Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Institutional Install of Red Hat Enterprise Linux From One CD In.

Published byPiers Sharp Modified over 7 years ago

Similar presentations

Presentation on theme: "Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Institutional Install of Red Hat Enterprise Linux From One CD In."— Presentation transcript:

1 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Institutional Install of Red Hat Enterprise Linux From One CD In The LANL Environment “Set it and forget it” - one-stop shop to install and secure Red Hat Enterprise Linux LA-UR-08-2749

2 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 2 What is ExpressWay for Red Hat? Automated installer was needed to provide LANL a secure way to install, configure and harden Red Hat Linux according to LANL security recommendations Installing from Red Hat factory CDs required lots of intermediate steps and manual commands executed by the user / sysadmin to register with update server, harden system, etc. LANL environment includes a mixture of static and DHCP (dynamic) IP addresses – with static networking and install CDs, user has to enter networking multiple times to get installer to work ExpressWay for Red Hat (EWRH) does it all! LA-UR-08-2749

3 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 3 RHEL Security Triangle Red Hat Network Satellite Server (RHUS) Stores distribution install packages Patch management capabilities Used for getting latest updates on clients Generates kickstart file LANL ExpressWay Red Hat Network based installation tool Express vs. interactive install Static vs. dynamic networking LANL Security Tool On Red-Hat (STOR) Hardens the system and provides compliance reporting LA-UR-08-2749

4 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 4 ExpressWay for Red Hat (EWRH) Current Version is 7.1 Internally Developed Web server back-end to get client data and generate kickstart Web server stores kickstart and stor.conf (STOR config. file) Kickstart and stor.conf can be customized via web interface Installation CD uses SYSLINUX menus and COMBOOT32 API to get info from user Uses rhusreg rpm to register system with Red Hat Satellite Server Able to install OR rescue system using installation CD LA-UR-08-2749

5 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 5 EWRH – Quick Install Steps Generate kickstart (web page) Customize kickstart file and stor.conf file (web) Download CDROM ISO and burn it to CD Boot up system off of CD Tell installer what you want to install and network address information Installer downloads kickstart file and stor.conf %pre portion of kickstart finds the CD and validates version Distribution is downloaded from RHNSS Installer runs rhusreg and stor from %post portion of kickstart Rhusreg registers with Satellite Server and fully updates the system Stor fully hardens the system LA-UR-08-2749

6 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 6 EWRH – Architecture Web cgi perl script Step 1. Asks user for Z#, which version of OS (3,4,5), which Product (WS, AS, ES), hostname, networking info (static vs dynamic) Step 2. Validates license for product/version selected against Z# in ESD (LANL Electronic Software Distribution db) Step 3. Verifies network information and gets LANL Property# from LANL's Hostmaster registration db if static IP Step 4. Generates kickstart file and stor.conf Step 5. Allows user to view and customize kickstart file and stor.conf (python scripts) Kickstart file Tells server what/how to install/configure system (packages, networking, %pre, %post, root password, etc.) LA-UR-08-2749

7 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 7 EWRH – Architecture Stor configuration file (stor.conf) stored on web server contains parameters used by stor to harden the system (i.e. Who to send root's mail to, services to start, etc.) Installation ISO contains syslinux boot scripts, syslinux menus comboot32 api (getnet.c) to ask user for network info kernels, initial ramdisks (used to install OR rescue) and a fix for RHEL4 to the kickstart.py file in the stage2 image which causes RHEL 4 install to die if no available partitions exist on interactive install Rhusreg and stor rpms are stored on RHN server, downloaded in %post LA-UR-08-2749

8 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 8 EWRH - Development Red Hat comes out with new version of OS (i.e. 5.2, 4.7, etc) Developer updates perl code on web server to reflect new version Developer gets kernel and initrd from OS Install CD on Satellite Server Developer modifies syslinux menus on ISO to reflect install versions getnet.c uses the syslinux COMBOOT32 API, gets input from user (hostname, ip, netmask, dns, etc.) - is compiled and called by isolinux.bin Developer generates ISO using mkisofs Rhusreg (rpm used to register client with Satellite Server and fully update the system) is also updated to match current version(s) of OS %pre can expire boot media (validates version on CD vs server) LA-UR-08-2749

9 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 9 EWRH – Development cont. Central Services and Development Standards and R&D Team members test installer during an internal alpha test period Internal beta test period Public beta test period Production LA-UR-08-2749

10 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 10 EWRH – Tips and Tricks Script to set root password at end of %post /bin/list-cd in initrd – python script /bin/checkver is built using same idea, gets VERSION file from CD, is compared in %pre against wget’d version file from server Fix partitioning issue in RHEL4 that won’t allow installer to continue if no partitions available during interactive install (commented out two lines in /usr/lib/anaconda/kickstart.py) – required recompile of kickstart.pyc, rebuild of stage2.img, stage2.img added to initrd – RAMDISK_SIZE=xxx Soft links of /RedHat (RHEL3,4) and /image (RHEL5) on CD to point to /RedHat in initrd LA-UR-08-2749

11 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 11 EWRH - Demo LA-UR-08-2749

12 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 12 Resources SYSLINUX –http://syslinux.zytor.com– we use v. 3.54 in EWRH 7.1 Previously used CDShell – http://www.cdshell.org – compiles isolinux into CDShell modules (and messes things up) – lots of CDShell Scripting involved Portions of rhusreg.pl code (used in LANL-rhusreg RPM) RHN API: https://rhn.redhat.com/rhn/apidoc/ (also locally on Satellite Server) – we use mainly system.* (deleteSystems, setGroupMembership, setProfileName, listGroups)https://rhn.redhat.com/rhn/apidoc/ Getnet.c code LA-UR-08-2749

13 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 13 Resources – Example syslinux menu /menus/rh5.cfg on Installation CD: LABEL rh5x32 MENU LABEL Install RH5U1 WS i386 KERNEL getnet.c32 APPEND /vmlinuzs/vmlinuz5.x64 initrd=/initrds/initrd5.x64 LABEL rh5sx64 MENU LABEL Install RH5U1 Srv x86_64 KERNEL getnet.c32 APPEND /vmlinuzs/vmnlinuz5.x64 initrd=/initrds/initrd5s.x64 LA-UR-08-2749

14 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 14 Resources – Installation CD Structure EWRH71/: boot/ boot.catalog images@ initrds/ isolinux/ menus/ RedHat@version vmlinuzs/ images -> /images RedHat -> /RedHat EWRH71/boot: memtest memtestp EWRH71/initrds: initrd3.x32 initrd3.x64 initrd4.x32 initrd4.x64 initrd5s.x32 initrd5s.x64 initrd5.x32 initrd5.x64 EWRH71/isolinux: chain.c32 getnet.c32 isolinux.bin isolinux.cfg memdisk menu.c32 splash.jpg vesamenu.c32 EWRH71/menus: defaults.cfg main.cfg rh3.cfg rh3resc.cfg rh4.cfg rh4resc.cfg rh5.cfg rh5resc.cfg selmenu.cfg EWRH71/vmlinuzs: vmlinuz3.x32 vmlinuz3.x64 vmlinuz4.x32 vmlinuz4.x64vmlinuz5.x32 vmlinuz5.x64 LA-UR-08-2749

15 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 15 Questions? EWRH authors: Jimmy G. Devenport, Giacomo G. Brussino Computing, Telecommunications and Networking Central Services and Development Team jimmyd@lanl.gov, ggb@lanl.gov LA-UR-08-2749

Download ppt "Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Institutional Install of Red Hat Enterprise Linux From One CD In."

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Information and Communications Theory Labs, School of Computer & Communication Sciences FILE: kickstart.sxi / 24/01/03 / Page 1

Information and Communications Theory Labs, School of Computer & Communication Sciences FILE: kickstart.sxi / 24/01/03 / Page 1
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Leveraging WinPE and Linux Preboot for Effective Provisioning Jonathan Richey | Director of Development | Altiris, Inc.

Leveraging WinPE and Linux Preboot for Effective Provisioning Jonathan Richey | Director of Development | Altiris, Inc.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.

Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
Network Performance Toolkit (NPToolkit) A Knoppix Live-CD Rich Carlson Tools Tutorial 12/4/06.

Network Performance Toolkit (NPToolkit) A Knoppix Live-CD Rich Carlson Tools Tutorial 12/4/06.
Automating Linux Installations at CERN G. Cancio, L. Cons, P. Defert, M. Olive, I. Reguero, C. Rossi IT/PDP, CERN presented by G. Cancio.

Automating Linux Installations at CERN G. Cancio, L. Cons, P. Defert, M. Olive, I. Reguero, C. Rossi IT/PDP, CERN presented by G. Cancio.
NDT Tools Tutorial: How-To setup your own NDT server Rich Carlson Summer 04 Joint Tech July 19, 2004.

NDT Tools Tutorial: How-To setup your own NDT server Rich Carlson Summer 04 Joint Tech July 19, 2004.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Va-scanCopyright 2002, Marchany Unit 3 – Installing Solaris Randy Marchany VA Tech Computing Center.

Va-scanCopyright 2002, Marchany Unit 3 – Installing Solaris Randy Marchany VA Tech Computing Center.
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.

By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Ashita Srivastava ISM-6245. High Five Corporations Chain of fast food restaurants Using Windows XP for clients and Windows Server 2008 Needs a robust.

Ashita Srivastava ISM High Five Corporations Chain of fast food restaurants Using Windows XP for clients and Windows Server 2008 Needs a robust.
Operating Systems Operating System

Operating Systems Operating System
Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.

Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.
Connecting to Network. ♦ Overview ► A network connection is required to communicate with other computers when they are in a network. Network interface.

Connecting to Network. ♦ Overview ► A network connection is required to communicate with other computers when they are in a network. Network interface.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett 6.03.09 Revised for Firmware Update.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
COSC 4750 Customizing and maintenance. Installing software Redhat/Fedora (and linux in general) has a package installer, called rpm Many programs will.

COSC 4750 Customizing and maintenance. Installing software Redhat/Fedora (and linux in general) has a package installer, called rpm Many programs will.
October,18-22 2004 Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.

October, Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.
Marcel Casado NCAR/RAP WEATHER WARNING TOOL NCAR.

Marcel Casado NCAR/RAP WEATHER WARNING TOOL NCAR.

Similar presentations

Ads by Google