CentOS自动化安装实战
时间:2023-06-02 16:16:41 来源: 人气:
定制自动化安装盘, # 安装所需要的软件包:, 代码如下:, yum -y install createrepo mkisofs isomd5sum, # 生成精简后的rpm列表, 代码如下:, awk /安装/{print $2} install.log |sed s/^[0-9]*://g >/root/packages.list //我的是中文环境具体看log里是什么, # 约束目录结构, 代码如下:, mkdir -p /mnt/cdrom, mkdir -p /data/OS, mount /dev/cdrom /mnt/cdrom, rsync –a --exclude=Packages /mnt/cdrom/* /data/OS, mkdir /data/OS/Packages, # 将精简后的rpm文件 拷贝到新的系统目录里, # 拷贝到新的系统目录方法很多,这里省事儿就用了替换命令 但是结果都一样啊 呵呵, 复制代码, 代码如下:, cp /mnt/cdrom/Packages/libgcc-4.4.7-3.el6.x86_64, cp /mnt/cdrom/Packages/setup-2.8.14-20.el6.noarch, cp /mnt/cdrom/Packages/filesystem-2.4.30-3.el6.x86_64, cp /mnt/cdrom/Packages/xml-common-0.6.3-32.el6.noarch, cp /mnt/cdrom/Packages/cjkuni-fonts-common-0.2.20080216.1-35.el6.noarch, cp /mnt/cdrom/Packages/iso-codes-3.16-2.el6.noarch, cp /mnt/cdrom/Packages/basesystem-10.0-4.el6.noarch, cp /mnt/cdrom/Packages/dmz-cursor-themes-0.4-4.el6.noarch, cp /mnt/cdrom/Packages/libX11-common-1.5.0-4.el6.noarch, cp /mnt/cdrom/Packages/ca-certificates-2010.63-3.el6_1.5.noarch, cp /mnt/cdrom/Packages/ncurses-base-5.7-3.20090208.el6.x86_64, cp /mnt/cdrom/Packages/tzdata-2012j-1.el6.noarch, cp /mnt/cdrom/Packages/glibc-common-2.12-1.107.el6.x86_64, cp /mnt/cdrom/Packages/nss-softokn-freebl-3.12.9-11.el6.x86_64, cp /mnt/cdrom/Packages/glibc-2.12-1.107.el6.x86_64, cp /mnt/cdrom/Packages/ncurses-libs-5.7-3.20090208.el6.x86_64, cp /mnt/cdrom/Packages/bash-4.1.2-14.el6.x86_64, cp /mnt/cdrom/Packages/libattr-2.4.44-7.el6.x86_64, cp /mnt/cdrom/Packages/libcap-2.16-5.5.el6.x86_64, cp /mnt/cdrom/Packages/zlib-1.2.3-29.el6.x86_64, cp /mnt/cdrom/Packages/dbus-libs-1.2.24-7.el6_3.x86_64, cp /mnt/cdrom/Packages/info-4.13a-8.el6.x86_64, cp /mnt/cdrom/Packages/libxml2-2.7.6-8.el6_3.4.x86_64, :%s/^/cp /mnt/cdrom/Packages//g, cp /mnt/cdrom/Packages/cjkuni-uming-fonts-0.2.20080216.1-35.el6.noarch.rpm, cp /mnt/cdrom/Packages/cjkuni-ukai-fonts-0.2.20080216.1-35.el6.noarch.rpm, cp /mnt/cdrom/Packages/man-pages-3.22-20.el6.noarch.rpm, cp /mnt/cdrom/Packages/words-3.0-17.el6.noarch.rpm, cp /mnt/cdrom/Packages/centos-indexhtml-6-1.el6.centos.noarch.rpm, cp /mnt/cdrom/Packages/ql2400-firmware-5.08.00-1.el6.noarch.rpm, cp /mnt/cdrom/Packages/iwl5000-firmware-8.83.5.1_1-1.el6_1.1.noarch.rpm, cp /mnt/cdrom/Packages/ql2100-firmware-1.19.38-3.1.el6.noarch.rpm, cp /mnt/cdrom/Packages/ivtv-firmware-20080701-20.2.noarch.rpm, cp /mnt/cdrom/Packages/libertas-usb8388-firmware-5.110.22.p23-3.1.el6.noarch.rpm, cp /mnt/cdrom/Packages/xorg-x11-drv-ati-firmware-6.99.99-1.el6.noarch.rpm, cp /mnt/cdrom/Packages/ql2500-firmware-5.08.00-1.el6.noarch.rpm, cp /mnt/cdrom/Packages/atmel-firmware-1.3-7.el6.noarch.rpm, cp /mnt/cdrom/Packages/zd1211-firmware-1.4-4.el6.noarch.rpm, cp /mnt/cdrom/Packages/iwl4965-firmware-228.61.2.24-2.1.el6.noarch.rpm, cp /mnt/cdrom/Packages/rt61pci-firmware-1.2-7.el6.noarch.rpm, cp /mnt/cdrom/Packages/iwl3945-firmware-15.32.2.9-4.el6.noarch.rpm, cp /mnt/cdrom/Packages/ql2200-firmware-2.02.08-3.1.el6.noarch.rpm, cp /mnt/cdrom/Packages/rt73usb-firmware-1.8-7.el6.noarch.rpm, cp /mnt/cdrom/Packages/ipw2100-firmware-1.3-11.el6.noarch.rpm, cp /mnt/cdrom/Packages/ql23xx-firmware-3.03.27-3.1.el6.noarch.rpm, cp /mnt/cdrom/Packages/ipw2200-firmware-3.1-4.el6.noarch.rpm, cp /mnt/cdrom/Packages/rootfiles-8.1-6.1.el6.noarch.rpm, :%s/$/.rpm/g, cp /mnt/cdrom/Packages/cjkuni-uming-fonts-0.2.20080216.1-35.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/cjkuni-ukai-fonts-0.2.20080216.1-35.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/man-pages-3.22-20.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/words-3.0-17.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/centos-indexhtml-6-1.el6.centos.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/ql2400-firmware-5.08.00-1.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/iwl5000-firmware-8.83.5.1_1-1.el6_1.1.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/ql2100-firmware-1.19.38-3.1.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/ivtv-firmware-20080701-20.2.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/libertas-usb8388-firmware-5.110.22.p23-3.1.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/xorg-x11-drv-ati-firmware-6.99.99-1.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/ql2500-firmware-5.08.00-1.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/atmel-firmware-1.3-7.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/zd1211-firmware-1.4-4.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/iwl4965-firmware-228.61.2.24-2.1.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/rt61pci-firmware-1.2-7.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/iwl3945-firmware-15.32.2.9-4.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/ql2200-firmware-2.02.08-3.1.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/rt73usb-firmware-1.8-7.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/ipw2100-firmware-1.3-11.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/ql23xx-firmware-3.03.27-3.1.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/ipw2200-firmware-3.1-4.el6.noarch.rpm /data/OS/Packages, cp /mnt/cdrom/Packages/rootfiles-8.1-6.1.el6.noarch.rpm /data/OS/Packages, :%s/$/ /data/OS/Packages/g, # 创建ks.cfg文件 默认安装完系统就会安装所有的定制软件包了, # 关键字, 代码如下:, %post --nochroot %post, [root@test OS]# pwd, /data/OS, [root@test OS]# cat ks.cfg, firewall --disabled, install, cdrom, rootpw --iscrypted $1$stMs72eG$G3f0zhGBjp6/SioZ28CxQ0, auth --useshadow --passalgo=md5, text, firstboot --disable, keyboard us, lang en_US.UTF-8, selinux --disabled, # Do not configure the X Window System, skipx, logging --level=info, reboot --eject, timezone Asia/Shanghai, network --device em1 --bootproto=static --ip=192.168.7.123 --netmask=255.255.248.0 --gateway=192.1s, bootloader --location=mbr --driveorder=sda, # Clear the Master Boot Record, zerombr yes, # Partition clearing information, clearpart --all --initlabel, # Disk partitioning information, part / --fstype="ext4" --size=10240, part swap --size=4096, part /data --fstype="ext4" --grow --size=1, %packages, @base, @core, @server-policy, sgpio, device-mapper-persistent-data, ntp, %post --nochroot, mkdir -p /mnt/sysimage/tmp/custom_data >> /tmp/custom.log 2>&1, cp /mnt/source/Packages/lnmp_pack.tar.gz /mnt/sysimage/tmp/custom_data >> /tmp/custom.log 2>&1, cp /mnt/source/Packages/install_packages.sh /mnt/sysimage/tmp/custom_data >> /tmp/custom.log 2>&1, cp /mnt/source/Packages/ncftp-3.2.5-src.tar.gz /mnt/sysimage/tmp/custom_data >>/tmp/custom.log 2>&1, cp /mnt/source/Packages/rarlinux-3.8.0.tar.gz /mnt/sysimage/tmp/custom_data >>/tmp/custom.log 2>&1, cp /mnt/source/Packages/nmon_linux_14i.tar.gz /mnt/sysimage/tmp/custom_data >>/tmp/custom.log 2>&1, %post, cd /tmp/custom_data >> /tmp/custom.log 2>&1, chmod +x install_packages.sh, sh install_packages.sh, # remove custom_data, rm -rf /tmp/custom_data, #vim syntax on, echo alias vi=vim >> /etc/bashrc, # disable ipv6, echo "alias net-pf-10 off" >> /etc/modprobe.d/dist.conf, echo -e "optionstipv6tdisable=1" >> /etc/modprobe.d/dist.conf, echo "NETWORKING_IPV6=no" >> /etc/sysconfig/network, #append lib, echo "/usr/local/lib/" >> /etc/ld.so.conf, #modify lang, echo export LANG=zh_CN.UTF8 >> /etc/profile, #disable system auto mail, echo "unset MAILCHECK" >> /etc/profile, #modify history, echo export HISTTIMEFORMAT="%F %T `whoami` " >> /etc/profile, sed -i "s/HISTSIZE=1000/HISTSIZE=999999999/" /etc/profile, #modifu ssh port on 3389, echo Port 3389 >> /etc/ssh/sshd_config, echo UseDNS no >> /etc/ssh/sshd_config, for i in `ls /etc/rc3.d/S*`, do, CURSRV=`echo $i|cut -c 15-`, chkconfig --level 3 $CURSRV off, done, for i in crond rsyslog iptables network ntpd sshd sysstat;do chkconfig --level 3 $i on;done, sed -i /HOSTNAME=/d /etc/sysconfig/network, echo HOSTNAME=test >> /etc/sysconfig/network, # sysctl, echo "net.core.netdev_max_backlog = 32768" >> /etc/sysctl.conf, echo "net.core.rmem_default = 8388608" >> /etc/sysctl.conf, echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf, echo "net.core.somaxconn = 32768" >> /etc/sysctl.conf, echo "net.core.wmem_default = 8388608" >> /etc/sysctl.conf, echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf, echo "net.ipv4.ip_local_port_range = 5000 65000" >> /etc/sysctl.conf, echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf, echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf, echo "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf, echo "net.ipv4.tcp_max_syn_backlog = 65536" >> /etc/sysctl.conf, echo "net.ipv4.tcp_max_tw_buckets = 5000" >> /etc/sysctl.conf, echo "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf, echo "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf, echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf, echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf, echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf, echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf, echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf, /sbin/sysctl -p, # modify core ulimt, echo -e "*tsofttnofilet65535" >> /etc/security/limits.conf, echo -e "*thardtnofilet65535" >> /etc/security/limits.conf, echo -e "*tsofttnofilet65535" >> /etc/security/limits.d/90-nproc.conf, echo -e "*thardtnofilet65535" >> /etc/security/limits.d/90-nproc.conf, # ntpd, cat > /etc/sysconfig/clock < /etc/sysconfig/iptables <, *filter, #############################################, # disabled (INPUT,FORWARD,OUTPUT), :INPUT DROP, :FORWARD DROP, :OUTPUT DROP, # enabled lo, -A INPUT -i lo -j ACCEPT, -A OUTPUT -o lo -j ACCEPT, -A FORWARD -o lo -j ACCEPT, # enabled em2, # Be careful of the network adapter name, -A INPUT -i em2 -j ACCEPT, -A OUTPUT -o em2 -j ACCEPT, -A FORWARD -o em2 -j ACCEPT, # enabled ping, -A INPUT -p icmp -j ACCEPT, -A OUTPUT -p icmp -j ACCEPT, # enabled ntp, -A INPUT -p udp -m udp --dport 123 -j ACCEPT, -A OUTPUT -p udp -m udp --sport 123 -j ACCEPT, # dns, -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT, -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT, -A INPUT -p udp -m udp --sport 53 -j ACCEPT, -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT, #############################################, #############################################, # team ssh, # all, -A INPUT -p tcp -m tcp --dport 3389 -j ACCEPT, -A OUTPUT -p tcp -m tcp --sport 3389 -j ACCEPT, # suzhouqiao, -A INPUT -s 118.145.x.xx -p tcp -m tcp --dport 3389 -j ACCEPT, -A OUTPUT -d 118.145.x.xx -p tcp -m tcp --sport 3389 -j ACCEPT, -A INPUT -s 115.182.x.xx -p tcp -m tcp --dport 3389 -j ACCEPT, -A OUTPUT -d 115.182.x.xxx -p tcp -m tcp --sport 3389 -j ACCEPT, # corporate, -A INPUT -s 119.253.59.x -p tcp -m tcp --dport 3389 -j ACCEPT, -A OUTPUT -d 119.253.xx.1x0 -p tcp -m tcp --sport 3389 -j ACCEPT, -A INPUT -s 203.187.xx1.x -p tcp -m tcp --dport 3389 -j ACCEPT, -A OUTPUT -d 203.x7.x1.x -p tcp -m tcp --sport 3389 -j ACCEPT, -A INPUT -s 211.103.xxs.x0 -p tcp -m tcp --dport 3389 -j ACCEPT, -A OUTPUT -d 211.103.xx.xxx -p tcp -m tcp --sport 3389 -j ACCEPT, -A INPUT -s 119.253.x9.xx -p tcp -m tcp --dport 3389 -j ACCEPT, -A OUTPUT -d 119.253.xx.xx -p tcp -m tcp --sport 3389 -j ACCEPT, -A INPUT -s 119.253.xx.xx2 -p tcp -m tcp --dport 3389 -j ACCEPT, -A OUTPUT -d 119.253.x.xx -p tcp -m tcp --sport 3389 -j ACCEPT, -A INPUT -s 203.187.xx.1xx -p tcp -m tcp --dport 3389 -j ACCEPT, -A OUTPUT -d 203.187.1xx.xx -p tcp -m tcp --sport 3389 -j ACCEPT, #############################################, #############################################, # jiankongbao, -A INPUT -s 60.xx.249.xx -p udp -m udp --dport 161 -j ACCEPT, -A OUTPUT -d 60.xx.xx.x3 -p udp -m udp --sport 161 -j ACCEPT, -A INPUT -s 60.195.252.xx -p udp -m udp --dport 161 -j ACCEPT, -A OUTPUT -d 60.195.xx.107 -p udp -m udp --sport 161 -j ACCEPT, -A INPUT -s 60.195.x.xx -p udp -m udp --dport 161 -j ACCEPT, -A OUTPUT -d 60.195.x.1xx -p udp -m udp --sport 161 -j ACCEPT, -A INPUT -s 125.76.sxx -p udp -m udp --dport 161 -j ACCEPT, -A OUTPUT -d 125.76.xx.xx -p udp -m udp --sport 161 -j ACCEPT, #############################################, #############################################, # project port, #############################################, COMMIT, EOF, %end, # 让系统从kickstart配置启动安装, 代码如下:, [root@test isolinux]# pwd, /data/OS/isolinux, [root@test isolinux]# cat isolinux.cfg, default linux ks=cdrom:/ks.cfg, prompt 1, timeout 100, display boot.msg, F1 boot.msg, F2 options.msg, F3 general.msg, F4 param.msg, F5 rescue.msg, label linux, kernel vmlinuz, append initrd=initrd.img, label text, kernel vmlinuz, append initrd=initrd.img text, label ks, kernel vmlinuz, append ks initrd=initrd.img, label local, localboot 1, label memtest86, kernel memtest, append -, # 生成rpm包的依赖关系, 代码如下:, [root@test ~]# cd /data/OS/, [root@test OS]# createrepo -g repodata/*-comps.xml /data/OS/, # 生成iso镜像, 代码如下:, mkisofs -R -J -T -r -l -d -joliet-long -allow-multidot, -allow-leading-dots -no-bak -o /data/CentOS-6.4-x86_64-mini.iso, -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot, -boot-load-size 4 -boot-info-table /data/OS, # 生成MD5校验码 //本人没有执行这条命令原因是如果需要修改iso里的内容会导致光盘无法使用, 代码如下:, implantisomd5 /data/CentOS-6.4-x86_64-mini.iso, 基于Kisckstart的安装, 安装软件包, yum -y install createrepo mkisofs, 制作流程, 目录结构, 拷贝CentOS原始镜像内容,不做任何精简, 代码如下:, mkdir /mnt/centos, mount /dev/sr0 /mnt/centos, mkdir /tmp/iso, cp -r /mnt/centos/* /tmp/iso, 增加Kickstart配置文件, 文件路径和安装方式可自由定义, 代码如下:, cd /tmp/iso/isolinux, #修改引导,注意ks=部分, vi isolinux.cfg, label linux, menu label ^Install or upgrade an existing system, menu default, kernel vmlinuz, append initrd=initrd.img ks=cdrom:/isolinux/ks.cfg, #手动增加Kickstart配置文件, vi ks.cfg, #Kickstart file automatically generated by anaconda., #version=DEVEL, #Install OS instead of upgrade, #表示是安装,而不是升级, install, #Use text mode install, #文本方式安装, text, #Use network installation, #使用网络安装, #url --url=ftp://ip/centos, #Local installation Use CDROM installation media, #使用光盘安装, cdrom, #Installation Number configuration, #如果是RedHat的系统,会要求输入key,这里配置为跳过,如果不配置安装时会停在那里要求用户输入key, #key –skip, #System language, #语言环境, #lang en_US.UTF-8, lang zh_CN.UTF-8, #System keyboard, #键盘类型, keyboard us, #Network information, #网络配置, #network --device eth0 --bootproto dhcp --onboot yes, #Root password, #root密码, rootpw chinaums, #Firewall configuration, #禁用防火墙, firewall --disabled, #SELinux configuration, #禁用selinux, selinux --disabled, #Run the Setup Agent on first boot, #禁用第一次启动时设置系统的向导, firstboot --disable, #System authorization information, #用户认证配置,useshadow表示使用本地认证,--passalgo表示密码加密算法, authconfig --enableshadow --passalgo=sha512, #System timezone, #设置时区为上海, timezone --isUtc Asia/Shanghai, #System bootloader configuration, #指明bootloader的安装位置,指明驱动器的排序,指明操作系统安装完成之后,向内核传递的参数, bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet", #Clear the Master Boot Record, #清除MBR引导记录, zerombr yes, #Partition clearing information, #清除硬盘上的所有数据, clearpart --all --initlabel, #Disk partitioning information, #自定义分区, #创建一个200M大小的分区挂载/boot类型为ext4, part /boot --fstype=ext4 --size=200 --ondisk=sda, #创建一个20000M大小的SWAP分区, part swap --size=20000 --ondisk=sda, #创建/目录, part / --fstype=ext4 --grow --size=1 --ondisk=sda, #Reboot after installation, #设置完成之后重启, reboot --eject, #This packages is for CentOS 6.4, #为CentOS 6.4定制的软件包, %packages, @base, @core, @chinese-support, #增加安装后运行脚本, %post, #config service, #自定义服务, service NetworkManager stop, chkconfig NetworkManager off, #eject cdrom, #安装完成弹出光碟, #eject, #reboot, #执行完毕后重启, #reboot -f, #结束自动化部署, %end, 生成依赖关系和ISO文件, 注意路径和命令的准确性, 代码如下:, cd /tmp/iso, createrepo -g repodata/*comps.xml ., mkisofs -o /tmp/CentOS-6.4_64_auto.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -joliet-long -R -J -v -T /tmp/iso/,
