User Tools

Site Tools


documentation:server-install

This is an old revision of the document!


Installation options

ADUCID DVD only

The ADUCID Server Kit DVD contains VMware virtual machine (hardware version 11) installed in the same way, as is described in following sections, starting from Operating system install.

You need to do only this:

  • import the virtual machine located in directory vm on the distribution DVD into your infrastructure
  • default root password is “AIM-4.0”
  • set proper hostname, IP address, DNS server
  • set ssh connection parameters
  • check NTP settings (see section Base environment bellow)
  • continue to section Apache software, and start from section Set system variables used by Apache

Cloud install

First check what you got from your cloud provider and uninstall unwanted components. Graphical interface and development components should not be present.

CentOS DVD

Go through all the following sections. (You will need the ADUCID Server Kit DVD, too.)

CentOS 7 Minimal Install

Please use CentOS 7 Minimal Install DVD image. See e.g. ftp://ftp.cvut.cz/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso.

Set

  • Hostname
  • IPv4 address, IPv6 ignore
  • Timezone
  • Disk partitioning: 5 GB for swap (this is needed only in cases of greater utilization)
[root@AIM-4 ~]# fdisk -l
 
Disk /dev/sda: 25.8 GB, 25769803776 bytes, 50331648 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000ac63e
 
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     2099199     1048576   83  Linux
/dev/sda2         2099200    50298879    24099840   8e  Linux LVM
 
Disk /dev/mapper/centos-root: 19.3 GB, 19327352832 bytes, 37748736 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
 
 
Disk /dev/mapper/centos-swap: 5343 MB, 5343543296 bytes, 10436608 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Base environment

SSH keys

ssh-keygen -t rsa

yum settings and OS update

vi /etc/yum.conf
 
# proxy=http://yourproxy.domain.com:3128 
# http_proxy=http://yourproxy.domain.com:3128 
# https_proxy=http://yourproxy.domain.com:3128 
yum update

Useful utilities

yum install wget mc net-tools

Time synchronization

yum install ntp
# add suitable NTP server
vi /etc/ntp.conf
 
echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd

VMware tools, if needed

yum install open-vm-tools
systemctl start vmtoolsd.service
systemctl enable vmtoolsd.service

Replace firewalld with iptables

yum install iptables-services
vi /etc/sysconfig/iptables
 
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set –name ssh –rsource
-A INPUT -p tcp –dport 22 -m state –state NEW -m recent ! –rcheck –seconds 60 –hitcount 4 –name ssh –rsource -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8080 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8081 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8086 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 61616 -j ACCEPT
-A INPUT -p udp –match multiport –dports 8000:8999 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 161 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 161 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
 
# systemctl stop firewalld.service
# systemctl disable firewalld.service
# systemctl enable iptables.service
# systemctl start iptables.service

selinux

# TBD
# setsebool -P httpd_can_network_connect on
 
vi /etc/sysconfig/selinux
 
SELINUX=permissive
 
init 6
documentation/server-install.1529970962.txt.gz · Last modified: 2018/06/25 23:56 by mpospisek