linux定制的补充

上一篇博文:http://www.cnblogs.com/hjc4025/p/6918323.html

这篇文章是对之前博文的一点扩展和补充:

这里主要是在之前的基础上添加了一些自己制作好的程序,还有安装openssh7.5版本,直接全部包含在镜像中,并且设置一些自启动程序、DNS、还有计划任务之类的,都是利用ks.cfg文件的post字段后面定义的脚本实现的,在post的阶段中使用--nochroot 表示可以使用任何目录,而本阶段中的 / (根目录)是会自动挂在到/mnt/sysimage下,下面请看我的ks.cfg文件:

#platform=x86, AMD64, or Intel EM64T 
# Firewall configuration 
firewall --disabled 
# Install OS instead of upgrade 
install 
# Use CDROM installation media 
cdrom 
# Root password default is "redhat" 
rootpw --iscrypted $1$n5Jfcfwa$//2gZpFMJypdiXEF8ld6O.
# System authorization information 
auth  --useshadow  --passalgo=md5
# Use text mode install 
text 
firstboot --disable 
# System keyboard 
keyboard us 
# System language 
lang en_US 
# SELinux configuration 
selinux --disabled 
# Do not configure the X Window System 
skipx 
# Installation logging level 
logging --level=info
# Reboot after installation 
reboot 
# System timezone 
timezone  Asia/Shanghai 
# Network information 
network  --bootproto=dhcp --device=eth0 --onboot=on –noipv6 
# System bootloader configuration 
bootloader --location=mbr
# Clear the Master Boot Record 
zerombr 
# Partition clearing information 
clearpart --all --initlabel 
# Disk partitioning information 
ignoredisk --only-use=sda
part /boot --fstype="ext4" --size=1032
part swap --size=8300
part / --fstype="ext4" --grow --size=1
%packages
@additional-devel
@base
@compat-libraries
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@desktop-platform-devel
@development
@directory-client
@eclipse
@emacs
@fonts
@general-desktop
@graphical-admin-tools
@graphics
@input-methods
@internet-browser
@java-platform
@legacy-x
@network-file-system-client
@php
@performance
@perl-runtime
@print-client
@remote-desktop-clients
@system-management-snmp
@server-platform
@server-platform-devel
@server-policy
@system-admin-tools
@tex
@technical-writing
@virtualization
@virtualization-client
@virtualization-platform
@virtualization-tools
@web-server
@web-servlet
@workstation-policy
@x11
libgcrypt-devel
libXinerama-devel
openmotif-devel
libXmu-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
junit
libXau-devel
libXrandr-devel
popt-devel
gnome-python2-desktop
libdrm-devel
libxslt-devel
libglade2-devel
gnutls-devel
mtools
gdisk
pax
python-dmidecode
oddjob
wodim
sgpio
genisoimage
device-mapper-persistent-data
systemtap-client
abrt-gui
desktop-file-utils
ant
expect
rpmdevtools
python-six
jpackage-utils
rpmlint
samba-winbind
certmonger
pam_krb5
krb5-workstation
netpbm-progs
dcraw
openmotif
libXmu
libXp
php-odbc
php-pecl-memcache
php-xmlrpc
php-pecl-apc
php-ldap
php-soap
php-mysql
php-pgsql
perl-DBD-SQLite
net-snmp-python
net-snmp-perl
symlinks
rrdtool
pexpect
dtach
mc
xdelta
screen
tree
mgetty
hardlink
lshw
expect
conman
crypto-utils
scrub
rdist
vlock
rear
lsscsi
libvirt-java
perl-Sys-Virt
libguestfs-java
virt-v2v
libguestfs-tools
mod_authnz_pam
mod_auth_mysql
mod_auth_mellon
mod_auth_kerb
squid
mod_nss
mod_auth_pgsql
certmonger
mod_authz_ldap
mod_intercept_form_submit
perl-CGI-Session
perl-CGI
python-memcached
mod_revocator
perl-Cache-Memcached
memcached
mod_lookup_identity
libmemcached
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -o loop /dev/cdrom /mnt/source
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/openssh-7.5p1.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/openssl-1.0.1t.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/cn_node_yum.repo /mnt/sysimage/etc/yum.repos.d/cn_node_yum.repo_bak
cp /mnt/source/software/sdns_internel_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/sdns_internel_custom_yum.repo_bak
cp /mnt/source/software/test_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/test_custom_yum.repo_bak
cp /mnt/source/software/service_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/
umount -f /mnt/source
%post --log=/root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#openssl and openssh
cd /usr/local/
tar -xvf /usr/local/openssh-7.5p1.tar.gz
tar -xvf /usr/local/openssl-1.0.1t.tar.gz
rm -rf /usr/local/openssh-7.5p1.tar.gz
rm -rf /usr/local/openssl-1.0.1t.tar.gz
mv /usr/local/openssh-7.5p1/ /usr/local/openssh/
rm -rf /etc/init.d/sshd
rm -rf /etc/ssh/
rm -rf /etc/ssl/
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
rm -rf /usr/lib/openssl
cd /usr/local/openssl-1.0.1t/
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib64 shared zlib-dynamic
make depend
make
make MANDIR=/usr/share/man MANSUFFIX=ssl install
ldconfig -v
sed -i 's/OpenSSH_7.5/OpenSSH/' /usr/local/openssh/version.h
cd /usr/local/openssh/
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
make
make install
cp /usr/local/openssh/contrib/redhat/sshd.init /etc/init.d/sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init.d/sshd
chkconfig sshd on
echo "==>Update openssl ok!\n" >> /root/postinstall_stage2.log
#yum.repo.d
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
mv /etc/yum.repos.d/CentOS-Debuginfo.repo /etc/yum.repos.d/CentOS-Debuginfo.repo_bak
mv /etc/yum.repos.d/CentOS-fasttrack.repo /etc/yum.repos.d/CentOS-fasttrack.repo_bak
mv /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo_bak
mv /etc/yum.repos.d/CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault.repo_bak
#chkconfig
chkconfig iptables off
chkconfig cgconfig off
chkconfig cgdcbxd off
chkconfig abrtd off
chkconfig ip6tables off
chkconfig xinetd off
chkconfig virt-who off
chkconfig pppoe-server off
chkconfig postfix off
chkconfig lvm2-monitor off
chkconfig libvirtd off
chkconfig libvirt-guests off
chkconfig isdn off
chkconfig iscsid off
chkconfig iscsi off
chkconfig fcoe-target off
chkconfig fcoe off
chkconfig certmonger off
chkconfig bluetooth off
chkconfig NetworkManager off
#set /etc/resolv.conf
cat > /etc/resolv.conf << EOF
nameserver 218.241.99.50
nameserver 218.241.118.144
EOF
echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
*/3 * * * * /usr/sbin/ntpdate ntp.cnnic.cn && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.10.1.12 && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.20.2.53 && /sbin/hwclock -w
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#ifcfg-eth NetworkManager
sed -i 's@NM_CONTROLLED="yes"@NM_CONTROLLED="no"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@NM_CONTROLLED=yes@NM_CONTROLLED=no@' /etc/sysconfig/network-scripts/ifcfg-eth*
echo "==>Set OS NetworkManager ok!\n" >> /root/postinstall_stage2.log
#delete tar.gz file
rm -rf /usr/netgainagent_v3.tar.gz

 这个里面包括使用了最新的openssh 7.5 还有 openssl1.01t 版本,里面也有一些走过的坑。。不过最终还是做出来了

以下是大神的原版:

[root@galene conf]# more  ks_ctos6.5_64.cfg
#Kickstart file automatically for CENTOS 6.3_x86_64
#####NEED TO MODIFY THESE CONFIGURATION#####
#Choose OS ISO
nfs --server=192.168.30.10 --dir=/centos6.5_64
#Network configuration
network  --bootproto=dhcp --device=eth0 --onboot=on
#install "HP server" use this line /dev/cciss/c0d0
bootloader --location=mbr --driveorder=cciss/c0d0 --append="rhgb quiet"
#install "normal server" use this line /dev/sda
#bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
#########################################################################
install
lang en_US.UTF-8
key --skip
keyboard us
text
xconfig --startxonboot
timezone Asia/Shanghai
rootpw --iscrypted $1$z2qCmGJm$qseyjZU7ahSaUk/hebBcZ0
zerombr yes
authconfig --enableshadow --enablemd5
selinux --disabled
reboot
clearpart --all
part /boot  --fstype="ext4" --size=100 --asprimary
part swap  --size=32000
part /  --fstype="ext4" --grow --size=1
#part /home  --fstype="ext4" --grow  --size=1
network --bootproto=dhcp --device=eth0 --onboot=yes
#Firewall configuration
firewall --enabled --port=22:tcp --port=1801:tcp --port=1850:tcp
#Package install information
%packages
@base
@client-mgmt-tools
@console-internet
@core
@debugging
@development
@directory-client
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
@system-management-snmp
@server-platform
@server-policy
pax
oddjob
sgpio
jpackage-utils
certmonger
pam_krb5
krb5-workstation
perl-DBD-SQLite
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -t nfs 192.168.30.10:/osinstall /mnt/source -o nolock,udp
cp /mnt/source/software/openssh_5.0.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/quagga-0.99.20.tar.gz /mnt/sysimage/usr
umount -f /mnt/source
rmdir /mnt/source
%post --log=/root/postinstall_stage2.log
cd /usr
tar zxvf openssh_5.0.tar.gz
cd /usr/zlib-1.2.3
./configure;make;make install
mv /etc/ssh /etc/ssh.bak         
cd /usr/openssh-5.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/
usr/share/man;make;make install
echo "==> update openssh finished.\n" > /root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#quagga
#cd /usr
#tar quagga-0.99.20.tar.gz
#cd /usr/quagga-0.99.20
#./configure --prefix=/usr/local/quagga;make;make install
#echo "===>update quagga finished.\n " >> /root/postinstall_stage2.log
#chkconfig off
chkconfig avahi-daemon off
chkconfig yum-updatesd off
chkconfig sendmail off
chkconfig cups off
chkconfig bluetooth off
chkconfig autofs off
chkconfig hidd off
chkconfig atd off
chkconfig nfslock off
echo "==>services stop ok!\n" >> /root/postinstall_stage2.log
#lock user
passwd -l adm
#passwd -l sync
passwd -l shutdown
passwd -l halt
passwd -l mail
passwd -l uucp
passwd -l operator
passwd -l games
passwd -l gopher
passwd -l ftp
passwd -l news
#set /etc/resolv.conf
#cat >> /etc/resolv.conf << EOF
#nameserver 218.241.99.50
#nameserver 218.241.118.144
#EOF
#echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
* */2 * * * /usr/sbin/ntpdate ntp.cnnic.cn
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#profile
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/bashrc
sed -i 's/m/m hostname:\\n/' /etc/issue
sed -i 's/^id:5:/id:3:/' /etc/inittab
sed -i 's/022$/027/' /etc/bashrc
#modify password complexity
#prohibit the Control+Alt+Delete
sed -i 's/^ca::ctrlaltdel/#&/' /etc/inittab
#configure root login
#Completeness of the security log
echo 'authpriv.*        /var/log/secure' >> /etc/syslog.conf
#configure the remote log server
mv /usr/openssh_5.0.tar.gz /root
mv /usr/netgainagent_v4.tar.gz /root
mv /usr/netgainagent_v3.tar.gz /root
rm -fr /usr/openssh-5.0p1
rm -fr /usr/zlib-1.2.3
echo "Files have been moved and deleted.\n" >> /root/postinstall_stage2.log
[root@galene conf]#  

 以下是生产环境中添加bond版本(只需加载之前的文件末尾即可):

sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-eth*
cat >> /etc/modprobe.d/bonding.conf  << EOF 
alias bond0 bonding
options bond0 miimon=120 mode=1
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-bond0 <<EOF
DEVICE=bond0
ONBOOT=yes
BOOTPROTO=static
IPADDR=
NETMASK=
GATEWAY=
EOF

 

posted @ 2017-06-02 10:08  KaShing  阅读(1309)  评论(1编辑  收藏  举报