020 Network Install - IBM · 1 IBM Advanced Technical Sales © 2014 IBM Corporation 020 Network...

1IBM Advanced Technical Sales © 2014 IBM Corporation

020 Network Install

Linux on POWER

Red Hat Edition


RHEL 6.5 Network Install

• Your first (odd) RHEL installed LPAR will become a network install server

• Bring over sk_rh65 script

• Run sk_rh65 –s for install server setup on odd LPAR– Checks for and makes directories

– Checks mounts

– Checks NFS exports

– Places network boot image

– Installs RPMS

– Brings over kickstart template

– Brings over /etc/dhcp/dhcpd.conf file

– chkconfig sets run levels for a number of services

– sed /etc/selinux/config to disable SELINUX

– Prompts for reboot of odd LPAR – y

• Reboot odd LPAR



• Run sk_rh65 with other command line flags on odd LPAR, to enable client install– Creates client stanza in /var/lib/tftpboot/etc/yaboot.conf

– Runs ssh lpar_netboot onto HMC to retrieve client MAC address

– Links client MAC address to /var/lib/tftpboot/etc/yaboot.conf

– Parses kickstart template to create unique file /export/kickstart/ks_sNN.cfg for your client

– Inserts client stanza in /etc/dhcp/dhcpd.conf, restarts dhcpd

• Activate the even LPAR, network install client, to Open Firmware

• Open Firmware 0 > boot syntax

• Several tftp transfers automatically

• RHEL install starts automatically

• RHEL install packages complete

• RHEL post installation

• Post install checks

• Convenient HMC commands



• Same desktop tools required

- terminal, then ssh for login into Hardware Management Console (HMC) and

Linux LPARs (VMs)

- VNC viewer for graphical network install if desired

• Your LPARs are created for you, see your student worksheet

– odd LPAR (s21, s67, etc) is media installed, will be install server

– even LPAR (s22, s68, etc) for network install client


Bring over sk_rh65 script

• On the odd LPAR …

# mount 10.31.193.105:/export/config_files /mnt

# cp /mnt/sk_rh65 sk_rh65

# umount /mnt

# ./sk_rh65 (see usage message)

# ./sk_rh65 –s

…

…

Setup complete. Reboot required. Reboot now? (y/n) y


Enable the client install from odd LPAR

• After reboot, on your ODD LPAR…

# ./sk_rh65 –H <hmc ip> –u <hmc user> \–m <managed server> \–c <client hostname> \–p <partition name> \–f <profile name>

• If dhcpd restart fails see instructor

• You will be prompted for student password on hmc twice

• The next 21 slides represent the manual config that the script has replaced. They are included for reference. The button below will skip forward to ssh into the HMC, for booting the client LPAR and opening its console

Skip forward to

ssh into HMC

EVEN client_hostname

sNN

EVEN partition name sNNProfile name sNN, same as your

EVEN partition name

Managed_server from

worksheet, 73nP


Network boot image• ssh to your odd install server LPAR (you just media installed it)

• We will prepare a somewhat “indirect” network boot with yaboot

# mkdir –p /var/lib/tftpboot/etc# mkdir –p /var/lib/tftpboot/ppc/ppc64# cp /export/RHEL65DVD/ppc/chrp/yaboot /var/lib/tftpboot/yaboot_RHEL65# cp /export/RHEL65DVD/ppc/ppc64/yaboot.conf /var/lib/tftpboot/etc# cp /export/RHEL65DVD/ppc/ppc64/initrd.img /var/lib/tftpboot/ppc/ppc64# cp /export/RHEL65DVD/ppc/ppc64/vmlinuz /var/lib/tftpboot/ppc/ppc64

Name yaboot in such a way, that we know

what it is 6 months from now

sh_rh65 script skips this slide


Network boot image• Check your work

# ls -la /var/lib/tftpboottotal 276drwxr-xr-x. 4 root root 4096 Apr 29 11:39 .drwxr-xr-x. 43 root root 4096 Apr 29 11:38 ..drwxr-xr-x. 2 root root 4096 Apr 29 11:40 etcdrwxr-xr-x. 3 root root 4096 Apr 29 11:38 ppc-r--r--r--. 1 root root 263760 Apr 29 11:39 yaboot_RHEL65

# ls -la /var/lib/tftpboot/etctotal 12drwxr-xr-x. 2 root root 4096 Apr 29 11:40 .drwxr-xr-x. 4 root root 4096 Apr 29 11:39 ..-r--r--r--. 1 root root 221 Apr 29 11:40 yaboot.conf

# ls -la /var/lib/tftpboot/ppc/ppc64total 43564drwxr-xr-x. 2 root root 4096 Apr 29 11:41 .drwxr-xr-x. 3 root root 4096 Apr 29 11:38 ..-r--r--r--. 1 root root 28205108 Apr 29 11:41 initrd.img-r-xr-xr-x. 1 root root 17020184 Apr 29 11:41 vmlinuz



Edit client stanza into /var/lib/tftpboot/etc/yaboot.conf

# vi /var/lib/tftpboot/etc/yaboot.confinit-message = "\nWelcome to the 64-bit Red Hat Enterprise Linux 6.5 installer!\nHit <TAB> for boot options.\n\n"

timeout=6000

default=linux

image=/ppc/ppc64/vmlinuz

label=linux

initrd=/ppc/ppc64/initrd.img

read-only

image=/ppc/ppc64/vmlinuz

label=sNN

initrd=/ppc/ppc64/initrd.img

append="ks=nfs:<oddlparip>:/export/kickstart/ks_sNN.cfg ksdevice=eth0 ip=<evenlparip> netmask=255.255.240.0 gateway=10.31.196.250 noipv6"

read-only

I was not excited about editing this file for EVERY client. But adding a unique stanza for each client is not too complicated, saves a lot of error prone typing at Open Firmware, and supports the idea of multiple install clients. I am scripting up a “mass” config

Note the stanza for the “default label”

Create one stanza for your client even

LPAR, with a specific label for your client,

and a specific append for your client

All one line. No newline, no enter

sNN is your EVEN LPAR



Client MAC and IP Address

• At HMC login, use lpar_netboot command to collect MAC address from your client (even) LPAR. LPAR name and profile name are identical.

student@m1-hmc-1:~> lpar_netboot -M -n -t ent sNN sNN 73nP# Connecting to sNN# Connected# Checking for power off.# Power off complete.# Power on sNN to Open Firmware.# Power on complete.# Getting adapter location codes.# Type Location Code MAC Address Full Path Name Ping Result Device Typeent U8233.E8B.103736P-V26-C2-T1 e683616c7502 /vdevice/l-lan@30000002 n/a virtual

• Back on your install server (odd) LPAR, link yaboot.conf to a MAC address filename

# cd /var/lib/tftpboot/etc# ln –s yaboot.conf 01-e6-83-61-6c-75-02

# ls01-e6-83-61-d7-77-02 yaboot.conf

LPAR name, profile name (same as

LPAR name), server name

We will also use MAC address

when editing dhcpd.conf file –

important 01- prefix here

Write the MAC address on your

student worksheet.

If you get a “cannot connect” error, you have console open to

even LPAR in another window. Close that console and retry



Kickstart info

• We use a ks.cfg file to automate behavior of a RHEL install

• The media install of your odd LPAR left a representative kickstart file /root/anaconda-ks.cfg

• I used this as a basis for <instructor server>:/export/config_files/ks_template.cfg

• Copy it to your odd LPAR, and also copy it to name that matches your client hostname

• On the odd LPAR…

# mkdir –p /export/kickstart# echo “/export/kickstart *(ro,no_root_squash)” >>/etc/exports

# mount <instructorserver>:/export/config_files /mnt# cp /mnt/ks_template.cfg /export/kickstart# umount /mnt# cd /export/kickstart# cp ks_template.cfg ks_sNN.cfg

• Into the template, many parameters were added from Red Hat Chapter 31.4 Kickstart options https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/s1-kickstart2-options.html

sNN, your even

LPAR hostname


https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/s1-kickstart2-options.html


Arrowheads are NOT

part of an ip address

Kickstart info

• Make edits to your /export/kickstart/ks_sNN.cfg file

# Kickstart file automatically generated by anaconda.#version=DEVELinstall#cdromnfs --server=<install server ip> --dir=/export/RHEL64DVDlang en_US.UTF-8keyboard uslogging --host=<install server ip> --level=debugnetwork --onboot yes --device eth0 --bootproto static --ip <yourclientip> --netmask 255.255.240.0 --gateway 10.31.196.250--nameserver 10.36.196.1 –noipv6 –hostname <yourclienthostname>

rootpw --iscrypted$6$tkUSTyREWqY6wLxg$zH92ZhUgG/h71zU2hChHXEDICngTNJPobh2Fo.7GGQZ/TDuOjft8XBy3A9Wp2frgzktWZNdWwZlOmjJinGU.D0#firewall –service=sshfirewall –disabled#authconfig –enableshadow –passalgo=sha512authconfig –enablemd5 --enableshadow Don’t close the file

after these edits, there

are more

sNN, your even

LPAR hostname



Kickstart info


#selinux –enforcingselinux –disabledtimezone --utc America/Chicagobootloader --location=partition --driveorder=mpatha --append="crashkernel=auto console=hvc0 rhgb quiet“# The following is the partition information you requested# Note that any partitions you deleted are not expressed# here so unless you clear all partitions first, this is# not guaranteed to work

zerombrclearpart --all –-initlabel --drives=mpatha,mpathb

part prepboot --fstype=prepboot --size=4 –-ondisk=mpathapart /boot --fstype=ext4 --size=500 –-ondisk=mpathapart pv.253003 --grow --size=1 –-ondisk=mpatha

volgroup vg_sNN --pesize=4096 pv.253003logvol / --fstype=ext4 --name=lv_root --vgname=vg_sNN --grow --size=1024 ---maxsize=51200logvol swap --name=lv_swap --vgname=vg_sNN --grow --size=1984 --maxsize=1984

sNN, your even

LPAR hostname

3 partitions

created on

mpatha

Caution with initlabel if

you have data on

some LUNs

vg created

on 1 of the

partitions

Logical volumes

created in vg



Kickstart info


# define additional repositoriesrepo --name=IBM_Power_Tools --baseurl=http://public.dhe.ibm.com/software/server/POWER/Linux/yum/IBM/RHEL/6/ppc64repo --name=IBM_Power_SDK_Tools --baseurl=http://public.dhe.ibm.com/software/server/POWER/Linux/yum/SDK/RHEL/6/ppc64repo --name=Advance_Toolchain --baseurl=ftp://ftp.unicamp.br/pub/linuxpatch/toolchain/at/redhat/RHEL6

services --disabled NetworkManager,bluetooth,ip6tables,iptables --enabled httpd,nfs

#vnc --password=abcd1234



Kickstart info


%packages@base@client-mgmt-tools@core@debugging@basic-desktop@desktop-debugging@desktop-platform…krb5-workstationlibXmuperl-DBD-SQLite



Kickstart info


%post#!/bin/shmount <instructor server ip>:/export/config_files /mntcd /mntrpm -ivh ibm-power-repo*cdumount /mnt

mkdir -p /export/RHEL64DVDmount <install server ip>:/export/RHEL65DVD /export/RHEL65DVD

echo "[RHEL65DVD]" >/etc/yum.repos.d/RHEL65DVD.repoecho "name=The_RHEL65DVD" >>/etc/yum.repos.d/RHEL65DVD.repoecho "baseurl=file:///export/RHEL65DVD" >>/etc/yum.repos.d/RHEL65DVD.repoecho "enabled=1" >>/etc/yum.repos.d/RHEL65DVD.repoecho "gpgcheck=0" >>/etc/yum.repos.d/RHEL65DVD.repo

yum -y install ibm-power-managed-rhel6yum -y install nmon%end



On the Install server, some DHCP doc• Some detailed information to read carefully later

/usr/share/doc/dhcp-common-4.1.1/README

/usr/share/doc/dhcp-common-4.1.1/RELNOTES

• Initially, no manpage for dhcpd, no dhcpd.conf file# man dhcpd

No manual entry for dhcpd

# ls /etc/dhcp

dhclient.d dhclient-eth0.confh



Install dhcp, and tftp server from iso media• Install rpms on your install server (odd) LPAR

# rpm –ivh /export/RHEL65DVD/Packages/dhcp-4.1.1*

# rpm –ivh /export/RHEL65DVD/Packages/dhcp-common*

# rpm –ivh /export/RHEL65DVD/Packages/tftp-0*

# rpm –ivh /export/RHEL65DVD/Packages/xinetd*

# rpm –ivh /export/RHEL65DVD/Packages/tftp-server*

• Now check

# ls /etc/dhcp

dhclient.d dhclient-eth0.conf dhcpd6.conf dhcpd.conf

# man dhcpd

• See the sample file

# view /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample

common

likely already

installed

You could

just yum

install these



Bring over dhcpd.conf file from instructor server

• # mount 10.31.193.105:/export/config_files /mnt

# cp /mnt/dhcpd.conf /etc/dhcp/dhcpd.conf

# umount /mnt



Edit up dhcpd.conf file• vi /etc/dhcp/dhcpd.conf

#

# DHCP Server Configuration file.

# see /usr/share/doc/dhcp*/dhcpd.conf.sample

# see 'man 5 dhcpd.conf‘

#

default-lease-time 600;

max-lease-time 7200;

#

# see /etc/rsyslog.conf for local7 log direct

log-facility local7;

#

# A subnet we are not using

subnet 11.1.1.0 netmask 255.255.255.0 {

}

# Your workshop network - do NOT use dynamic-bootp - do NOT use a range

# Any range seems to DHCPOFFER dynamic addresses to requests; not what we want

# We are assigning specific IP to specific client MAC

subnet 10.31.192.0 netmask 255.255.240.0 {

option routers 10.31.196.250;

}

We’ll look at

rsyslog entry for

local7 later

This first page

is identical for

every student



Edit up dhcpd.conf file• vi /etc/dhcp/dhcpd.conf

host sNN{

hardware ethernet nn:nn:nn:nn:nn:nn;

fixed-address your.inst.client.ip;

filename "yaboot_RHEL65";

server-name “your.inst.server.ip";

}

MAC address of

YOUR install

client here

IP address of

YOUR install

client here, no

quotes

Just the bootfile

name, NO path.

dhcpd starts up

with a default path

IP address of

YOUR install

server

Hostname of YOUR

even LPAR install

client



Start dhcpd• # service dhcpd start

Starting dhcpd: [FAILED]

• OK, what problems do I have with syntax in dhpcd.conf? Try it on the command line# dhcpd -cf /etc/dhcp/dhcpd.conf

Internet Systems Consortium DHCP Server 4.1.1-P1

Copyright 2004-2010 Internet Systems Consortium.

All rights reserved.

For info, please visit https://www.isc.org/software/dhcp/

WARNING: Host declarations are global. They are not limited to the

scope you declared them in.

/etc/dhcp/dhcpd.conf line 23: expecting numeric value.

hardware ethernet E6:83:6D:0A:29:nn;

^

/etc/dhcp/dhcpd.conf line 26: semicolon expected.

server-name

^

/etc/dhcp/dhcpd.conf line 26: expecting a parameter or declaration

server-name "10.31.193.81";

^

/etc/dhcp/dhcpd.conf line 28: unexpected end of file

}

^

Configuration file errors encountered -- exiting



Start dhcpd• Make edits, try again

# dhcpd -cf /etc/dhcp/dhcpd.conf

Internet Systems Consortium DHCP Server 4.1.1-P1

Copyright 2004-2010 Internet Systems Consortium.

All rights reserved.

For info, please visit https://www.isc.org/software/dhcp/

WARNING: Host declarations are global. They are not limited to the

scope you declared them in.

Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were

not specified in the config file

Wrote 0 deleted host decls to leases file.

Wrote 0 new dynamic host decls to leases file.

Wrote 0 leases to leases file.

Listening on LPF/eth0/e6:83:60:11:22:02/10.31.192.0/20

Sending on LPF/eth0/e6:83:60:11:22:02/10.31.192.0/20

Sending on Socket/fallback/fallback-net

# service --status-all | grep dhcp

dhcpd (pid 6001) is running...

dhcpd is stopped

It is running. Not

sure what

stopped means

Just fyi – Host does

not have to be

defined within a

Subnet



dhcpd logging• About that “log-facility local7;” entry…

# grep local7 /etc/rsyslog.conf

local7.* /var/log/boot.log

# tail -f /var/log/boot.log

…

Oct 24 16:18:47 m1-stu01 dhcpd: DHCPDISCOVER from 00:21:d7:31:ae:40 via

eth0: network 10.31.192.0/20: no free leases





That’s right, do NOT give out dynamic

addresses to DHCPDISCOVER requests. If

you are still watching this later, you will see

BOOTREQUEST from your install client, and

BOOTREPLY from your install server



Set services on for restart• chkconfig command, run levels 3, 4, and 5

# chkconfig –-level 345 dhcpd on

# chkconfig –-level 345 xinetd on

# chkconfig –-level 345 nfs on

# chkconfig –-level 345 tftp on

• Start xinetd

# service xinetd start

• Make NFS export

# service nfs start

# exportfs

/export/RHEL65DVD

<world>

/export/kickstart

• <world>

Inserts “disable = no” into

/etc/xinetd.d/tftp

Recall in module 010, we put

/export/RHEL65DVD in

/etc/exports, and

/export/kickstart in this module



Reduce security config on Install Server• Verify that iptables, ip6tables not running

# service --status-all | grep tablesip6tables: Firewall is not running.iptables: Firewall is not running.

• Check status of selinux# sestatusSELinux status: enabledSELinuxfs mount: /selinuxCurrent mode: enforcingMode from config file: enforcingPolicy version: 24Policy from config file: targeted

If these service status

checks return nothing,

it is likely firewall is

running. Run setup

and turn it off



Reduce security config on Install Server

• Set SELINUX=disabled

# vi /etc/selinux/config# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=disabled# SELINUXTYPE= can take one of these two values:# targeted - Targeted processes are protected,# mls - Multi Level Security protection.SELINUXTYPE=targeted

# shutdown –r now

• Wait until server is back up,before proceeding on next slide

Set SELINUX=disabled

Do NOT change

SELINUXTYPE

We have concluded the

install server needs a

reboot after SELINUX

change



ssh into HMC

• # ssh [email protected]

Login student,

password from

student worksheet


Activate even LPAR, open its console

• At the HMC….

• chsysstate –m 73nP –r lpar –o shutdown --immed –n sNN

• chsysstate –m 73nP -r lpar –o on –n sNN –f sNN –b of

At the HMC…

mkvterm –m 73nP –p sNN

Open in progress

Memory

Open Completed.

Keyboard Network SCSI Speaker ok

0 >

lpar name

Boot mode

open firmwareprofile name

Your EVEN

LPAR


Open firmware 0 > prompt

At the 0 > prompt

0 > boot network:oddlparip,,,, sNN

• You should not have to do this, but you could put more on the 0 > prompt.

• As it happens, you already included it in the append in /var/lib/tftpboot/etc/yaboot.conf

0 > boot network:oddlparip,,evenlparip,gatewayip sNN

Even LPAR name matches the

“label” for this specific client in

/var/lib/tftpboot/etc/yaboot.conf

Four commas,

space, even

LPAR name

Boot-space-

network-colon


First tftp transfer

This comes from

/etc/dhcp/dhpcd.conf


0 > boot network:10.31.193.odd,,,, sNN

Response to the First BOOTP request was not received

BOOTP Parameters:

----------------

chosen-network-type = ethernet,auto,none,auto

server IP = 10.31.193.105

client IP = 10.31.193.61

gateway IP = 10.31.196.250

device = /vdevice/l-lan@30000002

MAC address = 5e 15 eb d8 12 2

loc-code = U8233.E8B.103733P-V33-C2-T1

BOOTP request retry attempt: 1



tftp error

If you DON’T get

Filename……yaboot_RHEL65

Check that client IP and MAC

here against what you put in

/etc/dhcp/dhcpd.conf


Second tftp transfer

This the filename linked to

/var/lib/tftpboot/etc/yaboot.conf

recall your 01- prefix…

Type in your “label”

sNN and Enter

or just hit Enter


Third tftp transfer

vmlinuz


Fourth tftp transfer

Initrd.img


Lots of initialization


Configuring eth0


Disk Re-initialize all

If you get this Error, tab to Re-initialize all and hit space


Writing the disk configuration


RHEL Install


RHEL install


RHEL install


RHEL install


RHEL install, packages completed


RHEL install, post-installation


RHEL install complete

• Hit space to reboot


Installed LPAR rebooting

Hit 1 for SMS when the word Keyboard appears…


SMS, configure boot device order

• At SMS Main Menu on reboot, 5 Select Boot Options


SMS Boot Device Order

• 2. Configure Boot Device Order



• 1. Select 1st Boot Device, 5. Hard Drive



• 1. SCSI



• 1. The first Media Adapter


SMS Boot Device OrderType the number of your installed SCSI Harddisk and enter


Configure 1st Boot Device• 2, Set Boot Sequence: Configure as 1st Boot Device


eXit System Management Services• x to eXit System Management Services


eXit System Management Services• 1 and enter, watch for boot, and RHEL setup to run


boot: (no typing here)


boot:


RHEL login:• The root pw was encrypted in the kickstart file, same as we used in odd LPAR

install


Did we get what we expected?

Ibm-power-managed

and nmon installed

SE Linux disabled

m1-sysNN login: root

Password:

[root@m1-sysNN ~]# rpm -qa | grep managed

ibm-power-managed-rhel6-1.2.0-2.ppc64

[root@m1-sysNN ~]# rpm -qa | grep nmon

nmon-14i-1.el6.ppc64

[root@m1-sysNN ~]# sestatus

SELinux status: disabled

Login with the expected,

encrypted password

from kickstart


Some convenient HMC commands

• lpar_netboot -M -n -t ent m1-sNN sNN 73nP

• chsysstate -m <managed server> -r lpar -o shutdown --immed -n <lparname>

• chsysstate –m <managed server> -r lpar –o on –n <lparname> –f <profilename> –b of

• vtmenu

• rmvterm -m <managed server> -p <lparname>


Unexpected echo of commands or password at console

• If you find strange echo of password or commands on the console of your new Red Hat

instance, you should remove the console specifier on the bootloader statement in your

kickstart files

# grep bootloader your-ks.cfg

bootloader --location=partition --driveorder=mpatha --append="crashkernel=auto

console=hvc0 rhgb quiet"

Remove console=hvc0

from your kickstart files

Date post:	29-Aug-2019
Category:	Documents
Upload:	voque
View:	216 times
Download:	0 times

020 Network Install - IBM · 1 IBM Advanced Technical Sales © 2014 IBM Corporation 020 Network...

Documents