cobbler ks文件

CentOS-7.ks
# version=2018-02-22
# System authorization information
auth  --useshadow  --enablemd5 --passalgo=sha512
# Use CDROM installation media
# cdrom
# Install OS instead of upgrade  
install
# Use text mode install
text
# Do not configure the X Window System
skipx
# Run the Setup Agent on first boot
firstboot --disable
ignoredisk --only-use=sda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8 --addsupport=zh_CN.UTF-8
 
# Network information
network --bootproto=static --gateway=172.17.1.253 --ip=172.17.1.77 --netmask=255.255.255.0 --nameserver=223.5.5.5 --noipv6 --activate --hostname=localhost.localdomain
 
# Root password
rootpw --iscrypted $default_password_crypted
# openssl passwd -1 "your_password"
user --name=user01 --password='\$1\$DbEj8xw7\$hYvwLjCAtXa9CB/Z4OXJm1' --iscrypted --gecos="user01"
# Service configuration  
firewall --disabled
selinux --disabled
# System timezone
timezone Asia/Shanghai --isUtc --nontp
# Use network installation
url --url=$tree
# Clear the Master Boot Record
zerombr
# Reboot after installation
reboot
# System bootloader configuration
bootloader --append=" crashkernel=auto" --location=mbr
# Partition clearing information
clearpart --all --initlabel
part /boot --asprimary --fstype="xfs" --mkfsoptions='-n ftype=1' --size=512
part / --asprimary --fstype="xfs" --mkfsoptions='-n ftype=1' --grow --size=1
 
%pre
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# Network information
$SNIPPET('network_config')
$SNIPPET('log_ks_pre')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
$SNIPPET('kickstart_start')
%end
 
%packages
@^minimal
@core
kexec-tools
crash
iptables
iptables-services
vim-enhanced
wget
net-tools
lvm2
screen
tmux
rsync
lrzsz
tree
zip
xz
unzip
ntpdate
sysstat
strace
bind-utils
hdparm
smartmontools
iotop
dstat
nmap
mtr
tcpdump
ipmitool
pciutils
parted
man-db
bash-completion
ncurses-devel
gcc
mlocate
lsof
%end
 
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
 
# THIS SECTION MUST BE USED WITH "cobbler repo add"...
%post
# yum installing private packages
$yum_config_stanza
# MUST DISABLE OTHER REPO COZ OFFLINE!
yum --disablerepo=\* --enablerepo=misc-rpms install -y iftop nethogs htop jdk1.8.0_112 jq epel-release MegaCli storcli
mv /etc/yum.repos.d/cobbler-config.repo{,.bak}
%end
 
%post
# MegaCli & storcli alias
ln -s /opt/MegaRAID/MegaCli/MegaCli64 /usr/local/bin/MegaCli
ln -s /opt/MegaRAID/MegaCli/MegaCli64 /usr/local/bin/megacli
ln -s /opt/MegaRAID/storcli/storcli64 /usr/local/bin/storcli
curl http://@@http_server@@/cobbler/pub/tmux.conf -o /etc/tmux.conf
# start optimizing & customization
chmod +x /etc/rc.d/rc.local
systemctl disable firewalld
# disable Ctrl+Alt+Del
systemctl mask ctrl-alt-del.target
systemctl daemon-reload
 
# sudoers
echo "user01 ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
# ssh
sed -i 's/#Port 22/Port 2222/g' /etc/ssh/sshd_config
sed -i -e "/GSSAPIAuthentication/s/yes/no/g" -e "/GSSAPICleanupCredentials/s/yes/no/g" -e"s/^#UseDNS\ no/UseDNS\ no/" -e"s/^#UseDNS\ yes/UseDNS\ no/" /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
echo "AllowUsers user01" >> /etc/ssh/sshd_config
systemctl restart sshd
 
# ntpdate & timezone
ntpdate ntp1.aliyun.com && clock -w
if [ "`cat /etc/crontab | grep ntpdate`" = "" ]; then
echo "0 */3 * * * root /usr/sbin/ntpdate ntp1.aliyun.com >> /var/log/ntpdate.log" >> /etc/crontab
fi
systemctl restart crond
 
#raw
# History
mkdir /usr/share/.usermonitor/ && touch /usr/share/.usermonitor/usermonitor.log && chmod 002 /usr/share/.usermonitor/usermonitor.log
cat >> /etc/profile << 'EOF'
export HISTORY_FILE=/usr/share/.usermonitor/usermonitor.log
export PROMPT_COMMAND='{ echo "time="$(date "+%Y-%m-%dT%H:%M:%S")"#user="$(who am i |awk "{print \$1}")"#ip="$(who am i | awk "{print \$NF}" | grep -oP "[\d.]+")"#command="$(history 1 | { read x cmd; echo "$cmd"; });} >> $HISTORY_FILE'
shopt -s histappend
EOF
#end raw
 
# system tune
cat > /etc/security/limits.d/20-nproc.conf <<'EOF'
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.
 
#nproc
*          soft    nproc     65535
root       soft    nproc     unlimited
*          hard    nproc     65535
root       hard    nproc     unlimited
#nofile
*          soft    nofile     65535
*          hard    nofile     65535
EOF
 
cat >> /etc/systemd/system.conf <<'EOF'
DefaultLimitCORE=infinity
DefaultLimitNOFILE=100000
DefaultLimitNPROC=100000
EOF
 
cat >>  /etc/systemd/user.conf <<'EOF'
DefaultLimitCORE=infinity
DefaultLimitNOFILE=100000
DefaultLimitNPROC=100000
EOF
 
#custom
cat >> /etc/bashrc <<'EOF'
export EDITOR=/usr/bin/vim
EOF
 
source /etc/bashrc
 
cat >> /etc/sysctl.conf <<'EOF'
net.ipv4.ip_forward = 1
net.core.netdev_max_backlog = 262144
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.route.gc_timeout = 20
net.ipv4.ip_local_port_range = 1025 65535
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_keepalive_time = 120
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_max_tw_buckets = 200000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_wmem = 8192 131072 16777216
net.ipv4.tcp_rmem = 32768 131072 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
EOF
 
# yxs
cat >> /etc/modules-load.d/netfilter.conf << EOF
nf_conntrack
nf_conntrack_ipv4
EOF
 
modprobe nf_conntrack
modprobe nf_conntrack_ipv4
 
cat >> /etc/sysctl.conf << EOF
net.core.somaxconn = 16384
net.netfilter.nf_conntrack_max = 655350
net.netfilter.nf_conntrack_tcp_timeout_established = 1200
EOF
 
/sbin/sysctl -p
 
$SNIPPET('kickstart_done')
$SNIPPET('post_install_network_config')
%end
 
# swap_file
%post
dd if=/dev/zero of=/swapfile bs=1G count=20
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile	swap	swap	defaults	0 0' >> /etc/fstab
%end
 
%post
echo "ccobbler installed on `/bin/date`" > /etc/os_install  
%end

1)
第一个 %post 区块实现
  • linux/os_provision/cobbler_ks文件.txt
  • 最后更改: 2019/04/16 18:31
  • (外部编辑)