时间同步、双因子安全验证及自动化安装实现过程
时间同步、双因子安全验证及自动化安装实现过程
一、chrony实现内网时间同步
1.1 测试环境
chrony服务端 | chrony客户端 |
---|---|
内核及发行版本:4.18.0-147.el8.x86_64 | 内核及发行版本:3.10.0-1127.el7.x86_64 |
Hostname: chrony-server | Hostname: xsd7.linux.com |
IP:172.20.200.130 | IP:172.20.200.128 |
1.2 服务端设置
[root@chrony-server ~]# rpm -qf `which chronyd`chrony-3.5-1.el8.x86_64[root@chrony-server ~]# systemctl status chronyd● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:chronyd(8) man:chrony.conf(5)[root@chrony-server ~]# vim /etc/chrony.# Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).#pool 2.centos.pool.ntp.org iburstpool ntp1.aliyun.compool ntp2.aliyun.com# Allow NTP client access from local network.allow 172.20.200.0/24# Serve time even if not synchronized to a time source.local stratum 10[root@chrony-server ~]# systemctl enable --now chronydCreated symlink /etc/systemd/system/multi-user.target.wants/chronyd.service → /usr/lib/systemd/system/chronyd.service.[root@chrony-server ~]# chronycchronyc> clientsHostname NTP Drop Int IntL Last Cmd Drop Int Last===============================================================================172.20.200.128 6 0 6 - 1 0 0 - -
1.3 客户端配置
[root@xsd7 ~]# rpm -qf `which chronyc`chrony-3.4-1.el7.x86_64[root@xsd7 ~]# vim /etc/chrony.conf# Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).server 172.20.200.130 iburst[root@xsd7 ~]# systemctl enable --now chronydCreated symlink from /etc/systemd/system/multi-user.target.wants/chronyd.service to /usr/lib/systemd/system/chronyd.service.[root@xsd7 ~]# chronycchrony version 3.4Copyright (C) 1997-2003, 2007, 2009-2018 Richard P. Curnow and otherschrony comes with ABSOLUTELY NO WARRANTY. This is free software, andyou are welcome to redistribute it under certain conditions. See theGNU General Public License version 2 for details.chronyc> sources210 Number of sources = 1MS Name/IP address Stratum Poll Reach LastRx Last sample ===============================================================================^* 172.20.200.130 3 6 77 7 -103us[ -177us] +/- 32ms
二、PAM和g**模块实现ssh双因子安全验证
2.1 在服务器端安装配置g-authenticator**
#为了安装g**-authenticator,首先安装epel-release源 [root@chrony-server ~]# yum install epel-releaseTotal 36 kB/s | 23 kB 00:00 Running transaction checkTransaction check succeeded.Running transaction testTransaction test succeeded.Running transaction Preparing : 1/1 Installing : epel-release-8-8.el8.noarch 1/1 Running scriptlet: epel-release-8-8.el8.noarch 1/1 Verifying : epel-release-8-8.el8.noarch 1/1 Installed: epel-release-8-8.el8.noarch Complete!#安装g**-authenticator[root@chrony-server ~]# yum install g**-authenticator Install 1 PackageTotal download size: 57 kInstalled size: 135 kIs this ok [y/N]: yDownloading Packages:g**-authenticator-1.07-1.el8.x86_64.rpm 351 kB/s | 57 kB 00:00 -------------------------------------------------------------------------------------------------------------------------------------Total 46 kB/s | 57 kB 00:01 warning: /var/cache/dnf/epel-6519ee669354a484/packages/g**-authenticator-1.07-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEYExtra Packages for Enterprise Linux 8 - x86_64 1.2 MB/s | 1.6 kB 00:00 Importing GPG key 0x2F86D6A1: Userid : "Fedora EPEL (8) <epel@fedoraproject.org>" Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8Is this ok [y/N]: yKey imported successfullyRunning transaction checkInstalled: g**-authenticator-1.07-1.el8.x86_64 Complete!
首先在手机上安装身份验证器app:G Authenticator_v5.10_apkpure.com.apk,备用。然后运行g-authenticator,进行配置。
[root@chrony-server ~]# g**-authenticatorDo you want authentication tokens to be time-based (y/n) yWarning: pasting the following URL into your browser exposes the OTP secret to G**: https://www.g**.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/root@chrony-server%3Fsecret%3DPDM4F6QOZWHADXI4WFQWYUG6VE%26issuer%3Dchrony-server #打开此网站Failed to use libqrencode to show QR code visually for scanning.Consider typing the OTP secret into your app manually.Your new secret key is: PDM4F6QOZWHADXI4WFQWYUG6VEEnter code from app (-1 to skip): 374408 #用手机上的authenticator软件扫描网页上的二维码进行手机绑定,将 authenticator软件上面的数字填入此处 Code confirmedYour emergency scratch codes are: #此处是应急登录码 17168477 73659424 10626207 46998705 93436421Do you want me to update your "/root/.g**_authenticator" file? (y/n) yDo you want to disallow multiple uses of the same authenticationtoken? This restricts you to one login about every 30s, but it increasesyour chances to notice or even prevent man-in-the-middle attacks (y/n) yBy default, a new token is generated every 30 seconds by the mobile app.In order to compensate for possible time-skew between the client and the server,we allow an extra token before and after the current time. This allows for atime skew of up to 30 seconds between authentication server and client. If youexperience problems with poor time synchronization, you can increase the windowfrom its default size of 3 permitted codes (one previous code, the currentcode, the next code) to 17 permitted codes (the 8 previous codes, the currentcode, and the 8 next codes). This will permit for a time skew of up to 4 minutesbetween client and server.Do you want to do so? (y/n) yIf the computer that you are logging into isn't hardened against brute-forcelogin attempts, you can enable rate-limiting for the authentication module.By default, this limits attackers to no more than 3 login attempts every 30s.Do you want to enable rate-limiting? (y/n) y[root@chrony-server ~]#
2.2 更改sshd配置文件
[root@chrony-server ~]# vim /etc/pam.d/sshd#%PAM-1.0auth required pam_g**_authenticator.so #增加此行[root@chrony-server ~]# vim /etc/ssh/sshd_configChallengeResponseAuthentication yes #更改成yes[root@chrony-server ~]# systemctl restart sshd
ssh登录测试
root@xsd7 ~]# ssh 172.20.200.130Password: #root密码Verification code: #手机g** Authenticator上数字PRD System!!Activate the web console with: systemctl enable --now cockpit.socketLast failed login: Tue Mar 16 19:26:59 CST 2021 from 172.20.200.128 on ssh:nottyThere were 7 failed login attempts since the last successful login.Last login: Tue Mar 16 19:16:02 2021 from 172.20.200.138[root@chrony-server ~]# [root@chrony-server ~]# ifconfigens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.20.200.130 netmask 255.255.255.0 broadcast 172.20.200.255 inet6 fe80::9259:3fdd:3221:fd8f prefixlen 64 scopeid 0x20<link> ether 00:0c:29:c5:6f:ce txqueuelen 1000 (Ethernet) RX packets 1902 bytes 186128 (181.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1373 bytes 271461 (265.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2.3 排错
现象:反复提示输入Password: 以及Verification code: ,无法正确登录。查看/var/log/secure
Failed to update secret file "/root/.g_authenticator": Permission denied
Secret file "/root/.g_authenticator" permissions (0644) are more permissive than 0600
解决:将"/root/.g_authenticator" 权限设置成0600**
仍然反复提示输入Password: 以及Verification code: ,无法正确登录。继续查看/var/log/secure,发现
Failed to create tempfile "/root/.g**_authenticator~uVmFnS": Permission denied
解决:关闭selinux,setenforce 0
三、利用cobbler实现系统自动化安装
3.1 安装cobbler与dhcp服务
#首先安装epel源[root@xsd7 ~]# yum install epel-release.noarch Loaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.163.com * updates: mirrors.163.comResolving Dependencies--> Running transaction check---> Package epel-release.noarch 0:7-11 will be installed--> Finished Dependency ResolutionInstall 1 PackageInstalled: epel-release.noarch 0:7-11 Complete!#安装cobbler[root@xsd7 ~]# yum install cobbler -yLoaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfileepel/x86_64/metalink | 13 kB 00:00:00 * base: mirrors.aliyun.com * epel: d2lzkl7pfhq30w.cloudfront.net * extras: mirrors.163.com * updates: mirrors.163.comepel | 4.7 kB 00:00:00 (1/3): epel/x86_64/group_gz | 96 kB 00:00:00 (2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:05 (3/3): epel/x86_64/primary_db | 6.9 MB 00:00:20 Resolving Dependencies--> Running transaction check---> Package cobbler.x86_64 0:2.8.5-0.3.el7 will be installed--> Processing Dependency: httpd for package: cobbler-2.8.5-0.3.el7.x86_64Installed: cobbler.x86_64 0:2.8.5-0.3.el7 Dependency Installed: apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7 httpd.x86_64 0:2.4.6-97.el7.centos httpd-tools.x86_64 0:2.4.6-97.el7.centos mailcap.noarch 0:2.1.41-2.el7 mod_wsgi.x86_64 0:3.4-18.el7 python-cheetah.x86_64 0:2.4.4-5.el7.centos python-netaddr.noarch 0:0.7.5-9.el7 python-pillow.x86_64 0:2.0.0-21.gitd1c6db8.el7 python-pygments.noarch 0:1.4-10.el7 python2-markdown.noarch 0:2.4.1-4.el7 python2-pyyaml.noarch 0:3.10-0.el7 python2-simplejson.x86_64 0:3.10.0-2.el7 syslinux.x86_64 0:4.05-15.el7 tftp-server.x86_64 0:5.2-22.el7 Complete!#安装dhcp# yum -y instal dhcp Loaded plugins: fastestmirror, langpacksNo such command: instal. Please use /usr/bin/yum --help[root@xsd7 ~]# yum -y install cobbler dhcp Loaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.163.com * updates: mirrors.163.comInstalled: dhcp.x86_64 12:4.2.5-82.el7.centos Dependency Updated: dhclient.x86_64 12:4.2.5-82.el7.centos dhcp-common.x86_64 12:4.2.5-82.el7.centos dhcp-libs.x86_64 12:4.2.5-82.el7.centos Complete!#设置cobblerd、httpd、tftp服务开机自启动[root@xsd7 ~]# systemctl enable --now cobblerd httpd tftpCreated symlink from /etc/systemd/system/multi-user.target.wants/cobblerd.service to /usr/lib/systemd/system/cobblerd.service.Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.Created symlink from /etc/systemd/system/sockets.target.wants/tftp.socket to /usr/lib/systemd/system/tftp.socket.[root@xsd7 ~]# systemctl status cobblerd httpd tftp● cobblerd.service - Cobbler Helper Daemon Loaded: loaded (/usr/lib/systemd/system/cobblerd.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2021-03-17 11:58:26 CST; 3min 27s ago Process: 3616 ExecStartPost=/usr/bin/touch /usr/share/cobbler/web/cobbler.wsgi (code=exited, status=1/FAILURE) Main PID: 3615 (cobblerd) Tasks: 1 CGroup: /system.slice/cobblerd.service └─3615 /usr/bin/python2 -s /usr/bin/cobblerd -FMar 17 11:58:25 xsd7.linux.com systemd[1]: Starting Cobbler Helper Daemon...Mar 17 11:58:25 xsd7.linux.com touch[3616]: /usr/bin/touch: cannot touch ‘/usr/share/cobbler/web/cobbler.wsgi’: No such file…irectoryMar 17 11:58:26 xsd7.linux.com systemd[1]: Started Cobbler Helper Daemon.● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2021-03-17 11:58:26 CST; 3min 27s ago Docs: man:httpd(8) man:apachectl(8) Main PID: 3618 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" Tasks: 6 CGroup: /system.slice/httpd.service ├─3618 /usr/sbin/httpd -DFOREGROUND ├─3625 /usr/sbin/httpd -DFOREGROUND ├─3626 /usr/sbin/httpd -DFOREGROUND ├─3627 /usr/sbin/httpd -DFOREGROUND ├─3628 /usr/sbin/httpd -DFOREGROUND └─3629 /usr/sbin/httpd -DFOREGROUNDMar 17 11:58:26 xsd7.linux.com systemd[1]: Starting The Apache HTTP Server...Mar 17 11:58:26 xsd7.linux.com systemd[1]: Started The Apache HTTP Server.● tftp.service - Tftp Server Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; vendor preset: disabled) Active: active (running) since Wed 2021-03-17 11:58:26 CST; 3min 27s ago Docs: man:in.tftpd Main PID: 3619 (in.tftpd) Tasks: 1 CGroup: /system.slice/tftp.service └─3619 /usr/sbin/in.tftpd -s /var/lib/tftpbootMar 17 11:58:26 xsd7.linux.com systemd[1]: Started Tftp Server.Hint: Some lines were ellipsized, use -l to show in full.
3.2 配置cobblerd
#编辑cobblerd配置文件,调整以下三个参数[root@xsd7 ~]# vim /etc/cobbler/settingsnext_server: 172.20.200.128server: 172.20.200.128manage_dhcp: 1[root@xsd7 ~]# cobbler checkThe following are potential configuration items that you may want to fix:1 : change 'disable' to 'no' in /etc/xinetd.d/tftp2 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.3 : enable and start rsyncd.service with systemctl4 : debmirror package is not installed, it will be required to manage debian deployments and repositories5 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one6 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use themRestart cobblerd and then run 'cobbler sync' to apply changes.
3.3 实现dhcp服务
#边界cobbler的dhcp模板[root@xsd7 ~]# vim /etc/cobbler/dhcp.templatesubnet 172.20.200.0 netmask 255.255.255.0 { option routers 172.20.200.2; option domain-name-servers 180.76.76.76; option subnet-mask 255.255.255.0; range dynamic-bootp 172.20.200.200 171.20.200.253;#将配置同步到dhcp配置文件中[root@xsd7 ~]# cobbler synctask started: 2021-03-17_125453_synctask started (id=Sync, time=Wed Mar 17 12:54:53 2021)running pre-sync triggerscleaning treesremoving: /var/lib/tftpboot/pxelinux.cfg/defaultremoving: /var/lib/tftpboot/grub/imagesremoving: /var/lib/tftpboot/grub/efidefaultremoving: /var/lib/tftpboot/s390x/profile_listcopying bootloaderscopying distros to tftpbootcopying imagesgenerating PXE configuration filesgenerating PXE menu structurerendering DHCP filesgenerating /etc/dhcp/dhcpd.confrendering TFTPD filesgenerating /etc/xinetd.d/tftpcleaning link cachesrunning post-sync triggersrunning python triggers from /var/lib/cobbler/triggers/sync/post/*running python trigger cobbler.modules.sync_post_restart_servicesrunning: dhcpd -t -qreceived on stdout: received on stderr: running: service dhcpd restartreceived on stdout: received on stderr: Redirecting to /bin/systemctl restart dhcpd.servicerunning shell triggers from /var/lib/cobbler/triggers/sync/post/*running python triggers from /var/lib/cobbler/triggers/change/*running python trigger cobbler.modules.manage_gendersrunning python trigger cobbler.modules.scm_trackrunning shell triggers from /var/lib/cobbler/triggers/change/**** TASK COMPLETE ***#重启DHCP服务,查看状态[root@xsd7 ~]# systemctl start dhcpd[root@xsd7 ~]# systemctl status dhcpd● dhcpd.service - DHCPv4 Server Daemon Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2021-03-17 12:54:54 CST; 6min ago Docs: man:dhcpd(8) man:dhcpd.conf(5) Main PID: 2666 (dhcpd) Status: "Dispatching packets..." Tasks: 1 CGroup: /system.slice/dhcpd.service └─2666 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
