Linux之DHCP+tftp+syslinux+PXE+Cobbler
DHCP簡(jiǎn)介
DHCP全稱(chēng)為:Dynamic host configuration protocol協(xié)議,其協(xié)議前身為Boot protocol, 其工作于67,68/UDP端口,服務(wù)端工作于67端口,客戶(hù)端監(jiān)聽(tīng)于68端口. 在某此情況下, dhcp server可能會(huì)與客戶(hù)端通信,故需要監(jiān)聽(tīng)在67端口,接收服務(wù)端的通訊請(qǐng)求. 在客戶(hù)端操作系統(tǒng)開(kāi)機(jī)系統(tǒng)加載時(shí), 有一個(gè)特定的服務(wù)可以激活client程序,激活后,客戶(hù)端通過(guò)網(wǎng)卡向外發(fā)送rarp報(bào)文,向局域網(wǎng)的DHCP server請(qǐng)求獲取IP地址.
DHCP的工作原理:
- Client啟動(dòng)時(shí), 有一個(gè)服務(wù)激活Client客戶(hù)端程序,它通過(guò)本地網(wǎng)卡發(fā)送rarp報(bào)文.
- Client:
- 發(fā)送DHCP Discover(發(fā)現(xiàn)報(bào)文),其是廣播方式
- Server:
- 發(fā)送DHCP Offer報(bào)文,其有l(wèi)ease(租約時(shí)間),其是廣播方式
- Client:
- 先檢測(cè)本地有沒(méi)有主機(jī)使用此IP地址, 再發(fā)送DHCP Request確認(rèn)報(bào)文,其是廣播方式
- Server:
- 發(fā)送DHCP ACK確認(rèn)報(bào)文,其是廣播方式
地址租約到期的工作原理
- Client
- 可用時(shí)間達(dá)到50%的時(shí)候,就要向server端續(xù)租,發(fā)送dhcp request報(bào)文,其是單播的方式
- Server
- 發(fā)送dhcp ack報(bào)文給予確認(rèn), 把時(shí)間延長(zhǎng)至指定期約
如果地址不可用了
- server
- 發(fā)送dhcp nak報(bào)文,通知其IP地址不可用
- Client
- 發(fā)送dhcp discover報(bào)文,重新開(kāi)始申請(qǐng)地址的過(guò)程.
續(xù)租的服務(wù)器不存在
- Client
- 在租期到50%的時(shí)候開(kāi)始發(fā)送dhcp request報(bào)文,如果服務(wù)器不在線(xiàn), 將在剩下的50%租約中(75%),再發(fā)送dhcp request報(bào)文,如果服務(wù)器還是不在線(xiàn), 將在剩下的50%租約中(87.5%),再發(fā)送dhcp request報(bào)文,如果服務(wù)器還是不在線(xiàn), 重新發(fā)起dchp discover報(bào)文廣播,向網(wǎng)絡(luò)中的主機(jī)申請(qǐng)新的IP地址.
DCHP Relay工作原理
relay就是中斷,類(lèi)似于代理. 由路由器監(jiān)聽(tīng)在本地的67號(hào)端口,當(dāng)本地網(wǎng)絡(luò)有dchp discover報(bào)文到達(dá)路由器的端口時(shí), 路由器將discover廣播報(bào)文發(fā)送至指定的DHCP Server(路由器到DHCP SERVER是單播的方式).
=====
DHCP服務(wù)的安裝
- yum install dhcp
DHCP服務(wù)的管理
- Centos 6
- service dhcpd start
- Centso 7
- systemctl start dhcpd.service
DHCP服務(wù)的配置文件
-
工作目錄:
- /etc/dhcp/
-
配置文件:
- /etc/dhcp/dhcpd.conf : IPv4的配置文件
- /etc/dhcp/dhcpd6.conf : IPv6的配置文件
-
各Unit file文件:
- /usr/lib/systemd/system/dhcpd.service
- /usr/lib/systemd/system/dhcpd6.service
- /usr/lib/systemd/system/dhcrelay.service
-
配置示例文件:
- /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example
/etc/dhcp/dhcpd.conf配置文件參數(shù)說(shuō)明:
- 每個(gè)參數(shù)結(jié)尾都以
;號(hào)結(jié)尾 -
option: 定義向外分配的網(wǎng)絡(luò)屬性 -
非option: DHCP自己的工作特性 -
option domain-name: 定義域名稱(chēng) -
option domain-name-servers:定義DNS地址 -
default-lease-time 600: 定義租約時(shí)長(zhǎng) -
max-lease-time 7200: 定義最大租約時(shí)長(zhǎng) -
log-facility local7;: 日志發(fā)給那個(gè)facility來(lái)記錄 -
subnet 172.16.36.0 netmask 255.255.255.0 {}: 來(lái)定義一個(gè)作用域 -
range IP IP: 作用域的IP地址范圍 -
options routers IP: 默認(rèn)分配的網(wǎng)關(guān)地址 -
filename: 基于網(wǎng)卡引導(dǎo)時(shí), 需要加載的啟動(dòng)初始化文件名稱(chēng) -
next-server IP: 初始化文件存放服務(wù)器地址,其需要一個(gè)tftp server來(lái)支撐并提供服務(wù) -
host NAME {}: 能夠固定為某主機(jī)分配某IP地址,NAME是全局唯一名稱(chēng) -
hardware ehernet 00:00:00:00:00:00: 需要綁定IP的主機(jī)的MAC地址 -
fixed-address IP: 為其保留的IP地址, 其IP地址不能為地址池中的地址, 以名沖突
配置示例:
option domain-name "zhenping.me";
option domain-name-servers 172.16.0.1;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 172.16.36.0 netmask 255.255.255.0 {
range 172.16.36.80 172.16.36.90;
option routers 172.16.36.70;
filename "pxelinux.0";
next-server 172.16.36.70;
}
host web_srvs {
hardware ethernet 00:00:00:00:00:00;
fixed-address 172.16.200.200;
配置文件簡(jiǎn)述格式:
option
default-lease-time
max-lease-time
subnet NETWORK netmask MASK {
range START END;
option routers;
option domain-name;
option domain-servers;
filename;12222222222222
next-server;
}
host HOST_ID {
hardware ethernet;
fixed-address;
}
dhclient命令
其是基于dhcp協(xié)議來(lái)獲取IP地址, 其在Linux平臺(tái)系統(tǒng)啟動(dòng)時(shí), 就已經(jīng)啟動(dòng)了此工具并且已運(yùn)行于后臺(tái),如果主機(jī)是DHCP獲取的地址, 那么需要它來(lái)測(cè)試時(shí), 需要先將其強(qiáng)制kill掉,再運(yùn)行其命令.
-
-d: 將dhclient命令工作于前臺(tái)
操作示例:
[root@Centos7 ~]# dhclient -d
Internet Systems Consortium DHCP Client 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eno16777736/00:0c:29:f2:94:ac
Sending on LPF/eno16777736/00:0c:29:f2:94:ac
Sending on Socket/fallback
DHCPREQUEST on eno16777736 to 255.255.255.255 port 67 (xid=0x798803b8)
DHCPACK from 172.16.0.1 (xid=0x798803b8)
bound to 172.16.249.82 -- renewal in 36368 seconds.
DHCP Server是172.16.0.1
獲取到的IP地址為: 172.16.249.82
TFTP Server
其是基于udp文件傳輸?shù)膮f(xié)議, 工作于69/udp端口,在Centos 6平臺(tái)依賴(lài)于xinetd服務(wù),其也是C/S架構(gòu), 服務(wù)端為:tftp-server, 客戶(hù)端為:tftp.
TFTP的安裝
- 服務(wù)端的安裝:
yum install tftp-server
- 客戶(hù)端的安裝:
yum install tftp
TFTP共享的默認(rèn)路徑:
/var/lib/tftpboot/
各平臺(tái)TFTP服務(wù)器的啟動(dòng)
- Centos 6:
- chkconfig tftp on
- service xinetd start
- Centos 7:
- systemctl start tftp.socket
需要確認(rèn)TFTP Server在Xinetd服務(wù)下是否啟用:
如果disable = no , 表示已經(jīng)啟用,需要將其也改為no.
