CentOS Kickstart

Kickstart with CentOS

Kickstart is such a necessity that I have in the past year become very driven by automation. Automation allows me to install and configure things so much quicker and easier and not have to waste hours upon hours doing the most mundane things that can be accomplished using automation in minutes.

Here is a guide on how to accomplish installing CentOS 6.5 with kickstart.

Install the package to create an iso image. genisoimage replaced mkisofs
[root@logoff /]# yum install genisoimage

Under CentOS/6.5/os/x86_64/isolinux/ for example under http://ftp.wa.co.za/pub/centos/6.5/os/x86_64/isolinux/
or on your own mirror repository (see previous post Creating a Centos Repository)
under /var/www/html/repo/CentOS/6.5/os/x86_64/isolinux/ copy the isolinx directory to /opt/boot/
This would also depend on the version of CentOS you are looking for and also the architecture of your system

Copy the directory to /opt/boot/
[root@logoff /]# cp -r /var/www/html/repo/CentOS/6.5/os/x86_64/isolinux /opt/boot/

List the files to make sure you have them all
[root@logoff /]# cd /opt/boot/isolinux
[root@logoff isolinux]# ls
boot.msg grub.conf initrd.img isolinux.bin isolinux.cfg memtest splash.jpg vesamenu.c32 vmlinuz

Edit the isolinux.cfg to create the boot menu
[root@logoff isolinux]# vi isolinux.cfg

default vesamenu.c32
#prompt 1
#Wait 10 seconds before default label is booted
timeout 100

display boot.msg

menu background splash.jpg
menu title Welcome to CentOS 6.5!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000

label CentOS Default Kickstart
menu label CentOS Default Kickstart
menu default
kernel vmlinuz
append initrd=initrd.img ks=http://logoff/ks/centos_default.cfg

Create the iso that we can use to boot from

[root@logoff isolinux]# mkisofs -o ../centos_default.iso -b isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -R -J -v -T ../isolinux/*

I am using the Webafrica repository in this example but you can use any repository you wish.
The rootpw is an encrypted password that is generated. You can create your own password with the openssl command below.
I am also disabling the firewall, selinux and selected services that I don’t need.
The boot partition is set to 200MB.
The SWAP is set to recommended which is two time the amount of RAM.
The / partition is set to the remainder of the space.

Generate encrypted password
[root@logoff /]# openssl passwd -1 "password"
You will end up with something like “$1$dNTM1rJc$SMjFTsaax6gBbiMzSt6Ty0″

Now we have to create the configuration file to install and configure the system
This is assuming you already have a webserver in place where you can put this file so that it is accessible by the kickstart script.
You can grab it here – centos_default.cfg

[root@logoff /]# vi /var/www/html/ks/centos_default.cfg

text
install
url –url http://ftp.wa.co.za/pub/centos/6.5/os/x86_64
lang en_US.UTF-8
keyboard us
lang en_US
network –device eth0 –bootproto dhcp –hostname=centos_kickstart_default
rootpw –iscrypted $1$dNTM1rJc$SMjFTsaax6gBbiMzSt6Ty0
firewall –disabled
selinux –disabled
authconfig –enableshadow –enablemd5 –passalgo=sha512
#My timezone is for South Africa
timezone –utc Africa/Johannesburg
services –disabled anacron,apmd,firstboot,haldemon,messagebus,microcode_ctl,pcscd,readahead_early,readahead_later,setroubleshoot,kdump,kudzu,mcstrans,mdmonitor,iptables,autofs,gpm,sendmail,cups,ip6tables,arptables_jf,xfs,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd,restorecond,mcstrans,rhnsd,yum-updatesd,rpcbind
zerombr yes
clearpart –all
part /boot –asprimary –fstype=”ext4″ –fsoptions=”nosuid,nodev,noexec” –size=200 –bytes-per-inode=4096
part swap –asprimary –fstype=”swap” –recommended –bytes-per-inode=4096
part / –asprimary –fstype=”ext4″ –grow –size=1 –bytes-per-inode=4096

bootloader –location=mbr –append=”nofb quiet splash=quiet”
#bootloader –location=mbr –append=”console=xvc0″

#This will eject the iso so that upon reboot it will not use that iso to boot
reboot –eject

#I am using the minimal installation but if you want to you can uncomment the commented ones and comment out the –nobase one.
%packages –nobase
#packages
#@ base
wget
tar

#Logfile to see what has been done after the installation
%post –log=/var/log/post-install.log

#!/bin/bash
########################################################
## To setup the networking with either DHCP or Static ##
########################################################

exec < /dev/tty6 > /dev/tty6
chvt 6
clear

HWADDR=`ifconfig eth0 | grep HW | awk ‘ BEGIN { FS = ” ” } ; { print $5 } ; ‘`
hostfile=”/etc/sysconfig/network”
netfile=”/etc/sysconfig/network-scripts/ifcfg-eth0″
hosts=”/etc/hosts”

echo -n “Enter the Server’s Hostname: ”
read hostname

echo -n “Static of DHCP Network configuration? ”
read mode

echo “DEVICE=\”eth0\”” > $netfile
echo “HWADDR=\”$HWADDR\”” >> $netfile
echo “ONBOOT=\”yes\”” >> $netfile
echo “NM_CONTROLLED=\”yes\”” >> $netfile
echo “IPV6INIT=\”no\”” >> $netfile
echo “NETWORKING_IPV6==\”no\”” >> $netfile
echo “NETWORKING=yes” > $hostfile

if [ $mode = "DHCP" ]
then
echo “BOOTPROTO=\”dhcp\”” >> $netfile
echo “HOSTNAME=$hostname” >> $hostfile
echo “$ipaddr $hostname” >> $hosts

else
echo -n “IP Address:”
read ipaddr
echo -n “Netmask: ”
read netmask
echo -n “Gateway: ”
read gateway
echo -n “DNS1: ”
read dns1
echo -n “DNS2: ”
read dns2
echo -n “Domain: ”
read domain

echo “BOOTPROTO=\”static\”” >> $netfile
echo “TYPE=\”ethernet\”” >> $netfile
echo “IPADDR=\”$ipaddr\”” >> $netfile
echo “NETMASK=\”$netmask\”” >> $netfile
echo “GATEWAY=\”$gateway\”” >> $netfile
echo “DNS1=\”$dns1\”” >> $netfile
echo “DNS2=\”$dns2\”” >> $netfile
echo “DOMAIN=\”$domain\”” >> $netfile
echo “HOSTNAME=$hostname.$domain” >> $hostfile
echo “$ipaddr $hostname $hostname.$domain” >> $hosts
fi

###Go back to tty1##
exec < /dev/tty1 > /dev/tty1
chvt 1

# From the previous post about repository you can add your own one in here
# Otherwise you can just leave this section out
# Setup the mirror.logoff.co.za Repository

#echo “Repo”
#cd /tmp
#wget -c http://mirror.logoff.co.za/ks/CentOS-Base.repo
#mv -f CentOS-Base.repo /etc/yum.repos.d/

## Install some default packages I recommend
yum install -y openssh setuptool system-config-firewall-tui system-config-network-tui mlocate tcpdump tcptrack traceroute make gcc kernel-devel mc vim-enhanced openssh-clients unzip elinks lsof iotop ntp net-snmp-utils powertop mtr telnet dstat rsync iptraf nmap screen man man-pages iotop htop openssl-devel

## System update in case any packages were not upgraded in the process
yum -y update

Mount the ISO that was created, centos_default.iso, and install CentOS

Creating a CentOS repository

This is just a quick howto on creating a CentOS repository with EPEL on CentOS.

First we need to have a webserver installed as we need to access the repository via http.
I am going to use Apache. On Redhat based systems the package is called httpd and on Debian it is Apache2.

Install Apache and rsync client
[root@logoff]# yum install httpd rsync
Start Apache
[root@logoff]# /etc/init.d/httpd start

The default directory for the DocumentRoot is under /var/www/html

Create the repository directorys
[root@logoff]# mkdir -p /var/www/html/repo/CentOS/7/os/x86_64
[root@logoff]# mkdir -p /var/www/html/repo/CentOS/7/updates/x86_64
[root@logoff]# mkdir -p /var/www/html/repo/CentOS/extras/x86_64
[root@logoff]# mkdir -p /var/www/html/repo/CentOS/isos/x86_64
[root@logoff]# mkdir -p /var/www/html/repo/CentOS/7/centosplus/x86_64
[root@logoff]# mkdir -p /var/www/html/repo/CentOS/7/fasttrack/x86_64
[root@logoff]# mkdir -p /var/www/html/repo/CentOS/7/contrib/x86_64
[root@logoff]# mkdir -p /var/www/html/repo/CentOS/7/cr/x86_64
[root@logoff]# mkdir -p /var/www/html/repo/CentOS/7/xen4/x86_64
[root@logoff]# mkdir -p /var/www/html/repo/EPEL

Create the scripts directory
[root@logoff]# mkdir -p /opt/scripts

Create the CentOS mirror script
In your favourite editor add the following in /opt/scripts/centos.sh

#!/bin/sh

rsync="/usr/bin/rsync -avqHz --delete"
mirror=ftp.is.co.za::mirror/centos

verlist="6.5"
archlist="x86_64"
baselist="SCL os updates extras isos centosplus contrib cr fasttrack xen4"
local=/var/www/html/repo/CentOS

for ver in $verlist
do
for arch in $archlist
do
for base in $baselist
do
remote=$mirror/$ver/$base/$arch/
$rsync $remote $local/$ver/$base/$arch/
done
done
done

Make the script executable
[root@logoff]# chmod +x /opt/scripts/centos.sh
Run the script
[root@logoff]# /opt/scripts/centos.sh

Create the EPEL mirror script
In your favourite editor add the following in /opt/scripts/epel.sh

#!/bin/bash /usr/bin/rsync -avqHz --exclude-from="/opt/scripts/epel_excludes.txt" --numeric-ids --delete --delete-after --delay-updates rsync://dl.fedoraproject.org/fedora-epel /var/www/html/repo/EPEL/

Create the epel_excludes
In your favourite editor add the following in /opt/scripts/epel_excludes.txt

4
4AS
4ES
4WS
5
5Client
5Server
RPM-GPG-KEY-EPEL-4
RPM-GPG-KEY-EPEL-5
beta
testing
i386
ppc64

Make the script executable
[root@logoff]# chmod +x /opt/scripts/epel.sh
Run the script
[root@logoff]# /opt/scripts/epel.sh

Do note, this is extremely big it's about 32GB

You can edit the following file on the client machine.
Replace the http://logoff part with your repository's IP or dns name if you have set it up.

/etc/yum.repos.d/CentOS-Base.repo


# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
baseurl=http://logoff/repo/CentOS/6.5/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=http://logoff/repo/CentOS/6.5/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://logoff/repo/CentOS/6.5/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - CentosPlus
baseurl=http://logoff/repo/CentOS/6.5/centosplus/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
baseurl=http://logoff/repo/CentOS/6.5/contrib/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#scl
[SCL]
name=CentOS-$releasever - SCL
baseurl=http://logoff/repo/CentOS/6.5/SCL/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#cr
[cr]
name=CentOS-$releasever - cr
baseurl=http://logoff/repo/CentOS/6.5/cr/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#xen4
[xen4]
name=CentOS-$releasever - xen4
baseurl=http://logoff/repo/CentOS/6.5/xen4/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#os
[os]
name=CentOS-$releasever - os
baseurl=http://logoff/repo/CentOS/6.5/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://logoff/repo/EPEL/6/$basearch
failovermethod=priority
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
baseurl=http://logoff/repo/EPEL/6/SRPMS/
failovermethod=priority
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Then run the following on the client machine:

[root@client]# yum update

Sources

https://fedoraproject.org/wiki/EPEL

Back to the books

I started working the first year I left school when one of my best friends gave me an opportunity to work for him. Being a computer geek at the time I couldn’t say no, so I took it with arms wide open. He introduced me to a wonderful thing called Unix. At the time I had no idea what the hell that was. Coming from only knowing windows this was challenging! When I say challenging, I mean the kids of today actually have it easy! We now have Google and a lot more resources and guides to help us. Back then we only had the operating system manual pages, the README files and books that you had to go buy!
Over the years I started to love open source software because it was free and you could do with it whatever you wanted! Those that knew Unix back then, most of the things you did was in the console unlike windows that you had a point and click interface.

I never did any qualifications, courses or anything. Everything I learnt was from hands on experience, friends, search engines, books, etc. I’ve never needed to study anything as I have been lucky enough to have been in companies that just saw my experience as enough. Over the years I have been a jack-of-all-trades in the sense that I never specialized in one aspect of I.T and am able to do most things, from setting up servers, be it web-servers, databases, DNS, etc, to creating websites, to writing some code, to creating networks, firewalls, storage servers and the list goes on. I’ve loved getting my hands dirty on every aspect I could! The past 2 years it has dawned on me that I want to get some sort of certificate or something that I want to do. Nothing out there really grabs my eye that is like WOW, I must do it! I mean Linux LPI, that’s so YAWN. Red Hat certification, you are limited to RedHat and maybe CentOS. I have considered maybe the Cisco route, but I realize I don’t like networking that much. I mean I love it, but it’s ok.

The past year or so I have been chatting to a friend who is big into I.T Security. He may not know, but I have always looked up to him as a mentor. I’ve loved the security side of I.T be it firewalls, securing a system, installing an IDS and analysing it and finding holes in systems and patching them up. Anyhoo, it got me thinking about studying. There is one certification I would love to get but it is pretty challenging and I have been scared shitless about it. CISSP (Certified Information Systems Security Professional). This is not an easy one to get as the requirements are daunting. I have forgotten what it is like to study! This is one reason why I am so scared! It’s not a month or two thing, this is a year or two thing depending how much I put into studying! Now, you can understand why! If I do this, I need to push myself!

Another certification I have been pondering about is the Puppet Professional Certification. Puppet is an automation software that helps manage infrastructure throughout its lifecycle, from provisioning and configuration to orchestration and reporting. I am not going to explain this in detail of course, but anyone in I.T would tell you that if you want to rather automate things in your environment rather than manual configuring things they would all tell you AUTOMATE! I know this is far different from the security aspect, but for me this also excites me.

So there you have it. I need a schedule and some motivation. If you have any tips for me please let me know!

Reinventing the wheel

So many of you may have been wondering what’s happened to me and why I stopped posting here well…

I have been blogging since 2005. I first started out on Xanga (I saw they redesigned the whole aspect of it) where I used that to vent my frustrations and it actually helped a lot! I then moved over to cloud.za.net –> empyrean.za.net and then I finally moved it to Logoff.
My goal of blogging was to share some of my life moments, share funny videos and anything I found interesting. Towards the beginning of last year I found that many bloggers I followed would blog the same thing basically most of the time and it felt like I was wasting my time.
My last post was last year November and I decided to take a break.
During this year I have thought about what I wanted to do with my site to make it unique and see what direction I wanted to take it. The past month I’ve been thinking of making it a more technology based. So after a long year I think I am ready to pick this up and start something new. I see a goal, but to reach that goal I need to start somewhere and here I start. So expect more updates and cosmetic changes here the next couple of weeks!

My older posts are still going to be on this site of course, but I have decided to keep it out of the visible eye just to seem that it looks like a fresh clean blog again.

Thank you to those who have been following my blog over the years :)