Version 23 (modified by 8 years ago) (diff) | ,
---|
Default CentOS 7 host
IUS packages overview: https://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/repoview/
1. Disable this
wpa_supplicant
: we do not need wireless networking tools.
lvm2
and lvm2-libs
: requires daemons, sometimes buggy ones such as dmeventd
. Do not install without reason. At some data centers, e.g. MPCDF, LVM is mandatory.
tuned
: undesirable?
NetworkManager
: only desirable for GUI interaction?
2. Run provisioning script
## Install default packages sudo yum update && ## Add the official Docker yum repository to get access to the latest Docker versions sudo tee '/etc/yum.repos.d/docker.repo' <<'EOF' [dockerrepo] name=Docker Repository baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/ enabled=1 gpgcheck=1 gpgkey=https://yum.dockerproject.org/gpg EOF ## Add the Fedora Extra Packages for Enterprise Linux (EPEL) yum repository ## http://www.rackspace.com/knowledge_center/article/install-epel-and-additional-repositories-on-centos-and-red-hat sudo yum makecache fast && ## Install IUS in addition to EPEL so that we can install a non-EOL CPython packages. ## See https://ius.io/#project-goals curl --fail -L --tlsv1.2 'https://setup.ius.io/' > '/opt/setup_ius.sh' && sudo sh /opt/setup_ius.sh && sudo yum install 'epel-release' 'git' 'docker-engine' 'unzip' 'mailx' 'tmux' 'tree' 'htop' 'rsync' 'python35u' && sudo python3.5 -m 'venv' '/opt/venvs/docker-compose' && /opt/venvs/docker-compose/bin/pip install --upgrade 'pip' 'docker-compose' && ## From here on, you can use `. /opt/venvs/docker-compose/bin/activate` to run docker-compose. ## Create sysop users sudo useradd 'sanmai' && sudo usermod -aG 'wheel' 'sanmai' sudo useradd 'dietuyt' && sudo usermod -aG 'wheel' 'dietuyt' sudo useradd 'wilelb' && sudo usermod -aG 'wheel' 'wilelb' # TODO: why not let them set their own password, and only upload their SSH public key? ## Set passwords for the users: passwd <user> sudo -e '/etc/ssh/sshd_config' && ## Configure sshd in '/etc/ssh/sshd_config' ### No root login # PermitRootLogin no ### No username/password login # PasswordAuthentication no #forward mail from root to sysops@clarin.eu printf '%s\n' "root: sysops@clarin.eu" | sudo tee -a /etc/aliases && sudo newaliases && sudo service postfix restart ## Test the configuration printf '%s\n' 'test' | mail -s "test message from $(hostname)" root ## Enable services systemctl enable docker
3. Docker storage configuration
4. Install collectd
5. Setting multiple IPv4 addresses
In /etc/sysconfig/network-scripts/ifcfg-eth0
:
# Generated by dracut initrd NAME="eth0" HWADDR="52:54:00:b1:a5:b9" ONBOOT=yes NETBOOT=yes UUID="f6b8e07f-d5c0-4729-bfc2-5f90cbfa06dd" IPV6INIT=no BOOTPROTO=dhcp TYPE=Ethernet #IPADDR0=37.97.154.156 IPADDR0=37.97.157.49 IPADDR1=37.97.157.50 NETMASK0=255.255.255.0 NETMASK1=255.255.255.0 #GATEWAY0=37.97.154.1 GATEWAY1=37.97.157.1
6. Install Packer & recursive_packer_build
## Packer sudo mkdir -p '/opt/Packer/0.8.6/' && cd "$_" && sudo curl -O 'https://releases.hashicorp.com/packer/0.8.6/packer_0.8.6_linux_amd64.zip' && sudo unzip 'packer_0.8.6_linux_amd64.zip' && printf '%s\n' '#!/bin/sh -x' "pathmunge '/opt/Packer/0.8.6/'" | sudo tee '/etc/profile.d/Packer_PATH.sh' && sudo chmod +x '/etc/profile.d/Packer_PATH.sh' && ## recursive_packer_build cd '/srv/' && git clone 'https://github.com/sanmai-NL/recursive_packer_build' && printf '%s\n' '#!/bin/sh -x' ". '/srv/recursive_packer_build/recursive_packer_build.sh'" | sudo tee '/etc/profile.d/recursive_packer_build_source.sh' && sudo chmod +x '/etc/profile.d/recursive_packer_build_source.sh'