4

一、介绍

  Cobbler 可以用来快速批量安装 Linux 系统,这里我们在 centos 7 上部署它来引导批量安装 ubuntu 18.04.5-server 系统。

环境:

主机 系统 IP地址
server centos 7.6.1810 10.0.0.5
node1 未安装操作系统
node2 未安装操作系统

二、配置

1、系统初始化

(1)关闭selinux和防火墙
setenforce 0
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld

(2)配置yum源
mkdir -p /etc/yum.repos.d/centos
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/centos
curl -o /etc/yum.repos.d/CentoS-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo     
curl -o /etc/yum.repos.d/epel7.repo http://mirrors.aliyun.com/repo/epel-7.repo  

2、安装Cobbler

需要安装相关一些软件。

 • dhcp:用来给客户端主机分配可用的IP地址。
 • tftp:用来给客户端主机提供引导及驱动文件。
 • httpd:用来给客户端主机提供镜像、应答文件以及一些自定义的文件脚本之类的。
yum install -y cobbler cobbler-web dhcp tftp-server httpd pykickstart rsync xinetd

3、配置Cobbler

[root@server ~]# vim /etc/cobbler/settings      # 修改以下配置
next_server: 10.0.0.5       # pxe引导地址
server: 10.0.0.5            # Cobbler服务地址
manage_dhcp: 1              # 启用Cobbler的DHCP管理功能
default_password_crypted: "$1$B8DvnqZY$ZtrEjkRM4JOJB.QzwPXmV."      # 客户端root用户密码,使用下面加密后的值

# 加密密码
[root@server ~]# openssl passwd -1 '000000'     # 最后面单引号里面是要加密的密码
$1$B8DvnqZY$ZtrEjkRM4JOJB.QzwPXmV.

# 可以采用sed替换
sed -ri 's/^(next_server:).*/\1 10.0.0.5/' /etc/cobbler/settings  
sed -ri 's/^(server:).*/\1 10.0.0.5/' /etc/cobbler/settings
sed -ri 's/^(manage_dhcp:).*/\1 1/' /etc/cobbler/settings
sed -ri 's#^(default_password_crypted:).*#\1 "$1$B8DvnqZY$ZtrEjkRM4JOJB.QzwPXmV."#' /etc/cobbler/settings

启动 Cobbler 服务,并加载下载一些引导文件

systemctl start cobblerd httpd
cobbler get-loaders

4、配置dhcp

配置 DHCP 模板(注意根据实际网络环境进行修改)

[root@server ~]# vim /etc/cobbler/dhcp.template     # 修改以下配置  
subnet 10.0.0.0 netmask 255.255.255.0 {
     option routers             10.0.0.2;
     option domain-name-servers 114.114.114.114;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        10.0.0.100 10.0.0.200;

5、配置tftp

将 disable 设置为 no 就可以开启 tftp 了

[root@server ~]# vim /etc/xinetd.d/tftp

        disable                 = no

6、同步模板文件

cobbler sync

7、配置seed文件

  seed 预配置文件准备。在下面目录中有一些模板文件,一般常用 sample.seed 做标准模板,然后根据实际进行改动。以下 ubuntu18045.seed 就是根据 sample.seed 改动出来的。

[root@server ~]# cd /var/lib/cobbler/kickstarts/
[root@server kickstarts]# ls
default.ks    install_profiles  sample_autoyast.xml  sample_esxi4.ks  sample.ks        sample.seed.28
esxi4-ks.cfg  legacy.ks         sample_end.ks        sample_esxi5.ks  sample_old.seed
esxi5-ks.cfg  pxerescue.ks      sample_esx4.ks       sample_esxi6.ks  sample.seed

[root@server kickstarts]# vim ubuntu18045.seed

下面是 ubuntu18045.seed 文件内容。(注意根据实际情况进行修改)

# Mostly based on the Ubuntu installation guide
# https://help.ubuntu.com/18.04/installation-guide/
# Debian sample
# https://www.debian.org/releases/stable/example-preseed.txt

# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US

# Keyboard selection.
# Disable automatic (interactive) keymap detection.
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us
d-i keyboard-configuration/toggle select No toggling
d-i keyboard-configuration/layoutcode string us
d-i keyboard-configuration/variantcode string

# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
#set $myhostname = $getVar('hostname',$getVar('name','cobbler')).replace("_","-")
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string $myhostname

# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
# d-i hw-detect/load_firmware boolean true

# NTP/Time Setup
d-i time/zone string Asia/Shanghai
d-i clock-setup/utc boolean true
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server  string ntp1.aliyun.com

# Setup the installation source
d-i mirror/country string manual
d-i mirror/http/hostname string $http_server
d-i mirror/http/directory string $install_source_directory
d-i mirror/http/proxy string

#set $os_v = $getVar('os_version','')
#if $breed == "ubuntu" and $os_v and $os_v.lower() != 'precise'
# Required at least for ubuntu 12.10+ , so test os_v is not precise. Olders versions are not supported anymore
d-i live-installer/net-image string http://$http_server/cobbler/links/$distro_name/install/filesystem.squashfs
#end if

# Suite to install.
# d-i mirror/suite string precise
# d-i mirror/udeb/suite string precise

# Components to use for loading installer components (optional).
#d-i mirror/udeb/components multiselect main, restricted

# Disk Partitioning
# Use LVM, and wipe out anything that already exists
#d-i partman-auto/disk string /dev/sda
#d-i partman/choose_partition select finish
#d-i partman/confirm boolean true
#d-i partman/confirm_nooverwrite boolean true
#d-i partman-auto/method string lvm
#d-i partman-auto/method string regular
#d-i partman-lvm/device_remove_lvm boolean true
#d-i partman-lvm/confirm boolean true
#d-i partman-lvm/confirm_nooverwrite boolean true
#d-i partman-md/device_remove_md boolean true
#d-i partman-partitioning/confirm_write_new_label boolean true

d-i partman-auto/disk string /dev/sda
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-auto/method string regular
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-auto/choose_recipe select atomic
d-i partman-md/device_remove_md boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
#d-i partman/default_filesystem string ext4
#d-i partman/mount_style select uuid

# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home:   separate /home partition
# - multi:  separate /home, /usr, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic

# If you just want to change the default filesystem from ext3 to something
# else, you can do that without providing a full recipe.
# d-i partman/default_filesystem string ext4

# root account and password
d-i passwd/root-login boolean true
d-i passwd/root-password-crypted password $default_password_crypted

# skip creation of a normal user account.
d-i passwd/make-user boolean false

# You can choose to install restricted and universe software, or to install
# software from the backports repository.
#d-i apt-setup/restricted boolean false
#d-i apt-setup/universe boolean false
#d-i apt-setup/backports boolean false

# Uncomment this if you don't want to use a network mirror.
# d-i apt-setup/use_mirror boolean false

# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
#d-i apt-setup/services-select multiselect security
#d-i apt-setup/security_host string mirrors.aliyun.com
#d-i apt-setup/security_path string /ubuntu
d-i apt-setup/services-select multiselect security
d-i apt-setup/security_host string 10.0.0.5
d-i apt-setup/security_path string /cobbler/ks_mirror/ubuntu-18.04.5-X86_64

$SNIPPET('preseed_apt_repo_config')

# Enable deb-src lines
# d-i apt-setup/local0/source boolean true

# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out
# d-i apt-setup/local0/key string http://local.server/key

# By default the installer requires that repositories be authenticated
# using a known gpg key. This setting can be used to disable that
# authentication. Warning: Insecure, not recommended.
# d-i debian-installer/allow_unauthenticated boolean true

# Package selection
# Default for minimal
tasksel tasksel/first multiselect standard
# Default for server
# tasksel tasksel/first multiselect standard, web-server
# Default for gnome-desktop
# tasksel tasksel/first multiselect standard, gnome-desktop

# Individual additional packages to install
# wget is REQUIRED otherwise quite a few things won't work
# later in the build (like late-command scripts)
#d-i pkgsel/include string wget ntp ssh
#d-i pkgsel/include string openssh-server
d-i pkgsel/include string wget ssh
#d-i pkgsel/upgrade select none
#d-i pkgsel/update-policy select none

# Debian needs this for the installer to avoid any question for grub
# Please verify that it suit your needs as it may overwrite any usb stick
#if $breed == "debian"
d-i grub-installer/grub2_instead_of_grub_legacy boolean true
d-i grub-installer/bootdev string default
#d-i grub-installer/timeout string 5
#end if

# Use the following option to add additional boot parameters for the
# installed system (if supported by the bootloader installer).
# Note: options passed to the installer will be added automatically.
d-i debian-installer/add-kernel-opts string $kernel_options_post

# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note

## Figure out if we're kickstarting a system or a profile
#if $getVar('system_name','') != ''
#set $what = "system"
#else
#set $what = "profile"
#end if

# This first command is run as early as possible, just after preseeding is read.
# d-i preseed/early_command string [command]
d-i preseed/early_command string wget -O- \
   http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_early_default | \
   /bin/sh -s

# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
# d-i partman/early_command \
#       string debconf-set partman-auto/disk "\$(list-devices disk | head -n1)"

# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
# d-i preseed/late_command string [command]
d-i preseed/late_command string wget -O- \
   http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_late_default | \
   chroot /target /bin/sh -s

d-i preseed/late_command string mkdir -p /target/root/.ssh ; \
wget -O /target/etc/apt/sources.list http://$http_server/cobbler/ks_mirror/bash/sources.list ; \
wget -P /target/etc/netplan/ http://$http_server/cobbler/ks_mirror/bash/50-cloud-init.yaml.bak ; \
wget -P /target/root/ http://$http_server/cobbler/ks_mirror/bash/ubuntu18.sh ; \
wget -P /target/root/ http://$http_server/cobbler/ks_mirror/bash/network.sh ; \
wget -P /target/root/ http://$http_server/cobbler/ks_mirror/bash/NVIDIA-Linux-x86_64-460.67.run ; \
wget -P /target/root/.ssh http://$http_server/cobbler/ks_mirror/bash/authorized_keys ; \
chmod 400 /target/root/.ssh/authorized_keys ; \
cd /target ; \
chroot ./ bash /root/ubuntu18.sh ; \
chroot ./ sh /root/NVIDIA-Linux-x86_64-460.67.run --no-x-check --no-nouveau-check --no-opengl-files -q -a -s --ui=none ; \
echo ""

8、导入镜像

(1)系统镜像准备
mkdir -p /mnt/ubuntu
mount -t iso9660 -r -o ro,loop ubuntu-18.04.5-server-amd64.iso /mnt/ubuntu/

(2)导入镜像
cobbler import --path=/mnt/ubuntu --name=ubuntu-18.04.5 --kickstart=/var/lib/cobbler/kickstarts/ubuntu18045.seed --arch=x86_64

验证:

[root@server kickstarts]# cobbler list
distros:
   ubuntu-18.04.5-hwe-x86_64
   ubuntu-18.04.5-x86_64

profiles:
   ubuntu-18.04.5-hwe-x86_64
   ubuntu-18.04.5-x86_64

systems:

repos:
   ubuntu-18.04.5-hwe-x86_64
   ubuntu-18.04.5-x86_64

images:

mgmtclasses:

packages:

files:

9、文件和脚本准备

注意根据实际情况进行修改。

[root@server ~]# mkdir -p /var/www/cobbler/ks_mirror/bash
[root@server ~]# cd /var/www/cobbler/ks_mirror/bash

