*

Offline timterroo

  • *
  • Posts: 1052
  • domo arigato gozaimashita
    • View Profile
CentOS network-based install and application management
« on: July 29, 2019, 02:55:53 PM »
I need to setup a CentOS lab, and I'm looking at various technologies for OS and application provisioning such as Cobbler, KickStart, DRBL, Spacewalk, etc...... I would like to be able to install the OS via litetouch, or PXE and have the ability to deploy applications centrally.

Does anyone, with experience in this area, recommend any particular open source products to accomplish this? I have used DRBL, personally, but I'm not sure it will work in this environment without modifying the networking infrastructure - which I do not want to do.

Thanks in advance for any suggestions!
"noche te ipsum"

"If you can't explain it simply, you don't understand it well enough."  - Albert Einstein

*

Offline juner

  • Planar Moderator
  • *****
  • Posts: 10175
    • View Profile
Re: CentOS network-based install and application management
« Reply #1 on: July 29, 2019, 03:17:35 PM »
inb4 Parsifal cricizes every sentence of the OP. Also inb4 Parsifal quotes it in his AR thread.

On the actual topic, Ansible. But it would probably help to know what your goal is (aside from making a lab for the sake of making a lab). You can certainly use those tools, but I believe that method is a bit "dated."

*

Offline timterroo

  • *
  • Posts: 1052
  • domo arigato gozaimashita
    • View Profile
Re: CentOS network-based install and application management
« Reply #2 on: July 29, 2019, 03:33:54 PM »
inb4 Parsifal cricizes every sentence of the OP. Also inb4 Parsifal quotes it in his AR thread.

On the actual topic, Ansible. But it would probably help to know what your goal is (aside from making a lab for the sake of making a lab). You can certainly use those tools, but I believe that method is a bit "dated."

The goal is to maintain roughly 40 or 50 clients all running Centos, all keeping the same image with the same applications/configurations. Something that mimics MDT and SCCM (to a point) for Windows. If a new client needs to be added, I want to be able to boot it up and let it hit a network server for the install with minimal interaction.

If a new application needs to be added, I want to be able to push it out to all clients at once and not have to touch each machine.

Does this help?

I would welcome parsifals suggestions, but not sure why he'd want to rant angrily about this?!
"noche te ipsum"

"If you can't explain it simply, you don't understand it well enough."  - Albert Einstein

*

Offline timterroo

  • *
  • Posts: 1052
  • domo arigato gozaimashita
    • View Profile
Re: CentOS network-based install and application management
« Reply #3 on: July 29, 2019, 03:51:15 PM »
It looks like Ansible is primarily parallel ssh? I think they are already using something like this, but the issue they have with it, for instance:

Let's say they have a new application to push out to 50 clients. 2 of them are offline, and thus do not receive the install command via Ansible. In the past (and probably due to lack of streamlined processes), those two clients that weren't awake at the time, won't get the new package until someone intervenes - which is usually to late to avoid production loss. i.e. - someone in the class does not get to use the application they are working on during the class they are using it.

Of course, if it can track these types of hiccups, it might be able to intervene as soon as the client becomes awake (prior to class time when a student needs to use it).

Also, I want to simplify the OS installs as well and not have to run through a bare-metal install for each new client.
« Last Edit: July 29, 2019, 03:54:17 PM by timterroo »
"noche te ipsum"

"If you can't explain it simply, you don't understand it well enough."  - Albert Einstein

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: CentOS network-based install and application management
« Reply #4 on: July 29, 2019, 05:41:04 PM »
What you want isn't possible because you have multiple conflicting requirements. You're going to have to decide which parts of what you want are important and which parts can be dropped.

I would like to be able to install the OS via litetouch, or PXE and have the ability to deploy applications centrally.
I have used DRBL, personally, but I'm not sure it will work in this environment without modifying the networking infrastructure - which I do not want to do.

Booting via PXE requires assistance from the DHCP server, which is part of the network infrastructure. You want to rely on the network infrastructure to do a job without needing to modify it. That isn't going to work very well.

If a new application needs to be added, I want to be able to push it out to all clients at once and not have to touch each machine.

There are, broadly speaking, three ways of accomplishing this:
  • Push-based configuration management (e.g. Ansible), which you've already rejected as it can skip hosts which are offline when run.
  • Pull-based configuration management (e.g. Puppet, Chef), which fetch their configuration from a central server whenever a machine is booted, or periodically. This requires you to maintain a central server.
  • Centralised installation of software on a network file server. Root on NFS appears to be possible on CentOS, but unsupported by Red Hat. In any case, this requires you to maintain a network file server.
Since you've already narrowed it down to the latter two options, you need to set up a server of some sort. Personally, I'd suggest going with the second option, as it's more in line with what Red Hat supports and doesn't break every machine if the server goes down for a few minutes.

Note that Red Hat seems to support Puppet, so that's probably your best bet for CentOS.

Also, I want to simplify the OS installs as well and not have to run through a bare-metal install for each new client.

I don't even know what you mean here, since you mentioned Kickstart previously. (Kickstart is the correct tool for automating CentOS installation, by the way, since it is what Red Hat supports.)

Are you trying to say that you want to avoid a manual installation for each new client?
when you try to mock anyone while also running the flat earth society. Lol

*

Offline timterroo

  • *
  • Posts: 1052
  • domo arigato gozaimashita
    • View Profile
Re: CentOS network-based install and application management
« Reply #5 on: July 29, 2019, 06:11:26 PM »
What you want isn't possible because you have multiple conflicting requirements. You're going to have to decide which parts of what you want are important and which parts can be dropped.

I would like to be able to install the OS via litetouch, or PXE and have the ability to deploy applications centrally.
I have used DRBL, personally, but I'm not sure it will work in this environment without modifying the networking infrastructure - which I do not want to do.

Booting via PXE requires assistance from the DHCP server, which is part of the network infrastructure. You want to rely on the network infrastructure to do a job without needing to modify it. That isn't going to work very well.

If a new application needs to be added, I want to be able to push it out to all clients at once and not have to touch each machine.

There are, broadly speaking, three ways of accomplishing this:
  • Push-based configuration management (e.g. Ansible), which you've already rejected as it can skip hosts which are offline when run.
  • Pull-based configuration management (e.g. Puppet, Chef), which fetch their configuration from a central server whenever a machine is booted, or periodically. This requires you to maintain a central server.
  • Centralised installation of software on a network file server. Root on NFS appears to be possible on CentOS, but unsupported by Red Hat. In any case, this requires you to maintain a network file server.
Since you've already narrowed it down to the latter two options, you need to set up a server of some sort. Personally, I'd suggest going with the second option, as it's more in line with what Red Hat supports and doesn't break every machine if the server goes down for a few minutes.

Note that Red Hat seems to support Puppet, so that's probably your best bet for CentOS.

Also, I want to simplify the OS installs as well and not have to run through a bare-metal install for each new client.

I don't even know what you mean here, since you mentioned Kickstart previously. (Kickstart is the correct tool for automating CentOS installation, by the way, since it is what Red Hat supports.)

Are you trying to say that you want to avoid a manual installation for each new client?

Parsifal, thank you. I think modifying the dhcp server is within the scope of what can be changed/configured in our network environment. It's a university and we have very silo'd operations. I cannot directly modify any of the infrastructure, but I can request it to be done by someone else.

As far as simplifying os installs, I want to have an image with all the necessary apps and updates that can be installed litetouch or pxe. I want to be able to install unattended. Sounds like kickstart is the way to go.

I assumed, and planned on, having to setup a server for all of this, so that is not a problem.

I'm thinking "pull" is the way to go for app deployment, since clients can check in and get themselves up-to-date.
"noche te ipsum"

"If you can't explain it simply, you don't understand it well enough."  - Albert Einstein

*

Offline Lord Dave

  • *
  • Posts: 7653
  • Grumpy old man.
    • View Profile
Re: CentOS network-based install and application management
« Reply #6 on: July 29, 2019, 07:49:04 PM »
I read that and all I thought of was

"Oh, SCCM does all that."
If you are going to DebOOonK an expert then you have to at least provide a source with credentials of equal or greater relevance. Even then, it merely shows that some experts disagree with each other.

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: CentOS network-based install and application management
« Reply #7 on: July 29, 2019, 08:22:27 PM »
Parsifal, thank you. I think modifying the dhcp server is within the scope of what can be changed/configured in our network environment. It's a university and we have very silo'd operations. I cannot directly modify any of the infrastructure, but I can request it to be done by someone else.

As far as simplifying os installs, I want to have an image with all the necessary apps and updates that can be installed litetouch or pxe. I want to be able to install unattended. Sounds like kickstart is the way to go.

In that case, I'd just follow Red Hat's documentation on setting this up:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-installation-server-setup
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-booting-installer-x86#sect-booting-from-pxe-x86
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-kickstart-installations

This is the way that RHEL (and thus CentOS) is designed to work and the most travelled path. I wouldn't bother even looking at third-party tools unless you find that Red Hat's supported way can't do what you want for some reason.

I assumed, and planned on, having to setup a server for all of this, so that is not a problem.

I'm thinking "pull" is the way to go for app deployment, since clients can check in and get themselves up-to-date.

That seems reasonable to me. You just need to make sure your Kickstart script includes bootstrapping for whatever tool you choose (I'd probably go with Puppet here, but you can even have it just fetch and run Ansible locally if you want).

You should also ensure that you have some way to be notified of errors applying the configuration, so that you become aware of broken machines before someone notices and reports the problem.
« Last Edit: July 29, 2019, 08:27:15 PM by Parsifal »
when you try to mock anyone while also running the flat earth society. Lol

*

Offline timterroo

  • *
  • Posts: 1052
  • domo arigato gozaimashita
    • View Profile
Re: CentOS network-based install and application management
« Reply #8 on: July 29, 2019, 10:29:08 PM »
Parsifal, thank you. I think modifying the dhcp server is within the scope of what can be changed/configured in our network environment. It's a university and we have very silo'd operations. I cannot directly modify any of the infrastructure, but I can request it to be done by someone else.

As far as simplifying os installs, I want to have an image with all the necessary apps and updates that can be installed litetouch or pxe. I want to be able to install unattended. Sounds like kickstart is the way to go.

In that case, I'd just follow Red Hat's documentation on setting this up:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-installation-server-setup
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-booting-installer-x86#sect-booting-from-pxe-x86
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-kickstart-installations

This is the way that RHEL (and thus CentOS) is designed to work and the most travelled path. I wouldn't bother even looking at third-party tools unless you find that Red Hat's supported way can't do what you want for some reason.

I assumed, and planned on, having to setup a server for all of this, so that is not a problem.

I'm thinking "pull" is the way to go for app deployment, since clients can check in and get themselves up-to-date.

That seems reasonable to me. You just need to make sure your Kickstart script includes bootstrapping for whatever tool you choose (I'd probably go with Puppet here, but you can even have it just fetch and run Ansible locally if you want).

You should also ensure that you have some way to be notified of errors applying the configuration, so that you become aware of broken machines before someone notices and reports the problem.

Thanks again Parsifal. This is all really helpful!
"noche te ipsum"

"If you can't explain it simply, you don't understand it well enough."  - Albert Einstein

*

Offline timterroo

  • *
  • Posts: 1052
  • domo arigato gozaimashita
    • View Profile
Re: CentOS network-based install and application management
« Reply #9 on: July 30, 2019, 01:06:23 PM »
I read that and all I thought of was

"Oh, SCCM does all that."

SCCM is great, but it is Microsoft only....
"noche te ipsum"

"If you can't explain it simply, you don't understand it well enough."  - Albert Einstein

*

Offline timterroo

  • *
  • Posts: 1052
  • domo arigato gozaimashita
    • View Profile
Re: CentOS network-based install and application management
« Reply #10 on: August 09, 2019, 12:52:50 PM »
As an update to the project:

I setup an NFS server which hosts a kickstart file and the installation source files. I created a custom boot image using genisoimage, stipped out all the packages and slimmed up the grub menu, and added the directive to the kickstart file. This will be my litetouch installer.

So far it is working as expected. Next I am figuring out how to automate Active Directory binding with realm. Getting it bound to AD is not the problem, getting it built-in to the kickstart file is the problem, but I'm close.

Once this is finalized and working, I can implement a package manager to add software to the clients as needed. The final step will be to implement PXE, which I found out should be possible (in our environment) as long as I can get all the clients registered on the same subnet - this is way down the road.
"noche te ipsum"

"If you can't explain it simply, you don't understand it well enough."  - Albert Einstein

*

Offline timterroo

  • *
  • Posts: 1052
  • domo arigato gozaimashita
    • View Profile
Re: CentOS network-based install and application management
« Reply #11 on: August 15, 2019, 06:11:14 PM »
Got the AD bind happening automatically as a post-install script. kickstart writes the 'realm join' command to the rc.local and makes is executable.

Phase 1 of the project is complete.
"noche te ipsum"

"If you can't explain it simply, you don't understand it well enough."  - Albert Einstein