无人值守安装工具cobbler简介
1、现阶段的互联网运维工作环境中,由于云的成熟和广泛使用,中小型公司更多的考虑是使用云环境(阿里云,腾讯云,青云等),有钱那是另外一回事,那是否意味着传统的无人值守安装方案(物理服务器)是否没用用武之地?答案可能很悲观。。。,但掌握一门运维人员的基本技术还是很有必要的,毕竟可以忽悠一下不懂的孩子,呵呵呵。。。
2、常见的无人值守安装方案有两种:kickstart和cobbler,用过的人都知道kickstart配置起来步骤多(其中的服务如dhcp,tftp,syslinux等一堆乱七八糟的玩意),过程比较繁琐(了解linux开机启动原理其实也挺简单的),而cobbler从字面意思上看“补鞋匠”,感觉有点low!!,它集成了很多功能,不需要人为一个个的去配置每个服务模块,简化了整体的操作,用起来挺方便的。cobbler原理和组件自行baidu/google,大把资料。
3、无人值守安装方案实则是基于PXE/KICKSTART完成的,PXE(Pre-boot Execution Environment),预启动执行环境;通过网络接口启动计算机,不依赖本地存储设备(如硬盘)或本地已安装的操作系统,它是由Intel和Systemsoft公司于1999年9月20日公布的技术,它采用的是CS架构即Client/Server的工作模式。PXE客户端会调用网际协议(IP)、用户数据报协议(UDP)、动态主机设定协议(DHCP)、小型文件传输协议(TFTP)等网络协议。说了一堆屁话,也没什么卵用,了解基本的过程原理就行。
4、PXE+KICKSTART基本工作原理
1)网卡上的pxe芯片有512字节,存放了DHCP和TFTP的客户端
2)使用PXE方式安装,启动计算机或PC Server时需要在BIOS中设置为网卡启动
3)安装开始时,PXE上的DHCP客户端会向DHCP服务端申请IP/MASK/GW/DNS等相关信息
4)DHCP服务器分配给它IP地址的同时,告诉客户端,TFTP Server的地址和它要下载的文件,如下:
next_server {TFTP Server IP}
filename “pxelinux.0” #pxelinux.0告诉客户端下载的配置文件是pxelinux.cfg目录下面的default
5)PXE客户端依据配置文件的内容下载启动必须的文件(一堆vmlinuz,initrd.img,boot.cfg之类的系统启动加载文件),通过定义的ks文件实现系统自动安装
实际工作中tftp和dhcp经常是同一台服务器
5、废话不多说了,安装部署代码奉上
1)系统环境相关
# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) # uname -rm 3.10.0-327.22.2.el7.x86_64 x86_64 # hostname cobbler-node1.beidousat.com # systemctl disable firewalld # sed -i 's#enforcing#disabled#g' /etc/selinux/config # yum install vim wget net-tools ntpdate bash-completion -y # ifconfig eth0|awk -F '[ :]+' 'NR==2 {print $3}' #centos7需要安装net-tools包 192.168.56.10 # tail -1 /etc/hosts 192.168.56.10 cobbler-node1.beidousat.com # echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null' >/var/spool/cron/root # mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup # wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo # wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # reboot
2)cobbler安装
# yum install httpd dhcp tftp cobbler cobbler-web pykickstart xinetd -y cobbler #cobbler程序包 cobbler-web #cobbler的web服务包 pykickstart #cobbler检查kickstart语法错误 httpd #Apache web服务 tftp #tftp服务 dhcp #dhcp服务 cobber安装下的重要目录 /etc/cobbler # 配置文件目录 /etc/cobbler/settings # cobbler主配置文件 /etc/cobbler/dhcp.template # DHCP服务的配置模板 /etc/cobbler/tftpd.template # tftp服务的配置模板 /etc/cobbler/rsync.template # rsync服务的配置模板 /var/lib/cobbler # Cobbler数据目录 /var/lib/cobbler/config # 配置文件 /var/lib/cobbler/kickstarts # 默认存放kickstart文件 /var/lib/cobbler/loaders # 存放的各种引导程序 /var/www/cobbler # 系统安装镜像目录 /var/www/cobbler/ks_mirror # 导入的系统镜像列表 /var/www/cobbler/images # 导入的系统镜像启动文件 /var/www/cobbler/repo_mirror # yum源存储目录 /var/log/cobbler # 日志目录 /var/log/cobbler/install.log # 客户端系统安装日志 /var/log/cobbler/cobbler.log # cobbler日志
3)启动服务后需要做检测,完成相应配置修改
# systemctl start httpd #启动apache服务 # systemctl enable httpd # systemctl start cobblerd #启动cobbler程序 # systemctl enable cobblerd # cobbler check #检查配置文件,需要在cobblerd和httpd启动的情况下检查,逐条解决 The following are potential configuration items that you may want to fix: 1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it. 2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network. 3 : change 'disable' to 'no' in /etc/xinetd.d/tftp 4 : some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements. 5 : enable and start rsyncd.service with systemctl 6 : debmirror package is not installed, it will be required to manage debian deployments and repositories 7 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one 8 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use the Restart cobblerd and then run 'cobbler sync' to apply changes. 如上各问题的解决方法如下所示: 1、修改/etc/cobbler/settings文件中的server参数的值为提供cobbler服务的主机相应的IP地址或主机名,如server: 192.168.56.10; # sed -i 's/server: 127.0.0.1/server: 192.168.56.10/' /etc/cobbler/settings 2、修改/etc/cobbler/settings文件中的next_server参数的值为提供PXE服务的主机相应的IP地址,如next_server: 192.168.56.10; # sed -i 's/next_server: 127.0.0.1/next_server: 192.168.56.10/' /etc/cobbler/settings 3、修改/etc/xinetd.d/tftp文件中的disable参数修改为 disable = no 4、执行 cobbler get-loaders 命令即可 5、执行 systemctl enable rsyncd;systemctl start rsyncd命令即可; 6、不是debian系列可以不用理会 7、修改密码 # openssl passwd -1 -salt '123456' '123456' $1$123456$eer7btfSmZAs4ZDvuUVzM. # grep "default_password_crypted" /etc/cobbler/settings #替换/etc/cobbler/setting内的default_password_crypted default_password_crypted: " $1$123456$eer7btfSmZAs4ZDvuUVzM." 8、安装fence电源管理 yum -y install cman fence-agents 最后重启Cobbler: systemctl restart cobblerd
4)配置DHCP
# sed -i 's#manage_dhcp: 0#manage_dhcp: 1#g' /etc/cobbler/settings #使用cobbler管理dhcp # vim /etc/cobbler/dhcp.template #修改cobbler的dhcp模版,因为cobbler会替换。 subnet 192.168.56.0 netmask 255.255.255.0 { option routers 192.168.56.2; option domain-name-servers 192.168.56.2; option subnet-mask 255.255.255.0; range dynamic-bootp 192.168.56.1 192.168.56.100; default-lease-time 21600; max-lease-time 43200; next-server $next_server;
5)同步cobbler
# systemctl enable xinetd.service # systemctl start xinetd.service # systemctl restart cobblerd #重启cobbler # cobbler sync #同步最新cobbler配置,可以看具体做了哪些操作 task started: 2016-07-17_030235_sync task started (id=Sync, time=Sun Jul 17 03:02:35 2016) running pre-sync triggers cleaning trees removing: /var/www/cobbler/images/CentOS-7-x86_64 removing: /var/lib/tftpboot/pxelinux.cfg/01-00-50-56-31-e7-a0 removing: /var/lib/tftpboot/pxelinux.cfg/default removing: /var/lib/tftpboot/grub/images removing: /var/lib/tftpboot/grub/grub-x86.efi removing: /var/lib/tftpboot/grub/grub-x86_64.efi removing: /var/lib/tftpboot/grub/01-00-50-56-31-E7-A0 removing: /var/lib/tftpboot/grub/efidefault removing: /var/lib/tftpboot/images/CentOS-7-x86_64 removing: /var/lib/tftpboot/s390x/profile_list copying bootloaders trying hardlink /var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi trying hardlink /var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi copying distros to tftpboot copying files for distro: CentOS-7-x86_64 trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64/images/pxeboot/vmlinuz -> /var/lib/tftpboot/images/CentOS-7-x86_64/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64/images/pxeboot/initrd.img -> /var/lib/tftpboot/images/CentOS-7-x86_64/initrd.img copying images generating PXE configuration files generating: /var/lib/tftpboot/pxelinux.cfg/01-00-50-56-31-e7-a0 generating: /var/lib/tftpboot/grub/01-00-50-56-31-E7-A0 generating PXE menu structure copying files for distro: CentOS-7-x86_64 trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64/images/pxeboot/vmlinuz -> /var/www/cobbler/images/CentOS-7-x86_64/vmlinuz trying hardlink /var/www/cobbler/ks_mirror/CentOS-7-x86_64/images/pxeboot/initrd.img -> /var/www/cobbler/images/CentOS-7-x86_64/initrd.img Writing template files for CentOS-7-x86_64 rendering DHCP files generating /etc/dhcp/dhcpd.conf rendering TFTPD files generating /etc/xinetd.d/tftp processing boot_files for distro: CentOS-7-x86_64 cleaning link caches running post-sync triggers running python triggers from /var/lib/cobbler/triggers/sync/post/* running python trigger cobbler.modules.sync_post_restart_services running: dhcpd -t -q received on stdout: received on stderr: running: service dhcpd restart received on stdout: received on stderr: Redirecting to /bin/systemctl restart dhcpd.service running shell triggers from /var/lib/cobbler/triggers/sync/post/* running python triggers from /var/lib/cobbler/triggers/change/* running python trigger cobbler.modules.scm_track running shell triggers from /var/lib/cobbler/triggers/change/* *** TASK COMPLETE ***
6)管理distro-镜像版本
# mount /dev/cdrom /mnt/ #挂载ISO光盘至服务器 mount: /dev/sr0 is write-protected, mounting read-only # cobbler import --path=/mnt/ --name=CentOS-7.2-x86_64 --arch=x86_64 #导入CentOS7镜像 # cobbler import --path=/mnt/ --name=CentOS-6.8-x86_64 --arch=x86_64 #导入CentOS6镜像 # cobbler distro list #列出所有的distro CentOS-6.8-x86_64 CentOS-7.2-x86_64
7)管理profile
cobbler使用profile来为特定的需求类别提供所需要安装的配置,即在distro的基础上通过提供kiskstart文件来生成一个特定的系统安装配置。distro的profile可以出现在pxe的引导菜单中作为安装的选择之一。默认是有kickstart文件的,所以edit,如果没有kickstart文件可以add
# cobbler profile list #显示profile的列表 CentOS-6.8-x86_64 CentOS-7.2-x86_64 # cobbler profile report #显示profile的详细信息
上传kickstart文件(自动安装时使用到的应答文件)到指定目录下
# cat /var/lib/cobbler/kickstarts/CentOS-7-x86_64.cfg #上传cfg文件到此目录下 #Kickstart Configurator for cobbler #platform=x86, AMD64, or Intel EM64T #System language lang en_US #语言 #System keyboard keyboard us #键盘 #Sytem timezone timezone Asia/Shanghai #系统时区 #Root password rootpw --iscrypted $default_password_crypted #root密码,引用的变量 #Use text mode install text #文本模式安装 #Install OS instead of upgrade install #安装系统 #Use NFS installation Media url --url=$tree #生成树 #System bootloader configuration bootloader --location=mbr #引导分区指定mbr #Clear the Master Boot Record zerombr #清空mbr信息 #Partition clearing information clearpart --all --initlabel #清空磁盘分区上的数据 #Disk partitioning information part /boot --fstype xfs --size 1024 --ondisk sda #配置boot分区 1G part swap --size 1024 --ondisk sda #配置swap分区1G,生产环境根据实际情况来 part / --fstype xfs --size 1 --grow --ondisk sda #配置根分区,剩余所有 #System authorization infomation auth --useshadow --enablemd5 # 验证 #Network information $SNIPPET('network_config') #网络配置 #network --bootproto=dhcp --device=em1 --onboot=on # Reboot after installation reboot #重启 #Firewall configuration firewall --disabled #关闭防火墙 #SELinux configuration selinux --disabled #关闭selinux #Do not configure XWindows skipx #跳过桌面设置 #Package install information %pre $SNIPPET('log_ks_pre') $SNIPPET('kickstart_start') $SNIPPET('pre_install_network_config') # Enable installation monitoring $SNIPPET('pre_anamon') %end %packages #选择安装的软件包 @base @compat-libraries @debugging @development @core wget lrzsz tree dos2unix telnet nmap sysstat ntpdate net-tools %end %post systemctl disable postfix.service #$yum_config_stanza wget -O /opt/init-7.sh http://192.168.56.10/init-7.sh &>/dev/null #下载脚本并执行 /bin/sh /opt/init-7.sh %end
# cat /var/lib/cobbler/kickstarts/CentOS-6-x86_64.cfg #上传cfg文件到此目录下 #platform=x86, AMD64, or Intel EM64T # System authorization information auth --useshadow --enablemd5 # System bootloader configuration bootloader --location=mbr # Partition clearing information clearpart --all --initlabel #Partition information part /boot --fstype ext4 --size 1024 --ondisk sda part swap --size 1500 --ondisk sda part / --fstype ext4 --size 1 --grow --ondisk sda # Use text mode install text # Firewall configuration firewall --disable # Run the Setup Agent on first boot firstboot --disable # System keyboard keyboard us # System language lang en_US # Use network installation url --url=$tree # If any cobbler repo definitions were referenced in the kickstart profile, include them here. $yum_repo_stanza # Network information $SNIPPET('network_config') #network --bootproto=dhcp --device=em1 # Reboot after installation reboot #Root password rootpw --iscrypted $default_password_crypted # SELinux configuration selinux --disabled # Do not configure the X Window System skipx # System timezone timezone Asia/Shanghai # Install OS instead of upgrade install # Clear the Master Boot Record zerombr %packages @base @compat-libraries @debugging @development tree nmap sysstat lrzsz dos2unix telnet %pre $SNIPPET('log_ks_pre') $SNIPPET('kickstart_start') $SNIPPET('pre_install_network_config') # Enable installation monitoring $SNIPPET('pre_anamon') %post #$yum_config_stanza wget -O /opt/init-6.sh http://192.168.56.10/init-6.sh &>/dev/null /bin/sh /opt/init-6.sh %end
8)关联kickstart文件到profile
# cobbler profile edit --name=CentOS-7.2-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-7-x86_64.cfg # cobbler profile edit --name=CentOS-6.8-x86_64 --kickstart=/var/lib/cobbler/kickstarts/CentOS-6-x86_64.cfg
9)修改网卡内核参数,生产配置标准化
# cobbler profile edit --name=CentOS-7.2-x86_64 --kopts='net.ifnames=0 biosdevname=0' #修改centos7内核 # cobbler profile report #显示profile的详细信息 Name : CentOS-7.2-x86_64 TFTP Boot Files : {} Comment : DHCP Tag : default Distribution : CentOS-7.2-x86_64 Enable gPXE? : 0 Enable PXE Menu? : 1 Fetchable Files : {} Kernel Options : {'biosdevname': '0', 'net.ifnames': '0'} #调整网卡接口名称的内核参数 Kernel Options (Post Install) : {} Kickstart : /var/lib/cobbler/kickstarts/CentOS-7-x86_64.cfg Kickstart Metadata : {} Management Classes : [] Management Parameters : <<inherit>> Name Servers : [] Name Servers Search Path : [] Owners : ['admin'] Parent Profile : Internal proxy : Red Hat Management Key : <<inherit>> Red Hat Management Server : <<inherit>> Repos : ['http://mirrors.aliyun.com/centos/7.2.1511/cloud/x86_64/openstack-mitaka/'] Server Override : <<inherit>> Template Files : {} Virt Auto Boot : 1 Virt Bridge : xenbr0 Virt CPUs : 1 Virt Disk Driver Type : raw Virt File Size(GB) : 5 Virt Path : Virt RAM (MB) : 512 Virt Type : kvm # cobbler sync #同步cobbler,使修改生效
10)配置yum仓库
1、添加常用的yum源 CentOS 7: cobbler repo add --name=CentOS-7-x86_64-base --mirror=http://mirrors.aliyun.com/centos/7/os/x86_64/ --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-7-x86_64-epel --mirror=http://mirrors.aliyun.com/epel/7/x86_64/ --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-7-x86_64-updates --mirror=http://mirrors.aliyun.com/centos/7/updates/x86_64/ --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-7-x86_64-extras --mirror=http://mirrors.aliyun.com/centos/7/extras/x86_64 --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-7-x86_64-openstack-neutron \ --mirror=http://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-newton/ --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-7-x86_64-zabbix3.2 --mirror=http://mirrors.aliyun.com/zabbix/zabbix/3.2/rhel/7/x86_64/ --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-7-x86_64-saltstack-lastest --mirror=http://repo.saltstack.com/yum/redhat/7/x86_64/latest/ --arch=x86_64 --breed=yum CentOS 6: cobbler repo add --name=CentOS-6-x86_64-base --mirror=http://mirrors.aliyun.com/centos/6/os/x86_64/ --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-6-x86_64-epel --mirror=http://mirrors.aliyun.com/epel/6/x86_64/ --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-6-x86_64-updates --mirror=http://mirrors.aliyun.com/centos/6/updates/x86_64/ --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-6-x86_64-extras --mirror=http://mirrors.aliyun.com/centos/6/extras/x86_64 --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-6-x86_64-zabbix3.2 --mirror=http://mirrors.aliyun.com/zabbix/zabbix/3.2/rhel/6/x86_64/ --arch=x86_64 --breed=yum cobbler repo add --name=CentOS-6-x86_64-saltstack-lastest --mirror=https://repo.saltstack.com/yum/redhat/6/x86_64/latest/ --arch=x86_64 --breed=yum 给yum源改名: cobbler repo rename --name=oldname --newname=newname 2、同步yum源 cobbler reposync #此步需要的时间很长,并且要保证硬盘空间足够 cobbler reposync --only=CentOS-7-x86_64-saltstack-lastest #同步指定的yum源 3、#添加repo到指定的profile cobbler profile edit --name=CentOS-7.2-x86_64 --repos="CentOS-7-x86_64-openstack-neutron" 4、把添加的yum源写入cfg文件 %post $yum_config_stanza %end 5.添加定时任务,定期同步repo # openstack-neutron sync yum 00 00 * * * /usr/bin/cobbler reposync --tries=3 --no-fail &>/tmp/reposync.log
11)安装过程中使用的脚本文件
CentOS 6 POST-INSTALl SCRIPTS
# vim /var/www/html/init-6.sh #!/bin/bash #IP=$(ifconfig eth0|awk -F "[ :]+" 'NR==2{print $4}') #多台机器配置双网卡 #NET="192.168.56." #ETH1="/etc/sysconfig/network-scripts/ifcfg-eth1" #for n in 11 12 13 14 #do # if [ $IP = $NET$n ];then # cat >$ETH1<<-EOF # DEVICE=eth1 # TYPE=Ethernet # ONBOOT=yes # BOOTPROTO=static # IPADDR=172.16.1.$n # NETMASK=255.255.255.0 #EOF # /etc/init.d/network restart # fi #done ##ntpdate from ntp server */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null EOF #the optimization of sshd echo "#the optimization of sshd" Sshd_File=/etc/ssh/sshd_config /bin/sed -i.$(date +%F) '13i PermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no' $Sshd_File /etc/init.d/sshd restart #Adjust file descriptor echo "#Adjust file descriptor" Limits_File=/etc/security/limits.conf /bin/sed -i.