【51CTO獨(dú)家特稿】SA們現(xiàn)在都知道運(yùn)維自動化的重要性，尤其是對于在服務(wù)器數(shù)量按幾百臺、幾千臺增加的公司而言，單單是裝系統(tǒng)，如果不通過自動化來完成，根本是不可想象的。

運(yùn)維自動化安裝方面，早期一般使用人工配置pxe+dhcp+tftp配合kickstart，現(xiàn)在開源工具就多了，如cobbler，OpenQRM和Spacewalk。本文重點(diǎn)介紹Cobbler。

Cobbler介紹

Cobbler是一個(gè)快速網(wǎng)絡(luò)安裝linux的服務(wù)，而且在經(jīng)過調(diào)整也可以支持網(wǎng)絡(luò)安裝windows。該工具使用python開發(fā)，小巧輕便（才15k行代碼），使用簡單的命令即可完成PXE網(wǎng)絡(luò)安裝環(huán)境的配置，同時(shí)還可以管理DHCP，DNS，以及yum包鏡像。

Cobbler支持命令行管理，web界面管理，還提供了API接口，可以方便二次開發(fā)使用。

和Kickstart不同的是，使用cobbler不會因?yàn)樵诰钟蚓W(wǎng)中啟動了dhcp而導(dǎo)致有些機(jī)器因?yàn)槟J(rèn)從pxe啟動在重啟服務(wù)器后加載tftp內(nèi)容導(dǎo)致啟動終止。

常用架構(gòu)如下圖：

cobbler的安裝部署配置

cobbler安裝環(huán)境準(zhǔn)備

對于centos本身源 ，可根據(jù)自己所在地選擇離自己近的鏡像源，比如mirrors.163.com或mirrors.sohu.com

1， 安裝epel

rpm -Uvh 'http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm'

2， 安裝dhcp服務(wù)

yum -y install dhcp

3， 其他服務(wù)的安裝

額外需要的服務(wù)還有tftp，rsync，xinetd，httpd。所以如果安裝系統(tǒng)的時(shí)候如果這幾個(gè)包沒裝上，請手動安裝。

4，關(guān)閉selinux

關(guān)閉后最好重啟一下，讓selinux的設(shè)置生效

cobbler安裝配置

1， cobbler安裝

yum -y install cobbler

2， cobbler的配置

啟動cobbler

# /etc/init.d/cobblerd start

啟動httpd服務(wù)

# /etc/init.d/httpd start

檢查配置，執(zhí)行

cobbler check

執(zhí)行完后出現(xiàn)下面的信息

The following are potential configuration items that you may want to fix:
 
 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost,or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
 3 : you need to set some SELinux content rules to ensure cobbler works correctly in your SELinux environment, run the following:
      /usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && \
      /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*"
 4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot.The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
 5 : change 'disable' to 'no' in /etc/xinetd.d/tftp
 6 : change 'disable' to 'no' in /etc/xinetd.d/rsync
 7 : since iptables may be running, ensure 69, 80, and 25151 are unblocked
 8 : debmirror package is not installed, it will be required to manage debian deployments and repositories
 9 : The default password used by the sample templates for newly installed machines
      (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed,
      try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
 
 Restart cobblerd and then run 'cobbler sync' to apply changes.

上面這段信息大意就是：

1，編輯/etc/cobbler/settings文件，找到 server選項(xiàng)，修改為適當(dāng)?shù)膇p地址，本實(shí)例配置ip為：192.168.10.1

2，編輯/etc/cobbler/settings文件，找到 next_server選項(xiàng)，修改為適當(dāng)?shù)膇p地址，本實(shí)例配置ip為：192.168.10.1

3，SELinux的設(shè)置。如果上面已經(jīng)關(guān)閉了SELinux就不用管了

4，執(zhí)行 cobbler get-loaders，系統(tǒng)將自動下載loader程序，完成提示4的修復(fù)工作。

5，編輯/etc/xinetd.d/tftp文件，將文件中的disable字段的配置由yes改為no

6，編輯/etc/xinetd.d/rsync文件，將文件中的disable字段的配置由yes改為no

7，在iptables中將69，80，25151端口打開。如果僅僅只是在內(nèi)部環(huán)境中使用，建議直接將防火墻關(guān)掉

8，提示說debmirror沒安裝。如果不是安裝 debian之類的系統(tǒng)，此提示可以忽略，如果需要安裝，下載地址為：

http://rpmfind.net/linux/rpm2html/search.php?query=debmirror

CentOS 6使用RHEL 5的包就可以。

9，修改cobbler用戶的默認(rèn)密碼，可以使用如下命令生成密碼，并使用生成后的密碼替換/etc/cobbler/settings中的密碼。生成密碼命令：

openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'

其中“random-phrase-here”為干擾碼

所有提示全部fix之后，執(zhí)行

/etc/init.d/cobblerd restart

#p#

cobbler的使用

導(dǎo)入安裝文件

執(zhí)行如下命令

cobbler import --path=rsync://mirrors.163.com/centos/6.0/os/i386/ --name=centos-6.0-i386
task started: 2011-08-12_143009_import
task started (id=Media import, time=Fri Aug 12 14:30:09 2011)
running: rsync -a  'rsync://10.4.8.1/centos/6.0/os/i386/' /var/www/cobbler/ks_mirror/centos-6.0-i386 --exclude-from=/etc/cobbler/rsync.exclude --progress
received on stdout: receiving file list ... 
4555 files to consider
中間部分省略……………………
sent 100341 bytes  received 4633547466 bytes  8784166.46 bytes/sec
total size is 4632564894  speedup is 1.00

received on stderr: 
adding distros
scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature
scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature
scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature
found content (breed=redhat) at /v
creating new distro: centos-6.0-i386
creating new profile: centos-6.0-i386
associating repos
traversing distro centos-6.0-i386
scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature
scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature
scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature
found content (breed=redhat) at /v
descent into /var/www/cobbler/ks_mirror/centos-6.0-i386
processing repo at : /var/www/cobbler/ks_mirror/centos-6.0-i386
need to process repo/comps: /var/www/cobbler/ks_mirror/centos-6.0-i386
looking for /var/www/cobbler/ks_mirror/centos-6.0-i386/repodata/*comps*.xml
running: createrepo -c cache -s sha --groupfile /var/www/cobbler/ks_mirror/centos-6.0-i386/repodata/73a3b7e0741eba6cafa8d5404b02565060e7f2293caab10657074186c48e713b-c6-i386-comps.xml /var/www/cobbler/ks_mirror/centos-6.0-i386
1278/4519 - Packages/clutter-1.0.6-3.el6.i686.rpm                               
iso-8859-1 encoding on Ville Skytt <ville.skytta@iki.fi> - 2.8.2-2

4519/4519 - Packages/xorg-x11-twm-1.0.3-5.1.el6.i686.rpm                        
Saving Primary metadata
Saving file lists metadata
Saving other metadata

received on stderr: 
associating kickstarts
scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot for distro signature
scanning /var/www/cobbler/ks_mirror/centos-6.0-i386/images for distro signature
scanning /var/www/cobbler/ks_mirror/centos-6.0-i386 for distro signature
found content (breed=redhat) at /v
*** TASK COMPLETE ***

從上面顯示信息所知，cobbler會將鏡像中的拷貝到本地一份，放在/var/www/cobbler/ks_mirrors下的centos-6.0-i386目錄下。同時(shí)會創(chuàng)建一個(gè)名字為centos-6.0-i386的一個(gè)發(fā)布版本，以及一個(gè)名字為centos-6.0-i386的profile文件。

配置dhcp服務(wù)

首先修改cobbler配置，讓cobbler來管理dhcp服務(wù)，編輯文件/etc/cobbler/settings

manage_dhcp: 1

接下來修改/etc/cobbler/dhcp.template，此文件是cobbler管理dhcp的模板

對于此文件，本例中只需要修改如下部分

subnet 192.168.10.0 netmask 255.255.255.0 {
     option routers             192.168.10.1;
     option domain-name-servers 8.8.8.8;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.10.100 192.168.10.254;
     filename                   "/pxelinux.0";
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;
}

其余部分維持默認(rèn)值即可。

到目前為止，全部的準(zhǔn)備工作已經(jīng)就算全部完成，接下來要做的就是啟動服務(wù)了。在之前的調(diào)試過程中，很多服務(wù)已經(jīng)啟動過了，這里只需要啟動xinetd服務(wù)即可：

/etc/init.d/xinetd start

同步cobbler配置

執(zhí)行

# cobbler sync

會看到如下列提示：

task started: 2011-08-11_170706_sync
task started (id=Sync, time=Thu Aug 11 17:07:06 2011)
running pre-sync triggers
cleaning trees
removing: /var/www/cobbler/images/centos-6.0-i386
removing: /var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/grub-x86.efi
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing: /var/lib/tftpboot/images/centos-6.0-i386
removing: /var/lib/tftpboot/s390x/profile_list
copying bootloaders
trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying distros
copying files for distro: centos-6.0-i386
trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/centos-6.0-i386/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/centos-6.0-i386/initrd.img
trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/vmlinuz -> /var/www/cobbler/images/centos-6.0-i386/vmlinuz
trying hardlink /var/www/cobbler/ks_mirror/centos-6.0-i386/images/pxeboot/initrd.img -> /var/www/cobbler/images/centos-6.0-i386/initrd.img
copying images
generating PXE configuration files
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
cleaning link caches
generating PXE menu structure
running post-sync triggers
running python triggers from /var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: /etc/rc.d/init.d/dhcpd restart
received on stdout: Shutting down dhcpd: [  OK  ]
Starting dhcpd: [  OK  ]

received on stderr:
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from /var/lib/cobbler/triggers/change/*
running python trigger cobbler.modules.scm_track
running shell triggers from /var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***

cobbler會自動進(jìn)行初始化工作，移除已經(jīng)存在的啟動項(xiàng)，然后根據(jù)模板拷貝loader文件。之后再生成pxe的配置文件，生成dhcp的配置文件，最后再重啟dhcp服務(wù)。
至此，就可以使用虛擬機(jī)來測試cobbler安裝了。

