[CentOS] Re: Copying user accounts (passwords) to another server

Wed Nov 29 22:27:06 UTC 2006
Walt Reed <wreed at vinq.com>

On Thu, Nov 30, 2006 at 10:49:37AM +1300, MrKiwi said:
> 
> Walt Reed wrote:
> >When building the "replacement" server, it can help to sync / add
> >accounts before all the third-party crap goes on. We do it as part of
> >the kickstart %post scripts. Kickstart from pxe-boot is awesome -
> >especially on HP servers... :-) Once a machine is installed in the rack
> >and powered up for the first time, it's online and usable with all the
> >packages we need, preconfigured, in about 15 minutes.
> >
> Walt - Can you show us your scripts?
> 
> I am working on something similar - a way to deploy a server 
> using kickstart and then a handwritten script to configure 
> things like postfix, ip, iptables, mysql, apache etc
> 
> I imagine however that all you clever people have already 
> got this in your toolbox of tricks,.

Well, obviously they are customized for our situation, and contain a lot
of info about our infrastructure that I am not at liberty to divulge,
but I can give you some pointers. 

Critical to the whole process is setting up DHCP correctly, a tftp
server, customizing the files in tftp so that the correct options are
set for booting, setting up a local YUM repository, apache to serve the
repository and kickstart files, etc. The kickstart script is almost
trivial compared to all that. We also use an NFS server for many things.

Kickstart, in %post, runs:

/sbin/chkconfig to enable and disable all the services we need or don't
need

Runs ntpdate and hwclock

Creates a bunch or directories in /usr/local and other areas, and
mountpoints for various NFS / SAN filesystems

Adds the mount info to fstab

Starts portmapper

Mounts a bunch of filesystems

Copies a slew of "standard" config files to /etc and elsewhere from the
NFS mounted archive

Creates a bunch of "stock" users via useradd / groupadd (we also use
LDAP.)

Runs Yum to install a whole slew of vendor and local packages

When a server installs itself, we find it's IP by looking in the dhcp
leases file on the dhcp server, then ssh into the machine and run
another script that changes the hostname, sets the IP to a
static address, and uses the HP client tools to reset the ILO Admin
password. (ILO is HP's remote console system - we run all our servers
headless.) To remove the need for the graphical ILO license, we nuke the
GRUB splash image, and add the option to the install / boot to force
text mode.

When I setup the kickstart process, I ran it over and over on the same
machine until it completed flawlessly - making notes of anything I had
to do manually, and then adding back in to the scripts. This can take
quite a while, and again is very customized to our particular hardware /
network / software set / environment.

The redhat manual on setting up kickstart is actually quite good.
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/