operating system installation -...

Operating System Installation

René Serral-Gracià Xavier Martorell-Bofill1

1Universitat Politècnica de Catalunya (UPC)

September 16, 2014

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Lectures

1 System administration introduction2 Operating System installation3 User management4 Application management5 System monitoring6 Filesystem Maintenance7 Local services8 Network services9 Security and Protection

10 Virtualization

R. Serral-Gracià, et. al Installation 2

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Outline

1 Introduction

2 Equipment Life-cycle

3 System installation

4 Disk Partitioning and filesystems

5 System Init/Shutdown

R. Serral-Gracià, et. al Installation 3

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Outline

1 IntroductionGoals

2 Equipment Life-cycle

3 System installation

4 Disk Partitioning and filesystems

5 System Init/Shutdown

R. Serral-Gracià, et. al Installation 4

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Goals

Abilities

Installation schedulingDisk PartitioningFile System creationSwap area dimensioning

Basic configurationSystem Startup and Shutdown

Configuration Commands and files

fdisk, mkfs, mkswap, mount, swaponshutdown, halt, reboot, poweroffinit, /etc/inittab, /etc/rc*.d/, /etc/fstab

R. Serral-Gracià, et. al Installation 5

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Outline

1 Introduction

2 Equipment Life-cycle

3 System installation

4 Disk Partitioning and filesystems

5 System Init/Shutdown

R. Serral-Gracià, et. al Installation 6

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Equipment Life-cycle1

New

Clean

Install

Configured Unknown

Off

Initialize

Reinstall

Update

Fix

Entropy

Retire

Sysadmin goals:Understand the existence of the states and their transitionsMaximize the amount of time in the “Configured” state

1Rémy Evard. “An analysis of UNIX system configuration”. 11th Systems Administration Conference (LISA 97)

R. Serral-Gracià, et. al Installation 7

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Equipment Life-cycle

States

New: new equipmentClean: equipment with the installed OS but without anymaintenance taskConfigured: configured equipment according to theenvironment requirementsUnknown: unconfigured or outdated equipmentOff: discarded equipment due to its age or hardware failure

R. Serral-Gracià, et. al Installation 8

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Equipment Life-cycle

Transitions

Install: OS installationInitialize: Initial set of required changes to have theequipment configured in the work environmentUpdate: Insert new functionalities, apply patches andsecurity updatesEntropy: Gradual degradation process leaving theequipment in unknown stateFix: take the necessary actions to set the equipment backto configured stateReinstall: massive update of the OS. Usually forced by anattack, goal shift in the equipment, or configuration errorsRetire: final retirement of the equipment

R. Serral-Gracià, et. al Installation 9

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Outline

1 Introduction

2 Equipment Life-cycle

3 System installationPrevious tasksInstallation

4 Disk Partitioning and filesystems

5 System Init/Shutdown

R. Serral-Gracià, et. al Installation 10

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

System installation

1 Goals2 Dimensioning3 HW Acquisition4 Disk preparation5 Protected network setup6 Install / OS & Software update7 Service configuration / adaptation8 Security policy enforcement9 Final location network setup

10 Label / Document the followed steps11 Monitor. . . goto 5

R. Serral-Gracià, et. al Installation 11

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Previous tasks

1 Goals

Which is the purpose of the new equipment?

DesktopDocument editing?Compiling?

ServerE-mail? Web? Proxy? DNS? Files?Primary? Secondary?

Amount of expected usersSecurity requirements

R. Serral-Gracià, et. al Installation 12

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Previous tasks

2 DimensioningCPUMemoryDiskRedundancy

3 Buy HWOS Compatibility (drivers!)List of features

IRQs, DMA, and/or ports...

R. Serral-Gracià, et. al Installation 13

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Installation

4 Disk preparationPartitioningSwap area preparationFormat and prepare the filesystems

5 Connect the equipment into a secure networkSo during the installation the machine is protected

6 Install / Update OS & SoftwareChoose OS / DistributionSelect the package update list

R. Serral-Gracià, et. al Installation 14

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Installation

7 Service configurationAdapt them to the work environment

8 Implement security policiesOffer only the necessary services

9 Connect to the networkTo the final location

10 Label / Document the followed stepsIn case it is necessary to repeat them, to apply them onother machines, . . .

11 Monitoring. . . goto 6

R. Serral-Gracià, et. al Installation 15

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Outline

1 Introduction

2 Equipment Life-cycle

3 System installation

4 Disk Partitioning and filesystemsFilesystem preparation/formatSwap area

5 System Init/Shutdown

R. Serral-Gracià, et. al Installation 16

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Types of partitions (PC)

Up to 4 “primary” partitions in theMaster Boot Record

Or 3 primary and 1 extended. . . or 2 primary and 2 extended. . .(not supported by all OSs)

Primary partitionMay contain a filesystem

Extended partitionCan only contain logical partitions

Logical partitionsMay contain a filesystem

Ext

ende

d

Data area 1

Master boot record

Prim

ary

Logi

cLo

gic

Prim

ary

Boot Sector

Data area 2

Boot Sector

Extended Boot Record

Boot Sector

Data area 3

Boot Sector

Data area 4

No Usat

R. Serral-Gracià, et. al Installation 17

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Types of partitions – GUID Partition Table (GPT)

Up to 128 partitions with the defaultsize of GPTThere is no disctintion of primaryand extended partitions anymore,now it is identified by UUID

The partition type is determined bythe Operating System, whichassigns its own IDs

R. Serral-Gracià, et. al Installation 18

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Partitions: concept and justification

Divide one disk into several independent disks

Each partition is completely isolated from the othersError isolationMore security

Backup management different for each partitionFasterMore convenientRead-only or not much changed partitions

Information reuse among OS

Problem: hard disk fragmentation

R. Serral-Gracià, et. al Installation 19

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Filesystem structure in UNIX

bbinsbin

lib

usr*

bin sbin

local*

home*

mnt*

opt*

etc dev*proc**

tmp*

var*

log* tmp

/**

* Can be mounted filesystems** Must be mounted filesystems

R. Serral-Gracià, et. al Installation 20

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Filesystem structure in UNIX

/bin and /sbinExecutables needed during boot timeifconfig, mount, ls, cat, ...

/usr/bin and /usr/sbinOperating system applicationsman, apropos, ...adduser, deluser, ...

/usr/local/bin and /usr/local/sbin (or /opt)Specific applications

$HOME/binEnd-user applications

R. Serral-Gracià, et. al Installation 21

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Filesystem structure in UNIX

/varDynamic content

AccountingInformation about end-user activity

SpoolMailCron/atlpd

RunPid’s of running daemons

LogSystem logs

R. Serral-Gracià, et. al Installation 22

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Filesystem preparation/format

mkfs -t tipus [opcions] dispositiutype: ext3, ext4, reiserfs, vfat, brtfs,. . .options (filesystem dependent)

block sizenumber of inodenumber of blocks (usually autodetected). . .

tune2fs [-l] [-j] . . .Filesystem ext[234] parameter configuration

Filesystem check intervalJournal creation. . .

R. Serral-Gracià, et. al Installation 23

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Exercise – En grup

If we put all the directories labelled with * and ** in theirown partition. Determine a correct size for each partition

Such size normally depends of the particular needs for thatinstallation. Usually a regular Linux installation needsaround 15GB

Why the rest of the directoris cannot be on a partition bythemselves

The content is necessary during the boot process.Potentially before mounting the filesystems

R. Serral-Gracià, et. al Installation 24

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Exercise – En grup

If we put all the directories labelled with * and ** in theirown partition. Determine a correct size for each partition

Such size normally depends of the particular needs for thatinstallation. Usually a regular Linux installation needsaround 15GB

Why the rest of the directoris cannot be on a partition bythemselves

The content is necessary during the boot process.Potentially before mounting the filesystems

R. Serral-Gracià, et. al Installation 24

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Mount

mount [options] device directory-t <filesystem type>

Indicate the type of the filesystem-a

mount all the filesystems in /etc/fstab-o <FS options>

ro = read-onlyremountnoexec, nodev, nosuiduser

R. Serral-Gracià, et. al Installation 25

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

/etc/fstab

Indicates how to mount the filesystems

Device M. point FS Options D F/dev/sda1 /boot ext3 defaults 0 2/dev/sda2 / ext4 defaults 0 1/dev/sda5 /var ext3 defaults 0 2/dev/sda6 /tmp ext3 defaults 0 2/dev/sda7 /home ext3 defaults 0 2none /dev/pts devpts gid=5,mode=620 0 0none /proc proc defaults 0 0none /sys sysfs defaults 0 0/dev/sda3 swap swap defaults 0 0/dev/scd0 /mnt/cdrom auto ro,noauto,user 0 0

R. Serral-Gracià, et. al Installation 26

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Exercise – In group

We have a server with 100 users, with a disk quota of 5Gbper user. The system has a 1TB harddisk. Indicate howcan you partition it and the size of each partition.

The users need a total of ∼ 500GB. ∼ 5GB for the basesystem2, then lacking more information we leave a total of∼ 10GB for applications.Then we will have 3 different partitions, the root partition/dev/sda1 with 6GB, the user’s partition /dev/sda2using 600Gb, 12Gb for applications /dev/sda5, andfinally 8GB for the swap partition/dev/sda6. We leave therest of the disk unpartitionedFor safety we leave a threshold of 10− 20% in terms ofspace for each partition

2Assuming a Linux Debian installation

R. Serral-Gracià, et. al Installation 27

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Exercise – In group

We have a server with 100 users, with a disk quota of 5Gbper user. The system has a 1TB harddisk. Indicate howcan you partition it and the size of each partition.

The users need a total of ∼ 500GB. ∼ 5GB for the basesystem2, then lacking more information we leave a total of∼ 10GB for applications.Then we will have 3 different partitions, the root partition/dev/sda1 with 6GB, the user’s partition /dev/sda2using 600Gb, 12Gb for applications /dev/sda5, andfinally 8GB for the swap partition/dev/sda6. We leave therest of the disk unpartitionedFor safety we leave a threshold of 10− 20% in terms ofspace for each partition

2Assuming a Linux Debian installationR. Serral-Gracià, et. al Installation 27

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Exercise – In group

List the required commands in order to be able to mountthe filesystems indicated in the previous exercise, knowingthat the application partition must be read-only.

/dev/sda1→ it must be mounted from /etc/fstab/dev/sda2→ mount /dev/sda2 /home/dev/sda5→ mount -o ro /dev/sda5 /usr

Can you devise any situation where more partitions couldbe necessary?

If the server had some specific requirements, for example avery large web page, we could be interested in having/var/www in a different partition

R. Serral-Gracià, et. al Installation 28

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Exercise – In group

List the required commands in order to be able to mountthe filesystems indicated in the previous exercise, knowingthat the application partition must be read-only.

/dev/sda1→ it must be mounted from /etc/fstab/dev/sda2→ mount /dev/sda2 /home/dev/sda5→ mount -o ro /dev/sda5 /usr

Can you devise any situation where more partitions couldbe necessary?

If the server had some specific requirements, for example avery large web page, we could be interested in having/var/www in a different partition

R. Serral-Gracià, et. al Installation 28

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Exercise – In group

List the required commands in order to be able to mountthe filesystems indicated in the previous exercise, knowingthat the application partition must be read-only.

/dev/sda1→ it must be mounted from /etc/fstab/dev/sda2→ mount /dev/sda2 /home/dev/sda5→ mount -o ro /dev/sda5 /usr

Can you devise any situation where more partitions couldbe necessary?

If the server had some specific requirements, for example avery large web page, we could be interested in having/var/www in a different partition

R. Serral-Gracià, et. al Installation 28

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Exercise – In group

List the required commands in order to be able to mountthe filesystems indicated in the previous exercise, knowingthat the application partition must be read-only.

/dev/sda1→ it must be mounted from /etc/fstab/dev/sda2→ mount /dev/sda2 /home/dev/sda5→ mount -o ro /dev/sda5 /usr

Can you devise any situation where more partitions couldbe necessary?

If the server had some specific requirements, for example avery large web page, we could be interested in having/var/www in a different partition

R. Serral-Gracià, et. al Installation 28

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Swap area

Rule of thumbSwap = 2 * physical memory

Memory

x

Swap

2x

RealmentForesee memoryrequirements and choose itaccordingly

Memory Swap

Applications

R. Serral-Gracià, et. al Installation 29

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Swap area implementation

As a disk partitionBetter if divided into multiple devices

Special filePre-created and completely reserved. . . it cannot have any“holes”

Holes??? in a file???dd if=/dev/zero of=swapfile bs=1024 count=65536

Be careful!File protectionsThe is sensible information from the swapped out processes

R. Serral-Gracià, et. al Installation 30

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Swap area Creation/Preparation

mkswap device | fileCreates a swap area — is equivalent to swap area “format”

swapon [options] [device | file]-p priority

The swap with more priority is used beforeRound-Robin if equal priority

-aActivates all the swaps defined in /etc/fstab

swapoff [options] [device | file]Disables a given swap area-a

Disables all the ones defined into /etc/fstab

R. Serral-Gracià, et. al Installation 31

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Outline

1 Introduction

2 Equipment Life-cycle

3 System installation

4 Disk Partitioning and filesystems

5 System Init/ShutdownSystem initializationSystem shutdown

R. Serral-Gracià, et. al Installation 32

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

System initialization

ROMHardware initialization

CPUs,. . .

kernelHardware detectionKernel mode configuration

initrdDevice configuration

initUser space configurations

kernel initrd

kernel initrd init

Loader

MBR

ROM

kernel mode

user mode

R. Serral-Gracià, et. al Installation 33

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Runlevel

init it has diferent runlevelS,1: single user2-5: multi-user

2: without network3: with network4: network + X

0: halt6: reboot

init run-levelchanges the runlevel

S

2 3

0 6

R. Serral-Gracià, et. al Installation 34

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Init/shutdown Service Scripts

/etc/init.d

Accept standard parameters/etc/init.d/servei start|stop|restart|reload|. . .

start: starts the servicestop: stops the servicerestart: stop+startreload: if possible restarts the service without killing it (HUP)

And other specific to some servicesstatussetup. . .

R. Serral-Gracià, et. al Installation 35

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Unix System-V init style

/etc/rcX.d

One directory per runlevelScripts running at runlevel X

Usually are soft-links to actual scripts in /etc/init.dThe name indicates its priority (01-99)

[S|K ] <priority>namee.g.: S40networking, K74bluetooth

When changing the runlevel first the system runs the K andthen S with priority order (small first – alphabetically)They can be managed using update-rc.d→ Lab session

R. Serral-Gracià, et. al Installation 36

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Dependency based init

Upstart

Compatible with System V (Scripts and parameters)Totally asynchronousService init/shutdown in parallel

Makefile style controlled dependencies

It allows contron and monitoring of the running services

Systemd

Partially compatible with System V or BSDOnly available in LinuxIt allows hardware detection via udev

R. Serral-Gracià, et. al Installation 37

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Initialization – End

/etc/rc.local

Local configuration Shell scriptExecuted at the end of multiuser runlevels

Example:

#!/bin/bash# start hard drive temperature monitor daemon/usr/local/bin/hddtemp -d /dev/sda

# In case hddtemp fails for any reasonexit 0

R. Serral-Gracià, et. al Installation 38

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

System shutdown

Actions to perform

Stop all services — Network + localsStop all the processesSync all buffer cachesUmount all the filesystemStop/reboot the system

Commands

shutdown: allows shutdown/reboot at a given timereboot, halt, poweroff, . . .

Currently all optiosn use ACPI extensionsinit 0, init 6

R. Serral-Gracià, et. al Installation 39

Introduction Equipment Life-cycle System installation Partitioning Init/Shutdown

Personal work

Privileges and protectionOwners and groupsPrivileges (r, w, x)UmaskSetuid, setgid

User management related commandschmod, chown, id, newgrpuseradd/adduser, userdelchfn, chsh, passwdgroupadd, groupdel

R. Serral-Gracià, et. al Installation 40