Redhat 6 Minimal Kickstart Configuration with VMware Tools and Puppet Agent Install

November 29, 2014November 29, 2014 / Christopher Paquin / Leave a comment

smarta Here is my small, crude, little Kickstart configuration and post install script that I have up and running in my lab at home. Don’t expect to find anything too fancy here, as this Kickstart was purposefully built to be small and to the point. Here, the point was to spin up a VM, run through a basic install of CentOS/Redhat Linux, and install VMware Tools along with a Puppet agent.

Note that this post assumes that you have a working Kickstart server.

First lets take a look at our kickstart file, CentOS-6.6-x86_64-minimal.ks

The section directly below kicks off our kickstart ks file. Here we set our root password (no that’s not my hash) and setup our network interface for DHCP. We do a tiny bit of disk partitioning, and setup very simple LVM. Then we choose our packages. As you can see my package list is not at all fancy, I just want to make sure that I have pretty much every package that might need for a lab VM.

[code language=”bash”]
# Kickstart file for RHEL 6 Minimal
# Small Disk

text
install
url –url=http://10.1.0.106/ks/loop/CentOS-6.6-x86_64-bin-DVD1
lang en_US.UTF-8
keyboard us
network –onboot yes –device eth0 –bootproto dhcp –noipv6
rootpw –iscrypted $6$X/4YYZPN$4Sv.khxXms8N8vRssR/Vl35w/m80FF5P6p7aX0D7EFfD9p734F6tU4kXdcSCoOjPiXLrVxqfKxxxxxxxxxxxq5551
firewall –disabled
authconfig –enableshadow –passalgo=sha512
selinux –permissive
timezone America/New_York

# Disk
bootloader –location=mbr –driveorder=sda –append="crashkernel=auto rhgb"
zerombr
clearpart –all –drives=sda
part pv.1 –grow –size=1
part /boot –fstype=ext4 –size=1024
volgroup VolGroup pv.1
logvol / –fstype=ext4 –name=lv_root –vgname=VolGroup –size=1024 –grow
logvol swap –name=lv_swap –vgname=VolGroup –size=1024

#Network
network –device=eth0 –bootproto=dhcp –nameserver=10.1.0.110

# Package Selection
%packages –nobase –excludedocs
@Base
@core
kernel-headers
wget
perl
sysstat
bind-utils
tcpdump
[/code]

Now let me pause to point out the section below. This is the %pre script that I am using to prompt me for the VM hostname before the install begins. The hostname needs to be set before you install puppet on the VM, otherwise you are going to have to recreate your puppet certificates after you set properly set your hostname post install and reboot.

[code language=”bash”]
%pre –log=/root/ks_pre.log
#change to tty6 to get input
chvt 6
exec </dev/tty6 > /dev/tty6

#Prompt for hostname
echo "What is my hostname?"
read NAME
echo "NETWORKING=yes
HOSTNAME=${NAME}" > network
chvt 1
[/code]

Now we run a simple post install, along with a custom post install script. It is this script that will install Vmware tools and Puppet. Myself, I prefer keeping most of my code out of the actual Kickstart ks file, however you can always jam all your code into it if you like. You will just need to validate your syntax first, as I have not tested my config this way.

[code language=”bash”]
%post –nochroot
# bring in hostname collected from %pre, then source it
cp network /mnt/sysimage/etc/sysconfig/network
. /mnt/sysimage/etc/sysconfig/network
# force hostname change
/mnt/sysimage/bin/hostname $HOSTNAME
#Post Install
%post –log=/root/ks-post.log
cd /root
echo "Getting the post install script – if this takes a long time check network or path"
wget http://10.1.0.106/ks/scripts/centos-6-postinstall.bash
echo "Running the post install script"
/bin/bash centos-6-postinstall.bash
[/code]

Ok, so below is the post install script that I am calling in the section above. After a quick modification of my hosts file, I pull down the Puppet installer from my local Puppet server. Next we install the open source VMware tools packages, after creating the required yum repofile.

[code language=”bash”]
#!/bin/bash
#centos-6-postinstall.bash

#Switch to the 6th console and redirect all i/o
exec < /dev/tty6 > /dev/tty6 2> /dev/tty6
chvt 6

# Lets make sure we know who the puppet server is before we get too far
echo "Adding hosts entry for puppet master"
echo "10.1.0.115 puppet puppet.lab.localdomain" >> /etc/hosts

## Update Via Yum – not doing this for now in order to save time
#yum -y update
# Install puppet from local puppet master
echo "Downloading and running Puppet installer"
curl -k https://10.1.0.115:8140/packages/current/install.bash | sudo bash
#Install Open Source VMware Tools
rpm –import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub
rpm –import http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub

echo -e "[vmware-tools]\nname=VMware Tools\nbaseurl=http://packages.vmware.com/tools/esx/5.1latest/rhel6/$HOSTTYPE\nenabled=1\ngpgcheck=1" > /etc/yum.repos.d/vmware-tools.repo

echo "Installing Vmware Tools"
yum -y install vmware-tools-esx-nox

#Minor grub.conf modifications
sed -i ‘s/rhgb quiet//’ /boot/grub/grub.conf
sed -i ‘s/hiddenmenu//’ /boot/grub/grub.conf
sed -i ‘s/timeout=5/timeout=10/’ /boot/grub/grub.conf

#Kick off first puppet run, for some reason I think you might need to do this twice.
sleep 5
echo "Running Puppet for the first time"
puppet agent –test
puppet agent –test

#Tell us we have reached the end
echo "We have reached the end of the post-install script"
[/code]

A couple of additional details to note about the post install script above. I like to modify the grub.conf so that I unhide the menu and increase the time out. I also like to make sure that we disable the Redhat graphical boot screen… I want to make sure its easy to catch any errors or miss-configurations in my kickstarts.

RHEL6 – How to Setup an Anonymous Download Only FTP Server

August 30, 2012December 3, 2014 / Christopher Paquin / Leave a comment

A while back I spit out a post on how to configure an anonymous ftp server that allowed uploads and downloads, which you can find here.

Its a very exciting read and will tell you everything that you need to know to get you up and running with an anonymous ftp server. However those instructions are specifically for a server that allows anonymous uploads as well as downloads. So today we are going to go over only the steps for anonymous download, which is actually much easier.

Basic Install & Configuration

So first lets install vsftp.

# yum -y install vsftpd && service vsftpd start && chkconfig vsftpd on

Then edit /etc/vsftp/vsftpd.conf and make sure that the following line is uncommented.

anonymous_enable=YES

You should also be aware of the following configuration directive. By setting local enable to no in /etc/vsftp/vsftpd.conf, you disallow local Unix users access to ftp, which ensures that your ftp server is truly anonymous only.

local_enable=no

Now restart vsftpd and you should be in business

Testing Anonymous Download

To test ftp you need an ftp client, which can be installed via yum as seen below.

yum -y install ftp

Then you should be able to ftp to localhost like as seen below and get a file. Note that an anonymous login does not a password

# ftp localhost
Trying 127.0.0.1…
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,170,125).
150 Here comes the directory listing.
drwxr-xr-x    2 0        0            4096 Aug 30 15:37 pub
-rw-r–r–    1 0        0               0 Aug 30 15:39 test2
-rw-r–r–    1 0        0               0 Aug 30 15:38 testfile
226 Directory send OK.
ftp> get test2

The same test executed as root ( a local user) should fail as seen below.

# ftp localhost
Trying 127.0.0.1…
Connected to localhost (127.0.0.1).
220 (vsFTPd 2.2.2)
Name (localhost:root): root
530 This FTP server is anonymous only.
Login failed.
ftp>

Unix File Permissions and SELinux

One of the things that can ruin your day when it comes to getting and ftp server up and running is SELinux. However when setting up an anonymous download ftp server using the default ftp root directory you don’t actually need to change anything.

By default your ftp root directory is going to be /var/ftp/, and its SELinux context and default perms are going to be as seen below.

drwxr-xr-x. root root system_u:object_r:public_content_t:s0 /var/ftp

Here the default context is public_content_t which by allows reads but not writes, and the default Unix perms allow reads and not writes.

Changing Default FTP Root Directory

If you wanted to change anonymous vsftp to use a different root directory (other than /var/ftp) you would need to add the following line to /etc/vsftpd/vsftpd.conf. In the example below I am setting my new ftp root to /shared/ftp

anon_root=/shared/ftp

You are also going to need to asign the correct SELinux file context (public_content_t) to your new directory.

# semanage fcontext -a -t public_content_t “/shared/ftp(/.*)?”

# restorecon -vvFR /shared/ftp

Configuration Differences Between Anon Upload and Download

So as I stated above its actually a bit easier to configure an anonymous download only ftp server, than it is to configure it to allow uploads as well. This section for reference only, my post on configuring anonymous upload and download ftp server can be reference here.

First you will need to assign a different SELinux context. Its public_content_rw_t not public_content_t.

# semanage fcontext -a -t public_content_rw_t ‘/var/ftp(/.*)’

# restorecon -vvFR /var/ftp

You will also need to fiddle with SELinux booleans

# setsebool -P allow_ftpd_anon_write=1

And we are also going to want to change the Unix permissions on our ftp root directory. Here we are changing group ownership to ftp and setting the setgid bit.

# chgrp ftp /var/ftp/
# chmod 2760 /var/ftp

Good luck and try not to break anything.

RHEL6 – Snapshotting an LVM Volume

October 19, 2011December 8, 2014 / Christopher Paquin / Leave a comment

Snapshotting in the context of LVM is the process of taking a point-in-time image of a filesystem and creating a separate copy of that filesystem on another filesystem… using LVM of course.

Snapshoting can be useful if you need to take a backup of a filesystem but want the filesystem to be a quiesced state when you do so. Using LVM and snapshots you just backup the snapshot of the original filesystem.

First lets create the “master” filesystem using /dev/sdc1 which has partitioned as Linux LVM in fdisk.

So create the physical volume

_{>pvcreate /dev/sdc1}

Then create a volume group containing the physical volume

_{>vgcreate test_vg /dev/sdc1}

Then create a logical volume called v1 which is 5gb in size. Note that this volume group is 10gb in total size.

_{>lvcreate -n v1 -L 5G test_vg}

Then create a filesystem on that volume

_{>mkfs -t ext4 /dev/test_vg/v1}

Then mount this volume to /v1 and put some data in it.

_{>mkdir /v1}

_{>mount /dev/test_vg/v1 /v1}

_{>cp /var/tmp/VMwareTools-8.3.2-257589.tar /v1}

Ok, now that we have a logical volume with some data in it, lets make a snapshot of it.

First lets make a mountpoint for our snapshot

_{>mkdir /v2}

Now lets make the snapshot of /dev/test_vg/v1. Note that a snapshot volume can be as large or a small as you like but it must be large enough to hold all the changes that occur on the original volume during the lifetime of the snapshot. In this example I am creating a snapshot of 4gb.

_{>lvcreate -n snapvol -L 4G -s /dev/test_vg/v1}

Using lvs or lvscan you can take a look at the snapshot volume.

_>lvscan

_{ACTIVE Original ‘/dev/test_vg/v1’ [5.00 GiB] inherit

ACTIVE Snapshot ‘/dev/test_vg/snapvol’ [4.00 GiB] inherit}

Now lets mount the snapshot readonly.

_{>mount -o ro /dev/test_vg/snapvol /v2}

Now you can browse the contents of the snapshot, unmount it and mount it as needed. And back it up as well. Make sure that you remove the snapshot when done backing it up