国产自动化装机平台-定制镜像打包操作方案

梦里花落知多少 / 2024-02-28 / 原文

一、基础环境搭建

1、原始ISO获取

IOS版本：银河麒麟高级服务器操作系统V10SP1（X86_64）

百度网盘：https://pan.baidu.com/s/1xAdxWht0wMB-ebQVbjehbQ 提取码：cns2

2、系统安装

这里我们选择银河麒麟服务器系统常用的“带UKUI GUI的服务器”以及“自动分区”方案。

二、ISO镜像定制

1、挂载光盘，同步文件

#挂载光盘
mkdir /mnt/cdrom
mount -o loop /tmp/.iso /mnt/cdrom/
#新增ISO镜像制作目录
mkdir -p /ISO/Packages
#同步镜像数据到ISO目录下
/usr/bin/rsync -a --exclude=Packages/ /mnt/cdrom/ /ISO/
#获取当前系统中安装的所有RPM安装包列表
rpm -qa > /root/package-list.txt

2、修改ISO镜像

为使后面我们生成的ISO文件尽可能的小，我们只保留系统安装所需要的RPM包以及其它需要定制的RPM包
A.拷贝系统安装所需的RPM包拷贝到“ISO镜像制作目录
cat /root/package-list.txt | awk '{print $0}' |xargs -i cp /mnt/cdrom//Packages/{}.rpm /ISO/Packages/
B. 修改系统/etc/yum.conf配置文件，开启安装软件保留缓存设置
vim /etc/yum.conf
修改前

[main]

gpgcheck=1

installonly_limit=3

clean_requirements_on_remove=True

best=True

skip_if_unavailable=False

修改后

[main]

gpgcheck=1

installonly_limit=3

clean_requirements_on_remove=True

best=True

skip_if_unavailable=False

keepcache=1

cachedir=/var/cache/yum/

#使用yum将系统自带的OpenSSH等软件更新到最新版本
yum install kernel openssh audit mate-indicators kexec-tools createrepo lrzsz telnet vim python-devel tcpdump sysstat htop perf bridge-utils shim-x64 efibootmgr
#将yum缓存目录/var/cache/yum/下的RPM缓存包拷贝到“ISO镜像制作目录”的Packages文件夹中
\cp -rf /var/cache/yum/ks10-adv-updates-b74b513216569387/packages/*.rpm /ISO/Packages/
#更新“ISO镜像制作目录”的repodata文件夹下的xxx-comps.xml文件
cd /ISO/
createrepo -g repodata/8cdeadbf13f3898044bd53454eab119481c7fcb672eae31327419bcf1516d54d-Kylin-x86_64-V10-ukui-comps.xml .

3、配置KickStart自动化安装

#生成启动引导文件

#version=DEVEL

install

# Use graphical install

text

# License agreement

eula --agreed

# Use CDROM installation media

cdrom

# Keyboard layouts

keyboard --vckeymap=us --xlayouts='us'

# System language

lang en_US.UTF-8 --addsupport=zh_CN.UTF-8

# Network information

network --hostname=mindlinker

# Root password

rootpw --iscrypted $6$x0C6RbVMSwK/IEfr$luCjrE32IUi2uIlovKcirdgt56nzHxF6ywH29SWPYPncBcsI4gKckIQVWw0YHuM91nmq2EoUrOspXs7lzb4/p0

# Run the Setup Agent on first boot

firstboot --disable

#security

firewall --disabled

selinux --disabled

logging --level=info

# Do not configure the X Window System

skipx

# System services

services --disabled="chronyd"

# System timezone

timezone Asia/Shanghai --isUtc --nontp

# System bootloader configuration

#bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda

bootloader --location=mbr

# Partition clearing information

zerombr

#clearpart --all --initlabel --drives=sda

clearpart --all --initlabel

%include /tmp/part-include

%pre --interpreter=/bin/sh

disk_list=$(while read line;do awk 'BEGIN{} {if ($3 >= 33554432 && $2 == 0) print $4} END{}';done < /proc/partitions)

disk=$(echo $disk_list|grep -v 'dm'|awk 'NR==1')

#disk=sda

cat > /tmp/part-include << EOF

# Disk partitioning information

part /boot --fstype="xfs" --size=300 --ondisk=$disk

part /boot/efi --fstype="efi" --size=300 --ondisk=$disk --fsoptions="umask=0077,shortname=winnt"

part pv.547 --fstype="lvmpv" --ondisk=$disk --size=1 --grow

volgroup kylin --pesize=4096 pv.547

logvol / --fstype="xfs" --percent=100 --name=root --vgname=kylin

EOF

%end

reboot

%post --nochroot

#copy node

chmod +x /mnt/sysimage/etc/rc.d/rc.local

echo "depmod -a" >> /mnt/sysimage/etc/rc.d/rc.local

echo "cd /var/lib/Front-end-firmware/current-version/ && npm run start" >> /mnt/sysimage/etc/rc.d/rc.local

echo "source /etc/profile" >> /mnt/sysimage/etc/rc.d/rc.local

echo "systemctl stop cockpit.socket" >> /mnt/sysimage/etc/rc.d/rc.local

echo "systemctl disable cockpit.socket" >> /mnt/sysimage/etc/rc.d/rc.local

cp -r /run/install/repo/tmp/* /mnt/sysimage/tmp

cp /mnt/sysimage/tmp/node-v14.17.4-linux-x64.tar.xz /mnt/sysimage/root/

cd /mnt/sysimage/root/ && tar xvf node-v14.17.4-linux-x64.tar.xz

chroot /mnt/sysimage/ /bin/sh /tmp/reboot.sh

#####copy kyinfo and LICENSE

if [ -e /tmp/.kyinfo ];then

echo y | cp -a /tmp/.kyinfo $ANA_INSTALL_PATH/etc/

fi

if [ -e /tmp/LICENSE ];then

echo y | cp -a /tmp/LICENSE $ANA_INSTALL_PATH/etc/

fi

if [ -e /run/install/repo/.kyinfo ];then

echo y | cp -a /run/install/repo/.kyinfo $ANA_INSTALL_PATH/etc/

fi

if [ -e /run/install/repo/LICENSE ];then

echo y | cp -a /run/install/repo/LICENSE $ANA_INSTALL_PATH/etc/

fi

##### kylin postaction

## cdrom install, copy .kylin-post-actions

if [ -e /run/install/repo/.kylin-post-actions ];then

echo y | cp -a /run/install/repo/.kylin-post-actions /tmp/.kylin-post-actions

echo "repo=/run/install/repo" > /tmp/.kylin-repo

fi

## copy kylin post scripts in new os

if [ -e /tmp/.kylin-post-actions ];then

echo y | cp -a /tmp/.kylin-post-actions $ANA_INSTALL_PATH/bin

fi

if [ -e /tmp/.kylin-repo ];then

echo y | cp -a /tmp/.kylin-repo $ANA_INSTALL_PATH/tmp/

fi

## copy and run .kylin-post-actions-nochroot

if [ -e /run/install/repo/.kylin-post-actions-nochroot ];then

echo y | cp -a /run/install/repo/.kylin-post-actions-nochroot /tmp/.kylin-post-actions-nochroot

fi

if [ -e /tmp/.kylin-post-actions-nochroot ];then

/bin/bash -x /tmp/.kylin-post-actions-nochroot &> $ANA_INSTALL_PATH/var/log/.kylin-post-actions-nochroot.log

fi

%end

%post

systemctl disable systemd-networkd-wait-online.service

systemctl disable multipathd.service

systemctl disable cockpit.service

systemctl disable cockpit.socket

### do kylin post action

if [ -e /bin/.kylin-post-actions ];then

/bin/bash -x /bin/.kylin-post-actions &> /var/log/.kylin-post-actions.log

fi

%end

%packages

@^minimal-environment

@standard

kexec-tools

openssh

audit

mate-indicators

createrepo

lrzsz

telnet

vim

python-devel

tcpdump

sysstat

htop

perf

bridge-utils

%end

%addon com_redhat_kdump --enable --reserve-mb='auto'

%end

%anaconda

pwpolicy root --minlen=8 --minquality=1 --notstrict --nochanges --notempty

pwpolicy user --minlen=8 --minquality=1 --notstrict --nochanges --emptyok

pwpolicy luks --minlen=8 --minquality=1 --notstrict --nochanges --notempty

%end

4、修改启动文件isolinux.cfg和grup.cfg

#修改isolinux.cfg
vi /ISO/isolinux/isolinux.cfg
修改的部分内容如下：

label linux

menu default

menu label ^Install Kylin Linux Advanced Server V10

kernel vmlinuz

append initrd=initrd.img inst.stage2=hd:LABEL=Kylin-Server-10 inst.ks=hd:LABEL=Kylin-Server-10/ks-sg.cfg video=efifb:on quiet

#修改grup.cfg
vi /ISO/EFI/BOOT/grub.cfg
修改的部分内容如下：

### BEGIN /etc/grub.d/10_linux ###

menuentry 'Install Kylin Linux Advanced Server V10' --class fedora --class gnu-linux --class gnu --class os {

linuxefi /images/pxeboot/vmlinuz inst.stage2=hd:LABEL=Kylin-Server-10 inst.ks=hd:LABEL=Kylin-Server-10:/ks-sg.cfg video=efifb:on quiet

三、生成ISO镜像

genisoimage -joliet-long \

-V Kylin-Server-10 \

-o Kylin-Server-10-private-sg.iso \

-b isolinux/isolinux.bin \

-c isolinux/boot.cat \

-no-emul-boot \

-boot-load-size 4 \

-boot-info-table \

-R -J -v -T \

-cache-inodes \

-eltorito-alt-boot \

-e images/efiboot.img \

-no-emul-boot \

/ISO/

四、ISO镜像验证

注：验证环境为VMware虚拟机环境。
（1）修改“CD/DVD(IDE)”为“使用ISO映像文件”，如下图：

五、ISO镜像刻录

1、Rufus
https://rufus.ie/zh/
选择镜像后其他参数默认即可

2、fedora Media Writer
https://getfedora.org/en/workstation/download/
适合win和Mac

----------遇到问题记录------------------

一、Kylin-Server-10-SP2 安装源问题

https://kb.cvte.com/pages/viewpage.action?pageId=333563887

二、Kylin-Server-10-SP1 内核版本低于23.13，audit版本低于se.0.7，需要升级，否则会有OOM的风险

三、U盘刻录安装grup.cfg引导文件加入inst.ks

四、曙光机器U盘刻录存储，U盘为sda，其他盘为sdb、sdc...，与宝德dell的ks.cfg文件磁盘初始化不一致

五、安装包缺失，shim-x64，efibootmgr安装，efibootmgr未安装会导致引导安装程序无法进行