linux定制的补充
上一篇博文:http://www.cnblogs.com/hjc4025/p/6918323.html
这篇文章是对之前博文的一点扩展和补充:
这里主要是在之前的基础上添加了一些自己制作好的程序,还有安装openssh7.5版本,直接全部包含在镜像中,并且设置一些自启动程序、DNS、还有计划任务之类的,都是利用ks.cfg文件的post字段后面定义的脚本实现的,在post的阶段中使用--nochroot 表示可以使用任何目录,而本阶段中的 / (根目录)是会自动挂在到/mnt/sysimage下,下面请看我的ks.cfg文件:
#platform=x86, AMD64, or Intel EM64T
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use CDROM installation media
cdrom
# Root password default is "redhat"
rootpw --iscrypted $1$n5Jfcfwa$//2gZpFMJypdiXEF8ld6O.
# System authorization information
auth --useshadow --passalgo=md5
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on –noipv6
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
ignoredisk --only-use=sda
part /boot --fstype="ext4" --size=1032
part swap --size=8300
part / --fstype="ext4" --grow --size=1
%packages
@additional-devel
@base
@compat-libraries
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@desktop-platform-devel
@development
@directory-client
@eclipse
@emacs
@fonts
@general-desktop
@graphical-admin-tools
@graphics
@input-methods
@internet-browser
@java-platform
@legacy-x
@network-file-system-client
@php
@performance
@perl-runtime
@print-client
@remote-desktop-clients
@system-management-snmp
@server-platform
@server-platform-devel
@server-policy
@system-admin-tools
@tex
@technical-writing
@virtualization
@virtualization-client
@virtualization-platform
@virtualization-tools
@web-server
@web-servlet
@workstation-policy
@x11
libgcrypt-devel
libXinerama-devel
openmotif-devel
libXmu-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
junit
libXau-devel
libXrandr-devel
popt-devel
gnome-python2-desktop
libdrm-devel
libxslt-devel
libglade2-devel
gnutls-devel
mtools
gdisk
pax
python-dmidecode
oddjob
wodim
sgpio
genisoimage
device-mapper-persistent-data
systemtap-client
abrt-gui
desktop-file-utils
ant
expect
rpmdevtools
python-six
jpackage-utils
rpmlint
samba-winbind
certmonger
pam_krb5
krb5-workstation
netpbm-progs
dcraw
openmotif
libXmu
libXp
php-odbc
php-pecl-memcache
php-xmlrpc
php-pecl-apc
php-ldap
php-soap
php-mysql
php-pgsql
perl-DBD-SQLite
net-snmp-python
net-snmp-perl
symlinks
rrdtool
pexpect
dtach
mc
xdelta
screen
tree
mgetty
hardlink
lshw
expect
conman
crypto-utils
scrub
rdist
vlock
rear
lsscsi
libvirt-java
perl-Sys-Virt
libguestfs-java
virt-v2v
libguestfs-tools
mod_authnz_pam
mod_auth_mysql
mod_auth_mellon
mod_auth_kerb
squid
mod_nss
mod_auth_pgsql
certmonger
mod_authz_ldap
mod_intercept_form_submit
perl-CGI-Session
perl-CGI
python-memcached
mod_revocator
perl-Cache-Memcached
memcached
mod_lookup_identity
libmemcached
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -o loop /dev/cdrom /mnt/source
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/openssh-7.5p1.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/openssl-1.0.1t.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/cn_node_yum.repo /mnt/sysimage/etc/yum.repos.d/cn_node_yum.repo_bak
cp /mnt/source/software/sdns_internel_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/sdns_internel_custom_yum.repo_bak
cp /mnt/source/software/test_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/test_custom_yum.repo_bak
cp /mnt/source/software/service_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/
umount -f /mnt/source
%post --log=/root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#openssl and openssh
cd /usr/local/
tar -xvf /usr/local/openssh-7.5p1.tar.gz
tar -xvf /usr/local/openssl-1.0.1t.tar.gz
