Introduction
This page describes the installation of CentOS on the following systems:
- spaghetti: test RPM-based VM
To clarify before starting
<nothing>
Backing up first
<nothing>
Preparing media
- Prepare CentOS-6.3-x86_64-minimal.iso as an ISO image
Installing minimal OS
- Boot the media and accept all defaults except as noted below.
- At the ‘Disk Found’ window, when prompted to perform a media check, select ‘Skip’
- At the ‘System to Upgrade’ window, when prompted prompted to upgrade or reinstall, select ‘Reinstall System’
- At the ‘Time Zone Selection’ window, set the correct timezone
- At the ‘Partitioning Type’ window, when prompted to specify which space to use, select ‘Use entire drive’
- At the ‘Writing storage configuration to disk’ window, select ‘Write changes to disk’
Urgent steps
- Run:
ifconfig eth0 <ip-addr> up route add -net default gw <gateway-ip-addr> echo "nameserver <nameserver-ip-addr>" > /etc/resolv.conf
- Run the following:
yum install system-config-network-tui system-config-network
and set up the interface, routing and DNS as per the parameters just used.
- Edit /etc/sysconfig/network-scripts/ifcfg-eth0 and be sure to set:
... ONBOOT=yes NM_MANAGED=no ...
- Edit /etc/hosts, remove all content and add entries for localhost and the hostname itself.
- Edit /etc/selinux/config and adjust the following settings:
SELINUX=disabled
- Reboot.
- Run the following:
yum install vim
(The editors are useful for steps later in this section.)
- Configure SSH as follows:
- Run:
yum install openssh-server
- If you want to restore host keys then do so.
- Edit ~root/.ssh/authorized_keys and add the following entry:
<trust-server's-public-ssh-key>
- Edit /etc/ssh/sshd_config and make the following settings:
StrictModes yes IgnoreRhosts yes X11Forwarding yes RSAAuthentication no PubkeyAuthentication yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no PasswordAuthentication no PermitRootLogin yes
- Run:
service sshd restart
- Run:
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
- Run:
- Copy over the following files from a system where they are already set up as per local preferences:
- .bashrc
- .profile
- .vimrc
- .hushlogin
Accessing more software
- Run:
yum install redhat-lsb vim-common rpm -ihv https://repo.pasta.freemyip.com/redhat/7/x86_64/ade-1.11-2.noarch.rpm rpm -ihv https://repo.pasta.freemyip.com/redhat/7/x86_64/paa-2.0.10-2.noarch.rpm cd /usr/share/doc/paa/examples zcat autopaa.gz | AUTOPAA_MODE=client sh
- Add access to EPEL by running:
paa repo epel rpm accessed false paa editrepo epel
and provide the following config:
############################################################################## # # Internal variables (defined for convenience and referenced only from within # this file) # ############################################################################## _RELEASES="4 5 6" _PORTS="i386 x86_64" _LAYOUT="<release>/<port>" ############################################################################## # # Repository contents (defines what is in or may be inserted into this repo) # ############################################################################## # The set of *all* releases and ports this repository will contain. for _RELEASE in $_RELEASES; do release $_RELEASE for _PORT in $_PORTS; do port $_RELEASE $_PORT done layout $_RELEASE $_LAYOUT done ############################################################################## # # Compatibility (defines on which distros each release in this non-distro # repo may be installed) # ############################################################################## # Each release in this repository is compatible with which distros? for _RELEASE in $_RELEASES; do for _SIMILAR_DISTRO in rhel scientificlinux centos; do compat $_RELEASE rpm $_SIMILAR_DISTRO ${_RELEASE%.*} for _MINOR_RELEASE in 1 2 3 4 5 6; do compat $_RELEASE rpm $_SIMILAR_DISTRO ${_RELEASE%.*}.$_MINOR_RELEASE done done done compat 6 rpm fedora \* compat 6 rpm sles \* ############################################################################## # # Misc settings # ############################################################################## # URL for the paacrt archive url "http://ftp.tu-chemnitz.de/pub/linux/fedora-epel/"
and then run:
paa access epel
Drivers and updates
Network configuration
It is possible to simplify this procedure for non-mobile satellite systems, but in order to standardise the procedure it is extended slightly to make it all encompassing.
- Install the following packages:
- mutt
- postfix
- heirloom-mailx
and accept all defaults (the config file will be overwritten in a minute)
- Determine the name of the system itself for mail purposes and the mail relay to which the system (not its users) should send mail and assign them to variables as follows:
- spaghetti:
MAILNAME=spaghetti.pasta.net MAILRELAY=mail.pasta.freemyip.com # since laptop used at home and outside MAILCLIENT=$(uname -n) DNAME=pasta.net ROOTRCPT=$(echo alexishuxley-at-gmail.com | sed 's/-at-/@/') AUTHREQ=false
- spaghetti:
- Run:
echo "$MAILNAME" > /etc/mailname
- Create /etc/postfix/main.cf containing:
myorigin = /etc/mailname append_dot_mydomain = no smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = MAILCLIENT alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = MAILCLIENT, MAILCLIENT.DNAME, localhost.localdomain, localhost relayhost = MAILRELAY smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only inet_protocols = ipv4
- Run:
# Replace placeholders perl -pi -e "s/MAILCLIENT/$MAILCLIENT/g; s/DNAME/$DNAME/g; s/MAILRELAY/$MAILRELAY/g" /etc/postfix/main.cf
- If $AUTHREQ is ‘true’ then:
- On the mail server set the same environment variables as defined earlier on the mail client.
- On the mail server create an account for the mail client:
adduser --no-create-home --shell /bin/false --disabled-password --gecos '' $MAILCLIENT echo -e "$RELAYPASSWD\n$RELAYPASSWD" | passwd $MAILCLIENT
- On the mail client run:
echo "$MAILRELAY $MAILCLIENT:$RELAYPASSWD" >> /etc/postfix/sasl_passwd postmap hash:/etc/postfix/sasl_passwd
- Add a suitable alias for root by running:
# Remove existing alias perl -0777 -pi -e 's/^root.*?\n//' /etc/aliases # Add new alias echo "root: $ROOTRCPT" >> /etc/aliases newaliases service postfix restart
- Test.
Boot screens
- Run:
perl -pi -e 's/(splashimage|hiddenmenu)/#$1/; s / rhgb quiet//' /boot/grub/grub.conf perl -pi -e 's/(mingetty)/$1 --noclear/' /etc/init/tty.conf
Applications
- Run:
yum install `sed -e 's/#.*//' -e 's/,//g' <<-EOF # Utils w3m, gpm, a2ps, apg, nmap, lshw, sqlite, rdiff-backup, subversion, less, rsync, screen, subversion, bc, telnet, time, jwhois, kpartx, usbutils, pciutils, wget, strace, traceroute, mdadm # p7zip-full is needed for unetboot p7zip-plugins p7zip EOF`
- Install ganglia-monitor by running:
yum install ganglia-gmond
User accounts
Applications in user accounts
Miscellaneous
- Complete the section of Configuring monitoring services using Icinga regarding installing client software.
- Create /usr/local/opt.
- Install ntp by running:
yum install ntpd chkconfig ntpd on service ntpd start
- To support PAA development:
- Install the following packages:
- rng-tools
and edit /etc/sysconfig/rngd to contain:
EXTRAOPTIONS="-r /dev/urandom"
- Install the following packages from EPEL:
- dpkg
- dpkg-devel
- Install the following packages:
Other storage
Backups
Outstanding issues
- package config screwed up:
spaghetti# AUTOPAA_MODE=client ./autopaa paa: WARNING: moving contents of /etc/yum.repos.d to /tmp/paa.1617.-etc-yum.repos.d (you should review them!) ... paa: INFO: centos: defining repository ... paa: INFO: debian-lenny-i386: defining repository ... paa: INFO: debian-squeeze: defining repository ... paa: INFO: debian-wheezy: defining repository ... paa: INFO: epel: defining repository ... paa: INFO: localprivate-deb: defining repository ... paa: INFO: localprivate-rpm: defining repository ... paa: INFO: localpublic-deb: defining repository ... paa: INFO: localpublic-rpm: defining repository ... paa: INFO: multimedia-lenny-i386: defining repository ... paa: INFO: multimedia-squeeze: defining repository ... paa: INFO: multimedia-wheezy: defining repository ... paa: INFO: scientificlinux: defining repository ... paa: INFO: virtualbox: defining repository ... paa: INFO: debian-security: defining repository ... paa: INFO: centos: changes detected; recompiling configuration ... paa: INFO: debian-lenny-i386: changes detected; recompiling configuration ... paa: INFO: debian-squeeze: changes detected; recompiling configuration ... paa: INFO: debian-wheezy: changes detected; recompiling configuration ... cat: epel.conf: No such file or directory paa: INFO: epel: changes detected; recompiling configuration ... paa: ERROR: epel: url: missing directive paa: INFO: localprivate-deb: changes detected; recompiling configuration ... paa: INFO: localprivate-rpm: changes detected; recompiling configuration ... paa: INFO: localpublic-deb: changes detected; recompiling configuration ... paa: INFO: localpublic-rpm: changes detected; recompiling configuration ... paa: INFO: multimedia-lenny-i386: changes detected; recompiling configuration ... paa: INFO: multimedia-squeeze: changes detected; recompiling configuration ... paa: INFO: multimedia-wheezy: changes detected; recompiling configuration ... paa: INFO: scientificlinux: changes detected; recompiling configuration ... paa: INFO: virtualbox: changes detected; recompiling configuration ... paa: INFO: debian-security: changes detected; recompiling configuration ... paa: INFO: spaghetti: registering host ... paa: INFO: centos: accessing ... paa: INFO: localprivate-rpm: accessing ... paa: INFO: localpublic-rpm: accessing ... spaghetti#
- mail got lost
- want automounter and NIS for user accounts
- does Ganglia need configuring?
- need Rocon
- Nagios