学习Cobbler(一)
一、
Cobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many associated Linux tasks so you do not have to hop between many various commands and applications when deploying new systems, and, in some cases, changing existing ones. Cobbler can help with provisioning, managing DNS and DHCP, package updates, power management, configuration management or chestration, and much more.
百科:
网络安装服务器套件Cobbler补鞋匠,从前我们一直在做装机民工这份很有前途的职业,自打若干年前RedHat推出了Kickstart,此后我们顿觉身价倍增,不再需要刻了光盘一台一台地安装Linux,只要搞定PXE、DHCP、TFTP,还有那满屏眼花缭乱不知所云的Kickstart 脚本,我们就可以像哈里波特一样,轻点魔棒,瞬间安装上百台服务器,这一堆花里胡哨的东西可不是一般人都能整明白的,没有大专以上学历,通不过英语四级,根本别想玩转,总而言之,这是一份多么有前途,多么有技术含量的工作啊,很不幸,RedHat最新Cobbler项目最初在2008年左右发布了网络安装服务器套件Cobbler,它已将Linux网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会,对于我们这些在装机领域浸淫多年,经验丰富,老骥伏枥,志在千里的民工兄弟们来说,不啻为一个晴天霹雳;
使用Cobbler,无需进行人工干预即可安装机器,Cobbler设置一个PXE引导环境(它还可使用yaboot支持PowerPC),并控制与安装相关的所有方面,比如网络引导服务(DHCP 和 TFTP)与存储库镜像,当希望安装一台新机器时,Cobbler 可以:
使用一个以前定义的模板来配置DHCP 服务(如果启用了管理 DHCP);
将一个存储库(yum或rsync)建立镜像或解压缩一个媒介,以注册一个新操作系统;
在DHCP配置文件中为需要安装的机器创建一个条目,并使用您指定的参数(IP和MAC地址);
在TFTFP服务目录下创建适当的PXE文件;
重新启动DHCP服务以反映更改;
重新启动机器以开始安装(如果电源管理已启用);
Cobbler支持众多的发行版:RedHat、Fedora、CentOS、Debian、Ubuntu和SuSE,当添加一个操作系统(通常通过使用ISO 文件)时,Cobbler 知道如何解压缩合适的文件并调整网络服务,以正确引导机器;Cobbler使用命令行方式管理,也提供了基于Web的图形化配置管理工具(cobbler-web);通过配置cobbler自动部署DHCP、TFTP、HTTP,在安装过程中加载kiskstart无人值守安装应答文件实现无人值守,从客户端使用PXE引导启动安装;
注:
cobbler依赖kickstart+tftp+dhcp+pxe;
二、
[root@test5 ~]# yum -y install httpd dhcp tftp cobbler cobbler-web
……
Installed:
cobbler.x86_64 0:2.6.11-1.el6 cobbler-web.noarch 0:2.6.11-1.el6 dhcp.x86_64 12:4.1.1-51.P1.el6.centos
tftp.x86_64 0:0.49-8.el6
Dependency Installed:
Django14.noarch 0:1.4.21-1.el6 PyYAML.x86_640:3.10-3.1.el6
createrepo.noarch 0:0.9.9-24.el6 deltarpm.x86_640:3.5-0.5.20090913git.el6
libyaml.x86_64 0:0.1.3-4.el6_6 mod_ssl.x86_641:2.2.15-55.el6.centos.2
mod_wsgi.x86_640:3.2-7.el6 python-cheetah.x86_64 0:2.4.1-1.el6
python-deltarpm.x86_64 0:3.5-0.5.20090913git.el6 python-markdown.noarch0:2.0.1-3.1.el6
python-netaddr.noarch 0:0.7.5-4.el6 python-pygments.noarch0:1.1.1-1.el6
python-setuptools.noarch 0:0.6.10-3.el6 syslinux.x86_640:4.04-3.el6
syslinux-nonlinux.noarch 0:4.04-3.el6 tftp-server.x86_640:0.49-8.el6
xinetd.x86_64 2:2.3.14-40.el6
Updated:
httpd.x86_64 0:2.2.15-55.el6.centos.2
Dependency Updated:
dhclient.x86_6412:4.1.1-51.P1.el6.centos dhcp-common.x86_64 12:4.1.1-51.P1.el6.centos
httpd-tools.x86_64 0:2.2.15-55.el6.centos.2
Complete!
[root@test5 ~]# /etc/init.d/httpd start
Starting httpd:
[root@test5 ~]# /etc/init.d/cobblerd start
Starting cobbler daemon: [ OK ]
[root@test5 ~]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliablydetermine the server's fully qualified domain name, using 192.168.23.133 forServerName
[ OK ]
[root@test5 ~]# /etc/init.d/cobblerd restart
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: [ OK ]
[root@test5 ~]# cobbler check #(按步骤一步步修改配置文件)
The following are potential configurationitems that you may want to fix:
1 : The 'server' field in/etc/cobbler/settings must be set to something other than localhost, orkickstarting features will not work. This should be a resolvable hostname or IP for the boot server asreachable by all machines that will use it.
2 : For PXE to be functional, the'next_server' field in /etc/cobbler/settings must be set to something otherthan 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review thefollowing wiki page for details on ensuring cobbler works correctly in yourSELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : change 'disable' to 'no' in/etc/xinetd.d/tftp
5 : some network boot-loaders are missingfrom /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to downloadthem, or, if you only want to handle x86/x86_64 netbooting, you may ensure thatyou have installed a *recent* version of the syslinux package installed and canignore this message entirely. Files inthis directory, should you want to support all architectures, should includepxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' commandis the easiest way to resolve these requirements.
6 : change 'disable' to 'no' in/etc/xinetd.d/rsync
7 : file /etc/xinetd.d/rsync does not exist
8 : debmirror package is not installed, itwill be required to manage debian deployments and repositories
9 : ksvalidator was not found, installpykickstart
10 : The default password used by thesample templates for newly installed machines (default_password_crypted in/etc/cobbler/settings) is still set to 'cobbler' and should be changed, try:"openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'"to generate new one
11 : fencing tools were not found, and arerequired to use the (optional) power management features. install cman orfence-agents to use them
Restart cobblerd and then run 'cobblersync' to apply changes.
[root@test5 ~]# openssl passwd -1 -salt 'chaizaowen' 'jowin'
$1$chaizaow$oW7YjOr26CHFrkXsTrJXL1
[root@test5 ~]# vim /etc/cobbler/settings
server: 192.168.23.133
next_server: 192.168.23.133
default_password_crypted: "$1$chaizaow$oW7YjOr26CHFrkXsTrJXL1"
manage_dhcp: 1
manage_tftpd: 1
manage_rsync: 1
[root@test5 ~]# getenforce
Permissive
[root@test5 ~]# /etc/init.d/iptables stop
[root@test5 ~]# vim /etc/xinetd.d/tftp
disable = no
[root@test5 ~]# cobbler get-loaders
task started: 2017-01-09_190743_get_loaders
task started (id=Download BootloaderContent, time=Mon Jan 9 19:07:43 2017)
downloadinghttp://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloadinghttp://cobbler.github.io/loaders/COPYING.elilo to/var/lib/cobbler/loaders/COPYING.elilo
downloadinghttp://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloadinghttp://cobbler.github.io/loaders/COPYING.syslinux to/var/lib/cobbler/loaders/COPYING.syslinux
downloadinghttp://cobbler.github.io/loaders/elilo-3.8-ia64.efi to/var/lib/cobbler/loaders/elilo-ia64.efi
downloadinghttp://cobbler.github.io/loaders/yaboot-1.3.17 to/var/lib/cobbler/loaders/yaboot
downloadinghttp://cobbler.github.io/loaders/pxelinux.0-3.86 to/var/lib/cobbler/loaders/pxelinux.0
downloadinghttp://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloadinghttp://cobbler.github.io/loaders/grub-0.97-x86.efi to/var/lib/cobbler/loaders/grub-x86.efi
downloadinghttp://cobbler.github.io/loaders/grub-0.97-x86_64.efi to/var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@test5 ~]# vim /etc/xinetd.d/rsync
disable = no
[root@test5 ~]# yum -y install pykickstart
……
Installed:
pykickstart.noarch 0:1.74.20-1.el6
Complete!
[root@test5 ~]# vim /etc/cobbler/dhcp.template #(cobbler接管dhcp,改/etc/cobbler/dhcp.template,不能直接改/etc/dhcp/dhcpd.conf)
……
#subnet 192.168.1.0 netmask 255.255.255.0 {
subnet 192.168.23.0 netmask 255.255.255.0 {
#option routers 192.168.1.5;
option routers 192.168.23.2;
#option domain-name-servers 192.168.1.1;
option domain-name-servers 192.168.23.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.23.150 192.168.23.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) ="PXEClient";
if option pxe-system-type = 00:02 {
filename"ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename"grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename"pxelinux.0";
}
}
}
……
[root@test5 ~]# /etc/init.d/xinetd restart
Stopping xinetd: [FAILED]
Starting xinetd: [ OK ]
[root@test5 ~]# /etc/init.d/cobblerd restart
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: [ OK ]
[root@test5 ~]# cobbler sync
task started: 2017-01-09_213440_sync
task started (id=Sync, time=Mon Jan 9 21:34:40 2017)
running pre-sync triggers
cleaning trees
removing:/var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/p_w_picpaths
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing:/var/lib/tftpboot/grub/grub-x86.efi
removing:/var/lib/tftpboot/s390x/profile_list
copying bootloaders
copying:/var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/menu.c32-> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/yaboot-> /var/lib/tftpboot/yaboot
copying: /usr/share/syslinux/memdisk ->/var/lib/tftpboot/memdisk
copying:/var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying:/var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
copying distros to tftpboot
copying p_w_picpaths
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
rendering Rsync files
running post-sync triggers
running python triggers from/var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout: Shutting down dhcpd:[ OK ]
Starting dhcpd: [ OK ]
received on stderr:
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from/var/lib/cobbler/triggers/change/*
running python triggercobbler.modules.scm_track
running shell triggers from/var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@test5 ~]# cobbler check
The following are potential configurationitems that you may want to fix:
1 : SELinux is enabled. Please review thefollowing wiki page for details on ensuring cobbler works correctly in yourSELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
2 : file /etc/xinetd.d/rsync does not exist
3 : debmirror package is not installed, itwill be required to manage debian deployments and repositories
4 : fencing tools were not found, and arerequired to use the (optional) power management features. install cman orfence-agents to use them
Restart cobblerd and then run 'cobblersync' to apply changes.
在vmware中配置cdrom
[root@test5 ~]# mount /dev/cdrom /mnt
mount: block device /dev/sr0 iswrite-protected, mounting read-only
[root@test5 ~]# cobbler import --path=/mnt --name rhel-6.5-x86_64 --arch=x86_64
task started: 2017-01-09_214622_import
task started (id=Media import, time=MonJan 9 21:46:22 2017)
Found a candidate signature: breed=redhat,version=rhel6
Found a matching signature: breed=redhat,version=rhel6
Adding distros from path/var/www/cobbler/ks_mirror/rhel-6.5-x86_64:
creating new distro: rhel-6.5-x86_64
trying symlink:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64 ->/var/www/cobbler/links/rhel-6.5-x86_64
creating new profile: rhel-6.5-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into/var/www/cobbler/ks_mirror/rhel-6.5-x86_64 for rhel-6.5-x86_64
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/repodata
processing repo at : /var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem
looking for /var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server/repodata
*** TASK COMPLETE ***
注:可将精简的系统做成iso镜像文件
#mount -o loop /data/rhel-server-6.5-x86_64.iso /mnt/iso
#cobbler import --mirror=/mnt/iso --name=rhel-server-6.5-x86_64
[root@test5 ~]# cobbler profile report
Name : rhel-6.5-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : rhel-6.5-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart :/var/lib/cobbler/kickstarts/sample_end.ks
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
[root@test5 ~]# cp rhel-6.5-x86_64.ks /var/lib/cobbler/kickstarts/ #(上传kicakstart文件到指定目录)
[root@test5 ~]# cobbler profile edit --name=rhel-6.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks
[root@test5 ~]# cobbler profile report
Kickstart :/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks
[root@test5 ~]# cobbler sync
在vmware中创建虚拟机,网络选NAT,选择菜单“rhel-6.5-x86-64”
[root@test5 ~]# tail -f /var/log/messages #(同时查看服务端日志)
Jan 9 23:47:57 test5 dhclient[4810]: DHCPREQUEST on eth1 to 192.168.23.254port 67 (xid=0xfb33d58)
Jan 9 23:47:57 test5 dhcpd: DHCPREQUEST for 192.168.23.133 from00:0c:29:33:68:04 via eth1: unknown lease 192.168.23.133.
