一、
Cobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many associated Linux tasks so you do not have to hop between many various commands and applications when deploying new systems, and, in some cases, changing existing ones. Cobbler can help with provisioning, managing DNS and DHCP, package updates, power management, configuration management or chestration, and much more.
百科:
网络安装服务器套件Cobbler补鞋匠,从前我们一直在做装机民工这份很有前途的职业,自打若干年前RedHat推出了Kickstart,此后我们顿觉身价倍增,不再需要刻了光盘一台一台地安装Linux,只要搞定PXE、DHCP、TFTP,还有那满屏眼花缭乱不知所云的Kickstart 脚本,我们就可以像哈里波特一样,轻点魔棒,瞬间安装上百台服务器,这一堆花里胡哨的东西可不是一般人都能整明白的,没有大专以上学历,通不过英语四级,根本别想玩转,总而言之,这是一份多么有前途,多么有技术含量的工作啊,很不幸,RedHat最新Cobbler项目最初在2008年左右发布了网络安装服务器套件Cobbler,它已将Linux网络安装的技术门槛,从大专以上文化水平,成功降低到初中以下,连补鞋匠都能学会,对于我们这些在装机领域浸淫多年,经验丰富,老骥伏枥,志在千里的民工兄弟们来说,不啻为一个晴天霹雳;
使用Cobbler,无需进行人工干预即可安装机器,Cobbler设置一个PXE引导环境(它还可使用yaboot支持PowerPC),并控制与安装相关的所有方面,比如网络引导服务(DHCP 和 TFTP)与存储库镜像,当希望安装一台新机器时,Cobbler 可以:
使用一个以前定义的模板来配置DHCP 服务(如果启用了管理 DHCP);
将一个存储库(yum或rsync)建立镜像或解压缩一个媒介,以注册一个新操作系统;
在DHCP配置文件中为需要安装的机器创建一个条目,并使用您指定的参数(IP和MAC地址);
在TFTFP服务目录下创建适当的PXE文件;
重新启动DHCP服务以反映更改;
重新启动机器以开始安装(如果电源管理已启用);
Cobbler支持众多的发行版:RedHat、Fedora、CentOS、Debian、Ubuntu和SuSE,当添加一个操作系统(通常通过使用ISO 文件)时,Cobbler 知道如何解压缩合适的文件并调整网络服务,以正确引导机器;Cobbler使用命令行方式管理,也提供了基于Web的图形化配置管理工具(cobbler-web);通过配置cobbler自动部署DHCP、TFTP、HTTP,在安装过程中加载kiskstart无人值守安装应答文件实现无人值守,从客户端使用PXE引导启动安装;
注:
cobbler依赖kickstart+tftp+dhcp+pxe;
二、
[root@test5 ~]# yum -y install httpd dhcp tftp cobbler cobbler-web
……
Installed:
cobbler.x86_64 0:2.6.11-1.el6 cobbler-web.noarch 0:2.6.11-1.el6 dhcp.x86_64 12:4.1.1-51.P1.el6.centos
tftp.x86_64 0:0.49-8.el6
Dependency Installed:
Django14.noarch 0:1.4.21-1.el6 PyYAML.x86_640:3.10-3.1.el6
createrepo.noarch 0:0.9.9-24.el6 deltarpm.x86_640:3.5-0.5.20090913git.el6
libyaml.x86_64 0:0.1.3-4.el6_6 mod_ssl.x86_641:2.2.15-55.el6.centos.2
mod_wsgi.x86_640:3.2-7.el6 python-cheetah.x86_64 0:2.4.1-1.el6
python-deltarpm.x86_64 0:3.5-0.5.20090913git.el6 python-markdown.noarch0:2.0.1-3.1.el6
python-netaddr.noarch 0:0.7.5-4.el6 python-pygments.noarch0:1.1.1-1.el6
python-setuptools.noarch 0:0.6.10-3.el6 syslinux.x86_640:4.04-3.el6
syslinux-nonlinux.noarch 0:4.04-3.el6 tftp-server.x86_640:0.49-8.el6
xinetd.x86_64 2:2.3.14-40.el6
Updated:
httpd.x86_64 0:2.2.15-55.el6.centos.2
Dependency Updated:
dhclient.x86_6412:4.1.1-51.P1.el6.centos dhcp-common.x86_64 12:4.1.1-51.P1.el6.centos
httpd-tools.x86_64 0:2.2.15-55.el6.centos.2
Complete!
[root@test5 ~]# /etc/init.d/httpd start
Starting httpd:
[root@test5 ~]# /etc/init.d/cobblerd start
Starting cobbler daemon: [ OK ]
[root@test5 ~]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliablydetermine the server's fully qualified domain name, using 192.168.23.133 forServerName
[ OK ]
[root@test5 ~]# /etc/init.d/cobblerd restart
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: [ OK ]
[root@test5 ~]# cobbler check #(按步骤一步步修改配置文件)
The following are potential configurationitems that you may want to fix:
1 : The 'server' field in/etc/cobbler/settings must be set to something other than localhost, orkickstarting features will not work. This should be a resolvable hostname or IP for the boot server asreachable by all machines that will use it.
2 : For PXE to be functional, the'next_server' field in /etc/cobbler/settings must be set to something otherthan 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review thefollowing wiki page for details on ensuring cobbler works correctly in yourSELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : change 'disable' to 'no' in/etc/xinetd.d/tftp
5 : some network boot-loaders are missingfrom /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to downloadthem, or, if you only want to handle x86/x86_64 netbooting, you may ensure thatyou have installed a *recent* version of the syslinux package installed and canignore this message entirely. Files inthis directory, should you want to support all architectures, should includepxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' commandis the easiest way to resolve these requirements.
6 : change 'disable' to 'no' in/etc/xinetd.d/rsync
7 : file /etc/xinetd.d/rsync does not exist
8 : debmirror package is not installed, itwill be required to manage debian deployments and repositories
9 : ksvalidator was not found, installpykickstart
10 : The default password used by thesample templates for newly installed machines (default_password_crypted in/etc/cobbler/settings) is still set to 'cobbler' and should be changed, try:"openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'"to generate new one
11 : fencing tools were not found, and arerequired to use the (optional) power management features. install cman orfence-agents to use them
Restart cobblerd and then run 'cobblersync' to apply changes.
[root@test5 ~]# openssl passwd -1 -salt 'chaizaowen' 'jowin'
$1$chaizaow$oW7YjOr26CHFrkXsTrJXL1
[root@test5 ~]# vim /etc/cobbler/settings
server: 192.168.23.133
next_server: 192.168.23.133
default_password_crypted: "$1$chaizaow$oW7YjOr26CHFrkXsTrJXL1"
manage_dhcp: 1
manage_tftpd: 1
manage_rsync: 1
[root@test5 ~]# getenforce
Permissive
[root@test5 ~]# /etc/init.d/iptables stop
[root@test5 ~]# vim /etc/xinetd.d/tftp
disable = no
[root@test5 ~]# cobbler get-loaders
task started: 2017-01-09_190743_get_loaders
task started (id=Download BootloaderContent, time=Mon Jan 9 19:07:43 2017)
downloadinghttp://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloadinghttp://cobbler.github.io/loaders/COPYING.elilo to/var/lib/cobbler/loaders/COPYING.elilo
downloadinghttp://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloadinghttp://cobbler.github.io/loaders/COPYING.syslinux to/var/lib/cobbler/loaders/COPYING.syslinux
downloadinghttp://cobbler.github.io/loaders/elilo-3.8-ia64.efi to/var/lib/cobbler/loaders/elilo-ia64.efi
downloadinghttp://cobbler.github.io/loaders/yaboot-1.3.17 to/var/lib/cobbler/loaders/yaboot
downloadinghttp://cobbler.github.io/loaders/pxelinux.0-3.86 to/var/lib/cobbler/loaders/pxelinux.0
downloadinghttp://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloadinghttp://cobbler.github.io/loaders/grub-0.97-x86.efi to/var/lib/cobbler/loaders/grub-x86.efi
downloadinghttp://cobbler.github.io/loaders/grub-0.97-x86_64.efi to/var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@test5 ~]# vim /etc/xinetd.d/rsync
disable = no
[root@test5 ~]# yum -y install pykickstart
……
Installed:
pykickstart.noarch 0:1.74.20-1.el6
Complete!
[root@test5 ~]# vim /etc/cobbler/dhcp.template #(cobbler接管dhcp,改/etc/cobbler/dhcp.template,不能直接改/etc/dhcp/dhcpd.conf)
……
#subnet 192.168.1.0 netmask 255.255.255.0 {
subnet 192.168.23.0 netmask 255.255.255.0 {
#option routers 192.168.1.5;
option routers 192.168.23.2;
#option domain-name-servers 192.168.1.1;
option domain-name-servers 192.168.23.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.23.150 192.168.23.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) ="PXEClient";
if option pxe-system-type = 00:02 {
filename"ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename"grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename"pxelinux.0";
}
}
}
……
[root@test5 ~]# /etc/init.d/xinetd restart
Stopping xinetd: [FAILED]
Starting xinetd: [ OK ]
[root@test5 ~]# /etc/init.d/cobblerd restart
Stopping cobbler daemon: [ OK ]
Starting cobbler daemon: [ OK ]
[root@test5 ~]# cobbler sync
task started: 2017-01-09_213440_sync
task started (id=Sync, time=Mon Jan 9 21:34:40 2017)
running pre-sync triggers
cleaning trees
removing:/var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/p_w_picpaths
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing:/var/lib/tftpboot/grub/grub-x86.efi
removing:/var/lib/tftpboot/s390x/profile_list
copying bootloaders
copying:/var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/menu.c32-> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/yaboot-> /var/lib/tftpboot/yaboot
copying: /usr/share/syslinux/memdisk ->/var/lib/tftpboot/memdisk
copying:/var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying:/var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
copying distros to tftpboot
copying p_w_picpaths
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
rendering Rsync files
running post-sync triggers
running python triggers from/var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout: Shutting down dhcpd:[ OK ]
Starting dhcpd: [ OK ]
received on stderr:
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from/var/lib/cobbler/triggers/change/*
running python triggercobbler.modules.scm_track
running shell triggers from/var/lib/cobbler/triggers/change/*
*** TASK COMPLETE ***
[root@test5 ~]# cobbler check
The following are potential configurationitems that you may want to fix:
1 : SELinux is enabled. Please review thefollowing wiki page for details on ensuring cobbler works correctly in yourSELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
2 : file /etc/xinetd.d/rsync does not exist
3 : debmirror package is not installed, itwill be required to manage debian deployments and repositories
4 : fencing tools were not found, and arerequired to use the (optional) power management features. install cman orfence-agents to use them
Restart cobblerd and then run 'cobblersync' to apply changes.
在vmware中配置cdrom
[root@test5 ~]# mount /dev/cdrom /mnt
mount: block device /dev/sr0 iswrite-protected, mounting read-only
[root@test5 ~]# cobbler import --path=/mnt --name rhel-6.5-x86_64 --arch=x86_64
task started: 2017-01-09_214622_import
task started (id=Media import, time=MonJan 9 21:46:22 2017)
Found a candidate signature: breed=redhat,version=rhel6
Found a matching signature: breed=redhat,version=rhel6
Adding distros from path/var/www/cobbler/ks_mirror/rhel-6.5-x86_64:
creating new distro: rhel-6.5-x86_64
trying symlink:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64 ->/var/www/cobbler/links/rhel-6.5-x86_64
creating new profile: rhel-6.5-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into/var/www/cobbler/ks_mirror/rhel-6.5-x86_64 for rhel-6.5-x86_64
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/repodata
processing repo at : /var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem
looking for /var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server/repodata
*** TASK COMPLETE ***
注:可将精简的系统做成iso镜像文件
#mount -o loop /data/rhel-server-6.5-x86_64.iso /mnt/iso
#cobbler import --mirror=/mnt/iso --name=rhel-server-6.5-x86_64
[root@test5 ~]# cobbler profile report
Name : rhel-6.5-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : rhel-6.5-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart :/var/lib/cobbler/kickstarts/sample_end.ks
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
[root@test5 ~]# cp rhel-6.5-x86_64.ks /var/lib/cobbler/kickstarts/ #(上传kicakstart文件到指定目录)
[root@test5 ~]# cobbler profile edit --name=rhel-6.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks
[root@test5 ~]# cobbler profile report
Kickstart :/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks
[root@test5 ~]# cobbler sync
在vmware中创建虚拟机,网络选NAT,选择菜单“rhel-6.5-x86-64”
[root@test5 ~]# tail -f /var/log/messages #(同时查看服务端日志)
Jan 9 23:47:57 test5 dhclient[4810]: DHCPREQUEST on eth1 to 192.168.23.254port 67 (xid=0xfb33d58)
Jan 9 23:47:57 test5 dhcpd: DHCPREQUEST for 192.168.23.133 from00:0c:29:33:68:04 via eth1: unknown lease 192.168.23.133.
Jan 9 23:47:57 test5 dhclient[4810]: DHCPACK from 192.168.23.254(xid=0xfb33d58)
Jan 9 23:47:57 test5 dhclient[4810]: bound to 192.168.23.133 -- renewal in727 seconds.
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> (eth1): DHCPv4 statechanged renew -> renew
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> address 192.168.23.133
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> prefix 24 (255.255.255.0)
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> gateway 192.168.23.2
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> nameserver '192.168.23.2'
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> domain name 'localdomain'
查看导入源库列表:
[root@test5 ~]# cobbler distro list
rhel-6.5-x86_64
[root@test5 ~]# cobbler profile list
rhel-6.5-x86_64
[root@test5 ~]# cobbler profile report #(具体细节)
……
[root@test5 ~]# ls /etc/cobbler #(配置文件目录)
auth.conf dnsmasq.template mongodb.conf rsync.exclude users.conf
cheetah_macros import_rsync_whitelist named.template rsync.template users.digest
cobbler_bash iso power secondary.template version
completions ldap pxe settings zone.template
dhcp.template modules.conf reporting tftpd.template zone_templates
[root@test5 ~]# ls /var/lib/cobbler/ #(数据目录)
config distro_signatures.json kickstarts loaders lock scripts snippets triggers web.ss webui_sessions
[root@test5 ~]# ls /var/www/cobbler #(系统安装镜像目录)
aux p_w_picpaths ks_mirror links localmirror pub rendered repo_mirror svc
[root@test5 ~]# ls /var/log/cobbler/ #(日志目录
anamon cobbler.log kicklog syslog tasks
http://192.168.23.133/cobbler_web
cobbler/cobbler
[root@test5 ~]# vim /etc/cobbler/users.digest #(账号密码位置)
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3
[root@test5 ~]# vim /etc/cobbler/modules.conf #(认证方式,authn_configfile-- use /etc/cobbler/users.digest (for basic setups))
[authentication]
module = authn_configfile
附:
[root@test5 ~]# vim /var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks
--------------------------file-start-----------------------
key --skip
lang en_US
keyboard us
timezone Asia/Shanghai
rootpw --iscrypted $default_password_crypted
text
install
url --url=$tree
bootloader --location=mbr
zerombr yes
clearpart --all --initlabel
part /boot --fstype ext4 --size 1024 --ondisk sda
part swap --size 2048 --ondisk sda
part / --fstype ext4 --size 1 --grow --ondisk sda
auth --useshadow --enablemd5
network --bootproto=dhcp --device=eth0 --onboot=on
reboot
firewall --disabled
selinux --disabled
skipx
%packages
@ base
@ chinese-support
@ core
sysstat
iptraf
ntp
e2fsprogs-devel
keyutils-libs-devel
krb5-devel
libselinux-devel
libsepol-devel
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
zlib-devel
mysql
lockdev
minicom
nmap
%post
#/bin/sed -i 's/#Protocol 2,1/Protocol 2/'/etc/ssh/sshd_config
#/bin/sed -i's/^ca::ctrlaltdel:/#ca::ctrlaltdel:/' /etc/inittab
/sbin/chkconfig --level 3 diskdump off
/sbin/chkconfig --level 3 dc_server off
/sbin/chkconfig --level 3 nscd off
/sbin/chkconfig --level 3 netfs off
/sbin/chkconfig --level 3 psacct off
/sbin/chkconfig --level 3 mdmpd off
/sbin/chkconfig --level 3 netdump off
/sbin/chkconfig --level 3 readahead off
/sbin/chkconfig --level 3 wpa_supplicant off
/sbin/chkconfig --level 3 mdmonitor off
/sbin/chkconfig --level 3 microcode_ctl off
/sbin/chkconfig --level 3 xfs off
/sbin/chkconfig --level 3 lvm2-monitor off
/sbin/chkconfig --level 3 iptables off
/sbin/chkconfig --level 3 nfs off
/sbin/chkconfig --level 3 ipmi off
/sbin/chkconfig --level 3 autofs off
/sbin/chkconfig --level 3 iiim off
/sbin/chkconfig --level 3 cups off
/sbin/chkconfig --level 3 openibd off
/sbin/chkconfig --level 3 saslauthd off
/sbin/chkconfig --level 3 ypbind off
/sbin/chkconfig --level 3 auditd off
/sbin/chkconfig --level 3 rdisc off
/sbin/chkconfig --level 3 tog-pegasus off
/sbin/chkconfig --level 3 rpcgssd off
/sbin/chkconfig --level 3 kudzu off
/sbin/chkconfig --level 3 gpm off
/sbin/chkconfig --level 3 arptables_js off
/sbin/chkconfig --level 3 dc_client off
/sbin/chkconfig --level 3 lm_sensors off
/sbin/chkconfig --level 3 apmd off
/sbin/chkconfig --level 3 sysstat off
/sbin/chkconfig --level 3 cpuspeed off
/sbin/chkconfig --level 3 rpcidmapd off
/sbin/chkconfig --level 3 rawdevices off
/sbin/chkconfig --level 3 rhnsd off
/sbin/chkconfig --level 3 nfslock off
/sbin/chkconfig --level 3 winbind off
/sbin/chkconfig --level 3 bluetooth off
/sbin/chkconfig --level 3 isdn off
/sbin/chkconfig --level 3 portmap off
/sbin/chkconfig --level 3 anacron off
/sbin/chkconfig --level 3 irda off
/sbin/chkconfig --level 3 NetworkManager off
/sbin/chkconfig --level 3 acpid off
/sbin/chkconfig --level 3 pcmcia off
/sbin/chkconfig --level 3 atd off
/sbin/chkconfig --level 3 sendmail off
/sbin/chkconfig --level 3 haldaemon off
/sbin/chkconfig --level 3 smartd off
/sbin/chkconfig --level 3 xinetd off
/sbin/chkconfig --level 3 netplugd off
/sbin/chkconfig --level 3 readahead_early off
/sbin/chkconfig --level 3 avahi-daemon off
/sbin/chkconfig --level 3 ip6tables off
/sbin/chkconfig --level 3 restorecond off
/sbin/chkconfig --level 3 postfix off
/sbin/chkconfig --level 3 ntpd on
## Remove some unneeded services
##--------------------------------------------------------------------------------
#cat << EOF
#+--------------------------------------------------------------+
#| === Welcome to Tunoff services ===|
#+--------------------------------------------------------------+
#EOF
##---------------------------------------------------------------------------------
#for i in `ls /etc/rc3.d/S*`
#do
# CURSRV=`echo $i|cut -c 15-`
#echo $CURSRV
#case $CURSRV in
# crond | irqbalance | microcode_ctl | network | random | sshd | syslog |local )
# echo "Base services, Skip!"
# ;;
# *)
# echo "change $CURSRV to off"
# chkconfig --level 235 $CURSRV off
# service $CURSRV stop
# ;;
#esac
#done
# file descriptors
ulimit -HSn 65535
echo -ne "
* soft nofile 65536
* hard nofile 65536
" >> /etc/security/limits.conf
#set sysctl
true > /etc/sysctl.conf
cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route =0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 102465535
EOF
/sbin/sysctl -p
#close ctrl+alt+del
#sed -i "s/ca::ctrlaltdel:/sbin/shutdown -t3 -rnow/#ca::ctrlaltdel:/sbin/shutdown -t3 -r now/" /etc/inittab
#set purview
chmod 600 /etc/passwd
chmod 600 /etc/shadow
chmod 600 /etc/group
chmod 600 /etc/gshadow
-------------------------file-end---------------------