http://blog.chinaunix.net/uid-16728139-id-4174109.html
关闭 ipv6:
cat <<EOF>>/etc/modprobe.d/dist.conf
alias net-pf-10 off
alias ipv6 off
EOF
yum install cobbler cobbler-web createrepo yum-utils dhcp httpd tftp cman pykickstart debmirror -y
二:配置环境
1>修改cobbler 的配置文件
[root@locahost ~]# vim /etc/cobbler/settings
next_server: 10.3.3.31
server: 10.3.3.31
manage_dhcp: 1
manage_rsync: 1
生成密码串:
[root@locahost ~]# openssl passwd -1 -salt "cobber" "123456"
$1$cobber$yV9XfOuaaiVDvImopK7o.1
openssl passwd -1 -salt '任间字符' '密码'
这个命令的用法,任意字符可以随便写,这个密码就是安装完系统root的密码了。替换配置文件里的字串。
[root@locahost ~]# vim /etc/cobbler/settings
default_password_crypted: "$1$cobber$yV9XfOuaaiVDvImopK7o.1"
2>启用tfpt 和 rsync
[root@locahost ~]# vim /etc/xinetd.d/tftp
disable = no
[root@locahost ~]# vim /etc/xinetd.d/rsync
disable = no
启动服务
[root@locahost ~]# /etc/init.d/xinetd restart
3>修改dhcp的配置文件
vim /etc/cobbler/dhcp.template
subnet 192.168.18.0 netmask 255.255.255.0 {
option routers 192.168.18.5;
option domain-name-servers 192.168.1.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.18.100 192.168.18.254;
filename "/pxelinux.0";
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
}
[root@locahost ~]# vim /etc/debmirror.conf
#@dists="sid";
@sections="main,main/debian-installer,contrib,non-free";
#@arches="i386";
[root@locahost ~]# /etc/init.d/cobblerd restart
[root@locahost ~]# /etc/init.d/httpd restart
[root@locahost ~]# /etc/init.d/xinetd restart
#[root@locahost ~]# /etc/init.d/dhcpd restart
[root@locahost ~]# cobbler get-loaders
downloading http://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README (可以把文件放到这个目录)
......
三:配置web环境
htdigest /etc/cobbler/users.digest "Cobbler" cobbler
http://ip/cobbler_web
1:添加DVD源,
[root@locahost ~]# mkdir -p /mnt/cdrom
[root@locahost ~]# mount /dev/cdrom /mnt/cdrom/
[root@locahost ~]# cobbler import --path=/mnt/cdrom/ --name=centos6.4 --arch=x86_64
cd /var/lib/cobbler/kickstarts/
cp sample_end.ks centos6.ks
cobbler profile profile edit --name=centos6.4 --distro=centos6.4 --kickstart=/var/lib/cobbler/kickstarts/centos6.ks
cobbler report
cobbler sync
[root@locahost ~]# /etc/init.d/cobblerd restart
[root@locahost ~]# cobbler sync
直接部署单一系统,不用手选择:
vim /etc/cobbler/pxe/pxedefault.template
DEFAULT menu(改为安装的系统名称)
创建kickstarts自动安装:
cd /var/lib/cobbler/kickstarts #进入默认Kickstart模板目录
vi /var/lib/cobbler/kickstarts/CentOS-5.10-x86_64.ks #创建CentOS-5.10-x86_64安装脚本
# Kickstart file automatically generated by anaconda.
install
url --url=http://192.168.21.128/cobbler/ks_mirror/CentOS-5.10-x86_64-x86_64/
lang en_US.UTF-8
zerombr yes
key --skip
keyboard us
network --device eth0 --bootproto dhcp --onboot on
#network --device eth0 --bootproto static --ip 192.168.21.250 --netmask 255.255.255.0 --gateway 192.168.21.2
--nameserver 8.8.8.8 --hostname CentOS5.10
rootpw --iscrypted $1$QqobZZ1g$rYnrawi9kYlEeUuq1vcRS/
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --disabled
timezone Asia/Shanghai
bootloader --location=mbr --driveorder=sda
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --linux
clearpart --all --initlabel
part / --bytes-per-inode=4096 --fstype="ext3" --size=2048
part /boot --bytes-per-inode=4096 --fstype="ext3" --size=128
part swap --bytes-per-inode=4096 --fstype="swap" --size=500
part /data --bytes-per-inode=4096 --fstype="ext3" --grow --size=1
reboot
%packages
ntp
@base
@core
@dialup
@editors
@text-internet
keyutils
trousers
fipscheck
device-mapper-multipath
%post
#同步系统时间
ntpdate cn.pool.ntp.org
hwclock --systohc
echo -e "0 1 * * * root /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null" >> /etc/crontab
service crond restart
#禁止root用户直接登录系统
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/g" '/etc/ssh/sshd_config'
service sshd restart
#禁止开机启动的服务
for i in `chkconfig --list | awk '{print $1}'`;do
if [[ $i = 'atd' || $i = 'crond' || $i = 'irqbalance' || $i = 'network' || $i = 'sshd' || $i = 'rsyslog' ||
$i = 'httpd' || $i = salt-* || $i = zabbix_* ]];then
chkconfig --level 3 $i on
else
chkconfig $i off
fi
done
grep -v "^#" /etc/ssh/sshd_config | grep -v "^$" | grep "^UseDNS no" > /dev/null
if [[ $? -ne 0 ]];then
sed -i '122a\UseDNS no' /etc/ssh/sshd_config
/etc/init.d/sshd restart
fi
cat >>/etc/profile<<EOF
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
ulimit -c unlimited
else
ulimit -u 16384 -n 65536 -c unlimited
fi
EOF
source /etc/profile
##set ulimit file
cat >> /etc/security/limits.conf<<EOF
* soft nproc 10000
* hard nproc 16384
* soft nofile 65536
* hard nofile 65536
EOF
#禁止使用Ctrl+Alt+Del快捷键重启服务器
sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/g" '/etc/inittab'
#优化系统内核
echo -e "ulimit -c unlimited" >> /etc/profile
echo -e "ulimit -s unlimited" >> /etc/profile
echo -e "ulimit -SHn 65535" >> /etc/profile
source /etc/profile
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf'
echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_max = 131072" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf
echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_conntrack_max = 819200" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_local_port_range = 10024 65535" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_len = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
/sbin/sysctl -p
#执行外部脚本
cd /root
wget http://192.168.21.128/cobbler/ks_mirror/config/autoip.sh
sh /root/autoip.sh
vi /var/www/cobbler/ks_mirror/config/autoip.sh #创建脚本,自动设置Linux系统静态IP地址、DNS、网关、计算机名称
#!/bin/sh
ROUTE=$(route -n|grep "^0.0.0.0"|awk '{print $2}')
BROADCAST=$(/sbin/ifconfig eth0|grep -i bcast|awk '{print $3}'|awk -F":" '{print $2}')
HWADDR=$(/sbin/ifconfig eth0|grep -i HWaddr|awk '{print $5}')
IPADDR=$(/sbin/ifconfig eth0|grep "inet addr"|awk '{print $2}'|awk -F":" '{print $2}')
NETMASK=$(/sbin/ifconfig eth0|grep "inet addr"|awk '{print $4}'|awk -F":" '{print $2}')
cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF
DEVICE=eth0
BOOTPROTO=static
BROADCAST=$BROADCAST
HWADDR=$HWADDR
IPADDR=$IPADDR
NETMASK=$NETMASK
GATEWAY=$ROUTE
ONBOOT=yes
EOF
IPADDR1=$(echo $IPADDR|awk -F"." '{print $4}')
cat >/etc/sysconfig/network-scripts/ifcfg-eth1<<EOF
DEVICE=eth1
BOOTPROTO=static
BROADCAST=10.0.0.255
HWADDR=$(/sbin/ifconfig eth1|grep -i HWaddr|awk '{print $5}')
IPADDR=10.0.0.$IPADDR1
NETMASK=255.255.255.0
ONBOOT=yes
EOF
HOSTNAME=OsYunWei_HZ_$(echo $IPADDR|awk -F"." '{print $4}')
cat >/etc/sysconfig/network<<EOF
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=$HOSTNAME
GATEWAY=$ROUTE
EOF
echo "127.0.0.1 $HOSTNAME" >> /etc/hosts
hostname=$HOSTNAME
echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf