To be a better coder
分类: LINUX
2018-08-28 19:18:49
这篇文章是对之前博文的一点扩展和补充:
这里主要是在之前的基础上添加了一些自己制作好的程序,还有安装openssh7.5版本,直接全部包含在镜像中,并且设置一些自启动程序、DNS、还有计划任务之类的,都是利用ks.cfg文件的post字段后面定义的脚本实现的,在post的阶段中使用--nochroot 表示可以使用任何目录,而本阶段中的 / (根目录)是会自动挂在到/mnt/sysimage下,下面请看我的ks.cfg文件:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
|
#platform=x86, AMD64, or Intel EM64T
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use CDROM installation media
cdrom
# Root password default is "redhat"
rootpw --iscrypted $1$n5Jfcfwa$//2gZpFMJypdiXEF8ld6O.
# System authorization information
auth --useshadow --passalgo=md5
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on –noipv6
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
ignoredisk --only-use=sda
part /boot --fstype="ext4" --size=1032
part swap --size=8300
part / --fstype="ext4" --grow --size=1
%packages
@additional-devel
@base
@compat-libraries
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@desktop-platform-devel
@development
@directory-client
@eclipse
@emacs
@fonts
@general-desktop
@graphical-admin-tools
@graphics
@input-methods
@internet-browser
@java-platform
@legacy-x
@network-file-system-client
@php
@performance
@perl-runtime
@print-client
@remote-desktop-clients
@system-management-snmp
@server-platform
@server-platform-devel
@server-policy
@system-admin-tools
@tex
@technical-writing
@virtualization
@virtualization-client
@virtualization-platform
@virtualization-tools
@web-server
@web-servlet
@workstation-policy
@x11
libgcrypt-devel
libXinerama-devel
openmotif-devel
libXmu-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
junit
libXau-devel
libXrandr-devel
popt-devel
gnome-python2-desktop
libdrm-devel
libxslt-devel
libglade2-devel
gnutls-devel
mtools
gdisk
pax
python-dmidecode
oddjob
wodim
sgpio
genisoimage
device-mapper-persistent-data
systemtap-client
abrt-gui
desktop-file-utils
ant
expect
rpmdevtools
python-six
jpackage-utils
rpmlint
samba-winbind
certmonger
pam_krb5
krb5-workstation
netpbm-progs
dcraw
openmotif
libXmu
libXp
php-odbc
php-pecl-memcache
php-xmlrpc
php-pecl-apc
php-ldap
php-soap
php-mysql
php-pgsql
perl-DBD-SQLite
net-snmp-python
net-snmp-perl
symlinks
rrdtool
pexpect
dtach
mc
xdelta
screen
tree
mgetty
hardlink
lshw
expect
conman
crypto-utils
scrub
rdist
vlock
rear
lsscsi
libvirt-java
perl-Sys-Virt
libguestfs-java
virt-v2v
libguestfs-tools
mod_authnz_pam
mod_auth_mysql
mod_auth_mellon
mod_auth_kerb
squid
mod_nss
mod_auth_pgsql
certmonger
mod_authz_ldap
mod_intercept_form_submit
perl-CGI-Session
perl-CGI
python-memcached
mod_revocator
perl-Cache-Memcached
memcached
mod_lookup_identity
libmemcached
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -o loop /dev/cdrom /mnt/source
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/openssh-7.5p1.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/openssl-1.0.1t.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/cn_node_yum.repo /mnt/sysimage/etc/yum.repos.d/cn_node_yum.repo_bak
cp /mnt/source/software/sdns_internel_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/sdns_internel_custom_yum.repo_bak
cp /mnt/source/software/test_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/test_custom_yum.repo_bak
cp /mnt/source/software/service_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/
umount -f /mnt/source
%post --log=/root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#openssl and openssh
cd /usr/local/
tar -xvf /usr/local/openssh-7.5p1.tar.gz
tar -xvf /usr/local/openssl-1.0.1t.tar.gz
rm -rf /usr/local/openssh-7.5p1.tar.gz
rm -rf /usr/local/openssl-1.0.1t.tar.gz
mv /usr/local/openssh-7.5p1/ /usr/local/openssh/
rm -rf /etc/init.d/sshd
rm -rf /etc/ssh/
rm -rf /etc/ssl/
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
rm -rf /usr/lib/openssl
cd /usr/local/openssl-1.0.1t/
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib64 shared zlib-dynamic
make depend
make
make MANDIR=/usr/share/man MANSUFFIX=ssl install
ldconfig -v
sed -i 's/OpenSSH_7.5/OpenSSH/' /usr/local/openssh/version.h
cd /usr/local/openssh/
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
make
make install
cp /usr/local/openssh/contrib/redhat/sshd.init /etc/init.d/sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init.d/sshd
chkconfig sshd on
echo "==>Update openssl ok!\n" >> /root/postinstall_stage2.log
#yum.repo.d
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
mv /etc/yum.repos.d/CentOS-Debuginfo.repo /etc/yum.repos.d/CentOS-Debuginfo.repo_bak
mv /etc/yum.repos.d/CentOS-fasttrack.repo /etc/yum.repos.d/CentOS-fasttrack.repo_bak
mv /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo_bak
mv /etc/yum.repos.d/CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault.repo_bak
#chkconfig
chkconfig iptables off
chkconfig cgconfig off
chkconfig cgdcbxd off
chkconfig abrtd off
chkconfig ip6tables off
chkconfig xinetd off
chkconfig virt-who off
chkconfig pppoe-server off
chkconfig postfix off
chkconfig lvm2-monitor off
chkconfig libvirtd off
chkconfig libvirt-guests off
chkconfig isdn off
chkconfig iscsid off
