Differences

This shows you the differences between two versions of the page.

--- linux:linux_install_centos7 [2021/01/01 21:25]
127.0.0.1 external edit
+++ linux:linux_install_centos7 [2023/11/07 21:04] (current)
manu
@@ Line 59: / Line 59: @@
 ===== Install additional packages =====
+Some alternatives commands exists natively
+  tracepath ==> traceroute
 Adapt the yum repositories in /etc/yum.repos.d/ to be able to reach the right repositories\\
 Add ntp and net-tools (for ifconfig command), and other utilities
@@ Line 78: / Line 81: @@
   yum -y install gmp                # copy/paste using mouse (in terminal)
   yum -y install screen             # start a terminal in background (in terminal)
+  yum -y install cloud-utils-growpart # growpart
 Also for NTFS USB keys you can download and install **ntfs-3g** package from EPEL
@@ Line 230: / Line 234: @@
 [    3.373209] vmxnet3 0000:0b:00.0 eno16780032: NIC Link is Up 10000 Mbps
 </cli>
-You can switch to the old naming convention eth0, eth1... by changing boot parameters:
+You can switch to the old naming convention eth0, eth1... by changing boot parameters (optional):
   grubby --update-kernel=ALL --args="net.ifnames=0 biosdevname=0"
+===== Remove interface vibr0 =====
+If not using libvirtd service then you may stop that service.
+<cli prompt='#'>
+[root@centos7 ~]# systemctl stop libvirtd.service
+[root@centos7 ~]# systemctl disable libvirtd.service
+</cli>
 ===== Stop IPV6 best practice =====
@@ Line 354: / Line 366: @@
 [root@dlp ~]# timedatectl set-timezone Pacific/Wallis
 </cli>
+====== Custom ======
+[root@rhlnx01 ~]# fdisk /dev/mapper/mpathi -l
+Disk /dev/mapper/mpathi: 40 GiB, 42949672960 bytes, 83886080 sectors
+Units: sectors of 1 * 512 = 512 bytes
+Sector size (logical/physical): 512 bytes / 512 bytes
+I/O size (minimum/optimal): 32768 bytes / 32768 bytes
+Disklabel type: dos
+Disk identifier: 0xdd417826
+Device              Boot   Start      End  Sectors  Size Id Type
+/dev/mapper/mpathi1 *       2048    22527    20480   10M 41 PPC PReP Boot
+/dev/mapper/mpathi2        22528  2080767  2058240 1005M 83 Linux
+/dev/mapper/mpathi3      2080768 83886079 81805312   39G 8e Linux LVM
+[root@rhlnx01 ~]# vgs
+  VG     #PV #LV #SN Attr   VSize  VFree
+  rootvg   1   7   0 wz--n- 39.00g 24.00g
+[root@rhlnx01 ~]# lvs
+  LV          VG     Attr       LSize Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
+  home        rootvg -wi-ao---- 1.00g
+  root        rootvg -wi-ao---- 3.00g
+  swap        rootvg -wi-ao---- 2.00g
+  tmp         rootvg -wi-ao---- 1.00g
+  usr         rootvg -wi-ao---- 4.00g
+  var         rootvg -wi-ao---- 3.00g
+====== Linux x86 installation --> Use deployment via with VCenter  ======
+All isos for installation are located in IsoScratch Datastore in VCenter:
+  * Navigate to ISO>LINUX>rhel-8.6-x86_64-dvd.iso.
+===== Base linux installation =====
+  * For installation target select a disk and choose either LVM, or BTRFS.
+  * Installation with GUI will be prefered instead of minimal which has very few number of packages.
+===== Nework configuration =====
+NMCLI to update network parameters, if not configured:
+<cli prompt='#'>
+[root@localhost ~]# nmcli general hostname
+localhost
+[root@localhost ~]# nmcli general hostname rhlnx01
+[root@rhlnx01 ~]# nmcli device status
+DEVICE  TYPE      STATE         CONNECTION
+eth0    ethernet  disconnected  --
+lo      loopback  unmanaged     --
+[root@rhlnx01 ~]# nmcli con show
+NAME  UUID                                  TYPE            DEVICE
+eth0  3d89591d-bc03-4299-80cf-645b97ce1812  802-3-ethernet  --
+[root@rhlnx01 ~]# nmcli con mod eth0 ipv4.addresses 10.10.10.10/16 ipv4.gateway 10.10.10.100
+[root@rhlnx01 ~]# nmcli con mod eth0 connection.autoconnect yes
+[root@rhlnx01 ~]# nmcli con mod eth0 ipv4.dns 10.10.10.2,10.10.10.1 ipv4.dns-search  "mydom.local"
+[root@rhlnx01 ~]# nmcli con mod eth0 ipv4.method manual
+[root@rhlnx01 ~]# nmcli con up eth0 ifname eth0
+[root@rhlnx01 ~]# nmcli -p con show eth0
+===============================================================================
+                       Connection profile details (eth0)
+===============================================================================
+connection.id:                          eth0
+connection.uuid:                        0fd0c630-a54e-4f01-a9fc-4d1c3c42921e
+connection.interface-name:              eth0
+connection.type:                        802-3-ethernet
+connection.autoconnect:                 yes
+connection.autoconnect-priority:        0
+connection.timestamp:                   1464786900
+connection.read-only:                   no
+....
+-------------------------------------------------------------------------------
+ipv4.method:                            manual
+ipv4.dns:
+ipv4.dns-search:
+ipv4.addresses:                         10.10.10.10/16
+ipv4.gateway:                           10.10.10.100
+ipv4.routes:
+....
+</cli>
+Add entry in /etc/hosts:
+<cli prompt='#'>
+[root@rhlnx01 ~]# cat /etc/hosts
+.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+.10.10.10 rhlnx01
+</cli>
+Update the time servers and start the chronyd demon if not enable
+<cli prompt='#'>
+[root@rhlnx01 ~]# cat /etc/chrony.conf
+# This loadbalancer server is defined in the installation:
+server ntp-server.local iburst
+...
+</cli>
+Enable/Start Chrony service:
+<cli prompt='#'>
+[root@rhlnx01 ~]# systemctl enable chronyd
+[root@rhlnx01 ~]# systemctl start chronyd
+[root@rhlnx01 ~]# systemctl status chronyd
+</cli>
+Check if Chrony service is synchronized:
+<cli prompt='#'>
+[root@rhlnx01 ~]# chronyc tracking
+Reference ID    : 00000000 ()
+Stratum         : 0
+Ref time (UTC)  : Thu Jan 01 00:00:00 1970
+System time     : 0.000000000 seconds fast of NTP time
+Last offset     : +0.000000000 seconds
+RMS offset      : 0.000000000 seconds
+Frequency       : 0.000 ppm slow
+Residual freq   : +0.000 ppm
+Skew            : 0.000 ppm
+Root delay      : 1.000000000 seconds
+Root dispersion : 1.000000000 seconds
+Update interval : 0.0 seconds
+Leap status     : Not synchronised #Means that it's not synchronised where as Normal would mean that everything is ok
+</cli>
+Time zone
+<cli prompt='#'>
+[root@rhlnx01 ~]# timedatectl set-timezone Europe/Luxembourg
+[root@rhlnx01 ~]# timedatectl
+      Local time: mar. 2015-10-27 14:12:13 CET
+  Universal time: mar. 2015-10-27 13:12:13 UTC
+        RTC time: mar. 2015-10-27 13:12:14
+       Time zone: Europe/Luxembourg (CET, +0100)
+     NTP enabled: yes
+NTP synchronized: yes
+ RTC in local TZ: no
+      DST active: no
+ Last DST change: DST ended at
+            dim. 2015-10-25 02:59:59 CEST
+            dim. 2015-10-25 02:00:00 CET
+ Next DST change: DST begins (the clock jumps one hour forward) at dim. 2016-03-27 01:59:59 CET
+            dim. 2016-03-27 03:00:00 CEST
+</cli>
+===== Firewall and SElinux =====
+==== If the firewall is required ====
+Minimum ports to open:
+/tcp (lpar2rrd agent)
+/tcp and 657/udp (HMC dynamic LPAR)
+List firewall rules
+<cli prompt='#'>
+[root@rhlnx01 ~]# firewall-cmd --list-all
+public (active)
+  target: default
+  icmp-block-inversion: no
+  interfaces: eth0 wlan0
+  sources:
+  services: dhcpv6-client ms-wbt
+  ports:
+  protocols:
+  masquerade: no
+  forward-ports:
+  source-ports:
+  icmp-blocks:
+  rich rules:
+</cli>
+Check the firewall status
+<cli prompt='#'>
+[root@rhlnx01 ~]# firewall-cmd --state
+running
+</cli>
+Add a rule
+<cli prompt='#'>
+[root@rhlnx01 ~]# firewall-cmd --add-service=http --zone=public --permanent
+[root@rhlnx01 ~]# firewall-cmd --add-port=1600/tcp --zone=public --permanent
+[root@rhlnx01 ~]# firewall-cmd --reload
+</cli>
+Example of minimum ports
+  firewall-cmd --list-all
+  firewall-cmd --add-port=10050/tcp --zone=public --permanent      # Zabbix
+  firewall-cmd --add-port=8162/tcp --zone=public --permanent       # LPAR2RRD
+  firewall-cmd --add-port=657/tcp --zone=public --permanent        # HMC dynamic LPAR
+  firewall-cmd --add-port=657/udp --zone=public --permanent        # HMC dynamic LPAR
+  firewall-cmd --add-port=5666/tcp --zone=public --permanent       # nagios
+  firewall-cmd --reload
+==== If no firewall is required ====
+Disable the firewall and SELINUX, if not required:
+<cli prompt='#'>
+systemctl stop firewalld
+systemctl disable firewalld
+</cli>
+==== Disable SElinux ====
+<cli prompt='#'>
+[root@rhlnx01 ~]# cat /etc/selinux/config
+SELINUX=disabled
+SELINUXTYPE=targeted
+[root@rhlnx01 ~]# reboot
+</cli>
+===== Change YUM repository =====
+On server, change the repository files to use repository from reposerver:
+<cli prompt='#'>
+[root@rhlnx01 ~]# cd /etc/yum.repos.d
+[root@rhlnx01 ~]# cat CentOS-Base.repo
+# CentOS-Base.repo
+#
+# The mirror system uses the connecting IP address of the client and the
+# update status of each mirror to pick mirrors that are updated to and
+# geographically close to the client.  You should use this for CentOS updates
+# unless you are manually picking other mirrors.
+#
+# If the mirrorlist= does not work for you, as a fall back you can try the
+# remarked out baseurl= line instead.
+#
+#
+[base]
+name=CentOS-$releasever - Base
+baseurl=http://reposerver/linux/altarch/7.6.1810/os/ppc64le/Packages/
+enabled=1
+gpgcheck=0
+#released updates
+[updates]
+name=CentOS-$releasever - Updates
+baseurl=http://reposerver/linux/altarch/7.6.1810/updates/ppc64le/Packages/
+enabled=1
+gpgcheck=0
+[root@lnxb082 yum.repos.d]# cat ibmtools.repo
+# CentOS-Base.repo
+#
+# The mirror system uses the connecting IP address of the client and the
+# update status of each mirror to pick mirrors that are updated to and
+# geographically close to the client.  You should use this for CentOS updates
+# unless you are manually picking other mirrors.
+#
+# If the mirrorlist= does not work for you, as a fall back you can try the
+# remarked out baseurl= line instead.
+#
+#
+[ibmtools]
+name=CentOS-$releasever - IBMtools
+baseurl=http://reposerver/linux/ibmtools/centos/ppc64le
+enabled=1
+gpgcheck=0
+</cli>
+Then update using the new defined repository
+<cli prompt='#'>
+[root@rhlnx01 ~]# dnf update
+</cli>
+===== Additionnal packages to install =====
+<cli prompt='#'>
+dnf  -y install mailx
+dnf  -y install ksh
+dnf  -y install rear               #Relax-and-Recover like mksysb
+dnf  -y install nfs-utils
+dnf  -y install lshw
+dnf  -y install psmisc             #(pstree,fuser)
+dnf  -y install chrony             #replacement for ntpd
+dnf  -y install telnet             #(client only useful to debug)
+dnf  -y install net-tools          #(ifconfig, arp, netstat)
+dnf  -y install lsof
+dnf  -y install mlocate            #(locate)
+dnf  -y install bind-utils         #(host, nslookup)
+dnf  -y install sg3_utils          #(scsi-rescan)
+dnf  -y install nmap-ncat          # nc command
+dnf  -y install nmon               # perf tool command line
+dnf  -y install lpar2rrd-agent     # perf tool LPAR2RRD
+dnf  -y install yum-utils          # needs-restarting, reposync
+dnf  -y install cloud-utils-growpart  # growpart utility to increase partitions size
+</cli>
+Check if reboot is needed after packages installation:
+<cli prompt='#'>
+needs-restarting
+</cli>
+===== Creating Users =====
+Keep a reference table ID for user and group to use always the same on each server !!! Very important on UNIX/Linux
+<cli prompt='#'>
+groupadd -g 600 nagios
+groupadd -g 601 nrpe
+useradd -u 600 -c "Nagios User" -g nagios -d /var/spool/nagios -s /sbin/nologin nagios
+useradd -u 601 -c "NRPE user" -d /var/run/nrpe -g nrpe -G nagios -s /sbin/nologin nrpe
+</cli>
+Create a user
+<cli prompt='#'>
+useradd -u 4000 -c 'My first user' -g users -G users,admin user01
+</cli>
+Change all files owner for a user or group
+You can change user ID and group ID directly into /etc/passwd and /etc/group
+<cli prompt='#'>
+find / -user 1000 -exec chown user01 {} \;
+find / -group 1000 -exec chgrp users {} \;
+</cli>

wiki

User Tools

Site Tools

Differences

Page Tools