Wednesday, November 25, 2009

Bash Plus Spaces In Filenames Equals Headache

OR NOT...

Check this out:

http://www.cyberciti.biz/tips/handling-filenames-with-spaces-in-bash.html

Saturday, November 21, 2009

Understanding Redhat Kickstart

Kickstart provides linux system administrators a method for installing linux on pc's in unattended mode. A properly formatted Kickstart configuration will perform all tasks such as setting the root password, the networking interfaces, the disk partitioning scheme as well as the installation of packages.

I needed to build a clustered reverse proxy the other day to test if it could be used for SSL termination. I was looking for a way to aggregate multiple webservers behind a proxy server so that they could have their SSL terminate at the proxy, then the HTTP traffic passed through a Level 7 ( application layer ) scanner to test for sql injection and the like.

So I fired up my trusty Virtualbox and built a standard Centos 5.4 server. I copied the CD into the ftp directory and started NFS with an export to that FTP directory. This server was to serve as an install NFS server for the 2 proxy servers as well as a yum repository for them. That's why I placed the CD files in the FTP location.

So here is my example proxy diagram. It is very similar to the basic openOffice.org version in my previous post. I needed to make sure that the proxy servers had apache installed on them for the reverse proxie's and heartbeat. I ended up manually installing heartbeat. I had my reasons... :)

The trick making a successful kickstart file is to take one that is generated for you by anaconda. Anaconda is the software that installs your new Redhat based system. After a manual install is complete a copy of the kickstart file for that installation is stored in: /root/anaconda-ks.cfg

I simply copied this over to /var/www/html/ks.cfg and began editing it with vi. Here is the result of that editing...
[root@server html]# cat ks.cfg
# Kickstart file automatically generated by anaconda.

install
nfs --server 192.168.56.254 --dir=/var/ftp/pub/server
lang en_NZ.UTF-8
keyboard us
network --device eth0 --bootproto dhcp --nameserver 192.168.56.1
rootpw --iscrypted $1$ewn======YEAH RIGHT!==2hBDFz1
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --enforcing
timezone --utc Pacific/Auckland
bootloader --location=mbr --driveorder=hda
zerombr
clearpart --all
part / --fstype ext3 --size=0 --grow --ondisk=hda
%packages
@base
@core
@editors
@server-cfg
@text-internet
@web-server
heartbeat
keyutils
trousers
fipscheck
device-mapper-multipath
-cups
-bluez-utils
This file does the following things in order:
  1. Does an INSTALL and not an UPGRADE
  2. Defines the location of the NFS share from which to install from.
  3. Sets the default language
  4. Sets the default keyboard layout
  5. Sets up the network interface
  6. Specifies the root password ( i have masked mine here )
  7. Turns on the firewall and allows port 22 for SSH through it.
  8. Configures authconfig to allow shadow passwords and md5 encryption.
  9. Turns SELINUX on and sets it to ENFORCING mode.
  10. Sets the timezone.
  11. Defines where the bootloader will be installed. Master Boot Record on the disk HDA
  12. Zeros the master boot record
  13. Clears all partitions
  14. Defines one partition mounted on / ( root ), filetype ext3, 0 min size configured to grow to extents of disk and on disk HDA
  15. Sets up packages. Package Groups are preceeded with an @ symbol, individual packages are named normally one per line and packages to exclude are preceeded with a - symbol.
There is one very useful feature left out and that is POST INSTALLATION SCRIPTS. This is a script that will be executed after the system has installed and might used for creating default users or determining which services to turn on and off after an install.

All going well the above VERY BASIC kickstart file should result in a completly automated install, assuming your NFS share is available and the machine can connect to a DHCP server and be assigned an IP address.

Try it out some time. It's quite fun to watch.