You will need BLED112 dongle and pylgbst library.
yum install python3 pip3 install pygatt pip3 install pexpect pip3 install https://github.com/undera/pylgbst/archive/1.0.tar.gz
now you can write your first program test.py:
from pylgbst.hub import MoveHub, COLOR_RED from time import sleep hub = MoveHub() hub.led.set_color(COLOR_RED) sleep(5) hub.disconnect()
and test it:
python3 test.py
The LED has been changed to red for 5 seconds.
Test iSCSI
The LUN is created on ReadyNAS (192.168.1.28) in group CentOS-PXE, target iqn.1994-11.com.netgear:nas:08303042:centos-pxe.
All commands are run from my laptop (T530), but it can be any Linux:
[root@T530 ~]# iscsiadm -m discovery -t sendtargets -p 192.168.1.28 192.168.1.28:3260,1 iqn.1994-11.com.netgear:nas:051ada19:group1 192.168.1.28:3260,1 iqn.1994-11.com.netgear:nas:08303042:centos-pxe
We are interested in the second one:
[root@T530 ~]# iscsiadm -m node -T 'iqn.1994-11.com.netgear:nas:08303042:centos-pxe' -p 192.168.1.28 -l Logging in to [iface: default, target: iqn.1994-11.com.netgear:nas:08303042:centos-pxe, portal: 192.168.1.28,3260] (multiple) Login to [iface: default, target: iqn.1994-11.com.netgear:nas:08303042:centos-pxe, portal: 192.168.1.28,3260] successful.
Now we can list disks:
[root@T530 ~]# ls -l /dev/disk/by-path razem 0 lrwxrwxrwx. 1 root root 9 10-22 17:25 fc---lun-0 -> ../../sdd iqn.1994-11.com.netgear:nas:08303042:centos-pxe-lun-0 -> ../../sdd lrwxrwxrwx. 1 root root 9 10-22 16:29 pci-0000:00:0d.0-ata-1.0 -> ../../sda lrwxrwxrwx. 1 root root 10 10-22 16:29 pci-0000:00:0d.0-ata-1.0-part1 -> ../../sda1 lrwxrwxrwx. 1 root root 10 10-22 16:29 pci-0000:00:0d.0-ata-1.0-part2 -> ../../sda2 lrwxrwxrwx. 1 root root 9 10-22 16:29 pci-0000:00:0d.0-ata-2.0 -> ../../sr0
as you can see, the new volume is linked as /dev/sdd usualy it will be sda or sdb.
Now we can "unmount" as it won't be needed.
iscsiadm -m node -T 'iqn.1994-11.com.netgear:nas:08303042:centos-pxe' -p 192.168.1.28 -u
Configure network install
You will need: tftp, dhcp and ftp server and CentOS installation ISO file. Unpack ISO content to ftp server to some (CentOS7-1908-minimal in my case) directory.
Add entry in /data/tftpboot/pxelinux.cfg/default file:
LABEL InstallCentOS7 MENU LABEL Install CentOS 7 1908 KERNEL /networkboot/CentOS7-1908/vmlinuz APPEND initrd=/networkboot/CentOS7-1908/initrd.img inst.repo=ftp://192.168.1.28/CentOS7-1908-minimal
You have to create networkboot/CentOS7-1908 directory in your tftp root directory. In my (ReadtNAS) case /data/tftpboot/, so full path is /data/tftpboot/networkboot/CentOS7-1908.
Files vmlinux and initrd.img are from ISO from isolinux directory. Because my ftp root is /data/pub/ I typed:
cp /data/pub/CentOS-7-x86_64-Minimal-1908/isolinux/{vmlinuz,initrd.img} /data/tftpboot/networkboot/CentOS7-1908
Now you should be able to run CentOS installation from network.
Installation
Boot computer from network (PXE BOOT) choose Install CentOS 7 1908 from pxe menu.
Run standard installator. As Installation destination add disk in Specialized & Network Disks. In Add iSCSI Target... enter 192.168.1.28 as Target IP Address and click Start discovery. Choose desired node (if you have more than one you should know what do do) and click Log in and (after a while) OK.
Now you should have some drive (sda, sdb or similar) - select it and click Done. Probably there will be Error checking storage configuration message - click Full disk summary and boot loader ... and unselect your disk as a boot device by clicking Do not install boot loader. Click Done.
Now be sure the name of your network card. In my case it is enp0s3.
You can add more installation repositories, but it is not necessary now.
Click Begin installation. It will take a while - in the meantime you can set root password.
When installation is complete switch to console (Ctrl-Alt-F2) and copy vmlinuz and initramfs files to your tftp server:
scp /mnt/sysimage/boot/vmlinuz-3.10.0-1062.el7.x86_64 /mnt/sysimage/boot/initramfs-3.10.0-1062.el7.x86_64.img user@192.168.1.28:
and place this two files in tftp directory:
mv /home/user/vmlinuz-3.10.0-1062.el7.x86_64 /home/user/initramfs-3.10.0-1062.el7.x86_64.img /data/tftpboot/networkboot/CentOS7-1908
as you can see I use the same directory as in network install, but it is no necessary.
Now it is time to final PXE configuration on tftp server prepare entry similar to:
LABEL Centos7 MENU DEFAULT MENU LABEL Cent OS 7 kernel /networkboot/CentOS7-1908/vmlinuz-3.10.0-1062.el7.x86_64 root=/dev/mapper/centos-root ro netroot=iscsi:@192.168.1.28::::iqn.1994-11.com.netgear:nas:08303042:centos-pxe rd.iscsi.initiator=iqn.1994-05.com.redhat:2f3474eec735 vconsole.keymap=pl LANG=en_GB.UTF-8 console=tty0 ip=enp3s0:dhcp rhgb quiet append initrd=/networkboot/CentOS7-1908/initramfs-3.10.0-1062.el7.x86_64.img
You can check "magic numbers" on freshly installed system by:
[anaconda root@localhost /]# cat /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.1994-05.com.redhat:2f3474eec735 [anaconda root@localhost /]# iscsiadm -m session tcp: [1] 192.168.1.28:3260,1 iqn.1994-11.com.netgear:nas:08303042:centos-pxe [anaconda root@localhost /]# grep root /mnt/sysimage/etc/fstab /dev/mapper/centos-root / xfs defaults,_netdev,_netdev 0 0
Now you can click Reboot.
After some time you have network booted system.
Configure iPXE
Instead of PXE I should be possible to use iPXE. For now I can only boot iPXE - then I return to PXE because it works.
Download binary (on ReadyNAS - TFTP server) and move to tftp directory:
cd /tmp/ wget http://boot.ipxe.org/undionly.kpxe mv /tmp/undionly.kpxe /data/tftpboot/
Not to have to flash network card ROM I use PXE chainloading. Change (on Gargoyle - DHCP server):
dhcp-match=set:ipxe,175 dhcp-boot=tag:!ipxe,undionly.kpxe,,192.168.1.28 dhcp-boot=menu.ipxe,,192.168.1.28
It should be more convenient way to upgrade kernel in future.
For now, in menu.ipxe I've entry:
:pxelinux set 210:string tftp://192.168.1.28/ chain ${210:string}pxelinux.0 || goto failed goto start
Sources:
Diskless iSCSI boot with PXE HOWTO
How to chainload ipxe using dnsmasq?
Centos 7 Diskless Environment – PXE booting OpenStack compute nodes from iSCSI SAN
Last time I've prepared Gargoyle as dhcp and tftp server.
Prepare tftp on ReadyNAS
To enable tftp on ReadyNAS I've installed Tftp Server for Readynas. All files have to be in tftpboot share, so I've created it.
I have to copy all syslinux files (can be copied from gargoyle) to this share, so it contains (full path):
/data/tftpboot/pxelinux.cfg /data/tftpboot/pxelinux.cfg/default /data/tftpboot/ldlinux.c32 /data/tftpboot/libutil.c32 /data/tftpboot/menu.c32 /data/tftpboot/pxelinux.0
Reconfigure DHCP
Now I have to change dhcp server configuration. On gargoyle, in file /etc/dnsmasq.conf:
dhcp-boot=pxelinux.0,,192.168.1.28
as you can see, now it has address of my ReadyNAS (192.168.1.28).
You can comment out lines
enable-tftp tftp-root=/var/lib/misc/tftpboot
tftp on gargoyle is not need any more.
Now you should be able to boot any PC using PXE from ReadyNAS.
Boot to CentOS 7 (or any Linux) Installer
Now you can try to run Cent OS installer from network. You have to prepare FTP share and copy there files from installation image (CD/DVD). I've copied it to ReadyNAS to pub/CentOS7-1708 share .
If you use proftpd you have to create /etc/frontview/proftpd/proftpd.conf.overrides file to allow anonymous access:
UserAlias anonymous guest <Anonymous /var/ftp/pub> User guest Group guest <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> <Directory incoming> <Limit READ > DenyAll </Limit> <Limit STOR> AllowAll </Limit> </Directory> </Anonymous>
Create /data/tftpboot/networkboot/CentOS7-1708 directory and copy there files:
/data/tftpboot/networkboot/CentOS7-1708/initrd.img /data/tftpboot/networkboot/CentOS7-1708/vmlinuz
In /data/tftpboot/pxelinux.cfg/default file add lines:
LABEL InstallCentOS7 MENU DEFAULT MENU LABEL Install CentOS 7 KERNEL /networkboot/CentOS7-1708/vmlinuz APPEND initrd=/networkboot/CentOS7-1708/initrd.img inst.repo=ftp://192.168.1.28/CentOS7-1708-minimal
notice that ftp path is relative to pub share.
Now you should be able to boot to Cent OS installer.
Prepare NFS share
I've done it on ReadtNAS. You have to set in Settings - Network Access - NFS - Advanced settings: No Root Squash.
Be careful because you have to provide full path when mount share. My share is pub/root, so I have to mount as /data/pub/root:
mount -vt nfs 192.168.1.18:/data/pub/root /mnt/nfsroot/
As you can see, I've mounted this share in /mnt/nfsroot directory.
Install Cent OS
yum install --releasever=7 --installroot=/mnt/nfsroot \@base \@core
when You want to install another packages you can see error:
Wczytane wtyczki: fastestmirror, langpacks Loading mirror speeds from cached hostfile There are no enabled repos. Run "yum repolist all" to see the repos you have. To enable Red Hat Subscription Management repositories: subscription-manager repos --enable <repo> To enable custom repositories: yum-config-manager --enable <repo>
you will have to
cp /etc/yum.repos.d/CentOS-Base.repo /mnt/nfsroot/etc/yum.repos.d/
Now you can add some GUI packages:
yum install --releasever=7 --installroot=/mnt/nfsroot \@fonts \@gnome-desktop \@x11
Based on: CentOS 7: Install PXE Boot server for thin client with NFS.
The solution is similar as in Windows 7. To add a drive you have to type command (single line):
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" internalcommands createrawvmdk -filename "C:\Users\jaqb\SP900.vmdk" -rawdisk "\\.\PhysicalDrive1"
The VirutalBox also have to be run as privileged user (administrator).
On CentOS 7 you can log all commands to syslog an then to local file or even to remote server.
Send all commands to syslog
Create file /etc/sysconfig/bash-prompt-xterm:
RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" ) [$RETRN_VAL]"
and change, to be executable:
chmod a+x /etc/sysconfig/bash-prompt-xterm
Configure syslog to send messages from local6 facility to separate file
Create file /etc/rsyslog.d/bash.conf:
local6.* /var/log/commands.log
finally:
service restart rsyslog
Now you can monitor commands:
tail -f /var/log/commands.log
Log command using audit
Alternatively you can use audit - create /etc/audit/rules.d/bash_history.rules:
-a exit,always -F arch=b64 -S execve -a exit,always -F arch=b32 -S execve
but logs are not very human friendly:
grep EXECVE /var/log/audit/audit.log
and you may also want to log execvp, execl, execveat etc.
Sources:
https://askubuntu.com/questions/93566/how-to-log-all-bash-commands-by-all-users-on-a-server
https://unix.stackexchange.com/questions/86000/how-can-you-log-every-command-typed
http://whmcr.com/2011/10/14/auditd-logging-all-commands/
Add comment