[root@Centos7 ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -B 1380 -v -s /var/lib/tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
=======
syslinux
什么是syslinux
其是一個(gè)套件, 是各種bootloaders的合集.
syslinux的安裝
- yum install syslinux
各bootloaders的文件合集的存放路徑
- /usr/share/syslinux/
[root@Centos7 ~]# ls /usr/share/syslinux/
altmbr.bin diag/ gptmbr_f.bin int18.com kbdmap.c32 memdump.com reboot.c32 vesainfo.c32
altmbr_c.bin disk.c32 gpxecmd.c32 isohdpfx.bin linux.c32 meminfo.c32 rosh.c32 vesamenu.c32
altmbr_f.bin dmitest.c32 gpxelinux.0 isohdpfx_c.bin ls.c32 menu.c32 sanboot.c32 vpdtest.c32
cat.c32 dosutil/ gpxelinuxk.0 isohdpfx_f.bin lua.c32 pcitest.c32 sdi.c32 whichsys.c32
chain.c32 elf.c32 hdt.c32 isohdppx.bin mboot.c32 pmload.c32 sysdump.c32 zzjson.c32
cmd.c32 ethersel.c32 host.c32 isohdppx_c.bin mbr.bin poweroff.com syslinux64.exe
config.c32 gfxboot.c32 ifcpu64.c32 isohdppx_f.bin mbr_c.bin pwd.c32 syslinux.com
cpuid.c32 gptmbr.bin ifcpu.c32 isolinux.bin mbr_f.bin pxechain.com syslinux.exe
cpuidtest.c32 gptmbr_c.bin ifplop.c32 isolinux-debug.bin memdisk pxelinux.0 ver.com
=====
PXE服務(wù)
簡(jiǎn)介
PXE(preboot execute environment,預(yù)啟動(dòng)執(zhí)行環(huán)境)是由Intel公司開(kāi)發(fā)的最新技術(shù)存皂,工作于Client/Server的網(wǎng)絡(luò)模式吗跋,支持工作站通過(guò)網(wǎng)絡(luò)從遠(yuǎn)端服務(wù)器下載映像,并由此支持通過(guò)網(wǎng)絡(luò)啟動(dòng)操作系統(tǒng)估盘,在啟動(dòng)過(guò)程中,終端要求服務(wù)器分配IP地址骡尽,再用TFTP(trivial file transfer protocol)或MTFTP(multicast trivial file transfer protocol)協(xié)議下載一個(gè)啟動(dòng)軟件包到本機(jī)內(nèi)存中執(zhí)行,PXE可以引導(dǎo)多種操作系統(tǒng)遣妥,如:Windows95/98/2000/windows2003/windows2008/winXP/win7/win8,linux等。
PXE環(huán)境依賴(lài)的服務(wù)
- DHCP
- TFTP
- fileserver(yum repository), 可以由httpd服務(wù)提供
PXE環(huán)境的安裝示例:
####配置dhcp服務(wù)
yum install dhcp
cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example dhcpd.conf #復(fù)制DHCP自帶示例文件
vim /etc/dhcp/dhcpd.conf
option domain-name "zhenping.me"; #域名稱(chēng)為zhenping.me
option domain-name-servers 172.16.0.1; # DNS server IP.
default-lease-time 600; #默認(rèn)租約時(shí)間
max-lease-time 7200; #最大租約時(shí)間
log-facility local7; #日志文件由哪個(gè)facility來(lái)記錄
######配置作用域及提供TFTP SERVER服務(wù)的服務(wù)器及FILENMAE
subnet 172.16.36.0 netmask 255.255.255.0 {
range 172.16.36.80 172.16.36.90;
option routers 172.16.0.1;
filename "pxelinux.0";
next-server 172.16.36.70;
}
######安裝syslinux套件,獲取各bootloader文件.
yum install syslinux
######安裝tftp server服務(wù)
yum install tftp-server
######將pxelinux.0文件復(fù)制到tftp共享路徑,此文件為引導(dǎo)文件.
