说明:
Kickstart服务器系统:CentOS 5.10 64位
IP地址:192.168.21.128
需要安装部署的Linux系统:CentOS 5.10 64位
eth0(第一块网卡,用于外网)IP地址段:192.168.21.160-192.168.21.200
eth1(第二块网卡,用于内网)IP地址段:10.0.0.160-10.0.0.200
子网掩码:255.255.255.0
网关:192.168.21.2
DNS:8.8.8.8 8.8.4.4
所有服务器均支持PXE网络启动
实现目的:通过配置Kickstart服务器,全自动批量安装部署Linux系统
具体操作:
第一部分:在Kickstart服务器系统操作
一、关闭SELINUX
vi /etc/selinux/config
#SELINUX=enforcing #注释掉
#SELINUXTYPE=targeted #注释掉
SELINUX=disabled #增加
:wq! #保存退出
setenforce 0 #使配置立即生效
二、配置防火墙,开启TCP:80端口、UDP:69端口
vi /etc/sysconfig/iptables #编辑
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT #http服务需要此端口
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT #tftp服务需要此端口
/etc/init.d/iptables restart #最后重启防火墙使配置生效
三、安装http服务器
yum install httpd #安装
chkconfig httpd on #设置开机启动
service httpd start #启动
四、挂载系统安装镜像到http服务器站点目录
上传系统安装镜像文件CentOS-5.10-x86_64-bin-DVD-1of2.iso到/usr/local/src/目录
mkdir -p /var/www/html/os #创建挂载目录
mount -t iso9660 -o loop /usr/local/src/CentOS-5.10-x86_64-bin-DVD-1of2.iso /var/www/html/os #挂载系统镜像
vi /etc/fstab #添加以下代码。实现开机自动挂载
/usr/local/src/CentOS-5.10-x86_64-bin-DVD-1of2.iso /var/www/html/os iso9660 defaults,ro,loop 0 0
:wq! #保存退出
备注:iso9660使用df -T 查看设备 卸载:umount /var/www/html/os
五、安装tftp服务器
yum install tftp tftp-server #安装
vi /etc/xinetd.d/tftp #编辑
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
:wq! #保存退出
service xinetd start #启动
mkdir -p /var/lib/tftpboot
cp /var/www/html/os/images/pxeboot/vmlinuz /var/lib/tftpboot
cp /var/www/html/os/images/pxeboot/initrd.img /var/lib/tftpboot
mkdir -p /var/lib/tftpboot/pxelinux.cfg
cp /var/www/html/os/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default #拷贝启动菜单
vi /var/lib/tftpboot/pxelinux.cfg/default #编辑修改
default linux
prompt 0
timeout 600
display boot.msg
F1 boot.msg
F2 options.msg
F3 general.msg
F4 param.msg
F5 rescue.msg
label linux
kernel vmlinuz
append initrd=initrd.img ks=http://192.168.21.128/ks.cfg ksdevice=eth0 ip=dhcp
label text
kernel vmlinuz
append initrd=initrd.img text
label ks
kernel vmlinuz
append ks initrd=initrd.img
label local
localboot 1
label memtest86
kernel memtest
append -
:wq! #保存退出
chmod 644 /var/lib/tftpboot/pxelinux.cfg/default #设置文件权限
yum install syslinux #安装引导程序
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/ #拷贝引导文件到tftp服务器根目录
六、安装DHCP服务器
yum install dhcp #安装
cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf #复制配置文件模板
vi /etc/dhcpd.conf #编辑配置文件
ddns-update-style interim; #设置DHCP服务器模式
ignore client-updates; #禁止客户端更新
subnet 192.168.21.0 netmask 255.255.255.0 { #设置网段
option routers 192.168.21.2; #设置网关
option subnet-mask 255.255.255.0; #设置子网掩码
option domain-name-servers 8.8.8.8,8.8.4.4; #设置dns服务器地址
range dynamic-bootp 192.168.21.160 192.168.21.200; #设置dhcp服务器IP地址租用的范围
default-lease-time 21600; #默认租约时间
max-lease-time 43200; #最大租约时间
next-server 192.168.21.128; #tftp服务器地址
filename "pxelinux.0"; #tftp服务器根目录下面的文件名
}
:wq! #保存退出
vi /etc/sysconfig/dhcpd #指定DHCP服务的网络接口
DHCPDARGS=eth0
:wq! #保存退出
dhcpd #测试dhcp服务器配置是否正确
service dhcpd start #启动dhcp服务
chkconfig dhcpd on #设置开机启动
系统运维 www.111cn.net 温馨提醒:qihang01原创内容版权所有,转载请注明出处及原文链接
七、配置kickstart自动安装文件
yum install system-config-kickstart #安装工具包
cd /var/www/html
vi ks.cfg #编辑
# Kickstart file automatically generated by anaconda.
install
url --url=http://192.168.21.128/os/
lang en_US.UTF-8
zerombr yes
key --skip
keyboard us
network --device eth0 --bootproto dhcp --onboot on
#network --device eth0 --bootproto static --ip 192.168.21.250 --netmask 255.255.255.0 --gateway 192.168.21.2 --nameserver 8.8.8.8 --hostname CentOS5.10
rootpw --iscrypted 1QqobZZ1g$rYnrawi9kYlEeUuq1vcRS/
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --disabled
timezone Asia/Shanghai
bootloader --location=mbr --driveorder=sda
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --linux
clearpart --all --initlabel
part / --bytes-per-inode=4096 --fstype="ext3" --size=2048
part /boot --bytes-per-inode=4096 --fstype="ext3" --size=128
part swap --bytes-per-inode=4096 --fstype="swap" --size=500
part /data --bytes-per-inode=4096 --fstype="ext3" --grow --size=1
reboot
%packages
ntp
expect
@base
@core
@dialup
@editors
@text-internet
keyutils
trousers
fipscheck
device-mapper-multipath
%post
#同步系统时间
ntpdate cn.pool.ntp.org
hwclock --systohc
echo -e "0 1 * * * root /usr/sbin/ntpdate cn.pool.ntp.org > /dev/null" >> /etc/crontab
service crond restart
#添加用户组
groupadd maintain
groupadd develop
mkdir -p /home/maintain
mkdir -p /home/develop
#添加用户
useradd -g maintain user01 -d /home/maintain/user01 -m
echo "123456"|passwd user01 --stdin
useradd -g maintain user02 -d /home/maintain/user02 -m
echo "123456"|passwd user02 --stdin
useradd -g maintain user03 -d /home/maintain/user03 -m
echo "123456"|passwd user03 --stdin
useradd -g maintain user04 -d /home/maintain/user04 -m
echo "123456"|passwd user04 --stdin
#禁止root用户直接登录系统
sed -i "s/#PermitRootLogin yes/PermitRootLogin no/g" '/etc/ssh/sshd_config'
service sshd restart
#禁止开机启动的服务
chkconfig acpid off
chkconfig atd off
chkconfig autofs off
chkconfig bluetooth off
chkconfig cpuspeed off
chkconfig firstboot off
chkconfig gpm off
chkconfig haldaemon off
chkconfig hidd off
chkconfig ip6tables off
chkconfig isdn off
chkconfig messagebus off
chkconfig nfslock off
chkconfig pcscd off
chkconfig portmap off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig yum-updatesd off
chkconfig sendmail off
#允许开机启动的服务
chkconfig crond on
chkconfig kudzu on
chkconfig network on
chkconfig readahead_early on
chkconfig sshd on
chkconfig syslog on
#禁止使用Ctrl+Alt+Del快捷键重启服务器
sed -i "s/ca::ctrlaltdel:/sbin/shutdown -t3 -r now/#ca::ctrlaltdel:/sbin/shutdown -t3 -r now/g" '/etc/inittab'
telinit q
#优化系统内核
echo -e "ulimit -c unlimited" >> /etc/profile
echo -e "ulimit -s unlimited" >> /etc/profile
echo -e "ulimit -SHn 65535" >> /etc/profile
source /etc/profile
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" '/etc/sysctl.conf'
echo -e "net.core.somaxconn = 262144" >> /etc/sysctl.conf
echo -e "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.core.wmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_default = 8388608" >> /etc/sysctl.conf
echo -e "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.core.wmem_max = 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_max = 131072" >> /etc/sysctl.conf
echo -e "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180" >> /etc/sysctl.conf
echo -e "net.ipv4.route.gc_timeout = 20" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_conntrack_max = 819200" >> /etc/sysctl.conf
echo -e "net.ipv4.ip_local_port_range = 10024 65535" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_retries2 = 5" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_fin_timeout = 30" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_len = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_time = 120" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_probes = 3" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_keepalive_intvl = 15" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_tw_buckets = 36000" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_orphans = 3276800" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_wmem = 8192 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_rmem = 32768 131072 16777216" >> /etc/sysctl.conf
echo -e "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
/sbin/sysctl -p
#执行外部脚本
cd /root
wget http://192.168.21.128/autoip.sh
sh /root/autoip.sh
:wq! #保存退出
八、添加脚本,自动设置Linux系统静态IP地址、DNS、网关、计算机名称
cd /var/www/html
vi autoip.sh #编辑
#!/bin/sh
ROUTE=(route -n|grep "^0.0.0.0"|awk '{print2}')
BROADCAST=(/sbin/ifconfig eth0|grep -i bcast|awk '{print3}'|awk -F":" '{print $2}')
HWADDR=(/sbin/ifconfig eth0|grep -i HWaddr|awk '{print5}')
IPADDR=(/sbin/ifconfig eth0|grep "inet addr"|awk '{print2}'|awk -F":" '{print $2}')
NETMASK=(/sbin/ifconfig eth0|grep "inet addr"|awk '{print4}'|awk -F":" '{print $2}')
cat >/etc/sysconfig/network-scripts/ifcfg-eth0<<EOF
DEVICE=eth0
BOOTPROTO=static
BROADCAST=$BROADCAST
HWADDR=$HWADDR
IPADDR=$IPADDR
NETMASK=$NETMASK
GATEWAY=$ROUTE
ONBOOT=yes
EOF
IPADDR1=(echoIPADDR|awk -F"." '{print $4}')
cat >/etc/sysconfig/network-scripts/ifcfg-eth1<<EOF
DEVICE=eth1
BOOTPROTO=static
BROADCAST=10.0.0.255
HWADDR=(/sbin/ifconfig eth1|grep -i HWaddr|awk '{print5}')
IPADDR=10.0.0.$IPADDR1
NETMASK=255.255.255.0
ONBOOT=yes
EOF
HOSTNAME=OsYunWei_HZ_(echoIPADDR|awk -F"." '{print $4}')
cat >/etc/sysconfig/network<<EOF
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=$HOSTNAME
GATEWAY=$ROUTE
EOF
echo "127.0.0.1 $HOSTNAME" >> /etc/hosts
hostname=$HOSTNAME
echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
:wq! #保存退出
第二部分:设置要安装的服务器从网络启动
开机之后,如下图所示,系统已经自动安装
<div jquery1396949096734="122">
系统运维 www.111cn.net 温馨提醒:qihang01原创内容版权所有,转载请注明出处及原文链接
备注:系统安装完成之后,第一启动请设置为硬盘,否则系统重新之后又自动安装系统了!
="">
本文转自灬落魄灬 51CTO博客,原文链接:http://blog.51cto.com/smoke520/1795433,如需转载请自行联系原作者
