软件配置
Cobbler 中 kickstart文件配置简要说明,需要注意的是,这个文件中不允许出现英文、数字、特殊字符以外的字符,比如中文。文内所有中文均为注释。
# Cobbler kickstart文件
# This kickstart file should only be used with EL > 5 and/or Fedora > 7.
# For older versions please use the sample.ks kickstart file.
#platform=x86, AMD64, or Intel EM64T
# System authorization information
# 用户密码加密方式
auth --useshadow --enablemd5
# System bootloader configuration
# 磁盘引导方式
bootloader --location=mbr --append=" crashkernel=auto " --boot-drive=sda
# Partition clearing information
# 清理分区表
clearpart --all --initlabel
# 系统安装模式,这里使用text 模式
# Use text mode install
text
# Firewall configuration
# 关闭防火墙
firewall --disabled
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# Use network installation
# 镜像来源路径
url --url=$tree
# 加载YUM源
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# 配置网络
# Network information
$SNIPPET('network_config')
# Reboot after installation
# 安装完成,自动重启系统
reboot
# root 用户密码
#Root password
rootpw --iscrypted $default_password_crypted
# SELinux configuration
# 关闭Selinux
selinux --disabled
# Do not configure the X Window System
# 跳过 X Windwos 安装
skipx
# 设置时区
# System timezone
timezone Asia/Shanghai
# 全新安装系统
# Install OS instead of upgrade
install
# Clear the Master Boot Record
zerombr
# Allow anaconda to partition the system as needed
# 采用系统默认,自动分区
# autopart
# 使用固定分区方式,分区大小固定,此硬盘要大于或等于200G
# The first disk part and boot
part /boot --fstype="xfs" --ondisk=sda --size=500
part pv.1836 --fstype="lvmpv" --ondisk=sda --size=204239
volgroup centos --pesize=4096 pv.1836
logvol swap --fstype="swap" --size=8096 --name=swap --vgname=centos
logvol / --fstype="xfs" --size=51200 --name=root --vgname=centos
logvol /home --fstype="xfs" --size=25600 --name=home --vgname=centos
logvol /data --fstype="xfs" --maxsize=120000 --size=1024 --grow --name=data --vgname=centos
# 系统安装前操作
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
# 安装过程中要安装的软件包(@)和软件
%packages
@base
@debugging
@development
tree
lrzsz
telnet
glances
vim
git
wget
ntpdate
ntp
$SNIPPET('func_install_if_enabled')
%end
%post --nochroot
$SNIPPET('log_ks_post_nochroot')
%end
# 安装完成后,重启前执行的操作
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('func_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
$SNIPPET('redhat_register')
$SNIPPET('cobbler_register')
# Enable post-install boot notification
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
# systemc config start
# 以下是自定义的内容
# close services
# 关闭不必要服务
systemctl disable postfix
# 更新YUM源
# change yum src
rm -rf /etc/yum.repos.d/Cent*
yum clean all
yum makecache
# sort out local files
mkdir -p /root/soft
mv /root/* /root/soft/
# 安装 第三方源中的软件
# install the third soft
yum install jdk filebeat heartbeat metricbeat -y
ln -s /usr/java/default /opt/jdk
# 添加用户并添加到sudoers
# add and account new user
useradd username
echo "usernamepass"|passwd --stdin username
\cp /etc/sudoers /etc/sudoers.bak
echo "username ALL=(ALL) NOPASSWD:/usr/bin/" >> /etc/sudoers
visudo -c
# add log floder
[ -d /data/logs ] && echo "the floder is exist" || mkdir -p /data/logs
# 设置最大文件打开数
# system configure
# change the maxinum file
echo '* - nofile 65535 ' >>/etc/security/limits.conf
# 修改系统超时时间,history显示格式
# change timeout and history stytle
echo 'export TMOUT=300' >>/etc/profile
echo 'export HISTFILESIZE=1000' >>/etc/profile
echo 'export HISTSIZE=1000' >>/etc/profile
echo 'export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "' >>/etc/profile
source /etc/profile
# 优化内核
## kernel configure
cat >>/etc/sysctl.conf<<EOF
#kernel_flag
#close ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#
net.ipv4.icmp_echo_ignore_broadcasts = 1
# icmp
net.ipv4.icmp_ignore_bogus_error_responses = 1
# route redirects
#net.ipv4.ip_forward = 0
#net.ipv4.conf.all.send_redirects = 0
#net.ipv4.conf.default.send_redirects = 0
#
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
#
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#sysrq
kernel.sysrq = 0
#
kernel.core_uses_pid = 1
#
net.ipv4.tcp_syncookies = 1
#
kernel.msgmnb = 65536
kernel.msgmax = 65536
#
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
#
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
#
net.core.netdev_max_backlog = 262144
#
net.ipv4.tcp_max_orphans = 3276800
#
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
#
net.ipv4.tcp_synack_retries = 1
#
net.ipv4.tcp_syn_retries = 1
#
net.ipv4.tcp_tw_recycle = 1
#
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
#
net.ipv4.tcp_keepalive_time = 30
#
net.ipv4.ip_local_port_range = 1024 65000
#
#net.netfilter.nf_conntrack_max=655350
#net.netfilter.nf_conntrack_tcp_timeout_established=1200
#
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv4.conf.default.accept_redirects = 0
#net.ipv4.conf.all.secure_redirects = 0
#net.ipv4.conf.default.secure_redirects = 0
EOF
# 使内核优化生效
/sbin/sysctl -p
# 添加免密登录的SSH-key
# add key
[ -d /home/username/.ssh ] && echo "floder is exist" || mkdir -m 700 -p /home/username/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDY4idUecKojs7k9bo92wqfxM/llorR4fMrpSOnMvKVYVNwoAT6FR8iGWiro5hZDGJ5zJ8hX7qg4q/Bpyjs7r/cfvZTprLHYj2q5Kcm0qtlUQ+IeHmOfOTHG1DRtz/B+8KfIjm9kFUJKz56jj7tsBthkTX63dTJNi8+huDQhfhikteNiw7P9ZrxCCRrifmikVIbWC92BYOmYLFI5N9nSuQyKDqtt5O9IR52nuPXjEGwM+KYi8+d2UEcQ1LfGseHIhGj7jpVkvDPSqJ9M5wZSM5OFFu22VMcZ+jZLIYxq7cPlgOr+CWuTyAbKv42lOGToEi+6fgwsdAcU98TEV@tech.com" >> /home/bigsfintech/.ssh/authorized_keys
[ -d /root/.ssh ] && echo "floder is exist" || mkdir -m 700 -p /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCydYymfDDPOZEoG3+o39B20gWjijQbLeeq2ySCbzzEyxXSm4Nyoce6XzQwIneuxdrzqzsN3Y+nw/FCZAiHPSrkkrH8j8Yhr1/TH9EVEJZwNdgmFjEu/BY5iluoMfHiq7qXme6GAf2ADTJBa1QCqICSx8gffKJao54n1tSn0fGqJE3tqbSY4btCln5Nou/yqO0Bc1sxOOFfuyf5lbkM11r8rIsXXZMuynuA6NR4/7oe/JoU/eOXZYab4M+YEZR05kTOPpb2hC7ejE6aZqaD3heBcfB2YDIkR5wIivsMsWG7Gzntjzlgon5BA3RcBEIn@tech.com" >> /root/.ssh/authorized_keys
chown -R username:username /home/username
chmod 600 /home/username/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
# 设置 SSH 超时时间
# set ssh timeout
sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 600/g' /etc/ssh/sshd_config
sed -i 's/#ClientAliveCountMax 3/ClientAliveCountMax 2/g' /etc/ssh/sshd_config
systemctl restart sshd
# 下载相关文件,这是我自定义的修改IP和计算机名的 Shell 脚本
# add change IP config
curl -o /root/n "http://172.17.0.53/cobbler/misc/ipset"
chmod +x /root/n
curl -o /root/install.sh "http://172.17.0.53/cobbler/misc/sethostname"
chmod +x /root/install.sh
# 同步时间
# time sync
ntpdate 172.17.0.46
hwclock -w
systemctl start ntpdate
systemctl start ntpd
systemctl enable ntpdate ntpd
yum update -y
# config end
%end
这是cobbler系统根据上面的文件自动生成的最后结果。
# This kickstart file should only be used with EL > 5 and/or Fedora > 7.
# For older versions please use the sample.ks kickstart file.
#platform=x86, AMD64, or Intel EM64T
# System authorization information
auth --useshadow --enablemd5
# System bootloader configuration
bootloader --location=mbr --append=" crashkernel=auto " --boot-drive=sda
# Partition clearing information
clearpart --all --initlabel
# Use text mode install
text
# Firewall configuration
firewall --disabled
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# Use network installation
url --url=http://172.17.0.53/cblr/links/CentOS7.2-x86_64
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
# 添加YUM源
repo --name=influxdata --baseurl=http://172.17.0.53/cobbler/repo_mirror/influxdata
repo --name=grafana --baseurl=http://172.17.0.53/cobbler/repo_mirror/grafana
repo --name=zabbix --baseurl=http://172.17.0.53/cobbler/repo_mirror/zabbix
repo --name=other-soft --baseurl=http://172.17.0.53/cobbler/repo_mirror/other-soft
repo --name=mysql57 --baseurl=http://172.17.0.53/cobbler/repo_mirror/mysql57
repo --name=kubernetes --baseurl=http://172.17.0.53/cobbler/repo_mirror/kubernetes
repo --name=elk-7 --baseurl=http://172.17.0.53/cobbler/repo_mirror/elk-7
repo --name=centos7-updates --baseurl=http://172.17.0.53/cobbler/repo_mirror/centos7-updates
repo --name=centos7-extras --baseurl=http://172.17.0.53/cobbler/repo_mirror/centos7-extras
repo --name=centos7-epel --baseurl=http://172.17.0.53/cobbler/repo_mirror/centos7-epel
repo --name=centos7-base --baseurl=http://172.17.0.53/cobbler/repo_mirror/centos7-base
repo --name=source-1 --baseurl=http://172.17.0.53/cobbler/ks_mirror/CentOS7.2-x86_64
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on
# Reboot after installation
reboot
#Root password
rootpw --iscrypted $1$aHHo3XzR$f5rHF4HfhLXKW6PAWFcYj.
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# System timezone
timezone Asia/Shanghai
# Install OS instead of upgrade
install
# Clear the Master Boot Record
zerombr
# Allow anaconda to partition the system as needed
# autopart
# The first disk part and boot
part /boot --fstype="xfs" --ondisk=sda --size=500
part pv.1836 --fstype="lvmpv" --ondisk=sda --size=204239
volgroup centos --pesize=4096 pv.1836
logvol swap --fstype="swap" --size=8096 --name=swap --vgname=centos
logvol / --fstype="xfs" --size=51200 --name=root --vgname=centos
logvol /home --fstype="xfs" --size=25600 --name=home --vgname=centos
logvol /data --fstype="xfs" --maxsize=120000 --size=1024 --grow --name=data --vgname=centos
%pre
set -x -v
exec 1>/tmp/ks-pre.log 2>&1
# Once root's homedir is there, copy over the log.
while : ; do
sleep 10
if [ -d /mnt/sysimage/root ]; then
cp /tmp/ks-pre.log /mnt/sysimage/root/
logger "Copied %pre section log to system"
break
fi
done &
curl "http://172.17.0.53/cblr/svc/op/trig/mode/pre/profile/CentOS7.2-x86_64" -o /dev/null
# Enable installation monitoring
%end
%packages
@base
@debugging
@development
tree
lrzsz
telnet
glances
vim
git
wget
ntpdate
ntp
%end
%post --nochroot
set -x -v
exec 1>/mnt/sysimage/root/ks-post-nochroot.log 2>&1
%end
%post
set -x -v
exec 1>/root/ks-post.log 2>&1
# Start yum configuration
curl "http://172.17.0.53/cblr/svc/op/yum/profile/CentOS7.2-x86_64" --output /etc/yum.repos.d/cobbler-config.repo
# End yum configuration
# Start post_install_network_config generated code
# End post_install_network_config generated code
# Start download cobbler managed config files (if applicable)
# End download cobbler managed config files (if applicable)
# Start koan environment setup
echo "export COBBLER_SERVER=172.17.0.53" > /etc/profile.d/cobbler.sh
echo "setenv COBBLER_SERVER 172.17.0.53" > /etc/profile.d/cobbler.csh
# End koan environment setup
# begin Red Hat management server registration
# not configured to register to any Red Hat management server (ok)
# end Red Hat management server registration
# Begin cobbler registration
# cobbler registration is disabled in /etc/cobbler/settings
# End cobbler registration
# Enable post-install boot notification
# Start final steps
curl "http://172.17.0.53/cblr/svc/op/ks/profile/CentOS7.2-x86_64" -o /root/cobbler.ks
curl "http://172.17.0.53/cblr/svc/op/trig/mode/post/profile/CentOS7.2-x86_64" -o /dev/null
# End final steps
# systemc config start
# close services
systemctl disable postfix
# change yum src
rm -rf /etc/yum.repos.d/Cent*
yum clean all
yum makecache
# sort out local files
mkdir -p /root/soft
mv /root/* /root/soft/
# install the third soft
yum install jdk filebeat heartbeat metricbeat -y
ln -s /usr/java/default /opt/jdk
# add and account new user
useradd bigsfintech
echo "Bigsfintech2019"|passwd --stdin bigsfintech
\cp /etc/sudoers /etc/sudoers.bak
echo "bigsfintech ALL=(ALL) NOPASSWD:/usr/bin/" >> /etc/sudoers
visudo -c
# add log floder
[ -d /data/logs ] && echo "the floder is exist" || mkdir -p /data/logs
# system configure
# change the maxinum file
echo '* - nofile 65535 ' >>/etc/security/limits.conf
# change timeout and history stytle
echo 'export TMOUT=300' >>/etc/profile
echo 'export HISTFILESIZE=1000' >>/etc/profile
echo 'export HISTSIZE=1000' >>/etc/profile
echo 'export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "' >>/etc/profile
source /etc/profile
cat >>/etc/sysctl.conf<<EOF
#kernel_flag
#close ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
# icmp
net.ipv4.icmp_ignore_bogus_error_responses = 1
# route redirects
#net.ipv4.ip_forward = 0
#net.ipv4.conf.all.send_redirects = 0
#net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#sysrq
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
#net.netfilter.nf_conntrack_max=655350
#net.netfilter.nf_conntrack_tcp_timeout_established=1200
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv4.conf.default.accept_redirects = 0
#net.ipv4.conf.all.secure_redirects = 0
#net.ipv4.conf.default.secure_redirects = 0
EOF
/sbin/sysctl -p
# add key
[ -d /home/bigsfintech/.ssh ] && echo "floder is exist" || mkdir -m 700 -p /home/bigsfintech/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDY4idUecKojs7k9bo92wqfxM/llorR4fMrpSOnMvKVYVNwoAT6FR8iGWiro5hZDGJ5zJ8hX7qg4q/Bpyjs7r/cfvZTprLHYj2q5Kcm0qtlUQ+IeHmOfOTHG1DRtz/B+8KfIjm9kFUJKz56jj7tsBthkTX63dTJNi8+huDQhfhikteNiw7P9ZrxCCRrifmikVIbWC92BYOmYLFI5N9nSuQyKDqtt5O9IR52nuPXjEGwM+KYi8+d2UEcQ1LfGseHIhGj7jpVkvDPSqJ9M5wZSM5OFFu22VMcZ+jZLIYxq7cPlgOr+CWuTyAbKv42lOGToEi+6fgwsdAcU98TEVi9CDZN rtwx@rtwxtech.com" >> /home/bigsfintech/.ssh/authorized_keys
[ -d /root/.ssh ] && echo "floder is exist" || mkdir -m 700 -p /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCydYymfDDPOZEoG3+o39B20gWjijQbLeeq2ySCbzzEyxXSm4Nyoce6XzQwIneuxdrzqzsN3Y+nw/FCZAiHPSrkkrH8j8Yhr1/TH9EVEJZwNdgmFjEu/BY5iluoMfHiq7qXme6GAf2ADTJBa1QCqICSx8gffKJao54n1tSn0fGqJE3tqbSY4btCln5Nou/yqO0Bc1sxOOFfuyf5lbkM11r8rIsXXZMuynuA6NR4/7oe/JoU/eOXZYab4M+YEZR05kTOPpb2hC7ejE6aZqaD3heBcfB2YDIkR5wIivsMsWG7Gzntjzlgon5BA3RcBEInzv57WnfmJOsF/zsdz6pjdED root@rtwxtech.com" >> /root/.ssh/authorized_keys
chown -R bigsfintech:bigsfintech /home/bigsfintech
chmod 600 /home/bigsfintech/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
# set ssh timeout
sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 600/g' /etc/ssh/sshd_config
sed -i 's/#ClientAliveCountMax 3/ClientAliveCountMax 2/g' /etc/ssh/sshd_config
systemctl restart sshd
# add change IP config
curl -o /root/n "http://172.17.0.53/cobbler/misc/ipset"
chmod +x /root/n
curl -o /root/install.sh "http://172.17.0.53/cobbler/misc/sethostname"
chmod +x /root/install.sh
# time sync
ntpdate 172.17.0.46
hwclock -w
systemctl start ntpdate
systemctl start ntpd
systemctl enable ntpdate ntpd
# config end
%end
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 long@longger.xin