3.4 下载启动相关文件到/var/lib/tftpboot/
#下载PXE相关文件root@xsd7 ~]# cobbler get-loaderstask started: 2021-03-17_132703_get_loaderstask started (id=Download Bootloader Content, time=Wed Mar 17 13:27:03 2021)path /var/lib/cobbler/loaders/README already exists, not overwriting existing content, use --force if you wish to updatedownloading https://cobbler.github.io/loaders/COPYING.elilo to /var/lib/cobbler/loaders/COPYING.elilodownloading https://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yabootdownloading https://cobbler.github.io/loaders/COPYING.syslinux to /var/lib/cobbler/loaders/COPYING.syslinuxdownloading https://cobbler.github.io/loaders/elilo-3.8-ia64.efi to /var/lib/cobbler/loaders/elilo-ia64.efidownloading https://cobbler.github.io/loaders/yaboot-1.3.17 to /var/lib/cobbler/loaders/yabootdownloading https://cobbler.github.io/loaders/pxelinux.0-3.86 to /var/lib/cobbler/loaders/pxelinux.0downloading https://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32downloading https://cobbler.github.io/loaders/grub-0.97-x86.efi to /var/lib/cobbler/loaders/grub-x86.efidownloading https://cobbler.github.io/loaders/grub-0.97-x86_64.efi to /var/lib/cobbler/loaders/grub-x86_64.efi*** TASK COMPLETE ***#同步下载文件到tftp工作目录[root@xsd7 ~]# cobbler sync task started: 2021-03-17_133543_synctask started (id=Sync, time=Wed Mar 17 13:35:43 2021)running pre-sync triggerscleaning treesremoving: /var/lib/tftpboot/pxelinux.cfg/defaultremoving: /var/lib/tftpboot/grub/imagesremoving: /var/lib/tftpboot/grub/efidefaultremoving: /var/lib/tftpboot/s390x/profile_listcopying bootloaderstrying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0copying: /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32copying: /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32trying hardlink /var/lib/cobbler/loaders/yaboot -> /var/lib/tftpboot/yaboottrying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efitrying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.eficopying distros to tftpbootcopying imagesgenerating PXE configuration filesgenerating PXE menu structurerendering DHCP filesgenerating /etc/dhcp/dhcpd.confrendering TFTPD filesgenerating /etc/xinetd.d/tftpcleaning link cachesrunning post-sync triggersrunning python triggers from /var/lib/cobbler/triggers/sync/post/*running python trigger cobbler.modules.sync_post_restart_servicesrunning: dhcpd -t -qreceived on stdout: received on stderr: running: service dhcpd restartreceived on stdout: received on stderr: Redirecting to /bin/systemctl restart dhcpd.servicerunning shell triggers from /var/lib/cobbler/triggers/sync/post/*running python triggers from /var/lib/cobbler/triggers/change/*running python trigger cobbler.modules.manage_gendersrunning python trigger cobbler.modules.scm_trackrunning shell triggers from /var/lib/cobbler/triggers/change/**** TASK COMPLETE ***
3.5 导入CentOS7、8系统的安装文件
#导入centos8.1系统镜像文件[root@xsd7 cd]# cobbler import --name=centos-8.1-x86_64 --path=/misc/cd --arch=x86_64 task started: 2021-03-17_155515_importtask started (id=Media import, time=Wed Mar 17 15:55:15 2021)Found a candidate signature: breed=redhat, version=rhel8No signature matched in /var/www/cobbler/ks_mirror/centos-8.1-x86_64!!! TASK FAILED !!!#更新cobbler signature,解决上面问题[root@xsd7 misc]# cobbler signature update task started: 2021-03-17_193227_sigupdatetask started (id=Updating Signatures, time=Wed Mar 17 19:32:27 2021)Successfully got file from https://cobbler.github.io/signatures/2.8.x/latest.json*** TASK COMPLETE ***#再次导入centos8.1系统镜像文件[root@xsd7 misc]# cobbler import --name=centos-8.1-x86_64 --path=/misc/cd --arch=x86_64 task started: 2021-03-17_193707_importtask started (id=Media import, time=Wed Mar 17 19:37:07 2021)Found a candidate signature: breed=suse, version=sles15genericFound a candidate signature: breed=suse, version=opensuse15.0Found a candidate signature: breed=suse, version=opensuse15.1Found a candidate signature: breed=redhat, version=rhel8Found a matching signature: breed=redhat, version=rhel8Adding distros from path /var/www/cobbler/ks_mirror/centos-8.1-x86_64:creating new distro: centos-8.1-x86_64trying symlink: /var/www/cobbler/ks_mirror/centos-8.1-x86_64 -> /var/www/cobbler/links/centos-8.1-x86_64creating new profile: centos-8.1-x86_64associating reposchecking for rsync repo(s)checking for rhn repo(s)checking for yum repo(s)starting descent into /var/www/cobbler/ks_mirror/centos-8.1-x86_64 for centos-8.1-x86_64processing repo at : /var/www/cobbler/ks_mirror/centos-8.1-x86_64/AppStreamneed to process repo/comps: /var/www/cobbler/ks_mirror/centos-8.1-x86_64/AppStreamlooking for /var/www/cobbler/ks_mirror/centos-8.1-x86_64/AppStream/repodata/*comps*.xmlerror launching createrepo (not installed?), ignoringException occured: <type 'exceptions.IOError'>Exception value: [Errno 2] No such file or directory: '/var/www/cobbler/ks_mirror/config/centos-8.1-x86_64.repo'Exception Info: File "/usr/lib/python2.7/site-packages/cobbler/modules/manage_import_signatures.py", line 599, in yum_process_comps_file config_file = open(fname, "w+")processing repo at : /var/www/cobbler/ks_mirror/centos-8.1-x86_64/BaseOSneed to process repo/comps: /var/www/cobbler/ks_mirror/centos-8.1-x86_64/BaseOSlooking for /var/www/cobbler/ks_mirror/centos-8.1-x86_64/BaseOS/repodata/*comps*.xmlerror launching createrepo (not installed?), ignoringException occured: <type 'exceptions.IOError'>Exception value: [Errno 2] No such file or directory: '/var/www/cobbler/ks_mirror/config/centos-8.1-x86_64-1.repo'Exception Info: File "/usr/lib/python2.7/site-packages/cobbler/modules/manage_import_signatures.py", line 599, in yum_process_comps_file config_file = open(fname, "w+")*** TASK COMPLETE ***#导入centos7系统镜像文件[root@xsd7 ~]# cobbler import --name=CentOS-7-x86_64 --path=/mnt --arch=x86_64 task started: 2021-03-17_151443_importtask started (id=Media import, time=Wed Mar 17 15:14:43 2021)Found a candidate signature: breed=redhat, version=rhel6Found a candidate signature: breed=redhat, version=rhel7Found a matching signature: breed=redhat, version=rhel7Adding distros from path /var/www/cobbler/ks_mirror/CentOS-7-x86_64:creating new distro: CentOS-7-x86_64trying symlink: /var/www/cobbler/ks_mirror/CentOS-7-x86_64 -> /var/www/cobbler/links/CentOS-7-x86_64creating new profile: CentOS-7-x86_64associating reposchecking for rsync repo(s)checking for rhn repo(s)checking for yum repo(s)starting descent into /var/www/cobbler/ks_mirror/CentOS-7-x86_64 for CentOS-7-x86_64processing repo at : /var/www/cobbler/ks_mirror/CentOS-7-x86_64need to process repo/comps: /var/www/cobbler/ks_mirror/CentOS-7-x86_64looking for /var/www/cobbler/ks_mirror/CentOS-7-x86_64/repodata/*comps*.xmlerror launching createrepo (not installed?), ignoringException occured: <type 'exceptions.IOError'>Exception value: [Errno 2] No such file or directory: '/var/www/cobbler/ks_mirror/config/CentOS-7-x86_64.repo'Exception Info: File "/usr/lib/python2.7/site-packages/cobbler/modules/manage_import_signatures.py", line 599, in yum_process_comps_file config_file = open(fname, "w+")*** TASK COMPLETE ***
3.6 准备kickstart文件并与导入镜像关联
#安装编辑kickstart文件工具system-config-kickstart[root@xsd7 kickstarts]# yum install system-config-kickstart Loaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirrors.163.com * epel: mirrors.coreix.net * extras: mirrors.aliyun.com * updates: mirrors.163.comDependency Installed: gnome-python2.x86_64 0:2.28.1-14.el7 gnome-python2-canvas.x86_64 0:2.28.1-14.el7 libart_lgpl.x86_64 0:2.3.21-10.el7 libgnomecanvas.x86_64 0:2.30.3-8.el7 rarian.x86_64 0:0.8.1-11.el7 rarian-compat.x86_64 0:0.8.1-11.el7 system-config-date.noarch 0:1.10.6-3.el7.centos system-config-date-docs.noarch 0:1.0.11-4.el7 system-config-keyboard.noarch 0:1.4.0-5.el7 system-config-keyboard-base.noarch 0:1.4.0-5.el7 system-config-language.noarch 0:1.4.0-9.el7 usermode-gtk.x86_64 0:1.111-6.el7 Complete! #安装pykickstart软件包,其中的ksvalidator工具可以检查kickstart文件语法是否正确root@xsd7 kickstarts]# yum install pykickstart Loaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirrors.163.com * epel: mirror.init7.net * extras: mirrors.aliyun.com * updates: mirrors.163.comUpdated: pykickstart.noarch 0:1.99.66.22-1.el7 Complete!#将centos7镜像与ks7.cfg文件关联并生成菜单[root@xsd7 kickstarts]# cobbler profile --name=centos7 --distro=centos7-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks7.cfg usage=====cobbler profile addcobbler profile copycobbler profile dumpvarscobbler profile editcobbler profile findcobbler profile getkscobbler profile listcobbler profile removecobbler profile renamecobbler profile report[root@xsd7 kickstarts]# #将centos8.1镜像与ks8.cfg文件关联并生成菜单[root@xsd7 kickstarts]# cobbler profile --name=centos8.1 --distro=centos-8.1-x86_64 --kickstart=/var/lib/cobbler/kickstarts/ks8.cfg usage=====cobbler profile addcobbler profile copycobbler profile dumpvarscobbler profile editcobbler profile findcobbler profile getkscobbler profile listcobbler profile removecobbler profile renamecobbler profile report#修改启动菜单名称[root@xsd7 ks_mirror]# vim /etc/cobbler/pxe/pxedefault.templateDEFAULT menuPROMPT 0MENU TITLE Cobbler | xsd homework #修改菜单名字TIMEOUT 200TOTALTIMEOUT 6000ONTIMEOUT $pxe_timeout_profileLABEL local MENU LABEL (local) MENU DEFAULT LOCALBOOT -1$pxe_menu_itemsMENU end~ #同步数据并生成菜单[root@xsd7 kickstarts]# # cobbler synctask started: 2021-03-17_200713_synctask started (id=Sync, time=Wed Mar 17 20:07:13 2021)running pre-sync triggerscleaning treesremoving: /var/www/cobbler/images/CentOS-7-x86_64removing: /var/www/cobbler/images/centos-8.1-x86_64removing: /var/lib/tftpboot/pxelinux.cfg/defaultremoving: /var/lib/tftpboot/grub/imagesremoving: /var/lib/tftpboot/grub/grub-x86.efiremoving: /var/lib/tftpboot/grub/grub-x86_64.efiremoving: /var/lib/tftpboot/grub/efidefaultremoving: /var/lib/tftpboot/images/CentOS-7-x86_64removing: /var/lib/tftpboot/images/centos-8.1-x86_64removing: /var/lib/tftpboot/s390x/profile_listcopying bootloaderstrying hardlink /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0copying: /var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0trying hardlink /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32copying: /var/lib/cobbler/loaders/menu.c32 -> /var/lib/tftpboot/menu.c32trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efitrying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.eficopying distros to tftpbootcopying files for distro: centos-8.1-x86_64trying hardlink /var/www/cobbler/ks_mirror/centos-8.1-x86_64/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/centos-8.1-x86_64/vmlinuztrying hardlink /var/www/cobbler/ks_mirror/centos-8.1-x86_64/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/centos-8.1-x86_64/initrd.imgcopying files for distro: CentOS-7-x86_64trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/CentOS-7-x86_64/vmlinuztrying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/CentOS-7-x86_64/initrd.imgcopying imagesgenerating PXE configuration filesgenerating PXE menu structurecopying files for distro: centos-8.1-x86_64trying hardlink /var/www/cobbler/ks_mirror/centos-8.1-x86_64/images/pxeboot/vmlinuz -> /var/www/cobbler/images/centos-8.1-x86_64/vmlinuztrying hardlink /var/www/cobbler/ks_mirror/centos-8.1-x86_64/images/pxeboot/initrd.img -> /var/www/cobbler/images/centos-8.1-x86_64/initrd.imgWriting template files for centos-8.1-x86_64copying files for distro: CentOS-7-x86_64trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64/images/pxeboot/vmlinuz -> /var/www/cobbler/images/CentOS-7-x86_64/vmlinuztrying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64/images/pxeboot/initrd.img -> /var/www/cobbler/images/CentOS-7-x86_64/initrd.imgWriting template files for CentOS-7-x86_64rendering DHCP filesgenerating /etc/dhcp/dhcpd.confrendering TFTPD filesgenerating /etc/xinetd.d/tftpprocessing boot_files for distro: centos-8.1-x86_64processing boot_files for distro: CentOS-7-x86_64cleaning link cachesrunning post-sync triggersrunning python triggers from /var/lib/cobbler/triggers/sync/post/*running python trigger cobbler.modules.sync_post_restart_servicesrunning: dhcpd -t -qreceived on stdout: received on stderr: running: service dhcpd restartreceived on stdout: received on stderr: Redirecting to /bin/systemctl restart dhcpd.servicerunning shell triggers from /var/lib/cobbler/triggers/sync/post/*running python triggers from /var/lib/cobbler/triggers/change/*running python trigger cobbler.modules.manage_gendersrunning python trigger cobbler.modules.scm_trackrunning shell triggers from /var/lib/cobbler/triggers/change/**** TASK COMPLETE ***
3.7 通过网络自动安装系统
选择网卡启动
选择要安装的系统
找到内核并引导
开始自动安装
登录自动安装的系统
©著作权归作者所有:来自51CTO博客作者IPSI250的原创作品,如需转载,请注明出处,否则将追究法律责任更多相关文章
- 点云处理库pclpy安装
- RHEL7.6安装Oracle11g数据库--4、创建数据库
- 自动安装nginx脚本
- Kafka单节点至集群的安装部署及注意事项
- Github 星标 8K+ 这款国人开源的 Redis 可视化管理工具,真香...
- 仅需一步!直接在 Windows 下使用 Linux
- win10系统与华为模拟器ensp完美结合解决方案
- Hadoop伪分布式集群安装部署
- python怎么安装pip