From 52fc02b03aab149e91c3ece6dfaf9be26006b757 Mon Sep 17 00:00:00 2001 From: Peter Boy Date: Feb 09 2022 10:49:19 +0000 Subject: Updated installation guide to release 35 --- diff --git a/docs/modules/ROOT/pages/server-installation.adoc b/docs/modules/ROOT/pages/server-installation.adoc index 610992a..01b2e55 100644 --- a/docs/modules/ROOT/pages/server-installation.adoc +++ b/docs/modules/ROOT/pages/server-installation.adoc @@ -2,21 +2,25 @@ Peter Boy; Kevin Fenzi; Jan Kuparinen :page-authors: {author}, {author_2}, {author_3} +[NOTE] +==== +**Status:** published +==== + [sidebar] **** -Author: Peter Boy (pboy) | Creation Date: 2021-04-05 | Last update: 2021-08-05 | Related Fedora Version(s): 33,34 +Author: Peter Boy (pboy) | Creation Date: 2021-04-05 | Last update: 2022-02-09 | Related Fedora Version(s): 34,35 **** -Fedora Server Edition uses the same installation procedure as most of the other editions and spins. Basic installation is covered by https://docs.fedoraproject.org[Fedora's overall Installation Guides]. +Fedora Server Edition uses the same installation procedure as several other editions and spins. Basic installation is covered by https://docs.fedoraproject.org[Fedora's overall Installation Guides]. image::serverinstall-summaryscreen.png[Anaconda Installation Summary] -While Fedora Server Edition uses the same package set as all Fedora editions, the defaults are different and more -tailored to a server install. These defaults are outlined in the following sections, and can, of course, be overridden either in https://docs.fedoraproject.org/en-US/fedora/rawhide/install-guide/advanced/Kickstart_Installations/[kickstart] or the installer itself +While Fedora Server Edition uses the same rpm package repository as all Fedora editions, the composition of the packages and especially the defaults of the runtime environment are different and more tailored to a server install. These defaults are outlined in the following sections, and can, of course, be overridden either in https://docs.fedoraproject.org/en-US/fedora/rawhide/install-guide/advanced/Kickstart_Installations/[kickstart] or the installer itself And of course, the installation planning depends on the details of the target environment. As an example, a virtual machine installation requires a different approach to storage than a bare metal installation. In the former case, one does not need to worry about a RAID system. -These instructions and notes primarily concern a **bare metal installation**. A "bare metal installation" is one where the Operating System (Fedora Server Edition in this case) is installed directly on the computer vs a virtual machine, in the cloud, etc. +These instructions and notes primarily concern a **bare metal installation**. A "bare metal installation" is one where the Operating System (Fedora Server Edition in this case) is installed directly on the computer hardware vs a virtual machine, in the cloud, etc. == Choosing the right installation medium @@ -28,27 +32,35 @@ If you ask 3 system administrators about the best practice for hard disk partiti === What default partitioning does -By default, on a BIOS booting machine, Anaconda creates a small ```/boot``` partition on the first drive, used by the Grub2 bootloader. The remaining area is filled with another partition and one volume group (VG) created therein. In case of a disk larger then 2 TB it uses a GPT partition table and adds a BIOSboot partition to the described scheme, otherwise it uses the traditional DOS partition table. +On a _BIOS_ booting machine, by default, Anaconda creates a small ```/boot``` partition on the first drive, used by the Grub2 bootloader. The remaining area is completely filled with second partition containing one large volume group (VG) named `fedora_fedora` created therein. You will end up with 2 primary partitions on the hard disk that use all the available space. + +In case of a disk larger than 2 TB the first step is to create a ```BIOSboot``` partition and then continue with the same default approach described above. You will end up with 3 partitions on the hard disk that completely occupy the available space. -In the case of a UEFI boot system, Anaconda creates first the required 'EFI System' partition and then adds the aforementioned ```/boot``` partition and LVM partition and Volume Group (VG). +In the case of a _UEFI_ boot system, Anaconda creates first the required 'EFI System' partition and then adds the aforementioned ```/boot``` partition and one large LVM partition and Volume Group (VG) as described above. You will end up with 3 partitions on the hard disk that completely occupy the available space. -A logical volume of approximately 15 GB (the exact value depends on the disk capacity of your system) is created for the operating system and its software. The other available space remains free for the creation of Logical Volumes (LVs) for user data, which are to be mounted at the appropriate positions in the directory tree of the system area. +In _each_ of these 3 alternatives, Anaconda creates one logical volume of approximately 15 GiB (the exact value depends on the disk capacity of your system) named `root` for the operating system and its software. The remaining available space is at the disposal of the system administrator for free use. === The rationale The rationale behind this is a separation of system and user data, which eases system administration, increases security, and decreases the likelihood of errors. The system area (i.e. the operating system including installed software) must be maintainable completely independently of the storage of user data. System maintenance must not jeopardize user data under any circumstances. If necessary, it must be possible to unmount user data. -=== Taking the Rationale Further +Following this principle, the system administrator would later set up additional logical volumes for storing an application's data and mount them at an appropriate location in the directory tree. In case of a PostgreSQL database, for example, a system administrator would create a logical volume of appropriate size, assign a descriptive name, such as `pgdata`, and mount it in the directory tree at `/var/lib/pgsql`, where Fedora PostgreSQL expects the data to reside. + +In this way, any error that may occur in the file system should have as little impact as possible and jeopardize as little valuable data as at all possible. For this, the additional effort in system administration is purposely accepted. + +=== Taking the rationale further If you are a more experienced administrator, you may wish further the rationale above with increased separation. -Create another small partition and VG dedicated to the operating system (resulting in three partitions: system, user, & boot). A good size for this VG (eg. ```sysvg```) is, approximately, 30 GB. Create a LV (e.g. ```sys_root```) of 15 GB for the operating system and maybe additional LVs for the runtime environment (e.g. a LV ```sys_log```) of about 5 GB. Mount it at ```/var/log``` to prevent log files from flooding and blocking the system and, vice versa, prevent that any other space issue on the root partition blocking your logs. The remaining free space is left for distribution as needed over time. The remaining area of the hard disk is filled by a large partition and a VG for user data (e.g. ```usrvg```). Similar to the default partitioning, all user data is created as LVs in ```usrvg``` and mounted in the corresponding directories of the system. This is the maximum possible separation of system and user data with only one hard disk is available. And with today's typical hard drive size of 2 TB and more, those dedicated 30 GBs don't interfere with the effective use of disk space anymore. +You will select `Custom` and create the `BIOSboot`, `efi` and `/boot` partitions as required and a small partition and VG dedicated to the operating system. A good size for this VG (eg. ```sysvg```) is, approximately, 30 GiB. Occupying the remainig space you will create a dedicated partition and Volume group (eg. ```usrvg```) for user data. You will end up with 3 primary partitions on the hard disk (boot, sysvg, usrvg with Bios boot machines and hard disks up to 2 TB) rsp. 4 partitions (BIOSboot/efi, boot, sysvg, usrvg for all other machines) that use all the available space. + +Create a LV (e.g. ```sys_root```) of about 15 GiB for the operating system and maybe additional LVs for the runtime environment, e.g. a LV ```sys_log``` of about 5 GB. Mount it at ```/var/log``` to prevent log files from flooding and blocking the system and, vice versa, prevent that any other space issue on the root partition block your logs and complicate error analysis. The remaining free space is left for distribution as needed over time. Similar to the default partitioning, all user data is created as LVs in ```usrvg``` and mounted in the corresponding directories of the system. This is the maximum possible separation of system and user data with only one hard disk available. And with today's typical hard drive size of 2 TB and more, those dedicated 30 GBs don't interfere with the effective use of disk space anymore. === Raid system If there is more than one disk available, the default partitioning creates, on each of the other disks, one big partition with a Physical Volume (PV) and adds it to the VG. -On a server, this is usually not optimal. Rather, several disks should store data redundantly in order to maintain operation in the event of a hardware failure. Configuring a RAID system is one such solution. For details see the https://docs.fedoraproject.org/en-US/fedora/f34/install-guide/install/Installing_Using_Anaconda/#sect-installation-gui-manual-partitioning-swraid[Creating Software RAID] section of the https://docs.fedoraproject.org/en-US/fedora/f34/[Installation Guide]. _NOTE: both of these links are to the Fedora 34 version of the docs. Please confirm your are using that version or find the same docs for your version._ +On a server, this is usually not optimal. Rather, several disks should store data redundantly in order to maintain operation in the event of a hardware failure. Configuring a RAID system is one such solution. For details see the https://docs.fedoraproject.org/en-US/fedora/f35/install-guide/install/Installing_Using_Anaconda/#sect-installation-gui-manual-partitioning-swraid[Creating Software RAID] section of the https://docs.fedoraproject.org/en-US/fedora/f35/[Installation Guide]. _NOTE: both of these links are to the Fedora 35 version of the docs. Please confirm your are using that version or find the same docs for your version._ Manual partitioning is necessary for RAID setup. Select "Installation Destination" in the Summary Screen, the options "Custom" and "Advanced Custom (Blivet-GUI)" both enable manual partitioning. @@ -76,9 +88,11 @@ NOTE: Post Fedora 32, NetworkManager stores the configuration in __/etc/NetworkM == Creating users -At a minimum, you must set a password for the ROOT account. Select 'Root Password' below 'USER SETTINGS' and enter an appropriate password. For security reasons, ssh login as root is only allowed with key-file, but the account is not locked. It is not advisable to modify these security settings! Secure root access via ssh key file is an option and, in an emergency, access with a password via an attached console or Cockpit login. +At first you have to decide about the root account. By default root account is disabled and nobody can login as root. Secure root access via ssh key file is an option and, in an emergency, access with a password via an attached console or Cockpit login. + +If you decide to be able to login as root, select root account and activate it and enter an appropriate password in the upcomming form. For security reasons, ssh login as root is only allowed with key-file by default. It is not advisable to modify these security setting! -If there is no direct terminal access available create a fall back user (e.g. ```hostmin```) with password authentication active and administrative privilege (group ```wheel```). In such a case, this is the only way to get access to the server after the reboot! And even later, it is the only way to get administrative access if the private key file is not available. +In any case, create a (non-privileged) user account, maybe a generic for fallback use (e.g. ```hostmin```) with password authentication active and administrative privilege (group ```wheel```). Unless you decide against good security praxis to allow root access using password, this is the only way to get administrative access to the server right after installation and even later, too. == Time zone and time synchronization