RedHatLab Class Setup Instructions

CLASSROOM SETUP USING RED HAT ENTERPRISE LINUX 6.0 SERVER version 6.0-6 (Last modified 20101204 by Forrest Taylor ) Introduction ============ Effective delivery of Red Hat courses depends heavily upon a successfully installed classroom. Preparation is the key to an error-free classroom install performed in a timely manner. These instructions outline the steps you need to take to prepare a classroom environment for the delivery of a Red Hat class. These steps should be followed in the order they are given. Do not skip any steps unless they are marked as "Optional." Finally, pay close attention to the sections marked as "WARNING." Ignoring these warnings could result in the loss of your personal data, possibly force you to start the installation process over, or, in the worst case, leave you in a situation where you are unable to install your classroom server. What You Need to Succeed ======================== In order to complete these instructions, you will need: Access to a Red Hat Network account Access to CertForums A CD/DVD burner Blank CD/DVD-ROM media A USB2 hard disk drive (or memory stick), minimum 6 GB A cache directory where you will store the DVD ISO, rhce-config and other items needed to build the USB device; miniumu 8 GB Your Red Hat Network account should provide you access to the Red Hat Enterprise Linux 6 Server installation media. You should also have an account on CertForums that allows you to download classroom setup materials (including these instructions). If you do not have access to both of these resources, please contact your regional Red Hat Global Learning Services office. Training partners or system administrators who want to set up a classroom for an on-site course will need to obtain these materials from their Global Learning Services contact at Red Hat. Secure Classroom Setup Materials ================================ 1. Get Installation Media ****************************** WARNING ****************************** * The classroom now uses the 64-bit x86_64 architecture. Do not * * use 32-bit installation media. * ********************************************************************* One place to obtain DVD installation media for the classroom is from the evaluation media kits Red Hat provides for students. If you

have access to a spare kit before class, grab the x86_64 installation DVD labeled "DVD 1/Installation Disc 1 of 1/For 64-bit x86_64". Another option is to download the installation media from Red Hat Network. Connect to Red Hat Network using a web browser and log in to your gls-USERNAME account: https://rhn.redhat.com/ Select: Channels Filter by Product Channel change "Latest Version" to "6" unless it is the latest change "All Architectures" to "x86_64" click "Filter" click the "x86_64" link that appears below the "Architecture" column in the Red Hat Enterprise Linux Server 6 row Click on the "Downloads" tab From this page, download the "Binary DVD" ISO image. Allow plenty of time for the ISO download. This operation can take several hours depending upon the speed of your Internet connection and the speed of Red Hat Network's servers. Verify the integrity of all ISO image by running md5sum and comparing its output with the MD5 checksum displayed on the RHN download page. If the MD5 checksum doesn't match, remove the corrupted ISO and re-download. Never burn a DVD/CD or otherwise use an ISO image without checking the MD5 checksum first! The hashes for rhel-server-6.0-x86_64-dvd.iso (3273 MB): MD5: f7141396c6a19399d63e8c195354317d SHA-256: a6fef01cb4d790975a11479018785bfe4e04b9bdeaea8be24c8a4055f98d127e 2. Download the following files: * RHCI CD image (rhci-rhel-6.0-0-r*.iso) * The rhce-config RPM (rhce-config-6.0.0-*.noarch.rpm) * Optional repository tarball (rhel-server-6.0-x86_64-optional.tar.gz) * Errata repository tarball (rhel-server-6.0-x86_64-errata.tar.gz) * The usb-creator-external.sh script * The MD5SUM.RHEL6.ALL checksum file Use a browser to view the CertForums "Downloads" area: https://certforums.redhat.com/download.php Select the forum link labeled "RHCE Track Released Software and Documentation." This is where Red Hat Global Learning Services publishes the most current classroom setup materials. Regularly check CertForums for updates to the rhce-config RPM (more frequent), and/or RHCI CD image and usb-creator-external.sh script (less frequent). Click the latest version of each of these files to download. 3. Download any course specific packages or files Use a browser to view the CertForums "Downloads" area: https://certforums.redhat.com/download.php

Select the forum link labeled for the course and language you will be teaching. You will find the slides and other material published by Red Hat Global Learning Services. Be aware that new course slide RPMs may include videos and be quite large, so be sure to download before Monday morning! Prepare Classroom Setup Materials ================================= It is always a good idea to have two copies of the installation media available when you setup a classroom. Typically you will use your USB device for class setup but some on-site customers do not allow USB devices into their workplace. You should burn at least one copy of the installation media to DVD as a backup. 1. Burn and Verify Instructor System Installation DVD Media Log in as root and use the following command to burn the ISO image to DVD: cdrecord -eject -v -data -nopad -dao [dev=DEVICE] FILENAME where FILENAME is the path name of the ISO you wish to burn and DEVICE is optionally the name of the DVD burner device file (/dev/cdwriter for example). The dev= argument is required only when you have more than one CD/DVD device installed in your computer. To verify your install media, boot from the DVD and enter: linux mediacheck at the syslinux "boot:" prompt. You will be prompted to insert the DVD you want to verify. ****************************** WARNING ****************************** * If you do not verify your installation media - one Monday * * morning you will find yourself with a partially installed * * instructor system, corrupt install media, and no burner with * * which to replace it. Checking your media does not take long * * so JUST DO IT! * ********************************************************************* Burn one or two RHCI CDs. Make sure the image you use is current because rhce-config RPMS are matched to work with a specific version of the RHCI CD. Burn a copy of the Optional and Errata repository tarballs to a DVD as backup. 2. Prepare USB Media for Instructor System Installation ****************************** NOTE ********************************* * Be very careful in configuring this USB Media and you will * * find that many of the classroom setup steps will be automated. * ********************************************************************* a) To install from a USB2 device, you must first populate the device

appropriately. Partition the media with fdisk, using the entire media in a single partition. ****************************** WARNING ****************************** * Certain directories of the partition will be copied onto the * * local instructor system hard drive partition * * /usr/local/share/gls/GLSINST * * so DO NOT STORE ANYTHING PERSONAL IN THOSE DIRECTORIES, and * * keep the total size of those directories UNDER 10 GB. * ********************************************************************* b) Place the following files from CertForums into a cache directory of your choosing: * RHCI CD image (rhci-rhel-6.0-0-r*.iso) * The rhce-config RPM (rhce-config-6.0.0-*.noarch.rpm) * Optional repository tarball (rhel-server-6.0-x86_64-optional.tar.gz) * Errata repository tarball (rhel-server-6.0-x86_64-errata.tar.gz) * The usb-creator-external.sh script * The MD5SUM.RHEL6.ALL checksum file Also, place the RHEL DVD x86_64 Installation DVD ISO file into the cache directory. This directory will be used to create the USB device. This directory will need to hold at least 8GB of data. c) Plug in the USB device and note the device name. Run the usb-creator-external.sh script. At a minimum, you must pass it the -c option to point to the cache directory used above, and the -p option to point to the device name. Other options will be printed by running the script with no arguments. ext4 has been shown to provide faster data transfers to USB device, so the script will ask to format the drive with a new ext4 filesystem. On subsequent runs you may skip formatting the drive and the script will use rsync to transfer data as necessary. The script will assign the USB device a label of GLSINST. ****************************** WARNING ****************************** * The current RHCI install media looks for and "protects" media * * with a label of GLSINST. But, as always, make sure you carry * * a backup of this data.... * ********************************************************************* Example script execution: sudo ./usb-creator-external.sh -c /data/rhel6.0 -p /dev/sdh1 ****************************** WARNING ****************************** * The usb-creator-external.sh script copies the entire contents * * of the rhel6 directory from the USB media to the * * /usr/local/share/gls/GLSINST/ partition and consequently the * * files in those directory trees cannot exceed 10 GB in total. * ********************************************************************* The script will copy the rhel-server-6.0-x86_64-dvd.iso, Optional and Errata repositories, rhce-config RPM and RHCI ISO from the cache directory to the USB device. It will only choose the latest version of the rhce-config RPM and RHCI ISO from the cache directory. ****************************** NOTE *********************************

* If there is a new version of any of the material in the cache * * directory (e.g., rhce-config*.rpm, RHCI ISO), simply copy the * * updated material to the cache directory and run the * * usb-creator-external.sh script again. On subsequent run of * * the usb-creator-external.sh script, it is not necessary to * * format the USB device again. If you skip the format step, it * * will use rsync to copy the new files to the correct locations. * ********************************************************************* Install Instructor System ========================= 1. Kickstart Instructor System The Red Hat Enterprise Linux 6 classroom requires KVM virtualization. That means that ALL of the machines (instructor and student workstations) must have virtualization enabled in the BIOS. Ensure that the instructor machine has virtualization enabled in the BIOS before beginning the installation. It has been reported that some systems require a hard power off followed by a power on after enabling virtualization in the BIOS. There have also been reports of disabling Trusted Platform (TP) in the BIOS virtualization section to allow KVM to work correctly. Before you reinstall a previously used instructor system, make sure it was built with a current version of the RHCI CD. If not, then rebuild the instructor system from scratch. ls /usr/local/share/gls/GLSINST/rhel6/rhci/rhci-rhel-*.iso To rebuild a previously installed instructor system, gracefully reboot and select "Reload Instructor for Class" from the GRUB menu. You will be prompted for a password. Enter "redhat" and the installation will begin. You may also be prompted for the timezone information, so wait until you have selected your time zone before you leave the installation to do other things (like put out the student workbooks). ****************************** WARNING ****************************** * Disconnect all external media during a reinstall or they will * * be erased. You have been warned! * ********************************************************************* ****************************** WARNING ****************************** * When you install from an external USB device, it must contain * * a single partition spanning all of the space on the drive. * * Currently the instructor system rebuild deletes all partitions * * other than the partition containing the install source and * * reuses the space. This may create a build that requires the * * USB media to remain in the instructor system for it to be * * usable. * ********************************************************************* If you need to build the instructor system from scratch, boot from the RHCI CD. You will be presented with a screen similar to: THIS DISC IS FOR USE BY AUTHORIZED RED HAT INSTRUCTORS ONLY. Version: rhci-6.0-0-r4400

Make sure your USB device is inserted and choose your installation type: freshclass - Install a new Instructor server from scratch. (ks on USB) freshccd - Install a new Instructor server from scratch. (ks on CD) workstation - Install a new student workstation (pass the class as an argument, e.g. workstation sa1) small - Install minimal system for classroom metadestroy - Wipe the beginning/end of ALL partitions (CAUTION!) Use metadestroy thorough to follow with full disk(s) wipe. Type in "freshclass" as indicated on the menu. If your USB device was properly configured, it should automatically find the install source and begin the installation. The installation should only ask for your language and timezone. If the installer asks for the install media, that means that something has gone wrong. Check that the USB device has been properly configured. The install media should be found in ${USB_DEVICE}/rhel6/isos/. Anaconda will prompt for time zone information so wait until you have selected your time zone before you leave the installation to do other things (like put out the student workbooks). Once your installation is complete, reboot the system. If you have grub issues, please see the GRUB ISSUES section in the appendix below. A non-privileged user, instructor, has been created for your use. instructor and root use a password of "redhat". 2. Verify (or Copy) the Structure in /usr/local/share/gls/GLSINST/ ****************************** NOTE ********************************* * The this step should be taken care of by the freshclass * * automation, but verify. * ********************************************************************* /usr/local/share/gls/GLSINST/ should contain the rhel6/ directory just like the USB device does. Validate the structure by running /root/bin/gls-verify-files. This script verifies the following files/directories: # Installation source /usr/local/share/gls/GLSINST/rhel6/isos/rhel-server-6.0-x86_64-dvd.iso # Errata repo /usr/local/share/gls/GLSINST/rhel6/pub/Errata/Packages/ # Optional repo /usr/local/share/gls/GLSINST/rhel6/pub/Optional/Packages/ # RHCI ISO /usr/local/share/gls/GLSINST/rhel6/rhci/rhci-rhel-6*.iso # rhce-config /usr/local/share/gls/GLSINST/rhel6/rhci/Packages/ The rhel-server-6.0-x86_64-dvd.iso is mounted on /var/ftp/pub/rhel6/dvd using /usr/local/share/gls/GLSINST/rhel6/bin/linktree The rhce-config RPM is installed.

The rhce-pubkey RPM is located in /var/ftp/pub/gls/Packages/ 3. Prepare for the course Run /root/bin/gls-setcourse to select the proper course. This must be done before student desktops are installed. Install the class-specific materials available from CertForums. 4. Install virtual machines on instructor Run /root/bin/install-demo and /root/bin/install-remote. You need not wait for them to finish installing before moving on. install-demo installs the demonstration machine for the instructor. The DNS name of this machine is demo.example.com, and the virtual domain name is demo. You can view the installation progress by running: virt-viewer demo When demo has finished installing, snapshot the LV as explained in the Finish Instructor Configuration section below. install-remote installs a remote virtual machine that has 192.168.1.X IP aliases for students to use to check their security. The DNS name of this machine is remote250.remote.test, and the virtual domain name is remote (although it is named install_remote during the installation). The install-remote script polls the remote virtual machine and will automatically reboot it when complete. To follow the installation run: virt-viewer install_remote ****************************** NOTE ********************************* * You will see some libvirt errors as the script polls for the * * completion of the installation. It is safe to ignore these * * errors as long as the installation is progressing. * ********************************************************************* Install Student Machines ======================== 1. Kickstart Student Machines The Red Hat Enterprise Linux 6 classroom uses KVM virtualization. That means that ALL of the machines (instructor and student workstations) must have virtualization enabled in the BIOS. Ensure that each of the student machines has virtualization enabled in the BIOS before beginning the installation. It has been reported that some systems require a hard power off followed by a power on after enabling virtualization in the BIOS. Consult the course documentation to determine how participant's desktops should be configured for the start of class. Some courses have special configuration needs. The default dhcpd.conf file on the instructor system assigns IPs in a range from 1 to 20. While, technically, it is no longer mandatory to organize the desktops in the classroom in numeric order, it has been known to improve an instructor's sanity to be able to know which student desktop is which number. The dhcpd server now assigns IPs starting at the beginning, so boot at the desktop that you want to be assigned the

first IP address and work from there. *** PXE Method (Supported) *** All systems must be able to PXE boot in the classroom environment, so this is now the default method. The PXE configuration boots to the local disk by default, so the BIOS should be set to boot from the network first. To install the student desktop, boot the system using PXE (Intel's Pre-boot eXecution Environment) and choose "Install GLS workstation" (shortcut: w ) ****************************** NOTE ********************************* * The default directory for the TFTP server is now located in * * /var/lib/tftpboot. * ********************************************************************* *** RHCI CD Method (Supported) *** Alternately, you may install a student system by booting from an RHCI CD and typing: workstation *** Re-install Existing Desktop Method (Not Recently Tested) *** Yet another approach is available. If the systems already have Red Hat Enterprise Linux installed using GRUB as the boot loader, you can also follow the steps below to start your desktop installations. You do not need to perform these steps if you are using an RHCI CD. At each desktop, execute the following (assuming that wget is installed on the system): wget instructor/buildscript sh buildscript Reboot the desktop. You should have an install option in the GRUB menu. Note you will have to type the password "redhat" to select this menu item. *** Manual Overrides (Not Supported) *** Most of the above methods can be extended by passing one additional argument to the kickstart file. This is here more for QA and testing purposes. For example, if booting from the RHCI CD, you would type in: workstation [CLASS] where [CLASS] is the name of the course, e.g., sa2, rhce-rt, etc. The passed course name will be used instead of the one found on the instructor system in /kickstart/course. 2. Change IP Addresses (Optional) ****************************** WARNING ****************************** * Any problems or changes to desktop IP addresses can have * * a cascading effect since the automated installation of virtual * * machines is based on the "current" IP address of the desktop. *

* If you change the IP address post install, you will probably * * need to correct the IP address of any virtual machines on * * this system. In fact, it may be safer to simply reinstall. * ********************************************************************* If you need to change an IP address, execute the two commands below. leaser is a script that takes an IP as an argument. If no argument is given, it exits. If given an argument, it will test whether that IP has already been assigned by pinging it. If the IP is available, it will request an immediate lease renewal using the desired IP. wget instructor/leaser sh leaser 192.168.0.X Do not run leaser from within X, as X and gdm will be restarted after the networking is initialized with the new IP. 3. Configure DHCP to Statically Assign IP Addresses Once all the candidate systems have their desired IP addresses, create a new /etc/dhcp/dhcpd-desktop.conf that will bind these IP addresses to the MAC addresses. Execute redhcp > /etc/dhcp/dhcpd-desktop.conf redhcp uses arping to collect arp information, then uses arp -a to report host names and MAC addresses. Because it uses information in the arp table, make sure all of the student machines are completely booted to make certain that all desktops are in the table. You should remove the range of IPs that you statically assign. Edit /etc/dhcp/dhcpd.conf and remove or comment the entire pool stanza that is listed below: pool { deny members of "virtual"; deny members of "microsoft-clients"; deny members of "PXE"; range 192.168.0.1 192.168.0.20; } Restart DHCP to use the new configuration include file: service dhcpd restart 4. Install Virtual Machines Several of the classes will install virtualization support coupled with one or more virtual machines. The virtual machines themselves are installed by /etc/rc.local. The scripts will read the IP address of the desktop to statically set their own IP address. ****************************** WARNING ****************************** * Any problems or changes to desktop IP addresses can have * * a cascading effect since the automated installation of virtual * * machines is based on the "current" IP address of the desktop. * * If you change the IP address post install, you will probably * * need to correct the IP address of any virtual machines on * * this system. *

********************************************************************* When the virtual machines are finished installing, they will stop. The students will need to take a snapshot of the logical volume storage used for the virtual machines by running /usr/local/sbin/lab-resetvm. Students **MUST** run lab-resetvm before beginning any labs. When /usr/local/sbin/lab-resetvm is run, it will start vserver using the new snapshot LV. This script can be run at any time to reset the vserver virtual machine to start from a known-good state. You must not let the students nor yourself reboot the machine during the build process of the virtual machine(s). If you need to rebuild the virtual machines by hand, use the following three steps: virsh destroy vserver virsh undefine vserver /usr/local/sbin/install-vserver The script presumes that the underlying logical volume /dev/vol0/vserver already exists. If you already have a snapshot of vserver and you want to install it from scratch, use the following steps: virsh destroy vserver virsh undefine vserver lvremove /dev/vol0/vserver-snap /usr/local/sbin/install-vserver After it is finished installing (virsh list no longer shows vserver): lab-resetvm 5. Have Students Log In Instruct students to login as user student with a password of student. Finish Instructor Configuration =============================== 1. Configure demo.example.com Once demo.example.com has completed the installation, run /root/bin/gls-reset-demo. This script will create a snapshot of the LV used during the original installation and change the virtual machine configuration to use this snapshot. It will also boot the demo virtual machine. Any time you want to reset demo to a pristine state, run the /root/bin/gls-reset-demo script. 2. Secure Instructor Systems Change the root password from "redhat" to something else you will remember and use during class and not share with the students. Not only do you need to change the root password on the instructor machine, but on the virtual machines as well: demo.example.com and remote250.remote.test. The students should not have root access to any of these machines. ***************************** WARNING ***************************** * You will need to reset the root password for demo.example.com *

* again if you reset the virtual machine using * * /root/bin/gls-reset-demo. * ********************************************************************* Set a GRUB password on instructor by executing grub-md5-crypt, then copying the returned string into /boot/grub/grub.conf as follows: password --md5 3. Prepare for Classroom Presentations Get X configured on the instructor system and test the classroom projection system. Run gnome-display-properties to configure the resolution. There is an instructor account created on the instructor machine for the purpose of giving your presentation. Do not present as root. When you need to demonstrate something as root, log in through a virtual console or su in an xterm for this purpose. The screensaver will not work for root and you do not want to leave an open root session running when you step outside the class. ****************************** NOTE ********************************* * The instructor user has been added to the wheel group and the * * wheel group has NOPASSWD: ALL access in /etc/sudoers. * ********************************************************************* 4. Configure Instructor System's External Network (Optional) Determine whether the classroom is on an isolated network, or else has a single access point to external networks that can be plugged into a second NIC of the classroom server, or detached. If you have a second NIC in the instructor system you may want to have instructor.example.com act as a gateway for the classroom. First make sure that /etc/sysconfig/dhcpd correctly specifies br0 as the only interface to which it should provide DHCP services. cat /etc/sysconfig/dhcpd DHCPDARGS=br0 ****************************** NOTE ********************************* * br0 is the bridge that has been configured for the virtual * * machine bridge. It is similar to the old xenbr0 bridge that * * was the default on RHEL5 with Xen. * ********************************************************************* The eth1 interface has been configured to use DHCP. If you want to use a static IP address, use system-config-network or edit the appropriate file by hand to configure networking. You may also need to add whatever DNS name server the facility uses as a forwarder in /var/named/chroot/etc/named.conf. If you add a forwarder, restart named and check DNS service. If the forwarder does not validate using DNSSEC, you may see errors like the following in /var/log/messages: instructor named[22810]: error (network unreachable) resolving 'google.com.dlv.isc.org/DLV/IN': 2001:4f7:0:1::20#53 If that is the case, edit /var/named/chroot/etc/named.conf again and change:

dnssec-validation yes; to dnssec-validation no; and restart named. In order to provide Internet access to the entire class, execute the following: /root/bin/iptables-nat-masquerade which will create a masquerade rule and save it. You should be ready for class! APPENDIX -CHANGING vserver DISK PERSISTENTLY There are times when it may be useful to change the underlying disk of vserver. The lab-resetvm and setup scripts take a snapshot of the original LV used by vserver. These steps presume you are running on desktopX and editing serverX, but the commands would be similar for any virtual machine. To make a persistent change, follow these steps: 1. virsh destroy vserver 2. kpartx -av /dev/vol0/vserver 3. vgscan 4. vgchange -ay vgsrv 5. mount /dev/vgsrv/root /mnt 6. Make changes in /mnt as necessary. 7. umount /mnt 8. vgchange -an vgsrv 9. kpartx -dv /dev/vol0/vserver 10. lab-resetvm

REINSTALLING rhce-config The scripts on rhce-config have not been testing with an upgrade/removal. If you need to upgrade to a new RPM package there are two ways to do this: 1. Remove the old version and install the new version. rpm -e rhce-config rpm -ivh rhce-config*.rpm This method leaves a few things that you will need to fix: a. /etc/sysconfig/dhcpd The line should read: DHCPDARGS=br0 b. /kicckstart/course Run /root/bin/gls-setcourse to set the course again. 2. Upgrade the new package using --noscripts rpm -Fvh --noscripts rhce-config*.rpm

None of the scripts will run, so this may mean you will have to run some scripts yourself. Some of these scripts can be found in /root/bin/. SLOW MACHINE (Thanks, Wander Boessenkool) ---------------If your students workstations (or instructor machine for that matter) become unbearably laggy at some points it might be ksm. An easy fix for this is to run the following commands on instructor and desktopX: chkconfig ksmtuned off service ksmtuned stop chkconfig ksm off service ksm stop GRUB ISSUES ----------There is a new feature of RHEL that uses USBs devices before hard drives: https://bugzilla.redhat.com/show_bug.cgi?id=497019 This means that using a USB device to install is usually seen as /dev/sda, and grub will be written to this device. The kickstart file attempts to find the real hard drive and installs grub to it. If this does not succeed, leave your USB device in instructor.example.com to boot it. Once it has booted, use `grub-install /dev/sda` (or grub setup) to install grub to the MBR. You may also need to remove entries pointing to the USB device found in /etc/fstab.