• 学习Cobbler(一)


     

    一、

    http://cobbler.github.io/

    Cobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many associated Linux tasks so you do not have to hop between many various commands and applications when deploying new systems, and, in some cases, changing existing ones. Cobbler can help with provisioning, managing DNS and DHCP, package updates, power management, configuration management or chestration, and much more.

    百科:

    网络安装服务器套件Cobbler补鞋匠,从前我们一直在做装机民工这份很有前途的职业,自打若干年前RedHat推出了Kickstart,此后我们顿觉身价倍增,不再需要刻了光盘一台一台地安装Linux,只要搞定PXEDHCPTFTP,还有那满屏眼花缭乱不知所云的Kickstart 脚本,我们就可以像哈里波特一样,轻点魔棒,瞬间安装上百台服务器,这一堆花里胡哨的东西可不是一般人都能整明白的,没有大专以上学历,通不过英语四级,根本别想玩转,总而言之,这是一份多么有前途,多么有技术含量的工作啊,很不幸,RedHat最新Cobbler项目最初在2008年左右发布了网络安装服务器套件Cobbler,它已将Linux网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会,对于我们这些在装机领域浸淫多年,经验丰富,老骥伏枥,志在千里的民工兄弟们来说,不啻为一个晴天霹雳;

    使用Cobbler,无需进行人工干预即可安装机器,Cobbler设置一个PXE引导环境(它还可使用yaboot支持PowerPC),并控制与安装相关的所有方面,比如网络引导服务(DHCP TFTP)与存储库镜像,当希望安装一台新机器时,Cobbler 可以:

    使用一个以前定义的模板来配置DHCP 服务(如果启用了管理 DHCP);

    将一个存储库(yumrsync)建立镜像或解压缩一个媒介,以注册一个新操作系统;

    DHCP配置文件中为需要安装的机器创建一个条目,并使用您指定的参数(IPMAC地址);

    TFTFP服务目录下创建适当的PXE文件;

    重新启动DHCP服务以反映更改;

    重新启动机器以开始安装(如果电源管理已启用);

    Cobbler支持众多的发行版:RedHatFedoraCentOSDebianUbuntuSuSE,当添加一个操作系统(通常通过使用ISO 文件)时,Cobbler 知道如何解压缩合适的文件并调整网络服务,以正确引导机器;Cobbler使用命令行方式管理,也提供了基于Web的图形化配置管理工具(cobbler-web);通过配置cobbler自动部署DHCPTFTPHTTP,在安装过程中加载kiskstart无人值守安装应答文件实现无人值守,从客户端使用PXE引导启动安装;

    注:

    cobbler依赖kickstart+tftp+dhcp+pxe

    二、

    [root@test5 ~]# yum -y install httpd dhcp tftp cobbler cobbler-web

    ……

    Installed:

     cobbler.x86_64 0:2.6.11-1.el6   cobbler-web.noarch 0:2.6.11-1.el6   dhcp.x86_64 12:4.1.1-51.P1.el6.centos  

     tftp.x86_64 0:0.49-8.el6       

    Dependency Installed:

     Django14.noarch 0:1.4.21-1.el6                             PyYAML.x86_640:3.10-3.1.el6                      

     createrepo.noarch 0:0.9.9-24.el6                           deltarpm.x86_640:3.5-0.5.20090913git.el6         

     libyaml.x86_64 0:0.1.3-4.el6_6                             mod_ssl.x86_641:2.2.15-55.el6.centos.2           

      mod_wsgi.x86_640:3.2-7.el6                               python-cheetah.x86_64 0:2.4.1-1.el6               

     python-deltarpm.x86_64 0:3.5-0.5.20090913git.el6           python-markdown.noarch0:2.0.1-3.1.el6            

     python-netaddr.noarch 0:0.7.5-4.el6                        python-pygments.noarch0:1.1.1-1.el6              

     python-setuptools.noarch 0:0.6.10-3.el6                    syslinux.x86_640:4.04-3.el6                      

     syslinux-nonlinux.noarch 0:4.04-3.el6                      tftp-server.x86_640:0.49-8.el6                   

     xinetd.x86_64 2:2.3.14-40.el6                            

    Updated:

     httpd.x86_64 0:2.2.15-55.el6.centos.2                                                                         

    Dependency Updated:

      dhclient.x86_6412:4.1.1-51.P1.el6.centos             dhcp-common.x86_64 12:4.1.1-51.P1.el6.centos          

     httpd-tools.x86_64 0:2.2.15-55.el6.centos.2          

    Complete!

    [root@test5 ~]# /etc/init.d/httpd start

    Starting httpd:

    [root@test5 ~]# /etc/init.d/cobblerd start

    Starting cobbler daemon:                                   [  OK  ]

    [root@test5 ~]# /etc/init.d/httpd restart

    Stopping httpd:                                           [  OK  ]

    Starting httpd: httpd: Could not reliablydetermine the server's fully qualified domain name, using 192.168.23.133 forServerName

                                                              [  OK  ]

    [root@test5 ~]# /etc/init.d/cobblerd restart

    Stopping cobbler daemon:                                   [  OK  ]

    Starting cobbler daemon:                                   [  OK  ]

    [root@test5 ~]# cobbler check   #(按步骤一步步修改配置文件)

    The following are potential configurationitems that you may want to fix:

    1 : The 'server' field in/etc/cobbler/settings must be set to something other than localhost, orkickstarting features will not work. This should be a resolvable hostname or IP for the boot server asreachable by all machines that will use it.

    2 : For PXE to be functional, the'next_server' field in /etc/cobbler/settings must be set to something otherthan 127.0.0.1, and should match the IP of the boot server on the PXE network.

    3 : SELinux is enabled. Please review thefollowing wiki page for details on ensuring cobbler works correctly in yourSELinux environment:

        https://github.com/cobbler/cobbler/wiki/Selinux

    4 : change 'disable' to 'no' in/etc/xinetd.d/tftp

    5 : some network boot-loaders are missingfrom /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to downloadthem, or, if you only want to handle x86/x86_64 netbooting, you may ensure thatyou have installed a *recent* version of the syslinux package installed and canignore this message entirely.  Files inthis directory, should you want to support all architectures, should includepxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' commandis the easiest way to resolve these requirements.

    6 : change 'disable' to 'no' in/etc/xinetd.d/rsync

    7 : file /etc/xinetd.d/rsync does not exist

    8 : debmirror package is not installed, itwill be required to manage debian deployments and repositories

    9 : ksvalidator was not found, installpykickstart

    10 : The default password used by thesample templates for newly installed machines (default_password_crypted in/etc/cobbler/settings) is still set to 'cobbler' and should be changed, try:"openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'"to generate new one

    11 : fencing tools were not found, and arerequired to use the (optional) power management features. install cman orfence-agents to use them

    Restart cobblerd and then run 'cobblersync' to apply changes.

    [root@test5 ~]# openssl passwd -1 -salt 'chaizaowen' 'jowin'

    $1$chaizaow$oW7YjOr26CHFrkXsTrJXL1

    [root@test5 ~]# vim /etc/cobbler/settings

    server: 192.168.23.133

    next_server: 192.168.23.133

    default_password_crypted: "$1$chaizaow$oW7YjOr26CHFrkXsTrJXL1"

    manage_dhcp: 1

    manage_tftpd: 1

    manage_rsync: 1

    [root@test5 ~]# getenforce

    Permissive

    [root@test5 ~]# /etc/init.d/iptables stop

    [root@test5 ~]# vim /etc/xinetd.d/tftp

    disable                 = no

    [root@test5 ~]# cobbler get-loaders

    task started: 2017-01-09_190743_get_loaders

    task started (id=Download BootloaderContent, time=Mon Jan  9 19:07:43 2017)

    downloadinghttp://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README

    downloadinghttp://cobbler.github.io/loaders/COPYING.elilo to/var/lib/cobbler/loaders/COPYING.elilo

    downloadinghttp://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot

    downloadinghttp://cobbler.github.io/loaders/COPYING.syslinux to/var/lib/cobbler/loaders/COPYING.syslinux

    downloadinghttp://cobbler.github.io/loaders/elilo-3.8-ia64.efi to/var/lib/cobbler/loaders/elilo-ia64.efi

    downloadinghttp://cobbler.github.io/loaders/yaboot-1.3.17 to/var/lib/cobbler/loaders/yaboot

    downloadinghttp://cobbler.github.io/loaders/pxelinux.0-3.86 to/var/lib/cobbler/loaders/pxelinux.0

    downloadinghttp://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32

    downloadinghttp://cobbler.github.io/loaders/grub-0.97-x86.efi to/var/lib/cobbler/loaders/grub-x86.efi

    downloadinghttp://cobbler.github.io/loaders/grub-0.97-x86_64.efi to/var/lib/cobbler/loaders/grub-x86_64.efi

    *** TASK COMPLETE ***

    [root@test5 ~]# vim /etc/xinetd.d/rsync

    disable = no

    [root@test5 ~]# yum -y install pykickstart

    ……

    Installed:

     pykickstart.noarch 0:1.74.20-1.el6                                                                            

    Complete!

    [root@test5 ~]# vim /etc/cobbler/dhcp.template   #cobbler接管dhcp,改/etc/cobbler/dhcp.template,不能直接改/etc/dhcp/dhcpd.conf

    ……

    #subnet 192.168.1.0 netmask 255.255.255.0 {

    subnet 192.168.23.0 netmask 255.255.255.0 {

        #option routers            192.168.1.5;

        option routers            192.168.23.2;

        #option domain-name-servers 192.168.1.1;

        option domain-name-servers 192.168.23.2;

        option subnet-mask        255.255.255.0;

        range dynamic-bootp       192.168.23.150 192.168.23.254;

        default-lease-time         21600;

        max-lease-time             43200;

        next-server               $next_server;

        class "pxeclients" {

             match if substring (option vendor-class-identifier, 0, 9) ="PXEClient";

             if option pxe-system-type = 00:02 {

                      filename"ia64/elilo.efi";

             } else if option pxe-system-type = 00:06 {

                      filename"grub/grub-x86.efi";

             } else if option pxe-system-type = 00:07 {

                      filename "grub/grub-x86_64.efi";

             } else {

                      filename"pxelinux.0";

             }

        }

    }

    ……

    [root@test5 ~]# /etc/init.d/xinetd restart

    Stopping xinetd:                                          [FAILED]

    Starting xinetd:                                           [ OK  ]

    [root@test5 ~]# /etc/init.d/cobblerd restart

    Stopping cobbler daemon:                                   [  OK  ]

    Starting cobbler daemon:                                   [  OK  ]

    [root@test5 ~]# cobbler sync

    task started: 2017-01-09_213440_sync

    task started (id=Sync, time=Mon Jan  9 21:34:40 2017)

    running pre-sync triggers

    cleaning trees

    removing:/var/lib/tftpboot/pxelinux.cfg/default

    removing: /var/lib/tftpboot/grub/p_w_picpaths

    removing: /var/lib/tftpboot/grub/efidefault

    removing: /var/lib/tftpboot/grub/grub-x86_64.efi

    removing:/var/lib/tftpboot/grub/grub-x86.efi

    removing:/var/lib/tftpboot/s390x/profile_list

    copying bootloaders

    copying:/var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0

    copying: /var/lib/cobbler/loaders/menu.c32-> /var/lib/tftpboot/menu.c32

    copying: /var/lib/cobbler/loaders/yaboot-> /var/lib/tftpboot/yaboot

    copying: /usr/share/syslinux/memdisk ->/var/lib/tftpboot/memdisk

    copying:/var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi

    copying:/var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi

    copying distros to tftpboot

    copying p_w_picpaths

    generating PXE configuration files

    generating PXE menu structure

    rendering DHCP files

    generating /etc/dhcp/dhcpd.conf

    rendering TFTPD files

    generating /etc/xinetd.d/tftp

    cleaning link caches

    rendering Rsync files

    running post-sync triggers

    running python triggers from/var/lib/cobbler/triggers/sync/post/*

    running python trigger cobbler.modules.sync_post_restart_services

    running: dhcpd -t -q

    received on stdout:

    received on stderr:

    running: service dhcpd restart

    received on stdout: Shutting down dhcpd:[  OK ]

    Starting dhcpd: [  OK  ]

    received on stderr:

    running shell triggers from /var/lib/cobbler/triggers/sync/post/*

    running python triggers from/var/lib/cobbler/triggers/change/*

    running python triggercobbler.modules.scm_track

    running shell triggers from/var/lib/cobbler/triggers/change/*

    *** TASK COMPLETE ***

    [root@test5 ~]# cobbler check

    The following are potential configurationitems that you may want to fix:

    1 : SELinux is enabled. Please review thefollowing wiki page for details on ensuring cobbler works correctly in yourSELinux environment:

       https://github.com/cobbler/cobbler/wiki/Selinux

    2 : file /etc/xinetd.d/rsync does not exist

    3 : debmirror package is not installed, itwill be required to manage debian deployments and repositories

    4 : fencing tools were not found, and arerequired to use the (optional) power management features. install cman orfence-agents to use them

    Restart cobblerd and then run 'cobblersync' to apply changes.

    vmware中配置cdrom

    wKiom1h00xyjdNL-AAB7J-42cd4788.jpg

    [root@test5 ~]# mount /dev/cdrom /mnt

    mount: block device /dev/sr0 iswrite-protected, mounting read-only

    [root@test5 ~]# cobbler import --path=/mnt --name rhel-6.5-x86_64 --arch=x86_64

    task started: 2017-01-09_214622_import

    task started (id=Media import, time=MonJan  9 21:46:22 2017)

    Found a candidate signature: breed=redhat,version=rhel6

    Found a matching signature: breed=redhat,version=rhel6

    Adding distros from path/var/www/cobbler/ks_mirror/rhel-6.5-x86_64:

    creating new distro: rhel-6.5-x86_64

    trying symlink:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64 ->/var/www/cobbler/links/rhel-6.5-x86_64

    creating new profile: rhel-6.5-x86_64

    associating repos

    checking for rsync repo(s)

    checking for rhn repo(s)

    checking for yum repo(s)

    starting descent into/var/www/cobbler/ks_mirror/rhel-6.5-x86_64 for rhel-6.5-x86_64

    processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64

    need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64

    looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/repodata/*comps*.xml

    Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/repodata

    processing repo at : /var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer

    need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer

    looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer/repodata/*comps*.xml

    Keeping repodata as-is :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer/repodata

    processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem

    need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem

    looking for /var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem/repodata/*comps*.xml

    Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem/repodata

    processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage

    need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage

    looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage/repodata/*comps*.xml

    Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage/repodata

    processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability

    need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability

    looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability/repodata/*comps*.xml

    Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability/repodata

    processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server

    need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server

    looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server/repodata/*comps*.xml

    Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server/repodata

    *** TASK COMPLETE ***

    注:可将精简的系统做成iso镜像文件

    #mount -o loop /data/rhel-server-6.5-x86_64.iso /mnt/iso  

    #cobbler import --mirror=/mnt/iso --name=rhel-server-6.5-x86_64

    [root@test5 ~]# cobbler profile report

    Name                           : rhel-6.5-x86_64

    TFTP Boot Files                : {}

    Comment                        :

    DHCP Tag                       : default

    Distribution                   : rhel-6.5-x86_64

    Enable gPXE?                   : 0

    Enable PXE Menu?               : 1

    Fetchable Files                : {}

    Kernel Options                 : {}

    Kernel Options (Post Install)  : {}

    Kickstart                      :/var/lib/cobbler/kickstarts/sample_end.ks

    Kickstart Metadata             : {}

    Management Classes             : []

    Management Parameters          : <<inherit>>

    Name Servers                   : []

    Name Servers Search Path       : []

    Owners                        : ['admin']

    Parent Profile                 :

    Internal proxy                 :

    Red Hat Management Key         : <<inherit>>

    Red Hat Management Server      : <<inherit>>

    Repos                          : []

    Server Override                : <<inherit>>

    Template Files                 : {}

    Virt Auto Boot                 : 1

    Virt Bridge                    : xenbr0

    Virt CPUs                      : 1

    Virt Disk Driver Type          : raw

    Virt File Size(GB)             : 5

    Virt Path                      :

    Virt RAM (MB)                  : 512

    Virt Type                      : kvm

    [root@test5 ~]# cp rhel-6.5-x86_64.ks /var/lib/cobbler/kickstarts/   #(上传kicakstart文件到指定目录)

    [root@test5 ~]# cobbler profile edit --name=rhel-6.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks

    [root@test5 ~]# cobbler profile report

    Kickstart                      :/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks

    [root@test5 ~]# cobbler sync

    vmware中创建虚拟机,网络选NAT,选择菜单“rhel-6.5-x86-64

    wKiom1h005yh3-BdAABj0gf6ehk325.jpg

    wKioL1h0063QrCVwAACBKeKFk6o349.jpg

    [root@test5 ~]# tail -f /var/log/messages   #(同时查看服务端日志)

    Jan 9 23:47:57 test5 dhclient[4810]: DHCPREQUEST on eth1 to 192.168.23.254port 67 (xid=0xfb33d58)

    Jan 9 23:47:57 test5 dhcpd: DHCPREQUEST for 192.168.23.133 from00:0c:29:33:68:04 via eth1: unknown lease 192.168.23.133.

    Jan 9 23:47:57 test5 dhclient[4810]: DHCPACK from 192.168.23.254(xid=0xfb33d58)

    Jan 9 23:47:57 test5 dhclient[4810]: bound to 192.168.23.133 -- renewal in727 seconds.

    Jan 9 23:47:57 test5 NetworkManager[1771]: <info> (eth1): DHCPv4 statechanged renew -> renew

    Jan 9 23:47:57 test5 NetworkManager[1771]: <info>   address 192.168.23.133

    Jan 9 23:47:57 test5 NetworkManager[1771]: <info>   prefix 24 (255.255.255.0)

    Jan 9 23:47:57 test5 NetworkManager[1771]: <info>   gateway 192.168.23.2

    Jan 9 23:47:57 test5 NetworkManager[1771]: <info>   nameserver '192.168.23.2'

    Jan 9 23:47:57 test5 NetworkManager[1771]: <info>   domain name 'localdomain'

    查看导入源库列表:

    [root@test5 ~]# cobbler distro list  

      rhel-6.5-x86_64

    [root@test5 ~]# cobbler profile list

      rhel-6.5-x86_64

    [root@test5 ~]# cobbler profile report   #(具体细节)

    ……

    [root@test5 ~]# ls /etc/cobbler   #(配置文件目录)

    auth.conf       dnsmasq.template        mongodb.conf    rsync.exclude       users.conf

    cheetah_macros  import_rsync_whitelist  named.template  rsync.template      users.digest

    cobbler_bash    iso                     power           secondary.template  version

    completions     ldap                    pxe             settings            zone.template

    dhcp.template   modules.conf            reporting       tftpd.template      zone_templates

    [root@test5 ~]# ls /var/lib/cobbler/   #(数据目录)

    config distro_signatures.json kickstarts  loaders  lock scripts  snippets  triggers web.ss  webui_sessions

    [root@test5 ~]# ls /var/www/cobbler   #(系统安装镜像目录)

    aux  p_w_picpaths ks_mirror  links  localmirror pub  rendered  repo_mirror svc

    [root@test5 ~]# ls /var/log/cobbler/   #(日志目录

    anamon cobbler.log  kicklog  syslog tasks

    http://192.168.23.133/cobbler_web

    wKiom1h01yPQcZCuAABR0JCq7EQ925.jpg

    cobbler/cobbler

    [root@test5 ~]# vim /etc/cobbler/users.digest   #(账号密码位置)

    cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3

    [root@test5 ~]# vim /etc/cobbler/modules.conf   #(认证方式,authn_configfile-- use /etc/cobbler/users.digest (for basic setups)

    [authentication]

    module = authn_configfile

    wKioL1h010iAooBzAACF2q6BCwQ222.jpg

    附:

    [root@test5 ~]# vim /var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks

    --------------------------file-start-----------------------

    key --skip

    lang en_US

    keyboard us

    timezone Asia/Shanghai

    rootpw --iscrypted $default_password_crypted

    text

    install

    url --url=$tree

    bootloader --location=mbr

    zerombr yes

    clearpart --all --initlabel

    part /boot --fstype ext4 --size 1024 --ondisk sda

    part swap --size 2048 --ondisk sda

    part / --fstype ext4 --size 1 --grow --ondisk sda

    auth --useshadow --enablemd5

    network --bootproto=dhcp --device=eth0 --onboot=on

    reboot

    firewall --disabled

    selinux --disabled

    skipx

    %packages

    @ base

    @ chinese-support

    @ core

    sysstat

    iptraf

    ntp

    e2fsprogs-devel

    keyutils-libs-devel

    krb5-devel

    libselinux-devel

    libsepol-devel

    lrzsz

    ncurses-devel

    openssl-devel

    zlib-devel

    OpenIPMI-tools

    zlib-devel

    mysql

    lockdev

    minicom

    nmap

    %post

    #/bin/sed -i 's/#Protocol 2,1/Protocol 2/'/etc/ssh/sshd_config

    #/bin/sed -i's/^ca::ctrlaltdel:/#ca::ctrlaltdel:/' /etc/inittab

    /sbin/chkconfig --level 3 diskdump off

    /sbin/chkconfig --level 3 dc_server off

    /sbin/chkconfig --level 3 nscd off

    /sbin/chkconfig --level 3 netfs off

    /sbin/chkconfig --level 3 psacct off

    /sbin/chkconfig --level 3 mdmpd off

    /sbin/chkconfig --level 3 netdump off

    /sbin/chkconfig --level 3 readahead off

    /sbin/chkconfig --level 3 wpa_supplicant off

    /sbin/chkconfig --level 3 mdmonitor off

    /sbin/chkconfig --level 3 microcode_ctl off

    /sbin/chkconfig --level 3 xfs off

    /sbin/chkconfig --level 3 lvm2-monitor off

    /sbin/chkconfig --level 3 iptables off

    /sbin/chkconfig --level 3 nfs off

    /sbin/chkconfig --level 3 ipmi off

    /sbin/chkconfig --level 3 autofs off

    /sbin/chkconfig --level 3 iiim off

    /sbin/chkconfig --level 3 cups off

    /sbin/chkconfig --level 3 openibd off

    /sbin/chkconfig --level 3 saslauthd off

    /sbin/chkconfig --level 3 ypbind off

    /sbin/chkconfig --level 3 auditd off

    /sbin/chkconfig --level 3 rdisc off

    /sbin/chkconfig --level 3 tog-pegasus off

    /sbin/chkconfig --level 3 rpcgssd off

    /sbin/chkconfig --level 3 kudzu off

    /sbin/chkconfig --level 3 gpm off

    /sbin/chkconfig --level 3 arptables_js off

    /sbin/chkconfig --level 3 dc_client off

    /sbin/chkconfig --level 3 lm_sensors off

    /sbin/chkconfig --level 3 apmd off

    /sbin/chkconfig --level 3 sysstat off

    /sbin/chkconfig --level 3 cpuspeed off

    /sbin/chkconfig --level 3 rpcidmapd off

    /sbin/chkconfig --level 3 rawdevices off

    /sbin/chkconfig --level 3 rhnsd off

    /sbin/chkconfig --level 3 nfslock off

    /sbin/chkconfig --level 3 winbind off

    /sbin/chkconfig --level 3 bluetooth off

    /sbin/chkconfig --level 3 isdn off

    /sbin/chkconfig --level 3 portmap off

    /sbin/chkconfig --level 3 anacron off

    /sbin/chkconfig --level 3 irda off

    /sbin/chkconfig --level 3 NetworkManager off

    /sbin/chkconfig --level 3 acpid off

    /sbin/chkconfig --level 3 pcmcia off

    /sbin/chkconfig --level 3 atd off

    /sbin/chkconfig --level 3 sendmail off

    /sbin/chkconfig --level 3 haldaemon off

    /sbin/chkconfig --level 3 smartd off

    /sbin/chkconfig --level 3 xinetd off

    /sbin/chkconfig --level 3 netplugd off

    /sbin/chkconfig --level 3 readahead_early off

    /sbin/chkconfig --level 3 avahi-daemon off

    /sbin/chkconfig --level 3 ip6tables off

    /sbin/chkconfig --level 3 restorecond off

    /sbin/chkconfig --level 3 postfix off

    /sbin/chkconfig --level 3 ntpd on

    ## Remove some unneeded services 

    ##-------------------------------------------------------------------------------- 

