Thursday, 31 May 2007

Using Hewlett Packard blade systems for iLO installation of RHEL 4.

Two weeks ago we had the opportunity to do some work for a customer in Brussels, Belgium and to use a Hewlett Packard blade system. The HP blade rack was stored in a separate computer room from the training room and we used full remote access to install Red Hat Enterprise Linux 4 from a USB key attached to a laptop running SuSE Linux. The USB key contained ISO images from the 4 RHEL 4 installation CDs.

A (not very good mobile phone) picture of the naked front of the blades:



Another picture of the front of the actual blade boards. You can see clearly the hard drives attached to the motherboards and the cable attaching the management and diagnostics console to the system:



The management console sits in a sliding tray, nicely tucked in at the top of the rack. It can be pulled out, the screen lifted and a keyboard becomes available from underneath (in this picture it shows running a non-open source operating environment, sorry):



A final image of a blade server "tray". The (very noisy) fans are clearly visible doing their job keeping the dual core CPUs at the right temparature:

b

The purpose of the exercise was to provide a classroom server, running RHEL 4 with Apache, LDAP and DNS and to install it without any interaction with the physical blade hardware.

The installation did take some time of course as the installation ISOs had to be accessed from the USB (2.0) key, over the network to the blade (it was part of the fun getting that to work). We used the HP's "Integrated Lights Out" iLO console to "mount" the USB key as if it was a locally attached CD/DVD drive. Click here for a Wikipedia link to find out what iLO really is.

First we needed to identify ourselves to the iLO console through login as the administrator:



After successful login the iLO console displays the status summary menu from where several tasks can be performed:



To access the ISO images on the memory stick click on "Virtual Devices" and in the dialogue point the virtual CD-Rom to the local image file (in our case it was on the memory stick on /media/ISO-STICK/:



We connected (virtually) the first RHEL4 ISO on the memory stick and now the system can boot from it.

To be able to see the installation process and answer the questions asked by Anaconda we enabled the "Remote Console" from the iLO main menu (see previous screenshot above). iLO will launch a Java application with a view on the virtual console:



The above screenshot shows the installation halfway during the Red Hat packages copy and install process. The reason the remaining time is high is caused by us "removing" the virtual CD-Rom at one point at the end of the day. Allowing the system to generate an error message (with a retry option to re-read the CD-Rom), leaving the building for the evening and night, returning back the next morning, remounting the ISO image to the virtual CD-Rom and allowing Anaconda to retry reading the CD-Rom. Amazingly enough it worked and the installation did continue where it had stopped although the timing was confused of course.

The following sceen shows the dialogue to insert another CD-Rom (disk 4), using the "Virtual Media" menu just umount the existing ISO image, point to the next ISO image and re-mount the file as a virtual CD-Rom:



The timing eventually manage to correct itself, 35 minutes left!

Eventually we were rewarded with RHEL4' login menu through the virtual console:



The power of the Integrated Lights Out technology is clearly demonstrated. We installed a complete Red Hat Enterprise 4 installation without touching the actual hardware at any time. The installation worked very well over the network, using a standard laptop running SuSE 10.0 with a USB memory stick containing the RHEL 4 ISO images mounted as a virtual CD-Rom. Not bad, not bad at all. Can we have 10 please ;-).

Powered by ScribeFire.

Sunday, 6 May 2007

Installation tutorial: Red Hat Enterprise Linux 4, introduction - part 3 (final)



This is the third (and final) part of the RHEL 4 installation tutorial, You can find the first part here and the second part here.

4.1 First boot (setup agent)
When the system comes back up after you have asked it to reboot, login using the root account (remember the root password) and the system will present you with the "first boot" welcome menu:



Click "Next" to move on to the next menu where you will be asked to agree with Red Hat's licensing scheme:



It is important to notice here that this license in many cases refers to licenses included with the source code of each software component that has been shipped with the Red Hat media. Most of the components adhere to the GNU Public License version 2, click here to learn more about what that means.

If you agree tick the "Yes, I agree to the License Agreement" and click "Next".



Here you can set the date and time at your location or alternatively allow the system clock to be set using the Network Time Protocol (NTP) by referring to time servers scattered around the Internet (we won't cover this, if you want to know more about NTP click here).

Set the correct date and time for your system and click "Next". This will bring you to the graphics display configuration menu:



The system assumes a "safe" resolution setting (800x600) and will have attempted to detect the monitor you are using. We will configure the resolution to a more sensible setting, but before we can do that the system need to be made aware of the capabilities of your monitor. To set the monitor type click "Configure":



Depending on what you are using choose the monitor model closest matching your monitor type (if the monitor is not a latest model there is a chance the settings are correct and there won't be a need to change them).

Click "OK" and you will see a menu similar to (if you have chosen a different monitor model the values might differ):





The next menu will give you an opportunity to enable the additional Red Hat subscription service:





You can choose and existing subscription (you must provide a login and password), or at this point you can create a new Red Hat login id and you can skip the dialogue (but you willhave to go past a "why is this important" screen". In this tutorial we will choose the "Tell me why I need to register ....." option so if you have made another choice the next menu will be different:



As we won't be making a registration here make sure to tick the "I can not complete ...." option and click "Next" to continue to the next step:



Here you have an option to create an additional (system) user. It is strongly recommended not to use the system administrator user (root) for day to day tasks (such as surfing the Net, writing reports and so on). The sudo or su commands provide the possibility to run a command as root (once in the case of sudo) or from within a new root shell (with su). Many of the GUI administrative tools provided with RHEL will ask for the root password when invoked by a non-priviliged user.

Create a new user here by specifying a login name (the username field), an optional full name and a (secure) password (you need to confirm this in case of typos). When you're done click "Next" to continue:







If you have any additional software you desire to install here you can insert the extra CDs and install additional documentation, software and plugins. We will skip this step, click "Next":



You have reached the final menu after which you can use the system!

From here you can start exploring the system menus, administration tools, the shell and many other aspects of the installed system.

If you want to review the previous sections, click here for the first part and here for the second part of this tutorial.

Congratulations you have installed Red Hat Enterprise Linux version 4.

Powered by ScribeFire.

Tuesday, 1 May 2007

Installation tutorial: Red Hat Enterprise Linux 4, introduction - part 2


This is the second part of the RHEL 4 installation tutorial. You can find the first part here

3.2 Graphical installation: network
The next menus you will encounter are designed to assist you installing the network card and network characteristics of the Red Hat system being build:



Here you can choose a dynamic TCP/IP configuration or a static. In the next part you will setup a static configuration, this allows a more thorough review of the installation menus. If your LAN network configuration allows for it, there is no reason to just leave the default settings.
For the purpose of this tutorial click the "Edit" button, this will bring up the "Edit Interface eth0" dialogue box:



If they don't conflict with your local network addressing scheme choose the settings as shown above and click "OK" to continue to the next menu:



Notice the menu has been updated to reflect your choice of manual (fixed) IP address configuration. Finalise the network configuration as shown above (using your own values) and move on to the next section by clicking

3.3 Graphical installation: firewall and security enhanced Linux
The next menu will ask if you want to have the firewall installed and what level of security enhanced Linux you want to deploy. If this is a standalone, server system within a protected privat network you probably won't need the firewall enabled. It is very likely the kernel filters (using iptables rules) might interfere with the services you are trying to deliver. For the purpose of this tutorial you will disable the firewall.
Security enhanced Linux (SELinux), the code originally added by the United States government National Security Agency, provides a mandatory security implementation to Linux. In addition to the traditional Linux (Unix) style security, based on ownership, SELinux adds mandatory access controls (rules based) to the Linux kernel. SELinux uses rule sets to control who and what can be done to any object within the system. For the purpose of this tutorial you will set the SELinux level to "warn" only. This provides a good way to learn about SELinux without it being in the way of your day to day operation of the system:



Make sure you switch off the firewall and select "Warn" for SELinux and click "Next" to continue.
A warning will be displayed making sure you really, really want the firewall to be switched off:



Click to continue

3.4 Languages, timezones and root password settings
The next few menus deal with the default system language, if you desire to do so, the installation of additional language support, what timezone your system is operating in and the system administrator, root, password. The menus are self explanatory, if you want to know more don't forget to scroll through and read the help window pane on the left side of the main menu.



Make sure you select the correct default language for your system. If you select any additional languages Anaconda, the installer, will add the appropriate dictionaries and language support files to your system but the default language is what you will use on a daily basis while interacting with the system. To continue click



As you can see overhere on this screenshot, London is the centre of the planet ...... not that we are biased overhere. You can use the map to "zoom" in on areas and select a city as close as possible to your location (make sure it is in the same time zone). You can also scroll down the list in the bottom window pane (that actually might be quicker and more accurate). When you're done click the "Next" button.



This menu asks you to provide the system "root" user password. As you undoubtedly are aware, the "root" user (on a non SELinux enhanced system) is able to access every file, process, system memory location, kernel driver and so on. A malicious non-priviliged user with bad intentions (even with good intentions) will try to elevate his/her privilege to the super user "root" as soon as possible (and then follows on to wipe out any traces of such an act). Choose the "root" user password with care. Strong passwords have a minimum length (8 characters), use upper and lower case characters, use punctuation characters and numbers but are relatively easy to remember and are not found in dictionaries. Some examples are (you can use normal words mixed with other characters): safe4Me+U, build2Strength!. Of course random characters are best but you might not be able to remember them. Whatever password you choose, type it into the appropriate menu field, make sure you remember, and click

3.5 Package selection
The following setup menu builds your final system to become a workstation or server or any other combination of software packages that Red Hat has included on the installation medium. Modern Linux distributions consist out of pre-selected and pre-configured package files that contain software, libraries, configuration and text files and many others together with the information where they need to be installed with what kind of security settings. If you have an opportunity when the system is running we suggest you have a look at the directory structure of one of the installation CDs and you will find within one of the directories a large amount of files with an ".rpm" file extention. These are the files that are used to create your system. Each ".rpm" file is a self contained unit and can be upgraded, removed or re-installed using simple command line or GUI tools.
To continue you need to decide what you want your system to be:



At this stage you will customise the installation by fine tuning what you want to have installed. Of course any selections you make overhere can be changed when the system is up and running. Choose the second option "Customize software packages to be installed" and click "Next".



The "Package Group Selection" menu shows the groups of packages, as selected by Red Hat, you can install on your system. You can further tune what you want to have installed by clicking the "Details" button, wherever available, to the right of the package selections. Red Hat for many years now has made this process very easy by using sensible package group names that are self explanatory (really!).
You can leave the defaults if you want or select your choice of packages. When you are done click "Next" which will bring you to the "About to Install" screen:



This menu as informational only and of course you have the option to return to the previous menus. Interesting is the mention of two files the system creates in the "/root" (i.e. the super user's home directory):
  • /root/install.log
  • /root/anaconda-ks.cfg
The first file contains a detailed log of the package installation process (the first view lines):
Installing 614 packages

Installing hwdata-0.146.10.EL-1.noarch.
Installing indexhtml-4-2.noarch.
Installing libgcc-3.4.3-22.1.i386.
Installing redhat-logos-1.1.25-1.noarch.
Installing rootfiles-8-1.noarch.
Installing setup-2.5.37-1.1.noarch.
Installing filesystem-2.3.0-1.i386.
Installing basesystem-8.0-4.noarch.
Installing termcap-5.4-3.noarch.
Installing tzdata-2005f-1.EL4.noarch.
Installing glibc-common-2.3.4-2.9.i386.
Installing glibc-2.3.4-2.9.i686.
Installing audit-0.5-1.i386.
Installing beecrypt-3.1.0-6.i386.
Installing bzip2-libs-1.0.2-13.i386.
Installing chkconfig-1.3.13.2-1.i386.
Installing device-mapper-1.01.01-1.RHEL4.i386.
Installing dmraid-1.0.0.rc6.1-3_RHEL4_U1.i386.
.....................

The second file contains, in simple text format, the choices you have made during the installation as interpreted by Anaconda, the Red Hat installer. In the more advanced installation tutorial you will learn how to use this file in unattended installations.
Continue with the installation, click
The system will let you know which installation media it requires:



Just click the "Continue" button and make sure you have the other media handy. The next information boxes will inform you about respectively the start of the installation process and the status of it (the behaviour of the progress bar is uncannily similar to the Microsoft version at installation time .....):




When done with the first CD the system will ask for the next (and so on):







When the system has asked for all the media it will perform some post installation tasks. You can see this in the final menu before the reboot:







Click the "Reboot" button and this part of the installation is complete.
After the reboot (don't forget to remove the last CD) the system will run a first boot script that will ask you for some final questions in configuring the system. This third and final part will be a subject of the next post, which you can find here.

Powered by ScribeFire.