部署kickstart无人值守安装需要三个服务支持,分别为dhcp、tftp和httpd或者nginx这里用httpd来说明,部署如下:
1、环境准备:
[root@szy ~]# cat /etc/redhat-release
CentOS release 6.8 (Final)
[root@szy ~]# uname -r
2.6.32-642.el6.x86_64
关闭服务器的iptables防火墙:
[root@szy ~]# /etc/init.d/iptables stop
[root@szy ~]# chkconfig --list |grep iptables
iptables 0:off1:off2:off3:off4:off5:off6:off
关闭selinux强制访问控制系统:
cp /etc/selinux/config /etc/selinux/config.sourec.bak
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
指定yum源分别为(阿里云YUM源,与epel YUM源)
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
yum repolist
检查服务器可以上公网:
[root@szy ~]# ping www.baidu.com
PING www.a.shifen.com (119.75.218.70) 56(84) bytes of data.
64 bytes from 119.75.218.70: icmp_seq=1 ttl=128 time=6.67 ms
2、首先部署dhcp服务:
yum安装dhcp
yum install dhcp -y
[root@szy ~]# rpm -ql dhcp |grep "dhcpd.conf"
/etc/dhcp/dhcpd.conf
/usr/share/doc/dhcp-4.1.1/dhcpd-conf-to-ldap
/usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample
/usr/share/man/man5/dhcpd.conf.5.gz
这里安装的是4.1.1版本
编辑dhcp配置文件:
[root@szy ~]# vim /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see 'man 5 dhcpd.conf'
#
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option subnet-mask 255.255.255.0;
default-lease-time 21600;
max-lease-time 43200;
next-server 192.168.1.61;
filename "/pxelinux.0";
}
配置文件单独说明:
subnet 192.168.1.0 netmask 255.255.255.0{ #指定的网段
range 192.168.1.100 192.168.1.200; #可分配的起始ip-结束ip(给客户端分配的ip地址从哪里到哪里)
option subnet-mask 255.255.255.0; #可设置的子网掩码
default-lease-time 21600; #设置默认的ip租用期限
max-lease-time 43200; #设置最大的ip租用期限
next-server 192.168.1.61; #告知客户端tftp服务器 (搭建的机器ip)
filename "/pxelinux.0"; #告知客户端从tftp根目录下载pxelinux.0文件
}
此时需要取消局域网内的dhcp服务器给需要安装的服务器分配ip地址
启动dhcp服务:
[root@szy ~]# /etc/init.d/dhcpd start
Starting dhcpd: [ OK ]
[root@szy ~]# lsof -i:67
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dhcpd 1368 dhcpd 7u IPv4 11151 0t0 UDP *:bootps
注:** 本来软件装完后都要加入开机自启动,但这个Kickstart系统就不能开机自启动,而且用完后服务都要关闭,防止未来重启服务器自动重装系统了。**
** 如果机器数量过多的话,注意dhcp服务器的地址池,不要因为耗尽IP而导致dhcpd服务器没有IP地址release的情况。**
2、安装tftp服务:
yum install tftp-server -y
[root@szy ~]# rpm -qa tftp-server
tftp-server-0.49-8.el6.x86_64
编辑配置文件:
[root@szy ~]# vim /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = yes #将这里的yes改为no
per_source = 11
cps = 100 2
flags = IPv4
}
启动服务:
[root@szy ~]# /etc/init.d/xinetd start
Starting xinetd: [ OK ]
[root@szy ~]# lsof -i:69
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 1406 root 5u IPv4 11612 0t0 UDP *:tftp
3、安装apache:
yum install httpd -y
[root@szy ~]# rpm -qa httpd
httpd-2.2.15-56.el6.centos.3.x86_64
编辑配置文件:
sed -i "277i ServerName 127.0.0.1:80" /etc/httpd/conf/httpd.conf
在277行插入“ServerName 127.0.0.1:80”
启动apache服务:
[root@szy ~]# /etc/init.d/httpd start
Starting httpd: [ OK ]
[root@szy ~]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 1450 root 4u IPv6 12162 0t0 TCP *:http (LISTEN)
httpd 1452 apache 4u IPv6 12162 0t0 TCP *:http (LISTEN)
httpd 1453 apache 4u IPv6 12162 0t0 TCP *:http (LISTEN)
httpd 1454 apache 4u IPv6 12162 0t0 TCP *:http (LISTEN)
httpd 1455 apache 4u IPv6 12162 0t0 TCP *:http (LISTEN)
httpd 1456 apache 4u IPv6 12162 0t0 TCP *:http (LISTEN)
httpd 1457 apache 4u IPv6 12162 0t0 TCP *:http (LISTEN)
httpd 1458 apache 4u IPv6 12162 0t0 TCP *:http (LISTEN)
httpd 1459 apache 4u IPv6 12162 0t0 TCP *:http (LISTEN)
4、创建镜像存储目录,并将磁盘文件导入到目录中:
[root@szy ~]# mkdir /var/www/html/CentOS-6.8
[root@szy ~]# mount /dev/cdrom /var/www/html/CentOS-6.8/
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@szy ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.9G 5.2G 1.4G 79% /
tmpfs 931M 0 931M 0% /dev/shm
/dev/sda1 190M 38M 142M 22% /boot
/dev/sr0 3.7G 3.7G 0 100% /var/www/html/CentOS-6.8
此时浏览器访问192.168.1.61/CentOS-6.8 会出现下载目录表示成功
5、 安装syslinux服务:
yum -y install syslinux
[root@szy ~]# rpm -qa syslinux
syslinux-4.04-3.el6.x86_64
复制配置文件:
[root@szy ~]#cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
[root@szy ~]# cp -a /var/www/html/CentOS-6.8/isolinux/* /var/lib/tftpboot/
[root@szy ~]# ll /var/lib/tftpboot/
total 44464
-r--r--r-- 1 root root 2048 May 23 2016 boot.cat
-r--r--r-- 1 root root 84 May 22 2016 boot.msg
-r--r--r-- 1 root root 321 May 22 2016 grub.conf
-r--r--r-- 1 root root 40688737 May 22 2016 initrd.img
-r--r--r-- 1 root root 24576 May 23 2016 isolinux.bin
-r--r--r-- 1 root root 923 May 22 2016 isolinux.cfg
-r--r--r-- 1 root root 183012 May 22 2016 memtest
-rw-r--r-- 1 root root 26759 Mar 17 21:51 pxelinux.0
-r--r--r-- 1 root root 151230 May 22 2016 splash.jpg
-r--r--r-- 1 root root 2215 May 23 2016 TRANS.TBL
-r--r--r-- 1 root root 163728 May 22 2016 vesamenu.c32
-r-xr-xr-x 1 root root 4264528 May 22 2016 vmlinuz
创建一个pxelinux.cfg目录,存放客户端的配置文件:
[root@szy ~]# mkdir -p /var/lib/tftpboot/pxelinux.cfg
[root@szy ~]# cp /var/www/html/CentOS-6.8/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
生成一个加密密码作为root用户的密码:
[root@szy ~]# grub-crypt
Password: #我这里用的是123456
Retype password:
$6$s0sqYcB4fD7qgtVF$lSqHuZdTiZhFMyaXoBlHkkdqLzV9QRBBKbMuwgBVPO3Q3c2gLj/lipmiqPPPAWuPBDX.KvEI4luipXzGgiFHX1
编写ks文件:
[root@szy ~]# mkdir /var/www/html/ks_config
[root@szy ~]# vim /var/www/html/ks_config/CentOS-6.8-ks.cfg
[root@szy ~]# cat /var/www/html/ks_config/CentOS-6.8-ks.cfg
#Kickstart Configurator for CentOS 6.8 by yao zhang
install
url --url="http://192.168.1.61/CentOS-6.8/"
text
lang en_US.UTF-8
keyboard us
zerombr
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
network --bootproto=dhcp --device=eth0 --onboot=yes --noipv6 --hostname=CentOS6
timezone --utc Asia/Shanghai
authconfig --enableshadow --passalgo=sha512
rootpw --iscrypted $6$s0sqYcB4fD7qgtVF$lSqHuZdTiZhFMyaXoBlHkkdqLzV9QRBBKbMuwgBVPO3Q3c2gLj/lipmiqPPPAWuPBDX.KvEI4luipXzGgiFHX1
clearpart --all --initlabel
part /boot --fstype=ext4 --asprimary --size=200
part swap --size=1024
part / --fstype=ext4 --grow --asprimary --size=200
firstboot --disable
selinux --disabled
firewall --disabled
logging --level=info
reboot
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
%post
wget -O /tmp/optimization.sh http://192.168.1.61/ks_config/optimization.sh &>/dev/null
/bin/sh /tmp/optimization.sh
%end
ks文件注释说明:
#Kickstart Configurator for CentOS 6.8 by yao zhang
install #告知安装程序,这是一次全新安装,而不是升级
url --url="http://172.16.1.61/CentOS-6.8/" #url匹配到的内容
text #使用文本模式安装
lang en_US.UTF-8 #设置在安装过程中使用的语言以及系统的缺省语言
keyboard us #设置系统键盘类型
zerombr #清除mbr引导信息
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet" #,指定引导记录被写入的位置
network --bootproto=dhcp --device=eth0 --onboot=yes --noipv6 --hostname=CentOS6 #网络配置默认dhcp
timezone --utc Asia/Shanghai #时区
authconfig --enableshadow --passalgo=sha512 设置密码加密方式为sha512
rootpw --iscrypted $6$X20eRtuZhkHznTb4$dK0BJByOSAWSDD8jccLVFz0CscijS9ldMWwpoCw/ZEjYw2BTQYGWlgKsn945fFTjRC658UXjuocwJbAjVI5D6/ #root密码
clearpart --all --initlabel #从系统中清除所有分区,--initlable 初始化磁盘标签
part /boot --fstype=ext4 --asprimary --size=200 #/boot分区
part swap --size=1024 #swap分区
part / --fstype=ext4 --grow --asprimary --size=200 #/分区
firstboot --disable #负责协助配置redhat一些重要的信息。
selinux --disabled #关闭selinux
firewall --disabled #关闭防火墙。
logging --level=info #设置日志级别。
reboot #设定安装完成后重启,此选项必须存在,
%packages
@base
@compat-libraries
@debugging
@development
tree
nmap
sysstat
lrzsz
dos2unix
telnet
%post
wget -O /tmp/optimization.sh http://172.16.1.61/ks_config/optimization.sh &>/dev/null
/bin/sh /tmp/optimization.sh
%end
编写开机优化脚本:
vim /var/www/html/ks_config/optimization.sh
#!/bin/bash
. /etc/init.d/functions
Ip=192.168.1.61
Port=80
ConfigDir=ks_config
# Judge Http server is ok?
PortNum=`nmap $Ip -p $Port 2>/dev/null|grep open|wc -l`
[ $PortNum -lt 1 ] && {
echo "Http server is bad!"
exit 1
}
# Defined result function
function Msg(){
if [ $? -eq 0 ];then
action "$1" /bin/true
else
action "$1" /bin/false
fi
}
# Defined IP function
function ConfigIP(){
Suffix=`ifconfig eth1|awk -F "[ .]+" 'NR==2 {print $6}'`
cat >/etc/sysconfig/network-scripts/ifcfg-eth0 <<-END
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=10.0.0.$Suffix
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.2
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
END
Msg "config eth0"
cat >/etc/sysconfig/network-scripts/ifcfg-eth1 <<-END
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=172.16.1.$Suffix
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth1"
END
Msg "config eth1"
}
# Defined Yum source Functions
function yum(){
YumDir=/etc/yum.repos.d
[ -f "$YumDir/CentOS-Base.repo" ] && cp $YumDir/CentOS-Base.repo{,.ori}
wget -O $YumDir/CentOS-Base.repo http://$Ip:$Port/$ConfigDir/CentOS-Base.repo &>/dev/null &&\
wget -O $YumDir/epel.repo http://$Ip:$Port/$ConfigDir/epel.repo &>/dev/null &&\
wget -O $YumDir/etiantian.repo http://$Ip:$Port/$ConfigDir/etiantian.repo &>/dev/null
Msg "YUM source"
}
# Defined Close selinux Functions
function selinux(){
[ -f "/etc/selinux/config" ] && {
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
Msg "Close selinux"
} || Msg "Close selinux"
}
# Defined add Ordinary users Functions
function AddUser(){
useradd oldboy &>/dev/null &&\
echo "123456"|passwd --stdin oldboy &>/dev/null &&\
sed -i '98a oldboy ALL=(ALL) NOPASSWD:ALL' /etc/sudoers &&\
visudo -c &>/dev/null
Msg "AddUser oldboy"
}
# Defined Hide the system version number Functions
function HideVersion(){
[ -f "/etc/issue" ] && >/etc/issue
Msg "Hide issue"
[ -f "/etc/issue.net" ] && > /etc/issue.net
Msg "Hide issue.net"
}
# Defined SSHD config Functions
function sshd(){
SshdDir=/etc/ssh
[ -f "$SshdDir/sshd_config" ] && /bin/mv $SshdDir/sshd_config{,.ori}
wget -O $SshdDir/sshd_config http://$Ip:$Port/$ConfigDir/sshd_config &>/dev/null &&\
chmod 600 $SshdDir/sshd_config
Msg "sshd config"
}
# Defined OPEN FILES Functions
function openfiles(){
[ -f "/etc/security/limits.conf" ] && {
echo '* - nofile 65535' >> /etc/security/limits.conf
Msg "open files"
}
}
# Defined Kernel parameters Functions
function kernel(){
KernelDir=/etc
[ -f "$KernelDir/sysctl.conf" ] && /bin/mv $KernelDir/sysctl.conf{,.ori}
wget -O $KernelDir/sysctl.conf http://$Ip:$Port/$ConfigDir/sysctl.conf &>/dev/null
Msg "Kernel config"
}
# Defined hosts file Functions
function hosts(){
HostsDir=/etc
[ -f "$HostsDir/hosts" ] && /bin/mv $HostsDir/hosts{,.ori}
wget -O $HostsDir/hosts http://$Ip:$Port/$ConfigDir/hosts &>/dev/null
Msg "Hosts config"
}
# Defined System Startup Services Functions
function boot(){
for oldboy in `chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "crond|network|rsyslog|sshd"`
do
chkconfig $oldboy off
done
Msg "BOOT config"
}
# Defined Time Synchronization Functions
function Time(){
echo "#time sync by zhangyao at $(date +%F)" >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate time.etiantian.org &>/dev/null' >>/var/spool/cron/root
Msg "Time Synchronization"
}
# Defined main Functions
function main(){
ConfigIP
yum
AddUser
HideVersion
sshd
openfiles
kernel
hosts
boot
Time
}
转载于:https://blog.51cto.com/12217917/1907810
668
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
