1财搁、配置chrony服務(wù)蘸炸，實(shí)現(xiàn)服務(wù)器時(shí)間自動(dòng)同步

1. 準(zhǔn)備工作
   服務(wù)器：192.168.45.202，CentOS7系統(tǒng)尖奔，系統(tǒng)已禁用selinux和firewall
   客戶端：192.168.45.203搭儒，CentOS7系統(tǒng)，系統(tǒng)已禁用selinux和firewall
2. 服務(wù)器端配置
   2.1 由于CentOS7中已默認(rèn)安裝chrony包提茁，因此無需安裝淹禾，直接啟動(dòng)即可

[root@s202 ~]# systemctl start chronyd
[root@s202 ~]# systemctl enable chronyd

2.2 配置chrony
　vim /etc/chrony.conf

[root@s202 ~]# cat /etc/chrony.conf |sed '/^$/d'|sed '/^#/d'
server 192.168.45.202 iburst #設(shè)置作為NTP的IP或域名
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.45.0/16 #設(shè)置允許同步的IP段
local stratum 10  ##開啟，即使server指令中時(shí)間服務(wù)器不可用茴扁，也允許將本地時(shí)間作為標(biāo)準(zhǔn)時(shí)間授予其他客戶端
logdir /var/log/chrony

2.3 重啟chronyd服務(wù)

[root@s202 ~]# systemctl restart chronyd

3. 客戶端配置
   3.1 啟動(dòng)chronyd服務(wù)

[root@s203 ~]# systemctl start chronyd

3.2 修改/etc/chrony.conf

[root@s203 ~]# vim /etc/chrony.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.45.202 iburst

3.3 重新啟動(dòng)chronyd服務(wù)

[root@s203 ~]# systemctl restart chronyd

查看時(shí)間源的同步信息

[root@s203 ~]# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.45.202               11   7   377    88   +161us[ +168us] +/-   87ms

4. 驗(yàn)證：
   修改客戶端的時(shí)間為2021/07/12

[root@s203 ~]# date -s 07/12/2021
Mon Jul 12 00:00:00 CST 2021
[root@s203 ~]# date
Mon Jul 12 00:00:02 CST 2021

然后等待一會(huì)兒查看結(jié)果：

[root@centos7 ~]# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? 192.168.45.202               11   6    37    65  +43272m[+43272m] +/- 6218us
[root@centos7 ~]# chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.45.202               11   6   177     3  -1229ns[+43272m] +/-   12ms
[root@centos7 ~]# date
Sun Jul 12 22:51:13 CST 2020

2铃岔、實(shí)現(xiàn)cobbler+pxe自動(dòng)化裝機(jī)

1) 安裝cobbler包及相關(guān)依賴程序

注：cobbler需要啟用epel源安裝

[root@centos7 ~]#yum install cobbler dhcp tftp tftp-server httpd -y

2) 啟動(dòng)cobbler

[root@centos7 ~]# systemctl start cobblerd
[root@centos7 ~]# systemctl enable cobblerd
Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.

3) 對(duì)cobbler配置項(xiàng)進(jìn)行檢查

[root@centos7 ~]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : change 'disable' to 'no' in /etc/xinetd.d/tftp
4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
5 : enable and start rsyncd.service with systemctl
6 : debmirror package is not installed, it will be required to manage debian deployments and repositories
7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

4) 根據(jù)cobbler檢查結(jié)果進(jìn)行完善

①修改/etc/cobbler/settings

manage_dhcp: 1
next_server: 192.168.45.135
server: 192.168.45.135

②修改/etc/cobbler/settings中默認(rèn)密碼
首先生成一個(gè)加密密碼

[root@centos7 ~]# openssl passwd -1
Password: 
Verifying - Password: 
$1$7xkUcdUT$TMeUcl5TOEztKxCuPdX5N.

對(duì)default_password_crypted進(jìn)行替換

default_password_crypted: "$1$7xkUcdUT$TMeUcl5TOEztKxCuPdX5N."

③執(zhí)行cobbler get-loaders

[root@centos7 ~]# cobbler get-loaders
task started: 2020-07-19_215436_get_loaders
task started (id=Download Bootloader Content, time=Sun Jul 19 21:54:36 2020)
downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot
downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0
downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***

執(zhí)行同步操作cobbler sync，但報(bào)dhcp錯(cuò)誤

received on stdout: 
received on stderr: Redirecting to /bin/systemctl restart dhcpd.service
Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details.

Exception occured: <class 'cobbler.cexceptions.CX'>
Exception value: 'cobbler trigger failed: cobbler.modules.sync_post_restart_services'
Exception Info:
  File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 82, in run
    rc = self._run(self)
   File "/usr/lib/python2.7/site-packages/cobbler/remote.py", line 181, in runner
    return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger)
   File "/usr/lib/python2.7/site-packages/cobbler/api.py", line 763, in sync
    return sync.run()
   File "/usr/lib/python2.7/site-packages/cobbler/action_sync.py", line 144, in run
    utils.run_triggers(self.api, None, "/var/lib/cobbler/triggers/sync/post/*", logger=self.logger)
   File "/usr/lib/python2.7/site-packages/cobbler/utils.py", line 928, in run_triggers
    raise CX("cobbler trigger failed: %s" % m.__name__)

!!! TASK FAILED !!!

④配置DHCP峭火，修改/etc/cobbler/dhcp.template模板文件

subnet 192.168.45.0 netmask 255.255.255.0 {
     option routers             192.168.45.2;
     option domain-name-servers 192.168.45.2;
     option subnet-mask         255.255.255.0;
     range dynamic-bootp        192.168.45.210 192.168.45.230;
     default-lease-time         21600;
     max-lease-time             43200;
     next-server                $next_server;

⑤執(zhí)行同步cobbler sync,并啟動(dòng)DHCP服務(wù)

[root@centos7 ~]# cobbler sync

5) 啟動(dòng)dhcp/tftp/httpd等服務(wù)

[root@centos7 ~]# systemctl start dhcpd tftp httpd

6) 導(dǎo)入要安裝的系統(tǒng)文件

[root@centos7 ~]# mount /dev/sr0 /mnt/
mount: /dev/sr0 is write-protected, mounting read-only
[root@centos7 ~]# cobbler import --name=centos7 --path=/mnt
task started: 2020-07-19_221235_import
task started (id=Media import, time=Sun Jul 19 22:12:35 2020)

Found a candidate signature: breed=redhat, version=rhel7
Found a matching signature: breed=redhat, version=rhel7
Adding distros from path /var/www/cobbler/ks_mirror/centos7:
creating new distro: centos7-x86_64
trying symlink: /var/www/cobbler/ks_mirror/centos7 -> /var/www/cobbler/links/centos7-x86_64
creating new profile: centos7-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into /var/www/cobbler/ks_mirror/centos7 for centos7-x86_64
processing repo at : /var/www/cobbler/ks_mirror/centos7
need to process repo/comps: /var/www/cobbler/ks_mirror/centos7
looking for /var/www/cobbler/ks_mirror/centos7/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/centos7/repodata
*** TASK COMPLETE ***

此時(shí)cobbler已經(jīng)自動(dòng)將導(dǎo)入的系統(tǒng)加入菜單毁习，系統(tǒng)已可以進(jìn)行最小化自動(dòng)化安裝

[root@centos7 ~]# cat /var/lib/tftpboot/pxelinux.cfg/default 
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local

LABEL local
        MENU LABEL (local)
        MENU DEFAULT
        LOCALBOOT -1

LABEL centos7-x86_64
        kernel /images/centos7-x86_64/vmlinuz
        MENU LABEL centos7-x86_64
        append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.45.135/cblr/svc/op/ks/profile/centos7-x86_64
        ipappend 2

MENU end

7) 設(shè)置自定義kickstart文件，可以手工設(shè)置卖丸，也可以使用kickstart工具纺且，這里使用kickstart工具

kickstart工具需要安裝
[root@centos7 ~]# yum install system-config-kickstart
[root@centos7 ~]# system-config-kickstart 
/usr/share/system-config-kickstart/kickstartGui.py:104: GtkWarning: GtkSpinButton: setting an adjustment with non-zero page size is deprecated
  xml = gtk.glade.XML ("/usr/share/system-config-kickstart/system-config-kickstart.glade", domain="system-config-kickstart")
Loaded plugins: fastestmirror, langpacks
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration

在彈出的配置界面按步驟進(jìn)行設(shè)置即可，設(shè)置完成后保存至/var/lib/cobbler/kickstarts中備用（cobbler中的kickstart文件均放置在/var/lib/cobbler/kickstarts中）

kickstart設(shè)置界面

結(jié)果：

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$7WGID/oq$shmwTbH1j6Thxir1ceo/u.
# System language
lang en_US
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use graphical install
graphical
firstboot --disable
# SELinux configuration
selinux --disabled


# Firewall configuration
firewall --disabled
# Network information
network  --bootproto=dhcp --device=ens33
# Halt after installation
reboot
# System timezone
timezone Asia/Shanghai
# Use network installation
url --url=$tree
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part / --fstype="xfs" --size=102400
part /boot --fstype="xfs" --size=1024
part swap --fstype="swap" --size=4096
part /data --fstype="xfs" --grow --size=1

%packages
@^gnome-desktop-environment
@base
@core
@desktop-debugging
@dial-up
@directory-client
@fonts
@gnome-desktop
@guest-agents
@guest-desktop-agents
@input-methods
@internet-browser
@java-platform
@multimedia
@network-file-system-client
@networkmanager-submodules
@print-client
@x11
kexec-tools
autofs
%end

8) 新增自定義啟動(dòng)菜單稍浆，將自定義的kickstart文件添加到啟動(dòng)項(xiàng)中（自定義kickstart為自動(dòng)安裝桌面版系統(tǒng)）

[root@centos7 kickstarts]# cobbler profile add --name=centos7.6-x86_64_desktop --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.ks

此時(shí)啟動(dòng)菜單中已自動(dòng)新增一行菜單

[root@centos7 kickstarts]# cat /var/lib/tftpboot/pxelinux.cfg/default 
DEFAULT menu
PROMPT 0
MENU TITLE Cobbler | http://cobbler.github.io/
TIMEOUT 200
TOTALTIMEOUT 6000
ONTIMEOUT local

LABEL local
        MENU LABEL (local)
        MENU DEFAULT
        LOCALBOOT -1

LABEL centos7-x86_64
        kernel /images/centos7-x86_64/vmlinuz
        MENU LABEL centos7-x86_64
        append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.45.135/cblr/svc/op/ks/profile/centos7-x86_64
        ipappend 2

LABEL centos7.6-x86_64_desktop
        kernel /images/centos7-x86_64/vmlinuz
        MENU LABEL centos7.6-x86_64_desktop
        append initrd=/images/centos7-x86_64/initrd.img ksdevice=bootif lang=  kssendmac text  ks=http://192.168.45.135/cblr/svc/op/ks/profile/centos7.6-x86_64_desktop
        ipappend 2

至此cobbler配置完成载碌，新建一個(gè)虛擬機(jī)進(jìn)行安裝測試

啟動(dòng)猜嘱，選擇自定義的配置進(jìn)行安裝測試

開始執(zhí)行引導(dǎo)

根據(jù)kickstart設(shè)置進(jìn)行自動(dòng)配置

開始安裝

安裝完成后自動(dòng)重啟

根據(jù)DHCP的IP范圍設(shè)定自動(dòng)分配有效IP地址

測試成功，完成嫁艇。