Linux/Xen/DomU/CentOS/CentOS 7: Difference between revisions
| (8 intermediate revisions by the same user not shown) | |||
| Line 84: | Line 84: | ||
%end | %end | ||
</syntaxhighlight> | </syntaxhighlight> | ||
====Kickstart Xen Config==== | |||
Once you have the kickstart config file on a webserver you need to create a new Xen config file that will be used to install the base image. | |||
The Xen config will look something like this. You will need to edit the "disk", "kernel" and "ramdisk" paths to match where you are storing the files. | |||
Also in the "extra" section, "inst.ks" will be the URL to the kickstart config file. | |||
<syntaxhighlight lang="bash"> | |||
name="centos7ks" | |||
vcpus=2 | |||
memory=2048 | |||
disk=['file:/mnt/xen_images/centos/centos_ks.img,xvda,w' ] | |||
vif=['bridge=xenbr0'] | |||
on_reboot="restart" | |||
on_crash="restart" | |||
kernel="/mnt/xen_images/centos/x86_64/vmlinuz" | |||
ramdisk="/mnt/xen_images/centos/x86_64/initrd.img" | |||
extra="inst.repo=http://mirror.centos.org/centos/7/os/x86_64/ ip=eth0:dhcp inst.ks=http://192.168.1.80/kickstart/centos_domu.cfg" | |||
</syntaxhighlight> | |||
If you are not using DHCP you can set a static IP in the "extra" section like this, | |||
<syntaxhighlight lang="bash"> | |||
extra="inst.repo=http://mirror.centos.org/centos/7/os/x86_64/ ip=192.168.1.20::192.168.1.1:255.255.255.0:centos7ks:eth0:none nameserver=192.168.1.1 inst.ks=http://192.168.1.80/kickstart/centos_domu.cfg" | |||
</syntaxhighlight> | |||
Boot the Xen config and access the console. | |||
xl create centos7_ks.cfg -c | |||
The virtual machine should boot up and launch anaconda to begin the automated install process. | |||
You will get an error when it tries to install the bootloader. Since we don't use GRUB2 with Xen you can safely say "yes" to continue the installation. | |||
It will ask you to hit Return to finish and then the virtual machine will shutdown and halt. | |||
====Building the compact image==== | |||
The installation has finished but the virtual machine file size had to be 20G for CentOS to install. The installation can be copied into a smaller image for easier cloning and distribution. | |||
Create a 1G image and format it with XFS | |||
dd if=/dev/zero of=centos7.img bs=1M count=1 seek=1024 | |||
mkfs.xfs centos7.img | |||
The finished installation image was partitioned during the install so we have to use kpartx to access the filesystem. | |||
kpartx -av centos_ks.img | |||
This will create a loopback device ( /dev/mapper/loop0p1 ) that you can mount. | |||
mount /dev/mapper/loop0p1 /mnt/img | |||
Mount the compact image | |||
mount centos7.img /mnt/img2 | |||
Use rsync to copy everything from the finished installation to the compact image. | |||
rsync -avH /mnt/img/ /mnt/img2/ | |||
CentOS defaults to using the UUID syntax for /etc/fstab. This won't work since we copied the OS to a new file system. | |||
vi /mnt/img2/etc/fstab | |||
Make fstab look like this, | |||
/dev/sda1 / xfs defaults 0 0 | |||
You can remove the UUID section from /mnt/img2/etc/sysconfig/network-scripts/ifcfg-eth0 since we won't be using NetworkManager. | |||
DHCP_HOSTNAME can also be removed. | |||
When the OS was copied to the compact image, the SELinux contexts were not copied over. If you were to try and boot the compact image now, things would fail to start and you would not be able to login because SELinux would prevent you from running a shell. So we need to set SELinux to permissive for the first boot so we can fix the contexts. | |||
vi /mnt/img2/etc/selinux/config | |||
Change 'SELINUX=' to permissive. | |||
<syntaxhighlight lang="bash"> | |||
# This file controls the state of SELinux on the system. | |||
# SELINUX= can take one of these three values: | |||
# enforcing - SELinux security policy is enforced. | |||
# permissive - SELinux prints warnings instead of enforcing. | |||
# disabled - No SELinux policy is loaded. | |||
SELINUX=permissive | |||
</syntaxhighlight> | |||
Create a basic Xen config so we can boot the image. | |||
<syntaxhighlight lang="python"> | |||
name="centos7base" | |||
vcpus=2 | |||
memory=512 | |||
disk=['file:/mnt/xen_images/centos/centos7.img,xvda1,w' ] | |||
vif=['bridge=xenbr0'] | |||
on_reboot="restart" | |||
on_crash="restart" | |||
bootloader = "pygrub" | |||
root = "/dev/xvda1 ro" | |||
</syntaxhighlight> | |||
Boot the compact image and log in. Then run the command, | |||
restorecon -R -v / | |||
This will reset all the SELinux contexts for the file system. When that finishes you can set SELinux back to enforcing. | |||
vi /etc/selinux/config | |||
Change 'SELINUX=' to enforcing. | |||
====Final Cleanup==== | |||
Remove the DHCP lease file for eth0 | |||
rm /var/lib/dhclient/dhclient--eth0.lease | |||
Remove the SSH host keys so you don't get duplicates when cloning the image. | |||
rm /etc/ssh/ssh_host* | |||
Zero out log files to save space. | |||
<pre> | |||
echo '' > /var/log/dmesg | |||
echo '' > /var/log/maillog | |||
echo '' > /var/log/boot.log | |||
echo '' > /var/log/secure | |||
echo '' > /var/log/cron | |||
echo '' > /var/log/messages | |||
</pre> | |||
Shutdown the virtual machine and you can start cloning this image. | |||
Latest revision as of 12:50, 16 February 2019
CentOS 7
The CentOS 7 installer won't install to a disk smaller then 10-20GB but its still possible to copy the finished install into a smaller image for easier distribution and cloning.
Create a empty image file and format it with xfs. We are making the file 20GB so CentOS will install.
dd if=/dev/zero of=centos_ks.img bs=1M count=1 seek=20000 mkfs.xfs centos_ks.img
The easiest way to install CentOS is using the kickstart system. You will need a webserver to host the kickstart config file. You will also need a kernel and ramdisk image from a CentOS mirror.
Download the vmlinuz and initrd.img files from your favorite CentOS mirror.
http://mirror.centos.org/centos/7/os/x86_64/images/pxeboot/
You will be booting the CentOS kickstart image with these files.
Here is the kickstart config that will need to be put on a webserver.
#version=1.0.0
install
# System authorization information
auth --enableshadow --passalgo=sha512
# Use network installation
url --url="http://mirror.centos.org/centos/7/os/x86_64/"
# Use text mode install
text
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=xvda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts=''
# System language
lang en_US.UTF-8
# Network information
network --hostname=centos7 --bootproto=dhcp --device=eth0 --onboot=on
# Root password
rootpw --iscrypted $6$QgAmrd86o3M8qQIa$0LMJo9zwIe3j1e.hnc5G.6bXyhduRF03McofIDGSb7lrso6mbl9kt.WzxYOCXysC4Fb6Rdlu8OkXNAL22BLUW0
# System services
services --enabled="network"
# Do not configure the X Window System
skipx
# System timezone
timezone Etc/UTC --isUtc
# System bootloader configuration
bootloader --timeout=5 --driveorder=xvda --append="console=hvc0"
# Partition clearing information
zerombr
clearpart --all --initlabel --drives=xvda
part / --fstype=xfs --grow --size=1 --asprimary --ondisk=xvda
# Shutdown when the kickstart is done
halt
%packages
@core --nodefaults
-grub2
-chrony
-NetworkManager
-NetworkManager-team
-NetworkManager-tui
-NetworkManager-libnm
-wireless-tools
-plymouth
-fprintd-pam
-*-firmware
%end
%addon com_redhat_kdump --disable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
Kickstart Xen Config
Once you have the kickstart config file on a webserver you need to create a new Xen config file that will be used to install the base image.
