脚本背景
为了应对系统工程组长时间在外出差给客户部署并演示公司产品,我们也迫切需要一个可以快速、批量并且还能对定制化修改的工具来缩短在部署操作系统上所花掉的时间。同时,为了客户操作系统能够快速的注册到Puppet Server 服务器,我们也需要将Puppet集成到部署服务里面,所以我们选择了Cobbler。目前Cobbler能够完美的集成Puppet服务,这给我们部署环境节省了大量的时间。本文也在再次记录了在也安装过程为作为项目组的自动化运维工具集成打下前期基础。
运行环境
OS:CentOS release 6.3 x86_64 (Final)
脚本结构
主要包括以下几部分
1. conf/server_deploy.conf 脚本部署主要外置环境变量
2. COPY_FILES安装过程中需要拷贝的文件
1).用户公钥(项目集成,非必须)
2).kisckstarts文件
3).cobbler系统安装引导文件
4).Snippets系统定制脚本
5).yum软件源配置(项目集成,非必须)
3.packages
1).Autodeploy本地源所需软件包(项目集成,非必须)
2).Cobbler安装文件rpm包
4.Cobbler_ChangeMe.sh 后期维护使用脚本
5.create_user.sh 创建用户脚本(项目集成,,非必须)
6.optimize_kernel.sh 系统优化脚本(项目集成,非必须)
7.server_deploy.sh Cobbler主部署脚本
脚本内容
1.1 server_deploy.sh
#### 基础设置 ##### 域名domain_suffix=cloud.com# 本机主机名srv_short_hostname=autosrv_hostname=${srv_short_hostname}.${domain_suffix}# 本机IP地址srv_ip=10.1.0.250#### NTP 设置 ####NTP_SERVER=$srv_ip#### 本机DHCP设置 ####dns_server=$srv_ipnext_server=$srv_ip#DHCP子网dhcp_subnet=10.1.0.0#子网掩码dhcp_netmask=255.255.254.0#DHCP开始地址dhcp_range_start=10.1.0.200#DHCP结束地址dhcp_range_end=10.1.0.240#网关gateway=10.1.0.1#### Cobbler 设置 ###### 配置多个客户端的系统 Start #### 操作系统 1clientOS[0]=CentOS6.3clientArch[0]=x86_64# 通过本地ISO文件,来创建cobbler的库(如果不存在会尝试从CDROM创建)isoFile1[0]=/opt/software/CentOS-6.3-x86_64-bin-DVD1.isoisoFile2[0]=/opt/software/CentOS-6.3-x86_64-bin-DVD2.iso# 操作系统 2clientOS[1]=CentOS6.4clientArch[1]=x86_64# 通过本地ISO文件,来创建cobbler的库(如果不存在会尝试从CDROM创建)isoFile1[1]=/opt/software/CentOS-6.4-x86_64-bin-DVD1.isoisoFile2[1]=/opt/software/CentOS-6.4-x86_64-bin-DVD2.iso## 配置多个客户端的系统 END ### 被安装的操作系统ROOT密码# openssl passwd -1 -salt ‘cloud’ ‘cloud’# $1$cloud$v4cy8ItxPZLX8ybgkgrvT.cobbler_client_root_passwd=’$1$cloud$v4cy8ItxPZLX8ybgkgrvT.’# 设置cobbler服务的WEB登陆密码# htdigest /etc/cobbler/users.digest “Cobbler” admin ZAQ!xsw2# user:admin# passwd:ZAQ!xsw2cobbler_web_cobbler_login=”admin:Cobbler:12343e633e8d30ab2645a6731ffee822″
2.1. 用户公钥(略,用ssh-keygen即可生成)
2.2. kickstart文件
#platform=x86, AMD64, or Intel EM64T#version=DEVEL# Firewall configurationfirewall –disabled# Install OS instead of upgradeinstall# Use network installationurl –url=$tree#the dirver of raid,and “http://url” use the cobbler server IP.the dirver upload /var/www/html/#driverdisk –source=http://10.10.11.49/megasr-15.01.2013.0115-1-rhel63-ga-x86_64.img# If any cobbler repo definitions were referenced in the kickstart profile, include them here.$yum_repo_stanza# Root passwordrootpw –iscrypted $default_password_crypted# System authorization informationauth –useshadow –passalgo=sha512# Use text mode installtextfirstboot –disable# System keyboardkeyboard us# System languagelang en_US# SELinux configurationselinux –disabled# Do not configure the X Window Systemskipx# Installation logging levellogging –level=info# Network information$SNIPPET(‘network_config’)# Reboot after installationreboot# System timezonetimezone Asia/Chongqing# System bootloader configurationbootloader –location=mbr# Clear the Master Boot Recordzerombr# Partition clearing informationclearpart –all########################################## Disk partitioning information.# As well as your env.part /boot –fstype=”ext4″ –size=200part swap –fstype=”swap” –size=32768part pv.01 –size=1 –growvolgroup vg_root pv.01logvol / –vgname=vg_root –size=204800 –name=lv_root#########################################%pre$SNIPPET(‘log_ks_pre’)$SNIPPET(‘kickstart_start’)$SNIPPET(‘pre_install_network_config’)# Enable installation monitoring$SNIPPET(‘pre_anamon’)%end%packages$SNIPPET(‘puppet_install_if_enabled’) #install puppet when the os installing@additional-devel@base@chinese-support@console-internet@core@debugging@development@directory-client@hardware-monitoring@java-platform@large-systems@network-file-system-client@performance@perl-runtime@system-management-snmp@server-platform@server-platform-devel@server-policy@system-admin-toolsyum-plugin-prioritieslibXinerama-develxorg-x11-proto-develstartup-notification-devellibgnomeui-devellibbonobo-devellibXau-devellibgcrypt-develpopt-devellibXrandr-devellibxslt-devellibglade2-develgnutls-develpaxoddjobsgpiomtoolssystemtap-clientjpackage-utilscertmongerpam_krb5krb5-workstationperl-DBD-SQLitescreentree%post$SNIPPET(‘log_ks_post’)# Start yum configuration$yum_config_stanza# End yum configuration$SNIPPET(‘post_install_kernel_options’)$SNIPPET(‘post_install_network_config’)$SNIPPET(‘puppet_register_if_enabled’)$SNIPPET(‘download_config_files’)$SNIPPET(‘koan_environment’)##### Start to customize client OS #####PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:$PATH# SELinux iptableschkconfig ip6tables offservice ip6tables stopservice iptables startiptables -Fiptables -Xservice iptables saveservice ntpd stopsed -i “/0.centos.pool.ntp.org/i server ${NTP_SERVER} prefer” /etc/ntp.conf/usr/sbin/ntpdate $NTP_SERVER && /sbin/hwclock -wchkconfig ntpd onservice ntpd startusername=mggroupadd -g 1000 ${username}useradd -u 1000 -g root ${username}mkdir /home/${username}/.sshchmod 700 /home/${username}/.sshtouch /home/${username}/.ssh/authorized_keyschmod 600 /home/${username}/.ssh/authorized_keysecho ‘ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyFeJzvel8YAXWBF9qUO8ov5gY+83O0aOL4sPL45fO8kdXc7qCQkcjnsFshbBMBh5EjlFqrM8gv4n7oV2kQbIC0+rprMWIYl4L479dPeIBvcwe3oCw/3Jmt5i3tzG8s/2r0HYryU79b/JUJ7ANvdxeAKAEqs76aFKvg5o2jtNu/DB82KaUZ6n8wgJeR0WR1obhSCsyqz/eZF9lRzSfoBoeX+Y9oq8WqkGHzBV2fS1a1Rf3t3IsGKxHl8O1gqQtW5/0rP+TXgl+hxOZQKxPRjxjyG8fxmdktK0j+rJSP9iiBS7kHgxZZnQHSd+W5mQZCm6at4hXy/zXGv9IL71FvU1Pw==’ >> /home/${username}/.ssh/authorized_keyschown -R ${username}:${username} /home/${username}/.sshfilePath=”/home/${username}/.ssh/config”cat <<EOF > “$filePath”StrictHostKeyChecking noUserKnownHostsFile /dev/nullEOFchown -R ${username}:${username} /home/${username}/.sshusername=autodepgroupadd -g 1001 ${username}useradd -u 1001 -g root ${username}mkdir /home/${username}/.sshchmod 700 /home/${username}/.sshtouch /home/${username}/.ssh/authorized_keyschmod 600 /home/${username}/.ssh/authorized_keysecho ‘ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvw0Shufrg3L3p2pq5opjeywDNJ83o5VlkWiicHmiNRe7mqfA/lGw466COQ5XuQjagRejMh8oQ2SRyZk/4j2jnRCGB3YorNE+fjXmdFcf11Z5oN8MyeX8OnE7tCZLRFiXrOgw8xRaGnW1Jw3lpejzZErtjpVJY9gkFJmSH1eZStj5bLP7enni26gLg2Fb8LjrZJxbiHwEoMuIDW3WzFP2ASwoQq+nr6lLK61kP1QL443AXM9hkqKi0AXTaOvdjokKsD7i+VrlhWXQINQoAxttphJwSNLEGKh+K6gMpwRYoeC2AZmoLBDyrX/sJPcKQCTiuL8c4mXItWThfDyJPtkV6Q==’ >> /home/${username}/.ssh/authorized_keysfilePath=”/home/${username}/.ssh/config”cat <<EOF > “$filePath”StrictHostKeyChecking noUserKnownHostsFile /dev/nullEOFchown -R ${username}:${username} /home/${username}/.sshusername=wwwgroupadd -g 1100 ${username}useradd -u 1100 -g ${username} ${username}username=zabbixgroupadd -g 1101 ${username}useradd -u 1101 -g ${username} ${username}echo ‘mgALL=(ALL)NOPASSWD: ALL’ >> /etc/sudoersecho ‘autodep ALL=(ALL)NOPASSWD: ALL’ >> /etc/sudoersmkdir -p /etc/yum.repos.d/uselessmv /etc/yum.repos.d/CentOS-* /etc/yum.repos.d/uselessmkdir -p /opt/servermkdir -p /opt/softwaremkdir -p /opt/appsservice abrt-ccpp stopchkconfig abrt-ccpp offsercice abrt-oops stopchkconfig abrt-oops offservice abrtd stopchkconfig abrtd offservice acpid stopchkconfig acpid offservice atd stopchkconfig atd offservice autitd stopchkconfig autitd offservice autofs stopchkconfig autofs offservice avahi-daemon stopchkconfig avahi-daemon offservice certmonger stopchkconfig certmonger offservice cpuspeed startchkconfig cpuspeed onservice cups stopchkconfig cups offservice haldaemon startchkconfig haldaemon on# service kdump stop# chkconfig kdump offservice mdmonitor stopchkconfig mdmonitor offservice netfs stopchkconfig netfs offservice nfslock stopchkconfig nfslock offservice rpcbind stopchkconfig rpcbind off# service rpcgssd stop# chkconfig rpcgssd offservice rpcidmapd stopchkconfig rpcidmapd offservice rpcsvcgssd stopchkconfig rpcsvcgssd offecho “net.core.netdev_max_backlog = 262144” >> /etc/sysctl.confecho “net.core.somaxconn = 4096” >> /etc/sysctl.confecho “net.ipv4.tcp_max_orphans = 327680” >> /etc/sysctl.confecho “net.ipv4.tcp_max_syn_backlog = 262144” >> /etc/sysctl.confecho “net.ipv4.tcp_timestamps = 0” >> /etc/sysctl.confecho “net.ipv4.tcp_synack_retries = 1” >> /etc/sysctl.confecho “net.ipv4.tcp_syn_retries = 1” >> /etc/sysctl.confecho “net.ipv4.tcp_tw_recycle = 1” >> /etc/sysctl.confecho “net.ipv4.tcp_tw_reuse = 1” >> /etc/sysctl.confecho “net.ipv4.tcp_fin_timeout = 1” >> /etc/sysctl.confecho “net.ipv4.tcp_keepalive_time = 30” >> /etc/sysctl.confecho “net.ipv4.ip_local_port_range = 1024 65000” >> /etc/sysctl.confecho “net.ipv4.tcp_syncookies = 1” >> /etc/sysctl.confecho “net.ipv4.tcp_max_syn_backlog = 8192” >> /etc/sysctl.confecho “net.ipv4.tcp_rmem = 4096 4096 16777216” >> /etc/sysctl.confecho “net.ipv4.tcp_wmem = 4096 4096 16777216” >> /etc/sysctl.confecho “net.ipv4.tcp_mem = 94500000 915000000 927000000” >> /etc/sysctl.confecho “net.ipv4.tcp_sack = 0” >> /etc/sysctl.confecho “fs.file-max = 1300000” >> /etc/sysctl.confsysctl -psed -i “s/exec .*/#exec \/sbin\/shutdown -r now s\”Control-Alt-Delete pressed\”/g” /etc/init/control-alt-delete.confsed -i “s/#UseDNS yes/UseDNS no/g” /etc/ssh/sshd_configsed -i “s/^GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/g” /etc/ssh/sshd_configsed -i “s/^GSSAPIAuthentication yes/GSSAPIAuthentication no/g” /etc/ssh/sshd_configrm -rf /etc/udev/rules.d/70-persistent-net.rulesln -s /dev/null /etc/udev/rules.d/70-persistent-net.rules##### End to customize client OS #####$SNIPPET(‘post_anamon’)# Start final steps$SNIPPET(‘kickstart_done’)# End final steps%end
2.3. cobbler系统安装引导文件
COPYING.eliloCOPYING.syslinuxCOPYING.yabootelilo-ia64.efigrub-x86.efigrub-x86_64.efimenu.c32pxelinux.0READMEyaboot
2.4. snippets定制化脚本(集成puppet)
忍耐力较诸脑力,尤胜一筹。
