这里主要是在之前的基础上添加了一些自己制作好的程序,还有安装openssh7.5版本,直接全部包含在镜像中,并且设置一些自启动程序、DNS、还有计划任务之类的,都是利用ks.cfg文件的post字段后面定义的脚本实现的,在post的阶段中使用--nochroot 表示可以使用任何目录,而本阶段中的 / (根目录)是会自动挂在到/mnt/sysimage下,下面请看我的ks.cfg文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 | #platform=x86, AMD64, or Intel EM64T # Firewall configuration firewall --disabled # Install OS instead of upgrade install # Use CDROM installation media cdrom # Root password default is "redhat" rootpw --iscrypted $1$n5Jfcfwa$ //2gZpFMJypdiXEF8ld6O . # System authorization information auth --useshadow --passalgo=md5 # Use text mode install text firstboot --disable # System keyboard keyboard us # System language lang en_US # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # Installation logging level logging --level=info # Reboot after installation reboot # System timezone timezone Asia /Shanghai # Network information network --bootproto=dhcp --device=eth0 --onboot=on –noipv6 # System bootloader configuration bootloader --location=mbr # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel # Disk partitioning information ignoredisk --only-use=sda part /boot --fstype= "ext4" --size=1032 part swap --size=8300 part / --fstype= "ext4" --grow --size=1 %packages @additional-devel @base @compat-libraries @core @debugging @basic-desktop @desktop-debugging @desktop-platform @desktop-platform-devel @development @directory-client @eclipse @emacs @fonts @general-desktop @graphical-admin-tools @graphics @input-methods @internet-browser @java-platform @legacy-x @network- file -system-client @php @performance @perl-runtime @print-client @remote-desktop-clients @system-management-snmp @server-platform @server-platform-devel @server-policy @system-admin-tools @tex @technical-writing @virtualization @virtualization-client @virtualization-platform @virtualization-tools @web-server @web-servlet @workstation-policy @x11 libgcrypt-devel libXinerama-devel openmotif-devel libXmu-devel xorg-x11-proto-devel startup-notification-devel libgnomeui-devel libbonobo-devel junit libXau-devel libXrandr-devel popt-devel gnome-python2-desktop libdrm-devel libxslt-devel libglade2-devel gnutls-devel mtools gdisk pax python-dmidecode oddjob wodim sgpio genisoimage device-mapper-persistent-data systemtap-client abrt-gui desktop- file -utils ant expect rpmdevtools python-six jpackage-utils rpmlint samba-winbind certmonger pam_krb5 krb5-workstation netpbm-progs dcraw openmotif libXmu libXp php-odbc php-pecl-memcache php-xmlrpc php-pecl-apc php-ldap php-soap php-mysql php-pgsql perl-DBD-SQLite net-snmp-python net-snmp-perl symlinks rrdtool pexpect dtach mc xdelta screen tree mgetty hardlink lshw expect conman crypto-utils scrub rdist vlock rear lsscsi libvirt-java perl-Sys-Virt libguestfs-java virt-v2v libguestfs-tools mod_authnz_pam mod_auth_mysql mod_auth_mellon mod_auth_kerb squid mod_nss mod_auth_pgsql certmonger mod_authz_ldap mod_intercept_form_submit perl-CGI-Session perl-CGI python-memcached mod_revocator perl-Cache-Memcached memcached mod_lookup_identity libmemcached %post --nochroot --log= /mnt/sysimage/root/postinstall_stage1 .log mkdir -p /mnt/source mount -o loop /dev/cdrom /mnt/source cp /mnt/source/software/netgainagent_v3 . tar .gz /mnt/sysimage/usr/ #cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/ cp /mnt/source/software/openssh-7 .5p1. tar .gz /mnt/sysimage/usr/local cp /mnt/source/software/openssl-1 .0.1t. tar .gz /mnt/sysimage/usr/local cp /mnt/source/software/cn_node_yum .repo /mnt/sysimage/etc/yum .repos.d /cn_node_yum .repo_bak cp /mnt/source/software/sdns_internel_custom_yum .repo /mnt/sysimage/etc/yum .repos.d /sdns_internel_custom_yum .repo_bak cp /mnt/source/software/test_custom_yum .repo /mnt/sysimage/etc/yum .repos.d /test_custom_yum .repo_bak cp /mnt/source/software/service_custom_yum .repo /mnt/sysimage/etc/yum .repos.d/ umount -f /mnt/source %post --log= /root/postinstall_stage2 .log #agent cd /usr tar zxvf netgainagent_v3. tar .gz echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2 .log #openssl and openssh cd /usr/local/ tar -xvf /usr/local/openssh-7 .5p1. tar .gz tar -xvf /usr/local/openssl-1 .0.1t. tar .gz rm -rf /usr/local/openssh-7 .5p1. tar .gz rm -rf /usr/local/openssl-1 .0.1t. tar .gz mv /usr/local/openssh-7 .5p1/ /usr/local/openssh/ rm -rf /etc/init .d /sshd rm -rf /etc/ssh/ rm -rf /etc/ssl/ rm -rf /usr/bin/openssl rm -rf /usr/include/openssl rm -rf /usr/lib/openssl cd /usr/local/openssl-1 .0.1t/ . /config --prefix= /usr --openssldir= /etc/ssl --libdir=lib64 shared zlib-dynamic make depend make make MANDIR= /usr/share/man MANSUFFIX=ssl install ldconfig - v sed -i 's/OpenSSH_7.5/OpenSSH/' /usr/local/openssh/version .h cd /usr/local/openssh/ . /configure --prefix= /usr --sysconfdir= /etc/ssh --with-zlib --with-ssl- dir = /usr/local/ssl --with-md5-passwords --mandir= /usr/share/man make make install cp /usr/local/openssh/contrib/redhat/sshd .init /etc/init .d /sshd echo "PermitRootLogin yes" >> /etc/ssh/sshd_config sed -i 's@/sbin/restorecon /etc/ssh/' /etc/init .d /sshd chkconfig sshd on echo "==>Update openssl ok!\n" >> /root/postinstall_stage2 .log #yum.repo.d mv /etc/yum .repos.d /CentOS-Base .repo /etc/yum .repos.d /CentOS-Base .repo_bak mv /etc/yum .repos.d /CentOS-Debuginfo .repo /etc/yum .repos.d /CentOS-Debuginfo .repo_bak mv /etc/yum .repos.d /CentOS-fasttrack .repo /etc/yum .repos.d /CentOS-fasttrack .repo_bak mv /etc/yum .repos.d /CentOS-Media .repo /etc/yum .repos.d /CentOS-Media .repo_bak mv /etc/yum .repos.d /CentOS-Vault .repo /etc/yum .repos.d /CentOS-Vault .repo_bak #chkconfig chkconfig iptables off chkconfig cgconfig off chkconfig cgdcbxd off chkconfig abrtd off chkconfig ip6tables off chkconfig xinetd off chkconfig virt- who off chkconfig pppoe-server off chkconfig postfix off chkconfig lvm2-monitor off chkconfig libvirtd off chkconfig libvirt-guests off chkconfig isdn off chkconfig iscsid off chkconfig iscsi off chkconfig fcoe-target off chkconfig fcoe off chkconfig certmonger off chkconfig bluetooth off chkconfig NetworkManager off #set /etc/resolv.conf cat > /etc/resolv .conf << EOF nameserver nameserver EOF echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2 .log #ntp cat >> /var/spool/cron/root << EOF * /3 * * * * /usr/sbin/ntpdate && /sbin/hwclock -w # */3 * * * * /usr/sbin/ntpdate && /sbin/hwclock -w # */3 * * * * /usr/sbin/ntpdate && /sbin/hwclock -w EOF echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2 .log #ifcfg-eth NetworkManager sed -i 's@NM_CONTROLLED="yes"@NM_CONTROLLED="no"@' /etc/sysconfig/network-scripts/ifcfg-eth * sed -i 's@NM_CONTROLLED=yes@NM_CONTROLLED=no@' /etc/sysconfig/network-scripts/ifcfg-eth * echo "==>Set OS NetworkManager ok!\n" >> /root/postinstall_stage2 .log #delete tar.gz file rm -rf /usr/netgainagent_v3 . tar .gz |
这个里面包括使用了最新的openssh 7.5 还有 openssl1.01t 版本,里面也有一些走过的坑。。不过最终还是做出来了
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 | [root@galene conf] # more ks_ctos6.5_64.cfg #Kickstart file automatically for CENTOS 6.3_x86_64 #####NEED TO MODIFY THESE CONFIGURATION##### #Choose OS ISO nfs --server= -- dir = /centos6 .5_64 #Network configuration network --bootproto=dhcp --device=eth0 --onboot=on #install "HP server" use this line /dev/cciss/c0d0 bootloader --location=mbr --driveorder=cciss /c0d0 --append= "rhgb quiet" #install "normal server" use this line /dev/sda #bootloader --location=mbr --driveorder=sda --append="rhgb quiet" ######################################################################### install lang en_US.UTF-8 key --skip keyboard us text xconfig --startxonboot timezone Asia /Shanghai rootpw --iscrypted $1$z2qCmGJm$qseyjZU7ahSaUk /hebBcZ0 zerombr yes authconfig --enableshadow --enablemd5 selinux --disabled reboot clearpart --all part /boot --fstype= "ext4" --size=100 --asprimary part swap --size=32000 part / --fstype= "ext4" --grow --size=1 #part /home --fstype="ext4" --grow --size=1 network --bootproto=dhcp --device=eth0 --onboot= yes #Firewall configuration firewall --enabled --port=22:tcp --port=1801:tcp --port=1850:tcp #Package install information %packages @base @client-mgmt-tools @console-internet @core @debugging @development @directory-client @hardware-monitoring @java-platform @large-systems @network- file -system-client @performance @perl-runtime @system-management-snmp @server-platform @server-policy pax oddjob sgpio jpackage-utils certmonger pam_krb5 krb5-workstation perl-DBD-SQLite %post --nochroot --log= /mnt/sysimage/root/postinstall_stage1 .log mkdir -p /mnt/source mount -t nfs /osinstall /mnt/source -o nolock,udp cp /mnt/source/software/openssh_5 .0. tar .gz /mnt/sysimage/usr/ cp /mnt/source/software/netgainagent_v4 . tar .gz /mnt/sysimage/usr/ cp /mnt/source/software/netgainagent_v3 . tar .gz /mnt/sysimage/usr/ #cp /mnt/source/software/quagga-0.99.20.tar.gz /mnt/sysimage/usr umount -f /mnt/source rmdir /mnt/source %post --log= /root/postinstall_stage2 .log cd /usr tar zxvf openssh_5.0. tar .gz cd /usr/zlib-1 .2.3 . /configure ; make ; make install mv /etc/ssh /etc/ssh .bak cd /usr/openssh-5 .0p1 . /configure --prefix= /usr --sysconfdir= /etc/ssh --with-pam --with-zlib --with-ssl- dir = /usr/local/ssl --with-md5-passwords --mandir=/ usr /share/man ; make ; make install echo "==> update openssh finished.\n" > /root/postinstall_stage2 .log #agent cd /usr tar zxvf netgainagent_v3. tar .gz echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2 .log #quagga #cd /usr #tar quagga-0.99.20.tar.gz #cd /usr/quagga-0.99.20 #./configure --prefix=/usr/local/quagga;make;make install #echo "===>update quagga finished.\n " >> /root/postinstall_stage2.log #chkconfig off chkconfig avahi-daemon off chkconfig yum-updatesd off chkconfig sendmail off chkconfig cups off chkconfig bluetooth off chkconfig autofs off chkconfig hidd off chkconfig atd off chkconfig nfslock off echo "==>services stop ok!\n" >> /root/postinstall_stage2 .log #lock user passwd -l adm #passwd -l sync passwd -l shutdown passwd -l halt passwd -l mail passwd -l uucp passwd -l operator passwd -l games passwd -l gopher passwd -l ftp passwd -l news #set /etc/resolv.conf #cat >> /etc/resolv.conf << EOF #nameserver #nameserver #EOF #echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log #ntp cat >> /var/spool/cron/root << EOF * * /2 * * * /usr/sbin/ntpdate EOF echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2 .log #profile echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/bashrc sed -i 's/m/m hostname:\\n/' /etc/issue sed -i 's/^id:5:/id:3:/' /etc/inittab sed -i 's/022$/027/' /etc/bashrc #modify password complexity #prohibit the Control+Alt+Delete sed -i 's/^ca::ctrlaltdel/#&/' /etc/inittab #configure root login #Completeness of the security log echo 'authpriv.* /var/log/secure' >> /etc/syslog .conf #configure the remote log server mv /usr/openssh_5 .0. tar .gz /root mv /usr/netgainagent_v4 . tar .gz /root mv /usr/netgainagent_v3 . tar .gz /root rm -fr /usr/openssh-5 .0p1 rm -fr /usr/zlib-1 .2.3 echo "Files have been moved and deleted.\n" >> /root/postinstall_stage2 .log [root@galene conf] # |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-eth * sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth * sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth * sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-eth * cat >> /etc/modprobe .d /bonding .conf << EOF alias bond0 bonding options bond0 miimon=120 mode=1 EOF cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF BOOTPROTO=none MASTER=bond0 SLAVE= yes EOF cat >> /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF BOOTPROTO=none MASTER=bond0 SLAVE= yes EOF cat >> /etc/sysconfig/network-scripts/ifcfg-bond0 <<EOF DEVICE=bond0 ONBOOT= yes BOOTPROTO=static IPADDR= NETMASK= GATEWAY= EOF |
