續上篇
(16) 建立Netboot Image所在目錄
# mkdir /fc28
(17)先裝fedora-release systemd passwd rootfiles sudo dracut dracut-network nfs-utils vim-minimal dnf等十個基本套件:
# dnf -y --releasever=28 --installroot=/fc28 install fedora-release systemd passwd rootfiles sudo dracut dracut-network nfs-utils vim-minimal dnf
註:dracut是一種事件驅動的 initramfs infrastructure,dracut指令會自裝妥的linux系統拷取必要的檔案與工具來產生initramfs。
(18-1) 不採hostonly,以利initramfs可支援多種硬體驅動程式:
# echo 'hostonly=no' > /fc28/etc/dracut.conf.d/hostonly.conf
(18-2) 設定支援nfs
# echo 'add_dracutmodules+=" network nfs "' > /fc28/etc/dracut.conf.d/netboot.conf
(18-3)再裝kernel組件
# dnf -y --installroot=/fc28 install kernel
(18-4)設定不要自動更新kernel組件
# echo 'exclude=kernel-*' >> /fc28/etc/dnf/dnf.conf
(19)
# echo 'exclude=kernel-*' >> /fc28/etc/dnf/dnf.conf
# MY_CLIENT_HOSTNAME=sice-client1.home.idv.tw
# echo $MY_CLIENT_HOSTNAME > /fc28/etc/hostname
# echo 'kernel.printk = 0 4 1 7' > /fc28/etc/sysctl.d/00-printk.conf
# echo 'liveuser:x:1000:1000::/home/liveuser:/bin/bash' >> /fc28/etc/passwd
# echo 'liveuser::::::::' >> /fc28/etc/shadow
# echo 'liveuser:x:1000:' >> /fc28/etc/group
# echo 'liveuser:!::' >> /fc28/etc/gshadow
# echo 'liveuser ALL=(ALL) NOPASSWD: ALL' > /fc28/etc/sudoers.d/liveuser
(20)# dnf install -y --installroot=/fc28 authselect oddjob-mkhomedir
(21)
# echo 'dirs /home' > /fc28/etc/rwtab.d/home
# chroot /fc28 authselect select sssd with-mkhomedir --force
Backup stored at /var/lib/authselect/backups/2019-01-24-07-33-49.LpqSvR
Profile "sssd" was selected.
The following nsswitch maps are overwritten by the profile:
- passwd
- group
- netgroup
- automount
- services
Make sure that SSSD service is configured and enabled. See SSSD documentation for more information.
- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module
is present and oddjobd service is enabled
- systemctl enable oddjobd.service
- systemctl start oddjobd.service
# chroot /fc28 systemctl enable oddjobd.service
Created symlink /etc/systemd/system/multi-user.target.wants/oddjobd.service → /usr/lib/systemd/system/oddjobd.service.
註:chroot指令用以改變所指定命令或程序的根目錄
(22)# sed -i 's/^READONLY=no$/READONLY=yes/' /fc28/etc/sysconfig/readonly-root
(23)# cat /fc28/etc/sysconfig/readonly-root
# Set to 'yes' to mount the system filesystems read-only.
# NOTE: It's necessary to append 'ro' to mount options of '/' mount point in
# /etc/fstab as well, otherwise the READONLY option will not work.
READONLY=yes
# Set to 'yes' to mount various temporary state as either tmpfs
# or on the block device labelled RW_LABEL. Implied by READONLY
TEMPORARY_STATE=no
# Place to put a tmpfs for temporary scratch writable space
RW_MOUNT=/var/lib/stateless/writable
# Label on local filesystem which can be used for temporary scratch space
RW_LABEL=stateless-rw
# Options to use for temporary mount
RW_OPTIONS=
# Label for partition with persistent data
STATE_LABEL=stateless-state
# Where to mount to the persistent data
STATE_MOUNT=/var/lib/stateless/state
# Options to use for persistent mount
STATE_OPTIONS=
# NFS server to use for persistent data?
CLIENTSTATE=
# Use slave bind-mounts
SLAVE_MOUNTS=yes
(24-1)# sed -i 's/^#Storage=auto$/Storage=volatile/' /fc28/etc/systemd/journald.conf
(24-2)# cat /fc28/etc/systemd/journald.conf
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See journald.conf(5) for details.
[Journal]
Storage=volatile
#Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitIntervalSec=30s
#RateLimitBurst=1000
#SystemMaxUse=
#SystemKeepFree=
#SystemMaxFileSize=
#SystemMaxFiles=100
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
#MaxRetentionSec=
#MaxFileSec=1month
#ForwardToSyslog=no
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg
#LineMax=48K
#ReadKMsg=yes
(25)# cat << END > /fc28/etc/resolv.conf
> nameserver 192.168.1.1
> nameserver 163.25.20.1
> END
(26)
# echo 'dirs /var/lib/gssproxy' > /fc28/etc/rwtab.d/gssproxy
# cat << END > /fc28/etc/rwtab.d/systemd
> dirs /var/lib/systemd/catalog
> dirs /var/lib/systemd/coredump
> END
(27)
# mkdir /export/fc28
# echo '/fc28 /export/fc28 none bind 0 0' >> /etc/fstab
# mount /export/fc28
# echo "/export/fc28 -ro,sec=sys,no_root_squash 192.168.1.0/24" > /etc/exports.d/fc28.exports
# exportfs -vr
exporting 192.168.1.0/24:/export/fc28
exporting 192.168.1.0/24:/export
(28)比一下:
# ls /fc28
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
# ls /export/fc28
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
# ls /
bin boot dev etc export fc28 home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
|