Advertisment

Enterprise Linux goes Beyond Limits

author-image
PCQ Bureau
New Update

Managing the huge fleet of worksations in an enterprise is always a challenge for any CIO. Upgrades, updates, and new deployments are just a few of the routine tasks that have to be done. Rolling out security policies is another key challenge. Then of course there are the umpteen times that workstations crash and you have to send someone to restore it in the same state, with the exact same settings. All CIOs are aware of this and all system administrators live through this day in and day out.

Advertisment

Direct Hit!

Applies To: System Administrators



USP: Implement Stateless Linux


Primary Link:


http://fedoraproject.org/wiki/StatelessLinux




Google Keywords: Stateless Linux

There are many solutions for desktop management, and here, we’ll talk about an interesting one. It’s called Stateless Linux, and we’ll show you how to implement it in the latest release of RedHat Enterprise Linux, called RHEL5. We received a RTM copy of the distribution for review, so we decided to check out this feature.

Stateless Linux is basically a concept based on a set of technologies such as thin clients, diskless booting, virtualization, etc. It involves creating an image of a Linux distribution (say Fedora Core 6), which can be used for remote booting, and at the same time can also be used to run in a virtual environment. It can also be used to synchronize with any thick client.

Advertisment
While creating the image, make sure that you have specified the address to your

local yum repository in the kickstart (ks-diskless) file

So, essentially, using a single OS image, you can boot as many thin or thick clients, diskless clients, virtualized clients, etc as you want. You can very well imagine the benefits of doing this. You only have to worry about managing and updating a single OS image.

How to Implement



Well, truly speaking, implementing Stateless Linux on RHEL5 was a really a hard nut to crack. First, some of the packages that were required by Stateless Linux were not installed by default while installing RHEL5, so we had to hunt for them manually. Most of them were available on the RHEL CD itself.

Advertisment

The other trouble was that we had to install every single package manually. During the installation, you’ll need a package called Cobbler for el5. We didn’t find it on the disk, so had to hunt for it on the Net. The one we found first required a lot of dependancies. Next, we checked the official Cobbler website and found the right package there. Next, you need to get stateless.repo and install Stateless Server. For doing this, issue the following commands and update yum afterwards:

# wget

http://people.redhat.com/~law/stateless.repo



# mv stateless.repo /etc/yum.repo.d/


# yum install StatelessServer


# yum -y update

Create client image



You have to make a stateless image of the OS, which your clients will work use. We used Fedora Core 6 DVD for our test. You need to make the ISO of this DVD in your root directory as follows:

Advertisment

You can use the same OS image for virtualization, PXE booting and synchronizing thick clients

# dd if=/dev/cdrom of=fc6dvd.iso

Next, make a directory where your fc6dvd.iso will be mounted, and finally import it to Cobbler and unmount.

Advertisment

# mkdir /tmp/fc6dvd



# mount -o loop fc6dvd.iso /tmp/fc6dvd


# cobbler import --name=fc6 --mirror=/tmp/fc6dvd


# umount /tmp/fc6dvd

Before we can make the profile for diskless clients in Cobbler, we must instantiate a profile for NFS clients. This way, we make a root file system which the client will get from the server in

order to boot. This is done with the help of anaconda. For this you have to mount an additional file system on /export/NFSroots as follows:

# mkdir -p /export/NFSroots/fc6

Advertisment

Before running anaconda, configure you ks-diskless.cfg file for repo

directory or else it will not work. Open ks-diskless.cfg using the following command:

# vi var/lib/cobbler/ks-diskless.cfg

Here, you will see lots of code written. Find the following lines from this code:

Advertisment

repo --name=extras --baseurl=http://download.fedora.redhat.com/pub/fedora/linux/extras/6/i386



repo --name=stateless --baseurl=http://people.redhat.com/~law


repo --name=local --baseurl=http://server/localyumrepo

Go to the third line, which mentiones the repo name local. Change the base URL, which is the address to your local yum repository. For example, in our case the address is http://127.0.0.1//cobbler/ks_mirror/fc6. Now, issue the command for running anaconda. In case you get an error saying that some package was not found or can't read 'repomd.xml,' just click on continue to make it work.

# anaconda -G -m nfs://var/www/cobbler/ks_mirror/fc6 --rootpath=/export/NFSroots/fc6





--kickstart=/var/lib/cobbler/ks-diskless.cfg

This process will really take time, giving you enough time to go and grab a coffee. NFSroots/fc6 will be used to create initrd and also used as root filesystem for diskless clients. Now you have to export the NFSroots/fc6 so that the diskless clients can mount their root filesystem, They mount the root filesystem in read only manner. After that, restart NFS services as follows:

# echo '/export/NFSroots/fc6 *(ro,no_root_squash,async)' >> /etc/exports



# service nfs restart

Then make initrd which is required by the kernel for boot up process and hence required for tftpboot. Set the SELinux setting to permissive and mount /tmp and /dev. For convenience, change your present working director to /tmp.

# setenforce Permissive



# chroot /export/NFSroots/fc6 /bin/bash


# mount -t tmpfs none /tmp


# mount -t tmpfs none /dev


# cd /tmp


In making the initrd image, you require, the module name of the client network interface card. For example, --with=8139 and if your clients have different network interface cards then give multiple --with=1234 --with=5678. Replace the server IP address given below with your server’s IP address and eth0 by which network device is working, e.g. eth0, eth1, etc. Finally move the initrd image to /boot. Now unmount both /tmp and /dev and set SELinux setting to ‘enforcing.’

# mkinitrd --with=8139 --rootopts=ro,nolock --net-dev=eth0





--rootdev=192.168.1.5:/export/NFSroots/fc6 --rootfs=nfs


initrd-2.6.18-1.2798.fc6.img 2.6.18-1.2798.fc6


# mv initrd-2.6.18-1.2798.fc6.img /boot


# cd /


# umount /tmp


# umount /dev


# exit


# seteforce Enforcing






Change the IP address 192.168.1.5 with your own server address where the image will be residing and which will be used by the client to boot up.

Create a diskless profile in Cobbler which will provide all the support such as where the kernel is, which initrd image is to be used, etc. It basically configures your dhcpd.conf file to remain managed and takes care of your tftpboot directory for PXE booting. First of all you have to add the distro to Cobbler specifying the kernel and initrd file, and then add profile to it as follows:

# cobbler distro add --name=fc6-diskless --kernel=/export/NFSroots/fc6/boot/vmlinuz-2.6.18-1.2798.fc6





-- initrd=/export/NFSroots/fc6/boot/initrd-2.6.18-1.2798.fc6.img


# cobbler profile add --name =fc6-diskless -–distro=fc6-diskless


# cobbler sync

Now you have to create state file

under the puppet control on the server for the clients. Do this by issuing following commands:

# mkdir -p /var/lib/puppet/files/private/myclient/etc/ssh



# cp /export/NFSroots/FC6/etc/ssh/* /var/lib/puppet/files/private/myclient/etc/ssh


# ssh-keygen –q –t rsa1 –f /var/lib/puppet/files/private/myclient/etc/ssh/ssh_host_key -C ‘ ‘ -N ‘ ‘


# ssh-keygen –q –t rsa -f /var/lib/puppet/files/private/myclient/etc/ssh/ssh_host_rsa_key -C ‘ ‘ -N ‘ ‘


# ssh-keygen –q –t dsa -f /var/lib/puppet/files/private/myclient/etc/ssh/ssh_host_dsa_key -C ‘ ‘ -N ‘ ‘


# mkdir –p /var/lib/puppet/files/private/myclient/etc/X11


# touch /var/lib/puppet/files/private/myclient/etc/X11/xorg.conf


# chown –R puppet.puppet /var/lib/puppet/files/private/myclient





Note that once the client boots up, copy the /etc/xorg.conf file to the puppet server. The one you have used now will just act as a place holder where the client’s xorg.conf will be copied.

There are still some more things to do to get it working. You have to add your client system to Cobbler. For this, you must know your client’s MAC address and you have to assign IP address also. After you get the MAC address, issue the following commands to add up:

# cobbler system add --name=192.168.1.101 --profile=FC6 --pxe-address=MAC Address of your client



# cobbler sync

Change the IP address ‘192.168. 1.101,’ by the IP address you want to assign to your client. Please note that you have to run cobbler sync, which will make changes to your dhcpd.conf file. So, if you have changed the earlier dhcpd.conf file then again you have to make the changes in it. Now, you have to create the storage space where your clients will store their data.

For this, create a directory for those clients who need read/write permissions. Issue the following commands to do so, and restart the NFS service.

# mkdir /export/private/



client1.testdomain


# echo “/export/private/


client1.testdomain client1.testdomain(rw,no_squash,async)” >> /etc/export


# service nfs restart


Now, you need to modify the file C15F0165, which is in pxelinux.cfg directory. The file can be of any name, so you have to find the file name to modify. Depending on how many clients you are adding, the same number of files will be created for them.

Add the line, “CLIENTSTATE=(your server IP):/export/writable” at the end of the line which starts with ‘Append.’ Now, open up the file.

# vi /tftpboot/pxelinux.cgf/C15F0165

Your server configuration process is complete after this. You can boot up your clients and start working. Enable PXE boot on your client PCs, and connect them to the network. Your system is

ready, and the client should get its IP address via the DHCP server and boot up without any hassle.

Next month, we will show you how to use the same FC6 image to boot with a XEN virtualization environment.

Advertisment