秘钥准备,用作 cobbler 服务端与节点机的免密:

[root@server bash]# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
[root@server bash]# cp -a /root/.ssh/id_rsa.pub authorized_keys

系统初始化脚本:(要干什么自行添加修改)

[root@server bash]# vim ubuntu18.sh
#!/bin/bash

sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
systemctl stop ufw.service
systemctl disable ufw.service
echo -e "NTP=ntp1.aliyun.com\nFallbackNTP=ntp.ubuntu.com" >> /etc/systemd/timesyncd.conf
systemctl restart systemd-timesyncd

apt update
apt install -y vim gcc make gparted net-tools htop screen

cat >> /etc/security/limits.conf << EOF
*       soft        nofile  655350
*       hard        nofile  655350
*       soft        nproc   655350
*       hard        nproc   655350
root        soft        nofile  655350
root        hard        nofile  655350
root        soft        nproc   655350
root        hard        nproc   655350
EOF

cp /etc/sysctl.conf /etc/sysctl.conf.bak
cat > /etc/sysctl.conf << EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096        87380   4194304
net.ipv4.tcp_wmem = 4096        16384   4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024    65000
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
EOF

/sbin/sysctl -p

#cd /root/
#chmod +x NVIDIA-Linux-x86_64-460.67.run
#./NVIDIA-Linux-x86_64-460.67.run --no-x-check --no-nouveau-check --no-opengl-files -q -a -s --ui=none

rm -rf /root/ubuntu18.sh

apt 源文件 sources.list,使用阿里源:

[root@server bash]# vim sources.list
deb https://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

显卡驱动准备

[root@server bash]# wget https://cn.download.nvidia.com/XFree86/Linux-x86_64/460.67/NVIDIA-Linux-x86_64-460.67.run

网卡配置模板文件:(根据实际修改)

[root@server bash]# vim 50-cloud-init.yaml.bak 
network:
    ethernets:
        ens8f0:
            addresses: 
            - 10.0.0.x/24
            gateway4: 10.0.0.2
            nameservers:
                addresses:
                - 114.114.114.114
        enxb03af2b6059f:
            dhcp4: true
    version: 2

  网络脚本,用于修改之前的网卡配置模板文件并应用。在装好的系统上执行此脚本,输入IP修改网卡IP地址,将动态地址换成静态地址。(根据实际修改)

[root@server bash]# vim network.sh 
#!/bin/bash
cd /etc/netplan/
gzip 01-netcfg.yaml
read -p "please ip address: " IP
cat 50-cloud-init.yaml.bak | sed '/\/24$/c "            - '"$IP"'/24' | sed 's/"//' > 50-cloud-init.yaml
chmod 644 50-cloud-init.yaml
netplan apply
cd

10、配置pxe默认启动项

只改动了timeout,其余用默认的没动。

(1)修改超时时间
[root@server ~]# vim /etc/cobbler/pxe/pxedefault.template   # 修改以下配置    
TIMEOUT 10

(2)设置pxe_timeout_profile变量启动项
[root@server ~]# cobbler system add --name=default --profile=ubuntu-18.04.5-hwe-x86_64

(3)同步
[root@server ~]# cobbler sync

11、多网卡环境网卡选择

  当服务器有多块网卡时,会停在网卡选择哪里不动,需要人工进行选择。使用 seed 文件里的 netcfg/choose_interface select 选项指定网卡,并不会生效,这是一个已知的bug。
  要解决这个问题,需要将此选项传递给内核,则它将按预期工作,如下:
  其余不动,只添加 netcfg/choose_interface=auto 指令。

[root@server ~]# vim /var/lib/tftpboot/pxelinux.cfg/default
......省略
LABEL ubuntu-18.04.5-hwe-x86_64
        kernel /images/ubuntu-18.04.5-hwe-x86_64/linux
        MENU LABEL ubuntu-18.04.5-hwe-x86_64
        append initrd=/images/ubuntu-18.04.5-hwe-x86_64/initrd.gz ksdevice=bootif netcfg/choose_interface=auto lang=  text  auto-install/enable=true priority=critical url=http://10.0.0.5/cblr/svc/op/ks/profile/ubuntu-18.04.5-hwe-x86_64 hostname=ubuntu-18.04.5-hwe-x8664 domain=local.lan suite=bionic
        ipappend 2
......省略

12、启动服务

[root@server ~]# systemctl restart cobblerd dhcpd httpd rsyncd xinetd
[root@server ~]# systemctl enable cobblerd dhcpd httpd rsyncd xinetd

三、cobbler相关文件和常用命令

1、相关文件

1、Cobbler配置文件目录:/etc/cobbler
/etc/cobbler/settings           # cobbler主配置文件
/etc/cobbler/dhcp.template      # DHCP服务的配置模板
/etc/cobbler/tftpd.template     # tftp服务的配置模板
/etc/cobbler/pxe                # pxe模板文件,主要是 pxedefault.template 
/etc/cobbler/dnsmasq.template   # DNS服务的配置模板

2、Cobbler数据目录:/var/lib/cobbler
/var/lib/cobbler/kickstarts     # 默认存放kickstart文件
/var/lib/cobbler/loaders        # 存放的各种引导程序

3、系统安装镜像目录:/var/www/cobbler
/var/www/cobbler/ks_mirror      # 导入的系统镜像列表
/var/www/cobbler/images         # 导入的系统镜像启动文件
/var/www/cobbler/repo_mirror    # repo源存储目录

4、日志目录:/var/log/cobbler
/var/log/cobbler/install.log    # 客户端系统安装日志
/var/log/cobbler/cobbler.log    # cobbler日志

5、dhcp和tftp相关
/etc/dhcp/dhcpd.conf        # dhcp服务配置文件
/var/lib/tftpboot/          # tftp共享目录,存放引导文件
/var/lib/tftpboot/pxelinux.cfg/default      # pxe网络安装选择菜单
/var/lib/tftpboot/grub/efidefault           # pxe网络安装选择菜单(uefi)

2、常用命令

cobbler list            # 列出所有的cobbler元素
cobbler check           # 检查cobbler配置,主要用于检查cobbler配置是否有错
cobbler sync            # 同步模板文件配置到dhcp、pxe和数据目录,更改某些配置后记得执行一下,同步一下配置。
cobbler import          # 导入安装的系统光盘镜像
cobbler report          # 列出各元素的详细信息
cobbler distro          # 查看导入的发行版系统信息,不但可以查看导入的发行版系统信息还可以增加与修改等
cobbler profile         # 查看配置信息,不但可以查看Kickstart文件而且还可以编辑与删除此文件
cobbler system          # 查看添加的系统信息
cobbler reposync        # 同步yum仓库到本地,同步远程的yum源到本地
cobbler signature update
cobbler --help          # 获得cobbler的帮助 
cobbler distro --help   # 获得cobbler子命令的帮助
4

这篇文章有 2 个评论

  1. Avatar photo
    第 Storm页

    cobbler有很多网卡support不是很好, 基本是最大的痛点了吧;
    而且cobbler现在好像不再支持boot loaders了;
    博主能详细讲解下preseed的分区部分么?

    1. Avatar photo
      cp

      文中分区是自动标准分区,它会自动识别 legacy 和 uefi 的方式,根据不同的方式自动处理去分区。至于配置项的意思去查阅官方文档吧。
      一般来说:
      legacy:自动分一个区,分配所有硬盘容量,挂载在 / 下。磁盘格式是dos,也就是mbr。
      uefi:自动分两个分区,一个是特殊分区EFI分区,挂载在/ boot/efi 下;一个是根分区。磁盘格式是gpt。

发表评论

验证码: + 82 = 91