|
Bog BOS: Установка Linux CentOS 6.6 для вычислительного узла (kickstart) |
Последние изменения: |
Последнее изменение файла: 2015.03.16
Скопировано с www.bog.pp.ru: 2024.11.11
Предварительно прочитайте несколько слов о RHEL 6 и CentOS 6.
Устанавливал с загрузкой по PXE с использованием KVM, kickstart.
Сервера HP ProLiant DL365 Generation 5, AMD Opteron 2356 (2.3 GHz), 16 GB памяти (8x2GB, DDR2 667), RAID контроллер HP Smart Array P400i, НЖМД SAS SFF HP DG146BAAJB (146 GB, 10000 RPM, Seagate, 2.5", 1 порт), CD-RW/DVD-ROM (ide1, /dev/hda, TSSTcorp CDW/DVD TS-L462D, udma2 (33)), USB 2.0, встроенный HP NC373i (Broadcom NetXtremeII BCM5708, bnx2, eth0 для управления, eth1 - не используется). Дополнительная двухпортовая сетевая карта NC360T (eth2 - port 1 основного сервера хранения HP MSA 2012i (iSCSI), eth3 - port 0 запасного сервера хранения). И ещё одна двухпортовая сетевая карта NC360T (eth4 - port 1 запасного сервера хранения, eth5 - port 0 основного сервера хранения). Настройки BIOS на оптимизацию вычислений.
А также серверы на платформах Intel SR16..UR и SR26..UR.
А также серверы Intel SR1530SH.
А также серверы Intel SR1680MV.
А также серверы HP ProLiant DL320 Generation 5p.
А также серверы HP ProLiant DL360 Generation 6.
А также серверы HP ProLiant DL585 Generation 6.
А также серверы на базе шасси SuperMicro SC417.
А также серверы на базе шасси SuperMicro Super Storage System 6047R-E1R36L.
А также серверы на платформах Intel H2000JF.
А также серверы на платформах Intel R2000GZ.
А также множество безродных мелких и не мелких железок и подключение к Fiber Channel и InfiniBand.
Назначение - вычислительный узел [и файловый сервер].
Установка и настройка системы загрузки по протоколу PXE (FTP сервер и дерево файлов для CentOS 6.6 x86_64, сервер tftp и образы для загрузки с помощью pxeos, сервер dhcp и pxelinux ). Специальная конфигурация для загрузки данного сервера /tftpboot/linux-install/pxelinux.cfg/01-MACадрес, обеспечивающая установку нужной версии ОС с использованием kickstart-файла
default local timeout 100 prompt 1 display msgs/boot.msg F1 msgs/boot.msg F2 msgs/general.msg F3 msgs/expert.msg F4 msgs/param.msg F5 msgs/rescue.msg F7 msgs/snake.msg label local localboot 1 label 0 localboot 1 label 1 kernel CentOS5.3-x86_64-install/vmlinuz append initrd=CentOS5.3-x86_64-install/initrd.img ramdisk_size=8262 \ method=ftp://ftp-сервер/pub/CentOS5.3/base/x86_64 ip=dhcp noipv6 \ syslog=адрес-сервера lang=en_US \ ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg label 2 kernel CentOS5.4-x86_64-install/vmlinuz append initrd=CentOS5.4-x86_64-install/initrd.img ramdisk_size=8262 \ method=ftp://ftp-сервер/pub/CentOS5.4/base/x86_64 ip=dhcp noipv6 \ syslog=адрес-сервера lang=en_US \ ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg label 3 kernel CentOS6.0-x86_64-install/vmlinuz append initrd=CentOS6.0-x86_64-install/initrd.img ramdisk_size=55295 \ method=ftp://ftp-сервер/pub/CentOS6.0/base/x86_64 ip=dhcp noipv6 \ syslog=адрес-сервера lang=en_US \ ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg label 4 kernel SL-61-x86_64-install/vmlinuz append initrd=SL-61-x86_64-install/initrd.img ramdisk_size=64063 \ method=ftp://ftp-сервер/pub/SL-61/os ip=dhcp noipv6 \ syslog=адрес-сервера lang=en_US \ ksdevice=eth0 ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg label 5 kernel CentOS5.7-x86_64-install/vmlinuz append initrd=CentOS5.7-x86_64-install/initrd.img ramdisk_size=14530 \ method=ftp://ftp-сервер/pub/CentOS5.7/base/x86_64 ip=dhcp noipv6 \ syslog=адрес-сервера lang=en_US \ ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg label 6 kernel CentOS6.6-x86_64-install/vmlinuz append initrd=CentOS6.6-x86_64-install/initrd.img ramdisk_size=16000 \ method=ftp://ftp-сервер/pub/CentOS6.6/base/x86_64 ip=dhcp noipv6 \ syslog=адрес-сервера lang=en_US \ ksdevice=bootif ks=ftp://ftp-сервер/pub/kickstarts/имя-сервера.cfg label 7 kernel memtest/memtest label 8 kernel CentOS6.6-x86_64-install/vmlinuz append initrd=CentOS6.6-x86_64-install/initrd.img ramdisk_size=16000 \ method=ftp://ftp/pub/CentOS6.6/base/x86_64 ip=dhcp noipv6 \ syslog=syslog.cs.niisi.ras.ru lang=en_US linux rescue
Подготовка файла с настройками kickstart (положить его на ftp://ftp-сервер/pub/kickstarts/имя-сервера.версия.cfg)
install url --url ftp://ftp-сервер/pub/CentOS6.6/base/x86_64 #text #interactive #autostep cmdline reboot logging --host=syslog-сервер #firstboot --enabled firstboot --disabled lang en_US.UTF-8 keyboard us network --activate --onboot yes --device eth0 --bootproto dhcp --noipv6 --hostname=имя-сервера network --device eth1 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера network --device eth2 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера network --device eth3 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера network --device eth4 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера network --device eth5 --onboot no --bootproto dhcp --noipv6 --hostname=имя-сервера #key --skip rootpw --iscrypted пароль selinux --disabled #firewall --service=ssh firewall --disabled authconfig --enableshadow --passalgo=sha512 --enableldapauth --ldapserver=имя --ldapbasedn=dc=имя --enableldaptls timezone --utc Europe/Moscow # ignoredisk --only-use=disk/by-path/pci-0000:0d:00.0-scsi-0:1:1:0 bootloader --location=mbr --driveorder=sda,sdb #bootloader --location=mbr --driveorder=/dev/disk/by-id/ata-ST9500620NS_9XF1CD1J,/dev/disk/by-id/ata-ST9500620NS_9XF1CCK2 zerombr clearpart --drives=sda,sdb --all --initlabel part raid.008001 --size=500 --asprimary --ondisk=sda part raid.008017 --size=500 --asprimary --ondisk=sdb raid /boot --fstype=ext3 --level=1 --device=md0 raid.008001 raid.008017 part raid.008002 --size=100 --grow --ondisk=sda part raid.008018 --size=100 --grow --ondisk=sdb raid pv.009001 --level=1 --device=md1 raid.008002 raid.008018 volgroup system --pesize=8192 pv.009001 logvol / --fstype ext4 --name=root --vgname=system --size=20000 logvol swap --fstype swap --name=swap --vgname=system --size=60000 repo --name="CentOS 6.6" --baseurl=ftp://ftp/pub/CentOS6.6/base/x86_64/ --cost=100 repo --name="EPEL 6" --baseurl=ftp://ftp/pub/EPEL6/x86_64/ --cost=100 %packages @additional-devel @backup-client @base @cifs-file-server @client-mgmt-tools @compat-libraries @console-internet @core @debugging @basic-desktop @desktop-debugging @desktop-platform @desktop-platform-devel @development @dial-up @directory-client @directory-server @mail-server @eclipse #@emacs @ftp-server @fonts @general-desktop @graphical-admin-tools @graphics @hardware-monitoring #@ice-desktop @infiniband @internet-applications @internet-browser @java-platform @kde-desktop @large-systems @legacy-unix @legacy-x @mysql-client @mysql @nfs-file-server @storage-server @network-file-system-client @network-tools @office-suite @php @performance @perl-runtime @print-server @print-client @remote-desktop-clients @russian-support @system-management-snmp @scalable-file-systems @scientific @security-tools @server-platform @server-platform-devel @storage-client-multipath @system-management @system-admin-tools @tex @technical-writing @virtualization @virtualization-client @virtualization-tools @web-server @x11 #@repos @storage-client-iscsi libgcrypt-devel libXinerama-devel xorg-x11-proto-devel startup-notification-devel libgnomeui-devel libbonobo-devel junit libXau-devel libXrandr-devel popt-devel libdrm-devel libxslt-devel libglade2-devel gnutls-devel nss_db udftools mtools yum-plugin-versionlock cpufrequtils gpm yum-plugin-tmprepo pax yum-plugin-security oddjob squashfs-tools star kernel-doc yum-plugin-downloadonly sgpio yum-plugin-changelog genisoimage x86info edac-utils ncurses-term logwatch ecryptfs-utils wodim ftp #systemtap-client lslk #systemtap-initscript tigervnc-server oprofile-gui xrestop qt-mysql desktop-file-utils mod_dav_svn ant libstdc++-docs expect dejagnu cmake imake babel kdewebdev rpmdevtools compat-gcc-34 jpackage-utils mercurial rpmlint compat-gcc-34-c++ python-docs nasm samba-winbind openldap-clients nscd pam_ldap nss-pam-ldapd openldap-servers samba sendmail sendmail-cf eclipse-mylyn-cdt eclipse-pde eclipse-mylyn-pde eclipse-mylyn-wikitext eclipse-mylyn-trac eclipse-subclipse-graph eclipse-mylyn-webtasks bitmap-fixed-fonts gconf-editor alacarte gedit-plugins gnome-pilot vim-X11 firstaidkit-gui netpbm-progs ImageMagick inkscape dcraw edac-utils lm_sensors #icewm-l10n qperf perftest libibcommon compat-dapl infiniband-diags srptools opensm evolution-exchange thunderbird xchat icedtea-web cups-lpd rsh telnet tcp_wrappers ncompress tftp openmotif xorg-x11-fonts-ISO8859-1-75dpi xterm xorg-x11-xdm xorg-x11-fonts-cyrillic xorg-x11-fonts-75dpi libXmu libXp openmotif22 xorg-x11-twm perl-DBD-MySQL cachefilesd arpwatch nmap NetworkManager-openswan iptraf dropwatch wireshark arptables_jf planner libreoffice-base libreoffice-report-builder libreoffice-headless taskjuggler libreoffice-wiki-publisher libreoffice-presentation-minimizer libreoffice-emailmerge libreoffice-javafilter libreoffice-langpack-en libreoffice-langpack-ru php-xmlrpc php-mysql sdparm sg3_utils tuned-utils tuned perl-LDAP perl-Date-Manip perl-DBD-SQLite tsclient rdesktop vinagre tigervnc spice-client mpitests-openmpi openmpi atlas numpy trousers hmaccalc ipmitool freeipmi OpenIPMI openhpi mc screen crypto-utils scrub lsscsi xmltoman texinfo docbook-utils-pdf xmlto-tex qemu-kvm-tools virt-v2v libguestfs-tools libguestfs-mount mod_nss mod_authz_ldap perl-CGI #epel-release #elrepo-release e2fsprogs-devel ksh lzo-devel unix2dos libX11.i686 libSM.i686 libXi.i686 libXrender.i686 libXrandr.i686 sssd-client.i686 compat-libtermcap.i686 zlib.i686 elfutils-libelf.i686 compat-libstdc++-33.i686 libXp.i686 libXmu.i686 glib2.i686 mesa-libGLU.i686 ncurses-libs.i686 libXScrnSaver.i686 libXft.i686 libXinerama.i686 libXcursor.i686 libjpeg-turbo.i686 gdbm.i686 gdbm-devel.i686 dos2unix libtiff.i686 libXtst.i686 libmng.i686 compat-readline5.i686 readline.i686 compat-expat1.i686 libpng.i686 openmotif22.i686 glibc-devel.i686 kdesdk xfce4-doc xfce4-panel xfce4-settings xfce4-session xfce4-session-engines xfce4-session-devel xfce4-notes-plugin xfce-utils xfce4-panel-devel xfce4-mixer xfce4-power-manager xfce4-appfinder xfce4-icon-theme xfce4-dev-tools -pcmciautils -gdm-plugin-fingerprint -gcc-gfortran -ypbind -ipa-client -dovecot -spamassassin -lohit-assamese-fonts -lohit-bengali-fonts -thai-scalable-waree-fonts -lohit-kannada-fonts -paktype-tehreer-fonts -tibetan-machine-uni-fonts -lohit-devanagari-fonts -smc-meera-fonts -lohit-gujarati-fonts -paktype-naqsh-fonts -sil-padauk-fonts -lohit-punjabi-fonts -lohit-tamil-fonts -lohit-telugu-fonts -madan-fonts -lohit-oriya-fonts -gnome-bluetooth -wacomexpresskeys -pulseaudio-module-gconf -kde-settings-pulseaudio -alsa-plugins-pulseaudio -pulseaudio-utils -pulseaudio-module-x11 -pulseaudio %end %post # сертификат своего CA wget -O /etc/openldap/cacerts/ca.crt ftp://ftp/pub/local/ca.crt # меню grub sed -i 's/hiddenmenu/#hiddenmenu/' /boot/grub/grub.conf sed -i 's/splashimage/#splashimage/' /boot/grub/grub.conf # rhgb quiet? # настройка rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 rpm -iv ftp://ftp/pub/EPEL6/x86_64/epel-release-6-8.noarch.rpm rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 # настройка yum cat << 'EOF' > /etc/yum.repos.d/CentOS-Base.repo [base] name=CentOS-$releasever - Base #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra baseurl=ftp://зеркало/pub/CentOS6.6/base/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #released updates [updates] name=CentOS-$releasever - Updates #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra baseurl=ftp://зеркало/pub/CentOS6.6/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra baseurl=ftp://зеркало/pub/CentOS6.6/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 EOF cat << 'EOF' > /etc/yum.repos.d/epel.repo [epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch baseurl=ftp://зеркало/pub/EPEL6/$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo] name=Extra Packages for Enterprise Linux 6 - $basearch - Debug #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=1 [epel-source] name=Extra Packages for Enterprise Linux 6 - $basearch - Source #baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=1 EOF cat << 'EOF' > /etc/yum.repos.d/elrepo.repo [elrepo] name=ELRepo.org Community Enterprise Linux Repository - el6 #baseurl=http://elrepo.org/linux/elrepo/el6/$basearch/ #mirrorlist=http://elrepo.org/mirrors-elrepo.el6 baseurl=ftp://зеркало/pub/elrepo6/elrepo/$basearch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org protect=0 [elrepo-testing] name=ELRepo.org Community Enterprise Linux Testing Repository - el6 baseurl=http://elrepo.org/linux/testing/el6/$basearch/ mirrorlist=http://elrepo.org/mirrors-elrepo-testing.el6 enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org protect=0 [elrepo-kernel] name=ELRepo.org Community Enterprise Linux Kernel Repository - el6 #baseurl=http://elrepo.org/linux/kernel/el6/$basearch/ #mirrorlist=http://elrepo.org/mirrors-elrepo-kernel.el6 baseurl=ftp://зеркало/pub/elrepo6/kernel/$basearch enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org protect=0 [elrepo-extras] name=ELRepo.org Community Enterprise Linux Repository - el6 #baseurl=http://elrepo.org/linux/extras/el6/$basearch/ #mirrorlist=http://elrepo.org/mirrors-elrepo-extras.el6 baseurl=ftp://зеркало/pub/elrepo/extras/$basearch enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-elrepo.org protect=0 EOF # обновление и доустановка echo "Long time operation - yum