1、配置chrony服务,实现服务器时间自动同步
1、准备工作: 服务器端: 192.168.37.7 系统:centos7
客户端:192.168.37.6 系统: centos6
2、安装软件,启动服务
yum install chrony
systemctl start chronyd
systemctl enable chronyd
3、对chrony的配置文件进行修改,配置服务器端
vim /etc/chrony.conf
指定上层NTP服务器为阿里云提供的公网NTP服务器
server ntp1.aliyun.com iburst minpoll 4 maxpoll 10
server ntp2.aliyun.com iburst minpoll 4 maxpoll 10
server ntp3.aliyun.com iburst minpoll 4 maxpoll 10
server ntp4.aliyun.com iburst minpoll 4 maxpoll 10
server ntp5.aliyun.com iburst minpoll 4 maxpoll 10
server ntp6.aliyun.com iburst minpoll 4 maxpoll 10
server ntp7.aliyun.com iburst minpoll 4 maxpoll 10
记录系统时钟获得/丢失时间的速率至drift文件中
driftfile /var/lib/chrony/drift
如果系统时钟的偏移量大于10秒,则允许在前三次更新中步进调整系统时钟
makestep 10 3
启用RTC(实时时钟)的内核同步
rtcsync
只允许192.168.37网段的客户端进行时间同步
allow 192.168.37.0/24
阿里云提供的公网NTP服务器不可用时,采用本地时间作为同步标准
local stratum 10
指定包含NTP验证**的文件
keyfile /etc/chrony.keys
指定存放日志文件的目录
logdir /var/log/chrony
让chronyd在选择源时忽略源的层级
stratumweight 0.05
禁用客户端访问的日志记录
noclientlog
如果时钟调整大于0.5秒,则向系统日志发送消息
logchange 0.5
4、客户端设置
yum install chrony
service chronyd start
chkconfig chronyd on
配置文件中,指向chrony服务器地址就好了
[[email protected] ~]#cat /etc/chrony.conf
server 192.168.37.7 iburst
driftfile /var/lib/chrony/drift
makestep 10 3
rtcsync
local stratum 10
keyfile /etc/chrony.keys
logdir /var/log/chrony
stratumweight 0.05
noclientlog
logchange 0.5
service chrony restart
5、测试
将centos6的时间改错,只要重启chrony服务,时间便会同步
[[email protected] ~]#date
Fri Nov 13 22:22:52 CST 2020
[[email protected] ~]#
[[email protected] ~]#date
Fri Nov 13 22:23:13 CST 2020
[[email protected] ~]#date -s “+ 1 hour”
Fri Nov 13 23:23:35 CST 2020
[[email protected] ~]#service chronyd restart
Stopping chronyd: [ OK ]
Starting chronyd: [ OK ]
[[email protected] ~]#chronyc sources -v
210 Number of sources = 1
.-- Source mode ‘^’ = server, ‘=’ = peer, ‘#’ = local clock.
/ .- Source state ‘*’ = current synced, ‘+’ = combined , ‘-’ = not combined,
| / ‘?’ = unreachable, ‘x’ = time may be in error, ‘~’ = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
^* 192.168.37.7 3 6 377 54 +5000ns[ +3600s] +/- 69ms
[[email protected] ~]#date
Fri Nov 13 22:28:45 CST 2020
2、实现cobbler+pxe自动化装机
1、简介
Cobbler是一个自动化和简化系统安装的工具,通过使用网络引导来实现系统自动化安装。Cobbler是较早前的kickstart的升级版,优点是比较容易配置,还自带web界面比较易于管理。
Cobbler构成组件包括:
Distros(发行版):表示一个操作系统,它承载了内核和initrd的信息,以及内核参数等其他数据
Profile(配置文件):包含一个发行版、一个kickstart文件以及可能的存储库,还包含更多特定的内核参数等其他数据
Systems(系统):表示要配给的额机器。它包含一个配置文件或一个景象,还包含IP和MAC地址、电源管理(地址、凭据、类型)、(网卡绑定、设置valn等)
Repository(镜像):保存一个yum或rsync存储库的镜像信息
Image(存储库):可替换一个包含不属于此类比的额文件的发行版对象(例如,无法分为内核和initrd的对象)。
本次实例我使用一台虚拟机来模拟pxe+cobbler,相关服务都安装在此服务器上,系统为centos 7
2、配置pxe支持服务
首先需要安装pxe支持所需要的相关服务:
[[email protected] ~]# yum install -y tftp tftp-server dhcp httpd #pxe可通过http或ftp等方式提供yum repository,本次我使用http提供仓库
[[email protected] ~]# yum install -y syslinux #提供pxe安装所需要的pxelinux.0等文件
接着配置dhcp服务,编辑创建dhcp配置文件:
[[email protected] ~]# vim /etc/dhcp/dhcpd.conf
option domain-name “magedu.com”;
option domain-name-servers 114.114.114.114,8.8.8.8;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.100 10.10.10.200;
option routers 10.10.10.254;
filename “pxelinux.0”;
next-server 10.10.10.254;
}
配置完成后启动dhcp服务:
[[email protected] ~]# systemctl start dhcpd
[[email protected] ~]# cat /var/lib/dhcpd/dhcpd.leases
[[email protected] ~]# systemctl start httpd
[[email protected] ~]# systemctl start tftp.socket
3、配置cobbler
[[email protected] ~]# yum install -y epel-release
[[email protected] ~]# yum install -y cobbler
[[email protected] ~]# systemctl start cobblerd
[[email protected] ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : The ‘server’ field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the ‘next_server’ field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : change ‘disable’ to ‘no’ in /etc/xinetd.d/tftp
5 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders’ to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a recent version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders’ command is the easiest way to resolve these requirements.
6 : enable and start rsyncd.service with systemctl
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : ksvalidator was not found, install pykickstart
9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to ‘cobbler’ and should be changed, try: “openssl passwd -1 -salt ‘random-phrase-here’ ‘your-password-here’” to generate new one
10 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run ‘cobbler sync’ to apply changes.
通常来说cobbler服务在初次检查时总会有各种各样的报错,我们只需要按照对应的报错寻找解决办法即可。
首先第1,2、9点都是cobbler 的配置文件,编辑修改cobbler 的配置文件即可:
[[email protected] ~]# openssl passwd -1 -salt ‘123456’ ‘magedu’ #创建新建系统默认登录密码的**串
$1
123456
123456
123456QMBx42LRqK1ZWPfItmpYG0
[[email protected] ~]# vim /etc/cobbler/settings #在cobbler配置文件中修改以下配置
server: 10.10.10.254
next_server: 10.10.10.254
default_password_crypted: “$1
123456
123456
123456QMBx42LRqK1ZWPfItmpYG0” #此处是指定自动安装的系统的登录**
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# systemctl disable firewalld
[[email protected] ~]# setenforce 0
[[email protected] ~]# vim /etc/xinetd.d/tftp
disable = no
第五点,如果当前节点可以访问互联网,执行“cobblerget-loader”命令下载pxelinux.0,menu.c32,elilo.efi, 或yaboot文件,否则,需要安装syslinux程序包,而后复制/usr/share/syslinux/中的pxelinux.0,menu.c32等文件至/var/lib/cobbler/loaders目录中,此处我们先直接复制/usr/share/syslinux目录中的文件到指定目录,看看是否能解决:
[[email protected] ~]# cp -ar /usr/share/syslinux/* /var/lib/cobbler/loaders/
[[email protected] ~]# systemctl start rsyncd
[[email protected] ~]# systemctl enable rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd
[[email protected] ~]# yum install -y debmirror pykickstart fence-agents
[[email protected] ~]# systemctl restart cobblerd
[[email protected] ~]# cobbler check
The following are potential configuration items that you may want to fix:
1 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
2 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run ‘cobbler get-loaders’ to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a recent version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The ‘cobbler get-loaders’ command is the easiest way to resolve these requirements.
3 : comment out ‘dists’ on /etc/debmirror.conf for proper debian support
4 : comment out ‘arches’ on /etc/debmirror.conf for proper debian support
第一点报错已经停用了,所以无关要紧;第二点依旧有报错,可根据提示执行cobbler get-loaders即可解决,但是前提是服务器能上网。
最后两点在的指定的文件中注释掉相应的配置段即可:
[[email protected] ~]# vim /etc/debmirror.conf
#@arches=“i386”;
#@dists=“sid”;
[[email protected] ~]# systemctl restart cobblerd
[[email protected] ~]# cobbler sync
[[email protected] ~]# mount /dev/cdrom /mnt
mount: /dev/sr0 写保护,将以只读方式挂载
[[email protected] ~]# cobbler import --name=centos-7.2-x86_64 --path=/mnt #此过程耗时较长,需耐心等待
[[email protected] ~]# cobbler distro list #导入完成后,即可查看到相应的distro名字
centos-7.2-x86_64
镜像会被自动导入到此路径下/var/www/cobbler/ks_mirror,方便后续通过http的方式获取安装源。
另外默认情况下,cobbler会生成一个最小化安装的kickstart文件,如果想要自定义其对应的kickstart profile,可通过下面操作进行:
[[email protected] ~]# cp centos7.cfg /var/lib/cobbler/kickstarts/ #复制自定义的kickstart文件到指定的目录下
[[email protected] ~]# cobbler profile add --name=centos-7.2-x86_64-custom --distro=centos-7.2-x86_64 --kickstart=/var/lib/cobbler/kickstarts/centos7.cfg #创建自定义的kickstart profile
[[email protected] ~]# cobbler profile list
centos-7.2-x86_64
centos-7.2-x86_64-custom
[[email protected] ~]# ll /var/www/cobbler/
总用量 0
drwxr-xr-x. 4 root root 54 1月 5 01:56 images
drwxr-xr-x. 5 root root 67 1月 5 01:54 ks_mirror
drwxr-xr-x. 2 root root 54 1月 5 01:56 links
drwxr-xr-x. 2 root root 6 9月 18 23:16 localmirror
drwxr-xr-x. 2 root root 37 1月 5 00:28 misc
drwxr-xr-x. 2 root root 6 9月 18 23:16 pub
drwxr-xr-x. 2 root root 6 9月 18 23:16 rendered
drwxr-xr-x. 2 root root 6 9月 18 23:16 repo_mirror
drwxr-xr-x. 2 root root 62 1月 5 00:28 svc
[[email protected] ~]# ll /var/lib/tftpboot/
总用量 308
drwxr-xr-x. 3 root root 17 1月 5 01:00 boot
drwxr-xr-x. 2 root root 6 9月 18 23:16 etc
drwxr-xr-x. 2 root root 77 1月 5 01:00 grub
drwxr-xr-x. 4 root root 54 1月 5 01:56 images
drwxr-xr-x. 2 root root 6 9月 18 23:16 images2
-rw-r–r--. 1 root root 26140 1月 5 01:00 memdisk
-rw-r–r--. 1 root root 55012 1月 5 01:00 menu.c32
drwxr-xr-x. 2 root root 6 9月 18 23:16 ppc
-rw-r–r--. 1 root root 26764 1月 5 01:00 pxelinux.0
drwxr-xr-x. 2 root root 20 1月 5 02:18 pxelinux.cfg
drwxr-xr-x. 2 root root 25 1月 5 01:00 s390x
-rw-r–r--. 1 root root 198236 1月 5 01:00 yaboot
如果确认文件都创建无误,即可进行cobbler的自动化安装测试。