Centos7.7的ks.cfg文件

下面只是ks.cfg的文件配置，里面照原版的改了一部分，原文的全部配置及方法如下：

　　　　　　　　定制化centos7.5的镜像

这里的ks.cfg包含升级优化openssh及openssl之类，设置其他的默认参数等，没有大改，只是优化一下

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286

# Kickstart file automatically generated by anaconda. # version=DEVEL   #------------------------------------------------------------------------------- # Command section --- must include the required options. #-------------------------------------------------------------------------------   # Text mode or graphical mode? text #graphical firstboot --disable   # Install or upgrade? install   # Use CDROM installation media cdrom   # Network information # network --onboot yes --device eth0 --bootproto dhcp --noipv6 # network --hostname=localhost.localdomain   # System authorization information auth --enableshadow --passalgo=sha512   # Root password rootpw --iscrypted $1$n5Jfcfwa$//2gZpFMJypdiXEF8ld6O.   # System services，禁用chronyd，防止与ntpd冲突 services --disabled="chronyd"   # System timezone timezone Asia/Shanghai   # Keyboard layouts keyboard --vckeymap=us --xlayouts='us'   # System language lang en_US.UTF-8   # Firewall configuration firewall --disabled   # SELinux configuration selinux --disabled   # Installation logging level logging --level=info   # Reboot after installation halt   #------------------------------------------------------------------------------- # The %pre sections #------------------------------------------------------------------------------- %include /tmp/part-include %pre #!/bin/sh   #------------------------------------------------------------------------------- # 非超微4U4Node机型时，设置系统盘标示符： 如果只有一个磁盘，则不论磁盘大小多大； # 如果有多个磁盘，则按自定义的规则选择系统安装盘 #------------------------------------------------------------------------------- #function get_osdisk() { #    disk_count=$(fdisk -l | grep "Disk /dev/${osdisk_prefix}" | wc -l) #    if [ ${disk_count} -eq 1 ]; then #        osdisk=$(fdisk -l | grep "Disk /dev/${osdisk_prefix}" | cut -d: -f1 | cut -d/ -f3) #    else #        osdisk=$(fdisk -l | grep "Disk /dev/${osdisk_prefix}" | awk '{if ($3 >=50 && $3 < 2000) print $0}' | cut -d: -f1 | cut -d/ -f3) #    fi #}   #------------------------------------------------------------------------------- # 设置swap大小，如果内存mem<=2G，则swap设置为与物理内存大小一样； # 如果内存2G<mem<=16G，swap=8G； 如果内存mem>16G，则swap=16G # 注意：/proc/meminfo中单位是kb，而kickstart中指定swap大小时单位是mb #------------------------------------------------------------------------------- act_mem=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}') if [ ${act_mem} -le $((2*1024*1024)) ]; then     swap_size=$((2*1024)) elif [ ${act_mem} -gt $((2*1024*1024)) ] && [ ${act_mem} -le $((16*1024*1024)) ]; then     swap_size=$((8*1024)) else     swap_size=$((16*1024)) fi   #------------------------------------------------------------------------------- # 如果是超微4U4Node机型，使用了主板自带的BIOS RAID set # 假设创建RAID 1的名称为Volume0，则它的磁盘标示符为Volume0_0，是/dev/md126的软连接 # 如果不是超微4U4Node机型，且有SATA或SCSI磁盘，则不论是否还有IDE磁盘，都使用sdx； # 如果仅有IDE磁盘，则使用hdx #------------------------------------------------------------------------------- #if $(grep -q 'md.*$' /proc/partitions); then #    osdisk="Volume0_0" #    get_swap    # 调用函数 #elif $(grep -q 'sd.*$' /proc/partitions); then #    osdisk_prefix='sd' #    get_osdisk  # 调用函数 #    get_swap    # 调用函数 #elif $(grep -q 'hd.*$' /proc/partitions); then #    osdisk_prefix='hd' #    get_osdisk  # 调用函数 #    get_swap    # 调用函数 #else #    print "Lost disks, please install disks first!" #    exit 1 #fi   #------------------------------------------------------------------------------- # 生成/tmp/part-include临时文件 #------------------------------------------------------------------------------- cat >> /tmp/part-include << EOF # System bootloader configuration #bootloader --location=mbr --boot-drive=${osdisk} bootloader --location=mbr # Partition clearing information clearpart --all --initlabel # Clear the Master Boot Record zerombr # Disk partitioning information ignoredisk --only-use=sda part biosboot --fstype="biosboot" --size=1  # 当磁盘大于2T时，以BIOS方式安装CentOS到GPT分区表的磁盘，需要创建1MB的biosboot分区 part /boot --fstype="ext4" --size=1024 part /boot/efi --fstype="ext4" --size=1024 part swap  --fstype="swap" --size=${swap_size} part / --fstype="ext4" --size=1 --grow EOF   %end   #------------------------------------------------------------------------------- # The %packages section #------------------------------------------------------------------------------- %packages @^developer-workstation-environment @additional-devel @base @compat-libraries @core @debugging @desktop-debugging @development @dial-up @directory-client @fonts @gnome-apps @gnome-desktop @graphics @guest-agents @guest-desktop-agents @hardware-monitoring @input-methods @internet-applications @internet-browser @java-platform @kde-desktop @large-systems @mainframe-access @multimedia @network-file-system-client @office-suite @performance @perl-runtime @perl-web @platform-devel @print-client @ruby-runtime @security-tools @system-admin-tools @technical-writing @virtualization-client @virtualization-hypervisor @virtualization-tools @web-server @x11 kexec-tools   %end   # 启用kdump %addon com_redhat_kdump --enable --reserve-mb='auto'   %end   #------------------------------------------------------------------------------- # The %post sections #------------------------------------------------------------------------------- %post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log mkdir -p /mnt/source mount -o loop /dev/cdrom /mnt/source cp /mnt/source/software/openssh-7.7p1.tar.gz /mnt/sysimage/usr/local cp /mnt/source/software/openssl-1.0.1t.tar.gz /mnt/sysimage/usr/local cp /mnt/source/software/ftp-0.17-67.el7.x86_64.rpm /mnt/sysimage/tmp/ cp /mnt/source/software1/glibcpkg.tar.gz /mnt/sysimage/tmp/ umount -f /mnt/source %end %post --log=/root/postinstall_stage2.log echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log #ftp glibc.i686 rpm -ivh /tmp/ftp-0.17-67.el7.x86_64.rpm cd /tmp tar -xvf glibcpkg.tar.gz cd /tmp/glibcpkg yum localinstall *.rpm -y #ntp cat >> /var/spool/cron/root << EOF */3 * * * * /usr/sbin/ntpdate ntp.cnnic.cn && /sbin/hwclock -w EOF echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log #erase and disable useless process yum erase firewalld -y yum erase dnsmasq -y yum erase cups -y yum erase postfix -y systemctl disable rpcbind systemctl disable rpcbind.socket systemctl disable avahi-daemon.service systemctl disable avahi-daemon.socket #openssl and openssh date -s 2019-12-31 cd /usr/local/ tar -xvf /usr/local/openssh-7.7p1.tar.gz tar -xvf /usr/local/openssl-1.0.1t.tar.gz mv /usr/local/openssh-7.7p1/ /usr/local/openssh/ mv /etc/init.d/sshd /etc/init.d/sshd_bak mv /etc/ssh /etc/ssh_bak mv /etc/ssl /etc/ssl_bak mv /usr/bin/openssl /usr/local/openssl_bak mv /usr/include/openssl /usr/include/openssl_bak mv /usr/lib/openssl /usr/lib/openssl_bak cd /usr/local/openssl-1.0.1t/ ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib64 shared zlib-dynamic make depend make make MANDIR=/usr/share/man MANSUFFIX=ssl install ldconfig -v sed -i 's/OpenSSH_7.7/OpenSSH/' /usr/local/openssh/version.h cd /usr/local/openssh/ ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/ssl --with-md5-passwords --mandir=/usr/share/man --without-openssl-header-check make make install cp /usr/local/openssh/contrib/redhat/sshd.init /etc/init.d/sshd echo "PermitRootLogin yes" >> /etc/ssh/sshd_config sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init.d/sshd mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.bak systemctl daemon-reload echo "==>Update openssh ok!\n" >> /root/postinstall_stage2.log #modified if [ `cat /etc/security/limits.conf |grep ^*|wc -l` -eq 0 ]; then         sed -i 's/1024/10240/g' /etc/security/limits.d/90-nproc.conf         sed -i '/End of file/i\* soft nproc 10240' /etc/security/limits.conf         sed -i '/End of file/i\* hard nproc 10240' /etc/security/limits.conf         sed -i '/End of file/i\* soft nofile 10240' /etc/security/limits.conf         sed -i '/End of file/i\* hard nofile 10240' /etc/security/limits.conf else         echo "open files is exist" fi #history size cat >> /etc/bashrc <<EOF HISTSIZE=2000 HISTFILESIZE=2000 HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S " EOF #delete files cd /usr/local rm -rf openssh-7.7p1.tar.gz openssl-1.0.1t.tar.gz cd /tmp rm -rf ftp-0.17-67.el7.x86_64.rpm rm -rf glibcpkg glibcpkg.tar.gz #!/bin/sh # 设置Bash Color echo 'PS1="\[\e[32;1m\][\u@\h \W]\\$ \[\e[0m\]"' >> /root/.bashrc . /root/.bashrc #set network device NET_DEV=`ifconfig | grep mtu | awk -F: '{print $1}' | grep -v lo | head -n 1` sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-$NET_DEV sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-$NET_DEV sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-$NET_DEV cat >> /etc/sysconfig/network-scripts/ifcfg-$NET_DEV <<EOF BOOTPROTO=static IPADDR= NETMASK= GATEWAY= EOF   %end