This is my fifth day of the August Challenge.

The paper

Operation and maintenance Considerations: How to generate operation and maintenance specifications? This article introduces how to extract the operation and maintenance basis from the ordinary work to realize the operation and maintenance specifications. Next, we will continue to push the standardization work according to the operation and maintenance framework hierarchically. Do not think that “landing” is for fun!

In this article, we introduce the more basic work in the “IT Infrastructure layer “: the installation of the server operating system, which involves the batch installation of the operating system on the server shelf. If the number of servers is small, we can install through IDRAC or on-site, but dozens or even hundreds of servers may not work, and we need to install unattended. Regardless of the number, thoroughly and artificially said 88, here to recommend Cobbler.

The deployment of

1. Install

yum install httpd dhcp tftp python-ctypes cobbler xinetd cobbler-web
systemctl start httpd
systemctl enable httpd
systemctl enable cobberd
systemctl start cobblerd
Copy the code

2. The configuration

# 1. Check whether there is any problem with the configuration file. In subsequent configurations, modify the configuration file as prompted
cobbler check
# 2. Modify the cobbler configuration file
vim /etc/cobbler/settings
Change the local IP address
# server: 127.0.0.1Server: 10.166.160.253Modify TFTP server
# next_server: 127.0.0.1Next_server: 10.166.160.253# 3. Start TFTP
vim /etc/xinetd/tftp
#disable Disable is set to no from disable and is enabled
service xinetd restart
netstat -nulp |grep 69
# 4. Download missing files
cobbler get-loaders
# 5. Start rsync
systemctl start rsyncd
systemctl enable rsyncd
# 6. Install PyKickStart to verify that the kickstart file is valid
yum -y install pykickstart
# 7. Change the password of the kickstart template, which is the root password of the operating system
openssl passwd -1 -slat 'random-phrase-here' 'xxxxxxx'
vim /etc/cobbler/settings
default_password_crypted: "xxxxxx"
# 8. Configure DHCP
vim /etc/cobbler/setttings
# Modify the following fields
manage_dhcp: 1
pxe_just_once: 1

vim /etc/cobbler/dhcp.template
# Modify the following fieldsOption routers 10.166.160.253; Option domain - name - the servers 10.166.160.253; Option subnet configures - mask 255.255.255.0.The DHCP network segment can be allocatedThe range dynamic - the bootp 10.166.160.240 10.166.160.252;Restart after DHCP is changed
systemctl restart cobblerd
Each time you modify the configuration file, you need to synchronize it.
cobber sync
# 9. Import centos-7.6 imageMount centos-7.6-x86_64-DVD-1810.iso/MNT cobbler import --path=/ MNT --name=Centos7.6 --arch=x86_64# can be viewed below
cobbler list
# 10. Add the ks file
# ks file exists on /var/lib/kickstartsVim/var/lib/cobbler/kickstarts/Centos - 7.6 - x86_64. Ks# Verify the configuration file
cobbler validateks
# if an error at this time < type 'exceptions. UnicodeDecodeError' >
The reason is that the python character set encoding is inconsistent
# Need to use the following configuration and restart the server to solve.The cat > > / usr/lib/python2.7 / site - packages/sitecustomize. Py < <EOF # encoding=utf8 import sys reload(sys) sys.setdefaultencoding('utf8') EOF

If there is no problem with ks, you need to import ks and Centos7.6 to bindCobbler profile edit - name Centos - 7.6 - x86_64, kickstart = / var/lib/cobbler/kickstarts/Centos - 7.6 - x86_64. Ks# 11. View the configuration
cobbler profile report 
No matter which configuration file is modified, it needs to pass
cobbler sync
Next, you can install the system through Cobbler by starting a server on the same network.

Our custom ks file is as follows:Vim/var/lib/cobbler/kickstarts/Centos - 7.6 - x86_64. Ks install# Text install
text
lang en_US.UTF-8
keyboard us
authconfig --enableshadow --enablemd5
#xconfig --startxonbootNetwork --onboot yes --device ENS160 --bootproto static -- IP 10.166.160.251 -- Netmask 255.255.255.0 --gateway 10.166.160.254 -- Nameserver 10.164.200.202 --hostname pre-166-160-251 rootpw --iscrypted$default_password_crypted
# installation tree
url --url=$tree
firewall --disabled
selinux --disabled
timezone Asia/Shanghai
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
Delete all partitions and rebuild LVM partitions
clearpart --all --initlabel
part    /boot    --fstype="ext4"   --size=500    --ondrive=sda
part    swap     --size=4096       --ondrive=sda
# set the LVM
part pv.01 --size=1 --grow
volgroup  vg_root  pv.01
logvol  /  --fstype="ext4" --vgname=vg_root --size=1 --grow  --name=lv_root
# Minimize installation
%packages --nobase
@core
%end
reboot
Copy the code

We can customize the following contents through the KS file:

  • Network configuration: IP, subnet mask, gateway, and DNS
  • Host name, set different account information
  • LVM disk partition
  • Security Settings: Disable the firewall and disable selinux
  • Minimal installation
  • You can also customize the installed package

Operating system installation specifications

Operating system is the lowest level system of our operation and maintenance. If not well managed, the following problems may easily occur:

  • The account password is confused, and you need to log in to the system multiple times
  • The application directory cannot be quickly located because the directory is chaotic
  • Partitioning is not uniform or does not use LVM and cannot scale quickly
  • The firewall and Selinux are not closed uniformly, and there is an unknown problem
  • , etc.

If you have more or less of these problems, it means that the underlying operating system needs to be fixed, otherwise operations will get bog down in fixing these trivial problems, and the workload will grow exponentially as the number of servers increases.

Therefore, operating system installation specifications can be specified in the following aspects:

  • The host name
  • Login account
  • The DNS, the NTP
  • LVM disk partition
  • Firewall, Selinux
  • , etc.

Of course, these are the most basic specifications that can be defined by KS, and we can also perform unified configuration initialization on this basis, which may be the next step.

Configuration initialization:

  • Install the YUM and PIP sources
  • Disable useless services, such as PostFix and Sendmail
  • SSH optimization
  • Limit and kernel parameter adjustment
  • Uniform environment variables
  • Install a unified client
  • , etc.

Through the above operations, we can get a set of operating systems can be directly delivered to production, “looking at the comfort, use the rest assured.”

conclusion

In the process of operating system standardization, in addition to the above, I think there is another specification that is more important, which is the Catalog Management Specification. After the delivery of the operating system, multiple technology stacks may be running at the same time, and everyone in the team has different deployment habits. If information cannot be shared, it may increase the difficulty of operation and maintenance. Therefore, following the Directory Management Code can ensure that no matter who is on the team, it is easy to ensure the continuity of operation and maintenance.

Finally, if you want to normalize your operating system, there should be two phases:

  1. The operating systemThe installationThe canonical
  2. The operating systemconfigurationThe canonical

Of course, the standardization of configuration may be due to the different industries in which the enterprise is located, and the dimensions of the requirements are not the same. This can be adjusted according to the needs.