1.第一步安装DHCP
yum -y install dhcp
1.1配置修改文件
cat >> /etc/dhcp/dhcpd.conf <<END subnet 172.16.1.0 netmask 255.255.255.0 { range 172.16.1.100 172.16.1.200; option subnet-mask 255.255.255.0; default-lease-time 21600; max-lease-time 43200; next-server 172.16.1.61; filename "/pxelinux.0"; } END #注释 range 172.16.1.120 172.16.1.200; # 可分配的起始IP-结束IP option subnet-mask 255.255.255.0; # 设定netmask default-lease-time 21600; # 设置默认的IP租用期限 max-lease-time 43200; # 设置最大的IP租用期限 next-server 172.16.1.61; # 告知客户端TFTP服务器的ip filename "/pxelinux.0"; # 告知客户端从TFTP根目录下载pxelinux.0文件
2.第二步TFTP服务安装
yum -y install tftp-server sed -i.ori '14s#yes#no#' /etc/xinetd.d/tftp /etc/init.d/xinetd start
3.配置支持PXE的启动程序
yum -y install syslinux cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
4.安装httpd服务
yum -y install httpd #安装 sed -i "277i ServerName 127.0.0.1:80" /etc/httpd/conf/httpd.conf #sed修改配置文件 mkdir /var/www/html/CentOS6.9 #创建一个系统挂载目录 mount /dev/cdrom /var/www/html/CentOS6.9/ #挂载磁盘到系统文件目录 cp -a /var/www/html/CentOS6.9/isolinux/* /var/lib/tftpboot/ #复制系统配置文件到启动程序目录 mkdir -p /var/lib/tftpboot/pxelinux.cfg #创建启动文件 cp /var/www/html/CentOS6.9/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
5.配置编写启动文件和优化脚本
[root@m01 ks_config]# pwd /var/www/html/ks_config [root@m01 ks_config]# ls CentOS-6.9-ks.cfg epel.repo optimization.sh sysctl.conf CentOS-Base.repo hosts sshd_config [root@m01 ks_config]#
1. 启动文件CentOS-6.9-ks.cfg
cat >/var/www/html/ks_config/CentOS-6.9-ks.cfg <<END install url --url="http://172.16.1.61/CentOS6.9/" text lang en_US.UTF-8 keyboard us zerombr bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet" network --bootproto=dhcp --device=eth1 --onboot=yes --noipv6 --hostname=CentOS6 timezone --utc Asia/Shanghai authconfig --enableshadow --passalgo=sha512 rootpw --iscrypted $6$X20eRtuZhkHznTb4$dK0BJByOSAWSDD8jccLVFz0CscijS9ldMWwpoCw/ZEjYw2BTQYGWlgKsn945fFTjRC658UXjuocwJbAjVI5D6/ clearpart --all --initlabel part /boot --fstype=ext4 --asprimary --size=200 part swap --size=1024 part / --fstype=ext4 --grow --asprimary --size=200 firstboot --disable selinux --disabled firewall --disabled logging --level=info reboot %packages @base @compat-libraries @debugging @development tree nmap sysstat lrzsz dos2unix telnet %post wget -O /tmp/optimization.sh http://172.16.1.61/ks_config/optimization.sh &>/dev/null /bin/sh /tmp/optimization.sh %end END
2. 优化脚本optimization.sh
[root@m01 ks_config]# cat optimization.sh #!/bin/bash . /etc/init.d/functions Ip=172.16.1.61 Port=80 ConfigDir=ks_config # Judge Http server is ok? PortNum=`nmap $Ip -p $Port 2>/dev/null|grep open|wc -l` [ $PortNum -lt 1 ] && { echo "Http server is bad!" exit 1 } # Defined result function function Msg(){ if [ $? -eq 0 ];then action "$1" /bin/true else action "$1" /bin/false fi } # Defined IP function function ConfigIP(){ Suffix=`ifconfig eth1|awk -F "[ .]+" 'NR==2 {print $6}'` cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<-END DEVICE=eth0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none IPADDR=10.0.0.$Suffix PREFIX=24 GATEWAY=10.0.0.254 DNS1=10.0.0.254 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME="System eth0" END Msg "config eth0" cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<-END DEVICE=eth1 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=none IPADDR=172.16.1.$Suffix PREFIX=24 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME="System eth1" END Msg "config eth1" } # Defined Yum source Functions function yum(){ YumDir=/etc/yum.repos.d [ -f "$YumDir/CentOS-Base.repo" ] && cp $YumDir/CentOS-Base.repo{,.ori} wget -O $YumDir/CentOS-Base.repo http://$Ip:$Port/$ConfigDir/CentOS-Base.repo &>/dev/null && wget -O $YumDir/epel.repo http://$Ip:$Port/$ConfigDir/epel.repo &>/dev/null && Msg "YUM source" } # Defined add Ordinary users Functions function AddUser(){ useradd oldboy &>/dev/null && echo "123456"|passwd --stdin oldboy &>/dev/null && sed -i '98a oldboy ALL=(ALL) NOPASSWD:ALL' /etc/sudoers && visudo -c &>/dev/null Msg "AddUser oldboy" } # Defined Hide the system version number Functions function HideVersion(){ [ -f "/etc/issue" ] && >/etc/issue Msg "Hide issue" [ -f "/etc/issue.net" ] && > /etc/issue.net Msg "Hide issue.net" } # Defined SSHD config Functions function sshd(){ SshdDir=/etc/ssh [ -f "$SshdDir/sshd_config" ] && /bin/mv $SshdDir/sshd_config{,.ori} wget -O $SshdDir/sshd_config http://$Ip:$Port/$ConfigDir/sshd_config &>/dev/null && chmod 600 $SshdDir/sshd_config Msg "sshd config" } # Defined OPEN FILES Functions function openfiles(){ [ -f "/etc/security/limits.conf" ] && { echo '* - nofile 65535' >> /etc/security/limits.conf Msg "open files" } } # Defined Kernel parameters Functions function kernel(){ KernelDir=/etc [ -f "$KernelDir/sysctl.conf" ] && /bin/mv $KernelDir/sysctl.conf{,.ori} wget -O $KernelDir/sysctl.conf http://$Ip:$Port/$ConfigDir/sysctl.conf &>/dev/null Msg "Kernel config" } # Defined hosts file Functions function hosts(){ HostsDir=/etc [ -f "$HostsDir/hosts" ] && /bin/mv $HostsDir/hosts{,.ori} wget -O $HostsDir/hosts http://$Ip:$Port/$ConfigDir/hosts &>/dev/null Msg "Hosts config" } # Defined System Startup Services Functions function boot(){ for oldboy in `chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "crond|network|rsyslog|sshd"` do chkconfig $oldboy off done Msg "BOOT config" } # Defined Time Synchronization Functions function Time(){ echo "#time sync by zhangyao at $(date +%F)" >>/var/spool/cron/root echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null' >>/var/spool/cron/root Msg "Time Synchronization" } # Defined main Functions function main(){ ConfigIP yum #AddUser HideVersion #sshd openfiles kernel hosts boot Time } main
3.优化内核文件 sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time = 600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_syn_backlog = 16384 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 [root@m01 ks_config]#
4. yum源文件
[root@m01 ks_config]# cat CentOS-Base.repo # CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # [base] name=CentOS-$releasever - Base - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6 #released updates [updates] name=CentOS-$releasever - Updates - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/ http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
5.epel源文件
[root@m01 ks_config]# cat epel.repo [epel] name=Extra Packages for Enterprise Linux 6 - $basearch baseurl=http://mirrors.aliyun.com/epel/6/$basearch http://mirrors.aliyuncs.com/epel/6/$basearch #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo] name=Extra Packages for Enterprise Linux 6 - $basearch - Debug baseurl=http://mirrors.aliyun.com/epel/6/$basearch/debug http://mirrors.aliyuncs.com/epel/6/$basearch/debug #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=0 [epel-source] name=Extra Packages for Enterprise Linux 6 - $basearch - Source baseurl=http://mirrors.aliyun.com/epel/6/SRPMS http://mirrors.aliyuncs.com/epel/6/SRPMS #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=0
6. ssh优化文件
[root@m01 ks_config]# cat sshd_config # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 52113 PermitRootLogin no PermitEmptyPasswords no UseDNS no GSSAPIAuthentication no #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # Disable legacy (protocol version 1) support in the server for new # installations. In future the default will change to require explicit # activation of protocol 1 Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys #AuthorizedKeysCommand none #AuthorizedKeysCommandRunAs nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no #KerberosUseKuserok yes # GSSAPI options #GSSAPIAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no UsePAM yes # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #ShowPatchLevel no #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none # no default banner path #Banner none # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # ForceCommand cvs server [root@m01 ks_config]#
6.新建一个空白的虚拟机
纯机器不需要挂载镜像,选中所在的局域网所在的LAN区段
两个网卡DNS模式,其中一个选择LAN区段就ok
然后开机测试等待安装完成。