Making A Custom Installation Cd For Hardened Kernel

I have installed "suse SLES 2.16.21-0.8-smp" on a 2x dual core processor server and have hardened the kernel as per our requirement. Now I need to copy over the hardened kernel onto multiple identical servers (< 10 servers). The requirement is to use this hardened kernel image to be ported to the other servers without having to fresh install from the CD/DVD. So this installation CD/DVD (or process) has to be bootable and install only the hardened kernel image onto the servers. What would be easiest and efficient way to go about doing this? The only changes to be made hopefully, would be to change the IP. Any ideas on how to tackle this? Thanks.

Viewed 26 times and no one has a solution to offer. That is really amazing...

Quote:

Viewed 26 times and no one has a solution to offer. That is really amazing...
[/b]

Did you think about cloning your partition and restoring it on the other servers? if the hardware is identical, you have only to change their IPs. Am I wrong?

Quote:

Viewed 26 times and no one has a solution to offer. That is really amazing...
[/b]

Prior to the last "make install" run "make rpm" ( or "checkinstall") and make an rpm of the hardened kernel ( you should find it in /usr/src/packages/RPMS), set your box with the hardened kernel as a Yast Source; point the box to be updated to that source & use Yast Online Update, also kernel-source & kernel-syms.

I have absolutely no idea if that will work, but it's a shot...

I would probably image the drive.

You may want to look into "remastering" like: http://www.knoppix.net/forum/viewtopic.php?t=18222

You may want to post on the openSUSE mailing list: http://en.opensuse.org/Communicate
The developers are really good at helping with something that gets their interest like this one.
You might ask them how to make an rpm of the running kernel (hardened). Tell them why of course.

Good luck.

PS: this may help: http://www-oss.fnal.gov/projects/fermilinu...rpms/index.html

Quote:

Prior to the last "make install" run "make rpm" ( or "checkinstall") and make an rpm of the hardened kernel ( you should find it in /usr/src/packages/RPMS), set your box with the hardened kernel as a Yast Source; point the box to be updated to that source & use Yast Online Update, also kernel-source & kernel-syms.

I have absolutely no idea if that will work, but it's a shot...

I would probably image the drive.

You may want to look into "remastering" like: http://www.knoppix.net/forum/viewtopic.php?t=18222

You may want to post on the openSUSE mailing list: http://en.opensuse.org/Communicate
The developers are really good at helping with something that gets their interest like this one.
You might ask them how to make an rpm of the running kernel (hardened). Tell them why of course.

Good luck.

PS: this may help: http://www-oss.fnal.gov/projects/fermilinu...rpms/index.html
[/b]

I have built the RPMS with “make rpm” cmd and I have the following files created
kernel-2.6.16.210.8x86_64.src.rpm under /usr/src/packages/SRPMS dir ,
kernel-2.6.16.210.8x86_64.rpm under /usr/src/packages/RPMS and
the build files under /usr/src/packages/BUILD dir

Now the plan is to create a custom kernel installation CD such that this stripped down kernel is installed with the existing configuration (Partitioning, drivers, bonding configs, and if possible the application rpm’s) onto the new identical hardware servers. I want to avoid installing YAST on the servers and what should go onto the CD to make my customized kernel installable and bootable and THE ONLY change I have to do will be to change the IP address on the new servers and it shd be good to go, with the partition and other setup getting replicated on the new servers.

This custom CD will be used to build multiple servers and would be an efficient way of installing on multiple servers and easier to maintain w/o installing YAST.
If nothing works I can go with the “ghosting” software to image my existing setup but I am sure there shd be way of doing this the linux way.

I have created the LIVE bootable kernel CD, that has the hardened kernel and boots off the CD, but that is not the desired purpose of this exercise.
Thanks for the links "Snakedriver" I am going through the archives to see if there is something that fits my requirement and then post my question there if nothing matches. I'll keep this thread updating at the same time. If there is any more suggestion I wud welcome that too....

Quote:

I have built the RPMS with “make rpm” cmd and I have the following files created
kernel-2.6.16.210.8x86_64.src.rpm under /usr/src/packages/SRPMS dir ,
kernel-2.6.16.210.8x86_64.rpm under /usr/src/packages/RPMS and
the build files under /usr/src/packages/BUILD dir

Now the plan is to create a custom kernel installation CD such that this stripped down kernel is installed with the existing configuration (Partitioning, drivers, bonding configs, and if possible the application rpm’s) onto the new identical hardware servers. I want to avoid installing YAST on the servers and what should go onto the CD to make my customized kernel installable and bootable and THE ONLY change I have to do will be to change the IP address on the new servers and it shd be good to go, with the partition and other setup getting replicated on the new servers.

This custom CD will be used to build multiple servers and would be an efficient way of installing on multiple servers and easier to maintain w/o installing YAST.
If nothing works I can go with the “ghosting” software to image my existing setup but I am sure there shd be way of doing this the linux way.

I have created the LIVE bootable kernel CD, that has the hardened kernel and boots off the CD, but that is not the desired purpose of this exercise.
Thanks for the links "Snakedriver" I am going through the archives to see if there is something that fits my requirement and then post my question there if nothing matches. I'll keep this thread updating at the same time. If there is any more suggestion I wud welcome that too....
[/b]

Transport them to a new machine, CD, usb-HDD, flash drive, etc
Install with"
"rpm -ihv kernel-2.6.16.210.8x86_64.rpm"
which should allow you to boot both kernel-2.6.16.210.8 and the previous kernel.
(do not use "rpm -Uhv" as that will replace the previous kernel & may make it tough to boot if there is a problem).
Also do the same for kernel-source & kernel-syms (to be able to fully compile & use modules)
You may have to install the newer kernel-source with the --force flag like"
"rpm -ihv --force kernel-source-2.6.16.210.8etc"

Here's a link that may help with getting up & booted with the new kernel: http://www.suseforums.net/index.php?showtopic=31438

Have fun...

PS: Congrats on making your rpm! When you get the time, please write up a howto on your project & post it in "Tips & Tricks".

Ahh but that is the painful part I want to install the hardened kernel on a machine with no OS Pre-installed on it, so it will be installed on factory fresh servers. SO it has to be similar to installing afresh for the first time. So Either I copy over the exact copy of my existing server to the new servers and I am "happy feet penguin" or
on a conciliatory note I would like to build a installation CD with the stripped down kernel and do the partitioning myself if it comes to that. Any way that I can get my work done without having to install the sources and libraries and compile the kernel again and again on each new servers........

I can always copy over the compiled .config from the previous server onto the new servers and do a
" make menuconfig && make clean && make bzImage && make modules && make modules_install && make install "
to get the new kernel cmpiled and ready for use. But i want to be efficient-n-lazy to come up with something better. Any ideas ??
Webo

Quote:

Ahh but that is the painful part I want to install the hardened kernel on a machine with no OS Pre-installed on it, so it will be installed on factory fresh servers. SO it has to be similar to installing afresh for the first time. So Either I copy over the exact copy of my existing server to the new servers and I am "happy feet penguin"
[/b]

I'd image the drive with "True Image" or "Clonezilla". Then put the image on all the new machines, assuming the same hardware.

Quote:

or
on a conciliatory note I would like to build a installation CD with the stripped down kernel and do the partitioning myself if it comes to that. Any way that I can get my work done without having to install the sources and libraries and compile the kernel again and again on each new servers........
[/b]

Look at the remaster links I posted earlier.

Quote:

I can always copy over the compiled .config from the previous server onto the new servers and do a
" make menuconfig && make clean && make bzImage && make modules && make modules_install && make install "
to get the new kernel cmpiled and ready for use. But i want to be efficient-n-lazy to come up with something better. Any ideas ??
Webo
[/b]

What's wrong with using the new kernel-2.6.16.210.8x86_64.rpm you just made?

Suse has a built-in framework for what you're trying to do, but I can't attest to how easy it is to use since I've never tried it.

You can use autoyast to create a custom installation configuration for openSUSE, this will basically create a clean install of Suse but without asking for installation options; rather it will use the configuration settings you create.

Start by checking out the YaST Autoinstallation page on the openSUSE wiki, I believe you use the autoyast module within yast to basically profile your system, and that in turn is used for creating boot installation options.

It's designed specifically for rolling out custom deployments on multiple machines, so it should fit the bill.

Hope this helps?

Cheers,
KV

Quote:

Suse has a built-in framework for what you're trying to do, but I can't attest to how easy it is to use since I've never tried it.

You can use autoyast to create a custom installation configuration for openSUSE, this will basically create a clean install of Suse but without asking for installation options; rather it will use the configuration settings you create.
[/b]

Sorry for the late reply but currently I am using "Ghosting" for deploying the image to other servers. I've read about the autoyast autoinst.xml, it lets me do precisely what I want to achieve, but it might take some time to master it so I've put it in the backburner for the moment. When I get to it I'll update this thread.
Thanks everyone for your help.