服务器评测
一、之前有写过一篇管理定制CentOS5.6的文章,最近公司外网生产环境准备用CentOS6系列的,手动安装是在是太麻烦,所以就又研究了一些6系列的封装,其实和5系列的差不多,就是有几个文件不一样,还有就是ks.cfg这个文件我又更新了新内容。
二、开始定制
1、安装需要的用到的软件包
[root@localhost ~]# yum -y install createrepo mkisofs
2、生成安装系统所需要的rpm文件列表
[root@localhost ~]# awk ‘/Installing/{print $2}’ install.log |sed ‘s/^[0-9]*://g’ >/root/packages.list
3、创建工作目录
[root@localhost ~]# mkdir -p /mnt/cdrom
[root@localhost ~]# mkdir -p /data/OS
[root@localhost ~]# mount /dev/cdrom /mnt/cdrom
4、复制文件
[root@localhost ~]# rsync -a –exclude=Packages /mnt/cdrom/* /data/OS/
[root@localhost ~]# cp /mnt/cdrom/.discinfo /data/OS/
5、复制精简后的rpm包
a、撰写脚本
[root@localhost ~]# vi /data/cprmps.sh
#!/bin/bash
DEBUG=0
CentOS_DVD=/mnt/cdrom
ALL_RPMS_DIR=/mnt/cdrom/Packages
KOS_RPMS_DIR=/data/OS/Packages
packages_list=/root/packages.list
number_of_packages=`cat $packages_list | wc -l`
i=1
while [ $i -le $number_of_packages ] ; do
line=`head -n $i $packages_list | tail -n -1`
name=`echo $line | awk ‘{print $1}’`
version=`echo $line | awk ‘{print $3}’ | cut -f 2 -d :`
if [ $DEBUG -eq “1” ] ; then
echo $i: $line
echo $name
echo $version
fi
if [ $DEBUG -eq “1” ] ; then
ls $ALL_RPMS_DIR/$name-$version*
if [ $? -ne 0 ] ; then
echo “cp $ALL_RPMS_DIR/$name-$version* “
fi
else
echo “cp $ALL_RPMS_DIR/$name-$version* $KOS_RPMS_DIR/”
cp $ALL_RPMS_DIR/$name-$version* $KOS_RPMS_DIR/
# in case the copy failed
if [ $? -ne 0 ] ; then
echo “cp $ALL_RPMS_DIR/$name-$version* “
cp $ALL_RPMS_DIR/$name* $KOS_RPMS_DIR/
fi
b、复制
[root@localhost ~]# chmod +x /data/cprmps.sh
[root@localhost ~]# sh /data/cprmps.sh
6、撰写ks.cfg文件
[root@localhost ~]# vi /data/OS/isolinux/ks.cfg
# Kickstart file automatically generated by anaconda.
#Install OS instead of upgrade
install
#Use text mode install
text
#Use CDROM installation media
cdrom
lang en_US.UTF-8
keyboard us
#Skip the X Configuration
skipx
#Network information
network –bootproto=static –ip=172.28.26.100 –netmask=255.255.255.0 –gateway=172.28.28.1 –nameserver 8.8.8.8 –hostname=kingsoft-navy –noipv6 –onboot=yes
#root — 1q2w3e
rootpw –iscrypted $1$UJlaGQFP$.Wf93SJYnar9yDIzS8YDr1
firewall –disabled
#System authorization information
authconfig –enableshadow –enablemd5
selinux –disabled
timezone –utc Asia/Shanghai
#System bootloader configuration
bootloader –location=mbr
#Clear the Master Boot Record
zerombr yes
#Partition clearing information
bootloader –location=mbr
clearpart –linux
part /boot –fstype ext3 –size=200 –asprimary
part pv.4 –size=30000
part swap –size=32000
part pv.7 –size=100 –grow
volgroup VolGroupRoot –pesize=32768 pv.4
volgroup VolGroupData –pesize=32768 pv.7
logvol /data/logs –fstype ext3 –name=LogVolLogs –vgname=VolGroupData –size=10240
logvol /data –fstype ext3 –name=LogVolData –vgname=VolGroupData –size=59904
logvol / –fstype ext3 –name=LogVolRoot –vgname=VolGroupRoot –size=29984
#— Reboot the host after installation is done
reboot
%packages
@additional-devel
@base
@core
@development
@emacs
@server-policy
@system-management
libXinerama-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
cmake
rpmdevtools
jpackage-utils
rpmlint
%post
# file descriptors
ulimit -HSn 655350
echo “* soft nofile 655350” >> /etc/security/limits.conf
echo “* hard nofile 655350” >> /etc/security/limits.conf
#set iptables
/bin/cat > /etc/sysconfig/iptables << _iptables
# Generated by iptables-save v1.3.5 on Sun Jul 22 18:22:41 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [458589544:2196099698813]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp –dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -s 172.28.29.10 -p tcp -m state –state NEW -m tcp -j ACCEPT
-A RH-Firewall-1-INPUT -s 100.100.100.100 -p tcp -m state –state NEW -m tcp -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.20.20.10 -p tcp -m state –state NEW -m tcp -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Jul 22 18:22:41 2012
_iptables
#start iptables
/etc/init.d/iptables start
#add route
/sbin/route add -net 172.28.0.0 netmask 255.255.0.0 gw 172.28.29.1
echo “route add -net 172.28.0.0 netmask 255.255.0.0 gw 172.28.29.1” >> /etc/rc.local
#set DNS
/bin/cat > /etc/resolv.conf << _resolv
nameserver 114.114.115.115
nameserver 114.114.114.114
nameserver 8.8.4.4
nameserver 8.8.8.8
_resolv
#set ntp
ntpdate 1.cn.pool.ntp.org && /sbin/hwclock –systohc
/bin/cat > /etc/cron.daily/ntpdate << _ntpdate
#!/bin/bash
/sbin/ntpdate 1.cn.pool.ntp.org && /sbin/hwclock –systohc
_ntpdate
#set /etc/sysctl.conf
/bin/cat > /etc/sysctl.conf << _sysctl
fs.file-max = 1000000
kernel.core_uses_pid = 1
kernel.msgmax = 65536
kernel.msgmnb = 65536
kernel.shmall = 4294967296
kernel.shmmax = 68719476736
kernel.sysrq = 0
net.core.netdev_max_backlog = 262144
net.core.rmem_default = 2097152
net.core.rmem_max = 16777216
net.core.somaxconn = 262144
net.core.wmem_default = 2097152
net.core.wmem_max = 16777216
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_conntrack_max = 819200
net.ipv4.ip_forward = 0
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.neigh.default.gc_thresh1 = 10240
net.ipv4.neigh.default.gc_thresh2 = 40960
net.ipv4.neigh.default.gc_thresh3 = 81920
net.ipv4.netfilter.ip_conntrack_max = 819200
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_max_tw_buckets = 51200
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_reordering = 5
net.ipv4.tcp_retrans_collapse = 0
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_sack = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv6.conf.all.disable_ipv6 = 1
_sysctl
source /etc/profile
sysctl -e -p
/etc/init.d/avahi-daemon stop
/etc/init.d/yum-updatesd stop
chkconfig avahi-daemon off
chkconfig yum-updatesd off
7、生成comps.xml文件
[root@localhost ~]# cd /data/OS
[root@localhost ~]# createrepo -g repodata/0dae8d32824acd9dbdf7ed72f628152dd00b85e4bd802e6b46e4d7b78c1042a3-c6-x86_64-comps.xml /data/OS/
8、让系统启动读开始,ks.cfg的内容
修改lable linux
[root@localhost ~]# vi /data/OS/isolinux/isolinux.cfg
label linux
menu label ^Install or upgrade an existing system
menu default
kernel vmlinuz
append ks=cdrom:/isolinux/ks.cfg initrd=initrd.img
9、生成ISO镜像文件
[root@localhost ~]# declare -x discinfo=`head -1 .discinfo`
[root@localhost ~]# createrepo -u “media://$discinfo” -g repodata/0dae8d32824acd9dbdf7ed72f628152dd00b85e4bd802e6b46e4d7b78c1042a3-c6-x86_64-comps.xml /data/OS/
[root@localhost ~]# mkisofs -R -J -T -r -l -d -joliet-long -allow-multidot -allow-leading-dots -no-bak -o /data/kingsoft_centos6.3_1.0.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table /data/OS
10、生成MD5校验码
[root@localhost ~]# /usr/bin/md5sum /data/kingsoft_centos6.3_1.0.iso
2de68609b36db23cca4956b2779465ed /data/kingsoft_centos6.3_1.0.iso
三、到此已经完成了,现在你就可以把这个镜像文件刻录成安装安装系统了,只要你设置服务器从光驱启动就好了,一切自动完成。
相关阅读:CentOS5.6下配置rsync内网同步数据到外网 http://www.linuxidc.com/Linux/2012-06/64070.htm
