This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
documentation:server-install [2018/06/25 23:26] mpospisek [CentOS 7 Minimal Install] |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Installation options ====== | ||
- | |||
- | ===== ADUCID DVD only ===== | ||
- | The ADUCID Server Kit DVD contains VMware virtual machine (hardware version 11) installed in the same way, as is described in following sections, starting from Operating system install. | ||
- | |||
- | You need to do only this: | ||
- | |||
- | * import the virtual machine located in directory vm on the distribution DVD into your infrastructure | ||
- | * default root password is " | ||
- | * set proper hostname, IP address, DNS server | ||
- | * set ssh connection parameters | ||
- | * check NTP settings (see section Base environment bellow) | ||
- | * continue to section Apache software, and start from section Set system variables used by Apache | ||
- | |||
- | ===== Cloud install ===== | ||
- | |||
- | First check what you got from your cloud provider and uninstall unwanted components. Graphical interface and development components should not be present. | ||
- | |||
- | ===== CentOS DVD ===== | ||
- | |||
- | Go through all the following sections. (You will need the ADUCID Server Kit DVD, too.) | ||
- | |||
- | ====== Operating system install ====== | ||
- | |||
- | ===== CentOS 7 Minimal Install ===== | ||
- | |||
- | Please use CentOS 7 Minimal Install DVD image. See e.g. ftp:// | ||
- | |||
- | Set | ||
- | * Hostname | ||
- | * IPv4 address, IPv6 ignore | ||
- | * Timezone | ||
- | * Disk partitioning: | ||
- | |||
- | <codedoc code: | ||
- | [root@AIM-4 ~]# fdisk -l | ||
- | |||
- | Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors | ||
- | Units = sectors of 1 * 512 = 512 bytes | ||
- | Sector size (logical/ | ||
- | I/O size (minimum/ | ||
- | Disk label type: dos | ||
- | Disk identifier: 0x000ac63e | ||
- | |||
- | | ||
- | / | ||
- | / | ||
- | |||
- | Disk / | ||
- | Units = sectors of 1 * 512 = 512 bytes | ||
- | Sector size (logical/ | ||
- | I/O size (minimum/ | ||
- | |||
- | |||
- | Disk / | ||
- | Units = sectors of 1 * 512 = 512 bytes | ||
- | Sector size (logical/ | ||
- | I/O size (minimum/ | ||
- | </ | ||
- | |||
- | |||
- | Base environment | ||
- | |||
- | SSH keys | ||
- | <codedoc code: | ||
- | ssh-keygen -t rsa | ||
- | </ | ||
- | |||
- | yum settings and OS update | ||
- | <codedoc code: | ||
- | vi / | ||
- | |||
- | # | ||
- | # | ||
- | # | ||
- | |||
- | yum update | ||
- | </ | ||
- | |||
- | Useful utilities | ||
- | <codedoc code: | ||
- | yum install wget mc net-tools | ||
- | </ | ||
- | |||
- | Time synchronization | ||
- | <codedoc code: | ||
- | yum install ntp | ||
- | # add suitable NTP server | ||
- | vi / | ||
- | |||
- | echo '30 * * * * root / | ||
- | </ | ||
- | |||
- | VMware tools, if needed | ||
- | |||
- | <codedoc code: | ||
- | yum install open-vm-tools | ||
- | systemctl start vmtoolsd.service | ||
- | systemctl enable vmtoolsd.service | ||
- | </ | ||
- | |||
- | Replace firewalld with iptables | ||
- | <codedoc code: | ||
- | yum install iptables-services | ||
- | vi / | ||
- | |||
- | # Firewall configuration written by system-config-firewall | ||
- | # Manual customization of this file is not recommended. | ||
- | *filter | ||
- | :INPUT ACCEPT [0:0] | ||
- | :FORWARD ACCEPT [0:0] | ||
- | :OUTPUT ACCEPT [0:0] | ||
- | -A INPUT -m state --state ESTABLISHED, | ||
- | -A INPUT -p icmp -j ACCEPT | ||
- | -A INPUT -i lo -j ACCEPT | ||
- | -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource | ||
- | -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT | ||
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT | ||
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT | ||
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT | ||
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPT | ||
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT | ||
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT | ||
- | -A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT | ||
- | -A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT | ||
- | -A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT | ||
- | -A INPUT -j REJECT --reject-with icmp-host-prohibited | ||
- | -A FORWARD -j REJECT --reject-with icmp-host-prohibited | ||
- | COMMIT | ||
- | |||
- | # systemctl stop firewalld.service | ||
- | # systemctl disable firewalld.service | ||
- | # systemctl enable iptables.service | ||
- | # systemctl start iptables.service | ||
- | </ | ||
- | |||
- | selinux | ||
- | <codedoc code: | ||
- | # TBD | ||
- | # setsebool -P httpd_can_network_connect on | ||
- | |||
- | vi / | ||
- | |||
- | SELINUX=permissive | ||
- | |||
- | init 6 | ||
- | </ | ||
- | |||
- | |||
- | |||
- | |||
- | |||