Rapid Install

Automating builds can have a huge effect in time savings when building new Linux servers and workstations. However, time is not the only advantage; automated builds can also ensure you meet PCI data security standards (DSS), internal audits, patching requirements, and other security controls and measures that make up the reality of today's system administrator's responsibilities.

Automating builds using Kickstart [1] comprises two key parts: booting the system off the network and installing the system. The booting portion typically involves DHCP relaying and PXE boot network support, which is beyond the scope of this article, so I will focus on the automated system installation.

Installing CentOS 7

The first step in building out a Kickstart infrastructure is to install the CentOS 7 operating system on the Kickstart server. The X Window system is not needed, so the hardware doesn't need to be high end; however, a faster system with a good network connection will make standard builds quicker. Here are the steps involved in installing CentOS 7:

1. Download the ISO [2].

2. Burn the ISO to DVD.

3. Configure the server to boot from DVD.

4. Start the install. Once the server boots, you'll see the Install CentOS 7 prompt (Figure 1).

Figure 1: CentOS boot prompt.

5. Complete the several steps of the install process. A minimal install should be the default.

Once you've completed the steps, the installation should show up as a Minimal Install under Software Selection on the Installation Summary page, as shown in Figure 2.

Figure 2: Installation summary.

Network Configuration

Once the server is booted, the system must be configured with an IP address. To identify the appropriate Ethernet interface, enter the command

ip addr show

which lists the interfaces recognized by the system. In my case, the Ethernet interface was identified as enp0s3. Next, you can edit the network configuration file for the interface with:

nmtui

This will bring up the NetworkManager TUI screen as shown in Figure 3.

Figure 3: Editing a connection from the NetworkManager TUI dialog.

Select Edit a connection for the appropriate interface. Then enter the IP network information specific to your network. My network configuration is shown in Figure 4. Be sure to activate Automatically connect in the lower half of the screen as you scroll down. This tells the system to bring up the interface at boot time. Next, set the system hostname by editing the /etc/hostname file. In this case, I used the hostname kickstart . Reboot the system and ensure you have network access by opening an SSH session to the system.

Figure 4: Network configuration.

Installing Apache

Once the system is up and running, you can install the Apache web server, which will be used to install the files. As root, execute yum install httpd (Listing 1).

[root@kickstart ~]# yum install http
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: yum.tamu.edu
 * extras: mirror.raystedman.net
 * updates: mirror.thelinuxfix.com
No package http available.
Error: Nothing to do
[root@kickstart ~]# yum install httpd
Loaded plugins: fastestmirror
~...
  Verifying  : apr-util-1.5.2-6.el7.x86_64           3/5
  Verifying  : apr-1.4.8-3.el7.x86_64                4/5
  Verifying  : httpd-2.4.6-18.el7.CentOS.x86_64      5/5
Installed:
  httpd.x86_64 0:2.4.6-18.el7.CentOS
Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7                     apr-util.x86_64 0:1.5.2-6.el7
  httpd-tools.x86_64 0:2.4.6-18.el7.CentOS     mailcap.noarch 0:2.1.41-2.el7
Complete!

Now, Apache can be started with:

[root@kickstart ~]# systemctl start httpd.service

and provisioned to start at system boot (Listing 2).

[root@kickstart ~]# systemctl enable httpd.service
ln -s '/usr/lib/systemd/system/httpd.service' \
      '/etc/systemd/system/multi-user.target.wants/httpd.service'

The Firewall daemon also needs to be provisioned to allow Apache to receive network connections. You can do this by adding the firewall rule to be active at startup:

firewall-cmd --permanent --add-service http

Then, enter

firewall-cmd --add-service http

to allow the traffic through immediately for Apache.