第十二周作业
1、配置chrony服务,实现服务器时间自动同步
1 说明:chrony既可作为客户端去同步服务端的时间,也可作为服务端让客户端去同步自己的时间。 2 3 1、安装chrony程序,并作配置: 4 5 [root@db01 ~]# yum -y install chrony 6 ... 7 [root@db01 ~]# vim /etc/chrony.conf 8 # Use public servers from the pool.ntp.org project. 9 # Please consider joining the pool (http://www.pool.ntp.org/join.html). 10 server ntp.aliyun.com iburst (指定同步的时间服务器,这里选择阿里的时间服务器,一般会设置两个远端时间服务器,此时本机作为客户端。iburst 参数可加速时间同步) 11 #server 1.centos.pool.ntp.org iburst 12 #server 2.centos.pool.ntp.org iburst 13 #server 3.centos.pool.ntp.org iburst 14 15 # Record the rate at which the system clock gains/losses time. 16 driftfile /var/lib/chrony/drift 17 18 # Allow the system clock to be stepped in the first three updates 19 # if its offset is larger than 1 second. 20 makestep 1.0 3 21 22 # Enable kernel synchronization of the real-time clock (RTC). 23 rtcsync 24 25 # Enable hardware timestamping on all interfaces that support it. 26 #hwtimestamp * 27 28 # Increase the minimum number of selectable sources required to adjust 29 # the system clock. 30 #minsources 2 31 32 # Allow NTP client access from local network. 33 #allow 192.168.0.0/16 34 allow 0.0.0.0/0 (开启后,表示允许客户端同步本主机时间的网络,这里表示任意网络都允许,此时本机作为服务端。) 35 # Serve time even if not synchronized to a time source. 36 local stratum 10 (开启后,当本主机与同步时间指定远程服务器通信异常时,仍可让局域网内的主机与此主机的时间保持同步,建议启用。) 37 38 # Specify file containing keys for NTP authentication. 39 #keyfile /etc/chrony.keys 40 41 # Specify directory for log files. 42 logdir /var/log/chrony 43 44 # Select which information is logged. 45 #log measurements statistics tracking 46 47 48 49 2、测试: 50 51 本机作为客户端时,去同步阿里的时间: 52 53 修改本机时间至错误时间: 54 55 [root@db01 ~]# date 56 Mon Feb 17 18:31:00 CST 2020 57 [root@db01 ~]# date -s "-1 year" 58 Sun Feb 17 18:31:47 CST 2019 59 60 启动chronyd服务,再次查看时间,时间同步完成: 61 62 [root@db01 ~]# systemctl enable chronyd 63 Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service. 64 [root@db01 ~]# systemctl start chronyd 65 [root@db01 ~]# date 66 Sun Feb 17 18:34:58 CST 2019 67 [root@db01 ~]# date 68 Mon Feb 17 18:35:12 CST 2020 69 70 3、本机作为服务端,让其它主机同步本机时间时,只需指定同步时间服务器的地址即可,本次客户端是CentOS 7,如果是6则安装ntp(# yum -y install ntp , 然后修改配置文件即可:# vim /etc/ntp.conf )。 71 72 客户端: 73 74 [root@localhost ~]# yum -y install chrony 75 [root@localhost ~]# vim /etc/chrony.conf 76 ... 77 # Use public servers from the pool.ntp.org project. 78 # Please consider joining the pool (http://www.pool.ntp.org/join.html). 79 server 192.168.0.199 iburst (指定服务器地址,这里是上文主机的IP地址) 80 #server 1.centos.pool.ntp.org iburst 81 #server 2.centos.pool.ntp.org iburst 82 #server 3.centos.pool.ntp.org iburst 83 ... 84 85 4、测试: 86 87 修改客户端时间至错误时间: 88 89 [root@localhost ~]# date -s "-1 year" 90 Sun Feb 17 18:56:56 CST 2019 91 92 启动服务,发现时间立刻同步: 93 94 [root@localhost ~]# systemctl enable chronyd 95 Created symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service. 96 [root@localhost ~]# systemctl start chronyd 97 [root@localhost ~]# date 98 Mon Feb 17 19:02:22 CST 2020 99 100 查看同步状态: 101 102 [root@localhost ~]# chronyc sources -v 103 210 Number of sources = 1 104 105 .-- Source mode '^' = server, '=' = peer, '#' = local clock. 106 / .- Source state '*' = current synced, '+' = combined , '-' = not combined, 107 | / '?' = unreachable, 'x' = time may be in error, '~' = time too variable. 108 || .- xxxx [ yyyy ] +/- zzzz 109 || Reachability register (octal) -. | xxxx = adjusted offset, 110 || Log2(Polling interval) --. | | yyyy = measured offset, 111 || \ | | zzzz = estimated error. 112 || | | \ 113 MS Name/IP address Stratum Poll Reach LastRx Last sample 114 =============================================================================== 115 ^* 192.168.0.199 3 6 37 39 -4258ns[ -181us] +/- 15ms
2、实现cobbler+pxe自动化装机
一、环境准备
两台主机
一台主机:CentOS7.4充当Cobbler,http,dhcp,tftp服务器,并关闭防火墙和SELinux
一台主机:充当测试机,用于实现自动化安装Linux系统
网络要求:关闭VMWARE软件中的NAT模式中的DHCP服务,两台主机网卡基于NAT模式
二、安装相关包并启动服务
1 1.下载阿里云base源和epel源 2 [root@db01 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 3 [root@db01 yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-epel.repo http://mirrors.aliyun.com/repo/epel-7.repo 4 2.安装相关服务,并启动服务 5 [root@db01 yum.repos.d]# yum install cobbler dhcp -y 6 [root@db01 yum.repos.d]# systemctl enable --now cobblerd httpd tftp dhcpd 7 Created symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service. 8 Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. 9 Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket. 10 Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service. 11 Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details. 12 #最后的错误是因为未配置DHCP
三、修改cobbler相关的配置
1 [root@db01 yum.repos.d]# cobbler check 2 The following are potential configuration items that you may want to fix: 3 4 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 5 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 6 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 7 4 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 8 5 : enable and start rsyncd.service with systemctl 9 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 10 7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 11 8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them 12 13 Restart cobblerd and then run 'cobbler sync' to apply changes. 14 15 1.更改/etc/cobbler/settings配置文件的server项为提供cobblerd服务的主机地址,也就是本机地址 16 [root@db01 ~]# sed -i 's#server: 127.0.0.1#server: 192.168.0.199#' /etc/cobbler/settings.bak 17 更改后的整行内容:server: 192.168.0.199 18 2.更改/etc/cobbler/settings配置文件的next_server项,指明tftp服务器地址,使得客户端能够找到TFTP服务器 19 [root@db01 ~]# sed -i 's#next_server: 127.0.0.1#next_server: 192.168.0.199#' /etc/cobbler/settings.bak 20 更改后的整行内容:next_server: 192.168.0.199 21 3.该配置针对的是CentOS6的系统所做的修改,而CentOS7的tftp服务已经处于开机自启了,本次不需要操作这步。 22 [root@db01 ~]# systemctl is-enabled tftp.service 23 indirect 24 [root@db01 ~]# systemctl is-enabled tftp.socket 25 enabled 26 4.联网下载boot引导程序文件,具体实现过程在下文第四节 27 # cobbler get-loaders 28 注意:没有网络情况下拷贝启动文件到TFTP服务文件夹,操作如下: 29 # cp -a /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot 30 5.用不着,不用启动 31 6.debian系统才需要操作,本系统不需要 32 7.修改默认应答文件生成的root口令,如需要可修改,操作如下 33 [root@db01 ~]# openssl passwd -1 -salt '789' '123456' 34 $1$789$YNO0PdtPpgTiPhocI2BIU. 35 8.跟集群有关,无须更改 36 9.额外修改配置文件,实现cobbler同步配置dhcp服务,更改cobbler自带生成的应答文件的root默认初始密码。 37 [root@db01 ~]# vim /etc/cobbler/settings 38 #通过cobbler生成的dhcp配置模板,通过同步的方式去生成dhcp配置. 39 #注意:开启此项,需要先修改cobbler的dhcp模板,将其修改为主机网络环境下的正确dhcp配置,参考后面的第五节DHCP配置阶段,而后同步才能正常,否则会有报错。 40 manage_dhcp: 1 41 #可修改默认root密码 42 default_password_crypted: “$1$789$YNO0PdtPpgTiPhocI2BIU.” #由上面第7步骤生成
四、下载启动的相关文件
1 1.下载启动引导文件 2 3 [root@db01 ~]# cobbler get-loaders 4 task started: 2020-02-20_184124_get_loaders 5 task started (id=Download Bootloader Content, time=Thu Feb 20 18:41:24 2020) 6 downloading https://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README 7 downloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo 8 downloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot 9 downloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux 10 downloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi 11 downloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yaboot 12 downloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0 13 downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32 14 downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi 15 downloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi 16 *** TASK COMPLETE *** 17 18 2.查看tftpboot目录下的文件 19 20 [root@db01 ~]# tree /var/lib/tftpboot/ 21 /var/lib/tftpboot/ 22 ├── boot 23 ├── etc 24 ├── grub 25 ├── images 26 ├── images2 27 ├── ppc 28 ├── pxelinux.cfg 29 └── s390x 30 31 8 directories, 0 files 32 33 3.将刚才下载至/var/lib/cobbler/loaders/中的引导启动文件同步至/var/lib/tftpboot/目录下 34 35 [root@db01 ~]# cobbler sync 36 task started: 2020-02-20_190308_sync 37 task started (id=Sync, time=Thu Feb 20 19:03:08 2020) 38 running pre-sync triggers 39 cleaning trees 40 removing: /var/lib/tftpboot/grub/images 41 copying bootloaders 42 trying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0 43 trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32 44 trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboot 45 trying hardlink /usr/share/syslinux/memdisk -> /var/lib/tftpboot/memdisk 46 trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi 47 trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi 48 copying distros to tftpboot 49 copying images 50 generating PXE configuration files 51 generating PXE menu structure 52 rendering TFTPD files 53 generating /etc/xinetd.d/tftp 54 cleaning link caches 55 running post-sync triggers 56 running python triggers from /var/lib/cobbler/triggers/sync/post/* 57 running python trigger cobbler.modules.sync_post_restart_services 58 running shell triggers from /var/lib/cobbler/triggers/sync/post/* 59 running python triggers from /var/lib/cobbler/triggers/change/* 60 running python trigger cobbler.modules.manage_genders 61 running python trigger cobbler.modules.scm_track 62 running shell triggers from /var/lib/cobbler/triggers/change/* 63 *** TASK COMPLETE *** 64 65 4.查看同步结果 66 67 [root@db01 ~]# tree /var/lib/tftpboot/ 68 /var/lib/tftpboot/ 69 ├── boot 70 │ └── grub 71 │ └── menu.lst 72 ├── etc 73 ├── grub 74 │ ├── efidefault 75 │ ├── grub-x86_64.efi 76 │ ├── grub-x86.efi 77 │ └── images -> ../images 78 ├── images 79 ├── images2 80 ├── memdisk 81 ├── menu.c32 82 ├── ppc 83 ├── pxelinux.0 84 ├── pxelinux.cfg 85 │ └── default 86 ├── s390x 87 │ └── profile_list 88 └── yaboot
