cobbler 批量安装linuxWord格式.docx
《cobbler 批量安装linuxWord格式.docx》由会员分享,可在线阅读,更多相关《cobbler 批量安装linuxWord格式.docx(26页珍藏版)》请在冰豆网上搜索。
sthebestwaytodothis?
It'
sacommandcalled"
cobblerimport"
thatcanmirrorcontentbasedonaDVDimage,atreeonamountedfilesystem,orevenanexternalrsyncmirrororSSHlocation.
Firstyouhavetohavecobblerinstalledandsetupthough,whichisthankfullyprettyeasytodo.
SettingUpAProvisioningServerFromScratch
yuminstallcobbler
#Edit/etc/cobbler/settingsfor'
server'
and'
next-server'
addresses.
#Commentsintheconfigfilewillexplainwhateachsettingdoes.
cobblercheck
#Adjustthingsasnecessarybasedontheoutputofcobblercheckabove
#DownloadtheFedoraDVDimageandmountit,eitherwitharealCDora
#loopback(mkdir/somedir;
mount-oloopyour.iso/somedir)
#importfrominsertedDVD
cobblerimport--path=/media/dvd--name=Fedora12
#...OR...importfromthemountedISOexamplec
obblerimport--path=/somedir--name=Fedora12
cobblersync
You'
redone.Really.
SElinuxspecificsettingsforF14tokeepinmind?
ForFedora14youmightwanttoamendtheselinuxpolicysettings.
/usr/sbin/semanagefcontext-a-tpublic_content_rw_t"
/var/lib/tftpboot/.*"
/var/www/cobbler/images/.*"
restorecon-R-v"
/var/lib/tftpboot/"
/var/www/cobbler/images.*"
#Enablescobblertoread/writepublic_content_rw_tsetseboolcobbler_anon_writeon
#Enablehttpdtoconnecttocobblerd(optional,dependingonifwebinterfaceisinstalled)
#Notice:
Ifyouenablehttpd_can_network_connect_cobblerandyoushouldswitchhttpd_can_network_connectoff
setseboolhttpd_can_network_connectoff
setseboolhttpd_can_network_connect_cobbleron
#Enabledcobblertousersyncetc..(optional)
setseboolcobbler_can_network_connecton
#EnablecobblertouseCIFSbasedfilesystems(optional)
setseboolcobbler_use_cifson
#EnablecobblertouseNFSbasedfilesystems(optional)setseboolcobbler_use_nfson
#Doublecheckyourchoices
getsebool-a|grepcobbler
Important:
OnceyouenabledtheSElinuxbooleansandcheckedthattheyworkforyou,makethempermanentbyusingsetsebool-Poptionon/off!
!
Thiswillsaveyourbooleansonreboot.
Alternatively,youcouldhavealsoused:
cobblerimport--path=rsync:
//servergoeshere/path/to/distro--name=F12
Thiswouldmirrorfromapublicrsyncserver(foralistofpublicserversvisithttp:
//mirrors.fedoraproject.org/publiclist/)withoutneedingtheDVDimage.
KickstartsareanswerfilesthatscripttheinstallationoftheOS.Well,forFedoraandRedHatbaseddistributionsitiscalledkickstart.Wealsosupportotherdistributionsthathavesimilaranswerfiles,butlet'
sjustusekickstartasanexamplefornow.Thekickstartsautomaticallyassignedabovewillinstallphysicalmachines(orvirtualmachines--we'
llgettothatlater)withadefaultpasswordof"
cobbler"
(don'
tworry,youcanchangethesedefaults)andareallybasicsetofpackages.Forsomethingmorecomplicated,youmaywishtoeditthedefaultkickstartsin/var/lib/cobbler/kickstarts.Youcouldalsousecobblertoassignthemnewkickstartfiles.ThesefilesareactuallyKickstartTemplates,alevelbeyondregularkickstartsthatcanmakeadvancedcustomizationseasiertoachieve.We'
lltalkmoreaboutthatlateraswell.
Whatifyoudon'
twanttomirrortheinstallcontentonyourinstallserver?
SayyoualreadyhavethetreesfromallyourDVDsand/orCDsextractedonaFilermountedoverNFSsomewhere.Thisworkstoo,withtheadditionofonemoreargument:
cobblerimport--path=/path/where/filer/is/mounted--name=filer--available-as=nfs:
//nfsserver.example.org:
/is/mounted/here
Theabovecommandwillsetupcobblerautomaticallyusingalloftheabovedistros(storedontheremotefiler)--butwillkeepthetreesonNFS.ThissavesdiskspaceontheCobblerserver.Asyouaddmoredistrosovertimetothefiler,youcankeeprunningtheabovecommandstoaddthemtoCobbler.So,whetherusingsomedatayoualreadyhaveonthenetwork,orlettingcobblercreateaninstallmirrorforyou,therearelotsofusefuloptions.Similarly,ifyoujustneedtochangethedefaultpathwhereCobblerstoresdataitimports(whichis/var/www/cobbler/)youcanalsochangethat--thisiscoveredelsewhereontheWiki.
UsingThatServerForReinstallation
ShouldyouhaveasystemyouwanttoinstallthatFedora12on(insteadofwhateveritisrunningnow),rightnow,youcandothis:
yuminstallkoankoan--server=--list=profileskoan--replace-self--server=--profile=F12-i386/sbin/reboot
Thesystemwillinstallthenewoperatingsystemafterrebooting,handsoff,nointeractionrequired.
Noticeintheaboveexample"
F12-i386"
isjustoneoftheboringdefaultprofilescobblercreatedforyou.Youcanalsocreateyourown,forinstance"
F12-webservers"
or"
F12-appserver"
--whateveryouwouldliketoautomate.
UsingThatServerForVirtualization
Wanttoinstallavirtualguestinstead(perhapsXenorKVM)?
Noproblem.
yuminstallkoankoan--server=--virt--virt-type=xenpv--profile=F12-i386-xen
Done.
YoucanalsouseKVMorothervirtualizationmethods.ThesearecoveredelsewhereontheWiki.SomedistributionshaveXenspecificprofilesyouneedtouse,thoughthisismergedbacktogetherstartingwithFedora12.
UsingThatServerForPXE
Notethatsofarwe'
veonlymentionedreinstallingLinuxsystemsanddoingvirtualizedinstalls.PXEfornetworkinstallationof"
baremetal"
machinesisveryeasytoo.
IfyouwantPXE,youhavetwooptions.
IftheDHCPserverissomewhereelse(notontheCobblerserver),youcangetyourdhcpserveradmintopointatyourboxasa"
next-server"
.Easyenough.
IfyouwanttorunDHCPlocallyandhaveCobblermanageitforyou,justsetmanage_dhcpto1in/etc/cobbler/settingsonthebootserver,
edit/etc/cobbler/dhcp.templatetochangesomedefaults,andrerun"
cobblersync"
.
regood.Cobblerwillkeeptrackofyourdhcpfilesforyou,andyou'
llneverhavetohandeditthem.(SeeManageDhcpformoreinformationonthis).
OnceyougetPXEsetup,allofthebare-metalcompatibleprofileswill,byname,showupinPXEmenuswhenthemachinesnetworkboot.Type"
menu"
atthepromptandchooseonefromthelist.Orjustdon'
tdoanythingandthemachinewilldefaultthroughtolocalbooting.(SomeXenparavirtprofileswillnotshowup,becauseyoucannotinstalltheseonphysicalmachines--thisisintended)
Shouldyouwanttopinaparticularsystemtoinstallaparticularprofilethenexttimeitreboots,justrun:
cobblersystemadd--name=example--mac=$mac-address--profile=$profile-name
Thentheabovemachinewillbootdirectlytotheprofileofchoicewithoutbringingupthemenu.Don'
tforgettoreadthemanpagedocsastherearemoreoptionsforcustomizationandcontrolavailable.Therearealsolotsofusefulsettingsdescribedin/etc/cobbler/settingsthatyouwillwanttoreadover.
Firewall
Dependingonyourusage,youwillprobablyneedtomakesureiptablesisconfiguredtoallowaccesstotherightservices.Here'
sanexampleconfiguration:
#Firewallconfigurationwrittenbysystem-config-securitylevel#Manualcustomizationofthisfileisnotrecommended.*filter:
INPUTACCEPT[0:
0]:
FORWARDACCEPT[0:
OUTPUTACCEPT[0:
0]-AINPUT-picmp--icmp-typeany-jACCEPT-AINPUT-mstate--stateESTABLISHED,RELATED-jACCEPT#LOCALHOST-AINPUT-ilo-jACCEPT#SSH-AINPUT-mstate--stateNEW-mtcp-ptcp--dport22-jACCEPT#DNS-TCP/UDP-AINPUT-mstate--stateNEW-mudp-pudp--dport53-jACCEPT-AINPUT-mstate--stateNEW-mtcp-ptcp--dport53-jACCEPT#DHCP-AINPUT-mstate--stateNEW-mudp-pudp--dport68-jACCEPT#TFTP-TCP/UDP-AINPUT-mstate--stateNEW-mtcp-ptcp--dport69-jACCEPT-AINPUT-mstate--stateNEW-mudp-pudp--dport69-jACCEPT#NTP-AINPUT-mstate--stateNEW-mudp-pudp--dport123-jACCEPT#HTTP/HTTPS-AINPUT-mstate--stateNEW-mtcp-ptcp--dport80-jACCEPT-AINPUT-mstate--stateNEW-mtcp-ptcp--dport443-jACCEPT#Syslogforcobbler-AINPUT-mstate--stateNEW-mudp-pudp--dport25150-jACCEPT#KoanXMLRPCports-AINPUT-mstate--stateNEW-mtcp-ptcp--dport25151-jACCEPT-AINPUT-mstate--stateNEW-mtcp-ptcp--dport25152-jACCEPT#-AINPUT-jLOG-AINPUT-jREJECT--reject-withicmp-host-prohibitedCOMMIT
Adaptthistoyourownenvironment.
Services
DependingonwhetheryouarerunningDHCPandDNSonthesamebox,youwillwanttoenablevariousservices:
/sbin/servicehttpdstart/sbin/servicedhcpdstart/sbin/servicexinetdstart/sbin/servicecobblerdstart/sbin/chkconfighttpdon/sbin/chkconfigdhcpdon/sbin/chkconfigxinetdon/sbin/chkconfigtftpon/sbin/chkconfigcobblerdon
"
cobblercheck"
mentionedabove,willmentionmostofthistoyou.
NotesAboutOtherDistributions
TheaboveexamplecoveredFedora,thoughthingsworkexactlythesameforRHELandCentOS.ReadSupportForOtherDistrosforadditionalinformationifyouarenotrunningaFedoraorRedHatbaseddistribution.SupportforotherdistributionsisimportanttotheCobblerproject,thoughtheymayrequireslightlydifferentinstructions.
ReadMore
Therearelotsofothertopicsaswellasexpansionson