Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (introduction)

INTRODUCTION:  Overview of the starting point for this install, and reasons why to do it.
I’ve been building/tweaking baseline CentOS installs for quite awhile. For CentOS 7 64-bit, I’ve “standardized” on a config that uses ~550 MB of vdisk and runs in ~ 120 MB of vRAM (512 MB allocated to the VM).
  • CentOS 7.x Linux 64-bit, NO GUI desktop, HTTPD, PXE, Kickstart, RepoSync+RepoTrack, NFS.
  • Begin with by making a full clone from existing VM c7baseline.
  • two vDisks:
    • 20GB for RepoSync at “/var/www/html/repos/” hdd=”c7pxe-repos.vmdk”
    • 6GB for /boot and “/” hdd=”c7baseline-d1.vmdk”
  • entry for “/etc/hosts”: c7pxe.local c7pxe
  • VM is configured with a static IP using VMware Fusion VMNET2
  • Only user is “elmer”.  Elmer has administrative (sudo) privileges.

This baseline has:
  • SELinux=permissive
  • firewalld is enabled and configured, with only SSH and nss-mdns in from local subnet.
  • repo EPEL is enabled.
  • KDUMP and SWAP were disabled during install.
  • has these packages: ip address, nmtui, gzip, tar, top, curl, epel-release, yum-utils, deltarpm, nano, nss-mdns, htop, rng-tools, rsync.
  • Avahi is running, so I can use *.local name resolution and skip more complicated DNS and/or host file configurations.
  • open-vm-tools is running. I have a couple folders shared into the VM for getting scripts and outputting config backups.
  • SSHD is running.  I do most of my activity via a host MacOS terminal ssh connection.
  • I use nano as editor on CentOS VMs.  If you prefer vi, emacs, or something else… thats ok with me.
  • The VM gets TIME from the host, via hypervisor/open-vm-tools, so it doesn’t need NTP or Chrony.
  • Virtual hardware items Printer, Sound, USB, Camera, and Bluetooth have been removed from the VM config.
  • The VM using NVMe for hard disks and SATA for cdrom.  No IDE or SCSI.
  • The reduced hardware profile enables removing a lot of firmware packages from these VMs.

It’s easy/fast to make a ZIP backup copy of an entire VM, so I’m moderately aggressive with removing things like dracut emergency/rescue packages, old kernels, yum caches, etc.  If I break a VM, I just revert to a previous backup.

With VMs under 20GB in size, making ZIP backups via the host OS filesystem is often faster than managing VMware snapshots.  Also, I like knowing that I have fully contained/atomic backups set to the side and quickly available if needed.

I have some custom scripts that clean up the VM contents and shrink the vdisk (to reduce disk usage on host system).

There are many options to further minimize and harden these VMs, but this current baseline maintains normal CentOS/Fedora/RHEL/Oracle functionality and compatibility.

Using a local RepoSync + RepoTrack enables installs/updates without internet for the target nodes, it speeds up the install/update time for all of the VMs, and it provide much better awareness/control over what packages are getting installed.
Using PXE/Kickstart automates a lot of the tedious/repetitive installation activities.  Doing kickstarts from local repos eliminates the need for maintaining a collection of downloaded ISOs.
An instance installed from ISO immediately needs updates; but kickstart from local repos takes care of that during the initial install.
Additionally, kickstart can run “%POST” activities to perform more setup/config work, even installing and fully configuring software applications.

One thought on “Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (introduction)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s