NFS booting problem
John Summerfield
debian at herakles.homelinux.org
Tue Oct 16 01:02:47 UTC 2007
Joe_Wulf wrote:
> John, thank you. Jason Edgecombe also mentioned to just simply copy the NFS tree
> to a
> web-viewable directory on a web server. I've stayed away from the
> http/squid/apache
> method/version of installations as I don't know anything about apache or squid,
> securing
> them, etc... nor did I feel I had the time to spare to learn how to set THAT up
> just to
> get all my other stuff working. My task/project is to develop a straightforward
> method
The allow/deny lines secure apache. If it's only listening on your LAN,
it's secured from outside (assuming your firewall's okay). Mine's on
192.168.9.4 and there's no way you can get to it.
Squid doesn't need much, mainly make sure you cache big files. Its
config file is well commented, about as good as I've seen.
You may need to loosen Squid' security a little:-) That said, it too is
on 192.168.9.4 and you can't reach that either.
> to install a baseline (stable standard) version of RHEL AS4 and RHEL5 that is
> usable
> across the enterprise (potentially thousands of machines) that is the same, and
> has been
> well secured/hardened. I'm pretty close to the final stages of that effort. The
> kickstart method has generally been working at a lab site, but not so well at the
> near-
> production site.
if you're going to be looking after that much kit you need to get your
geek skills up really soon. Configuring Apache and Squid (and your MTA)
are all part of what you need.
btw Kickstart off DVD would be pretty cool too. "Here's your new
machine. Boot this DVD."
Your %pre would need to ensure they didn't do it twice (or after /home
is populated or something).
>
> Yes, the "noipv6" in the pxeconfig worked. Thank you.
>
> I've pretty closely watched (tail -f) the /var/log/messages and only see the DHCP
> and tftp
> related messages. No errors reported.
>
> This is the first time I've found NFS temperamental. But not sure how to further
> test
> this or 'fix' it, much less how to troubleshoot it.
>
> VMware Workstation v6.0+ is what is being used today. Haven't had the spare time
> to
> set up and try any of the others.
>
>
>
>
> R,
> -Joe Wulf, CISSP, USN(RET)
> Senior IA Engineer
> ProSync Technology Group, LLC
> www.prosync.com
>
>
>
> -----Original Message-----
> From: kickstart-list-bounces at redhat.com
> [mailto:kickstart-list-bounces at redhat.com] On Behalf Of John Summerfield
> Sent: Monday, October 15, 2007 05:28
> To: Discussion list about Kickstart
> Subject: Re: NFS booting problem
>
> Joe_Wulf wrote:
>> John,
>>
>> Thank you for writing.
>>
>> At this point NFS is all I know. I have 'gotten' the concept of
>> kickstarting only recently, much less learned and applied it and
>> gotten it to work. A friend/co-worker helped me to get the NFS
>> working. I've set it up, the same way for two different locations.
>> One of the kickstart servers is FC5 the other is Fedora 7. I've pretty
> carefully checked my configuration stuff.
>> Made sure DHCP, pxeconfig, tftp and NFS were set up. I've done
>> matched up comparisons between the config files for both locations.
>> At the FC5 site I can fully build repeatedly the same end systems
>> (RHEL AS4u5 32/64 bit) and (RHEL5 32/64 bit) while only changing the
>> nuts and bolts in the %post sections. I'm applying the same logic and
>> applying the same kinds of things at the Fedora 7 site (even with the
>> same IP networks/address space) and find that the at the Fedora 7
>> site, something is 'wrong'. About 1 time in 25 (or more) the system
>> will build without anything changing; the rest of the time it is not
>> NFS mounting for the KS.cfg parts. So, its failing at the same place.
>
> What's in /var/log/messages?
>
>
>
> To use http, you need a web server. I use virtual hosts, but that's not
> essential.
>
> With a decent Internet connexion, one can also install via http directly off the
> 'net. It runs well with a caching proxy, and bot Squid and Apache can fill that
> role superbly.
>
> An advantage of this technique is that one only downloads those files actually
> needed: there's no need for several Gbytes of data.
>
> Once it's cached, installs go at local LAN speeds.
>
> If using Squid, then I suggest a transparent proxy - it simplifies installs (one
> does not need to configure the proxy) and applies to ordinary folk using Firefox,
> Seamonkey etc as well.
>
> I use this virtual host definition:
> [root at ns ~]# cat /etc/httpd/conf/vhosts.d/RHEL.conf
> <VirtualHost *:80>
> ServerAdmin webmaster at computerdatasafe.com.au
> DocumentRoot /var/local/mirrors/linux/RHEL
> ServerName RHEL.demo.lan
> ServerAlias RHEL.demo.room
> ServerAlias RHEL
> Alias /RHEL/ "/var/local/mirrors/linux/RHEL/"
> Alias /Fedora/ "/var/local/mirrors/linux/Fedora/"
> Alias /Specifix/
> "/var/local/mirrors/linux/Specifix/os/"
> Alias /ScientificLinux/
> "/var/local/mirrors/linux/ScientificLinux/"
> Alias /CentOS/ "/var/local/mirrors/linux/CentOS/"
> ScriptAlias /ks/ "/var/local/mirrors/linux/ks/"
> ErrorLog /var/log/httpd/RHEL-error_log
> CustomLog /var/log/httpd/RHEL-access_log combined <Directory
> "/var/local/mirrors/linux/RHEL/">
> AllowOverride None
> Options +FollowSymLinks +Indexes
> Order allow,deny
> Allow from 192.168
> </Directory>
>
> <directory "/var/local/mirrors/linux/Fedora">
> AllowOverride None
> Options FollowSymLinks Indexes
> Order allow,deny
> Allow from 192.168
> </Directory>
>
> <directory "/var/local/mirrors/linux/Specifix/os">
> AllowOverride None
> Options FollowSymLinks Indexes
> Order allow,deny
> Allow from 192.168
> </Directory>
> <Directory "/var/local/mirrors/linux/CentOS/">
> AllowOverride None
> Options FollowSymLinks Indexes
> Order allow,deny
> Allow from 192.168
> </Directory>
>
>
> </VirtualHost>
> [root at ns ~]#
>
> If you don't want the virtual host stuff, just remove the virtualhost things fore
> and aft.
>
> I have another vhost which I used to install FC2 through a modem with
> time-limited sessions; I'll post it on provocation:-)
>
>
>
>
>
>
>> On the VC3 screen there is syslog-like output, of the following (retyped):
>> 20:08:21 INFO : doing kickstart... setting it up
>> 20:08:22 INFO : DHCPv4 interface configuration succeeded.
>> 20:08:23 WARNING : reverse name lookup failed
>> 20:08:24 INFO : url is 192.168.10.2:/ks/ks-f/RHEL5u0x32ks.cfg
>> 20:08:25 INFO : file location: nfs://192.168.10.2:/ks/ks-f/RHEL5u0x32ks.cfg
>> 20:08:26 ERROR : failed to mount nfs source
>
> Like you, I found nfs a little temperamental. In contrast, httpp works
> every time, and also it writes a nice log so one can see what files are
> used.
>
>
>> I've put the 'seconds' in increments to uniquely talk about each line, as
>> needed. Before ":21" I'm frustrated with the IPv6 that it wastes time trying
>> to mount, but hopefully someone will give me a way to prevent that.
>
> I think it's "noipv6"
>
>> At ":23" I do not understand that reverse name lookup failure. DNS has been
>> setup, established, configured and not changed. For these boots, it seems
>> that the errors only occasionally go away without any change to DNS or a
>> restart of the named daemon. And when I don't get this error, the systems
>> NFS mount and build fully.
> It's trying to convert your install target's IP address to a host name.
> It plans to use this as the name of the system.
>
>> At the Fedora 7 site, the Fedora 7 system is a Pentium 4 with 512 MB of RAM
>> 726 GB of disk storage with a 100 bit ethernet card. The network connections
>> are through a Linksys RT41-BU router. The kickstart'ees are virtual machines
>> on a MAC Pro with dual quad-core CPUs, 4GB RAM and 520 GB of internal storage.
>> The MAC Pro has XP64bit installed and is current with all the Micro$loth
>> updates, no firewall, no anti-virus and no anti-spam enabled. Manually built
>> systems of the above mentioned guests flawlessly install time after time, I
>> can get them repeatedly successfully mount filesystems via NFS (and
>> successfully export them too)
>
> Xen?
> Virtual PC?
> VMWare?
> Whichever you're using, have you tried one of the others?
>
>
>
> I'm not sure of the current situation, but it used to be the case that
> Anaconda's nfs tools weren't as good as the installed ones. Also, I
> think it's using pump for its dhcp client.
>
>> There is also a Dell XPS 1710 laptop within the same network, also every
> attempt
>> to build 32 bit systems succeed. I even changed the 'mac' address of a problem
>> one not building to identify the one from the MAC Pro over to the Dell XPS, and
>> it built every time.
>>
>> R,
>> -Joe Wulf, CISSP, USN(RET)
>> Senior IA Engineer
>> ProSync Technology Group, LLC
>> www.prosync.com
>>
>> -----Original Message-----
>> From: kickstart-list-bounces at redhat.com
>> [mailto:kickstart-list-bounces at redhat.com] On Behalf Of John Summerfield
>> Sent: Sunday, October 14, 2007 20:41
>> To: Discussion list about Kickstart
>> Subject: Re: NFS booting problem
>>
>> Joe_Wulf wrote:
>>> I've got an on again, off again problem where I can initiate a
>>> kickstart for
>>> RHEL5 (32 or 64 bit), as well as
>>> for RHEL AS4 (32 or 64 bit) and many times the NFS mount for the KS
>>> config cannot be found. Then, after numerous reboots to troubleshoot
>>> the problem, poof, the NFS mount is found and some systems get built.
>>> Nothing changed. Even reboots of the kickstart server, the Linksys
>>> router and the Mac Pro (with WinXP and VMware 6 installed) don't
>>> change that many restarts have to happen before it will somehow,
>>> magically start building.
>>>
>>> A most confusing problem and one that I need insight, advice and
>>> questions from you all on what to check so I can solve it. All help
>>> is appreciated!
>> It's some years since I did an NFS install. http, in my experience, works well.
>> Do you have some reason (other than setup) not to do it too?
>>
>
>
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
Please do not reply off-list
More information about the Kickstart-list
mailing list