rm -rf /usr/local/openssh-7.5p1.tar.gz
rm -rf /usr/local/openssl-1.0.1t.tar.gz
mv /usr/local/openssh-7.5p1/ /usr/local/openssh/
rm -rf /etc/init.d/sshd
rm -rf /etc/ssh/
rm -rf /etc/ssl/
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
rm -rf /usr/lib/openssl
cd /usr/local/openssl-1.0.1t/
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib64 shared zlib-dynamic
make depend
make
make MANDIR=/usr/share/man MANSUFFIX=ssl install
ldconfig -v
sed -i 's/OpenSSH_7.5/OpenSSH/' /usr/local/openssh/version.h
cd /usr/local/openssh/
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
make
make install
cp /usr/local/openssh/contrib/redhat/sshd.init /etc/init.d/sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init.d/sshd
chkconfig sshd on
echo "==>Update openssl ok!\n" >> /root/postinstall_stage2.log
#yum.repo.d
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
mv /etc/yum.repos.d/CentOS-Debuginfo.repo /etc/yum.repos.d/CentOS-Debuginfo.repo_bak
mv /etc/yum.repos.d/CentOS-fasttrack.repo /etc/yum.repos.d/CentOS-fasttrack.repo_bak
mv /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo_bak
mv /etc/yum.repos.d/CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault.repo_bak
#chkconfig
chkconfig iptables off
chkconfig cgconfig off
chkconfig cgdcbxd off
chkconfig abrtd off
chkconfig ip6tables off
chkconfig xinetd off
chkconfig virt-who off
chkconfig pppoe-server off
chkconfig postfix off
chkconfig lvm2-monitor off
chkconfig libvirtd off
chkconfig libvirt-guests off
chkconfig isdn off
chkconfig iscsid off
chkconfig iscsi off
chkconfig fcoe-target off
chkconfig fcoe off
chkconfig certmonger off
chkconfig bluetooth off
chkconfig NetworkManager off
#set /etc/resolv.conf
cat > /etc/resolv.conf << EOF
nameserver 218.241.99.50
nameserver 218.241.118.144
EOF
echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
*/3 * * * * /usr/sbin/ntpdate ntp.cnnic.cn && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.10.1.12 && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.20.2.53 && /sbin/hwclock -w
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#ifcfg-eth NetworkManager
sed -i 's@NM_CONTROLLED="yes"@NM_CONTROLLED="no"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@NM_CONTROLLED=yes@NM_CONTROLLED=no@' /etc/sysconfig/network-scripts/ifcfg-eth*
echo "==>Set OS NetworkManager ok!\n" >> /root/postinstall_stage2.log
#delete tar.gz file
rm -rf /usr/netgainagent_v3.tar.gz
这个里面包括使用了最新的openssh 7.5 还有 openssl1.01t 版本,里面也有一些走过的坑。。不过最终还是做出来了
以下是大神的原版:
[root@galene conf]# more ks_ctos6.5_64.cfg
#Kickstart file automatically for CENTOS 6.3_x86_64
#####NEED TO MODIFY THESE CONFIGURATION#####
#Choose OS ISO
nfs --server=192.168.30.10 --dir=/centos6.5_64
#Network configuration
network --bootproto=dhcp --device=eth0 --onboot=on
#install "HP server" use this line /dev/cciss/c0d0
bootloader --location=mbr --driveorder=cciss/c0d0 --append="rhgb quiet"
#install "normal server" use this line /dev/sda
#bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
#########################################################################
install
lang en_US.UTF-8
key --skip
keyboard us
text
xconfig --startxonboot
timezone Asia/Shanghai
rootpw --iscrypted $1$z2qCmGJm$qseyjZU7ahSaUk/hebBcZ0
zerombr yes
authconfig --enableshadow --enablemd5
selinux --disabled
reboot
clearpart --all
part /boot --fstype="ext4" --size=100 --asprimary
part swap --size=32000
part / --fstype="ext4" --grow --size=1
#part /home --fstype="ext4" --grow --size=1
network --bootproto=dhcp --device=eth0 --onboot=yes
#Firewall configuration
firewall --enabled --port=22:tcp --port=1801:tcp --port=1850:tcp
#Package install information
%packages
@base
@client-mgmt-tools
@console-internet
@core
@debugging
@development
@directory-client
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
@system-management-snmp
@server-platform
@server-policy
pax
oddjob
sgpio
jpackage-utils
certmonger
pam_krb5
krb5-workstation
perl-DBD-SQLite
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -t nfs 192.168.30.10:/osinstall /mnt/source -o nolock,udp
cp /mnt/source/software/openssh_5.0.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/quagga-0.99.20.tar.gz /mnt/sysimage/usr
umount -f /mnt/source
rmdir /mnt/source
%post --log=/root/postinstall_stage2.log
cd /usr
tar zxvf openssh_5.0.tar.gz
cd /usr/zlib-1.2.3
./configure;make;make install
mv /etc/ssh /etc/ssh.bak
cd /usr/openssh-5.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/
usr/share/man;make;make install
echo "==> update openssh finished.\n" > /root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#quagga
#cd /usr
#tar quagga-0.99.20.tar.gz
#cd /usr/quagga-0.99.20
#./configure --prefix=/usr/local/quagga;make;make install
#echo "===>update quagga finished.\n " >> /root/postinstall_stage2.log
#chkconfig off
chkconfig avahi-daemon off
chkconfig yum-updatesd off
chkconfig sendmail off
chkconfig cups off
chkconfig bluetooth off
chkconfig autofs off
chkconfig hidd off
chkconfig atd off
chkconfig nfslock off
echo "==>services stop ok!\n" >> /root/postinstall_stage2.log
#lock user
passwd -l adm
#passwd -l sync
passwd -l shutdown
passwd -l halt
passwd -l mail
passwd -l uucp
passwd -l operator
passwd -l games
passwd -l gopher
passwd -l ftp
passwd -l news
#set /etc/resolv.conf
#cat >> /etc/resolv.conf << EOF
#nameserver 218.241.99.50
#nameserver 218.241.118.144
#EOF
#echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
* */2 * * * /usr/sbin/ntpdate ntp.cnnic.cn
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#profile
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/bashrc
sed -i 's/m/m hostname:\\n/' /etc/issue
sed -i 's/^id:5:/id:3:/' /etc/inittab
sed -i 's/022$/027/' /etc/bashrc
#modify password complexity
#prohibit the Control+Alt+Delete
sed -i 's/^ca::ctrlaltdel/#&/' /etc/inittab
#configure root login
#Completeness of the security log
echo 'authpriv.* /var/log/secure' >> /etc/syslog.conf
#configure the remote log server
mv /usr/openssh_5.0.tar.gz /root
mv /usr/netgainagent_v4.tar.gz /root
mv /usr/netgainagent_v3.tar.gz /root
rm -fr /usr/openssh-5.0p1
rm -fr /usr/zlib-1.2.3
echo "Files have been moved and deleted.\n" >> /root/postinstall_stage2.log
[root@galene conf]#
以下是生产环境中添加bond版本(只需加载之前的文件末尾即可):
sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-eth*
cat >> /etc/modprobe.d/bonding.conf << EOF
alias bond0 bonding
options bond0 miimon=120 mode=1
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-bond0 <<EOF
DEVICE=bond0
ONBOOT=yes
BOOTPROTO=static
IPADDR=
NETMASK=
GATEWAY=
EOF
linux定制的补充的更多相关文章
- Linux 定制X86平台操作系统
/********************************************************************************* * Linux 定制X86平台操作 ...
- linux 定制
转载至http://luyafei.blog.51cto.com/1092421/1131532 测试环境: VMware Workstation 8.0 CentOS 6.7 x86_64 1.安装 ...
- linux常用命令补充
linux补充 apt 是在我们Linux系统安装软件 pip 用来安装python3的模块(第三方库) ps # 查看运行进程(pid) ps aux # 查看全部任务进程 top # 也可以查看 ...
