定制CentOS 6.3 自动安装盘

一、之前有写过一篇管理定制CentOS5.6的文章,最近公司外网生产环境准备用CentOS6系列的,手动安装是在是太麻烦,所以就又研究了一些6系列的封装,其实和5系列的差不多,就是有几个文件不一样,还有就是ks.cfg这个文件我又更新了新内容。

二、开始定制

1、安装需要的用到的软件包

[root@localhost ~]# yum -y install createrepo mkisofs

2、生成安装系统所需要的rpm文件列表

[root@localhost ~]# awk '/Installing/{print $2}' install.log |sed 's/^[0-9]*://g' >/root/packages.list

3、创建工作目录

[root@localhost ~]# mkdir -p /mnt/cdrom

[root@localhost ~]# mkdir -p /data/OS

[root@localhost ~]# mount /dev/cdrom /mnt/cdrom

4、复制文件

[root@localhost ~]# rsync -a --exclude=Packages /mnt/cdrom/* /data/OS/

[root@localhost ~]# cp /mnt/cdrom/.discinfo /data/OS/

5、复制精简后的rpm包

a、撰写脚本

[root@localhost ~]# vi /data/cprmps.sh

#!/bin/bash

DEBUG=0

CentOS_DVD=/mnt/cdrom

ALL_RPMS_DIR=/mnt/cdrom/Packages

KOS_RPMS_DIR=/data/OS/Packages

packages_list=/root/packages.list

number_of_packages=`cat $packages_list | wc -l`

i=1

while [ $i -le $number_of_packages ] ; do

line=`head -n $i $packages_list | tail -n -1`

name=`echo $line | awk '{print $1}'`

version=`echo $line | awk '{print $3}' | cut -f 2 -d :`

if [ $DEBUG -eq "1" ] ; then

echo $i: $line

echo $name

echo $version

fi

if [ $DEBUG -eq "1" ] ; then

ls $ALL_RPMS_DIR/$name-$version*

if [ $? -ne 0 ] ; then

echo "cp $ALL_RPMS_DIR/$name-$version* "

fi

else

echo "cp $ALL_RPMS_DIR/$name-$version* $KOS_RPMS_DIR/"

cp $ALL_RPMS_DIR/$name-$version* $KOS_RPMS_DIR/

# in case the copy failed

if [ $? -ne 0 ] ; then

echo "cp $ALL_RPMS_DIR/$name-$version* "

cp $ALL_RPMS_DIR/$name* $KOS_RPMS_DIR/

fi

b、复制

[root@localhost ~]# chmod +x /data/cprmps.sh

[root@localhost ~]# sh /data/cprmps.sh

6、撰写ks.cfg文件

[root@localhost ~]# vi /data/OS/isolinux/ks.cfg

# Kickstart file automatically generated by anaconda. 

#Install OS instead of upgrade 

install 

#Use text mode install  

text 

#Use CDROM installation media  

cdrom 

lang en_US.UTF-8 

keyboard us    

#Skip the X Configuration 

skipx 

#Network information

network --bootproto=static --ip=172.28.26.100 --netmask=255.255.255.0 --gateway=172.28.28.1 --nameserver 8.8.8.8 --hostname=kingsoft-navy --noipv6 --onboot=yes

#root -- 1q2w3e

rootpw --iscrypted $1$UJlaGQFP$.Wf93SJYnar9yDIzS8YDr1

firewall --disabled 

#System authorization information 

authconfig --enableshadow --enablemd5 

selinux --disabled 

timezone --utc Asia/Shanghai 

#System bootloader configuration  

bootloader --location=mbr

#Clear the Master Boot Record 

zerombr yes 

#Partition clearing information 

bootloader --location=mbr

clearpart --linux

part /boot --fstype ext3 --size=200 --asprimary

part pv.4 --size=30000

part swap --size=32000

part pv.7 --size=100 --grow

volgroup VolGroupRoot --pesize=32768 pv.4

volgroup VolGroupData --pesize=32768 pv.7

logvol /data/logs --fstype ext3 --name=LogVolLogs --vgname=VolGroupData --size=10240

logvol /data --fstype ext3 --name=LogVolData --vgname=VolGroupData --size=59904

logvol / --fstype ext3 --name=LogVolRoot --vgname=VolGroupRoot --size=29984

#--- Reboot the host after installation is done 

reboot    

%packages

@additional-devel

@base

@core

@development

@emacs

@server-policy

@system-management

libXinerama-devel

xorg-x11-proto-devel

startup-notification-devel

libgnomeui-devel

libbonobo-devel

cmake

rpmdevtools

jpackage-utils

rpmlint

%post

# file descriptors

ulimit -HSn 655350

echo "* soft nofile 655350" >> /etc/security/limits.conf

echo "* hard nofile 655350" >> /etc/security/limits.conf

#set iptables

/bin/cat > /etc/sysconfig/iptables << _iptables

# Generated by iptables-save v1.3.5 on Sun Jul 22 18:22:41 2012

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [458589544:2196099698813]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p esp -j ACCEPT

