linux定制的补充
上一篇博文:http://www.cnblogs.com/hjc4025/p/6918323.html
这篇文章是对之前博文的一点扩展和补充:
这里主要是在之前的基础上添加了一些自己制作好的程序,还有安装openssh7.5版本,直接全部包含在镜像中,并且设置一些自启动程序、DNS、还有计划任务之类的,都是利用ks.cfg文件的post字段后面定义的脚本实现的,在post的阶段中使用--nochroot 表示可以使用任何目录,而本阶段中的 / (根目录)是会自动挂在到/mnt/sysimage下,下面请看我的ks.cfg文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 | #platform=x86, AMD64, or Intel EM64T # Firewall configuration firewall --disabled # Install OS instead of upgrade install # Use CDROM installation media cdrom # Root password default is "redhat" rootpw --iscrypted $1$n5Jfcfwa$ //2gZpFMJypdiXEF8ld6O . # System authorization information auth --useshadow --passalgo=md5 # Use text mode install text firstboot --disable # System keyboard keyboard us # System language lang en_US # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # Installation logging level logging --level=info # Reboot after installation reboot # System timezone timezone Asia /Shanghai # Network information network --bootproto=dhcp --device=eth0 --onboot=on –noipv6 # System bootloader configuration bootloader --location=mbr # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel # Disk partitioning information ignoredisk --only-use=sda part /boot --fstype= "ext4" --size=1032 part swap --size=8300 part / --fstype= "ext4" --grow --size=1 %packages @additional-devel @base @compat-libraries @core @debugging @basic-desktop @desktop-debugging @desktop-platform @desktop-platform-devel @development @directory-client @eclipse @emacs @fonts @general-desktop @graphical-admin-tools @graphics @input-methods @internet-browser @java-platform @legacy-x @network- file -system-client @php @performance @perl-runtime @print-client @remote-desktop-clients @system-management-snmp @server-platform @server-platform-devel @server-policy @system-admin-tools @tex @technical-writing @virtualization @virtualization-client @virtualization-platform @virtualization-tools @web-server @web-servlet @workstation-policy @x11 libgcrypt-devel libXinerama-devel openmotif-devel libXmu-devel xorg-x11-proto-devel startup-notification-devel libgnomeui-devel libbonobo-devel junit libXau-devel libXrandr-devel popt-devel gnome-python2-desktop libdrm-devel libxslt-devel libglade2-devel gnutls-devel mtools gdisk pax python-dmidecode oddjob wodim sgpio genisoimage device-mapper-persistent-data systemtap-client abrt-gui desktop- file -utils ant expect rpmdevtools python-six jpackage-utils rpmlint samba-winbind certmonger pam_krb5 krb5-workstation netpbm-progs dcraw openmotif libXmu libXp php-odbc php-pecl-memcache php-xmlrpc php-pecl-apc php-ldap php-soap php-mysql php-pgsql perl-DBD-SQLite net-snmp-python net-snmp-perl symlinks rrdtool pexpect dtach mc xdelta screen tree mgetty hardlink lshw expect conman crypto-utils scrub rdist vlock rear lsscsi libvirt-java perl-Sys-Virt libguestfs-java virt-v2v libguestfs-tools mod_authnz_pam mod_auth_mysql mod_auth_mellon mod_auth_kerb squid mod_nss mod_auth_pgsql certmonger mod_authz_ldap mod_intercept_form_submit perl-CGI-Session perl-CGI python-memcached mod_revocator perl-Cache-Memcached memcached mod_lookup_identity libmemcached %post --nochroot --log= /mnt/sysimage/root/postinstall_stage1 .log mkdir -p /mnt/source mount -o loop /dev/cdrom /mnt/source cp /mnt/source/software/netgainagent_v3 . tar .gz /mnt/sysimage/usr/ #cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/ cp /mnt/source/software/openssh-7 .5p1. tar .gz /mnt/sysimage/usr/local cp /mnt/source/software/openssl-1 .0.1t. tar .gz /mnt/sysimage/usr/local cp /mnt/source/software/cn_node_yum .repo /mnt/sysimage/etc/yum .repos.d /cn_node_yum .repo_bak cp /mnt/source/software/sdns_internel_custom_yum .repo /mnt/sysimage/etc/yum .repos.d /sdns_internel_custom_yum .repo_bak cp /mnt/source/software/test_custom_yum .repo /mnt/sysimage/etc/yum .repos.d /test_custom_yum .repo_bak cp /mnt/source/software/service_custom_yum .repo /mnt/sysimage/etc/yum .repos.d/ umount -f /mnt/source %post --log= /root/postinstall_stage2 .log #agent cd /usr tar zxvf netgainagent_v3. tar .gz echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2 .log #openssl and openssh cd /usr/local/ tar -xvf /usr/local/openssh-7 .5p1. tar .gz tar -xvf /usr/local/openssl-1 .0.1t. tar .gz rm -rf /usr/local/openssh-7 .5p1. tar .gz rm -rf /usr/local/openssl-1 .0.1t. tar .gz mv /usr/local/openssh-7 .5p1/ /usr/local/openssh/ rm -rf /etc/init .d /sshd rm -rf /etc/ssh/ rm -rf /etc/ssl/ rm -rf /usr/bin/openssl rm -rf /usr/include/openssl rm -rf /usr/lib/openssl cd /usr/local/openssl-1 .0.1t/ . /config --prefix= /usr --openssldir= /etc/ssl --libdir=lib64 shared zlib-dynamic make depend make make MANDIR= /usr/share/man MANSUFFIX=ssl install ldconfig - v sed -i 's/OpenSSH_7.5/OpenSSH/' /usr/local/openssh/version .h cd /usr/local/openssh/ . /configure --prefix= /usr --sysconfdir= /etc/ssh --with-zlib --with-ssl- dir = /usr/local/ssl --with-md5-passwords --mandir= /usr/share/man make make install cp /usr/local/openssh/contrib/redhat/sshd .init /etc/init .d /sshd echo "PermitRootLogin yes" >> /etc/ssh/sshd_config sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init .d /sshd chkconfig sshd on echo "==>Update openssl ok!\n" >> /root/postinstall_stage2 .log #yum.repo.d mv /etc/yum .repos.d /CentOS-Base .repo /etc/yum .repos.d /CentOS-Base .repo_bak mv /etc/yum .repos.d /CentOS-Debuginfo .repo /etc/yum .repos.d /CentOS-Debuginfo .repo_bak mv /etc/yum .repos.d /CentOS-fasttrack .repo /etc/yum .repos.d /CentOS-fasttrack .repo_bak mv /etc/yum .repos.d /CentOS-Media .repo /etc/yum .repos.d /CentOS-Media .repo_bak mv /etc/yum .repos.d /CentOS-Vault .repo /etc/yum .repos.d /CentOS-Vault .repo_bak #chkconfig chkconfig iptables off chkconfig cgconfig off chkconfig cgdcbxd off chkconfig abrtd off chkconfig ip6tables off chkconfig xinetd off chkconfig virt- who off chkconfig pppoe-server off chkconfig postfix off chkconfig lvm2-monitor off chkconfig libvirtd off chkconfig libvirt-guests off chkconfig isdn off chkconfig iscsid off chkconfig iscsi off chkconfig fcoe-target off chkconfig fcoe off chkconfig certmonger off chkconfig bluetooth off chkconfig NetworkManager off #set /etc/resolv.conf cat > /etc/resolv .conf << EOF nameserver 218.241.99.50 nameserver 218.241.118.144 EOF echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2 .log #ntp cat >> /var/spool/cron/root << EOF * /3 * * * * /usr/sbin/ntpdate ntp.cnnic.cn && /sbin/hwclock -w # */3 * * * * /usr/sbin/ntpdate 10.10.1.12 && /sbin/hwclock -w # */3 * * * * /usr/sbin/ntpdate 10.20.2.53 && /sbin/hwclock -w EOF echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2 .log #ifcfg-eth NetworkManager sed -i 's@NM_CONTROLLED="yes"@NM_CONTROLLED="no"@' /etc/sysconfig/network-scripts/ifcfg-eth * sed -i 's@NM_CONTROLLED=yes@NM_CONTROLLED=no@' /etc/sysconfig/network-scripts/ifcfg-eth * echo "==>Set OS NetworkManager ok!\n" >> /root/postinstall_stage2 .log #delete tar.gz file rm -rf /usr/netgainagent_v3 . tar .gz |
这个里面包括使用了最新的openssh 7.5 还有 openssl1.01t 版本,里面也有一些走过的坑。。不过最终还是做出来了
以下是大神的原版:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 | [root@galene conf] # more ks_ctos6.5_64.cfg #Kickstart file automatically for CENTOS 6.3_x86_64 #####NEED TO MODIFY THESE CONFIGURATION##### #Choose OS ISO nfs --server=192.168.30.10 -- dir = /centos6 .5_64 #Network configuration network --bootproto=dhcp --device=eth0 --onboot=on #install "HP server" use this line /dev/cciss/c0d0 bootloader --location=mbr --driveorder=cciss /c0d0 --append= "rhgb quiet" #install "normal server" use this line /dev/sda #bootloader --location=mbr --driveorder=sda --append="rhgb quiet" ######################################################################### install lang en_US.UTF-8 key --skip keyboard us text xconfig --startxonboot timezone Asia /Shanghai rootpw --iscrypted $1$z2qCmGJm$qseyjZU7ahSaUk /hebBcZ0 zerombr yes authconfig --enableshadow --enablemd5 selinux --disabled reboot clearpart --all part /boot --fstype= "ext4" --size=100 --asprimary part swap --size=32000 part / --fstype= "ext4" --grow --size=1 #part /home --fstype="ext4" --grow --size=1 network --bootproto=dhcp --device=eth0 --onboot= yes #Firewall configuration firewall --enabled --port=22:tcp --port=1801:tcp --port=1850:tcp #Package install information %packages @base @client-mgmt-tools @console-internet @core @debugging @development @directory-client @hardware-monitoring @java-platform @large-systems @network- file -system-client @performance @perl-runtime @system-management-snmp @server-platform @server-policy pax oddjob sgpio jpackage-utils certmonger pam_krb5 krb5-workstation perl-DBD-SQLite %post --nochroot --log= /mnt/sysimage/root/postinstall_stage1 .log mkdir -p /mnt/source mount -t nfs 192.168.30.10: /osinstall /mnt/source -o nolock,udp cp /mnt/source/software/openssh_5 .0. tar .gz /mnt/sysimage/usr/ cp /mnt/source/software/netgainagent_v4 . tar .gz /mnt/sysimage/usr/ cp /mnt/source/software/netgainagent_v3 . tar .gz /mnt/sysimage/usr/ #cp /mnt/source/software/quagga-0.99.20.tar.gz /mnt/sysimage/usr umount -f /mnt/source rmdir /mnt/source %post --log= /root/postinstall_stage2 .log cd /usr tar zxvf openssh_5.0. tar .gz cd /usr/zlib-1 .2.3 . /configure ; make ; make install mv /etc/ssh /etc/ssh .bak cd /usr/openssh-5 .0p1 . /configure --prefix= /usr --sysconfdir= /etc/ssh --with-pam --with-zlib --with-ssl- dir = /usr/local/ssl --with-md5-passwords --mandir=/ usr /share/man ; make ; make install echo "==> update openssh finished.\n" > /root/postinstall_stage2 .log #agent cd /usr tar zxvf netgainagent_v3. tar .gz echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2 .log #quagga #cd /usr #tar quagga-0.99.20.tar.gz #cd /usr/quagga-0.99.20 #./configure --prefix=/usr/local/quagga;make;make install #echo "===>update quagga finished.\n " >> /root/postinstall_stage2.log #chkconfig off chkconfig avahi-daemon off chkconfig yum-updatesd off chkconfig sendmail off chkconfig cups off chkconfig bluetooth off chkconfig autofs off chkconfig hidd off chkconfig atd off chkconfig nfslock off echo "==>services stop ok!\n" >> /root/postinstall_stage2 .log #lock user passwd -l adm #passwd -l sync passwd -l shutdown passwd -l halt passwd -l mail passwd -l uucp passwd -l operator passwd -l games passwd -l gopher passwd -l ftp passwd -l news #set /etc/resolv.conf #cat >> /etc/resolv.conf << EOF #nameserver 218.241.99.50 #nameserver 218.241.118.144 #EOF #echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log #ntp cat >> /var/spool/cron/root << EOF * * /2 * * * /usr/sbin/ntpdate ntp.cnnic.cn EOF echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2 .log #profile echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/bashrc sed -i 's/m/m hostname:\\n/' /etc/issue sed -i 's/^id:5:/id:3:/' /etc/inittab sed -i 's/022$/027/' /etc/bashrc #modify password complexity #prohibit the Control+Alt+Delete sed -i 's/^ca::ctrlaltdel/#&/' /etc/inittab #configure root login #Completeness of the security log echo 'authpriv.* /var/log/secure' >> /etc/syslog .conf #configure the remote log server mv /usr/openssh_5 .0. tar .gz /root mv /usr/netgainagent_v4 . tar .gz /root mv /usr/netgainagent_v3 . tar .gz /root rm -fr /usr/openssh-5 .0p1 rm -fr /usr/zlib-1 .2.3 echo "Files have been moved and deleted.\n" >> /root/postinstall_stage2 .log [root@galene conf] # |
以下是生产环境中添加bond版本(只需加载之前的文件末尾即可):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-eth * sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth * sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth * sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-eth * cat >> /etc/modprobe .d /bonding .conf << EOF alias bond0 bonding options bond0 miimon=120 mode=1 EOF cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF BOOTPROTO=none MASTER=bond0 SLAVE= yes EOF cat >> /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF BOOTPROTO=none MASTER=bond0 SLAVE= yes EOF cat >> /etc/sysconfig/network-scripts/ifcfg-bond0 <<EOF DEVICE=bond0 ONBOOT= yes BOOTPROTO=static IPADDR= NETMASK= GATEWAY= EOF |
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· PostgreSQL 和 SQL Server 在统计信息维护中的关键差异
· C++代码改造为UTF-8编码问题的总结
· DeepSeek 解答了困扰我五年的技术问题
· 为什么说在企业级应用开发中,后端往往是效率杀手?
· 用 C# 插值字符串处理器写一个 sscanf
· [翻译] 为什么 Tracebit 用 C# 开发
· Deepseek官网太卡,教你白嫖阿里云的Deepseek-R1满血版
· DeepSeek崛起:程序员“饭碗”被抢,还是职业进化新起点?
· 2分钟学会 DeepSeek API,竟然比官方更好用!
· .NET 使用 DeepSeek R1 开发智能 AI 客户端