Thursday, 18 September 2014

Linux Containers Architecture RHEL 7

Initially thought to write about the docker command-line & configuration, later it was been advised by few of my colleagues that a brief introduction about Linux containers would be much helpful and hence I though to share below introductory article. 

Several components are needed for Linux Containers to function correctly, most of is them provided by the Linux kernel. Kernel namespaces ensure process isolation and cgroups are employed to control the system resources. SELinux is used to assure separation between the host and the container and also between the individual containers. Management interface forms a higher layer that interacts with the aforementioned kernel components and provides tools for construction and management of containers. 



Namespaces

The kernel provides process isolation by creating separate namespaces for containers. Namespaces allow you to create an abstraction of a particular global system resource and make it appear as a separated instance to processes within a namespace. Consequently, there are several containers which use same resource simultaneously without creating a conflict.

Control Groups (cgroups)

The kernel uses cgroups to group processes for the purpose of system resource management. Cgroups 
let you allocate CPU time, system memory, network bandwidth, or combinations of these among user-
defined groups of tasks.

SELinux

SELinux provides secure separation of containers by applying SELinux policy and labels.

Management Interface

RHEL 7 provides the Docker application as a main management tool for Linux 
Containers. Docker builds on the aforementioned kernel capabilities, adding several enhancement 
features, such as portability or version control. 

Containers

There are two general scenarios for using Linux containers in RHEL 7

1. Host Containers : a tool to carve out containers as lightweight application sandboxes, each runs the same user space as the host system, so all applications running in host container's share userspace and run time.




2. Image-based Containers : 

An application is packaged with individual run-time stack, which makes it 
independent from the host operating system. This way, you can run several instances of an application, 
each developed for a different platform. This is possible because the container run time and the 
application run time are deployed in the form of an image.




Image-based containers allow you to host multiple instances and versions of an application, with minimal overhead and increased flexibility. Such containers are not tied to the host-specific configuration, which makes them portable. These features are enabled by the Docker format for application packaging. 

docker command-line & configuration will be explained in next post.

Tuesday, 16 September 2014

NetworkManager on RHEL7

Objective: Introduction to NetworkManager using network tools on RHEL 7

Red Hat Enterprise Linux 7, the default networking service is provided by NetworkManager installed by default on RHEL, controls network and keeps up the network devices and their connections up and active.

users do not interact with NetworkManager system service directly, instead perform network configs using as below 

1. simple curses-based text user interface (TUI) for NetworkManager, nmtui
2. command line tool, nmcli, is provided to allow users and scripts to interact with NetworkManager
3. Graphical user interface tools are also available e.g control-center  provided by GNOME shell which incorporates a network settings tool.

Here, in this article I would discuss on using commnd line interface(nmcli) for controlling NetworkManager

In previous RHEL, default way to configure network was using network scripts(/etc/init.d/network) and any other installed script it calls. Although NetworkManager provides the default network service, it ensures that network scripts cooperate as well.

Red Hat Enterprise Linux 7, NetworkManager is started first, and /etc/init.d/network checks with NetworkManager to avoid tampering with NetworkManager's connections. NetworkManager is intended to be the primary application using sysconfig configuration files and /etc/init.d/network is intended to be secondary.

# systemctl status NetworkManager 
NetworkManager.service - Network Manager
   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled)
   Active: active (running) since Tue 2014-09-16 07:05:22 IST; 45min ago
 Main PID: 648 (NetworkManager)
   CGroup: /system.slice/NetworkManager.service
           └─648 /usr/sbin/NetworkManager --no-daemon

Below are summarized nmcli commands as reference.

NetworkManager Commands Description
nmcli general status show the overall status of NetworkManager
nmcli connection show show all connections
nmcli connection show --active show only currently active connections
nmcli device status show devices recognized by NetworkManager
nmcli con up/down id <interface> start/stop interface
nmcli dev connect/disconnect iface <inetrface> start/stop interface
nmcli -p connection up <profile> ifname <interface> bring up the new connection
nmcli -p con show <profile> view detailed information about the newly configured connection


Configure manual IP address on the interface using nmcli 

Method 1 : 

 # ifconfig enp0s8
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 08:00:27:82:69:0b  txqueuelen 1000  (Ethernet)

# nmcli connection add con-name enp0s8 ifname enp0s8 type ethernet ip4 192.168.56.131/24 gw4 192.168.56.1
Connection 'enp0s8' (952e2bfa-1dcb-4612-9bb4-df347b5a8a50) successfully added.

# nmcli device show enp0s8
GENERAL.DEVICE:                         enp0s8
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         08:00:27:82:69:0B
GENERAL.MTU:                            1500
GENERAL.STATE:                          30 (disconnected)
GENERAL.CONNECTION:                     --
GENERAL.CON-PATH:                       --
WIRED-PROPERTIES.CARRIER:               on

# nmcli device connect enp0s8
Device 'enp0s8' successfully activated with '952e2bfa-1dcb-4612-9bb4-df347b5a8a50'.

# ifconfig enp0s8
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.56.131  netmask 255.255.255.0  broadcast 192.168.56.255
        inet6 fe80::a00:27ff:fe82:690b  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:82:69:0b  txqueuelen 1000  (Ethernet)

Method 2 :

nmcli Interactive Connection Editor

# ifconfig enp0s8
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::a00:27ff:fe82:690b  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:82:69:0b  txqueuelen 1000  (Ethernet)

# nmcli connection edit id enp0s8

===| nmcli interactive connection editor |===

Editing existing '802-3-ethernet' connection: 'enp0s8'

Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.

You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb
nmcli> help
------------------------------------------------------------------------------
---[ Main menu ]---
goto     [<setting> | <prop>]        :: go to a setting or property
remove   <setting>[.<prop>] | <prop> :: remove setting or reset property value
set      [<setting>.<prop> <value>]  :: set property value
describe [<setting>.<prop>]          :: describe property
print    [all]                       :: print the connection
verify   [all]                       :: verify the connection
save     [persistent|temporary]      :: save the connection
activate [<ifname>] [/<ap>|<nsp>]    :: activate the connection
back                                 :: go one level up (back)
help/?   [<command>]                 :: print this help
nmcli    <conf-option> <value>       :: nmcli configuration
quit                                 :: exit nmcli
------------------------------------------------------------------------------
nmcli> 

nmcli> goto ipv4
You may edit the following properties: method, dns, dns-search, addresses, address-labels, routes, ignore-auto-routes, ignore-auto-dns, dhcp-client-id, dhcp-send-hostname, dhcp-hostname, never-default, may-fail
nmcli ipv4> print
['ipv4' setting values]
ipv4.method:                            auto
ipv4.dns:                               
ipv4.dns-search:                        
ipv4.addresses:                         

nmcli ipv4> set ipv4.addresses 192.168.56.131/24 192.168.56.1
Do you also want to set 'ipv4.method' to 'manual'? [yes]: yes
nmcli ipv4> 

nmcli ipv4> print
['ipv4' setting values]
ipv4.method:                            manual
ipv4.dns:                               
ipv4.dns-search:                        
ipv4.addresses:                         { ip = 192.168.56.131/24, gw = 192.168.56.1 }

nmcli> save persistent
Connection 'enp0s8' (d0a11f5e-eb2b-4a7a-b225-71f8d07b5664) successfully updated.
nmcli> 
nmcli> activate enp0s8
Monitoring connection activation (press any key to continue)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
nmcli> 

[root@localhost ~]# ifconfig enp0s8
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.56.131  netmask 255.255.255.0  broadcast 192.168.56.255

Method 3 : 

Configure IP using ifcfg files

To configure an interface with static network settings using ifcfg files, for an interface with the name 
eth0, create a file with name ifcfg-eth0 in the /etc/sysconfig/network-scripts/ directory as 
follows:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=192.168.56.131
USERCTL=no
HWADDR=08:00:27:49:f1:68  <--- NOTE: Specify this as this may influence the device naming procedure.

How does the interface rename happens to be ?

A rule in /usr/lib/udev/rules.d/60-net.rules instructs the udev helper utility, /lib/udev/rename_device, to look into all /etc/sysconfig/network-scripts/ifcfg-suffix files. If it finds an ifcfg file with a HWADDR entry matching the MAC address of an interface it renames the interface to the name given in the ifcfg file by the DEVICE directive.

I, conclude hereby that the reader would have an understanding on how to configure and interact with NetworkManager.

Saturday, 30 August 2014

​YUM configurations & Installations using PXE boot with kick-start over FTP - #Redhat 7/CentOS 7

​CentOS 7 has been released on last month (7 July 2014), and there wasn't much help for the network installation(PXE) when I searched in Google.
Hence I had decided to BLOG on the same. This could be helpful for few who are looking on it, you could share in-case if it was helpful.

PXE installations requires the package repository, hence I would let you know on configuring the local YUM repository as well.

​​​Environment: CentOS 7(x86_64)
​​Kernel version: 3.10.0-123.el7.x86_64
​​
​Configure YUM repository:

Mount your DVD and copy all contents to the folder in FTP home directory, and point your repository file to the folder containing the packages.
 
#mkdir /var/ftp/centos7_x86_64
​#rsync -azvf /media/centos7/* ​ /var/ftp/centos7_x86_64
​#cat /et​c/yum.repos.d/centos7
 
[centos7]
name=centos7
baseurl=file:///var/ftp/centos7_x86_64
enabled=1
gpgcheck=1

#yum clean all
#yum list all
#yum grouplist

Make sure the below packages are installed, skipping the package installations.

1. tftp-server
2. dhcp
3. vsftpd​​

Configure TFTP:

# cat /etc/xinetd.d/tftp
server_args = -s /var/ftp/tftpboot
disable = no

#mkdir /var/ftp/tftpboot
#mkdir /var/ftp/tftpboot/pxelinux.cfg
#mkdir /var/ftp/tftpboot/centos7_x86_64

#cp /usr/share/syslinux/pxelinux.0 /var/ftp/tftpboot
#cp /usr/share/syslinux/menu.c32 /var/ftp/tftpboot
#cp /usr/share/syslinux/memdisk /var/ftp/tftpboot
#cp /usr/share/syslinux/mboot.c32 /var/ftp/tftpboot
#cp /usr/share/syslinux/chain.c32 /var/ftp/tftpboot
#cp /var/ftp/centos7_x86_64/images/pxeboot/vmlinuz /var/ftp/tftpboot/centos7_x86_64
#cp /var/ftp/centos7_x86_64/images/pxeboot/initrd.img  /var/ftp/tftpboot/centos7_x86_64

Configure DHCP:

# cat /etc/dhcp/dhcpd.conf
option domain-name      "localhost.localdomain";
option domain-name-servers      localhost.com;
default-lease-time 600;
max-lease-time 7200;
authoritative;
#################The followings are mandatory to boot from PXE ###################
allow booting;
allow bootp;
option option-128 code 128 = string;
option option-129 code 129 = text;
next-server 192.168.156.130;
filename "/pxelinux.0";
################################################
subnet 192.168.156.0 netmask 255.255.255.0 
{
range dynamic-bootp 192.168.156.131 192.168.156.140;
option broadcast-address 192.168.156.255;
option routers 192.168.156.1;
}

RHEL offers a graphical tool for creating and editing kickstart files called, Kickstart Configurator (the system-config-kickstart package) which is available in RHEL 7.

When creating or customizing your kickstart file, it is useful to verify that it is valid before attempting to use it in an installation. Red Hat Enterprise Linux 7 includes the ksvalidator command line utility which can be used to do this. This tool is a part of the pykickstart package

# yum install pykickstart

After installing the package, you can validate a Kickstart file using the following command:
#ksvalidator /path/to/kickstart.ks

Kisckstart file was created and could be download here

Configurations PXE:

Note:

On AMD64 and Intel 64 systems with BIOS, the file name can be either default or based on your system's IP address. In this case, add the inst.ks= option to the append line in the installation entry.
APPEND initrd=centos7_x86_64/initrd.img inst.ks=ftp://192.168.156.130/centos7_x86_64/kickstart/ks.cfg

On AMD64 and Intel 64 systems with UEFI, the file name will be grub.cfg. In this file, append the inst.ks= option to the kernel line in the installation entry.
KERNEL centos7_x86_64/vmlinuz inst.ks=ftp://192.168.156.130/centos7_x86_64/kickstart/ks.cfg

# cat /var/ftp/tftpboot/pxelinux.cfg/default
default menu.c32
prompt 0
timeout 30

MENU TITLE PXE Menu

LABEL centos7_x86_64
    MENU LABEL centos7_x86_64
    KERNEL centos7_x86_64/vmlinuz inst.ks=ftp://192.168.156.130/centos7_x86_64/kickstart/ks.cfg
    APPEND initrd=centos7_x86_64/initrd.img

This completes all your configuration, before this works make sure all your services are running and persistant.

# systemctl start dhcpd
# systemctl start xinetd
# systemctl start vsftpd

# systemctl enable dhcpd
# systemctl enable xinetd
# systemctl enable vsftpd

Make sure your client is booting from the network as the first boot device.






Sunday, 27 July 2014

autoyast configuration for PXE boot #OpenSuSE #SLES11

Objective: autoyast configuration and boot via PXE

Environment: OpenSuSE 11/SuSE 11

w.r.t my earlier post on PXE boot for SLES ( click here ) , I would continue as how autoyast could be configured and could be combined into PXE environment.

Yast ->Miscellaneous -> Autoinstallation    

In above Groups and their corresponding Modules, Clone the Modules, so that the current system Modules would be copied the the destination host.
Below is one such example shown,

Pic -1:                                                                                                                                                      
 Autoinstallation - Configuration
 ┌Groups────────────────────────────┐┌Modules───────────────────────
 │Hardware                          ││Add-On Products               
 │High Availability                 ││Image deployment              
 │Miscellaneous                     ││Online Update Configuration   
 │Network Services                  ││Package Selection             
 │Network Devices                   ││                              
 │Security and Users                ││                              
 │Software                          ││                              
 │Support                           ││                              
 │System                            ││                              
 │Virtualization                    ││                              
 │                                  ││                              

Pic -2:

Details
┌───────────────────────────────────────────────────────────────────┐
│Selected Patterns                                                  │
│                                                                   │
│ *  Minimal                                                        │
│ *  WBEM                                                           │
│ *  apparmor                                                       │
│ *  base                                                           │
│ *  dhcp_dns_server                                                │
│ *  documentation                                                  │
│ *  file_server                                                    │
│ *  gnome                                                          │
│ *  lamp_server                                                    │
│ *  print_server                                                   │
│ *  x11                                                            │
│                                                                   │
│Individually Selected Packages                                     │
│                                                                   │
│149                                                                │
│                                                                   │
│Packages to Remove                                                 │
│                                                                   │
│20                                                                 │
│                                                                   │
│                                                                   │
└───────────────────────────────────────────────────────────────────┘
      [Clone]                                                [Edit]
 [Apply to system]                                           [Clear]


Once the above package cloning and all other Groups are completed, you need to save the file(XML format) which by default resides in the directory /var/lib/autoinstall/repository.

Note: During the User and Group Management selection, make sure you would de-select 'gdm' as it is created during the installation and hence can be omitted. You may receive the error as below incase you have selected the user & group.

Error: Could not update ICEauthority file /var/lib/gdm/.ICEauthority

# ls -l /var/lib/autoinstall/repository/*.xml
-rw-r--r-- 1 root root 47703 Jul 25 13:55 /var/lib/autoinstall/repository/autoyast_pxe.xml

- Make a directory inside the apache's default DocumentRoot /srv/www/htdocs/

# mkdir /srv/www/htdocs/autoyast
#

- Copy the default XML file from /var/lib/autoinstall/repository/autoyast_pxe.xml to /srv/www/htdocs/autoyast
- Make sure that your PXE finds the autoyast configuration from the TFTP server to start the installations, hence need to append as below in the default configs of the PXE config's.

APPEND initrd=sles/11/x86_64/initrd splash=silent showopts install=http://192.168.56.116/sles/11/x86_64/ autoyast=http://192.168.56.116/autoyast/autoyast_pxe.xml

Config file for autoyast could be downloaded from the location http://goo.gl/1uWoHz

Now, your installations are successful and is automated.

Friday, 25 July 2014

PXE Installation on SLES 11

Objective: PXE installation for autoyast

In an effort to help automate OS installation, I had set up a Preboot Execution Environment (PXE) server.

"The Preboot eXecution Environment (PXE, also known as Pre-Execution Environment, or 'pixie') is an environment to boot computers using a network interface independently of available data storage devices (like hard disks) or installed operating systems."

Environment: SLES 11

I had already discusses how PXE works in my earlier posts where I had installed PXE environment for kick-starting the Redhat/CentOS flavors. If the reader is interested to know how PXE is configured on Redhat/CentOS - click here

Change Plan:

1. Create an ISO from the DVD installation media.
2. Mount the ISO permanently(/etc/fstab) to a particular mount point directory structure which is accessed through server, instead of extracting images. This could be more efficient in storage utilization.
3. Add a software repository for the web-server/ISO image which you have created.
4. Install packages like TFTP, DHCP, APACHE, SYSLINUX if they were not installed by default.
5. Modify TFTP and DHCP configurations as to lease IP addresses according to your environment you are building your enterprise server.
6. Poweron the destination host, boot from the LAN in which NIC makes a request to the DHCP which in-turns provides with information like(IP, subnet, gateway...etc), additionally provides the TFTP location from where it has to get the booting image.

I assume the reader would be aware of creating an ISO image, mounting it permanently, also would be skipping the package installations.

I would be providing more of the configuration details along with the screen shots, which could be helpful incase if you are configuring from " YAST "

Executions :

I had mounted by ISO image on /srv/www/htdocs/sles/11/x86_64 and has added into my repository as below shown, 

Repository Additions :

(Yast -> Software Repositories -> Add -> HTTP -> Server and Directory )


 Repository Name
 sles11sp3 
                           (x) Edit Parts of the URL  
  ┌Protocol────────────────────────────────────────
  │            ( ) FTP            (x) HTTP            
  └─────────────────────────────────────────────
 Server Name                                          
 192.168.56.116 
 Directory on Server
 /sles/11/x86_64 
  ┌Authentication────────────────────────────────────
  │[x] Anonymous                                      
  │User Name                                          
  │ 
  │Password                                           
  │ 
  └─────────────────────────────────────────────

TFTP Enable/Configurations :

Install/enable TFTP and make a boot image directory(/tftpboot), as below :

(Yast -> Network Services -> TFTP Server )



  ( ) Disable
  (x) Enable

  Boot Image Directory

  /tftpboot                  [Browse...]

  [ ] Open Port in Firewall  [Firewall Details...]
  Firewall is disabled


                     [View Log]


DHCP configurations :

Once DHCP is installed on the server, use DHCP server wizard.

Pic 1 :

Domain Name

Primary Name server IP
192.168.56.116


                                            [ Next ]

Pic 2 :


IP Address Range
First IP Address           Last IP Address
192.168.56.175             192.168.56.180


                                             [ Next ]

Pic 3 :

Service start
[X] When Booting
[ ] Manually


Pic 4: 

Global Options                        

    ┌────────────────────────────────────────────────────
    │Option                               │Value                    
    │ddns-update-style                    │none                     
    │ddns-updates                         │Off                      
    │authoritative                        │On                       
    │log-facility                         │local7                   
    │default-lease-time                   │14400                    
    │option domain-name                   │"suselnx.com"            
    │option domain-name-servers           │192.168.56.116           
                                                     
Pic 5 :

Subnet Configuration                                        

    Network Address                                 Network Mask
    192.168.56.0                                     255.255.255.0  

    ┌──────────────────────────────────────────────────────────
    │Option          │Value                                                      
    │range           │192.168.56.175 192.168.56.180                 
    │next-server     │192.168.56.116                                        
    │filename        │"pxelinux.0"                                    
    │option routers  │192.168.56.1              
    

                                                    Click OK and then finish

- Creating a directory structure for TFTP server

mkdir -p /tftpboot/pxelinux.cfg
mkdir -p /tftpboot/sles/11/x86_64

- Copy necessary files for boot to the TFTP server directory structure:

# cd /srv/www/htdocs/sles/11/x86_64/boot/x86_64/loader/
# cp linux initrd message biostest memtest /tftboot/sles/11/x86_64/
# cp /usr/share/syslinux/pxelinux.0 /tftpboot/
# cp /usr/share/syslinux/menu.c32 /tftpboot/

- Create a default menu as below :

#  cat /tftpboot/pxelinux.cfg/default 
default menu.c32
prompt 0
timeout 100

LABEL sles11sp3
MENU LABEL SLES 11 SP3 x86_64
KERNEL sles/11/x86_64/linux
APPEND initrd=sles/11/x86_64/initrd splash=silent showopts install=http://192.168.56.116/sles/11/x86_64 ramdisk_size=65536 

- Below would be the skeleton for our configured TFTP server.


# ls -lar /tftpboot/*

-rw-r--r-- 1 root root 16462 Jul 24 18:14 /tftpboot/pxelinux.0
-rw-r--r-- 1 root root 57140 Jul 24 18:14 /tftpboot/menu.c32

/tftpboot/sles:
total 12
drwxr-xr-x 3 root root 4096 Jul 24 18:23 11
drwxr-xr-x 4 root root 4096 Jul 24 18:23 ..
drwxr-xr-x 3 root root 4096 Jul 24 18:23 .

/tftpboot/pxelinux.cfg:
total 12
-rw-r--r-- 1 root root  669 Jul 25 11:07 default
drwxr-xr-x 4 root root 4096 Jul 24 18:23 ..
drwxr-xr-x 2 root root 4096 Jul 25 11:07 .

- On BIOS booting press F12, and select LAN(l) to further boot from the media.






Hence we could conclude that the PXE installation is successful and in my further posts I would configure an autoyast file to PXE which would automate SLES.
Thank you for reading and re-sharing.