Friday, October 28, 2011

Installing minimal CentOS 6.0 distribution

This post starts a three part series in which I'll describe in detail how to install Zimbra Open Source mail server on 64-bit CentOS distribution. The first part deals with CentOS installation itself. The second part talks about setting up split DNS server, and finally, the third part will talk about setting up Zimbra server itself.

Before describing installation, I'm going to define the environment, and some basic parameters, in which this server is going to be deployed. Note that you can implement this network topology using VMWare or some similar product and in that way you can test that everything is working before doing actual installation.

So, the network topology I'm going to assume is given in the following figure:

Network topology for Zimbra Mail server
What you can see in this figure is a future Zimbra server (on the right) with the IP address 10.0.0.2/24. This is the server I'm going to describe how to install. We'll also assume domain example-domain.com. For the moment no additional parameters are needed, and in later post I'll introduce all the necessary parameters on an as needed base.

Preinstallation considerations

When I perform CentOS installation I usually do minimal install because in that way I'm getting more secure system. Then, as need arises, I add additional packages. Sometimes it happens that even minimal installation (as defined by CentOS installer) has some packages I don't need and so I remove them. But this state changes from release to release. For example, at one time minimal installation included isdn4k-tools which I didn't need as I was connecting my servers to Ethernet LAN. Apart from security concerns for such behavior, there used to be additional reason to make minimal installation. Namely, to save disk space. But because of the abundance of available disks space today, that reason is not valid any more, at least not for the majority of cases.
 
Performing base system installation is in principle very easy. The potential problem is that you need to anticipate some parameters, three of which we are going to discuss in some detail. Those are file systems (and disks), network configuration and 32 or 64-bit installation.

For file systems the following details have to be considered: partitions sizes, use of logical volume management and RAID. There is also question of exact file system type to use, but I won't discuss that one here. ext4 suffices in majority of cases.

When we talk about sizes of different directories, specially problematic ones in general could be /var and /home. But also, for example, /opt, or any other directory with application data and/or logs. Directories like /etc, /usr, /lib, and some others are in general constant in size during the system's deployment. What I would suggest is that you start with a minimum disk space required and when some of the aforementioned partitions has to have more space, you just create new partition, move content of the directory this partition will replace, and finally mount the partition. Additionally, the application you intend to install could significantly influence how your partitions are laid out. In any case, I don't allow installer to do manual partitioning by itself.

I try to avoid logical volume management if I can, if nothing else, just to remove one additional layer of complexity. But, in certain scenarios you'll have no choice but to use it, unless of course you want to have some nightmares later. When, for example, you are installing a production system that is going to be used for a long time and there will be a large quantity of data (but you are uncertain how much exactly), in that case I would suggest that you use logical volume management. So, we have two extremes, on one side there is a static system that wouldn't grow much in size with a simple file layout, and on the other side there is heavily loaded server with lots of recorded data and/or very complex file system layout. Note that for small systems, maybe medium ones too, where you can have few hours of downtime any decision you made can later be changed. For example, you start without LVM, and then decide that you need to implement it so you add LVM partition under a single directory only, or you change everything apart from the boot partition. It is relatively easy to do so and I'll describe that process in some future post.

Finally, there is also question about the use of RAID, should you use it or not. There are several different possibilities:
  1. You are installing system on a local disk subsystem, with or without hardware RAID support.
  2. You are using remote disk storage.
  3. Installation is performed within virtualized environment (e.g. VMware, Citrix Xen, KVM)
In case you are using virtualized environment then you don't have to use RAID, actually, it is an overkill. The assumption is that the host itself has RAID to protect all the hosted virtual machines. Still, there is one exemption, and that is a production server running within ESXi. In case you are using ESXi with local storage and you don't have hardware RAID, then you have to implement RAID in virtual machine. But I suppose that this case will be rare as it signals that you are using some poor hardware for production environment. Nevertheless, it is possible to do so, and maybe I'll describe that scenario in some future post too.

Next, if you are installing test server or something not particularity important, RAID is definitely an overkill. And finally, if you are using remote storage, then also it is not necessary to use RAID because remote storage takes care of that (or at least it should).

This leaves us with the scenario of using local storage, installing an important server and a question should we use software and hardware RAID (if there is no hardware RAID, there is obviously no dilemma). I personally prefer software RAID for a simple reason that I'm allowed to access individual disks using smartctl tool to monitor their health status. This is also a better solution for a number of low cost RAID solutions because those are, in essence, software RAIDs. Still, when you have some high end hardware that has very good hardware RAID and/or you need high performance then your route to go is definitely hardware RAID.

So, the last thing to consider is how to combine software RAID and LVM? I personally prefer using md RAID, and on top of that I install LVM.

While we are at disks we have to also consider swap partition size too. I doubt that more than few gigs of swap is of any use. It used to be a rule to have twice as much of swap as you have RAM. But in case you have 64G of RAM, to have 128G of swap is exaggeration. I usually put 2G, maybe 4G at most. Simply, this can be considered as a space for dormant applications. But if you have so many dormant applications that they fill so much of a swap, then you should probably tune your applications. And yes, if swap is used as a short term space for applications (i.e. they are swapped out, and then shortly after that swapped in) that is also not good as it severely impacts the performance of a server. Finally, RAM is cheap, buy more RAM, not larger disk.

Second consideration, after file systems, we also have to consider network. Basically, there are only two options: dynamic or static addresses. That choice is relatively easy. If you are installing some sort of a server, machine that will be accessed by another machines/people, than it's better to assign static IP address. With dynamic address it could happen that DHCP server is unreachable for some reason and that server loses its IP address and stops functioning. On the other hand, if you are installing workstation, that is, a machine that will access other machines, then better option in majority of cases is to use dynamic assignment of addresses, i.e. DHCP. It brings some flexibility into the system, with a price in lower security (which also can be adequately solved).

Finally, the third consideration is whether to install 32 or 64 bit system. I strongly suggest that you install 64 bit system. Only in case you are running some application that requires 32 bit operating system and it is only supported on 32 bit operating system, you should use 32-bit system. In all other cases, as I said, use 64 bit. Here I implicitly assume that the hardware you use is 64 bit. If it is not, then that's also the case when you'll use 32-bit operating system. Note that it is possible to run 32-bit application on a 64-bit operating system! That is, it is not mandatory to install 32-bit installation to use 32 bit applications!

So, that's all about preinstallation considerations. Let us proceed to base system installation.

Installing base system

After all the preinstallation considerations, I'll assume that we are going to install 64-bit system in a virtualized environment and that we don't expect this system to grow much in terms of the installed size and recorded data. So, I won't use RAID and neither I'm going to use LVM. Furthermore, it's definitely a server, so we'll use static IP address. Also, we'll assume that you have 8G of RAM in server, and we'll also allocate 2G of swap and 4G for a single root partition (no special /var, /home, etc.). Actually, minimal installation takes about 600MB, but this will grow for about 200M after first update. So, you have to have at least 1G for base system install.

Start by putting CD and booting the machine (or attaching ISO image and starting virtual machine).

After the installation starts, it asks you the following series of questions:
  1. Should the installer check CD/DVD? In case you are using ISO image there is certainly no need to do that. If you are using real DVD media, then decide for yourself. I usually skip this step. After this question, graphical installation starts. Note that if you don't have enough RAM, you'll be forced into text based installation which has severely restricted number of options, e.g. you can not manually partition hard disk! Take a look into this post in case you did installation in text mode and want to switch to RAID.
  2. After you select Next you are first asked for language to be used during installation as well as for keyboard layout. The two are used only during the installation process. Select the ones that suite you, and select Next.
  3. Storage types used for installation. There are two options: Basic Storage Devices and Specialized Storage Devices. The first one you use when you are performing installation on local disks, while the second one is for a shared storage. Just select Basic Storage Devices.
  4. Then, if this is a new computer, or a new disk, you are presented with a warning that disk(s) need to be reinitialized. Select button 'Re-initalize all'.
  5. You are asked to provide computer name. Enter here mail.example-domain.com. Then, click on button Configure Network. A new dialog will open.
  6. In the newly opened dialog select tab Wired (if it isn't already selected) and in there select option 'Auto eth0' and click on the button Edit. New dialog will open.
  7. It is not necessary, but I change the name to be only eth0. Then, I select checkbox Connect automatically. This is mandatory because otherwise your server will be unavailable until someone logs into it and connects it to network. This isn't something you want. :)
  8. Clik on the tab IPv4 Settings. You'll see under Method option Automatic (DHCP). Change that into Manual and click on Add button. Then, add the address 10.0.0.2, change network mask to 24 (you'll be automatically offered 8) and enter gateway 10.0.0.1. Also, enter the IP address of public DNS server you are using until we configure our own DNS server. Finally, click Apply. Click Close to close network connections editor.
  9. Select the zone you are in and click Next.
  10. Next, you have to enter root password. Note that this is a vary important password so you should pick a strong one, or be certain in what you are doing! Anyway, after entering root password (twice) click Next. If you entered a weak password you'll be warned about it. Decide for yourself what you'll do, ignore it or change it to better one. In any case, eventually you'll proceed to next step.
  11. Now we came to partitioning step. Select Create Custom Layout and then Next. You'll be transferred to disk editor. In disk editor create swap partition (2G) and root (6G) partition. Both are standard partition so when asked about partition type (after clicking Create button) just confirm default value (i.e. Standard Partition). When you click Next, you'll be asked if you are certain that changes should be written to a disk. To confirm, press button Write Changes to Disk.
  12. When asked about grub loader, just select Next.
  13. Now you are presented with a screen to select package selection to be installed. Select Minimal and then Next.
Installation now starts so you should wait. Because it is minimal install it is finished quite soon. When all the packages are installed press Reboot. At this moment, on CentOS 6.2 the disk usage is:
# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             7,4G  759M  6,3G  11% /

As a final step of a base system installation you should do update. But, in order to do so you'll have to add additional repository that isn't include by default, see some details here. In short, you should run the following command as a root (this is one line, but it could be broken because of formatting in your browser!):
rpm -ivh ftp://ftp.funet.fi/pub/mirrors/centos.org/6/cr/i386/RPMS/centos-release-cr-6-0.el6.centos.i686.rpm
After that command successfully finishes, run the following command to pick up all the updates:

This additional repository isn't used any more, as far as I know. So just use the following command to update installation:
yum update
When asked, confirm update. You'll also be asked to import CentOS signing key into RPM database. Check that this is a valid key, and confirm import process. That's all, base system is installed! Don't forget to reboot machine after upgrade since probably many important packages replaced with newer versions and to activate them in already running processes you should reboot machine.

After update finished my disk usage was:

# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             7,4G  986M  6,1G  14% /
But the exact values heavily depend on number of updates, so take this only as a rough guideline.

Adding some useful packages

As a final step of base system installation I'll list some additional packages you might want to install. I find them very useful for debugging problems and checking system's correctness. Those packages are:
  • tcpdump - this is the packet sniffer. If something is wrong with a network you'll use this tool to see what's going on (or not, depending on the problem :)).
  • strace - sometimes process behave oddly and in those cases you can use this tool to trace them to see what's going on. It's not exactly dtrace, but in many cases is very hapeful.
  • telnet - when some server is apparently listening on some port and you can not access it for whatever reason this simple telnet client can help you try to connect, and using tcpdump see what's going on. It will even allow you to interact with server, e.g. mail server to send test email message.
  • lsof - swiss army knife that allows many thing to be queried from processes. For example, which ports are opened by a process, of to which process particular port belongs. Then what files are opened, etc. Very usefull tool, indeed.
  • ntpdate - this is a network time protocol that allows you to synchronize you machine's time clock with some accurate time server (e.g. zg1.ntp.carnet.hr).
  • rsync - for more efficiently copying data from and to server.
  • openssh-clients - to allow rsync to work and also to allow you to connect to remote machines from this server.
All those packages can be installed using yum followed by the package name (the name in bold).

No comments:

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive