下面只是ks.cfg的文件配置,里面照原版的改了一部分,原文的全部配置及方法如下:
这里的ks.cfg包含升级优化openssh及openssl之类,设置其他的默认参数等,没有大改,只是优化一下
# Kickstart file automatically generated by anaconda.
# version=DEVEL
#-------------------------------------------------------------------------------
# Command section --- must include the required options.
#-------------------------------------------------------------------------------
# Text mode or graphical mode?
text
#graphical
firstboot --disable
# Install or upgrade?
install
# Use CDROM installation media
cdrom
# Network information
# network --onboot yes --device eth0 --bootproto dhcp --noipv6
# network --hostname=localhost.localdomain
# System authorization information
auth --enableshadow --passalgo=sha512
# Root password
rootpw --iscrypted $1$n5Jfcfwa$//2gZpFMJypdiXEF8ld6O.
# System services,禁用chronyd,防止与ntpd冲突
services --disabled="chronyd"
# System timezone
timezone Asia/Shanghai
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8
# Firewall configuration
firewall --disabled
# SELinux configuration
selinux --disabled
# Installation logging level
logging --level=info
# Reboot after installation
halt
#-------------------------------------------------------------------------------
# The %pre sections
#-------------------------------------------------------------------------------
%include /tmp/part-include
%pre
#!/bin/sh
#-------------------------------------------------------------------------------
# 非超微4U4Node机型时,设置系统盘标示符: 如果只有一个磁盘,则不论磁盘大小多大;
# 如果有多个磁盘,则按自定义的规则选择系统安装盘
#-------------------------------------------------------------------------------
#function get_osdisk() {
# disk_count=$(fdisk -l | grep "Disk /dev/${osdisk_prefix}" | wc -l)
# if [ ${disk_count} -eq 1 ]; then
# osdisk=$(fdisk -l | grep "Disk /dev/${osdisk_prefix}" | cut -d: -f1 | cut -d/ -f3)
# else
# osdisk=$(fdisk -l | grep "Disk /dev/${osdisk_prefix}" | awk '{if ($3 >=50 && $3 < 2000) print $0}' | cut -d: -f1 | cut -d/ -f3)
# fi
#}
#-------------------------------------------------------------------------------
# 设置swap大小,如果内存mem<=2G,则swap设置为与物理内存大小一样;
# 如果内存2G<mem<=16G,swap=8G; 如果内存mem>16G,则swap=16G
# 注意:/proc/meminfo中单位是kb,而kickstart中指定swap大小时单位是mb
#-------------------------------------------------------------------------------
act_mem=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}')
if [ ${act_mem} -le $((2*1024*1024)) ]; then
swap_size=$((2*1024))
elif [ ${act_mem} -gt $((2*1024*1024)) ] && [ ${act_mem} -le $((16*1024*1024)) ]; then
swap_size=$((8*1024))
else
swap_size=$((16*1024))
fi
#-------------------------------------------------------------------------------
# 如果是超微4U4Node机型,使用了主板自带的BIOS RAID set
# 假设创建RAID 1的名称为Volume0,则它的磁盘标示符为Volume0_0,是/dev/md126的软连接
# 如果不是超微4U4Node机型,且有SATA或SCSI磁盘,则不论是否还有IDE磁盘,都使用sdx;
# 如果仅有IDE磁盘,则使用hdx
#-------------------------------------------------------------------------------
#if $(grep -q 'md.*$' /proc/partitions); then
# osdisk="Volume0_0"
# get_swap # 调用函数
#elif $(grep -q 'sd.*$' /proc/partitions); then
# osdisk_prefix='sd'
# get_osdisk # 调用函数
# get_swap # 调用函数
#elif $(grep -q 'hd.*$' /proc/partitions); then
# osdisk_prefix='hd'
# get_osdisk # 调用函数
# get_swap # 调用函数
#else
# print "Lost disks, please install disks first!"
# exit 1
#fi
#-------------------------------------------------------------------------------
# 生成/tmp/part-include临时文件
#-------------------------------------------------------------------------------
cat >> /tmp/part-include << EOF
# System bootloader configuration
#bootloader --location=mbr --boot-drive=${osdisk}
bootloader --location=mbr
# Partition clearing information
clearpart --all --initlabel
# Clear the Master Boot Record
zerombr
# Disk partitioning information
ignoredisk --only-use=sda
part biosboot --fstype="biosboot" --size=1 # 当磁盘大于2T时,以BIOS方式安装CentOS到GPT分区表的磁盘,需要创建1MB的biosboot分区
part /boot --fstype="ext4" --size=1024
part /boot/efi --fstype="ext4" --size=1024
part swap --fstype="swap" --size=${swap_size}
part / --fstype="ext4" --size=1 --grow
EOF
%end
#-------------------------------------------------------------------------------
# The %packages section
#-------------------------------------------------------------------------------
%packages
@^developer-workstation-environment
@additional-devel
@base
@compat-libraries
@core
@debugging
@desktop-debugging
@development
@dial-up
@directory-client
@fonts
@gnome-apps
@gnome-desktop
@graphics
@guest-agents
@guest-desktop-agents
@hardware-monitoring
@input-methods
@internet-applications
@internet-browser
@java-platform
@kde-desktop
@large-systems
@mainframe-access
@multimedia
@network-file-system-client
@office-suite
@performance
@perl-runtime
@perl-web
@platform-devel
@print-client
@ruby-runtime
@security-tools
@system-admin-tools
@technical-writing
@virtualization-client
@virtualization-hypervisor
@virtualization-tools
@web-server
@x11
kexec-tools
%end
# 启用kdump
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
#-------------------------------------------------------------------------------
# The %post sections
#-------------------------------------------------------------------------------
%post --nochroot --log=/mnt/sysimage/root/postinstall_stage1.log
mkdir -p /mnt/source
mount -o loop /dev/cdrom /mnt/source
cp /mnt/source/software/openssh-7.7p1.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/openssl-1.0.1t.tar.gz /mnt/sysimage/usr/local
cp /mnt/source/software/ftp-0.17-67.el7.x86_64.rpm /mnt/sysimage/tmp/
cp /mnt/source/software1/glibcpkg.tar.gz /mnt/sysimage/tmp/
umount -f /mnt/source
%end
%post --log=/root/postinstall_stage2.log
echo "==>Uncompress netgainagent ok!
" >> /root/postinstall_stage2.log
#ftp glibc.i686
rpm -ivh /tmp/ftp-0.17-67.el7.x86_64.rpm
cd /tmp
tar -xvf glibcpkg.tar.gz
cd /tmp/glibcpkg
yum localinstall *.rpm -y
#ntp
cat >> /var/spool/cron/root << EOF
*/3 * * * * /usr/sbin/ntpdate ntp.cnnic.cn && /sbin/hwclock -w
EOF
echo "==>Set OS NTP ok!
" >> /root/postinstall_stage2.log
#erase and disable useless process
yum erase firewalld -y
yum erase dnsmasq -y
yum erase cups -y
yum erase postfix -y
systemctl disable rpcbind
systemctl disable rpcbind.socket
systemctl disable avahi-daemon.service
systemctl disable avahi-daemon.socket
#openssl and openssh
date -s 2019-12-31
cd /usr/local/
tar -xvf /usr/local/openssh-7.7p1.tar.gz
tar -xvf /usr/local/openssl-1.0.1t.tar.gz
mv /usr/local/openssh-7.7p1/ /usr/local/openssh/
mv /etc/init.d/sshd /etc/init.d/sshd_bak
mv /etc/ssh /etc/ssh_bak
mv /etc/ssl /etc/ssl_bak
mv /usr/bin/openssl /usr/local/openssl_bak
mv /usr/include/openssl /usr/include/openssl_bak
mv /usr/lib/openssl /usr/lib/openssl_bak
cd /usr/local/openssl-1.0.1t/
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib64 shared zlib-dynamic
make depend
make
make MANDIR=/usr/share/man MANSUFFIX=ssl install
ldconfig -v
sed -i 's/OpenSSH_7.7/OpenSSH/' /usr/local/openssh/version.h
cd /usr/local/openssh/
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib --with-ssl-dir=/usr/ssl --with-md5-passwords --mandir=/usr/share/man --without-openssl-header-check
make
make install
cp /usr/local/openssh/contrib/redhat/sshd.init /etc/init.d/sshd
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i 's@/sbin/restorecon /etc/ssh/ssh_host_key.pub@@' /etc/init.d/sshd
mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.bak
systemctl daemon-reload
echo "==>Update openssh ok!
" >> /root/postinstall_stage2.log
#modified
if [ `cat /etc/security/limits.conf |grep ^*|wc -l` -eq 0 ]; then
sed -i 's/1024/10240/g' /etc/security/limits.d/90-nproc.conf
sed -i '/End of file/i* soft nproc 10240' /etc/security/limits.conf
sed -i '/End of file/i* hard nproc 10240' /etc/security/limits.conf
sed -i '/End of file/i* soft nofile 10240' /etc/security/limits.conf
sed -i '/End of file/i* hard nofile 10240' /etc/security/limits.conf
else
echo "open files is exist"
fi
#history size
cat >> /etc/bashrc <<EOF
HISTSIZE=2000
HISTFILESIZE=2000
HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "
EOF
#delete files
cd /usr/local
rm -rf openssh-7.7p1.tar.gz openssl-1.0.1t.tar.gz
cd /tmp
rm -rf ftp-0.17-67.el7.x86_64.rpm
rm -rf glibcpkg glibcpkg.tar.gz
#!/bin/sh
# 设置Bash Color
echo 'PS1="[e[32;1m][u@h W]\$ [e[0m]"' >> /root/.bashrc
. /root/.bashrc
#set network device
NET_DEV=`ifconfig | grep mtu | awk -F: '{print $1}' | grep -v lo | head -n 1`
sed -i 's@ONBOOT=no@ONBOOT=yes@' /etc/sysconfig/network-scripts/ifcfg-$NET_DEV
sed -i 's@ONBOOT="no"@ONBOOT="yes"@' /etc/sysconfig/network-scripts/ifcfg-$NET_DEV
sed -i '/BOOTPROTO/d' /etc/sysconfig/network-scripts/ifcfg-$NET_DEV
cat >> /etc/sysconfig/network-scripts/ifcfg-$NET_DEV <<EOF
BOOTPROTO=static
IPADDR=
NETMASK=
GATEWAY=
EOF
%end