This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
documentation:server-install [2018/06/25 23:26] mpospisek [CentOS 7 Minimal Install] |
documentation:server-install [2019/01/04 09:14] mpospisek [Cloud install] |
||
---|---|---|---|
Line 7: | Line 7: | ||
* import the virtual machine located in directory vm on the distribution DVD into your infrastructure | * import the virtual machine located in directory vm on the distribution DVD into your infrastructure | ||
- | * default root password is " | + | * adjust VM hardware parameters according to expected load |
- | * set proper | + | * start the VM and connect to it through VMware Remote Console (default root password is " |
+ | * set appropriate | ||
* set ssh connection parameters | * set ssh connection parameters | ||
* check NTP settings (see section Base environment bellow) | * check NTP settings (see section Base environment bellow) | ||
- | * continue to section Apache software, and start from section | + | * change system variables setting (see [[documentation: |
+ | * set SSL certificates | ||
+ | * check ADUCID.properties settings | ||
+ | * restart | ||
===== Cloud install ===== | ===== Cloud install ===== | ||
First check what you got from your cloud provider and uninstall unwanted components. Graphical interface and development components should not be present. | First check what you got from your cloud provider and uninstall unwanted components. Graphical interface and development components should not be present. | ||
+ | |||
+ | Then continue according to [[documentation: | ||
===== CentOS DVD ===== | ===== CentOS DVD ===== | ||
Line 21: | Line 26: | ||
Go through all the following sections. (You will need the ADUCID Server Kit DVD, too.) | Go through all the following sections. (You will need the ADUCID Server Kit DVD, too.) | ||
- | ====== Operating system install ====== | + | |
- | + | * [[:documentation:server-install-components|Software Components]] | |
- | ===== CentOS 7 Minimal Install ===== | + | * [[:documentation:server-install-aducid|ADUCID Software]] |
- | + | ||
- | Please use CentOS 7 Minimal Install DVD image. See e.g. ftp:// | + | |
- | + | ||
- | Set | + | |
- | | + | |
- | * IPv4 address, IPv6 ignore | + | |
- | * Timezone | + | |
- | * Disk partitioning: 5 GB for swap (this is needed only in cases of greater utilization) | + | |
- | + | ||
- | <codedoc code:bash> | + | |
- | [root@AIM-4 ~]# fdisk -l | + | |
- | + | ||
- | Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors | + | |
- | Units = sectors of 1 * 512 = 512 bytes | + | |
- | Sector size (logical/ | + | |
- | I/O size (minimum/ | + | |
- | Disk label type: dos | + | |
- | Disk identifier: 0x000ac63e | + | |
- | + | ||
- | | + | |
- | / | + | |
- | / | + | |
- | + | ||
- | Disk / | + | |
- | Units = sectors of 1 * 512 = 512 bytes | + | |
- | Sector size (logical/ | + | |
- | I/O size (minimum/ | + | |
- | + | ||
- | + | ||
- | Disk / | + | |
- | Units = sectors of 1 * 512 = 512 bytes | + | |
- | Sector size (logical/ | + | |
- | I/O size (minimum/ | + | |
- | </ | + | |
- | + | ||
- | + | ||
- | Base environment | + | |
- | + | ||
- | SSH keys | + | |
- | <codedoc code: | + | |
- | ssh-keygen -t rsa | + | |
- | </ | + | |
- | + | ||
- | yum settings and OS update | + | |
- | <codedoc code: | + | |
- | vi / | + | |
- | + | ||
- | # | + | |
- | # | + | |
- | # | + | |
- | + | ||
- | yum update | + | |
- | </ | + | |
- | + | ||
- | Useful utilities | + | |
- | <codedoc code: | + | |
- | yum install | + | |
- | </ | + | |
- | + | ||
- | Time synchronization | + | |
- | <codedoc code: | + | |
- | yum install ntp | + | |
- | # add suitable NTP server | + | |
- | vi / | + | |
- | + | ||
- | echo ' | + | |
- | </ | + | |
- | + | ||
- | VMware tools, if needed | + | |
- | + | ||
- | <codedoc code:bash> | + | |
- | yum install open-vm-tools | + | |
- | systemctl start vmtoolsd.service | + | |
- | systemctl enable vmtoolsd.service | + | |
- | </ | + | |
- | + | ||
- | Replace firewalld with iptables | + | |
- | <codedoc code: | + | |
- | yum install | + | |
- | vi / | + | |
- | + | ||
- | # Firewall configuration written by system-config-firewall | + | |
- | # Manual customization of this file is not recommended. | + | |
- | *filter | + | |
- | :INPUT ACCEPT [0:0] | + | |
- | :FORWARD ACCEPT [0:0] | + | |
- | :OUTPUT ACCEPT [0:0] | + | |
- | -A INPUT -m state --state ESTABLISHED, | + | |
- | -A INPUT -p icmp -j ACCEPT | + | |
- | -A INPUT -i lo -j ACCEPT | + | |
- | -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource | + | |
- | -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT | + | |
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT | + | |
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT | + | |
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT | + | |
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPT | + | |
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT | + | |
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT | + | |
- | -A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT | + | |
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT | + | |
- | -A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT | + | |
- | -A INPUT -j REJECT --reject-with icmp-host-prohibited | + | |
- | -A FORWARD -j REJECT --reject-with icmp-host-prohibited | + | |
- | COMMIT | + | |
- | + | ||
- | # systemctl stop firewalld.service | + | |
- | # systemctl disable firewalld.service | + | |
- | # systemctl enable iptables.service | + | |
- | # systemctl start iptables.service | + | |
- | </ | + | |
- | + | ||
- | selinux | + | |
- | <codedoc code: | + | |
- | # TBD | + | |
- | # setsebool -P httpd_can_network_connect on | + | |
- | + | ||
- | vi / | + | |
- | + | ||
- | SELINUX=permissive | + | |
- | + | ||
- | init 6 | + | |
- | </ | + | |
- | + | ||
- | + | ||