一、
<a href="http://cobbler.github.io/" target="_blank">http://cobbler.github.io/</a>
Cobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many associated Linux tasks so you do not have to hop between many various commands and applications when deploying new systems, and, in some cases, changing existing ones. Cobbler can help with provisioning, managing DNS and DHCP, package updates, power management, configuration management or chestration, and much more.
百科:
網絡安裝伺服器套件Cobbler補鞋匠,從前我們一直在做裝機民工這份很有前途的職業,自打若幹年前RedHat推出了Kickstart,此後我們頓覺身價倍增,不再需要刻了CD光牒一台一台地安裝Linux,隻要搞定PXE、DHCP、TFTP,還有那滿屏眼花缭亂不知所雲的Kickstart 腳本,我們就可以像哈裡波特一樣,輕點魔棒,瞬間安裝上百台伺服器,這一堆花裡胡哨的東西可不是一般人都能整明白的,沒有大專以上學曆,通不過英語四級,根本别想玩轉,總而言之,這是一份多麼有前途,多麼有技術含量的工作啊,很不幸,RedHat最新Cobbler項目最初在2008年左右釋出了網絡安裝伺服器套件Cobbler,它已将Linux網絡安裝的技術門檻,從大專以上文化水準,成功降低到國中以下,連補鞋匠都能學會,對于我們這些在裝機領域浸淫多年,經驗豐富,老骥伏枥,志在千裡的民工兄弟們來說,不啻為一個晴天霹靂;
使用Cobbler,無需進行人工幹預即可安裝機器,Cobbler設定一個PXE引導環境(它還可使用yaboot支援PowerPC),并控制與安裝相關的所有方面,比如網絡引導服務(DHCP 和 TFTP)與存儲庫鏡像,當希望安裝一台新機器時,Cobbler 可以:
使用一個以前定義的模闆來配置DHCP 服務(如果啟用了管理 DHCP);
将一個存儲庫(yum或rsync)建立鏡像或解壓縮一個媒介,以注冊一個新作業系統;
在DHCP配置檔案中為需要安裝的機器建立一個條目,并使用您指定的參數(IP和MAC位址);
在TFTFP服務目錄下建立适當的PXE檔案;
重新啟動DHCP服務以反映更改;
重新啟動機器以開始安裝(如果電源管理已啟用);
Cobbler支援衆多的發行版:RedHat、Fedora、CentOS、Debian、Ubuntu和SuSE,當添加一個作業系統(通常通過使用ISO 檔案)時,Cobbler 知道如何解壓縮合适的檔案并調整網絡服務,以正确引導機器;Cobbler使用指令行方式管理,也提供了基于Web的圖形化配置管理工具(cobbler-web);通過配置cobbler自動部署DHCP、TFTP、HTTP,在安裝過程中加載kiskstart無人值守安裝應答檔案實作無人值守,從用戶端使用PXE引導啟動安裝;
注:
cobbler依賴kickstart+tftp+dhcp+pxe;
二、
[root@test5 ~]# yum -y install httpd dhcp tftp cobbler cobbler-web
……
Installed:
cobbler.x86_64 0:2.6.11-1.el6 cobbler-web.noarch 0:2.6.11-1.el6 dhcp.x86_64 12:4.1.1-51.P1.el6.centos
tftp.x86_64 0:0.49-8.el6
Dependency Installed:
Django14.noarch 0:1.4.21-1.el6 PyYAML.x86_640:3.10-3.1.el6
createrepo.noarch 0:0.9.9-24.el6 deltarpm.x86_640:3.5-0.5.20090913git.el6
libyaml.x86_64 0:0.1.3-4.el6_6 mod_ssl.x86_641:2.2.15-55.el6.centos.2
mod_wsgi.x86_640:3.2-7.el6 python-cheetah.x86_64 0:2.4.1-1.el6
python-deltarpm.x86_64 0:3.5-0.5.20090913git.el6 python-markdown.noarch0:2.0.1-3.1.el6
python-netaddr.noarch 0:0.7.5-4.el6 python-pygments.noarch0:1.1.1-1.el6
python-setuptools.noarch 0:0.6.10-3.el6 syslinux.x86_640:4.04-3.el6
syslinux-nonlinux.noarch 0:4.04-3.el6 tftp-server.x86_640:0.49-8.el6
xinetd.x86_64 2:2.3.14-40.el6
Updated:
httpd.x86_64 0:2.2.15-55.el6.centos.2
Dependency Updated:
dhclient.x86_6412:4.1.1-51.P1.el6.centos dhcp-common.x86_64 12:4.1.1-51.P1.el6.centos
httpd-tools.x86_64 0:2.2.15-55.el6.centos.2
Complete!
[root@test5 ~]# /etc/init.d/httpd start
Starting httpd:
[root@test5 ~]# /etc/init.d/cobblerd start
Starting cobbler daemon: [ OK ]
[root@test5 ~]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliablydetermine the server's fully qualified domain name, using 192.168.23.133 forServerName
[ OK ]
[root@test5 ~]# /etc/init.d/cobblerd restart
Stopping cobbler daemon: [ OK ]
[root@test5 ~]# cobbler check #(按步驟一步步修改配置檔案)
The following are potential configurationitems that you may want to fix:
1 : The 'server' field in/etc/cobbler/settings must be set to something other than localhost, orkickstarting features will not work. This should be a resolvable hostname or IP for the boot server asreachable by all machines that will use it.
2 : For PXE to be functional, the'next_server' field in /etc/cobbler/settings must be set to something otherthan 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review thefollowing wiki page for details on ensuring cobbler works correctly in yourSELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : change 'disable' to 'no' in/etc/xinetd.d/tftp
5 : some network boot-loaders are missingfrom /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to downloadthem, or, if you only want to handle x86/x86_64 netbooting, you may ensure thatyou have installed a *recent* version of the syslinux package installed and canignore this message entirely. Files inthis directory, should you want to support all architectures, should includepxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' commandis the easiest way to resolve these requirements.
6 : change 'disable' to 'no' in/etc/xinetd.d/rsync
7 : file /etc/xinetd.d/rsync does not exist
8 : debmirror package is not installed, itwill be required to manage debian deployments and repositories
9 : ksvalidator was not found, installpykickstart
10 : The default password used by thesample templates for newly installed machines (default_password_crypted in/etc/cobbler/settings) is still set to 'cobbler' and should be changed, try:"openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'"to generate new one
11 : fencing tools were not found, and arerequired to use the (optional) power management features. install cman orfence-agents to use them
Restart cobblerd and then run 'cobblersync' to apply changes.
[root@test5 ~]# openssl passwd -1 -salt 'chaizaowen' 'jowin'
$1$chaizaow$oW7YjOr26CHFrkXsTrJXL1
[root@test5 ~]# vim /etc/cobbler/settings
server: 192.168.23.133
next_server: 192.168.23.133
default_password_crypted: "$1$chaizaow$oW7YjOr26CHFrkXsTrJXL1"
manage_dhcp: 1
manage_tftpd: 1
manage_rsync: 1
[root@test5 ~]# getenforce
Permissive
[root@test5 ~]# /etc/init.d/iptables stop
[root@test5 ~]# vim /etc/xinetd.d/tftp
disable = no
[root@test5 ~]# cobbler get-loaders
task started: 2017-01-09_190743_get_loaders
task started (id=Download BootloaderContent, time=Mon Jan 9 19:07:43 2017)
downloadinghttp://cobbler.github.io/loaders/README to /var/lib/cobbler/loaders/README
downloadinghttp://cobbler.github.io/loaders/COPYING.elilo to/var/lib/cobbler/loaders/COPYING.elilo
downloadinghttp://cobbler.github.io/loaders/COPYING.yaboot to /var/lib/cobbler/loaders/COPYING.yaboot
downloadinghttp://cobbler.github.io/loaders/COPYING.syslinux to/var/lib/cobbler/loaders/COPYING.syslinux
downloadinghttp://cobbler.github.io/loaders/elilo-3.8-ia64.efi to/var/lib/cobbler/loaders/elilo-ia64.efi
downloadinghttp://cobbler.github.io/loaders/yaboot-1.3.17 to/var/lib/cobbler/loaders/yaboot
downloadinghttp://cobbler.github.io/loaders/pxelinux.0-3.86 to/var/lib/cobbler/loaders/pxelinux.0
downloadinghttp://cobbler.github.io/loaders/menu.c32-3.86 to /var/lib/cobbler/loaders/menu.c32
downloadinghttp://cobbler.github.io/loaders/grub-0.97-x86.efi to/var/lib/cobbler/loaders/grub-x86.efi
downloadinghttp://cobbler.github.io/loaders/grub-0.97-x86_64.efi to/var/lib/cobbler/loaders/grub-x86_64.efi
*** TASK COMPLETE ***
[root@test5 ~]# vim /etc/xinetd.d/rsync
disable = no
[root@test5 ~]# yum -y install pykickstart
pykickstart.noarch 0:1.74.20-1.el6
[root@test5 ~]# vim /etc/cobbler/dhcp.template #(cobbler接管dhcp,改/etc/cobbler/dhcp.template,不能直接改/etc/dhcp/dhcpd.conf)
#subnet 192.168.1.0 netmask 255.255.255.0 {
subnet 192.168.23.0 netmask 255.255.255.0 {
#option routers 192.168.1.5;
option routers 192.168.23.2;
#option domain-name-servers 192.168.1.1;
option domain-name-servers 192.168.23.2;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.23.150 192.168.23.254;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) ="PXEClient";
if option pxe-system-type = 00:02 {
filename"ia64/elilo.efi";
} else if option pxe-system-type = 00:06 {
filename"grub/grub-x86.efi";
} else if option pxe-system-type = 00:07 {
filename "grub/grub-x86_64.efi";
} else {
filename"pxelinux.0";
}
}
}
[root@test5 ~]# /etc/init.d/xinetd restart
Stopping xinetd: [FAILED]
Starting xinetd: [ OK ]
[root@test5 ~]# cobbler sync
task started: 2017-01-09_213440_sync
task started (id=Sync, time=Mon Jan 9 21:34:40 2017)
running pre-sync triggers
cleaning trees
removing:/var/lib/tftpboot/pxelinux.cfg/default
removing: /var/lib/tftpboot/grub/images
removing: /var/lib/tftpboot/grub/efidefault
removing: /var/lib/tftpboot/grub/grub-x86_64.efi
removing:/var/lib/tftpboot/grub/grub-x86.efi
removing:/var/lib/tftpboot/s390x/profile_list
copying bootloaders
copying:/var/lib/cobbler/loaders/pxelinux.0 -> /var/lib/tftpboot/pxelinux.0
copying: /var/lib/cobbler/loaders/menu.c32-> /var/lib/tftpboot/menu.c32
copying: /var/lib/cobbler/loaders/yaboot-> /var/lib/tftpboot/yaboot
copying: /usr/share/syslinux/memdisk ->/var/lib/tftpboot/memdisk
copying:/var/lib/cobbler/loaders/grub-x86_64.efi -> /var/lib/tftpboot/grub/grub-x86_64.efi
copying:/var/lib/cobbler/loaders/grub-x86.efi -> /var/lib/tftpboot/grub/grub-x86.efi
copying distros to tftpboot
copying images
generating PXE configuration files
generating PXE menu structure
rendering DHCP files
generating /etc/dhcp/dhcpd.conf
rendering TFTPD files
generating /etc/xinetd.d/tftp
cleaning link caches
rendering Rsync files
running post-sync triggers
running python triggers from/var/lib/cobbler/triggers/sync/post/*
running python trigger cobbler.modules.sync_post_restart_services
running: dhcpd -t -q
received on stdout:
received on stderr:
running: service dhcpd restart
received on stdout: Shutting down dhcpd:[ OK ]
Starting dhcpd: [ OK ]
running shell triggers from /var/lib/cobbler/triggers/sync/post/*
running python triggers from/var/lib/cobbler/triggers/change/*
running python triggercobbler.modules.scm_track
running shell triggers from/var/lib/cobbler/triggers/change/*
[root@test5 ~]# cobbler check
1 : SELinux is enabled. Please review thefollowing wiki page for details on ensuring cobbler works correctly in yourSELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
2 : file /etc/xinetd.d/rsync does not exist
3 : debmirror package is not installed, itwill be required to manage debian deployments and repositories
4 : fencing tools were not found, and arerequired to use the (optional) power management features. install cman orfence-agents to use them
在vmware中配置cdrom
<a href="https://s4.51cto.com/wyfs02/M01/8C/B4/wKiom1h00xyjdNL-AAB7J-42cd4788.jpg" target="_blank"></a>
[root@test5 ~]# mount /dev/cdrom /mnt
mount: block device /dev/sr0 iswrite-protected, mounting read-only
[root@test5 ~]# cobbler import --path=/mnt --name rhel-6.5-x86_64 --arch=x86_64
task started: 2017-01-09_214622_import
task started (id=Media import, time=MonJan 9 21:46:22 2017)
Found a candidate signature: breed=redhat,version=rhel6
Found a matching signature: breed=redhat,version=rhel6
Adding distros from path/var/www/cobbler/ks_mirror/rhel-6.5-x86_64:
creating new distro: rhel-6.5-x86_64
trying symlink:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64 ->/var/www/cobbler/links/rhel-6.5-x86_64
creating new profile: rhel-6.5-x86_64
associating repos
checking for rsync repo(s)
checking for rhn repo(s)
checking for yum repo(s)
starting descent into/var/www/cobbler/ks_mirror/rhel-6.5-x86_64 for rhel-6.5-x86_64
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/repodata
processing repo at : /var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer/repodata/*comps*.xml
Keeping repodata as-is :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/LoadBalancer/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem
looking for /var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ScalableFileSystem/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/ResilientStorage/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/HighAvailability/repodata
processing repo at :/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server
need to process repo/comps:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server
looking for/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server/repodata/*comps*.xml
Keeping repodata as-is:/var/www/cobbler/ks_mirror/rhel-6.5-x86_64/Server/repodata
注:可将精簡的系統做成iso鏡像檔案
#mount -o loop /data/rhel-server-6.5-x86_64.iso /mnt/iso
#cobbler import --mirror=/mnt/iso --name=rhel-server-6.5-x86_64
[root@test5 ~]# cobbler profile report
Name : rhel-6.5-x86_64
TFTP Boot Files : {}
Comment :
DHCP Tag : default
Distribution : rhel-6.5-x86_64
Enable gPXE? : 0
Enable PXE Menu? : 1
Fetchable Files : {}
Kernel Options : {}
Kernel Options (Post Install) : {}
Kickstart :/var/lib/cobbler/kickstarts/sample_end.ks
Kickstart Metadata : {}
Management Classes : []
Management Parameters : <<inherit>>
Name Servers : []
Name Servers Search Path : []
Owners : ['admin']
Parent Profile :
Internal proxy :
Red Hat Management Key : <<inherit>>
Red Hat Management Server : <<inherit>>
Repos : []
Server Override : <<inherit>>
Template Files : {}
Virt Auto Boot : 1
Virt Bridge : xenbr0
Virt CPUs : 1
Virt Disk Driver Type : raw
Virt File Size(GB) : 5
Virt Path :
Virt RAM (MB) : 512
Virt Type : kvm
[root@test5 ~]# cp rhel-6.5-x86_64.ks /var/lib/cobbler/kickstarts/ #(上傳kicakstart檔案到指定目錄)
[root@test5 ~]# cobbler profile edit --name=rhel-6.5-x86_64 --kickstart=/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks
[root@test5 ~]# cobbler profile report
Kickstart :/var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks
[root@test5 ~]# cobbler sync
在vmware中建立虛拟機,網絡選NAT,選擇菜單“rhel-6.5-x86-64”
<a href="https://s3.51cto.com/wyfs02/M02/8C/B4/wKiom1h005yh3-BdAABj0gf6ehk325.jpg" target="_blank"></a>
<a href="https://s3.51cto.com/wyfs02/M02/8C/B1/wKioL1h0063QrCVwAACBKeKFk6o349.jpg" target="_blank"></a>
[root@test5 ~]# tail -f /var/log/messages #(同時檢視服務端日志)
Jan 9 23:47:57 test5 dhclient[4810]: DHCPREQUEST on eth1 to 192.168.23.254port 67 (xid=0xfb33d58)
Jan 9 23:47:57 test5 dhcpd: DHCPREQUEST for 192.168.23.133 from00:0c:29:33:68:04 via eth1: unknown lease 192.168.23.133.
Jan 9 23:47:57 test5 dhclient[4810]: DHCPACK from 192.168.23.254(xid=0xfb33d58)
Jan 9 23:47:57 test5 dhclient[4810]: bound to 192.168.23.133 -- renewal in727 seconds.
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> (eth1): DHCPv4 statechanged renew -> renew
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> address 192.168.23.133
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> prefix 24 (255.255.255.0)
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> gateway 192.168.23.2
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> nameserver '192.168.23.2'
Jan 9 23:47:57 test5 NetworkManager[1771]: <info> domain name 'localdomain'
檢視導入源庫清單:
[root@test5 ~]# cobbler distro list
rhel-6.5-x86_64
[root@test5 ~]# cobbler profile list
[root@test5 ~]# cobbler profile report #(具體細節)
[root@test5 ~]# ls /etc/cobbler #(配置檔案目錄)
auth.conf dnsmasq.template mongodb.conf rsync.exclude users.conf
cheetah_macros import_rsync_whitelist named.template rsync.template users.digest
cobbler_bash iso power secondary.template version
completions ldap pxe settings zone.template
dhcp.template modules.conf reporting tftpd.template zone_templates
[root@test5 ~]# ls /var/lib/cobbler/ #(資料目錄)
config distro_signatures.json kickstarts loaders lock scripts snippets triggers web.ss webui_sessions
[root@test5 ~]# ls /var/www/cobbler #(系統安裝鏡像目錄)
aux images ks_mirror links localmirror pub rendered repo_mirror svc
[root@test5 ~]# ls /var/log/cobbler/ #(日志目錄
anamon cobbler.log kicklog syslog tasks
<a href="http://192.168.23.133/cobbler_web" target="_blank">http://192.168.23.133/cobbler_web</a>
<a href="https://s4.51cto.com/wyfs02/M00/8C/B4/wKiom1h01yPQcZCuAABR0JCq7EQ925.jpg" target="_blank"></a>
cobbler/cobbler
[root@test5 ~]# vim /etc/cobbler/users.digest #(賬号密碼位置)
cobbler:Cobbler:a2d6bae81669d707b72c0bd9806e01f3
[root@test5 ~]# vim /etc/cobbler/modules.conf #(認證方式,authn_configfile-- use /etc/cobbler/users.digest (for basic setups))
[authentication]
module = authn_configfile
<a href="https://s4.51cto.com/wyfs02/M01/8C/B1/wKioL1h010iAooBzAACF2q6BCwQ222.jpg" target="_blank"></a>
附:
[root@test5 ~]# vim /var/lib/cobbler/kickstarts/rhel-6.5-x86_64.ks
--------------------------file-start-----------------------
key --skip
lang en_US
keyboard us
timezone Asia/Shanghai
rootpw --iscrypted $default_password_crypted
text
install
url --url=$tree
bootloader --location=mbr
zerombr yes
clearpart --all --initlabel
part /boot --fstype ext4 --size 1024 --ondisk sda
part swap --size 2048 --ondisk sda
part / --fstype ext4 --size 1 --grow --ondisk sda
auth --useshadow --enablemd5
network --bootproto=dhcp --device=eth0 --onboot=on
reboot
firewall --disabled
selinux --disabled
skipx
%packages
@ base
@ chinese-support
@ core
sysstat
iptraf
ntp
e2fsprogs-devel
keyutils-libs-devel
krb5-devel
libselinux-devel
libsepol-devel
lrzsz
ncurses-devel
openssl-devel
zlib-devel
OpenIPMI-tools
mysql
lockdev
minicom
nmap
%post
#/bin/sed -i 's/#Protocol 2,1/Protocol 2/'/etc/ssh/sshd_config
#/bin/sed -i's/^ca::ctrlaltdel:/#ca::ctrlaltdel:/' /etc/inittab
/sbin/chkconfig --level 3 diskdump off
/sbin/chkconfig --level 3 dc_server off
/sbin/chkconfig --level 3 nscd off
/sbin/chkconfig --level 3 netfs off
/sbin/chkconfig --level 3 psacct off
/sbin/chkconfig --level 3 mdmpd off
/sbin/chkconfig --level 3 netdump off
/sbin/chkconfig --level 3 readahead off
/sbin/chkconfig --level 3 wpa_supplicant off
/sbin/chkconfig --level 3 mdmonitor off
/sbin/chkconfig --level 3 microcode_ctl off
/sbin/chkconfig --level 3 xfs off
/sbin/chkconfig --level 3 lvm2-monitor off
/sbin/chkconfig --level 3 iptables off
/sbin/chkconfig --level 3 nfs off
/sbin/chkconfig --level 3 ipmi off
/sbin/chkconfig --level 3 autofs off
/sbin/chkconfig --level 3 iiim off
/sbin/chkconfig --level 3 cups off
/sbin/chkconfig --level 3 openibd off
/sbin/chkconfig --level 3 saslauthd off
/sbin/chkconfig --level 3 ypbind off
/sbin/chkconfig --level 3 auditd off
/sbin/chkconfig --level 3 rdisc off
/sbin/chkconfig --level 3 tog-pegasus off
/sbin/chkconfig --level 3 rpcgssd off
/sbin/chkconfig --level 3 kudzu off
/sbin/chkconfig --level 3 gpm off
/sbin/chkconfig --level 3 arptables_js off
/sbin/chkconfig --level 3 dc_client off
/sbin/chkconfig --level 3 lm_sensors off
/sbin/chkconfig --level 3 apmd off
/sbin/chkconfig --level 3 sysstat off
/sbin/chkconfig --level 3 cpuspeed off
/sbin/chkconfig --level 3 rpcidmapd off
/sbin/chkconfig --level 3 rawdevices off
/sbin/chkconfig --level 3 rhnsd off
/sbin/chkconfig --level 3 nfslock off
/sbin/chkconfig --level 3 winbind off
/sbin/chkconfig --level 3 bluetooth off
/sbin/chkconfig --level 3 isdn off
/sbin/chkconfig --level 3 portmap off
/sbin/chkconfig --level 3 anacron off
/sbin/chkconfig --level 3 irda off
/sbin/chkconfig --level 3 NetworkManager off
/sbin/chkconfig --level 3 acpid off
/sbin/chkconfig --level 3 pcmcia off
/sbin/chkconfig --level 3 atd off
/sbin/chkconfig --level 3 sendmail off
/sbin/chkconfig --level 3 haldaemon off
/sbin/chkconfig --level 3 smartd off
/sbin/chkconfig --level 3 xinetd off
/sbin/chkconfig --level 3 netplugd off
/sbin/chkconfig --level 3 readahead_early off
/sbin/chkconfig --level 3 avahi-daemon off
/sbin/chkconfig --level 3 ip6tables off
/sbin/chkconfig --level 3 restorecond off
/sbin/chkconfig --level 3 postfix off
/sbin/chkconfig --level 3 ntpd on
## Remove some unneeded services
##--------------------------------------------------------------------------------
#cat << EOF
#+--------------------------------------------------------------+
#| === Welcome to Tunoff services ===|
#EOF
##---------------------------------------------------------------------------------
#for i in `ls /etc/rc3.d/S*`
#do
# CURSRV=`echo $i|cut -c 15-`
#echo $CURSRV
#case $CURSRV in
# crond | irqbalance | microcode_ctl | network | random | sshd | syslog |local )
# echo "Base services, Skip!"
# ;;
# *)
# echo "change $CURSRV to off"
# chkconfig --level 235 $CURSRV off
# service $CURSRV stop
#esac
#done
# file descriptors
ulimit -HSn 65535
echo -ne "
* soft nofile 65536
* hard nofile 65536
" >> /etc/security/limits.conf
#set sysctl
true > /etc/sysctl.conf
cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route =0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 102465535
EOF
/sbin/sysctl -p
#close ctrl+alt+del
#sed -i "s/ca::ctrlaltdel:\/sbin\/shutdown -t3 -rnow/#ca::ctrlaltdel:\/sbin\/shutdown -t3 -r now/" /etc/inittab
#set purview
chmod 600 /etc/passwd
chmod 600 /etc/shadow
chmod 600 /etc/group
chmod 600 /etc/gshadow
-------------------------file-end---------------------
本文轉自 chaijowin 51CTO部落格,原文連結:http://blog.51cto.com/jowin/1890844,如需轉載請自行聯系原作者
![Cloud Studio初體驗[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)