歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> Linux服務器

CentOS自動化安裝實戰

   定制自動化安裝盤

  # 安裝所需要的軟件包:

  代碼如下:

  yum -y install createrepo mkisofs isomd5sum

  # 生成精簡後的rpm列表

  代碼如下:

  awk '/安裝/{print $2}' install.log |sed 's/^[0-9]*://g' >/root/packages.list //我的是中文環境具體看log裡是什麼

  # 約束目錄結構

  代碼如下:

  mkdir -p /mnt/cdrom

  mkdir -p /data/OS

  mount /dev/cdrom /mnt/cdrom

  rsync –a --exclude=Packages /mnt/cdrom/* /data/OS

  mkdir /data/OS/Packages

  # 將精簡後的rpm文件 拷貝到新的系統目錄裡

  # 拷貝到新的系統目錄方法很多,這裡省事兒就用了替換命令 但是結果都一樣啊 呵呵

  復制代碼

  代碼如下:

  cp /mnt/cdrom/Packages/libgcc-4.4.7-3.el6.x86_64

  cp /mnt/cdrom/Packages/setup-2.8.14-20.el6.noarch

  cp /mnt/cdrom/Packages/filesystem-2.4.30-3.el6.x86_64

  cp /mnt/cdrom/Packages/xml-common-0.6.3-32.el6.noarch

  cp /mnt/cdrom/Packages/cjkuni-fonts-common-0.2.20080216.1-35.el6.noarch

  cp /mnt/cdrom/Packages/iso-codes-3.16-2.el6.noarch

  cp /mnt/cdrom/Packages/basesystem-10.0-4.el6.noarch

  cp /mnt/cdrom/Packages/dmz-cursor-themes-0.4-4.el6.noarch

  cp /mnt/cdrom/Packages/libX11-common-1.5.0-4.el6.noarch

  cp /mnt/cdrom/Packages/ca-certificates-2010.63-3.el6_1.5.noarch

  cp /mnt/cdrom/Packages/ncurses-base-5.7-3.20090208.el6.x86_64

  cp /mnt/cdrom/Packages/tzdata-2012j-1.el6.noarch

  cp /mnt/cdrom/Packages/glibc-common-2.12-1.107.el6.x86_64

  cp /mnt/cdrom/Packages/nss-softokn-freebl-3.12.9-11.el6.x86_64

  cp /mnt/cdrom/Packages/glibc-2.12-1.107.el6.x86_64

  cp /mnt/cdrom/Packages/ncurses-libs-5.7-3.20090208.el6.x86_64

  cp /mnt/cdrom/Packages/bash-4.1.2-14.el6.x86_64

  cp /mnt/cdrom/Packages/libattr-2.4.44-7.el6.x86_64

  cp /mnt/cdrom/Packages/libcap-2.16-5.5.el6.x86_64

  cp /mnt/cdrom/Packages/zlib-1.2.3-29.el6.x86_64

  cp /mnt/cdrom/Packages/dbus-libs-1.2.24-7.el6_3.x86_64

  cp /mnt/cdrom/Packages/info-4.13a-8.el6.x86_64

  cp /mnt/cdrom/Packages/libxml2-2.7.6-8.el6_3.4.x86_64

  :%s/^/cp \/mnt\/cdrom\/Packages\//g

  cp /mnt/cdrom/Packages/cjkuni-uming-fonts-0.2.20080216.1-35.el6.noarch.rpm

  cp /mnt/cdrom/Packages/cjkuni-ukai-fonts-0.2.20080216.1-35.el6.noarch.rpm

  cp /mnt/cdrom/Packages/man-pages-3.22-20.el6.noarch.rpm

  cp /mnt/cdrom/Packages/words-3.0-17.el6.noarch.rpm

  cp /mnt/cdrom/Packages/centos-indexhtml-6-1.el6.centos.noarch.rpm

  cp /mnt/cdrom/Packages/ql2400-firmware-5.08.00-1.el6.noarch.rpm

  cp /mnt/cdrom/Packages/iwl5000-firmware-8.83.5.1_1-1.el6_1.1.noarch.rpm

  cp /mnt/cdrom/Packages/ql2100-firmware-1.19.38-3.1.el6.noarch.rpm

  cp /mnt/cdrom/Packages/ivtv-firmware-20080701-20.2.noarch.rpm

  cp /mnt/cdrom/Packages/libertas-usb8388-firmware-5.110.22.p23-3.1.el6.noarch.rpm

  cp /mnt/cdrom/Packages/xorg-x11-drv-ati-firmware-6.99.99-1.el6.noarch.rpm

  cp /mnt/cdrom/Packages/ql2500-firmware-5.08.00-1.el6.noarch.rpm

  cp /mnt/cdrom/Packages/atmel-firmware-1.3-7.el6.noarch.rpm

  cp /mnt/cdrom/Packages/zd1211-firmware-1.4-4.el6.noarch.rpm

  cp /mnt/cdrom/Packages/iwl4965-firmware-228.61.2.24-2.1.el6.noarch.rpm

  cp /mnt/cdrom/Packages/rt61pci-firmware-1.2-7.el6.noarch.rpm

  cp /mnt/cdrom/Packages/iwl3945-firmware-15.32.2.9-4.el6.noarch.rpm

  cp /mnt/cdrom/Packages/ql2200-firmware-2.02.08-3.1.el6.noarch.rpm

  cp /mnt/cdrom/Packages/rt73usb-firmware-1.8-7.el6.noarch.rpm

  cp /mnt/cdrom/Packages/ipw2100-firmware-1.3-11.el6.noarch.rpm

  cp /mnt/cdrom/Packages/ql23xx-firmware-3.03.27-3.1.el6.noarch.rpm

  cp /mnt/cdrom/Packages/ipw2200-firmware-3.1-4.el6.noarch.rpm

  cp /mnt/cdrom/Packages/rootfiles-8.1-6.1.el6.noarch.rpm

  :%s/$/.rpm/g

  cp /mnt/cdrom/Packages/cjkuni-uming-fonts-0.2.20080216.1-35.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/cjkuni-ukai-fonts-0.2.20080216.1-35.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/man-pages-3.22-20.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/words-3.0-17.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/centos-indexhtml-6-1.el6.centos.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/ql2400-firmware-5.08.00-1.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/iwl5000-firmware-8.83.5.1_1-1.el6_1.1.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/ql2100-firmware-1.19.38-3.1.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/ivtv-firmware-20080701-20.2.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/libertas-usb8388-firmware-5.110.22.p23-3.1.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/xorg-x11-drv-ati-firmware-6.99.99-1.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/ql2500-firmware-5.08.00-1.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/atmel-firmware-1.3-7.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/zd1211-firmware-1.4-4.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/iwl4965-firmware-228.61.2.24-2.1.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/rt61pci-firmware-1.2-7.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/iwl3945-firmware-15.32.2.9-4.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/ql2200-firmware-2.02.08-3.1.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/rt73usb-firmware-1.8-7.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/ipw2100-firmware-1.3-11.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/ql23xx-firmware-3.03.27-3.1.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/ipw2200-firmware-3.1-4.el6.noarch.rpm /data/OS/Packages

  cp /mnt/cdrom/Packages/rootfiles-8.1-6.1.el6.noarch.rpm /data/OS/Packages

  :%s/$/ \/data\/OS\/Packages/g

  # 創建ks.cfg文件 默認安裝完系統就會安裝所有的定制軟件包了

  # 關鍵字

  代碼如下:

  %post --nochroot %post

  [root@test OS]# pwd

  /data/OS

  [root@test OS]# cat ks.cfg

  firewall --disabled

  install

  cdrom

  rootpw --iscrypted $1$stMs72eG$G3f0zhGBjp6/SioZ28CxQ0

  auth --useshadow --passalgo=md5

  text

  firstboot --disable

  keyboard us

  lang en_US.UTF-8

  selinux --disabled

  # Do not configure the X Window System

  skipx

  logging --level=info

  reboot --eject

  timezone Asia/Shanghai

  network --device em1 --bootproto=static --ip=192.168.7.123 --netmask=255.255.248.0 --gateway=192.1s

  bootloader --location=mbr --driveorder=sda

  # Clear the Master Boot Record

  zerombr yes

  # Partition clearing information

  clearpart --all --initlabel

  # Disk partitioning information

  part / --fstype="ext4" --size=10240

  part swap --size=4096

  part /data --fstype="ext4" --grow --size=1

  %packages

  @base

  @core

  @server-policy

  sgpio

  device-mapper-persistent-data

  ntp

  %post --nochroot

  mkdir -p /mnt/sysimage/tmp/custom_data >> /tmp/custom.log 2>&1

  cp /mnt/source/Packages/lnmp_pack.tar.gz /mnt/sysimage/tmp/custom_data >> /tmp/custom.log 2>&1

  cp /mnt/source/Packages/install_packages.sh /mnt/sysimage/tmp/custom_data >> /tmp/custom.log 2>&1

  cp /mnt/source/Packages/ncftp-3.2.5-src.tar.gz /mnt/sysimage/tmp/custom_data >>/tmp/custom.log 2>&1

  cp /mnt/source/Packages/rarlinux-3.8.0.tar.gz /mnt/sysimage/tmp/custom_data >>/tmp/custom.log 2>&1

  cp /mnt/source/Packages/nmon_linux_14i.tar.gz /mnt/sysimage/tmp/custom_data >>/tmp/custom.log 2>&1

  %post

  cd /tmp/custom_data >> /tmp/custom.log 2>&1

  chmod +x install_packages.sh

  sh install_packages.sh

  # remove custom_data

  rm -rf /tmp/custom_data

  #vim syntax on

  echo alias vi='vim' >> /etc/bashrc

  # disable ipv6

  echo "alias net-pf-10 off" >> /etc/modprobe.d/dist.conf

  echo -e "options\tipv6\tdisable=1" >> /etc/modprobe.d/dist.conf

  echo "NETWORKING_IPV6=no" >> /etc/sysconfig/network

  #append lib

  echo "/usr/local/lib/" >> /etc/ld.so.conf

  #modify lang

  echo 'export LANG=zh_CN.UTF8' >> /etc/profile

  #disable system auto mail

  echo "unset MAILCHECK" >> /etc/profile

  #modify history

  echo 'export HISTTIMEFORMAT="%F %T `whoami` "' >> /etc/profile

  sed -i "s/HISTSIZE=1000/HISTSIZE=999999999/" /etc/profile

  #modifu ssh port on 3389

  echo 'Port 3389' >> /etc/ssh/sshd_config

  echo 'UseDNS no' >> /etc/ssh/sshd_config

  for i in `ls /etc/rc3.d/S*`

  do

  CURSRV=`echo $i|cut -c 15-`

  chkconfig --level 3 $CURSRV off

  done

  for i in crond rsyslog iptables network ntpd sshd sysstat;do chkconfig --level 3 $i on;done

  sed -i '/HOSTNAME=/d' /etc/sysconfig/network

  echo 'HOSTNAME=test' >> /etc/sysconfig/network

  # sysctl

  echo "net.core.netdev_max_backlog = 32768" >> /etc/sysctl.conf

  echo "net.core.rmem_default = 8388608" >> /etc/sysctl.conf

  echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf

  echo "net.core.somaxconn = 32768" >> /etc/sysctl.conf

  echo "net.core.wmem_default = 8388608" >> /etc/sysctl.conf

  echo "net.core.wmem_max = 16777216" >> /etc/sysctl.conf

  echo "net.ipv4.ip_local_port_range = 5000 65000" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_max_syn_backlog = 65536" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_max_tw_buckets = 5000" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_syn_retries = 2" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_synack_retries = 2" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf

  echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf

  /sbin/sysctl -p

  # modify core ulimt

  echo -e "*\tsoft\tnofile\t65535" >> /etc/security/limits.conf

  echo -e "*\thard\tnofile\t65535" >> /etc/security/limits.conf

  echo -e "*\tsoft\tnofile\t65535" >> /etc/security/limits.d/90-nproc.conf

  echo -e "*\thard\tnofile\t65535" >> /etc/security/limits.d/90-nproc.conf

  # ntpd

  cat > /etc/sysconfig/clock < /etc/sysconfig/iptables <

  *filter

  #############################################

  # disabled (INPUT,FORWARD,OUTPUT)

  :INPUT DROP

  :FORWARD DROP

  :OUTPUT DROP

  # enabled lo

  -A INPUT -i lo -j ACCEPT

  -A OUTPUT -o lo -j ACCEPT

  -A FORWARD -o lo -j ACCEPT

  # enabled em2

  # Be careful of the network adapter name

  -A INPUT -i em2 -j ACCEPT

  -A OUTPUT -o em2 -j ACCEPT

  -A FORWARD -o em2 -j ACCEPT

  # enabled ping

  -A INPUT -p icmp -j ACCEPT

  -A OUTPUT -p icmp -j ACCEPT

  # enabled ntp

  -A INPUT -p udp -m udp --dport 123 -j ACCEPT

  -A OUTPUT -p udp -m udp --sport 123 -j ACCEPT

  # dns

  -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT

  -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT

  -A INPUT -p udp -m udp --sport 53 -j ACCEPT

  -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT

  #############################################

  #############################################

  # team ssh

  # all

  -A INPUT -p tcp -m tcp --dport 3389 -j ACCEPT

  -A OUTPUT -p tcp -m tcp --sport 3389 -j ACCEPT

  # suzhouqiao

  -A INPUT -s 118.145.x.xx -p tcp -m tcp --dport 3389 -j ACCEPT

  -A OUTPUT -d 118.145.x.xx -p tcp -m tcp --sport 3389 -j ACCEPT

  -A INPUT -s 115.182.x.xx -p tcp -m tcp --dport 3389 -j ACCEPT

  -A OUTPUT -d 115.182.x.xxx -p tcp -m tcp --sport 3389 -j ACCEPT

  # corporate

  -A INPUT -s 119.253.59.x -p tcp -m tcp --dport 3389 -j ACCEPT

  -A OUTPUT -d 119.253.xx.1x0 -p tcp -m tcp --sport 3389 -j ACCEPT

  -A INPUT -s 203.187.xx1.x -p tcp -m tcp --dport 3389 -j ACCEPT

  -A OUTPUT -d 203.x7.x1.x -p tcp -m tcp --sport 3389 -j ACCEPT

  -A INPUT -s 211.103.xxs.x0 -p tcp -m tcp --dport 3389 -j ACCEPT

  -A OUTPUT -d 211.103.xx.xxx -p tcp -m tcp --sport 3389 -j ACCEPT

  -A INPUT -s 119.253.x9.xx -p tcp -m tcp --dport 3389 -j ACCEPT

  -A OUTPUT -d 119.253.xx.xx -p tcp -m tcp --sport 3389 -j ACCEPT

  -A INPUT -s 119.253.xx.xx2 -p tcp -m tcp --dport 3389 -j ACCEPT

  -A OUTPUT -d 119.253.x.xx -p tcp -m tcp --sport 3389 -j ACCEPT

  -A INPUT -s 203.187.xx.1xx -p tcp -m tcp --dport 3389 -j ACCEPT

  -A OUTPUT -d 203.187.1xx.xx -p tcp -m tcp --sport 3389 -j ACCEPT

  #############################################

  #############################################

  # jiankongbao

  -A INPUT -s 60.xx.249.xx -p udp -m udp --dport 161 -j ACCEPT

  -A OUTPUT -d 60.xx.xx.x3 -p udp -m udp --sport 161 -j ACCEPT

  -A INPUT -s 60.195.252.xx -p udp -m udp --dport 161 -j ACCEPT

  -A OUTPUT -d 60.195.xx.107 -p udp -m udp --sport 161 -j ACCEPT

  -A INPUT -s 60.195.x.xx -p udp -m udp --dport 161 -j ACCEPT

  -A OUTPUT -d 60.195.x.1xx -p udp -m udp --sport 161 -j ACCEPT

  -A INPUT -s 125.76.sxx -p udp -m udp --dport 161 -j ACCEPT

  -A OUTPUT -d 125.76.xx.xx -p udp -m udp --sport 161 -j ACCEPT

  #############################################

  #############################################

  # project port

  #############################################

  COMMIT

  EOF

  %end

  # 讓系統從kickstart配置啟動安裝

  代碼如下:

  [root@test isolinux]# pwd

  /data/OS/isolinux

  [root@test isolinux]# cat isolinux.cfg

  default linux ks=cdrom:/ks.cfg

  prompt 1

  timeout 100

  display boot.msg

  F1 boot.msg

  F2 options.msg

  F3 general.msg

  F4 param.msg

  F5 rescue.msg

  label linux

  kernel vmlinuz

  append initrd=initrd.img

  label text

  kernel vmlinuz

  append initrd=initrd.img text

  label ks

  kernel vmlinuz

  append ks initrd=initrd.img

  label local

  localboot 1

  label memtest86

  kernel memtest

  append -

  # 生成rpm包的依賴關系

  代碼如下:

  [root@test ~]# cd /data/OS/

  [root@test OS]# createrepo -g repodata/*-comps.xml /data/OS/

  # 生成iso鏡像

  代碼如下:

  mkisofs -R -J -T -r -l -d -joliet-long -allow-multidot \

  -allow-leading-dots -no-bak -o /data/CentOS-6.4-x86_64-mini.iso \

  -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot \

  -boot-load-size 4 -boot-info-table /data/OS

  # 生成MD5校驗碼 //本人沒有執行這條命令原因是如果需要修改iso裡的內容會導致光盤無法使用

  代碼如下:

  implantisomd5 /data/CentOS-6.4-x86_64-mini.iso

  基於Kisckstart的安裝

  安裝軟件包

  yum -y install createrepo mkisofs

  制作流程

  目錄結構

  拷貝CentOS原始鏡像內容,不做任何精簡

  代碼如下:

  mkdir /mnt/centos

  mount /dev/sr0 /mnt/centos

  mkdir /tmp/iso

  cp -r /mnt/centos/* /tmp/iso

  增加Kickstart配置文件

  文件路徑和安裝方式可自由定義

  代碼如下:

  cd /tmp/iso/isolinux

  #修改引導,注意ks=部分

  vi isolinux.cfg

  label linux

  menu label ^Install or upgrade an existing system

  menu default

  kernel vmlinuz

  append initrd=initrd.img ks=cdrom:/isolinux/ks.cfg

  #手動增加Kickstart配置文件

  vi ks.cfg

  #Kickstart file automatically generated by anaconda.

  #version=DEVEL

  #Install OS instead of upgrade

  #表示是安裝,而不是升級

  install

  #Use text mode install

  #文本方式安裝

  text

  #Use network installation

  #使用網絡安裝

  #url --url=ftp://ip/centos

  #Local installation Use CDROM installation media

  #使用光盤安裝

  cdrom

  #Installation Number configuration

  #如果是RedHat的系統,會要求輸入key,這裡配置為跳過,如果不配置安裝時會停在那裡要求用戶輸入key

  #key –skip

  #System language

  #語言環境

  #lang en_US.UTF-8

  lang zh_CN.UTF-8

  #System keyboard

  #鍵盤類型

  keyboard us

  #Network information

  #網絡配置

  #network --device eth0 --bootproto dhcp --onboot yes

  #Root password

  #root密碼

  rootpw chinaums

  #Firewall configuration

  #禁用防火牆

  firewall --disabled

  #SELinux configuration

  #禁用selinux

  selinux --disabled

  #Run the Setup Agent on first boot

  #禁用第一次啟動時設置系統的向導

  firstboot --disable

  #System authorization information

  #用戶認證配置,useshadow表示使用本地認證,--passalgo表示密碼加密算法

  authconfig --enableshadow --passalgo=sha512

  #System timezone

  #設置時區為上海

  timezone --isUtc Asia/Shanghai

  #System bootloader configuration

  #指明bootloader的安裝位置,指明驅動器的排序,指明操作系統安裝完成之後,向內核傳遞的參數

  bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"

  #Clear the Master Boot Record

  #清除MBR引導記錄

  zerombr yes

  #Partition clearing information

  #清除硬盤上的所有數據

  clearpart --all --initlabel

  #Disk partitioning information

  #自定義分區

  #創建一個200M大小的分區掛載/boot類型為ext4

  part /boot --fstype=ext4 --size=200 --ondisk=sda

  #創建一個20000M大小的SWAP分區

  part swap --size=20000 --ondisk=sda

  #創建/目錄

  part / --fstype=ext4 --grow --size=1 --ondisk=sda

  #Reboot after installation

  #設置完成之後重啟

  reboot --eject

  #This packages is for CentOS 6.4

  #為CentOS 6.4定制的軟件包

  %packages

  @base

  @core

  @chinese-support

  #增加安裝後運行腳本

  %post

  #config service

  #自定義服務

  service NetworkManager stop

  chkconfig NetworkManager off

  #eject cdrom

  #安裝完成彈出光碟

  #eject

  #reboot

  #執行完畢後重啟

  #reboot -f

  #結束自動化部署

  %end

  生成依賴關系和ISO文件

  注意路徑和命令的准確性

  代碼如下:

  cd /tmp/iso

  createrepo -g repodata/*comps.xml .

  mkisofs -o /tmp/CentOS-6.4_64_auto.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -joliet-long -R -J -v -T /tmp/iso/

Copyright © Linux教程網 All Rights Reserved