Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Oracle Linux Cookbook
Oracle Linux Cookbook

Oracle Linux Cookbook: Embrace Oracle Linux and master Linux Server Management

Arrow left icon
Profile Icon Erik Benner Profile Icon Jonathan Spindel Profile Icon Erik B. Thomsen
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (4 Ratings)
Paperback Jan 2024 548 pages 1st Edition
eBook
€20.98 €29.99
Paperback
€29.99 €37.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Erik Benner Profile Icon Jonathan Spindel Profile Icon Erik B. Thomsen
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Full star icon Full star icon 5 (4 Ratings)
Paperback Jan 2024 548 pages 1st Edition
eBook
€20.98 €29.99
Paperback
€29.99 €37.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€20.98 €29.99
Paperback
€29.99 €37.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Oracle Linux Cookbook

Installing with and without Automation Magic

While you can manually install Oracle Linux from a USB or an ISO image, at an enterprise level, it is more common to automate the installation. The Appendix – kickstart options at the end of this chapter covers the manual installation, which is easier to do when you have occasional installs.

Most data center installs use an automated method, as this allows you to scale quickly.

This chapter provides different recipes to help build an operational Preboot Execution (PXE; pronounced pixie) system.

PXE booting is a technology developed by Intel. It allows systems with the appropriate ISO (or OS RPMs) to boot from the network, downloading all the required files from a server. While there are older methods, such as the bootstrap protocol (BOOTP), the industry has rapidly adopted PXE boot as the most common standard. While PXE booting started with Intel systems, ARM systems can also boot using TFTP. For the PXE boot process to work, you would normally have a DHCP server and a PXE server on the network. A high-level summary of the process can be seen in the following diagram:

Figure 2.1 – PXE boot process

Figure 2.1 – PXE boot process

The following are each of the steps described at a high level:

  1. The PXE client will request an IP address from an available DHCP server.
  2. The first DHCP server on the network to respond to the client will provide it with an IP address, network mask, DNS information, default route, and other required network parameters.
  3. The PXE client will do a boot service discovery, looking for a PXE server. Optionally, the DHCP server can be configured to point to the PXE server to boot from.
  4. The PXE server sends the client the network bootstrap program and IP information on where to download the files. This enables the client to boot from the network to install an OS.
  5. The PXE client requests media (RPMs and control files) as needed from an HTTPS server. HTTPS is not the only protocol required; NFS and FTP servers can also be used, although HTTPS is the most common method. The PXE system also sends the kickstart parameters to the client via the kickstart file. These parameters contain the specifics to configure the system’s storage, network, and packages to be installed.
  6. The media server sends the files requested to the PXE client, allowing an OS to be installed.

When configuring the PXE server in this example, there are three components required:

  • DHCP server: This assigns not only IP addresses to servers as they boot but also important parameters that enable PXE boot.
  • Trivial File Transfer Protocol Daemon (TFTPD): This service works as a TFTP server, allowing the bootloader to run on the client, starting the OS installation.
  • HyperText Transfer Protocol Daemon (HTTPD): This is a web server and is used to host config files and RPMs used for the installation.

Note

There are some other options, such as using dnsmasq as a combined server that works as a DHCP server, a TFTP server (most commonly TFTPD), and a DNS forwarder. However, in many enterprise environments, separate systems are needed. As an example, a Microsoft DHCP server may already be used on the network.

In this example, there are two logical servers running three different services, a DHCP server, a TFTP server on the first system. The second system is the PXE server and will also be the HTTP server used to serve up the Red Hat Package Manager (RPM) files and control files required for the installation. Both systems are multihomed and will be running DHCP and PXE on their secondary interface. The systems also have static IP addresses on the secondary interfaces.

We will cover the following main recipes, which make up the PXE feast, in this chapter:

  • Automating the OS install options with kickstart
  • DHCP server – more than just IPs
  • Setting up a web server – HTTPD
  • Serving up the boot – TFTPD
  • Back in the day – a manual installation

Note

A multihomed server is a system that is connected to multiple networks at the same time. This is often done in enterprise data centers to isolate systems, while at the same time allowing a controlled system that allows some data to pass. It is possible to set up a PXE server on a single network.

Technical requirements

The easy way to create a new kickstart file requires building a new OS, as this process will automatically create the file, which can later be modified as needed. A PXE environment also requires additional systems or VMs for a DHCP server and HTTPS server. Before you start, you will first need to download an ISO image. Using a desktop virtualization product such as Oracle VM VirtualBox is recommended.

The related configuration files for many of the recipes in this book are available on GitHub, at https://github.com/PacktPublishing/Oracle-Linux-Cookbook.

Automating the OS install options with kickstart

The kickstart file is one of the most important parts of the automated install process. This file contains all the information required to automatically install and configure the OS. The kickstart file is a simple text file that contains the directions to allow an unattended installation.

Getting ready

In order to work with kickstart files, you will need somewhere to build the system, such as Oracle VM VirtualBox. This system can be used to create your first kickstart file, as well as testing new kickstart files before moving them into the PXE environment.

Note

Anaconda is the Oracle Linux installer. It can operate via an automated install using a kickstart file, or interactively via a graphic or text install interface.

How to do it…

While you can manually create a file from scratch, it is much easier to start with the file that Anaconda creates on installation. This kickstart file is created automatically when a manual is installed and saved on the new system in /root/anaconda-ks.cfg. This file can be easily edited and reused for future builds. Let’s look at the file by breaking it down into smaller sections. This system is a graphical installation. Other options are text or cmdline:

Note

There are many options for kickstart, and they are listed in Appendix – kickstart options.

#version=OL8
# Use graphical install
graphical

The repo used to install Oracle Linux was a directory that was loopback mounted from an ISO file. baseurl can also be an HTTPS server, an NFS location, or an FTP server. For example, --baseurl=https://pxe.m57.local/ol8 will tell kickstart to pull the RPMs from a web server:

repo --name="AppStream" --baseurl=file:///run/install/sources/mount-0000-cdrom/AppStream

The packages are the software packages selected. Names starting with an @ sign are package groups, and lines without @ are individual packages. Also, the ^ symbol is used to enable the installation of only the required packages in a group. If ^ is not set, all packages in the group are installed. In this example, the graphical-server-environment package group RPMs are installed as well as the kexec-tools package:

%packages
@^graphical-server-environment
kexec-tools
%end

This is where the default keyboard and language are selected:

# Keyboard layouts
keyboard --xlayouts='us'
# System language
lang en_US.UTF-8

This is the hostname for the new server. Ideally, it should be the Fully Qualified Domain Name (FQDN) for the system:

# Network information
network  --hostname=ol802.lab.m57.local

This is used to select a CD-ROM or a CD-ROM mounted on a filesystem as the installation media:

# Use CDROM installation media
cdrom

This is used to run the setup agent on the first boot:

# Run the Setup Agent on first boot
firstboot --enable

Here, the install disk is selected, as well as the configuration of the logical volume manager and filesystems:

ignoredisk --only-use=sda
# Partition clearing information
clearpart --none --initlabel
# Disk partitioning information
part /boot --fstype="xfs" --ondisk=sda --size=1024
part pv.116 --fstype="lvmpv" --ondisk=sda --size=80868
volgroup ol --pesize=4096 pv.116
logvol /home --fstype="xfs" --size=5120 --name=home --vgname=ol
logvol / --fstype="xfs" --size=51200 --name=root --vgname=ol
logvol /u01 --fstype="xfs" --size=10240 --name=u01 --vgname=ol
logvol /var --fstype="xfs" --size=5120 --name=var --vgname=ol
logvol swap --fstype="swap" --size=4056 --name=swap --vgname=ol
logvol /var/log --fstype="xfs" --size=5120 --name=var_log --vgname=ol

This is the time zone for the server:

# System timezone
timezone America/New_York --isUtc

An encrypted root password can be set on the new system. Normally, the password is encrypted, but optionally, you can use the –-plaintext option with a plaintext password. You can also generate an encrypted password using the python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())' Python command:

# Root password
rootpw --iscrypted $6$W5fC.GDUSIVXPDS7$zQFm49tGCtRbfyAd/0f57QcuPZYtOB/gobgN2oKNG
zqrseiNtm7QqkthCcdiNxGJhzLSIQpNyxRQXEPJPuaYM.

This enables kdump, allowing the kernel to save a crash dump to a device for troubleshooting:

%addon com_redhat_kdump --enable --reserve-mb='auto'
%end

This is the password policy for root, users, and Linux Unified Key Setup (LUKS) passphrases:

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

You can edit the file as needed. Before using a new file, it can be tested with the ksvalidator command. This command is part of the pykickstart package, installed via dnf install -y pykickstart.

Once the package is installed, test a new kickstart file by running ksvalidator $FILE. A sample with an error will look like the following, where line 3 defines the install as xgraphical, which is an unknown option:

[root@localhost ~]# ksvalidator anaconda-ks.cfg
The following problem occurred on line 3 of the kickstart file:
Unknown command: xgraphical

Resolve the error and rerun the validation. In this example, graphical is the correct parameter to use. A clean validation returns nothing and will look as follows:

Figure 2.2 – Clean ksvalidator

Figure 2.2 – Clean ksvalidator

Kickstart options!

Now that you have a basic understanding of the kickstart file, you can start adding new options. These options allow you to automate the installation and also grant you more control. The options are covered in Appendix – kickstart options.

How it works…

You can boot any system with kickstart manually by adding the ks parameter to the GRand Unified Bootloader (GRUB) entry. The format is ks=PATH_TO_FILE, where PATH_TO_FILE is a URL where the kickstart file can be read from. This is usually placed on an HTTP server that is accessible to clients.

DHCP server – more than just IPs

The DHCP server will be running a standard DHCP server that is available with Oracle Linux 8. Installation of DHCP is straightforward.

Getting ready

To set up a DHCP server, you will need an Oracle Linux 8 VM running on the same subnet that VMs that will be installed are using.

How to do it…

Install the DHCP server with the dnf install -y dhcp-sever command. The following screenshot shows the full process:

Figure 2.3 – DHCP server installation

Figure 2.3 – DHCP server installation

Once installed, enable DHCP traffic through the firewall (as seen in the following screenshot) with the firewall-cmd --add-service=dhcp --permanent and firewall-cmd --reload commands:

Figure 2.4 – DHCP firewall commands

Figure 2.4 – DHCP firewall commands

The DHCP server has a sample DHCP config file installed in /usr/share/doc/dhcp-server. This has sample config files for both IPv4 in /usr/share/doc/dhcp-server/dhcpd.conf.example and IPv6 in /usr/share/doc/dhcp-server/dhcpd6.conf.example. For this DHCP server, we will use IPv4 and copy the sample config file to /etc/dhcp/dhcpd.conf. There is an existing config file, but by default, it is mostly empty with no configuration and can be replaced as in the following screenshot:

Figure 2.5 – Copy dhcp.conf

Figure 2.5 – Copy dhcp.conf

Next, the config file will need to be updated, changing the IP address range, as well as adding an NTP server to the configuration with the option of option ntp-servers 192.168.200.1, which sets the NTP server to 192.168.200.1. While configuring a NTP server is optional, it is highly recommended. Additionally, when the PXE server is not the DHCP server, you will need to add the next server parameter to the subnet. This will point DHCP clients to the TFTP boot from the PXE server.

Note

If you are using an existing DHCP server, make sure you add the next-server parameter to point to the PXE server that has the TFTP server.

Since the TFTP server is running on the PXE server, the DHCP server will need the next server option to be set to the IP address of the PXE server. A complete sample config file is shown here:

# dhcpd.conf
#
# These options are common to all networks
option domain-name "lab.m57.local";
option domain-name-servers 192.168.56.10;
default-lease-time 600;
max-lease-time 7200;
# If the DHCP server is the main server for the network, this should be set authoritative;
# This sets where logs are sent. By default they are sent to syslog. You can reconfigure sysylog to send to a different location as needed.
log-facility local7;
subnet 192.168.56.0 netmask 255.255.255.0 {
  range dynamic-bootp 192.168.56.100 192.168.56.150 ;
  option broadcast-address  192.168.56.255;
  option routers 192.168.56.1;
  option domain-name-servers 192.168.56.10 ;
  option domain-name "lab.m57.local";
  option ntp-servers 192.168.200.1;
   next-server pxe.lab.m57.local;
}
# Hosts which require special configuration options can be listed here, with the host details. This could be used to hard-code an IP address to a host, or define host-specific parameters like a non-0standard vmunix filename or a fixed IP address.
host fixedhost {
  hardware ethernet 0:0:aa:bb:cc:dd;
  filename "vmunix.fixedhost";
  server-name "fixedhost.m57.local;
}
# When using a fixed IP address, it is more common to assign the host an IP address outside of the DHCP managed IP address range. set.
host fantasia {
  hardware ethernet 08:01:02:03:04:05;
  fixed-address fixedhost2.m57.local;
}

Next, we need to test the DHCP server. To do this, install the nmap program with dnf install -y nmap.

Nmap is a powerful utility and can be used for many things. It is most well known as a port scanning tool, letting the user scan networks looking for servers that respond to a ping with nmap -sP 192.168.200.1/28, as seen in the following screenshot:

Figure 2.6 – Nmap ping scan

Figure 2.6 – Nmap ping scan

It can also be used to identify the OS and open ports of a specific server, with nmap 192.168.200.34 -O:

Figure 2.7 – Nmap ID server

Figure 2.7 – Nmap ID server

While Nmap is a powerful tool for scanning networks, it can also be used for many additional tasks, including checking that a DHCP server is replying correctly. This is done with the broadcast-dhcp-discover script and is used via the nmnap ––script option. Additionally, if your system has multiple interfaces, you can specify the network interface used by the scan with the -e option. In this environment, the DHCP server is verified with the nmap --script broadcast-dhcp-discover -e enp0s8 command:

Figure 2.8 – Nmap DHCP discovery

Figure 2.8 – Nmap DHCP discovery

We now know how the DHCP server works, so next is the Apache HTTPD server.

Setting up the web server – HTTPD

The next step for the PXE server is to install a web server. In this example, we will use Apache. Other web servers will also work, but Apache is one of the most common.

Getting ready

To set up an HTTP server, you will need an Oracle Linux 8 VM running in your environment. The server’s IP address should be routable to the subnets the VMs are using, and the firewall ports should allow HTTP/HTTPS traffic. Ideally, you should also have enough space for several ISO files. Normally, 20-30 GB is enough data space.

How to do it…

Starting the install of the Apache HTTPD server is simple; just run yum install -y httpd.

Once the web server is installed, copy the full ISO file to the server into a directory of your choice. In our example, OracleLinux-R8-U5-x86_64-dvd.iso is copied into /root, as seen in Figure 2.9.

Figure 2.9 – Oracle Linux ISO in /root

Figure 2.9 – Oracle Linux ISO in /root

The next step is to mount the ISO file in a directory under docroot. With the standard install of Apache, docroot is in /var/www/html, so a directory named OL8 is created. When the ISO is mounted, it is more efficient to use a loopback mount method. This allows an ISO file to be mounted as a normal filesystem. Next, using a loopback mount, mount the ISO file using /var/www/html/OL8 as the mount point using the following command:

mount -o ro,loop /root/OracleLinux-R8-U5-x86_64-dvd.iso /var/www/html/OL8

Once mounted, a df command will show the mounted filesystem. The entire chain of commands can be seen in the following screenshot, Figure 2.10.

Figure 2.10 – ISO mounted

Figure 2.10 – ISO mounted

Now that the filesystem is mounted, let’s open up ports 80 and 443 in the firewall. This is easily done with firewall-cmd, adding both the http and https ports opened and saved as permanent changes to the firewall. Once the ports are opened, the firewall rules are reloaded. The following three commands are run to perform these tasks:

firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --reload

Now that the firewall is opened, Apache is installed, and the ISO is mounted via a loopback, we can start the Apache server with the systemctl start httpd command.

You can verify that all is working as expected by pointing your browser to the server’s IP address and the OL8 directory, as seen in the following screenshot. This will show the contents of the ISO, including the release notes and the RPMs under the BaseOS directory, as seen in Figure 2.11.

Figure 2.11 – ISO file accessible via httpd

Figure 2.11 – ISO file accessible via httpd

Serving up the boot – TFTPD

TFTP is used for simple file transfers over the network. This is most often used to load the initial bootloader for an OS, or some firmware updates for embedded devices and older hardware. In the context of the PXE server, the TFTP system is used for the initial bootloader.

Getting ready

To set up a TFTP server, you will need an Oracle Linux 8 VM running in your environment. The server should be on the same network subnet that the systems being built are using. Ideally, you should also have enough space for several boot files. Normally, 5 GB is enough data space.

How to do it…

Installing TFTP is simple. Run the dnf install -y tftp-server command, as seen in Figure 2.12.

Figure 2.12 – TFTP installation

Figure 2.12 – TFTP installation

Once the installation is complete, we need to open up the firewall for TFTP and reload it:

firewall-cmd --add-service=tftp --permanent
firewall-cmd --reload

The output of these commands is as shown in the following screenshot:

Figure 2.13 – TFTP firewall

Figure 2.13 – TFTP firewall

After installation and the firewall has opened, we need to prepare the system by installing the bootloaders, preparing an Oracle Linux 8 TFTP location, and creating a boot menu.

Note

This example is using a BIOS-based host. If you want to use a UEFI host, you will need to install grub2-efi and configure UEFI-specific parameters. The Oracle docs for this can be found at https://docs.oracle.com/en/operating-systems/oracle-linux/8/install/install-CreatingaNetworkInstallationSetup.html#uefi-clients.

To install the bootloaders for BIOS-based installs, we will install the syslinux package. The syslinux package includes bootloaders for network booting (PXELINUX), Linux (ext2/ext3/ext4) or btrfs filesystems (EXTLINUX), MS-DOS FAT filesystems (SYSLINUX), and bootable El Torito CD-ROMs (ISOLINUX). For network booting, we will be using PXELINUX:

Figure 2.14 – Syslinux installation

Figure 2.14 – Syslinux installation

Next, we will copy the boot image file, pxelinux.0, and copy the file into /var/lib/tftpboot:

cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

Then, we will create an Oracle Linux 8 boot directory under tftpboot:

mkdir /var/lib/tftpboot/ol8

Now, we need to copy over the PXE boot files from the ISO we previously mounted when installing the HTTP server to the new Oracle Linux 8 boot directory:

cp /var/www/html/OL8/images/pxeboot/* /var/lib/tftpboot/ol8/

Next, we need a boot menu. Luckily, we can copy over the samples and get things moving quickly. We only need the menu files, so using the following command to copy things works just fine:

cp -v /usr/share/syslinux/{ldlinux.c32,libcom32.c32,libutil.c32,menu.c32,vesamenu.c32} /var/lib/tftpboot/

Almost done here. To make a directory for the PXS config files and build the default menu, use the following:

mkdir /var/lib/tftpboot/pxelinux.cfg

We can finally install a config file. Copy this sample configuration file into /var/lib/tftpboot/pxelinux.cfg/default:

default linux-auto
prompt 1
timeout 60
display boot.msg
label linux-auto
  menu label ^Install OL8 in Graphical Mode using the kickstart file
  menu default
  kernel ol8/vmlinuz
  append initrd=ol8/initrd.img ip=dhcp inst.repo=http://pxe.lab.m57.local/ol8 ks=http://pxe.lab.m57.local/ks_files/ol8ks.cfg
label linux-manual
  menu label ^Install OL8 in Graphical Mode with manual input
  menu default
  kernel ol8/vmlinuz
  append initrd=ol8/initrd.img ip=dhcp inst.repo=http://pxe.lab.m57.local/ol8
label rescue
  menu label ^Rescue installed system
  kernel ol8/vmlinuz
  append initrd=ol8/initrd.img rescue
label local
  menu label Boot from ^local drive
  localboot 0xffff

In this sample, the default install will be linux-auto, and that will start in 60 seconds unless the user manually selects one of the following options:

  • linux-auto: This is the default and will install Oracle Linux using the kickstart parameters
  • linux-manual: This will kick off a traditional install or Oracle Linux, prompting the user to select all the options from Anaconda manually
  • rescue: This will boot in rescue mode
  • local: This will boot from the existing local disk

You can easily modify the menus as needed to meet your specific needs. PXE booting, while daunting at first, provides a powerful tool to manage your Linux installations.

How it works…

When systems boot, they will load the bootloader based on the DHCP server config. This will then have the system boot from the TFTP server, starting the PXE process.

Back in the day – a manual installation

Automated installations are great, but for some admins, the complexity of configuring and maintaining the infrastructure to support an automated installation is more effort than doing a manual installation. This recipe will go over how the manual installation works.

Getting ready

To do this, you will need a system to install from. In the example, Oracle VM VirtualBox will be used, but it could just as easily be on a bare-metal server or a different hypervisor. You will also need installation media. Normally, an ISO works fine, but you can also use a boot ISO and an HTTP server, an FTP server, or even a network file share.

How to do it…

Regardless of whether you boot from an ISO, a USB stick, or even a kickstart file with a graphical installation option set, the process is the same!

If you are booting from a boot-only image, you will need to enable the network and then point to an installation source. This is shown in the next few steps. If you are installing from an ISO or USB, skip to the How it works… section:

  1. When booting from a boot image, you will need to select Install Oracle Linux X to start the process. When possible, use the latest version of Oracle Linux. When doing an installation you will get the first screen where you can test the boot image or continue:
Figure 2.15 – Linux installer boot

Figure 2.15 – Linux installer boot

  1. Next, pick your language:
Figure 2.16 – Install language

Figure 2.16 – Install language

  1. Click on Continue once you have picked your language. Next, you should see the INSTALLATION SUMMARY section:
Figure  2.17 – Installation Summary

Figure 2.17 – Installation Summary

For now, we need to do two tasks:

  • Enable the network
  • Set Installation Source to Oracle’s yum repo

To enable the network, click on the Network & Host Name option.

  1. Here, you will need to switch Ethernet on, and also update the hostname with the name of the server. The network will automatically use DHCP to configure the boot image. You can optionally manually configure the IP stack by clicking the Configure option.
Figure 2.18 – Network & Host Name

Figure 2.18 – Network & Host Name

  1. Next, click Apply and then Done. This will take you back to the INSTALLATION SUMMARY page. From there, we will need to select Installation Source to set where we will get the install files.
Figure 2.19 – Installation Source

Figure 2.19 – Installation Source

In this example, we are using the Oracle Public YUM server as the installation source. You can optionally add additional repositories if needed, as well as set any proxy settings if required. You can also set an FTP:// patch for an NFS server path. Once you have a path, select Done.

  1. This will take you back to the INSTALLATION SUMMARY page. Wait a few minutes for the repo index to load. Once it loads, you should see the Installation Source option, as well as the option for Software Selection.
Figure 2.20 – Selecting Installation Source

Figure 2.20 – Selecting Installation Source

Manually network booting is otherwise the same as an ISO or USB boot.

How it works…

A manual boot process is fairly simple to do. Once booted, on the INSTALLATION SUMMARY screen, you have many options:

  • LOCALIZATION: This is where you can set settings for country-specific options language, keyboard type, time, and more:
    • Keyboard: This allows you to set what keyboard is used. You can use non-US keyboards.
    • Language Support: This sets the language used.
    • Time and Date: This sets the system time, as well as the Network Time Protocol (NTP) servers to be used to automatically synchronize the time.
  • SOFTWARE: This sets the software sources and what software groups or packages will be installed:
    • Installation Source: This sets the source and software being installed
    • Software Selection: This sets what software groups and packages are being installed
  • SYSTEM: These are system-level parameters:
    • Installation Destination: This is the destination for the install. This includes the initial filesystem layout.
    • KDUMP: This allows you to set up kdump, a kernel crash dump tool that writes system information to disk for analysis later.
    • Network & Host Name: This is where you set the hostname and network information.
    • Security Policy: This enables a more secure installation, allowing you to start with a system that meets popular security standards such as STIG and PCI-DSS.
  • USER SETTINGS: This is where you can set users, groups, and passwords:
    • Root Password: This sets the initial root password

Generally, the first setting that is set is the network. This is key for not only network installations but also setting up NTP for time synchronization:

  1. To set up the network, select Network & Host Name:
Figure 2.21 – Setting hostname and IP info

Figure 2.21 – Setting hostname and IP info

By default, the network port is not enabled and the hostname is not set. You can manually set the hostname. Don’t forget to use an FQDN when setting the hostname. This should include the name and the domain name. When you enable the network, the system will automatically grab DHCP IP info. If you want to manually configure this, click on Configure…:

Figure 2.22 – Accessing manual network settings

Figure 2.22 – Accessing manual network settings

  1. This will take you to the network details, where you can manually set the MTU, IP address, and other NIC-specific settings. You can also disable IPv6 if needed.
Figure 2.23 – Manual network settings

Figure 2.23 – Manual network settings

  1. Once the network is set, you can use network resources such as NTP servers to synchronize the clock. To do this, under TIME & DATE, click on the gears:
Figure 2.24 – Accessing NTP settings

Figure 2.24 – Accessing NTP settings

  1. Then, you can add NTP servers. By default, a public server is used, but if you run local NTP servers, make sure you add those here.
Figure 2.25 – NTP settings

Figure 2.25 – NTP settings

  1. Next, additional software sources can be added under Installation Source as needed. This was done previously when doing a network install.

    You can also set what RPM groups are installed, along with any additional software. This is done under SOFTWARE SELECTION:

Figure 2.26 – Software Selection

Figure 2.26 – Software Selection

  1. After setting Base Environment and adding any additional software, the next task is to set up the installation destination. This is done by clicking on Installation Destination.

    From here, you should see the physical and logical drives available to the system. The default is to set Storage Configuration as Automatic, but let’s explore a different boot disk structure by selecting a custom configuration. Once Custom is selected, click on the Done button.

Figure 2.27 – Installation Destination

Figure 2.27 – Installation Destination

  1. From here, you can pick the default volume management strategy, as well as manually creating a new layout. Most systems will use an LVM install, as this gives you the flexibility to resize partitions down the road.
Figure 2.28 – Manual Partitioning

Figure 2.28 – Manual Partitioning

Don’t forget to click Done and accept all the changes to the layout.

  1. As a note, if you boot from a UEK-based install, you now have the option to use Btrfs as the root filesystem.
Figure 2.29 – Btfrs partitioning

Figure 2.29 – Btfrs partitioning

Btrfs will look a little different, as the system combines the role of volume manager and filesystem into one system. This means at the time of installation, all of the filesystems will show all the space available. This can be updated after the OS is installed and a quota is set for each directory that needs to be limited. This is covered in the Btfrs recipes in Chapter 4.

You could finish up now by just giving root a password… but there is one more basic task, and that is to apply a security policy to the system. The security policy allows the installer to preconfigure the system to follow the policy set. This is very helpful when installing systems that support workloads such as HIPPA, PCI DSS for credit card processing, or STIG for public sector workloads.

  1. To set a policy, select Security Policy from Installation Summary:
Figure 2.30 – Security Policy

Figure 2.30 – Security Policy

  1. Once you know the policy you want to use, select it and click on Select profile:
Figure 2.31 – Applying a security policy

Figure 2.31 – Applying a security policy

You will now see the policy and a list of all the changes being made to the system. You will also see some changes that may need to be made to the filesystem layout. This is seen in policies such as STIG, where /var and /var/log need to be separate filesystems.

Once done, from the Installation Summary, click on Begin Installation to start the install.

Appendix – kickstart options

The following table covers the most popular options that control the installation and their syntax:

Option Name

authselect

Description

It configures the authentication options for the system using the authselect command. authselect options are the same as the authselect command. They are passed directly to the command.

Options

See the authselect command.

Option Name

autostep

Description

This option is not recommended for production use. It is more of a troubleshooting command that makes the installer step through every screen, displaying them for a short amount of time.

Options

--autoscreenshot will take an automated screenshot of every install screen. The images are stored in /tmp/anaconda-screenshots/ during the installation and then moved over to /root/anaconda-screenshots when the installation completes. This is helpful for troubleshooting because if you missed a required kickstart option and the installation does not automatically run, you will be at the screen with missing data, and can manually enter the missing configuration data. Then, when you click to continue, the screen is automatically captured with the data you manually entered.

Option Name

cmdline

Description

When used, the install runs in a non-interactive command-line mode. Any prompt from Anaconda for input stops the installation. Make sure to test with the autostep option first.

Options

None

Option Name

eula

Description

If used, the –-agreed option is required. This option allows you to automatically accept the End User License Agreement (EULA). When this option is used, the installer will not prompt for acceptance of the EULA on the first reboot of the system. This is very useful for environments that use a PXE boot as part of the auto-scaling strategy.

Options

--agreed forces the EULA to be accepted and must be used. If the option is not used, the EULA parameter is ignored.

Option Name

firewall

Description

This configures the firewall on the installed system.

Options

  • --enabled or –enable is required. It enables or disables the firewall.
  • --disabled or –disable is required. If disabled, iptables rules are not configured.
  • --trust sets a trusted network device, allowing all traffic to pass through the firewall. To configure multiple devices, list each one as its own entry with no commas, such as –trust eth0 –trust eth8.
  • --incoming adds each of the following tags to allow incoming traffic for these common services:
    • ssh
    • smtp
    • http
    • ftp
  • --port= specifies a specific port to allow access to the server. You can use ports from /etc/service for specific port:protocol combinations. Multiple ports are comma delimited. An example is ldap:tcp, 1521:tcp.
  • --service= allows an easy way to enable specific services, such as CUPS, or services that require multiple UDP/TCP ports to be opened. This enables an easy way to open these ports in a readable format.
  • --use-system-defaults does not configure the firewall. If other options are specified, they are ignored.

Option Name

firstboot

Description

This option can disable the running of the setup application when the system boots. If enabled, make sure you have initial-setup.rpm (initial-setup-gui.rpm if a GUI is required) installed. This option is disabled by default.

Options

  • --enable or –enabled starts the setup the first time the system boots.
  • --disable or –disabled does not start the setup the first time the system boots.
  • --reconfig enables the setup to start at boot time in reconfiguration mode. This enables the networking configuration, root password, time zone, language, mouse, and keyboard options to be set in addition to the default options.

Option Name

graphical

Description

The graphical command is the default, if not set. The installation continues with a fully graphical install.

Options

--non-interactive performs the installation in a completely non-interactive mode. This mode will terminate the installation when user interaction is required.

Option Name

group

Description

This option creates a user group on the system.

Options

  • --name= is required and sets the name of the group.
  • --gid= is an optional parameter and will set the GID of the group.

Option Name

halt

Description

If used, the system with halt after the installation is completed. This is the default completion method if no other method is set. Other completion methods are poweroff, reboot, and shutdown.

Options

None

Option Name

logging

Description

This is useful for troubleshooting PXE installs. It controls the logging from the installer during the installation. It does not configure logging on the system being installed.

Options

  • --host= is the syslog host logs are sent to.
  • --port= is the port used for syslog on the remote syslog host. If not set, the default port (UDP 514) is used.
  • --level= specifies the minimum level of messages sent to device tty3. Regardless of this level, all messages are still sent to the log host and file. Valid values are critical, debug, error, info, and warning.

Syntax

logging [--host=host] [--port=port] [--level=critical|debug|error|info]

Option Name

poweroff

Description

When used, a shutdown and power-off are performed on the system after the installation completes.

Options

None

Option Name

reboot

Description

It reboots the system after the install completes.

Options

--eject ejects bootable media (DVD, USB, etc.) before rebooting the system.

Option Name

repo

Description

Enables additional DNF/YUM repos as installation sources. Each repo will need its own line.

Options

  • --name= is required and sets both the repo name and URL. If a name conflicts with an existing repo, it will be ignored. The format is --name=repoid [--baseurl=url|--mirrorlist=url|--metalink=url] [options]. The following additional options can be added to the URL. As a warning, variables that can be used in yum repository config files are not supported. However, you can use $releasever and $basearch:
    • --baseurl: This is the URL of the repo
    • --mirrorlist: This is a list of mirrors for a repo
    • --metalink: This is the URL with metalink for the repo
  • --proxy=[protocol://][username[:password]@]host[:port] sets the proxy for the repo.
  • --noverifyssl disables SSL verification of an HTTPS server.

Option Name

selinux

Description

Used to configure the initial policy and state of selinux. The default policy is enforcing.

Options

  • --enforcing enables SELinux with the policy set to enforcing. This is the default setting.
  • --permissive enables SELinux with the policy set to permissive. This allows warnings to output to console of syslog without enforcing the policy.
  • --disabled disables SELinux.

Option Name

shutdown

Description

Runs the shutdown command on the system after the installation has completed.

Options

None

Option Name

sshkey

Description

This adds an SSH key to the authorized keys files for the specified user.

Options

--username is mandatory. It is used with the following syntax:

sshkey --username=user KEY

Option Name

text

Description

When used, the installation runs in text mode. By default, the installer runs the GUI install method. Only one of the text/graphical options can be used.

Options

--non-interactive does the install in a non-interactive mode. If a user action is required, the mode will terminate the install.

Option Name

url

Description

When used, it will use the URL specified for the install files from an ISO. URLs can be formatted for FTP, HTTP, or HTTPS.

Options

  • --url is required. This is the URL used for the source files. An example of the syntax is as follows:

    http://server/direcort ftp://username:password@server/path

  • --mirrorlist is an optional parameter that sets the mirror URL to install from.
  • --proxy is an optional parameter that sets a proxy to use while performing the install from an HTTP/HTTPS or FTP server.
  • --noverifyssl is an optional parameter that disables SSL verification when using an HTTPS server.
  • --metalink is an optional parameter that sets the ULN/metalink URL to install from. Variable substitution is done for $releasever and $basearch.

Option Name

user

Description

Creates a new user on the system

Options

  • --name is a required parameter and is the username.
  • --uid is the user’s User ID (UID).
  • --gid the user’s Group ID (GID).
  • --groups is a comma-separated list of group names the user should belong to.
  • --homedir is the home directory for the user.
  • --lock will, if used, lock a new user’s account by default.
  • --password is the password for the new user.
  • --iscrypted, if used, means that the password argument is the encrypted password. You can get this from the /etc/shadow file on a running system.
  • --plaintext, if used, means that the password argument is the plain text password.
  • --shell is the path to the user’s default shell.

Table 2.1 – Kickstart options

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Effortlessly upgrade from Oracle Linux 7 or migrate from CentOS
  • Become a pro sysadmin by learning new tricks to manage your Oracle Linux servers
  • Learn how to install, configure, administer, and maintain Oracle Linux servers
  • Purchase of the print or Kindle book includes a free PDF eBook

Description

Discover the power of Oracle Linux 8, the free and enterprise-grade Linux distribution designed for use in any environment, with this recipe-style book. Starting with instructions on how to obtain Oracle Linux for both X86 and ARM-based platforms, this book walks you through various installation methods, from running it as a Windows service to installing it on a Raspberry Pi. It unravels advanced topics such as system upgrades using Leapp for major version transitions and using a PXE server and kickstart files for more advanced installations. The book then delves into swapping kernels to take advantage of Oracle’s UEK, exploring boot options, managing software with DNF, and achieving high availability. Detailed recipes involving security topics will assist with tasks such as data encryption, both at rest and in motion. For developers, it offers guidance on building RPM files, using Docker and Podman in a containerized environment, working with AppStreams, and more. For large-scale deployments, the book introduces Oracle Linux Automation Manager for enterprise-level Ansible utilization, from setting up the Ansible server to basic playbook writing. Finally, you’ll discover strategies for cloud migration. By the end of this book, you’ll possess a comprehensive toolkit that will elevate your skills as a Linux administrator.

Who is this book for?

This book is for existing Oracle Linux system administrators and CentOS or RHEL admins contemplating a migration to Oracle Linux 8. A foundation of basic sysadmin skills is assumed as this is not an entry-level book; it's a cookbook focused on complex and lesser-known configurations specifically for Oracle Linux 8.

What you will learn

  • Master the use of DNF for package management and stream-specific installations
  • Implement high availability services through Podman and Oracle Linux Automation Manager
  • Secure your system with Secure Boot and at-rest disk encryption techniques
  • Achieve rebootless system updates using the Ksplice technology
  • Optimize large-scale deployments with Oracle Linux Automation Manager and Ansible
  • Gain practical insights into storage management using Btrfs and LVM

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jan 19, 2024
Length: 548 pages
Edition : 1st
Language : English
ISBN-13 : 9781803249285
Category :
Languages :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jan 19, 2024
Length: 548 pages
Edition : 1st
Language : English
ISBN-13 : 9781803249285
Category :
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 95.97 113.97 18.00 saved
Mastering Linux Administration
€37.99
Linux Kernel Programming
€27.99 €37.99
Oracle Linux Cookbook
€29.99 €37.99
Total 95.97 113.97 18.00 saved Stars icon
Banner background image

Table of Contents

15 Chapters
Chapter 1: Oracle Linux 8 – Get It? Got It? Good! Chevron down icon Chevron up icon
Chapter 2: Installing with and without Automation Magic Chevron down icon Chevron up icon
Chapter 3: Exploring the Various Boot Options and Kernels in Oracle Linux Chevron down icon Chevron up icon
Chapter 4: Creating and Managing Single-Instance Filesystems Chevron down icon Chevron up icon
Chapter 5: Software Management with DNF Chevron down icon Chevron up icon
Chapter 6: Eliminating All the SPOFs! An Exercise in Redundancy Chevron down icon Chevron up icon
Chapter 7: Oracle Linux 8 – Patching Doesn’t Have to Mean Rebooting Chevron down icon Chevron up icon
Chapter 8: DevOps Automation Tools – Terraform, Ansible, Packer, and More Chevron down icon Chevron up icon
Chapter 9: Keeping the Data Safe – Securing a System Chevron down icon Chevron up icon
Chapter 10: Revisiting Modules and AppStreams Chevron down icon Chevron up icon
Chapter 11: Lions, Tigers, and Containers – Oh My! Podman and Friends Chevron down icon Chevron up icon
Chapter 12: Navigating Ansible Waters Chevron down icon Chevron up icon
Chapter 13: Let’s All Go to the Cloud Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(4 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Raymond Feb 02, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Oracle Linux is an enterprise-class Linux distribution supported by Oracle and built from source packages for Red Hat Enterprise Linux . Some of the features of Oracle Linux include a custom-build and rigorously-tested Linux kernel called "Oracle Unbreakable Kernel", tight integration with Oracle's hardware and software products zero downtime patching - a feature that enables administrators to update the kernel without a reboot.The book is an excellent resource for those operating in this environment and the authors share skills,tips and tricks for managing your systems effectively. It will help users and admin maintain the highest standards for performance and security.Pet peeve alert!!! Authors word hard on these books.Giving a low rating based on the delivery of the book is reflective on Amazon, NOT Packt and the authors.....FWIW....
Amazon Verified review Amazon
Kevin Verma Feb 29, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The "Oracle Linux Cookbook" stands as a crucial resource for IT professionals, blending the versatility of open-source with enterprise-grade support. It offers an in-depth look into Oracle Linux, guiding readers through a myriad of applications from embedded devices to cloud platforms. This guide is essential for anyone aiming to leverage Oracle Linux's full potential, showcasing how to innovate and succeed in the dynamic IT landscape.As a bridge between theory and practice, the book is invaluable for a broad range of IT roles. It invites exploration of Oracle Linux's wealth of technology, serving as a comprehensive guide for development, usage, and solution building in an open-source enterprise environment. The "Oracle Linux Cookbook" ensures that regardless of one's expertise level, there's valuable insight to be gained, marking a pathway to mastering the capabilities of open-source enterprise Linux.
Amazon Verified review Amazon
UGUR A. Feb 19, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Although I am a professional with good experience level, I learned a lot. Thanks!
Amazon Verified review Amazon
M57 Feb 08, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
good book
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.