Create a new VM and choose to install later

When the VM is created, add the install disk to the cdrom and boot the vm

Choose English for Language and Time and US for Keyboard

Then Choose install now

Select the operating system you want to install: Select Windows Server 2008 R2 Standard (Full Installation)

Accept the TOS

Choose the Custom Install

Choose the Disk you want to intall to

Start the Install

The install end and reboots

Create the Administrator password

Change the Time Zone and make sure the Time is correct

Install VMWare Tools (Typical Install)

Reboot

Login as Administrator

Turn on and Check for updates

Update everything

Don’t forget to sysprep

Network Configuration

rename to fileserver:

vi /etc/hostname
vi /etc/hosts

Create static interface and add the Active Directory Server as the DNS

vi /etc/network/interfaces

auto eth0
iface eth0 inet static
  address 10.10.10.30
  netmask 255.255.255.0
  network 10.10.10.0
  gateway 10.10.10.1
  dns-nameservers 10.10.10.10
  dns-search tom.edu

reboot and check if /etc/resolve.conf has the windows ad server as its dns

Get Kerberos working

sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config

use TOM.EDU as Realm

vi /etc/krb5.conf

[logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
  
  [libdefaults]
  dns_lookup_realm = true
  dns_lookup_kdc = true
  ticket_lifetime = 24h
  forwardable = yes
  
  [appdefaults]
  pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
  }

test kerberos

[root@rid-nfs ~]# host -t srv _kerberos._tcp.tom.edu
_kerberos._tcp.tom.edu has SRV record 0 100 88 ad.tom.edu.

Samba and winbind

sudo apt-get install samba winbind

vi /etc/samba/smb.conf

#GLOBAL PARAMETERS
  [global]
     workgroup = TOM
     realm = TOM.EDU
     preferred master = no
     server string = Home Directory Server
     security = ADS
     encrypt passwords = yes
     log level = 3
     log file = /var/log/samba/%m
     max log size = 50
     printcap name = cups
     printing = cups
     winbind enum users = Yes
     winbind enum groups = Yes
     winbind use default domain = Yes
     winbind nested groups = Yes
     winbind separator = +
     winbind cache time = 10
     idmap uid = 10000-20000
     idmap gid = 10000-20000
     idmap config TOM: backend = rid
     idmap config TOM: range = 10000-20000
     allow trusted domains = No
     template shell = /bin/bash
     template homedir = /home/%D/%U
     ;template primary group = "Domain Users"
  
  [homes]
     comment = Home Direcotries
     path = /export/home/
     valid users = %S
     read only = No
     browseable = No
     inherit acls = yes
     inherit permissions = yes
     writable = yes
  
  [printers]
     comment = All Printers
     path = /var/spool/cups
     browseable = no
     printable = yes
     guest ok = yes

vi nsswitch.conf

passwd: compat winbind
group: compat winbind
shadow: compat

restart winbind nmbd and smbd

join the domain

net ads join -U Administrator

test:

wbinfo -u
getent passwd

Setup the NFS Server

apt-get install acl nfs-kernel-server

mkdir /export/home

add user directories and modify permissions

vi /etc/exports

/export/home 10.10.10.0/24(rw,sync,no_subtree_check)

export the new directory

service nfs-kernel-server restart

test:

exportfs

Enable ACL support (important, this will fix file permission creation issues)

Open /etc/fstab, navigate to the entry for the home directory partition, and add acl to the list of options.

/dev/sda1 /export/home ext3 defaults,acl 0 0

With this option in place, remount the filesystem.

sudo mount -o remount /dev/sda1

My setup was a bit different in /etc/fstab

/dev/mapper/ubuntu-root /               ext4    errors=remount-ro,acl 0       1

Sign the Puppet Cert on Master

root@puppet:/etc/puppet# puppet cert list
  "fileserver.tom.edu" (MD5) E0:C3:90:FF:55:A8:81:A3:05:DD:61:A4:07:4B:EB:7B
root@puppet:/etc/puppet# puppet cert sign fileserver.tom.edu
Signed certificate request for fileserver.tom.umb.edu
Removing file Puppet::SSL::CertificateRequest fileserver.tom.edu at '/var/lib/puppet/ssl/ca/requests/fileserver.tom.edu.pem'

Go Setup the Linux Client

ubuntu rid client

Puppet Recipies

http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Patterns

Some of my puppet configurations:

Dr Java

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

class drjava {

  file { "drjava-stable-20120818-r5686.jar":
    path    => '/usr/bin/drjava-stable-20120818-r5686.jar',
    ensure  => file,
    source => 'puppet:///modules/drjava/drjava-stable-20120818-r5686.jar',
    owner => 'root',
    group => 'root',
    mode => '644',
  }

  file { "drjava":
    path => '/usr/bin/drjava',
    ensure  => file,
    source => 'puppet:///modules/drjava/drjava',
    owner => 'root',
    group => 'root',
    mode => '755',
  }

  file { "drjava.desktop":
    path => '/usr/share/applications/drjava.desktop',
    ensure  => file,
    source => 'puppet:///modules/drjava/drjava.desktop',
    owner => 'root',
    group => 'root',
    mode => '644',
  }

    file { "drjava.png":
    path => '/usr/share/app-install/icons/drjava.png',
    ensure  => file,
    source => 'puppet:///modules/drjava/drjava.png',
    owner => 'root',
    group => 'root',
    mode => '644',
  }

}

Install [[Oracle Solaris 11]]

Install OpenCSW pkgadd -d http://get.opencsw.org/now

Add /opt/csw/bin to path export PATH=$PATH:/opt/csw/bin

Install the puppet agent pkgutil –install puppet

The puppet agent will auto start, if you need to add the puppet master to /etc/hosts and restart puppet:

svcs

this prints out the services running

svcadm restart cswpuppetd

I added another virtual drive to store the images on and to capture to.

It’s mounted on E:

To move the RemoteInstall Directory:

1. First you have to uninitialize C:/> WDSUTIL /uninitialize-server

2. Copy the RemoteInstall Directory to the new location

3. Now reinitialize c:/> WDSUTIL /Initialize-server /RemInst:E:\RemoteInstall

I got my fist EC2 instance last weekend.

http://ec2-184-73-40-56.compute-1.amazonaws.com is running http://www.catornotcat.com Cat (or Not Cat)

How to change the time zone on AWS EC2 Linux machine

Different servers available in the cloud will have different time zone. For running some crons in your time zone, this can be achieved by changing the time zone of the machine. This is something easy on the Linux box. You just need is to follow the following steps:

1) Remove the localtime

rm /etc/localtime

2) All the time zone are placed in the location /usr/share/zoneinfo/, now you need is to create a soft link of the appropriate time zone to /etc/localtime. For ex: if you want to change the timezone to be changed to the EST. You just have to execute the command given below:

ln -s /usr/share/zoneinfo/EST /etc/localtime

Thats it. Now the time zone of the machine has been changed to EST.

Creating Computer Account Objects in AD DS ====== Pre Stage the client computer account ====== You can use Windows Deployment Services to link physical computers to computer account objects in Active Directory Domain Servers (AD DS). This is called prestaging the client. Prestaged clients are also called known computers. This allows you to then configure properties on the computer account to control the installation for the client. For example, you can configure the network boot program and the unattend file that the client should receive, as well as the server from which the client should download the network boot program. You can create a computer account object and associate it with a physical computer using the following methods:

* Using WDSUTIL. You can prestage client computers before they have attempted a network boot, by running WDSUTIL /Add-Device /Device:<name> /ID:<ID>. You cannot prestage computers by using the Windows Deployment Services MMC snap-in, but you can set the Auto-Add policy and approve or reject pending computers.
* Using the Active Directory Users and Computers snap-in. You can prestage client computers before they have attempted a network boot using AD DS. For instructions, see the section "To prestage a client computer" in How to Manage Client Computers.
* Enabling the Auto-Add policy. If you enable this policy, when you approve the installation for an unknown client, the installation will proceed and a computer account will be created in AD DS for the client. For more information, see Enabling the Auto-Add Policy
* Using Windows Deployment Services as part of the image installation. By default, all operating system installations using Windows Deployment Services result in a client computer that is joined to a domain. You can disable this functionality using the Client tab of the server’s properties

http://technet.microsoft.com/en-us/library/cc771206(v=ws.10).aspx

WDSUTIL /Add-Device /Device:W7PreStage /ID:000c29d2cc4f /JoinDomain:Yes /OU:OU=Workstations /Domain:OU=Workstations,DC=tom,DC=umb,DC=edu

Deploying a Linux desktop will take a few steps. 1. WDS - pxelinux 2. debian preseed 3. puppet

pxelinux.cfg/default

LABEL ubuntu-804 MENU LABEL ^1. Ubuntu 12.04 Standard Desktop kernel ubuntu-8.04-installer/i386/linux append vga=normal initrd=ubuntu-8.04-installer/i386/initrd.gz debian-installer/framebuffer=true console-setup/ask_detect=false console-setup/layoutcode=gb locale=en_GB netcfg/wireless_wep= netcfg/choose_interface=eth0 netcfg/get_hostname= url=http:///preseed/install.preseed netcfg/dhcp_timeout=60 splash -- </code>

The append line is quite lengthy and contains automations for things that can’t be preseeded with the file from the webserver, because at that stage the network is not yet initialised. The install.preseed file is just a modified file from the example preseeding file, which can be found in the installation-guide-i686 debian package.

However we don’t only want to install a standard desktop, we also want to make some automated customisations to it right after the installation. For this (and general configuration management) we use Puppet, which is packaged for Ubuntu. To get that activated, we append this line in the preseeding file:

d-i pkgsel/include string puppet

Choose a Package Source

Download the “puppetlabs-release” package for your OS version. You can see a full list of these packages on the front page of http://apt.puppetlabs.com/. They are all named puppetlabs-release-(CODE NAME).deb.

Install the package by running dpkg -i . For example, to enable the repository for Ubuntu 12.04 Precise Pangolin:

Introduction

Our Capstone project is to simulate a functional enterprise computer network in a virtual environment. The computer network will involve an integrated Microsoft Windows server and Linux server setup which will include auto-deployment of each clients.

Authentication

A secure, centralized authentication system is the Holy Grail of systems administration in a heterogeneous network.

PXE Pre Execution Environment

The Preboot eXecution Environment (PXE, also known as Pre-Execution Environment; sometimes pronounced “pixie”) is an environment to boot computers using a network interface independently of data storage devices (like hard disks) or installed operating systems.

Puppet

Puppet is IT automation software that helps system administrators manage infrastructure throughout its lifecycle, from provisioning and configuration to patch management and compliance. Using Puppet, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change, scaling from 10s of servers to 1000s, on-premise or in the cloud.

Puppet is available as both open source and commercial software. You can see the differences here and decide which is right for your organization.

How Puppet Works Puppet uses a declarative, model-based approach to IT automation.

• Ordered List ItemDefine the desired state of the infrastructure’s configuration using Puppet’s declarative configuration language.
• Simulate configuration changes before enforcing them.
• Enforce the deployed desired state automatically, correcting any configuration drift.
• Report on the differences between actual and desired states and any changes made enforcing the desired state.

In short, the only way to do away with scripting is to create an application that abstracts the scripting process. Automated scripting would then be based on user descriptions of the desired outcome/goal rather than having the user describe the steps to reach said goal.

This really gets to the heart of how things need to change. I wouldn’t call it “abstracting the scripting process” any more than I’d call a web browser “abstracting the network,” but that doesn’t make it inaccurate.

What is exactly right is his characterization of the ideal state: user descriptions of the desired outcome/goal. We call this approach model driven. What that means is administrators can describe how a system should look, and let tools move the system from whatever state it’s in to the end state automatically.

This distinction between model driven and script driven has been evolving for a while. Tools like Cfengine and Puppet have supported model-driven configuration for years (the Puppet web page describes itself as having a “declarative language”). They give administrators a language to (for example) specify the DNS server for a machine; the tools are responsible for knowing how to update the right files on the system in a safe manner. Before Puppet and Cfengine a simple tool called rdist was state of the art for managing distributed systems, and it was entirely script based. You don’t see it much anymore; rdist scripts are much more brittle than the more popular model-based approach.

It’s probably obvious why I like this approach better than writing scripts for each change:

Models are understandable. It’s much easier to look at a model and know that it’s correct than to look at a script which implements the model. Models can be verified and have policies enforced against them. Models have a much simpler testing matrix. Models are invertible; just move back to the old version of the model. A model-based approach supports a high level of rapid change and automation. All of this assumes you have a reliable way of applying the model to a production machine”but once you do, it works over and over. You’re splitting the what from the how. It’s exactly the same idea which lies beneath the Model-View-Controller paradigm, and it’s right for exactly the same reasons.

When I was speaking with a prospective customer last week they described the same idea using slightly different language. They described their goal as being able to completely describe the “goal state” of the system and have “viewers” which could see how a system differed from the goal state. “Controllers”would be responsible for moving a system to its goal state. This is exactly the same idea as model-based system management, just using different language (I’d just about finished reading Neal Stephenson’s book Anathem, so I obviously found the idea of systems moving between points in a Hemn space quite appealing!).

Model-based approaches are a compelling alternative to scripts. It’s the right approach for managing large numbers of machines without employing large numbers of people.