一、之前有写过一篇管理定制CentOS5.6的文章,最近公司外网生产环境准备用CentOS6系列的,手动安装是在是太麻烦,所以就又研究了一些6系列的封装,其实和5系列的差不多,就是有几个文件不一样,还有就是ks.cfg这个文件我又更新了新内容。
二、开始定制
1、安装需要的用到的软件包
[root@localhost ~]# yum -y install createrepo mkisofs
2、生成安装系统所需要的rpm文件列表
[root@localhost ~]# awk '/Installing/{print $2}' install.log |sed 's/^[0-9]*://g' >/root/packages.list
3、创建工作目录
[root@localhost ~]# mkdir -p /mnt/cdrom
[root@localhost ~]# mkdir -p /data/OS
[root@localhost ~]# mount /dev/cdrom /mnt/cdrom
4、复制文件
[root@localhost ~]# rsync -a --exclude=Packages /mnt/cdrom/* /data/OS/
[root@localhost ~]# cp /mnt/cdrom/.discinfo /data/OS/
5、复制精简后的rpm包
a、撰写脚本
[root@localhost ~]# vi /data/cprmps.sh
#!/bin/bash
DEBUG=0
CentOS_DVD=/mnt/cdrom
ALL_RPMS_DIR=/mnt/cdrom/Packages
KOS_RPMS_DIR=/data/OS/Packages
packages_list=/root/packages.list
number_of_packages=`cat $packages_list | wc -l`
i=1
while [ $i -le $number_of_packages ] ; do
line=`head -n $i $packages_list | tail -n -1`
name=`echo $line | awk '{print $1}'`
version=`echo $line | awk '{print $3}' | cut -f 2 -d :`
if [ $DEBUG -eq "1" ] ; then
echo $i: $line
echo $name
echo $version
fi
if [ $DEBUG -eq "1" ] ; then
ls $ALL_RPMS_DIR/$name-$version*
if [ $? -ne 0 ] ; then
echo "cp $ALL_RPMS_DIR/$name-$version* "
fi
else
echo "cp $ALL_RPMS_DIR/$name-$version* $KOS_RPMS_DIR/"
cp $ALL_RPMS_DIR/$name-$version* $KOS_RPMS_DIR/
# in case the copy failed
if [ $? -ne 0 ] ; then
echo "cp $ALL_RPMS_DIR/$name-$version* "
cp $ALL_RPMS_DIR/$name* $KOS_RPMS_DIR/
fi
b、复制
[root@localhost ~]# chmod +x /data/cprmps.sh
[root@localhost ~]# sh /data/cprmps.sh
6、撰写ks.cfg文件
[root@localhost ~]# vi /data/OS/isolinux/ks.cfg
# Kickstart file automatically generated by anaconda.
#Install OS instead of upgrade
install
#Use text mode install
text
#Use CDROM installation media
cdrom
lang en_US.UTF-8
keyboard us
#Skip the X Configuration
skipx
#Network information
network --bootproto=static --ip=172.28.26.100 --netmask=255.255.255.0 --gateway=172.28.28.1 --nameserver 8.8.8.8 --hostname=kingsoft-navy --noipv6 --onboot=yes
#root -- 1q2w3e
rootpw --iscrypted $1$UJlaGQFP$.Wf93SJYnar9yDIzS8YDr1
firewall --disabled
#System authorization information
authconfig --enableshadow --enablemd5
selinux --disabled
timezone --utc Asia/Shanghai
#System bootloader configuration
bootloader --location=mbr
#Clear the Master Boot Record
zerombr yes
#Partition clearing information
bootloader --location=mbr
clearpart --linux
part /boot --fstype ext3 --size=200 --asprimary
part pv.4 --size=30000
part swap --size=32000
part pv.7 --size=100 --grow
volgroup VolGroupRoot --pesize=32768 pv.4
volgroup VolGroupData --pesize=32768 pv.7
logvol /data/logs --fstype ext3 --name=LogVolLogs --vgname=VolGroupData --size=10240
logvol /data --fstype ext3 --name=LogVolData --vgname=VolGroupData --size=59904
logvol / --fstype ext3 --name=LogVolRoot --vgname=VolGroupRoot --size=29984
#--- Reboot the host after installation is done
reboot
%packages
@additional-devel
@base
@core
@development
@emacs
@server-policy
@system-management
libXinerama-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
cmake
rpmdevtools
jpackage-utils
rpmlint
%post
