@ Карта сайта News Автора!

Bog BOS: Установка Linux CentOS 6.6 для вычислительного узла (kickstart)

Последние изменения:
2024.11.22: sysadmin: systemd-journald (централизованное хранение)
2024.11.11: sysadmin: Linux: пространства имён
2024.11.06: sysadmin: настройка TCP/IP в Linux: виртуальный интерфейс и виртуальный мост
2024.10.25: sysadmin: Linux VFS, атрибуты, расширенные атрибуты, ACL

Последнее изменение файла: 2015.03.16
Скопировано с www.bog.pp.ru: 2024.11.23

Bog BOS: Установка Linux CentOS 6.6 для вычислительного узла (kickstart)

Предварительно прочитайте несколько слов о RHEL 6 и CentOS 6.

Устанавливал с загрузкой по PXE с использованием KVM, kickstart.

Сервера HP ProLiant DL365 Generation 5, AMD Opteron 2356 (2.3 GHz), 16 GB памяти (8x2GB, DDR2 667), RAID контроллер HP Smart Array P400i, НЖМД SAS SFF HP DG146BAAJB (146 GB, 10000 RPM, Seagate, 2.5", 1 порт), CD-RW/DVD-ROM (ide1, /dev/hda, TSSTcorp CDW/DVD TS-L462D, udma2 (33)), USB 2.0, встроенный HP NC373i (Broadcom NetXtremeII BCM5708, bnx2, eth0 для управления, eth1 - не используется). Дополнительная двухпортовая сетевая карта NC360T (eth2 - port 1 основного сервера хранения HP MSA 2012i (iSCSI), eth3 - port 0 запасного сервера хранения). И ещё одна двухпортовая сетевая карта NC360T (eth4 - port 1 запасного сервера хранения, eth5 - port 0 основного сервера хранения). Настройки BIOS на оптимизацию вычислений.

А также серверы на платформах Intel SR16..UR и SR26..UR.

А также серверы Intel SR1530SH.

А также серверы Intel SR1680MV.

А также серверы HP ProLiant DL320 Generation 5p.

А также серверы HP ProLiant DL360 Generation 6.

А также серверы HP ProLiant DL585 Generation 6.

А также серверы на базе шасси SuperMicro SC417.

А также серверы на базе шасси SuperMicro Super Storage System 6047R-E1R36L.

А также серверы на платформах Intel H2000JF.

А также серверы на платформах Intel R2000GZ.

А также множество безродных мелких и не мелких железок и подключение к Fiber Channel и InfiniBand.

Назначение - вычислительный узел [и файловый сервер].

Установка и настройка системы загрузки по протоколу PXE (FTP сервер и дерево файлов для CentOS 6.6 x86_64, сервер tftp и образы для загрузки с помощью pxeos, сервер dhcp и pxelinux ). Специальная конфигурация для загрузки данного сервера /tftpboot/linux-install/pxelinux.cfg/01-MACадрес, обеспечивающая установку нужной версии ОС с использованием kickstart-файла

default local
timeout 100
prompt 1
display msgs/boot.msg
F1 msgs/boot.msg
F2 msgs/general.msg
F3 msgs/expert.msg
F4 msgs/param.msg
F5 msgs/rescue.msg
F7 msgs/snake.msg

label local
  localboot 1

label 0
  localboot 1

label 1
  kernel CentOS5.3-x86_64-install/vmlinuz
  append initrd=CentOS5.3-x86_64-install/initrd.img ramdisk_size=8262 \
       method=ftp://ftp-сервер/pub/CentOS5.3/base/x86_64 ip=dhcp noipv6 \
       syslog=адрес-сервера lang=en_US \
       ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg

label 2
  kernel CentOS5.4-x86_64-install/vmlinuz
  append initrd=CentOS5.4-x86_64-install/initrd.img ramdisk_size=8262 \
       method=ftp://ftp-сервер/pub/CentOS5.4/base/x86_64 ip=dhcp noipv6 \
       syslog=адрес-сервера lang=en_US \
       ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg

label 3
  kernel CentOS6.0-x86_64-install/vmlinuz
  append initrd=CentOS6.0-x86_64-install/initrd.img ramdisk_size=55295 \
       method=ftp://ftp-сервер/pub/CentOS6.0/base/x86_64 ip=dhcp noipv6 \
       syslog=адрес-сервера lang=en_US \
       ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg

label 4
  kernel SL-61-x86_64-install/vmlinuz
  append initrd=SL-61-x86_64-install/initrd.img ramdisk_size=64063 \
       method=ftp://ftp-сервер/pub/SL-61/os ip=dhcp noipv6 \
       syslog=адрес-сервера lang=en_US \
       ksdevice=eth0 ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg

label 5
  kernel CentOS5.7-x86_64-install/vmlinuz
  append initrd=CentOS5.7-x86_64-install/initrd.img ramdisk_size=14530 \
       method=ftp://ftp-сервер/pub/CentOS5.7/base/x86_64 ip=dhcp noipv6 \
       syslog=адрес-сервера lang=en_US \
       ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg

label 6
  kernel CentOS6.6-x86_64-install/vmlinuz
  append initrd=CentOS6.6-x86_64-install/initrd.img ramdisk_size=16000 \
       method=ftp://ftp-сервер/pub/CentOS6.6/base/x86_64 ip=dhcp noipv6 \
       syslog=адрес-сервера lang=en_US \
       ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg

label 7
  kernel memtest/memtest

label 8
  kernel CentOS6.6-x86_64-install/vmlinuz
  append initrd=CentOS6.6-x86_64-install/initrd.img ramdisk_size=16000 \
        method=ftp://ftp/pub/CentOS6.6/base/x86_64 ip=dhcp noipv6 \
        syslog=syslog.cs.niisi.ras.ru lang=en_US linux rescue

Подготовка файла с настройками kickstart (положить его на ftp://ftp-сервер/pub/kickstarts/имя-сервера.версия.cfg)

install
url --url ftp://ftp-сервер/pub/CentOS6.6/base/x86_64
#text
#interactive
#autostep
cmdline
reboot
logging --host=syslog-сервер

#firstboot --enabled
firstboot --disabled

lang en_US.UTF-8
keyboard us

network --activate --onboot yes --device eth0 --bootproto dhcp --noipv6 --hostname=имя-сервера
network --device eth1 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера
network --device eth2 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера
network --device eth3 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера
network --device eth4 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера
network --device eth5 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера

#key --skip
rootpw --iscrypted пароль
selinux --disabled
#firewall --service=ssh
firewall --disabled
authconfig --enableshadow --passalgo=sha512 --enableldapauth --ldapserver=имя --ldapbasedn=dc=имя --enableldaptls

timezone --utc Europe/Moscow

# ignoredisk --only-use=disk/by-path/pci-0000:0d:00.0-scsi-0:1:1:0
bootloader --location=mbr --driveorder=sda,sdb
#bootloader --location=mbr --driveorder=/dev/disk/by-id/ata-ST9500620NS_9XF1CD1J,/dev/disk/by-id/ata-ST9500620NS_9XF1CCK2

zerombr
clearpart --drives=sda,sdb --all --initlabel

part raid.008001 --size=500 --asprimary --ondisk=sda
part raid.008017 --size=500 --asprimary --ondisk=sdb
raid /boot --fstype=ext3 --level=1 --device=md0 raid.008001 raid.008017

part raid.008002 --size=100 --grow --ondisk=sda
part raid.008018 --size=100 --grow --ondisk=sdb
raid pv.009001 --level=1 --device=md1 raid.008002 raid.008018
volgroup system --pesize=8192 pv.009001
logvol / --fstype ext4 --name=root --vgname=system --size=20000
logvol swap --fstype swap --name=swap --vgname=system --size=60000


repo --name="CentOS 6.6"  --baseurl=ftp://ftp/pub/CentOS6.6/base/x86_64/ --cost=100
repo --name="EPEL 6"  --baseurl=ftp://ftp/pub/EPEL6/x86_64/ --cost=100

%packages
@additional-devel
@backup-client
@base
@cifs-file-server
@client-mgmt-tools
@compat-libraries
@console-internet
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@desktop-platform-devel
@development
@dial-up
@directory-client
@directory-server
@mail-server
@eclipse
#@emacs
@ftp-server
@fonts
@general-desktop
@graphical-admin-tools
@graphics
@hardware-monitoring
#@ice-desktop
@infiniband
@internet-applications
@internet-browser
@java-platform
@kde-desktop
@large-systems
@legacy-unix
@legacy-x
@mysql-client
@mysql
@nfs-file-server
@storage-server
@network-file-system-client
@network-tools
@office-suite
@php
@performance
@perl-runtime
@print-server
@print-client
@remote-desktop-clients
@russian-support
@system-management-snmp
@scalable-file-systems
@scientific
@security-tools
@server-platform
@server-platform-devel
@storage-client-multipath
@system-management
@system-admin-tools
@tex
@technical-writing
@virtualization
@virtualization-client
@virtualization-tools
@web-server
@x11
#@repos
@storage-client-iscsi
libgcrypt-devel
libXinerama-devel
xorg-x11-proto-devel
startup-notification-devel
libgnomeui-devel
libbonobo-devel
junit
libXau-devel
libXrandr-devel
popt-devel
libdrm-devel
libxslt-devel
libglade2-devel
gnutls-devel
nss_db
udftools
mtools
yum-plugin-versionlock
cpufrequtils
gpm
yum-plugin-tmprepo
pax
yum-plugin-security
oddjob
squashfs-tools
star
kernel-doc
yum-plugin-downloadonly
sgpio
yum-plugin-changelog
genisoimage
x86info
edac-utils
ncurses-term
logwatch
ecryptfs-utils
wodim
ftp
#systemtap-client
lslk
#systemtap-initscript
tigervnc-server
oprofile-gui
xrestop
qt-mysql
desktop-file-utils
mod_dav_svn
ant
libstdc++-docs
expect
dejagnu
cmake
imake
babel
kdewebdev
rpmdevtools
compat-gcc-34
jpackage-utils
mercurial
rpmlint
compat-gcc-34-c++
python-docs
nasm
samba-winbind
openldap-clients
nscd
pam_ldap
nss-pam-ldapd
openldap-servers
samba
sendmail
sendmail-cf
eclipse-mylyn-cdt
eclipse-pde
eclipse-mylyn-pde
eclipse-mylyn-wikitext
eclipse-mylyn-trac
eclipse-subclipse-graph
eclipse-mylyn-webtasks
bitmap-fixed-fonts
gconf-editor
alacarte
gedit-plugins
gnome-pilot
vim-X11
firstaidkit-gui
netpbm-progs
ImageMagick
inkscape
dcraw
edac-utils
lm_sensors
#icewm-l10n
qperf
perftest
libibcommon
compat-dapl
infiniband-diags
srptools
opensm
evolution-exchange
thunderbird
xchat
icedtea-web
cups-lpd
rsh
telnet
tcp_wrappers
ncompress
tftp
openmotif
xorg-x11-fonts-ISO8859-1-75dpi
xterm
xorg-x11-xdm
xorg-x11-fonts-cyrillic
xorg-x11-fonts-75dpi
libXmu
libXp
openmotif22
xorg-x11-twm
perl-DBD-MySQL
cachefilesd
arpwatch
nmap
NetworkManager-openswan
iptraf
dropwatch
wireshark
arptables_jf
planner
libreoffice-base
libreoffice-report-builder
libreoffice-headless
taskjuggler
libreoffice-wiki-publisher
libreoffice-presentation-minimizer
libreoffice-emailmerge
libreoffice-javafilter
libreoffice-langpack-en
libreoffice-langpack-ru
php-xmlrpc
php-mysql
sdparm
sg3_utils
tuned-utils
tuned
perl-LDAP
perl-Date-Manip
perl-DBD-SQLite
tsclient
rdesktop
vinagre
tigervnc
spice-client
mpitests-openmpi
openmpi
atlas
numpy
trousers
hmaccalc
ipmitool
freeipmi
OpenIPMI
openhpi
mc
screen
crypto-utils
scrub
lsscsi
xmltoman
texinfo
docbook-utils-pdf
xmlto-tex
qemu-kvm-tools
virt-v2v
libguestfs-tools
libguestfs-mount
mod_nss
mod_authz_ldap
perl-CGI
#epel-release
#elrepo-release
e2fsprogs-devel
ksh
lzo-devel
unix2dos
libX11.i686
libSM.i686
libXi.i686
libXrender.i686
libXrandr.i686
sssd-client.i686
compat-libtermcap.i686
zlib.i686
elfutils-libelf.i686
compat-libstdc++-33.i686
libXp.i686
libXmu.i686
glib2.i686
mesa-libGLU.i686
ncurses-libs.i686
libXScrnSaver.i686
libXft.i686
libXinerama.i686
libXcursor.i686
libjpeg-turbo.i686
gdbm.i686
gdbm-devel.i686
dos2unix
libtiff.i686
libXtst.i686
libmng.i686
compat-readline5.i686
readline.i686
compat-expat1.i686
libpng.i686
openmotif22.i686
glibc-devel.i686
kdesdk
xfce4-doc
xfce4-panel
xfce4-settings
xfce4-session
xfce4-session-engines
xfce4-session-devel
xfce4-notes-plugin
xfce-utils
xfce4-panel-devel
xfce4-mixer
xfce4-power-manager
xfce4-appfinder
xfce4-icon-theme
xfce4-dev-tools
-pcmciautils
-gdm-plugin-fingerprint
-gcc-gfortran
-ypbind
-ipa-client
-dovecot
-spamassassin
-lohit-assamese-fonts
-lohit-bengali-fonts
-thai-scalable-waree-fonts
-lohit-kannada-fonts
-paktype-tehreer-fonts
-tibetan-machine-uni-fonts
-lohit-devanagari-fonts
-smc-meera-fonts
-lohit-gujarati-fonts
-paktype-naqsh-fonts
-sil-padauk-fonts
-lohit-punjabi-fonts
-lohit-tamil-fonts
-lohit-telugu-fonts
-madan-fonts
-lohit-oriya-fonts
-gnome-bluetooth
-wacomexpresskeys
-pulseaudio-module-gconf
-kde-settings-pulseaudio
-alsa-plugins-pulseaudio
-pulseaudio-utils
-pulseaudio-module-x11
-pulseaudio
%end

%post
# сертификат своего CA
wget -O /etc/openldap/cacerts/ca.crt ftp://ftp/pub/local/ca.crt

# меню grub
sed -i 's/hiddenmenu/#hiddenmenu/' /boot/grub/grub.conf
sed -i 's/splashimage/#splashimage/' /boot/grub/grub.conf
# rhgb quiet?

# настройка rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
rpm -iv ftp://ftp/pub/EPEL6/x86_64/epel-release-6-8.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

# настройка yum
cat << 'EOF' > /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
baseurl=ftp://зеркало/pub/CentOS6.6/base/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#released updates 
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
baseurl=ftp://зеркало/pub/CentOS6.6/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
baseurl=ftp://зеркало/pub/CentOS6.6/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
EOF

cat << 'EOF' > /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
baseurl=ftp://зеркало/pub/EPEL6/$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
EOF

cat << 'EOF' > /etc/yum.repos.d/elrepo.repo
[elrepo]
name=ELRepo.org Community Enterprise Linux Repository - el6
#baseurl=http://elrepo.org/linux/elrepo/el6/$basearch/
#mirrorlist=http://elrepo.org/mirrors-elrepo.el6
baseurl=ftp://зеркало/pub/elrepo6/elrepo/$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org
protect=0

[elrepo-testing]
name=ELRepo.org Community Enterprise Linux Testing Repository - el6
baseurl=http://elrepo.org/linux/testing/el6/$basearch/
mirrorlist=http://elrepo.org/mirrors-elrepo-testing.el6
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org
protect=0

[elrepo-kernel]
name=ELRepo.org Community Enterprise Linux Kernel Repository - el6
#baseurl=http://elrepo.org/linux/kernel/el6/$basearch/
#mirrorlist=http://elrepo.org/mirrors-elrepo-kernel.el6
baseurl=ftp://зеркало/pub/elrepo6/kernel/$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org
protect=0

[elrepo-extras]
name=ELRepo.org Community Enterprise Linux Repository - el6
#baseurl=http://elrepo.org/linux/extras/el6/$basearch/
#mirrorlist=http://elrepo.org/mirrors-elrepo-extras.el6
baseurl=ftp://зеркало/pub/elrepo/extras/$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org
protect=0
EOF

# обновление и доустановка
echo "Long time operation - yum update -y"
yum update -y
yum install -y fedora-usermgmt
yum install -y zabbix
yum install -y zabbix-agent

# добавление групп пользователей
/usr/sbin/groupadd -g ид имя

# добавление пользователей
/usr/sbin/useradd -c "описание" -g sys -m -r -u идентификатор -p кодированный-пароль имя

# уменьшение зарезервированного места, отказаться от регулярных fsck
/sbin/tune2fs -r 25000 -c -1 -i 0 /dev/system/root
#/sbin/tune2fs -r 25000 -c -1 -i 0 /dev/system/cads

# убрать лишние сервисы и добавить нужные
/sbin/chkconfig --level 12345 avahi-daemon off
/sbin/chkconfig --level 12345 cpuspeed off
/sbin/chkconfig --level 12345 firstboot off
/sbin/chkconfig --level 12345 lm_sensors off
/sbin/chkconfig --level 12345 pcscd off
/sbin/chkconfig --level 12345 NetworkManager off
/sbin/chkconfig --level 12345 autofs off
/sbin/chkconfig --level 12345 cachefilesd off
/sbin/chkconfig --level 2345 smartd on
/sbin/chkconfig --level 2345 sssd on

# динамический загрузчик
echo "/usr/local/lib" >> /etc/ld.so.conf
echo "/usr/local/lib64" >> /etc/ld.so.conf
/sbin/ldconfig

# locate
sed -i 's/udf usbfs/udf usbfs glusterfs/' /etc/updatedb.conf

# sendmail
sed -i 's/DS/DSдоменное-имя-SMTP-сервера/' /etc/mail/sendmail.cf

# NFS
sed -i 's/#RQUOTAD_PORT=875/RQUOTAD_PORT=4003/' /etc/sysconfig/nfs
sed -i 's/#LOCKD_TCPPORT=32803/LOCKD_TCPPORT=4001/' /etc/sysconfig/nfs
sed -i 's/#LOCKD_UDPPORT=32769/LOCKD_UDPPORT=4001/' /etc/sysconfig/nfs
sed -i 's/#RPCNFSDARGS="-N 4"/RPCNFSDARGS="--port 2049"/' /etc/sysconfig/nfs
sed -i 's/#MOUNTD_PORT=892/MOUNTD_PORT=4002/' /etc/sysconfig/nfs
sed -i 's/#STATD_PORT=662/STATD_PORT=4000/' /etc/sysconfig/nfs

mkdir точка-монтирования ...

cat << EOF >> /etc/fstab
сервер точка-монтирования nfs tcp,bg,hard,intr,rw,nosuid,nodev,exec,auto,nouser,async,_netdev,rsize=32768,wsize=32768,nfsvers=3 0 0
EOF

# LDAP
sed -i 's/TLS_CACERTDIR \/etc\/openldap\/cacerts/#TLS_CACERTDIR \/etc\/openldap\/cacerts\nTLS_CACERTFILE \/etc\/openldap\/cacerts\/ca\.crt/' /etc/openldap/ldap.conf

sed -i 's/#uri ldaps:\/\/127\.0\.0\.1\//uri ldaps:\/\/DNS-имя-LDAP-сервера/' /etc/pam_ldap.conf
sed -i 's/#rootbinddn cn=manager,dc=example,dc=com/#rootbinddn cn=manager,dc=example,dc=com\nrootbinddn cn=proxyuser,dc=имя/' /etc/pam_ldap.conf
sed -i 's/#scope one/scope one/' /etc/pam_ldap.conf
sed -i 's/#pam_filter objectclass=account/#pam_filter objectclass=account\npam_filter objectclass=posixAccount/' /etc/pam_ldap.conf
sed -i 's/#pam_login_attribute uid/pam_login_attribute uid/' /etc/pam_ldap.conf
sed -i 's/#pam_member_attribute uniquemember/#pam_member_attribute uniquemember\npam_member_attribute gid/' /etc/pam_ldap.conf
sed -i 's/#pam_template_login_attribute uid/pam_template_login_attribute uid/' /etc/pam_ldap.conf
sed -i 's/#pam_password crypt/pam_password crypt/' /etc/pam_ldap.conf
sed -i 's/#nss_base_passwd\tou=People,dc=example,dc=com?one/nss_base_passwd\tou=People,dc=имя?one/' /etc/pam_ldap.conf
sed -i 's/#nss_base_shadow\tou=People,dc=example,dc=com?one/nss_base_shadow\tou=People,dc=имя?one/' /etc/pam_ldap.conf
sed -i 's/#nss_base_group.*ou=Group,dc=example,dc=com?one/nss_base_group\tou=Group,dc=имя?one/' /etc/pam_ldap.conf
sed -i 's/#nss_base_netgroup\tou=Netgroup,dc=example,dc=com?one/#nss_base_netgroup\tou=Netgroup,dc=example,dc=com?one\n\n# Just assume that there are no supplemental groups for these named users\nnss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm/' /etc/pam_ldap.conf
sed -i 's/#ssl start_tls/#ssl start_tls\nssl on/' /etc/pam_ldap.conf
sed -i 's/#tls_checkpeer yes/tls_checkpeer yes/' /etc/pam_ldap.conf
sed -i 's/#tls_cacertdir \/etc\/ssl\/certs/#tls_cacertdir \/etc\/ssl\/certs\ntls_cacertfile \/etc\/openldap\/cacerts\/ca\.crt/' /etc/pam_ldap.conf
sed -i 's/uri ldap:\/\/DNA-имя-LDAP-сервера\//#uri ldap:\/\/DNS-имя-LDAP-сервера\//' /etc/pam_ldap.conf
sed -i 's/ssl start_tls/#ssl start_tls/' /etc/pam_ldap.conf
sed -i 's/tls_cacertdir \/etc\/openldap\/cacerts/#tls_cacertdir \/etc\/openldap\/cacerts/' /etc/pam_ldap.conf
sed -i 's/pam_password md5/#pam_password md5/' /etc/pam_ldap.conf

sed -i 's/ssl start_tls/rootbinddn cn=proxyuser,dc=имя\nbinddn cn=proxyuser,dc=имя\nbindpw пароль\n#ssl start_tls/' /etc/nslcd.conf
sed -i 's/tls_cacertdir \/etc\/openldap\/cacerts/#tls_cacertdir \/etc\/openldap\/cacerts\ntls_cacertfile \/etc\/openldap\/cacerts\/ca\.crt/' /etc/nslcd.conf

# SSSD
sed -i 's/passwd:     files/passwd:     files sss/' /etc/nsswitch.conf
sed -i 's/shadow:     files/shadow:     files sss/' /etc/nsswitch.conf
sed -i 's/group:      files/group:      files sss/' /etc/nsswitch.conf

sed -i 's/USESSSD=no/USESSSD=yes/' /etc/sysconfig/authconfig

cat << 'EOF' >  /etc/sssd/sssd.conf 
[sssd]
config_file_version = 2
services = nss, pam
# SSSD will not start if you do not configure any domains.
# Add new domain configurations as [domain/] sections, and
# then add the list of domains (in the order you want them to be
# queried) to the "domains" attribute below and uncomment it.
# domains = LDAP

domains = default

[nss]
filter_groups = root
filter_users = root

[pam]

# Example LDAP domain
# [domain/LDAP]
# id_provider = ldap
# auth_provider = ldap
# ldap_schema can be set to "rfc2307", which stores group member names in the
# "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in
# the "member" attribute. If you do not know this value, ask your LDAP
# administrator.
# ldap_schema = rfc2307
# ldap_uri = ldap://ldap.mydomain.org
# ldap_search_base = dc=mydomain,dc=org
# Note that enabling enumeration will have a moderate performance impact.
# Consequently, the default value for enumeration is FALSE.
# Refer to the sssd.conf man page for full details.
# enumerate = false
# Allow offline logins by locally storing password hashes (default: false).
# cache_credentials = true

# An example Active Directory domain. Please note that this configuration
# works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis
# compliant attribute names. To support UNIX clients with AD 2003 or older,
# you must install Microsoft Services For Unix and map LDAP attributes onto
# msSFU30* attribute names.
# [domain/AD]
# id_provider = ldap
# auth_provider = krb5
# chpass_provider = krb5
#
# ldap_uri = ldap://your.ad.example.com
# ldap_search_base = dc=example,dc=com
# ldap_schema = rfc2307bis
# ldap_sasl_mech = GSSAPI
# ldap_user_object_class = user
# ldap_group_object_class = group
# ldap_user_home_directory = unixHomeDirectory
# ldap_user_principal = userPrincipalName
# ldap_account_expire_policy = ad
# ldap_force_upper_case_realm = true
#
# krb5_server = your.ad.example.com
# krb5_realm = EXAMPLE.COM
[domain/default]
auth_provider = ldap
ldap_id_use_start_tls = False
chpass_provider = ldap
cache_credentials = True
ldap_search_base = dc=имя
id_provider = ldap
#krb5_realm = EXAMPLE.COM
ldap_uri = ldaps://DNS-имя-LDAP-сервера/
#krb5_kdcip = kerberos.example.com
ldap_tls_cacert = /etc/openldap/cacerts/ca.crt

enumerate = true
EOF

chmod 600 /etc/sssd/sssd.conf

# multipath
cat << EOF > /etc/multipath/bindings
# Format:
# alias wwid
#
mpathИМЯ ВВИД-стр83
EOF

# need update warning
mkdir /root/bin
cat << EOF >> /root/bin/check-update.sh
#!/bin/bash

result=`yum -d 0 check-update`

if [ $? ]
then
  echo $result | mail -s "`hostname`: `cat /etc/redhat-release`: need updates" root
fi
EOF
chmod u+x /root/bin/check-update.sh
# синхронизация времени
echo -e "23 5 * * 1 /root/bin/check-update.sh\n53 * * * * /usr/sbin/ntpdate -s -B ntp1 ntp2" | /usr/bin/crontab -

# отключить prelink
echo "PRELINKING=no" >> /etc/sysconfig/prelink

# почтовый адрес root
echo "root: адрес" >> /etc/aliases

# rc.local (IPMI, CPU, сеть)
cat << EOF >> /etc/rc.local
modprobe ipmi_devintf
#modprobe powernow-k8
modprobe coretemp
modprobe acpi-cpufreq

for cpu in /sys/devices/system/cpu/cpu[0-9]*
do
  echo performance > \$cpu/cpufreq/scaling_governor
done

#ip -6 addr flush dev lo
ip -6 addr flush dev eth0
ip -6 addr flush dev eth1
echo 0 > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack_tftp
modprobe ip_conntrack_ftp

mkdir /dev/cpuset
mount -t cpuset none /dev/cpuset
# not more than one memory node
mount -t tmpfs -o remount,size=8G tmpfs /dev/shm

# not corrected until now (2.6.32-131.17.1.el6.x86_64)
echo 0 > /proc/sys/vm/zone_reclaim_mode

sysctl -w kernel.randomize_va_space=0
EOF

# SSH
cat << EOF > /etc/ssh/sshd_conf
Port 22
ListenAddress адрес
ListenAddress 127.0.0.1
AcceptEnv LANG TERM COLORTERM
#AllowUsers ...
AllowGroups ...
AllowTcpForwarding yes
ChallengeResponseAuthentication no
ClientAliveInterval 20
Compression delayed
GatewayPorts no
HostbasedAuthentication no
IgnoreRhosts yes
IgnoreUserKnownHosts yes
TCPKeepAlive yes
LogLevel INFO
#PasswordAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords no
#PermitRootLogin yes
PermitRootLogin forced-commands-only
PermitUserEnvironment no
PrintMotd no
Protocol 2
PubkeyAuthentication yes
UseDNS yes
RhostsRSAAuthentication no
RSAAuthentication no
SkeyAuthentication no
#StrictModes yes
StrictModes no
Subsystem       sftp    /usr/libexec/openssh/sftp-server
SyslogFacility AUTHPRIV
UsePAM yes
X11Forwarding yes
X11UseLocalhost yes
MaxSessions 100
MaxStartups 100
EOF

cat << EOF >> /etc/sysconfig/sshd
OPTIONS="-u0 -4"
EOF

# smartd (ещё надо закоментарить DEVICESCAN)
cat << EOF >> /etc/smartd.conf
/dev/sda -a -m root -I 9 -I 190 -I 194
/dev/sdb -a -m root -I 9 -I 190 -I 194
EOF

# syslog
cat << EOF >> /etc/rsyslog.conf

*.*                                                     @имя-сервера-syslog
EOF

# сеть
sed -i "s/1500/9000/" /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's/NM_CONTROLLED="yes"/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-eth0
cat << EOF >> /etc/sysconfig/network-scripts/ifcfg-eth0
LINKDELAY=10 
EOF

sed -i "s/1500/9000/" /etc/sysconfig/network-scripts/ifcfg-eth1
sed -i 's/NM_CONTROLLED="yes"/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-eth1
cat << EOF >> /etc/sysconfig/network-scripts/ifcfg-eth1
LINKDELAY=10 
EOF

sed -i 's/::1         localhost localhost.localdomain localhost6 localhost6.localdomain6//' /etc/hosts

# чистка /dev/shm
cat <> EOF >> /etc/cron.daily/tmpwatch
/usr/sbin/tmpwatch 24 /dev/shm
EOF

# модули окружения
cat << EOF >> /usr/share/Modules/init/.modulespath
каталог
...
EOF

cat << EOF >> /etc/profile.d/modules.sh
настройка общих переменных окружения
EOF

cat << EOF >> /etc/profile.d/modules.csh
настройка общих переменных окружения
EOF

# zabbix агент
sed -i 's/Server=127\.0\.0\.1/Server=192.168.172.196/' /etc/zabbix/zabbix_agentd.conf
sed -i 's/Hostname=Zabbix server/Hostname=v236/' /etc/zabbix/zabbix_agentd.conf
sed -i 's/# SourceIP=/SourceIP=192\.168\.174\.236/' /etc/zabbix/zabbix_agentd.conf
sed -i 's/# ListenIP=0.0.0.0/ListenIP=192\.168\.174\.236/' /etc/zabbix/zabbix_agentd.conf

mkdir /etc/zabbix/externalscripts

sed -i 's/Server=127\.0\.0\.1/Server=IP-адрес/' /etc/zabbix/zabbix_agentd.conf
sed -i 's/Hostname=Zabbix server/Hostname=наше-имя/' /etc/zabbix/zabbix_agentd.conf
sed -i 's/# SourceIP=/SourceIP=наш-IP-адрес/' /etc/zabbix/zabbix_agentd.conf
sed -i 's/# ListenIP=0.0.0.0/ListenIP=наш-IP-адрес/' /etc/zabbix/zabbix_agentd.conf

mkdir /etc/zabbix/externalscripts

echo "awk  '{print \$1}' < /sys/block/\$1/stat" > /etc/zabbix/externalscripts/check_ior.sh
chmod 755 /etc/zabbix/externalscripts/check_ior.sh
echo "awk  '{print \$5}' < /sys/block/\$1/stat" > /etc/zabbix/externalscripts/check_iow.sh
chmod 755 /etc/zabbix/externalscripts/check_iow.sh
echo "awk  '{print \$3}' < /sys/block/\$1/stat" > /etc/zabbix/externalscripts/check_br.sh
chmod 755 /etc/zabbix/externalscripts/check_br.sh
echo "awk  '{print \$7}' < /sys/block/\$1/stat" > /etc/zabbix/externalscripts/check_bw.sh
chmod 755 /etc/zabbix/externalscripts/check_bw.sh

echo "UserParameter=check.br[*],/etc/zabbix/externalscripts/check_br.sh '\$1'" >> /etc/zabbix/zabbix_agentd.conf
echo "UserParameter=check.bw[*],/etc/zabbix/externalscripts/check_bw.sh '\$1'" >> /etc/zabbix/zabbix_agentd.conf
echo "UserParameter=check.ior[*],/etc/zabbix/externalscripts/check_ior.sh '\$1'" >> /etc/zabbix/zabbix_agentd.conf
echo "UserParameter=check.iow[*],/etc/zabbix/externalscripts/check_iow.sh '\$1'" >> /etc/zabbix/zabbix_agentd.conf

sed -i 's/zabbix:x:492:/zabbix:x:490:/' /etc/group
sed -i 's/zabbix.*/zabbix\:x\:496\:490\:Zabbix Monitoring System\:\/var\/lib\/zabbix:\/sbin\/nologin /' /etc/passwd
chown -R 496:490 /var/run/zabbix
chown -R 496:490 /var/log/zabbix

chkconfig --level 2345 zabbix-agent on

# SGE
sed -i 's/.*CreateSGEStartUpScripts $euid true master/#  CreateSGEStartUpScripts $euid true master/g' /usr/share/gridengine/inst_sge
sed -i 's/.*CreateSGEStartUpScripts $euid true execd/#  CreateSGEStartUpScripts $euid true execd/g' /usr/share/gridengine/inst_sge
sed -i 's/   CreateSGEStartUpScripts 0 true master/#   CreateSGEStartUpScripts 0 true master/' /usr/share/gridengine/inst_sge
sed -i 's/   CreateSGEStartUpScripts 0 true execd/#   CreateSGEStartUpScripts 0 true execd/' /usr/share/gridengine/inst_sge

# создание дополнительных каталогов и ссылок на сетевые ресурсы
ln -s /usr/lib/libXft.so.2 /usr/lib/libXft.so.1
ln -s /usr/bin/firefox /usr/bin/netscape
...

# всякая мелочь
mv /usr/bin/gnome-screensaver /usr/bin/gnome-screensaver.orig
cp /bin/true /usr/bin/gnome-screensaver

%end

Загрузка PXE с правильной сетевой карты

Ручная настройка:

@ Карта сайта News Автора!

Bog BOS: Установка Linux CentOS 6.6 для вычислительного узла (kickstart)

Последние изменения:
2024.11.22: sysadmin: systemd-journald (централизованное хранение)
2024.11.11: sysadmin: Linux: пространства имён
2024.11.06: sysadmin: настройка TCP/IP в Linux: виртуальный интерфейс и виртуальный мост
2024.10.25: sysadmin: Linux VFS, атрибуты, расширенные атрибуты, ACL



Copyright © 1996-2024 Sergey E. Bogomolov; www.bog.pp.ru