Cobbler: различия между версиями

Материал из noname.com.ua
Перейти к навигацииПерейти к поиску
Строка 113: Строка 113:
   
 
===Сервисы===
 
===Сервисы===
  +
Для работы нужны запущенные
  +
* tftpd
  +
* dhcp
  +
* dns
  +
 
====tftp====
 
====tftp====
 
====dns====
 
====dns====
  +
====dhcp====

Версия 13:26, 29 августа 2012

Cobbler

Установка

Включить EPEL

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

vim /etc/yum.repos.d/remi.repo
yum install cobbler-web.noarch  cobbler.noarch
yum install koan yum-utils httpd xinetd cman


cobbler check - проверить настройки.

[root@puppet ~]# cobbler check
The following are potential configuration items that you may want to fix:

1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work.  This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
4 : change 'disable' to 'no' in /etc/xinetd.d/rsync
5 : debmirror package is not installed, it will be required to manage debian deployments and repositories
6 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one

В дефолтной установке нужен запущенный httpd, без него:

cobbler check
httpd does not appear to be running and proxying cobbler, or SELinux is in the way. Original traceback:
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/cobbler/cli.py", line 184, in check_setup
    s.ping()
  File "/usr/lib/python2.6/xmlrpclib.py", line 1199, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.6/xmlrpclib.py", line 1489, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.6/xmlrpclib.py", line 1235, in request
    self.send_content(h, request_body)
  File "/usr/lib/python2.6/xmlrpclib.py", line 1349, in send_content
    connection.endheaders()
  File "/usr/lib/python2.6/httplib.py", line 908, in endheaders
    self._send_output()
  File "/usr/lib/python2.6/httplib.py", line 780, in _send_output
    self.send(msg)
  File "/usr/lib/python2.6/httplib.py", line 739, in send
    self.connect()
  File "/usr/lib/python2.6/httplib.py", line 720, in connect
    self.timeout)
  File "/usr/lib/python2.6/socket.py", line 567, in create_connection
    raise error, msg
error: [Errno 111] Connection refused

Исправление ошибок которые показывает check

1 : The 'server' field ...

исправить поле server на 172.16.250.1 (IP хоста)

2 : For PXE to be functional, the 'next_server' field in

исправить поле next_server на 172.16.250.1 (IP хоста)

3 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders'

# cobbler get-loaders
task started: 2012-08-29_114756_get_loaders
task started (id=Download Bootloader Content, time=Wed Aug 29 11:47:56 2012)
downloading http://dgoodwin.fedorapeople.org/loaders/README to /var/lib/cobbler/loaders/README
downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilo
downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloading http://dgoodwin.fedorapeople.org/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinux
downloading http://dgoodwin.fedorapeople.org/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efi
downloading http://dgoodwin.fedorapeople.org/loaders/yaboot-1.3.14-12 to /var/lib/cobbler/loaders/yaboot
downloading http://dgoodwin.fedorapeople.org/loaders/pxelinux.0-3.61 to /var/lib/cobbler/loaders/pxelinux.0
downloading http://dgoodwin.fedorapeople.org/loaders/menu.c32-3.61 to /var/lib/cobbler/loaders/menu.c32
downloading http://dgoodwin.fedorapeople.org/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efi
downloading http://dgoodwin.fedorapeople.org/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***

4 : change 'disable' to 'no' in /etc/xinetd.d/rsync

Поправить соответвенно ...

5 : debmirror package is not installed, it will be required to manage debian deployments and repositories

Игнорирую - дебиан мне не нужен

6 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one

Как и советует подсказка:

openssl passwd -1 -salt 'random-phrase-here' 'swordfish'

и вписать в конфиг

Настройка компонетов системы

Web-управление

В моей установке уже настроено проксирование через апач, аутентификация отключена. Интерфейс доступен https://172.16.250.1/cobbler_web/
Возможна аутентификация через веб-интерфейс несколькими способами: пароль, созданный утилитой htdigest (сохраняется в файле /etc/cobbler/users.digest), Kerberos, LDAP, Spacewalk/Satellite и тестовый (используется для отладки, всегда testing/testing). Но в настройках по умолчанию аутентификация через веб-интерфейс блокирована. Разрешим ее, для примера будем использовать digest-файл. Для чего в файле /etc/cobbler/modules.conf меняем значение параметра module в секции authentication:

[authentication]

  1. module = authn_denyall # блокировка аутентификации
  2. module = authn_configfile

module = authn_testing
По умолчанию логин и пароль для регистрации – cobbler/cobbler. Его следует изменить при помощи команды:

# htdigest /etc/cobbler/users.digest "Cobbler" cobbler

Сервисы

Для работы нужны запущенные

  • tftpd
  • dhcp
  • dns

tftp

dns

dhcp