1、实现sshd免密登录
[root@localhost ~]#ssh-keygen -b 1024 -t rsa -P "" -f "/root/.ssh/id_rsa"
[root@localhost ~]#ssh-copy-id 192.168.125.132
[root@localhost ~]#ssh 192.168.125.132
Last login: Mon May 27 10:08:09 2019 from 192.168.125.116
2、编译安装dropbear实现SSH登录
tar -xvf dropbear-2019.78.tar.bz2
cd dropbear-2019.78/
./configure
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"
make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp" install
mkdir /etc/dropbear
dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key #必须是这个路径,dropbear -h里有提示
dropbear -p :2222 #后台执行,默认22端口
dbclient -p 2222 127.0.0.1 #登陆
3、实现单个用户及用户组使用sudo执行所有命令
[root@localhost dropbear-2019.78]#visudo
## Allow root to run any commands anywhere
92 root ALL=(ALL) ALL #使用者 登陆主机=(代表用户) 能执行的命令
93
94 ## Allows members of the 'sys' group to run networking, software,
95 ## service management apps and more.
96 # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LO
CATE, DRIVERS
97
98 ## Allows people in group wheel to run all commands
99 %wheel ALL=(ALL) ALL #%组 登陆主机=(代表用户) 能执行的命令
4、简述rsync用于那些场景,并对比scp有什么优点?
- rsync主要用于linux系统下的镜像备份,远程服务器之间的数据拷贝
- rsync只复制不同的文件,scp会全部复制,覆盖相同的文件
5、搭建DHCP服务,实现自动获取ip地址
[root@localhost ~]# yum install -y dhcp #安装DHCP服务
[root@localhost ~]# cp dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf #复制官方范例覆盖现有配置文件,根据范例修改
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf #修改配置文件,语句一定要以分号结尾
option domain-name "ritch.com"; #域名
option domain-name-servers 114.114.114.114, 223.5.5.5; #DNS地址
default-lease-time 86400; #预设租约时长
max-lease-time 86400; #最大租约时长
subnet 192.168.1.0 netmask 255.255.255.0 { #子网设置,子网id和子网掩码
range 192.168.1.100 192.168.1.200; #ip分配范围
option routers 192.168.1.1; #网关
}
[root@localhost ~]# vim /etc/sysconfig/dhcpd #如果有多块网卡,需绑定从哪块网卡发送DHCP
DHCPDARGS="ens32"
[root@localhost ~]# systemctl start dhcpd 启动服务
[root@localhost ~]#ss -nul #检查服务是否启动,DHCP使用的端口是UDP的67(server)和68(client)
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:67 *:*
UNCONN 0 0 *:68 *:*
6、搭建PXE实现自动化安装系统
- 安装相关软件
[root@localhost ~]#yum install -y httpd tftp-serer syslinux dhcp system-config-kickstart
- 准备kickstart文件
可以在图形界面使用system-config-kickstart来准备kickstart文件,或者复制/root/anaconda-ks.cfg进行修改
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$bRhDloDq$FJ4sMPI757MKqFVb9wz8w.
# System timezone
timezone Africa/Abidjan
# Use network installation
url --url="http://192.168.125.132/centos7"
# System language
lang en_US
# Firewall configuration
firewall --disabled
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Network information
network --bootproto=dhcp --device=ens32
# Reboot after installation
reboot
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
autopart
%packages
@core
%end
- 配置安装文件,yum仓库
[root@localhost ~]#mkdir /var/www/html/centos7
[root@localhost ~]#mount /dev/sr0 /var/www/html/centos7
- 配置DHCP服务,在子网中加2条记录即可
[root@localhost ~]#vim /etc/dhcp/dhcpd.conf
subnet 192.168.1.0 netmask 255.255.255.0 { #子网设置,子网id和子网掩码
range 192.168.1.100 192.168.1.200; #ip分配范围
option routers 192.168.1.1; #网关
filename "pxelinux.0";
next-server 192.168.1.20;
}
- 准备tftp里的启动文件
[root@localhost ~]#mkdir /var/lib/tftpboot/pxelinux.cfg
[root@localhost ~]#cp /var/www/html/centos7/isolinux/{vmlinuz,initrd.img} /var/www/html/centos7
[root@localhost ~]#cp /var/www/html/centos7/isolinux/isolinux.cfg /var/www/html/centos7/pxelinux.cfg/default
[root@localhost ~]#cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot/ #如果需要图形界面就复制vesamenu.c32
- 根据需求修改启动文件
[root@localhost ~]#vim /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
timeout 600
menu title PXE INSTALL CentOS 7
label linux
menu label ^Install CentOS 7
kernel vmlinuz
append initrd=initrd.img ks=http://192.168.1.20/ks.cfg #指定KS文件的路径
label local
menu default
menu label Boot from ^local drive
localboot 0xffff
- 启动相关服务
[root@localhost ~]#systemctl start dhcpd tftp.socket httpd
7、搭建Cobbler实现自动化安装系统
- 安装cobbler和DHCP服务
[root@localhost ~]#yum install cobbler dhcp -y
- 启动http tftp cobbler服务
[root@localhost ~]#systemctl start tftp httpd cobblerd
- 使用cobbler check,根据提示更改相关配置,这里要关闭selinux
[root@localhost ~]#cobbler check
The following are potential configuration items that you may want to fix:
1 : The 'server' field in /etc/cobbler/settings must be set to something other than localhost, or kickstarting features will not work. This should be a resolvable hostname or IP for the boot server as reachable by all machines that will use it.
2 : For PXE to be functional, the 'next_server' field in /etc/cobbler/settings must be set to something other than 127.0.0.1, and should match the IP of the boot server on the PXE network.
3 : SELinux is enabled. Please review the following wiki page for details on ensuring cobbler works correctly in your SELinux environment:
https://github.com/cobbler/cobbler/wiki/Selinux
4 : change 'disable' to 'no' in /etc/xinetd.d/tftp
5 : Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.
6 : enable and start rsyncd.service with systemctl
7 : debmirror package is not installed, it will be required to manage debian deployments and repositories
8 : ksvalidator was not found, install pykickstart
9 : The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed, try: "openssl passwd -1 -salt 'random-phrase-here' 'your-password-here'" to generate new one
10 : fencing tools were not found, and are required to use the (optional) power management features. install cman or fence-agents to use them
Restart cobblerd and then run 'cobbler sync' to apply changes.
- 根据提示1修改配置文件
[root@localhost ~]#vim /etc/cobbler/settings
# this is the address of the cobbler erver: 127.0.0.1erver -- as it is used
# by systems during the install process, it must be the address
# or hostname of the system as those systems can see the server.
# if you have a server that appears differently to different subnets
# (dual homed, etc), you need to read the --server-override section
# of the manpage for how that works.
server: 192.168.0.180 #修改这一行,改成对应的ip
- 根据提示2修改配置文件
# if using cobbler with manage_dhcp, put the IP address
# of the cobbler server here so that PXE booting guests can find it
# if you do not set this correctly, this will be manifested in TFTP open timeou
ts.
next_server: 127.0.0.1 #修改这一行,改成对应的ip
- 根据提示4修改配置文件
[root@localhost ~]#vim /etc/xinetd.d/tftp
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no #修改这一行,改成no
per_source = 11
cps = 100 2
flags = IPv4
}
~
- 根据提示5,下载相关配置文件
[root@localhost ~]#cobbler get-loaders
- 根据提示9,修改安装好后root的密码
[root@localhost ~]#openssl passwd -1
Password:
Verifying - Password:
$1$hh2VHayN$9QzhsR6Bie0TVWL9HMTS8.
[root@localhost ~]#vim /etc/cobbler/settings
# cobbler has various sample kickstart templates stored
# in /var/lib/cobbler/kickstarts/. This controls
# what install (root) password is set up for those
# systems that reference this variable. The factory
# default is "cobbler" and cobbler check will warn if
# this is not changed.
# The simplest way to change the password is to run
# openssl passwd -1
# and put the output between the "" below.
default_password_crypted: "$1$hh2VHayN$9QzhsR6Bie0TVWL9HMTS8." #复制上述得到的密码粘贴到这里
- 重启服务,再运行cobbler sync,再检查,其他的基本不需要配置了
- 修改配置文件,让cobbler自动管理DHCP
[root@localhost ~]#vim /etc/cobbler/settings
# set to 1 to enable Cobbler's DHCP management features.
# the choice of DHCP management engine is in /etc/cobbler/modules.conf
manage_dhcp: 1 #默认0,1允许cobbler自动管理
- 修改cobbler管理的DHCP配置文件,修改后,会自动替换掉DHCP服务的配置文件
[root@localhost loaders]#vim /etc/cobbler/dhcp.template
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 192.168.0.200 192.168.0.220;
default-lease-time 21600;
max-lease-time 43200;
next-server $next_server;
再次使用cobbler sync同步,让DHCP服务能启动
准备yum源
[root@localhost cd]# cobbler import --name=centos7.5 --path=/misc/cd --arch=x86_64
- 使用cobbler sync命令同步,这时候就会生成启动菜单,顺便带入KS最小安装的应答文件
至此cobbler已经实现自动安装
- 如果需要修改KS应答文件,可以将自己定义的应答文件放入/var/lib/cobbler/kickstarts目录下面,再使用cobbler profile命令来指定应答文件位置,cobbler profile这个命令是用来管理启动菜单的
esxi5-ks.cfg pxerescue.ks sample_esx4.ks sample_esxi6.ks sample.seed
[root@localhost kickstarts]# cobbler profile --help
usage
=====
cobbler profile add
cobbler profile copy
cobbler profile dumpvars
cobbler profile edit
cobbler profile find
cobbler profile getks
cobbler profile list
cobbler profile remove
cobbler profile rename
cobbler profile report
- cobbler distro这个命令用来管理yum仓库的
usage
=====
cobbler distro add
cobbler distro copy
cobbler distro edit
cobbler distro find
cobbler distro list
cobbler distro remove
cobbler distro rename
cobbler distro report
