该建什么样的模板

“CloudStack 很轻,可以担的很重!!”

一、规划

  • 磁盘方案:40G
  • 无SWAP分区
  • 系统配置调整
  • sysctl性能优化

二、目标
先通过ISO方式安装VM,后针对ISO安装的实例创建模板

三、ISO安装

  • 上传ISO
  • 新建实例
  • 附加ISO
  • 启动实例
  • 进入系统安装页面
  • 完成安装
  • 卸载ISO

以centos6为例

分区创建

一个“/” 根分区即可,无需建立swap分区等

软件安装

最小安装即可

安装完毕,在cloudstack平台实例中卸载iso, 然后reboot

系统配置

vm启动登入后执行以下脚本:

# 清除UUID
/bin/cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=dhcp
EOF

##防止网卡名称改变
echo "rm /etc/udev/rules.d/70-persistent-net.rules" >> /etc/rc.local

##允许cloudstack修改密码
/bin/cat > /etc/init.d/cloud-set-guest-password << EOF
#!/bin/bash
#
# Init file for Password Download Client
#
# chkconfig: 345 98 02
# description: Password Download Client

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
# 
#   http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.


# Modify this line to specify the user (default is root)
user=root

# Add your DHCP lease folders here
DHCP_FOLDERS="/var/lib/dhclient/* /var/lib/dhcp3/* /var/lib/dhcp/*"
password_received=0
file_count=0
error_count=0

for DHCP_FILE in $DHCP_FOLDERS
do
	if [ -f $DHCP_FILE ]
	then
		file_count=$((file_count+1))
		PASSWORD_SERVER_IP=$(grep dhcp-server-identifier $DHCP_FILE | tail -1 | awk '{print $NF}' | tr -d '\;')

		if [ -n "$PASSWORD_SERVER_IP" ]
		then
			logger -t "cloud" "Found password server IP $PASSWORD_SERVER_IP in $DHCP_FILE"
			logger -t "cloud" "Sending request to password server at $PASSWORD_SERVER_IP"
			password=$(wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password" $PASSWORD_SERVER_IP:8080)
			password=$(echo $password | tr -d '\r')

			if [ $? -eq 0 ]
			then
				logger -t "cloud" "Got response from server at $PASSWORD_SERVER_IP"

				case $password in
				
				"")					logger -t "cloud" "Password server at $PASSWORD_SERVER_IP did not have any password for the VM"
									continue
									;;
				
				"bad_request")		logger -t "cloud" "VM sent an invalid request to password server at $PASSWORD_SERVER_IP"
									error_count=$((error_count+1))
									continue
									;;
									
				"saved_password") 	logger -t "cloud" "VM has already saved a password from the password server at $PASSWORD_SERVER_IP"
									continue
									;;
									
				*)					logger -t "cloud" "VM got a valid password from server at $PASSWORD_SERVER_IP"
									password_received=1
									break
									;;
									
				esac
			else
				logger -t "cloud" "Failed to send request to password server at $PASSWORD_SERVER_IP"
				error_count=$((error_count+1))
			fi
		else
			logger -t "cloud" "Could not find password server IP in $DHCP_FILE"
			error_count=$((error_count+1))
		fi
	fi
done

if [ "$password_received" == "0" ]
then
	if [ "$error_count" == "$file_count" ]
	then
		logger -t "cloud" "Failed to get password from any server"
		exit 1
	else
		logger -t "cloud" "Did not need to change password."
		exit 0
	fi
fi

logger -t "cloud" "Changing password ..."
echo $user:$password | chpasswd
						
if [ $? -gt 0 ]
then
	usermod -p `mkpasswd -m SHA-512 $password` $user
		
	if [ $? -gt 0 ]
	then
		logger -t "cloud" "Failed to change password for user $user"
		exit 1
	else
		logger -t "cloud" "Successfully changed password for user $user"
	fi
fi
						
logger -t "cloud" "Sending acknowledgment to password server at $PASSWORD_SERVER_IP"
wget -t 3 -T 20 -O - --header "DomU_Request: saved_password" $PASSWORD_SERVER_IP:8080
exit 0
EOF

chmod 755 /etc/init.d/cloud-set-guest-password
chkconfig cloud-set-guest-password on

##系统配置调整
for i in NetworkManager acpid anacron apmd atd auditd autofs avahi-daemon avahi-dnsconfd bluetooth conman cpuspeed crond cups dnsmasq dund firstboot gpm haldaemon hidd ibmasm ip6tables iptables irda isdn irqbalance kdump kudzu lvm2-monitor mcstrans mdmonitor mdmpd messagebus microcode_ctl multipathd mysqld netconsole netfs netplugd network nfs nfslock nscd ntpd oddjobd pand pcscd portmap psacct rawdevices rdisc readahead_early readahead_later restorecond rpcgssd rpcidmapd rpcsvcgssd saslauthd sendmail setroubleshoot smartd smb snmpd snmptrapd sshd syslog tcsd winbind wpa_supplicant xfs ypbind yum-updatesd postfix auditd blk-availability ip6tables lvm2-monitor netfs udev-post cups nfslock rpcbind portreserve certmonger; do chkconfig $i off; done
yum -y install wget
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
cat >> /etc/security/limits.conf << EOF
*        soft   nproc  65535
*        hard   nproc  65535
*        soft   nofile  65535
*        hard   nofile  65535
EOF
echo "blacklist acpi_pad" >> /etc/modprobe.d/blacklist.conf
ulimit -SHn 65535
echo 'syntax on' > /root/.vimrc 2>/dev/null
sed -i 's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
sed -i 's#exec /sbin/shutdown -r now#\#exec /sbin/shutdown -r now#' /etc/init/control-alt-delete.conf
sed -i 's/1024/65535/' /etc/security/limits.d/90-nproc.conf
/bin/cat > /etc/cron.daily/ntpdate << _ntpdate/usr/sbin/ntpdate 1.cn.pool.ntp.org && /sbin/hwclock --systohc
_ntpdate
/usr/sbin/ntpdate 1.cn.pool.ntp.org && /sbin/hwclock --systohc
chmod 755 /etc/cron.daily/ntpdate
yum -y install gcc gcc-c++ make autoconf
yum -y install wget ntp ntpdate vim openssh-clients telnet net-snmp traceroute tcpdump man xinetd rsync screen socat nload sysstat lsof unzip

性能优化

/bin/cat > /etc/sysctl.conf << EOF
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536

# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296

vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.lo.arp_announce=2
EOF

四、 创建模板
实例》ISO实例》查看卷》生成模板

至此,模板创建完成!

“CloudStack 很轻,可以担的很重!!”

posted @ 2018-05-17 22:03  火罐儿  阅读(181)  评论(0编辑  收藏  举报