Workflow for manual NSP RHEL OS installation
Purpose
The following is the sequence of high-level actions required to install an instance of the RHEL OS for use in an NSP system.
Stages
1 |
Using the RHEL installer, choose “Minimal Install” as the Software Selection for the OS. |
2 |
Prevent the accidental deployment of an unsupported RHEL version, perform To lock the RHEL OS version. |
3 |
Install the required OS package set.
|
4 |
Remove specific OS packages that are installed by default but not required.
|
5 |
Perform any additional package configuration described in Special OS requirements, as required. |
6 |
If required, add the packages listed in Required additional OS packages, NFM-P single-user client or client delegate server. |
7 |
Optionally, install one or more of the packages described in Optional RHEL OS packages. |
8 |
Perform To apply a RHEL update to a manually deployed OS. |
9 |
Perform To apply the RHEL 8 swappiness workaround to resolve the RHEL swappiness issue. |
10 |
To prevent the accidental deployment of an unsupported RHEL version, it is strongly recommended that you lock the supported version in your RHEL subscription manager, as described in To lock the RHEL OS version. |
11 |
If FIPS is not enabled at the OS level, perform To verify the rngd service startup to ensure that the RHEL rngd service is loaded and running. |
12 |
Perform To enable the NSP crypto-policy function on a manually installed RHEL OS to secure the OS using a RHEL crypto-policy setting. Note: You must enable the crypto-policy function before you attempt to install any NSP software on a station. |
13 |
Perform To set the default Python version to configure the default Python language version to the version required by the NSP. |
14 |
On an NSP deployer host or NSP cluster station, perform To create the nsp user on a manually installed NSP cluster RHEL OS to create the RHEL nsp user. |
15 |
Perform To disable the RHEL firewalld service to ensure that the RHEL firewalld service is inactive during NSP component deployment. |
16 |
Optionally, perform To set the default umask to 0027 to limit non-root-user file and directory access. |