Personal tools
You are here: Home Documentation The general OSR Howto Afterworks
Navigation
Log in


Forgot your password?
New user?
 
Document Actions

Afterworks

This document describes all afterworks to be done after having the sharedroot filesystem build but before the first boot.

Preface

This document describes all afterworks to be done after having the sharedroot filesystem build but before the first boot. All dependencies for the different distributions are described. Please choose these steps carefully.

Basically there are different thoughts to be taken into account.

First and most important the network interface(s) to be used for the root filesystem (including cluster communication) need to be excluded from any network configuration processes to be executed by the initprocess (see Network Tasks).

Most often there are also services that should not be running in a sharedroot environment. Those should be disabled if need be (see Services).

Also security services might be adapted or disabled to be running in a sharedroot environment (see Security).

General configuration tasks are described in the General section.

Network Tasks

The only and most important concern is/are the network interfaces to be used as requirement for the root filesystem. These should be adapted as required by the Linux distribution in use.

Red Hat based

Red Hat based Linux distributions are all Red Hat Enterprise Linux or Fedora based Linux distributions.

As there is no real description how to configure a network interface that is required for the root filesystem the best way is to remove the network configuration for the NIC in question and disable all services that might automatically bring up a default configuration for the NIC. This is to be done as follows.

  1. Remove NIC config (e.g. eth0)
rm /mnt/newroot/etc/sysconfig/network-scripts/ifcfg-eth0
  1. Disable the following services if they are available
  • kudzu (chroot /mnt/newroot chkconfig kudzu off)
  • Network manager (chroot /mnt/newroot chkconfig NetworkManager off)

ATTENTION: This might not be the optimum way to disable a NIC but still is the best working one. This might be changed in future when the initscripts and configuration files take this kind of usage into account.

SuSE based

As SuSE defines a configuration for NICs that are used for root filesystem they should be configured as follows.

Example for /mnt/newroot/etc/sysconfig/network/ifcfg-eth0

NM_CONTROLLED=no
DEVICE="eth0"
STARTMODE="nfsroot"
TYPE="Ethernet"

Services

There are no services yet that need to be disabled in general.

Security

Red Hat based

Red Hat based Linux distributions are all Red Hat Enterprise Linux or Fedora based Linux distributions.

Security relevant are two things.

  1. First and foremost for GFS1/2 and OCFS2 SELinux always needs to be disabled. For this configure /mnt/newroot/etc/sysconfig/selinux as follows:
[root@install-node3 comoonics]# cat /mnt/newroot/etc/sysconfig/selinux 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

2. Iptables should be disabled or configured as described in ports in use by redhat cluster or the services iptables and iptables6 are to be disabled.

chroot /mnt/newroot chkconfig iptables off
chroot /mnt/newroot chkconfig iptables6 off

General

/etc/fstab

  1. The root filesystem entry entry should be removed from the /mnt/newroot/etc/fstab. An empty fstab might be look as follows
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
sysfs                   /sys                    sysfs   defaults        0 0
  1. The /boot filesystem entry (if apropriate) should be set to not to be mounted automatically.

/etc/mtab

Create '/mnt/newroot/etc/mtab' as a link to '/proc/mounts'

cd /mnt/newroot/etc/
rm -f mtab
ln -s /proc/mounts mtab

Cron

Red Hat based

Red Hat based Linux distributions are all Red Hat Enterprise Linux or Fedora based Linux distributions.

  1. Because of cron running concurrently and processing unpredictable IOs by special cronjobs it is strongly recommended do disable (remove) the following cronjobs:
    1. makewhatis (rm /mnt/newroot/etc/cron.daily/makewhatis.cron)
    2. mlocate (rm /mnt/newroot/etc/cron.daily/mlocate.cron)
    3. prelink (rm /mnt/newroot/etc/cron.daily/prelink)
  2. Because of a deadlock and rpm database corruptions with berkeley db databases it is also important to disable (remove) the following cronjobs.
    1. rpm (rm /mnt/newroot/etc/cron.daily/rpm)

Initprocess

SuSE based

SuSE based Linux distributions are all SuSE Linux Enterprise or Open Suse based Linux distributions.

  1. Disable rootfsck and the like
rm /etc/init.d/boot.d/*boot.rootfsck

Fedora 11

For Fedora the patches for the initscripts are not automatically applied. That means if the clusternodes should shutdown in a normal way those patches need to be applied.

This works as follows

chroot /mnt/newroot /opt/atix/comoonics-bootimage/manage_chroot.sh -a patch_files
« September 2010 »
Su Mo Tu We Th Fr Sa
1234
567891011
12131415161718
19202122232425
2627282930
 
Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: