Redhat Linux Enterprise Linux v3 standard JMU Installation Procedure & Configuration Script
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This documentation is given as a suggested method for installing your Red Hat Enterprise
Linux WS, Desktop, ES, or AS system. You can also pick and choose from the suggested
steps below. The steps below help you setup for the basic needs your Linux computer
will need, including file system, package selection, network setup, LDAP Secure authentication,
printer coniguration, ssh setup, time server, user setup, sendmail defaults, sudo setup
so you can sudo -s as root, snmp traps, and importantly how to setup your system to run UP2DATE
with the JMU RHN Satellite Server hosted on campus.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Note: these instructions assume a familiarity with the install process and will assume that the
installer will either accept the default or choose reasonable values when this document doesn't
address a step.
0. For Dell systems, configure the disks for mirroring before installing the system.
1. Boot from cd, select Graphic Mode installation, and appropriate language, keyboard, and mouse settings.
2. Select Manual Partitioning. (Creating software RAID on 2 disks, LVM for the file system)
a. Create a 400 MB RAID partition on each disk. Click RAID, select "Create software RAID partition", select size and drive. Repeat for the other disk.
b. Create a RAID device. Click RAID, select "Create RAID device." Select /boot as the mount point, ext3, RAID1.
c. Create a swap RAID partition on each disk (2 X memory size). Create a RAID device, select swap.
d. Create a RAID partition from the rest of the space on each disk. Create a LVM RAID device by clicking RAID; select 'Create a RAID device.'
Select Physical Volume and RAID1.
e. Inside the Volume Group, create the following Logical volumes by clicking on LVM, clicking Add, and choosing the mount point and size:
i. / (700MB)
ii. /home (2048MB)
iii. /tmp (1024MB)
iv. /usr (2048MB)
v. /var (2048MB)
vi. /opt (1024MB)
3. Select Grub Boot Loader with default options
4. Set eth0/eth1 as appropriate.
5. Select NO firewall.
6. Packages - Select Customize the set of Packages
a. Deselect Gnome, Graphical Internet, Web Server, Windows File Server
b. X Window System - deselect gdm, openssh-askpass-gnome, up2date-gnome,vnc-server
c. Editors - select vim-enhanced only
d. Text-based Internet - select elinks
e. Under Server Configuration Tools, deselect redhat-config-bind, redhat-config-httpd, redhat-config-samba, redhat-switch-mail-gnome.
f. Select Development Tools. Deselect gcc-g77*, gcc-gnat*, gcc-java*, gcc-objc*
g. Under System Tools, select openldap-clients, screen, sysstat
h. Now go back and re-select any custom packages you will require for your system needs.
At this point, we have a vanilla install with no users or customizations or only your basic
package customizations - therefore complete the install as follows:
1. Run the linux_install_script (see copy of this script below - which you can customize)
This must be run as "root" user from a terminal command line. One of the important
aspects of the install script is "authconfig" which helps you to setup for LDAP
authentication should you choose. It is important you edit this script for your
own environment before you run it! (Step 4 will help you further setup for Secure LDAP.)
2. Grub: Add a line to start the system in single user mode to /etc/grub.conf
a. copy the section for the current kernel to the end of the file
b. Append 'Single User Mode' to the end of the new section's title
c. Append the word 'single' to the line beginning with kernel
3. PAM
a. Edit /etc/pam.d/system-auth to comment out the line:
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
Make it look like this:
#account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
4. Follow this step if you wish to convert your Linux system to LDAPS (Secure LDAP using SSL
or TLS).
a. Complete the previous steps in this document, esp. those involving running 'authconfig'
and setting up for LDAP authentication. Either using the script provided or run
authconfig manually and fill in the appropriate fields.
b. Edit your /etc/ldap.conf file and make sure you have the following uncommented:
# Must have host and base.
host ldap.jmu.edu
base o=JMU
# Use ssl start_tls OR on (not both)
# TLS does SSL over port 389 (normally the cleartext port)
# SSL ON does SSL over secure port 636
# At this time we recommend using TLS.
ssl start_tls
#ssl on
# Makes sure you comment out this line if it is in your ldap.conf.
#ssl no
You may note there is also a /etc/openldap/ldap.conf. This is not used for LDAP Client
access, and in fact you can replace it with a symbolic link to /etc/ldap.conf or
just put the "host" and "base" in it, and you are done with it.
Now you are ready to do an "ssh eid@yourhost" and make sure your e-id's LDAP password
successfully gets you logged into your system.
NOTE: On Linux your /etc/passwd file must contain all the users which will be able
to both login locally with a local password, as well as via LDAP. Only those
users in the /etc/passwd file will be able to access the Linux computer with
an LDAP account.
5. Reboot; continue with any other customizations
6. Convert your Red Hat Enterprise Linux system to do UPDATES (up2date) from the
JMU Satellite Server http://rhn.jmu.edu which is hosted on campus by Technical Services.
a. Download the appropriate "bootstrap-.sh" script from website
http://rhn.jmu.edu/pub/bootstrap/
If your computer is for personal JMU use, download the "bootstrap-default_registration.sh"
b. Make sure the script you download is set as executable "chmod 755 bootstrap*".
Now run the script like so: ./bootstrap-default_registration.sh
and it will setup your computer to be able to do up2date functions with the
JMU Satellite server. It will also run the first up2date for your system.
You can then do "up2date --update --force" commands thereafter from the JMU Satellite.
By using the correct bootstrap script as described, your Linux computer will
be registered with the correct departmental group in the JMU RHN Satellite Server.
7. If you need access to JMU's RHN Satellite server from outside of the JMU network, such
as from home, you will need to read this document on obtaining and installing the
VPN Client for Linux: http://jmulinuxproject.cs.jmu.edu/VPN_Installation.txt
The VPN Client for Linux will ask you do to a LDAP Authentication to verify that
you are a valid JMU student, faculty or staff.
LINUX INSTALL SCRIPT:
This will automatically setup the following based on the
content of the script below (which you need to edit for
your own custom system):
- Time Server
- LDAP authentication (or otherwise)
- Default users to be added to system
- Secure Shell daemon (sshd) setup
- Sendmail defaults
- sudo setup
- SNMP setup
- Network Card speed
- Default Printer
- up2date key creation
Note: you can also look to the ANACONDA installer information
at URL: http://rhlinux.redhat.com/anaconda/
and make sure the anaconda*.rpm package is installed.
#!/bin/bash
/bin/echo
/bin/echo "JMU Linux Configuration Script v1.2"
/bin/echo
########################################################
# Get user input
########################################################
/bin/echo Enter IP address of NTP server
read NTPSERVER
########################################################
# Enable LDAP authentication
########################################################
/usr/sbin/authconfig --kickstart --enableldapauth --ldapserver ldap.jmu.edu --ldapbasedn o=JMU
########################################################
# Add default users
########################################################
useradd -u 11111 -g users -G wheel -c 'Donald Duck' -m dduck
useradd -u 12222 -g users -G wheel -c 'Mickey Mouse' -m mmouse
useradd -u 13333 -g users -G wheel -c 'Porky Pig' -m ppigg
useradd -u 14444 -g users -c 'Daffy Duck' -m daduck
useradd -u 15555 -g users -c 'Bugs Bunny' -m bbunny
useradd -u 16666 -g users -G wheel -c 'Popeye' -m ppeye
########################################################
# Set sshd defaults
########################################################
cd /etc/ssh
cp sshd_config /root/sshd_config.org
/bin/sed -e '/#Protocol 2,1/a\
Protocol 2
' -e '/#PermitRootLogin yes/a\
PermitRootLogin no
' -e '/#Banner /a\
Banner /etc/ssh/banner
' sshd_config > sshd_config.1
/bin/mv --force sshd_config.1 sshd_config
HOSTNAME=$(/bin/hostname)
/bin/cat > banner < ntp.conf.1
/bin/mv -f ntp.conf.1 ntp.conf
/sbin/chkconfig --level 35 ntpd on
########################################################
# Set Sendmail defaults
########################################################
cd /etc/mail
/bin/cp sendmail.cf /root/sendmail.cf.org
/bin/sed -e "/^DS/s/DS/DSmailgw.jmu.edu/" sendmail.cf > sendmail.cf.1
/bin/mv -f sendmail.cf.1 sendmail.cf
cd /etc/
/bin/cp aliases /root/aliases.org
/bin/sed -e "/^postmaster/a\
root: linux-root-l@listserv.jmu.edu
" aliases > aliases.1
/bin/mv -f aliases.1 aliases
/usr/bin/newaliases
########################################################
# sudo
########################################################
cd /etc/
/bin/cp sudoers /root/sudoers.org
# there is a space and tab inside the brackets below
/bin/sed -e "/# %wheel[ ]\+ALL=(ALL)[ ]\+ALL/s/# //" sudoers > sudoers.1
/bin/cat sudoers.1 >sudoers
/bin/rm -f sudoers.1
/bin/cp profile /root/profile.org
#### begin pathmunge sed script
/bin/sed -e "/pathmunge \/usr\/X11R6\/bin after/{
i\
# Add sbin directories to wheel group's PATH
i\
WHEEL=\`id -Gn | grep wheel\`
i\
if [ -n \"\${WHEEL}\" ]
i\
then
i\
\ pathmunge /sbin
i\
\ pathmunge /usr/sbin
i\
\ pathmunge /usr/local/sbin
i\
fi
i\
# End customization
i\
}" profile > profile.1
####### end pathmunge sed script
/bin/mv -f profile.1 profile
########################################################
# SNMPD
########################################################
cd /etc/snmp/
/bin/cp snmpd.conf /root/snmpd.conf
echo rocommunity hostwatch 134.126.x.y > snmpd.conf
echo rwcommunity hosttouch 134.126.x.y >> snmpd.conf
echo rocommunity hostwatch 134.126.x.y >> snmpd.conf
echo trapsess 134.126.x.y >> snmpd.conf
/sbin/chkconfig --level 35 snmpd on
########################################################
# Network card speed
########################################################
/bin/cp /etc/modules.conf /root/modules.conf.org
TMP=$(grep e1000 /etc/modules.conf)
if [ $? -eq 0 ]
then
echo "options e1000 Speed=100,100 Duplex=2,2" >> /etc/modules.conf
else
TMP=$(grep e100 /etc/modules.conf)
if [ $? -eq 0 ]
then
echo "options e100 e100_speed_duplex=4,4" >> /etc/modules.conf
else
TMP=$(grep eepro100 /etc/modules.conf)
if [ $? -eq 0 ]
then
echo "options eepro100.o options=0x200"
else
echo "Unknown network card"
fi
fi
fi
########################################################
# Printer
########################################################
/usr/sbin/lpadmin -p frye220lj -D "LaserJet Printer in Frye 220" -L "Frye 220" -m laserjet -v lpd://uxprint.jmu.edu/frye_208_4050 -E
########################################################
# up2date registration - the username should be changed to the departmental account.
########################################################
/bin/rpm --import /usr/share/rhn/RPM-GPG-KEY
#/usr/sbin/rhnreg_ks --profilename `hostname` --username jmuregister --password xxxxxxx
/usr/sbin/rhnreg_ks --profilename `hostname` --username jmuregister
/usr/bin/up2date --update --force
|