Cold Metal
Universal Provisioning Toolkit

A Bare Metal Universal Provisioning Toolkit supporting Redhat/anaconda and Solaris(PXE and Sparc) OS Scripted Installation and Post-Install provisioning, hooks into existing OS tools and extentions. Focus is on automation for turn-key installations.

[Cold Metal at Sourceforge | Download/Project Site ]

Bare Metal Provisioning is the automated and usually scripted installation of a configured operating system onto a "bare metal" system with no operating system on it (or usually whiping the OS that was on it).

Philosophy

There are several modes of thought on system maintenance. Cold Metal is setup under the philosophy of very little patching, and more frequently OS images. This achieves several goals:

• Data and Applications must be modularly configured and built on secondary storage (SAN or HDD), so it can support frequent operating system re-images. Idealy the OS could be re-imaged on every boot. This design lends itself to much more robust and documented application installation. Note: reference Abstract Application and Data Naming (AADN).
• Multiple OS Profiles allowing for different package and patch sets to fit a variety of applications. Also known as 'Gold' standard type configurations.
• Use standard OS methods wherever possible, such as for patching.
• A private "Provisioning" subnet. All systems are multi-homed on this subnet and the "usual" subnet. While this is not a requirement, it makes it a little easier to encapsulate the network load as well as lock down certain services from general access.

Although Cold Metal is designed to support frequent re-imaging of the operating system, the older school of thought of frequent patching is still highly prevalent. Cold Metal can also work in this mode, and infact still uses the OS patch methods for adding packages and patches during the post-install phase, rather than rebuilding a new package infrastructure.

Install

Cold Metal uses existing tools wherever possible. This installation document is geared for Redhat, but Cold Metal has been installed in Solaris as well.

Users

One user needs to be created: cmshare. This is the user that must own all of the files under the share folder. All other files may be owned by root.

Directory Structure

Cold Metal has one install base directory. This can be located wherever you desire, although /data is recommended following the Abstract Application and Data Naming (AADN) methodology (although Cold Metal somewhat breaks this paradigm. Since most of what Cold Metal is composed of is source data and libraries, it is located in /data instead of /app). The base directory along with the coldmetal name is referred to as the $COLDMETAL_BASE variable. The structure of files and directories/folders within the COLDMETAL_BASE:

bin/	Top level administrative programs for Cold Metal
config/	Cold Metal Configuration Files
log/	program log files (note: network booted client logfiles are not stored here)
share/	All shared/exported data (NFS and HTTP)
share/doc/	Cold Metal Documentation
share/apps/	Repository to store add-on applications which are loaded during post-install.
share/global-files/	Repository for Provisioned files.
share/host-files/	Repository for Provisioned host specific files.
share/lib/	Cold Metal library files, bourne shell and perl.
share/os/	Operating System install images.
share/profile/	Cold Metal OS profiles.
share/systems/	System Configuration database (MAC and Name)
share/tftpboot/	TFTP boot for PXE and RARP Network booting.

Third Party Software

• DHCP Server: ISC.org DHCP
• TFTP Server: OS Default
• HTTP Server: Apache
• NFS Server: OS Default
• Bootparams/RARP: Solaris

DHCP Server: ISC.org DHCPD

1. Install ISC DHCP server. In Redhat4 Install ISC DHCP daemon with:

   up2date -i dhcp

   In Fedora use:

   yum install dhcp

2. Enable auto-start of the DHCP service. In Redhat/Fedora:

   chkconfig dhcpd on

3. Configure the DHCP service by editing /etc/dhcpd.conf. A suggested minimal configuration is below. The following variables need to be configured:

   %TFTPSERVER% = IP Address for the TFTP server
   %SUBNET% = Subnet, such as the private subnet 10.255.255.0
   %NETMASK% = Network mask for subnet, typically 255.255.255.0
   %BROADCAST% = Network mask for subnet, typically 10.255.255.255
   

   The Configuration File:

   ddns-update-style none;
   ignore client-updates;
   
   subnet %SUBNET%.0 netmask %NETMASK% {
       #option routers            10.255.255.254;
       option subnet-mask         %NETMASK%%;
       option broadcast-address   %BROADCAST%;
       #option domain-name        "domain.com";
       #option domain-name-servers 10.0.0.99, 10.0.0.1;
       option time-offset         -18000;
       #option ntp-servers             ;
       #option netbios-name-servers    ;
       range dynamic-bootp %SUBNET%%.200 %SUBNET%%.250;
       default-lease-time 21600;
       max-lease-time 43200;
       allow booting;
       allow bootp;
       class "pxeclients" {
           match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
           next-server %TFTPSERVER%;
           filename "pxe/pxelinux.0";
       }
   }
   

   Note: It is suggested to read up on the ISC DHCP server and to use static MAC address mappings within the DHCP config file, rather than the shown range of dynamic addresses.
4. Restart DHCP server after making changes:

   service dhcpd restart

TFTP Server: OS Default

Most Operating systems include a trivial FTP server/daemon. TFTP often is used underneath inetd (or xinetd).

1. In Redhat4 this can be installed with:

   up2date -i xinetd tftp-server

   In Fedora use:

   yum install xinetd tftp-server

   If you just installed inetd, review what new ports are now to be listened to and verify it is what you want.
2. Configure TFTP Server. Edit the TFTP configuration /etc/xinetd.d/tftp (if using xinetd), make two changes:
   • Enable tftp
   • Change the base directory
   The final TFTP Xinetd configuration file looks like:

   service tftp
   {
           socket_type             = dgram
           protocol                = udp
           wait                    = yes
           user                    = root
           server                  = /usr/sbin/in.tftpd
           server_args             = -s /data/coldmetal/share/tftpboot
           disable                 = no
           per_source              = 11
           cps                     = 100 2
           flags                   = IPv4
   }
   

3. Verify xinetd is set to run on boot, and start right now if new install:

   chkconfig xinetd on
   service xinetd restart

HTTP Server: Apache

Note: this section on Apache presumes you are familiar with Apache configuration files. Further information on Apache can be found at the Apache Website.

1. If you do not have apache installed, it can be installed in Redhat or Fedora by loading the httpd package with up2date or yum (see above).

2. Locate the Apache configuration directory (Redhat default: /etc/httpd/conf.d). Create a file in this directory named 'coldmetal' with the contents below. Replace the variables:

   %SUBNET% = Subnet, such as the private subnet 10.255.255.0
   

   The Apache configuration file:

   <Location /cmshare>
     order allow,deny
     deny from all
   </Location>
   <Location ~ "/cmshare/(doc|os|profile)">
     order allow,deny
     allow from %SUBNET%
   </Location>
   

3. Build symbolic link for '/cmshare' on HTTP server. Find default document location and symlink. Redhat example:

   cd /var/www/html
   ln -s /data/coldmetal/share cmshare
   

NFS Server: OS Default

1. Create an NFS export for the share folders. In Redhat, edit /etc/exports and add a line similar to:

   /data/coldmetal/share          10.0.0.0/24(ro,async,no_subtree_check,all_squash,anonuid=%UID%,anongid=%UID%)
   

   Note: Change %UID% to the Unix UID number for the cmshare account.

Bootparams/RARP: Solaris

Most of this is auto-configured by solaris. The author has not yet converted sun's automation scripts to use Open Source ISC DHCP server.

Configuration

1. Load the operating system software:
   1. Select a "Release Token" for the Operating System, such as Redhat-ES.4-u4, FC.6-0, etc. The token is used in naming the release, and needs to be formatted as: NAME.RELEASE-MINOR, even if there is not a -MINOR a value is required, even if it is a 0.
   2. Mirror the release and/or copy it from CD/DVD images (just copy all CDs to the same location). The release should be copied to $COLDMETAL_BASE/share/os/%Release Token%. (Note: The script 'os-update' and 'ftpmirror' can be used to keep this in sync).
2. Create a profile for the operating system:
   1. Create a directory named $COLDMETAL_BASE/share/profile/%Release Token% (token named above).
   2. Within this directory, copy sample files for the relevant OS (Redhat or Solaris) and configure to suit. Notes on how to configure each element of the profile are defined within each of the sample files.
   3. Populate any relevant global files, based on what is selected from the samples.
   4. host-files are populated by copying desired files from individual hosts.
3. Define a new system to be provisioned using the script $COLDMETAL_BASE/bin/cmadm.

TODO

• Automation script which populates dhcpd.conf along with servers/* info.

Copyrights

Cold Metal is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License Version 2 as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.