Ben's notes

Hardware used:

• HP Proliant DL 320e gen8
• 8GB Memory
• P222 RAID controller
• RAID 10 with 4x1TB 7200RPM SATA HDD's
• CPU E3-1240 V2 @ 3.40GHz

!Note: If you are not using an HP authenticated HDD, the drive will be seen as degraded.

• The drive LEDs will be off
• iLO show's storage status as degraded
• Health LED will be flashing amber

• Enter BIOS, F9
• After install! System Options → USB Options → USB Boot Support → Disabled
• PCI Device enable/disable → Disable B120i RAID controller
• PCI Device enable/disable → Disable Accelerator Manager
• Advanced options → Advanced System ROM options → Power-On Logo → Disabled
• Advanced options → Thermal Configuration → Increased cooling

• Enter ACU, F5
• Create 4 disk array
• Create RAID 1+0 logical drive

• Enter iLO license
• Create additional user(s)
• Server name
• Server FQDN
• Enable Login Security Banner
• Enable / configure iLO AlertMail
• Configure SSH Port
• Disable SNMP
• Disable IPMI over LAN
• Upload SSH Authorized key

• iLO Subsystem Name
• Domain name
• IP-Address / netmask / gateway / dns
• Ping Gateway on Startup
• SNTP

• Restore Last Power State
• Delay: Minimum Delay
• HP Dynamic Power Savings Mode

• Set iLO One-Time Boot Option to USB and reboot / start.

• Install minimal OS.
• Type of installation: Use all space, review and modify partitioning layout.
• Configure filesystems, make sure /var is larger than memory, if you want to suspend all guests at reboot.
  • / = 64G
  • /home = 1G
  • /tmp = 4G
  • /var = 16G
  • swap = 1G
• Configure network later

Update OS:

yum update

• Disable zeroconf in /etc/sysconfig/network

NOZEROCONF=yes

• Configure /etc/sysconfig/network-scripts/ifcfg-eth0
• Configure /etc/resolv.conf

• Create user

• Only allow admin users (AllowUsers)
• Disable the use of passwords (keys only)
  • ChallengeResponseAuthentication no
  • PasswordAuthentication no
  • UsePAM no
  • PubkeyAuthentication yes
• Disable root login (PermitRootLogin)
• Enable authorized keys (AuthorizedKeysFile)
• Change Port to another priv-port.
  • Update iptables!
  • Modify selinux: semanage port -a -t ssh_port_t -p tcp <ssh-port-number>
  • restart sshd

Configure iptables (use the ipv4 and v6 script).

Install various utilities for selinux, iostat, lspci, mail, etc…

yum install pciutils policycoreutils-python mailx sysstat openssh-clients traceroute telnet man bind-utils

Add /etc/yum.repos.d/HPSPP.repo

[HP-SPP]
name=HP Software Delivery Repository for SPP
Baseurl=http://downloads.linux.hp.com/SDR/downloads/SPP/RHEL/$releasever/$basearch/current
enabled=1
gpgcheck=1
gpgkey=http://downloads.linux.hp.com/SDR/downloads/SPP/GPG-KEY-SPP

Install hponcfg, hpacucli, hpssacli, etc:

yum update
yum -y install hponcfg hpacucli hpssacli hp-health

Download CP018365.scexe (v 1.30)

sh /tmp/CP018365.scexe

yum -y install ntp
chkconfig ntpd on

Edit /etc/ntp.conf

server ntp1.polaire.nl
server ntp2.polaire.nl
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org

Restart ntpd:

service ntpd restart

• Modify /etc/aliases → root: <mail address>

newaliases

• /etc/postfix/main.cf
  • mydomain = <domain name>
  • masquerade_domains = $mydomain
• Reload postfix

yum groupinstall "Virtualization" "Virtualization Client" "Virtualization Platform" "Virtualization Tools" 
yum install bridge-utils

#!/bin/bash

VMNAME="web"
VMMEM="1024"
VMCPU="4"
DISK="/dev/vg_colo/lv_vm_web"
#lvcreate -L64G -n lv_vm_web vg_colo

virt-install --connect qemu:///system \
--name $VMNAME \
--ram $VMMEM \
--vcpus $VMCPU \
--disk path=$DISK \
--network=bridge:virbr0 \
--os-type=linux \
--os-variant=rhel6 \
--nographics \
--location=http://mirror.1000mbps.com/centos/6.4/os/x86_64 \
--initrd-inject=/root/vmks.cfg \
--extra-args="ks=file:/vmks.cfg console=tty0 console=ttyS0,115200" \
--autostart

Kickstart file:

install
url --url=http://mirror.1000mbps.com/centos/6.4/os/x86_64
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp --ipv6 auto
rootpw  --iscrypted PUTYOURHASHHERE
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc Europe/Amsterdam
bootloader --location=mbr --driveorder=vda --append="crashkernel=auto console=ttyS0,115200"
zerombr
clearpart --all
autopart

repo --name="CentOS"  --baseurl=http://mirror.1000mbps.com/centos/6.4/os/x86_64 --cost=100

reboot

%packages --nobase
@core
acpid
ntp
bind-utils
openssh-clients
%end

%post
# Update packages
/usr/bin/yum update -y --skip-broken

# Configure services to start at boot
chkconfig acpid on
chkconfig ntpd on

# Set time
ntpdate ntp1.polaire.nl

# Configure ntp.conf
cat > /etc/ntp.conf <<EOF_ntpconfig
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
server ntp1.polaire.nl
server ntp2.polaire.nl
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org
EOF_ntpconfig

# Start ntpd
service ntpd start

# No ZeroConf
echo "NOZEROCONF=yes" >> /etc/sysconfig/network


exit 0
%end

./create-vm.sh

Configure static IP

virsh net-destroy default
virsh net-edit default
virsh net-start default

Example:

<network>
  <name>default</name>
  <uuid>a278ff00-d3cf-45d3-898a-69d820ce4f73</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='off' delay='0' />
  <mac address='52:54:00:A8:7C:72'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.128' end='192.168.122.254' />
      <host mac='52:54:00:34:d9:eb' name='web' ip='192.168.122.10' />
    </dhcp>
  </ip>
</network>

http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections