Arvutiteaduse instituut
  1. Kursused
  2. 2019/20 kevad
  3. Süsteemihaldus (LTAT.06.003)
EN
Logi sisse

Süsteemihaldus 2019/20 kevad

  • Home
  • Practicals
  • Exam
  • Grades?
  • References

Lab2 Bootstrapping CentOS 7

In this lab we will cover the installation process relying mainly on the bootstrapping way, which illustrates some of the essential steps of the installation. By using the installer application, eventually it will hide all the important steps and making user friendly. However, we are aiming the expert level understanding of the GNU/Linux OS, therefore we will try to avoid wizards and helpers.

Creating the VM

First let's create VM suitable to run CentOS. This newly created VM becomes our temporary environment for installing CentOS 7.

Please download ISO file from the following link:
Official CentOS 7 repository

Note: Choose the DVD installation .iso file.

Once the ISO downloaded and is valid, we may create VM and install Debian

  • For VirtualBox :
    • Open the VirtualBox application, and click New Button
      • Give a new VM a name
      • Choose a type Linux
      • Choose version Redhat (64-bit)
      • Click Next
      • Specify amount of memory 1024MB, as this will be enough for testing purposes
      • Click Next
        • Select Create a virtual hard disk now
      • Click Next
        • Select VDI (VirtualBox Disk Image)
      • Click Next
        • Select Dynamically allocated
      • Click Next
        • Set 10 GB as size
      • Click Create
    • The newly created VM should be visible in the VM list (in the left in VirtualBox main window you should see it listed
    • Right-click on it and select Settings
      • Go to System -> Processor tab -> select 2 CPU cores and Enable PAE/NX -> Acceleration tab -> Verify that Enable VT-x/AMD-V is marked -> Click OK.
      • Go to Storage -> Click Controller: SATA -> Click second icon with green "plus sign" called Add hard disk -> Create new disk -> Select VDI (VirtualBox Disk Image) -> Select Dynamically allocated -> 10GB -> Click Create -> Click OK.
    • We will also need to attach the CentOS 8 bootable ISO to the VM
    • Under Storage -> select Controller: IDE -> Click first icon with green "plus sign" called Add optical drive -> Locate the downloaded CentOS ISO and add it to the Virtual machine

As a result the VM should start Live CD boot process

  • the new window will appear illustrating VM's VGA output
    • For releasing the mouse pointer use right Ctrl key
  • you should see the boot menu page with possible boot options

In order kill/reset the running instance:

  • In menu File of the running VM's window
  • Select Close
  • Chose Power off ...

Next time you need to run the VM you can just double-click the corresponding icon in the VM list

After you have started the virtual machine the CentOS boot menu should appear:

  • Please select First option Install CentOS Linux 7 and hit Enter
  • The standard boot process will take place and bring to an installation prompt
  • Select a language according to your preferences

Now we are ready to begin preparations and start installing CentOS!

Preparing the disks

The first thing we need to do is to switch to root shell in order to have access to utils like:

  • fdisk, mkfs, mkswap, tune2fs, mount, vi, mdadm, lvm-tools, cryptsetup/dm-crypt (etc.)
  • ... which we will use to setup the disks up.

Changing to root shell

You need to switch to another TTY inside the CentOS installation. To do that we need to send the keys Ctrl-Alt-F2 to the VM

  • On windows this should work normally
  • If your VirtualBox host machine is running linux, your host may capture the keys instead.
  • In that case you will need to select Input under your running VM and open the Soft Keyboard

You should see a root shell starting with [anaconda root@localhost /]#

Now we can start partitioning and formatting our HDD.

Partitioning virtual HDD (DOS or GPT)
First of all make sure we have HDD in our system at all:

  • # fdisk -l or
  • # lsblk
  • ... should give us an information about attached hard drives and partitions
    • We should see /dev/sda (the first hard drive) and /dev/sdb (the second hard drive) both empty with 10 GiB of free space each.


Enter the fdisk interactive partitioning tool:

  • # fdisk /dev/sda
  • Now here we operate the the using keys, for example key m gives a manual of all other keys to control fdisk
  • Lets create a fresh DOS partition table issuing o
  • Now click n to create a first partition table
    • It will ask to select primary/extended, in our setup we will rely on primary partitions only (we will only have 2 of them)
    • Now confirm the 1 for partition number and 2048 for the offset of first sector
    • Next select the last sector by giving an amount of desired free space +1024M
  • Now you can see the first partition was created, you can check it using p key.
  • Next we give a type for a first partition which we make a boot area of our OS (what it is by the way ?)
    • Hit t for specifying the type, and you may have list of all types using L
    • Enter the code ef for type EFI file system and hit Enter
  • Now create another primary partition, allocating the remaining free space for it and giving it a type Linux raid auto (code fd).
    • In order to make it use all the remaining space - in the dialog, when asked about the last sector just leave the default value as it is (default value is the last possible sector to allocate on HDD).
  • Save the partition table using w key which will also terminate the fdisk and refresh the partition partition tables in kernel.

The correct output for p command in fdisk

  • In case you did something wrong or want to redo you can use # fdisk /dev/sda and then hit d to delete partitions.

Repeat the process for a second disk

  • # fdisk /dev/sdb

The correct output for lsblk command

RAID 1 for better data reliability
RAID (Redundant Array of Independent Disks, originally Redundant Array of Inexpensive Disks) is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both.

Data is distributed across the drives in one of several ways, referred to as RAID levels, depending on the required level of redundancy and performance. The different schemes, or data distribution layouts, are named by the word "RAID" followed by a number, for example RAID 0 or RAID 1. Each schema, or RAID level, provides a different balance among the key goals: reliability, availability, performance, and capacity. RAID levels greater than RAID 0 provide protection against unrecoverable sector read errors, as well as against failures of whole physical drives. https://en.wikipedia.org/wiki/RAID

Lets create md0 array from /dev/sda1 and /dev/sdb1

  • # mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 --metadata=0.90 /dev/sda1 /dev/sdb1 .

Format the first RAID array as FAT32 using command

  • # mkfs.vfat -n BOOT -F32 /dev/md0 .

Lets create md1 array from /dev/sda2 and /dev/sdb2

  • # mdadm --create --verbose /dev/md1 --level=1 --raid-devices=2 /dev/sda2 /dev/sdb2 .
  • Accept the warning about metadata.
  • Now lsblk output should look like this
  • You can check status of RAID arrays with cat /proc/mdstat command

For added security lets encrypt the data parts of our disks
dm-crypt is a transparent disk encryption subsystem in Linux kernel versions 2.6 and later and in DragonFly BSD. It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API. The dm-crypt device mapper target resides entirely in kernel space, and is only concerned with encryption of the block device – it does not interpret any data itself. It relies on user space front-ends to create and activate encrypted volumes, and manage authentication. At least two frontends are currently available: cryptsetup and cryptmount. The cryptsetup command-line interface, by default, does not write any headers to the encrypted volume, and hence only provides the bare essentials: encryption settings have to be provided every time the disk is mounted (although usually employed with automated scripts), and only one key can be used per volume; the symmetric encryption key is directly derived from the supplied passphrase. https://en.wikipedia.org/wiki/Dm-crypt

  • Encrypt the md1 array with cipher: aes-xts-plain64 and hash: sha-512

# cryptsetup luksFormat -c aes-xts-plain64 -h sha512 -y -v /dev/md1 .

  • Confirm the formatting
  • Open the encrypted array md1 into a mapped drive crypt1

# cryptsetup luksOpen /dev/md1 crypt1 .

  • You can chek if the newly opened disk is available in lsblk list

LVM

In Linux, Logical Volume Manager (LVM) is a device mapper target that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume.

LVM is used for the following purposes:

  • Creating single logical volumes of multiple physical volumes or entire hard disks (somewhat similar to RAID 0, but more similar to JBOD), allowing for dynamic volume resizing.
  • Managing large hard disk farms by allowing disks to be added and replaced without downtime or service disruption, in combination with hot swapping.
  • On small systems (like a desktop), instead of having to estimate at installation time how big a partition might need to be, LVM allows filesystems to be easily resized as needed.
  • Performing consistent backups by taking snapshots of the logical volumes.

LVM can be considered as a thin software layer on top of the hard disks and partitions, which creates an abstraction of continuity and ease-of-use for managing hard drive replacement, repartitioning and backup.

  • Create a Physical Volume (PV) using the mapped crypted drive

# pvcreate /dev/mapper/crypt1

  • Check that PV was created successfully

# pvs
# pvdisplay

  • Create a Volume Group (VG) named 'system' using the PV we have just created

# vgcreate vgsystem /dev/mapper/crypt1

  • Check that VG was created successfully

# vgs
# vgdisplay

  • Create following Logical Volumes (LV) in volume group system

# lvcreate -L 8G -n lvroot vgsystem
# lvcreate -l 100%FREE -n lvswap vgsystem

  • Check that LV was created successfully

# lvs
# lvdisplay

If done correctly lsblk should look like something like this

  • Format the lvroot partitions into ext4 using command

# mkfs.ext4 -L ROOT /dev/mapper/vgsystem-lvroot .

  • Flag -L adds a label to the partition.
  • Format swap partition

# mkswap -L SWAP /dev/mapper/vgsystem-lvswap .

  • To verify previous command you can use blkid command

Configuring the installation disks

First we need to reboot the instance to let CentOS know we've changed the device configuration. The easiest way to do this is to enter the command reboot into the terminal session.

Once again choose Install CentOS 7 and let it boot into the graphical interface.

Now we will choose the option INSTALLATION DESTINATION, after which we should see the 2 disks we configured partitioning on. Select both of them (make sure both of the tickboxes are checked) and from the bottom select I will configure partitioning. After clicking Done in the upper left corner, we can now configure CentOS to use our partitioing scheme.

Firstly in the sidebar we click Unknown, while CentOS is capable of recoqnizing the encrypted partitions, it is a more rarely used feature. Select the Encrypted (LUKS) option and insert your passphrase to unlock the crypt-lvm.

Next we will need to configure each of the partitions.

First lets configure the boot partition itself, for this we will use the vfat partition we created earlier

  • Select the vfat partition with the size of 1024MB
    • Set its Mount point to /boot
    • Choose Reformat
    • File system type will be ext2
    • Scroll down, click Update settings

This configured lets CentOS know to use the first partition as the boot sector, now we will configure the root-filesystem and the swap area

  • Select vgsystem-lvroot
    • Set its Mount point to / (/ in UNIX type operating systems denotes the root of the filesystem tree)
    • Choose Reformat
    • File system type will be xfs
  • Now choose the final partiton vgsystem-lvswap
    • Just choose Reformat and update the settings.

After clicking done you will be prompted a list of changes to the filesystem. Click Accept Changes and this will conclude the partitioning part of the guide.

Configuring your Installation

Without any configuration, CentOS 7 will be installed in what's called a Minimal or headless configuration. This means that no graphical user interfaces will be installed. The reason for this is that CentOS is mainly used as a server operating system and any unneccesary overhead would be wasteful

For configuring our installation, first lets add a Graphical interface which will be installed during the setup.

  • Under Software Selection select GNOME Desktop under the Base Environment list
  • Next well select a few Add-Ons for out environment. Do keep in mind that if you miss any, they can be installed at a later time
  • For our installation we'll choose Systemn Administration Tools for a large set of tools that will be used during this course and GNOME Applications for some convenience software.
  • Click Done

Next we'll configure our locale settings - these are mainly a personal preference but it's still good to atleast familiarize yourself with the options.

  • Under Date & Time, set the current timezone to be Europe/Tallinn
  • Under Keyboard you can add extra keyboard layouts by your choosing
  • Finally, under Language Support you can configure extra languages, but this is not currently neccesary as this course is in english

Lastly, we'll configure the network and hostname settings.

  • Open Network & Host name

First we'll edit the current hostname - this is the name given to the machine. It's important to choose an unique hostname, especially when navigating in multi-server or multi-os environments the hostname is the first identifier you see when configuring your OS.

  • Set the hostname as your last name.

Next we'll configure the network settings. You should already see one device in the list.

  • Select the Ethernet device, and in the top-right corner change it to ON
  • Next select configure, and under the Ethernet tab change Link negotiation to Automatic
  • Finally, under the General tab ensure that Automatically connect to this network is checked.

Once the configuration is done, check Begin Installation

Adding an user Currently our setup only has the root user enabled. Once the installation start we can add an additional user that does not have all the system privileges.

  • Select Create user
  • Fill in the details as you would
  • For the username just use your last name
  • Make sure to check the option of Make this user administator

The installation should now be complete, click reboot.

  • In addition, Remove attached ISO file of the CentOS 7 and try to run the VM using only the HDD we used to bootstrap new Debian:
  • Stop the VM
  • In the Devices Menu:
    • In Optical Drives section:
      • Click Remove disk from virtual drive
  • Reboot the VM VM-name -> Machine -> Reboot

The VM should ask for decryption password and then automatically boot into your fresh CentOS environment:

  • The HDD has to be bootable (Boot Loader embedded into MBR)
    • So the GRUB menu has to be visible during boot time
  • The first entry Centos- should ask for decryption password
  • During the first reboot, you will be asked to accept the CentOS license
    • Accept the license and click Finish Configuration
  • Later reboots should go directly to the OS and bring user to login screen with no errors
  • Defined users root and user should be able to login using the configured passwords 
  If you cannot finish the task in class, and you did the task on class computers, then you can access your machine by going to:

     ssh <username>@adalberg.ut.ee

   There you have the same home directory as in the classrooms. Then you can copy the VM image files to your computer with tools like scp, rsync or filezilla. (Can do this from anywhere)

CONGRATULATIONS you have completed the lab 2.

  • We believe in self study and that you are in University to learn so we do not ask proof of completing this lab, but instead we warn that you need this knowledge in future labs and exam.
  • We try to keep lab manuals short so we do not add long explaining texts in them so if you feel that some topics are still unclear we encourage you to use your favorite search engine to fill the gaps in knowledge you might encounter during System Administration course.
  • In case you still need help we have made a short video to help you get started. Video!

Lab 001 Live Videos

  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused