Understanding Redhat Kickstart

Kickstart provides linux system administrators a method for installing linux on pc's in unattended mode. A properly formatted Kickstart configuration will perform all tasks such as setting the root password, the networking interfaces, the disk partitioning scheme as well as the installation of packages.

I needed to build a clustered reverse proxy the other day to test if it could be used for SSL termination. I was looking for a way to aggregate multiple webservers behind a proxy server so that they could have their SSL terminate at the proxy, then the HTTP traffic passed through a Level 7 ( application layer ) scanner to test for sql injection and the like.

So I fired up my trusty Virtualbox and built a standard Centos 5.4 server. I copied the CD into the ftp directory and started NFS with an export to that FTP directory. This server was to serve as an install NFS server for the 2 proxy servers as well as a yum repository for them. That's why I placed the CD files in the FTP location.

So here is my example proxy diagram. It is very similar to the basic openOffice.org version in my previous post. I needed to make sure that the proxy servers had apache installed on them for the reverse proxie's and heartbeat. I ended up manually installing heartbeat. I had my reasons... :)

The trick making a successful kickstart file is to take one that is generated for you by anaconda. Anaconda is the software that installs your new Redhat based system. After a manual install is complete a copy of the kickstart file for that installation is stored in: /root/anaconda-ks.cfg

I simply copied this over to /var/www/html/ks.cfg and began editing it with vi. Here is the result of that editing...
[root@server html]# cat ks.cfg
# Kickstart file automatically generated by anaconda.

install
nfs --server 192.168.56.254 --dir=/var/ftp/pub/server
lang en_NZ.UTF-8
keyboard us
network --device eth0 --bootproto dhcp --nameserver 192.168.56.1
rootpw --iscrypted $1$ewn======YEAH RIGHT!==2hBDFz1
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --enforcing
timezone --utc Pacific/Auckland
bootloader --location=mbr --driveorder=hda
zerombr
clearpart --all
part / --fstype ext3 --size=0 --grow --ondisk=hda
%packages
@base
@core
@editors
@server-cfg
@text-internet
@web-server
heartbeat
keyutils
trousers
fipscheck
device-mapper-multipath
-cups
-bluez-utils
This file does the following things in order:
  1. Does an INSTALL and not an UPGRADE
  2. Defines the location of the NFS share from which to install from.
  3. Sets the default language
  4. Sets the default keyboard layout
  5. Sets up the network interface
  6. Specifies the root password ( i have masked mine here )
  7. Turns on the firewall and allows port 22 for SSH through it.
  8. Configures authconfig to allow shadow passwords and md5 encryption.
  9. Turns SELINUX on and sets it to ENFORCING mode.
  10. Sets the timezone.
  11. Defines where the bootloader will be installed. Master Boot Record on the disk HDA
  12. Zeros the master boot record
  13. Clears all partitions
  14. Defines one partition mounted on / ( root ), filetype ext3, 0 min size configured to grow to extents of disk and on disk HDA
  15. Sets up packages. Package Groups are preceeded with an @ symbol, individual packages are named normally one per line and packages to exclude are preceeded with a - symbol.
There is one very useful feature left out and that is POST INSTALLATION SCRIPTS. This is a script that will be executed after the system has installed and might used for creating default users or determining which services to turn on and off after an install.

All going well the above VERY BASIC kickstart file should result in a completly automated install, assuming your NFS share is available and the machine can connect to a DHCP server and be assigned an IP address.

Try it out some time. It's quite fun to watch.

Comments

Post a Comment

Popular posts from this blog

Automatically mount NVME volumes in AWS EC2 on Windows with Cloudformation and Powershell Userdata

Introduction This post explains how I go about with AWS Cloudformation and Powershell userdata scripts. attaching EBS volumes to Windows EC2 instances identifying them in the OS initializing them formatting them and assigning labels and drive letters. Prerequisites You should know something about Cloudformation and Powershell. The AWS Image you use for your EC2 instance should be one provided by AWS and should have the following utility already deployed to  C:\ProgramData\Amazon\Tools\ebsnvme-id.exe AWS Cloudformation Step I typically do not declare EBS Volumes together with the EC2 Instance declaration in Cloudformation but prefer to declare them as separate resources along with their own ebs attachment resources.  Here is an example EC2 instance with three additional volume declarations on top of the root volume which is automatically mounted on C:\ WindowsServerInstance: Type: AWS::EC2::Instance Properties: BlockDeviceMappings: - DeviceName: /dev/sda1
Read more

Extending the AD Schema on Samba4 - Part 2

Importing LDIF files into Samba4 and Active Directory This is part 2 of the Extending AD Schema on Samba4 series.  The examples below are tested using the Samba4 LAB I created.  If you want more information on how that works then please read  http://david-latham.blogspot.co.nz/2012/12/samba4-ga-release-virtualbox-lab.html For part one, please read http://david-latham.blogspot.co.nz/2012/12/extending-ad-schema-on-samba4.html Unfortunately the format of an ldif file for creating new attributes and classes in the Schema Configuration are differ between Samba4 and Microsoft. The tools are slightly different too.  So this article will attempt to make it all clear. Find all the latest versions of code on this post at  https://github.com/linuxplayground/yubikey-ldap/tree/master/microsoft-schema Samba4 - ldbadd & ldbmodify As far as I can tell the only way to create a new class with a custom attribute in Samba4 (on the Linux command line) is first add the attribute with ldbad
Read more

Python + inotify = Pyinotify [ how to watch folders for file activity ]

Sometimes it just might be handy to be able to watch a folder on a hard disk for changes. For example: A client app might drop small files on a shared folder. A server app might be watching the folder for just such an event. Once the file is created, the server will kick into action and perform whatever tasks are required. This all comes from my CD burning application. I am currently thinking that the client apps will drop small xml files containing information about what to burn onto a folder the webserver has access to and the cdburner service will be watching... The linux kernel provides inotify. This from wikipedia : notify is a Linux kernel subsystem that provides file system event notification. It was written by John McCutchan with help from Robert Love and later Amy Griffis to replace dnotify . It was included in the mainline kernel from release 2.6.13 (2005-06-18), and could be compiled into 2.6.12 and possibly earlier releases by use of a patch . Its function is essen
Read more