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
#######插入系統(tǒng)光盤(pán)
# mkdir /media/cdrom
# mount -r /dev/cdrom /media/cdrom/
# cd /media/cdrom/images/pxeboot
######復(fù)制系統(tǒng)啟動(dòng)時(shí)所需的kernel文件及ramdisk文件
# cp vmlinuz initrd.img /var/lib/tftpboot/
######復(fù)制系統(tǒng)引導(dǎo)過(guò)程中的所需要文件
# cd /usr/share/syslinux
# cp chain.c32 mboot.c32 menu.c32 memdisk /var/lib/tftpboot/
######創(chuàng)建pxelinux.cfg目錄,并建立default文件,其是引導(dǎo)界面中的各選項(xiàng)配置
# mkdir /var/lib/tftpboot/pxelinux.cfg
# vim /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
prompt 5
timeout 30
MENU TITLE CentOS 7 PXE Menu
LABEL linux #此LABEL的linux,可以在引導(dǎo)界面下輸入linux來(lái)引導(dǎo)
MENU LABEL Install CentOS 7 X86_64 #引導(dǎo)界面的名稱(chēng)
KERNEL vmlinuz #所需要的kernel文件
APPEND initrd=initrd.img inst.repo=http://172.16.36.70/centos7 ks=http://172.16.36.70/centos7.cfg #指定所需的ramdisk文件,及repo的地址(即光盤(pán)就是一個(gè)repo倉(cāng)庫(kù)), ks文件的訪(fǎng)問(wèn)路徑. 以HTTP方式訪(fǎng)問(wèn)的路徑文件, 都是以httpd服務(wù)提供的頁(yè)面.
######安裝并配置httpd服務(wù)
#yum install httpd
# mkdir /var/www/html/centos7
######將光盤(pán)的掛載內(nèi)容直接與httpd的網(wǎng)站根目錄下的centos7文件夾綁定
# mount --bind /media/cdrom/ /var/www/html/centos7
#######配置安裝所需要的kickstart文件
# vim /var/www/html/centos7.cfg
#platform=x86, AMD64, 或 Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# X Window System configuration information
xconfig --startxonboot
# Keyboard layouts
# old format: keyboard us
# new format:
keyboard --vckeymap=cn --xlayouts='cn'
# Reboot after installation
reboot
# Root password
rootpw --iscrypted $1$HDHf2v4i$LMo.xGHfxQDOf8e043C.g/
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url="http://172.16.36.70/centos7" #這是安裝的repository地址.
# System language
lang zh_CN
user --groups=wheel --name=mageedu --password=$6$1eWrOetY$DfLZgquGiOaNkwpEF4ItMipz.1kpn7Q.s6oXyoW2bALkWesRWHCCACICkJ.2zBXDbwEw0ibR.wxStLI41ZhfF1 --iscrypted --gecos="MageEdu"
# Firewall configuration
firewall --disabled
# Network information
network --bootproto=dhcp --device=eth0
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
firstboot --disable
# SELinux configuration
selinux --permissive
ignoredisk --only-use=sda
# System bootloader configuration
bootloader --location=mbr --boot-drive=sda
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part /boot --asprimary --fstype="xfs" --size=512
part swap --fstype="swap" --size=2048
part /usr --fstype="xfs" --size=20480
part / --fstype="xfs" --size=20480
%packages
@base
@core
@fonts
@internet-browser
@java-platform
@kde-apps
@kde-desktop
@network-file-system-client
@networkmanager-submodules
@x11
lftp
screen
wget
tree
%end
%post
systemctl set-default multi-user.target
rm -f /etc/yum.repos.d/CentOS-Base.repo
wget -q -O /etc/yum.repos.d/CentOS-Base.repo http://172.16.0.1/repos/CentOS-Base.repo
wget -q -O /etc/yum.repos.d/epel.repo http://172.16.0.1/repos/epel.repo
echo -e 'Mage Education Learning Services\nhttp://www.magedu.com\n' >> /etc/issue
%end
######啟動(dòng)各項(xiàng)服務(wù)并查看其服務(wù)的監(jiān)聽(tīng)狀態(tài):
# systemctl start httpd.service
# systemctl start dhcpd.service
# systemctl start tftp.socket
====
Cobbler服務(wù)
簡(jiǎn)介
由Readhat公司于2008年推出,cobbler是pxe的二次封裝, 其是由python語(yǔ)言研發(fā),其也依賴(lài)于DHCP, TFTP, FILESERVER(repository,即http服務(wù)),rsync服務(wù).cobbler可以使用模塊化的管理DHCP,TFTP和http服務(wù). cobbler軟件是由epel源提供.故需要配置好epel源.
Cobbler的術(shù)語(yǔ):
- distro : repository(repo倉(cāng)庫(kù)), 表示一個(gè)發(fā)行版,標(biāo)記一個(gè)發(fā)行版的最關(guān)鍵資源是kernel和ramdisk
- profile : kickstart(不同的kickstart文件,制作不同的安裝項(xiàng))
- system : 做MAC與IP綁定的
Cobbler的安裝
- yum install cobbler
Cobbler的配置文件
- /etc/cobbler/settings
Cobbler的配置文件參數(shù)
-
server IP: 提供cobbler服務(wù)的主機(jī)相應(yīng)的IP地址或主機(jī)名 -
next_server: 提供PXE服務(wù)的主機(jī)相應(yīng)的IP地址 -
default_password_crypted 密碼串: 可以使用`openssl passwd -1 -salt $(openssl rand -hex 4),生成密碼串,并替換配置文件中的此參數(shù)的密碼串 -
manage_dhcp:0: 0表示不由cobbler來(lái)管理,1表示由cobbler來(lái)管理
注意:在平常的配置中, 只需要上面三項(xiàng)參數(shù)即可使用
Cobbler的服務(wù)管理
- Centos 6
- service cobblerd start
- Centso 7
- systemctl start cobblerd
cobbler命令
-
cobbler distro
- add : 添加
- remove : 刪除
- list : 查看
- rename : 重命名
-
cobbler profile
add : 添加
remove : 刪除
list : 查看
rename : 重命名
注意: 添加的kickstart文件將存放于:/var/lib/cobbler/kickstarts/路徑下面.
cobbler profile rename --name=Centos7-1503-x86_64 --newname=Centos-7-1503-x86_64-minimal
cobbler profile add --name=Centos-7-x86_64-1503-server --distro=Centos-7-1503-x86_64 --kickstart=/var/lib/cobbler/kickstart/centos7.cfg
對(duì)Centos-7-1503-x86_64倉(cāng)庫(kù)鏡像文件, 在引導(dǎo)界面中,添加一個(gè)Centos-7-x86_64-1503-server的安裝條目,且利用指定的kickstart文件/var/lib/cobbler/kickstart/centos7.cfg, 來(lái)引導(dǎo)安裝過(guò)程
- cobbler import
- --name : 配電室導(dǎo)入的distro名稱(chēng)
- --path : 指定從那個(gè)鏡像文件導(dǎo)入
cobbler import --name="Centos-7_X86_64-1503" --path=/media/cdrom
此命令將把光盤(pán)中的所有內(nèi)容都復(fù)制至本地磁盤(pán), 在/var/www/目錄下生成一個(gè)cobbler文件夾
配置示例1:
Cobbler:
一攀细、安裝
前提:cobbler由epel源提供箫踩,故此需要事先配置指向epel的yum源方可進(jìn)行類(lèi)似下面的安裝過(guò)程。
# yum install cobbler cobbler-web pykickstart debmirror
# service httpd start
# service cobblerd start
執(zhí)行“cobbler check命令檢查存的問(wèn)題谭贪,而后逐一按提示解決之境钟。常見(jiàn)的問(wèn)題如下所示:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
4 : change 'disable' to 'no' in /etc/xinetd.d/rsync
5 : comment 'dists' on /etc/debmirror.conf for proper debian support
6 : comment 'arches' on /etc/debmirror.conf for proper debian support
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
如上各問(wèn)題的解決方法如下所示:
1、修改/etc/cobbler/settings文件中的server參數(shù)的值為提供cobbler服務(wù)的主機(jī)相應(yīng)的IP地址或主機(jī)名俭识,如172.16.100.15吱韭;
2、修改/etc/cobbler/settings文件中的next_server參數(shù)的值為提供PXE服務(wù)的主機(jī)相應(yīng)的IP地址,如172.16.100.16理盆;
3痘煤、如果當(dāng)前節(jié)點(diǎn)可以訪(fǎng)問(wèn)互聯(lián)網(wǎng),執(zhí)行“cobbler get-loaders”命令即可猿规;否則衷快,需要安裝syslinux程序包,而后復(fù)制/usr/share/syslinux/{pxelinux.0,memu.c32}等文件至/var/lib/cobbler/loaders/目錄中姨俩;
4蘸拔、執(zhí)行“chkconfig rsync on”命令即可;
5环葵、注釋/etc/debmirror.conf文件中的“@dists="sid";”一行调窍;
6、注釋/etc/debmirror.conf文件中的“@arches="i386";”一行张遭;
7邓萨、執(zhí)行“openssl passwd -1 -salt $(openssl rand -hex 4)”生成密碼,并用其替換/etc/cobbler/settings文件中default_password_crypted參數(shù)的值菊卷;
8缔恳、執(zhí)行“yum install cman fence-agents”命令安裝相應(yīng)的程序包即可;
接著重啟cobblerd洁闰,而后執(zhí)行“cobbler sync”同步新的配置至cobbler歉甚。
二、配置及啟動(dòng)cobbler所依賴(lài)的各服務(wù)
cobbler的運(yùn)行依賴(lài)于dhcp扑眉、tftp纸泄、rsync及dns服務(wù)。其中dhcp可由dhcpd(isc)提供腰素,也可由dnsmasq提供聘裁;tftp可由tftp-server程序包提供,也可由cobbler自帶的tftp功能提供耸弄;rsync由rsync程序包提供;dns可由bind提供卓缰,也可由dnsmasq提供计呈。
cobbler可自行管理這些服務(wù)中的部分甚至是全部,但需要配置/etc/cobbler/settings文件中的“manage_dhcp”征唬、“manage_tftpd”捌显、“manage_rsync”和“manage_dns”分別進(jìn)行定義。另外总寒,由于每種服務(wù)都有著不同的實(shí)現(xiàn)方式扶歪,如若需要進(jìn)行自定義,需要通過(guò)修改/etc/cobbler/modules.conf配置文件中各服務(wù)的模塊參數(shù)的值來(lái)實(shí)現(xiàn)。
本文采用了獨(dú)立管理的方式善镰,即不通過(guò)cobbler來(lái)管理這些服務(wù)妹萨。
2.1 配置dhcp服務(wù)
定義好所需的“subnet”及其它參數(shù)或選項(xiàng),而后啟動(dòng)dhcpd守護(hù)進(jìn)程即可炫欺。本示例中所用的dhcpd的配置如下所示:
option domain-name "magedu.com";
option domain-name-servers 192.168.10.254,172.16.0.1;
default-lease-time 43200;
max-lease-time 86400;
log-facility local7;
subnet 172.16.0.0 netmask 255.255.0.0 {
range 172.16.100.121 172.16.100200;
option routers 172.16.100.7;
}
next-server 172.16.100.7;
filename="pxelinux.0";
接著使用“service dhcpd start”啟動(dòng)服務(wù)即可乎完。
2.2 配置tftp服務(wù)
# chkconfig tftp on
# service xinetd restart
三、配置cobbler
cobbler的各主要組件間的關(guān)系如下圖所示品洛。
3.1 管理distro
使cobbler變得可用的第一步為定義distro树姨,其可以通過(guò)為其指定外部的安裝引導(dǎo)內(nèi)核及ramdisk文件的方式實(shí)現(xiàn)。而如果已經(jīng)有完整的系統(tǒng)安裝樹(shù)(如CentOS6的安裝鏡像)則推薦使用import直接導(dǎo)入的方式進(jìn)行桥状。
例如帽揪,對(duì)于已經(jīng)掛載至/media/cdrom目錄的CentOS 6.5 x86_64的安裝鏡像,則可以使用類(lèi)似如下命令進(jìn)行導(dǎo)入辅斟。
# cobbler import --name=centos-6.5-x86_64 --path=/media/cdrom
可使用“cobbler distro list”列出所有的distro转晰。
如果有kickstart文件,也可以使用“--kickstart=/path/to/kickstart_file”進(jìn)行導(dǎo)入砾肺,因此import會(huì)自動(dòng)為導(dǎo)入的distro生成一個(gè)profile挽霉。
3.2 管理profile
cobbler使用profile來(lái)為特定的需求類(lèi)別提供所需要安裝配置,即在distro的基礎(chǔ)上通過(guò)提供kickstart文件來(lái)生成一個(gè)特定的系統(tǒng)安裝配置变汪。distro的profile可以出現(xiàn)在PXE的引導(dǎo)菜單中作為安裝的選擇之一侠坎。
因此,如果需要為前面創(chuàng)建的centos-6.5-x86_64這個(gè)distro提供一個(gè)可引導(dǎo)安裝條目裙盾,其用到的kickstart文件為/tmp/centos-6.5-x86_64.cfg(只提供了最基本的程序包)实胸,則可通過(guò)如下命令實(shí)現(xiàn)。
# cobbler profile add --name=centos-6.5-x86_64-basic --distro=centos-6.5-x86_64 --kickstart=/tmp/centos-6.5-x86_64.cfg
可使用“cobbler profile list”查看已經(jīng)創(chuàng)建的profile番官。
四庐完、使用cobbler_web
4.1 配置cobbler_web的認(rèn)證功能
cobbler_web支持多種認(rèn)證方式,如authn_configfile徘熔、authn_ldap或authn_pam等门躯,默認(rèn)為authn_denyall,即拒絕所有用戶(hù)登錄酷师。下面說(shuō)明兩種能認(rèn)證用戶(hù)登錄cobbler_web的方式讶凉。
4.1.1 使用authn_pam模塊認(rèn)證cobbler_web用戶(hù)
首先修改modules中[authentication]段的module參數(shù)的值為authn_pam。
接著添加系統(tǒng)用戶(hù)山孔,用戶(hù)名和密碼按需設(shè)定即可懂讯,例如下面的命令所示。
# useradd cblradmin
# echo 'cblrpass' | passwd --stdin cblradmin
而后將cblradmin用戶(hù)添加至cobbler_web的admin組中台颠。修改/etc/cobbler/users.conf文件褐望,將cblradmin用戶(hù)名添加為admin參數(shù)的值即可,如下所示。
[admins]
admin = "cblradmin"
最后重啟cobblerd服務(wù)瘫里,通過(guò)http://YOUR_COBBLERD_IP/cobbler_web訪(fǎng)問(wèn)即可实蔽。
4.1.2 使用authn_configfile模塊認(rèn)證cobbler_web用戶(hù)
首先修改modules.conf中[authentication]段的module參數(shù)的值為authn_configfile。
接著創(chuàng)建其認(rèn)證文件/etc/cobbler/users.digest减宣,并添加所需的用戶(hù)即可盐须。需要注意的是,添加第一個(gè)用戶(hù)時(shí)漆腌,需要為htdigest命令使用“-c”選項(xiàng)贼邓,后續(xù)添加其他用戶(hù)時(shí)不能再使用;另外闷尿,cobbler_web的realm只能為Cobbler塑径。如下所示。
# htdigest -c /etc/cobbler/users.digest Cobbler cblradmin
最后重啟cobblerd服務(wù)填具,通過(guò)http://YOUR_COBBLERD_IP/cobbler_web訪(fǎng)問(wèn)即可统舀。
安裝配置示例二:
cobbler的安裝及配置
安裝所依賴(lài)的服務(wù)-DHCP
~]# yum install dhcp
~]# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
~]# vim /etc/dhcp/dhcpd.conf
option domain-name "zhenping.me";
option domain-name-servers 172.16.0.1;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 172.16.36.0 netmask 255.255.255.0 {
range 172.16.36.80 172.16.36.90;
option routers 172.16.36.70;
filename "pxelinux.0";
next-server 172.16.36.70;
}
~]# systemctl start dhcpd.service
~]# ss -nulp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:67 *:*
~]# yum install syslinux -y
~]# yum install tftp-server -y
~]# cp /usr/share/syslinux/pxelinux.0 /var/lib/cobbler/loaders
~]# cp /usr/share/syslinux/menu.c32 /var/lib/cobbler/loaders
~]# systemctl start tftp.socket
~]# systemctl start httpd.service
~]# vim /etc/cobbler/settings
default_password_crypted: "$6$OjGi5IvB$ybqkSzKw9oQEuZj1FVfyuweW924H.MXed9OSXDPjz1YZY2t95jYxaeX15C10zwe032Dh4qCOa9OXiEcGey86E0:16854" (此密碼串可以使用openss passwd生成,也可以使用添加用戶(hù)設(shè)置的密碼)
server: 172.16.36.70
next_server: 172.16.36.70
~]# systemctl restart cobblerd
~]# cobbler check
~]# systemctl start rsyncd.socket
掛載系統(tǒng)鏡像文件:
~]# cobbler import --name="CentOS-7-1503-X86_64" --path=/media/cdrom
~]# cobbler sync
~]# cobbler distro list
CentOS-7-1503-X86_64-x86_64
插入Centos 6的系統(tǒng)光盤(pán),進(jìn)行6的制作
~]# mount /dev/cdrom /media/cdrom/
~]# cobbler import --name=Centos-6-X86_64 --path=/media/cdrom
~]# cobbler sync
為Centos7提供定制的kickstart文件,并制作cobbler的profile
~]# cp centos7.cfg /var/lib/cobbler/kickstarts/
~]# cobbler profile add --name=CentOS-7-X86_64_1503-Web_Server --distro=CentOS-7-1503-X86_64-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg
[root@Centos7 ~]# cobbler profile list
CentOS-7-1503-X86_64-x86_64
CentOS-7-X86_64_1503-Web_Server
Centos-6-X86_64-x86_64
查看Cobbler的啟動(dòng)界面配置文件(此文件可以修改,但在重啟服務(wù)或者cobbler sync命令后,文件將復(fù)原):
~]# cat /var/lib/tftpboot/pxelinux.cfg/default
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.com
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local
LABEL local
MENU LABEL (local)
MENU DEFAULT
LOCALBOOT -1
LABEL CentOS-7-1503-X86_64-x86_64
kernel /images/CentOS-7-1503-X86_64-x86_64/vmlinuz
MENU LABEL CentOS-7-1503-X86_64-x86_64
append initrd=/images/CentOS-7-1503-X86_64-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://172.16.36.70/cblr/svc/op/ks/profile/CentOS-7-1503-X86_64-x86_64
ipappend 2
LABEL CentOS-7-X86_64_1503-Web_Server
kernel /images/CentOS-7-1503-X86_64-x86_64/vmlinuz
MENU LABEL CentOS-7-X86_64_1503-Web_Server
append initrd=/images/CentOS-7-1503-X86_64-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://172.16.36.70/cblr/svc/op/ks/profile/CentOS-7-X86_64_1503-Web_Server
ipappend 2
LABEL Centos-6-X86_64-x86_64
kernel /images/Centos-6-X86_64-x86_64/vmlinuz
MENU LABEL Centos-6-X86_64-x86_64
append initrd=/images/Centos-6-X86_64-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://172.16.36.70/cblr/svc/op/ks/profile/Centos-6-X86_64-x86_64
ipappend 2
MENU end
總結(jié):
cobbler的依賴(lài)服務(wù),需要確認(rèn)如下:
systemctl start dhcpd.service
systemctl start tftp.socket
systemctl start rsyncd.socket
systemctl start cobblerd.service
systemctl start httpd.service
Centos 7的xinet.d服務(wù)未存在,但需要將/etc/xinet.d/服務(wù)腳本中的disable = yes , 修改為disable = no
安裝配置cobbler-web服務(wù)
vim /etc/cobbler/modules.conf
確認(rèn)其使用的認(rèn)證配置方式
~]# htdigest -c /etc/cobbler/users.digest cobbler cblradmin
