- 1 - Kickstart Redhat7.7 Server From DVD
- 2 - RHEL7 Install VMWare Tools
- 3 - RHEL7 RPM Setup Disks
- 4 - Setup RHEL Subscription
-
5 - Build RPM Mirror
-
5.1 - BRM RHEL7 Setup OS
- 5.1.1 - RHEL7 SOS Configure OS
-
5.1.2 - RHEL7 SOS Install Utilities
- 5.1.2.1 - PU Install Net-Tools
- 5.1.2.2 - PU Install Git
- 5.1.2.3 - PU Install Unzip
- 5.1.2.4 - PU Install BZip2
- 5.1.2.5 - PU Install Rsync
- 5.1.2.6 - PU Install Telnet
- 5.1.2.7 - PU Install Wireshark
- 5.1.2.8 - PU Install Nano
- 5.1.2.9 - PU Deploy nmon
- 5.1.2.10 - PU Install nmon
- 5.1.2.11 - PU Deploy iftop
- 5.1.2.12 - PU Install iftop
- 5.1.2.13 - PU Deploy p7zip
- 5.1.2.14 - PU Install p7zip
- 5.1.2.15 - PU Install FTP
- 5.1.2.16 - PU Install Netcat
- 5.1.3 - RHEL7 SOS Setup NTP
- 5.1.4 - RHEL7 SOS Setup Postfix
- 5.2 - BRM Create a Local Repository
- 5.3 - BRM Configure Apache
-
5.1 - BRM RHEL7 Setup OS
Exported on 23-Aug-2021 16:56:56
Parameters
1 - Kickstart Redhat7.7 Server From DVD
Perform a kickstart installation of the chosen RHEL7 media.
1.1 - KS Clean Build Files DELETE
Clear directories related to the target server to ensure the process starts from a clean slate.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
DIR="{ksVmwareAttuneBaseDir}/*{targetServer.fqn}"
[ ! ${DIR} ] || sudo rm -rf ${DIR}
1.2 - KS RH77 Deploy Binary DVD
Deploy the RHEL7 installation media to the /build directory.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
1.3 - KS RH77 Deploy Kickstart DVD Config
Apply the specified VM host, subnet, user credentials and timezone as installation configuration options.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
1.4 - KS RH77 Create Binary DVD
Create a bootable ISO that includes the specified user and network configurations.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
cd {ksVmwareAttuneBaseDir}/build-{targetServer.fqn}
mkisofs -o {ksVmwareAttuneBaseDir}/kickstart_{targetServer.fqn}.iso \
-b isolinux/isolinux.bin -c isolinux/boot.cat \
-no-emul-boot -boot-load-size 4 -boot-info-table -J -R -V "KS_RHEL" .
1.5 - KS ESXi Recreate Virtual Machine
To install the PowerCLI for VMWare sudo yum install https://github.com/PowerShell/PowerShell/releases/download/v6.2.3/powershell-6.2.3-1.rhel.7.x86_64.rpm sudo pwsh -Command "Install-Module VMware.PowerCLI"
PowerCLI reference is available at : https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.powercli.cmdletref.doc%2FNew-VM.html
1.5.1 - KS ESXi Set Options
Set the ESXi options to disable sending anonymous usage statistics and ignore certificate errors when connection to servers.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
pwsh <<'EOF'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false -Confirm:$false
Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$false
EOF
1.5.2 - KS ESXi Delete VM FQN
Check if the VM already exists, searching by the target server's fully qualified name. If the VM already exists, this step will delete it to ensure there are no conflicts with existing VMs during the installation.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
# Delete the VM if it exists
pwsh <<'EOF'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Connect-VIServer {vmwareVcenterServer.ip} `
-User "{vmwareVcenterUser.user}" `
-Password "{vmwareVcenterUser.password}"
$existing = Get-VM "{targetServer.fqn}"
if ( $existing.count -eq 1 ) {
if ( $existing.PowerState -eq "PoweredOn" ) {
"Stopping the VM"
Stop-VM -VM $existing -Confirm:$false
} else {
"The VM is off"
}
"Removing the VM"
Remove-VM -DeleteFromDisk -VM $existing -Confirm:$false
} else {
"The VM doesn't exist"
}
EOF
1.5.3 - KS ESXi Delete VM Hostname
Check if the VM already exists, searching by the target server's hostname. If the VM already exists, this step will delete it to ensure there are no conflicts with existing VMs during the installation.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
# Delete the VM if it exists
pwsh <<'EOF'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Connect-VIServer {vmwareVcenterServer.ip} `
-User "{vmwareVcenterUser.user}" `
-Password "{vmwareVcenterUser.password}"
$existing = Get-VM "{targetServer.hostname}"
if ( $existing.count -eq 1 ) {
if ( $existing.PowerState -eq "PoweredOn" ) {
"Stopping the VM"
Stop-VM -VM $existing -Confirm:$false
} else {
"The VM is off"
}
"Removing the VM"
Remove-VM -DeleteFromDisk -VM $existing -Confirm:$false
} else {
"The VM doesn't exist"
}
EOF
1.5.4 - KS ESXi Create VM
Create a VMWare Virtual Machine for the new RHEL installation with an initial disk size of 50 GB using the specified Fully Qualified Hostname, Storage Pool Name, VM CPU count, RAM allocation, Network Name and Guest Type.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
# Create the new VM
# NOTE: ALL VMs are kickstarted with a default 50g disk. More disks are added
# once the operating system is installed, via a subsequen "add disk"
# vCenter call
pwsh <<'EOF'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Connect-VIServer {vmwareVcenterServer.ip} `
-User {vmwareVcenterUser.user} `
-Password {vmwareVcenterUser.password}
if ( "{vmwareEsxiServer.fqn}" -eq "{vmwareVcenterServer.fqn}" ) {
Write-Host "We're talking to the ESXi host, don't pass the -VMHost arg"
$vm = New-VM `
-Name "{targetServer.fqn}" `
-Datastore "{ksVmwareStoragePoolName}"`
-NumCpu {ksVmwareCpuCount} `
-DiskMB 51200 `
-MemoryMB {ksVmwareVmRamSizeMb} `
-NetworkName "{ksVmwareNetworkName}" `
-GuestId '{ksVmwareGuestType}' `
-CD
} else {
Write-Host "We're talking to a vCenter server, pass the -VMHost arg"
$storagePool = Get-VMHost -Name '{vmwareEsxiServer.fqn}' | Get-Datastore -Name '{ksVmwareStoragePoolName}'
$vm = New-VM `
-VMHost "{vmwareEsxiServer.fqn}" `
-Name "{targetServer.fqn}" `
-Datastore $storagePool `
-NumCpu {ksVmwareCpuCount} `
-DiskMB 51200 `
-MemoryMB {ksVmwareVmRamSizeMb} `
-NetworkName "{ksVmwareNetworkName}" `
-GuestId '{ksVmwareGuestType}' `
-CD
}
EOF
1.5.5 - KS ESXi Enable SAS
Create a virtual SCSI controller for WIndows 2016 compatibility and connect to a vCenter server using the specified IP address, username and password to use for administration of the ESXI hosts.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
if [ '{ksVmwareGuestType}' != 'winNetStandard64Guest' ]; then
echo "This isn't windows server VM, SAS not required"
else
echo "Switching to LSI Logic SAS Controller"
# Create the new VM
pwsh <<'EOF'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Connect-VIServer {vmwareVcenterServer.ip} `
-User {vmwareVcenterUser.user} `
-Password {vmwareVcenterUser.password}
$vm = Get-VM -Name "{targetServer.fqn}"
# Make the controller compatible with the Win2016 drivers
Get-ScsiController -VM $vm | Set-ScsiController -Type VirtualLsiLogicSAS
EOF
fi
1.5.6 - KS ESXi Enable 3D
Enable 3D hardware acceleration if the VMWare Guest Type is Windows 10.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
if [ '{ksVmwareGuestType}' != 'windows9_64Guest' ]; then
echo "This isn't windows 10, 3D isn't required"
else
echo "Enabling 3d"
# Create the new VM
pwsh <<'EOF'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Connect-VIServer {vmwareVcenterServer.ip} `
-User {vmwareVcenterUser.user} `
-Password {vmwareVcenterUser.password}
$vm = Get-View -ViewType VirtualMachine -Filter @{'Name'="^{targetServer.fqn}$"}
$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$dc = New-Object VMware.Vim.VirtualDeviceConfigSpec
$dc.Operation = 'edit'
$dev = $vm.Config.Hardware.Device | where{$_ -is [VMware.Vim.VirtualMachineVideoCard]}
$dev.enable3DSupport = $true
$dc.Device += $dev
$spec.DeviceChange += $dc
$vm.ReconfigVM($spec)
EOF
fi
1.5.7 - KS ESXi Copy ISO To ESXi Host
Create a data store and copies the installation ISO from specified Boot ISO directory to the data store.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
# Create the new VM
pwsh <<'EOF' | grep -v 'Uploading'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Connect-VIServer {vmwareVcenterServer.ip} `
-User {vmwareVcenterUser.user} `
-Password {vmwareVcenterUser.password}
# Create the TO dir string
$to = "ds:{ksVmwareBootIsoDir}"
$to = $to -Replace "/","\"
# Get the Datastore
$datastore = Get-Datastore -Name '{ksVmwareStoragePoolName}'
$datastore
# Create the DS drive
if (Test-Path "ds:") {
Remove-PSDrive ds -Force
}
if ($datastore -is [System.Array]) {
Write-Host "Get-Datastore returned multiple datastores, using first item in array.."
$datastore = $datastore[0]
}
New-PSDrive -Location $datastore -Name ds -PSProvider VimDatastore -Root ""
# Ensure the destination dir exists
Set-Location "ds:"
if (-Not (Test-Path "$to")) {
"Creating $to"
New-Item -ItemType Directory -Path "$to"
}
# Set the local path to the ISO
Set-Location {ksVmwareAttuneBaseDir}
# Copy the ISO
Copy-DatastoreItem kickstart_{targetServer.fqn}.iso $to `
-Force:$true -Confirm:$false
# Remove the DS Drive
Remove-PSDrive ds -Force
EOF
1.5.8 - KS ESXi Load ISO into VM
Loads the installation ISO from the VM's CD-ROM drive to begin the installation. NOTE: The kickstart script ejects this CD-ROM.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
FROM="{ksVmwareAttuneBaseDir}/kickstart_{targetServer.fqn}.iso"
TO="{ksVmwareBootIsoDir}"
# Create the new VM
pwsh <<'EOF'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Connect-VIServer {vmwareVcenterServer.ip} `
-User {vmwareVcenterUser.user} `
-Password {vmwareVcenterUser.password}
$cd = Get-VM -Name "{targetServer.fqn}" | Get-CDDrive
$iso = "[{ksVmwareStoragePoolName}] kickstart_isos/kickstart_{targetServer.fqn}.iso"
Set-CDDrive -CD $cd `
-IsoPath $iso `
-StartConnected $true `
-Confirm:$false
EOF
1.5.9 - KS ESXi Start VM
Start the VM.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
pwsh <<'EOF'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Connect-VIServer {vmwareVcenterServer.ip} `
-User {vmwareVcenterUser.user} `
-Password {vmwareVcenterUser.password}
Start-VM -VM (Get-VM -Name "{targetServer.fqn}") -RunAsync
EOF
1.6 - KS Clean Build Files DELETE
Clear directories related to the target server to ensure the process starts from a clean slate.
Login as user {Linux: Attune User} on node {Attune OS Build Server}
DIR="{ksVmwareAttuneBaseDir}/*{targetServer.fqn}"
[ ! ${DIR} ] || sudo rm -rf ${DIR}
1.7 - KS SSH Wait
Ping the server on the specified port (default: 22) to verify that it is reachable.
on node {Target Server: Lin}
2 - RHEL7 Install VMWare Tools
Install the specified VMWare management tools.
2.1 - VMW Deploy VMWare Tools
Deploy the specified VMWare management tools to the specified directory (default: /tmp).
Login as user {Linux: Root User} on node {Target Server: Lin}
2.2 - VMW Install VMWare Tools
Run the VMWare Tools Perl installation file in debug mode.
Login as user {Linux: Root User} on node {Target Server: Lin}
cd /tmp/vmware-tools-distrib
./vmware-install.pl -d -f
2.3 - VMW Cleanup VMWare Tools
Remove the files used for installation of the VMWare management tools.
Login as user {Linux: Root User} on node {Target Server: Lin}
rm -rf /tmp/vmware*
3 - RHEL7 RPM Setup Disks
Create and set up the hard disks for the RHEL VM.
3.1 - SD VMWare Add Virtual Disks
Create three 100 GB disks on the VM using thin provisioning.
PowerCLI reference is available at : https://pubs.vmware.com/vsphere-51/topic/com.vmware.powercli.cmdletref.doc/New-HardDisk.html
Login as user {Linux: Attune User} on node {Attune OS Build Server}
# Create the virtual disk
pwsh <<'EOF'
$ErrorActionPreference = "Stop"
Import-Module VMware.VimAutomation.Core
Connect-VIServer {vmwareVcenterServer.ip} `
-User {vmwareVcenterUser.user} `
-Password {vmwareVcenterUser.password}
$vm = Get-VM "{targetServer.fqn}"
# Add 300gb
$vm | New-HardDisk -CapacityGB 100 -StorageFormat Thin
$vm | New-HardDisk -CapacityGB 100 -StorageFormat Thin
$vm | New-HardDisk -CapacityGB 100 -StorageFormat Thin
EOF
3.2 - SD Setup VGs
Create primary partition on the newly created drives (sdb, sdc and sdd) with a GPT using the XFS filesystem that spans the entire virtual disk, then add this the volume group rootvg.
Login as user {Linux: Root User} on node {Target Server: Lin}
mkvg() {
VG=$1
DEV=$2
parted -s /dev/$DEV mktable gpt
parted -s /dev/$DEV mkpart primary xfs 1m 100%
vgextend $VG /dev/${DEV}1
}
mkvg rootvg sdb
mkvg rootvg sdc
mkvg rootvg sdd
3.3 - SD Setup RpmMirror LV
Create and mount a 300 GB logical volume named rpm_mirror in the rootvg volume group, using /rpm_mirror as the mount point.
Login as user {Linux: Root User} on node {Target Server: Lin}
mklv() {
DIR=$1
NAME=$2
SIZE=$3
VG=$4
mkdir -p $DIR
lvcreate --size $SIZE --name $NAME $VG
mkfs.xfs /dev/mapper/$VG-$NAME
cat >> /etc/fstab <<EOF
/dev/mapper/$VG-$NAME $DIR xfs defaults 0 0
EOF
mount -a
}
mklv /rpm_mirror rpm_mirror 300g rootvg
3.4 - SDTSD Setup /var
Extend the logical volume /dev/rootvg/var to the specified volume size and resize the underlying file system.
Login as user {Linux: Root User} on node {Target Server: Lin}
lvextend -v -L{varLvmVolumeSize}m -r /dev/rootvg/var
4 - Setup RHEL Subscription
Set up the VM with the available RHEL subscriptions.
4.1 - SRS Subscribe RHEL
List the available RHEL subscriptions and subscribe using the returned Subscription Pool ID.
Login as user {Linux: Root User} on node {RPM Server}
subscription-manager register --force --username {redhatSubscriptionUser.user}
# List the subscriptions, and select a pool.
# EG Pool ID: 8a85f9946e848a14016e91bd8c150949
POOL_ID=`subscription-manager list --available | grep 'Pool ID' | cut -d':' -f2 | sed 's/ //g' | head -1`
echo "POOL_ID is |${POOL_ID}|"
# Subscribe to the pool.
subscription-manager subscribe --pool="${POOL_ID}"
This step will require you to answer the following prompts.
Prompt | Answer |
---|---|
Password: | {redhatSubscriptionUser.password} |
5 - Build RPM Mirror
Create a local mirror for RPM packages.
5.1 - BRM RHEL7 Setup OS
Install the common server requirements for GE PowerOn Fusion on RHEL7. This applies to DB, JBOSS (DPF and TSDS), and Application servers
5.1.1 - RHEL7 SOS Configure OS
RHEL7 Configure OS
5.1.1.1 - COS Deploy OS Config Files
Copy OS Config files onto server.
Login as user {Linux: Root User} on node {Target Server: Lin}
5.1.1.2 - COS Fix OS Config Permissions
Updates the permissions on /etc/profile.d/poweron* and /etc/hosts.
Login as user {Linux: Root User} on node {Target Server: Lin}
chmod ugo+r /etc/profile.d/poweron*
chmod ugo+r /etc/hosts
5.1.1.3 - RHEL7 Set Hostname
Overwrites the /etc/hostname with the new hostname. Sets the hostname of the server with the new hostname.
Login as user {Linux: Root User} on node {Target Server: Lin}
echo "{targetServer.hostname}" > /etc/hostname
hostname "{targetServer.hostname}"
5.1.1.4 - RHEL7 Disable IPv6
Check if IPv6 is disabled. If not disabled then -disable it in /etc/sysctl.conf -Reload system paramaters. Remove IPv6 loopback from /etc/hosts if it exists.
Login as user {Linux: Root User} on node {Target Server: Lin}
F="/etc/sysctl.conf"
if grep -q 'net.ipv6' ${F}; then
echo "IPv6 is already disabled"
else
echo "Disabling IPv6"
echo "" >> $F
echo "# Disable IPv6" >> $F
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> $F
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> $F
sysctl -p
fi
sed -i '/::1/d' /etc/hosts
5.1.1.5 - COS Update DNS Servers
Set Primary and Secondary DNS servers.
Login as user {Linux: Root User} on node {Target Server: Lin}
nmcli con mod ens192 ipv4.dns "{targetSubnet.dns1} {targetSubnet.dns2}"
nmcli con mod ens192 ipv4.dns-search {adFullDomainName.value}
nmcli con up ens192
5.1.1.6 - COS Setup Login Banner
Change permissions on /etc/login_banner. Configure SSH to use the /etc/login_banner. Restart SSH daemon.
Login as user {Linux: Root User} on node {Target Server: Lin}
chmod 644 /etc/login_banner
sed -i 's,#Banner.*,Banner /etc/login_banner,g' /etc/ssh/sshd_config
systemctl restart sshd
5.1.1.7 - COS Disable Firewall
Delete all INPUT Firewall rules. Overwrite the Firewall rules configuration file with a empty file to remove ensure no rules.
Login as user {Linux: Root User} on node {Target Server: Lin}
echo "Removing the default rules from the RHEL6 firewall"
iptables -F INPUT
echo "" > /etc/sysconfig/iptables
5.1.1.8 - COS Disable SELinux
If SELinux is enabled in /etc/selinux/config, then set it to disabled. If SELinux is enabled in /etc/sysconfig/selinux, then set it to disabled.
Login as user {Linux: Root User} on node {Target Server: Lin}
disable() {
if grep -q 'SELINUX=disabled' $F; then
echo "SELINUX Already Disabled"
else
echo "Disabling SELINUX"
sed -i 's/SELINUX=.*/SELINUX=disabled/' $F
fi
}
F='/etc/selinux/config'
disable
F='/etc/sysconfig/selinux'
disable
5.1.2 - RHEL7 SOS Install Utilities
Install package updates and common dependencies for PowerOn Fusion DPF, TSDS, Database, Application or Report servers.
5.1.2.1 - PU Install Net-Tools
Install Base Linux networking programs.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y net-tools
5.1.2.2 - PU Install Git
Install GIT open source control system.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y git
5.1.2.3 - PU Install Unzip
Install unzip for working with ZIP archives.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y unzip
5.1.2.4 - PU Install BZip2
Install bzip2 which is a block-sorting file compressor.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y bzip2
5.1.2.5 - PU Install Rsync
Install rsync which is a faster, flexible tool for copying files to remote computers.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y rsync
5.1.2.6 - PU Install Telnet
Install telnet tool to allow communication to another host.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y telnet
5.1.2.7 - PU Install Wireshark
Install wireshark that will interactively dump and analyze network traffic.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y wireshark
5.1.2.8 - PU Install Nano
Install the nano editor.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y nano
5.1.2.9 - PU Deploy nmon
Copy nmon installer package to to server.
Login as user {Linux: Root User} on node {Target Server: Lin}
5.1.2.10 - PU Install nmon
Install nmon which displays and records local system information. Remove the installer package.
Login as user {Linux: Root User} on node {Target Server: Lin}
D={targetServerInstallerTmpPath}/pkg_nmon
yum install -y $D/nmon*rpm
rm -rf $D
5.1.2.11 - PU Deploy iftop
Copy iftop installer package to to server.
Login as user {Linux: Root User} on node {Target Server: Lin}
5.1.2.12 - PU Install iftop
Install iftop which displays bandwidth usage on an interface by host. Remove the installer package.
Login as user {Linux: Root User} on node {Target Server: Lin}
D={targetServerInstallerTmpPath}/pkg_iftop
yum install -y $D/iftop*rpm
rm -rf $D
5.1.2.13 - PU Deploy p7zip
Copy p7zip installer package to to server.
Login as user {Linux: Root User} on node {Target Server: Lin}
5.1.2.14 - PU Install p7zip
Install p7zip a 7-zip file archiver. Remove the installer package.
Login as user {Linux: Root User} on node {Target Server: Lin}
D={targetServerInstallerTmpPath}/pkg_p7zip
yum install -y $D/p7zip*rpm
rm -rf $D
5.1.2.15 - PU Install FTP
Install ftp to allow transfer of files to and from a remote network site.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install ftp -y
5.1.2.16 - PU Install Netcat
Install ncat utility which reads and writes data across network connections.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y nmap-ncat
5.1.3 - RHEL7 SOS Setup NTP
NTP is the service used to keep all the servers time sync'd The steps in this group are specifically for PowerOn Fusion Linux Servers as it has placeholders for the app servers, etc.
5.1.3.1 - NTP Remove Chrony
Remove chrony from the system.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum remove -y chrony
5.1.3.2 - NTP Install Packages
Install ntp to allow the clock to be sync'd.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y ntp
5.1.3.3 - NTP Deploy Config
Deploy ntp.conf file.
Login as user {Linux: Root User} on node {Target Server: Lin}
5.1.3.4 - NTP Setup update sysconfig
Enable ntp to slew the clock while making changes to ensure no issues with oracle. Enable the sync of the hardware clock after a successful ntpdate.
Login as user {Linux: Root User} on node {Target Server: Lin}
F=/etc/sysconfig/ntpdate
# Add -x to the startup uptions
sed -i 's/OPTIONS="-u/OPTIONS="-x -u/g' $F
# Set to 'yes' to sync hw clock after successful ntpdate
sed -i 's/SYNC_HWCLOCK=no/SYNC_HWCLOCK=yes/g' $F
5.1.3.5 - NTP Enable and Restart Service
Enable autostart of ntpd daemon. Start ntpd daemon.
Login as user {Linux: Root User} on node {Target Server: Lin}
# Enable auto starting of NTP
systemctl enable ntpd
# Restart the NTP service
systemctl start ntpd
5.1.3.6 - NTP Test Status
Print the status of NTP time syncing.
Login as user {Linux: Root User} on node {Target Server: Lin}
# Print the status of NTP time syncing
ntpq -p
5.1.4 - RHEL7 SOS Setup Postfix
Setup the sendmail service to use a smart host and redirect all mail from root to a corporate IP
5.1.4.1 - MAIL Install Packages
Install postfix a free open-source mail transfer agent. Install mailx a enhanced version of the mail command.
Login as user {Linux: Root User} on node {Target Server: Lin}
yum install -y postfix mailx
5.1.4.2 - MAIL Sendmail check hostname
Sendmail needs a fully qualified domain name to start, If sendmail takes 2 minutes to start, this is your problem.
Login as user {Linux: Root User} on node {Target Server: Lin}
# CHECK HOSTS FILE
# We are looking for this pattern
#
# 192.168.1.1 prodapp1 prodapp1.company.com
# PC_APP_IP PC_APP_HOSTNAME PC_APP_HOSTNAME.PC_DOMAIN_NAME
# Make sure our host file has our FQN at the end.
echo "Checking for line ending with {targetServer.fqn} in /etc/hosts"
grep "{targetServer.fqn}$" /etc/hosts
echo "Checking for the SMTP server in the hosts file"
grep "{smtpServer.fqn}$" /etc/hosts
5.1.4.3 - MAIL Setup Postfix Config
Set the configs for postfix
Login as user {Linux: Root User} on node {Target Server: Lin}
postconf -e 'disable_dns_lookups = yes'
postconf -e 'relayhost = {smtpServer.hostname}'
postconf -e 'mydomain = {targetServer.domain}'
postconf -e 'myorigin = $mydomain'
postfix check
5.1.4.4 - MAIL Setup Sendmail aliases
Updating the aliases file redirects mail that would be delivered to the local linux user account to another email account.
Login as user {Linux: Root User} on node {Target Server: Lin}
# Update /etc/aliases
F=/etc/aliases
# Forward all poweron and oracle mail to root
# Add if it's not there yet
if grep -q poweron $F; then
echo "poweron and oracle already exist"
else
echo "Added poweron and oracle"
cat <<EOF >> $F
poweron: root
oracle: root
EOF
fi
# Update the root alias
if grep -q '^root:' $F; then
echo "Root exists, making sure it's up to date"
sed -i 's/^root:.*/root: {targetServerAdminEmail}/g' $F
else
echo "Adding root alias, making sure it's up to date"
echo 'root: {targetServerAdminEmail}' >> $F
fi
5.1.4.5 - MAIL Setup Sendmail Compile and Restart
Apply all the sendmail configuration and restart the services
Login as user {Linux: Root User} on node {Target Server: Lin}
# Stop the mail service
echo "Stoping Sendmail"
systemctl stop postfix
# Remove all existing mail.
# f the mail service wasn't working, there could be 1000s of them
echo "Clearing out existing mail queues"
rm -f /var/spool/mqueue/*
# Start sendmail, this script also compiles /etc/aliaeses
echo "Starting Sendmail"
systemctl start postfix
echo "All Done"
5.1.4.6 - MAIL Setup Sendmail Test
Test that the sendmail service is working and will send mail to the right email address.
TROUBLESHOOTING The sendmail log file is normally at /var/log/maillog, but this can be changed depending on the /etc/syslog.conf file. This command "grep -F 'mail.*' /etc/syslog.conf" will show you where the log file is.
Login as user {Linux: Root User} on node {Target Server: Lin}
#Clear mail queue
postsuper -d ALL
echo "Sending a test email to root with subject 'Attune Sendmail Config Complete'"
# Send test email to root
mail -v -s "Attune Sendmail Config Complete" root <<EOF
Attune has completed configuring sendmail on server `hostname`
Hopefully you get this email.
Email sent at `date`
EOF
((iter=0)) || true
MAX_ITER=30 # 1 minute of recovery
WAIT=2
while [ ${iter} -lt ${MAX_ITER} ]
do
#check if mail queue is empty to see if mail was send successfully
if mailq | grep -q 'Mail queue is empty'; then
echo "Mail queue is empty, mail sent successfully."
exit 0
else
echo "Mail queue is not empty. Please check the details below:"
mailq
echo "Retrying..."
((iter=iter+1))
sleep ${WAIT}
fi
done
exit 1
5.2 - BRM Create a Local Repository
Create a local repository fir RHEL packages to allow updates to be pushed to offline machines in the LAN network.
5.2.1 - BRM CLR Yum Update DISABLED
Update the package installer.
Login as user {Linux: Root User} on node {RPM Server}
# Test the subscription with a yum update, this will apply the latest updates.
yum update -y
5.2.2 - BRM CLR Enable Optional RPMs
Enable the RHEL optional RPM repository.
Login as user {Linux: Root User} on node {RPM Server}
# Enable the optional RPMs repository.
subscription-manager repos --enable rhel-7-server-optional-rpms
5.2.3 - BRM CLR Install CreateRepo
Install the yum-utils and createrepo libraries required to create local repository mirrors.
Login as user {Linux: Root User} on node {RPM Server}
# Install the packages required to sync and host a local repo mirror.
yum install -y yum-utils createrepo
5.2.4 - BRM CLR Sync Server Repo
On the RPM server, run the following commands to download the packages and create the local repository. Reposync utility will create the local mirror for the channel to which the system is subscribed.
Login as user {Linux: Root User} on node {RPM Server}
# CD to the repo directory
cd /rpm_mirror
# Sync all packages from the redhat servers.
reposync -d -m --download_path=./ --repoid=rhel-7-server-rpms
# Create the repo metadata
createrepo ./rhel-7-server-rpms --groupfile=comps.xml --workers=4
5.2.5 - BRM CLR Sync Optional Server Repo
Create a /rpm_mirror directory, then download the latest updates and metadata from the RHEL optional RPM repository to this directory.
Login as user {Linux: Root User} on node {RPM Server}
# CD to the repo directory
cd /rpm_mirror
# Sync all packages from the redhat servers.
reposync -d -m --download_path=./ --repoid=rhel-7-server-optional-rpms
# Create the repo metadata
createrepo ./rhel-7-server-optional-rpms --groupfile=comps.xml --workers=4
5.2.6 - BRM CLR Create Sync Script
Create the script that will manually update the repository.
Login as user {Linux: Root User} on node {RPM Server}
cat <<'EOF' > ~/update_local_repo.sh
#!/bin/bash
set -o nounset
set -o errexit
download_dir="/rpm_mirror"
/usr/bin/reposync --gpgcheck --newest-only -m --download-metadata -l -p ${download_dir}/
for dirname in `find ${download_dir} -maxdepth 1 -mindepth 1 -type d | grep -v -e 'lost'`; do
if [ -f "${dirname}/comps.xml" ]; then
cp ${dirname}/comps.xml ${dirname}/Packages/
createrepo --update -p --workers 2 -g ${dirname}/Packages/comps.xml ${dirname}
else
createrepo --update -p --workers 2 ${dirname}/
fi
set -o pipefail
updateinfo=$(ls -1t ${dirname}/*-updateinfo.xml.gz | head -1 )
if [[ -f $updateinfo && $? -eq 0 ]]; then
echo "Updating errata information for ${dirname}"
cp $updateinfo ${dirname}/updateinfo.xml.gz
gunzip -df ${dirname}/updateinfo.xml.gz
modifyrepo ${dirname}/updateinfo.xml ${dirname}/repodata/
else
echo "No errata information to be processed for ${dirname}"
fi
done
EOF
# Make it executable
chmod +x ~/update_local_repo.sh
5.3 - BRM Configure Apache
Configure the Apache Web Server.
5.3.1 - BRM CA Install Httpd
Install the apache HTTP server:
Login as user {Linux: Root User} on node {RPM Server}
yum install -y httpd
5.3.2 - BRM CA Start Apache
Start the Apache service and configure this to start automatically upon boot.
Login as user {Linux: Root User} on node {RPM Server}
# Update the ServerName to the current server, if it's commented out
F='/etc/httpd/conf/httpd.conf'
sed -i "s/#ServerName.*/ServerName `hostname -a`:80/g" $F
# Check it
grep ServerName $F
# Set Apache to auto start
chkconfig httpd on
# Start Apache
service httpd restart
5.3.3 - BRM CA Allow Firewalld HTTP
Configure the firewall to enable the HTTP service and make this configuration persistent.
Login as user {Linux: Root User} on node {RPM Server}
firewall-cmd --add-service http
firewall-cmd --runtime-to-permanent
5.3.4 - BRM CA Create index.hml
Add a default page.
Login as user {Linux: Root User} on node {RPM Server}
cat > /var/www/html/index.html <<EOF
<html>
<title>`hostname` Patching Server</title>
<body>
<h1>`hostname -a`</h1>
<p>You have reached the RHEL patching server.</p>
</body>
</html>
EOF
5.3.5 - BRM CA Symlink rpm_mirror
Create a symbolic link that directs /var/www/html to /rpm_mirror, overwriting any existing link for this directory that exists.
Login as user {Linux: Root User} on node {RPM Server}
echo "Symlinking /rpm_mirror"
ln -svnf /rpm_mirror /var/www/html/
Build a RPM server on RHEL that obtains the latest updates from the official RHEL services and creates a local mirror.