上一篇博文:http://www.cnblogs.com/hjc4025/p/6918323.html
这篇文章是对之前博文的一点扩展和补充:
这里主要是在之前的基础上添加了一些自己制作好的程序,还有安装openssh7.5版本,直接全部包含在镜像中,并且设置一些自启动程序、DNS、还有计划任务之类的,都是利用ks.cfg文件的post字段后面定义的脚本实现的,在post的阶段中使用--nochroot 表示可以使用任何目录,而本阶段中的 / (根目录)是会自动挂在到/mnt/sysimage下,下面请看我的ks.cfg文件:
#platform=x86, AMD64, or Intel EM64T # Firewall configuration firewall --disabled # Install OS instead of upgrade install # Use CDROM installation media cdrom # Root password default is "redhat" rootpw --iscrypted $1$n5Jfcfwa$//2gZpFMJypdiXEF8ld6O. # System authorization information auth --useshadow --passalgo=md5 # Use text mode install text firstboot --disable # System keyboard keyboard us # System language lang en_US # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # Installation logging level logging --level=info # Reboot after installation reboot # System timezone timezone Asia/Shanghai # Network information network --bootproto=dhcp --device=eth0 --onboot=on –noipv6 # System bootloader configuration bootloader --location=mbr # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel # Disk partitioning information ignoredisk --only-use=sda part /boot --fstype="ext4" --size=1032 part swap --size=8300 part / --fstype="ext4" --grow --size=1 %packages @additional-devel @base @compat-libraries @core @debugging @basic-desktop @desktop-debugging @desktop-platform @desktop-platform-devel @development @directory-client @eclipse @emacs @fonts @general-desktop @graphical-admin-tools @graphics @input-methods @internet-browser @java-platform @legacy-x @network-file-system-client @php @performance @perl-runtime @print-client @remote-desktop-clients @system-management-snmp @server-platform @server-platform-devel @server-policy @system-admin-tools @tex @technical-writing @virtualization @virtualization-client @virtualization-platform @virtualization-tools @web-server @web-servlet @workstation-policy @x11 libgcrypt-devel libXinerama-devel openmotif-devel libXmu-devel xorg-x11-proto-devel startup-notification-devel libgnomeui-devel libbonobo-devel junit libXau-devel libXrandr-devel popt-devel gnome-python2-desktop libdrm-devel libxslt-devel libglade2-devel gnutls-devel mtools gdisk pax python-dmidecode oddjob wodim sgpio genisoimage device-mapper-persistent-data systemtap-client abrt-gui desktop-file-utils ant expect rpmdevtools python-six jpackage-utils rpmlint samba-winbind certmonger pam_krb5 krb5-workstation netpbm-progs dcraw openmotif libXmu libXp php-odbc php-pecl-memcache php-xmlrpc php-pecl-apc php-ldap php-soap php-mysql php-pgsql perl-DBD-SQLite net-snmp-python net-snmp-perl symlinks rrdtool pexpect dtach mc xdelta screen tree mgetty hardlink lshw expect conman crypto-utils scrub rdist vlock rear lsscsi libvirt-java perl-Sys-Virt libguestfs-java virt-v2v libguestfs-tools mod_authnz_pam mod_auth_mysql mod_auth_mellon mod_auth_kerb squid mod_nss mod_auth_pgsql certmonger mod_authz_ldap mod_intercept_form_submit perl-CGI-Session perl-CGI python-memcached mod_revocator perl-Cache-Memcached memcached mod_lookup_identity libmemcached %post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log mkdir -p /mnt/source mount -o loop /dev/cdrom /mnt/source cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/ #cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/ cp /mnt/source/software/openssh-7.5p1.tar.gz /mnt/sysimage/usr/local cp /mnt/source/software/openssl-1.0.1t.tar.gz /mnt/sysimage/usr/local cp /mnt/source/software/cn_node_yum.repo /mnt/sysimage/etc/yum.repos.d/cn_node_yum.repo_bak cp /mnt/source/software/sdns_internel_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/sdns_internel_custom_yum.repo_bak cp /mnt/source/software/test_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/test_custom_yum.repo_bak cp /mnt/source/software/service_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/ umount -f /mnt/source %post --log=/root/postinstall_stage2.log #agent cd /usr tar zxvf netgainagent_v3.tar.gz echo "==>Uncompress netgainagent ok! " >> /root/postinstall_stage2.log #openssl and openssh cd /usr/local/ tar -xvf /usr/local/openssh-7.5p1.tar.gz tar -xvf /usr/local/openssl-1.0.1t.tar.gz rm -rf /usr/local/openssh-7.5p1.tar.gz rm -rf /usr/local/openssl-1.0.1t.tar.gz mv /usr/local/openssh-7.5p1/ /usr/local/openssh/ rm -rf /etc/init.d/sshd rm -rf /etc/ssh/ rm -rf /etc/ssl/ rm -rf /usr/bin/openssl rm -rf /usr/include/openssl rm -rf /usr/lib/openssl cd /usr/local/openssl-1.0.1t/ ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib64 shared zlib-dynamic make depend make make MANDIR=/usr/share/man MANSUFFIX=ssl install ldconfig -v sed -i 's/OpenSSH_7.5/OpenSSH/' /usr/local/openssh/version.h cd /usr/local/openssh/ ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man make make install cp /usr/local/openssh/contrib/redhat/sshd.init /etc/init.d/sshd echo "PermitRootLogin yes" >> /etc/ssh/sshd_config sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init.d/sshd chkconfig sshd on echo "==>Update openssl ok! " >> /root/postinstall_stage2.log #yum.repo.d mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak mv /etc/yum.repos.d/CentOS-Debuginfo.repo /etc/yum.repos.d/CentOS-Debuginfo.repo_bak mv /etc/yum.repos.d/CentOS-fasttrack.repo /etc/yum.repos.d/CentOS-fasttrack.repo_bak mv /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo_bak mv /etc/yum.repos.d/CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault.repo_bak #chkconfig chkconfig iptables off chkconfig cgconfig off chkconfig cgdcbxd off chkconfig abrtd off chkconfig ip6tables off chkconfig xinetd off chkconfig virt-who off chkconfig pppoe-server off chkconfig postfix off chkconfig lvm2-monitor off chkconfig libvirtd off chkconfig libvirt-guests off chkconfig isdn off chkconfig iscsid off chkconfig iscsi off chkconfig fcoe-target off chkconfig fcoe off chkconfig certmonger off chkconfig bluetooth off chkconfig NetworkManager off #set /etc/resolv.conf cat > /etc/resolv.conf << EOF nameserver 218.241.99.50 nameserver 218.241.118.144 EOF echo "==>Set OS DNS ok! " >> /root/postinstall_stage2.log #ntp cat >> /var/spool/cron/root << EOF */3 * * * * /usr/sbin/ntpdate ntp.cnnic.cn && /sbin/hwclock -w # */3 * * * * /usr/sbin/ntpdate 10.10.1.12 && /sbin/hwclock -w # */3 * * * * /usr/sbin/ntpdate 10.20.2.53 && /sbin/hwclock -w EOF echo "==>Set OS NTP ok! " >> /root/postinstall_stage2.log #ifcfg-eth NetworkManager sed -i 's@NM_CONTROLLED="yes"@NM_CONTROLLED="no"@' /etc/sysconfig/network-scripts/ifcfg-eth* sed -i 's@NM_CONTROLLED=yes@NM_CONTROLLED=no@' /etc/sysconfig/network-scripts/ifcfg-eth* echo "==>Set OS NetworkManager ok! " >> /root/postinstall_stage2.log #delete tar.gz file rm -rf /usr/netgainagent_v3.tar.gz
这个里面包括使用了最新的openssh 7.5 还有 openssl1.01t 版本,里面也有一些走过的坑。。不过最终还是做出来了
以下是大神的原版:
[root@galene conf]# more ks_ctos6.5_64.cfg #Kickstart file automatically for CENTOS 6.3_x86_64 #####NEED TO MODIFY THESE CONFIGURATION##### #Choose OS ISO nfs --server=192.168.30.10 --dir=/centos6.5_64 #Network configuration network --bootproto=dhcp --device=eth0 --onboot=on #install "HP server" use this line /dev/cciss/c0d0 bootloader --location=mbr --driveorder=cciss/c0d0 --append="rhgb quiet" #install "normal server" use this line /dev/sda #bootloader --location=mbr --driveorder=sda --append="rhgb quiet" ######################################################################### install lang en_US.UTF-8 key --skip keyboard us text xconfig --startxonboot timezone Asia/Shanghai rootpw --iscrypted $1$z2qCmGJm$qseyjZU7ahSaUk/hebBcZ0 zerombr yes authconfig --enableshadow --enablemd5 selinux --disabled reboot clearpart --all part /boot --fstype="ext4" --size=100 --asprimary part swap --size=32000 part / --fstype="ext4" --grow --size=1 #part /home --fstype="ext4" --grow --size=1 network --bootproto=dhcp --device=eth0 --onboot=yes #Firewall configuration firewall --enabled --port=22:tcp --port=1801:tcp --port=1850:tcp #Package install information %packages @base @client-mgmt-tools @console-internet @core @debugging @development @directory-client @hardware-monitoring @java-platform @large-systems @network-file-system-client @performance @perl-runtime @system-management-snmp @server-platform @server-policy pax oddjob sgpio jpackage-utils certmonger pam_krb5 krb5-workstation perl-DBD-SQLite %post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log mkdir -p /mnt/source mount -t nfs 192.168.30.10:/osinstall /mnt/source -o nolock,udp cp /mnt/source/software/openssh_5.0.tar.gz /mnt/sysimage/usr/ cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/ cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/ #cp /mnt/source/software/quagga-0.99.20.tar.gz /mnt/sysimage/usr umount -f /mnt/source rmdir /mnt/source %post --log=/root/postinstall_stage2.log cd /usr tar zxvf openssh_5.0.tar.gz cd /usr/zlib-1.2.3 ./configure;make;make install mv /etc/ssh /etc/ssh.bak cd /usr/openssh-5.0p1 ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/ usr/share/man;make;make install echo "==> update openssh finished. " > /root/postinstall_stage2.log #agent cd /usr tar zxvf netgainagent_v3.tar.gz echo "==>Uncompress netgainagent ok! " >> /root/postinstall_stage2.log #quagga #cd /usr #tar quagga-0.99.20.tar.gz #cd /usr/quagga-0.99.20 #./configure --prefix=/usr/local/quagga;make;make install #echo "===>update quagga finished. " >> /root/postinstall_stage2.log #chkconfig off chkconfig avahi-daemon off chkconfig yum-updatesd off chkconfig sendmail off chkconfig cups off chkconfig bluetooth off chkconfig autofs off chkconfig hidd off chkconfig atd off chkconfig nfslock off echo "==>services stop ok! " >> /root/postinstall_stage2.log #lock user passwd -l adm #passwd -l sync passwd -l shutdown passwd -l halt passwd -l mail passwd -l uucp passwd -l operator passwd -l games passwd -l gopher passwd -l ftp passwd -l news #set /etc/resolv.conf #cat >> /etc/resolv.conf << EOF #nameserver 218.241.99.50 #nameserver 218.241.118.144 #EOF #echo "==>Set OS DNS ok! " >> /root/postinstall_stage2.log #ntp cat >> /var/spool/cron/root << EOF * */2 * * * /usr/sbin/ntpdate ntp.cnnic.cn EOF echo "==>Set OS NTP ok! " >> /root/postinstall_stage2.log #profile echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/bashrc sed -i 's/m/m hostname:\n/' /etc/issue sed -i 's/^id:5:/id:3:/' /etc/inittab sed -i 's/022$/027/' /etc/bashrc #modify password complexity #prohibit the Control+Alt+Delete sed -i 's/^ca::ctrlaltdel/#&/' /etc/inittab #configure root login #Completeness of the security log echo 'authpriv.* /var/log/secure' >> /etc/syslog.conf #configure the remote log server mv /usr/openssh_5.0.tar.gz /root mv /usr/netgainagent_v4.tar.gz /root mv /usr/netgainagent_v3.tar.gz /root rm -fr /usr/openssh-5.0p1 rm -fr /usr/zlib-1.2.3 echo "Files have been moved and deleted. " >> /root/postinstall_stage2.log [root@galene conf]#
以下是生产环境中添加bond版本(只需加载之前的文件末尾即可):
sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-eth* sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth* sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth* sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-eth* cat >> /etc/modprobe.d/bonding.conf << EOF alias bond0 bonding options bond0 miimon=120 mode=1 EOF cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF BOOTPROTO=none MASTER=bond0 SLAVE=yes EOF cat >> /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF BOOTPROTO=none MASTER=bond0 SLAVE=yes EOF cat >> /etc/sysconfig/network-scripts/ifcfg-bond0 <<EOF DEVICE=bond0 ONBOOT=yes BOOTPROTO=static IPADDR= NETMASK= GATEWAY= EOF