Red Hat Enterprise Linux 6.x – small tutorial – part 1
ALEXANDRE BORGES - BLOG Red Hat Enterprise Linux 6.x – small tutorial - part 1 Beginning, Preparing, Repository and KickStart a) Environment I really love Red Hat operating system and, as it couldn´t be, I´d like to remember some very basic details about this wonderful OS. In order to follow this tutorial, I´ll be using two RHEL 6.x virtual machines (RHEL1 and RHEL2) installed in VMware environment. Subscribing to a test copy of VMware Workstation can be done on https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_wor kstation/9_0 . You can use another nice tool like VirtualBox downloading a copy from https://www.virtualbox.org/wiki/Downloads. Both machines should have 4 GB of RAM and some hard disk space (perhaps 40 GB is enough). If you wish using CentOS 6.x, please should go ahead because CentOS 6 is great ! Do you don´t have the RHEL 6.x ? You can get one to test (30 days) on https://www.redhat.com/products/enterprise-linux/server/download.html (you will need to fill some information about you). To get a CentOS 6.x copy, you can go to: https://www.redhat.com/products/enterprise-linux/server/download.html. As you can realize, everything is available. In fact, I don´t want to explain how to install RHEL using DVD because I´m sure you are able to manage it. I´d like to highlight some others and interesting context that can be useful to learn and try to prepare for RHCE 6.x certification. b) What file ? What information ? What help ? Everyone knows that inside the Red Hat operating system (/usr/share/doc) there are a lot information, explanations and help. Sometimes, we need to find either where a file is located or to discover a further documentation talking about a concept. So, the former problem can be solved using: # /etc/cron.dailly/mlocate.cron (to update the locate database) After that, you can try it out: # locate /etc/hosts However, to solve the latter problem, we need to do: # /etc/cron.daily/makewhatis.cron (to update the man page database) Again, we can test it: # whatis smb # apropos smb
alexandreborgesbrazil.wordpress.com
Página 1
Red Hat Enterprise Linux 6.x – small tutorial – part 1
c) Preparing our infrastructure Our first goal in this tutorial is to configure Kickstart and, as the reader should already know, KickStart is a very cool tool used to install RHEL in an automated way without inserting a lot of information like timezone, partitioning, password, etc, then to use it and deploy KickStart framework is necessary to prepare our path and, after that, we can enjoy this feature. Let´s go. 1) Verify the SELinux status. Why ? Because if SELinux is enabled, we need to concern to keep the appropriate security configuration when we are configurating and following this tutorial steps, so let´s check our SELinux setting in our RHEL1 (redhat641.example.com) virtual machine: [root@redhat641 ~]# sestatus SELinux status: SELinuxfs mount: Current mode: Mode from config file: Policy version: Policy from config file:
enabled /selinux enforcing enforcing 24 targeted
In fact, SELinux is enabled. No problem. 2) It would be nice if we could setup our environment to install every RHEL from an HTTP or FTP repository. The following steps can help us to do that. First HTTP: a) attach the RHEL DVD in RHEL1 virtual machine through VMware configuration settings (the mount point will be /media) or copy the RHEL iso file into RHEL6 ( you should have installed VM Tools in your virtual machine). In the latter case, you can mount the RHEL iso media doing: [root@redhat641 Desktop]# mount -o loop rhel-server-6.4-x86_64-dvd.iso /mnt Check if you IP configuration address is OK on each machine. Doing that is simple: you can use nm-connection-editor (easiest way) or you can edit the following files: /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg-eth0. Something like this (RHEL1, for example): [root@redhat641 sysconfig]# more /etc/sysconfig/network NETWORKING=yes HOSTNAME=redhat641 GATEWAY=192.168.1.1 [root@redhat641 sysconfig]# more /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE=Ethernet BOOTPROTO=none IPADDR=192.168.1.150 PREFIX=24
alexandreborgesbrazil.wordpress.com
Página 2
Red Hat Enterprise Linux 6.x – small tutorial – part 1
GATEWAY=192.168.1.1 DNS1=8.8.8.8 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME=eth0 UUID=596789f5-dac4-4540-b9e8-51b1dde8498b ONBOOT=yes
b) It would be recommended having both hosts registered (IP address and machine name) in /etc/hosts: [root@redhat641 ~]# more /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.150 redhat641.example.com redhat641 192.168.1.151 redhat642.example.com redhat642
c) Check if both machines can see each other: [root@redhat641 software]# ping redhat642
PING redhat641.example.com (192.168.1.151) 56(84) bytes of data. 64 bytes from redhat642.example.com (192.168.1.151): icmp_seq=1 ttl=64 time=0.119 ms 64 bytes from redhat642.example.com (192.168.1.151): icmp_seq=2 ttl=64 time=0.109 ms 64 bytes from redhat642.example.com (192.168.1.151): icmp_seq=3 ttl=64 time=0.107 ms 64 bytes from redhat642.example.com (192.168.1.151): icmp_seq=4 ttl=64 time=0.108 ms ^C --- redhat642.example.com ping statistics --4 packets transmitted, 4 received, 0% packet loss, time 3208ms rtt min/avg/max/mdev = 0.107/0.110/0.119/0.013 ms [root@redhat642 software]# ping redhat641
d) If Apache package is not installed, please install it from DVD: [root@redhat641 ~]# yum install httpd [root@redhat641 ~]# /etc/init.d/httpd start [root@redhat641 ~]# chkconfig httpd on
e) Make a copy of all DVD files to under of Apache structure:
alexandreborgesbrazil.wordpress.com
Página 3
Red Hat Enterprise Linux 6.x – small tutorial – part 1
[root@redhat641 ~]# mkdir /var/www/html/software [root@redhat641 ~]# cd /mnt root@redhat641 ~]# cp –ar . /var/www/html/software
f)
Let´s take care of the security. First, we need to configure SELinux context for our HTTP software directory:
[root@redhat641 ~]# chcon --R --reference=/var/www/html /var/www/html/software
g) Second, let´s open the firewall port 80 (http) for our purpose: [root@redhat641 ~]# iptables -I INPUT --proto tcp --dport 80 -j ACCEPT [root@redhat641 ~]# service iptables save [root@redhat641 ~]# /etc/init.d/iptables restart [root@redhat641 ~]# /etc/init.d/httpd restart
h) Please, open a preferred browser and test your configuration pointing the browser to http://redhat641/software. You should see your DVD files. ☺
3) Now, we can make the same using FTP services: a) If vsftpd isn´t installed, do it now: [root@redhat641 ~]# yum install vsftpd [root@redhat641 ~]# /etc/init.d/vsftpd start [root@redhat641 ~]# chkconfig vsftpd on
b) Make a copy of all DVD files to under of the FTP structure: [root@redhat641 ~]# mkdir /var/ftp/pub/software [root@redhat641 ~]# cd /mnt [root@redhat641 ~]# cp --ar . /var/ftp/pub/software
c) Let´s take care of the security again. First, we need to configure SELinux context for our FTP software directory: [root@redhat641 ~]# chcon -R -t public_content_t /var/ftp
d) Second, we need to open the firewall port for FTP service. This case can be a bit more complicated. First, you need to insert this line inside the /etc/sysconfig/iptables-config file (probably it already exists, but there shouldn’t be any registered module):
alexandreborgesbrazil.wordpress.com
Página 4
Red Hat Enterprise Linux 6.x – small tutorial – part 1
IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp" After that, it will be necessary to execute the following commands: [root@redhat641 ~]# iptables -I INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT [root@redhat641 ~]# iptables -I INPUT -p tcp --dport 21 -j ACCEPT [root@redhat641 ~]# service iptables save [root@redhat641 ~]# /etc/init.d/iptables restart [root@redhat641 ~]# /etc/init.d/vsftpd restart
e) Open a preferred browser and test your configuration on ftp://redhat641/pub/software. You should see your DVD files. ☺
d) Configuring the repository If we want to install our additional packages in a easier way, maybe we need to configure a repository. A common repository is our DVD, but as you already know, it´s complicated keep install a RHEL from DVD in a large environment (moreover, it´s so slow too). Then, a new repository (from HTTP server or FTP server) could be more advisable. First, we need to avoid using DVD repository to make things more appropriated: [root@redhat641 ~]# mv packagekit-media.repo packagekit-media.repo.old Second, let´s procceed to configure our new repository: [root@redhat641 ~]# vi /etc/yum.repos.d/newrepository.repo [blog] name=Local Repository baseurl=http://192.168.1.150/software enabled=1 gpgcheck=0 Please, you should make this same configuration above on the other machine (RHEL2 – redhat642.example.com). Verifing our configuration is direct. First, on the RHEL2:
[root@redhat642 Desktop]# yum search elinks Loaded plugins: product-id, refresh-packagekit, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. ==================================================================== N/S Matched: elinks ==================================================================== elinks.x86_64 : A text-mode Web browser
alexandreborgesbrazil.wordpress.com
Página 5
Red Hat Enterprise Linux 6.x – small tutorial – part 1
Name and summary matches only, use "search all" for everything. [root@redhat642 Desktop]# yum install elinks Loaded plugins: product-id, refresh-packagekit, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package elinks.x86_64 0:0.12-0.20.pre5.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================= ======================================================================= =============== Package Arch Version Repository Size ======================================================================= ======================================================================= =============== Installing: elinks x86_64 0.12-0.20.pre5.el6 blog 840 k Transaction Summary ======================================================================= ======================================================================= =============== Install 1 Package(s) Total download size: 840 k Installed size: 2.5 M Is this ok [y/N]: y Downloading Packages: elinks-0.12-0.20.pre5.el6.x86_64.rpm | 840 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : elinks-0.12-0.20.pre5.el6.x86_64 1/1 Verifying : elinks-0.12-0.20.pre5.el6.x86_64 1/1 Installed: elinks.x86_64 0:0.12-0.20.pre5.el6 Complete!
alexandreborgesbrazil.wordpress.com
Página 6
Red Hat Enterprise Linux 6.x – small tutorial – part 1
Aftwards, on the RHEL1 should be run the same commands: [root@redhat641 ~]# yum search elinks [root@redhat641 ~]# yum install elinks
Done. We´ve configured our new repository using HTTP service. Doing a FTP repository should take almost the same steps.
d) Kickstart Configuring and installing a RHEL from Kickstart framework is a very straight procedure. Perhaps, the most difficult step is to make a new Kickstart file. However, we are lucky because after every new deployment of RHEL the installation program (Anaconda) leave a Kickstart configuration file at root user home directory (/root/anaconda-ks.cfg) and, inside it, there are every our done decisions when we’ve installed the RHEL. Then, our job is to change this file and adapt it for our needs. If the reader lose this file, it´s feasable to create a new configuration file from scratch using system-config-kickstart utility. Nonetheless, let´s use an existing file and to make some changes in it: a) Do a copy of original Kickstart file: [root@redhat642 ~]# cp /root/anaconda-ks.cfg /root/kick.cfg b) Now I´m going to show my configuration file and I´m going to make some comments about relevant lines: [root@redhat642 ~]# more /root/kick.cfg # Kickstart file automatically generated by anaconda. #version=DEVEL install # Pay attention: this installation was completed from a CDROM/DVD cdrom lang en_US.UTF-8 keyboard br-abnt2 # This system is configured from a DHCP server network --onboot no --device eth0 --bootproto dhcp --noipv6 # Here is our root password (encrypted, sure) rootpw --iscrypted $6$aCITKaa7BiLM.6PQ$azGsYKTrg8N5YAzfS/liGr.uAREcjARfl7eEJx.UBRvwRuDSJjYy BSqkWflcasZ4Dtk1qaHxmpsCi4tKauFyG0
alexandreborgesbrazil.wordpress.com
Página 7
Red Hat Enterprise Linux 6.x – small tutorial – part 1
# Initially, the only open service in our firewall is ssh. firewall --service=ssh authconfig --enableshadow --passalgo=sha512 # SELinux is enabled selinux --enforcing timezone --utc America/Sao_Paulo # Our boot loader is installed at mbr bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet" # The following is the partition information you requested # Note that any partitions you deleted are not expressed # here so unless you clear all partitions first, this is # not guaranteed to work #clearpart --all --drives=sda #part /boot --fstype=ext4 --size=500 #part pv.008002 --grow --size=1 #volgroup vg_redhat641 --pesize=4096 pv.008002 #logvol /home --fstype=ext4 --name=lv_home --vgname=vg_redhat641 --grow -size=100 #logvol / --fstype=ext4 --name=lv_root --vgname=vg_redhat641 --grow --size=1024 --maxsize=51200 #logvol swap --name=lv_swap --vgname=vg_redhat641 --grow --size=3968 -maxsize=3968 # A lot of packages were installed %packages @base @cifs-file-server @client-mgmt-tools @core @debugging @basic-desktop @desktop-debugging @desktop-platform @directory-client @storage-client-fcoe @ftp-server @fonts @general-desktop @graphical-admin-tools @identity-management-server @input-methods @internet-browser @java-platform
alexandreborgesbrazil.wordpress.com
Página 8
Red Hat Enterprise Linux 6.x – small tutorial – part 1
@legacy-unix @legacy-x @nfs-file-server @storage-server @network-file-system-client @network-tools @performance @perl-runtime @print-server @print-client @remote-desktop-clients @server-platform @server-policy @virtualization @virtualization-client @virtualization-platform @virtualization-tools @web-server @x11 mtools pax python-dmidecode oddjob wodim sgpio genisoimage device-mapper-persistent-data abrt-gui samba-winbind certmonger openldap-clients pam_krb5 krb5-workstation ldapjdk slapi-nis tcp_wrappers libXmu ebtables sg3_utils perl-DBD-SQLite perl-Mozilla-LDAP mod_auth_kerb mod_nss certmonger perl-CGI python-memcached mod_revocator memcached %end
alexandreborgesbrazil.wordpress.com
Página 9
Red Hat Enterprise Linux 6.x – small tutorial – part 1
c) Everything seems good, but you should believe me: there are some subtle changes to do. Let´s see:
[root@redhat642 ~]# vi /root/kick.cfg # Kickstart file automatically generated by anaconda. #version=DEVEL install # Pay attention: now the installation will be done from HTTP url --url=http://192.168.1.150/software lang en_US.UTF-8 keyboard br-abnt2 # Let´s configure our system with a fixed IP address network --device eth0 --bootproto static --ip 192.168.1.152 --netmask 255.255.255.0 --gateway 192.168.1.1 --nameserver 8.8.8.8 --hostname redhat643.example.com # Root password will stay the same rootpw --iscrypted $6$aCITKaa7BiLM.6PQ$azGsYKTrg8N5YAzfS/liGr.uAREcjARfl7eEJx.UBRvwRuDSJjYy BSqkWflcasZ4Dtk1qaHxmpsCi4tKauFyG0 # Our firewall will be disabled firewall --disabled authconfig --enableshadow --passalgo=sha512 # SELinux is enabled selinux --enforcing timezone --utc America/Sao_Paulo # Our boot loader is installed at mbr bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet" # The following is the partition information you requested # Note that any partitions you deleted are not expressed # here so unless you clear all partitions first, this is # not guaranteed to work # It´s necessary erase everything before starting the installation
alexandreborgesbrazil.wordpress.com
Página 10
Red Hat Enterprise Linux 6.x – small tutorial – part 1
zerombr clearpart --all --drives=sda # Our partitions, in MB, follow below (please, you should take care with extra spaces): part /boot --fstype=ext4 --size=500 part / --fstype=ext4 --size=38000 part swap –size=1300 #volgroup vg_redhat641 --pesize=4096 pv.008002 #logvol /home --fstype=ext4 --name=lv_home --vgname=vg_redhat641 --grow -size=100 #logvol / --fstype=ext4 --name=lv_root --vgname=vg_redhat641 --grow --size=1024 --maxsize=51200 #logvol swap --name=lv_swap --vgname=vg_redhat641 --grow --size=3968 -maxsize=3968 # Pay ATTENTION: if you see a line like this one below, you MUST comment out: # repo --name="blog" --baseurl=http://redhat641.example.com/software # Reboot after installation is finished reboot # To avoid being prompted to insert information during the first boot firstboot --disabled # A lot of packages were installed %packages @base @cifs-file-server @client-mgmt-tools @core @debugging @basic-desktop @desktop-debugging @desktop-platform @directory-client @storage-client-fcoe @ftp-server @fonts @general-desktop @graphical-admin-tools @identity-management-server @input-methods @internet-browser @java-platform @legacy-unix
alexandreborgesbrazil.wordpress.com
Página 11
Red Hat Enterprise Linux 6.x – small tutorial – part 1
@legacy-x @nfs-file-server @storage-server @network-file-system-client @network-tools @performance @perl-runtime @print-server @print-client @remote-desktop-clients @server-platform @server-policy @virtualization @virtualization-client @virtualization-platform @virtualization-tools @web-server @x11 mtools pax python-dmidecode oddjob wodim sgpio genisoimage device-mapper-persistent-data abrt-gui samba-winbind certmonger openldap-clients pam_krb5 krb5-workstation ldapjdk slapi-nis tcp_wrappers libXmu ebtables sg3_utils perl-DBD-SQLite perl-Mozilla-LDAP mod_auth_kerb mod_nss certmonger perl-CGI python-memcached mod_revocator memcached %end
d) As our configuration file is huge, we can verity it using a tool named ksvalidator which is installed from a package named pykicktstart:
alexandreborgesbrazil.wordpress.com
Página 12
Red Hat Enterprise Linux 6.x – small tutorial – part 1
[root@redhat642 ~]# yum install pykickstart [root@redhat642 ~]# ksvalidator kick.cfg e) Next, we should copy this modified Kickstart file to our HTTP server: [root@redhat642 ~]# scp kick.cfg redhat641:/var/www/html/software The authenticity of host 'redhat641 (192.168.1.150)' can't be established. RSA key fingerprint is 01:7d:fe:16:48:c6:d0:bf:0c:f8:95:59:10:60:d5:b2. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'redhat641,192.168.1.150' (RSA) to the list of known hosts. root@redhat641's password: kick.cfg 100% 2697 2.6KB/s 00:00 f)
On the other machine (our repository, redhat641.example.com) you shoud do: [root@redhat641 ~]# chmod 664 /var/www/html/software
g) Still on the other machine, we must to fix the SELinux context: [root@redhat641~]# chcon -R --reference /var/www/html /var/www/html/software/
h) Finally, you can use and test our Kickstart server. First, you should configure a new virtual machine with memory equal 4Gb and harddisk with 40Gb free. Afterwards, you can attach the RHEL DVD on this new virtual machine. When you finish these simple steps, please, you should boot your new machine. If everything is correct, you should see the Red Hat Enterprise Linux installation screen. There, you should pick “Install or upgrade an existing system”, type “TAB” (edit) and append the following argument in the end of line: ……………… initrd=initrd.img ks=http://192.168.1.150/software/kick.cfg After that, you should press “ENTER”. The installation should continue without any interruption until the end. Congratulations. You´ve done it. I hope you enjoyed it. Alexandre Borges.
alexandreborgesbrazil.wordpress.com
Página 13