update -y" yum update -y yum install -y fedora-usermgmt yum install -y zabbix yum install -y zabbix-agent # добавление групп пользователей /usr/sbin/groupadd -g ид имя # добавление пользователей /usr/sbin/useradd -c "описание" -g sys -m -r -u идентификатор -p кодированный-пароль имя # уменьшение зарезервированного места, отказаться от регулярных fsck /sbin/tune2fs -r 25000 -c -1 -i 0 /dev/system/root #/sbin/tune2fs -r 25000 -c -1 -i 0 /dev/system/cads # убрать лишние сервисы и добавить нужные /sbin/chkconfig --level 12345 avahi-daemon off /sbin/chkconfig --level 12345 cpuspeed off /sbin/chkconfig --level 12345 firstboot off /sbin/chkconfig --level 12345 lm_sensors off /sbin/chkconfig --level 12345 pcscd off /sbin/chkconfig --level 12345 NetworkManager off /sbin/chkconfig --level 12345 autofs off /sbin/chkconfig --level 12345 cachefilesd off /sbin/chkconfig --level 2345 smartd on /sbin/chkconfig --level 2345 sssd on # динамический загрузчик echo "/usr/local/lib" >> /etc/ld.so.conf echo "/usr/local/lib64" >> /etc/ld.so.conf /sbin/ldconfig # locate sed -i 's/udf usbfs/udf usbfs glusterfs/' /etc/updatedb.conf # sendmail sed -i 's/DS/DSдоменное-имя-SMTP-сервера/' /etc/mail/sendmail.cf # NFS sed -i 's/#RQUOTAD_PORT=875/RQUOTAD_PORT=4003/' /etc/sysconfig/nfs sed -i 's/#LOCKD_TCPPORT=32803/LOCKD_TCPPORT=4001/' /etc/sysconfig/nfs sed -i 's/#LOCKD_UDPPORT=32769/LOCKD_UDPPORT=4001/' /etc/sysconfig/nfs sed -i 's/#RPCNFSDARGS="-N 4"/RPCNFSDARGS="--port 2049"/' /etc/sysconfig/nfs sed -i 's/#MOUNTD_PORT=892/MOUNTD_PORT=4002/' /etc/sysconfig/nfs sed -i 's/#STATD_PORT=662/STATD_PORT=4000/' /etc/sysconfig/nfs mkdir точка-монтирования ... cat << EOF >> /etc/fstab сервер точка-монтирования nfs tcp,bg,hard,intr,rw,nosuid,nodev,exec,auto,nouser,async,_netdev,rsize=32768,wsize=32768,nfsvers=3 0 0 EOF # LDAP sed -i 's/TLS_CACERTDIR \/etc\/openldap\/cacerts/#TLS_CACERTDIR \/etc\/openldap\/cacerts\nTLS_CACERTFILE \/etc\/openldap\/cacerts\/ca\.crt/' /etc/openldap/ldap.conf sed -i 's/#uri ldaps:\/\/127\.0\.0\.1\//uri ldaps:\/\/DNS-имя-LDAP-сервера/' /etc/pam_ldap.conf sed -i 's/#rootbinddn cn=manager,dc=example,dc=com/#rootbinddn cn=manager,dc=example,dc=com\nrootbinddn cn=proxyuser,dc=имя/' /etc/pam_ldap.conf sed -i 's/#scope one/scope one/' /etc/pam_ldap.conf sed -i 's/#pam_filter objectclass=account/#pam_filter objectclass=account\npam_filter objectclass=posixAccount/' /etc/pam_ldap.conf sed -i 's/#pam_login_attribute uid/pam_login_attribute uid/' /etc/pam_ldap.conf sed -i 's/#pam_member_attribute uniquemember/#pam_member_attribute uniquemember\npam_member_attribute gid/' /etc/pam_ldap.conf sed -i 's/#pam_template_login_attribute uid/pam_template_login_attribute uid/' /etc/pam_ldap.conf sed -i 's/#pam_password crypt/pam_password crypt/' /etc/pam_ldap.conf sed -i 's/#nss_base_passwd\tou=People,dc=example,dc=com?one/nss_base_passwd\tou=People,dc=имя?one/' /etc/pam_ldap.conf sed -i 's/#nss_base_shadow\tou=People,dc=example,dc=com?one/nss_base_shadow\tou=People,dc=имя?one/' /etc/pam_ldap.conf sed -i 's/#nss_base_group.