linux定制的补充
上一篇博文:http://www.cnblogs.com/hjc4025/p/6918323.html
这篇文章是对之前博文的一点扩展和补充:
这里主要是在之前的基础上添加了一些自己制作好的程序,还有安装openssh7.5版本,直接全部包含在镜像中,并且设置一些自启动程序、DNS、还有计划任务之类的,都是利用ks.cfg文件的post字段后面定义的脚本实现的,在post的阶段中使用--nochroot 表示可以使用任何目录,而本阶段中的 / (根目录)是会自动挂在到/mnt/sysimage下,下面请看我的ks.cfg文件:
#platform=x86, AMD64, or Intel EM64T
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use CDROM installation media
cdrom
# Root password default is "redhat"
rootpw --iscrypted $1$n5Jfcfwa$//2gZpFMJypdiXEF8ld6O.
# System authorization information
auth --useshadow --passalgo=md5
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on –noipv6
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
ignoredisk --only-use=sda
part /boot --fstype="ext4" --size=1032
part swap --size=8300
part / --fstype="ext4" --grow --size=1
%packages
@additional-devel
@base
@compat-libraries
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@desktop-platform-devel
@development
@directory-client
@eclipse
@emacs
@fonts
@general-desktop
@graphical-admin-tools
@graphics
@input-methods
@internet-browser
@java-platform
@legacy-x
@network-file-system-client
@php
@performance
@perl-runtime
@print-client
@remote-desktop-clients
@system-management-snmp
@server-platform
@server-platform-devel
@server-policy
@system-admin-tools
@tex
@technical-writing
@virtualization
@virtualization-client
@virtualization-platform
@virtualization-tools
@web-server
@web-servlet
@workstation-policy
@x11
libgcrypt-devel
libXinerama-devel
openmotif-devel
libXmu-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
junit
libXau-devel
libXrandr-devel
popt-devel
gnome-python2-desktop
libdrm-devel
libxslt-devel
libglade2-devel
gnutls-devel
mtools
gdisk
pax
python-dmidecode
oddjob
wodim
sgpio
genisoimage
device-mapper-persistent-data
systemtap-client
abrt-gui
desktop-file-utils
ant
expect
rpmdevtools
python-six
jpackage-utils
rpmlint
samba-winbind
certmonger
pam_krb5
krb5-workstation
netpbm-progs
dcraw
openmotif
libXmu
libXp
php-odbc
php-pecl-memcache
php-xmlrpc
php-pecl-apc
php-ldap
php-soap
php-mysql
php-pgsql
perl-DBD-SQLite
net-snmp-python
net-snmp-perl
symlinks
rrdtool
pexpect
dtach
mc
xdelta
screen
tree
mgetty
hardlink
lshw
expect
conman
crypto-utils
scrub
rdist
vlock
rear
lsscsi
libvirt-java
perl-Sys-Virt
libguestfs-java
virt-v2v
libguestfs-tools
mod_authnz_pam
mod_auth_mysql
mod_auth_mellon
mod_auth_kerb
squid
mod_nss
mod_auth_pgsql
certmonger
mod_authz_ldap
mod_intercept_form_submit
perl-CGI-Session
perl-CGI
python-memcached
mod_revocator
perl-Cache-Memcached
memcached
mod_lookup_identity
libmemcached
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -o loop /dev/cdrom /mnt/source
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/openssh-7.5p1.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/openssl-1.0.1t.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/cn_node_yum.repo /mnt/sysimage/etc/yum.repos.d/cn_node_yum.repo_bak
cp /mnt/source/software/sdns_internel_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/sdns_internel_custom_yum.repo_bak
cp /mnt/source/software/test_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/test_custom_yum.repo_bak
cp /mnt/source/software/service_custom_yum.repo /mnt/sysimage/etc/yum.repos.d/
umount -f /mnt/source
%post --log=/root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#openssl and openssh
cd /usr/local/
tar -xvf /usr/local/openssh-7.5p1.tar.gz
tar -xvf /usr/local/openssl-1.0.1t.tar.gz
rm -rf /usr/local/openssh-7.5p1.tar.gz
rm -rf /usr/local/openssl-1.0.1t.tar.gz
mv /usr/local/openssh-7.5p1/ /usr/local/openssh/
rm -rf /etc/init.d/sshd
rm -rf /etc/ssh/
rm -rf /etc/ssl/
rm -rf /usr/bin/openssl
rm -rf /usr/include/openssl
rm -rf /usr/lib/openssl
cd /usr/local/openssl-1.0.1t/
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib64 shared zlib-dynamic
make depend
make
make MANDIR=/usr/share/man MANSUFFIX=ssl install
ldconfig -v
sed -i 's/OpenSSH_7.5/OpenSSH/' /usr/local/openssh/version.h
cd /usr/local/openssh/
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/usr/share/man
make
make install
cp /usr/local/openssh/contrib/redhat/sshd.init /etc/init.d/sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init.d/sshd
chkconfig sshd on
echo "==>Update openssl ok!\n" >> /root/postinstall_stage2.log
#yum.repo.d
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
mv /etc/yum.repos.d/CentOS-Debuginfo.repo /etc/yum.repos.d/CentOS-Debuginfo.repo_bak
mv /etc/yum.repos.d/CentOS-fasttrack.repo /etc/yum.repos.d/CentOS-fasttrack.repo_bak
mv /etc/yum.repos.d/CentOS-Media.repo /etc/yum.repos.d/CentOS-Media.repo_bak
mv /etc/yum.repos.d/CentOS-Vault.repo /etc/yum.repos.d/CentOS-Vault.repo_bak
#chkconfig
chkconfig iptables off
chkconfig cgconfig off
chkconfig cgdcbxd off
chkconfig abrtd off
chkconfig ip6tables off
chkconfig xinetd off
chkconfig virt-who off
chkconfig pppoe-server off
chkconfig postfix off
chkconfig lvm2-monitor off
chkconfig libvirtd off
chkconfig libvirt-guests off
chkconfig isdn off
chkconfig iscsid off
chkconfig iscsi off
chkconfig fcoe-target off
chkconfig fcoe off
chkconfig certmonger off
chkconfig bluetooth off
chkconfig NetworkManager off
#set /etc/resolv.conf
cat > /etc/resolv.conf << EOF
nameserver 218.241.99.50
nameserver 218.241.118.144
EOF
echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
*/3 * * * * /usr/sbin/ntpdate ntp.cnnic.cn && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.10.1.12 && /sbin/hwclock -w
# */3 * * * * /usr/sbin/ntpdate 10.20.2.53 && /sbin/hwclock -w
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#ifcfg-eth NetworkManager
sed -i 's@NM_CONTROLLED="yes"@NM_CONTROLLED="no"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@NM_CONTROLLED=yes@NM_CONTROLLED=no@' /etc/sysconfig/network-scripts/ifcfg-eth*
echo "==>Set OS NetworkManager ok!\n" >> /root/postinstall_stage2.log
#delete tar.gz file
rm -rf /usr/netgainagent_v3.tar.gz
这个里面包括使用了最新的openssh 7.5 还有 openssl1.01t 版本,里面也有一些走过的坑。。不过最终还是做出来了
以下是大神的原版:
[root@galene conf]# more ks_ctos6.5_64.cfg
#Kickstart file automatically for CENTOS 6.3_x86_64
#####NEED TO MODIFY THESE CONFIGURATION#####
#Choose OS ISO
nfs --server=192.168.30.10 --dir=/centos6.5_64
#Network configuration
network --bootproto=dhcp --device=eth0 --onboot=on
#install "HP server" use this line /dev/cciss/c0d0
bootloader --location=mbr --driveorder=cciss/c0d0 --append="rhgb quiet"
#install "normal server" use this line /dev/sda
#bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
#########################################################################
install
lang en_US.UTF-8
key --skip
keyboard us
text
xconfig --startxonboot
timezone Asia/Shanghai
rootpw --iscrypted $1$z2qCmGJm$qseyjZU7ahSaUk/hebBcZ0
zerombr yes
authconfig --enableshadow --enablemd5
selinux --disabled
reboot
clearpart --all
part /boot --fstype="ext4" --size=100 --asprimary
part swap --size=32000
part / --fstype="ext4" --grow --size=1
#part /home --fstype="ext4" --grow --size=1
network --bootproto=dhcp --device=eth0 --onboot=yes
#Firewall configuration
firewall --enabled --port=22:tcp --port=1801:tcp --port=1850:tcp
#Package install information
%packages
@base
@client-mgmt-tools
@console-internet
@core
@debugging
@development
@directory-client
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
@system-management-snmp
@server-platform
@server-policy
pax
oddjob
sgpio
jpackage-utils
certmonger
pam_krb5
krb5-workstation
perl-DBD-SQLite
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -t nfs 192.168.30.10:/osinstall /mnt/source -o nolock,udp
cp /mnt/source/software/openssh_5.0.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v4.tar.gz /mnt/sysimage/usr/
cp /mnt/source/software/netgainagent_v3.tar.gz /mnt/sysimage/usr/
#cp /mnt/source/software/quagga-0.99.20.tar.gz /mnt/sysimage/usr
umount -f /mnt/source
rmdir /mnt/source
%post --log=/root/postinstall_stage2.log
cd /usr
tar zxvf openssh_5.0.tar.gz
cd /usr/zlib-1.2.3
./configure;make;make install
mv /etc/ssh /etc/ssh.bak
cd /usr/openssh-5.0p1
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-ssl-dir=/usr/local/ssl --with-md5-passwords --mandir=/
usr/share/man;make;make install
echo "==> update openssh finished.\n" > /root/postinstall_stage2.log
#agent
cd /usr
tar zxvf netgainagent_v3.tar.gz
echo "==>Uncompress netgainagent ok!\n" >> /root/postinstall_stage2.log
#quagga
#cd /usr
#tar quagga-0.99.20.tar.gz
#cd /usr/quagga-0.99.20
#./configure --prefix=/usr/local/quagga;make;make install
#echo "===>update quagga finished.\n " >> /root/postinstall_stage2.log
#chkconfig off
chkconfig avahi-daemon off
chkconfig yum-updatesd off
chkconfig sendmail off
chkconfig cups off
chkconfig bluetooth off
chkconfig autofs off
chkconfig hidd off
chkconfig atd off
chkconfig nfslock off
echo "==>services stop ok!\n" >> /root/postinstall_stage2.log
#lock user
passwd -l adm
#passwd -l sync
passwd -l shutdown
passwd -l halt
passwd -l mail
passwd -l uucp
passwd -l operator
passwd -l games
passwd -l gopher
passwd -l ftp
passwd -l news
#set /etc/resolv.conf
#cat >> /etc/resolv.conf << EOF
#nameserver 218.241.99.50
#nameserver 218.241.118.144
#EOF
#echo "==>Set OS DNS ok!\n" >> /root/postinstall_stage2.log
#ntp
cat >> /var/spool/cron/root << EOF
* */2 * * * /usr/sbin/ntpdate ntp.cnnic.cn
EOF
echo "==>Set OS NTP ok!\n" >> /root/postinstall_stage2.log
#profile
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/bashrc
sed -i 's/m/m hostname:\\n/' /etc/issue
sed -i 's/^id:5:/id:3:/' /etc/inittab
sed -i 's/022$/027/' /etc/bashrc
#modify password complexity
#prohibit the Control+Alt+Delete
sed -i 's/^ca::ctrlaltdel/#&/' /etc/inittab
#configure root login
#Completeness of the security log
echo 'authpriv.* /var/log/secure' >> /etc/syslog.conf
#configure the remote log server
mv /usr/openssh_5.0.tar.gz /root
mv /usr/netgainagent_v4.tar.gz /root
mv /usr/netgainagent_v3.tar.gz /root
rm -fr /usr/openssh-5.0p1
rm -fr /usr/zlib-1.2.3
echo "Files have been moved and deleted.\n" >> /root/postinstall_stage2.log
[root@galene conf]#
以下是生产环境中添加bond版本(只需加载之前的文件末尾即可):
sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-eth*
sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-eth*
cat >> /etc/modprobe.d/bonding.conf << EOF
alias bond0 bonding
options bond0 miimon=120 mode=1
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF
BOOTPROTO=none
MASTER=bond0
SLAVE=yes
EOF
cat >> /etc/sysconfig/network-scripts/ifcfg-bond0 <<EOF
DEVICE=bond0
ONBOOT=yes
BOOTPROTO=static
IPADDR=
NETMASK=
GATEWAY=
EOF
linux定制的补充的更多相关文章
- Linux 定制X86平台操作系统
/********************************************************************************* * Linux 定制X86平台操作 ...
- linux 定制
转载至http://luyafei.blog.51cto.com/1092421/1131532 测试环境: VMware Workstation 8.0 CentOS 6.7 x86_64 1.安装 ...
- linux常用命令补充
linux补充 apt 是在我们Linux系统安装软件 pip 用来安装python3的模块(第三方库) ps # 查看运行进程(pid) ps aux # 查看全部任务进程 top # 也可以查看 ...
- Linux定制化RPM包
定制化RPM包 1.Linux安装软件方法 1- rpm/yum安装 简单.速度快,但是不能定制安装 RPM RedHat Package Manager(RPM软件包管理器) 2- 二进制安装 解压 ...
- 笔记:Linux用户管理(补充)、权限管理、内存管理、网络管理、渗透常用命令
一.用户管理(补充) 添加用户:useradd [选项] 用户名 useradd -u 5000 -g demogroup -G root -d /home/demo -s /bin/bash dem ...
- linux定制
http://cc.bingj.com/cache.aspx?q=OpenEmbedded+clfs&d=4706495287069596&mkt=zh-CN&setlang= ...
- linux高级编程补充知识
F: 计算机系统结构: ------------------------------- 应用程序 ----------------- | 库函数 -------------------------- ...
- Linux之定时任务补充
定时任务两实例 例1: 每分钟打印一次自己的名字拼音全拼到“/server/log/自己的名字命名的文件”中. [root@chengliang log]# mkdir -p /server/log/ ...
- linux常用命令补充详细
1.ls命令 就是list的缩写,通过ls 命令不仅可以查看linux文件夹包含的文件,而且可以查看文件权限(包括目录.文件夹.文件权限)查看目录信息等等 常用参数搭配: ls -a 列出目录所有文 ...
随机推荐
- 导入镜像后,容器内httpd起不来
导入镜像后发现bash进程为1 与之前apache启动的进程冲突了 解决办法:删除apache进程号,通过apachectl重启apache进程
- mysql 查找表的auto_increment和修改
1.查看最大的AUTO_INCREMENT SELECT AUTO_INCREMENT from information_schema.tables where table_schema='cont ...
- [C++] 分治法之棋盘覆盖、循环赛日程表
一.分治的基本思想 将一个难以直接解决的大问题,分割成一些规模较小的相同问题,以便各个击破,分而治之. 对于一个规模为 n 的问题,若问题可以容易地解决,则直接解决,否则将其分解为 k 个规模较小的子 ...
- HDU1272(并查集判图连通)
小希的迷宫 Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 65536/32768 K (Java/Others)Total Submi ...
- java继承如何理解呢??
总结:我把他弄的无语了.他是诺基亚公司的软件开发师,大学毕业就可以进那么好的公司.实力 package com.bc; //普通类 class yt { public void price() { S ...
- mysql 异常宕机 ..InnoDB: Database page corruption on disk or a failed,,InnoDB: file read of page 8.
mysql 测试环境异常宕机 系统:\nKylin 3.3 mysql版本:5.6.15--yum安装,麒麟提供的yum源数据库版本 error日志 181218 09:38:52 mysqld_sa ...
- iOS利用SDWebImage图片下载缓存
一.我们先来了解一下SDWebImage的使用: 1.导入框架,引入头文件: #import "UIImageView+WebCache.h" 也可以直接使用CocoaPods来引 ...
- Oracle Sql中输入特殊字符 转义字符
1.单引号,出现在单引号对中的'号必须成对出现,每对代表一个', 例如select '''' from dual; 结果:' 前后两个'代表正常字符串,中间两个''代表一个',此语句输出结果只有一个'
- 无人零售的黑科技:RFID技术
无人零售的黑科技:RFID技术说起最近的热门话题,“无人零售商店”当属其一.自去年底,亚马逊推出第一家无人实体超市Amazon Go,到阿里.京东.大润发等各大企业纷纷加入,无人商店被推上了风口浪尖. ...
- ORACLE——日期时间格式化参数详解 之一
2.日期格式化参数详解 2.1 -/,.;: 指定返回字串分隔符 SQL> select to_char(sysdate,'yyyy.mm.dd') from dual; TO_CHAR(SYS ...