# file descriptors
ulimit -HSn 655350
echo "* soft nofile 655350" >> /etc/security/limits.conf
echo "* hard nofile 655350" >> /etc/security/limits.conf
#set iptables
/bin/cat > /etc/sysconfig/iptables << _iptables
# Generated by iptables-save v1.3.5 on Sun Jul 22 18:22:41 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [458589544:2196099698813]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -s 172.28.29.10 -p tcp -m state --state NEW -m tcp -j ACCEPT
-A RH-Firewall-1-INPUT -s 100.100.100.100 -p tcp -m state --state NEW -m tcp -j ACCEPT
-A RH-Firewall-1-INPUT -s 10.20.20.10 -p tcp -m state --state NEW -m tcp -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Jul 22 18:22:41 2012
_iptables
#start iptables
/etc/init.d/iptables start
#add route
/sbin/route add -net 172.28.0.0 netmask 255.255.0.0 gw 172.28.29.1
echo "route add -net 172.28.0.0 netmask 255.255.0.0 gw 172.28.29.1" >> /etc/rc.local
#set DNS
/bin/cat > /etc/resolv.conf << _resolv
nameserver 114.114.115.115
nameserver 114.114.114.114
nameserver 8.8.4.4
nameserver 8.8.8.8
_resolv
#set ntp
ntpdate 1.cn.pool.ntp.org && /sbin/hwclock --systohc
/bin/cat > /etc/cron.daily/ntpdate << _ntpdate
#!/bin/bash
/sbin/ntpdate 1.cn.pool.ntp.org && /sbin/hwclock --systohc
_ntpdate
#set /etc/sysctl.conf
/bin/cat > /etc/sysctl.conf << _sysctl
fs.file-max = 1000000
kernel.core_uses_pid = 1
kernel.msgmax = 65536
kernel.msgmnb = 65536
kernel.shmall = 4294967296
kernel.shmmax = 68719476736
kernel.sysrq = 0
net.core.netdev_max_backlog = 262144
net.core.rmem_default = 2097152
net.core.rmem_max = 16777216
net.core.somaxconn = 262144
net.core.wmem_default = 2097152
net.core.wmem_max = 16777216
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_conntrack_max = 819200
net.ipv4.ip_forward = 0
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.neigh.default.gc_thresh1 = 10240
net.ipv4.neigh.default.gc_thresh2 = 40960
net.ipv4.neigh.default.gc_thresh3 = 81920
net.ipv4.netfilter.ip_conntrack_max = 819200
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_max_tw_buckets = 51200
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_reordering = 5
net.ipv4.tcp_retrans_collapse = 0
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_sack = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv6.conf.all.disable_ipv6 = 1
_sysctl
source /etc/profile
sysctl -e -p
/etc/init.d/avahi-daemon stop
/etc/init.d/yum-updatesd stop
chkconfig avahi-daemon off
chkconfig yum-updatesd off
7、生成comps.xml文件
[root@localhost ~]# cd /data/OS
[root@localhost ~]# createrepo -g repodata/0dae8d32824acd9dbdf7ed72f628152dd00b85e4bd802e6b46e4d7b78c1042a3-c6-x86_64-comps.xml /data/OS/
8、让系统启动读开始,ks.cfg的内容
修改lable linux
[root@localhost ~]# vi /data/OS/isolinux/isolinux.cfg
label linux
menu label ^Install or upgrade an existing system
menu default
kernel vmlinuz
append ks=cdrom:/isolinux/ks.cfg initrd=initrd.img
9、生成ISO镜像文件
[root@localhost ~]# declare -x discinfo=`head -1 .discinfo`
[root@localhost ~]# createrepo -u "media://$discinfo" -g repodata/0dae8d32824acd9dbdf7ed72f628152dd00b85e4bd802e6b46e4d7b78c1042a3-c6-x86_64-comps.xml /data/OS/