Jan 9 23:47:57 test5 dhclient[4810]: DHCPACK from 192.168.23.254(xid=0xfb33d58)
Jan 9 23:47:57 test5 dhclient[4810]: bound to 192.168.23.133 -- renewal in727 seconds.
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> (eth1): DHCPv4 statechanged renew -> renew
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> address 192.168.23.133
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> prefix 24 (255.255.255.0)
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> gateway 192.168.23.2
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> nameserver '192.168.23.2'
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> domain name 'localdomain'
查看导入源库列表:
[root@test5 ~]# cobbler distro list
rhel-6.5-x86_64
[root@test5 ~]# cobbler profile list
rhel-6.5-x86_64
[root@test5 ~]# cobbler profile report #(具体细节)
……
[root@test5 ~]# ls /etc/cobbler #(配置文件目录)
auth.conf dnsmasq.template mongodb.conf rsync.exclude users.conf
cheetah_macros import_rsync_whitelist named.template rsync.template users.digest
cobbler_bash iso power secondary.template version
completions ldap pxe settings zone.template
dhcp.template modules.conf reporting tftpd.template zone_templates
[root@test5 ~]# ls /var/lib/cobbler/ #(数据目录)
config distro_signatures.json kickstarts loaders lock scripts snippets triggers web.ss webui_sessions
[root@test5 ~]# ls /var/www/cobbler #(系统安装镜像目录)
aux p_w_picpaths ks_mirror links localmirror pub rendered repo_mirror svc
[root@test5 ~]# ls /var/log/cobbler/ #(日志目录
anamon cobbler.log kicklog syslog tasks
http://192.168.23.133/cobbler_web
cobbler/cobbler
[root@test5 ~]# vim /etc/cobbler/users.digest #(账号密码位置)
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3
[root@test5 ~]# vim /etc/cobbler/modules.conf #(认证方式,authn_configfile-- use /etc/cobbler/users.digest (for basic setups))
[authentication]
module = authn_configfile
附:
[root@test5 ~]# vim /var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks
--------------------------file-start-----------------------
key --skip
lang en_US
keyboard us
timezone Asia/Shanghai
rootpw --iscrypted $default_password_crypted
text
install
url --url=$tree
bootloader --location=mbr
zerombr yes
clearpart --all --initlabel
part /boot --fstype ext4 --size 1024 --ondisk sda
part swap --size 2048 --ondisk sda
part / --fstype ext4 --size 1 --grow --ondisk sda
auth --useshadow --enablemd5
network --bootproto=dhcp --device=eth0 --onboot=on
reboot
firewall --disabled
selinux --disabled
skipx
%packages
@ base
@ chinese-support
@ core
sysstat
iptraf
ntp
e2fsprogs-devel
keyutils-libs-devel
krb5-devel
libselinux-devel
libsepol-devel
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
zlib-devel
mysql
lockdev
minicom
nmap
%post
#/bin/sed -i 's/#Protocol 2,1/Protocol 2/'/etc/ssh/sshd_config
#/bin/sed -i's/^ca::ctrlaltdel:/#ca::ctrlaltdel:/' /etc/inittab
/sbin/chkconfig --level 3 diskdump off
/sbin/chkconfig --level 3 dc_server off
/sbin/chkconfig --level 3 nscd off
/sbin/chkconfig --level 3 netfs off
/sbin/chkconfig --level 3 psacct off
/sbin/chkconfig --level 3 mdmpd off
/sbin/chkconfig --level 3 netdump off
/sbin/chkconfig --level 3 readahead off
/sbin/chkconfig --level 3 wpa_supplicant off
/sbin/chkconfig --level 3 mdmonitor off
/sbin/chkconfig --level 3 microcode_ctl off
/sbin/chkconfig --level 3 xfs off
/sbin/chkconfig --level 3 lvm2-monitor off
/sbin/chkconfig --level 3 iptables off
/sbin/chkconfig --level 3 nfs off
/sbin/chkconfig --level 3 ipmi off
/sbin/chkconfig --level 3 autofs off
/sbin/chkconfig --level 3 iiim off
/sbin/chkconfig --level 3 cups off
/sbin/chkconfig --level 3 openibd off
/sbin/chkconfig --level 3 saslauthd off
/sbin/chkconfig --level 3 ypbind off
/sbin/chkconfig --level 3 auditd off
/sbin/chkconfig --level 3 rdisc off
/sbin/chkconfig --level 3 tog-pegasus off
/sbin/chkconfig --level 3 rpcgssd off
/sbin/chkconfig --level 3 kudzu off
/sbin/chkconfig --level 3 gpm off
/sbin/chkconfig --level 3 arptables_js off
/sbin/chkconfig --level 3 dc_client off
/sbin/chkconfig --level 3 lm_sensors off
/sbin/chkconfig --level 3 apmd off
/sbin/chkconfig --level 3 sysstat off
/sbin/chkconfig --level 3 cpuspeed off
/sbin/chkconfig --level 3 rpcidmapd off
/sbin/chkconfig --level 3 rawdevices off
/sbin/chkconfig --level 3 rhnsd off
/sbin/chkconfig --level 3 nfslock off
/sbin/chkconfig --level 3 winbind off
/sbin/chkconfig --level 3 bluetooth off
/sbin/chkconfig --level 3 isdn off
/sbin/chkconfig --level 3 portmap off
/sbin/chkconfig --level 3 anacron off
/sbin/chkconfig --level 3 irda off
/sbin/chkconfig --level 3 NetworkManager off
/sbin/chkconfig --level 3 acpid off
/sbin/chkconfig --level 3 pcmcia off
/sbin/chkconfig --level 3 atd off
/sbin/chkconfig --level 3 sendmail off
/sbin/chkconfig --level 3 haldaemon off
/sbin/chkconfig --level 3 smartd off
/sbin/chkconfig --level 3 xinetd off
/sbin/chkconfig --level 3 netplugd off
/sbin/chkconfig --level 3 readahead_early off
/sbin/chkconfig --level 3 avahi-daemon off
/sbin/chkconfig --level 3 ip6tables off
/sbin/chkconfig --level 3 restorecond off
/sbin/chkconfig --level 3 postfix off
/sbin/chkconfig --level 3 ntpd on
## Remove some unneeded services
##--------------------------------------------------------------------------------
#cat << EOF
#+--------------------------------------------------------------+
#| === Welcome to Tunoff services ===|
#+--------------------------------------------------------------+
#EOF
##---------------------------------------------------------------------------------
#for i in `ls /etc/rc3.d/S*`
#do
# CURSRV=`echo $i|cut -c 15-`
#echo $CURSRV
#case $CURSRV in
# crond | irqbalance | microcode_ctl | network | random | sshd | syslog |local )
# echo "Base services, Skip!"
# ;;
# *)
# echo "change $CURSRV to off"
# chkconfig --level 235 $CURSRV off
# service $CURSRV stop
# ;;
#esac
#done
# file descriptors
ulimit -HSn 65535
echo -ne "
* soft nofile 65536
* hard nofile 65536
" >> /etc/security/limits.conf
#set sysctl
true > /etc/sysctl.conf
cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route =0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 102465535
EOF
/sbin/sysctl -p
#close ctrl+alt+del
#sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -rnow/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/" /etc/inittab
#set purview
chmod 600 /etc/passwd
chmod 600 /etc/shadow
chmod 600 /etc/group
chmod 600 /etc/gshadow
-------------------------file-end---------------------
学习Cobbler(一)的更多相关文章
- 学习Cobbler(二)
Server端: 第一步,启动Cobbler服务 第二步,进行Cobbler错误检查,执行cobbler check命令 第三步,进行配置同步,执行cobbler sync命令 第四步,复制相关启动文 ...
- cobbler无人值守批量安装Linux系统
本文目录: 1.1 pxe安装系统 1.2 cobbler基本介绍 1.3 安装和配置cobbler 1.3.1 安装cobbler 1.3.2 配置dhcp和tftp 1.4 cobbler从本地光 ...
- cobbler部署安装CentOS6.8
Linux运维:cobbler : 矮哥linux运维群:93324526 学习cobbler的话,必须先搞懂kickstart,原理不是,不懂如何排错. kickstart部署请点击这里 1. Co ...
- (转)Cobbler无人值守批量安装Linux系统
本文目录: 1.1 pxe安装系统 1.2 cobbler基本介绍 1.3 安装和配置cobbler 1.3.1 安装cobbler 1.3.2 配置dhcp和tftp 1.4 cobbler从本地光 ...
- Cobbler学习之二--Cobbler的Web管理和维护
Cobbler的Web管理模块和命令行模块是可以分开工作的,没有依赖关系. 1 WebUI的功能 查看所有的对象和配置文件 添加或者删除system,distro, profile 执行“cobble ...
- Cobbler学习之一--Fedora17下配置Cobbler安装环境
1:Cobbler是什么 Cobbler是一大Linux装机利器,可以快速的建立网络安装环境. 2:安装Cobbler需要的组件 createrepo httpd (apache2 for Debia ...
- cobbler深入学习
cobbler重要目录和cobbler各对象的关系 /var/www/cobbler/ks_mirror 存放操作系统镜像/var/www/cobbler/repo_mirror 存放仓库镜像/var ...
- cobbler学习
note.youdao.com/share/?id=2f8383d6e9824929012b041f069da26e&type=note#/ IPADDR=192.168.86.4 TYPE= ...
- 关于OpenStack的学习路线及相关资源汇总
首先我们想学习openstack,那么openstack是什么?能干什么?涉及的初衷是什么?由什么来组成?刚接触openstack,说openstack不是一个软件,而是由多个组件进行组合,这是一个更 ...
随机推荐
- 批量自动化配置Dell服务器idrac管理口IP
背景说明 工作中经常会遇到一次上几十台.几百台服务器的情况 每当到这个时候小伙伴们拿台笔记本和一根网线,一台服务器.一台服务器的去修改idrac IP 为了节约这个工作量,利用dell的racadm工 ...
- java中的异常(Exception)
基本概念 将程序执行中发生的不正常的情况称为"异常".开发中的语法错误和逻辑错误不是异常 执行过程中的异常事件可分为两大类 错误(Error):Java虚拟机无法解决的严重问题.例 ...
- xshell + xftp 安装及1603错误解决
xshell + xftpan下载安装 百度网盘下载链接:https://pan.baidu.com/s/14orvEWDjFkrLvr_9JaG4Gw 提取码:om9z 下载地址 https://w ...
- G1垃圾回收器在并发场景调优
一.序言 目前企业级主流使用的Java版本是8,垃圾回收器支持手动修改为G1,G1垃圾回收器是Java 11的默认设置,因此G1垃圾回收器可以用很长时间,现阶段垃圾回收器优化意味着针对G1垃圾回收器优 ...
- Centos,Xshell和一些简单命令练习
先连接Xshell: 在虚拟机中查看IP,使用命令 ip addr: 然后在Xshell上, ssh 用户@虚拟机ip ,当前是 ssh root@192.168.13.235 : 如果想要 ...
- (leetcode)二叉树的层次遍历-c语言实现
这段代码,在后面跑测试用例时,出现了stack-overflow,但是原因还不清楚. 问题如下: 二叉树的层次遍历 给定一个二叉树,返回其按层次遍历的节点值. (即逐层地,从左到右访问所有节点) ...
- python域名200检测
import requests import threading import queue # qianxiao996精心制作 #博客地址:https://blog.csdn.net/qq_36374 ...
- Colbalt Strike之CHM木马
一.命令执行(calc)木马生成 1.生成木马 首先创建一个根目录,文件名为exp 在文件夹里创建两个目录和一个index.html文件 在两个目录里分别创建txt文件或html文件 index.ht ...
- wifi钓鱼
无线网络的加密方式和破解方式 1.WEP加密及破解 1).WEP加密方式 有线等效保密(wired euivalent pricacy,WEP)协议的使用RC4(rivest cipher4)串流加密 ...
- go语言学习入门篇 2--轻量级线程的实现
很多有过 JVM 相关语言工作经验的程序员或许都遇到过如下问题: 超出 thread 限制导致内存溢出.在作者的笔记本的 linux 上运行,这种情况一般发生在创建了 11500 个左右的 threa ...