CLASSROOM SETUP USING RED HAT ENTERPRISE LINUX 6.

0 SERVER
version 6.0-6
(Last modified 20101204 by Forrest Taylor <ftaylor@redhat.com>)
Introduction
============
Effective delivery of Red Hat courses depends heavily upon a
successfully installed classroom. Preparation is the key to an
error-free classroom install performed in a timely manner.
These instructions outline the steps you need to take to prepare
a classroom environment for the delivery of a Red Hat class. These
steps should be followed in the order they are given. Do not skip
any steps unless they are marked as "Optional."
Finally, pay close attention to the sections marked as "WARNING."
Ignoring these warnings could result in the loss of your personal
data, possibly force you to start the installation process over,
or, in the worst case, leave you in a situation where you are unable
to install your classroom server.
What You Need to Succeed
========================
In order to complete these instructions, you will need:
Access to a Red Hat Network account
Access to CertForums
A CD/DVD burner
Blank CD/DVD-ROM media
A USB2 hard disk drive (or memory stick), minimum 6 GB
A cache directory where you will store the DVD ISO, rhce-config and other
items needed to build the USB device; miniumu 8 GB
Your Red Hat Network account should provide you access to the Red
Hat Enterprise Linux 6 Server installation media. You should also
have an account on CertForums that allows you to download classroom
setup materials (including these instructions). If you do not have
access to both of these resources, please contact your regional Red
Hat Global Learning Services office.
Training partners or system administrators who want to set up a
classroom for an on-site course will need to obtain these materials
from their Global Learning Services contact at Red Hat.
Secure Classroom Setup Materials
================================
1. Get Installation Media
****************************** WARNING ******************************
*
The classroom now uses the 64-bit x86_64 architecture. Do not *
*
use 32-bit installation media.
*
*********************************************************************
One place to obtain DVD installation media for the classroom is
from the evaluation media kits Red Hat provides for students. If you

have access to a spare kit before class, grab the x86_64 installation
DVD labeled "DVD 1/Installation Disc 1 of 1/For 64-bit x86_64".
Another option is to download the installation media from Red Hat
Network. Connect to Red Hat Network using a web browser and log in
to your gls-USERNAME account:
https://rhn.redhat.com/
Select:
Channels
Filter by Product Channel
change "Latest Version" to "6" unless it is the latest
change "All Architectures" to "x86_64"
click "Filter"
click the "x86_64" link that appears below the "Architecture" column
in the Red Hat Enterprise Linux Server 6 row
Click on the "Downloads" tab
From this page, download the "Binary DVD" ISO image. Allow plenty of
time for the ISO download. This operation can take several hours
depending upon the speed of your Internet connection and the speed of
Red Hat Network's servers.
Verify the integrity of all ISO image by running md5sum and comparing
its output with the MD5 checksum displayed on the RHN download
page. If the MD5 checksum doesn't match, remove the corrupted ISO
and re-download. Never burn a DVD/CD or otherwise use an ISO image
without checking the MD5 checksum first!
The hashes for rhel-server-6.0-x86_64-dvd.iso (3273 MB):
MD5: f7141396c6a19399d63e8c195354317d
SHA-256: a6fef01cb4d790975a11479018785bfe4e04b9bdeaea8be24c8a4055f98d127e
2. Download the following files:
* RHCI CD image (rhci-rhel-6.0-0-r*.iso)
* The rhce-config RPM (rhce-config-6.0.0-*.noarch.rpm)
* Optional repository tarball (rhel-server-6.0-x86_64-optional.tar.gz)
* Errata repository tarball (rhel-server-6.0-x86_64-errata.tar.gz)
* The usb-creator-external.sh script
* The MD5SUM.RHEL6.ALL checksum file
Use a browser to view the CertForums "Downloads" area:
https://certforums.redhat.com/download.php
Select the forum link labeled "RHCE Track Released Software and
Documentation." This is where Red Hat Global Learning Services
publishes the most current classroom setup materials. Regularly
check CertForums for updates to the rhce-config RPM (more frequent),
and/or RHCI CD image and usb-creator-external.sh script (less frequent).
Click the latest version of each of these files to download.
3. Download any course specific packages or files
Use a browser to view the CertForums "Downloads" area:
https://certforums.redhat.com/download.php

