知識點

• Razor
• microkernel
• repository
• tags
• broker
• policy
• winPE

Razor安裝

• Database安置
• Razor Server安置
• Razor Client安置

自動化部署centos7

• 安裝配置dnsmasq DHCP/TFTP/iPXE
• 導(dǎo)入iPXE軟件
• 通過microkernel注冊裸機節(jié)點
• 創(chuàng)建鏡像文件repository
• 創(chuàng)建節(jié)點tags
• 創(chuàng)建broker
• 創(chuàng)建policy

自動化部署win7（失斃纤佟）

• 配置samba
• 通過microkernel注冊裸機節(jié)點（方法同上）
• 創(chuàng)建鏡像文件repository
• 創(chuàng)建win7PE（失敺ㄉ）
• 創(chuàng)建節(jié)點tags
• 創(chuàng)建broker
• 創(chuàng)建policy

知識點

• Razor
  Razor is a provisioning application that deploys bare-metal systems. Policy-based provisioning lets you use characteristics of the hardware as well as user-provided data to make provisioning decisions. You can automatically discover bare-metal hardware, dynamically configure operating systems and hypervisors, and hand off nodes to Puppet for workload configuration.

Whenever a new node gets added, Razor discovers its characteristics by booting it with the Razor microkernel and inventorying its facts. The node is tagged based on its characteristics. Tags contain a match condition — a Boolean expression that has access to the node’s facts and determines whether the tag should be applied to the node or not. Node tags are compared to tags in the policy table. The first policy with tags that match the node’s tags is applied to the node.

• microkernel
  razor定制的小型linux，用于啟動裸機節(jié)點并收集信息

• repository
  用于存放系統(tǒng)安裝文件的庫

• 可通過以下三種參數(shù)創(chuàng)建不同類型的庫

      url           – Points to content available on another server, for example, on a mirror that you maintain.
      iso-url       – Downloads and unpacks an ISO on the Razor server.
      no_content    – Creates a stub directory on the Razor server that you can manually fill with content.
  

• 創(chuàng)建庫的語法：
  razor create-repo --name=<repo name> --task <task name> --iso-url <URL>

• 獲取幫助：
  razor create-repo --help

• tags
  由唯一的名稱和匹配規(guī)則組成，用于歸類滿足匹配規(guī)則的裸機節(jié)點毯焕。

• 將內(nèi)存小于2G的節(jié)點歸類為OldPC
  razor create-tag --name OldPC --rule '["<", ["num", ["fact", "memorysize_mb"]], 2048]'

• 大于4個cpu（以上規(guī)則還可以這樣寫）
  [">", ["num", ["fact", "processorcount"]], 4]

• 包含相關(guān)mac地址（也可以這樣寫）
  ["has_macaddress", "00:1a:4a:16:01:54", "00:1a:4a:16:01:55"]

• 獲取幫助
  razor create-tag --help

• broker

• 默認三種類型

     puppet-pe  – Hands off node management to Puppet Enterprise. This broker specifies the address of the Puppet server, the Puppet Enterprise version, and for Windows, the location of the Windows agent installer.
     puppet   – Hands off management to open source Puppet. This broker specifies the address of the Puppet server, the node certname, and the environment.
     noop  – Doesn’t hand off management. A no-op broker can be useful for getting started quickly or doing a basic installation without configuration management.
  

• 可以自行創(chuàng)建類型
  參考：https://docs.puppet.com/pe/latest/razor_brokers.html

  • policy
    告訴Razor該裝什么系統(tǒng)（軟件）鲁猩，哪里獲取安裝文件以及如何配置此系統(tǒng)适滓。

• 創(chuàng)建方法
  razor create-policy --name centos-for-OldPC --repo centos-6 --broker noop --tag OldPC --root-password secret --max-count 20

• winPE

Razor安裝

Database安置

主機centos7對應(yīng)庫的postgresql版本太低损谦，從postgresql官方站點安裝最新版postgresql
yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-redhat96-9.6-3.noarch.rpm
查看相關(guān)postgresql包名稱
yum list postgresql*
安裝新版postgresql
yum install postgresql96-server
初始化postgresql-9.6
/usr/pgsql-9.6/bin/postgresql96-setup initdb
設(shè)置postgresql-9.6開機自啟動
systemctl enable postgresql-9.6.service
啟動postgresql-9.6服務(wù)
systemctl start postgresql-9.6.service

