Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Institutional Install of Red Hat Enterprise Linux From One CD In.

Slides:



Advertisements
Similar presentations
Implementing Tableau Server in an Enterprise Environment
Advertisements

Information and Communications Theory Labs, School of Computer & Communication Sciences FILE: kickstart.sxi / 24/01/03 / Page 1
Linux+ Guide to Linux Certification, Second Edition
Leveraging WinPE and Linux Preboot for Effective Provisioning Jonathan Richey | Director of Development | Altiris, Inc.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
Network Performance Toolkit (NPToolkit) A Knoppix Live-CD Rich Carlson Tools Tutorial 12/4/06.
Automating Linux Installations at CERN G. Cancio, L. Cons, P. Defert, M. Olive, I. Reguero, C. Rossi IT/PDP, CERN presented by G. Cancio.
NDT Tools Tutorial: How-To setup your own NDT server Rich Carlson Summer 04 Joint Tech July 19, 2004.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Va-scanCopyright 2002, Marchany Unit 3 – Installing Solaris Randy Marchany VA Tech Computing Center.
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Ashita Srivastava ISM High Five Corporations Chain of fast food restaurants Using Windows XP for clients and Windows Server 2008 Needs a robust.
Operating Systems Operating System
Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.
Connecting to Network. ♦ Overview ► A network connection is required to communicate with other computers when they are in a network. Network interface.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 4 Manage Software for SUSE Linux Enterprise Server.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
COSC 4750 Customizing and maintenance. Installing software Redhat/Fedora (and linux in general) has a package installer, called rpm Many programs will.
October, Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.
Marcel Casado NCAR/RAP WEATHER WARNING TOOL NCAR.
1 Installation When this module is complete, you will be able to:  Set a static IP address for your laptop  Install the snom ONE software  Navigate.
O.S.C.A.R. Cluster Installation. O.S.C.A.R O.S.C.A.R. Open Source Cluster Application Resource Latest Version: 2.2 ( March, 2003 )
SQL Server User Group Meeting Reporting Services Tips & Tricks Presented by Jason Buck of Custom Business Solutions.
Installing MDT 2010 on Windows Server 2008 R2 This guide assumes you are installing MDT 2010 on a Windows Server 2008 R2 server with the Windows Deployment.
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 LANL-stor and the Challenges of Evolutionary Development Managing.
UNIX (Linux) Introduction Module-1. OS Kernel In computing, the kernel is the central component of OS. It is a bridge between applications and the actual.
INFSO-RI Enabling Grids for E-sciencE Installation of an APT+kickstart server Giuseppe Platania INFN Catania EMBRACE Tutorial Clermont-Ferrand,
Kickstart Installation
Guide to Linux Installation and Administration, 2e1 Chapter 11 Using Advanced Administration Techniques.
Module 1 – Lesson 6 Ms. Tracy. Bell Ringer What is the typical useful life for a personal computer?
7200 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. 1/16 OfficeServ 7200 Enterprise IP Solutions Data Server S/W Upgrade.
Microsoft Management Seminar Series SMS 2003 Change Management.
© 2008 Cisco Systems, Inc. All rights reserved.CIPT1 v6.0—1-1 Getting Started with Cisco Unified Communications Manager Installing and Upgrading Cisco.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Workstations.
C. Aiftimiei, E. Ferro / January LCFGng server installation Cristina Aiftimiei, Enrico Ferro INFN-LNL.
7200 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. 1/7 OfficeServ 7200 Enterprise IP Solutions Data Server S/W Upgrade.
Linux Operations and Administration
Page 1 of 38 Lenovo Confidential Lenovo Confidential Lenovo Confidential Lenovo Confidential Lenovo Confidential Please Note: Information contained in.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 UC 7.0 Install and Upgrade Changes TOI Josh Rose UCBU Software Engineer.
2: Operating Systems Networking for Home & Small Business.
SCD Monthly Projects Meeting 2014 Scientific Linux Update Rennie Scott January 14, 2014.
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Windows Desktop Deployment Service at LANL Mark Wingard Central.
© 2007 IBM Corporation 9/26/2016 Automated Generation of Kickstart Files IBM.
© 2007 IBM Corporation 9/29/2016 Automated Generation of Kickstart Files IBM.
Spacewalk + Fedora = 42. What is Spacewalk? A systems management platform designed to provide complete lifecycle management of the operating system and.
April 1st, 2009 Cobbler Provisioning Made Easy Jasper Capel.
APACHE INSTALL AWS Linux (Amazon Web Services EC2)
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
BY: SALMAN 1.
New Tools Used by the Scientific Linux Team
Andrea Chierici Virtualization tutorial Catania 1-3 dicember 2010
VMware ESX and ESXi Module 3.
Installation of MySQL Objectives Contents Practical Summary
BY: SALMAN.
What are they? The Package Repository Client is a set of Tcl scripts that are capable of locating, downloading, and installing packages for both Tcl and.
Provisioning with custom builds and Kickstart
CompTIA Server+ Certification (Exam SK0-004)
Overview – SOE PatchTT November 2015.
Overview – SOE PatchTT December 2013.
IBM Tivoli Provisioning Manager Red Hat 5 patch management
Data Server S/W Upgrade Samsung Electronics Co., Ltd.
DHCP, DNS, Client Connection, Assignment 1 1.3
Networking for Home and Small Businesses – Chapter 2
IS3440 Linux Security Unit 7 Securing the Linux Kernel
Installing Linux Redhat:
IS3440 Linux Security Unit 8 Software Management
Networking for Home and Small Businesses – Chapter 2
Operating Systems Networking for Home and Small Businesses – Chapter 2 – Introduction To Networking.
Web Servers (IIS and Apache)
Presentation transcript:

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Institutional Install of Red Hat Enterprise Linux From One CD In The LANL Environment “Set it and forget it” - one-stop shop to install and secure Red Hat Enterprise Linux LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 2 What is ExpressWay for Red Hat? Automated installer was needed to provide LANL a secure way to install, configure and harden Red Hat Linux according to LANL security recommendations Installing from Red Hat factory CDs required lots of intermediate steps and manual commands executed by the user / sysadmin to register with update server, harden system, etc. LANL environment includes a mixture of static and DHCP (dynamic) IP addresses – with static networking and install CDs, user has to enter networking multiple times to get installer to work ExpressWay for Red Hat (EWRH) does it all! LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 3 RHEL Security Triangle Red Hat Network Satellite Server (RHUS) Stores distribution install packages Patch management capabilities Used for getting latest updates on clients Generates kickstart file LANL ExpressWay Red Hat Network based installation tool Express vs. interactive install Static vs. dynamic networking LANL Security Tool On Red-Hat (STOR) Hardens the system and provides compliance reporting LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 4 ExpressWay for Red Hat (EWRH) Current Version is 7.1 Internally Developed Web server back-end to get client data and generate kickstart Web server stores kickstart and stor.conf (STOR config. file) Kickstart and stor.conf can be customized via web interface Installation CD uses SYSLINUX menus and COMBOOT32 API to get info from user Uses rhusreg rpm to register system with Red Hat Satellite Server Able to install OR rescue system using installation CD LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 5 EWRH – Quick Install Steps Generate kickstart (web page) Customize kickstart file and stor.conf file (web) Download CDROM ISO and burn it to CD Boot up system off of CD Tell installer what you want to install and network address information Installer downloads kickstart file and stor.conf %pre portion of kickstart finds the CD and validates version Distribution is downloaded from RHNSS Installer runs rhusreg and stor from %post portion of kickstart Rhusreg registers with Satellite Server and fully updates the system Stor fully hardens the system LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 6 EWRH – Architecture Web cgi perl script Step 1. Asks user for Z#, which version of OS (3,4,5), which Product (WS, AS, ES), hostname, networking info (static vs dynamic) Step 2. Validates license for product/version selected against Z# in ESD (LANL Electronic Software Distribution db) Step 3. Verifies network information and gets LANL Property# from LANL's Hostmaster registration db if static IP Step 4. Generates kickstart file and stor.conf Step 5. Allows user to view and customize kickstart file and stor.conf (python scripts) Kickstart file Tells server what/how to install/configure system (packages, networking, %pre, %post, root password, etc.) LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 7 EWRH – Architecture Stor configuration file (stor.conf) stored on web server contains parameters used by stor to harden the system (i.e. Who to send root's mail to, services to start, etc.) Installation ISO contains syslinux boot scripts, syslinux menus comboot32 api (getnet.c) to ask user for network info kernels, initial ramdisks (used to install OR rescue) and a fix for RHEL4 to the kickstart.py file in the stage2 image which causes RHEL 4 install to die if no available partitions exist on interactive install Rhusreg and stor rpms are stored on RHN server, downloaded in %post LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 8 EWRH - Development Red Hat comes out with new version of OS (i.e. 5.2, 4.7, etc) Developer updates perl code on web server to reflect new version Developer gets kernel and initrd from OS Install CD on Satellite Server Developer modifies syslinux menus on ISO to reflect install versions getnet.c uses the syslinux COMBOOT32 API, gets input from user (hostname, ip, netmask, dns, etc.) - is compiled and called by isolinux.bin Developer generates ISO using mkisofs Rhusreg (rpm used to register client with Satellite Server and fully update the system) is also updated to match current version(s) of OS %pre can expire boot media (validates version on CD vs server) LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 9 EWRH – Development cont. Central Services and Development Standards and R&D Team members test installer during an internal alpha test period Internal beta test period Public beta test period Production LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 10 EWRH – Tips and Tricks Script to set root password at end of %post /bin/list-cd in initrd – python script /bin/checkver is built using same idea, gets VERSION file from CD, is compared in %pre against wget’d version file from server Fix partitioning issue in RHEL4 that won’t allow installer to continue if no partitions available during interactive install (commented out two lines in /usr/lib/anaconda/kickstart.py) – required recompile of kickstart.pyc, rebuild of stage2.img, stage2.img added to initrd – RAMDISK_SIZE=xxx Soft links of /RedHat (RHEL3,4) and /image (RHEL5) on CD to point to /RedHat in initrd LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 11 EWRH - Demo LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 12 Resources SYSLINUX – we use v in EWRH 7.1 Previously used CDShell – – compiles isolinux into CDShell modules (and messes things up) – lots of CDShell Scripting involved Portions of rhusreg.pl code (used in LANL-rhusreg RPM) RHN API: (also locally on Satellite Server) – we use mainly system.* (deleteSystems, setGroupMembership, setProfileName, listGroups) Getnet.c code LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 13 Resources – Example syslinux menu /menus/rh5.cfg on Installation CD: LABEL rh5x32 MENU LABEL Install RH5U1 WS i386 KERNEL getnet.c32 APPEND /vmlinuzs/vmlinuz5.x64 initrd=/initrds/initrd5.x64 LABEL rh5sx64 MENU LABEL Install RH5U1 Srv x86_64 KERNEL getnet.c32 APPEND /vmlinuzs/vmnlinuz5.x64 initrd=/initrds/initrd5s.x64 LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 14 Resources – Installation CD Structure EWRH71/: boot/ boot.catalog initrds/ isolinux/ menus/ vmlinuzs/ images -> /images RedHat -> /RedHat EWRH71/boot: memtest memtestp EWRH71/initrds: initrd3.x32 initrd3.x64 initrd4.x32 initrd4.x64 initrd5s.x32 initrd5s.x64 initrd5.x32 initrd5.x64 EWRH71/isolinux: chain.c32 getnet.c32 isolinux.bin isolinux.cfg memdisk menu.c32 splash.jpg vesamenu.c32 EWRH71/menus: defaults.cfg main.cfg rh3.cfg rh3resc.cfg rh4.cfg rh4resc.cfg rh5.cfg rh5resc.cfg selmenu.cfg EWRH71/vmlinuzs: vmlinuz3.x32 vmlinuz3.x64 vmlinuz4.x32 vmlinuz4.x64vmlinuz5.x32 vmlinuz5.x64 LA-UR

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 15 Questions? EWRH authors: Jimmy G. Devenport, Giacomo G. Brussino Computing, Telecommunications and Networking Central Services and Development Team LA-UR

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.