- Linux定制化RPM包
定制化RPM包 1.Linux安装软件方法 1- rpm/yum安装 简单.速度快,但是不能定制安装 RPM RedHat Package Manager(RPM软件包管理器) 2- 二进制安装 解压 ...
- 笔记:Linux用户管理(补充)、权限管理、内存管理、网络管理、渗透常用命令
一.用户管理(补充) 添加用户:useradd [选项] 用户名 useradd -u 5000 -g demogroup -G root -d /home/demo -s /bin/bash dem ...
- linux定制
http://cc.bingj.com/cache.aspx?q=OpenEmbedded+clfs&d=4706495287069596&mkt=zh-CN&setlang= ...
- linux高级编程补充知识
F: 计算机系统结构: ------------------------------- 应用程序 ----------------- | 库函数 -------------------------- ...
- Linux之定时任务补充
定时任务两实例 例1: 每分钟打印一次自己的名字拼音全拼到“/server/log/自己的名字命名的文件”中. [root@chengliang log]# mkdir -p /server/log/ ...
- linux常用命令补充详细
1.ls命令 就是list的缩写,通过ls 命令不仅可以查看linux文件夹包含的文件,而且可以查看文件权限(包括目录.文件夹.文件权限)查看目录信息等等 常用参数搭配: ls -a 列出目录所有文 ...
随机推荐
- inotify 同步脚本
#!/bin/bash path1=/home/htoa/tomcat/webapps/ROOT/htoa/ ip=192.168.30.13 /usr/bin/inotifywait -mrq -- ...
- 虚拟环境中的django及相关包安装
1.先进入虚拟环境 pyenv activate virtualenvname. 2.安装django软件包 安装命令: pip install django==1.7 查看安装结果: python ...
- (转)c# Linq及Lamda表达式应用经验之 GroupBy 分组
本文转载自:http://www.cnblogs.com/han1982/p/4138163.html 示例1: GroupBy 分组在List<>泛型中的应用 原表: 按姓名Nam 分组 ...
- spring之:XmlWebApplicationContext作为Spring Web应用的IoC容器,实例化和加载Bean的过程
它既是 DispatcherServlet 的 (WebApplicationContext)默认策略,又是 ContextLoaderListener 创建 root WebApplicationC ...
- 无法删除image报rbd: error: image still has watchers解决方法
标签(空格分隔): ceph,ceph运维,rbd 解决思路: 在Ceph集群日常运维中,管理员可能会遇到有的image删除不了的情况: 1) 由于image下有快照信息,只需要先将快照信息清除,然后 ...
- idea右键单击没有 svn选项处理办法
问题一: IntelliJ IDEA打开带SVN信息的项目不显示SVN信息,项目右键SVN以及图标还有Changes都不显示解决方法 在VCS菜单中有个开关,叫Enabled Version Cont ...
- bash姿势-没有管道符执行结果相同于管道符
听起来比较别口: 直接看代码: shell如下: [root@sevck_linux ~]# </etc/passwd grep root root:x:::root:/root:/bin/ba ...
- [hdu4333]Revolving Digits
/*注意注意:本题非hdu4333原题,而是简化版,原版有多组数据.但此代码在修改输入后依旧可以通过多组数据*/ 给出一个数字串,问有多少本质不同同构串比原串小,一样,大.同构串是指,对于原串S[1- ...
- Excel向数据库插入数据和数据库向Excel导出数据
为了熟悉java里工作簿的相关知识点,所以找了“Excel向数据库插入数据和数据库向Excel导出数据”的功能来实现. 注意事项:1,mysql数据库: 2,需要导入的jar包有 jxl.jar,my ...
- 关于EF中实体和数据表以及查询语句映射的问题
关于EF中实体和数据表以及查询语句映射的问题? 很多人在使用的时候分不清楚 实体字段应该少于等于(数据库中的表字段或者SQL查询中的临时字段).这样在查询或者添加修改都不会出现问题 如果实体的字段大于 ...