chkconfig iscsi off
chkconfig fcoe-target off
chkconfig fcoe off
chkconfig certmonger off
chkconfig bluetooth off
chkconfig NetworkManager off
#set /etc/resolv.conf
cat > /etc/resolv.conf << EOF
nameserver 218.241.99.50
nameserver 218.241.118.144
EOF
echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
*/3 * * * * /usr/sbin/ntpdate ntp.cnnic.cn && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.10.1.12 && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.20.2.53 && /sbin/hwclock -w
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#ifcfg-eth NetworkManager
sed -i 's@NM_CONTROLLED="yes"@NM_CONTROLLED="no"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@NM_CONTROLLED=yes@NM_CONTROLLED=no@' /etc/sysconfig/network-scripts/ifcfg-eth*
echo "==>Set OS NetworkManager ok!\n" >> /root/postinstall_stage2.log
#delete tar.gz file
rm -rf /usr/netgainagent_v3.tar.gz
|
这个里面包括使用了最新的openssh 7.5 还有 openssl1.01t 版本,里面也有一些走过的坑。。不过最终还是做出来了
以下是大神的原版:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
[root@galene conf]# more ks_ctos6.5_64.cfg
#Kickstart file automatically for CENTOS 6.3_x86_64
#####NEED TO MODIFY THESE CONFIGURATION#####
#Choose OS ISO
nfs --server=192.168.30.10 --dir=/centos6.5_64
#Network configuration
network --bootproto=dhcp --device=eth0 --onboot=on
#install "HP server" use this line /dev/cciss/c0d0
bootloader --location=mbr --driveorder=cciss/c0d0 --append="rhgb quiet"
#install "normal server" use this line /dev/sda
#bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
#########################################################################
install
lang en_US.UTF-8
key --skip
keyboard us
text
xconfig --startxonboot
timezone Asia/Shanghai
rootpw --iscrypted $1$z2qCmGJm$qseyjZU7ahSaUk/hebBcZ0
zerombr yes
authconfig --enableshadow --enablemd5
selinux --disabled
reboot
clearpart --all
part /boot --fstype="ext4" --size=100 --asprimary
part swap --size=32000
part / --fstype="ext4" --grow --size=1
#part /home --fstype="ext4" --grow --size=1
network --bootproto=dhcp --device=eth0 --onboot=yes
#Firewall configuration
firewall --enabled --port=22:tcp --port=1801:tcp --port=1850:tcp
#Package install information
%packages
@base
@client-mgmt-tools
@console-internet
@core
@debugging
@development
@directory-client
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
@system-management-snmp
@server-platform
@server-policy
pax
oddjob
sgpio
jpackage-utils
certmonger
pam_krb5
krb5-workstation
perl-DBD-SQLite
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -t nfs 192.168.30.10:/osinstall /mnt/source -o nolock,udp
cp /mnt/source/software/openssh_5.0.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/quagga-0.99.20.tar.gz /mnt/sysimage/usr
umount -f /mnt/source
rmdir /mnt/source
%post --log=/root/postinstall_stage2.log
cd /usr
tar zxvf openssh_5.0.tar.gz
cd /usr/zlib-1.2.3
./configure;make;make install
mv /etc/ssh /etc/ssh.bak
cd /usr/openssh-5.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/
usr/share/man;make;make install
echo "==> update openssh finished.\n" > /root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#quagga
#cd /usr
#tar quagga-0.99.20.tar.gz
#cd /usr/quagga-0.99.20
#./configure --prefix=/usr/local/quagga;make;make install
#echo "===>update quagga finished.\n " >> /root/postinstall_stage2.log
#chkconfig off
chkconfig avahi-daemon off
chkconfig yum-updatesd off
chkconfig sendmail off
chkconfig cups off
chkconfig bluetooth off
chkconfig autofs off
chkconfig hidd off
chkconfig atd off
chkconfig nfslock off
echo "==>services stop ok!\n" >> /root/postinstall_stage2.log
#lock user
passwd -l adm
#passwd -l sync
passwd -l shutdown
passwd -l halt
passwd -l mail
passwd -l uucp
passwd -l operator
passwd -l games
passwd -l gopher
passwd -l ftp
passwd -l news
#set /etc/resolv.conf
#cat >> /etc/resolv.conf << EOF
#nameserver 218.241.99.50
#nameserver 218.241.118.144
#EOF
#echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
* */2 * * * /usr/sbin/ntpdate ntp.cnnic.cn
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#profile
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/bashrc
sed -i 's/m/m hostname:\\n/' /etc/issue
sed -i 's/^id:5:/id:3:/' /etc/inittab
sed -i 's/022$/027/' /etc/bashrc
#modify password complexity
#prohibit the Control+Alt+Delete
sed -i 's/^ca::ctrlaltdel/#&/' /etc/inittab
#configure root login
#Completeness of the security log
echo 'authpriv.* /var/log/secure' >> /etc/syslog.conf
#configure the remote log server
mv /usr/openssh_5.0.tar.gz /root
mv /usr/netgainagent_v4.tar.gz /root
mv /usr/netgainagent_v3.tar.gz /root
rm -fr /usr/openssh-5.0p1
rm -fr /usr/zlib-1.2.3
echo "Files have been moved and deleted.\n" >> /root/postinstall_stage2.log
[root@galene conf]#
|
以下是生产环境中添加bond版本(只需加载之前的文件末尾即可):
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-eth*
cat >> /etc/modprobe.d/bonding.conf << EOF
alias bond0 bonding
options bond0 miimon=120 mode=1
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-bond0 <
ONBOOT=yes
BOOTPROTO=static
IPADDR=
NETMASK=
GATEWAY=
EOF
|
