Basic CentOS 7 Installation: Difference between revisions

From WilliamsNet Wiki
Jump to navigation Jump to search
mNo edit summary
(major rework -- initialization now in a script on the config server.)
Line 10: Line 10:


== Basic system prep ==
== Basic system prep ==
<pre>yum -y install net-tools rsync zsh epel-release yum-cron yum-utils mlocate deltarpm
Most of the initial configuration is now contained in a script that can be executed directly from the config server:
 
curl -w http://kube202/config/centos7-basic-config.sh | bash
 
The contents of this script are included here for reference:
 
<pre>#!/bin/sh
#
# script to do the basic install of a centos7 headless server
#
# Assumptions:
#  - this is run as root immediately after the install has completed
#  - the hostname has been set as desired before this script is run
#  - an administrator account 'ewilliam' was created during installation
 
CONFIG=http://kube202/config
 
# first -- install all the basic necessities (some may already be there)
yum -y install net-tools rsync zsh epel-release yum-cron yum-utils mlocate deltarpm
yum -y install sshfs nfs-utils ssmtp
yum -y install sshfs nfs-utils ssmtp
yum -y remove firewalld postfix
yum -y remove firewalld postfix
yum autoremove -y NetworkManager NetworkManager-libnm # only if not using as graphic workstation
yum autoremove -y NetworkManager NetworkManager-libnm
systemctl enable yum-cron
systemctl enable --now yum-cron
systemctl start yum-cron
yum -y update
yum -y update</pre>
 
# now disable SELinux (no comment)
sed -i 's/=enforcing/=disabled/g' /etc/selinux/config
setenforce 0
 
# make sudo passwordless for group wheel
echo "%wheel ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/91-wheel-NOPASSWD
 
# now that zsh is installed, make it the default
chsh -s /bin/zsh
chsh -s /bin/zsh ewilliam
 
# copy the standard zsh config files
curl -s $CONFIG/centos7/.zshrc -o /root/.zshrc
curl -s $CONFIG/centos7/.zshrc -o /home/ewilliam/.zshrc
chown ewilliam.ewilliam /home/ewilliam/.zshrc
 
# load ssh known_hosts from the config server
mkdir -p /root/.ssh
curl -s $CONFIG/ssh/known_hosts -o /root/.ssh/known_hosts
mkdir -p /home/ewilliam/.ssh
curl -s $CONFIG/ssh/known_hosts -o /home/ewilliam/.ssh/known_hosts
 
# get backup scripts
curl -s $CONFIG/centos7/backup -o /etc/cron.daily/backup
curl -s $CONFIG/centos7/rsync_backup.sh -o /usr/local/bin/rsync_backup.sh
chmod +x /usr/local/bin/rsync_backup.sh


Disable SELinux (no comment)
# configure log server
<pre>sed -i 's/=enforcing/=disabled/g' /etc/selinux/config
curl -s $CONFIG/centos7/99-remotelog.conf -o /etc/rsyslog.d/99-remotelog.conf
setenforce 0</pre>
systemctl restart rsyslog


Reboot and verify everything comes up properly
# enable mail to the central email server
reboot
echo "root: ewilliam@williams.localnet" >> /etc/aliases
echo "ewilliam: ewilliam@williams.localnet" >> /etc/aliases


== System Configuration ==
# get the standard /etc/hosts file
Set the system hostname (if not set during installation)
curl $CONFIG/hosts -o /etc/hosts
hostnamectl set-hostname <hostname>


Enable passwordless sudo:
# now reboot
* use visudo
reboot</pre>
* search for 'wheel'
* comment out that line
* uncomment the one below it


Set '''zsh''' as the default shell
== Final Configuration ==
* chsh to /bin/zsh (both root and ewilliam)
The only remaining task is to load the ssh credentials for '''root''' and any user accounts.  This is done by running the following command from each user account (assuming aslan is the reference source):
* copy '''ssh''' and '''zsh''' config files (both root and ewilliam)
<pre>scp -r calormen:.ssh .
scp calormen:.zshrc .
scp calormen:.zlogin . </pre>


Setup backup to central file server
scp -r aslan:.ssh $HOME
* copy scripts from calormen
<pre>scp calormen:/etc/cron.daily/backup /etc/cron.daily
scp calormen:/usr/local/bin/rsync_backup.sh /usr/local/bin/ </pre>
* edit rsync_backup.sh, changing target directory and list of directories to backup
* create target directory on storage1 if it doesn't exist
* run /etc/cron.daily/backup to verify proper operation


Enable connection to the central log server
This can also be pushed from aslan to the new system for each account:
scp calormen:/etc/rsyslog.d/99-remotelog.conf /etc/rsyslog.d ; systemctl restart rsyslog


Enable mail to central mail server
scp -r ~/.ssh <new_host>:
<pre>echo "root: ewilliam@williams.localnet" >> /etc/aliases
echo "ewilliam: ewilliam@williams.localnet" >> /etc/aliases</pre>


enable references to non-williamsnet addresses for development cluster
Passwords will be required for this action, but (if the copy is successful) no further passwords will be needed by ssh.
scp aslan:/etc/hosts /etc/hosts

Revision as of 18:24, 9 August 2020

CentOS Distribution Install

Centos 7 minimal install from DVD install disk During install process:

  • use custom formatting
  • set partition type to 'standard'
  • click on 'automatically create partitions
  • delete /home partition and increase size of / to fill the disk
  • set hostname (if known)
  • enable all basic network interfaces (do not rename -- it will crash the installer)

Basic system prep

Most of the initial configuration is now contained in a script that can be executed directly from the config server: 

curl -w http://kube202/config/centos7-basic-config.sh | bash

The contents of this script are included here for reference: 

#!/bin/sh
#
# script to do the basic install of a centos7 headless server
#
# Assumptions:
#  - this is run as root immediately after the install has completed
#  - the hostname has been set as desired before this script is run
#  - an administrator account 'ewilliam' was created during installation

CONFIG=http://kube202/config

# first -- install all the basic necessities (some may already be there)
yum -y install net-tools rsync zsh epel-release yum-cron yum-utils mlocate deltarpm
yum -y install sshfs nfs-utils ssmtp
yum -y remove firewalld postfix
yum autoremove -y NetworkManager NetworkManager-libnm
systemctl enable --now yum-cron
yum -y update

# now disable SELinux (no comment)
sed -i 's/=enforcing/=disabled/g' /etc/selinux/config
setenforce 0

# make sudo passwordless for group wheel
echo "%wheel ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/91-wheel-NOPASSWD

# now that zsh is installed, make it the default
chsh -s /bin/zsh
chsh -s /bin/zsh ewilliam

# copy the standard zsh config files
curl -s $CONFIG/centos7/.zshrc -o /root/.zshrc
curl -s $CONFIG/centos7/.zshrc -o /home/ewilliam/.zshrc
chown ewilliam.ewilliam /home/ewilliam/.zshrc

# load ssh known_hosts from the config server
mkdir -p /root/.ssh
curl -s $CONFIG/ssh/known_hosts -o /root/.ssh/known_hosts
mkdir -p /home/ewilliam/.ssh
curl -s $CONFIG/ssh/known_hosts -o /home/ewilliam/.ssh/known_hosts

# get backup scripts
curl -s $CONFIG/centos7/backup -o /etc/cron.daily/backup
curl -s $CONFIG/centos7/rsync_backup.sh -o /usr/local/bin/rsync_backup.sh
chmod +x /usr/local/bin/rsync_backup.sh

# configure log server
curl -s $CONFIG/centos7/99-remotelog.conf -o /etc/rsyslog.d/99-remotelog.conf
systemctl restart rsyslog

# enable mail to the central email server
echo "root: ewilliam@williams.localnet" >> /etc/aliases
echo "ewilliam: ewilliam@williams.localnet" >> /etc/aliases

# get the standard /etc/hosts file
curl $CONFIG/hosts -o /etc/hosts

# now reboot
reboot

Final Configuration

The only remaining task is to load the ssh credentials for root and any user accounts. This is done by running the following command from each user account (assuming aslan is the reference source): 

scp -r aslan:.ssh $HOME

This can also be pushed from aslan to the new system for each account: 

scp -r ~/.ssh <new_host>:

Passwords will be required for this action, but (if the copy is successful) no further passwords will be needed by ssh.

Retrieved from "http://wiki.williams-net.org/index.php?title=Basic_CentOS_7_Installation&oldid=297"