下面来分析下自动安装虚机时用到的ks文件:
默认情况下,整个自动安装过程会涉及到4个ks文件,但是我们可以根据我们的实际情况及需求进行灵活调整。
(1)ovirt-appliance-fedora.ks.tpl
**导入fedora-cloud-base.ks文件内容** %include fedora-spin-kickstarts/fedora-cloud-base.ks # # Repos # # baseurl variant #url --url=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Fedora/$basearch/os/ #repo --name="fedora" --baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Fedora/$basearch/os/ #repo --name="updates" --baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/ **定义安装源及YUM源** # mirrorlist variant url --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch repo --name="updates" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch # # Configuration # **设置SELinux为permissive模式** selinux --permissive **重新配置firstboot** firstboot --reconfig **锁定root用户密码** rootpw --plaintext none --lock **系统安装完成后关闭电源** poweroff **添加一个名为admin的用户,加入到wheel组中** user --name=admin --plaintext --password=none --groups=wheel # # Packages # **定义要安装的包** %packages **初始配置工具,centos6.5中没有** initial-setup(The initial-setup utility runs after installation. It guides the user through a series of steps that allows for easier configuration of the machine.) **重写磁盘分区表的工具** dracut-modules-growroot(This dracut module will re-write the partition table of a disk so that the root partition has as much space as possible, bumping it up to the edge of the disk, or the edge of the next partition.) %end **安装后执行的任务** %post --erroronfail # **准备initial-setup工具** echo "Preparing initial-setup" # **安装软件包** yum install -y initial-setup plymouth(Plymouth provides an attractive graphical boot animation in place of the text messages that normally get shown. Text messages are instead redirected to a log file for viewing after boot.) **系统启动时initial-setup-text服务发现该文件时确认需要初始化配置系统** touch /etc/reconfigSys **设置initial-setup-text(字符界面)服务随系统启动** systemctl enable initial-setup-text.service **禁止initial-setup-graphical(图形界面)服务随系统启动** systemctl disable initial-setup-graphical.service # Default tty is ttyS0, to display initial-setup on tty0 we need to set this explicitly sed -i \ **设置initial-setup在tty0显示** -e "/^StandardOutput/ a TTYPath=/dev/tty0" \ -e "/^Description/ a Before=cloud-init-local.service cloud-init.service" \ /usr/lib/systemd/system/initial-setup-text.service %end %post --erroronfail # **预安装ovirt-engine及ovirt-guest-agent包** echo "Pre-Installing oVirt stuff" # yum install -y http://resources.ovirt.org/pub/yum-repo/ovirt-release35.rpm yum install -y ovirt-engine ovirt-guest-agent # **生成ovirt-engine的应答文件** echo "Creating a partial answer file" # cat > /root/ovirt-engine-answers <<__EOF__ [environment:default] OVESETUP_CORE/engineStop=none:None OVESETUP_DIALOG/confirmSettings=bool:True OVESETUP_DB/database=str:engine OVESETUP_DB/fixDbViolations=none:None OVESETUP_DB/secured=bool:False OVESETUP_DB/securedHostValidation=bool:False OVESETUP_DB/host=str:localhost OVESETUP_DB/user=str:engine OVESETUP_DB/port=int:5432 OVESETUP_SYSTEM/nfsConfigEnabled=bool:False OVESETUP_CONFIG/applicationMode=str:virt OVESETUP_CONFIG/firewallManager=str:firewalld OVESETUP_CONFIG/websocketProxyConfig=none:True OVESETUP_CONFIG/storageType=str:nfs OVESETUP_PROVISIONING/postgresProvisioningEnabled=bool:True OVESETUP_APACHE/configureRootRedirection=bool:True OVESETUP_APACHE/configureSsl=bool:True OSETUP_RPMDISTRO/requireRollback=none:None OSETUP_RPMDISTRO/enableUpgrade=none:None __EOF__ %end %post --erroronfail # **启用wheels组的sudo权限** echo "Enabling sudo for wheels" # **注释掉关于wheel组中用户不输入密码即可使用sudo提升权限的配置行,删除root用户密码并配置密码过期** sed -i "/%wheel.*NOPASSWD/ s/^#//" /etc/sudoers passwd --delete root passwd --expire root %end
(2)fedora-cloud-base.ks
# This is a basic Fedora 21 spin designed to work in OpenStack and other # private cloud environments. It's configured with cloud-init so it will # take advantage of ec2-compatible metadata services for provisioning ssh # keys. Cloud-init creates a user account named "fedora" with passwordless # sudo access. The root password is empty and locked by default. # # Note that unlike the standard F20 install, this image has /tmp on disk # rather than in tmpfs, since memory is usually at a premium. # # This kickstart file is designed to be used with appliance-creator and # may need slight modification for use with actual anaconda or other tools. # We intend to target anaconda-in-a-vm style image building for F20. **设置文本模式安装** text **设置语言及编码类型** lang en_US.UTF-8 **设置键盘类型** keyboard us **设置日期显示类型** timezone --utc Etc/UTC **设置系统验证信息** auth --useshadow --enablemd5 **设置SELinux为强制模式** selinux --enforcing **锁定root用户密码/root用户密码加密** rootpw --lock --iscrypted locked **添加一个名为none的用户** user --name=none **禁用防火墙** firewall --disabled **bootloader设置,待确认具体参数功能** bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8" --extlinux **设置eth0网卡通过dhcp进行网络参数配置,激活/启用该网卡** network --bootproto=dhcp --device=eth0 --activate --onboot=on **设置这些服务随系统启动** services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final **清空mbr** zerombr **清空所有分区** clearpart --all **设置根分区大小为3000M,格式化为ext4文件系统** part / --size 3000 --fstype ext4 **导入fedora-repo.ks文件,导入最新源信息,可注释掉** %include fedora-repo.ks **系统安装完后重启** reboot **要安装的包列表** # Package list. %packages kernel-core(centos6.5无该包) @core grubby # cloud-init does magical things with EC2 metadata, including provisioning # a user account with ssh keys. cloud-init(Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts.) # this is used by openstack's cloud orchestration framework (and it's small) heat-cfntools(Tools required to be installed on Heat provisioned cloud instances) # need this for growpart, because parted doesn't yet support resizepart # https://bugzilla.redhat.com/show_bug.cgi?id=966993 cloud-utils-growpart(This package provides the growpart script for growing a partition. It is primarily used in cloud images in conjunction with the dracut-modules-growroot package to grow the root partition on first boot.) # We need this image to be portable; also, rescue mode isn't useful here. dracut-config-generic(centos6.5无该软件包) -dracut-config-rescue syslinux-extlinux(The EXTLINUX bootloader, for booting the local system, as well as all the SYSLINUX/PXELINUX modules in /boot.) **需要初始安装,后续会删除** # Needed initially, but removed below. firewalld **挑选的一些会用到的包** # cherry-pick a few things from @standard tar rsync **删除@core包组中不需要的软件包** # Some things from @core we can do without in a minimal install -biosdevname -plymouth -NetworkManager -iprutils -kbd -uboot-tools -kernel -grub2 %end %post --erroronfail **为EC2创建grub.conf文件** # Create grub.conf for EC2. This used to be done by appliance creator but # anaconda doesn't do it. And, in case appliance-creator is used, we're # overriding it here so that both cases get the exact same file. # Note that the console line is different -- that's because EC2 provides # different virtual hardware, and this is a convenient way to act differently echo -n "Creating grub.conf for pvgrub" rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab ) mkdir /boot/grub echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do echo "title Fedora ($kv)" >> /boot/grub/grub.conf echo -e "\troot (hd0)" >> /boot/grub/grub.conf echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid no_timer_check console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf echo done **为ec2建立grub.conf的链接** #link grub.conf to menu.lst for ec2 to work echo -n "Linking menu.lst to old-style grub.conf for pv-grub" ln -sf grub.conf /boot/grub/menu.lst ln -sf /boot/grub/grub.conf /etc/grub.conf **老版本的livecd-tools工具中没有--lock,使用passwd锁定root用户密码** # older versions of livecd-tools do not follow "rootpw --lock" line above # https://bugzilla.redhat.com/show_bug.cgi?id=964299 passwd -l root # remove the user anaconda forces us to make userdel -r none **设置kickstart的超时时间为1秒** # Kickstart specifies timeout in seconds; syslinux uses 10ths. # 0 means wait forever, so instead we'll go with 1. sed -i 's/^timeout 10/timeout 1/' /boot/extlinux/extlinux.conf **设置systemd在正确的运行级别启动** # setup systemd to boot to the right runlevel echo -n "Setting default runlevel to multiuser text mode" rm -f /etc/systemd/system/default.target ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target echo . **如果你想删除rsyslog,只使用journald,需要注释掉这部分** # If you want to remove rsyslog and just use journald, remove this! echo -n "Disabling persistent journal" rmdir /var/log/journal/ echo . **删除虚拟机中不需要的包linux-firmware** # this is installed by default but we don't need it in virt echo "Removing linux-firmware package." yum -C -y remove linux-firmware **删除firewalld包** # Remove firewalld; was supposed to be optional in F18+, but is required to # be present for install/image building. echo "Removing firewalld." yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1" **删除其它的一些只在系统安装时需要的包** # Another one needed at install time but not after that, and it pulls # in some unneeded deps (like, newt and slang) echo "Removing authconfig." yum -C -y remove authconfig --setopt="clean_requirements_on_remove=1" **禁用串口控制台** echo -n "Getty fixes" # although we want console output going to the serial console, we don't # actually have the opportunity to login there. FIX. # we don't really need to auto-spawn _any_ gettys. sed -i '/^#NAutoVTs=.*/ a\ NAutoVTs=0' /etc/systemd/logind.conf **初始配置脚本需要这个文件** echo -n "Network fixes" # initscripts don't like this file to be missing. cat > /etc/sysconfig/network << EOF NETWORKING=yes NOZEROCONF=yes EOF **删除udev中关于网卡的配置文件(文件中包含网卡的MAC信息,因此需要删除)** # For cloud images, 'eth0' _is_ the predictable device name, since # we don't want to be tied to specific virtual (!) hardware rm -f /etc/udev/rules.d/70* ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules **eth0网卡的基本配置信息** # simple eth0 config, again not hard-coded to the build hardware cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF DEVICE="eth0" BOOTPROTO="dhcp" ONBOOT="yes" TYPE="Ethernet" PERSISTENT_DHCLIENT="yes" EOF **生成localhost域名解析信息** # generic localhost names cat > /etc/hosts << EOF 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 EOF echo . **禁用将tmpfs挂载到/tmp** # Because memory is scarce resource in most cloud/virt environments, # and because this impedes forensics, we are differing from the Fedora # default of having /tmp on tmpfs. echo "Disabling tmpfs for /tmp." systemctl mask tmp.mount **确保firstboot不会在系统启动时配置系统** # make sure firstboot doesn't start echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot # Uncomment this if you want to use cloud init but suppress the creation # of an "ec2-user" account. This will, in the absence of further config, # cause the ssh key from a metadata source to be put in the root account. #cat <<EOF > /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg #users: [] #disable_root: 0 #EOF **删除random-seed** echo "Removing random-seed so it's not the same in every image." rm -f /var/lib/random-seed **清空yum源缓存数据** echo "Cleaning old yum repodata." yum history new yum clean all truncate -c -s 0 /var/log/yum.log **导入RPM GPG key** echo "Import RPM GPG key" releasever=$(rpm -q --qf '%{version}\n' fedora-release) basearch=$(uname -i) rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch **列出已经安装的软件包列表** echo "Packages within this cloud image:" echo "-----------------------------------------------------------------------" rpm -qa echo "-----------------------------------------------------------------------" # Note that running rpm recreates the rpm db files which aren't needed/wanted rm -f /var/lib/rpm/__db* **修复SELinux上下文** echo "Fixing SELinux contexts." touch /var/log/cron touch /var/log/boot.log mkdir -p /var/cache/yum chattr -i /boot/extlinux/ldlinux.sys /usr/sbin/fixfiles -R -a restore chattr +i /boot/extlinux/ldlinux.sys **用0填充空余空间** echo "Zeroing out empty space." # This forces the filesystem to reclaim space from deleted files dd bs=1M if=/dev/zero of=/var/tmp/zeros || : rm -f /var/tmp/zeros echo "(Don't worry -- that out-of-space error was expected.)" %end
(3)fedora-repo.ks(导入一些附加的repo源,该源最终会被注释掉)
# Include the appropriate repo definitions # Exactly one of the following should be uncommented # For the master branch the following should be uncommented %include fedora-repo-rawhide.ks # For non-master branches the following should be uncommented # %include fedora-repo-not-rawhide.ks
(4)fedora-repo-rawhide.ks
repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch
前一篇中提到make过程中,这些ks文件会被拼接到一起,最后生成一个名为ovirt-appliance-fedora.ks的文件,该文件最终在虚拟机安装时被调用。
#version=DEVEL #repo --name="rawhide" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64 repo --name="updates" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f19&arch=x86_64 # Keyboard layouts keyboard 'us'# Shutdown after installation shutdown # Root password rootpw --lock --plaintext none # System timezone timezone Etc/UTC --isUtc # Use network installation url --mirrorlist="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-19&arch=x86_64" # System language lang en_US.UTF-8 user --name=none user --groups=wheel --name=admin --password=none # Firewall configuration firewall --disabled # Network information network --activate # System authorization information auth --useshadow --enablemd5 # Use text mode install # Run the Setup Agent on first boot firstboot --reconfig --reconfig # SELinux configuration selinux --permissive # System services services --enabled="network,sshd,initial-setup-text,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final" # System bootloader configuration bootloader --location=mbr --timeout=1 # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all # Disk partitioning information part / --size 8000 --fstype ext4 --fsoptions discard %post --erroronfail # Create grub.conf for EC2. This used to be done by appliance creator but # anaconda doesn't do it. And, in case appliance-creator is used, we're # overriding it here so that both cases get the exact same file. # Note that the console line is different -- that's because EC2 provides # different virtual hardware, and this is a convenient way to act differently echo -n "Creating grub.conf for pvgrub" rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab ) mkdir /boot/grub echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do echo "title Fedora ($kv)" >> /boot/grub/grub.conf echo -e "\troot (hd0)" >> /boot/grub/grub.conf echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid no_timer_check console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf echo done #link grub.conf to menu.lst for ec2 to work echo -n "Linking menu.lst to old-style grub.conf for pv-grub" ln -sf grub.conf /boot/grub/menu.lst ln -sf /boot/grub/grub.conf /etc/grub.conf # older versions of livecd-tools do not follow "rootpw --lock" line above # https://bugzilla.redhat.com/show_bug.cgi?id=964299 passwd -l root # remove the user anaconda forces us to make userdel -r none # Kickstart specifies timeout in seconds; syslinux uses 10ths. # 0 means wait forever, so instead we'll go with 1. sed -i 's/^timeout 10/timeout 1/' /boot/extlinux/extlinux.conf # setup systemd to boot to the right runlevel echo -n "Setting default runlevel to multiuser text mode" #rm -f /etc/systemd/system/default.target #ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target echo . # If you want to remove rsyslog and just use journald, remove this! echo -n "Disabling persistent journal" rmdir /var/log/journal/ echo . # this is installed by default but we don't need it in virt echo "Removing linux-firmware package." #yum -C -y remove linux-firmware # Remove firewalld; was supposed to be optional in F18+, but is required to # be present for install/image building. echo "Removing firewalld." #yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1" # Another one needed at install time but not after that, and it pulls # in some unneeded deps (like, newt and slang) echo "Removing authconfig." #yum -C -y remove authconfig --setopt="clean_requirements_on_remove=1" echo -n "Getty fixes" # although we want console output going to the serial console, we don't # actually have the opportunity to login there. FIX. # we don't really need to auto-spawn _any_ gettys. sed -i '/^#NAutoVTs=.*/ a\ NAutoVTs=0' /etc/systemd/logind.conf echo -n "Network fixes" # initscripts don't like this file to be missing. cat > /etc/sysconfig/network << EOF NETWORKING=yes NOZEROCONF=yes EOF # For cloud images, 'eth0' _is_ the predictable device name, since # we don't want to be tied to specific virtual (!) hardware rm -f /etc/udev/rules.d/70* ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules # simple eth0 config, again not hard-coded to the build hardware cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF DEVICE="eth0" BOOTPROTO="dhcp" ONBOOT="yes" TYPE="Ethernet" PERSISTENT_DHCLIENT="yes" EOF # generic localhost names cat > /etc/hosts << EOF 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 EOF echo . # Because memory is scarce resource in most cloud/virt environments, # and because this impedes forensics, we are differing from the Fedora # default of having /tmp on tmpfs. echo "Disabling tmpfs for /tmp." systemctl mask tmp.mount # make sure firstboot doesn't start #echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot # Uncomment this if you want to use cloud init but suppress the creation # of an "ec2-user" account. This will, in the absence of further config, # cause the ssh key from a metadata source to be put in the root account. #cat <<EOF > /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg #users: [] #disable_root: 0 #EOF echo "Removing random-seed so it's not the same in every image." rm -f /var/lib/random-seed echo "Cleaning old yum repodata." yum history new yum clean all truncate -c -s 0 /var/log/yum.log echo "Import RPM GPG key" releasever=$(rpm -q --qf '%{version}\n' fedora-release) basearch=$(uname -i) rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-19-x86_64 echo "Packages within this cloud image:" echo "-----------------------------------------------------------------------" rpm -qa echo "-----------------------------------------------------------------------" # Note that running rpm recreates the rpm db files which aren't needed/wanted rm -f /var/lib/rpm/__db* echo "Fixing SELinux contexts." touch /var/log/cron touch /var/log/boot.log mkdir -p /var/cache/yum chattr -i /boot/extlinux/ldlinux.sys /usr/sbin/fixfiles -R -a restore chattr +i /boot/extlinux/ldlinux.sys echo "Zeroing out empty space." # This forces the filesystem to reclaim space from deleted files dd bs=1M if=/dev/zero of=/var/tmp/zeros || : rm -f /var/tmp/zeros echo "(Don't worry -- that out-of-space error was expected.)" %end %post --erroronfail # echo "Preparing initial-setup" # yum install -y initial-setup plymouth touch /etc/reconfigSys systemctl enable initial-setup-text.service systemctl disable initial-setup-graphical.service # Default tty is ttyS0, to display initial-setup on tty0 we need to set this explicitly sed -i \ -e "/^StandardOutput/ a TTYPath=/dev/tty0" \ -e "/^Description/ a Before=cloud-init-local.service cloud-init.service" \ /usr/lib/systemd/system/initial-setup-text.service %end %post --erroronfail # echo "Pre-Installing oVirt stuff" # yum install -y http://resources.ovirt.org/pub/yum-repo/ovirt-release35.rpm yum install -y ovirt-engine ovirt-guest-agent # echo "Creating a partial answer file" # cat > /root/ovirt-engine-answers <<__EOF__ [environment:default] OVESETUP_CORE/engineStop=none:None OVESETUP_DIALOG/confirmSettings=bool:True OVESETUP_DB/database=str:engine OVESETUP_DB/fixDbViolations=none:None OVESETUP_DB/secured=bool:False OVESETUP_DB/securedHostValidation=bool:False OVESETUP_DB/host=str:localhost OVESETUP_DB/user=str:engine OVESETUP_DB/port=int:5432 OVESETUP_SYSTEM/nfsConfigEnabled=bool:False OVESETUP_CONFIG/applicationMode=str:virt OVESETUP_CONFIG/firewallManager=str:firewalld OVESETUP_CONFIG/websocketProxyConfig=none:True OVESETUP_CONFIG/storageType=str:nfs OVESETUP_PROVISIONING/postgresProvisioningEnabled=bool:True OVESETUP_APACHE/configureRootRedirection=bool:True OVESETUP_APACHE/configureSsl=bool:True OSETUP_RPMDISTRO/requireRollback=none:None OSETUP_RPMDISTRO/enableUpgrade=none:None __EOF__ %end %post --erroronfail # echo "Enabling sudo for wheels" # sed -i "/%wheel.*NOPASSWD/ s/^#//" /etc/sudoers passwd --delete root passwd --expire root %end %packages --ignoremissing @core cloud-init cloud-utils-growpart dracut-config-generic dracut-modules-growroot firewalld grubby heat-cfntools initial-setup kernel-core rsync syslinux-extlinux tar %end