2008/03/25

RHCS: iSCSI, DM-MP, CLVM and GFS・その2・インストールとクラスタの構成

今回の環境(『その1・概要』参照)でのXen Dom0かつiSCSIターゲット(target/サーバ)fs1およびXen DomUかつiSCSIイニシエータ(initiator/クライアント)dc[123]のインストールし、クラスタを構成する。ここでは、Kickstartファイルを掲載する。詳しい手順は、『Red Hat Cluster: CentOS 5.1上でRHCSを使ってみる』を参照。

fs1のKickstartファイル
Xen DomU fs1は、iSCSIのターゲットとして動作する必要がある。CentOS/RHEL 5.1では、iSCSIターゲット機能は、RPMパッケージscsi-target-utilsでサポートされる。
logging --host=192.168.55.192

text
install
url --url http://repository.xencluster/centos/5/os/i386
lang en_US.UTF-8
keyboard jp106
monitor --monitor="LCD Panel 1024x768"
xconfig --startxonboot --driver ati --resolution 1024x768 --depth 24
network --device eth0 --bootproto static --ip 192.168.55.191 --netmask 255.255.255.0 --gateway 192.168.55.195 --nameserver 192.168.55.193,192.168.55.194 --hostname fs1.xencluster
network --device eth1 --onboot yes --bootproto static --hostname fs1.xencluster
rootpw --iscrypted $1$zthPniQJ$u8VAa0oCtLcKrpfk/WIjs0
user --name USERNAME --homedir /home/USERNAME --iscrypted --password=$1$DCVowOrU$N86i3KrFg2yftOqtXMB3w/ --shell=/bin/bash --groups=USERNAME,wheel
firewall --enabled --port=22:tcp
authconfig --enableshadow --enablemd5
selinux --permissive
timezone --utc Asia/Tokyo
bootloader --location=mbr --driveorder=sda --append="xencons=tty"

clearpart --all --drives=sda
part /boot --fstype ext3 --size=100 --ondisk=sda
part pv.6 --size=0 --grow --ondisk=sda
volgroup VolGroupXX --pesize=32768 pv.6
logvol swap --fstype swap --name=LogVol01 --vgname=VolGroupXX --size=1984
logvol / --fstype ext3 --name=LogVol00 --vgname=VolGroupXX --size=10240

repo --name=base --baseurl=http://repository.xencluster/centos/5/os/i386/
repo --name=updates --baseurl=http://repository.xencluster/centos/5/updates/i386/
repo --name=addons --baseurl=http://repository.xencluster/centos/5/addons/i386/
repo --name=extras --baseurl=http://repository.xencluster/centos/5/extras/i386/

services --enabled=oddjobd,ntpd --disabled=apmd,avahi-daemon,cpuspeed,cups,nfslock,pcscd,smartd,snmpd,yum-updatesd

reboot

%packages
@admin-tools
@base
@base-x
@cluster-storage
@clustering
@core
@dns-server
@editors
@emacs
@ftp-server
@gnome-desktop
@graphical-internet
@japanese-support
@legacy-network-server
@mail-server
@network-server
@ruby
@server-cfg
@system-tools
@text-internet
@virtualization
@web-server
lynx
tftp
-kernel
kernel-xen
-kmod-gfs
kmod-gfs-xen
-kmod-gfs
kmod-gnbd-xen
-NetworkManager
-bluez-utils
device-mapper-multipath
-irda-utils
-pcmciautils
net-snmp-utils
net-snmp-libs
net-snmp
OpenIPMI
OpenIPMI-libs
openhpi
-squid
scsi-target-utils
iscsi-initiator-utils
-apmd


%post --log=/mnt/sysimage/root/anaconda-post.log --erroronfail
/bin/cp /tmp/ks-script-* /root

### network
/bin/cat <<EOL >> /etc/sysconfig/network
NOZEROCONF=yes
VLAN=yes
VLAN_NAME_TYPE=DEV_PLUS_VID
EOL

/bin/cat <<EOL > /etc/sysconfig/network-scripts/ifcfg-eth1.4000
DEVICE=eth1.4000
BOOTPROTO=none
ONBOOT=yes
EOL
/sbin/restorecon /etc/sysconfig/network-scripts/ifcfg-eth1.4000

/bin/cat <<EOL > /etc/sysconfig/network-scripts/ifcfg-eth1.4001
DEVICE=eth1.4001
BOOTPROTO=static
DHCPCLASS=
IPADDR=192.168.56.191
NETMASK=255.255.255.0
ONBOOT=yes
EOL
/sbin/restorecon /etc/sysconfig/network-scripts/ifcfg-eth1.4001

/bin/cat <<EOL > /etc/sysconfig/network-scripts/ifcfg-eth1.4002
DEVICE=eth1.4002
BOOTPROTO=static
DHCPCLASS=
IPADDR=192.168.57.191
NETMASK=255.255.255.0
ONBOOT=yes
EOL
/sbin/restorecon /etc/sysconfig/network-scripts/ifcfg-eth1.4002

/bin/cat <<EOL > /etc/sysconfig/network-scripts/ifcfg-eth1.1000
DEVICE=eth1.1000
BOOTPROTO=none
ONBOOT=yes
EOL
/sbin/restorecon /etc/sysconfig/network-scripts/ifcfg-eth1.1000

### logrotate
/bin/cat > /etc/logrotate.d/00local.conf <<EOL
rotate 20
compress
start 100
EOL
/sbin/restorecon /etc/logrotate.d/00local.conf

### local yum repository
/bin/cp -p /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.dist
/bin/sed 's/mirrorlist=/#mirrorlist=/
s/#baseurl=/baseurl=/
s/mirror.centos.org/repository.xencluster/' < /etc/yum.repos.d/CentOS-Base.repo.dist > /etc/yum.repos.d/CentOS-Base.repo

yum -y remove kernel

### sshd
/usr/bin/patch /etc/ssh/sshd_config <<EOL
39a40
> PermitRootLogin no
60c61
< PasswordAuthentication yes
---
> PasswordAuthentication no
EOL
/sbin/restorecon /etc/ssh/sshd_config

##### for User USERNAME
/bin/mkdir ~USERNAME/.ssh
/bin/chmod 700 ~USERNAME/.ssh
/bin/cat > ~USERNAME/.ssh/authorized_keys2 <<EOL
ssh-dss AAAA<<略>>
EOL
/bin/chmod 644 ~USERNAME/.ssh/authorized_keys2
/bin/chown -R USERNAME.USERNAME ~USERNAME/.ssh

### DELL OpenManage
/usr/bin/wget -q -O - http://linux.dell.com/repo/hardware/bootstrap.cgi | bash
/usr/bin/wget -q -O - http://linux.dell.com/repo/software/bootstrap.cgi | bash
/usr/bin/wget -q -O - http://linux.dell.com/repo/firmware/bootstrap.cgi | bash
/usr/bin/yum install -y srvadmin-all
/usr/bin/yum install -y $(/usr/sbin/inventory_firmware -b)
/usr/bin/update_firmware

### Mail
##### /etc/mail/sendmail.cf
/usr/bin/patch /etc/mail/sendmail.mc <<EOL
26c26
< dnl define(\`SMART_HOST', \`smtp.your.provider')dnl
---
> define(\`SMART_HOST', \`fs2.xencluster')dnl
EOL
(cd /etc/mail; /usr/bin/make sendmail.cf)
/sbin/restorecon /etc/mail/sendmail.cf

##### /etc/aliases
/usr/bin/patch /etc/aliases <<EOL
96c96
< #root:  marc
---
> root:  root@xencluster
EOL
/usr/bin/newaliases
/sbin/restorecon /etc/aliases

### SNMP
/bin/cat > /etc/snmp/snmpd.conf <<EOL
com2sec localhost localhost           COMMUNITY_STRING
com2sec localnet  192.168.55.0/24    COMMUNITY_STRING

group   gOpLocalhost   v1            localhost
group   gOpLocalhost   v2c           localhost
group   gOpLocalnet    v1            localnet
group   gOpLocalnet    v2c           localnet

view    all           included   .1
view    vDell         included   .1.3.6.1.4.1.674.10892.1
view    systemview    included   REDHAT-CLUSTER-MIB:RedHatCluster

access  gOpLocalhost   ""      any       noauth    exact  all    vDell   all
access  gOpLocalnet    ""      any       noauth    exact  all    none    all

syslocation Unknown
syscontact root@xencluster

disk /     100000

load 10

# for DELL
smuxpeer .1.3.6.1.4.1.674.10892.1

# for cluster
dlmod RedHatCluster     /usr/lib/cluster-snmp/libClusterMonitorSnmp.so
EOL
/sbin/restorecon /etc/snmp/snmpd.conf

/bin/cat > /etc/snmp/snmp.conf <<EOL
mibdirs +/opt/dell/srvadmin/omsa/mibs:/opt/dell/srvadmin/rac5/mibs:/opt/dell/srvadmin/rac3/mibs:/opt/dell/srvadmin/sm/mibs:/opt/dell/srvadmin/rac4/mibs
mibs +MIB-Dell-10892:DCS3FRU-MIB:DCS3RMT-MIB:DCS3RMT-MIB:StorageManagement-MIB:DCS3RMT-MIB:REDHAT-MIB:REDHAT-CLUSTER-MIB
EOL
/sbin/restorecon /etc/snmp/snmp.conf

##### iptables
/bin/cat > /etc/sysconfig/iptables <<EOL
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -s 192.168.55.0/24 -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -s 192.168.56.0/24 -i eth1.4001 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -s 192.168.57.0/24 -i eth1.4002 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOL

### For Xen
/usr/bin/base64 -di <<EOL | /bin/zcat > /etc/xen/scripts/network-vlan-bridge
H4sIAIxrT0cAA71ZbXPbuBH+LP4KRNZEliuRdvrl6pwy8SSXa2ZSn8d564ydOBQJSjhTBEOQUjSO
+tu7uwBIkJZ81zZTT2JbwL4B+/YsfPAomIksUAvvYPoDv7wD9pInYZWW7J88Yxkv17K4ZaoMizJQ
pcyZigqRlz4QAkHMojBNFQsbStpm6wVwi1IzKqR+t+B2MwuXnJWSVYozoVjME5HxmImMBbyMgm88
w//xJJJZIua++pYDP+yWIMLomRhRieBpDOJJAcgyy1HBw5KjXbNCxHPODmNzKhA8KwZ3K5Fk1XI7
GrMwjpEu5isRcRBTU/Jy0dChuaIcs0jmAuSiJa8vkLfgSsFCUsglrdZygAE/G/0hXFUY/16pUjMX
siL7okgWscjm6UYf4nXC4ELZXMLmmqfpGKjxWAtZpTHjmaoKuLpFWNqLAF685I1iVY7X/He55ite
jJmScMn6BqsiLIXMQB0wV7niJZttSPCYcZXzSIDODTCfv3oLlklwGBrSmB8z4KlyFqNZmSzZkoOM
jawKMIPHagy8VhXHyxRJwguelcYfY5bIgvFv4TJPwQKFRuMN4E+RqZKHxofvVTjnp/SrdbR1IEXS
dwxB+BaWlRqxuw9nl9MPZ2+2R8TxISyU5tVeY/j1QRRlFabGLwyWZ7ywwVf7+njks3PaUuzZ9CcQ
4XwV/Gsl6Nop/GZhdMviQqy0nEW4guVUyhw3FN4ULodtGQsxXwD9Kkwr8h8mB0U+qZcJ+wmdZ86K
X++a2Oka2wlhX18WHLBmFFnJiySMiBeCtBOMu0Mc5YRZKVQuwR72cQG7zVWBF8NZiqEvWV5AiKFz
kRJ9WAvM5MjEMVqQwb0bp7Ac7Jv288GdNnXbRzfR2sq1oq+9dwzL8N1312GHYgClvTD53RwKF9u5
CRn3j7MX3Rw1NwWnQO3AdcmxHClnY8bJWuZsrpotQwebv2QqBecroh43NMYeslfmpyRmKVeNjrpY
1Ka/K8JMJRh9tbljWyM6Zuf7zO6cJzfLjb0vecpRYMtAzCQ08aKAoHG11zFUW4IcP7TXeF4siung
EL5TS+gPjvsjz4efsIItwFR5aATLpcx8tei3dm2JcLY9iMf4BXxG9/cHz/seh5yDIBQ6emnJ00E1
tdF1OhkcilyfkqVClew7C9e3bBh8toEdsDsIe7yiwfkrth0ChYKyOFTB56vPx5O/fToKguFoe1/y
8dbT9w1r+pfTSTuBt5520dTmxunEzYitVyclUNS/n04yufW8+2m1M6l2p5Q35+WNyG9ElshDKKce
1g8MgZs8+Tb9AleCH7D5rLF+ssGJOfYko5OzI+jbJbs+9I+uR+zqM/t0NAiuT4J8+IVEzSFH1+GG
JOnLbYtK5gXP6yJY36hdWImQwa1+8eCcQt3MZIadsjb0ik0S1g/URgVRGioVgC3B4CQwdIFOzj77
ZPhXaZh1mfNCRsSHm8DcUIukymtqsD8V2W3HfAqRO2hrgHMGf2WP/sWCq5/Hn95fXI2ffQogSEAU
cnux7IhL2COGKyTnO37QCvHzU6wMmWcbB9BeMfC78cqWfepS4NcB1eiSSn8idcloObdFbR2bpJVa
gM6dm9g2XL362F1SfS0QBOZWqrxFgaabKEDLHz9mdSigfNfTDWEtIRGe+QE+seCAlaZW3qBt0G+L
iMWq1PV/Q+iphcwORRalFUYE7IkQlkb6fgwiGKAAqJP2I8jyvY6O2nOpBLyLKqfmKvQC8EwHTzzt
iZcyGwLAktQ9wX0oEVRDx4o3gBZUyzzfBsT9ZLsDvi2EGacsmXxlQ5tww24IFIDOisxz7uyAnWkV
6CG4BeqcbC3KBRuijCH1R8IuDWo1GHvpGxGXPE8RRBgOw93EhxYSAZqZt8RQMcd7NXLgdod0JFga
+jajuseFzea4zllNyYH24KkA1wLHhMBTz68Pr7ACX//l2t/7S2AXRs+vT56DIK0vaG468PqoagGa
6uNj12ZhVcolAOjINmSZgcUKwCuhaov4zalaTUTXSrTcUXR9yK6/D65HAcUUlNGgZot5ygJYzL1t
Y8zO2DemNMH/Ky9t7Js9J6aBbIzCof2Tg8foOIR7CA1xLkOH3WejVNCTmyzEXCCeM1Q6cggQabnx
mFHEr4Wi3MZ8Q1XAj9ifkiAJBcyKh3GVpyKCZDfCRk6+GfH/UcK9EUqf3Q5VEJQURHg0idFPkUuJ
LjIb3G/Bo7cUzvXdD9G1yAT1ISv1TeDZLMsLHem2YujEBmVYe4duYRsa3O3/uajASGxHxWJfZFzA
/zltmgC2wduhR89a+rgTTd4BQj+s3DfQu3AirbEegcJLqiaKHWNdKlvjBGZ2zAzX4dqMCNC4wMWx
XGcwT580cYCjgKMGutCdU+6ajtrHxvsMLyPIKvDjk+Z3ot9R69gxLfBU8e7OSatpvMVxjEqTbjUQ
jOuQRm6WSwjDjQlPDZbjQtIUfZamYJdD2xqg/AaS0fTTwAQzI00u2KvfLj+eXb5kLy9/u+hsvrKb
nfWzmmmyZPlio9CoycT8NoHiPLhDvLdlk9/Z2YsXv1y8+y8kIAh0JbjlBb1xo2cCKsr1fKKnA5Ho
IZ+CXieb77k8nbQlUOumrUXCOnO1B6MFdIf/ZYwY3m8okBRwTbvWtQVbRzXT/LMiKtM/pGql8v1t
vTfJftjJwDkyv9HN24WPV5Az1so+m7I+5kq/wYa9NiJoUKeb9f0Bzgr9+4CzTZTvINL18J2DHFQN
cfAdyqVzTLmXsvU99b03WA7IIhS2FApfiXyPXvWW4QY7zYxHIdbajax0AwKF0YLrHpaKpaCXFHqm
0c888KkZYz16NiNS81hjX3FUlecSnymZffbqUuDx2FLGVcrHqN5Di4pQEOgWyiifbVgekt349Bki
Tx4WUDLBBHbYvBFNfz5/NnpqqqvXqIA5NhcpvraViDfwUQ7t16XnlhcZp/dAntENoAnKVLdajacf
16wqv63U9rcYAA0Ug2MjFBXTwIxY0Qcc9Ozxk7aLcMRpsH+Dy+mnfmy9MY9LTfbYqNsfc71lGNF0
2PSCepKFjqWRIO5dB9RpHDAIc6J/pNsPzJ/+afvf9cg/wkkUhsdeXnCRWIDRyPd6HZDfaIYiqSmw
UenB0bXrO2um0fY6TnXYBptVe1CdMIAouX5/1G9UMS8JEoGejEOIqrDY+JrYmd5cm00RqseuRj3q
rffd8a5hBof1djNrxK67S5dm5VJYWV6PXoSN028wfRr+XVvUdvapJ3MHdxAN8HsBaCLzuqQmqHDA
7AH5TSltwDmbtZoWxZMWhbHRzOTOkeri1DtgMsUk3KScoCNU9SYmOlHTChsb+b0unt1F1KnNNOVb
WLGFmj7ccDV0SrqLORyIQ/1B5n+qPezuDnuag+bvP9xR9reK3r3XAQM9dKD+PzL/gQTPH07whxN5
T27uTy8SRYGdJA/mQMJPk8T916XOnVzfm+e7WHammAY9MFvgM8X9HNm3vTOX7TbZ9gd1ZrXfzk6d
eTBP72dZY+Oey2hZ6cR/fdRZ4aQoYWP6A6EdEExWsBmUhHWIf8Nxx4cZPaEUVZaZP8sBGkxEAVCx
XZA6ONnC4taEi9j5ibOwDL+VheBqenLsNfhykrH+R7AD9ZElhHz1u/9cliIkrJrd+v32QyZdBpGa
FztkFmj9F8W/UqBoddsvUIBiqVPF4n/DavJ08pVdvj8/f33+K3OzZAaw4NbraVe5Bg/9oV5QKQf2
E8oc/BzDsN6qhwIGlbY1dT008PqQjiMUTiedmx/hM5ktVe2W4QYKRQk4OgoV/gXCQKE+iCNGwt4j
r2dhuNd7+rSZXrDy2k2Z057lwr9QQit0pqOdncJyHAGxRsLvs9sM64Wx5JQ1NiEu01TDD2EqYktD
f9k91baOyaixMWFoeDSA4yqMvH8D4vHg6zogAAA=
EOL
/bin/chmod 755 /etc/xen/scripts/network-vlan-bridge
/sbin/restorecon /etc/xen/scripts/network-vlan-bridge

/bin/cat <<EOL > /etc/xen/scripts/network-vlan-bridge-wrapper
#!/bin/sh
BRIDGE_SCRIPT=/etc/xen/scripts/network-vlan-bridge
\$BRIDGE_SCRIPT "\$@" vifnum=0 netdev=eth1.1000 bridge=xenbr1000
\$BRIDGE_SCRIPT "\$@" vifnum=1 netdev=eth1.4000 bridge=xenbr4000
\$BRIDGE_SCRIPT "\$@" vifnum=2 netdev=eth1.4001 bridge=xenbr4001
\$BRIDGE_SCRIPT "\$@" vifnum=3 netdev=eth1.4002 bridge=xenbr4002
EOL
/bin/chmod 755 /etc/xen/scripts/network-vlan-bridge-wrapper
/sbin/restorecon /etc/xen/scripts/network-vlan-bridge-wrapper

/bin/cp -p /etc/xen/xend-config.sxp /etc/xen/xend-config.sxp.dist
/bin/sed 's/^(network-script network-bridge)/(network-script network-vlan-bridge-wrapper)/' < /etc/xen/xend-config.sxp.dist > /etc/xen/xend-config.sxp

/bin/cat <<EOL > /etc/modprobe.d/xen-vlan
options netloop nloopbacks=32
EOL
/sbin/restorecon /etc/modprobe.d/xen-vlan

### For Cluster
##### /etc/cluster/fence_xvm.key
/usr/bin/base64 -di > /etc/cluster/fence_xvm.key <<EOL
B0K3fFCQVQZdPydoMs29eSmd4vKwEbNC+G58HjSeSGzK5x0+uS8VB8B+/gnHVKLt3sqtzZeEpsKs
<<略>>
gDfGZSWpdWxwjz//h5x/zP2JIv6PgZt++qoSDd/1NxP5zdy0wO6/wHLNghjKDEwjtP/7Lt79ntqB
EOL
/bin/chmod 600 /etc/cluster/fence_xvm.key
/sbin/restorecon /etc/cluster/fence_xvm.key

### CMAN init script
/usr/bin/base64 -di <<EOL | /usr/bin/patch /etc/init.d/cman
MTU2YzE1Ngo8ICAgICBlZ3JlcCAiXltbOmJsYW5rOl1dKlwoW1s6Ymxhbms6XV0qbmV0d29yay1z
Y3JpcHRbWzpibGFuazpdXStuZXR3b3JrLWJyaWRnZShbWzpibGFuazpdXSpcKXxbWzpibGFuazpd
XSspIiAvZXRjL3hlbi94ZW5kLWNvbmZpZy5zeHAgPi9kZXYvbnVsbCAyPi9kZXYvbnVsbAotLS0K
PiAgICAgZWdyZXAgIl5bWzpibGFuazpdXSpcKFtbOmJsYW5rOl1dKm5ldHdvcmstc2NyaXB0W1s6
Ymxhbms6XV0rbmV0d29yay0ofHZsYW4tKWJyaWRnZSh8LXdyYXBwZXIpKFtbOmJsYW5rOl1dKlwp
fFtbOmJsYW5rOl1dKykiIC9ldGMveGVuL3hlbmQtY29uZmlnLnN4cCA+L2Rldi9udWxsIDI+L2Rl
di9udWxsCjE2NSwxNjZjMTY1LDE2Nwo8ICAgICBpZiBbICEgLXggL2V0Yy94ZW4vc2NyaXB0cy9u
ZXR3b3JrLWJyaWRnZSBdOyB0aGVuCjwgICAgICAgICBpZiBbIC1mIC9ldGMveGVuL3NjcmlwdHMv
bmV0d29yay1icmlkZ2UgXTsgdGhlbgotLS0KPiAgICAgeGVuX2JyaWRnZV9zY3JpcHQ9YGVncmVw
ICJeW1s6Ymxhbms6XV0qXChbWzpibGFuazpdXSpuZXR3b3JrLXNjcmlwdFtbOmJsYW5rOl1dK25l
dHdvcmstKHx2bGFuLSlicmlkZ2UofC13cmFwcGVyKShbWzpibGFuazpdXSpcKXxbWzpibGFuazpd
XSspIiAvZXRjL3hlbi94ZW5kLWNvbmZpZy5zeHAgfCBzZWQgJ3MvXltbOmJsYW5rOl1dKihbWzpi
bGFuazpdXSpuZXR3b3JrLXNjcmlwdFtbOmJsYW5rOl1dXCtcfFtbOmJsYW5rOl1dKilbWzpibGFu
azpdXSovL2cnYAo+ICAgICBpZiBbICEgLXggL2V0Yy94ZW4vc2NyaXB0cy8keGVuX2JyaWRnZV9z
Y3JpcHQgXTsgdGhlbgo+ICAgICAgICAgaWYgWyAtZiAvZXRjL3hlbi9zY3JpcHRzLyR4ZW5fYnJp
ZGdlX3NjcmlwdCBdOyB0aGVuCjE3NmMxNzcKPCAgICAgZXJybXNnPSQoL2V0Yy94ZW4vc2NyaXB0
cy9uZXR3b3JrLWJyaWRnZSBzdGFydCAyPiYxKSB8fCByZXR1cm4gMQotLS0KPiAgICAgZXJybXNn
PSQoL2V0Yy94ZW4vc2NyaXB0cy8keGVuX2JyaWRnZV9zY3JpcHQgc3RhcnQgMj4mMSkgfHwgcmV0
dXJuIDEKMTkyYzE5MywxOTUKPCAgICAgeG0gbGlzdCAtLWxvbmcgMj4gL2Rldi9udWxsIHwgZ3Jl
cCAtcSAiRG9tYWluLTAiIHx8IHJldHVybiAxCi0tLQo+ICAgICAjIFRoZSBmb2xsb3dpbmcgbGlu
ZSBpcyBjb21tZW50ZWQgb3V0IGJlY2F1c2UgdGhpcyBjaGVjayBkb2VzIG5vdAo+ICAgICAjIHdv
cmsgcHJvcGVybHkgYmVmb3JlIHhlbmQgaXMgc3RhcnRlZC4KPiAgICAgI3htIGxpc3QgLS1sb25n
IDI+IC9kZXYvbnVsbCB8IGdyZXAgLXEgIkRvbWFpbi0wIiB8fCByZXR1cm4gMQo=
EOL
/sbin/restorecon /etc/init.d/cman

### X fonts FOR racvnc
/bin/mkdir /usr/X11R6/lib
/bin/ln -s /usr/share/X11 /usr/X11R6/lib

### /etc/inittab
/usr/bin/patch /etc/inittab <<EOL
32c32,33
< ca::ctrlaltdel:/sbin/shutdown -t3 -r now
---
> #ca::ctrlaltdel:/sbin/shutdown -t3 -r now
> ca::ctrlaltdel:ca::ctrlaltdel:/usr/bin/logger 'CTRL-ALT-DELETE trap is disabled'
EOL
/sbin/restorecon /etc/inittab

### GDM
/usr/bin/patch /etc/gdm/custom.conf <<EOL
50a51
> SystemMenu=false
EOL
/sbin/restorecon /etc/gdm/custom.conf

### grub
/bin/cp -p /boot/grub/grub.conf /boot/grub/grub.conf.orig
/bin/sed 's/ rhgb quiet//' < /boot/grub/grub.conf.orig > /boot/grub/grub.conf

### /etc/bashrc
/bin/cp -p /etc/bashrc /etc/bashrc.dist
/bin/sed 's/xterm\*)/xterm*|vt100*)/' < /etc/bashrc.dist > /etc/bashrc


dc[123]のKickstartファイル
Xen DomU dc[123]は、iSCSIイニシエータとして動作させるため、RPMパッケージiscsi-initiator-utilsをインストールする必要がある。
logging --host=192.168.55.192 --level=debug

install
url --url http://repository.xencluster/centos/5/os/i386
lang en_US.UTF-8
keyboard jp106
network --device eth0 --bootproto dhcp --hostname=localhost.localdomain
rootpw --iscrypted $1$NG4SU1bL$I8FOJo.81cUrO6Xj4dau41
firewall --enabled --ssh --port=snmp:udp
authconfig --enableshadow --enablemd5
selinux --permissive
timezone Asia/Tokyo
bootloader --location=mbr --driveorder=xvda --append="console=xvc0"

services --enabled=ntpd,oddjobd,snmpd --disabled=acpid,apmd,avahi-daemon,bluetooth,cpuspeed,cups,gpm,hidd,lm_sensors,mdmonitor,microcode_ctl,nfslock,pcscd,smartd,xfs,yum-updatesd

clearpart --all --drives=xvda --initlabel
part /boot --fstype ext3 --size=100 --ondisk=xvda
part pv.2 --size=0 --grow --ondisk=xvda
volgroup VolGroup00 --pesize=32768 pv.2
logvol swap --fstype swap --name=LogVol01 --vgname=VolGroup00 --size=272 --grow --maxsize=544
logvol / --fstype ext3 --name=LogVol00 --vgname=VolGroup00 --size=1024 --grow
repo --name=base --baseurl=http://repository.xencluster/centos/5/os/i386/
repo --name=updates --baseurl=http://repository.xencluster/centos/5/updates/i386/
repo --name=addons --baseurl=http://repository.xencluster/centos/5/addons/i386/
repo --name=extras --baseurl=http://repository.xencluster/centos/5/extras/i386/

reboot

%packages
@admin-tools
@base
@cluster-storage
@clustering
@core
@emacs
@mail-server
@network-server
@ruby
@server-cfg
@system-tools
@text-internet
@web-server
-smartmontools
-OpenIPMI*
-squid
-samba-*
-system-config-samba
lynx
tftp
kernel-xen
kmod-gfs-xen
kmod-gnbd-xen
-kernel
-kmod-gfs
-kmod-gnbd
-NetworkManager
-bluez-utils
device-mapper-multipath
-irda-utils
-pcmciautils
net-snmp-utils
net-snmp-libs
net-snmp
iscsi-initiator-utils
-apmd
-acpid

%post --log=/mnt/sysimage/root/install-post.log
### network
echo 'NOZEROCONF=yes' >> /etc/sysconfig/network

/bin/cp -p /etc/sysconfig/network-scripts/ifcfg-eth0 /tmp/ifcfg-eth0
/bin/sed 's/^HWADDR=/#HWADDR=/' < /tmp/ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth0

/bin/egrep -v '^#' /etc/sysconfig/network-scripts/ifcfg-eth0 | /bin/sed 's/eth0/eth1/' > /etc/sysconfig/network-scripts/ifcfg-eth1
/bin/egrep -v '^#' /etc/sysconfig/network-scripts/ifcfg-eth0 | /bin/sed 's/eth0/eth2/' > /etc/sysconfig/network-scripts/ifcfg-eth2
/sbin/restorecon /etc/sysconfig/network-scripts/ifcfg-eth[12]

### logrotate
/bin/cat > /etc/logrotate.d/00local.conf <<EOL
rotate 20
compress
start 100
EOL
/sbin/restorecon /etc/logrotate.d/00local.conf

### yum update from the local repository
/bin/cp -p /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.dist
/bin/sed 's/mirrorlist=/#mirrorlist=/
s/#baseurl=/baseurl=/
s/mirror.centos.org/repository.xencluster/' < /etc/yum.repos.d/CentOS-Base.repo.dist > /etc/yum.repos.d/CentOS-Base.repo

yum -y remove kernel

### For Cluster
##### /etc/cluster/fence_xvm.key
/usr/bin/base64 -di > /etc/cluster/fence_xvm.key <<EOL
B0K3fFCQVQZdPydoMs29eSmd4vKwEbNC+G58HjSeSGzK5x0+uS8VB8B+/gnHVKLt3sqtzZeEpsKs
<<略>>
gDfGZSWpdWxwjz//h5x/zP2JIv6PgZt++qoSDd/1NxP5zdy0wO6/wHLNghjKDEwjtP/7Lt79ntqB
EOL
/bin/chmod 600 /etc/cluster/fence_xvm.key

##### iptables
/bin/cp -p /etc/sysconfig/iptables /etc/sysconfig/iptables.dist
/bin/cat > /etc/sysconfig/iptables <<EOL
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -s 192.168.55.0/24 -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOL

### sshd
/bin/cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.dist
/bin/sed 's/^PasswordAuthentication yes/PasswordAuthentication no/' < /etc/ssh/sshd_config.dist > /etc/ssh/sshd_config

/bin/mkdir ~root/.ssh
/bin/chmod 600 ~root/.ssh
/bin/cat > ~root/.ssh/authorized_keys2 <<EOL
ssh-dss AAAA<<略>>
EOL
/bin/chmod 644 ~root/.ssh/authorized_keys2

### Mail
##### /etc/mail/sendmail.cf
/usr/bin/patch /etc/mail/sendmail.mc <<EOL
26c26
< dnl define(\`SMART_HOST', \`smtp.your.provider')dnl
---
> define(\`SMART_HOST', \`fs2.xencluster')dnl
EOL
(cd /etc/mail; /usr/bin/make sendmail.cf)

##### /etc/aliases
/usr/bin/patch /etc/aliases <<EOL
96c96
< #root:  marc
---
> root:  root@xencluster
EOL
/usr/bin/newaliases

### SNMP
/bin/cat > /etc/snmp/snmpd.conf <<EOL
com2sec localhost localhost           COMMUNITY_STRING
com2sec localnet  192.168.55.0/24    COMMUNITY_STRING

group   gOpLocalhost   v1            localhost
group   gOpLocalhost   v2c           localhost
group   gOpLocalnet    v1            localnet
group   gOpLocalnet    v2c           localnet

view    all           included   .1
view    systemview    included   REDHAT-CLUSTER-MIB:RedHatCluster

access  gOpLocalhost   ""      any       noauth    exact  all    none    all
access  gOpLocalnet    ""      any       noauth    exact  all    none    all

syslocation Unknown
syscontact root@xencluster

disk /     100000

load 10

# for cluster
dlmod RedHatCluster     /usr/lib/cluster-snmp/libClusterMonitorSnmp.so
EOL

/bin/cat > /etc/snmp/snmp.conf <<EOL
mibs +REDHAT-MIB:REDHAT-CLUSTER-MIB
EOL

### NTP on Xen DomU
/bin/cat >> /etc/sysctl.conf <<EOL

# For ntpd on Xen DomU.
xen.independent_wallclock = 1
EOL

### cron
/bin/cp -p /etc/crontab /etc/crontab.dist
/bin/sed 's/^\(..\) 4 /\1 5 /' < /etc/crontab.dist > /etc/crontab

### grub
log_mesg "grub"
/bin/cp -p /boot/grub/grub.conf /boot/grub/grub.conf.dist
/bin/sed 's/ rhgb quiet//' < /boot/grub/grub.conf.dist > /boot/grub/grub.conf

### /etc/bashrc
log_mesg "bashrc"
/bin/cp -p /etc/bashrc /etc/bashrc.dist
/bin/sed 's/xterm\*)/xterm*|vt100*)/' < /etc/bashrc.dist > /etc/bashrc


その1・概要
その2・インストールとクラスタの構成
その3・iSCSIターゲットの設定
その4・iSCSIイニシエータの設定
その5・Device-Mapper Multipathの設定
その6・CLVMの設定
その7・GFS2の設定
その8・Congaでの設定
その9・考察

4 件のコメント:

ynt さんのコメント...

すごいキックスタートファイル
参考にさせて頂きます。

りょう さんのコメント...

yntさん:
お褒めいただき、ありがとうござ…あれ?褒めてもらってますよね?(笑)
お役に立てれば光栄です。ところどころ省略部分があるので、よく確認して使ってやってください。

ynt さんのコメント...

いえいえ、当然褒めてますよぉw。
先日 Cobbler の koan で CentOS-5 を再インストールした時にキックスタートファイルをもじょもじょしてた時に見せて頂きました。
目から鱗でございます。

あと、xen を構築する時も参考にさせて頂いてます。
なかなか無い情報を惜しげもなく公開されていて素晴らしいですね。(gfsとか使ってみたくても日本語情報が少なくて...)

http://ken-etsu-tech.blogspot.com/2008/03/red-hat-cluster-gnbd-clvm-and.html
のxenbr0が無くなる件ですが、うちでは無くなりはしなかったのですが、通信は出来なくなりました。xen-kernelで無ければ通信できるので設定の問題ではなさそうです。
kernel-xenのバージョンを落として試してみようと思っています。

りょう さんのコメント...

yntさん:
では、改めまして、お褒めいただきありがとうございます。
「なかなか無い情報を惜しげもなく」なんて言われると、嬉しくなっちゃいます。
私も早くCobbler&Koanに移行しなきゃ、とは思ってるんですが、RHCSとかに興味が行っちゃってるもんで、なかなか手が出せません。
xenbr0問題ですが、Red Hat Bugzillaでは、「FC6はサポート切れよーん」って回答で終わっちゃったみたいですね…