Version 20 (modified by 8 years ago) (diff) | ,
---|
Default CentOS 7 host
Disable
wpa_supplicant
: we do not need wireless networking tools.
lvm2
and lvm2-libs
: requires daemons, sometimes buggy ones such as dmeventd
. Do not install without reason. At some data centers, e.g. MPCDF, LVM is mandatory.
tuned
: undesirable?
NetworkManager
: only desirable for GUI interaction?
Run provisioning script
## Install default packages sudo yum update && ## Add the official Docker yum repository to get access to the latest Docker versions sudo tee '/etc/yum.repos.d/docker.repo' <<'EOF' [dockerrepo] name=Docker Repository baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/ enabled=1 gpgcheck=1 gpgkey=https://yum.dockerproject.org/gpg EOF ## Add the Fedora Extra Packages for Enterprise Linux (EPEL) yum repository ## http://www.rackspace.com/knowledge_center/article/install-epel-and-additional-repositories-on-centos-and-red-hat sudo yum makecache fast && ## Install IUS in addition to EPEL so that we can install a non-EOL CPython packages. ## See https://ius.io/#project-goals curl --fail -L --tlsv1.2 'https://setup.ius.io/' > '/opt/setup_ius.sh' && sudo sh /opt/setup_ius.sh && sudo yum install 'epel-release' 'git' 'docker-engine' 'unzip' 'mailx' 'tmux' 'tree' 'htop' 'rsync' 'python35u' sudo python3.5 -m 'venv' '/opt/venvs/docker-compose' /opt/venvs/docker-compose/bin/pip install --upgrade 'pip' 'docker-compose' ## From here on, you can use `. /opt/venvs/docker-compose/bin/activate` to run docker-compose. ## Create sysop users sudo useradd 'sanmai' && sudo usermod -aG 'wheel' 'sanmai' sudo useradd 'dietuyt' && sudo usermod -aG 'wheel' 'dietuyt' sudo useradd 'wilelb' && sudo usermod -aG 'wheel' 'wilelb' # TODO: why not let them set their own password, and only upload their SSH public key? ## Set passwords for the users: passwd <user> sudo -e '/etc/ssh/sshd_config' && ## Configure sshd in '/etc/ssh/sshd_config' ### No root login # PermitRootLogin no ### No username/password login # PasswordAuthentication no #forward mail from root to sysops@clarin.eu printf '%s\n' "root: sysops@clarin.eu" | sudo tee -a /etc/aliases && sudo newaliases && sudo service postfix restart ## Test the configuration printf '%s\n' 'test' | mail -s "test message from $(hostname)" root ## Enable services systemctl enable docker
Docker storage configuration:
Install Packer & recursive_packer_build
## Packer sudo mkdir -p '/opt/Packer/0.8.6/' && cd "$_" && sudo curl -O 'https://releases.hashicorp.com/packer/0.8.6/packer_0.8.6_linux_amd64.zip' && sudo unzip 'packer_0.8.6_linux_amd64.zip' && printf '%s\n' '#!/bin/sh -x' "pathmunge '/opt/Packer/0.8.6/'" | sudo tee '/etc/profile.d/Packer_PATH.sh' && sudo chmod +x '/etc/profile.d/Packer_PATH.sh' && ## recursive_packer_build cd '/srv/' && git clone 'https://github.com/sanmai-NL/recursive_packer_build' && printf '%s\n' '#!/bin/sh -x' ". '/srv/recursive_packer_build/recursive_packer_build.sh'" | sudo tee '/etc/profile.d/recursive_packer_build_source.sh' && sudo chmod +x '/etc/profile.d/recursive_packer_build_source.sh'