Cobblerサーバの構築メモ

Cobbler - Linux install and update server

Cobblerを使って、業務で日常的にOSのインストールをしているんですが、Cobblerサーバ自体はチーム内の他の人が構築してくれてて、自分で一から立てたことが無く、今回構築してみたのでメモ。

構築環境

CentOS release 5.8 (Final)
cobbler-2.0.11-2.el5
CobblerサーバのIP 172.17.8.11
PXEブートするIPレンジ 172.17.8.0/24

epelの導入

Cobblerはepelにあるので、epelをリポジトリに追加

mkdir ~/src
cd ~/src
wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm -ivh epel-release-5-4.noarch.rpm

Cobblerの導入とサービスの起動

Cobblerと一緒に必要なパッケージが入るんですが、 dhcpは一緒に入らなかったのでdhcpも導入。

yum -y install cobbler dhcp

サービスを起動して、自動で起動するようにも設定

service cobblerd start
service httpd start
service xinetd start
service dhcpd start

chkconfig cobblerd on
chkconfig httpd on
chkconfig xinetd on
chkconfig dhcpd on

Cobblerの各種設定を用意

Cobblerを起動したらcobbler checkで設定ファイルをチェック。問題がある部分が表示されるので一個ずつ修正していきます。

cobbler check

The following are potential configuration items that you may want to fix:

: The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
: For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
: some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
: change 'disable' to 'no' in /etc/xinetd.d/tftp
: change 'disable' to 'no' in /etc/xinetd.d/rsync
: debmirror package is not installed, it will be required to manage debian deployments and repositories
: The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
: fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

/etc/cobbler/settings

--- settings.dist 2012-03-15 03:08:45.000000000 +0900 +++ settings 2012-03-14 18:39:53.000000000 +0900 @@ -195,7 +195,7 @@ # set to 1 to enable Cobbler's DHCP management features. # the choice of DHCP management engine is in /etc/cobbler/modules.conf -manage_dhcp: 0 +manage_dhcp: 1 # set to 1 to enable Cobbler's DNS management features. # the choice of DNS mangement engine is in /etc/cobbler/modules.conf @@ -210,7 +210,7 @@ # if using cobbler with manage_dhcp, put the IP address # of the cobbler server here so that PXE booting guests can find it # if you do not set this correctly, this will be manifested in TFTP open timeouts. -next_server: 127.0.0.1 +next_server: 172.17.8.11 # settings for power management features. optional. # see https://fedorahosted.org/cobbler/wiki/PowerManagement to learn more @@ -322,7 +322,7 @@ # if you have a server that appears differently to different subnets # (dual homed, etc), you need to read the --server-override section # of the manpage for how that works. -server: 127.0.0.1 +server: 172.17.8.11 # this is a directory of files that cobbler uses to make # templating easier. See the Wiki for more information. Changing

/etc/xinetd.d/tftp

--- /etc/xinetd.d/tftp.dist 2012-03-15 03:12:09.000000000 +0900 +++ /etc/xinetd.d/tftp 2012-03-15 03:12:34.000000000 +0900 @@ -11,7 +11,7 @@ user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot - disable = yes + disable = no per_source = 11 cps = 100 2 flags = IPv4

/etc/xinetd.d/rsync

--- /etc/xinetd.d/rsync.dist 2012-03-15 03:13:30.000000000 +0900 +++ /etc/xinetd.d/rsync 2012-03-15 03:13:44.000000000 +0900 @@ -3,7 +3,7 @@ # allows crc checksumming etc. service rsync { - disable = yes + disable = no socket_type = stream wait = no user = root

/etc/cobbler/dhcp.template

cobblerにdhcpdも管理させるのでdhcp.templateも修正

--- /etc/cobbler/dhcp.template.dist 2012-03-14 18:41:17.000000000 +0900 +++ /etc/cobbler/dhcp.template 2012-03-14 18:42:36.000000000 +0900 @@ -16,14 +16,14 @@ ignore client-updates; set vendorclass = option vendor-class-identifier; -subnet 192.168.1.0 netmask 255.255.255.0 { - option routers 192.168.1.5; - option domain-name-servers 192.168.1.1; +subnet 172.17.8.0 netmask 255.255.255.0 { + option routers 172.17.8.11; + option domain-name-servers 172.17.8.11; option subnet-mask 255.255.255.0; - range dynamic-bootp 192.168.1.100 192.168.1.254; + range dynamic-bootp 172.17.8.250 172.17.8.253; filename "/pxelinux.0"; - default-lease-time 21600; - max-lease-time 43200; + default-lease-time 600; + max-lease-time 600; next-server $next_server; }

/etc/hosts.allow

hosts.allowにPXEブートするIPレンジを記載

bootps:         172.17.8.0/255.255.255.0
tftp:           172.17.8.0/255.255.255.0
in.tftpd:       172.17.8.0/255.255.255.0

bootloaderの用意

cobbler get-loaders

インストール用のディストリビューションを用意

cobbler importでCentOS5.8とScicentifc Linux6.2をimport。だいたい1つに30分〜40分かかります

cobbler import --path=rsync://ftp.jaist.ac.jp/pub/Linux/CentOS/5.8/os/x86_64/ --name=CentOS5.8-x86_64
cobbler import --path=rsync://ftp.jaist.ac.jp/pub/Linux/scientific/6.2/x86_64/os/ --name=SL6.2-x86_64
cobbler sync

再度設定をチェック

cobbler checkで再度設定をチェック。下記の注意書きが出ますが、関係ないので無視

The following are potential configuration items that you may want to fix:

1 : debmirror package is not installed, it will be required to manage debian deployments and repositories
2 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
3 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them

Restart cobblerd and then run 'cobbler sync' to apply changes.

各種設定が出来たので、Cobbler再起動して設定を反映

service cobblerd restart

動作確認

動作チェックのため、iptablesを一時的に止める

service iptables stop

適当なksファイル/var/lib/cobbler/kickstarts/mysql-server.ksなどを用意して、profileに登録

cobbler profile add --name=mysql-server --distro=CentOS5.8-x86_64 --kickstart=/var/lib/cobbler/kickstarts/mysql-server.ks
cobbler sync

まっさらなサーバを起動してCobblerの画面が出るか確認

用意したmysql-serverを選択してインストール作業の確認

うまくいきました。

/etc/cobbler/settingsを眺めてたらgitやらpuppetやらの設定項目があって、もっと便利に使えそうな予感が。

Glide Note

glidenote's blog