五、实现dhcp服务
1 #修改dhcp的模板文件下面的行,用来生成dhcp的配置文件 2 [root@db01 ~]# vim /etc/cobbler/dhcp.template 3 subnet 192.168.0.0 netmask 255.255.255.0 { 4 option routers 192.168.0.254; 5 option domain-name-servers 192.168.0.254; 6 option subnet-mask 255.255.255.0; 7 range dynamic-bootp 192.168.0.100 192.168.0.250 8 ...省略... 9 [root@db01 ~]# systemctl restart cobblerd.service 10 [root@db01 ~]# cobbler sync #同步后,可看到/etc/dhcp/dhcpd.conf已有配置
六、修改菜单的标题信息
1 1.编辑cobbler配置菜单模板 2 [root@db01 ~]# vim /etc/cobbler/pxe/pxedefault.template 3 DEFAULT menu 4 PROMPT 0 5 MENU TITLE Cobbler | http://www.adu.com/ #可修改的菜单标题 6 TIMEOUT 200 7 TOTALTIMEOUT 6000 8 ONTIMEOUT $pxe_timeout_profile 9 10 LABEL local 11 MENU LABEL (local) 12 MENU DEFAULT 13 LOCALBOOT -1 14 15 $pxe_menu_items 16 17 MENU end 18 2.同步模板 19 [root@db01 ~]# cobbler sync 20 [root@db01 ~]# cat /var/lib/tftpboot/pxelinux.cfg/default 21 DEFAULT menu 22 PROMPT 0 23 MENU TITLE Cobbler | http://www.adu.com/ #同步完成 24 TIMEOUT 200 25 TOTALTIMEOUT 6000 26 ONTIMEOUT local 27 28 LABEL local 29 MENU LABEL (local) 30 MENU DEFAULT 31 LOCALBOOT -1 32 33 34 35 MENU end
七、导入CentOS系统的安装文件,生成相应的YUM源
1 1.挂载系统光盘 2 [root@db01 ~]# mount /dev/sr0 /mnt/ 3 2.导入镜像 4 [root@db01 ~]# cobbler import --name=centos-7.4-x86_64 --path=/mnt --arch=x86_64 #--name指定distro名称,--path为镜像挂载点路径,--arch应用平台cpu架构 5 3.查看导入时目录大小变化 6 [root@db01 ~]# du -sh /var/www/cobbler/ 7 1.1G /var/www/cobbler/ 8 [root@db01 ~]# du -sh /var/www/cobbler/ 9 1.2G /var/www/cobbler/ 10 4.导入成功,查看distro 11 [root@db01 ~]# cobbler profile list 12 centos-7.4-x86_64 13 5.查看完整的报告 14 [root@db01 ~]# cobbler profile report 15 Name : centos-7.4-x86_64 16 TFTP Boot Files : {} 17 Comment : 18 DHCP Tag : default 19 Distribution : centos-7.4-x86_64 20 Enable gPXE? : 0 21 Enable PXE Menu? : 1 22 Fetchable Files : {} 23 Kernel Options : {} 24 Kernel Options (Post Install) : {} 25 Kickstart : /var/lib/cobbler/kickstarts/sample_end.ks #cobbler生成的最小化安装的应答文件 26 Kickstart Metadata : {} 27 Management Classes : [] 28 Management Parameters : <<inherit>> 29 Name Servers : [] 30 Name Servers Search Path : [] 31 Owners : ['admin'] 32 Parent Profile : 33 Internal proxy : 34 Red Hat Management Key : <<inherit>> 35 Red Hat Management Server : <<inherit>> 36 Repos : [] 37 Server Override : <<inherit>> 38 Template Files : {} 39 Virt Auto Boot : 1 40 Virt Bridge : xenbr0 41 Virt CPUs : 1 42 Virt Disk Driver Type : raw 43 Virt File Size(GB) : 5 44 Virt Path : 45 Virt RAM (MB) : 512 46 Virt Type : kvm 47 48 6.查看默认生成的菜单内容 49 [root@db01 ~]# cat /var/lib/tftpboot/pxelinux.cfg/default 50 DEFAULT menu 51 PROMPT 0 52 MENU TITLE Cobbler | http://www.adu.com/ 53 TIMEOUT 200 54 TOTALTIMEOUT 6000 55 ONTIMEOUT local 56 57 LABEL local 58 MENU LABEL (local) 59 MENU DEFAULT 60 LOCALBOOT -1 61 62 LABEL centos-7.4-x86_64 63 kernel /images/centos-7.4-x86_64/vmlinuz 64 MENU LABEL centos-7.4-x86_64 65 append initrd=/images/centos-7.4-x86_64/initrd.img lang= text ksdevice=bootif kssendmac ks=http://192.168.0.199/cblr/svc/op/ks/profile/centos-7.4-x86_64 66 ipappend 2 67 68 69 70 MENU end
八、准备kickstart文件并关联至指定的YUM源
1 1.安装kickstart图形配置程序,打开图形化界面进行配置 2 [root@db01 ~]# yum install system-config-kickstart -y 3 2.配置过程省略,以下是配置好的ks文件 4 [root@db01 ~]# cat /var/lib/cobbler/kickstarts/centos7.cfg 5 #platform=x86, AMD64, or Intel EM64T 6 #version=DEVEL 7 # Install OS instead of upgrade 8 install 9 # Keyboard layouts 10 keyboard 'us' 11 # Root password 12 rootpw --iscrypted $1$ZN1j3U8m$BeGSw6NdHIqcnRELpLH711 13 # Use network installation 14 url --url=$tree #yum源的默认路径是由cobbler定义的,需要修改为$tree 15 # System language 16 lang en_US 17 # Firewall configuration 18 firewall --disabled 19 # System authorization information 20 auth --useshadow --passalgo=sha512 21 # Use text mode install 22 text 23 firstboot --disable 24 # SELinux configuration 25 selinux --disabled 26 27 # Network information 28 network --bootproto=dhcp --device=eth0 29 # Reboot after installation 30 reboot 31 # System timezone 32 timezone Asia/Shanghai 33 # System bootloader configuration 34 bootloader --append="net.ifnames=0" --location=mbr #这里配置为none时,系统安装好后,无法引导。自我警戒! 35 # Partition clearing information 36 clearpart --all 37 # Disk partitioning information 38 part /boot --fstype="xfs" --size=500 39 part swap --fstype="swap" --size=2048 40 part / --fstype="xfs" --size=20480 41 42 %post 43 useradd mage 44 echo mageedu |passwd --stdin mage 45 %end 46 47 3.将kickstart文件,关联指定的YUM源和生成菜单列表 48 [root@db01 ~]# cobbler profile add --name=CentOS-7.4_mini --distro=CentOS-7.4-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg 49 [root@db01 ~]# cobbler profile list 50 CentOS-7.4_mini 51 centos-7.4-x86_64 52 53 4.删除默认的生成菜单 54 [root@db01 ~]# cobbler profile remove --name=centos-7.4-x86_64 55 [root@db01 ~]# cobbler profile list 56 CentOS-7.4_mini 57 58 5.查看自制的菜单内容 59 60 DEFAULT menu 61 PROMPT 0 62 MENU TITLE Cobbler | http://www.adu.com/ 63 TIMEOUT 200 64 TOTALTIMEOUT 6000 65 ONTIMEOUT local 66 67 LABEL local 68 MENU LABEL (local) 69 MENU DEFAULT 70 LOCALBOOT -1 71 72 LABEL CentOS-7.4_mini 73 kernel /images/centos-7.4-x86_64/vmlinuz 74 MENU LABEL CentOS-7.4_mini 75 append initrd=/images/centos-7.4-x86_64/initrd.img ksdevice=bootif lang= kssendmac text ks=http://192.168.0.199/cblr/svc/op/ks/profile/CentOS-7.4_mini 76 ipappend 2 77 78 79 80 MENU end
九、测试客户端基于Cobbler实现自动安装
十、实现cobbler的web管理
1、安装cobbler-web
1 [root@db01 ~]# yum install cobbler-web 2 [root@db01 ~]# systemctl restart httpd
2、访问web界面
通过浏览器访问地址:https://cobblerserverIP/cobbler_web
cobbler-web界面的默认账号密码:cobbler/cobbler
3、WEB的登入认证方式
认证方法配置文件:/etc/cobbler/modules.conf
支持多种认证方法:
• authn_configfile,此为默认的认证方法
• authn_pam
使用authn_configfile模块认证cobbler_web用户
1 [root@db01 ~]# vim /etc/cobbler/modules.conf 2 [authentication] 3 module = authn_configfile 4 5 [root@db01 ~]# cat /etc/cobbler/users.digest 6 cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 7 用户名:应用在Cobbler程序上:密码 #上面表示的意思
创建其认证文件/etc/cobbler/user.digest,并添加所需的用户的realm只能为Cobbler
1 [root@db01 ~]# htdigest /etc/cobbler/users.digest Cobbler admin 2 Adding user admin in realm Cobbler 3 New password: 4 Re-type new password: 5 [root@db01 ~]# cat /etc/cobbler/users.digest 6 cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3 7 admin:Cobbler:ec0cff8a86a4bc93ada04ae276f62843
注意:添加第一个用户时,使用"-c"选项(使用时会删除原来的初始用户),后续添加其它用户时不要再使用,cobbler_web
4、登入演示