Synopsis
I’ve been getting my feet wet with ESXi, CentOS 6 VMs, and YUM/RPM. Well the last two I have been using for years, but not like recently.
The goal is to be able to blindly install a controlled distribution of CentOS 6.x quickly and without error (maybe even install multiple at the same time). What I needed:
- Anaconda Kickstart file (ks.cfg)
- Local mirrored repository for CentOS 6.x (6.3 in my example)
- Custom 3rd party repo
- HTTP/NFS/RSYNC access to these
- Variable disk/cpu/ram size – the partitions need to be dynamic
Without writing a book about all of this, I really want to just highlight some problems I ran into and how I solved them.
An example of my kickstart file is below for reference.
Automated Partition Schema
Since I’m in the world of virtualized hardware, it is important for the disk to scale easily without lost data. The prerequisite to this is of course Logical Volume Management (LVM). Now you may not agree with my LVM layout, and honestly, this isn’t my expertise (optimization of disk partitions), but at the least there must be “boot,” “root,” and “swap” partitions.
The goal here is to make the root partition grow to its maximum size without negating the swap. Also, the boot partition won’t be on the LVM, it will be fixed in the MBR. The kickstart section is as follows:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
|
# delete everything on /dev/sda clearpart --all --drives=sda # only use the sda - this is totally fine in the case of a single physical disk (remember, we're virtual here, so this is probably for the best, considering you'll have SAN, DAS or NAS behind it) ignoredisk --only-use=sda # make the boot partition in the MBR (only 128mb) part /boot --fstype=ext4 --size=128 # make the physical partition for the LVM to sit on "pv.01" is "partition volume number 01" alternatively something like "pv.02393" would be fine. # this partition should "grow" to fill the entire disk, the initial size is 1mb (don't use 0 here) part pv.01 --grow --size=1 # define the LVM volgroup called "vg_main" - this can be called whatever you want - and put it on the physical partition "pv.01" that was created in previous. volgroup vg_main pv.01 # the root partition called "lv_root" sitting on the volume group "vg_main" with a minimum size of 8gb, it will grow to fill whatever is left of the disk logvol / --fstype=ext4 --name=lv_root --vgname=vg_main --grow --size=8192 # the swap partition called "lv_swap" sitting on volgroup "vg_main" that is exactly 2 gb logvol swap --name=lv_swap --vgname=vg_main --grow --size=2016 --maxsize=2016 |
I do want to note that the
logvol’s are interpreted in a random order, so it is perfectly fine for the swap logvol to be declared after the root (/) logical volume.
Bypassing “Storage Device Warning”
The only problem I had in regards to a prompt-less install was the “Storage Device Warning” asking if I was sure I wanted to write to the disk and lose all of my data. No matter what I put in the partition specification of kickstart, it would always prompt. The answer is to use
zerombr yes. See the option “zerombr” as defined within the CentOS kickstart guide. This can be placed anywhere in the kickstarter file (well except in %packages, %post or similar); just put it up near the top.
Auto Reboot
After the installation is complete, automatically reboot the machine. This works perfectly in ESXi since it automatically unmounts the virtual cdrom after the first boot of the guest! Simply put
reboot anywhere in your kickstart – near the top is probably best.
VMware Tools RPM
In order for the vSphere Client to monitor and execute certain tasks on the guest vm, VMware Tools is required. This will show you things like IP addresses, hostnames and guest state as well as integrated shutdown/reboot tools.
Add VMware Tools to YUM
Put the following repo configuration in /etc/yum.repos.d/vmware-tools.repo:
|
[vmware-tools] name=VMware Tools baseurl=http://packages.vmware.com/tools/esx/5.1latest/rhel6/x86_64 enabled=1 gpgcheck=1 gpgkey=http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub |
Then execute the following shell in %post of kickstart:
|
yum -y update yum -y install vmware-tools-plugins-guestInfo |
The important part to mention here is that the package is called
vmware-tools-plugins-guestInfo. All the dependencies will come with it, so no worries there.
Mirroring a Repository for NFS Kickstart Installation
Create the Repo Mirror
Remember, my goal is to be able to quickly add a CentOS VM. With that, I don’t want to wait 30 minutes to pull down packages from a mirror in Iowa, New York or Cali. I want to pull it down once, keep it up-to-date and have my local install pull from my local mirror. For simplicities sake, I’ll put the mirror in /repo/centos.
|
MIRROR=mirror.centos.com::centos/6.4 DEST=/repo/centos mkdir -p /repo/centos rsync -avSHP --delete --exclude "local*" --exclude "isos" $MIRROR $DEST |
I am choosing to exclude any local files/directories (“local*”) and also the huge DVD ISOs (“isos”). Also note that the mirror format is host::path and that the mirror host must support the rsync protocol.
Keep the Local Mirror Updated
To keep the local repo copy up-to-date, run this script via cron (by the way, I stole this from somewhere, I just don’t remember). Please don’t forget to swap out the mirror hostname and path with something that makes more geographical sense to you.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
|
#!/bin/bash LOCK=/var/lock/subsys/repo_sync; CENTOS_REPO=mirrors.usc.edu::centos/6.4; CENTOS_DEST=/repo/centos; if [ -f $LOCK ]; then echo "Updates via rsync already running."; exit 1; fi; touch $LOCK; if [ -d $DEST ] ; then rsync -avSHP --delete --exclude "local*" --exclude "isos" $CENTOS_REPO $CENTOS_DEST; else echo "Target directory "$DEST" does not exist. Cannot update."; fi; /bin/rm -f $LOCK; exit 0; |
Configure NFS for Kickstart Network Installations
NFS server support is built into CentOS and running by default, so this is pretty easy. Add the following to /etc/exports:
|
/repo/centos 172.16.0.0/16(ro,sync,all_squash) |
This exports the directory “/repo/centos” for NFS. Only the subnet 172.16.0.0/16 is allowed access (no credentials required). It is mounted as read-only (ro), connection are synchronous as opposed to asynchronous (sync), and all connections are anonymous for security purposes (all_squash). Man exports(5) if you need more help.
Restart NFS via
service nfs restart.
I feel like I’m missing something with NFS, but I don’t recall; this was too easy. In my memory there was a struggle with rpc!
Update iptables for NFS
Edit /etc/sysconfig/iptables and throw these rules in there before
-A INPUT -j REJECT --reject-with icmp-host-prohibited.
|
-A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT -A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT -A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT -A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT -A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT -A INPUT -m state --state NEW -p udp --dport 2049 -j ACCEPT -A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT -A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT |
And restart iptables via
service iptables restart.
Configure Kickstart to Use Local Repo via NFS
This is an easy one-line if everything is set up correctly. Add the following after the “install” option within the kickstart configuration.
|
nfs --server=YOUR.HOSTNAME.TLD --dir=/repo/centos/6/os/x86_64 |
Use Local Repo Post Install
So you want to keep using your new local repo beyond the kickstart installation? No worries. Install apache, configure the vhost and update ks.cfg.
|
yum install httpd; vim /etc/httpd/conf.d/vhosts.conf |
Inside vhosts.conf:
|
<VirtualHost *:80> ServerAdmin webmaster@HOSTNAME.TLD DocumentRoot /repo ServerName YOUR.HOSTNAME.TLD ErrorLog logs/YOUR.HOSTNAME.TLD-error_log <Directory /> Options Indexes MultiViews FollowSymLinks IndexOptions FancyIndexing FoldersFirst VersionSort XHTML </Directory> </VirtualHost> |
Add the following rule to iptables:
|
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT |
Restart iptables via
service iptables restart;.
Start httpd via
service httpd start; chkconfig httpd on;.
Update the kickstart configuration:
|
repo --name=My Local Repo --baseurl=YOUR.HOSTNAME.TLD/centos/6/os/x86_64 |
Done!
Kickstart Sample Configuration
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
|
install nfs --server=repo.hostname.tld --dir=/repo/centos/6/os/x86_64 lang en_US.UTF-8 keyboard us zerombr yes reboot # leaving network in here, but it'll be dhcp for now, make sure you have KVM access #network --onboot no --device eth0 --bootproto static --ip 172.16.0.254 --netmask 255.255.0.0 --gateway 172.16.0.1 --noipv6 --nameserver 172.16.0.2 --hostname new.hostname.tld rootpw --iscrypted DEFAULT_SALTED_ROOT_PASSWORD firewall --service=ssh authconfig --enableshadow --passalgo=sha512 selinux --enforcing timezone --utc Europe/London bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet" ### LVM clearpart --all --drives=sda ignoredisk --only-use=sda part /boot --fstype=ext4 --size=128 part pv.01 --grow --size=1 volgroup vg_main pv.01 logvol / --fstype=ext4 --name=lv_root --vgname=vg_main --grow --size=8192 logvol swap --name=lv_swap --vgname=vg_main --grow --size=2016 --maxsize=2016 %packages @base @core @scalable-file-systems @server-platform @server-policy @system-admin-tools pax sgpio screen crypto-utils %post wget http://your.hostn.tld/post-install-script.sh -O post-install-script.sh sh post-install-script.sh rm -f post-install-script.sh yum -y upgrade yum -y install vmware-tools-plugins-guestInfo %end |
For the option “rootpw” use
grub-crypt with the specified hash algorithm under authconfig –passalgo=X (to replace DEFAULT_SALTED_ROOT_PASSWORD). In the sample ks.cfg file, I have sha512, so:
|
$ grub-crypt --sha-512 Password: 12345 Retype password: 12345 $6$oavua3X2xzo08xkj$r1cYIK4ghmA7FEpIXbNsNQr1Xll13bGJbBX2CpoZGgKuLkDHkA71L/V8mfkiQh1pr4.JQwgW8hOWxhZW9W.y70 |
Using the Kickstart Configuration
The idea is to create a custom ISO with the kickstart configuration embedded, but I haven’t done this yet. So for now, I’m hosting the file as ks.cfg on an intranet HTTP server and booting a centos 6.3 netinstall (~200mb). At the bootloader prompt, specify extra parameters
vmlinux initrd=initrd.img ks=http://some.host.local/ks.cfg. This installs all the packages, updates as needed, partitions the disk, runs a custom script, and reboots the machine.
Brain dump complete.