上一篇博文:http://www.cnblogs.com/hjc4025/p/6918323.html

这篇文章是对之前博文的一点扩展和补充:

这里主要是在之前的基础上添加了一些自己制作好的程序,还有安装openssh7.5版本,直接全部包含在镜像中,并且设置一些自启动程序、DNS、还有计划任务之类的,都是利用ks.cfg文件的post字段后面定义的脚本实现的,在post的阶段中使用--nochroot 表示可以使用任何目录,而本阶段中的 / (根目录)是会自动挂在到/mnt/sysimage下,下面请看我的ks.cfg文件:

#platform=x86, AMD64, or Intel EM64T
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use CDROM installation media
cdrom
# Root password default is "redhat"
rootpw --iscrypted $1$n5Jfcfwa$//2gZpFMJypdiXEF8ld6O.
# System authorization information
auth --useshadow --passalgo=md5
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on –noipv6
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
ignoredisk --only-use=sda
part /boot --fstype="ext4" --size=1032
part swap --size=8300
part / --fstype="ext4" --grow --size=1
%packages
@additional-devel
@base
@compat-libraries
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@desktop-platform-devel
@development
@directory-client
@eclipse
@emacs
@fonts
@general-desktop
@graphical-admin-tools
@graphics
@input-methods
@internet-browser
@java-platform
@legacy-x
@network-file-system-client
@php
@performance
@perl-runtime
@print-client
@remote-desktop-clients
@system-management-snmp
@server-platform
@server-platform-devel
@server-policy
@system-admin-tools
@tex
@technical-writing
@virtualization
@virtualization-client
@virtualization-platform
@virtualization-tools
@web-server
@web-servlet
@workstation-policy
@x11
libgcrypt-devel
libXinerama-devel
openmotif-devel
libXmu-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
junit
libXau-devel
libXrandr-devel
popt-devel
gnome-python2-desktop
libdrm-devel
libxslt-devel
libglade2-devel
gnutls-devel
mtools
gdisk
pax
python-dmidecode
oddjob
wodim
sgpio
genisoimage
device-mapper-persistent-data
systemtap-client
abrt-gui
desktop-file-utils
ant
expect
rpmdevtools
python-six
jpackage-utils
rpmlint
samba-winbind
certmonger
pam_krb5
krb5-workstation
netpbm-progs
dcraw
openmotif
libXmu
libXp
php-odbc
php-pecl-memcache
php-xmlrpc
php-pecl-apc
php-ldap
php-soap
php-mysql
php-pgsql
perl-DBD-SQLite
net-snmp-python
net-snmp-perl
symlinks
rrdtool
pexpect
dtach
mc
xdelta
screen
tree
mgetty
hardlink
lshw
expect
conman
crypto-utils
scrub
rdist
vlock
rear
lsscsi
libvirt-java
perl-Sys-Virt
libguestfs-java
virt-v2v
libguestfs-tools
mod_authnz_pam
mod_auth_mysql
mod_auth_mellon
mod_auth_kerb
squid
mod_nss
mod_auth_pgsql
certmonger
mod_authz_ldap
mod_intercept_form_submit
perl-CGI-Session
perl-CGI
python-memcached
mod_revocator
perl-Cache-Memcached
memcached
mod_lookup_identity
libmemcached
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -o loop /dev/cdrom /mnt/source
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/openssh-7.5p1.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/openssl-1.0.1t.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/cn_node_yum.repo /mnt/sysimage/etc/yum.repos.d/cn_node_yum.repo_bak
cp /mnt/source/software/sdns_internel_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/sdns_internel_custom_yum.repo_bak
cp /mnt/source/software/test_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/test_custom_yum.repo_bak
cp /mnt/source/software/service_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/
umount -f /mnt/source
%post --log=/root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#openssl and openssh
cd /usr/local/
tar -xvf /usr/local/openssh-7.5p1.tar.gz
tar -xvf /usr/local/openssl-1.0.1t.tar.gz
rm -rf /usr/local/openssh-7.5p1.tar.gz
rm -rf /usr/local/openssl-1.0.1t.tar.gz
mv /usr/local/openssh-7.5p1/ /usr/local/openssh/
rm -rf /etc/init.d/sshd
rm -rf /etc/ssh/
rm -rf /etc/ssl/
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
rm -rf /usr/lib/openssl
cd /usr/local/openssl-1.0.1t/
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib64 shared zlib-dynamic
make depend
make
make MANDIR=/usr/share/man MANSUFFIX=ssl install
ldconfig -v
sed -i 's/OpenSSH_7.5/OpenSSH/' /usr/local/openssh/version.h
cd /usr/local/openssh/
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
make
make install
cp /usr/local/openssh/contrib/redhat/sshd.init /etc/init.d/sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init.d/sshd
chkconfig sshd on
echo "==>Update openssl ok!\n" >> /root/postinstall_stage2.log
#yum.repo.d
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
mv /etc/yum.repos.d/CentOS-Debuginfo.repo /etc/yum.repos.d/CentOS-Debuginfo.repo_bak
mv /etc/yum.repos.d/CentOS-fasttrack.repo /etc/yum.repos.d/CentOS-fasttrack.repo_bak
mv /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo_bak
mv /etc/yum.repos.d/CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault.repo_bak
#chkconfig
chkconfig iptables off
chkconfig cgconfig off
chkconfig cgdcbxd off
chkconfig abrtd off
chkconfig ip6tables off
chkconfig xinetd off
chkconfig virt-who off
chkconfig pppoe-server off
chkconfig postfix off
chkconfig lvm2-monitor off
chkconfig libvirtd off
chkconfig libvirt-guests off
chkconfig isdn off
chkconfig iscsid off
chkconfig iscsi off
chkconfig fcoe-target off
chkconfig fcoe off
chkconfig certmonger off
chkconfig bluetooth off
chkconfig NetworkManager off
#set /etc/resolv.conf
cat > /etc/resolv.conf << EOF
nameserver 218.241.99.50
nameserver 218.241.118.144
EOF
echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
*/3 * * * * /usr/sbin/ntpdate ntp.cnnic.cn && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.10.1.12 && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.20.2.53 && /sbin/hwclock -w
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#ifcfg-eth NetworkManager
sed -i 's@NM_CONTROLLED="yes"@NM_CONTROLLED="no"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@NM_CONTROLLED=yes@NM_CONTROLLED=no@' /etc/sysconfig/network-scripts/ifcfg-eth*
echo "==>Set OS NetworkManager ok!\n" >> /root/postinstall_stage2.log
#delete tar.gz file
rm -rf /usr/netgainagent_v3.tar.gz

这个里面包括使用了最新的openssh 7.5 还有 openssl1.01t 版本,里面也有一些走过的坑。。不过最终还是做出来了

以下是大神的原版:

[root@galene conf]# more  ks_ctos6.5_64.cfg
#Kickstart file automatically for CENTOS 6.3_x86_64
#####NEED TO MODIFY THESE CONFIGURATION#####
#Choose OS ISO
nfs --server=192.168.30.10 --dir=/centos6.5_64
#Network configuration
network --bootproto=dhcp --device=eth0 --onboot=on
#install "HP server" use this line /dev/cciss/c0d0
bootloader --location=mbr --driveorder=cciss/c0d0 --append="rhgb quiet"
#install "normal server" use this line /dev/sda
#bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
#########################################################################
install
lang en_US.UTF-8
key --skip
keyboard us
text
xconfig --startxonboot
timezone Asia/Shanghai
rootpw --iscrypted $1$z2qCmGJm$qseyjZU7ahSaUk/hebBcZ0
zerombr yes
authconfig --enableshadow --enablemd5
selinux --disabled
reboot
clearpart --all
part /boot --fstype="ext4" --size=100 --asprimary
part swap --size=32000
part / --fstype="ext4" --grow --size=1
#part /home --fstype="ext4" --grow --size=1
network --bootproto=dhcp --device=eth0 --onboot=yes
#Firewall configuration
firewall --enabled --port=22:tcp --port=1801:tcp --port=1850:tcp
#Package install information
%packages
@base
@client-mgmt-tools
@console-internet
@core
@debugging
@development
@directory-client
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
@system-management-snmp
@server-platform
@server-policy
pax
oddjob
sgpio
jpackage-utils
certmonger
pam_krb5
krb5-workstation
perl-DBD-SQLite
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -t nfs 192.168.30.10:/osinstall /mnt/source -o nolock,udp
cp /mnt/source/software/openssh_5.0.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/quagga-0.99.20.tar.gz /mnt/sysimage/usr
umount -f /mnt/source
rmdir /mnt/source
%post --log=/root/postinstall_stage2.log
cd /usr
tar zxvf openssh_5.0.tar.gz
cd /usr/zlib-1.2.3
./configure;make;make install
mv /etc/ssh /etc/ssh.bak
cd /usr/openssh-5.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/
usr/share/man;make;make install
echo "==> update openssh finished.\n" > /root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#quagga
#cd /usr
#tar quagga-0.99.20.tar.gz
#cd /usr/quagga-0.99.20
#./configure --prefix=/usr/local/quagga;make;make install
#echo "===>update quagga finished.\n " >> /root/postinstall_stage2.log
#chkconfig off
chkconfig avahi-daemon off
chkconfig yum-updatesd off
chkconfig sendmail off
chkconfig cups off
chkconfig bluetooth off
chkconfig autofs off
chkconfig hidd off
chkconfig atd off
chkconfig nfslock off
echo "==>services stop ok!\n" >> /root/postinstall_stage2.log
#lock user
passwd -l adm
#passwd -l sync
passwd -l shutdown
passwd -l halt
passwd -l mail
passwd -l uucp
passwd -l operator
passwd -l games
passwd -l gopher
passwd -l ftp
passwd -l news
#set /etc/resolv.conf
#cat >> /etc/resolv.conf << EOF
#nameserver 218.241.99.50
#nameserver 218.241.118.144
#EOF
#echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
* */2 * * * /usr/sbin/ntpdate ntp.cnnic.cn
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#profile
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/bashrc
sed -i 's/m/m hostname:\\n/' /etc/issue
sed -i 's/^id:5:/id:3:/' /etc/inittab
sed -i 's/022$/027/' /etc/bashrc
#modify password complexity
#prohibit the Control+Alt+Delete
sed -i 's/^ca::ctrlaltdel/#&/' /etc/inittab
#configure root login
#Completeness of the security log
echo 'authpriv.* /var/log/secure' >> /etc/syslog.conf
#configure the remote log server
mv /usr/openssh_5.0.tar.gz /root
mv /usr/netgainagent_v4.tar.gz /root
mv /usr/netgainagent_v3.tar.gz /root
rm -fr /usr/openssh-5.0p1
rm -fr /usr/zlib-1.2.3
echo "Files have been moved and deleted.\n" >> /root/postinstall_stage2.log
[root@galene conf]#

 以下是生产环境中添加bond版本(只需加载之前的文件末尾即可):

sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-eth*
cat >> /etc/modprobe.d/bonding.conf << EOF
alias bond0 bonding
options bond0 miimon=120 mode=1
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-bond0 <<EOF
DEVICE=bond0
ONBOOT=yes
BOOTPROTO=static
IPADDR=
NETMASK=
GATEWAY=
EOF

linux定制的补充的更多相关文章

  1. Linux 定制X86平台操作系统

    /********************************************************************************* * Linux 定制X86平台操作 ...

  2. linux 定制

    转载至http://luyafei.blog.51cto.com/1092421/1131532 测试环境: VMware Workstation 8.0 CentOS 6.7 x86_64 1.安装 ...

  3. linux常用命令补充

    linux补充 apt 是在我们Linux系统安装软件 pip 用来安装python3的模块(第三方库)  ps # 查看运行进程(pid) ps aux # 查看全部任务进程 top # 也可以查看 ...

  4. Linux定制化RPM包

    定制化RPM包 1.Linux安装软件方法 1- rpm/yum安装 简单.速度快,但是不能定制安装 RPM RedHat Package Manager(RPM软件包管理器) 2- 二进制安装 解压 ...

  5. 笔记:Linux用户管理(补充)、权限管理、内存管理、网络管理、渗透常用命令

    一.用户管理(补充) 添加用户:useradd [选项] 用户名 useradd -u 5000 -g demogroup -G root -d /home/demo -s /bin/bash dem ...

  6. linux定制

    http://cc.bingj.com/cache.aspx?q=OpenEmbedded+clfs&d=4706495287069596&mkt=zh-CN&setlang= ...

  7. linux高级编程补充知识

    F: 计算机系统结构: ------------------------------- 应用程序 ----------------- |  库函数 -------------------------- ...

  8. Linux之定时任务补充

    定时任务两实例 例1: 每分钟打印一次自己的名字拼音全拼到“/server/log/自己的名字命名的文件”中. [root@chengliang log]# mkdir -p /server/log/ ...

  9. linux常用命令补充详细

    1.ls命令 就是list的缩写,通过ls 命令不仅可以查看linux文件夹包含的文件,而且可以查看文件权限(包括目录.文件夹.文件权限)查看目录信息等等 常用参数搭配: ls -a 列出目录所有文 ...

随机推荐

  1. 服务监控Zabbix和Nagios的继任者

    本文转载自:https://blog.csdn.net/moonpure/article/details/78633668 为了调研市场,从而做出更好的监控工具,David Gildeh 曾采访了超过 ...

  2. RPCServiceClient-调用webservice客户端

    import javax.xml.namespace.QName; import org.apache.axis2.AxisFault; import org.apache.axis2.address ...

  3. kubernetes 学习 创建cronjob

    POM.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns="htt ...

  4. 线性表的链式存储——C语言实现

    SeqList.h #ifndef _WBM_LIST_H_ #define _WBM_LIST_H_ typedef void List; typedef void ListNode; //创建并且 ...

  5. java 多线程系列基础篇(十一)之生产消费者问题

    1. 生产/消费者模型 生产/消费者问题是个非常典型的多线程问题,涉及到的对象包括“生产者”.“消费者”.“仓库”和“产品”.他们之间的关系如下:(01) 生产者仅仅在仓储未满时候生产,仓满则停止生产 ...

  6. 监控和安全运维 1.6 nagios监控客户端-2

    6. 继续添加服务服务端 vim /etc/nagios/objects/commands.cfg 增加: define command{ command_name check_nrpe comman ...

  7. Excel向数据库插入数据和数据库向Excel导出数据

    为了熟悉java里工作簿的相关知识点,所以找了“Excel向数据库插入数据和数据库向Excel导出数据”的功能来实现. 注意事项:1,mysql数据库: 2,需要导入的jar包有 jxl.jar,my ...

  8. VUE简单入门

    Vue.js是当下很火的一个JavaScript MVVM库,它是以数据驱动和组件化的思想构建的.相比于Angular.js,Vue.js提供了更加简洁.更易于理解的API,使得我们能够快速地上手并使 ...

  9. Mac系统下MySql下载MySQL5.7及详细安装流程

    一.在浏览器当中输入以下地址 https://dev.mysql.com/downloads/mysql/    二.进入以下界面:直接点击下面位置 ,选择跳过登录 点过这后直接下载. 三.下载完成后 ...

  10. JAVA基础知识总结10(包类)

    包:定义包用package关键字. 1:对类文件进行分类管理. 2:给类文件提供多层名称空间. 如果生成的包不在当前目录下,需要最好执行classpath,将包所在父目录定义到classpath变量中 ...