-A RH-Firewall-1-INPUT -p ah -j ACCEPT

-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -s 172.28.29.10 -p tcp -m state --state NEW -m tcp -j ACCEPT

-A RH-Firewall-1-INPUT -s 100.100.100.100 -p tcp -m state --state NEW -m tcp -j ACCEPT

-A RH-Firewall-1-INPUT -s 10.20.20.10 -p tcp -m state --state NEW -m tcp -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Completed on Sun Jul 22 18:22:41 2012

_iptables

#start iptables

/etc/init.d/iptables start

#add route

/sbin/route add -net 172.28.0.0 netmask 255.255.0.0 gw 172.28.29.1

echo "route add -net 172.28.0.0 netmask 255.255.0.0 gw 172.28.29.1" >> /etc/rc.local

#set DNS

/bin/cat > /etc/resolv.conf << _resolv

nameserver 114.114.115.115

nameserver 114.114.114.114

nameserver 8.8.4.4

nameserver 8.8.8.8

_resolv

#set ntp

ntpdate 1.cn.pool.ntp.org && /sbin/hwclock --systohc

/bin/cat > /etc/cron.daily/ntpdate << _ntpdate

#!/bin/bash

/sbin/ntpdate 1.cn.pool.ntp.org && /sbin/hwclock --systohc

_ntpdate

#set /etc/sysctl.conf

/bin/cat > /etc/sysctl.conf << _sysctl

fs.file-max = 1000000

kernel.core_uses_pid = 1

kernel.msgmax = 65536

kernel.msgmnb = 65536

kernel.shmall = 4294967296

kernel.shmmax = 68719476736

kernel.sysrq = 0

net.core.netdev_max_backlog = 262144

net.core.rmem_default = 2097152

net.core.rmem_max = 16777216

net.core.somaxconn = 262144

net.core.wmem_default = 2097152

net.core.wmem_max = 16777216

net.ipv4.conf.default.accept_source_route = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.ip_conntrack_max = 819200

net.ipv4.ip_forward = 0

net.ipv4.ip_local_port_range = 1024    65000

net.ipv4.neigh.default.gc_thresh1 = 10240

net.ipv4.neigh.default.gc_thresh2 = 40960

net.ipv4.neigh.default.gc_thresh3 = 81920

net.ipv4.netfilter.ip_conntrack_max = 819200

net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60

net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120

net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120

net.ipv4.tcp_fin_timeout = 1

net.ipv4.tcp_keepalive_intvl = 15

net.ipv4.tcp_keepalive_probes = 5

net.ipv4.tcp_keepalive_time = 30

net.ipv4.tcp_max_orphans = 3276800

net.ipv4.tcp_max_syn_backlog = 262144

net.ipv4.tcp_max_tw_buckets = 51200

net.ipv4.tcp_mem = 94500000 915000000 927000000

net.ipv4.tcp_orphan_retries = 3

net.ipv4.tcp_reordering = 5

net.ipv4.tcp_retrans_collapse = 0

net.ipv4.tcp_retries2 = 5

net.ipv4.tcp_rmem = 4096        87380   4194304

net.ipv4.tcp_sack = 1

net.ipv4.tcp_synack_retries = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_syn_retries = 1

net.ipv4.tcp_timestamps = 0

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_window_scaling = 1

net.ipv4.tcp_wmem = 4096        16384   4194304

net.ipv6.conf.all.disable_ipv6 = 1

_sysctl

source /etc/profile

sysctl -e -p

/etc/init.d/avahi-daemon stop

/etc/init.d/yum-updatesd stop

chkconfig avahi-daemon off

chkconfig yum-updatesd off

7、生成comps.xml文件

[root@localhost ~]# cd /data/OS

[root@localhost ~]# createrepo -g repodata/0dae8d32824acd9dbdf7ed72f628152dd00b85e4bd802e6b46e4d7b78c1042a3-c6-x86_64-comps.xml /data/OS/

8、让系统启动读开始,ks.cfg的内容

修改lable linux

[root@localhost ~]# vi /data/OS/isolinux/isolinux.cfg

label linux

menu label ^Install or upgrade an existing system

menu default

kernel vmlinuz

append ks=cdrom:/isolinux/ks.cfg initrd=initrd.img

9、生成ISO镜像文件

[root@localhost ~]# declare -x discinfo=`head -1 .discinfo`

[root@localhost ~]#  createrepo -u "media://$discinfo" -g repodata/0dae8d32824acd9dbdf7ed72f628152dd00b85e4bd802e6b46e4d7b78c1042a3-c6-x86_64-comps.xml /data/OS/

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/21435.html