*ou=Group,dc=example,dc=com?one/nss_base_group\tou=Group,dc=имя?one/' /etc/pam_ldap.conf sed -i 's/#nss_base_netgroup\tou=Netgroup,dc=example,dc=com?one/#nss_base_netgroup\tou=Netgroup,dc=example,dc=com?one\n\n# Just assume that there are no supplemental groups for these named users\nnss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm/' /etc/pam_ldap.conf sed -i 's/#ssl start_tls/#ssl start_tls\nssl on/' /etc/pam_ldap.conf sed -i 's/#tls_checkpeer yes/tls_checkpeer yes/' /etc/pam_ldap.conf sed -i 's/#tls_cacertdir \/etc\/ssl\/certs/#tls_cacertdir \/etc\/ssl\/certs\ntls_cacertfile \/etc\/openldap\/cacerts\/ca\.crt/' /etc/pam_ldap.conf sed -i 's/uri ldap:\/\/DNA-имя-LDAP-сервера\//#uri ldap:\/\/DNS-имя-LDAP-сервера\//' /etc/pam_ldap.conf sed -i 's/ssl start_tls/#ssl start_tls/' /etc/pam_ldap.conf sed -i 's/tls_cacertdir \/etc\/openldap\/cacerts/#tls_cacertdir \/etc\/openldap\/cacerts/' /etc/pam_ldap.conf sed -i 's/pam_password md5/#pam_password md5/' /etc/pam_ldap.conf sed -i 's/ssl start_tls/rootbinddn cn=proxyuser,dc=имя\nbinddn cn=proxyuser,dc=имя\nbindpw пароль\n#ssl start_tls/' /etc/nslcd.conf sed -i 's/tls_cacertdir \/etc\/openldap\/cacerts/#tls_cacertdir \/etc\/openldap\/cacerts\ntls_cacertfile \/etc\/openldap\/cacerts\/ca\.crt/' /etc/nslcd.conf # SSSD sed -i 's/passwd: files/passwd: files sss/' /etc/nsswitch.conf sed -i 's/shadow: files/shadow: files sss/' /etc/nsswitch.conf sed -i 's/group: files/group: files sss/' /etc/nsswitch.conf sed -i 's/USESSSD=no/USESSSD=yes/' /etc/sysconfig/authconfig cat << 'EOF' > /etc/sssd/sssd.conf [sssd] config_file_version = 2 services = nss, pam # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/] sections, and # then add the list of domains (in the order you want them to be # queried) to the "domains" attribute below and uncomment it. # domains = LDAP domains = default [nss] filter_groups = root filter_users = root [pam] # Example LDAP domain # [domain/LDAP] # id_provider = ldap # auth_provider = ldap # ldap_schema can be set to "rfc2307", which stores group member names in the # "memberuid" attribute, or to "rfc2307bis", which stores group member DNs in # the "member" attribute. If you do not know this value, ask your LDAP # administrator. # ldap_schema = rfc2307 # ldap_uri = ldap://ldap.mydomain.org # ldap_search_base = dc=mydomain,dc=org # Note that enabling enumeration will have a moderate performance impact. # Consequently, the default value for enumeration is FALSE. # Refer to the sssd.conf man page for full details. # enumerate = false # Allow offline logins by locally storing password hashes (default: false). # cache_credentials = true # An example Active Directory domain. Please note that this configuration # works for AD 2003R2 and AD 2008, because they use pretty much RFC2307bis # compliant attribute names. To support UNIX clients with AD 2003 or older, # you must install Microsoft Services For Unix and map LDAP attributes onto # msSFU30* attribute names. # [domain/AD] # id_provider = ldap # auth_provider = krb5 # chpass_provider = krb5 # # ldap_uri = ldap://your.ad.example.com # ldap_search_base = dc=example,dc=com # ldap_schema = rfc2307bis # ldap_sasl_mech = GSSAPI # ldap_user_object_class = user # ldap_group_object_class = group # ldap_user_home_directory = unixHomeDirectory # ldap_user_principal = userPrincipalName # ldap_account_expire_policy = ad # ldap_force_upper_case_realm = true # # krb5_server = your.ad.example.com # krb5_realm = EXAMPLE.COM [domain/default] auth_provider = ldap ldap_id_use_start_tls = False chpass_provider = ldap cache_credentials = True ldap_search_base = dc=имя id_provider = ldap #krb5_realm = EXAMPLE.COM ldap_uri = ldaps://DNS-имя-LDAP-сервера/ #krb5_kdcip = kerberos.example.com ldap_tls_cacert = /etc/openldap/cacerts/ca.crt enumerate = true EOF chmod 600 /etc/sssd/sssd.conf # multipath cat << EOF > /etc/multipath/bindings # Format: # alias wwid # mpathИМЯ ВВИД-стр83 EOF # need update warning mkdir /root/bin cat << EOF >> /root/bin/check-update.sh #!