====
cobbler repo add
cobbler repo copy
cobbler repo edit
cobbler repo find
cobbler repo list
cobbler repo remove
cobbler repo rename
cobbler repo report
[root@node1 tftpboot]# umount /dev/cdrom
[root@node1 tftpboot]# mount /dev/cdrom /media/ -r
[root@node1 tftpboot]# cobbler import --path=/media/ --name=centos6.6-x86_64
[root@node1 ~]# cd /var/www/cobbler/ks_mirror/
[root@node1 ks_mirror]# ls
centos6.6-x86_64 config
[root@node1 ks_mirror]# cd centos6.6-x86_64/
[root@node1 centos6.6-x86_64]# ls
CentOS_BuildTag isolinux RPM-GPG-KEY-CentOS-Debug-6
EFI Packages RPM-GPG-KEY-CentOS-Security-6
EULA >
GPL repodata TRANS.TBL
images RPM-GPG-KEY-CentOS-6
[root@node1 centos6.6-x86_64]# cd /etc/httpd/conf.d/
[root@node1 conf.d]# ls
cobbler.conf cobbler_web.conf README ssl.conf welcome.conf wsgi.conf
[root@node1 cobbler]# chkconfig rsync on
[root@node1 cobbler]# service xinetd restart
[root@node1 cobbler]# vim /etc/debmirror.conf
修改
@dists="sid";
为
#@dists="sid";
修改
@arches="i386";
为
#@arches="i386";
[root@node1 ~]# cobbler profile list
centos6.6-x86_64
[root@node1 ~]# cobbler distro list
centos6.6-x86_64
[root@node1 ~]# cobbler sync
[root@node1 ~]# service cobblerd restart
启动测试客户端,可以正常安装操作系统
2、新增一个kickstart安装项
[root@node1 ~]# cobbler profile help add
usage
=====
cobbler profile add
cobbler profile copy
cobbler profile dumpvars
cobbler profile edit
cobbler profile find
cobbler profile getks
cobbler profile list
cobbler profile remove
cobbler profile rename
cobbler profile report
[root@node1 ~]# vim centos6.x86_64.cfg #CentOS安装的kickstart文件
# Kickstart file automatically generated by anaconda.
#version=DEVEL
install
url --url="http://10.0.10.1/cobbler/ks_mirror/centos6.6-x86_64/"
lang zh_CN.UTF-8
keyboard us
rootpw --iscrypted $6$dxqrElMVBdEAZWfC$dZOGcI8vfpUUMx.jsSh2BbCukKthMKnnKHs5GUGJTuzYgVx4ZFXIbigqg61xyiTId0XDqyqZ/kiX7hTnaEAzq0
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --disable
timezone --utc Asia/Shanghai
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --none
#part /boot --fstype=ext4 --size=500
#part swap --size=2000
#part / --fstype=ext4 --grow --size=200
repo --name="CentOS" --baseurl=cdrom:sr0 --cost=100
%packages
@base
@chinese-support
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@directory-client
@fonts
@general-desktop
@graphical-admin-tools
@input-methods
@internet-applications
@internet-browser
@java-platform
@legacy-x
@network-file-system-client
@office-suite
@print-client
@remote-desktop-clients
@server-platform
@server-policy
@workstation-policy
@x11
mtools
pax
oddjob
wodim
sgpio
genisoimage
device-mapper-persistent-data
abrt-gui
samba-winbind
certmonger
pam_krb5
krb5-workstation
libXmu
%end
[root@node1 ~]# cp centos6.x86_64.cfg /var/lib/cobbler/kickstarts/
[root@node1 ~]# cobbler distro list
centos6.6-x86_64
[root@node1 ~]# cobbler profile add --name "centos6.6-x86_64-web" --distro=centos6.6-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos6.x86_64.cfg
[root@node1 ~]# cobbler profile list
centos6.6-x86_64
centos6.6-x86_64-web
[root@node1 ~]# cobbler sync
启动客户机测试,安装成功!
3、cobbler_web
1)生成cobbler登录账号、密码
[root@node1 ~]# cd /etc/cobbler/
[root@node1 cobbler]# htdigest /etc/cobbler/users.digest "Cobbler" cobbler
Changing password for user cobbler in realm Cobbler
New password:
Re-type new password:
#注:cobbler为登录账号,密码通过终端输入,这里为123456
命令执行完成后生成users.digest文件
[root@node1 cobbler]# ll users.digest
-rw-r--r-- 1 root root 49 Dec 11 09:51 users.digest
[root@node1 ~]# cobbler sync
[root@node1 ~]# service httpd restart
[root@node1 ~]# service cobblerd restart
登录: http://192.168.1.151/cobbler_web(用户名cobbler,密码:123456)
登录成功!
05CentOS 7 cobbler
配置环境:
node1 192.168.1.131CentOS Linux>
1、cobbler安装配置
[root@node1 ~]# rpm -ivh http://192.168.56.2/epel/epel-release-latest-7.noarch.rpm
[root@node1 ~]# yum install cobbler -y
[root@node1 ~]# systemctl start cobblerd.service
[root@node1 ~]# systemctl start httpd.service
[root@node1 ~]# openssl passwd -1 -salt $(openssl rand -hex 4)生成密码
Password:
$1$3cc52881$nUzvLXIkX6mXBytq/INg0/
[root@node1 ~]# vim /etc/cobbler/settings
修改
default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
为
default_password_crypted: "$1$3cc52881$nUzvLXIkX6mXBytq/INg0/"#用上面生成的密码替换配置文件中的密码
修改
next_server: 127.0.0.1
为
next_server: 192.168.1.131
修改
server: 127.0.0.1
为
server: 192.168.1.131
[root@node1 ~]# yum -y install tftp-server tftp xinetd
[root@node1 ~]# chkconfig tftp on
[root@node1 ~]# vim /etc/xinetd.d/tftp
修改
disable = yes
为
disable = no
[root@node1 ~]# systemctl restart xinetd.service
[root@node1 ~]# systemctl start rsyncd.service
[root@node1 ~]# cobbler sync
[root@node1 ~]# systemctl restart cobblerd.service
[root@node1 ~]# cp /usr/share/syslinux/pxelinux.0 /usr/share/syslinux/menu.c32 /var/lib/cobbler/loaders/
[root@node1 ~]# systemctl restart cobblerd.service
[root@node1 ~]# systemctl enable rsyncd.service
[root@node1 dhcp]# cobbler sync
[root@node1 ~]# yum -y install dhcp
[root@node1 ~]# cd /etc/dhcp/
[root@node1 dhcp]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example dhcpd.conf
[root@node1 dhcp]# vim dhcpd.conf
option domain-name "magedu.com";
option domain-name-servers 192.168.1.1;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.20;
option routers 192.168.1.1;
next-server 192.168.1.131;
filename "pxelinux.0";
}
[root@node1 dhcp]# systemctl start dhcpd.service
[root@node1 dhcp]# cd
[root@node1 ~]# vim centos6.x86_64.cfg
# Kickstart file automatically generated by anaconda.
#version=DEVEL
install
url --url="http://192.168.1.131/cobbler/ks_mirror/centos6.6-x86_64/"
lang zh_CN.UTF-8
keyboard us
rootpw --iscrypted $6$dxqrElMVBdEAZWfC$dZOGcI8vfpUUMx.jsSh2BbCukKthMKnnKHs5GUGJTuzYgVx4ZFXIbigqg61xyiTId0XDqyqZ/kiX7hTnaEAzq0
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --disable
timezone --utc Asia/Shanghai
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --none
#part /boot --fstype=ext4 --size=500
#part swap --size=2000
#part / --fstype=ext4 --grow --size=200
repo --name="CentOS" --baseurl=cdrom:sr0 --cost=100
%packages
@base
@chinese-support
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@directory-client
@fonts
@general-desktop
@graphical-admin-tools
@input-methods
@internet-applications
@internet-browser
@java-platform
@legacy-x
@network-file-system-client
@office-suite
@print-client
@remote-desktop-clients
@server-platform
@server-policy
@workstation-policy
@x11
lftp
%end
在光驱插入CentOS6.7光盘
[root@node1 ~]# mount -r /dev/sr0 /mnt/
[root@node1 ~]# ls /mnt/
CentOS_BuildTag isolinux RPM-GPG-KEY-CentOS-Debug-6
EFI Packages RPM-GPG-KEY-CentOS-Security-6
EULA >
GPL repodata TRANS.TBL
images RPM-GPG-KEY-CentOS-6
[root@node1 ~]# mv centos6.x86_64.cfg /var/lib/cobbler/kickstarts/
[root@node1 ~]# cobbler import --path=/mnt --name="CentOS-6.7-x86_64" --kickstart=/var/lib/cobbler/kickstarts/centos6.x86_64.cfg
[root@node1 ~]# ls /var/www/cobbler/ks_mirror/CentOS-6.7-x86_64/#上面创建的文件在此处
CentOS_BuildTag isolinux RPM-GPG-KEY-CentOS-Debug-6
EFI Packages RPM-GPG-KEY-CentOS-Security-6
EULA >
GPL repodata TRANS.TBL
images RPM-GPG-KEY-CentOS-6
[root@node1 ~]# cobbler distro list
CentOS-6.7-x86_64
[root@node1 ~]# cobbler profile list
CentOS-6.7-x86_64
[root@node1 ~]# cobbler sync
[root@node1 ~]# vim /var/lib/tftpboot/pxelinux.cfg/default
上面生成的文件如下:
LABEL CentOS-6.7-x86_64
kernel /images/CentOS-6.7-x86_64/vmlinuz
MENU LABEL CentOS-6.7-x86_64
append initrd=/images/CentOS-6.7-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.1.131/cblr/svc/op/ks/profile/CentOS-6.7-x86_64
[root@node1 ~]# vim /var/lib/cobbler/kickstarts/centos6.x86_64.cfg
修改
url --url="http://192.168.1.131/cobbler/ks_mirror/centos6.6-x86_64/"
为
url --url="http://192.168.1.131/cobbler/ks_mirror/centos-6.7-x86_64/"
默认yum源保存位置:
[root@node1 ~]# ls /var/www/cobbler/ks_mirror/
CentOS-6.7-x86_64 config
[root@node1 ~]# cobbler profile list
CentOS-6.7-x86_64
[root@node1 ~]# cobbler profile remove --name=CentOS-6.7-x86_64
[root@node1 ~]# cobbler profile add --name=CentOS-6.7-x86_64 --distro=CentOS-6.7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos6.x86_64.cfg
[root@node1 ~]# cobbler sync
创建一个新的虚拟机,进行测试
2、安装配置cobbler-web
[root@node1 ~]# yum -y install cobbler-web
[root@node1 ~]# cd /etc/cobbler/
#生成认证用户密码(用户名:cblradmin,密码:123456)
[root@node1 cobbler]# htdigest /etc/cobbler/users.digest Cobbler cblradmin
Adding user cblradmin in realm Cobbler
New password:
Re-type new password:
[root@node1 cobbler]# systemctl restart httpd.service
登录网址:
https://192.168.1.131/cobbler_web |
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-8-2 06:15:13
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