    #cat << EOF

    #+--------------------------------------------------------------+ 

    #| === Welcome to Tunoff services ===| 

    #+--------------------------------------------------------------+ 

    #EOF 

    ##--------------------------------------------------------------------------------- 

    #for i in `ls /etc/rc3.d/S*` 

    #do 

    #   CURSRV=`echo $i|cut -c 15-` 

    #echo $CURSRV 

    #case $CURSRV in 

    #       crond | irqbalance | microcode_ctl | network | random | sshd | syslog |local ) 

    #   echo "Base services, Skip!" 

    #   ;; 

    #   *) 

    #       echo "change $CURSRV to off" 

    #       chkconfig --level 235 $CURSRV off 

    #       service $CURSRV stop 

    #   ;; 

    #esac 

    #done 

    # file descriptors 

    ulimit -HSn 65535 

    echo -ne " 

    * soft nofile 65536 

    * hard nofile 65536 

    " >> /etc/security/limits.conf 

    #set sysctl 

    true > /etc/sysctl.conf 

    cat >> /etc/sysctl.conf << EOF

    net.ipv4.ip_forward = 0

    net.ipv4.conf.default.rp_filter = 1

    net.ipv4.conf.default.accept_source_route =0

    kernel.sysrq = 0

    kernel.core_uses_pid = 1

    net.ipv4.tcp_syncookies = 1

    kernel.msgmnb = 65536

    kernel.msgmax = 65536

    kernel.shmmax = 68719476736

    kernel.shmall = 4294967296

    net.ipv4.tcp_max_tw_buckets = 6000

    net.ipv4.tcp_sack = 1

    net.ipv4.tcp_window_scaling = 1

    net.ipv4.tcp_rmem = 4096 87380 4194304 

    net.ipv4.tcp_wmem = 4096 16384 4194304 

    net.core.wmem_default = 8388608

    net.core.rmem_default = 8388608

    net.core.rmem_max = 16777216

    net.core.wmem_max = 16777216

    net.core.netdev_max_backlog = 262144

    net.core.somaxconn = 262144

    net.ipv4.tcp_max_orphans = 3276800

    net.ipv4.tcp_max_syn_backlog = 262144

    net.ipv4.tcp_timestamps = 0

    net.ipv4.tcp_synack_retries = 1

    net.ipv4.tcp_syn_retries = 1

    net.ipv4.tcp_tw_recycle = 1

    net.ipv4.tcp_tw_reuse = 1

    net.ipv4.tcp_mem = 94500000 915000000927000000 

    net.ipv4.tcp_fin_timeout = 1

    net.ipv4.tcp_keepalive_time = 1200

    net.ipv4.ip_local_port_range = 102465535 

    EOF 

    /sbin/sysctl -p 

    #close ctrl+alt+del 

    #sed -i "s/ca::ctrlaltdel:/sbin/shutdown -t3 -rnow/#ca::ctrlaltdel:/sbin/shutdown -t3 -r now/" /etc/inittab 

    #set purview  

    chmod 600 /etc/passwd 

    chmod 600 /etc/shadow 

    chmod 600 /etc/group 

    chmod 600 /etc/gshadow

    -------------------------file-end---------------------

  • 相关阅读:
    maven打包时出现 Failed to execute goal org.apache.maven.plugins:maven-install-plugin:2.4:install (default-install) on project……
    maven+springmvc出现:java.sql.SQLException: Unknown system variable 'query_cache_size'
    IDEA复制某个类的包名路径
    IDEA中更改Tomcat服务器的URL
    IDEA去除自动检测bean是否存在
    ASM ClassReader failed to parse class file
    The content of element type "web-app" must match "(icon?,display-name?,description?,distributable?,context-param*,filter*,filter-mapping*,listener*,servlet*,servlet- mapping*,session-config?,mime-map
    Could not open ServletContext resource [/WEB-INF/xxx-servlet.xml]
    Eclipse+maven 构建第一个简单的springmvc项目
    Eclispe中编辑xml配置文件时不会提示也不能自动调整格式
  • 原文地址:https://www.cnblogs.com/wuhg/p/10419413.html
Copyright © 2020-2023  润新知