Cobbler无盘启动镜像,实现无硬盘批量部署操作系统liveOS
程序员文章站
2022-03-07 22:32:31
...
Cobbler无盘启动镜像,实现无硬盘批量部署操作系统liveOS
IPXE无盘网络操作系统部署安装
琢磨完Cobbler实现定制化批量部署操作系统及顺带完成相关安全加固操作以后,又新接触了IPXE的概念,即通过网络安装的方式部署无盘操作系统,目标主机不需要具备硬盘条件,只需要能够获取到DHCP分发的ip地址且能够保证网络畅通则可以快速安装操作系统。
Cobbler回顾
Cobbler是运维人员实现无人值守批量装机的一款利器,有了cobbler可以在短时间内完成大批量操作系统的部署安装。Cobbler所依赖的服务有TFTP、DHCP以及HTTP等,通过网络传输的方式将kickstart文件传给远端需要部署操作系统的主机上去。大致工作流程为:导入需要安装的系统镜像文件、需要部署操作系统的kickstart配置模板、DHCP等各项服务的配置脚本,根据定制化需求生成对应设备的kickstart文件,同步cobbler的system list,最后到目标主机去通过网卡PXE获取装机文件。类似于在网吧中,有人可能会问,这么多台电脑需要安装操作系统,一台一台去装得要到什么时候去了?于是有了今天的IPXE无盘装机概念。装完系统之后再重启,该系统镜像又不会保存在本地文件中了。
实施过程
- 根据ks创建livecd ,需要提前安装 yum install livecd-tools ,添加centos 【extra】源
Linux 163和阿里云yum源
163:
CentOS7 http://mirrors.163.com/.help/CentOS7-Base-163.repo
CentOS6 http://mirrors.163.com/.help/CentOS6-Base-163.repo
阿里云
CentOS7 http://mirrors.aliyun.com/repo/Centos-7.repo
CentOS6 http://mirrors.aliyun.com/repo/Centos-6.repo
更新之后清空缓存
yum clean all
yum makecache
[Aliyun]
name=CentOS-7 - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/os/$basearch/
http://mirrors.aliyuncs.com/centos/7/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/7/os/$basearch/
gpgcheck=0
enabled=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
[extras]
name=CentOS-7 - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/extras/$basearch/
http://mirrors.aliyuncs.com/centos/7/extras/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/7/extras/$basearch/
gpgcheck=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
下载或保存repo文件,yum install livecd-tools
livecd-creator -v --config livecd.cfg --cache /var/cache/livecd --name AsiaInfo-LiveCD
#lived.cfg 模板
保存路径:
/var/lib/cobbler/kickstarts/
# Kickstart file automatically generated by anaconda.
#version=DEVEL
text
skipx
lang en_US.UTF-8
keyboard us
#repo --name=base --baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/
repo --name=base --baseurl=file:///var/www/html/bclinux/common76/
#network --bootproto=dhcp --hostname=LiveOS --onboot=on
rootpw As1a1nf0
firewall --disabled
authconfig --enableshadow --passalgo=sha512
selinux --disabled
timezone Asia/Shanghai
%packages --ignoremissing
@base
@core
tree
OpenIPMI
ipmitool
telnet
lrzsz
libstoragemgmt
libstoragemgmt-megaraid-plugin
libstoragemgmt-arcconf-plugin
libstoragemgmt-hpsa-plugin
libstoragemgmt-local-plugin
libstoragemgmt-smis-plugin
@network-tools
%end
%post
# Configure SSH services
/bin/sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
/bin/sed -i 's/^#GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
/bin/sed -i 's/^#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
/bin/sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
# Configure yum
/bin/sed -i 's/^plugins=1/plugins=0/' /etc/yum.conf
# disable selinux
/bin/sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# disable those system services
systemctl disable postfix.service
systemctl disable atd.service
systemctl disable mdmonitor.service
# enable sshd
systemctl start sshd
systemctl enable sshd
# stop and disable NetworkManager
systemctl stop NetworkManager
systemctl disable NetworkManager
# Configure user ulimit
cp /etc/security/limits.conf{,.bak}
echo '* soft nproc 1000000' >>/etc/security/limits.conf
echo '* hard nproc 1000000' >>/etc/security/limits.conf
echo '* soft nofile 1000000' >>/etc/security/limits.conf
echo '* hard nofile 1000000' >>/etc/security/limits.conf
echo '* soft core unlimited' >>/etc/security/limits.conf
echo '* hard core unlimited' >>/etc/security/limits.conf
echo '* soft memlock 32000' >>/etc/security/limits.conf
echo '* hard memlock 32000' >>/etc/security/limits.conf
echo '* soft stack 102400' >>/etc/security/limits.conf
echo '* hard stack 102400' >>/etc/security/limits.conf
echo '* soft msgqueue 8192000' >>/etc/security/limits.conf
echo '* hard msgqueue 8192000' >>/etc/security/limits.conf
mkdir -p /tmp/etc/security/limits.d
mv -f /etc/security/limits.d/* /tmp/etc/security/limits.d
# Start libstoragemgmt.service
/bin/systemctl start libstoragemgmt.service
/bin/systemctl enable libstoragemgmt.service
# Configure system kernel arguments
cp /etc/sysctl.conf{,.bak}
echo 'net.ipv4.ip_forward = 1' >>/etc/sysctl.conf
echo 'fs.file-max = 262144' >>/etc/sysctl.conf
# Close graphical interface
systemctl set-default multi-user.target
# delete hot key 'ctrl+alt+del'
cp /usr/lib/systemd/system/ctrl-alt-del.target /tmp
rm -f /usr/lib/systemd/system/ctrl-alt-del.target
# crontab add sshd
echo '* * * * * (systemctl status sshd || systemctl restart sshd)' >>/var/spool/cron/root
%end
上述模板为定制化装机的模板文件,由于是统一安装liveOS,所以文件都统一此模板。
并做了相关安全加固。
2.制作pxe启动文件
livecd-iso-to-pxeboot AsiaInfo-LiveCD.iso
#镜像文件直接跟文件的绝对路径即可,这里是笔者的定制款镜像文件(亚信科技版权所有)
3.添加distro
mkdir /srv/livecd/
cp tftpboot/vmlinuz0 /srv/livecd/vmlinuz0
cp tftpboot/initrd0.img /srv/livecd/initrd.img
cobbler distro add --name=LiveOS --kernel=/srv/livecd/vmlinuz0 --initrd=/srv/livecd/initrd.img
cobbler distro edit --name=LiveOS --kopts='root=live:/AsiaInfo-LiveCD.iso rootfstype=iso9660 rootflags=loop !text !lang !ksdevice'
4.添加profile
cobbler profile add --name=LiveOS --distro=LiveOS
5.添加system
cobbler system add --name=LiveOS --profile=LiveOS
6.修改非绑定mac的主机默认引导至LiveOS
vi /etc/cobbler/pxe/pxedefault.template
将 ONTIMEOUT $pxe_timeout_profile 注释
改成
ONTIMEOUT LiveOS # LiveOS就是我们新建的Profile
7.同步cobbler配置
cobbler sync
说明:
默认情况下LiveOS还会从dhcp获取ip地址,这个dhcp就是cobbler的dhcp,并启动sshd,方便远程访问
如果不需要LiveOS,则删掉system和profile即可,并关闭dhcpd.conf里面的range配置
后续增加系统发现agent(单独开发),实现通过cobbler主机进行设备管理,在操作系统安装之前,完成raid配置 ipmi配置 设备信息采集等操作。