Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 9)

Posted on by Daniel Oliver
STEP 9 – ENABLE and CONFIGURE PXE:
note: This does NOT require CentOS/RHEL to provide NTP, DHCP, DNSMASQ/BIND, vsftd, or xinetd.  The VMware Fusion VMNET2 DHCP scope can provide PXE Server location to clients.
  • enable firewall port for tftp
  • enable the service.
    • systemctl start tftp.socket
    • systemctl enable tftp.socket
  • put some important files into the tftp server location:
    • cd /var/lib/tftpboot                                  # // it starts out empty.
    • cp /usr/share/syslinux/{pxelinux.0,vesamenu.c32} .    # // now it has those two files in it.
  • Create a menu for the PXE Service… (the options a client machine gets):
    • mkdir /var/lib/tftpboot/pxelinux.cfg
    • cd /var/lib/tftpboot/pxelinux.cfg/
    • nano default
* In the next step, I’ll provide a detailed example of a /var/lib/tftpboot/pxelinux.cfg/default PXE BOOT MENU.

Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 8)

Posted on by Daniel Oliver

STEP 8 – CREATE /etc/yum.repos.d/c7x32.repo for the CentOS 7 32-bit REPOSYNC CLIENTS:

note: client machine has to have nss-mdns (avahi-daemon) working, or file will need to be edited with server’s IP ADDRESS.

provide a copy of the file at “http://c7pxe.local/repos/client-files/c7x32.repo” from
folder “/var/www/html/repos/client-files/”

subsequent kickstart scripts will get that file during system installations.

# File:/etc/yum.repos.d/c7x32.repo
[c7x32-base]
name=CentOS Base
baseurl=http://c7pxe.local/repos/c7x32/base/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1

[c7x32-extras]
name=CentOS Extras
baseurl=http://c7pxe.local/repos/c7x32/extras/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1

[c7x32-updates]
name=CentOS Updates
baseurl=http://c7pxe.local/repos/c7x32/updates/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1

 

Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 7)

Posted on by Daniel Oliver

STEP 7 – CREATE /etc/yum.repos.d/c7x64.repo for the CentOS 7 64-bit REPOSYNC CLIENTS:

note: client machine has to have nss-mdns (avahi-daemon) working, or file will need to be edited with server’s IP ADDRESS.

provide a copy of the file at “http://c7pxe.local/repos/client-files/c7x64.repo” from
folder “/var/www/html/repos/client-files/”

subsequent kickstart scripts will get this file during system installation.

# File:/etc/yum.repos.d/c7x64.repo
[c7x64-base]
name=CentOS Base
baseurl=http://c7pxe.local/repos/c7x64/base/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1

[c7x64-epel]
name=CentOS EPEL
baseurl=http://c7pxe.local/repos/c7x64/epel/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
enabled=1

[c7x64-extras]
name=CentOS Extras
baseurl=http://c7pxe.local/repos/c7x64/extras/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1

[c7x64-updates]
name=CentOS Updates
baseurl=http://c7pxe.local/repos/c7x64/updates/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1

 

Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 6)

Posted on by Daniel Oliver
STEP 6 – build REPOSYNC and REPOTRACK commands for SCRIPTs (for getting filtered packages from BASE, UPDATES, and EXTRAS.
The same pattern works fine for EPEL, but I switched back to using REPOTRACK for EPEL, because I rarely utilize more than a few hundred MB of the EPEL packages and finally got around to parsing out a list.
  • “rs32-reposync-update.sh”    # for getting base, updates, and extras.
  • “rs64-reposync-update.sh”    # for getting base, extras

And, a REPOTRACK script for getting selected packages from EPEL:

  • “rt64-c7x64-update.sh”

An easy way to begin using REPOTRACK is to query existing systems for what packages are installed from a given repo.  To gather my EPEL package list, I ran these two commands on all of my application servers:

  • repoquery -a –installed –qf “%{ui_from_repo} %{name}” | grep ‘^@epel’
  • repoquery -a –installed –qf “%-20{ui_from_repo} %-30{name} %-7{arch} %{epoch}:%-12{version} %-4{release}” | grep ‘^@epel’

Parse the results however you want, and you’ve got the basis for your repotrack script.  Repotrack doesn’t behave exactly like reposync, but it DOES get dependencies for packages, so it isn’t necessary to identify everything in advance.  It also works with wildcards.

Synchronize the directories for the repositories.
The –newest-only option puts only the latest version of each package in the repos.
note: “repoid” must match a repo name in “/etc/yum{$}.repos.d/{$}.repo”

For the “rs-c7x64-update.sh” script:

  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=base –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/
  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=extras –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/
  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=updates –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/

list the package URLs, but don’t actually download anything.

  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=base –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/ –urls

  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=extras –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/ –urls
  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=updates –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/ –urls
  • reposync –config=/etc/yumrsc7x64.conf –gpgcheck –plugins –repoid=epel –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x64/ –urls

Create (or update) new repodata for the local repositories. Note the option “-g comps.xml” to update the package group information.

  • createrepo /var/www/html/repos/c7x64/base/ -g comps.xml
  • createrepo /var/www/html/repos/c7x64/extras/
  • createrepo /var/www/html/repos/c7x64/updates/
  • createrepo /var/www/html/repos/c7x64/epel/
Do this so that clients will be able to read from the httpd repos:
chcon -R -t httpd_sys_content_t /var/www/html/repos/
Something about “SE Linux” according to a doc at RHEL.
Might throw errors, not sure if it has to be done *after* the first time RepoSync runs and populates the local repos, or if it doesn’t apply when the security settings on the vm are “permissive”.

For the “rs-c7x32-update.sh” script:

  • reposync –config=/etc/yumrsc7x32.conf –gpgcheck –plugins –repoid=base –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x32/
  • reposync –config=/etc/yumrsc7x32.conf –gpgcheck –plugins –repoid=extras –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x32/
  • reposync –config=/etc/yumrsc7x32.conf –gpgcheck –plugins –repoid=updates –newest-only –delete –downloadcomps –download-metadata –download_path=/var/www/html/repos/c7x32/
Create (or update) new repodata for the local repositories. Note the option “-g comps.xml” to update the package group information.
  • createrepo /var/www/html/repos/c7x32/base/ -g comps.xml
  • createrepo /var/www/html/repos/c7x32/extras/
  • createrepo /var/www/html/repos/c7x32/updates/

For the “rt64-c7x64-update.sh” script:

The repotrack options are very similar to reposync:

  • –config=CONFIG      # defaults to /etc/yum.conf
  • –config=/etc/yumrsc7x64.conf
  • –arch=ARCH # defaults to “current arch” (whatever the systems is currently running at).
  • –repoid=REPOID # default is all enabled.
  • –download_path=DESTDIR # Path to download packages to.
  • –urls # only show download urls, don’t download files.
  • –newest # defaults to newest-only.

For my script, I’ve sorted commands/packages into common groups.  The script is literally the following commands and comments:

# common packages:
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest etckeeper htop nss-mdns epel-release

# security packages:
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest haveged tripwire fail2ban

# only for a Gui VM:
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest imlib2 openbox openbox-libs python2-pyxdg tweak yumex

# for python pypi … note: using “python36-pip” gets “python36, python36-libs, and python36-setuptools”.
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest python36-pip 

# for a DNS server:
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest dhcping 

# for a docker server… note: using “docker*” gets python dependencies; no need to type them all out.
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest docker*

# some git servers want/need this… note: using “github2fedmsg” gets dependencies; no need to type them all out.
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest github2fedmsg

# for a kitchen sink PYTHON36*…  using python36* gets a lot of stuff… including… numpy, pyvomi, pytests, requests, tkinter, virtualenv
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest python36*

# for more GIT* packages… includes items like gitolite, gitstats, git-extras, git-tools, 
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest git*

# for MYSQL* … fairly small list of items, some connectors, utilities, and some perl.
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest mysql*

# for SQLITE* … small list of items
repotrack –config=/etc/yumrsc7x64.conf –repoid=epel –download_path=/var/www/html/repos/c7x64/epel/Packages/ –newest sqlite*

# BUILD THE LOCAL REPOS:
createrepo /var/www/html/repos/c7x64/epel/

Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 5)

Posted on by Daniel Oliver
STEP 5 – configure an EXCLUDE LINE for the YUM CONFIG files:
nano /etc/yum.conf
  • exclude list, filters out stuff I don’t need to download:
  • this is the c7pxe list I’m using as of 2019-03-22.
  • NOTE: when we’re done with this setup, we’ll have a least three yum config files on this server:
    • 1) the regular /etc/yum.conf the OS uses.
    • 2) –config=/etc/yumrsc7x64.conf
    • 3) –config=/etc/yumrsc7x32.conf
in yum config files pulling packages for 64-bit instances:
exclude=*.i386,*.i686,*-debug-*,*-demo-*,*-src-*,alsa*,ant-*,*android*,*amarok*,b43-openfwwf,bfa-firmware,bpg-*,cockpit*,culmus-*,cinnamon*,*-doc-*,*-docs-*,elementary*,ekiga*,fluid-soundfont*,firefox*,gimp-*,gutenprint-*,graphviz-*,gnuradio*,glassfish*,i3-*,ivtv*,iwl*firmware,kde*,kubernetes*,java-1.6*,java-1.7*,josm-*,jetty*,jboss*,jakarta*,libreoffice*,libertas*,maven*,mecurial*,moodle*,mythes-*,NetworkManager-team,libteam,nextcloud*,openblas*,openarena-*,qemu*,ql2100-firmware,ql2200-firmware,ql23xx-firmware,ql2400-firmware,ql2500-firmware,quantum-*,rt61pci-firmware,rt73usb-firmware,rust*,shogun*,subversion*,seamonkey*,texlive*,thunderbird*,uhd*,vtk*,wine*,wannier*,xemacs*,xqilla*,youtube*,zd1211-firmware,kacst-*,lohit-*,thai-scalable-*,*-chinese-*,*-de-*,*-es-*,*-fr-*,*-ga-*,*-hu-*,*-ja-*,*-lb-*,*-lv-*,*-ko-*,*-ru-*,*-zh-*,0ad-*,mingw*,horai*
# same exclude list with added line breaks for easier reading:
exclude=*.i386,*.i686,*-debug-*,*-demo-*,*-src-*,
alsa*,ant-*,*android*,*amarok*,
b43-openfwwf,bfa-firmware,bpg-*,
cockpit*,culmus-*,cinnamon*,*-doc-*,*-docs-*,elementary*,ekiga*,
fluid-soundfont*,firefox*,gimp-*,
gutenprint-*,graphviz-*,gnuradio*,glassfish*,
i3-*,ivtv*,iwl*firmware,kde*,kubernetes*,
java-1.6*,java-1.7*,josm-*,jetty*,jboss*,jakarta*,
libreoffice*,libertas*,
maven*,mecurial*,moodle*,mythes-*,NetworkManager-team,libteam,
nextcloud*,openblas*,openarena-*,
qemu*,ql2100-firmware,ql2200-firmware,ql23xx-firmware,ql2400-firmware,
ql2500-firmware,quantum-*,
rt61pci-firmware,rt73usb-firmware,rust*,
shogun*,subversion*,seamonkey*,texlive*,thunderbird*,
uhd*,vtk*,wine*,wannier*,xemacs*,xqilla*,youtube*,zd1211-firmware,
kacst-*,lohit-*,thai-scalable-*,*-chinese-*,
*-de-*,*-es-*,*-fr-*,*-ga-*,*-hu-*,*-ja-*,*-lb-*,*-lv-*,*-ko-*,*-ru-*,*-zh-*,0ad-*,mingw*,horai

 

in yum config files pulling packages for 32-bit instances:
exclude=*-debug-*,*-demo-*,*-src-*,alsa*,ant-*,*android*,*amarok*,b43-openfwwf,bfa-firmware,bpg-*,cockpit*,culmus-*,cinnamon*,*-doc-*,*-docs-*,elementary*,ekiga*,fluid-soundfont*,firefox*,gimp-*,gnome*,google-noto-*,gstreamer*,gutenprint-*,graphviz-*,gnuradio*,glassfish*,i3-*,ImageMagick*,ivtv*,iwl*firmware,kde*,kubernetes*,java-1.6*,java-1.7*,josm-*,jetty*,jboss*,jakarta*,libreoffice*,libertas*,maven*,mecurial*,moodle*,mythes-*,NetworkManager-team,libteam,nextcloud*,openblas*,openarena-*,qemu*,ql2100-firmware,ql2200-firmware,ql23xx-firmware,ql2400-firmware,ql2500-firmware,quantum-*,rt61pci-firmware,rt73usb-firmware,rust*,shogun*,subversion*,seamonkey*,texlive*,thunderbird*,uhd*,vtk*,wine*,wannier*,xemacs*,xqilla*,youtube*,zd1211-firmware,kacst-*,lohit-*,thai-scalable-*,*-chinese-*,*-de-*,*-es-*,*-fr-*,*-ga-*,*-hu-*,*-ja-*,*-lb-*,*-lv-*,*-ko-*,*-ru-*,*-zh-*,0ad-*,mingw*,horai*

 

 

Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 4)

Posted on by Daniel Oliver
STEP 4 – CONFIG RepoSync/RepoTrack to support multiple OS Distros, Releases, and Architectures:
As of 2019-03-22, on c7pxe, the c7x64 and c7x32 repos take about this much space…
  • 4.0G /var/www/html/repos/c7x64/base/        # filter allows for GNOME desktop.
  • 206M /var/www/html/repos/c7x64/extras/
  • 942M /var/www/html/repos/c7x64/updates/
  • 187M /var/www/html/repos/c7x64/epel/
  • 3.4G /var/www/html/repos/c7x32/base/          # filter also excludes GUI desktops.
REPOSYNC OPTIONS (not all of them):
-c CONFIG, –config=CONFIG
             Config file to use (defaults to /etc/yum.conf).
  • CREATE extra YUM config files, one for each {Distro-Release-Arch} being sync’d:
    •  /etc/yumrsc7x64.conf # configure an exclude= line.
    •  /etc/yumrsc7x32.conf # configure an exclude= line.
  • CREATE extra YUM repo directory, one for each {Distro-Release-Arch} being sync’d:
    •  /etc/yumrsc7x64.repos.d
    •  /etc/yumrsc7x32.repos.d
  • CREATE matching repo files under each directory:
    • /etc/yumrsc7x64.repos.d/c7x64.repo # {base,extras,updates,epel}
    • /etc/yumrsc7x32.repos.d/c7x32.repo # {base,extras,updates}
  • EDIT each YUM config files to specify where to find it’s “*.repo” files:
    •  IN “/etc/yumrsc7x64.conf”, add the line “reposdir=/etc/yumrsc7x64.repos.d
    •  IN “/etc/yumrsc7x32.conf”, add the line “reposdir=/etc/yumrsc7x32.repos.d
  • define reposync CONFIG OPTION for each {Distro-Release-Arch} being sync’d (for the reposync script(s):
    •  –config=/etc/yumrsc7x64.conf
    •  –config=/etc/yumrsc7x32.conf
-a ARCH, –arch=ARCH
              Act as if running the specified arch (default: current arch,
              note: does not override $releasever. x86_64 is a superset for
              i*86.).
  •  –arch= # can skip this option/flag for the x64 version, default already works.
  •  –arch= # for the x32… I’m not sure whether it is supposed to be “i386”, “i686”, or something else.
    • note: 2019-03-22, seems to working without actually using this flag.
-r REPOID, –repoid=REPOID
              Specify repo ids to query, can be specified multiple times
             (default is all enabled).
  • This flag refers to the [repo name] in the configured “*.repo” files.
  • “REPOID” must match a name in the targeted /etc/yum{$}.repos.d/{$}.repo file(s).
  • So, if you keep the names simple there, then this flag remains much simpler.
  • the options used by my repo configs and reposync/repotrack scripts:
    •  –repoid=base
    •  –repoid=extras
    •  –repoid=updates
    •  –repoid=epel
-d, –delete
              Delete local packages no longer present in repository.
 -p DESTDIR, –download_path=DESTDIR
              Path to download packages to: defaults to current directory.
  • My local repos are being stored/served in these locations (don’t put this syntax in the script):
    • /var/www/html/repos/c7x64/{base,extras,updates,epel}
    • /var/www/html/repos/c7x32/{base,extras,updates}
  • note: the reposync utility will make (or use existing) subfolder(s) matching the repo name, so, my reposync scripts only need:
    • –download_path=/var/www/html/repos/c7x64/
    • –download_path=/var/www/html/repos/c7x32/
-u, –urls
              Just list urls of what would be downloaded, don’t download.
-n, –newest-only
              Download only newest packages per-repo.

Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 3)

Posted on by Daniel Oliver
STEP 3 – CONFIGURE THE VM’s 2ND DISK AND INSTALL
note: if vdisks are “SATA”, this should display “sda”, if vdisks are “NVMe” this should display “nmve0n1”
[root@c7pxe elmer]# lsblk # show partition layout (before config’d 2nd disk):
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sr0              11:0    1 1024M  0 rom
nvme0n1         259:0    0    8G  0 disk
├─nvme0n1p1     259:1    0  512M  0 part /boot
└─nvme0n1p2     259:2    0  7.5G  0 part
  └─centos-root 253:0    0  7.5G  0 lvm  /
  • configure the 2nd disk: 20GB for “reposync” files (was using 30GB, but didn’t need it all):
    • start up the vm.
    • if NVME:
      • fdisk -l # new disk is listed as ” Disk /dev/nvme0n2: 32.2 GB, 32212254720 bytes, 62914560 sectors “
      • fdisk /dev/nvme0n2 # select new “n“, primary “p“, partition number “1“, first sector ‘default‘, last sector ‘default‘, write “w“.
      • fdisk /dev/nvme0n2 # select change type “t“, linux lvm ‘8e‘, write ‘w‘.
      • mkfs.xfs -f /dev/nvme0n2  # for some reason, the VMware Fusion VMs with NVMe vdisk required the extra “-f” flag for this to work.
    • or, if SATA:
      • fdisk -l # new disk is listed as “Disk /dev/sdb: 32.2 GB, 32212254720 bytes, 62914560 sectors”
      • fdisk /dev/sdb # select new “n“, primary “p“, partition number “1“, first sector ‘default‘, last sector ‘default‘, write “w“.
      • fdisk /dev/sdb # select change type “t“, linux lvm ‘8e‘, write ‘w‘.
      • mkfs.xfs /dev/sdb1
mkdir /var/www/html/repos   # httpd must be installed and 2nd disk must be ready.
mount /dev/nvme0n2 /var/www/html/repos
            # if SATA: mount /dev/sdb1 /var/www/html/repos
nano /etc/fstab # add new line,
            # “/dev/nvme0n2 /var/www/html/repos xfs defaults     0   0
reboot # verify that mounts, folders, and httpd work after a reboot.
[root@c7pxe elmer]# lsblk # show partition layout:
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sr0              11:0    1  7.8G  0 rom
nvme0n1         259:0    0    8G  0 disk
├─nvme0n1p1     259:1    0  512M  0 part /boot
└─nvme0n1p2     259:2    0  7.5G  0 part
  └─centos-root 253:0    0  7.5G  0 lvm  /
nvme0n2         259:3    0   20G  0 disk /var/www/html/repos

cd /var/www/html/repos/

from a browser, check that 10.0.0.11 is providing a web page (apache default).
check that the /home/elmer/shrink-disk.sh script has the lines for “/var/www/html/repos“.
  • mkdir -p /var/www/html/repos/{c7x64,c7x32} # or whatever list of distros to serve.
  • mkdir -p /var/www/html/repos/c7x64/{base,extras,updates,epel}
  • mkdir -p /var/www/html/repos/c7x32/{base,extras,updates} # there is no epel for c7x32.
  • mkdir -p /var/www/html/repos/client-files/ # will serve scripts/files here, for post install uses.
optionally: to serve ISO images to PXE boot clients:
  • mkdir -p /var/www/html/repos/c7x64/ISOminimal
    • # use: mount /dev/cdrom /var/www/html/repos/c7x64/ISOminimal
  • mkdir -p /var/www/html/repos/c7x64/ISOeverything
    • # use: mount /dev/cdrom /var/www/html/repos/c7x64/ISOeverything
  • mkdir -p /var/www/html/repos/c7x32/ISOminimal
    • # use: mount /dev/cdrom /var/www/html/repos/c7x32/ISOminimal
  • mkdir -p /var/www/html/repos/c7x32/ISOeverything
    • # use: mount /dev/cdrom /var/www/html/repos/c7x32/ISOeverything
enable remote machines to read from httpd server on c7pxe.local:
chcon -R -t httpd_sys_content_t /var/www/html/repos/
      # something about “SE Linux” according to a doc at RHEL.
      # that may throw an error, but it may not be relevant on c7pxe with selinux=permissive
      # or? might have to wait until after it’s ran a reposync cycle, so there is content in the folders.

Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 2)

Posted on by Daniel Oliver
STEP 2 – PREPARE THE BASE VM FOR INSTALL/CONFIG OF REPOSYNC AND PXE:

PREPARE FOR REPOSYNC AND PXE:

yum install httpd             # downloads 3.0 M, installs 10 M.
yum install tftp-server   # provides initial boot image to the client. Pulls about 44K from repo=base.
yum install syslinux       # provides bootloader to clients. Pulls about 1.2MB from repo=base.
yum install nfs-utils       # downloads 1.5 M, installs 4.2 M.
yum install createrepo  # Installs “createrepo” and “python-deltarpm”, downloads 125K, installs 348K.
systemctl start httpd # 1st run will automatically create /var/www/html/
systemctl enable httpd # verify the apache default web page is available at http://10.0.0.11

Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (STEP 1)

Posted on by Daniel Oliver
STEP 1 – clone an existing “minimal” VM (or build one).

This step requires an existing “minimal/baseline” VM ready to clone.

If you don’t have one, install/configure a CentOS version 7 64-bit instance.
  • On MacOS/Fusion:
    • clone an existing baseline VM.
    • verify VM config: 1 vcpu, 512MB mem, 6g NVMe disk, 1 network interface (VMNET2).
    • verify VM config: disable/remove Printer, Sound, USB, Camera, Bluetooth.
    • update shared folder settings, VM name, and notes.
  • In VM:
    • use nmtui to set/rename hostname and set static IP.
    • pull scripts and config files into /home/elmer from /mnt/hgfs/c7pxe
    • * many of these scripts and config files are described in following steps.
    • yum repolist # => should be using online CentOS-7-64bit: base,updates,extras,epel
    • systemctl status kdump # => check and confirm it’s disabled
    • free -h  # “Swap: 0B 0B 0B” # => check and confirm it’s all zeros (ie., swap is disabled).
    • hostname; ip address; uname -r
    • yum update
    • List all of the installed packages (RPMs) with size info, and sort the list by size:
    • rpm -qa –queryformat ‘%10{size} – %-25{name} \t %{version}\n’ | sort -n
    • ./yum-clean.sh # note: my custom script for cleaning up after yum.
    • ./shrink-disk.sh # note: my custom script for cleaning up and shrinking virtual disks.
  • On MacOS/Fusion:  shut down the newly cloned VM and ZIP a baseline backup before continuing.

Build a CentOS7 server for: pxe boot, kickstart, reposync, repotrack, nfs, https (introduction)

Posted on by Daniel Oliver
INTRODUCTION:  Overview of the starting point for this install, and reasons why to do it.
I’ve been building/tweaking baseline CentOS installs for quite awhile. For CentOS 7 64-bit, I’ve “standardized” on a config that uses ~550 MB of vdisk and runs in ~ 120 MB of vRAM (512 MB allocated to the VM).
  • CentOS 7.x Linux 64-bit, NO GUI desktop, HTTPD, PXE, Kickstart, RepoSync+RepoTrack, NFS.
  • Begin with by making a full clone from existing VM c7baseline.
  • two vDisks:
    • 20GB for RepoSync at “/var/www/html/repos/” hdd=”c7pxe-repos.vmdk”
    • 6GB for /boot and “/” hdd=”c7baseline-d1.vmdk”
  • entry for “/etc/hosts”: 10.0.0.11 c7pxe.lab.domain.net c7pxe.local c7pxe
  • VM is configured with a static IP using VMware Fusion VMNET2
  • Only user is “elmer”.  Elmer has administrative (sudo) privileges.
This baseline has:
  • SELinux=permissive
  • firewalld is enabled and configured, with only SSH and nss-mdns in from local subnet.
  • repo EPEL is enabled.
  • KDUMP and SWAP were disabled during install.
  • has these packages: ip address, nmtui, gzip, tar, top, curl, epel-release, yum-utils, deltarpm, nano, nss-mdns, htop, rng-tools, rsync.
  • Avahi is running, so I can use *.local name resolution and skip more complicated DNS and/or host file configurations.
  • open-vm-tools is running. I have a couple folders shared into the VM for getting scripts and outputting config backups.
  • SSHD is running.  I do most of my activity via a host MacOS terminal ssh connection.
  • I use nano as editor on CentOS VMs.  If you prefer vi, emacs, or something else… thats ok with me.
  • The VM gets TIME from the host, via hypervisor/open-vm-tools, so it doesn’t need NTP or Chrony.
  • Virtual hardware items Printer, Sound, USB, Camera, and Bluetooth have been removed from the VM config.
  • The VM using NVMe for hard disks and SATA for cdrom.  No IDE or SCSI.
  • The reduced hardware profile enables removing a lot of firmware packages from these VMs.

It’s easy/fast to make a ZIP backup copy of an entire VM, so I’m moderately aggressive with removing things like dracut emergency/rescue packages, old kernels, yum caches, etc.  If I break a VM, I just revert to a previous backup.

With VMs under 20GB in size, making ZIP backups via the host OS filesystem is often faster than managing VMware snapshots.  Also, I like knowing that I have fully contained/atomic backups set to the side and quickly available if needed.

I have some custom scripts that clean up the VM contents and shrink the vdisk (to reduce disk usage on host system).

There are many options to further minimize and harden these VMs, but this current baseline maintains normal CentOS/Fedora/RHEL/Oracle functionality and compatibility.

Using a local RepoSync + RepoTrack enables installs/updates without internet for the target nodes, it speeds up the install/update time for all of the VMs, and it provide much better awareness/control over what packages are getting installed.
Using PXE/Kickstart automates a lot of the tedious/repetitive installation activities.  Doing kickstarts from local repos eliminates the need for maintaining a collection of downloaded ISOs.
An instance installed from ISO immediately needs updates; but kickstart from local repos takes care of that during the initial install.
Additionally, kickstart can run “%POST” activities to perform more setup/config work, even installing and fully configuring software applications.