Basic CentOS 7 Installation: Difference between revisions

From WilliamsNet Wiki
Jump to navigation Jump to search
No edit summary
 
(9 intermediate revisions by one other user not shown)
Line 10: Line 10:


== Basic system prep ==
== Basic system prep ==
<pre>yum -y install net-tools rsync zsh epel-release yum-cron yum-utils mlocate deltarpm
Most of the initial configuration is now contained in a script that can be executed directly from the config server as root on the target system:
yum -y install sshfs nfs-utils ssmtp
 
curl -s http://config/config/centos7-basic-config.sh | bash
 
The contents of this script are included here for reference, though updates to the script may occur without updates to this page:
 
<pre>#!/bin/sh
#
# script to do the basic install of a centos7 headless server
#
# Assumptions:
#  - this is run as root immediately after the install has completed
#  - the hostname has been set as desired before this script is run
#  - an administrator account 'ewilliam' was created during installation
 
CONFIG=http://config/config
 
# first -- install all the basic necessities (some may already be there)
yum -y install net-tools rsync zsh epel-release yum-cron yum-utils mlocate deltarpm
yum -y install sshfs nfs-utils ssmtp psmisc
yum -y remove firewalld postfix
yum -y remove firewalld postfix
yum autoremove -y NetworkManager NetworkManager-libnm # only if not using as graphic workstation
yum autoremove -y NetworkManager NetworkManager-libnm
systemctl enable yum-cron
systemctl enable --now yum-cron
systemctl start yum-cron
yum -y update
yum -y update</pre>
 
# now disable SELinux (no comment)
sed -i 's/=enforcing/=disabled/g' /etc/selinux/config
setenforce 0
 
# make sudo passwordless for group wheel
echo "%wheel ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/91-wheel-NOPASSWD
 
# now that zsh is installed, make it the default
chsh -s /bin/zsh
chsh -s /bin/zsh ewilliam


Disable SELinux (no comment)
# copy the standard zsh config files
<pre>sed -i 's/=enforcing/=disabled/g' /etc/selinux/config
curl -s $CONFIG/centos7/.zshrc -o /root/.zshrc
setenforce 0</pre>
curl -s $CONFIG/centos7/.zshrc -o /home/ewilliam/.zshrc
chown ewilliam.ewilliam /home/ewilliam/.zshrc


Reboot and verify everything comes up properly
# load ssh known_hosts from the config server
reboot
mkdir -p /root/.ssh
curl -s $CONFIG/ssh/known_hosts -o /root/.ssh/known_hosts
mkdir -p /home/ewilliam/.ssh
curl -s $CONFIG/ssh/known_hosts -o /home/ewilliam/.ssh/known_hosts


== System Configuration ==
# get backup scripts
Set the system hostname (if not set during installation)
curl -s $CONFIG/centos7/backup -o /etc/cron.daily/backup
hostnamectl set-hostname <hostname>.williams.localnet
curl -s $CONFIG/centos7/rsync_backup.sh -o /usr/local/bin/rsync_backup.sh
chmod +x /usr/local/bin/rsync_backup.sh


Enable passwordless sudo:
# configure log server
* use visudo
curl -s $CONFIG/centos7/99-remotelog.conf -o /etc/rsyslog.d/99-remotelog.conf
* search for 'wheel'
systemctl restart rsyslog
* comment out that line
* uncomment the one below it


Set '''zsh''' as the default shell
# enable mail to the central email server
* chsh to /bin/zsh (both root and ewilliam)
echo "root: ewilliam@williams.localnet" >> /etc/aliases
* copy '''ssh''' and '''zsh''' config files (both root and ewilliam)
echo "ewilliam: ewilliam@williams.localnet" >> /etc/aliases
<pre>scp -r calormen:.ssh .
scp calormen:.zshrc .
scp calormen:.zlogin . </pre>


Setup backup to central file server
# get the standard /etc/hosts file
* copy scripts from calormen
curl $CONFIG/hosts -o /etc/hosts
<pre>scp calormen:/etc/cron.daily/backup /etc/cron.daily
scp calormen:/usr/local/bin/rsync_backup.sh /usr/local/bin/ </pre>
* edit rsync_backup.sh, changing target directory and list of directories to backup
* create target directory on storage1 if it doesn't exist
* run /etc/cron.daily/backup to verify proper operation


Enable connection to the central log server
# install the host/known_hosts synchronization
scp calormen:/etc/rsyslog.d/99-remotelog.conf /etc/rsyslog.d ; systemctl restart rsyslog
curl -s $CONFIG/host_check.sh > /etc/cron.hourly/host_check
chmod +x /etc/cron.hourly/host_check


Enable mail to central mail server
# now reboot
<pre>echo "root: ewilliam@williams.localnet" >> /etc/aliases
reboot</pre>
echo "ewilliam: ewilliam@williams.localnet" >> /etc/aliases</pre>


enable references to non-williamsnet addresses for development cluster
== Next Steps ==
scp aslan:/etc/hosts /etc/hosts
The rest of the installation process is not OS-dependent and is described [[Common Post-Install|here]].

Latest revision as of 22:22, 3 February 2024

CentOS Distribution Install[edit]

Centos 7 minimal install from DVD install disk During install process:

  • use custom formatting
  • set partition type to 'standard'
  • click on 'automatically create partitions
  • delete /home partition and increase size of / to fill the disk
  • set hostname (if known)
  • enable all basic network interfaces (do not rename -- it will crash the installer)

Basic system prep[edit]

Most of the initial configuration is now contained in a script that can be executed directly from the config server as root on the target system: 

curl -s http://config/config/centos7-basic-config.sh | bash

The contents of this script are included here for reference, though updates to the script may occur without updates to this page: 

#!/bin/sh
#
# script to do the basic install of a centos7 headless server
#
# Assumptions:
#  - this is run as root immediately after the install has completed
#  - the hostname has been set as desired before this script is run
#  - an administrator account 'ewilliam' was created during installation

CONFIG=http://config/config

# first -- install all the basic necessities (some may already be there)
yum -y install net-tools rsync zsh epel-release yum-cron yum-utils mlocate deltarpm
yum -y install sshfs nfs-utils ssmtp psmisc
yum -y remove firewalld postfix
yum autoremove -y NetworkManager NetworkManager-libnm
systemctl enable --now yum-cron
yum -y update

# now disable SELinux (no comment)
sed -i 's/=enforcing/=disabled/g' /etc/selinux/config
setenforce 0

# make sudo passwordless for group wheel
echo "%wheel ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/91-wheel-NOPASSWD

# now that zsh is installed, make it the default
chsh -s /bin/zsh
chsh -s /bin/zsh ewilliam

# copy the standard zsh config files
curl -s $CONFIG/centos7/.zshrc -o /root/.zshrc
curl -s $CONFIG/centos7/.zshrc -o /home/ewilliam/.zshrc
chown ewilliam.ewilliam /home/ewilliam/.zshrc

# load ssh known_hosts from the config server
mkdir -p /root/.ssh
curl -s $CONFIG/ssh/known_hosts -o /root/.ssh/known_hosts
mkdir -p /home/ewilliam/.ssh
curl -s $CONFIG/ssh/known_hosts -o /home/ewilliam/.ssh/known_hosts

# get backup scripts
curl -s $CONFIG/centos7/backup -o /etc/cron.daily/backup
curl -s $CONFIG/centos7/rsync_backup.sh -o /usr/local/bin/rsync_backup.sh
chmod +x /usr/local/bin/rsync_backup.sh

# configure log server
curl -s $CONFIG/centos7/99-remotelog.conf -o /etc/rsyslog.d/99-remotelog.conf
systemctl restart rsyslog

# enable mail to the central email server
echo "root: ewilliam@williams.localnet" >> /etc/aliases
echo "ewilliam: ewilliam@williams.localnet" >> /etc/aliases

# get the standard /etc/hosts file
curl $CONFIG/hosts -o /etc/hosts

# install the host/known_hosts synchronization
curl -s $CONFIG/host_check.sh > /etc/cron.hourly/host_check
chmod +x /etc/cron.hourly/host_check

# now reboot
reboot

Next Steps[edit]

The rest of the installation process is not OS-dependent and is described here.

Retrieved from "http://wiki.williams-net.org/index.php?title=Basic_CentOS_7_Installation&oldid=690"