自己定制的一份kickstart.cfg
安装系统版本:CentOS 6.3 x86_64 最小化安装
安装完成之后需要执行network_setting.sh 、ssh_setting.sh和sudo_setting三个文件。分别设置网络IP,SSH RSA key的设置,为test用户添加sudo权限。
- # Kickstart file automatically generated by anaconda.
- #version=DEVEL
- install
- #cdrom
- text
- lang en_US.UTF-8
- keyboard us
- network --onboot no --device eth0 --bootproto dhcp --noipv6
- network --onboot no --device eth1 --bootproto dhcp --noipv6
- rootpw --iscrypted $6$FLLlvfqZKzvs/9bu$oflTVbcg8ZDgfCvBCDeyIBrgswymV7.W6ZoKc0Ona0GT/SCmBvMokbD2Ty86GH.qMOzXKlh6fTUQJRq4C50FC1
- firewall --service=ssh
- authconfig --enableshadow --passalgo=sha512
- selinux --disabled
- timezone --utc Asia/Shanghai
- url --url=ftp://10.10.10.5/pub
- bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
- # The following is the partition information you requested
- # Note that any partitions you deleted are not expressed
- # here so unless you clear all partitions first, this is
- # not guaranteed to work
- zerombr
- clearpart --all --initlabel
- part /boot --fstype=ext4 --size=200
- part swap --size=1024
- part / --fstype=ext4 --grow --size=1
- #repo --name="CentOS" --baseurl=cdrom:sr0 --cost=100
- reboot
- %packages --nobase
- @core
- %post
- if [ ! -e /root/network_setting.sh ];
- then
- touch /root/network_setting.sh
- fi
- cat << EOF > /root/network_setting.sh
- #!/bin/bash
- #
- ###Initializing
- ###Write by cGc
- ###Use for Server
- #
- #
- ####[ Netwok Interface Setting ]##################
- cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/bak-ifcfg-eth0-bak
- cp /etc/sysconfig/network-scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/bak-ifcfg-eth1-bak
- read -p "Keyin em1's IP address: " EM1
- read -p "Keyin em2's IP address: " EM2
- read -p "Keyin NETMASK: " NMASK
- read -p "Keyin GATEWAY: " GWAY
- read -p "Keyin DNS1 address: " DNS1
- read -p "Keyin DNS2 address: " DNS2
- #EM1=192.168.30.2
- #EM2=192.168.80.2
- #NMASK=255.255.255.0
- #GWAY=192.168.30.1
- #DNS1=202.96.128.86
- #DNS2=8.8.8.8
- echo "Configure ifcfg-eth0 ......"
- echo "IPADDR=\${EM1}" >> /etc/sysconfig/network-scripts/ifcfg-eth0
- echo "NETMASK=\${NMASK}" >> /etc/sysconfig/network-scripts/ifcfg-eth0
- echo "GATEWAY=\${GWAY}" >> /etc/sysconfig/network-scripts/ifcfg-eth0
- echo "DNS1=\${DNS1}" >> /etc/sysconfig/network-scripts/ifcfg-eth0
- echo "DNS2=\${DNS2}" >> /etc/sysconfig/network-scripts/ifcfg-eth0
- sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="none"/g' /etc/sysconfig/network-scripts/ifcfg-eth0
- sed -i 's/NM_CONTROLLED="yes"/NM_CONTROLLED="no"/g' /etc/sysconfig/network-scripts/ifcfg-eth0
- sed -i 's/ONBOOT="no"/ONBOOT="yes"/g' /etc/sysconfig/network-scripts/ifcfg-eth0
- echo "Configure ifcfg-eth0 ......OK"
- sleep 2
- echo "Configure ifcfg-eth1 ......"
- echo "IPADDR=\${EM2}" >> /etc/sysconfig/network-scripts/ifcfg-eth1
- echo "NETMASK=\${NMASK}" >> /etc/sysconfig/network-scripts/ifcfg-eth1
- echo "GATEWAY=\${GWAY}" >> /etc/sysconfig/network-scripts/ifcfg-eth1
- echo "DNS1=\${DNS1}" >> /etc/sysconfig/network-scripts/ifcfg-eth1
- echo "DNS2=\${DNS2}" >> /etc/sysconfig/network-scripts/ifcfg-eth1
- sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="none"/g' /etc/sysconfig/network-scripts/ifcfg-eth1
- sed -i 's/NM_CONTROLLED="yes"/NM_CONTROLLED="no"/g' /etc/sysconfig/network-scripts/ifcfg-eth1
- sed -i 's/ONBOOT="no"/ONBOOT="yes"/g' /etc/sysconfig/network-scripts/ifcfg-eth1
- echo "Configure ifcfg-eth1......OK"
- /etc/init.d/network restart
- EOF
- %post
- if [ ! -e /root/ssh_setting.sh ];
- then
- touch /root/ssh_setting.sh
- fi
- cat << EOF > /root/ssh_setting.sh
- #!/bin/bash
- UPWD=/home/test
- grep 'test' /etc/passwd
- if [ "\$?" != "0" ];
- then
- useradd -d \$UPWD test
- echo "test" | passwd --stdin test
- fi
- if [ ! -d \$UPWD/.ssh ];
- then
- mkdir \$UPWD/.ssh
- fi
- if [ ! -f \$UPWD/.ssh/authorized_keys ];
- then
- touch \$UPWD/.ssh/authorized_keys
- fi
- echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuw9EuwbjC7tLw9Z1OUZfYps6Kj/QC1Z3AauJA5J/bUXN1oPjmnBMjVWxak7tA+fYX6Rz182I2D/NvrEL6RNShSUq4OIcWkSk6lh6kFUvY4eTtB6fa65CuRZs82+wRil89p8DIl9kS1ZTI2Mtg8oZh3BPSlE4xq6V/LAQTkAo/O/57SeXscsvtCzzt/ffHNxhi3cAhSWnCZbe3ZspNxO34w1vHNgOKUwvQxPkHV083cjhvWZThxgYG8DV/QAU1TbLvnodbhXVGPPk/yLGT1YnQ57BAvIiEMc/kl2gg6hs326/7NWwwZWKFH3RjPXPCUB7BD+pfa3wq61tWf5S+WWo5w== test" > \$UPWD/.ssh/authorized_keys
- chmod 755 \$UPWD/.ssh
- chown test:test \$UPWD/.ssh
- chmod 600 \$UPWD/.ssh/authorized_keys
- chown test:test \$UPWD/.ssh/authorized_keys
- ####[ Openssh RSA configure ]#####################
- cp /etc/ssh/sshd_config /etc/ssh/sshd_config-bak
- sed -i 's/#Port 22/Port 3220/g' /etc/ssh/sshd_config
- sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
- sed -i 's/#RSAAuthentication yes/RSAAuthentication yes/g' /etc/ssh/sshd_config
- sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
- /etc/init.d/sshd restart
- EOF
- %post
- if [ -e /etc/sysconfig/iptables ];
- then
- mv /etc/sysconfig/iptables /etc/sysconfig/iptables-backup
- fi
- if [ ! -e /etc/sysconfig/iptables ];
- then
- touch /etc/sysconfig/iptables
- fi
- cat << EOF > /etc/sysconfig/iptables
- # Firewall configuration written by system-config-firewall
- # Manual customization of this file is not recommended.
- *nat
- :PREROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- -A POSTROUTING -o eth+ -j MASQUERADE
- COMMIT
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 3220 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 10050 -j ACCEPT
- -A INPUT -m state --state NEW -m udp -p udp --dport 10050 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 10051 -j ACCEPT
- -A INPUT -m state --state NEW -m udp -p udp --dport 10051 -j ACCEPT
- -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A FORWARD -p icmp -j ACCEPT
- -A FORWARD -i lo -j ACCEPT
- -A FORWARD -o eth+ -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- COMMIT
- EOF
- %post
- if [ ! -e /etc/sudoers ];
- then
- touch /root/sudo_setting.sh
- fi
- cat << EOF > /root/sudo_setting.sh
- if [ -e /etc/sudoers ];
- then
- yum -y install sudo vim
- echo "test ALL=(ALL) ALL" >> /etc/sudoers
- fi
- EOF
- %end
最后的修改过之后可以在DELL R620上使用的脚本。
- # Kickstart file automatically generated by anaconda.
- #version=DEVEL
- install
- cdrom
- lang en_US.UTF-8
- keyboard us
- network --onboot no --device em1 --bootproto dhcp --noipv6
- network --onboot no --device em2 --bootproto dhcp --noipv6
- network --onboot no --device em3 --bootproto dhcp --noipv6
- network --onboot no --device em4 --bootproto dhcp --noipv6
- rootpw --iscrypted $6$3euEPd1Gsqsd6DzA$VbAspvlUuNzFXCrbPmtFxuXuH5g1wd91M9yzg9TLe1/G0dhsrgUrAkqPdGeuaDYD1TdRQUx3O6bIi81v9Bw1z1
- # Reboot after installation
- reboot
- firewall --service=ssh
- authconfig --enableshadow --passalgo=sha512
- selinux --disabled
- timezone --utc Asia/Shanghai
- bootloader --location=mbr --driveorder=sdb --append="crashkernel=auto rhgb quiet"
- # The following is the partition information you requested
- # Note that any partitions you deleted are not expressed
- # here so unless you clear all partitions first, this is
- # not guaranteed to work
- zerombr
- clearpart --all --initlabel
- part /boot --fstype=ext4 --size=200
- part swap --size=16384
- part / --fstype=ext4 --grow --size=1
- #repo --name="CentOS" --baseurl=cdrom:sr0 --cost=100
- %packages --nobase
- @Core
- %post
- if [ ! -e /root/network_setting.sh ];
- then
- touch /root/network_setting.sh
- fi
- cat << EOF > /root/network_setting.sh
- #!/bin/bash
- #
- ###Initializing
- ###Write by cGc
- ###Use for DELL Server
- #
- #
- ####[ Netwok Interface Setting ]##################
- cp /etc/sysconfig/network-scripts/ifcfg-em1 /etc/sysconfig/network-scripts/bak-ifcfg-em1-bak
- cp /etc/sysconfig/network-scripts/ifcfg-em2 /etc/sysconfig/network-scripts/bak-ifcfg-em2-bak
- read -p "Keyin em1's IP address: " EM1
- read -p "Keyin em2's IP address: " EM2
- read -p "Keyin NETMASK: " NMASK
- read -p "Keyin GATEWAY: " GWAY
- read -p "Keyin DNS1 address: " DNS1
- read -p "Keyin DNS2 address: " DNS2
- #EM1=192.168.30.2
- #EM2=192.168.80.2
- #NMASK=255.255.255.0
- #GWAY=192.168.30.1
- #DNS1=202.96.128.86
- #DNS2=8.8.8.8
- echo "Configure ifcfg-em1 ......"
- echo "IPADDR=\${EM1}" >> /etc/sysconfig/network-scripts/ifcfg-em1
- echo "NETMASK=\${NMASK}" >> /etc/sysconfig/network-scripts/ifcfg-em1
- echo "GATEWAY=\${GWAY}" >> /etc/sysconfig/network-scripts/ifcfg-em1
- echo "DNS1=\${DNS1}" >> /etc/sysconfig/network-scripts/ifcfg-em1
- echo "DNS2=\${DNS2}" >> /etc/sysconfig/network-scripts/ifcfg-em1
- sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="none"/g' /etc/sysconfig/network-scripts/ifcfg-em1
- sed -i 's/NM_CONTROLLED="yes"/NM_CONTROLLED="no"/g' /etc/sysconfig/network-scripts/ifcfg-em1
- sed -i 's/ONBOOT="no"/ONBOOT="yes"/g' /etc/sysconfig/network-scripts/ifcfg-em1
- echo "Configure ifcfg-em1 ......OK"
- sleep 2
- echo "Configure ifcfg-em2 ......"
- echo "IPADDR=\${EM2}" >> /etc/sysconfig/network-scripts/ifcfg-em2
- echo "NETMASK=\${NMASK}" >> /etc/sysconfig/network-scripts/ifcfg-em2
- echo "GATEWAY=\${GWAY}" >> /etc/sysconfig/network-scripts/ifcfg-em2
- echo "DNS1=\${DNS1}" >> /etc/sysconfig/network-scripts/ifcfg-em2
- echo "DNS2=\${DNS2}" >> /etc/sysconfig/network-scripts/ifcfg-em2
- sed -i 's/BOOTPROTO="dhcp"/BOOTPROTO="none"/g' /etc/sysconfig/network-scripts/ifcfg-em2
- sed -i 's/NM_CONTROLLED="yes"/NM_CONTROLLED="no"/g' /etc/sysconfig/network-scripts/ifcfg-em2
- sed -i 's/ONBOOT="no"/ONBOOT="yes"/g' /etc/sysconfig/network-scripts/ifcfg-em2
- echo "Configure ifcfg-em2......OK"
- /etc/init.d/network restart
- EOF
- %post
- if [ ! -e /root/ssh_setting.sh ];
- then
- touch /root/ssh_setting.sh
- fi
- cat << EOF > /root/ssh_setting.sh
- #!/bin/bash
- UPWD=/home/test
- grep 'test' /etc/passwd
- if [ "\$?" != "0" ];
- then
- useradd -d \$UPWD test
- echo "test" | passwd --stdin test
- fi
- if [ ! -d \$UPWD/.ssh ];
- then
- mkdir \$UPWD/.ssh
- fi
- if [ ! -f \$UPWD/.ssh/authorized_keys ];
- then
- touch \$UPWD/.ssh/authorized_keys
- fi
- echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuw9EuwbjC7tLw9Z1OUZfYps6Kj/QC1Z3AauJA5J/bUXN1oPjmnBMjVWxak7tA+fYX6Rz182I2D/NvrEL6RNShSUq4OIcWkSk6lh6kFUvY4eTtB6fa65CuRZs82+wRil89p8DIl9kS1ZTI2Mtg8oZh3BPSlE4xq6V/LAQTkAo/O/57SeXscsvtCzzt/ffHNxhi3cAhSWnCZbe3ZspNxO34w1vHNgOKUwvQxPkHV083cjhvWZThxgYG8DV/QAU1TbLvnodbhXVGPPk/yLGT1YnQ57BAvIiEMc/kl2gg6hs326/7NWwwZWKFH3RjPXPCUB7BD+pfa3wq61tWf5S+WWo5w== test" > \$UPWD/.ssh/authorized_keys
- chmod 755 \$UPWD/.ssh
- chown test:test \$UPWD/.ssh
- chmod 600 \$UPWD/.ssh/authorized_keys
- chown test:test \$UPWD/.ssh/authorized_keys
- ####[ Openssh RSA configure ]#####################
- cp /etc/ssh/sshd_config /etc/ssh/sshd_config-bak
- sed -i 's/#Port 22/Port 3220/g' /etc/ssh/sshd_config
- sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
- sed -i 's/#RSAAuthentication yes/RSAAuthentication yes/g' /etc/ssh/sshd_config
- sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
- /etc/init.d/sshd restart
- EOF
- %post
- if [ -e /etc/sysconfig/iptables ];
- then
- mv /etc/sysconfig/iptables /etc/sysconfig/iptables-backup
- fi
- if [ ! -e /etc/sysconfig/iptables ];
- then
- touch /etc/sysconfig/iptables
- fi
- cat << EOF > /etc/sysconfig/iptables
- # Firewall configuration written by system-config-firewall
- # Manual customization of this file is not recommended.
- *nat
- :PREROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- -A POSTROUTING -o eth+ -j MASQUERADE
- COMMIT
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 3220 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 10050 -j ACCEPT
- -A INPUT -m state --state NEW -m udp -p udp --dport 10050 -j ACCEPT
- -A INPUT -m state --state NEW -m tcp -p tcp --dport 10051 -j ACCEPT
- -A INPUT -m state --state NEW -m udp -p udp --dport 10051 -j ACCEPT
- -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A FORWARD -p icmp -j ACCEPT
- -A FORWARD -i lo -j ACCEPT
- -A FORWARD -o eth+ -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- COMMIT
- EOF
- %post
- if [ ! -e /etc/sudoers ];
- then
- touch /root/sudo_setting.sh
- fi
- cat << EOF > /root/sudo_setting.sh
- if [ ! -e /etc/sudoers ];
- then
- yum -y install sudo vim
- echo "test ALL=(ALL) ALL" >> /etc/sudoers
- fi
- EOF
- %end