flarcreate in RHEL
Is there anything like flarcreate in RHEL?
In Solaris, you can secure a server, create a flash archive and use the archive to jumpstart other servers.
Is there anything such thing in RHEL that can be implemented using kickstart?
Thanks
Arrey
Responses
Guru
6435 points
The Solaris flarcreate command is pretty much cpio inside a wrapper-utility.
Given that you're transferring equivalent amounts of data - whether doing one, giant flar (cpio) file or using a whole bunch of cpio files (RPMs) - and then running a customizer, at the end, doing a flar-style JumpStart isn't appreciably faster than a well-constructed KickStart profile.
Guru
6435 points
You can use the %post section of the KickStart config: you can either script out all the stuff directly in the %post section or you can put the script on a network-reachable resource then have the %post section download and run that hardening-script.
Guru
6435 points
You're probably overthinking it. Scripting doesn't have to be hard: it can be as simple as manually executing your hardening commands and then dumping your history-buffer into a file. Once you've got that core, you can fiddle with and tweak it to work more generally. Even better, you can use your "build-time" procedure as a life-cycle security tool (i.e., periodically run it against systems throughout their lifetimes to ensure they're still adequately secured). Remember: keeping systems secure is best done as more than just a one-time activity.
As a side-note: one of the RedHat guys maintains a set of STIG scripts on GitHub (if I remember correctly). If you grab those, much of your hardening might already be pre-done for you. There are similar hardening-projects that will show up in Google searches. +)
Guru
10806 points
Ghost4Linux would be the closest to this.
PlateSpin could be used to, but has the disadvantage that it has to be run online. So you need to stop all services and restart after the clone.
Guru
6863 points
If you need/want a corporate-supported solution, I would recommend Acronis. It seems as though their solutions consistently have provided the most flexibility and functionality (without having to be a scripting/programming genius ;-)
GhostZilla is free one that comes to mind, but I have not personally used it.
I agree that functionality similar to FLAR would be nice as you could image a box and push that image out and make a few tweaks, especially for disconnected environments.
Active Contributor
223 points
I'm an old Solaris guy converted to RHEL (never looked back). I ran a very critical Jumpstart server for many years to build, rebuild, and update my Sun Sparc baseline workstations and servers. It saved TONS of time, without question, but, it did take time up front to learn, setup, and tweak just the way I wanted it - quite a lot of time.
This setup included good flar image files and a healthy post-install configuration setup (including a one-time use init script for any final tweaks). But once that work was completed and everything was set up, there was very little to worry about and little work to do after that.
Though I don't Kickstart much these days (we're a VMWare snob shop with clones) I would definitely take the time to do the Kickstart setup. I'm trying to encourage one of my co-workers to do more Kickstarts on one project because it's not VMware-ready. I think you'll find that it'll be, if not "better", a "comparable/acceptable difference".
My 2 cents of course. LOL
Good luck!
"I miss ZFS". :-(
Guru
6435 points
Gawd: how far has the UNIX world fallen that Solaris is the one with "cool stuff". Solaris was always the "we'll sorta hang back and let the other commercial UNIX vendors cut themselves on the bleeding-edge of things". It's why conservative shops bought Solaris over other, higher-performance commercial UNIXes.
At this point in the game, there's not much in Solaris for which Linux (as a whole) lacks equivalency. With the EL7 release, even RedHat's got a high degree of the Solaris-y functionality built in or reproducable (without the horror-show that is Solaris 11's adoption of a registry-like configuration management system). Plus, no having to deal with Oracle. :p