XS Install Server
XS Install Server
This page explains how to set up a cobbler install server for the purpose of installing multiple XS SchoolServers. If you only need to install a small number of XS servers once, this is probably overkill. However, if you have a large number or need to install many times for testing, you may benefit from this approach. The features that I like most are:
- Unattended installation of XS server.
- Simultaneous installation of multiple XS servers up to one less than number of ports available on switch.
- Ability to easily modify kickstart file and include library files.
- Simple boot media works with any version of XS install and only needed during physical boot, so can be shared among multiple target machines.
Caveats and Limitations
The kickstart file below contains two settings for the School Server that some may find objectionable from a security point of view. The first is that selinux is disabled. This is the case in the original XS 0.6 kickstart file and I retained it because I use older hardware that selinux sometimes gives problems. The second is that a user (me) is automatically added to the server. However, this is simply an automation of the instructions given in the XS wiki. The existing install media arbitrarily assigns the Ethernet adapters to eth0 and eth1. So it can happen that the connection from which the install took place, which should be WAN, gets reassigned to eth1 which is LAN. I have included a script xs-chknics that attempts to figure out whether the install connection is eth0 and reverse if this is not the case. It works in my test environment, but it it does not work in yours, you must simply physically reverse the connections.
Architecture
The following is based on the constraints that my main network is 192.168.0.x and the SchoolServer expects the internal school network to be 172.x.x.x. I set up a FC 12, dual-homed server with eth0 listening on 192.168.0.160 for management from my main network and eth1 on 10.1.0.1 to serve bootp requests from machines intended to become XS servers. Eth1 is connected to a switch into which multiple such XS machines can be plugged. Target XS machines boot into a PXE environment from which the Install Server directs the installation of the XS server. The management and installation network interfaces could be reversed, but neither can use 172.x.x.x.
Installation Server Setup
The installation procedure below is based on FC 12 and also works on FC 14.
Install a working FC
I took the defaults and added Web Server.
Fix up eth0 and eth1
- Files are in /etc/sysconfig/network-scripts
- Give eth0 a fixed IP Address on your management network
- Set ONBOOT=yes, BOOTPROTO=none, and make sure GATEWAY and DNS1 are valid.
- Give eth1 a fixed IP Address on your installation network, probably ending in .1
- Set ONBOOT=yes, BOOTPROTO=none
Here are my config files (HWADDR should be different) :
- Ifcfg-eth0
# VIA Technologies, Inc. VT6105/VT6106S [Rhine-III] DEVICE=eth0 BOOTPROTO=none HWADDR=00:17:9A:BB:E4:1E ONBOOT=yes IPADDR=192.168.0.160 NETMASK=255.255.255.0 NETWORK=192.168.0.0 BROADCAST=192.168.0.255 GATEWAY=192.168.0.1 DNS1=192.168.0.1
- Ifcfg-eth1
# VIA Technologies, Inc. VT6105/VT6106S [Rhine-III] DEVICE=eth1 HWADDR=00:1B:11:C3:74:E0 ONBOOT=yes IPADDR=10.1.0.1 NETMASK=255.255.255.0 TYPE=Ethernet BOOTPROTO=none
- Reboot
Turn off SELINUX
- in /etc/selinux/config change SELINUX=enforcing to SELINUX= disabled
- I had to turn this off as too many things were not working.
- Reboot
Install dhcpd
yum install dhcp (the service package is dhcp, not dhcpd)
Install vsftpd
yum install vsftpd
Set Services ON
chkconfig --level 2345 httpd on chkconfig --level 2345 dhcpd on chkconfig --level 2345 vsftpd on
Install cobbler
yum install cobbler yum install cobbler-web
Install updates
yum update – takes a long time
Configure iptables
Edit /etc/sysconfig/iptables to include FTP, DNS, DHCP, TFTP, NTP, HTTP/HTTPS and ports for cobbler and koan:
-A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 68 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 69 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 69 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 25150 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited
in /etc/sysconfig/iptables-config change IPTABLES_MODULES="" to IPTABLES_MODULES="nf_conntrack_ftp" – this seems to be a quirk of both FC 12 and 14.
reboot
Configure Cobbler
cobbler check – this will tell you what areas require configuration cobbler get-loaders (for me this failed several times before succeeding because file could not be downloaded)
in /etc/cobbler/settings set the following parameters:
manage_dhcp: 1 next_server: 10.1.0.1 (or the address of your server) server: 10.1.0.1 (or the address of your server)
Change 'disable' to 'no' in /etc/xinetd.d/tftp Change 'disable' to 'no' in /etc/xinetd.d/rsync
in /etc/cobbler/modules.conf under [authentication]
set module = authn_configfile
if you want to change the default cobbler password of cobbler you can run
htdigest /etc/cobbler/users.digest "Cobbler" <new password>
restart cobbler
service cobblerd restart
Configure DHCP Template
Edit /etc/cobbler/dhcp.template to change the subnet section (only) to your configuration. In my case this is
subnet 10.1.0.0 netmask 255.255.255.0 { option routers 10.1.0.1; option domain-name-servers 10.1.0.1; option subnet-mask 255.255.255.0; option domain-name "example.org"; range dynamic-bootp 10.1.0.50 10.1.0.99;
and leave the rest as it is. Note that I have put in the example.org domain name.
Cobbler sync will probably not work before you do this as the dhcp server will not restart.
cobbler sync cobbler check – this will still complain about the default root password for installs, but I manage this through the XS kickstart file, so I don’t change it.
At this point you should be able to log onto the cobbler web interface at http://<server ip address>/cobbler_web/ as cobbler with whatever password you set.
Set Up XS Distro
The XS distro iso does not have the image and isolinux versions needed for a network install, so we combine the FC9 iso files with the packages and repodata from the OLPC-School-Server iso. This section will need to change with new releases of the XS, especially if based on newer versions of Fedora. For XS 0.6 on FC9 I did the following:
mkdir /srv/iso (or any location you like)
Get Fedora-9-i386-DVD.iso onto /srv/iso. Get OLPC-School-Server-0.6-i386.iso onto /srv/iso.
mkdir /mnt/dvd mkdir /mnt/dvd2 mount -ro loop,context=system_u:object_r:httpd_sys_content_t:s0 /srv/iso/Fedora-9-i386-DVD.iso /mnt/dvd mount -ro loop,context=system_u:object_r:httpd_sys_content_t:s0 /srv/iso/OLPC-School-Server-0.6-i386.iso /mnt/dvd2
Create a working distro directory. Can be anywhere you like, but I used /srv/distros
mkdir /srv/distros mkdir /srv/distros/XS-0.6-i386
Copy images and isolinux from FC9
cp -r /mnt/dvd/images/ /srv/distros/XS-0.6-i386/images/ cp -r /mnt/dvd/isolinux/ /srv/distros/XS-0.6-i386/isolinux/
Copy Packages, repodata, and kickstart file from XS-0.6-i386. I also renamed the kickstart file to distinguish it from the default distro. We will modify the kickstart file later.
cp -r /mnt/dvd2/Packages/ /srv/distros/XS-0.6-i386/Packages/ cp -r /mnt/dvd2/repodata/ /srv/distros/XS-0.6-i386/repodata/ cp -r /mnt/dvd2/ks.cfg /srv/distros/XS-0.6-i386/xs-ks.cfg
Import XS Distro into Cobbler
Now we can import the XS distro into cobbler. This can be slow. (An attempt to import FC 12 DVD did not complete after more than 4 hours.)
cobbler import --path=/srv/distros/XS-0.6-i386 --name=XS-0.6-i386
If you now log into cobbler (http://<server ip address>/cobbler_web/) you will see that this distro has been created (along with a xen version).
Configure XS Kickstart File
First we must point the cobbler profile for our distro at the proper kickstart file (xs-ks.cfg). Navigate using the cobbler web interface to Profiles and click on XS-0.6-i386. Replace the contents of the Kickstart field with
/var/www/cobbler/ks_mirror/XS-0.6-i386/xs-ks.cfg
and click save.
Now we can add some changes to xs-ks.cfg to support unattended install and the copying of library and other files. In order to be able to set the root password automatically I generated an encrypted password to include in the kickstart file by typing
openssl passwd -1 <root password>
Make a Backup and then Edit the kickstart file by typing
cd /var/www/cobbler/ks_mirror/XS-0.6-i386/ mv xs-ks.cfg xs-ks.cfg.ORIG nano xs-ks.cfg
Here is mine with the lines added or changed in bold. Be careful to change the root password hash and note that the three lines in section ## Enable/Disable some services must be a single line in the file
### ### Kickstart file for OLPC XS School Server software ### ### Modified to use cobbler installation server ### ### Non-interactive ### ### can delete the following two lines ### Make it interactive - so these are 'seed' values ### interactive # Use text mode install text # Use network installation url --url=http://10.1.0.1/cblr/links/XS-0.6-i386 # If any cobbler repo definitions were referenced in the kickstart profile, include them here. repo --name=source-1 --baseurl=http://10.1.0.1/cobbler/ks_mirror/XS-0.6-i386 # Provide some defaults - change these for your environment lang en_US.UTF-8 keyboard us timezone --utc America/New_York auth --useshadow --enablemd5 selinux --disabled # network --device eth0 --bootproto dhcp --onboot=on --hostname schoolserver # Reboot after installation reboot #Root password - use openssl passwd -1 <root password> to get encryption string rootpw --iscrypted $1$HFnEFRSA$0/93Jp3CT14nmSDAqCX2r/ # We enable the firewall, even though we are going to overwrite # what anaconda leaves behind firewall --enabled ### X? #skipx ## Enable/Disable some services up front - this should be a single line services --enabled=dhcdbd,network,sshd,haldaemon,hddtemp,smartd,anacron,crond,atd,incron,iptables,avahi-daemon,dhcpd,named,ntpd,aiccu,messagebus, pgsql-xs,httpd,ejabberd --disabled=netfs,nfs,nfslock,rpcbind,rpcgssd,rpcidmapd,rpcsvcgssd, avahi-dnsconfd,radvd,ip6tables,dc_client,dc_server,squid,autofs,gpm,yum-updatesd ### ### disk partitioning... ### # clear out sda without qualms... clearpart --drives=sda # Small Disk Support: (xs #7241) # If space >~10GiB then the sizes are # /boot 100 MiB # / 8 GiB # swap 2 GiB # /library fills all remaining capicity # If space is limited, partition sizes are reduced. # Smallest supported capacity is ~5GiB when no livecd-creator --uncompressed-size argument is # specified (defaults to 4096). # Using livecd-creator --uncompressed-size=2048 allows installation on ~3GiB disks (not tested yet). bootloader --location=mbr --append="rhgb quiet" clearpart --linux --drives=sda part /boot --fstype ext3 --size=100 --ondisk=sda part / --fstype ext3 --size=2048 --maxsize=8192 --grow --ondisk=sda # size of pv.6 must be at least enough to fit /library size and swap size part pv.6 --size=1025 --grow --ondisk=sda volgroup VolGroup00 --pesize=32768 pv.6 # Kickstart raises an error if logvol --size=0 logvol /library --fstype ext3 --name=LogVol00 --vgname=VolGroup00 --size=1 --grow logvol swap --fstype swap --name=LogVol01 --vgname=VolGroup00 --size=1024 --maxsize=2048 --grow %packages --nobase # School server core services metapackage xs-pkgs xs-config xs-release -fedora-release ##-fedora-logos bash kernel passwd policycoreutils chkconfig authconfig rootfiles @admin-tools -gnome-packagekit -selinux-policy-targeted #anaconda-runtime %end %post # create a user with ssh login adduser timm mkdir ~timm/.ssh cd ~timm/.ssh wget http://10.1.0.1/publickeys/timm/authorized_keys cd .. chown -R timm:timm ~timm/.ssh # get library pushd /library wget -r -nH --cut-dirs=1 ftp://anonymous:guest@10.1.0.1/library popd # load any scripts to run during installation pushd /root wget -r -nH ftp://anonymous:guest@10.1.0.1/scripts chmod -R u+x scripts popd cp /root/scripts/xs-public.conf /etc/httpd/conf.d/ # try to figure out if eth0/eth1 are wan/lan and run swap_nics if necessary # pass broadcast address of install server pushd /root /root/scripts/xs-chknics 10.1.0.255 popd # Configure the domain name - set your domain here /etc/sysconfig/olpc-scripts/domain_config example.org # turn off firstboot for XS builds echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot # if anaconda has overwritten config files from xs-config # those will appear dirty - git can restore them to the last # committed version, discarding the bad state pushd /etc for FPATH in sysconfig/network-scripts/ifcfg-eth{0,1}; do if [ -e "$FPATH" ]; then git checkout -- "$FPATH" fi done popd %end
Configure Files to Copy to XS
SSH Authentication
Create /var/www/html/publickeys. I put my authorized_keys file in /var/www/html/publickeys/timm using wget from my server in order for the ks script to retrieve it for ssh login to the target XS.
Configure vsftpd
Make a Backup and then Edit the vsftpd.conf file to allow anonymous ftp of library and other files onto the target XS.
cd /etc/vsftpd/ mv vsftpd.conf vsftpd.conf.ORIG nano vsftpd.conf
Replace the contents with the following:
# # Sample anonymous FTP server configuration # # Mandatory directives # listen=YES local_enable=NO anonymous_enable=YES write_enable=NO anon_root=/var/ftp/pub # # Optional directives # anon_max_rate=2048000 xferlog_enable=YES listen_address=10.1.0.1 listen_port=21
Install Scripts and Files
Create the following directories under /var/ftp/pub
- scripts
- library/public
Copy any scripts or config files into /var/ftp/pub/scripts. I have:
- xs-public.conf which contains
# put in /etc/httpd/conf.d/ Alias /public "/library/public" <Directory /library/public> Order allow,deny Allow from all Options Indexes FollowSymLinks AllowOverride None </Directory>
The kickstart file copies this to /etc/httpd/conf.d/ on the target XS
- xs-chknics which swaps nics if eth0 is not WAN and contains
#!/usr/bin/python # xs-chknics # xs network-config chooses an arbitrary nic as eth0 # see if it is the same as our install nic and swap if not import commands, syslog, os, sys # Get Broadcast Address to Search For as Argument # This is the mask of the network from which the PXE boot took place if len(sys.argv) != 2: print 'Usage: %s <broadcast address>' % (sys.argv[0]) sys.exit(1) BrdAddr = float(sys.argv[1]) # Find the mac of the nic from which we installed ethdata = commands.getoutput( '/sbin/ip addr show' ) nics = ethdata.split ('\n') for index in range(len(nics)): if nics[index].find('eth0:') >= 0: parsed = nics[index+1].split() eth0mac = parsed[1] parsed = nics[index+2].split() eth0ip = parsed[1] eth0brd = parsed[3] elif nics[index].find('eth1:') >= 0: parsed = nics[index+1].split() eth1mac = parsed[1] parsed = nics[index+2].split() eth1ip = parsed[1] eth1brd = parsed[3] if eth0brd == BrdAddr: installmac = eth0mac elif eth1brd == BrdAddr: installmac = eth1mac else: installmac = 0 # if we didn't find our broadcast address all bets are off so leave things alone if installmac != 0: eth0rulelink = commands.getoutput( 'cat /etc/udev/rules.d/70-persistent-net.rules | grep eth0' ) split1 = eth0rulelink.split('ATTR{address}=="') split2 = split1[1].split('"') eth0rulemac = split2[0] if eth0rulemac != installmac: rc = commands.getstatusoutput('/usr/bin/xs-swapnics')
- Add any other scripts you want to run as part of the XS installation process
Library Files
Copy any library directories into /var/ftp/pub/library/public. These will appear as http://schoolserver/public
Configure PXE
Server Menu and Default Distro
Make the XS-0.6-i386 distro the default install and shorten the timeout by editing /etc/cobbler/pxe/pxedefault.template to read (changes in bold)
DEFAULT menu PROMPT 0 MENU TITLE Cobbler | http://fedorahosted.org/cobbler TIMEOUT 50 TOTALTIMEOUT 6000 ONTIMEOUT XS-0.6-i386 LABEL local MENU LABEL (local) MENU DEFAULT LOCALBOOT 0 $pxe_menu_items MENU end
Now run
cobbler sync
Boot Media for XS Target Machine(s)
Once the install server is running it will listen for dhcp requests and if a bootp request is included it will respond with a linux image that will boot and co-ordinate with cobbler to perform a network install of the XS distro. The XS target machine simply needs boot media that can run a Pre-execution Environment (PXE) to use the installed nic to make a bootp request. This can be any media that the target machine supports for booting, floppy, CD, DVD, or USB. Because my target XS machine is old it has a floppy and can not boot from USB, so I created a floppy boot disk to start the PXE. Instructions for creating the boot media are at http://etherboot.org/wiki/removable. I used the utility from http://rom-o-matic.net/ to create a boot floppy image and then wrote it to the floppy disk with rawrite from http://www.chrysocome.net/rawwrite.
Putting it all together
- Connect the LAN site of the install server to a switch
- Connect the WAN port on the target machine(s) to the same switch
- Do not connect the LAN port on the target machine(s) to anything.
- Boot the target machine with the PXE media
- After a couple of minutes or when you see disk activity remove the PXE media and boot another machine
Resources
I didn’t find these all that helpful, but here they are anyway.