允許本地通過用戶名密碼連接postgresql數(shù)據(jù)庫
vim /var/lib/pgsql/9.6/data/pg_hba.conf

local   all             all                                     trust
host    all             all             127.0.0.1/32            trust

為razor服務(wù)器創(chuàng)建數(shù)據(jù)庫razor_prd和用戶razor
su - postgres
createuser -P razor #password:razor
createdb -O razor razor_prd

安裝razor-server

將安裝相關(guān)文件并創(chuàng)建用戶razor來運行服務(wù)
yum install http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
yum install razor-server

配置razor連接到razor_prd數(shù)據(jù)庫的參數(shù)
vim /etc/razor/config.yaml

  production:
    database_url: 'jdbc:postgresql:razor_prd?user=razor&password=razor'

將數(shù)據(jù)導(dǎo)入到數(shù)據(jù)庫
razor-admin -e production migrate-database

啟動razor-server服務(wù)
service razor-server start

驗證服務(wù)是否已正常啟動
wget http://localhost:8150/api

安裝razor-client

yum install -y gem
gem install razor-client
razor -u http://razor:8150/api --help #驗證是否正確安裝

導(dǎo)入microkernel到razor庫
cd /var/lib/razor/repo-store
wget https://s3-us-west-2.amazonaws.com/razor-releases/microkernel-007.tar
tar xvf /root/microkernel-007.tar

自動化部署centos7

安裝配置dnsmasq DHCP/TFTP/iPXE

yum install -y dnsmasq
vim /etc/dnsmasq.conf

conf-dir=/etc/dnsmasq.d
listen-address=192.168.122.217,127.0.0.1
dhcp-range=192.168.122.50,192.168.122.55,12h

mkdir /var/lib/tftpboot
chmod 655 /var/lib/tftpboot

vim /etc/dnsmasq.d/razor

# This works for dnsmasq 2.45
# iPXE sets option 175, mark it for network IPXEBOOT
dhcp-match=IPXEBOOT,175
dhcp-boot=net:IPXEBOOT,bootstrap.ipxe
dhcp-boot=undionly.kpxe

# TFTP setup
enable-tftp
tftp-root=/var/lib/tftpboot

導(dǎo)入iPXE軟件

wget http://boot.ipxe.org/undionly.kpxe -O /var/lib/tftpboot/undionly.kpxe

wget http://razor:8150/api/microkernel/bootstrap?nic_max=1 -O /var/lib/tftpboot/bootstrap.ipxe

通過microkernel注冊安裝節(jié)點

將裸機節(jié)點以PXE啟動

在Razor服務(wù)器上查看節(jié)點信息razor nodes
[root@razor repo-store]# razor nodes

From http://localhost:8150/api/collections/nodes:

+-------+-------------------+-------+------------------+----------------+
| name  | dhcp_mac          | tags  | policy           | metadata count |
+-------+-------------------+-------+------------------+----------------+
| node1 | 00:1a:4a:16:01:54 | small | centos-for-small | 0              |
+-------+-------------------+-------+------------------+----------------+
Query an entry by including its name, e.g. `razor nodes node1`

razor nodes <NODE_NAME> facts
輸出裸機的相關(guān)信息，后續(xù)可以參考這些項目來定義tags
[root@razor repo-store]# razor nodes node1 facts

From http://localhost:8150/api/collections/nodes/node1:

                virtual: kvm
            is_virtual: true
            hardwareisa: x86_64
            processors: 
                                models: [Intel Celeron_4x0 (Conroe/Merom Class Core 2)]
                                    count: 1
                            physicalcount: 1
        system_uptime: 
                            seconds: 4348
                            hours: 1
                            days: 0
                            uptime: 1:12 hours
            dhcp_servers: 
                            system: 192.168.122.217
                            eth0: 192.168.122.217
            network_eth0: 192.168.122.0
            network_lo: 127.0.0.0
            macaddress: 00:1a:4a:16:01:54
            architecture: x86_64
        hardwaremodel: x86_64
                    os: 
                            name: CentOS
                            family: RedHat
                            release: 
                                    major: 7
                                    minor: 1
                                        full: 7.1.1503
        facterversion: 2.4.4
            bios_vendor: SeaBIOS
            bios_version: seabios-1.7.5-11.el7
    bios_release_date: 04/01/2014
            manufacturer: oVirt
            productname: oVirt Node
            serialnumber: 4C4C4544-004C-4710-8032-B3C04F373232
                    uuid: A4DBC573-34AE-4BD3-9626-739C68A0AD08
                    type: Other
physicalprocessorcount: 1
    blockdevice_sr0_size: 1073741312
blockdevice_sr0_vendor: QEMU
blockdevice_sr0_model: QEMU DVD-ROM
            blockdevices: sr0
            processor0: Intel Celeron_4x0 (Conroe/Merom Class Core 2)
        processorcount: 1
            ipaddress: 192.168.122.54
            rubyplatform: x86_64-linux
            interfaces: eth0,lo
        ipaddress_eth0: 192.168.122.54
        macaddress_eth0: 00:1a:4a:16:01:54
            netmask_eth0: 255.255.255.0
                mtu_eth0: 1500
            ipaddress_lo: 127.0.0.1
            netmask_lo: 255.0.0.0
                mtu_lo: 65536
                    gid: root
        memorysize_mb: 991.59
        memoryfree_mb: 903.64
                uniqueid: 007f0100
                netmask: 255.255.255.0

Query additional details via: `razor nodes node1 facts [dhcp_servers, os, processors, system_uptime]`

創(chuàng)建鏡像文件repository

因為本地已有iso鏡像文件找颓，所以采用file協(xié)議傳文件合愈，但要注意razor用戶是否有目錄和文件的讀權(quán)限。
razor create-repo --name centos-7.0 --task centos --iso-url file:///root/CentOS-7.0-1406-x86_64-Minimal.iso

可以通過命令 razor commands來查看以上操作的執(zhí)行狀態(tài)击狮。

如果以上執(zhí)行狀態(tài)為fail佛析，可以重建名為centos-7.0的庫，并手動將iso文件掛載到razor的repository
razor create-repo --name centos-7.0 --no-content --task centos
cd /var/lib/razor/repo-store
mkdir centos-7.0
mount /root/CentOS-7.0-1406-x86_64-Minimal.iso centos-7.0

創(chuàng)建節(jié)點tags

通過tags可以將裸機歸類彪蓬，以便按不同機器類型來部署不同OS發(fā)行版
razor create-tag --name small --rule '["<",["num",["fact","memorysize_mb"]],2048]'

查看哪些機器被標記為small
razor tags small nodes

創(chuàng)建broker

因沒有安裝puppet,所有就將broker類型配置為noop
razor create-broker --name nobroker --broker-type noop

創(chuàng)建policy

razor create-policy --name centos-for-small --repo centos-7.0 --tag small --root-password centec --hostname 'node1_vm.ctcnet.com' --broker nobroker

再次pxe啟動裸機節(jié)點寸莫，將自動部署centos-7.0-minimal系統(tǒng)

自動化部署win7(失敗)

前提條件

   要先準備安裝win7的機器，在這臺主機上制作包含razor腳本的winPE盤档冬。同時服務(wù)器上要部署samba膘茎，以便winPE能訪問win7系統(tǒng)安裝文件桃纯。

安裝配置samba

yum install samba -y

vim /etc/samba/smb.conf

     security = user
 #   passdb backend = tdbsam
     map to guest = bad user

    [razor]
        comment   = Windows Installers
        path      = /var/lib/razor/repo-store
        guest ok  = yes
        writable  = no
        browsable = yes

重啟samba服務(wù): systemctl restart smb

創(chuàng)建鏡像文件repository

razor create-repo --name win7 --no-content --task win7
yum install http://mirrors.kernel.org/fedora-epel/epel-release-latest-7.noarch.rpm
yum install p7zip p7zip-plugins -y
cd /var/lib/razor/repo-store
mkdir win7&&cd win7
7z x /root/cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso

進入準備好的win7主機

安裝ADK

https://download.microsoft.com/download/6/A/E/6AEA92B0-A412-4622-983E-5B305D2EBE56/adk/adksetup.exe

制作win7PE(失敗)

 從Razor服務(wù)器拷貝/opt/razor/build-winpe/下所有文件到win7中，使用命令調(diào)用powershell腳本來制作PE鏡像（制作失斉怠）