$(date +%F) '$i * - nofile 65535' $Limits_File ulimit -HSn 65535 #the optimization of system start echo "#the optimization of system start" Cmd=`chkconfig --list|egrep -v "crond|network|sysstat|rsyslog|sshd"|awk '{print $1}'` for name in $Cmd do chkconfig $name off done #config yum mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo #the optimization of kernel cat>>/etc/sysctl.conf<<EOF #by cluster at 20160423 net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time =600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 #below iptables #net.ipv4.ip_conntrack_max = 25000000 #net.ipv4.netfilter.ip_conntrack_max = 25000000 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120 EOF /sbin/sysctl -p cat >>/etc/profile<<EOF export HISTSIZE=1000 export HISTFILESIZE=1000 export HISTTIMEFORMAT="%F %T `whoami` " #export TMOUT=300 #alias rm='echo rm does not tobe used' alias vi='vim' alias grep='grep --color=auto' alias egrep='egrep --color=auto' EOF source /etc/profile #hide version of system >/etc/issue >/etc/issue.net echo "RedHat linux 9.0 Final" >/etc/motd #配置主机名解析 echo "`ifconfig eth0|awk -F "[ :]+" 'NR==2{print $4}'` `hostname`" >>/etc/hosts yum install salt-minion zabbix-agent -y #前提条件配置好yum仓库
CentOS 7 POST-INSTALL SCRIPTS
# vim /var/www/html/yum/init-7.sh # 系统安装后的操作 # 设置时间同步 cat >>/var/spool/cron/root<<EOF ##ntpdate from ntp server */5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null EOF #config yum mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # 清理缓存,下载常用软件和依赖包 yum install iftop iptraf ntop nc openssl openssl-devel pcre pcre-devel zlib zlib-devel -y # 加大系统文件描述符 sed -i.$(date +%F) '$i * - nofile 65535' /etc/security/limits.conf ulimit -HSn 65535 # ssh连接优化 sed -i.$(date +%F) '17i GSSAPIAuthentication no\nUseDNS no' /etc/ssh/sshd_config systemctl restart sshd # 内核参数调整 cat>>/etc/sysctl.conf<<EOF net.ipv4.tcp_fin_timeout = 2 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_keepalive_time =600 net.ipv4.ip_local_port_range = 4000 65000 net.ipv4.tcp_max_tw_buckets = 36000 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.core.somaxconn = 16384 net.core.netdev_max_backlog = 16384 net.ipv4.tcp_max_orphans = 16384 #below iptables #net.ipv4.ip_conntrack_max = 25000000 #net.ipv4.netfilter.ip_conntrack_max = 25000000 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120 EOF /sbin/sysctl -p #系统操作相关优化 cat >>/etc/profile<<EOF export HISTSIZE=100 export HISTFILESIZE=100 export HISTTIMEFORMAT="%F %T `whoami` " #export TMOUT=300 #alias rm='echo rm does not tobe used' alias vi='vim' alias grep='grep --color=auto' alias egrep='egrep --color=auto' EOF source /etc/profile #配置主机名解析 echo "`ifconfig eth0|awk -F "[ :]+" 'NR==2{print $3}'` `hostname`" >>/etc/hosts #安装基础服务salt和zabbix #前提条件配置好yum仓库 yum install zabbix-agent salt-minion -y
12)根据服务器网卡MAC地址实现自动化安装
cobbler system add \ --name=test-server \ --mac=00:0C:29:67:96:3A \ #采购时须有MAC地址清单 --profile=CentOS-7.2-x86_64 \ --ip-address=192.168.56.12 \ --subnet=255.255.255.0 \ --gateway=192.168.56.2 \ --interface=eth0 \ --static=1 \ --hostname=test-node1 \ --name-servers=192.168.56.2 \ --kickstart=/var/lib/cobbler/kickstarts/CentOS-7-x86_64.cfg
6、服务器开机加电,自动安装,完毕,cobbler本身带有web界面,安装后访问路径:http://{cobbler_server}/cobbler_web,至于cobbler其余的一些功能,基本上也很少用到,这里不在累述。
浙公网安备 33010602011771号