Like Love Haha Wow Sad Angry


  Cobbler 可以用来快速批量安装 Linux 系统,这里我们在 centos 7 上部署它来引导批量安装 ubuntu 18.04.5-server 系统。


主机 系统 IP地址
server centos 7.6.1810
node1 未安装操作系统
node2 未安装操作系统



setenforce 0
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld

mkdir -p /etc/yum.repos.d/centos
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/centos
curl -o /etc/yum.repos.d/CentoS-7.repo     
curl -o /etc/yum.repos.d/epel7.repo  



 • dhcp:用来给客户端主机分配可用的IP地址。
 • tftp:用来给客户端主机提供引导及驱动文件。
 • httpd:用来给客户端主机提供镜像、应答文件以及一些自定义的文件脚本之类的。
yum install -y cobbler cobbler-web dhcp tftp-server httpd pykickstart rsync xinetd


[root@server ~]# vim /etc/cobbler/settings      # 修改以下配置
next_server:       # pxe引导地址
server:            # Cobbler服务地址
manage_dhcp: 1              # 启用Cobbler的DHCP管理功能
default_password_crypted: "$1$B8DvnqZY$ZtrEjkRM4JOJB.QzwPXmV."      # 客户端root用户密码,使用下面加密后的值

# 加密密码
[root@server ~]# openssl passwd -1 '000000'     # 最后面单引号里面是要加密的密码

# 可以采用sed替换
sed -ri 's/^(next_server:).*/\1' /etc/cobbler/settings  
sed -ri 's/^(server:).*/\1' /etc/cobbler/settings
sed -ri 's/^(manage_dhcp:).*/\1 1/' /etc/cobbler/settings
sed -ri 's#^(default_password_crypted:).*#\1 "$1$B8DvnqZY$ZtrEjkRM4JOJB.QzwPXmV."#' /etc/cobbler/settings

启动 Cobbler 服务,并加载下载一些引导文件

systemctl start cobblerd httpd
cobbler get-loaders


配置 DHCP 模板(注意根据实际网络环境进行修改)

[root@server ~]# vim /etc/cobbler/dhcp.template     # 修改以下配置  
subnet netmask {
     option routers   ;
     option domain-name-servers;
     option subnet-mask;
     range dynamic-bootp;


将 disable 设置为 no 就可以开启 tftp 了

[root@server ~]# vim /etc/xinetd.d/tftp

        disable                 = no


cobbler sync


  seed 预配置文件准备。在下面目录中有一些模板文件,一般常用 sample.seed 做标准模板,然后根据实际进行改动。以下 ubuntu18045.seed 就是根据 sample.seed 改动出来的。

[root@server ~]# cd /var/lib/cobbler/kickstarts/
[root@server kickstarts]# ls
default.ks    install_profiles  sample_autoyast.xml  sample_esxi4.ks  sample.ks        sample.seed.28
esxi4-ks.cfg  legacy.ks         sample_end.ks        sample_esxi5.ks  sample_old.seed
esxi5-ks.cfg  pxerescue.ks      sample_esx4.ks       sample_esxi6.ks  sample.seed

[root@server kickstarts]# vim ubuntu18045.seed

下面是 ubuntu18045.seed 文件内容。(注意根据实际情况进行修改)

# Mostly based on the Ubuntu installation guide
# Debian sample

# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US

# Keyboard selection.
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us
d-i keyboard-configuration/toggle select No toggling
d-i keyboard-configuration/layoutcode string us
d-i keyboard-configuration/variantcode string

# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
#set $myhostname = $getVar('hostname',$getVar('name','cobbler')).replace("_","-")
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string $myhostname

# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
# d-i hw-detect/load_firmware boolean true

# NTP/Time Setup
d-i time/zone string Asia/Shanghai
d-i clock-setup/utc boolean true
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server  string

# Setup the installation source
d-i mirror/country string manual
d-i mirror/http/hostname string $http_server
d-i mirror/http/directory string $install_source_directory
d-i mirror/http/proxy string

#set $os_v = $getVar('os_version','')
#if $breed == "ubuntu" and $os_v and $os_v.lower() != 'precise'
# Required at least for ubuntu 12.10+ , so test os_v is not precise. Olders versions are not supported anymore
d-i live-installer/net-image string http://$http_server/cobbler/links/$distro_name/install/filesystem.squashfs
#end if

# Suite to install.
# d-i mirror/suite string precise
# d-i mirror/udeb/suite string precise

# Components to use for loading installer components (optional).
#d-i mirror/udeb/components multiselect main, restricted

# Disk Partitioning
# Use LVM, and wipe out anything that already exists
#d-i partman-auto/disk string /dev/sda
#d-i partman/choose_partition select finish
#d-i partman/confirm boolean true
#d-i partman/confirm_nooverwrite boolean true
#d-i partman-auto/method string lvm
#d-i partman-auto/method string regular
#d-i partman-lvm/device_remove_lvm boolean true
#d-i partman-lvm/confirm boolean true
#d-i partman-lvm/confirm_nooverwrite boolean true
#d-i partman-md/device_remove_md boolean true
#d-i partman-partitioning/confirm_write_new_label boolean true

d-i partman-auto/disk string /dev/sda
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-auto/method string regular
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-auto/choose_recipe select atomic
d-i partman-md/device_remove_md boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
#d-i partman/default_filesystem string ext4
#d-i partman/mount_style select uuid

# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home:   separate /home partition
# - multi:  separate /home, /usr, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic

# If you just want to change the default filesystem from ext3 to something
# else, you can do that without providing a full recipe.
# d-i partman/default_filesystem string ext4

# root account and password
d-i passwd/root-login boolean true
d-i passwd/root-password-crypted password $default_password_crypted

# skip creation of a normal user account.
d-i passwd/make-user boolean false

# You can choose to install restricted and universe software, or to install
# software from the backports repository.
#d-i apt-setup/restricted boolean false
#d-i apt-setup/universe boolean false
#d-i apt-setup/backports boolean false

# Uncomment this if you don't want to use a network mirror.
# d-i apt-setup/use_mirror boolean false

# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
#d-i apt-setup/services-select multiselect security
#d-i apt-setup/security_host string
#d-i apt-setup/security_path string /ubuntu
d-i apt-setup/services-select multiselect security
d-i apt-setup/security_host string
d-i apt-setup/security_path string /cobbler/ks_mirror/ubuntu-18.04.5-X86_64


# Enable deb-src lines
# d-i apt-setup/local0/source boolean true

# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out
# d-i apt-setup/local0/key string http://local.server/key

# By default the installer requires that repositories be authenticated
# using a known gpg key. This setting can be used to disable that
# authentication. Warning: Insecure, not recommended.
# d-i debian-installer/allow_unauthenticated boolean true

# Package selection
# Default for minimal
tasksel tasksel/first multiselect standard
# Default for server
# tasksel tasksel/first multiselect standard, web-server
# Default for gnome-desktop
# tasksel tasksel/first multiselect standard, gnome-desktop

# Individual additional packages to install
# wget is REQUIRED otherwise quite a few things won't work
# later in the build (like late-command scripts)
#d-i pkgsel/include string wget ntp ssh
#d-i pkgsel/include string openssh-server
d-i pkgsel/include string wget ssh
#d-i pkgsel/upgrade select none
#d-i pkgsel/update-policy select none

# Debian needs this for the installer to avoid any question for grub
# Please verify that it suit your needs as it may overwrite any usb stick
#if $breed == "debian"
d-i grub-installer/grub2_instead_of_grub_legacy boolean true
d-i grub-installer/bootdev string default
#d-i grub-installer/timeout string 5
#end if

# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
d-i debian-installer/add-kernel-opts string $kernel_options_post

# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note

## Figure out if we're kickstarting a system or a profile
#if $getVar('system_name','') != ''
#set $what = "system"
#set $what = "profile"
#end if

# This first command is run as early as possible, just after preseeding is read.
# d-i preseed/early_command string [command]
d-i preseed/early_command string wget -O- \
   http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_early_default | \
   /bin/sh -s

# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
# d-i partman/early_command \
#       string debconf-set partman-auto/disk "\$(list-devices disk | head -n1)"

# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
# d-i preseed/late_command string [command]
d-i preseed/late_command string wget -O- \
   http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_late_default | \
   chroot /target /bin/sh -s

d-i preseed/late_command string mkdir -p /target/root/.ssh ; \
wget -O /target/etc/apt/sources.list http://$http_server/cobbler/ks_mirror/bash/sources.list ; \
wget -P /target/etc/netplan/ http://$http_server/cobbler/ks_mirror/bash/50-cloud-init.yaml.bak ; \
wget -P /target/root/ http://$http_server/cobbler/ks_mirror/bash/ ; \
wget -P /target/root/ http://$http_server/cobbler/ks_mirror/bash/ ; \
wget -P /target/root/ http://$http_server/cobbler/ks_mirror/bash/ ; \
wget -P /target/root/.ssh http://$http_server/cobbler/ks_mirror/bash/authorized_keys ; \
chmod 400 /target/root/.ssh/authorized_keys ; \
cd /target ; \
chroot ./ bash /root/ ; \
chroot ./ sh /root/ --no-x-check --no-nouveau-check --no-opengl-files -q -a -s --ui=none ; \
echo ""


mkdir -p /mnt/ubuntu
mount -t iso9660 -r -o ro,loop ubuntu-18.04.5-server-amd64.iso /mnt/ubuntu/

cobbler import --path=/mnt/ubuntu --name=ubuntu-18.04.5 --kickstart=/var/lib/cobbler/kickstarts/ubuntu18045.seed --arch=x86_64


[root@server kickstarts]# cobbler list










[root@server ~]# mkdir -p /var/www/cobbler/ks_mirror/bash
[root@server ~]# cd /var/www/cobbler/ks_mirror/bash

秘钥准备,用作 cobbler 服务端与节点机的免密:

[root@server bash]# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
[root@server bash]# cp -a /root/.ssh/ authorized_keys


[root@server bash]# vim

sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
systemctl stop ufw.service
systemctl disable ufw.service
echo -e "\" >> /etc/systemd/timesyncd.conf
systemctl restart systemd-timesyncd

apt update
apt install -y vim gcc make gparted net-tools htop screen

cat >> /etc/security/limits.conf << EOF
*       soft        nofile  655350
*       hard        nofile  655350
*       soft        nproc   655350
*       hard        nproc   655350
root        soft        nofile  655350
root        hard        nofile  655350
root        soft        nproc   655350
root        hard        nproc   655350

cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat > /etc/sysctl.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096        87380   4194304
net.ipv4.tcp_wmem = 4096        16384   4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024    65000
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0

/sbin/sysctl -p

#cd /root/
#chmod +x
#./ --no-x-check --no-nouveau-check --no-opengl-files -q -a -s --ui=none

rm -rf /root/

apt 源文件 sources.list,使用阿里源:

[root@server bash]# vim sources.list
deb bionic main restricted universe multiverse
deb-src bionic main restricted universe multiverse
deb bionic-security main restricted universe multiverse
deb-src bionic-security main restricted universe multiverse
deb bionic-updates main restricted universe multiverse
deb-src bionic-updates main restricted universe multiverse
deb bionic-proposed main restricted universe multiverse
deb-src bionic-proposed main restricted universe multiverse
deb bionic-backports main restricted universe multiverse
deb-src bionic-backports main restricted universe multiverse


[root@server bash]# wget


[root@server bash]# vim 50-cloud-init.yaml.bak 
            - 10.0.0.x/24
            dhcp4: true
    version: 2


[root@server bash]# vim 
cd /etc/netplan/
gzip 01-netcfg.yaml
read -p "please ip address: " IP
cat 50-cloud-init.yaml.bak | sed '/\/24$/c "            - '"$IP"'/24' | sed 's/"//' > 50-cloud-init.yaml
chmod 644 50-cloud-init.yaml
netplan apply



[root@server ~]# vim /etc/cobbler/pxe/pxedefault.template   # 修改以下配置    

[root@server ~]# cobbler system add --name=default --profile=ubuntu-18.04.5-hwe-x86_64

[root@server ~]# cobbler sync


  当服务器有多块网卡时,会停在网卡选择哪里不动,需要人工进行选择。使用 seed 文件里的 netcfg/choose_interface select 选项指定网卡,并不会生效,这是一个已知的bug。
  其余不动,只添加 netcfg/choose_interface=auto 指令。

[root@server ~]# vim /var/lib/tftpboot/pxelinux.cfg/default
LABEL ubuntu-18.04.5-hwe-x86_64
        kernel /images/ubuntu-18.04.5-hwe-x86_64/linux
        MENU LABEL ubuntu-18.04.5-hwe-x86_64
        append initrd=/images/ubuntu-18.04.5-hwe-x86_64/initrd.gz ksdevice=bootif netcfg/choose_interface=auto lang=  text  auto-install/enable=true priority=critical url= hostname=ubuntu-18.04.5-hwe-x8664 domain=local.lan suite=bionic
        ipappend 2


[root@server ~]# systemctl restart cobblerd dhcpd httpd rsyncd xinetd
[root@server ~]# systemctl enable cobblerd dhcpd httpd rsyncd xinetd



/etc/cobbler/settings           # cobbler主配置文件
/etc/cobbler/dhcp.template      # DHCP服务的配置模板
/etc/cobbler/tftpd.template     # tftp服务的配置模板
/etc/cobbler/pxe                # pxe模板文件,主要是 pxedefault.template 
/etc/cobbler/dnsmasq.template   # DNS服务的配置模板

/var/lib/cobbler/kickstarts     # 默认存放kickstart文件
/var/lib/cobbler/loaders        # 存放的各种引导程序

/var/www/cobbler/ks_mirror      # 导入的系统镜像列表
/var/www/cobbler/images         # 导入的系统镜像启动文件
/var/www/cobbler/repo_mirror    # repo源存储目录

/var/log/cobbler/install.log    # 客户端系统安装日志
/var/log/cobbler/cobbler.log    # cobbler日志

/etc/dhcp/dhcpd.conf        # dhcp服务配置文件
/var/lib/tftpboot/          # tftp共享目录,存放引导文件
/var/lib/tftpboot/pxelinux.cfg/default      # pxe网络安装选择菜单
/var/lib/tftpboot/grub/efidefault           # pxe网络安装选择菜单(uefi)


cobbler list            # 列出所有的cobbler元素
cobbler check           # 检查cobbler配置,主要用于检查cobbler配置是否有错
cobbler sync            # 同步模板文件配置到dhcp、pxe和数据目录,更改某些配置后记得执行一下,同步一下配置。
cobbler import          # 导入安装的系统光盘镜像
cobbler report          # 列出各元素的详细信息
cobbler distro          # 查看导入的发行版系统信息,不但可以查看导入的发行版系统信息还可以增加与修改等
cobbler profile         # 查看配置信息,不但可以查看Kickstart文件而且还可以编辑与删除此文件
cobbler system          # 查看添加的系统信息
cobbler reposync        # 同步yum仓库到本地,同步远程的yum源到本地
cobbler signature update
cobbler --help          # 获得cobbler的帮助 
cobbler distro --help   # 获得cobbler子命令的帮助
Like Love Haha Wow Sad Angry