kickstart一键装机部署
1.第一步安装DHCP
yum -y install dhcp
1.1配置修改文件
cat >> /etc/dhcp/dhcpd.conf <<END
subnet 172.16.1.0 netmask 255.255.255.0 {
range 172.16.1.100 172.16.1.200;
option subnet-mask 255.255.255.0;
default-lease-time ;
max-lease-time ;
next-server 172.16.1.61;
filename "/pxelinux.0";
}
END
#注释
range 172.16.1.120 172.16.1.200; # 可分配的起始IP-结束IP
option subnet-mask 255.255.255.0; # 设定netmask
default-lease-time ; # 设置默认的IP租用期限
max-lease-time ; # 设置最大的IP租用期限
next-server 172.16.1.61; # 告知客户端TFTP服务器的ip
filename "/pxelinux.0"; # 告知客户端从TFTP根目录下载pxelinux.0文件
2.第二步TFTP服务安装
yum -y install tftp-server
sed -i.ori '14s#yes#no#' /etc/xinetd.d/tftp
/etc/init.d/xinetd start
3.配置支持PXE的启动程序
yum -y install syslinux
cp /usr/share/syslinux/pxelinux. /var/lib/tftpboot/
4.安装httpd服务
yum -y install httpd #安装
sed -i "277i ServerName 127.0.0.1:80" /etc/httpd/conf/httpd.conf #sed修改配置文件
mkdir /var/www/html/CentOS6. #创建一个系统挂载目录
mount /dev/cdrom /var/www/html/CentOS6./ #挂载磁盘到系统文件目录
cp -a /var/www/html/CentOS6./isolinux/* /var/lib/tftpboot/ #复制系统配置文件到启动程序目录
mkdir -p /var/lib/tftpboot/pxelinux.cfg #创建启动文件
cp /var/www/html/CentOS6.9/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
5.配置编写启动文件和优化脚本
[root@m01 ks_config]# pwd
/var/www/html/ks_config
[root@m01 ks_config]# ls
CentOS-6.9-ks.cfg epel.repo optimization.sh sysctl.conf
CentOS-Base.repo hosts sshd_config
[root@m01 ks_config]#
1. 启动文件CentOS-6.9-ks.cfg
cat >/var/www/html/ks_config/CentOS-6.9-ks.cfg <<END
install
url --url="http://172.16.1.61/CentOS6.9/"
text
lang en_US.UTF-
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
network --bootproto=dhcp --device=eth1 --onboot=yes --noipv6 --hostname=CentOS6
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $$X20eRtuZhkHznTb4$dK0BJByOSAWSDD8jccLVFz0CscijS9ldMWwpoCw/ZEjYw2BTQYGWlgKsn945fFTjRC658UXjuocwJbAjVI5D6/
clearpart --all --initlabel
part /boot --fstype=ext4 --asprimary --size=
part swap --size=
part / --fstype=ext4 --grow --asprimary --size=
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot %packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet %post
wget -O /tmp/optimization.sh http://172.16.1.61/ks_config/optimization.sh &>/dev/null
/bin/sh /tmp/optimization.sh
%end
END
2. 优化脚本optimization.sh
[root@m01 ks_config]# cat optimization.sh
#!/bin/bash
. /etc/init.d/functions Ip=172.16.1.61
Port=
ConfigDir=ks_config # Judge Http server is ok?
PortNum=`nmap $Ip -p $Port >/dev/null|grep open|wc -l`
[ $PortNum -lt ] && {
echo "Http server is bad!"
exit
} # Defined result function
function Msg(){
if [ $? -eq ];then
action "$1" /bin/true
else
action "$1" /bin/false
fi
} # Defined IP function
function ConfigIP(){
Suffix=`ifconfig eth1|awk -F "[ .]+" 'NR==2 {print $6}'`
cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<-END
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=10.0..$Suffix
PREFIX=
GATEWAY=10.0.0.254
DNS1=10.0.0.254
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
END
Msg "config eth0"
cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<-END
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=172.16..$Suffix
PREFIX=
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth1"
END
Msg "config eth1"
} # Defined Yum source Functions
function yum(){
YumDir=/etc/yum.repos.d
[ -f "$YumDir/CentOS-Base.repo" ] && cp $YumDir/CentOS-Base.repo{,.ori}
wget -O $YumDir/CentOS-Base.repo http://$Ip:$Port/$ConfigDir/CentOS-Base.repo &>/dev/null &&\
wget -O $YumDir/epel.repo http://$Ip:$Port/$ConfigDir/epel.repo &>/dev/null &&\
Msg "YUM source"
} # Defined add Ordinary users Functions
function AddUser(){
useradd oldboy &>/dev/null &&\
echo ""|passwd --stdin oldboy &>/dev/null &&\
sed -i '98a oldboy ALL=(ALL) NOPASSWD:ALL' /etc/sudoers &&\
visudo -c &>/dev/null
Msg "AddUser oldboy"
} # Defined Hide the system version number Functions
function HideVersion(){
[ -f "/etc/issue" ] && >/etc/issue
Msg "Hide issue"
[ -f "/etc/issue.net" ] && > /etc/issue.net
Msg "Hide issue.net"
} # Defined SSHD config Functions
function sshd(){
SshdDir=/etc/ssh
[ -f "$SshdDir/sshd_config" ] && /bin/mv $SshdDir/sshd_config{,.ori}
wget -O $SshdDir/sshd_config http://$Ip:$Port/$ConfigDir/sshd_config &>/dev/null &&\
chmod $SshdDir/sshd_config
Msg "sshd config"
} # Defined OPEN FILES Functions
function openfiles(){
[ -f "/etc/security/limits.conf" ] && {
echo '* - nofile 65535' >> /etc/security/limits.conf
Msg "open files"
}
} # Defined Kernel parameters Functions
function kernel(){
KernelDir=/etc
[ -f "$KernelDir/sysctl.conf" ] && /bin/mv $KernelDir/sysctl.conf{,.ori}
wget -O $KernelDir/sysctl.conf http://$Ip:$Port/$ConfigDir/sysctl.conf &>/dev/null
Msg "Kernel config"
} # Defined hosts file Functions
function hosts(){
HostsDir=/etc
[ -f "$HostsDir/hosts" ] && /bin/mv $HostsDir/hosts{,.ori}
wget -O $HostsDir/hosts http://$Ip:$Port/$ConfigDir/hosts &>/dev/null
Msg "Hosts config"
} # Defined System Startup Services Functions
function boot(){
for oldboy in `chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "crond|network|rsyslog|sshd"`
do
chkconfig $oldboy off
done
Msg "BOOT config"
} # Defined Time Synchronization Functions
function Time(){
echo "#time sync by zhangyao at $(date +%F)" >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null' >>/var/spool/cron/root
Msg "Time Synchronization"
} # Defined main Functions
function main(){
ConfigIP
yum
#AddUser
HideVersion
#sshd
openfiles
kernel
hosts
boot
Time
} main
3.优化内核文件 sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, is disabled, is enabled. See sysctl() and
# sysctl.conf() for more details. # Controls IP packet forwarding
net.ipv4.ip_forward = # Controls source route verification
net.ipv4.conf.default.rp_filter = # Do not accept source routing
net.ipv4.conf.default.accept_source_route = # Controls the System Request debugging functionality of the kernel
kernel.sysrq = # Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = # Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = # Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables =
net.bridge.bridge-nf-call-iptables =
net.bridge.bridge-nf-call-arptables = # Controls the default maxmimum size of a mesage queue
kernel.msgmnb = # Controls the maximum size of a message, in bytes
kernel.msgmax = # Controls the maximum shared segment size, in bytes
kernel.shmmax = # Controls the maximum number of shared memory segments, in pages
kernel.shmall =
net.ipv4.tcp_fin_timeout =
net.ipv4.tcp_tw_reuse =
net.ipv4.tcp_tw_recycle =
net.ipv4.tcp_syncookies =
net.ipv4.tcp_keepalive_time =
net.ipv4.ip_local_port_range =
net.ipv4.tcp_max_syn_backlog =
net.ipv4.tcp_max_tw_buckets =
net.ipv4.route.gc_timeout =
net.ipv4.tcp_syn_retries =
net.ipv4.tcp_synack_retries =
net.core.somaxconn =
net.core.netdev_max_backlog =
net.ipv4.tcp_max_orphans =
[root@m01 ks_config]#
4. yum源文件
[root@m01 ks_config]# cat CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
# [base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6 #released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=
enabled=
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6 #contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
gpgcheck=
enabled=
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-6
5.epel源文件
[root@m01 ks_config]# cat epel.repo
[epel]
name=Extra Packages for Enterprise Linux - $basearch
baseurl=http://mirrors.aliyun.com/epel/6/$basearch
http://mirrors.aliyuncs.com/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=
gpgcheck=
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo]
name=Extra Packages for Enterprise Linux - $basearch - Debug
baseurl=http://mirrors.aliyun.com/epel/6/$basearch/debug
http://mirrors.aliyuncs.com/epel/6/$basearch/debug
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck= [epel-source]
name=Extra Packages for Enterprise Linux - $basearch - Source
baseurl=http://mirrors.aliyun.com/epel/6/SRPMS
http://mirrors.aliyuncs.com/epel/6/SRPMS
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=
6. ssh优化文件
[root@m01 ks_config]# cat sshd_config
# $OpenBSD: sshd_config,v 1.80 // :: djm Exp $ # This is the sshd server system-wide configuration file. See
# sshd_config() for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port
PermitRootLogin no
PermitEmptyPasswords no
UseDNS no
GSSAPIAuthentication no
#Port
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress :: # Disable legacy (protocol version ) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol
Protocol # HostKey for protocol version
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version server key
#KeyRegenerationInterval 1h
#ServerKeyBits # Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO # Authentication: #LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries
#MaxSessions #RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes # Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no # Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes # GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes # Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS #AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval
#ClientAliveCountMax
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups ::
#PermitTunnel no
#ChrootDirectory none # no default banner path
#Banner none # override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
[root@m01 ks_config]#
6.新建一个空白的虚拟机
纯机器不需要挂载镜像,选中所在的局域网所在的LAN区段
两个网卡DNS模式,其中一个选择LAN区段就ok
然后开机测试等待安装完成。
kickstart一键装机部署的更多相关文章
- Service系统服务(五):PXE基础装机环境、配置并验证DHCP服务、配置PXE引导、验证PXE网络装机、PXE+kickstart自动装机
一.PXE基础装机环境 目标: 本例要求为后续的PXE服务器构建提供RHEL7软件仓库,完成下列任务: 1> 在CentOS真机部署Web目录/var/www/html/rh7dvd 2&g ...
- 架构师成长之路2.3-PXE+Kickstart无人值守大量部署Linux
点击返回架构师成长之路 架构师成长之路2.3-PXE+Kickstart无人值守大量部署Linux 所谓的无人值守,就是自动应答,当安装过程中需要人机交互提供某些选项的答案时(如如何分区),自动应答文 ...
- 分布式实时日志系统(一)环境搭建之 Jstorm 集群搭建过程/Jstorm集群一键安装部署
最近公司业务数据量越来越大,以前的基于消息队列的日志系统越来越难以满足目前的业务量,表现为消息积压,日志延迟,日志存储日期过短,所以,我们开始着手要重新设计这块,业界已经有了比较成熟的流程,即基于流式 ...
- Docker的镜像制作与整套项目一键打包部署
Dockerfile常用指令介绍 指令 描述 FROM 构建的新镜像是基于哪个镜像.例如:FROM centos:6 MAINTAINER 镜像维护者姓名或邮箱地址.例如:MAINTAINER Mr. ...
- Asp.net Core Jenkins Docker 实现一键化部署
写在前面 在前段时间尝试过用Jenkins来进行asp.net core 程序在IIS上面的自动部署.大概的流程是Jenkins从git上获取代码 最开始Jenkins是放在Ubuntu的Docker ...
- Rancher2.x 一键式部署 Prometheus + Grafana 监控 Kubernetes 集群
目录 1.Prometheus & Grafana 介绍 2.环境.软件准备 3.Rancher 2.x 应用商店 4.一键式部署 Prometheus 5.验证 Prometheus + G ...
- 实践案例丨教你一键构建部署发布前端和Node.js服务
如何使用华为云服务一键构建部署发布前端和Node.js服务 构建部署,一直是一个很繁琐的过程 作为开发,最害怕遇到版本发布,特别是前.后端一起上线发布,项目又特别多的时候. 例如你有10个项目,前后端 ...
- 5分钟快速掌握Jenkins,项目一键自动部署
5分钟快速掌握Jenkins,项目一键自动部署 目录 前言 Jenkins是什么? Jenkins环境安装搭建 Jenkins基本使用介绍 Jenkins快速构建项目,项目自动化部署 学习总结 前言 ...
- DHCP\PXE+kickstart网络装机平台
DHCP概述及原理: DHCP地址分配的四次会话 DISCOVERY -****OFFER -REQUEST -ACK 服务端基本概念: 租期:允许客户机组用IP地址的时间期限,单位为秒 作用 ...
随机推荐
- LeetCode 3. 无重复字符的最长子串(Longest Substring Without Repeating Characters)
题目描述 给定一个字符串,找出不含有重复字符的最长子串的长度. 示例: 给定 "abcabcbb" ,没有重复字符的最长子串是 "abc" ,那么长度就是3. ...
- UTC日期转时间戳
网上的方法用mktime来转换日期到时间戳,会被当前环境的时区影响,现在这么做,用UTC的日期转时间戳这样要转换各地的时区也简单 unsigned long utcMktime(const unsig ...
- 百度地图api服务端根据经纬度得到地址
package com.haiyisoft.cAssistant.mapApi; import java.io.BufferedReader;import java.io.IOException;im ...
- C++面向对象实践
实践如下: class Person{ private: int age; ]; int hight; public: Person(int age, int hight, char* name); ...
- C#的语音识别 using System.Speech.Recognition;
using System; using System.Collections.Generic; using System.Linq; using System.Speech.Recognition; ...
- golang tcp keepalive实践
前文中已经介绍了TCP keep alive的做了详尽说明,本文结合golang,介绍如何使用TCP keep alive. 目前golang net包不提供TCP keep alive 空闲多长时间 ...
- leetcode 328 奇偶链表
更新代码: 开头检测是否需要调整(是否具有第三个节点) 使用三个ListNode* 变量记录奇偶链表的头尾headA,tailA为奇链表,headB为偶数链表,由于只需要最后令tailA->ne ...
- 第一篇 python数据类型
IO文件输出 问题1:Python如何实现print不换行? 默认情况下Python的print()函数是换行的,如 print("你好大成") print("!!!&q ...
- pip Fatal error in launcher: Unable to create process using '""'
如果你装了python2.7, python3.5, 在两个版本的兼容问题上折腾很久了, 通过修改环境变量, 能够出现下面的界面, 恭喜你, 暂时解决了一些问题, 哈哈
- ASP.NET MVC 开发随笔(二)
1.目前在局部视图中使用多个model时候,发现使用IEnumerable的时候,读取不了原来model的内容,所以采用List发现没问题 2. 如果想在JS中使用Razor,则需要在Razor添加& ...