History

Dom0 installation, deployment and configuration guide

Installation

  • Install the server with the unattended installation CD
  • Download the image here
  • There are several installation modes available:
    • damd: Fully unattended install (Destroy All My Disks). Use with caution this option erases all partitions from all attached disks detected by the system. If there are external disks plugged in or secondary disks with valuable data, disconnect them before using this option or use the nopart option.
    • nopart: similar to the previous option, but with a manual partitioning process. Useful when installation is needed on a server that contains data
    • live: This option will boot a live system that can be used to remotely recover/install a server

Unattended installations damd and nopart

Warning! It is emphasized that the damd option will ERASE ALL PARTITIONS FROM EVERY DISK DETECTED. Ensure that all data is backed up if this option is used

nopart option is exactly the same, but with a manual partitioning process. Once the partitions have been defined the installation continues in an unattended mode

For a medium level server, the unattended installation takes approximately 10 minutes

Installation from Live System

The live system is based on Fedora 10 and uses a read/write overlay, so we can install any tool we need with yum install package

Once the live system is booted, we can connect remotely with ssh, or even ask the remote user to run the sar script for ssh port redirection and connect to a server behind a firewall.

To install from the live system we need to run anaconda with the installation type we want to use:

  • Deactivate SELinux (Mandatory, if won't work in enforcing mode)

    setenforce 0

  • Run anaconda (Fully unattended)

    anaconda --kickstart /mnt/live/ModularIT/ks/damd.cfg

  • .. or run anaconda (With manual partitioning)

    anaconda --kickstart /mnt/live/ModularIT/ks/nopart.cfg

Since the text-mode anaconda does not support advanced storage options like LVM and RAID setup, we have to setup this options manually before the nopart installation, and during the install just select what volumes we want to mount.

NOTE: Due to a bug in SElinux when installing from the live system, it will be setup in permissive mode. It can be set to enforce after the first boot.

Machine preparation

  • Root password after the installation is passwd.root
  • Change the root password
  • Configure the machine name in /etc/sysconfig/network
  • Set the network configuration here: /etc/sysconfig/network-script/ifcfg-eth0
  DEVICE=eth0  
  BOOTPROTO=static  
  HWADDR=00:50:8D:ED:86:14  
  ONBOOT=yes  
  IPADDR=192.168.1.6  
  NETMASK=255.255.255.0  
  GATEWAY=192.168.1.1
  • Specify the interfaces and the IP. It is important not to change the value of the variable HWADDR so the network card with that MAC will always be eth0 (or whatever device you have defined by default)
    • Define the DNS configuration in /etc/resolv.conf
  search modularit.org
  nameserver 192.168.1.1
  • Update the machine: yum update
  • Reboot the machine to make sure the configurations made are correctly defined in case something happens in the future. This is strongly recommended.

Machine configuration

There are two configuration options available:

  • Centralised configuration: if the machine is going to be integrated in a ModularIT management structure
  • Local configuration: if the machine is not going to be integrated in a ModularIT management structure

Centralized configuration

Configuration in the Puppet Server

Create the entry of the machine being installed, with its ModularIT name and define the UPS configuration. We strongly recommend using a UPS for a controlled shut-down of both the virtual machines and the base system. However if you do not have a UPS, this option should be set: $skipups = "yes"

  node "devel.dom0" inherits "devel" {
        $modularit_name = "devel.dom0" 
        $comment = "Development dom0" 
        ## Variables for UPS configuration
        # If this server is NOT the upsserver, define the upsserver
        $upsserver = "hierro" #hierro means iron in spanish
        # If this is the upsserver, define the type of UPS
        # UPS model and port. Needed on the upsserver
        # USB APC
        #$upsmodel = 'usbhid-ups'
        #$upsdevice = 'auto'
        # Serial APC SmartUPS
        $upsmodel = 'apcsmart'
        $upsdevice = '/dev/ttyS1'
        # If this host is the upsserver, include the upsserver class BEFORE modularit class
        include upsserver
        include modularit
  }

Client configuration (The machine being installed)

The puppetd process can be run in debug mode to ensure that the update has been completed successfully:

  puppetd --debug --no-daemonize --report --runinterval 60 --fqdn NOMBRE_MODULARIT --server PUPPET_MODULARIT

The parameters NOMBRE_MODULARIT and PUPPET_MODULARIT will be provided by the service manager (register with the mailing list if you have questions regarding this)

  /etc/init.d/puppet restart

PIFIA should be executed to ensure that notifications to Nagios are functioning correctly:

  /var/lib/pica/bin/scheduler Emergency
  /var/lib/pica/bin/scheduler Warning

Ensure that Nagios is not generating alerts that read OK. At this point critical AIDE alerts are expected

Local configuration

AIDE initialisation

Once everything is functioning correctly, initialize the AIDE databases as described in the: AIDE