自动化部署笔记・Cobbler安装脚本（二）

脚本背景

   为了应对系统工程组长时间在外出差给客户部署并演示公司产品，我们也迫切需要一个可以快速、批量并且还能对定制化修改的工具来缩短在部署操作系统上所花掉的时间。同时，为了客户操作系统能够快速的注册到Puppet Server 服务器，我们也需要将Puppet集成到部署服务里面，所以我们选择了Cobbler。目前Cobbler能够完美的集成Puppet服务，这给我们部署环境节省了大量的时间。本文也在再次记录了在也安装过程为作为项目组的自动化运维工具集成打下前期基础。

运行环境

OS：CentOS release 6.3 x86_64 (Final)

脚本结构

主要包括以下几部分

1.  conf/server_deploy.conf 脚本部署主要外置环境变量

2.  COPY_FILES安装过程中需要拷贝的文件

   1).用户公钥（项目集成，非必须）

   2).kisckstarts文件

   3).cobbler系统安装引导文件    

   4).Snippets系统定制脚本

   5).yum软件源配置（项目集成，非必须）

3.packages

   1).Autodeploy本地源所需软件包（项目集成，非必须）

   2).Cobbler安装文件rpm包

4.Cobbler_ChangeMe.sh    后期维护使用脚本

5.create_user.sh         创建用户脚本（项目集成，非必须）

6.optimize_kernel.sh     系统优化脚本（项目集成，非必须）

7.server_deploy.sh       Cobbler主部署脚本

脚本内容

1.1  server_deploy.sh

#### 基础设置 ####
# 域名
domain_suffix=cloud.com
# 本机主机名
srv_short_hostname=auto
srv_hostname=${srv_short_hostname}.${domain_suffix}
# 本机IP地址
srv_ip=10.1.0.250
#### NTP 设置 ####
NTP_SERVER=$srv_ip
#### 本机DHCP设置 ####
dns_server=$srv_ip
next_server=$srv_ip
#DHCP子网
dhcp_subnet=10.1.0.0
#子网掩码
dhcp_netmask=255.255.254.0
#DHCP开始地址
dhcp_range_start=10.1.0.200
#DHCP结束地址
dhcp_range_end=10.1.0.240
#网关
gateway=10.1.0.1
#### Cobbler 设置 ####
## 配置多个客户端的系统 Start ##
## 操作系统 1
clientOS[0]=CentOS6.3
clientArch[0]=x86_64
# 通过本地ISO文件，来创建cobbler的库（如果不存在会尝试从CDROM创建）
isoFile1[0]=/opt/software/CentOS-6.3-x86_64-bin-DVD1.iso
isoFile2[0]=/opt/software/CentOS-6.3-x86_64-bin-DVD2.iso
# 操作系统 2
clientOS[1]=CentOS6.4
clientArch[1]=x86_64
# 通过本地ISO文件，来创建cobbler的库（如果不存在会尝试从CDROM创建）
isoFile1[1]=/opt/software/CentOS-6.4-x86_64-bin-DVD1.iso
isoFile2[1]=/opt/software/CentOS-6.4-x86_64-bin-DVD2.iso
## 配置多个客户端的系统 END ##
# 被安装的操作系统ROOT密码
# openssl passwd -1 -salt 'cloud' 'cloud'
# $1$cloud$v4cy8ItxPZLX8ybgkgrvT.
cobbler_client_root_passwd='$1$cloud$v4cy8ItxPZLX8ybgkgrvT.'
# 设置cobbler服务的WEB登陆密码
# htdigest /etc/cobbler/users.digest "Cobbler" admin ZAQ!xsw2
# user:admin
# passwd:ZAQ!xsw2
cobbler_web_cobbler_login="admin:Cobbler:12343e633e8d30ab2645a6731ffee822"

2.1.  用户公钥(略，用ssh-keygen即可生成)

2.2.  kickstart文件

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url=$tree
#the dirver of raid,and "http://url" use the cobbler server IP.the dirver upload /var/www/html/
#driverdisk  --source=http://10.10.11.49/megasr-15.01.2013.0115-1-rhel63-ga-x86_64.img
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# Root password
rootpw --iscrypted $default_password_crypted
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Network information
$SNIPPET('network_config')
# Reboot after installation
reboot
# System timezone
timezone  Asia/Chongqing
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
#########################################
# Disk partitioning information.
# As well as your env.
part /boot --fstype="ext4" --size=200
part swap --fstype="swap" --size=32768
part pv.01 --size=1 --grow
volgroup vg_root pv.01
logvol  /  --vgname=vg_root  --size=204800  --name=lv_root
#########################################
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
$SNIPPET('puppet_install_if_enabled') #install puppet when the os installing
@additional-devel
@base
@chinese-support
@console-internet
@core
@debugging
@development
@directory-client
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
@system-management-snmp
@server-platform
@server-platform-devel
@server-policy
@system-admin-tools
yum-plugin-priorities
libXinerama-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
libXau-devel
libgcrypt-devel
popt-devel
libXrandr-devel
libxslt-devel
libglade2-devel
gnutls-devel
pax
oddjob
sgpio
mtools
systemtap-client
jpackage-utils
certmonger
pam_krb5
krb5-workstation
perl-DBD-SQLite
screen
tree
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('puppet_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
##### Start to customize client OS #####
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:$PATH
# SELinux iptables
chkconfig ip6tables off
service ip6tables stop
service iptables start
iptables -F
iptables -X
service iptables save
service ntpd stop
sed -i "/0.centos.pool.ntp.org/i server ${NTP_SERVER} prefer" /etc/ntp.conf
/usr/sbin/ntpdate $NTP_SERVER && /sbin/hwclock -w
chkconfig ntpd on
service ntpd start
username=mg
groupadd -g 1000 ${username}
useradd -u 1000 -g root ${username}
mkdir /home/${username}/.ssh
chmod 700 /home/${username}/.ssh
touch /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFeJzvel8YAXWBF9qUO8ov5gY+83O0aOL4sPL45fO8kdXc7qCQkcjnsFshbBMBh5EjlFqrM8gv4n7oV2kQbIC0+rprMWIYl4L479dPeIBvcwe3oCw/3Jmt5i3tzG8s/2r0HYryU79b/JUJ7ANvdxeAKAEqs76aFKvg5o2jtNu/DB82KaUZ6n8wgJeR0WR1obhSCsyqz/eZF9lRzSfoBoeX+Y9oq8WqkGHzBV2fS1a1Rf3t3IsGKxHl8O1gqQtW5/0rP+TXgl+hxOZQKxPRjxjyG8fxmdktK0j+rJSP9iiBS7kHgxZZnQHSd+W5mQZCm6at4hXy/zXGv9IL71FvU1Pw==' >> /home/${username}/.ssh/authorized_keys
chown -R ${username}:${username} /home/${username}/.ssh
filePath="/home/${username}/.ssh/config"
cat <<EOF > "$filePath"
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chown -R ${username}:${username} /home/${username}/.ssh
username=autodep
groupadd -g 1001 ${username}
useradd -u 1001 -g root ${username}
mkdir /home/${username}/.ssh
chmod 700 /home/${username}/.ssh
touch /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvw0Shufrg3L3p2pq5opjeywDNJ83o5VlkWiicHmiNRe7mqfA/lGw466COQ5XuQjagRejMh8oQ2SRyZk/4j2jnRCGB3YorNE+fjXmdFcf11Z5oN8MyeX8OnE7tCZLRFiXrOgw8xRaGnW1Jw3lpejzZErtjpVJY9gkFJmSH1eZStj5bLP7enni26gLg2Fb8LjrZJxbiHwEoMuIDW3WzFP2ASwoQq+nr6lLK61kP1QL443AXM9hkqKi0AXTaOvdjokKsD7i+VrlhWXQINQoAxttphJwSNLEGKh+K6gMpwRYoeC2AZmoLBDyrX/sJPcKQCTiuL8c4mXItWThfDyJPtkV6Q==' >> /home/${username}/.ssh/authorized_keys
filePath="/home/${username}/.ssh/config"
cat <<EOF > "$filePath"
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chown -R ${username}:${username} /home/${username}/.ssh
username=www
groupadd -g 1100 ${username}
useradd -u 1100 -g ${username} ${username}
username=zabbix
groupadd -g 1101 ${username}
useradd -u 1101 -g ${username} ${username}
echo 'mg        ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers
echo 'autodep   ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers
mkdir -p /etc/yum.repos.d/useless
mv /etc/yum.repos.d/CentOS-* /etc/yum.repos.d/useless
mkdir -p /opt/server
mkdir -p /opt/software
mkdir -p /opt/apps
service abrt-ccpp stop
chkconfig abrt-ccpp off
sercice abrt-oops stop
chkconfig abrt-oops off
service abrtd stop
chkconfig abrtd off
service acpid stop
chkconfig acpid off
service atd stop
chkconfig atd off
service autitd stop
chkconfig autitd off
service autofs stop
chkconfig autofs off
service avahi-daemon stop
chkconfig avahi-daemon off
service certmonger stop
chkconfig certmonger off
service cpuspeed start
chkconfig cpuspeed on
service cups stop
chkconfig cups off
service haldaemon start
chkconfig haldaemon on
# service kdump stop
# chkconfig kdump off
service mdmonitor stop
chkconfig mdmonitor off
service netfs stop
chkconfig netfs off
service nfslock stop
chkconfig nfslock off
service rpcbind stop
chkconfig rpcbind off
# service rpcgssd stop
# chkconfig rpcgssd off
service rpcidmapd stop
chkconfig rpcidmapd off
service rpcsvcgssd stop
chkconfig rpcsvcgssd off
echo "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo "net.core.somaxconn = 4096"  >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_orphans = 327680"  >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 30" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024   65000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 8192" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 4096 4096 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 4096 4096 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_sack = 0" >> /etc/sysctl.conf
echo "fs.file-max = 1300000" >> /etc/sysctl.conf
sysctl -p
sed -i "s/exec .*/#exec \/sbin\/shutdown -r now s\"Control-Alt-Delete pressed\"/g" /etc/init/control-alt-delete.conf
sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
sed -i "s/^GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/g" /etc/ssh/sshd_config
sed -i "s/^GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
rm -rf /etc/udev/rules.d/70-persistent-net.rules
ln -s /dev/null /etc/udev/rules.d/70-persistent-net.rules
##### End to customize client OS #####
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
%end

2.3.  cobbler系统安装引导文件

COPYING.elilo       COPYING.syslinux        COPYING.yaboot      elilo-ia64.efi      grub-x86.efi
grub-x86_64.efi     menu.c32                pxelinux.0          README              yaboot

2.4.  snippets定制化脚本（集成puppet）

puppet_register_if_enabled 客户服务器自动注册到Puppet Server

#if $str($getVar('puppet_auto_setup','')) == "1"
# generate puppet certificates and trigger a signing request, but
# don't wait for signing to complete
echo "      report = true"       >> /etc/puppet/puppet.conf
echo "      server = #puppet_dns#"  >> /etc/puppet/puppet.conf
echo "      pluginsync = true"   >> /etc/puppet/puppet.conf
/usr/bin/puppet --test --waitforcert 0
# turn puppet service on for reboot
/sbin/chkconfig puppet on
#end if

2.5.  yum软件源配置（项目集成，非必须）

[core-0]
name=core-0
baseurl=http://localhost/cobbler/ks_mirror/CentOS6.3-x86_64
enabled=1
gpgcheck=0
priority=1
[CentOS6-x86_64-Autodeploy]
name=CentOS6-x86_64-Autodeploy
baseurl=http://localhost/cobbler/repo_mirror/CentOS6-x86_64-Autodeploy
enabled=1
priority=50
gpgcheck=0

3.1  Autodeploy本地源所需软件包（项目集成，非必须，根据自己需要添加）

3.2  Cobbler安装文件rpm包

apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm      dhclient-4.1.1-34.P1.el6.centos.x86_64.rpm     libyaml-0.1.3-1.el6.x86_64.rpm                      python-pygments-1.1.1-1.el6.noarch.rpm
bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm        dhcp-4.1.1-34.P1.el6.centos.x86_64.rpm         modcluster-0.16.2-20.el6.x86_64.rpm                 python-simplejson-2.0.9-3.1.el6.x86_64.rpm
bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm   dhcp-common-4.1.1-34.P1.el6.centos.x86_64.rpm  mod_ssl-2.2.15-28.el6.centos.x86_64.rpm             python-suds-0.4.1-3.el6.noarch.rpm
bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm  Django-1.3.7-1.el6.noarch.rpm                  mod_wsgi-3.2-3.el6.x86_64.rpm                       PyYAML-3.10-3.el6.x86_64.rpm
clusterlib-3.0.12.1-49.el6.x86_64.rpm         fence-agents-3.1.5-25.el6_4.2.x86_64.rpm       openais-1.1.1-7.el6.x86_64.rpm                      ricci-0.16.2-63.el6.x86_64.rpm
cman-3.0.12.1-49.el6.x86_64.rpm               fence-virt-0.2.3-13.el6.x86_64.rpm             openaislib-1.1.1-7.el6.x86_64.rpm                   sg3_utils-1.28-4.el6.x86_64.rpm
cobbler-2.2.3-2.el6.noarch.rpm                genisoimage-1.1.9-12.el6.x86_64.rpm            perl-Net-Telnet-3.03-11.el6.noarch.rpm              telnet-0.17-47.el6_3.1.x86_64.rpm
cobbler-web-2.2.3-2.el6.noarch.rpm            httpd-2.2.15-28.el6.centos.x86_64.rpm          pexpect-2.3-6.el6.noarch.rpm                        tftp-server-0.49-7.el6.x86_64.rpm
corosync-1.4.1-15.el6_4.1.x86_64.rpm          httpd-tools-2.2.15-28.el6.centos.x86_64.rpm    pykickstart-1.74.12-1.el6.noarch.rpm                xinetd-2.3.14-38.el6.x86_64.rpm
corosynclib-1.4.1-15.el6_4.1.x86_64.rpm       ipmitool-1.8.11-14.el6_4.1.x86_64.rpm          python-cheetah-2.4.1-1.el6.x86_64.rpm
createrepo-0.9.9-17.el6.noarch.rpm            libibverbs-1.1.6-5.el6.x86_64.rpm              python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm
deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm   librdmacm-1.0.17-0.git4b5c1aa.el6.x86_64.rpm   python-markdown-2.0.1-3.1.el6.noarch.rpm

4.1  Cobbler_ChangeMe.sh 后期维护脚本

#!/bin/bash
#cobbler 服务器所属IP
COBBLER_SERVER_IP=
#cobbler 服务器所属子网
SUBNET=
#子网掩码
NETMASK=
#dhcp开始地址
RANGE_DHCP_IP_START=
#dhcp结束地址
RANGE_DHCP_IP_STOP=
#cobbler settings
sed -i "s/next_server:.*/next_server: ${COBBLER_SERVER_IP}/g" /etc/cobbler/settings
sed -i "s/server:.*/server: ${COBBLER_SERVER_IP}/g" /etc/cobbler/settings
#dhcp config
sed -i "s/^server-identifier.*/server-identifier ${COBBLER_SERVER_IP};/g" /etc/cobbler/dhcp.template
sed -i "s/^subnet.*/subnet ${SUBNET} netmask ${NETMASK} {/g" /etc/cobbler/dhcp.template
sed -i "16s/option routers.*/option routers ${COBBLER_SERVER_IP};/g" /etc/cobbler/dhcp.template
sed -i "17s/option domain-name-servers.*/option domain-name-servers ${COBBLER_SERVER_IP};/g" /etc/cobbler/dhcp.template
sed -i "18s/option subnet-mask.*/option subnet-mask ${NETMASK};/g" /etc/cobbler/dhcp.template
sed -i "19s/range dynamic-bootp.*/range dynamic-bootp ${RANGE_DHCP_IP_START} ${RANGE_DHCP_IP_STOP};/g" /etc/cobbler/dhcp.template
sed -i "26s/primary.*/primary ${COBBLER_SERVER_IP};/g" /etc/cobbler/dhcp.template
#http vhost for forman
sed -i "17s/<VirtualHost.*/<VirtualHost ${COBBLER_SERVER_IP}:443>/g" /etc/httpd/conf.d/foreman.conf
/etc/init.d/cobblerd restart
cobbler sync

5.1  创建用户create_user.sh（项目集成，非必须）

## 创建特权用户 mg
export username=mg
groupadd -g 1000 ${username}
useradd -u 1000 -g root ${username}
# 导入公钥
mkdir /home/${username}/.ssh
chmod 700 /home/${username}/.ssh
touch /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFeJzvel8YAXWBF9qUO8ov5gY+83O0aOL4sPL45fO8kdXc7qCQkcjnsFshbBMBh5EjlFqrM8gv4n7oV2kQbIC0+rprMWIYl4L479dPeIBvcwe3oCw/3Jmt5i3tzG8s/2r0HYryU79b/JUJ7ANvdxeAKAEqs76aFKvg5o2jtNu/DB82KaUZ6n8wgJeR0WR1obhSCsyqz/eZF9lRzSfoBoeX+Y9oq8WqkGHzBV2fS1a1Rf3t3IsGKxHl8O1gqQtW5/0rP+TXgl+hxOZQKxPRjxjyG8fxmdktK0j+rJSP9iiBS7kHgxZZnQHSd+W5mQZCm6at4hXy/zXGv9IL71FvU1Pw==' >> /home/${username}/.ssh/authorized_keys
cp ${WOKR_SPACE}/COPY_FILES/id_rsa/mg_rsa /home/${username}/.ssh/id_rsa
chmod 400 /home/${username}/.ssh/id_rsa
filePath="/home/${username}/.ssh/config"
cat <<EOF > "$filePath"
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chown -R ${username}:${username} /home/${username}/.ssh
## 创建特权用户 autodep
export username=autodep
groupadd -g 1001 ${username}
useradd -u 1001 -g root ${username}
# 导入公钥
mkdir /home/${username}/.ssh
chmod 700 /home/${username}/.ssh
touch /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvw0Shufrg3L3p2pq5opjeywDNJ83o5VlkWiicHmiNRe7mqfA/lGw466COQ5XuQjagRejMh8oQ2SRyZk/4j2jnRCGB3YorNE+fjXmdFcf11Z5oN8MyeX8OnE7tCZLRFiXrOgw8xRaGnW1Jw3lpejzZErtjpVJY9gkFJmSH1eZStj5bLP7enni26gLg2Fb8LjrZJxbiHwEoMuIDW3WzFP2ASwoQq+nr6lLK61kP1QL443AXM9hkqKi0AXTaOvdjokKsD7i+VrlhWXQINQoAxttphJwSNLEGKh+K6gMpwRYoeC2AZmoLBDyrX/sJPcKQCTiuL8c4mXItWThfDyJPtkV6Q==' >> /home/${username}/.ssh/authorized_keys
filePath="/home/${username}/.ssh/config"
cp ${WOKR_SPACE}/COPY_FILES/id_rsa/autodep_rsa /home/${username}/.ssh/id_rsa
chmod 400 /home/${username}/.ssh/id_rsa
cat <<EOF > "$filePath"
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chown -R ${username}:${username} /home/${username}/.ssh
## 创建其他用户
export username=www
groupadd -g 1100 ${username}
useradd -u 1100 -g ${username} ${username}
export username=zabbix
groupadd -g 1101 ${username}
useradd -u 1101 -g ${username} ${username}
echo 'mg        ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers
echo 'autodep   ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers

6.1  服务器内核优化脚本

#!/bin/sh
# 关闭不需要的服务
service abrt-ccpp stop
chkconfig abrt-ccpp off
service abrt-oops stop
chkconfig abrt-oops off
service abrtd stop
chkconfig abrtd off
service acpid stop
chkconfig acpid off
service atd stop
chkconfig atd off
service autitd stop
chkconfig autitd off
service autofs stop
chkconfig autofs off
service avahi-daemon stop
chkconfig avahi-daemon off
service certmonger stop
chkconfig certmonger off
service cpuspeed start
chkconfig cpuspeed on
service cups stop
chkconfig cups off
service haldaemon start
chkconfig haldaemon on
# service kdump stop
# chkconfig kdump off
service mdmonitor stop
chkconfig mdmonitor off
service netfs stop
chkconfig netfs off
service nfslock stop
chkconfig nfslock off
service rpcbind stop
chkconfig rpcbing off
# service rpcgssd stop
# chkconfig rpcgssd off
service rpcidmapd stop
chkconfig rpcidmapd off
service rpcsvcgssd stop
chkconfig rpcsvcgssd off
# 内核优化
filePath="/etc/sysctl.conf"
cat <<'EOF' >> $filePath
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 4096
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024   65000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_rmem = 4096 4096 16777216
net.ipv4.tcp_wmem = 4096 4096 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_sack = 0
fs.file-max = 1300000
EOF
sysctl -p
# 文件描述、用户最大进程数优化
filePath="/etc/security/limits.conf"
cat <<'EOF' >> $filePath
* soft noproc 65535
* hard noproc 65535
* soft nofile 65535
* hard nofile 65535
EOF

7.1  server_deploy.sh  Cobbler主安装脚本

#!/bin/sh
# 引入通用模块
export WOKR_SPACE=`dirname $0`
# 引入本脚本的配置文件
. ${WOKR_SPACE}/conf/server_deploy.conf
# 创建ISO的客户源
#     参数 1:clientOS
#     参数 2:clientArch
#     参数 3:isoFile1
#     参数 4:isoFile2
function createIsoRepos(){
    clientOS=$1
    clientArch=$2
    isoFile1=$3
    isoFile2=$4
                                                                                                                                                                     
    # 创建distro
    # 1. 通过ISO文件来创建 distro
    # mount -t iso9660 -o loop /opt/software/CentOS-6.3-x86_64-bin-DVD1.iso /mnt
    # 2. 通过CDROM中来创建 distro
    # mount -t iso9660 /dev/cdrom /mnt
    mntPath='/mnt'
    mkdir  $mntPath
    umount $mntPath
    mount -t iso9660 -o loop $isoFile1 $mntPath
    rtv=$?
    if [ $rtv -ne 0 ];then
        echo "mount 本地IOS[${isoFile1}]失败，接下来尝试mount CDROM"
        mntPath='/mnt/cdrom'
        mkdir  $mntPath
        umount $mntPath
        mount -t iso9660 /dev/cdrom $mntPath
        rtv=$?
        if [ $rtv -ne 0 ];then
            echo "mount CDROM失败：cobbler创建distro失败，排查问题后，请手动执行。"
            exit
        fi
    fi
    # 创建distro
    echo "创建distro."
    cobbler import --path=$mntPath --name=$clientOS --arch=$clientArch
    osArchName="${clientOS}-${clientArch}"
    # 配置kickstarts文件
    echo "配置kickstarts文件."
    /bin/cp -f ${WOKR_SPACE}/COPY_FILES/kickstarts/huacloud_GlusterFS.ks /var/lib/cobbler/kickstarts/huacloud_GlusterFS.ks
    cobbler profile edit --name="${osArchName}" --kickstart="/var/lib/cobbler/kickstarts/huacloud_GlusterFS.ks" --ksmeta="NTP_SERVER=${NTP_SERVER}"
    # 拷贝puppet的snippets
    echo "拷贝puppet的snippets"
    /bin/cp -f ${WOKR_SPACE}/COPY_FILES/snippets/puppet_register_if_enabled  /var/lib/cobbler/snippets/
    sed -i "s/#puppet_dns#/${srv_hostname}/g" /var/lib/cobbler/snippets/puppet_register_if_enabled
    # 创建默认的system
    # logInfo "创建默认的system"
    # cobbler system add --name=default --profile=${osArchName}
    # 更新distro的本地源
    echo "添加distro的本地源(DVD2)"
    umount $mntPath
    mntPath='/mnt'
    mount -t iso9660 -o loop $isoFile2 $mntPath
    rtv=$?
    if [ $rtv -ne 0 ];then
        echo "mount 本地IOS[${isoFile2}]失败。"
    fi
    /bin/cp -rf ${mntPath}/Packages /var/www/cobbler/ks_mirror/${osArchName}/Packages-dvd2
    compsFilePath=`ls /var/www/cobbler/ks_mirror/${osArchName}/repodata/*comps.xml`
    createrepo --update -c cache -s sha --groupfile $compsFilePath /var/www/cobbler/ks_mirror/${osArchName}
}
# 创建Autodeploy源
function createAutodeployRepos(){
    echo "创建Autodeploy源"
    osArchName=CentOS6-x86_64
    localDownload="/var/www/cobbler/before_sync/${osArchName}-Autodeploy"
    mkdir -p $localDownload
    cp -rf ${WOKR_SPACE}/packages/Packages-Autodeploy/* $localDownload
    cobbler repo add --name="${osArchName}-Autodeploy" --mirror="${localDownload}"
    # createrepo -c cache -s sha /var/www/cobbler/repo_mirror/CentOS6.3-x86_64-Autodeploy
    cobbler reposync
    if [ $rtv -ne 0 ];then
        echo "cobbler reposync失败。"
    fi
    # cobbler profile edit --name="${osArchName}" --repos="${osArchName}-Autodeploy"
}
# 编辑profile
function editprofile()
{
    osArchName=CentOS6-x86_64
    clientOS=$1
    clientArch=$2
    cobbler profile edit --name="${clientOS}-${clientArch}" --repos="${osArchName}-Autodeploy"
    if [ $? -ne 0 ]
    then
        logErr "cobbler edit profile --name=${clientOS}-${clientArch} --repos=${osArchName}-Autodeploy 失败，请检查 name 或 repos 是否已创建!"
        exit 1
    fi
}
#################################### Main #####################################
filePath="/etc/hosts"
echo "init $filePath"
cat <<EOF > "$filePath"
127.0.0.1   ${srv_short_hostname} localhost localhost.localdomain
::1         ${srv_short_hostname} localhost localhost.localdomain
${srv_ip}   ${srv_hostname}
EOF
hostname ${srv_hostname}
filePath="/etc/sysconfig/network"
echo"init $filePath"
cat <<EOF > "$filePath"
NETWORKING=yes
HOSTNAME=${srv_hostname}
EOF
# 配置DNS
filePath="/etc/resolv.conf"
grep nameserver $filePath
rtv=$?
if [ $rtv -ne 0 ];then
    cat <<EOF > "$filePath"
domain ${domain_suffix}
search ${domain_suffix}
nameserver ${dns_server}
EOF
fi
# 创建用户、并导入公钥
echo "创建用户、并导入公钥"
filePath="${WOKR_SPACE}/creat_user.sh"
sh $filePath
rtv=$?
if [ $rtv -ne 0 ];then
    echo "创建用户有异常 $filePath"
fi
# rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0
chkconfig ip6tables off
/etc/init.d/ip6tables stop
iptables -F
iptables -X
service iptables save
# 设置NTP服务
service ntpd stop
cat <<EOF >"/etc/ntp.conf"
driftfile /var/lib/ntp/drift
restrict  default  nomodify
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ${srv_ip}
restrict -6 ::1
server ${srv_ip}
server  127.127.1.0
fudge   127.127.1.0    stratum 10
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
EOF
/usr/sbin/ntpdate 0.centos.pool.ntp.org && /sbin/hwclock -w
chkconfig ntpd on
service ntpd start
# 系统内核优化
echo "系统内核优化"
filePath="${WOKR_SPACE}/optimize_kernel.sh"
sh $filePath
echo "Yum install cobbler."
# yum -y install cman tftp-server dhcp cobbler cobbler-web bind pykickstart
mv /etc/yum.repos.d/ /etc/yum.repos.d.bak
yum -y localupdate ${WOKR_SPACE}/packages/Packages-cobbler/*
yum -y localinstall ${WOKR_SPACE}/packages/Packages-cobbler/*
mv /etc/yum.repos.d.bak/ /etc/yum.repos.d
# 配置tftpd和rsync服务
sed -i '/disable/c\\tdisable\t\t\t= no' /etc/xinetd.d/tftp
sed -i -e 's/\=\ yes/\=\ no/g' /etc/xinetd.d/rsync
chkconfig xinetd on
service xinetd start
# 配置web可以登陆
sed -i 's/module = authn_denyall/module = authn_configfile/g' /etc/cobbler/modules.conf
# 设置cobbler用户WEB登陆密码
echo "${cobbler_web_cobbler_login}" > /etc/cobbler/users.digest
chmod 644 /etc/cobbler/users.digest
# 设置cobber server地址
sed -i "s/^server: 127.0.0.1/server: ${srv_ip}/g" /etc/cobbler/settings
# 设置nextserver地址
sed -i "s/next_server: 127.0.0.1/next_server: ${next_server}/g" /etc/cobbler/settings
# 设置不重复安装
sed -i 's/pxe_just_once: 0/pxe_just_once: 1/g' /etc/cobbler/settings
# 设置puppet server
sed -i 's/puppet_auto_setup: 0/puppet_auto_setup: 1/g' /etc/cobbler/settings
sed -i 's/sign_puppet_certs_automatically: 0/sign_puppet_certs_automatically: 1/g' /etc/cobbler/settings
sed -i 's/puppetca_path: "\/usr\/sbin\/puppetca"/puppetca_path: "\/usr\/bin\/puppet"/g' /etc/cobbler/settings
sed -i 's/remove_old_puppet_certs_automatically: 0/remove_old_puppet_certs_automatically: 1/g' /etc/cobbler/settings
sed -i "s/cmd = \[puppetca_path, '--clean', hostname\]/cmd = [puppetca_path, 'cert', '--clean', hostname]/g" /usr/lib/python2.6/site-packages/cobbler/modules/install_pre_puppet.py
sed -i "s/cmd = \[puppetca_path, '--sign', hostname\]/cmd = [puppetca_path, 'cert', '--sign', hostname]/g" /usr/lib/python2.6/site-packages/cobbler/modules/install_post_puppet.py
# 设置cobbler管理rsync
sed -i 's/manage_rsync: 0/manage_rsync: 1/g' /etc/cobbler/settings
# 设置cobbler管理dhcp
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/g' /etc/cobbler/settings
# 设置cobbler管理dns
sed -i 's/manage_dns: 0/manage_dns: 1/g' /etc/cobbler/settings
# 配置DHCP服务
filePath="/etc/cobbler/dhcp.template"
echo "init dhcp $filePath"
cat <<EOF > "$filePath"
server-identifier ${srv_ip};
default-lease-time 28800;
max-lease-time 432000;
log-facility local7;
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
subnet ${dhcp_subnet} netmask ${dhcp_netmask} {
     option routers             ${gateway};
     option domain-name-servers ${dns_server};
     option subnet-mask         ${dhcp_netmask};
     range dynamic-bootp        ${dhcp_range_start} ${dhcp_range_end};
     filename                   "/pxelinux.0";
     next-server                \$next_server;
}
zone ${domain_suffix} {
    # DNS Server IP
    primary ${dns_server};
}
EOF
cat <<'EOF' >> "$filePath"
#for dhcp_tag in $dhcp_tags.keys():
    ## group could be subnet if your dhcp tags line up with your subnets
    ## or really any valid dhcpd.conf construct ... if you only use the
    ## default dhcp tag in cobbler, the group block can be deleted for a
    ## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
        #for mac in $dhcp_tags[$dhcp_tag].keys():
            #set iface = $dhcp_tags[$dhcp_tag][$mac]
    host $iface.name {
        hardware ethernet $mac;
        #if $iface.ip_address:
        fixed-address $iface.ip_address;
        #end if
        #if $iface.hostname:
        option host-name "$iface.hostname";
        #end if
        #if $iface.netmask:
        option subnet-mask $iface.netmask;
        #end if
        #if $iface.gateway:
        option routers $iface.gateway;
        #end if
        #if $iface.enable_gpxe:
        if exists user-class and option user-class = "gPXE" {
            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
        } else {
            filename "undionly.kpxe";
        }
        #else
        filename "$iface.filename";
        #end if
        ## Cobbler defaults to $next_server, but some users
        ## may like to use $iface.system.server for proxied setups
        next-server $next_server;
        ## next-server $iface.next_server;
    }
        #end for
}
#end for
EOF
# 配置DNS服务
sed -i "s/manage_forward_zones: \[\]/manage_forward_zones: \['${domain_suffix}']/g" /etc/cobbler/settings
filePath="/etc/cobbler/named.template"
echo "init dns $filePath"
cat <<EOF > "$filePath"
options {
    listen-on port 53 { any; };
    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    recursion no;
};
logging {
    channel default_debug {
        file "data/named.run";
        severity dynamic;
    };
};
#for \$zone in \$forward_zones
zone "\${zone}." {
    type master;
    file "\$zone";
    allow-update { ${dns_server}; };
};
#end for
EOF
filePath="/etc/cobbler/zone.template"
cat <<EOF > "$filePath"
\\\$TTL 300
@                       IN      SOA     master.${domain_suffix}. admin-mail.${domain_suffix}. (
                                        \$serial   ; Serial
                                        600         ; Refresh
                                        1800         ; Retry
                                        604800       ; Expire
                                        300          ; TTL
                                        )
@                       IN      NS      master.${domain_suffix}.
master.${domain_suffix}.        IN      A       \$cobbler_server
${srv_hostname}.       IN      A       \$cobbler_server
\$host_record
EOF
# 设置root默认密码
eval "sed -i 's/^default_password_crypted.*/default_password_crypted: ${cobbler_client_root_passwd}/g' /etc/cobbler/settings"
# 关闭不需要的服务
# 启动相关服务
chkconfig httpd on
chkconfig cobblerd on
chkconfig named on
chkconfig dhcpd on
/etc/init.d/httpd start
/etc/init.d/cobblerd start
### cobbler get-loaders
echo "init cobbler get-loaders."
mkdir -p /var/lib/cobbler/loaders
cp ${WOKR_SPACE}/COPY_FILES/loaders/* /var/lib/cobbler/loaders/
chmod 644 /var/lib/cobbler/loaders/*
echo "cobbler check"
cobbler check
echo "cobbler sync"
cobbler sync
rtv=$?
if [ $rtv -ne 0 ];then
    echo "cobbler 部署异常，请检查。"
    exit
fi
# 创建客户系统源
index=0;
for j in "${clientOS[@]}"
do
    createIsoRepos ${clientOS[$index]} ${clientArch[$index]} ${isoFile1[$index]} ${isoFile2[$index]}
    (( ++index  ))
done
# 创建Autodeploy源
createAutodeployRepos
# 编辑profile
index=0;
for j in "${clientOS[@]}"
do
    editprofile ${clientOS[$index]} ${clientArch[$index]}
    (( ++index  ))
done
# 将本地源优先，将网络源置为失效
mkdir -p /etc/yum.repos.d/useless
mv /etc/yum.repos.d/* /etc/yum.repos.d/useless
cp ${WOKR_SPACE}/COPY_FILES/yum.repos.d/* /etc/yum.repos.d
# 添加本机信息到cobbler中
cobbler system add \
--name=${srv_hostname} --ip-address=${srv_ip} --subnet=${dhcp_netmask} \
--profile=CentOS6.3-x86_64 --netboot-enabled=N
cobbler check
cobbler sync
echo"End to deploy. exit(${returnValue})"

本文出自 “Magine” 博客，转载请与作者联系！