Operating System Installation -...
Transcript of Operating System Installation -...
Operating System Installation
René Serral-Gracià Xavier Martorell-Bofill1
1Universitat Politècnica de Catalunya (UPC)
September 16, 2014
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Lectures
1 System administration introduction2 Operating System installation3 User management4 Application management5 System monitoring6 Filesystem Maintenance7 Local services8 Network services9 Security and Protection
10 Virtualization
R. Serral-Gracià, et. al Installation 2
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Outline
1 Introduction
2 Equipment Life-cycle
3 System installation
4 Disk Partitioning and filesystems
5 System Init/Shutdown
R. Serral-Gracià, et. al Installation 3
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Outline
1 IntroductionGoals
2 Equipment Life-cycle
3 System installation
4 Disk Partitioning and filesystems
5 System Init/Shutdown
R. Serral-Gracià, et. al Installation 4
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Goals
Abilities
Installation schedulingDisk PartitioningFile System creationSwap area dimensioning
Basic configurationSystem Startup and Shutdown
Configuration Commands and files
fdisk, mkfs, mkswap, mount, swaponshutdown, halt, reboot, poweroffinit, /etc/inittab, /etc/rc*.d/, /etc/fstab
R. Serral-Gracià, et. al Installation 5
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Outline
1 Introduction
2 Equipment Life-cycle
3 System installation
4 Disk Partitioning and filesystems
5 System Init/Shutdown
R. Serral-Gracià, et. al Installation 6
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Equipment Life-cycle1
New
Clean
Install
Configured Unknown
Off
Initialize
Reinstall
Update
Fix
Entropy
Retire
Sysadmin goals:Understand the existence of the states and their transitionsMaximize the amount of time in the “Configured” state
1Rémy Evard. “An analysis of UNIX system configuration”. 11th Systems Administration Conference (LISA 97)
R. Serral-Gracià, et. al Installation 7
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Equipment Life-cycle
States
New: new equipmentClean: equipment with the installed OS but without anymaintenance taskConfigured: configured equipment according to theenvironment requirementsUnknown: unconfigured or outdated equipmentOff: discarded equipment due to its age or hardware failure
R. Serral-Gracià, et. al Installation 8
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Equipment Life-cycle
Transitions
Install: OS installationInitialize: Initial set of required changes to have theequipment configured in the work environmentUpdate: Insert new functionalities, apply patches andsecurity updatesEntropy: Gradual degradation process leaving theequipment in unknown stateFix: take the necessary actions to set the equipment backto configured stateReinstall: massive update of the OS. Usually forced by anattack, goal shift in the equipment, or configuration errorsRetire: final retirement of the equipment
R. Serral-Gracià, et. al Installation 9
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Outline
1 Introduction
2 Equipment Life-cycle
3 System installationPrevious tasksInstallation
4 Disk Partitioning and filesystems
5 System Init/Shutdown
R. Serral-Gracià, et. al Installation 10
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
System installation
1 Goals2 Dimensioning3 HW Acquisition4 Disk preparation5 Protected network setup6 Install / OS & Software update7 Service configuration / adaptation8 Security policy enforcement9 Final location network setup
10 Label / Document the followed steps11 Monitor. . . goto 5
R. Serral-Gracià, et. al Installation 11
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Previous tasks
1 Goals
Which is the purpose of the new equipment?
DesktopDocument editing?Compiling?
ServerE-mail? Web? Proxy? DNS? Files?Primary? Secondary?
Amount of expected usersSecurity requirements
R. Serral-Gracià, et. al Installation 12
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Previous tasks
2 DimensioningCPUMemoryDiskRedundancy
3 Buy HWOS Compatibility (drivers!)List of features
IRQs, DMA, and/or ports...
R. Serral-Gracià, et. al Installation 13
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Installation
4 Disk preparationPartitioningSwap area preparationFormat and prepare the filesystems
5 Connect the equipment into a secure networkSo during the installation the machine is protected
6 Install / Update OS & SoftwareChoose OS / DistributionSelect the package update list
R. Serral-Gracià, et. al Installation 14
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Installation
7 Service configurationAdapt them to the work environment
8 Implement security policiesOffer only the necessary services
9 Connect to the networkTo the final location
10 Label / Document the followed stepsIn case it is necessary to repeat them, to apply them onother machines, . . .
11 Monitoring. . . goto 6
R. Serral-Gracià, et. al Installation 15
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Outline
1 Introduction
2 Equipment Life-cycle
3 System installation
4 Disk Partitioning and filesystemsFilesystem preparation/formatSwap area
5 System Init/Shutdown
R. Serral-Gracià, et. al Installation 16
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Types of partitions (PC)
Up to 4 “primary” partitions in theMaster Boot Record
Or 3 primary and 1 extended. . . or 2 primary and 2 extended. . .(not supported by all OSs)
Primary partitionMay contain a filesystem
Extended partitionCan only contain logical partitions
Logical partitionsMay contain a filesystem
Ext
ende
d
Data area 1
Master boot record
Prim
ary
Logi
cLo
gic
Prim
ary
Boot Sector
Data area 2
Boot Sector
Extended Boot Record
Boot Sector
Data area 3
Boot Sector
Data area 4
No Usat
R. Serral-Gracià, et. al Installation 17
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Types of partitions – GUID Partition Table (GPT)
Up to 128 partitions with the defaultsize of GPTThere is no disctintion of primaryand extended partitions anymore,now it is identified by UUID
The partition type is determined bythe Operating System, whichassigns its own IDs
R. Serral-Gracià, et. al Installation 18
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Partitions: concept and justification
Divide one disk into several independent disks
Each partition is completely isolated from the othersError isolationMore security
Backup management different for each partitionFasterMore convenientRead-only or not much changed partitions
Information reuse among OS
Problem: hard disk fragmentation
R. Serral-Gracià, et. al Installation 19
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Filesystem structure in UNIX
bbinsbin
lib
usr*
bin sbin
local*
home*
mnt*
opt*
etc dev*proc**
tmp*
var*
log* tmp
/**
* Can be mounted filesystems** Must be mounted filesystems
R. Serral-Gracià, et. al Installation 20
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Filesystem structure in UNIX
/bin and /sbinExecutables needed during boot timeifconfig, mount, ls, cat, ...
/usr/bin and /usr/sbinOperating system applicationsman, apropos, ...adduser, deluser, ...
/usr/local/bin and /usr/local/sbin (or /opt)Specific applications
$HOME/binEnd-user applications
R. Serral-Gracià, et. al Installation 21
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Filesystem structure in UNIX
/varDynamic content
AccountingInformation about end-user activity
SpoolMailCron/atlpd
RunPid’s of running daemons
LogSystem logs
R. Serral-Gracià, et. al Installation 22
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Filesystem preparation/format
mkfs -t tipus [opcions] dispositiutype: ext3, ext4, reiserfs, vfat, brtfs,. . .options (filesystem dependent)
block sizenumber of inodenumber of blocks (usually autodetected). . .
tune2fs [-l] [-j] . . .Filesystem ext[234] parameter configuration
Filesystem check intervalJournal creation. . .
R. Serral-Gracià, et. al Installation 23
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Exercise – En grup
If we put all the directories labelled with * and ** in theirown partition. Determine a correct size for each partition
Such size normally depends of the particular needs for thatinstallation. Usually a regular Linux installation needsaround 15GB
Why the rest of the directoris cannot be on a partition bythemselves
The content is necessary during the boot process.Potentially before mounting the filesystems
R. Serral-Gracià, et. al Installation 24
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Exercise – En grup
If we put all the directories labelled with * and ** in theirown partition. Determine a correct size for each partition
Such size normally depends of the particular needs for thatinstallation. Usually a regular Linux installation needsaround 15GB
Why the rest of the directoris cannot be on a partition bythemselves
The content is necessary during the boot process.Potentially before mounting the filesystems
R. Serral-Gracià, et. al Installation 24
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Mount
mount [options] device directory-t <filesystem type>
Indicate the type of the filesystem-a
mount all the filesystems in /etc/fstab-o <FS options>
ro = read-onlyremountnoexec, nodev, nosuiduser
R. Serral-Gracià, et. al Installation 25
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
/etc/fstab
Indicates how to mount the filesystems
Device M. point FS Options D F/dev/sda1 /boot ext3 defaults 0 2/dev/sda2 / ext4 defaults 0 1/dev/sda5 /var ext3 defaults 0 2/dev/sda6 /tmp ext3 defaults 0 2/dev/sda7 /home ext3 defaults 0 2none /dev/pts devpts gid=5,mode=620 0 0none /proc proc defaults 0 0none /sys sysfs defaults 0 0/dev/sda3 swap swap defaults 0 0/dev/scd0 /mnt/cdrom auto ro,noauto,user 0 0
R. Serral-Gracià, et. al Installation 26
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Exercise – In group
We have a server with 100 users, with a disk quota of 5Gbper user. The system has a 1TB harddisk. Indicate howcan you partition it and the size of each partition.
The users need a total of ∼ 500GB. ∼ 5GB for the basesystem2, then lacking more information we leave a total of∼ 10GB for applications.Then we will have 3 different partitions, the root partition/dev/sda1 with 6GB, the user’s partition /dev/sda2using 600Gb, 12Gb for applications /dev/sda5, andfinally 8GB for the swap partition/dev/sda6. We leave therest of the disk unpartitionedFor safety we leave a threshold of 10− 20% in terms ofspace for each partition
2Assuming a Linux Debian installation
R. Serral-Gracià, et. al Installation 27
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Exercise – In group
We have a server with 100 users, with a disk quota of 5Gbper user. The system has a 1TB harddisk. Indicate howcan you partition it and the size of each partition.
The users need a total of ∼ 500GB. ∼ 5GB for the basesystem2, then lacking more information we leave a total of∼ 10GB for applications.Then we will have 3 different partitions, the root partition/dev/sda1 with 6GB, the user’s partition /dev/sda2using 600Gb, 12Gb for applications /dev/sda5, andfinally 8GB for the swap partition/dev/sda6. We leave therest of the disk unpartitionedFor safety we leave a threshold of 10− 20% in terms ofspace for each partition
2Assuming a Linux Debian installationR. Serral-Gracià, et. al Installation 27
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Exercise – In group
List the required commands in order to be able to mountthe filesystems indicated in the previous exercise, knowingthat the application partition must be read-only.
/dev/sda1→ it must be mounted from /etc/fstab/dev/sda2→ mount /dev/sda2 /home/dev/sda5→ mount -o ro /dev/sda5 /usr
Can you devise any situation where more partitions couldbe necessary?
If the server had some specific requirements, for example avery large web page, we could be interested in having/var/www in a different partition
R. Serral-Gracià, et. al Installation 28
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Exercise – In group
List the required commands in order to be able to mountthe filesystems indicated in the previous exercise, knowingthat the application partition must be read-only.
/dev/sda1→ it must be mounted from /etc/fstab/dev/sda2→ mount /dev/sda2 /home/dev/sda5→ mount -o ro /dev/sda5 /usr
Can you devise any situation where more partitions couldbe necessary?
If the server had some specific requirements, for example avery large web page, we could be interested in having/var/www in a different partition
R. Serral-Gracià, et. al Installation 28
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Exercise – In group
List the required commands in order to be able to mountthe filesystems indicated in the previous exercise, knowingthat the application partition must be read-only.
/dev/sda1→ it must be mounted from /etc/fstab/dev/sda2→ mount /dev/sda2 /home/dev/sda5→ mount -o ro /dev/sda5 /usr
Can you devise any situation where more partitions couldbe necessary?
If the server had some specific requirements, for example avery large web page, we could be interested in having/var/www in a different partition
R. Serral-Gracià, et. al Installation 28
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Exercise – In group
List the required commands in order to be able to mountthe filesystems indicated in the previous exercise, knowingthat the application partition must be read-only.
/dev/sda1→ it must be mounted from /etc/fstab/dev/sda2→ mount /dev/sda2 /home/dev/sda5→ mount -o ro /dev/sda5 /usr
Can you devise any situation where more partitions couldbe necessary?
If the server had some specific requirements, for example avery large web page, we could be interested in having/var/www in a different partition
R. Serral-Gracià, et. al Installation 28
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Swap area
Rule of thumbSwap = 2 * physical memory
Memory
x
Swap
2x
RealmentForesee memoryrequirements and choose itaccordingly
Memory Swap
Applications
R. Serral-Gracià, et. al Installation 29
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Swap area implementation
As a disk partitionBetter if divided into multiple devices
Special filePre-created and completely reserved. . . it cannot have any“holes”
Holes??? in a file???dd if=/dev/zero of=swapfile bs=1024 count=65536
Be careful!File protectionsThe is sensible information from the swapped out processes
R. Serral-Gracià, et. al Installation 30
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Swap area Creation/Preparation
mkswap device | fileCreates a swap area — is equivalent to swap area “format”
swapon [options] [device | file]-p priority
The swap with more priority is used beforeRound-Robin if equal priority
-aActivates all the swaps defined in /etc/fstab
swapoff [options] [device | file]Disables a given swap area-a
Disables all the ones defined into /etc/fstab
R. Serral-Gracià, et. al Installation 31
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Outline
1 Introduction
2 Equipment Life-cycle
3 System installation
4 Disk Partitioning and filesystems
5 System Init/ShutdownSystem initializationSystem shutdown
R. Serral-Gracià, et. al Installation 32
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
System initialization
ROMHardware initialization
CPUs,. . .
kernelHardware detectionKernel mode configuration
initrdDevice configuration
initUser space configurations
kernel initrd
kernel initrd init
Loader
MBR
ROM
kernel mode
user mode
R. Serral-Gracià, et. al Installation 33
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Runlevel
init it has diferent runlevelS,1: single user2-5: multi-user
2: without network3: with network4: network + X
0: halt6: reboot
init run-levelchanges the runlevel
S
2 3
0 6
R. Serral-Gracià, et. al Installation 34
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Init/shutdown Service Scripts
/etc/init.d
Accept standard parameters/etc/init.d/servei start|stop|restart|reload|. . .
start: starts the servicestop: stops the servicerestart: stop+startreload: if possible restarts the service without killing it (HUP)
And other specific to some servicesstatussetup. . .
R. Serral-Gracià, et. al Installation 35
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Unix System-V init style
/etc/rcX.d
One directory per runlevelScripts running at runlevel X
Usually are soft-links to actual scripts in /etc/init.dThe name indicates its priority (01-99)
[S|K ] <priority>namee.g.: S40networking, K74bluetooth
When changing the runlevel first the system runs the K andthen S with priority order (small first – alphabetically)They can be managed using update-rc.d→ Lab session
R. Serral-Gracià, et. al Installation 36
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Dependency based init
Upstart
Compatible with System V (Scripts and parameters)Totally asynchronousService init/shutdown in parallel
Makefile style controlled dependencies
It allows contron and monitoring of the running services
Systemd
Partially compatible with System V or BSDOnly available in LinuxIt allows hardware detection via udev
R. Serral-Gracià, et. al Installation 37
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Initialization – End
/etc/rc.local
Local configuration Shell scriptExecuted at the end of multiuser runlevels
Example:
#!/bin/bash# start hard drive temperature monitor daemon/usr/local/bin/hddtemp -d /dev/sda
# In case hddtemp fails for any reasonexit 0
R. Serral-Gracià, et. al Installation 38
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
System shutdown
Actions to perform
Stop all services — Network + localsStop all the processesSync all buffer cachesUmount all the filesystemStop/reboot the system
Commands
shutdown: allows shutdown/reboot at a given timereboot, halt, poweroff, . . .
Currently all optiosn use ACPI extensionsinit 0, init 6
R. Serral-Gracià, et. al Installation 39
Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown
Personal work
Privileges and protectionOwners and groupsPrivileges (r, w, x)UmaskSetuid, setgid
User management related commandschmod, chown, id, newgrpuseradd/adduser, userdelchfn, chsh, passwdgroupadd, groupdel
R. Serral-Gracià, et. al Installation 40