The Xen config will look something like this. You will need to edit the "disk", "kernel" and "ramdisk" paths to match where you are storing the files. Also in the "extra" section, "inst.ks" will be the URL to the kickstart config file.
name="centos7ks"
vcpus=2
memory=2048
disk=['file:/mnt/xen_images/centos/centos_ks.img,xvda,w' ]
vif=['bridge=xenbr0']
on_reboot="restart"
on_crash="restart"
kernel="/mnt/xen_images/centos/x86_64/vmlinuz"
ramdisk="/mnt/xen_images/centos/x86_64/initrd.img"
extra="inst.repo=http://mirror.centos.org/centos/7/os/x86_64/ ip=eth0:dhcp inst.ks=http://192.168.1.80/kickstart/centos_domu.cfg"
If you are not using DHCP you can set a static IP in the "extra" section like this,
extra="inst.repo=http://mirror.centos.org/centos/7/os/x86_64/ ip=192.168.1.20::192.168.1.1:255.255.255.0:centos7ks:eth0:none nameserver=192.168.1.1 inst.ks=http://192.168.1.80/kickstart/centos_domu.cfg"
Boot the Xen config and access the console.
xl create centos7_ks.cfg -c
The virtual machine should boot up and launch anaconda to begin the automated install process.
You will get an error when it tries to install the bootloader. Since we don't use GRUB2 with Xen you can safely say "yes" to continue the installation.
It will ask you to hit Return to finish and then the virtual machine will shutdown and halt.
Building the compact image
The installation has finished but the virtual machine file size had to be 20G for CentOS to install. The installation can be copied into a smaller image for easier cloning and distribution.
Create a 1G image and format it with XFS
dd if=/dev/zero of=centos7.img bs=1M count=1 seek=1024 mkfs.xfs centos7.img
The finished installation image was partitioned during the install so we have to use kpartx to access the filesystem.
kpartx -av centos_ks.img
This will create a loopback device ( /dev/mapper/loop0p1 ) that you can mount.
mount /dev/mapper/loop0p1 /mnt/img
Mount the compact image
mount centos7.img /mnt/img2
Use rsync to copy everything from the finished installation to the compact image.
rsync -avH /mnt/img/ /mnt/img2/
CentOS defaults to using the UUID syntax for /etc/fstab. This won't work since we copied the OS to a new file system.
vi /mnt/img2/etc/fstab
Make fstab look like this,
/dev/sda1 / xfs defaults 0 0
You can remove the UUID section from /mnt/img2/etc/sysconfig/network-scripts/ifcfg-eth0 since we won't be using NetworkManager. DHCP_HOSTNAME can also be removed.
When the OS was copied to the compact image, the SELinux contexts were not copied over. If you were to try and boot the compact image now, things would fail to start and you would not be able to login because SELinux would prevent you from running a shell. So we need to set SELinux to permissive for the first boot so we can fix the contexts.
vi /mnt/img2/etc/selinux/config
Change 'SELINUX=' to permissive.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
Create a basic Xen config so we can boot the image.
name="centos7base"
vcpus=2
memory=512
disk=['file:/mnt/xen_images/centos/centos7.img,xvda1,w' ]
vif=['bridge=xenbr0']
on_reboot="restart"
on_crash="restart"
bootloader = "pygrub"
root = "/dev/xvda1 ro"
Boot the compact image and log in. Then run the command,
restorecon -R -v /
This will reset all the SELinux contexts for the file system. When that finishes you can set SELinux back to enforcing.
vi /etc/selinux/config
Change 'SELINUX=' to enforcing.
Final Cleanup
Remove the DHCP lease file for eth0
rm /var/lib/dhclient/dhclient--eth0.lease
Remove the SSH host keys so you don't get duplicates when cloning the image.
rm /etc/ssh/ssh_host*
Zero out log files to save space.
echo '' > /var/log/dmesg echo '' > /var/log/maillog echo '' > /var/log/boot.log echo '' > /var/log/secure echo '' > /var/log/cron echo '' > /var/log/messages
Shutdown the virtual machine and you can start cloning this image.