自动部署系统

Linux系统批量自动安装

实现原理:将手动安装的所有的详细步骤记录到一个文件中,然后有一种软件通过读取这个文件就可以实现自动化安装系统。

这个工具叫KickStart,KickStart是ReadHat公司的开源的工具,所以对Centos兼容性最好。注意kickstart是一个项目的名称,没有这个软件。

cobbler是对kickstart的所有组件的封装。本质上就是网页版本的kickstart。

PXE-KickStart原理

PXE,全名Pre-boot Execution Environment,预启动执行环境。

通过网络接口启动计算机,不依赖本地存储设备或本地已安装的操作系统。

PXE客户端会调用网际协议(ip)、用户数据报协议(UDP)、动态主机设定协议(DHCP)、小型文件传输协议(TFTP)等网络协议。

运行原理图:

PXE客户端向DCHP服务器请求ip地址,向TFTP服务器请求下载启动文件、向HTTP请求自动应答文件(KickStart文件)
环境准备:准备模板机(centos7)

  1. 克隆之前必须关闭 NetworManager,并且开机不自启动
    关闭systemctl status NetworkManager
    关闭运行:systemctl stop NetworkManager
    关闭开机自启动:systemctl disable NetworkManager

  2. 处理网卡,centos7只需要删除UUID,不需要删除HWADDR
    sed -ri '/UUID|HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]
    sed -ri '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]

  3. 关闭防火墙和selinux
    防火墙:
    关闭运行:systemctl stop firewalld.service
    关闭自启动:systemctl disable firewalld.service
    查看状态:
    systemctl status firewalld.service

    selinux:
    关闭配置 sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
    当前关闭 setenforce 0
    查看 getenforce

  4. 替换为国内yum源
    https://opsx.alibaba.com/mirror 打开点击帮助
    执行 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
    替换 epel源
    执行 wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
    之后运行 yum makecache 生成缓存
    查看当前源
    yum repolist

    可以开始进行克隆了

查看是否可以上网

ping baidu.com
ping 223.5.5.5
route -n 查看网管
ping 网管

开始部署DCHP服务器(先克隆一台服务器)

  1. 修改hostname
    hostnamectl set-hostname oldboy-kickstart

  2. 安装第一个软件DHCP
    yum install -y dhcp

  3. 因为dhcp是对客户端进行ip分发,故将虚拟机本身的dhcp服务关闭

  4. 配置dhcp
    cat >>/etc/dhcp/dhcpd.conf<<EOF
    subnet 172.16.1.0 netmask 255.255.255.0 {
    range 172.16.1.100 172.16.1.199; #可分配的起始IP-结束IP
    option subnet-mask 255.255.255.0; #设定netmask
    default-lease-time 21600; #设定默认IP租用期限
    max-lease-time 43200; #设定最大IP租用期限
    next-server 172.16.1.201; #告知客户端TFTP服务器的ip
    filename "/pxelinux.0"; #告知客户端从TFTP根目录下载pxelinux.0文件
    }
    EOF

  5. 启动dhcp
    systemctl start dhcpd.service
    systemctl disable dhcpd.service #关闭开机自启动
    tailf /var/log/message 实时查看dhcp日志

  6. 创建一台虚拟机,查看是否会分发ip
    确保网卡和kickstart的LAN区段属于同一网段

    开启虚拟机,出现DHCP

    因为两块网卡,第一块eth0不在同一网段,所以DHCP分发失败,第二块成功,但是TFTP服务我们还没开启,故超时。

  7. 有可能会遇到的坑

  8. 当前虚拟机做快照

  9. 通过抓包查看dhcp过程
    安装软件 yum install -y wireshark
    tshark -ni eth1 #指定抓取eth1

部署TFTP服务

  1. 安装tftp
    yum install -y tftp-server
    systemctl start tftp.socket 启动

  2. 上面克隆的服务器启动

    安装syslinux就可以了

  3. 将syslinux的pxelinux.0 复制到tftp根目录下

    cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

  4. 继续报错

  5. 所需文件在光盘中
    mkdir -p /var/www/html/CentOS7/isolinux/
    mount /dev/cdrom /var/www/html/CentOS7/isolinux/
    复制到var/lib/tftpboot/ 下面
    cp /var/www/html/CentOS7/isolinux/isolinux/* /var/lib/tftpboot/
    cp /var/www/html/CentOS7/isolinux/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default

  6. 配置完成后的目录
    [root@oldboy-kickstart tftpboot]# tree /var/lib/tftpboot/
    /var/lib/tftpboot/
    ├── boot.cat
    ├── boot.msg
    ├── grub.conf
    ├── initrd.img
    ├── isolinux.bin
    ├── isolinux.cfg
    ├── memtest
    ├── pxelinux.0
    ├── pxelinux.cfg
    │ └── default
    ├── splash.png
    ├── TRANS.TBL
    ├── vesamenu.c32
    └── vmlinuz

  7. 之后重新启动克隆的虚拟机,成功进入安装界面

部署HTTP服务

  1. 安装http服务
    yum -y install httpd
    systemctl start httpd.service

  2. 访问测试10.0.0.201/Centos7,出现了硬盘信息

整合完所有的操作,开始自动部署系统!

KS 官方文档 https://access.redhat.com/documentation/zh-cn/red_hat_enterprise_linux/7/html-single/installation_guide/index

  1. 编写KS文件(包含安装的所有步骤)也叫自动应答文件
    所有安装完成的系统,做的每一步操作,都保存在 anaconda-ks.cfg
    ks文件语法:

  2. 准备好ks文件
    [root@oldboy-kickstart ~]# cat /var/www/html/ks_config/CentOS7-ks.cfg

# Kickstart Configurator for CentOS 7 by yao zhang
install
url --url="http://172.16.1.201/CentOS7/isolinux/"
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
network  --bootproto=static --device=eth0 --gateway=10.0.0.254 --ip=10.0.0.202 --nameserver=223.5.5.5 --netmask=255.255.255.0 --activate
network  --bootproto=static --device=eth1 --ip=172.16.1.202 --netmask=255.255.255.0 --activate
network  --hostname=Cobbler
#network --bootproto=dhcp --device=eth1 --onboot=yes --noipv6 --hostname=CentOS7
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw  --iscrypted $6$X20eRtuZhkHznTb4$dK0BJByOSAWSDD8jccLVFz0CscijS9ldMWwpoCw/ZEjYw2BTQYGWlgKsn945fFTjRC658UXjuocwJbAjVI5D6/
clearpart --all --initlabel
part /boot --fstype xfs --size 1024
part swap --size 1024
part / --fstype xfs --size 1 --grow
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot

%packages
@^minimal
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet 
wget 
vim 
bash-completion
%end

%post
systemctl disable postfix.service
%end

  1. 备份
    cp /var/lib/tftpboot/pxelinux.cfg/default{,.bak}

  2. 写入ks文件

oldboy centos7 kickstart configure
default ks
timeout 50
prompt 0
label ks
  kernel vmlinuz
  append initrd=initrd.img inst.ks=http://172.16.1.201/ks_config/CentOS7-ks.cfg net.ifnames=0 biosdevname=0 ksdevice=eth1 #安装系统的内核参数,所以要创建ks_config/Centos7-ks.cfg文件
  1. 创建ks所需目录
    mkdir -p /var/www/html/ks_config

  2. 上传CentOS7-ks.cfg文件到 /var/www/html/ks_config

  3. 访问url查看是否能找到ks_config文件

  4. 访问url查看是否能找/var/www/html/ks_config/CentOS7-ks.cfg里面的Centos文件路径

  5. 接下来可以愉快的自动部署系统了,全程自动,再也不用点点点了

Cobbler服务

Cobbler是一个Linux系统安装的服务,可以通过网络启动(PXE)的方式来快速安装、重装物理服务器和虚拟机,同时还可以管理DHCP、DNS等。

Cobbler可以使用命令行方式管理,也提供了基于web的界面管理工具(cobbler-web),还提供了API接口,可以方便二次开发使用。

Cobbler是较早前的kickstart的升级版,优点是比较容易配置,还自带web界面比较易于管理。

  1. 使用上面kickstart自动安装的系统来安装cobbler环境
    域名解析

    查看网卡信息

  2. 更改epel源
    curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
    curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

  3. 安装cobbler
    yum install -y cobbler cobbler-web dhcp tftp-server pykickstart httpd python-django

  4. 检查是否安装成功

  5. 启动cobbler和httpd
    systemctl start cobblerd.service
    systemctl start httpd.service
    cobbler check 检查cobbler配置

  6. cobbler详细配置说明
    [root@Cobbler ~]# cobbler check
    The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a recent version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

修改一:vim /etc/cobbler/settings 修改dhcp为1,这个设置意味着允许cobbler去管理dhcp服务


修改server:172.16.1.202

修改next_server:172.16.1.202

修改二:vim /etc/cobbler/dhcp.template
:%s#192.168#172.16#g 修改内网ip

同时删除如下信息

修改三:将disble yes 改为no

修改四: 下载cobbler引导文件
cobbler get-loaders

修改五: 启动rsyncd服务
[root@Cobbler ~]# systemctl enable rsyncd
[root@Cobbler ~]# systemctl start rsyncd

修改七:设置密码放入default_password_crypted
生成密码:openssl passwd -1
将生成密码放入

  1. 重新运行cobbler
    systemctl restart cobblerd.service
    cobbler sync 使修改生效

    cobbler check 检查只剩两天报错

  2. 重启所有服务
    systemctl restart cobblerd.service httpd.service tftp.socket rsyncd.service
    [root@Cobbler ~]# systemctl is-active cobblerd.service httpd.service tftp.socket rsyncd.service
    active
    active
    active
    active

  3. 访问cobbler-web界面
    https://10.0.0.202/cobbler_web

    默认账户密码为cobbler

使用cobbler

  1. 确保选择了光盘

  2. 将光盘挂载到/mnt下
    [root@Cobbler ~]# mount /dev/cdrom /mnt/
    mount: /dev/sr0 is write-protected, mounting read-only

  3. 单击run,events显示正在运行

  4. 导入结束

5.config配置
修改网卡名字

使用cobbler创建自定义系统配置文件

上面的配置结束,要指定自己的配置文件

# Cobbler for Kickstart Configurator for CentOS 7 by yao zhang
install
url --url=$tree
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
#Network information
$SNIPPET('network_config')
#network --bootproto=dhcp --device=eth0 --onboot=yes --noipv6 --hostname=CentOS7
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw  --iscrypted $default_password_crypted
clearpart --all --initlabel
part /boot --fstype xfs --size 1024
part swap --size 1024
part / --fstype xfs --size 1 --grow
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot

%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end

%packages
@^minimal
@compat-libraries
@core
@debugging
@development
bash-completion
chrony
dos2unix
kexec-tools
lrzsz
nmap
sysstat
telnet
tree
vim
wget
%end

%post
systemctl disable postfix.service
%end

profile指定刚才创建的ks

system指定刚才创建的ks

  1. 选择systems,点击create

  2. 修改General

  3. 修改Networking(Global)

  4. 修改Networking
    配置eth0
    mac地址位置

    配置eth1

  5. 点击Action区域的sync生效

全篇完结。

原文地址:https://www.cnblogs.com/lishi-jie/p/11704181.html