Server Builds Process and Server Decommission Process in Realtime | Linux Administrator

By / / 7 minutes of reading

Server Build Process :

  1. For any new server to build, Requestor will raise the ticket to Server Build Team with required details.
    OS, RAM, Storage, CPU info, and required access to specific users if any etc
  2. Once request is received to the Server Build team, Build team will ask network team to provide IP address, Gateway IP and NetMask details.
  3. Once Network team is provided the details, then Change request is assigned to linux team to complete the server build in 2 weeks.
  4. Once CR is in progress, Linux team will deploy the server and attached RHEL ISO image as requested by the customer.
  5. Once Server is deployed, Linux team is need to configure the below
    a. Hostname
    b. IP address configuration
    c. Installed necessary tools like Nessus and Crowdstrike.
    d. Server Domain Joining

6. How to set hostname in Linux ? # hostnamectl set-hostname < Server FQDN >

  1. How to configure network settings in Linux ? If we have two IP addresses ( one is Admin and another is Prod )
    Admin is used by System Admin/Linux Admin
    Production/Primary IP is used by App Team/Customer
  2. cd /etc/sysconfig/network-scripts
    • a. Configuring Admin IP
      • create a new config file for Admin IP and mention the below details and save it.
      • # vi ifcfg-ens192
        • DEVICE=ens192
        • BOOTPROTO=static
        • ONBOOT=yes
        • HWADDR=00:50:65:a1:47:62
        • IPADDR=10.19.54.11
        • GATEWAY=10.19.54.1
        • NETMASK=255.255.255.0
        • DNS1=10.34.56.78
        • DNS2=10.34.56.79

b. Configuring Production IP

create a new config file for Production IP and mention the below details and save it.

  • # vi ifcfg-ens224
    • DEVICE=ens224
    • BOOTPROTO=static
    • ONBOOT=yes
    • HWADDR=00:50:65:b1:37:67
    • IPADDR=10.19.54.12
    • GATEWAY=10.19.54.1
    • NETMASK=255.255.255.0
    • DNS1=10.34.56.78
    • DNS2=10.34.56.79
      • To restart the network service : systemctl restart NetworkManager
      • To check the network service : systemctl status NetworkManager

  1. How to install Nessus and Crowdstrike in Linux ?
    • a. Nessus Tool installation
      • RHEL 7 : yum install NessusAgent-11.0.1-el7.x86_64.rpm
        RHEL 8/9 : dnf install NessusAgent-11.0.1-el8.x86_64.rpm
  2. b. Configure Nessus
    • # /opt/nessus_agent/sbin/nessuscli agent link –key= –cloud or –host= –port=
    • Ex: /opt/nessus_agent/sbin/nessuscli agent link –key=74cb7c223414ab606c8506fa5f60a1571c90d081e034659b121813327d7f8876 –host=cloud.tenable.com
      –port=443 –proxy-host=proxy.clientname.prv –proxy-port=8080
    • c. Start and enable the nessusagent service
      • start service : systemctl start nessusagent.service
      • Enable service : systemctl enable nessusagent.service
      • status service : systemctl status nessusagent.service
  3. How to install Crowdstrike in Linux ?
    • a. Crowdstrike tool installation:
      • RHEL 7 : yum install falcon-sensor-6.28.0-18108.el7.x86_64.rpm
        RHEL 8/9 : dnf install falcon-sensor-7.28.0-18108.el8.x86_64.rpm
      • configure crowdstrike : /opt/CrowdStrike/falconctl -s –cid=5428E003D3F9466BB230CB408ADF93DE-5D –provisioning-token=3A046376 — aph=proxy.motiva.prv –app=8080
      • start service : systemctl start falcon-sensor.service
        enable service : systemctl enable falcon-sensor.service
        status service : systemctl status falcon-sensor.service
  4. After installing Crowdstrike, make sure we have to assign Tags based on the environment like Dev or Prod :
    • Dev :
      • /opt/CrowdStrike/falconctl -s –tags=”DEV”
      • systemctl restart falcon-sensor.service
      • /opt/CrowdStrike/falconctl -g –tags
      • Prod :
        • /opt/CrowdStrike/falconctl -s –tags=”PROD”
        • systemctl restart falcon-sensor.service
        • /opt/CrowdStrike/falconctl -g –tags
  5. Server Domain Joining
    • a. Mention correct DNS IPs in /etc/resolv.conf file
      b. Run the below command to add the server to domain
    • Production domain # realm join –user=ou-telugusoftware <Prod DNS Server FQDN>
      Non Prod domain # realm join –user=telugusoftware <Non Prod DNS Server FQDN>
    • c. To verify the server is in domain or not
      # realm list
      d. check the sssd service # systemctl status sssd.service
      e. start the sssd service # systemctl start sssd.service
      f. enable the sssd service # systemctl enable sssd.service

Once server is added to domain, Linux team is must and should create a request to the AD team for adding entries of newly built server in AD.

Set up User Accounts: 

Configure user accounts with appropriate permissions to control access to the server and its resources. 


Add Server to Redhat Subscription :

subscription-manager register –> Redhat portal ID Username / password to be given in this step
subscription-manager attach –auto
subscription-manager list –installed –> To verify the subscription status

Once server is successfully added to Redhat Subscription, we have to perform patching on the newly built server using the command.

RHEL 7 : yum update -y

RHEL 8/9 : dnf update -y

Once Patching is successfully completed on newly built server, reboot should be performed for kernel update.

# shutdown -r now

After Patching, Linux team is need to run the Nessus scan for generating the vulnerability report.

As a Linux Administrator, we have to verify the vulnerability report and fix the issues any found on newly built server.

Once fixed the vulnerabilities, we have to again run the scan and attach the zero vulnerability report in the assigned ctask.

Enable Monitoring :

Linux team is required to submit request to the Monitoring team for enabling the monitoring on the newly built server.

Details Provide to the monitoring team :

  1. Hostname
  2. Server FQDN
  3. IP Address
  4. Location where server has been deployed (AWS/Azure/GCP/On-premise Datacenter name )

  1. Below are the CTASKs assigned to the respective team once CR is in progress.
  2. a. Tasks assigned to Linux team :
    i) Build team should build the server with the correct image.
    ii) Verify provisioning of the server.
    iii) Perform vulnerability scan using nessus and attach results
    iv) Attach Zero vulnerability report
    • Note : Linux team is responsible to fix the vulnerabilities if any found in the scan report.
      Make sure we have to attach zero vulnerability report before handover the server to the customer.
  3. Task is assigned to Backup Team
    i) Add server to backup schedule
  4. Tasks are assigned to AD Team
    i) Move server to correct AD OU.
    ii) Validate whether the server is joined to the domain in the correct OU or not
  5. Task is assigned to Build team/Linux Team
    • i) Server Builid PM must metion the serial number field.
      Command to check # sudo dmidecode -s system-serial-number

6. Add server to the Ansible Tower as part of Automation.

Server Decommission Process :

  1. Once Server decommission request is submitted by App team, CR will create by Server Build Team to decomm the requested server.
  2. Once CR in Progress, Linux team should suppress the alerts for this server and take necessary prechecks.
  3. Linux team is need to ask backup team for full backup before powering off the server for cooling off period for 5 days.
  4. Once final backup is completed by Backup Team, Linux team will take the OS related prechecks and power off the server.
  5. Commands to take prechecks :
    • uptime
    • cat /etc/redhat-release
    • uname -a
    • uname -r
    • route -n
    • ifconfig
    • ip a
    • free -g
    • lscpu
    • df -PTh
    • cat /etc/fstab
    • netstat -tulpn
    • ip route
    • lsblk
    • cat /etc/resolv.conf
    • cat /etc/hosts
    • date
  6. Server will be powered off for 5 days, during in this time if APP team will ask the server to power ON then Linux team will power ON and cancel the CR since the server should be present.
  7. After Cooling off period, Linux team will ask DB Team to close the respective assigned ctasks for completing their activity if any DB is running on that particular server.
  8. Linux team will uninstall the installed tools like nessus and crowdstrike.
    • To uninstall Nessusagent
      • yum remove <nessusagent package installed > -y —> RHEL 7
      • dnf remove <nessusagent package installed> -y —-> RHEL 8/9
      • To uninstall Crowdstrike
        • yum remove <crowdstrike package installed > -y —> RHEL 7
        • dnf remove <crowdstrike package installed> -y —> RHEL 8/9
  9. Once we uninstall all the tools on the server, ask App team to remove any data from the server.
  10. Remove server from Redhat Subscription
    • # subscription-manager unregister
    • # subscription-manager remove –all
  11. Server should be removed from the domain
    • # realm leave
  12. Create request to the monitoring team to disable the monitoring on the decomm server.
  13. Remove the server from Ansible Tower.
  14. Once we done with All Tasks and then power off the server for removing the server from Hypervisor.
  15. Linux team send mail to the VMware team to delete the server from Hypervisor.

CTASKs are assigned to the respective teams once Decommission CR is in Progress.

CTASKs assigned to Linux Team

  1. Create a request to put the server into maintenance mode in monitoring.
  2. Server should be Power off for cooling off period for 5 days.
  3. Shutdown the server once all tasks get completed.
  4. Request DR team to decommission DR server if any.

CTASK assigned to Backup Team

  1. Perform full backup of the server and stop backups from schedule

CTASK assigned to APP Team

  1. Decommission the application

CTASK assigned to VMWare Team

  1. Remove the server from Hypervisor

Attach the artifacts of the server deletion and then close the decommission CR

If you need any Linux support or Realtime knowledge, please contact here : softwarejobseekers2025@gmail.com

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Telugu Software Guru

Scroll to Top