Go to primary content
Oracle® Communications OC-CNE Installation Guide
Release 1.0
F16979-01
Go To Table Of Contents
Contents

Previous
Previous
Next
Next

Installation of the Bastion Host

This procedure details the steps necessary to install the Bastion Host onto RMS2 during initial installation.

Prerequisites

Limitations and Expectations

References

Steps to Install the Bastion Host

  1. Procedure OCCNE 1.0 - Installation Procedure : Install OL7 onto the Management Host has been completed
  2. All the hosts servers where this VM is created are captured in OCCNE Inventory File Template
  3. Host names and IP Address, network information assigned to this VM is captured in the OCCNE 1.0 Installation PreFlight Checklist
  4. The Utility USB is available containing the necessary files as per: OCCNE 1.0 Installation PreFlight checklist : Miscellaneous Files
  1. All steps are executable from a SSH application (putty) connected laptop accessible via the Management Interface.
  2. The OL7 Linux iso must be available either on RMS2 in /var/occne or it can be obtained from the Customer Specific Repository which is accessible via the Management Interface on RMS2 via a laptop (using WinSCP or some other application).

These procedures detail the steps required to install the Bastion Host (Management VM) onto RMS2. All commands are executed from RMS2. RMS2 is accessible from RMS1 via SSH.

Table 3-9 Procedure to Install the Bastion Host

Step # Procedure Description
1.

Login to RMS2 from RMS1

Login using the admusr account and the private key generated when the OS Install was completed on RMS2. Sudo to root after logging in.

$ ssh -i /var/occne/rainbow.lab.us.oracle.com/.ssh/occne_id_rsa admusr@172.16.3.5
$ sudo su -
2.

Install Necessary RPMs

Install the following files from the ISO USB onto RMS2.

$ yum install qemu-kvm libvirt libvirt-python libguestfs-tools virt-install -y
3.

Configure the Kickstart file

The initial setup includes steps to configure the kickstart file and create the bridge necessary for the VM to network to the system hosts.

  1. Mount the Utility USB.

    Note: Instructions for mounting a USB in Linux are at: OCCNE Installation of Oracle Linux 7.5 on Bootstrap Host : Install Additional Packages. Only follow steps 1-4 to mount the USB.

  2. Copy the kickstart file from the Utility USB to the /tmp directory as bastion_host.ks on RMS2.

    Note: The /tmp location is highly volatile and may be cleaned out on reboot. It is strongly recommended to put this somewhere else for safe keeping. It can always be downloaded again.

    $ cp /media/usb/bastion_host.ks /tmp/bastion_host.ks
  3. Update the kickstart file using the following commands to set the following file variables:
    1. BASTION_VLAN2_IP
    2. BASTION_VLAN3_IP
    3. BASTION_VLAN4_IP
    4. BASTION_VLAN4_MASK
    5. GATEWAYIP
    6. NODEHOSTNAME
    7. NTPSERVERIPS
    8. NAMESERVERIPS
    9. HTTP_PROXY
    10. PUBLIC_KEY

    Note: HTTP_PROXY in the commands below require only the URL as the http:// is provided in the sed command. If a proxy is not needed this variable still must be set to something as it cannot be left blank. In that case just set it to an unused IP address.

    $ sed -i 's/GATEWAYIP/<gateway_ip>/g' /tmp/bastion_host.ks
    $ sed -i 's/BASTION_VLAN2_IP/<bastion_vlan2_ip>/g' /tmp/bastion_host.ks
    $ sed -i 's/BASTION_VLAN3_IP/<bastion_vlan3_ip>/g' /tmp/bastion_host.ks
    $ sed -i 's/BASTION_VLAN4_IP/<bastion_vlan4_ip>/g' /tmp/bastion_host.ks
    $ sed -i 's/BASTION_VLAN4_MASK/<bastion_vlan4_mask>/g' /tmp/bastion_host.ks
    $ sed -i 's/NODEHOSTNAME/<node_host_name>/g' /tmp/bastion_host.ks
    $ sed -i 's/NAMESERVERIPS/<nameserver_ip>/g' /tmp/bastion_host.ks
    $ sed -i 's/NTPSERVERIPS/<ToRswitch_Platform_VIP>/g' /tmp/bastion_host.ks
    $ sed -i 's/HTTP_PROXY/http:\/\/<http_proxy>/g' /tmp/bastion_host.ks
    $ sed -e '/PUBLIC_KEY/{' -e 'r  /home/admusr/.ssh/authorized_keys' -e 'd' -e '}' -i /tmp/bastion_host.ks
4.

Configure Networking
The networking required to interface with the Bastion Host is all handled by executing the following command set:
$ sudo su
$ cd /etc/sysconfig/network-scripts/
 
$ sed -i '/IPADDR/d' ifcfg-team0
$ sed -i '/PREFIX/d' ifcfg-team0
$ sed -i '/GATEWAY/d' ifcfg-team0
$ sed -i '/DEFROUTE="yes"/d' ifcfg-team0
$ echo "BRIDGE=teambr0" >> ifcfg-team0
 
$ cp /tmp/ifcfg-bridge ifcfg-teambr0
$ sed -i 's/{BRIDGE_NAME}/teambr0/g' ifcfg-teambr0
$ sed -i 's/{IP_ADDR}/172.16.3.5/g' ifcfg-teambr0
$ sed -i 's/{PREFIX_LEN}/24/g' ifcfg-teambr0
$ sed -i '/NM_CONTROLLED/d' ifcfg-teambr0
 
$ cp /tmp/ifcfg-vlan ifcfg-team0.2
$ sed -i 's/{BRIDGE_NAME}/vlan2-br/g' ifcfg-team0.2
$ sed -i 's/{PHY_DEV}/team0/g' ifcfg-team0.2
$ sed -i 's/{VLAN_ID}/2/g' ifcfg-team0.2
$ sed -i 's/{IF_NAME}/team0.2/g' ifcfg-team0.2
$ echo "BRIDGE=vlan2-br" >> ifcfg-team0.2
 
$ cp /tmp/ifcfg-bridge ifcfg-vlan2-br
$ sed -i 's/{BRIDGE_NAME}/vlan2-br/g' ifcfg-vlan2-br
$ sed -i 's/{IP_ADDR}/192.168.20.12/g' ifcfg-vlan2-br
$ sed -i 's/{PREFIX_LEN}/24/g' ifcfg-vlan2-br
 
$ service network restart
5.

Copy and Mount the Oracle Linux ISO
  1. Create the /var/occne directory on RMS2 if not already existing.
    $ mkdir /var/occne
  2. Verify the OL7 iso file is available from the previous procedure: OCCNE Install Host OS onto RMS2 from the Installer Bootstrap Host - RMS1 in the /var/occne directory. From RMS2, SCP the Oracle Linux ISO from RMS1 into the /var/occne directory on RMS2 and verify the permissions are set to 0644. The file should be in the /var/occne directory on RMS1. If the file is not on RMS1 it must be downloaded from the customer specific site where the OL is maintained onto RMS2.

    Note: The example below uses OracleLinux-7.5-x86_64-disc1.iso. If the user copies this ISO from their laptop then they must use an application like WinSCP pointing to the Management Interface IP.

    $ scp root@172.16.3.4:/var/occne/<iso_file_name>.iso /var/occne/.
    $ chmod 644 /var/occne/<iso_file_name>.iso
6.

Update the qemu.conf File
  1. Un-comment the user and group fields in the /etc/libvirt/qemu.conf file on RMS2.
    $ vim /etc/libvirt/qemu.conf
     
    Update fields:
    # Some examples of valid values are:
    #
    #       user = "qemu"   # A user named "qemu"
    #       user = "+0"     # Super user (uid=0)
    #       user = "100"    # A user named "100" or a user with uid=100
    #
    user = "root"
     
    # The group for QEMU processes run by the system instance. It can be
    # specified in a similar way to user.
    group = "root"
  2. Restart the libvirtd service RMS2.

    Note: After the restart the service should become enabled. If an error is displayed like the following, it can be ignored for now. A bug story has been opened to address this in a later release.

    Jun 01 16:13:14 db-2.odyssey.morrisville.us.lab.oracle.com systemd [1] : Starting Virtualization daemon... Jun 01 16:13:14 db-2.odyssey.morrisville.us.lab.oracle.com systemd [1] : Started Virtualization daemon. Jun 01 16:13:15 db-2.odyssey.morrisville.us.lab.oracle.com dnsmasq [39538] : read /etc/hosts - 2 addresses Jun 01 16:13:15 db-2.odyssey.morrisville.us.lab.oracle.com dnsmasq [39538] : failed to load names from /var/lib/libvirt/dnsmasq/default.addnhosts: P...enied Jun 01 16:13:15 db-2.odyssey.morrisville.us.lab.oracle.com dnsmasq [39538] : cannot read /var/lib/libvirt/dnsmasq/default.hostsfile: Permission denied Hint: Some lines were ellipsized

    $ systemctl daemon-reload
    $ systemctl restart libvirtd
    $ systemctl enable libvirtd
     
    To Verify:
    $ systemctl status libvirtd
7.

Create the Bastion Host VM
  1. Execute the virt-install command on RMS2.
    $ virt-install --name bastion_host --memory 8192 --vcpus 2 --metadata description="Bastion Host" \
                         --autostart --location /var/occne/OracleLinux-7.5-x86_64-disc1.iso \
                         --initrd-inject=/tmp/bastion_host.ks --os-variant ol7.5 \
                         --extra-args "ks=file:/bastion_host.ks console=tty0 console=ttyS0,115200" \
                         --disk path=/var/lib/libvirt/images/bastion_host.qcow2,size=300 \
                         --network bridge=teambr0 --network bridge=vlan2-br --network bridge=vlan4-br
    --graphics none
  2. After the VM creation completes, the login prompt appears which allows the user to login to the Bastion Host.
  3. To exit from the virsh console press CTRL+ '5' keys, after logout from VM.
8.

Un-mount the Utility USB
Use the umount command to un-mount the Utility USB and extract it from the USB port.
$ umount /media/usb