Brutally installing CentOS Stream

that’s too hard with rpm --root so we’re going for yum whatsoever

Temporary skeleton

Either you got an RHEL host already, or you use a temporary XEN guest to actually prepare the file-system as such

tar xSf /data/templates/centos.qcow2.tar
    dd if=/dev/zero of=centos.xfs bs=1GB count=0 seek=10

vi centos

kernel = "/data/kernels/5.2.21.domureiser4.vmlinuz"
root = "/dev/xvda1 ro console=hvc0 net.ifnames=0 biosdevname=0 mitigations=off"
name = "centos"
vcpus = 3
maxvcpus = 8
memory = 7168
disk = ['qcow2:/root/guests/centos/centos.qcow2,xvda,w',
    'file:/root/guests/centos/centos.xfs,xvdb1,w']
vif = [ 'bridge=br0, vifname=centos.0' ]
type = "pvh"

xl create centos -c

System preparation

Once the guest is started, create the XFS file-system on the vdisk

mkfs.xfs /dev/xvdb1
mkdir lala/
mount /dev/xvdb1 lala/

yum wants /dev/null and /proc/cpuinfo

mkdir lala/dev/ lala/proc/
mount --bind /dev lala/dev
mount --bind /proc lala/proc
#mount --bind /sys lala/sys

install CentOS Stream 8.2 onto the file-system

yum update
yum groupinstall --releasever 8.2 --installroot `pwd`/lala/ Core -y

in case you where doing that from a temporary guest, it is now time to get back to domain zero and re-mount the thing

umount -R lala/
poweroff

rm -f centos.qcow2
mkdir lala/
mount centos.xfs lala/
    mount --bind /dev lala/dev
    mount --bind /proc lala/proc

    tar xzf /data/kernels/5.2.21.domureiser4.modules.tar.gz -C lala/lib/modules/
    echo tmem > lala/etc/modules-load.d/tmem.conf

cat > lala/etc/fstab <<EOF
/dev/xvda1 / xfs defaults 0 1
EOF

vi lala/usr/lib/systemd/system/console-getty.service

ConditionPathExists=/dev/hvc0
ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud hvc0 115200,38400,9600 $TERM
TTYPath=/dev/hvc0

echo centos > lala/etc/hostname
echo 127.0.0.1 centos >> lala/etc/hosts
cat > lala/etc/resolv.conf <<-EOF
search nethence.com
nameserver 62.210.16.6
nameserver 62.210.16.7
EOF
cp -pi lala/etc/resolv.conf lala/etc/resolv.conf.ip4
ls -lF lala/etc/resolv.conf*

vi lala/etc/sysconfig/network

NETWORKING=yes
NOZEROCONF=no
GATEWAY=10.3.3.1

vi lala/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
IPADDR=10.3.3.9
PREFIX=24
ONBOOT=yes
NM_CONTROLLED=no

vi lala/etc/sysconfig/selinux

#SELINUX=permissive
SELINUX=disabled

OpenSSH complains about privkey perms being 640 by default so let’s fix it

chmod 400 lala/etc/ssh/ssh_host_*

disable that crap and setup the network old-school

chroot lala/
systemctl list-unit-files | grep -i cloud
systemctl list-unit-files | grep -i network
for sv in \
    NetworkManager \
    kdump \
    firewalld \
    auditd \
    ; do
    echo disabling $sv ...
    systemctl disable $sv && echo done || echo FAILED
    echo
done; unset sv

yum update
    yum remove plymouth polkit
yum install network-scripts mlocate -y
systemctl enable network

Unlock the root account and get rid of any password and exit the chroot

passwd --delete root
passwd -f --unlock root
^D

Ready to leave

umount -R lala/

Skeleton

SWITCH FROM VDISK2 to VDISK1!!!

disk = ['file:/root/guests/centos/centos.xfs,xvda1,w']

Acceptance & template

xl create centos -c

cat /sys/devices/system/clocksource/clocksource0/current_clocksource
lsmod
free -m
ping -c1 opendns.com

systemctl stop sshd
rm -f /etc/ssh/ssh_host_*

updatedb
sync
history -c
rm -f .bash_history
^]

xl shu centos

TODO

What about the microcode?

[  177.726567] This kernel doesn't handle early microcode load properly (it tries to load
[  177.726567] microcode even in virtualised environment, which may lead to a panic on some
[  177.726567] hypervisors), thus the microcode files have not been added to the initramfs
[  177.726567] image.  Please update your kernel to one of the following:
[  177.726567]   RHEL 7.5: kernel-3.10.0-862.14.1 or newer;
[  177.726567]   RHEL 7.4: kernel-3.10.0-693.38.1 or newer;
[  177.726567]   RHEL 7.3: kernel-3.10.0-514.57.1 or newer;
[  177.726567]   RHEL 7.2: kernel-3.10.0-327.73.1 or newer.
[  177.726567] Please refer to /usr/share/doc/microcode_ctl/caveats/intel_readme
[  177.726567] and /usr/share/doc/microcode_ctl/README.caveats for details.
[  177.736294] Some Dell systems that use some models of Intel CPUs are susceptible to hangs
[  177.736294] and system instability during or after microcode update to newer revisions.
[  177.736294] In order to address this, microcode update to these newer revision
[  177.736294] has been disabled by default on these systems, and the previously published
[  177.736294] microcode revisions are used by default for the OS-driven microcode update.
[  177.736294] Please refer to /usr/share/doc/microcode_ctl/caveats/06-8e-9e-0x-dell_readme
[  177.736294] and /usr/share/doc/microcode_ctl/README.caveats for details.

SELINUX does not like our XEN guest

[FAILED] Failed to start Load Kernel Modules.
See 'systemctl status systemd-modules-load.service' for details.
[FAILED] Failed to start Rebuild Dynamic Linker Cache.
See 'systemctl status ldconfig.service' for details.
[FAILED] Failed to start Rebuild Hardware Database.
See 'systemctl status systemd-hwdb-update.service' for details.
[FAILED] Failed to start Security Auditing Service.
See 'systemctl status auditd.service' for details.
[FAILED] Failed to start Update UTMP about System Boot/Shutdown.
See 'systemctl status systemd-update-utmp.service' for details.
[DEPEND] Dependency failed for Update UTMP about System Runlevel Changes.
[FAILED] Failed to listen on SSSD Kerberos Cache Manager responder socket.
See 'systemctl status sssd-kcm.socket' for details.
[FAILED] Failed to start System Security Services Daemon.
See 'systemctl status sssd.service' for details.
[FAILED] Failed to start Authorization Manager.
See 'systemctl status polkit.service' for details.
[DEPEND] Dependency failed for Dynamic System Tuning Daemon.
[FAILED] Failed to start firewalld - dynamic firewall daemon.
See 'systemctl status firewalld.service' for details.

==> re-enable and solve it at some time

getenforce
sestatus

Trash - that was too hard

…from a system that is NOT RHEL

# choose your rsync mirror accordingly
rsync -avz --delete rsync://mirror.in2p3.fr/ftp/linux/CentOS/8-stream/BaseOS/x86_64/os/Packages ./
rsync -avz rsync://mirror.in2p3.fr/ftp/linux/CentOS/8-stream/AppStream/x86_64/os/Packages/plymouth*.rpm Packages/
rsync -avz rsync://mirror.in2p3.fr/ftp/linux/CentOS/8-stream/AppStream/x86_64/os/Packages/rsyslog*.rpm Packages/

mkdir -p /root/guests/yoloo/lala/
cd /root/guests/yoloo/
dd if=/dev/zero of=yoloo.reiser4 bs=1GB count=0 seek=10
mkfs.reiser4 -dfy yoloo.reiser4
mount yoloo.reiser4 lala/

rpm --version # RPM version 4.15.1

cd Packages/
rpm -ivh --root=`pwd`/../lala/ basesystem-*.rpm filesystem-*.rpm setup-*.rpm \
    rpmlib-*.rpm \
    system-release-*.rpm

test run / check

cd Packages/
for pkg in `grep -v ^# lala`; do
    echo pkg is $pkg
    ls -1 $pkg-*.rpm | grep -E "^$pkg-[^-]+-[^-]+.(x86_64|noarch).rpm"
    echo
done; unset pkg

proceed. note bash is needed for scriptlets

#lua
for pkg in bash glibc glibc-common; do
    ls $pkg-*.rpm | grep -E "^$pkg-[^-]+-[^-]+.(x86_64|noarch).rpm"
done | xargs rpm -ivh --force --nodeps --root=/root/guests/yoloo/lala/; unset pkg

for pkg in `grep -v ^# lala`; do
    ls $pkg-*.rpm | grep -E "^$pkg-[^-]+-[^-]+.(x86_64|noarch).rpm"
done | xargs rpm -ivh --force --nodeps --root=/root/guests/yoloo/lala/; unset pkg

HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun