User Tools

Site Tools


documentation:server-install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:server-install [2018/06/25 23:26]
mpospisek [CentOS 7 Minimal Install]
— (current)
Line 1: Line 1:
-====== Installation options ====== 
- 
-===== ADUCID DVD only ===== 
-The ADUCID Server Kit DVD contains VMware virtual machine (hardware version 11) installed in the same way, as is described in following sections, starting from Operating system install. 
- 
-You need to do only this: 
- 
-  * import the virtual machine located in directory vm on the distribution DVD into your infrastructure 
-  * default root password is "AIM-4.0" 
-  * set proper hostname, IP address, DNS server 
-  * set ssh connection parameters 
-  * check NTP settings (see section Base environment bellow) 
-  * continue to section Apache software, and start from section Set system variables used by Apache 
- 
-===== Cloud install ===== 
- 
-First check what you got from your cloud provider and uninstall unwanted components. Graphical interface and development components should not be present. 
- 
-===== CentOS DVD ===== 
- 
-Go through all the following sections. (You will need the ADUCID Server Kit DVD, too.) 
- 
-====== Operating system install ====== 
- 
-===== CentOS 7 Minimal Install ===== 
- 
-Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://ftp.cvut.cz/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso. 
- 
-Set 
-  * Hostname 
-  * IPv4 address, IPv6 ignore 
-  * Timezone 
-  * Disk partitioning: 5 GB for swap (this is needed only in cases of greater utilization) 
- 
-<codedoc code:bash> 
-[root@AIM-4 ~]# fdisk -l 
-  
-Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors 
-Units = sectors of 1 * 512 = 512 bytes 
-Sector size (logical/physical): 512 bytes / 512 bytes 
-I/O size (minimum/optimal): 512 bytes / 512 bytes 
-Disk label type: dos 
-Disk identifier: 0x000ac63e 
-  
-   Device Boot      Start         End      Blocks   Id  System 
-/dev/sda1          2048     2099199     1048576   83  Linux 
-/dev/sda2         2099200    50298879    24099840   8e  Linux LVM 
-  
-Disk /dev/mapper/centos-root: 19.3 GB, 19327352832 bytes, 37748736 sectors 
-Units = sectors of 1 * 512 = 512 bytes 
-Sector size (logical/physical): 512 bytes / 512 bytes 
-I/O size (minimum/optimal): 512 bytes / 512 bytes 
-  
-  
-Disk /dev/mapper/centos-swap: 5343 MB, 5343543296 bytes, 10436608 sectors 
-Units = sectors of 1 * 512 = 512 bytes 
-Sector size (logical/physical): 512 bytes / 512 bytes 
-I/O size (minimum/optimal): 512 bytes / 512 bytes 
-</codedoc> 
-  
- 
-Base environment 
- 
-SSH keys 
-<codedoc code:bash> 
-ssh-keygen -t rsa 
-</codedoc> 
- 
- yum settings and OS update 
-<codedoc code:bash> 
-vi /etc/yum.conf 
-  
-#proxy=http://yourproxy.domain.com:3128 
-#http_proxy=http://yourproxy.domain.com:3128 
-#https_proxy=http://yourproxy.domain.com:3128 
-  
-yum update 
-</codedoc> 
- 
-Useful utilities 
-<codedoc code:bash> 
-yum install wget mc net-tools 
-</codedoc> 
- 
-Time synchronization 
-<codedoc code:bash> 
-yum install ntp 
-# add suitable NTP server 
-vi /etc/ntp.conf 
-  
-echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd 
-</codedoc> 
- 
-VMware tools, if needed 
- 
-<codedoc code:bash> 
-yum install open-vm-tools 
-systemctl start vmtoolsd.service 
-systemctl enable vmtoolsd.service 
-</codedoc> 
- 
-Replace firewalld with iptables 
-<codedoc code:bash> 
-yum install iptables-services 
-vi /etc/sysconfig/iptables 
-  
-# Firewall configuration written by system-config-firewall 
-# Manual customization of this file is not recommended. 
-*filter 
-:INPUT ACCEPT [0:0] 
-:FORWARD ACCEPT [0:0] 
-:OUTPUT ACCEPT [0:0] 
--A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
--A INPUT -p icmp -j ACCEPT 
--A INPUT -i lo -j ACCEPT 
--A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource 
--A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 8086 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 61616 -j ACCEPT 
--A INPUT -p udp --match multiport --dports 8000:8999 -j ACCEPT 
--A INPUT -p tcp -m state --state NEW -m tcp --dport 161 -j ACCEPT 
--A INPUT -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT 
--A INPUT -j REJECT --reject-with icmp-host-prohibited 
--A FORWARD -j REJECT --reject-with icmp-host-prohibited 
-COMMIT 
-  
-# systemctl stop firewalld.service 
-# systemctl disable firewalld.service 
-# systemctl enable iptables.service 
-# systemctl start iptables.service 
-</codedoc> 
- 
-selinux 
-<codedoc code:bash> 
-# TBD 
-# setsebool -P httpd_can_network_connect on 
-  
-vi /etc/sysconfig/selinux 
-  
-SELINUX=permissive 
-  
-init 6 
-</codedoc> 
- 
- 
- 
- 
- 
  
documentation/server-install.1529969187.txt.gz ยท Last modified: 2018/06/25 23:26 by mpospisek