Select the forum link labeled for the course and language you will
be teaching. You will find the slides and other material published
by Red Hat Global Learning Services. Be aware that new course slide
RPMs may include videos and be quite large, so be sure to download
before Monday morning!
Prepare Classroom Setup Materials
=================================
It is always a good idea to have two copies of the installation media
available when you setup a classroom. Typically you will use your
USB device for class setup but some on-site customers do not allow
USB devices into their workplace. You should burn at least one copy
of the installation media to DVD as a backup.
1. Burn and Verify Instructor System Installation DVD Media
Log in as root and use the following command to burn the ISO image
to DVD:
cdrecord -eject -v -data -nopad -dao [dev=DEVICE] FILENAME
where FILENAME is the path name of the ISO you wish to burn and DEVICE
is optionally the name of the DVD burner device file (/dev/cdwriter
for example). The dev= argument is required only when you have more
than one CD/DVD device installed in your computer.
To verify your install media, boot from the DVD and enter:
linux mediacheck
at the syslinux "boot:" prompt. You will be prompted to insert the DVD
you want to verify.
****************************** WARNING ******************************
*
If you do not verify your installation media - one Monday
*
*
morning you will find yourself with a partially installed
*
*
instructor system, corrupt install media, and no burner with *
*
which to replace it. Checking your media does not take long
*
*
so JUST DO IT!
*
*********************************************************************
Burn one or two RHCI CDs. Make sure the image you use is current
because rhce-config RPMS are matched to work with a specific version
of the RHCI CD.
Burn a copy of the Optional and Errata repository tarballs to a DVD as
backup.
2. Prepare USB Media for Instructor System Installation
****************************** NOTE *********************************
*
Be very careful in configuring this USB Media and you will
*
*
find that many of the classroom setup steps will be automated. *
*********************************************************************
a) To install from a USB2 device, you must first populate the device

appropriately. Partition the media with fdisk, using the entire media
in a single partition.
****************************** WARNING ******************************
*
Certain directories of the partition will be copied onto the *
*
local instructor system hard drive partition
*
*
/usr/local/share/gls/GLSINST
*
*
so DO NOT STORE ANYTHING PERSONAL IN THOSE DIRECTORIES, and
*
*
keep the total size of those directories UNDER 10 GB.
*
*********************************************************************
b) Place the following files from CertForums into a cache directory of your
choosing:
* RHCI CD image (rhci-rhel-6.0-0-r*.iso)
* The rhce-config RPM (rhce-config-6.0.0-*.noarch.rpm)
* Optional repository tarball (rhel-server-6.0-x86_64-optional.tar.gz)
* Errata repository tarball (rhel-server-6.0-x86_64-errata.tar.gz)
* The usb-creator-external.sh script
* The MD5SUM.RHEL6.ALL checksum file
Also, place the RHEL DVD x86_64 Installation DVD ISO file into the cache
directory.
This directory will be used to create the USB device. This directory will
need to hold at least 8GB of data.
c) Plug in the USB device and note the device name. Run the
usb-creator-external.sh script. At a minimum, you must pass it the -c
option to point to the cache directory used above, and the -p option to
point to the device name. Other options will be printed by running the
script with no arguments.
ext4 has been shown to provide faster data transfers to USB device, so
the script will ask to format the drive with a new ext4 filesystem. On
subsequent runs you may skip formatting the drive and the script will use
rsync to transfer data as necessary.
The script will assign the USB device a label of GLSINST.
****************************** WARNING ******************************
*
The current RHCI install media looks for and "protects" media *
*
with a label of GLSINST. But, as always, make sure you carry *
*
a backup of this data....
*
*********************************************************************
Example script execution:
sudo ./usb-creator-external.sh -c /data/rhel6.0 -p /dev/sdh1
****************************** WARNING ******************************
*
The usb-creator-external.sh script copies the entire contents *
*
of the rhel6 directory from the USB media to the
*
*
/usr/local/share/gls/GLSINST/ partition and consequently the *
*
files in those directory trees cannot exceed 10 GB in total. *
*********************************************************************
The script will copy the rhel-server-6.0-x86_64-dvd.iso, Optional and
Errata repositories, rhce-config RPM and RHCI ISO from the cache directory
to the USB device. It will only choose the latest version of the
rhce-config RPM and RHCI ISO from the cache directory.
****************************** NOTE *********************************

