第十二周作业(chrony时间服务,cobbler+pxe自动化安装)

1、配置chrony服务,实现服务器时间自动同步

chrony介绍

 包:chrony
 两个主要程序:chronyd和chronyc
 chronyd:后台运行的守护进程,用于调整内核中运行的系统时钟和时钟服务
器同步。它确定计算机增减时间的比率,并对此进行补偿
 chronyc:命令行用户工具,用于监控性能并进行多样化的配置。它可以在
chronyd实例控制的计算机上工作,也可在一台不同的远程计算机上工作
 服务unit 文件: /usr/lib/systemd/system/chronyd.service
 监听端口: 323/udp,123/udp
 配置文件: /etc/chrony.conf

配置文件chrony.conf

(1)server - 可用于时钟服务器,iburst 选项当服务器可达时,发送一个八个数据包而不是通常的一个数据包。 包间隔通常为2秒,可加快初始同步速度。
(2)driftfile - 根据实际时间计算出计算机增减时间的比率,将它记录到一个文件中,会在重启后为系统时钟作出补偿
(3)rtcsync - 启用内核模式,系统时间每11分钟会拷贝到实时时钟(RTC)
(4)allow / deny - 指定一台主机、子网,或者网络以允许或拒绝访问本服务器
(5)cmdallow / cmddeny - 可以指定哪台主机可以通过chronyd使用控制命令
(6)bindcmdaddress - 允许chronyd监听哪个接口来接收由chronyc执行的命令
(7)makestep - 通常chronyd将根据需求通过减慢或加速时钟,使得系统逐步纠正所有时间偏差。在某些特定情况下,系统时钟可能会漂移过快,导致该调整过程消耗很长的时间来纠正系统时钟。该指令强制chronyd在调整期大于某个阀值时调整系统时钟
(8)ocal stratum 10 - 即使server指令中时间服务器不可用,也允许将本地时间作为标准时间授时给其它客户端

chronyc命令

 chronyc命令
 help命令可以查看更多chronyc的交互命令
 accheck 检查是否对特定主机可访问当前服务器
 activity 显示有多少NTP源在线/离线
 sources [-v] 显示当前时间源的同步信息
 sourcestats [-v]显示当前时间源的同步统计信息
 add server 手动添加一台新的NTP服务器
 clients 报告已访问本服务器的客户端列表
 delete 手动移除NTP服务器或对等服务器
 settime 手动设置守护进程时间
 sracking 显示系统时间信息

chrony服务文件列表

[root@centos7 ~]# rpm -ql chrony 
/etc/NetworkManager/dispatcher.d/20-chrony
/etc/chrony.conf--#chrony配置文件(既是服务器配置文件,又是客户端配置文件)
/etc/chrony.keys
/etc/dhcp/dhclient.d/chrony.sh
/etc/logrotate.d/chrony
/etc/sysconfig/chronyd
/usr/bin/chronyc--#(专门的客户端工具,查看同步信息)
/usr/lib/systemd/ntp-units.d/50-chronyd.list
/usr/lib/systemd/system/[email protected]
/usr/lib/systemd/system/[email protected]
/usr/lib/systemd/system/chrony-wait.service
/usr/lib/systemd/system/chronyd.service---#(chrony的服务)
/usr/libexec/chrony-helper
/usr/sbin/chronyd--#(chrony服务主程序)
/usr/share/doc/chrony-3.4
/usr/share/doc/chrony-3.4/COPYING
/usr/share/doc/chrony-3.4/FAQ
/usr/share/doc/chrony-3.4/NEWS
/usr/share/doc/chrony-3.4/README
/usr/share/man/man1/chronyc.1.gz
/usr/share/man/man5/chrony.conf.5.gz
/usr/share/man/man8/chronyd.8.gz
/var/lib/chrony
/var/lib/chrony/drift
/var/lib/chrony/rtc
/var/log/chrony

chrony配置操作步骤----(防火墙关闭的情况)

1.安装chrony

[root@centos7 ~]# rpm -q chrony
package chrony is not installed
[root@centos7 ~]# yum install chrony -y
[root@centos7 ~]# systemctl start chronyd--#启动服务
[root@centos7 ~]# systemctl enable chronyd--#开机自启
[root@centos7 ~]# systemctl status chronyd
● chronyd.service - NTP client/server
   Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-02-25 13:42:08 CST; 16s ago
     Docs: man:chronyd(8)
           man:chrony.conf(5)
   CGroup: /system.slice/chronyd.service
           └─24544 /usr/sbin/chronyd
Feb 25 13:42:08 centos7.localdomain systemd[1]: Starting NTP client/server...
Feb 25 13:42:08 centos7.localdomain chronyd[24544]: chronyd version 3.4 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP ...EBUG)
Feb 25 13:42:08 centos7.localdomain chronyd[24544]: Initial frequency -29.465 ppm
Feb 25 13:42:08 centos7.localdomain systemd[1]: Permission denied while opening PID file or unsafe symlink chain: /var/r...d.pid
Feb 25 13:42:08 centos7.localdomain systemd[1]: Started NTP client/server.
Feb 25 13:42:13 centos7.localdomain chronyd[24544]: Selected source 203.107.6.88
Feb 25 13:42:16 centos7.localdomain chronyd[24544]: Source 193.182.111.141 replaced with 120.25.115.20
Hint: Some lines were ellipsized, use -l to show in full.

修改/etc/chrony.conf配置文件

[root@centos7 ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
#(此项是客户端用来设置同步时间服务器的地址,iburst参数加快同步时间效率,以下三行一样)
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 192.168.0.0/16---#(取消注释,填写允许某网段ntp客户端来同步,用ss -utlnp查看,看到ntp的123端口打开)
# Serve time even if not synchronized to a time source.
local stratum 10---#(取消注释表示与时间服务器断开情况下,可以使自己作为时间服务器,允许其它客户端来同步)
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking

chrony客户端只需要修改下面的配置

# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
#(作为客户端只要这里填入chrony服务器的ip)
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

chrony客户端查看命令

[root@centos6-10 ~]# chronyc sources -v
210 Number of sources = 1
  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.109.221               3   6    17     0    +45ns[  +55us] +/-   17ms

2、实现cobbler+pxe自动化装机

1、cobbler
Cobbler是一个Linux服务器安装的服务,可以通过网络启动(PXE)的方式来快速安装、重装物理服务器和虚拟机,同时还可以管理DHCP,DNS等。

Cobbler可以使用命令行方式管理,也提供了基于Web的界面管理工具(cobbler-web),还提供了API接口,可以方便二次开发使用。

cobbler集成的服务有;
PXE服务支持
DHCP服务管理
DNS服务管理(可选bind,dnsmasq)
Kickstart服务支持
YUM仓库管理
TFTP(PXE启动时需要)
Apache(提供kickstart的安装源,并提供定制化的kickstart配置)

2、cobbler的三个层次:
distro:不同的发行版系统
profile:不同配置的同一发行版系统
system:不同ip地址同一配置的同一发行版系统

3、安装配置
安装:cobbler安装yum仓库是epel源

 [root@vs ~]#yum -y  install cobbler dhcp tftp-server tftp httpd   #安装服务
[root@vs ~]# useradd user1#创建用户
 [root@vs ~]# echo "123" | passwd  --stdin user1#添加密码
 [root@vs ~]# tail -1 /etc/shadow#查询密码
user1:$6$tFcPsnxL$zoUdRFzeBCSbAgIOfFepsR4UI2uyUJCfoSe9cWCttpbGiHHWZI5sASzfrDf.y0wn.UhXMmN76t1GaGkc4uESu0:17754:0:99999:7:::
[root@vs ~]# cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/cobbler/loaders/ #复制文件到cobbler目录
[root@vs ~]# vim /etc/cobbler/settings
     server: 192.168.1.6 #修改成可以访问外网的ip地址
      next_server: 192.168.1.6 #修改成可以访问外网的ip地址
default_password_crypted: "$6$tFcPsnxL$zoUdRFzeBCSbAgIOfFepsR4UI2uyUJCfoSe9cWCttpbGiHHWZI5sASzfrDf.y0wn.UhXMmN76t1GaGkc4uESu0"#修改用户密码
[root@vs ~]# systemctl start dhcpd#启动dhcp服务
 [root@vs ~]# systemctl start tftp#启动tftp服务
[root@vs ~]# systemctl  start  rsyncd#同步启动
[root@vs ~]# systemctl start httpd#启动httpd服务
[root@vs ~]# systemctl  start  cobblerd#cobbler启动
[root@vs ~]# cobblerd check#配置检查
[root@vs ~]# cobblerd sync
[root@vs ~]# vim /etc/cobbler/settings#编辑配置文件

使用cobbler管理dhcp、dns、tftp、rsync启用或停止,这里我们都是默认为0,不使用cobbler管理这些服务,我们自己手动管理。

===== cobbler <distro|profile|system|repo|image|mgmtclass|package|file> ... [add|edit|copy|getks*|list|remove|rename|report] [options|--help] cobbler <aclsetup|buildiso|import|list|replicate|report|reposync|sync|validateks|version|signature|get-loaders|hardlink> [options|--help] [root@vs ~]# cobbler distro add --help#添加一个发行版系统 --name=NAME Name (Ex: Fedora-11-i386) #指明发行版名字 --kernel=KERNEL Kernel (Absolute path to kernel on filesystem)发行版特定的内核 --initrd=INITRD Initrd (Absolute path to kernel on filesystem)特定的inittrd --arch=ARCH Architecture (valid options: i386,x86_64,ia64,ppc,ppc64,ppc64le,s390,arm)指明此发行版的平台架构 [root@vs ~]# cobbler import --help #导入光盘镜像方式,自动生成一个distro Usage: cobbler import [options] Options: -h, --help show this help message and exit --arch=ARCH OS architecture being imported平台架构 --breed=BREED the breed being imported --os-version=OS_VERSION the version being imported --path=PATH local path or rsync location --name=NAME name, ex 'RHEL-5'对应的导入的名字 --available-as=AVAILABLE_AS tree is here, don't mirror --kickstart=KICKSTART_FILE assign this kickstart file --rsync-flags=RSYNC_FLAGS pass additional flags to rsync

当使用命令时候,cobbler将把挂载的光盘内容自动复制到/var/www/html/目录下,因此要确保磁盘空间充足

[root@vs ~]# cobbler import --name="CentOS-7.0_x86_64" --path=/media/cdrom
task started: 2018-08-12_150622_import
task started (id=Media import, time=Sun Aug 12 15:06:22 2018)
.................
*** TASK COMPLETE ***
[root@vs ~]# cobbler distro list#查询已生成的distro
   CentOS-7.0-x86_64
[root@vs ~]# cobbler profile list#查询已生成的profile,但此时没有kiskstart
[root@vs ~]# cobbler sync#同步配置
[root@vs ~]# systemctl restart cobblerd
   CentOS-7.0-x86_64

测试安装,此时profile并没有kiskstart文件,但cobbler会自动提供一个最小化安装的kiskstart文件,并完成安装