#p#

Cobbler測試安裝

在啟動的時(shí)候選擇PXE的模式。

然后就能看到下面的圖示內(nèi)容。虛擬機(jī)通過dhcp獲得了122段的ip，然后通過tftp獲得到pxe的啟動文件。

下圖是cobbler的pxe安裝啟動菜單，這里有我們剛剛創(chuàng)建好的CentOS版本。

系統(tǒng)安裝使用默認(rèn)的ks文件，經(jīng)過短暫的等待，系統(tǒng)就自動被安裝好了。

安裝好的系統(tǒng)如下圖所示。

#p#

Linux系統(tǒng)重裝測試

1，先確定當(dāng)前l(fā)inux系統(tǒng)中已經(jīng)安裝了koan軟件。對于koan的安裝可以放到ks文件中在安裝系統(tǒng)的過程中完成安裝操作。執(zhí)行如下命令檢查

# rpm -qa|grep koan
koan-2.0.11-2.el6.noarch

2，有了koan軟件后可以執(zhí)行如下操作，查看cobbler上的系統(tǒng)版本列表

# koan --server=192.168.10.1 --list=profiles
- looking for Cobbler at http://192.168.10.1/cobbler_api
centos-6.0-i386
centos-6.0-i386-kvm
centos6-vm
centos-6.0-x86_64

這里我們選擇centos-6.0-i386來重裝。可以執(zhí)行如下命令

# koan --server=192.168.10.1 --profile=centos-6.0-i386 --replace-self
- looking for Cobbler at http://192.168.10.1/cobbler_api
- reading URL: http://192.168.10.1/cblr/svc/op/ks/profile/centos-6.0-i386
install_tree: http://192.168.10.1/cobbler/ks_mirror/centos-6.0-i386
downloading initrd initrd.img to /boot/initrd.img
url=http://192.168.10.1/cobbler/images/centos-6.0-i386/initrd.img
- reading URL: http://192.168.10.1/cobbler/images/centos-6.0-i386/initrd.img
downloading kernel vmlinuz to /boot/vmlinuz
url=http://192.168.10.1/cobbler/images/centos-6.0-i386/vmlinuz
- reading URL: http://192.168.10.1/cobbler/images/centos-6.0-i386/vmlinuz
- ['/sbin/grubby', '--add-kernel', '/boot/vmlinuz', '--initrd', '/boot/initrd.img', '--args', '"ks=http://192.168.10.1/cblr/svc/op/ks/profile/centos-6.0-i386 ksdevice=link kssendmac lang= text "', '--copy-default', '--make-default', '--title=kick1313675750']
- reboot to apply changes
# reboot

紅色部分是手工輸入的，從其他部分信息可以看到，koan幫我們做了很多本該人工操作的內(nèi)容。

接下來看下重啟的過程：

由此看到，系統(tǒng)已經(jīng)進(jìn)入重裝的狀態(tài)了。

安裝使用心得

以上所有內(nèi)容雖然是在kvm虛擬機(jī)上測試的，但完全可以直接使用于生產(chǎn)環(huán)境中，不會給現(xiàn)有環(huán)境帶來任何影響。唯一需要做的就是規(guī)劃好現(xiàn)有網(wǎng)絡(luò)。

對于很多人擔(dān)心的生成環(huán)境開啟DHCP服務(wù)問題，我認(rèn)為不會對現(xiàn)有生產(chǎn)環(huán)境產(chǎn)生任何影響，理由有二：

1， 沒有人會在裝好系統(tǒng)后讓網(wǎng)卡使用dhcp模式，通常都是為網(wǎng)卡配置靜態(tài)ip

2， 從測試過程中看到，就算是服務(wù)器默認(rèn)設(shè)置成了通過pxe啟動，而且也順利的通過pxe啟動了，但之后會收到cobbler的引導(dǎo)菜單。如果默認(rèn)沒有任何選擇的話，20秒后會使用local方式加載，也就是啟動硬盤上的系統(tǒng)。

綜上所述，cobbler還是很安全的。

參考資料：netxfly的《服務(wù)器自動化運(yùn)維管理方案》 

【編輯推薦】

1. Linux裝機(jī)利器Cobbler簡述
2. 用Cfengine自動化基礎(chǔ)架構(gòu)進(jìn)行系統(tǒng)管理
3. 大型企業(yè)Unix服務(wù)器的自動化運(yùn)維
4. 開源自動化配置管理工具Puppet入門教程
5. 李洋：漫談基于開源工具的運(yùn)維自動化實(shí)現(xiàn)