*
If there is a new version of any of the material in the cache *
*
directory (e.g., rhce-config*.rpm, RHCI ISO), simply copy the *
*
updated material to the cache directory and run the
*
*
usb-creator-external.sh script again. On subsequent run of
*
*
the usb-creator-external.sh script, it is not necessary to
*
*
format the USB device again. If you skip the format step, it
*
*
will use rsync to copy the new files to the correct locations. *
*********************************************************************
Install Instructor System
=========================
1. Kickstart Instructor System
The Red Hat Enterprise Linux 6 classroom requires KVM virtualization. That
means that ALL of the machines (instructor and student workstations) must
have virtualization enabled in the BIOS. Ensure that the instructor
machine has virtualization enabled in the BIOS before beginning the
installation.
It has been reported that some systems require a hard power
off followed by a power on after enabling virtualization in the BIOS.
There have also been reports of disabling Trusted Platform (TP) in the BIOS
virtualization section to allow KVM to work correctly.
Before you reinstall a previously used instructor system, make sure
it was built with a current version of the RHCI CD. If not, then
rebuild the instructor system from scratch.
ls /usr/local/share/gls/GLSINST/rhel6/rhci/rhci-rhel-*.iso
To rebuild a previously installed instructor system, gracefully reboot
and select "Reload Instructor for Class" from the GRUB menu. You will
be prompted for a password. Enter "redhat" and the installation
will begin.
You may also be prompted for the timezone information, so wait until
you have selected your time zone before you leave the installation to
do other things (like put out the student workbooks).
****************************** WARNING ******************************
*
Disconnect all external media during a reinstall or they will *
*
be erased. You have been warned!
*
*********************************************************************
****************************** WARNING ******************************
*
When you install from an external USB device, it must contain *
*
a single partition spanning all of the space on the drive.
*
*
Currently the instructor system rebuild deletes all partitions *
*
other than the partition containing the install source and
*
*
reuses the space. This may create a build that requires the
*
*
USB media to remain in the instructor system for it to be
*
*
usable.
*
*********************************************************************
If you need to build the instructor system from scratch, boot from the
RHCI CD. You will be presented with a screen similar to:
THIS DISC IS FOR USE BY AUTHORIZED RED HAT INSTRUCTORS ONLY.
Version: rhci-6.0-0-r4400

Make sure your USB device is inserted and choose your installation type:
freshclass - Install a new Instructor server from scratch. (ks on USB)
freshccd
- Install a new Instructor server from scratch. (ks on CD)
workstation - Install a new student workstation (pass the class as
an argument, e.g. workstation sa1)
small
- Install minimal system for classroom
metadestroy - Wipe the beginning/end of ALL partitions (CAUTION!)
Use metadestroy thorough to follow with full disk(s) wipe.
Type in "freshclass" as indicated on the menu. If your USB device was
properly configured, it should automatically find the install source and
begin the installation. The installation should only ask for your
language and timezone.
If the installer asks for the install media, that means that something has
gone wrong. Check that the USB device has been properly configured. The
install media should be found in ${USB_DEVICE}/rhel6/isos/.
Anaconda will prompt for time zone information so wait until you have
selected your time zone before you leave the installation to do other
things (like put out the student workbooks).
Once your installation is complete, reboot the system.
If you have grub issues, please see the GRUB ISSUES section in the appendix
below.
A non-privileged user, instructor, has been created for your use.
instructor and root use a password of "redhat".
2. Verify (or Copy) the Structure in /usr/local/share/gls/GLSINST/
****************************** NOTE *********************************
*
The this step should be taken care of by the freshclass
*
*
automation, but verify.
*
*********************************************************************
/usr/local/share/gls/GLSINST/ should contain the rhel6/ directory just
like the USB device does. Validate the structure by running
/root/bin/gls-verify-files.
This script verifies the following files/directories:
# Installation source
/usr/local/share/gls/GLSINST/rhel6/isos/rhel-server-6.0-x86_64-dvd.iso
# Errata repo
/usr/local/share/gls/GLSINST/rhel6/pub/Errata/Packages/
# Optional repo
/usr/local/share/gls/GLSINST/rhel6/pub/Optional/Packages/
# RHCI ISO
/usr/local/share/gls/GLSINST/rhel6/rhci/rhci-rhel-6*.iso
# rhce-config
/usr/local/share/gls/GLSINST/rhel6/rhci/Packages/
The rhel-server-6.0-x86_64-dvd.iso is mounted on /var/ftp/pub/rhel6/dvd
using /usr/local/share/gls/GLSINST/rhel6/bin/linktree
The rhce-config RPM is installed.

The rhce-pubkey RPM is located in /var/ftp/pub/gls/Packages/

3. Prepare for the course
Run /root/bin/gls-setcourse to select the proper course. This must be
done before student desktops are installed.
Install the class-specific materials available from CertForums.
4. Install virtual machines on instructor
Run /root/bin/install-demo and /root/bin/install-remote.
You need not wait for them to finish installing before moving on.
install-demo installs the demonstration machine for the instructor. The
DNS name of this machine is demo.example.com, and the virtual domain name
is demo. You can view the installation progress by running:
virt-viewer demo
When demo has finished installing, snapshot the LV as explained in the
Finish Instructor Configuration section below.
install-remote installs a remote virtual machine that has 192.168.1.X IP
aliases for students to use to check their security. The DNS name of this
machine is remote250.remote.test, and the virtual domain name is remote
(although it is named install_remote during the installation). The
install-remote script polls the remote virtual machine and will
automatically reboot it when complete. To follow the installation run:
virt-viewer install_remote
****************************** NOTE *********************************
*
You will see some libvirt errors as the script polls for the *
*
completion of the installation. It is safe to ignore these
*
*
errors as long as the installation is progressing.
*
*********************************************************************
Install Student Machines
========================
1. Kickstart Student Machines
The Red Hat Enterprise Linux 6 classroom uses KVM virtualization. That
means that ALL of the machines (instructor and student workstations) must
have virtualization enabled in the BIOS. Ensure that each of the student
machines has virtualization enabled in the BIOS before beginning the
installation. It has been reported that some systems require a hard power
off followed by a power on after enabling virtualization in the BIOS.
Consult the course documentation to determine how participant's
desktops should be configured for the start of class. Some
courses have special configuration needs.
The default dhcpd.conf file on the instructor system assigns IPs in a
range from 1 to 20. While, technically, it is no longer mandatory to
organize the desktops in the classroom in numeric order, it has been
known to improve an instructor's sanity to be able to know which student
desktop is which number. The dhcpd server now assigns IPs starting at the
beginning, so boot at the desktop that you want to be assigned the

first IP address and work from there.

*** PXE Method (Supported) ***
All systems must be able to PXE boot in the classroom environment, so this
is now the default method. The PXE configuration boots to the local disk
by default, so the BIOS should be set to boot from the network first.
To install the student desktop, boot the system using PXE (Intel's
Pre-boot eXecution Environment) and choose "Install GLS workstation"
(shortcut: w <Enter>)
****************************** NOTE *********************************
*
The default directory for the TFTP server is now located in
*
*
/var/lib/tftpboot.
*
*********************************************************************
*** RHCI CD Method (Supported) ***
Alternately, you may install a student system by booting from an RHCI CD
and typing:
workstation
*** Re-install Existing Desktop Method (Not Recently Tested) ***
Yet another approach is available. If the systems already have Red Hat
Enterprise Linux installed using GRUB as the boot loader, you can also
follow the steps below to start your desktop installations. You
do not need to perform these steps if you are using an RHCI CD.
At each desktop, execute the following (assuming that wget is
installed on the system):
wget instructor/buildscript
sh buildscript
Reboot the desktop. You should have an install option in the
GRUB menu. Note you will have to type the password "redhat" to select
this menu item.
*** Manual Overrides (Not Supported) ***
Most of the above methods can be extended by passing one
additional argument to the kickstart file. This is here more for
QA and testing purposes. For example, if booting from the RHCI CD,
you would type in:
workstation [CLASS]
where [CLASS] is the name of the course, e.g., sa2, rhce-rt, etc.
The passed course name will be used instead of the one found on the
instructor system in /kickstart/course.
2. Change IP Addresses (Optional)
****************************** WARNING ******************************
*
Any problems or changes to desktop IP addresses can have
*
*
a cascading effect since the automated installation of virtual *
*
machines is based on the "current" IP address of the desktop. *

* If you change the IP address post install, you will probably

*
* need to correct the IP address of any virtual machines on
*
* this system. In fact, it may be safer to simply reinstall.
*
*********************************************************************
If you need to change an IP address, execute the two commands
below. leaser is a script that takes an IP as an argument. If no
argument is given, it exits. If given an argument, it will test
whether that IP has already been assigned by pinging it. If the IP
is available, it will request an immediate lease renewal using the
desired IP.
wget instructor/leaser
sh leaser 192.168.0.X
Do not run leaser from within X, as X and gdm will be restarted
after the networking is initialized with the new IP.
3. Configure DHCP to Statically Assign IP Addresses
Once all the candidate systems have their desired IP addresses,
create a new /etc/dhcp/dhcpd-desktop.conf that will bind these IP
addresses to the MAC addresses. Execute
redhcp > /etc/dhcp/dhcpd-desktop.conf
redhcp uses arping to collect arp information, then uses arp -a to
report host names and MAC addresses. Because it uses information in
the arp table, make sure all of the student machines are completely
booted to make certain that all desktops are in the table.
You should remove the range of IPs that you statically assign. Edit
/etc/dhcp/dhcpd.conf and remove or comment the entire pool stanza
that is listed below:
pool {
deny members of "virtual";
deny members of "microsoft-clients";
deny members of "PXE";
range 192.168.0.1 192.168.0.20;
}
Restart DHCP to use the new configuration include file:
service dhcpd restart
4. Install Virtual Machines
Several of the classes will install virtualization support coupled
with one or more virtual machines. The virtual machines themselves
are installed by /etc/rc.local. The scripts will read the IP address of
the desktop to statically set their own IP address.
****************************** WARNING ******************************
*
Any problems or changes to desktop IP addresses can have
*
*
a cascading effect since the automated installation of virtual *
*
machines is based on the "current" IP address of the desktop. *
*
If you change the IP address post install, you will probably *
*
need to correct the IP address of any virtual machines on
*
*
this system.
*

*********************************************************************
When the virtual machines are finished installing, they will stop.
The students will need to take a snapshot of the logical volume storage
used for the virtual machines by running /usr/local/sbin/lab-resetvm.
Students **MUST** run lab-resetvm before beginning any labs. When
/usr/local/sbin/lab-resetvm is run, it will start vserver using the new
snapshot LV. This script can be run at any time to reset the vserver
virtual machine to start from a known-good state.
You must not let the students nor yourself reboot the machine during
the build process of the virtual machine(s). If you need to rebuild
the virtual machines by hand, use the following three steps:
virsh destroy vserver
virsh undefine vserver
/usr/local/sbin/install-vserver
The script presumes that the underlying logical volume /dev/vol0/vserver
already exists.
If you already have a snapshot of vserver and you want to install it from
scratch, use the following steps:
virsh destroy vserver
virsh undefine vserver
lvremove /dev/vol0/vserver-snap
/usr/local/sbin/install-vserver
After it is finished installing (virsh list no longer shows vserver):
lab-resetvm
5. Have Students Log In
Instruct students to login as user student with a password of student.
Finish Instructor Configuration
===============================
1. Configure demo.example.com
Once demo.example.com has completed the installation, run
/root/bin/gls-reset-demo. This script will create a snapshot of the LV
used during the original installation and change the virtual machine
configuration to use this snapshot. It will also boot the demo virtual
machine. Any time you want to reset demo to a pristine state, run the
/root/bin/gls-reset-demo script.
2. Secure Instructor Systems
Change the root password from "redhat" to something else you will
remember and use during class and not share with the students.
Not only do you need to change the root password on the instructor machine,
but on the virtual machines as well: demo.example.com and
remote250.remote.test.
The students should not have root access to any of these machines.
***************************** WARNING *****************************
*
You will need to reset the root password for demo.example.com *

*
again if you reset the virtual machine using
*
*
/root/bin/gls-reset-demo.
*
*********************************************************************
Set a GRUB password on instructor by executing grub-md5-crypt, then copying
the returned string into /boot/grub/grub.conf as follows:
password --md5 <string>
3. Prepare for Classroom Presentations
Get X configured on the instructor system and test the classroom
projection system. Run gnome-display-properties to configure the
resolution.
There is an instructor account created on the instructor machine for
the purpose of giving your presentation. Do not present as root. When you
need to demonstrate something as root, log in through a virtual console
or su in an xterm for this purpose. The screensaver will not work for
root and you do not want to leave an open root session running when you
step outside the class.
****************************** NOTE *********************************
*
The instructor user has been added to the wheel group and the *
*
wheel group has NOPASSWD: ALL access in /etc/sudoers.
*
*********************************************************************
4. Configure Instructor System's External Network (Optional)
Determine whether the classroom is on an isolated network, or else
has a single access point to external networks that can be plugged
into a second NIC of the classroom server, or detached.
If you have a second NIC in the instructor system you may want to have
instructor.example.com act as a gateway for the classroom. First make
sure that /etc/sysconfig/dhcpd correctly specifies br0 as the only
interface to which it should provide DHCP services.
cat /etc/sysconfig/dhcpd
DHCPDARGS=br0
****************************** NOTE *********************************
*
br0 is the bridge that has been configured for the virtual
*
*
machine bridge. It is similar to the old xenbr0 bridge that *
*
was the default on RHEL5 with Xen.
*
*********************************************************************
The eth1 interface has been configured to use DHCP. If you want to use a
static IP address, use system-config-network or edit the appropriate file
by hand to configure networking.
You may also need to add whatever DNS name server the facility uses
as a forwarder in /var/named/chroot/etc/named.conf. If you add a
forwarder, restart named and check DNS service. If the forwarder does not
validate using DNSSEC, you may see errors like the following in
/var/log/messages:
instructor named[22810]: error (network unreachable) resolving
'google.com.dlv.isc.org/DLV/IN': 2001:4f7:0:1::20#53
If that is the case, edit /var/named/chroot/etc/named.conf again and
change:

dnssec-validation yes;
to
dnssec-validation no;
and restart named.
In order to provide Internet access to the entire class, execute
the following:
/root/bin/iptables-nat-masquerade
which will create a masquerade rule and save it.
You should be ready for class!
APPENDIX
-CHANGING vserver DISK PERSISTENTLY
There are times when it may be useful to change the underlying disk of
vserver. The lab-resetvm and setup scripts take a snapshot of the original LV
used by vserver. These steps presume you are running on desktopX and editing
serverX, but the commands would be similar for any virtual machine. To make a
persistent change, follow these steps:
1. virsh destroy vserver
2. kpartx -av /dev/vol0/vserver
3. vgscan
4. vgchange -ay vgsrv
5. mount /dev/vgsrv/root /mnt
6. Make changes in /mnt as necessary.
7. umount /mnt
8. vgchange -an vgsrv
9. kpartx -dv /dev/vol0/vserver
10. lab-resetvm

REINSTALLING rhce-config
The scripts on rhce-config have not been testing with an upgrade/removal. If
you need to upgrade to a new RPM package there are two ways to do this:
1. Remove the old version and install the new version.
rpm -e rhce-config
rpm -ivh rhce-config*.rpm
This method leaves a few things that you will need to fix:
a. /etc/sysconfig/dhcpd
The line should read:
DHCPDARGS=br0
b. /kicckstart/course
Run /root/bin/gls-setcourse to set the course again.
2. Upgrade the new package using --noscripts
rpm -Fvh --noscripts rhce-config*.rpm

None of the scripts will run, so this may mean you will have to run some
scripts yourself. Some of these scripts can be found in /root/bin/.
SLOW MACHINE (Thanks, Wander Boessenkool)
---------------If your students workstations (or instructor machine for that matter)
become unbearably laggy at some points it might be ksm.
An easy fix for this is to run the following commands on instructor and
desktopX:
chkconfig ksmtuned off
service ksmtuned stop
chkconfig ksm off
service ksm stop
GRUB ISSUES
----------There is a new feature of RHEL that uses USBs devices before hard drives:
https://bugzilla.redhat.com/show_bug.cgi?id=497019
This means that using a USB device to install is usually seen as /dev/sda, and
grub will be written to this device. The kickstart file attempts to find the
real hard drive and installs grub to it. If this does not succeed, leave your
USB device in instructor.example.com to boot it. Once it has booted, use
`grub-install /dev/sda` (or grub setup) to install grub to the MBR. You may
also need to remove entries pointing to the USB device found in /etc/fstab.