I am just preparing my first Red Hat Enterprise Linux 7 server - installed on Hyper-V, no less. Here is a collection of notes I have made along the way.
I've used a Generation 2 VM for my RHEL7 guest - this is supposedly fully supported by both Microsoft and Red Hat, although fairly poorly documented by both parties (admittedly Microsoft's documentation is a little better than RH's, but only is up to RHEL6.5 and not updated for 7 yet).
I had to disable SecureBoot to get the Install DVD to boot, and subsequently keep it off for the installed VM too. Apparently, there is a way to make it work (a colleauge said he found a result on Google, although didn't send the link to me as he said it needed to be done at Installation time, and my server was already installed), but it's not really important.
Integration Services showed as "Degraded - Missing" after I installed the OS. However, despite both vendors saying that RHEL7 was a fully supported guest with Integration Services built-in, Integration Services was clearly broken. The missing major step, that I worked out myself using "yum search", was to instal the meta-package "hyperv-daemons" - I.S. now shows as "Degraded - requiring Update", but at least it shows the IP Address etc - and it adds a VSS integration layer for crash-consistent snapshots!
yum install hyperv-daemons
systemctl enable hypervvssd.service
systemctl enable hypervkvpd.service
systemctl start hypervvssd.service
systemctl start hypervkvpd.service
CPUfreq may or may not be working - certainly the acpi kernel modules do not load (neither auto- nor manually) - but maybe there is power-saving auto-magic elsewhere in the system that I am unaware of. I might do some investigation later, but again I'm not too worried at this point.
yum install open-vm-tools
I haven't yet tested this, but at least this step is documented by both RH & VMWare!
Although it looks different, and the prompts are in a diiferent order, installation isn't really any different to any other OS you've ever seen - I just used the install ISO and it installed.
I selected "Autopartition" on a raw 20GB disk image to see what would happen - it gave me the following disk layout:
Partition
/dev/sda1 200M vfat /boot/efi
/dev/sda2 500M xfs /boot/
<lvm> 19G xfs /
Which is pretty much exactly what I wanted for this server.
yum install -y nano bind-utils net-tools telnet ftp mlocate wget at lsof man-pages tcpdump time bash-completion bzip2 yum-utils traceroute rsync strace pm-utils logrotate screen nmap-ncat
For this server, I also pulled in the full Base (a futher ~120 packages), although I probably didn't need to:
yum groupinstall -y base
subscription-manager register --username <rhn_username> --autosubscribe
Which refused to register the host and logged lots of HTTP 502 Errors. I thrashed about for half an hour, to no avail. So, I left it for the night, came back in the morning, only to find that the damn thing worked immediately. Thanks Red Hat, thanks -- I wouldn't have had that issue on CentOS, would I?
servicename=<servicename>
systemctl start ${servicename}.service
systemctl stop ${servicename}.service
systemctl status ${servicename}.service
# Enable on boot
systemctl enable ${servicename}.service<
# Disable on boot
systemctl stop ${servicename}.service
# Check boot status
systemctl list-unit-files | grep ${servicename}
See my updated NTP-On-Linux blog post for Chrony Setup:
http://itnotesandscribblings.blogspot.com.au/2014/05/ntp-on-linux-linux-host-needs-ntp-set.html
I haven't looked in great detail, but I found the following commands very helpful in getting myself set up with a basic single-interface server:
I experienced a serious gotcha when creating custom services - after you copy and edit the new custom file, you need to restart the firewall service. This is not documented in RedHat's Doco. Thanks again, guys.
cp /usr/lib/firewalld/services/http.xml /etc/firewalld/services/squid.xml
nano -w /etc/firewalld/services/squid.xml
firewall-cmd --get-service | grep squid
systemctl restart firewalld.servicefirewall-cmd --get-service | grep squid
Quite useful - generally well-written and concise, albeit with occasional missing elements which can really cause an issue.
Overall Documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/index.html
Basic Administration:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/part-Basic_System_Configuration.html
Firewall Information:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html
http://www.certdepot.net/rhel7-get-started-firewalld/
Adding permanent Rules to FirewallD:
http://blog.christophersmart.com/2014/01/15/add-permanent-rules-to-firewalld/
Guest VM on Hyper-V (Server 2012 R2)
I've used a Generation 2 VM for my RHEL7 guest - this is supposedly fully supported by both Microsoft and Red Hat, although fairly poorly documented by both parties (admittedly Microsoft's documentation is a little better than RH's, but only is up to RHEL6.5 and not updated for 7 yet).
I had to disable SecureBoot to get the Install DVD to boot, and subsequently keep it off for the installed VM too. Apparently, there is a way to make it work (a colleauge said he found a result on Google, although didn't send the link to me as he said it needed to be done at Installation time, and my server was already installed), but it's not really important.
Integration Services showed as "Degraded - Missing" after I installed the OS. However, despite both vendors saying that RHEL7 was a fully supported guest with Integration Services built-in, Integration Services was clearly broken. The missing major step, that I worked out myself using "yum search", was to instal the meta-package "hyperv-daemons" - I.S. now shows as "Degraded - requiring Update", but at least it shows the IP Address etc - and it adds a VSS integration layer for crash-consistent snapshots!
yum install hyperv-daemons
systemctl enable hypervvssd.service
systemctl enable hypervkvpd.service
systemctl start hypervvssd.service
systemctl start hypervkvpd.service
CPUfreq may or may not be working - certainly the acpi kernel modules do not load (neither auto- nor manually) - but maybe there is power-saving auto-magic elsewhere in the system that I am unaware of. I might do some investigation later, but again I'm not too worried at this point.
Sidenote: Guest on VMWare
VMWare Tools are also now built-in to the OS; install them with:yum install open-vm-tools
I haven't yet tested this, but at least this step is documented by both RH & VMWare!
RHEL 7 Installation-Process Notes
Although it looks different, and the prompts are in a diiferent order, installation isn't really any different to any other OS you've ever seen - I just used the install ISO and it installed.
I selected "Autopartition" on a raw 20GB disk image to see what would happen - it gave me the following disk layout:
Partition
/dev/sda1 200M vfat /boot/efi
/dev/sda2 500M xfs /boot/
<lvm> 19G xfs /
Which is pretty much exactly what I wanted for this server.
Minimal Installation
I chose Minimal set of installation packages (my usual choice for servers). I then added the following obviously-missing useful packages:yum install -y nano bind-utils net-tools telnet ftp mlocate wget at lsof man-pages tcpdump time bash-completion bzip2 yum-utils traceroute rsync strace pm-utils logrotate screen nmap-ncat
For this server, I also pulled in the full Base (a futher ~120 packages), although I probably didn't need to:
yum groupinstall -y base
Red Hat Subscription-Manager Troubles
After installation, I ran the usual:subscription-manager register --username <rhn_username> --autosubscribe
Which refused to register the host and logged lots of HTTP 502 Errors. I thrashed about for half an hour, to no avail. So, I left it for the night, came back in the morning, only to find that the damn thing worked immediately. Thanks Red Hat, thanks -- I wouldn't have had that issue on CentOS, would I?
Obvious Differences from RHEL6
Service Management - Starting, Stopping, etc
The service management is now different with SystemD:servicename=<servicename>
systemctl start ${servicename}.service
systemctl stop ${servicename}.service
systemctl status ${servicename}.service
# Enable on boot
systemctl enable ${servicename}.service<
# Disable on boot
systemctl stop ${servicename}.service
# Check boot status
systemctl list-unit-files | grep ${servicename}
NTP: The Times Are A-Changin'
NTPd is no longer installed in RHEL7 - chrony is the new NTP service.See my updated NTP-On-Linux blog post for Chrony Setup:
http://itnotesandscribblings.blogspot.com.au/2014/05/ntp-on-linux-linux-host-needs-ntp-set.html
Firewalls: Burn the Old Ways
Gone are the days of /etc/sysconfig/iptables - FirewallD now rules the roost.I haven't looked in great detail, but I found the following commands very helpful in getting myself set up with a basic single-interface server:
I experienced a serious gotcha when creating custom services - after you copy and edit the new custom file, you need to restart the firewall service. This is not documented in RedHat's Doco. Thanks again, guys.
cp /usr/lib/firewalld/services/http.xml /etc/firewalld/services/squid.xml
nano -w /etc/firewalld/services/squid.xml
firewall-cmd --get-service | grep squid
systemctl restart firewalld.servicefirewall-cmd --get-service | grep squid
No EPEL - Yet
EPEL hasn't yet added non-beta RHEL7 support - watch this space at https://fedoraproject.org/wiki/EPEL.RHEL7 Links And Resources
Red Hat Documentation (Official)
Quite useful - generally well-written and concise, albeit with occasional missing elements which can really cause an issue.Overall Documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/index.html
Basic Administration:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/part-Basic_System_Configuration.html
Firewall Information:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html
Other Useful Links:
Decent Overviews of firewallD:http://www.certdepot.net/rhel7-get-started-firewalld/
Adding permanent Rules to FirewallD:
http://blog.christophersmart.com/2014/01/15/add-permanent-rules-to-firewalld/
Posts
