Skip to main content

Linux - Standardize your Linux installations

Posted in

To me one of the most important things in managing servers is consistency.  It really helps if you know what OS, authentication methods, management configuration that your Linux servers all have.  I have heard many people say that they like variety.  I LOVE variety in my life outside of technology.  However, there is no room for it when it comes to configuring my servers.
So where do you begin?  I feel that a good clean, repeatable install is where it is at.  I will admit that I am slightly bias, and lean toward CentOS / RedHat as my preferred distribution.  I am actually typing this up on Fedora right now (but I would NEVER run Fedora on a production server!!!).  One of my favourite features is what is called a Kickstart file.  This file is an installation script that you can customize to meet your specific requirements.  It also allows you to run commands after the installation has completed, and before the system reboots for the first time.
Now there are a lot of Kickstart how-tos, examples, and documentation out on the net, so I am not going to go into great detail about that procedure.  I will however give my list of things that you must have if you are managing more than 5 - 10 servers.

  • Standard hardware base if possible (I mostly run Dell servers)
  • Standard architecture (Unless you have older computers, run 64bit Linux servers)
  • Standard kickstart installation script
  • LOCAL mirror of the CentOS repository and updates
  • SNMP / Service monitoring of your systems
  • Local NTP source (most real routers can do this, or a Linux host on your network)

Attached is a relativity well documented kickstart scrip that I use.  Please note that this is a sanitized version, and need modification before use.  The first thing that the script does is do a basic installation.  You have the option of specifying the hosts network parameters when you launch the install, or using DHCP.  I will usually type the information in when launching the install.  So how do you get the install going?

  1. Boot the server off of the installation media.  If you have a local repository, all you need is the network-boot ISO image burned to CD.  Otherwise you need the full DVD.
  2. At the initial boot prompt type:linux ks=http://my.web.server.tld/path/to/kickstart/scipt.cfg ksdevice=eth0 ip=192.168.0.100 netmask=255.255.255.0 gateway=192.168.0.1 dns=192.168.0.10,192.168.0.11 cf_hostname=mynewservername.example.comThat is all one line.  You don't have to specify anything beyond the ks=... argument, but above is the list of possibilities for my attached script.
  3. Wait for the server to reboot.  Installing over the network with  a full Gig infrastructure on newer hardware, this takes about 5 minutes.  Your performance will vary.
  4. Login to the server and configure to do whatever task you installed it for.

Sweet!  Now you have a brand new base installation ready for you to configure.  But what has already been done?  Well here is a list of things that I feel are important to keep standard, and are currently documented in the attached Kickstart script.

  • Base install, including partitioning (WARNING: All data on all drives will be destroyed by this script! Use at your own risk!)  I believe it is important to keep my installation apart from my data, so the base install does not take up that much space.  You will need to add a logical volume if you intend to store data on this server (unless it will fit in 4GB).
  • Network settings configured, if you specified them on the installation line.  Otherwise it will be using DHCP
  • Some handy little files the directory /etc/system-info that say when it was installed, and on what hardware.  If it's a Dell, this includes the service tag!
  • NTP service configured and running.  If you have a local NTP host and edited the script then the server should sync to that.
  • If you have a local mirror of the CentOS repos and said so in the script, the host will pull updates from that central location.  Great for saving bandwidth.
  • RPM-GPG-KEYs imported so you don't have to say 'yes' the first time you run 'yum update'.
  • Some IPTables cleanup, including removing some unneeded ports (mDNS anyone?) and opening up SNMP for your specified management network.
  • Disable SSHd X11Forwarding (no X installed, no X apps needed...  This is a SERVER)
  • Set default runlevel to 3 (multi-user text) and disable Ctr-Alt-Del from the console (Very useful if you share a KVM with Windows admins who give the three finger salute to unblank the screen...)
  • Configure SNMP (edit the script of the values will be wrong)
  • Change the release name to what RedHat uses.  CentOS changes it to 'Final' which breaks some third party installation scripts (like anything from Dell...)
  • Change the root email address you you actually get the logwatches, and push all email through an outbound gateway (if configured in the script)
  • Disable IPv6 because it's not needed and annoys me.  Well, at least in our environment, and most likely yours too.
  • Output all syslog messages to TTY10 (Press alt-F10 to see your logs stream by)
  • Disable the console beeping.  Another annoyance to me...

So that's about it.  Read through the script for more details on the items above.  Next time I will be adding how to connect your server to Active Directory for centralized authentication using Kerberos (which you can also do inside the kickstart script auto-magically!).

AttachmentSize
server.cfg13.49 KB