# mkdir /mnt/cdrom # mount /dev/sr0 /mnt/cdrom/ # 掛載Centos7光盤 # yum -y install vsftpd # 安裝ftp服務 # vim /etc/vsftpd/vsftpd.conf # 修改ftp配置文件,添加下面三行到connect_from_port_20=YES後面 pasv_enable=YES # 使用被動模式 pasv_min_port=3001 # 設定被動模式監聽端口號範圍 pasv_max_port=3100 # 設定被動模式監聽端口號範圍 # systemctl start vsftpd.service # 啓動vsftp服務 # mkdir /var/ftp/yum # ftp目錄下建立yum目錄 # cp -rf /mnt/cdrom/* /var/ftp/yum # 將光盤的全部內容複製到yum目錄下做爲yum源 # mkdir /etc/yum.repos.d/old # mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/old # 移動備份下現有的yum源配置文件 # vim /etc/yum.repos.d/CentOS-cr.repo # 建立一個新的yum源配置文件,內容以下: [cr] name=CentOS-$releasever - cr baseurl= gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=1 # yum clean all # yum makecache
# yum -y install dhcp # cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcp.conf # 經過幫助模板建立DHCP配置文件 # vim /etc/dhcp/dhcpd.conf # 修改DHCP配置文件 default-lease-time 600; max-lease-time 7200; log-facility local7; subnet netmask { range; option routers; option broadcast-address; default-lease-time 600; max-lease-time 7200; next-server; # 指定PXE引導服務器 filename "pxelinux.0"; # 指定引導文件 } # systemctl start dhcpd.service # 啓動DHCP服務
# yum -y install tftp-server # yum -y install syslinux # vim /etc/xinetd.d/tftp # 開啓tftp服務,由於tftp是xinetd控制的,因此要修改相關配置文件後重啓xinetd服務 disable= no # 把yes改爲no表明開啓tftp服務 # systemctl start xinetd.service # cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/ # cp /var/ftp/yum/isolinux/{vmlinuz,initrd.img,vesamenu.c32,boot.msg} /var/lib/tftpboot/ # mkdir /var/lib/tftpboot/pxelinux.cfg # cp /var/ftp/yum/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default # 複製並重命名爲default # vim /var/lib/tftpboot/pxelinux.cfg/default # 修改default文件,添加下面的內容,注意:記得同時刪除後面原有的menu default label centos7 menu label ^Install CentOS 7 Li networkserver menu default kernel vmlinuz append initrd=initrd.img inst.stage2= inst.ks= quiet # 指定安裝系統軟件時的軟件地址,和安裝系統的配置文件
# yum -y install system-config-kickstart # system-config-kickstart # 進入圖形化配置生成界面,配置完成後將文件保存在上面指定的位置,即:/var/ftp/ks.cfg
# vim /var/ftp/ks.cfg #platform=x86, AMD64, or Intel EM64T #version=DEVEL # Install OS instead of upgrade install # Keyboard layouts keyboard 'us'# Reboot after installation reboot # Root password rootpw --iscrypted $1$uP/6KVVM$domD73qgFbtoo5.Udls1V. # System timezone timezone Asia/Shanghai # Use network installation url --url="" # System language lang en_US # Firewall configuration firewall --enabled --ssh # Network information network --bootproto=dhcp --device=eth0 # System authorization information auth --useshadow --passalgo=sha512 # Use graphical install graphical # Run the Setup Agent on first boot firstboot --enable # SELinux configuration selinux --enforcing # System bootloader configuration bootloader --location=mbr # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel # Disk partitioning information part /boot --fstype="ext4" --size=1024 part /home --fstype="ext4" --size=4096 part swap --fstype="swap" --size=2048 part / --fstype="ext4" --size=10240 %packages # 這一段是將要安裝的軟件包組 @base @core @desktop-debugging @dial-up @directory-client @fonts @gnome-desktop @guest-agents @guest-desktop-agents @input-methods @internet-browser @java-platform @multimedia @network-file-system-client @networkmanager-submodules @print-client @x11 kexec-tools %end %post --interpreter=/bin/bash # 這一段是須要部署完成後運行的腳本,非必須,下面兩個腳本分別是我加的配置yum源和更新ssh mkdir /etc/yum/old cp -rf /etc/yum.repos.d/* /etc/yum/old rm -rf /etc/yum.repos.d/* echo '# CentOS-Base.repo # # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. # # [base] name=CentOS-$releasever - Base - mirrors.aliyun.com failovermethod=priority baseurl= gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 gpgcheck=1 enabled=1 ' >/etc/yum.repos.d/CentOS7.repo wget tar -xf openssh-7.6p1.tar.gz cd openssh-7.6p1 yum -y install gcc yum install -y zlib-devel yum -y install openssl-devel ./configure --prefix=/usr --sysconfdir=/etc/ssh make rpm -e --nodeps `rpm -qa | grep openssh` cp -rf /etc/ssh ./ssh.bak rm -rf /etc/ssh/* make install echo "#$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/ssh/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile.ssh/authorized_keys #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. #UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # override default of no subsystems Subsystemsftp/usr/libexec/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs #X11Forwarding no #AllowTcpForwarding no #PermitTTY no #ForceCommand cvs server ">/etc/ssh/sshd_config cp /openssh-7.6p1/contrib/redhat/sshd.init /etc/init.d/sshd setenforce 0 chkconfig --add sshd systemctl start sshd.service %end
# firewall-cmd --permanent --add-service=ftp # 防火牆開啓ftp服務(tcp21) # firewall-cmd --permanent --add-service=dhcp # 防火牆開啓DHCP服務(udp67) # firewall-cmd --permanent --add-port=69/udp # 防火牆開啓tftp服務(udp69) # firewall-cmd --permanent --add-port=3001-3100/tcp # 防火牆開啓ftp被動監聽的端口段 # systemctl restart firewalld.service # 重啓防火牆使配置生效,或者firewall-cmd--reload