自动化部署笔记·Cobbler安装脚本(二)

By | 04月10日
Advertisement

脚本背景

为了应对系统工程组长时间在外出差给客户部署并演示公司产品,我们也迫切需要一个可以快速、批量并且还能对定制化修改的工具来缩短在部署操作系统上所花掉的时间。同时,为了客户操作系统能够快速的注册到Puppet Server 服务器,我们也需要将Puppet集成到部署服务里面,所以我们选择了Cobbler。目前Cobbler能够完美的集成Puppet服务,这给我们部署环境节省了大量的时间。本文也在再次记录了在也安装过程为作为项目组的自动化运维工具集成打下前期基础。

运行环境

OS:CentOS release 6.3 x86_64 (Final)

脚本结构

自动化部署笔记·Cobbler安装脚本(二)


主要包括以下几部分

1. conf/server_deploy.conf 脚本部署主要外置环境变量

2. COPY_FILES安装过程中需要拷贝的文件

1).用户公钥(项目集成,非必须)

2).kisckstarts文件

3).cobbler系统安装引导文件

4).Snippets系统定制脚本

5).yum软件源配置(项目集成,非必须)

3.packages

1).Autodeploy本地源所需软件包(项目集成,非必须)

2).Cobbler安装文件rpm包

4.Cobbler_ChangeMe.sh 后期维护使用脚本

5.create_user.sh 创建用户脚本(项目集成,非必须)

6.optimize_kernel.sh 系统优化脚本(项目集成,非必须)

7.server_deploy.sh Cobbler主部署脚本


脚本内容

1.1 server_deploy.sh

#### 基础设置 ####
# 域名
domain_suffix=cloud.com
# 本机主机名
srv_short_hostname=auto
srv_hostname=${srv_short_hostname}.${domain_suffix}
# 本机IP地址
srv_ip=10.1.0.250
#### NTP 设置 ####
NTP_SERVER=$srv_ip
#### 本机DHCP设置 ####
dns_server=$srv_ip
next_server=$srv_ip
#DHCP子网
dhcp_subnet=10.1.0.0
#子网掩码
dhcp_netmask=255.255.254.0
#DHCP开始地址
dhcp_range_start=10.1.0.200
#DHCP结束地址
dhcp_range_end=10.1.0.240
#网关
gateway=10.1.0.1
#### Cobbler 设置 ####
## 配置多个客户端的系统 Start ##
## 操作系统 1
clientOS[0]=CentOS6.3
clientArch[0]=x86_64
# 通过本地ISO文件,来创建cobbler的库(如果不存在会尝试从CDROM创建)
isoFile1[0]=/opt/software/CentOS-6.3-x86_64-bin-DVD1.iso
isoFile2[0]=/opt/software/CentOS-6.3-x86_64-bin-DVD2.iso
# 操作系统 2
clientOS[1]=CentOS6.4
clientArch[1]=x86_64
# 通过本地ISO文件,来创建cobbler的库(如果不存在会尝试从CDROM创建)
isoFile1[1]=/opt/software/CentOS-6.4-x86_64-bin-DVD1.iso
isoFile2[1]=/opt/software/CentOS-6.4-x86_64-bin-DVD2.iso
## 配置多个客户端的系统 END ##
# 被安装的操作系统ROOT密码
# openssl passwd -1 -salt 'cloud' 'cloud'
# $1$cloud$v4cy8ItxPZLX8ybgkgrvT.
cobbler_client_root_passwd='$1$cloud$v4cy8ItxPZLX8ybgkgrvT.'
# 设置cobbler服务的WEB登陆密码
# htdigest /etc/cobbler/users.digest "Cobbler" admin ZAQ!xsw2
# user:admin
# passwd:ZAQ!xsw2
cobbler_web_cobbler_login="admin:Cobbler:12343e633e8d30ab2645a6731ffee822"

2.1. 用户公钥(略,用ssh-keygen即可生成)

2.2. kickstart文件

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
# Use network installation
url --url=$tree
#the dirver of raid,and "http://url" use the cobbler server IP.the dirver upload /var/www/html/
#driverdisk  --source=http://10.10.11.49/megasr-15.01.2013.0115-1-rhel63-ga-x86_64.img
# If any cobbler repo definitions were referenced in the kickstart profile, include them here.
$yum_repo_stanza
# Root password
rootpw --iscrypted $default_password_crypted
# System authorization information
auth  --useshadow  --passalgo=sha512
# Use text mode install
text
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
# Network information
$SNIPPET('network_config')
# Reboot after installation
reboot
# System timezone
timezone  Asia/Chongqing
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
#########################################
# Disk partitioning information.
# As well as your env.
part /boot --fstype="ext4" --size=200
part swap --fstype="swap" --size=32768
part pv.01 --size=1 --grow
volgroup vg_root pv.01
logvol  /  --vgname=vg_root  --size=204800  --name=lv_root
#########################################
%pre
$SNIPPET('log_ks_pre')
$SNIPPET('kickstart_start')
$SNIPPET('pre_install_network_config')
# Enable installation monitoring
$SNIPPET('pre_anamon')
%end
%packages
$SNIPPET('puppet_install_if_enabled') #install puppet when the os installing
@additional-devel
@base
@chinese-support
@console-internet
@core
@debugging
@development
@directory-client
@hardware-monitoring
@java-platform
@large-systems
@network-file-system-client
@performance
@perl-runtime
@system-management-snmp
@server-platform
@server-platform-devel
@server-policy
@system-admin-tools
yum-plugin-priorities
libXinerama-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
libXau-devel
libgcrypt-devel
popt-devel
libXrandr-devel
libxslt-devel
libglade2-devel
gnutls-devel
pax
oddjob
sgpio
mtools
systemtap-client
jpackage-utils
certmonger
pam_krb5
krb5-workstation
perl-DBD-SQLite
screen
tree
%post
$SNIPPET('log_ks_post')
# Start yum configuration
$yum_config_stanza
# End yum configuration
$SNIPPET('post_install_kernel_options')
$SNIPPET('post_install_network_config')
$SNIPPET('puppet_register_if_enabled')
$SNIPPET('download_config_files')
$SNIPPET('koan_environment')
##### Start to customize client OS #####
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:$PATH
# SELinux iptables
chkconfig ip6tables off
service ip6tables stop
service iptables start
iptables -F
iptables -X
service iptables save
service ntpd stop
sed -i "/0.centos.pool.ntp.org/i server ${NTP_SERVER} prefer" /etc/ntp.conf
/usr/sbin/ntpdate $NTP_SERVER && /sbin/hwclock -w
chkconfig ntpd on
service ntpd start
username=mg
groupadd -g 1000 ${username}
useradd -u 1000 -g root ${username}
mkdir /home/${username}/.ssh
chmod 700 /home/${username}/.ssh
touch /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFeJzvel8YAXWBF9qUO8ov5gY+83O0aOL4sPL45fO8kdXc7qCQkcjnsFshbBMBh5EjlFqrM8gv4n7oV2kQbIC0+rprMWIYl4L479dPeIBvcwe3oCw/3Jmt5i3tzG8s/2r0HYryU79b/JUJ7ANvdxeAKAEqs76aFKvg5o2jtNu/DB82KaUZ6n8wgJeR0WR1obhSCsyqz/eZF9lRzSfoBoeX+Y9oq8WqkGHzBV2fS1a1Rf3t3IsGKxHl8O1gqQtW5/0rP+TXgl+hxOZQKxPRjxjyG8fxmdktK0j+rJSP9iiBS7kHgxZZnQHSd+W5mQZCm6at4hXy/zXGv9IL71FvU1Pw==' >> /home/${username}/.ssh/authorized_keys
chown -R ${username}:${username} /home/${username}/.ssh
filePath="/home/${username}/.ssh/config"
cat <<EOF > "$filePath"
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chown -R ${username}:${username} /home/${username}/.ssh
username=autodep
groupadd -g 1001 ${username}
useradd -u 1001 -g root ${username}
mkdir /home/${username}/.ssh
chmod 700 /home/${username}/.ssh
touch /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvw0Shufrg3L3p2pq5opjeywDNJ83o5VlkWiicHmiNRe7mqfA/lGw466COQ5XuQjagRejMh8oQ2SRyZk/4j2jnRCGB3YorNE+fjXmdFcf11Z5oN8MyeX8OnE7tCZLRFiXrOgw8xRaGnW1Jw3lpejzZErtjpVJY9gkFJmSH1eZStj5bLP7enni26gLg2Fb8LjrZJxbiHwEoMuIDW3WzFP2ASwoQq+nr6lLK61kP1QL443AXM9hkqKi0AXTaOvdjokKsD7i+VrlhWXQINQoAxttphJwSNLEGKh+K6gMpwRYoeC2AZmoLBDyrX/sJPcKQCTiuL8c4mXItWThfDyJPtkV6Q==' >> /home/${username}/.ssh/authorized_keys
filePath="/home/${username}/.ssh/config"
cat <<EOF > "$filePath"
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chown -R ${username}:${username} /home/${username}/.ssh
username=www
groupadd -g 1100 ${username}
useradd -u 1100 -g ${username} ${username}
username=zabbix
groupadd -g 1101 ${username}
useradd -u 1101 -g ${username} ${username}
echo 'mg        ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers
echo 'autodep   ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers
mkdir -p /etc/yum.repos.d/useless
mv /etc/yum.repos.d/CentOS-* /etc/yum.repos.d/useless
mkdir -p /opt/server
mkdir -p /opt/software
mkdir -p /opt/apps
service abrt-ccpp stop
chkconfig abrt-ccpp off
sercice abrt-oops stop
chkconfig abrt-oops off
service abrtd stop
chkconfig abrtd off
service acpid stop
chkconfig acpid off
service atd stop
chkconfig atd off
service autitd stop
chkconfig autitd off
service autofs stop
chkconfig autofs off
service avahi-daemon stop
chkconfig avahi-daemon off
service certmonger stop
chkconfig certmonger off
service cpuspeed start
chkconfig cpuspeed on
service cups stop
chkconfig cups off
service haldaemon start
chkconfig haldaemon on
# service kdump stop
# chkconfig kdump off
service mdmonitor stop
chkconfig mdmonitor off
service netfs stop
chkconfig netfs off
service nfslock stop
chkconfig nfslock off
service rpcbind stop
chkconfig rpcbind off
# service rpcgssd stop
# chkconfig rpcgssd off
service rpcidmapd stop
chkconfig rpcidmapd off
service rpcsvcgssd stop
chkconfig rpcsvcgssd off
echo "net.core.netdev_max_backlog = 262144" >> /etc/sysctl.conf
echo "net.core.somaxconn = 4096"  >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_orphans = 327680"  >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 262144" >> /etc/sysctl.conf
echo "net.ipv4.tcp_timestamps = 0" >> /etc/sysctl.conf
echo "net.ipv4.tcp_synack_retries = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syn_retries = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_recycle = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_tw_reuse = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_keepalive_time = 30" >> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 1024   65000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
echo "net.ipv4.tcp_max_syn_backlog = 8192" >> /etc/sysctl.conf
echo "net.ipv4.tcp_rmem = 4096 4096 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_wmem = 4096 4096 16777216" >> /etc/sysctl.conf
echo "net.ipv4.tcp_mem = 94500000 915000000 927000000" >> /etc/sysctl.conf
echo "net.ipv4.tcp_sack = 0" >> /etc/sysctl.conf
echo "fs.file-max = 1300000" >> /etc/sysctl.conf
sysctl -p
sed -i "s/exec .*/#exec \/sbin\/shutdown -r now s\"Control-Alt-Delete pressed\"/g" /etc/init/control-alt-delete.conf
sed -i "s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config
sed -i "s/^GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/g" /etc/ssh/sshd_config
sed -i "s/^GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
rm -rf /etc/udev/rules.d/70-persistent-net.rules
ln -s /dev/null /etc/udev/rules.d/70-persistent-net.rules
##### End to customize client OS #####
$SNIPPET('post_anamon')
# Start final steps
$SNIPPET('kickstart_done')
# End final steps
%end

2.3. cobbler系统安装引导文件

COPYING.elilo       COPYING.syslinux        COPYING.yaboot      elilo-ia64.efi      grub-x86.efi
grub-x86_64.efi     menu.c32                pxelinux.0          README              yaboot

2.4. snippets定制化脚本(集成puppet)

puppet_register_if_enabled 客户服务器自动注册到Puppet Server

#if $str($getVar('puppet_auto_setup','')) == "1"
# generate puppet certificates and trigger a signing request, but
# don't wait for signing to complete
echo "      report = true"       >> /etc/puppet/puppet.conf
echo "      server = #puppet_dns#"  >> /etc/puppet/puppet.conf
echo "      pluginsync = true"   >> /etc/puppet/puppet.conf
/usr/bin/puppet --test --waitforcert 0
# turn puppet service on for reboot
/sbin/chkconfig puppet on
#end if

2.5. yum软件源配置(项目集成,非必须)

[core-0]
name=core-0
baseurl=http://localhost/cobbler/ks_mirror/CentOS6.3-x86_64
enabled=1
gpgcheck=0
priority=1
[CentOS6-x86_64-Autodeploy]
name=CentOS6-x86_64-Autodeploy
baseurl=http://localhost/cobbler/repo_mirror/CentOS6-x86_64-Autodeploy
enabled=1
priority=50
gpgcheck=0

3.1 Autodeploy本地源所需软件包(项目集成,非必须,根据自己需要添加)

3.2 Cobbler安装文件rpm包

apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm      dhclient-4.1.1-34.P1.el6.centos.x86_64.rpm     libyaml-0.1.3-1.el6.x86_64.rpm                      python-pygments-1.1.1-1.el6.noarch.rpm
bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm        dhcp-4.1.1-34.P1.el6.centos.x86_64.rpm         modcluster-0.16.2-20.el6.x86_64.rpm                 python-simplejson-2.0.9-3.1.el6.x86_64.rpm
bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm   dhcp-common-4.1.1-34.P1.el6.centos.x86_64.rpm  mod_ssl-2.2.15-28.el6.centos.x86_64.rpm             python-suds-0.4.1-3.el6.noarch.rpm
bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm  Django-1.3.7-1.el6.noarch.rpm                  mod_wsgi-3.2-3.el6.x86_64.rpm                       PyYAML-3.10-3.el6.x86_64.rpm
clusterlib-3.0.12.1-49.el6.x86_64.rpm         fence-agents-3.1.5-25.el6_4.2.x86_64.rpm       openais-1.1.1-7.el6.x86_64.rpm                      ricci-0.16.2-63.el6.x86_64.rpm
cman-3.0.12.1-49.el6.x86_64.rpm               fence-virt-0.2.3-13.el6.x86_64.rpm             openaislib-1.1.1-7.el6.x86_64.rpm                   sg3_utils-1.28-4.el6.x86_64.rpm
cobbler-2.2.3-2.el6.noarch.rpm                genisoimage-1.1.9-12.el6.x86_64.rpm            perl-Net-Telnet-3.03-11.el6.noarch.rpm              telnet-0.17-47.el6_3.1.x86_64.rpm
cobbler-web-2.2.3-2.el6.noarch.rpm            httpd-2.2.15-28.el6.centos.x86_64.rpm          pexpect-2.3-6.el6.noarch.rpm                        tftp-server-0.49-7.el6.x86_64.rpm
corosync-1.4.1-15.el6_4.1.x86_64.rpm          httpd-tools-2.2.15-28.el6.centos.x86_64.rpm    pykickstart-1.74.12-1.el6.noarch.rpm                xinetd-2.3.14-38.el6.x86_64.rpm
corosynclib-1.4.1-15.el6_4.1.x86_64.rpm       ipmitool-1.8.11-14.el6_4.1.x86_64.rpm          python-cheetah-2.4.1-1.el6.x86_64.rpm
createrepo-0.9.9-17.el6.noarch.rpm            libibverbs-1.1.6-5.el6.x86_64.rpm              python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm
deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm   librdmacm-1.0.17-0.git4b5c1aa.el6.x86_64.rpm   python-markdown-2.0.1-3.1.el6.noarch.rpm

4.1 Cobbler_ChangeMe.sh 后期维护脚本

#!/bin/bash
#cobbler 服务器所属IP
COBBLER_SERVER_IP=
#cobbler 服务器所属子网
SUBNET=
#子网掩码
NETMASK=
#dhcp开始地址
RANGE_DHCP_IP_START=
#dhcp结束地址
RANGE_DHCP_IP_STOP=
#cobbler settings
sed -i "s/next_server:.*/next_server: ${COBBLER_SERVER_IP}/g" /etc/cobbler/settings
sed -i "s/server:.*/server: ${COBBLER_SERVER_IP}/g" /etc/cobbler/settings
#dhcp config
sed -i "s/^server-identifier.*/server-identifier ${COBBLER_SERVER_IP};/g" /etc/cobbler/dhcp.template
sed -i "s/^subnet.*/subnet ${SUBNET} netmask ${NETMASK} {/g" /etc/cobbler/dhcp.template
sed -i "16s/option routers.*/option routers ${COBBLER_SERVER_IP};/g" /etc/cobbler/dhcp.template
sed -i "17s/option domain-name-servers.*/option domain-name-servers ${COBBLER_SERVER_IP};/g" /etc/cobbler/dhcp.template
sed -i "18s/option subnet-mask.*/option subnet-mask ${NETMASK};/g" /etc/cobbler/dhcp.template
sed -i "19s/range dynamic-bootp.*/range dynamic-bootp ${RANGE_DHCP_IP_START} ${RANGE_DHCP_IP_STOP};/g" /etc/cobbler/dhcp.template
sed -i "26s/primary.*/primary ${COBBLER_SERVER_IP};/g" /etc/cobbler/dhcp.template
#http vhost for forman
sed -i "17s/<VirtualHost.*/<VirtualHost ${COBBLER_SERVER_IP}:443>/g" /etc/httpd/conf.d/foreman.conf
/etc/init.d/cobblerd restart
cobbler sync

5.1 创建用户create_user.sh(项目集成,非必须)

## 创建特权用户 mg
export username=mg
groupadd -g 1000 ${username}
useradd -u 1000 -g root ${username}
# 导入公钥
mkdir /home/${username}/.ssh
chmod 700 /home/${username}/.ssh
touch /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFeJzvel8YAXWBF9qUO8ov5gY+83O0aOL4sPL45fO8kdXc7qCQkcjnsFshbBMBh5EjlFqrM8gv4n7oV2kQbIC0+rprMWIYl4L479dPeIBvcwe3oCw/3Jmt5i3tzG8s/2r0HYryU79b/JUJ7ANvdxeAKAEqs76aFKvg5o2jtNu/DB82KaUZ6n8wgJeR0WR1obhSCsyqz/eZF9lRzSfoBoeX+Y9oq8WqkGHzBV2fS1a1Rf3t3IsGKxHl8O1gqQtW5/0rP+TXgl+hxOZQKxPRjxjyG8fxmdktK0j+rJSP9iiBS7kHgxZZnQHSd+W5mQZCm6at4hXy/zXGv9IL71FvU1Pw==' >> /home/${username}/.ssh/authorized_keys
cp ${WOKR_SPACE}/COPY_FILES/id_rsa/mg_rsa /home/${username}/.ssh/id_rsa
chmod 400 /home/${username}/.ssh/id_rsa
filePath="/home/${username}/.ssh/config"
cat <<EOF > "$filePath"
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chown -R ${username}:${username} /home/${username}/.ssh
## 创建特权用户 autodep
export username=autodep
groupadd -g 1001 ${username}
useradd -u 1001 -g root ${username}
# 导入公钥
mkdir /home/${username}/.ssh
chmod 700 /home/${username}/.ssh
touch /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvw0Shufrg3L3p2pq5opjeywDNJ83o5VlkWiicHmiNRe7mqfA/lGw466COQ5XuQjagRejMh8oQ2SRyZk/4j2jnRCGB3YorNE+fjXmdFcf11Z5oN8MyeX8OnE7tCZLRFiXrOgw8xRaGnW1Jw3lpejzZErtjpVJY9gkFJmSH1eZStj5bLP7enni26gLg2Fb8LjrZJxbiHwEoMuIDW3WzFP2ASwoQq+nr6lLK61kP1QL443AXM9hkqKi0AXTaOvdjokKsD7i+VrlhWXQINQoAxttphJwSNLEGKh+K6gMpwRYoeC2AZmoLBDyrX/sJPcKQCTiuL8c4mXItWThfDyJPtkV6Q==' >> /home/${username}/.ssh/authorized_keys
filePath="/home/${username}/.ssh/config"
cp ${WOKR_SPACE}/COPY_FILES/id_rsa/autodep_rsa /home/${username}/.ssh/id_rsa
chmod 400 /home/${username}/.ssh/id_rsa
cat <<EOF > "$filePath"
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chown -R ${username}:${username} /home/${username}/.ssh
## 创建其他用户
export username=www
groupadd -g 1100 ${username}
useradd -u 1100 -g ${username} ${username}
export username=zabbix
groupadd -g 1101 ${username}
useradd -u 1101 -g ${username} ${username}
echo 'mg        ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers
echo 'autodep   ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers

6.1 服务器内核优化脚本

#!/bin/sh
# 关闭不需要的服务
service abrt-ccpp stop
chkconfig abrt-ccpp off
service abrt-oops stop
chkconfig abrt-oops off
service abrtd stop
chkconfig abrtd off
service acpid stop
chkconfig acpid off
service atd stop
chkconfig atd off
service autitd stop
chkconfig autitd off
service autofs stop
chkconfig autofs off
service avahi-daemon stop
chkconfig avahi-daemon off
service certmonger stop
chkconfig certmonger off
service cpuspeed start
chkconfig cpuspeed on
service cups stop
chkconfig cups off
service haldaemon start
chkconfig haldaemon on
# service kdump stop
# chkconfig kdump off
service mdmonitor stop
chkconfig mdmonitor off
service netfs stop
chkconfig netfs off
service nfslock stop
chkconfig nfslock off
service rpcbind stop
chkconfig rpcbing off
# service rpcgssd stop
# chkconfig rpcgssd off
service rpcidmapd stop
chkconfig rpcidmapd off
service rpcsvcgssd stop
chkconfig rpcsvcgssd off
# 内核优化
filePath="/etc/sysctl.conf"
cat <<'EOF' >> $filePath
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 4096
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024   65000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_rmem = 4096 4096 16777216
net.ipv4.tcp_wmem = 4096 4096 16777216
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_sack = 0
fs.file-max = 1300000
EOF
sysctl -p
# 文件描述、用户最大进程数优化
filePath="/etc/security/limits.conf"
cat <<'EOF' >> $filePath
* soft noproc 65535
* hard noproc 65535
* soft nofile 65535
* hard nofile 65535
EOF

7.1 server_deploy.sh Cobbler主安装脚本

#!/bin/sh
# 引入通用模块
export WOKR_SPACE=`dirname $0`
# 引入本脚本的配置文件
. ${WOKR_SPACE}/conf/server_deploy.conf
# 创建ISO的客户源
#     参数 1:clientOS
#     参数 2:clientArch
#     参数 3:isoFile1
#     参数 4:isoFile2
function createIsoRepos(){
    clientOS=$1
    clientArch=$2
    isoFile1=$3
    isoFile2=$4

    # 创建distro
    # 1. 通过ISO文件来创建 distro
    # mount -t iso9660 -o loop /opt/software/CentOS-6.3-x86_64-bin-DVD1.iso /mnt
    # 2. 通过CDROM中来创建 distro
    # mount -t iso9660 /dev/cdrom /mnt
    mntPath='/mnt'
    mkdir  $mntPath
    umount $mntPath
    mount -t iso9660 -o loop $isoFile1 $mntPath
    rtv=$?
    if [ $rtv -ne 0 ];then
        echo "mount 本地IOS[${isoFile1}]失败,接下来尝试mount CDROM"
        mntPath='/mnt/cdrom'
        mkdir  $mntPath
        umount $mntPath
        mount -t iso9660 /dev/cdrom $mntPath
        rtv=$?
        if [ $rtv -ne 0 ];then
            echo "mount CDROM失败:cobbler创建distro失败,排查问题后,请手动执行。"
            exit
        fi
    fi
    # 创建distro
    echo "创建distro."
    cobbler import --path=$mntPath --name=$clientOS --arch=$clientArch
    osArchName="${clientOS}-${clientArch}"
    # 配置kickstarts文件
    echo "配置kickstarts文件."
    /bin/cp -f ${WOKR_SPACE}/COPY_FILES/kickstarts/huacloud_GlusterFS.ks /var/lib/cobbler/kickstarts/huacloud_GlusterFS.ks
    cobbler profile edit --name="${osArchName}" --kickstart="/var/lib/cobbler/kickstarts/huacloud_GlusterFS.ks" --ksmeta="NTP_SERVER=${NTP_SERVER}"
    # 拷贝puppet的snippets
    echo "拷贝puppet的snippets"
    /bin/cp -f ${WOKR_SPACE}/COPY_FILES/snippets/puppet_register_if_enabled  /var/lib/cobbler/snippets/
    sed -i "s/#puppet_dns#/${srv_hostname}/g" /var/lib/cobbler/snippets/puppet_register_if_enabled
    # 创建默认的system
    # logInfo "创建默认的system"
    # cobbler system add --name=default --profile=${osArchName}
    # 更新distro的本地源
    echo "添加distro的本地源(DVD2)"
    umount $mntPath
    mntPath='/mnt'
    mount -t iso9660 -o loop $isoFile2 $mntPath
    rtv=$?
    if [ $rtv -ne 0 ];then
        echo "mount 本地IOS[${isoFile2}]失败。"
    fi
    /bin/cp -rf ${mntPath}/Packages /var/www/cobbler/ks_mirror/${osArchName}/Packages-dvd2
    compsFilePath=`ls /var/www/cobbler/ks_mirror/${osArchName}/repodata/*comps.xml`
    createrepo --update -c cache -s sha --groupfile $compsFilePath /var/www/cobbler/ks_mirror/${osArchName}
}
# 创建Autodeploy源
function createAutodeployRepos(){
    echo "创建Autodeploy源"
    osArchName=CentOS6-x86_64
    localDownload="/var/www/cobbler/before_sync/${osArchName}-Autodeploy"
    mkdir -p $localDownload
    cp -rf ${WOKR_SPACE}/packages/Packages-Autodeploy/* $localDownload
    cobbler repo add --name="${osArchName}-Autodeploy" --mirror="${localDownload}"
    # createrepo -c cache -s sha /var/www/cobbler/repo_mirror/CentOS6.3-x86_64-Autodeploy
    cobbler reposync
    if [ $rtv -ne 0 ];then
        echo "cobbler reposync失败。"
    fi
    # cobbler profile edit --name="${osArchName}" --repos="${osArchName}-Autodeploy"
}
# 编辑profile
function editprofile()
{
    osArchName=CentOS6-x86_64
    clientOS=$1
    clientArch=$2
    cobbler profile edit --name="${clientOS}-${clientArch}" --repos="${osArchName}-Autodeploy"
    if [ $? -ne 0 ]
    then
        logErr "cobbler edit profile --name=${clientOS}-${clientArch} --repos=${osArchName}-Autodeploy 失败,请检查 name 或 repos 是否已创建!"
        exit 1
    fi
}
#################################### Main #####################################
filePath="/etc/hosts"
echo "init $filePath"
cat <<EOF > "$filePath"
127.0.0.1   ${srv_short_hostname} localhost localhost.localdomain
::1         ${srv_short_hostname} localhost localhost.localdomain
${srv_ip}   ${srv_hostname}
EOF
hostname ${srv_hostname}
filePath="/etc/sysconfig/network"
echo"init $filePath"
cat <<EOF > "$filePath"
NETWORKING=yes
HOSTNAME=${srv_hostname}
EOF
# 配置DNS
filePath="/etc/resolv.conf"
grep nameserver $filePath
rtv=$?
if [ $rtv -ne 0 ];then
    cat <<EOF > "$filePath"
domain ${domain_suffix}
search ${domain_suffix}
nameserver ${dns_server}
EOF
fi
# 创建用户、并导入公钥
echo "创建用户、并导入公钥"
filePath="${WOKR_SPACE}/creat_user.sh"
sh $filePath
rtv=$?
if [ $rtv -ne 0 ];then
    echo "创建用户有异常 $filePath"
fi
# rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0
chkconfig ip6tables off
/etc/init.d/ip6tables stop
iptables -F
iptables -X
service iptables save
# 设置NTP服务
service ntpd stop
cat <<EOF >"/etc/ntp.conf"
driftfile /var/lib/ntp/drift
restrict  default  nomodify
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict ${srv_ip}
restrict -6 ::1
server ${srv_ip}
server  127.127.1.0
fudge   127.127.1.0    stratum 10
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
EOF
/usr/sbin/ntpdate 0.centos.pool.ntp.org && /sbin/hwclock -w
chkconfig ntpd on
service ntpd start
# 系统内核优化
echo "系统内核优化"
filePath="${WOKR_SPACE}/optimize_kernel.sh"
sh $filePath
echo "Yum install cobbler."
# yum -y install cman tftp-server dhcp cobbler cobbler-web bind pykickstart
mv /etc/yum.repos.d/ /etc/yum.repos.d.bak
yum -y localupdate ${WOKR_SPACE}/packages/Packages-cobbler/*
yum -y localinstall ${WOKR_SPACE}/packages/Packages-cobbler/*
mv /etc/yum.repos.d.bak/ /etc/yum.repos.d
# 配置tftpd和rsync服务
sed -i '/disable/c\\tdisable\t\t\t= no' /etc/xinetd.d/tftp
sed -i -e 's/\=\ yes/\=\ no/g' /etc/xinetd.d/rsync
chkconfig xinetd on
service xinetd start
# 配置web可以登陆
sed -i 's/module = authn_denyall/module = authn_configfile/g' /etc/cobbler/modules.conf
# 设置cobbler用户WEB登陆密码
echo "${cobbler_web_cobbler_login}" > /etc/cobbler/users.digest
chmod 644 /etc/cobbler/users.digest
# 设置cobber server地址
sed -i "s/^server: 127.0.0.1/server: ${srv_ip}/g" /etc/cobbler/settings
# 设置nextserver地址
sed -i "s/next_server: 127.0.0.1/next_server: ${next_server}/g" /etc/cobbler/settings
# 设置不重复安装
sed -i 's/pxe_just_once: 0/pxe_just_once: 1/g' /etc/cobbler/settings
# 设置puppet server
sed -i 's/puppet_auto_setup: 0/puppet_auto_setup: 1/g' /etc/cobbler/settings
sed -i 's/sign_puppet_certs_automatically: 0/sign_puppet_certs_automatically: 1/g' /etc/cobbler/settings
sed -i 's/puppetca_path: "\/usr\/sbin\/puppetca"/puppetca_path: "\/usr\/bin\/puppet"/g' /etc/cobbler/settings
sed -i 's/remove_old_puppet_certs_automatically: 0/remove_old_puppet_certs_automatically: 1/g' /etc/cobbler/settings
sed -i "s/cmd = \[puppetca_path, '--clean', hostname\]/cmd = [puppetca_path, 'cert', '--clean', hostname]/g" /usr/lib/python2.6/site-packages/cobbler/modules/install_pre_puppet.py
sed -i "s/cmd = \[puppetca_path, '--sign', hostname\]/cmd = [puppetca_path, 'cert', '--sign', hostname]/g" /usr/lib/python2.6/site-packages/cobbler/modules/install_post_puppet.py
# 设置cobbler管理rsync
sed -i 's/manage_rsync: 0/manage_rsync: 1/g' /etc/cobbler/settings
# 设置cobbler管理dhcp
sed -i 's/manage_dhcp: 0/manage_dhcp: 1/g' /etc/cobbler/settings
# 设置cobbler管理dns
sed -i 's/manage_dns: 0/manage_dns: 1/g' /etc/cobbler/settings
# 配置DHCP服务
filePath="/etc/cobbler/dhcp.template"
echo "init dhcp $filePath"
cat <<EOF > "$filePath"
server-identifier ${srv_ip};
default-lease-time 28800;
max-lease-time 432000;
log-facility local7;
ddns-update-style interim;
allow booting;
allow bootp;
ignore client-updates;
set vendorclass = option vendor-class-identifier;
subnet ${dhcp_subnet} netmask ${dhcp_netmask} {
     option routers             ${gateway};
     option domain-name-servers ${dns_server};
     option subnet-mask         ${dhcp_netmask};
     range dynamic-bootp        ${dhcp_range_start} ${dhcp_range_end};
     filename                   "/pxelinux.0";
     next-server                \$next_server;
}
zone ${domain_suffix} {
    # DNS Server IP
    primary ${dns_server};
}
EOF
cat <<'EOF' >> "$filePath"
#for dhcp_tag in $dhcp_tags.keys():
    ## group could be subnet if your dhcp tags line up with your subnets
    ## or really any valid dhcpd.conf construct ... if you only use the
    ## default dhcp tag in cobbler, the group block can be deleted for a
    ## flat configuration
# group for Cobbler DHCP tag: $dhcp_tag
group {
        #for mac in $dhcp_tags[$dhcp_tag].keys():
            #set iface = $dhcp_tags[$dhcp_tag][$mac]
    host $iface.name {
        hardware ethernet $mac;
        #if $iface.ip_address:
        fixed-address $iface.ip_address;
        #end if
        #if $iface.hostname:
        option host-name "$iface.hostname";
        #end if
        #if $iface.netmask:
        option subnet-mask $iface.netmask;
        #end if
        #if $iface.gateway:
        option routers $iface.gateway;
        #end if
        #if $iface.enable_gpxe:
        if exists user-class and option user-class = "gPXE" {
            filename "http://$cobbler_server/cblr/svc/op/gpxe/system/$iface.owner";
        } else {
            filename "undionly.kpxe";
        }
        #else
        filename "$iface.filename";
        #end if
        ## Cobbler defaults to $next_server, but some users
        ## may like to use $iface.system.server for proxied setups
        next-server $next_server;
        ## next-server $iface.next_server;
    }
        #end for
}
#end for
EOF
# 配置DNS服务
sed -i "s/manage_forward_zones: \[\]/manage_forward_zones: \['${domain_suffix}']/g" /etc/cobbler/settings
filePath="/etc/cobbler/named.template"
echo "init dns $filePath"
cat <<EOF > "$filePath"
options {
    listen-on port 53 { any; };
    directory       "/var/named";
    dump-file       "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    recursion no;
};
logging {
    channel default_debug {
        file "data/named.run";
        severity dynamic;
    };
};
#for \$zone in \$forward_zones
zone "\${zone}." {
    type master;
    file "\$zone";
    allow-update { ${dns_server}; };
};
#end for
EOF
filePath="/etc/cobbler/zone.template"
cat <<EOF > "$filePath"
\\\$TTL 300
@                       IN      SOA     master.${domain_suffix}. admin-mail.${domain_suffix}. (
                                        \$serial   ; Serial
                                        600         ; Refresh
                                        1800         ; Retry
                                        604800       ; Expire
                                        300          ; TTL
                                        )
@                       IN      NS      master.${domain_suffix}.
master.${domain_suffix}.        IN      A       \$cobbler_server
${srv_hostname}.       IN      A       \$cobbler_server
\$host_record
EOF
# 设置root默认密码
eval "sed -i 's/^default_password_crypted.*/default_password_crypted: ${cobbler_client_root_passwd}/g' /etc/cobbler/settings"
# 关闭不需要的服务
# 启动相关服务
chkconfig httpd on
chkconfig cobblerd on
chkconfig named on
chkconfig dhcpd on
/etc/init.d/httpd start
/etc/init.d/cobblerd start
### cobbler get-loaders
echo "init cobbler get-loaders."
mkdir -p /var/lib/cobbler/loaders
cp ${WOKR_SPACE}/COPY_FILES/loaders/* /var/lib/cobbler/loaders/
chmod 644 /var/lib/cobbler/loaders/*
echo "cobbler check"
cobbler check
echo "cobbler sync"
cobbler sync
rtv=$?
if [ $rtv -ne 0 ];then
    echo "cobbler 部署异常,请检查。"
    exit
fi
# 创建客户系统源
index=0;
for j in "${clientOS[@]}"
do
    createIsoRepos ${clientOS[$index]} ${clientArch[$index]} ${isoFile1[$index]} ${isoFile2[$index]}
    (( ++index  ))
done
# 创建Autodeploy源
createAutodeployRepos
# 编辑profile
index=0;
for j in "${clientOS[@]}"
do
    editprofile ${clientOS[$index]} ${clientArch[$index]}
    (( ++index  ))
done
# 将本地源优先,将网络源置为失效
mkdir -p /etc/yum.repos.d/useless
mv /etc/yum.repos.d/* /etc/yum.repos.d/useless
cp ${WOKR_SPACE}/COPY_FILES/yum.repos.d/* /etc/yum.repos.d
# 添加本机信息到cobbler中
cobbler system add \
--name=${srv_hostname} --ip-address=${srv_ip} --subnet=${dhcp_netmask} \
--profile=CentOS6.3-x86_64 --netboot-enabled=N
cobbler check
cobbler sync
echo"End to deploy. exit(${returnValue})"

本文出自 “Magine” 博客,转载请与作者联系!

Similar Posts:

  • 比Ansible更吊的自动化运维工具,自动化统一安装部署_自动化部署udeploy 1.0

    新增功能: 2015-03-11 除pass(备份与更新)与start(启动服务)外,实现一切自动化. 注:pass与start设为业务类,由于各类业务不同,所以无法实现自动化.同类业务除外,如更新的都是tomcat的war包等... 新增"list"快捷键,快速操作list规则文件. 简化代码冗余,合拼原有exec工具类到tools. 修复上一轮版本配置文件乱码问题. 新增部署成功后系统版本监控功能. 2015-01-28 逻辑与业务分离,完美实现逻辑与业务分离,业务实现统一shel

  • 使用Kickstart安装脚本全自动快速部署CentOS 6.0

    全自动化部署安装操作系统的应用场合十分广泛.相较于传统的手动安装,省时.省力:同时也能避免出现人为的误操作:在大型系统(如政府部分.企业集团)当中,保证所有服务器的配置.安全设置.文件系统.服务程序的一致性更显得尤为重要.基于此,Red Hat系统下的Kickstart安装脚本应运而生.通过这样一个脚本,linux管理员可以创建统一的自定义系统配置.软件等等.本文中笔者将为各位介绍如何使用Kickstart安装CentOS 6.0. 在CentOS的安装过程中Kickstart使用脚本文件与其进

  • 使用自动化部署 2

    软件部署常常被视为不可避免的麻烦,可以在遇到它时应付一下,以后就不用理会了.但是,与开发周期的其他部分一样,可以并且应该对部署应用软件工程原理.在手工进行部署时,部署是一个重复且容易出现错误的流程.正如可以通过自动化构建来减少错误并加快软件开发,也可以通过自动化部署流程来减少错误和加快软件交付. 在前面的一期让开发自动化 "使用自动化加速部署" 中,介绍了一种把软件远程部署到多个目标环境中的技术.本文在更高的层面上讨论自动化部署.正如存在一些用于软件开发的模式,也有一些用于部署的模式.

  • 使用cobbler自动化部署系统

    一.Cobbler简介 Red Hat 最新(Cobbler项目最初在2008年左右发布)发布了网络安装服务器套件 Cobbler(补鞋匠),它已将 Linux 网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会.I am just joking! 二.Cobbler功能特性 使用 Cobbler,您无需进行人工干预即可安装机器.Cobbler 设置一个 PXE 引导环境(它还可使用 yaboot 支持 PowerPC),并控制与安装相关的所有方面,比如网络引导服务(D

  • Apache,tomcat,nginx,apache+tomcat,nginx+tomcat自动化安装脚本

    Apache,tomcat,nginx,apache+tomcat,nginx+tomcat自动化安装脚本 #!/bin/bash #Auto Install Apache Tomcat Nginx apache+tomcat nginx+tomcat. #apache version: 2.2.17 download: http://httpd.apache.org/download.cgi#apache22 #jdk version: 1.6 download: http://www.ora

  • cobbler安装配置及案例详解

    转载自http://www.it165.net/os/html/201311/6703.html 一.前言 在上篇博客中我们讲解了cobbler命令的详细使用,并在最后我们详细的讲解了Cobbler安装CentOS5.5全部过程,不清楚的博友可以先参考上一篇博文(http://www.it165.net/os/html/201311/6695.html),在这一篇博客中我们主要和大家总结一下上几篇博客讲解的内容,并详细讲解一下自定义Kickstart文件与Cobbler相关目录的说明,最后以一个

  • 使用自动化部署服务拓展Windows系统平台

    网络数据中心管理员在拓展基于Microsoft Windows 操作系统(OS)的服务器部署时面临重大挑战.凭借Windows Server 2003,Enterprise Edition 自动化部署服务(ADS)的映像工具,管理员能够在裸机服务器上有效部署Windows操作系统,以及通过基于脚本程序的远程运行来管理大量Windows服务器通过提供以下特性,ADS可以帮助IT管理员从容对拓展时面临的挑战: 安全.可扩展的远程部署: 使用集成ADS服务的自动化部署可以促进裸机服务器上安全.可审核.

  • 负载均衡LVS+keepalived部署笔记(一)(转自sunglass&#039;blog,有改动)

    负载均衡LVS+keepalived部署笔记一.为什么选择LVS.(一).基本术语: Load Balancer(负载均衡器): Load Balancer是整个集群系统的前端,负责把客户请求转发到Real Server上. Backup是备份Load Balancer,当Load Balancer不可用时接替它,成为实际的Load Balancer. Load Balancer通过Ldirectord监测各Real Server的健康状况.在Real Server不可用时把它从群中剔除,恢复时

  • MySQL主从复制原理及配置详细过程以及主从复制集群自动化部署的实现

    Technorati 标签: 那你魔鬼 一.复制概述 Mysql内建的复制功能是构建大型,高性能应用程序的基础.将Mysql的数据分布到多个系统上去,这种分布的机制,是通过将Mysql的某一台主机的数据复制到其它主机(slaves)上,并重新执行一遍来实现的.复制过程中一个服务器充当主服务器,而一个或多个其它服务器充当从服务器.主服务器将更新写入二进制日志文件,并维护文件的一个索引以跟踪日志循环.这些日志可以记录发送到从服务器的更新.当一个从服务器连接主服务器时,它通知主服务器从服务器在日志中读

  • Azure自动化部署服务 (1)

    Azure中已经发布了自动化部署服务的PaaS功能. 本文将介绍自动化服务Automation初始化过程. 在Azure Management Portal上左边可以看到Azure的各种服务,其中一项为自动化,就是Automation的PaaS服务. 选中"自动化",然后点击"创建" 为自动化取名"mytest",目前只有中国北部有Automation的服务: 点击"mytest"进入此Automation: 创建后,先添加用

Tags: