Created
July 20, 2015 09:16
-
-
Save walbert947/09d64963be6a5d4f65b5 to your computer and use it in GitHub Desktop.
Set up a simple Cobbler server for a small lab
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is very much a WIP! | |
# Set up cobbler on CentOS 7 | |
# TODO: Set up chroot BIND | |
# TODO: Enable IPv6 support | |
# Install EPEL | |
yum install \ | |
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm | |
# Install Cobbler. As of this writing (7/20/2015), the version of cobbler in | |
# the base EPEL repo has a number of known issues on CentOS 7 that make using | |
# it difficult. We'll use the newest release instead and hope for the best. | |
yum --enablerepo=epel-testing install cobbler | |
# Install BIND and ISC DHCP | |
yum install bind | |
yum install dhcp | |
# Install pykickstart | |
yum install pykickstart | |
# CentOS 7 doesn't have a good native utility for generating crypt-compatible | |
# SHA-512 hashes. Red Hat provides a method using Python here: | |
# | |
# https://access.redhat.com/solutions/221403 | |
# | |
# ... however, the one-liner leaves the password stored in plain text in the | |
# shell's history file, and AFAIK, Python's crypt library doesn't allow you to | |
# specify the number of rounds. | |
# | |
# Instead, I hopped onto the nearest Ubuntu box and ran the following: | |
mkpasswd --method=sha-512 --rounds=35000 # NOTE: Debian/Ubuntu command | |
# The above command prompts for a password, and then spits out a string to | |
# stdout beginning with $6$rounds=.... Take that text string, and add it as the | |
# value for 'default_password_crypted', making sure to include the double- | |
# quotes at the beginning and end. | |
# | |
# Example in /etc/cobbler/settings: | |
default_password_crypted: "$6$rounds=35000$mo4WQ/0A$n4tnpRAB9YNC0tx4hXmmbBwQV9YLqZXiDZUkK1bNhXe6bxFjQDbfgqpGqjUGklucaLJF6gn/7c0fBJjubUXlu0" | |
# Enable Cobbler DHCP management in /etc/cobbler/settings | |
manage_dhcp: 1 | |
# Enable Cobbler DNS management in /etc/cobbler/settings | |
manage_dns: 1 | |
# Configure the Cobbler server's IP address in /etc/cobbler/settings | |
server: 10.0.0.10 | |
# Configure the TFTP IP address in /etc/cobbler/settings | |
next_server: 10.0.0.10 | |
# Configure the master DNS server IP address in /etc/cobbler/settings | |
bind_master: 10.0.0.10 | |
# Enable PXE boot loop prevention | |
pxe_just_once: 1 | |
# Configure which forward and reverse lookup zones will be managed by Cobbler | |
# in /etc/cobbler/settings. | |
manage_forward_zones: ['lab.william-albert.com'] | |
manage_reverse_zones: ['10.0.0'] | |
# Modify the DHCP server template in /etc/cobbler/dhcp.template | |
# I used the following settings for the subnet I managed: | |
subnet 10.0.0.0 netmask 255.255.255.0 { | |
option routers 10.0.0.1; | |
option domain-name-servers 10.0.0.10; | |
option domain-name "lab.william-albert.com"; | |
option subnet-mask 255.255.255.0; | |
range dynamic-bootp 10.0.0.20 10.0.0.240; | |
default-lease-time 21600; | |
max-lease-time 43200; | |
next-server $next_server; | |
class "pxeclients" { | |
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; | |
if option pxe-system-type = 00:02 { | |
filename "ia64/elilo.efi"; | |
} else if option pxe-system-type = 00:06 { | |
filename "grub/grub-x86.efi"; | |
} else if option pxe-system-type = 00:07 { | |
filename "grub/grub-x86_64.efi"; | |
} else { | |
filename "pxelinux.0"; | |
} | |
} | |
} | |
# Modify the BIND template in /etc/cobbler/named.template. | |
# I used the following settings: | |
options { | |
listen-on port 53 { 10.0.0.10; }; | |
directory "/var/named"; | |
dump-file "/var/named/data/cache_dump.db"; | |
statistics-file "/var/named/data/named_stats.txt"; | |
memstatistics-file "/var/named/data/named_mem_stats.txt"; | |
allow-query { any; }; | |
recursion yes; | |
forwarders { 8.8.8.8; 8.8.4.4; }; | |
}; | |
# In /etc/xinetd.d/tftp, enable tftp | |
disable = no | |
# Configure SELinux rights | |
setsebool -P cobbler_can_network_connect true | |
setsebool -P httpd_can_network_connect true | |
semanage fcontext -a -t cobbler_var_lib_t "/var/lib/tftpboot/boot(/.*)?" | |
restorecon -R -v /var/lib/tftpboot/ | |
# Cobbler wants rights to /etc/secondary.conf, which doesn't exist yet | |
touch /etc/secondary.conf | |
semanage fcontext -a -t cobbler_var_lib_t "/etc/secondary.conf" | |
restorecon -v /etc/secondary.conf | |
# Enable the BIND, named, httpd, and cobbler services | |
systemctl enable cobblerd.service | |
systemctl enable named.service | |
systemctl enable dhcpd.service | |
systemctl enable httpd.service | |
# Start the httpd and cobbler service | |
systemctl start httpd.service | |
systemctl start cobblerd.service | |
# Download the needed bootloaders | |
cobbler get-loaders | |
# Restart cobbler and run a cobbler check | |
systemctl restart cobblerd.service | |
cobbler check | |
# Import CentOS 7 | |
cobbler import \ | |
--name=centos7 \ | |
--arch=x86_64 \ | |
--path=http://http://mirror.centos.org/centos/7/os/x86_64/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment