Installation of the Bastion Host

Procedure OCCNE 1.0 - Installation Procedure : Install OL7 onto the Management Host has been completed
All the hosts servers where this VM is created are captured in OCCNE Inventory File Template
Host names and IP Address, network information assigned to this VM is captured in the OCCNE 1.0 Installation PreFlight Checklist
The Utility USB is available containing the necessary files as per: OCCNE 1.0 Installation PreFlight checklist : Miscellaneous Files

All steps are executable from a SSH application (putty) connected laptop accessible via the Management Interface.
The OL7 Linux iso must be available either on RMS2 in /var/occne or it can be obtained from the Customer Specific Repository which is accessible via the Management Interface on RMS2 via a laptop (using WinSCP or some other application).

These procedures detail the steps required to install the Bastion Host (Management VM) onto RMS2. All commands are executed from RMS2. RMS2 is accessible from RMS1 via SSH.

Table 3-9 Procedure to Install the Bastion Host

Step #	Procedure	Description
1.	Login to RMS2 from RMS1	Login using the admusr account and the private key generated when the OS Install was completed on RMS2. Sudo to root after logging in. $ ssh -i /var/occne/rainbow.lab.us.oracle.com/.ssh/occne_id_rsa admusr@172.16.3.5 $ sudo su -
2.	Install Necessary RPMs	Install the following files from the ISO USB onto RMS2. $ yum install qemu-kvm libvirt libvirt-python libguestfs-tools virt-install -y
3.	Configure the Kickstart file	The initial setup includes steps to configure the kickstart file and create the bridge necessary for the VM to network to the system hosts. Mount the Utility USB. Note: Instructions for mounting a USB in Linux are at: OCCNE Installation of Oracle Linux 7.5 on Bootstrap Host : Install Additional Packages. Only follow steps 1-4 to mount the USB. Copy the kickstart file from the Utility USB to the `/tmp` directory as `bastion_host.ks` on RMS2. Note: The `/tmp` location is highly volatile and may be cleaned out on reboot. It is strongly recommended to put this somewhere else for safe keeping. It can always be downloaded again. $ cp /media/usb/bastion_host.ks /tmp/bastion_host.ks Update the kickstart file using the following commands to set the following file variables: `BASTION_VLAN2_IP` `BASTION_VLAN3_IP` `BASTION_VLAN4_IP` `BASTION_VLAN4_MASK` `GATEWAYIP` `NODEHOSTNAME` `NTPSERVERIPS` `NAMESERVERIPS` `HTTP_PROXY` `PUBLIC_KEY` Note: `HTTP_PROXY` in the commands below require only the URL as the `http://` is provided in the sed command. If a proxy is not needed this variable still must be set to something as it cannot be left blank. In that case just set it to an unused IP address. $ sed -i 's/GATEWAYIP/<gateway_ip>/g' /tmp/bastion_host.ks $ sed -i 's/BASTION_VLAN2_IP/<bastion_vlan2_ip>/g' /tmp/bastion_host.ks $ sed -i 's/BASTION_VLAN3_IP/<bastion_vlan3_ip>/g' /tmp/bastion_host.ks $ sed -i 's/BASTION_VLAN4_IP/<bastion_vlan4_ip>/g' /tmp/bastion_host.ks $ sed -i 's/BASTION_VLAN4_MASK/<bastion_vlan4_mask>/g' /tmp/bastion_host.ks $ sed -i 's/NODEHOSTNAME/<node_host_name>/g' /tmp/bastion_host.ks $ sed -i 's/NAMESERVERIPS/<nameserver_ip>/g' /tmp/bastion_host.ks $ sed -i 's/NTPSERVERIPS/<ToRswitch_Platform_VIP>/g' /tmp/bastion_host.ks $ sed -i 's/HTTP_PROXY/http:\/\/<http_proxy>/g' /tmp/bastion_host.ks $ sed -e '/PUBLIC_KEY/{' -e 'r /home/admusr/.ssh/authorized_keys' -e 'd' -e '}' -i /tmp/bastion_host.ks
4.	Configure Networking	The networking required to interface with the Bastion Host is all handled by executing the following command set: $ sudo su $ cd /etc/sysconfig/network-scripts/ $ sed -i '/IPADDR/d' ifcfg-team0 $ sed -i '/PREFIX/d' ifcfg-team0 $ sed -i '/GATEWAY/d' ifcfg-team0 $ sed -i '/DEFROUTE="yes"/d' ifcfg-team0 $ echo "BRIDGE=teambr0" >> ifcfg-team0 $ cp /tmp/ifcfg-bridge ifcfg-teambr0 $ sed -i 's/{BRIDGE_NAME}/teambr0/g' ifcfg-teambr0 $ sed -i 's/{IP_ADDR}/172.16.3.5/g' ifcfg-teambr0 $ sed -i 's/{PREFIX_LEN}/24/g' ifcfg-teambr0 $ sed -i '/NM_CONTROLLED/d' ifcfg-teambr0 $ cp /tmp/ifcfg-vlan ifcfg-team0.2 $ sed -i 's/{BRIDGE_NAME}/vlan2-br/g' ifcfg-team0.2 $ sed -i 's/{PHY_DEV}/team0/g' ifcfg-team0.2 $ sed -i 's/{VLAN_ID}/2/g' ifcfg-team0.2 $ sed -i 's/{IF_NAME}/team0.2/g' ifcfg-team0.2 $ echo "BRIDGE=vlan2-br" >> ifcfg-team0.2 $ cp /tmp/ifcfg-bridge ifcfg-vlan2-br $ sed -i 's/{BRIDGE_NAME}/vlan2-br/g' ifcfg-vlan2-br $ sed -i 's/{IP_ADDR}/192.168.20.12/g' ifcfg-vlan2-br $ sed -i 's/{PREFIX_LEN}/24/g' ifcfg-vlan2-br $ service network restart
5.	Copy and Mount the Oracle Linux ISO	Create the `/var/occne` directory on RMS2 if not already existing. $ mkdir /var/occne Verify the OL7 iso file is available from the previous procedure: OCCNE Install Host OS onto RMS2 from the Installer Bootstrap Host - RMS1 in the `/var/occne` directory. From RMS2, SCP the Oracle Linux ISO from RMS1 into the `/var/occne` directory on RMS2 and verify the permissions are set to 0644. The file should be in the `/var/occne` directory on RMS1. If the file is not on RMS1 it must be downloaded from the customer specific site where the OL is maintained onto RMS2. Note: The example below uses `OracleLinux-7.5-x86_64-disc1.iso`. If the user copies this ISO from their laptop then they must use an application like WinSCP pointing to the Management Interface IP. $ scp root@172.16.3.4:/var/occne/<iso_file_name>.iso /var/occne/. $ chmod 644 /var/occne/<iso_file_name>.iso
6.	Update the `qemu.conf` File	Un-comment the user and group fields in the `/etc/libvirt/qemu.conf` file on RMS2. $ vim /etc/libvirt/qemu.conf Update fields: # Some examples of valid values are: # # user = "qemu" # A user named "qemu" # user = "+0" # Super user (uid=0) # user = "100" # A user named "100" or a user with uid=100 # user = "root" # The group for QEMU processes run by the system instance. It can be # specified in a similar way to user. group = "root" Restart the `libvirtd` service RMS2. Note: After the restart the service should become enabled. If an error is displayed like the following, it can be ignored for now. A bug story has been opened to address this in a later release. Jun 01 16:13:14 db-2.odyssey.morrisville.us.lab.oracle.com systemd [1] : Starting Virtualization daemon... Jun 01 16:13:14 db-2.odyssey.morrisville.us.lab.oracle.com systemd [1] : Started Virtualization daemon. Jun 01 16:13:15 db-2.odyssey.morrisville.us.lab.oracle.com dnsmasq [39538] : read `/etc/hosts` - 2 addresses Jun 01 16:13:15 db-2.odyssey.morrisville.us.lab.oracle.com dnsmasq [39538] : failed to load names from `/var/lib/libvirt/dnsmasq/default.addnhosts`: P...enied Jun 01 16:13:15 db-2.odyssey.morrisville.us.lab.oracle.com dnsmasq [39538] : cannot read `/var/lib/libvirt/dnsmasq/default.hostsfile`: Permission denied Hint: Some lines were ellipsized $ systemctl daemon-reload $ systemctl restart libvirtd $ systemctl enable libvirtd To Verify: $ systemctl status libvirtd
7.	Create the Bastion Host VM	Execute the `virt-install` command on RMS2. $ virt-install --name bastion_host --memory 8192 --vcpus 2 --metadata description="Bastion Host" \ --autostart --location /var/occne/OracleLinux-7.5-x86_64-disc1.iso \ --initrd-inject=/tmp/bastion_host.ks --os-variant ol7.5 \ --extra-args "ks=file:/bastion_host.ks console=tty0 console=ttyS0,115200" \ --disk path=/var/lib/libvirt/images/bastion_host.qcow2,size=300 \ --network bridge=teambr0 --network bridge=vlan2-br --network bridge=vlan4-br --graphics none After the VM creation completes, the login prompt appears which allows the user to login to the Bastion Host. To exit from the virsh console press CTRL+ '5' keys, after logout from VM.
8.	Un-mount the Utility USB	Use the umount command to un-mount the Utility USB and extract it from the USB port. $ umount /media/usb