/bin/bash result=`yum -d 0 check-update` if [ $? ] then echo $result | mail -s "`hostname`: `cat /etc/redhat-release`: need updates" root fi EOF chmod u+x /root/bin/check-update.sh # синхронизация времени echo -e "23 5 * * 1 /root/bin/check-update.sh\n53 * * * * /usr/sbin/ntpdate -s -B ntp1 ntp2" | /usr/bin/crontab - # отключить prelink echo "PRELINKING=no" >> /etc/sysconfig/prelink # почтовый адрес root echo "root: адрес" >> /etc/aliases # rc.local (IPMI, CPU, сеть) cat << EOF >> /etc/rc.local modprobe ipmi_devintf #modprobe powernow-k8 modprobe coretemp modprobe acpi-cpufreq for cpu in /sys/devices/system/cpu/cpu[0-9]* do echo performance > \$cpu/cpufreq/scaling_governor done #ip -6 addr flush dev lo ip -6 addr flush dev eth0 ip -6 addr flush dev eth1 echo 0 > /proc/sys/net/ipv4/ip_forward modprobe ip_conntrack_tftp modprobe ip_conntrack_ftp mkdir /dev/cpuset mount -t cpuset none /dev/cpuset # not more than one memory node mount -t tmpfs -o remount,size=8G tmpfs /dev/shm # not corrected until now (2.6.32-131.17.1.el6.x86_64) echo 0 > /proc/sys/vm/zone_reclaim_mode sysctl -w kernel.randomize_va_space=0 EOF # SSH cat << EOF > /etc/ssh/sshd_conf Port 22 ListenAddress адрес ListenAddress 127.0.0.1 AcceptEnv LANG TERM COLORTERM #AllowUsers ... AllowGroups ... AllowTcpForwarding yes ChallengeResponseAuthentication no ClientAliveInterval 20 Compression delayed GatewayPorts no HostbasedAuthentication no IgnoreRhosts yes IgnoreUserKnownHosts yes TCPKeepAlive yes LogLevel INFO #PasswordAuthentication no PasswordAuthentication yes PermitEmptyPasswords no #PermitRootLogin yes PermitRootLogin forced-commands-only PermitUserEnvironment no PrintMotd no Protocol 2 PubkeyAuthentication yes UseDNS yes RhostsRSAAuthentication no RSAAuthentication no SkeyAuthentication no #StrictModes yes StrictModes no Subsystem sftp /usr/libexec/openssh/sftp-server SyslogFacility AUTHPRIV UsePAM yes X11Forwarding yes X11UseLocalhost yes MaxSessions 100 MaxStartups 100 EOF cat << EOF >> /etc/sysconfig/sshd OPTIONS="-u0 -4" EOF # smartd (ещё надо закоментарить DEVICESCAN) cat << EOF >> /etc/smartd.conf /dev/sda -a -m root -I 9 -I 190 -I 194 /dev/sdb -a -m root -I 9 -I 190 -I 194 EOF # syslog cat << EOF >> /etc/rsyslog.conf *.* @имя-сервера-syslog EOF # сеть sed -i "s/1500/9000/" /etc/sysconfig/network-scripts/ifcfg-eth0 sed -i 's/NM_CONTROLLED="yes"/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-eth0 cat << EOF >> /etc/sysconfig/network-scripts/ifcfg-eth0 LINKDELAY=10 EOF sed -i "s/1500/9000/" /etc/sysconfig/network-scripts/ifcfg-eth1 sed -i 's/NM_CONTROLLED="yes"/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-eth1 cat << EOF >> /etc/sysconfig/network-scripts/ifcfg-eth1 LINKDELAY=10 EOF sed -i 's/::1 localhost localhost.localdomain localhost6 localhost6.localdomain6//' /etc/hosts # чистка /dev/shm cat <> EOF >> /etc/cron.daily/tmpwatch /usr/sbin/tmpwatch 24 /dev/shm EOF # модули окружения cat << EOF >> /usr/share/Modules/init/.modulespath каталог ... EOF cat << EOF >> /etc/profile.d/modules.sh настройка общих переменных окружения EOF cat << EOF >> /etc/profile.d/modules.csh настройка общих переменных окружения EOF # zabbix агент sed -i 's/Server=127\.0\.0\.1/Server=192.168.172.196/' /etc/zabbix/zabbix_agentd.conf sed -i 's/Hostname=Zabbix server/Hostname=v236/' /etc/zabbix/zabbix_agentd.conf sed -i 's/# SourceIP=/SourceIP=192\.168\.174\.236/' /etc/zabbix/zabbix_agentd.conf sed -i 's/# ListenIP=0.0.0.0/ListenIP=192\.168\.174\.236/' /etc/zabbix/zabbix_agentd.conf mkdir /etc/zabbix/externalscripts sed -i 's/Server=127\.0\.0\.1/Server=IP-адрес/' /etc/zabbix/zabbix_agentd.conf sed -i 's/Hostname=Zabbix server/Hostname=наше-имя/' /etc/zabbix/zabbix_agentd.conf sed -i 's/# SourceIP=/SourceIP=наш-IP-адрес/' /etc/zabbix/zabbix_agentd.conf sed -i 's/# ListenIP=0.0.0.0/ListenIP=наш-IP-адрес/' /etc/zabbix/zabbix_agentd.conf mkdir /etc/zabbix/externalscripts echo "awk '{print \$1}' < /sys/block/\$1/stat" > /etc/zabbix/externalscripts/check_ior.sh chmod 755 /etc/zabbix/externalscripts/check_ior.sh echo "awk '{print \$5}' < /sys/block/\$1/stat" > /etc/zabbix/externalscripts/check_iow.sh chmod 755 /etc/zabbix/externalscripts/check_iow.sh echo "awk '{print \$3}' < /sys/block/\$1/stat" > /etc/zabbix/externalscripts/check_br.sh chmod 755 /etc/zabbix/externalscripts/check_br.sh echo "awk '{print \$7}' < /sys/block/\$1/stat" > /etc/zabbix/externalscripts/check_bw.sh chmod 755 /etc/zabbix/externalscripts/check_bw.sh echo "UserParameter=check.br[*],/etc/zabbix/externalscripts/check_br.sh '\$1'" >> /etc/zabbix/zabbix_agentd.conf echo "UserParameter=check.bw[*],/etc/zabbix/externalscripts/check_bw.sh '\$1'" >> /etc/zabbix/zabbix_agentd.conf echo "UserParameter=check.ior[*],/etc/zabbix/externalscripts/check_ior.sh '\$1'" >> /etc/zabbix/zabbix_agentd.conf echo "UserParameter=check.iow[*],/etc/zabbix/externalscripts/check_iow.sh '\$1'" >> /etc/zabbix/zabbix_agentd.conf sed -i 's/zabbix:x:492:/zabbix:x:490:/' /etc/group sed -i 's/zabbix.*/zabbix\:x\:496\:490\:Zabbix Monitoring System\:\/var\/lib\/zabbix:\/sbin\/nologin /' /etc/passwd chown -R 496:490 /var/run/zabbix chown -R 496:490 /var/log/zabbix chkconfig --level 2345 zabbix-agent on # SGE sed -i 's/.*CreateSGEStartUpScripts $euid true master/# CreateSGEStartUpScripts $euid true master/g' /usr/share/gridengine/inst_sge sed -i 's/.*CreateSGEStartUpScripts $euid true execd/# CreateSGEStartUpScripts $euid true execd/g' /usr/share/gridengine/inst_sge sed -i 's/ CreateSGEStartUpScripts 0 true master/# CreateSGEStartUpScripts 0 true master/' /usr/share/gridengine/inst_sge sed -i 's/ CreateSGEStartUpScripts 0 true execd/# CreateSGEStartUpScripts 0 true execd/' /usr/share/gridengine/inst_sge # создание дополнительных каталогов и ссылок на сетевые ресурсы ln -s /usr/lib/libXft.so.2 /usr/lib/libXft.so.1 ln -s /usr/bin/firefox /usr/bin/netscape ... # всякая мелочь mv /usr/bin/gnome-screensaver /usr/bin/gnome-screensaver.orig cp /bin/true /usr/bin/gnome-screensaver %end
Загрузка PXE с правильной сетевой карты
Ручная настройка:
/usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -C '' -N '' /sbin/restorecon /etc/ssh/ssh_host_dsa_key)
etc/sysconfig/desktop DESKTOP="GNOME" DISPLAYMANAGER="XDM" /etc/X11/xdm/Xaccess * /etc/X11/xdm/xdm-config !DisplayManager.requestPort: 0
mv /usr/bin/gnome-screensaver /usr/bin/gnome-screensaver.orig; cp /bin/true /usr/bin/gnome-screensaver
|
Bog BOS: Установка Linux CentOS 6.6 для вычислительного узла (kickstart) |
Последние изменения: |