% CentOS Download, Installation in VMware, and Configuration % Ian! D. Allen - - [www.idallen.com] % Fall 2014 - September to December 2014 - Updated Mon Feb 9 02:07:41 EST 2015 Overview for CentOS VMware Installation ======================================= > This document uses the VMware Workstation virtualization software. For a > guide to installing CentOS using the free **VirtualBox** virtulalization > software, see the [VirtualBox CentOS Installation Guide HTML]. - You will create a VMware Workstation Virtual Machine running a minimal server-style installation of Linux CentOS version 6.6 (\~339MB minimal installation, no GUI) using the instructions below. This is *not* a Desktop system. - For full information on this minimal installation, read the [CentOS MinimalCD 6.5 Release Notes]. (The 6.6 minimal release notes are missing in November 2014; read the 6.5 notes instead.) - [CentOS] creates versions of Red Hat Enterprise Linux, with Red Hat trademarks and images removed to allow free distribution. They recently became partners with Red Hat “to provide a common platform for open source community project needs”. - Installing and configuring a server (not Desktop) CentOS operating system requires significant Linux expertise. You may not initially know the meaning of all the instructions you must follow, below. By the end of the course, you will know what everything means. - Failure to follow these instructions exactly may lead to future penalties, as we need the exact configuration listed here. - Do not install extra packages or software in this CentOS virtual machine. If you want to experiment, create a separate non-course clone to use. > If you want to play with an easy-install desktop version of Linux, don’t do > it using the system you will install in this document. This document > installs a *server* system, not a *Desktop* system. A Desktop system should > be something graphical and desktop-friendly such as [Ubuntu] or [Mint]. > You can’t use the CentOS system in this document as a Desktop system. This > document is configuring a minimal, non-GUI, **server** version of Linux. Using Other Virtualization Software ----------------------------------- You can use any virtualization software you like to create and run this server-style CentOS virtual machine, e.g. VirtualBox, Parallels, etc., but faculty only fully support questions about **VMware** (and maybe a little bit of **VirtualBox**). It’s what we know. It isn’t the virtualization software that’s important; it’s the running CentOS virtual machine. I don’t recommend running CentOS directly on your hardware; you lose all the snapshot and backup features available in a Virtual Machine. Don’t do it. Download `CentOS-6.6-i386-minimal.iso` ============================================ **We don’t recommend trying to download large software images over wireless. Find a network jack and plug in.** > You can start this ISO download process and wait for it to finish while you > move on to the next step to [Create an Empty Virtual Machine] In this section, you will download the `CentOS-6.6-i386-minimal.iso` to your machine. It **must** be the `CentOS-6.6-i386-minimal.iso`, no other version is acceptable for this server. You can get the `CentOS-6.6-i386-minimal.iso` image from one of the following places. We recommend that you choose the first or second one if you are on campus; they are the fastest. Download Method 1 (best): From the on-campus CSTECH Downloads Folder -------------------------------------------------------------------- This method only works on the Algonquin campus, using the private IP address of the CSTECH web site. **Use a wired connection to download big files such as ISO images; don’t use wireless!** 1. On your laptop use a browser to go to the Web site at the private IP address on campus. (This only works **ON CAMPUS**!) 2. Choose any room from the left side-bar (e.g. T108). Go to **Drivers and Downloads**, **Linux**, **CentOS**, **CentOS-6.6-i386-minimal** 3. Choose and download exactly this `355467264`-byte (`339MB`) ISO file: [`CentOS-6.6-i386-minimal.iso`] 4. Also download the [`CentOS-6.6-i386-minimal-MD5sum.txt`] file containing the **md5sum** file checksum hash. Download Method 2 (best): From the on-campus Course Linux Server ---------------------------------------------------------------- This method only works on the Algonquin campus, using the private IP address of the [Course Linux Server]. **Use a wired connection to download big files such as ISO images; don’t use wireless!** 1. On your laptop use a browser to go to the Web site at the private IP address on campus. (This only works **ON CAMPUS**!) 2. Choose and download exactly this `355467264`-byte (`339MB`) ISO file: [`CentOS-6.6-i386-minimal.iso`][1] 3. Also download the text file [`md5sum.txt`] file containing the **md5sum** file checksum hash. Download Method 999 (worst): From the Internet (slow) ----------------------------------------------------- This is much slower than the above on-campus methods. Use this Internet method only if you have to (i.e. you are off-campus): 1. **Don’t use this method on campus – it’s much slower than the on-campus methods, above.** 2. On your laptop use a browser to go to the Web site . 3. On the bottom of the page, select the **Older Versions** button . 4. On the **Download CentOS ISO images** page, select the **CentOS-6 i386** button . 5. Pick a nearby HTTP mirror from the list of `/i386/` mirrors. 6. In the **Index of `/centos/6.6/isos/i386`** find the ISO named `CentOS-6.6-i386-minimal.iso` to download: 7. Choose and download exactly this `355467264`-byte (`339MB`) ISO file: `CentOS-6.6-i386-minimal.iso` 8. Also download the `md5sum.txt` file containing the **md5sum** file checksum hashes. Verify the Downloaded ISO ========================= To verify the downloaded CentOS ISO, you must get a copy of the checksum file from the same CentOS folder where you found the i386 (32-bit) ISO image. 1. Verify that you have the exact ISO file named `CentOS-6.6-i386-minimal.iso` that is `355467264` bytes (`339MB`). 2. To verify the download, you will need some form of checksum program that runs on your local computer that can calculate **md5** or **sha** hashes. Unix/Linux/OSX machines already have the `md5sum` command available (sometimes called just `md5` on OSX); you don’t need to download anything; read the `man` page or just run `md5sum` (or `md5`) followed by the ISO image name and compare the number with the number saved in the checksum hash file. For Windows users, one suggestion to use (thanks Richard!) is [**HashTab**]: a. Windows only: Download and install [**HashTab**] for Windows. (Unix/Linux/OSX users don’t need this program.) b. Copy the desired checksum hash to the clipboard (e.g. from the `md5sum.txt` file). c. Right click in the file you wish to verify, i.e. select your ISO image `CentOS-6.6-i386-minimal.iso` d. Click **Properties** and then **file hashes**. - It will compare the hashes to the one(s) in your clipboard. - MD5 and SHA-1 are the defaults, but it can be customized to include others. 3. Verify the checksum hash of the ISO file against the checksum hash recorded in any of the checksum files located in the same folder. (For example, open `md5sum.txt` and locate the checksum for your ISO file and compare it with the checksum of the ISO file you downloaded.) > Sysadmin Tip for Windows users: You can install the free [**Cygwin**] > package on your own Windows laptop to get BASH and all the Unix tools for > Windows, including `md5sum`, `find`, etc. MacOSX users already have most of > the tools installed and available in any **Terminal** window. Create an Empty Virtual Machine in VMware ========================================= These detailed instructions are for **VMware** Workstation Version 10. You may use any other virtualization software you like, e.g. see the [VirtualBox CentOS Installation Guide HTML], but you’re on your own if things go wrong. In this section, you will first create an empty Linux **32bit** CentOS-compatible Virtual Machine with no operating system installed. You can do this while you are waiting for your CentOS minimal `CentOS-6.6-i386-minimal.iso` to download. VMware Workstation will try to guide you into an “Easy” or automatic install; you must *not* do an Easy/automatic install. **Do *not* let VMware use “Easy Install”!** 1. Start VMware on your machine. Any version of VMware since Version 8 should work. These instructions were prepared with Version 10. 2. Choose **Create a New Virtual Machine** or **File | New Virtual Machine**. 3. **Welcome to the New Virtual Machine Wizard:** - Choose **Typical (recommended)**. - **Typical** asks fewer questions than the full **Custom** install - Click **Next**. 4. **Guest Operating System Installation:** - Choose: **I will install the operating system later** - “The virtual machine will be created with a blank hard disk.” - Do *not* let VMware use “Easy Install”! - *Do **not** let VMware use “Easy Install”!* - **Do *not* let VMware use “Easy Install”!** - Click **Next**. 5. **Select a Guest Operating System:** - Chose: **Linux** and then Version **CentOS** - **Do *not* choose 64 bit!** - If the installation is asking you to create a userid for this step, then you need to start over: **Do *not* let VMware use “Easy Install”!** - Click **Next**. 6. **Name the Virtual Machine:** - If your course and term is **CST1234** and **14F**, then use the name `CST1234-14F-CentOS-6` (no spaces). - You may want to change the **Location** if you keep your VMware images in a different folder on your host machine, otherwise leave **Location** unchanged. - You can invent your own virtual machine name, if you prefer. - Click **Next**. 7. **Specify Disk Capacity:** - Enter **2** GB (actually type the number `2` into the box) - If asked, say: **Store virtual disk as a single file (Monolithic)** - Click **Next**. 8. **Ready to Create Virtual Machine**: confirm these important settings: Operating System: CentOS Hard Disk: 2 GB, Monolithic Memory: 1024 MB - Click **Finish**. 9. **Virtual Machine Created**: - Click **Close** to close the New Virtual Machine Wizard. 10. In the VMware **VM | Settings | Hardware** page for this virtual machine: a. Select the **Network Adapter** and under **Network Connection** choose **NAT: Used to share the host’s IP address** b. Select the **Sound Card** and un-check everything. c. Select the **USB Controller** and un-check everything. d. Click **Save** or **OK**. To confirm your settings: In VMware, select menu **VM | Settings** to open **Virtual Machine Settings** and look under the **Hardware** tab to confirm: Memory: 1024 MB (or 1GB) Processors: 1 Hard Disk: 2GB Network Adapter: NAT In the same **VM | Settings** window (“**Virtual Machine Settings**”), go to the **Options | General** tab and confirm: Guest Operating System: Linux Version: CentOS If you don’t see the above settings, delete this virtual machine and start over. Install the CentOS 6 Operating System ===================================== After you have downloaded and verified the checksum of the 32-bit ISO file `CentOS-6.6-i386-minimal.iso`, you can next follow these instructions below to install this minimal 32-bit CentOS ISO image into your empty CentOS virtual machine that you just created above. 1. The installation software requires more memory than the running CentOS server. If you are installing or re-installing your system, set your VM Memory to **1024MB** (1 GB) before you continue. 2. Connect your downloaded and checksum-verified `CentOS-6.6-i386-minimal.iso` ISO to your VMware virtual CD/DVD drive using the **VM | Settings**, **Hardware | CD/DVD** device page: a. On the CD/DVD device page, under **Device Status** check **Connect at power on**. b. On the CD/DVD device page, select radio button **Use ISO image file:** and browse to the location of your downloaded CentOS ISO file and select it and **Open** it. c. Select **Save** or **OK**. 3. With the downloaded CentOS ISO connected to the CD/DVD of your virtual machine, in your VMware Workstation screen select **Power on this Virtual Machine** or **Start up this guest operating system**. You should see a blue CentOS 6 screen with the title **Welcome to CentOS 6.6!** and five menu entries: ![CentOS 6 Welcome] 4. Put aside your mouse for the moment – the next few configuration steps must be done using the keyboard: a. The first menu entry **Install or upgrade an existing system** is the one that will be chosen as the **Automatic boot** when the 60-second time-out expires. You can use the keyboard **Up/Down** arrow keys to move the cursor up and down to stop the time-out or choose some other menu entry. b. Use the arrow keys to choose the first menu entry **Install or upgrade an existing system** and push **Enter**. (This will happen automatically when the 60-second time-out occurs.) c. Watch many Linux kernel messages stream by in black-and-white. 5. You will see a text screen titled **Welcome to CentOS for i386** containing a box titled `Disc Found` and asking you if you want to test the media: ![CentOS 6 Disc Found] 6. In **Disc Found** use the Space bar to select the OK choice. You will see another box titled **Media Check**. 7. In **Media Check** use the Space bar to select **Test**. The result must be **Success** or else your ISO file is corrupt and needs to be removed and downloaded again. 8. In **Success** use Space to select **OK**. - You will see a box saying **Media ejected**. - This is dumb. Now we have to reconnect the ISO file! 9. Release your cursor from the virtual machine and go back to the VMware **VM | Settings**, **Hardware | CD/DVD** device page: a. Under the CD/DVD **Device Status** section check **Connected**. b. Select **Save** or **OK**. c. Go back to your CentOS virtual machine console. d. (You can also connect the CD using right-click on the CD/DVD icon in the bottom right and select **Connect**.) 10. After re-connecting the CD, go back to the **Media ejected** box and use Space to select OK. You will see another **Media Check** box asking you about testing additional media. Make sure the ISO file is connected to your CD/DVD before you continue from this step. 11. In this **Media Check** box, use the TAB key to select **Continue** and then the Space bar to activate Continue. a. It should say **Media detected** and **Found local installation media** and then you should see a graphical CentOS 6 screen with a **Next** button on it (see below). b. If it says **Error** and it can’t find the CentOS installation disc, you forgot to reconnect the ISO file to your CD/DVD device, above. Connect the ISO and try again. c. If you only see a blue/gray text screen saying **Welcome to CentOS!**, you forgot to increase the Memory to 1024MB for the installation. Power off, do that, and try again. ![CentOS 6 Splash Screen] 12. On the CentOS 6 page, the mouse is working again. Use it or Space to select the **Next** button. You should see a **What language** page. 13. On the **What language** page use the default English selection. (You may be tempted to chose your own non-English language, but if you do so your Instructor will not be able to help you with any problems. Always use the default English language.) Select **Next**. 14. On the **Select the appropriate keyboard** page use the default **U.S. English** keyboard. Select **Next**. 15. On the **What type of devices** page use the default **Basic Storage Devices**. Select **Next**. 16. On the **Storage Device Warning** page select **Yes, discard any data**. (If you are re-installing your system, you will instead see here an **At least one existing installation** page that asks you to either overwrite or upgrade your existing installation. Choose appropriately.) 17. On the **Please name this computer** page: a. For **Hostname:** enter your eight-character Algonquin Blackboard userid (all lower-case). b. Select **Next**. 18. On the **Please select the nearest city** page: a. Select `America/Toronto` as the city for the time zone. b. Turn *off* **System clock uses UTC**. Un-check this box. c. Select **Next**. 19. On the **The root account** page enter (twice) a `root` account [password that you can remember]. Keep it simple – this is a low-security student course machine and not a high-security bank! Select **Next**. 20. On the **Which type of installation** page select **Create Custom Layout**. We are going to use a simple two-partition system instead of the default (and more complex) Logical Volume Manager layout. Select **Next**. 21. On the **Please Select A Device** page click on the **Free 2047** line then click on **Create**. (If you are re-installing your system, you will first need to select each existing partition and Delete it to make the free space.) a. On the **Create Storage** page use the default **Standard Partition** then click on **Create**. b. On the **Add Partition** page: i. Use the drop-down list for **Mount Point:** and select `/` (the ROOT). ii. Leave the **File System Type** as `ext4`. iii. Type `1500` into the **Size (MB)** box. iv. Check **Force to be a primary partition** v. Select **OK**. c. You should now have a ROOT (`/`) partition of type `ext4` size 1500 on `sda1`. Delete this partition and start over if this is not true. 22. On the **Please Select A Device** page click on the **Free 547** line then click on **Create**. a. On the **Create Storage** page use the default **Standard Partition** then click on **Create**. b. On the **Add Partition** page: i. Ignore the Mount Point. ii. Change the **File System Type** to `swap`. iii. Ignore the **Size (MB)** box. iv. Check **Fill to maximum allowable size** v. Check **Force to be a primary partition** vi. Select **OK**. c. You should now have a swap partition on `sda2` size 547. Delete this partition and start over if this is not true. On the **Please Select A Device** page, there should be no free space left: ![CentOS 6 Partitions] 23. After confirming the above two partitions and sizes, on the **Please Select A Device** page click on **Next**. 24. On the **Format Warnings** page click **Format**. This completely wipes your Linux virtual disk, not your host machine’s disk. 25. On the **Writing storage configuration to disk** page click **Write changes to disk**. 26. On the **Install boot loader page** page leave the default setting checked (**Install boot loader on `/dev/sda`**) and click **Next**. It should say **Installation starting**. 27. You should see a progress bar saying **Packages completed** as exactly 204 CentOS packages are installed into the system. (If the number is not exactly 204, you are using the wrong ISO image.) The 204-package installation should take less than five minutes. ![CentOS 6 Install Packages] 28. On the **Congratulations, your CentOS installation is complete** page select **Reboot**. Some Linux kernel shutdown messages will print on the console, then the virtual machine will reboot. 29. The system should reboot into a black login screen with the banner `CentOS release 6.6 (Final)` and a login prompt preceded by the hostname of the machine, similar to this: CentOS release 6.6 (Final) Kernel 2.6.32-504.el6.i686 on an i686 abcd0001 login: The machine name in front of the `login:` prompt should be your own Blackboard userid, not `abcd0001`. Verify Correct CentOS Installation ---------------------------------- 1. Log in on the black text console as the user `root` with the password that you remembered from the above installation. - If the login doesn’t work, go back and read all the words in the previous sentence, especially the words starting with the letter `r`. Run the following installation verification commands. Your CentOS installation must pass all of the following verification steps: 2. Run: `hostname` and verify that it prints your eight-character Blackboard userid as the machine name. 3. In text file `/etc/sysconfig/network` verify that the `NETWORKING` variable is set to `yes` and the `HOSTNAME` variable is set to your Blackboard userid. 4. Run: `fdisk -clu` and verify that your Disk `/dev/sda` is `2147 MB` and that the disk partitions `/dev/sda1` and `/dev/sda2` have `1,536,000` and `560,128` blocks (a block is 1024 bytes). It should look almost exactly like the following, except your machine name and `Disk identifier` number will differ: [root@abcd0001 ~]# fdisk -clu Disk /dev/sda: 2147 MB, 2147483648 bytes 255 heads, 63 sectors/track, 261 cylinders, total 4194304 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System /dev/sda1 * 2048 3074047 1536000 83 Linux /dev/sda2 3074048 4194303 560128 82 Linux swap / Solaris 5. Run: `rpm -q -a | wc -l` and verify that you have exactly `204` packages installed. 6. Run: `df -h` and verify that your `/dev/sda1` virtual disk partition mounted on `/` (the ROOT) has a **Size** of `1.5G` (ignore the other sizes – they may differ slightly): [root@abcd0001 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 1.5G 578M 793M 43% / tmpfs 504M 0 504M 0% /dev/shm 7. Run: `swapon -s` and verify that partition `/dev/sda2` is listed as an active swap partition: [root@abcd0001 ~]# swapon -s Filename Type Size Used Priority /dev/sda2 partition 560124 0 -1 8. In text file `/etc/sysconfig/clock` verify that the `ZONE` is set to local time zone `America/Toronto` - If this is not true, see [Appendix II] You may need to delete this virtual machine and re-install if any of the above numbers or verification steps are wrong. Redo your installation or consult with your instructor if any of the above verification commands don’t give the expected output. Networking is not enabled on this server yet. It is a good idea to configure your system a bit before enabling networking, so we will enable networking later, after doing some configuration. Snapshot your Fresh Installation ================================ Make sure your CentOS virtual machine passes the all above verify steps before saving it! 1. Shut down your CentOS machine by typing: `shutdown -h now` - You will see some Linux kernel messages on the VMware console before the machine powers off. - **NEVER** power off a Linux machine using the VMware Power button! - **ALWAYS** safely power off a Linux machine using `shutdown`! - Ignore any warnings about VMware Tools. 2. In the VMware **VM | Settings | Hardware** page for this virtual machine: a. Change the **Memory** from `1024MB` down to `256MB`. Say OK. - You will need to put Memory back up to 1024MB if you need to re-install the system from CD. - Keeping system memory small (e.g. 256MB) makes snapshots of running systems smaller and faster. b. Select the **Network Adapter** and under **Network Connection** choose **NAT: Used to share the host’s IP address** (You should have already done this when creating the VM.) c. Select the **Sound Card** and un-check everything. (You should have already done this when creating the VM.) d. Select the **USB Controller** and un-check everything. (You should have already done this.) e. Select **Save** or **OK**. 3. Use VMware (or your virtualization software) to create a Snapshot of your new VM. In VMware use **VM | Snapshot | Take snapshot…**. Label the Snapshot **Fresh Minimal Installation** and enter a dated comment explaining how you created it and what installation parameters you used: a. Minimal ISO: `CentOS-6.6-i386-minimal.iso` b. Memory `256MB` c. Disk `2GB` d. `NAT` networking (not bridged). e. Hostname `abcd0001` (should be your Blackboard userid) f. Standard `204` packages g. No network enabled at boot time 4. Open the **VM | Snapshot | Snapshot Manager** to confirm your snapshot. - You will have this snapshot to come back to if you ever need it. 5. If you have taken a successful snapshot, close the snapshot manager. Problems with Snapshots of Running Systems ========================================== A snapshot of a running (not fully shut down) system is quick to resume if you ever need to go back to it, but a running snapshot has some potentially serious problems: 1. Snapshots take more space if you take them when the machine is running, since the snapshot has to save all the system memory. Snapshots are smaller if you take them of a system that is powered off. 2. Often you need to restore a snapshot and also make some **VM | Settings** changes. If you snapshot a running system, then you have to shut it down every time you restore it when you want to make **VM | Settings** changes. Better to create the snapshot of the powered-off system. 3. A snapshot of a running system can only safely be resumed (restarted) on the system that created it, or a system running a similar CPU type. You cannot safely back-up the running snapshot files onto a different CPU type and resume it there. A snapshot of a running system may be useless if you try to restart it on a different computer, such as might happen if your laptop computer fails and you need to borrow another. When possible, make your important snapshots of virtual machines that are actually powered off. You can make intermediate snapshots of running machines just before you make an important change, but you should consider deleting these temporary snapshots after you confirm that the change was successful. Configure CentOS ================ > References to man pages in this document will be to **CentOS** man pages, > not **CLS Ubuntu** man pages. Since **CentOS** Linux and **Ubuntu** Linux > are different distributions, from different vendors, they sometimes have > different documentation and programs. This configuration section assumes you are starting your configuration from the **Fresh Minimal Installation** snapshot from the previous section. Before you begin, you need to understand some terms. These next few points are not action items; they are for your information; there is nothing you need to type yet. Make note of these things: A. When it says **back up a file** below, it means copy the file, preserving time and owner information, into the *same* directory with a `.bak` suffix on the file name, for example: $ cp -p /foo/bar /foo/bar.bak $ cp -p /some/path/name/file /some/path/name/file.bak $ cd /some/very/very/very/long/path/name ; cp -p conf conf.bak You may find this shell alias useful: `alias cp='cp -p -i'`\ but remember that aliases are not saved when the shell exits. B. When it says **edit a file** below, it means use the `vi` (not `vim`) text editor to read the original file, make some changes, and then save the file. (Don’t forget to save the changes!) - Servers, including this one, don’t have any other text editors. - Every Unix/Linux system has a basic version of `vi` installed. - You need to know how to use basic `vi` text editor commands to open a file, edit it, and save it. - The `vim` editor is named `vi`, not `vim` on CentOS. - **Remember to edit the *original* file, not the back-up file.** C. When it says **comment out** a line of text below, it means insert a comment character (usually `#`) at the very start (left end) of the line. - e.g. change the line `hiddenmenu` to `#hiddenmenu` or change the line `alias rm='rm -i'` to `#alias rm='rm -i'` - The comment character at the start of the line turns the whole line into a *comment* – something that the program reading the file will ignore. **Remember to preserve modification times on all files copied!** Boot the Fresh Minimal Installation snapshot -------------------------------------------- 1. Boot (power on) your **Fresh Minimal Installation** snapshot from the previous section. Make the configuration changes below to your **Fresh Minimal Installation** virtual machine. 2. Log in as the `root` user on the black text console, as you did before. 3. Review the above points **A.**, **B.**, and **C.** so that you know what **back up**, **edit**, and **comment out** mean. 4. Create your alias for `cp` to preserve modify times so that you don’t forget: `alias cp='cp -i -p'` Enable CentOS networking ------------------------ Networking is not yet enabled on boot. We will enable it now, so that you can connect to your CentOS system using a proper SSH connection instead of using the limited VMware system console: 1. Run: `ifconfig eth0` and make sure it doesn’t say `device not found`. - If it says `device not found` for `eth0`, see [Appendix III] on how to rename the interfaces to get `eth0` back. 2. Back up the file `/etc/sysconfig/network-scripts/ifcfg-eth0` then edit the original file and change the `ONBOOT` variable setting from `ONBOOT=no` to `ONBOOT=yes` - Always edit the original file, not the back-up file! - When you are done, display the original file and make sure `ONBOOT=yes` - Use the `diff` command to compare the back-up file with the edited original file and make sure only *one* line has changed:\ `cd /etc/sysconfig/network-scripts ; diff ifcfg-eth0.bak ifcfg-eth0` 3. Run: `service network restart`\ to enable the new networking settings. - See the example commands and output given below. - You should now see several lines including two lines for `eth0`:\ `Bringing up interface eth0:` and\ `Determining IP information for eth0... done. [OK]` - If you don’t see `done`, you have network connection problems: Your machine may be unable to get a `DHCP` IP address. See [Network Diagnostics]. 4. Confirm that you have a working IP address on `eth0` (see the example commands and output given below): a. Run: `ifconfig eth0 | fgrep 'inet addr'`\ and see one line of output containing your system local IP address (your `inet addr`). b. **Write down this local IP address; you will need it shortly.** c. Run: `ip route | fgrep 'default'`\ and see one line of output containing your default gateway IP address. d. Run: `ping -c 1`*X.X.X.X*\ where *X.X.X.X* is your default gateway IP address. e. Look for `0% packet loss`. (This may not work if you are using Bridged networking on-campus at Algonquin College because the ITS department blocks `ping`.) f. If you don’t see `0% packet loss`, you have network connection problems. See [Network Diagnostics]. Sample output for the above commands is given below – your hostname and CentOS local IP addresses (write it down) will differ: [root@abcd0001 ~]# fgrep 'ONBOOT' /etc/sysconfig/network-scripts/ifcfg-eth0 ONBOOT=yes [root@abcd0001 ~]# service network restart Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Determining IP information for eth0... done. [ OK ] [root@abcd0001 ~]# ifconfig eth0 | fgrep 'inet addr' inet addr:192.168.9.141 Bcast:192.168.9.255 Mask:255.255.255.0 [root@abcd0001 ~]# ip route | fgrep 'default' default via 192.168.9.254 dev eth0 [root@abcd0001 ~]# ping -c 1 192.168.9.254 PING 192.168.9.254 (192.168.9.254) 56(84) bytes of data. 64 bytes from 192.168.9.254: icmp_seq=1 ttl=64 time=1.78 ms --- 192.168.9.254 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 2ms rtt min/avg/max/mdev = 1.780/1.780/1.780/0.000 ms Make sure the `ping` shows `0% packet loss` (unless you are at Algonquin College, using Bridged networking, and `ping` is being blocked by ITS, sorry). Did you write down your **CentOS local IP address** (not your default gateway address)? You will need it later. > If your virtual machine is using **bridged** networking instead of the > recommended **NAT** networking, then the IP address of your CentOS virtual > machine may change depending on the network of your host O/S. If you use > **bridged** networking, you will need to use `service network restart` and > `ifconfig` to restart your network every time you resume your VM or the > network of your host O/S changes. Using **NAT** networking, the CentOS > local IP address should be stable and this restart and reconfiguration > shouldn’t be necessary. Setting the SSH login banner ---------------------------- You will remember that when you log in to the CLS using the SSH protocol, you first see a banner announcing `COURSE LINUX SERVER`. We will enable a similar banner for our CentOS virtual system, so that we know to which machine we are connecting: 1. Back up the file `/etc/ssh/sshd_config` then edit the original file: - Find the line containing `#Banner` (It’s around line 129 in the file.) - This line is commented out with `#` at the start; it does nothing. - Un-comment this line: remove the comment `#` from the line. - Change the file name from `Banner none` to: `Banner /etc/issue.net` - Use the `diff` command to compare the back-up file with the edited original file and make sure only *one* line has changed:\ `diff /etc/ssh/sshd_config.bak /etc/ssh/sshd_config` - Make sure the line does not start with the comment character. 2. Restart your CentOS SSH service to use the new banner: `service sshd restart` 3. Using the commands below, verify that an SSH connection shows the new banner by using the `ssh` command in CentOS to connect to the loopback `localhost` address of your CentOS VM: - You may be asked to accept the new connection: say `yes` - Verify that you see the SSH banner: `CentOS release 6.6 (Final)` - You don’t need to log in, so just use `^C` to interrupt the root password prompt: [root@abcd0001 ~]# ssh localhost The authenticity of host 'localhost (::1)' can't be established. RSA key fingerprint is 1d:1c:b2:7e:fe:b9:87:e8:89:71:bf:dd:ca:31:49:3b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. CentOS release 6.6 (Final) Kernel \r on an \m root@localhost's password: ^C [root@abcd0001 ~]# ssh localhost CentOS release 6.6 (Final) Kernel \r on an \m root@localhost's password: ^C Whenever you attempt to connect to your CentOS virtual machine using SSH, make sure you see the above banner text. If you don’t see the banner, you are not connecting to the right IP address! > Feel free to edit the file `/etc/issue.net` to contain any text that you > would like to see as a banner. You might delete the `Kernel` line and > replace it with something of your own, e.g. `Hello Linux People!` Use an SSH connection instead of the console -------------------------------------------- > These SSH instructions below are for **VMware** users. If you are using > **VirtualBox** virtulalization software, see the section “Using SSH to > connect to your VirtualBox VM” in [VirtualBox CentOS Installation Guide > HTML][2]. The VMware console that we have been using has very limited functionality. You can’t resize it, change the console colour, or font size, or copy and paste text into it easily from your host machine. Instead of using this console to work on the machine, we will do what most system administrators do and connect to the machine using a terminal program of our choice and the standard SSH protocol. CentOS already has the SSH programs installed and running that enable us to do this; we verified that in the previous section where we set the login banner. To connect to your CentOS virtual machine using the SSH protocol, users with a Windows host O/S might choose to run the **PuTTY** terminal program (as you do when connecting to the CLS); users with a Linux or MacOSX host O/S will use a standard terminal and the `ssh` command. > Sometimes the networking set-up on your host operating system does not > permit you to connect to the network addresses of your virtual machines. > You may have a firewall setting that blocks access. If that is true, the > following won’t work and you’ll have to consult the manual for your host > operating system on how to enable network access to the IP addresses of > your virtual machines. 1. In your host operating system (not in the CentOS guest OS), run a terminal program that will let your create an SSH remote connection: - Run the **PuTTY** program from a Windows host machine, or use a terminal and the `ssh` program from a MacOSX or Linux host O/S. - Review the instructions on how to do a [Remote Login] to the [Course Linux Server], but do *not* use the CLS IP information. - Create and save a new SSH connection **using the CentOS local IP address** that you wrote down in the previous step. - Do *not* use your CLS IP address! Use your CentOS IP address! - When you start your session, make sure you are connecting to your CentOS local IP address, not to the CLS. - You must see the `CentOS release 6.6 (Final)` banner text before you enter your login userid. - If you see the `COURSE LINUX SERVER` banner, **stop**! Do not try to log in as `root` to the CLS; you will be locked out! - Use your terminal program to log in to **your** CentOS IP address (not the CLS) as `root` using your `root` password. - Make sure you see the `CentOS release 6.6 (Final)` banner before you log in with your `root` userid! - If you use **PuTTY**, save your new settings for your CentOS connection. Do not overwrite your CLS settings. - If you are using **bridged** instead of the recommended **NAT** networking, you will have to keep changing the saved CentOS IP address to match the address shown by `ifconfig` in CentOS. If you use **NAT** networking, this shouldn’t be a problem. 2. Once you are logged in to your own CentOS machine, type `who` and see that `root` is logged in once on a VMware system console (`tty1`) and once remotely via an SSH *pseudo-terminal* (`pts/0`). [root@abcd0001 ~]# who root tty1 Nov 2 08:26 root pts/0 Nov 2 08:33 (192.168.244.1) [root@abcd0001 ~]# tty /dev/pts/0 **I recommend using the SSH connection for all sysadmin work (including the rest of this document).** Do not use the crappy VMware console. Note that, unlike using the system console, SSH network connections do not survive across a VM Pause or Suspend. All SSH sessions active when you pause or suspend your VM will be disconnected. **Save and exit your editors that are running over SSH before you suspend.** Install the `man` command ------------------------- This system has manual pages, but no `man` command to view them: [root@abcd0001 ~]# which man /usr/bin/which: no man in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin) [root@abcd0001 ~]# whereis man man: /usr/share/man Use the `yum` install command to fetch information about the `man` package, and then we will install it: 1. As `root` run: `yum info man` - The first time you do this, `yum` will download some package lists before it answers the `info` query. - If `yum` cannot connect to the Internet, see [Network Diagnostics]. - If `yum` seems to hang for a long time, see [Appendix I]. 2. Confirm that `yum` shows `Name : man` under `Available Packages`. - If you see `man` under `Installed Packages`, you have already installed it. 3. Run: `yum install man` and when it asks `Is this ok [y/N]:` answer with `y` (yes) and *Enter*. - The first time you do this, `yum` will also ask you to import a GPG **CentOS 6 Official Signing Key**. Answer with `y` (yes). - Some dependency packages and updates will also be selected for download along with `man`. - The installation will print `Complete!` when it finishes. 4. Make sure `which man` and `whereis man` and `man man` now work: [root@abcd0001 ~]# which man /usr/bin/man [root@abcd0001 ~]# whereis man man: /usr/bin/man /etc/man.config /usr/share/man /usr/share/man/man1/man.1.gz [root@abcd0001 ~]# man man ...etc... Install the `mail` command -------------------------- Servers often need to email status messages to humans. We need to use the `yum` install command to fetch and install an email client program package named `mailx`: 1. As `root` run: `yum info mailx` - The first time you do this, `yum` will download some package lists before it answers the `info` query. - If `yum` cannot connect to the Internet, see [Network Diagnostics]. - If `yum` seems to hang for a long time, see [Appendix I]. 2. Confirm that `yum` shows `Name : mailx` under `Available Packages`. - If you see `mailx` under `Installed Packages`, you have already installed it. 3. Run: `yum install mailx` and when it asks `Is this ok [y/N]:` answer with `y` (yes) and *Enter*. - The first time you do this, `yum` will also ask you to import a GPG **CentOS 6 Official Signing Key**. Answer with `y` (yes). - The installation will print `Complete!` when it finishes. 4. After installation, make sure that `mail -V` (upper case!) prints a version number (the number may differ, depending on which version of CentOS is installed): [root@abcd0001 ~]# mail -V 12.4 7/29/08 The `mailx` package installs some symbolic links so that the command `mail` actually runs the `mailx` program: [root@abcd0001 ~]# ls -l /bin/mail* lrwxrwxrwx. 1 root root 22 Mar 9 22:16 /bin/mail -> /etc/alternatives/mail -rwxr-xr-x. 1 root root 369440 Aug 1 2013 /bin/mailx [root@abcd0001 ~]# ls -l /etc/alternatives/mail lrwxrwxrwx. 1 root root 10 Mar 9 22:16 /etc/alternatives/mail -> /bin/mailx Also `man mail` gives you the same `man` page as `man mailx` (again using more symlinks): [root@abcd0001 ~]# whereis mail mailx mailx: /bin/mail /etc/mail.rc /usr/share/man/man1/mail.1.gz mailx: /bin/mailx /usr/share/man/man1/mailx.1.gz [root@abcd0001 ~]# ls -l /usr/share/man/man1/mail.1.gz lrwxrwxrwx. 1 root root 31 Mar 9 22:16 /usr/share/man/man1/mail.1.gz -> /etc/alternatives/mail-mail-man [root@abcd0001 ~]# ls -l /etc/alternatives/mail-mail-man lrwxrwxrwx. 1 root root 30 Mar 9 22:16 /etc/alternatives/mail-mail-man -> /usr/share/man/man1/mailx.1.gz Install the full version of the `vim` editor -------------------------------------------- Your CentOS **Minimal Installation** comes with a *minimal* (they call it `Small`) version of the `vim` text editor named `vi` that is missing many features and help files: [root@abcd0001 ~]# vi --version | fgrep 'version' Small version without GUI. Features included (+) or not (-): [root@abcd0001 ~]# vimtutor -bash: vimtutor: command not found We want the full version, with help files and tutorials. As `root`, download and install the full (they call it `Huge`) version of `vim` as follows: 1. As `root` run: `yum info vim-enhanced` - The first time you do this, `yum` will download some package lists before it answers the `info` query. - If `yum` cannot connect to the Internet, see [Network Diagnostics]. - If `yum` seems to hang for a long time, see [Appendix I]. 2. Confirm that `yum` shows `Name : vim-enhanced` under `Available Packages`. - If you see `vim-enhanced` under `Installed Packages`, you have already installed it. 3. Run: `yum install vim-enhanced` and when it asks `Is this ok [y/N]:` answer with `y` (yes) and *Enter*. - The first time you do this, `yum` will also ask you to import a GPG **CentOS 6 Official Signing Key**. Answer with `y` (yes). - You will note under **Installing for dependencies** a list of other packages on which the full version of VIM depends. All this software also has to be downloaded and installed with VIM, including the **Perl** interpreter and some libraries. - Downloading all the software will take a minute or two. - The installation will print `Complete!` when it finishes. 4. After successful download and installation, start the newly-installed full version of VIM by typing `vim` (not `vi`) and note that this is the *Huge* version: [root@abcd0001 ~]# vi --version | fgrep 'version' Small version without GUI. Features included (+) or not (-): [root@abcd0001 ~]# vim --version | fgrep 'version' Huge version without GUI. Features included (+) or not (-): [root@abcd0001 ~]# which vimtutor /usr/bin/vimtutor 5. The programs `vi` and `vim` are different in CentOS! - You may find some accounts come with an alias: `alias vi=vim` - In which system directory is the minimal (`Small`) `vi` program found? - In which system directory is full (`Huge`) enhanced `vim` program found? - What system command makes it easy to answer the above two questions? Remove confusing and dangerous `root` aliases --------------------------------------------- CentOS has provided the `root` account with some personal shell aliases that change the behaviour of some important commands and this is a bad idea. Type `alias` and you will see some aliases similar to these: [root@abcd0001 ~]# alias alias cp='cp -i' alias l.='ls -d .* --color=auto' alias ll='ls -l --color=auto' alias ls='ls --color=auto' alias mv='mv -i' alias rm='rm -i' alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde' The aliases for `ls` and `which` are harmless, but the options added in the aliases for `cp`, `mv`, and `rm` change the behaviour of these commands significantly. (What do those options do? RTFM for each command.) On real servers, the `root` account is often shared among several sysadmin, and so you must be very careful what aliases you define in the `root` account. Commands must work exactly as expected, not the way aliases might change them to work. We will remove these dangerous aliases from our `root` account: **Note that the HOME directory for the `root` account is under `/root`, not under `/home` with all the other accounts.** 1. Back up the file `/root/.bashrc` (preserve the modify time) then edit the original file: a. Remove or comment out the alias for `rm`. b. Remove or comment out the alias for `cp`. c. Remove or comment out the alias for `mv`. d. Insert this line at the top (beginning) of the file:\ `[ -z "${PS1-}" ] && return # exit if not interactive` 2. In addition to making the above essential changes, you might also optionally add `unalias -a` to the end of the file to make sure that no misleading aliases are defined for the `root` account. - Add this `unalias` line at the *bottom* (end) of the `.bashrc`, *after* all the existing lines in the file. 3. You might add `alias cp='cp -i -p'` to the bottom of the file, since we use it so often, especially as `root`. - This is a useful and common alias, safe even for a `root` account. 4. Use the `diff` command to compare the back-up file with the new file and make sure only a few lines have changed. 5. Run a loopback SSH network test of `true`, a command that doesn’t generate any output, to make sure the new `.bashrc` doesn’t generate any output or errors: [root@abcd0001 ~]# ssh localhost true CentOS release 6.6 (Final) Kernel \r on an \m root@localhost's password: [root@abcd0001 ~]# Make sure there is no output after you type your `root` password. *(If you don’t see the `CentOS release 6.6 (Final)` login banner, you missed [Setting the SSH login banner], above.)* Keep your own personal aliases in your *own* account and `source` them when you need them as `root`. Do **NOT** put many of your personal aliases into the `root` account itself. Log out of your VM and then log back in. Type `alias` and make sure all the dangerous aliases are gone. Keep the aliases in the `root` account to the bare minimum. Enable shell History -------------------- Shell command line history for is important to a sysadmin. It’s one way of knowing what commands were typed and remembering how to do things without having to look them up again. Although the shell is saving its history upon exit, the history from different shells is not being merged, so history can be lost if you run more than one shell, e.g. multiple windows or multiple logins. Also, history is not being saved until a shell exits, which means you can also lose history if a shell is killed prematurely. We could fix these history issues just for the `root` user, using the `root` `.bashrc` start-up file, but then we would also have to fix it for our own sysadmin account (that we will create later), and for any other accounts we might create. Instead we are going to make changes to the system-wide `bash` shell initialization so that *all* users on the system receive these benefits, not just `root`. The comments at the start of `/etc/profile` suggest that we should create a `custom.sh` file and install it in the `/etc/profile.d` directory: 1. Put these lines into the new file `/etc/profile.d/custom.sh` on your CentOS machine: # keep a lot of shell history in memory and in the history file export HISTSIZE=9000 export HISTFILESIZE=99000 # keep time stamps on each entry export HISTTIMEFORMAT= # update history file after every command (not just on exit) export PROMPT_COMMAND='history -a' # useful history-related bash options: use one-line and append shopt -s cmdhist shopt -s histappend This new file will be sourced by every user when they log in. 2. Run `source /etc/profile.d/custom.sh` to source the new file to set up the history in the current shell. Make sure you see no output and no errors! 3. After sourcing the file, print the changed history variables to confirm: [root@abcd0001 ~]# source /etc/profile.d/custom.sh [root@abcd0001 ~]# printenv | fgrep 'HIST' HISTSIZE=9000 HISTFILESIZE=99000 HISTCONTROL=ignoredups HISTTIMEFORMAT= [root@abcd0001 ~]# echo "$PROMPT_COMMAND" history -a 4. Check that the verification commands you just typed into the shell, above, are appearing at the bottom (end) of the `root` BASH history file, `.bash_history`, in the HOME directory of the `root` account. - Use a command that shows you the last few lines of a text file. - Recall, as mentioned earlier, that the HOME directory of the `root` account is *not* under the usual `/home` directory. 5. Log out. Log back in. Verify that the same history variables have been changed, and that your history file is being updated after every command you type. Enable loopback address for your machine name --------------------------------------------- The file `/etc/hosts` usually contains a local copy of the name of the current machine, paired with the loopback IP address. CentOS is missing this, which means you can’t `ping` your own host name: [root@abcd0001 ~]# echo "$HOSTNAME" abcd0001 [root@abcd0001 ~]# ping "$HOSTNAME" ping: unknown host abcd0001 1. Back up the file `/etc/hosts` then edit the original file and add your machine’s host name by adding the line `127.0.0.2 abcd0001` where *abcd0001* is replaced by *your* machine’s host name (which must be the same name as your Blackboard userid): [root@abcd0001 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.2 abcd0001 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 Use the `diff` command to compare the back-up file with the new file and make sure only the intended lines have changed. 2. Confirm that you can now `ping` your own machine name with zero packet loss: [root@abcd0001 ~]# echo "$HOSTNAME" abcd0001 [root@abcd0001 ~]# ping -c 1 "$HOSTNAME" PING abcd0001 (127.0.0.2) 56(84) bytes of data. 64 bytes from abcd0001 (127.0.0.2): icmp_seq=1 ttl=64 time=0.072 ms --- abcd0001 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.072/0.072/0.072/0.000 ms The name *abcd0001* above must be *your* machine’s name, not `abcd0001`. Your machine name must be the same name as your Blackboard userid. Enable Internet Time using NTP and `ntpd` ----------------------------------------- The system time is not being synchronized with the Internet. We need to use the `yum` install command to fetch and install the Network Time Protocol (NTP) package named `ntp` with its time daemon named `ntpd`: 1. As `root` run: `yum info ntp` - The NTP package is named `ntp`; the NTP daemon is named `ntpd`. - The first time you do this, `yum` will download some package lists before it answers the `info` query. - If `yum` cannot connect to the Internet, see [Network Diagnostics]. - If `yum` seems to hang for a long time, see [Appendix I]. 2. Confirm that `yum` shows `Name : ntp` under `Available Packages`. - If you see `ntp` under `Installed Packages`, you have already installed it. 3. Run: `yum install ntp` and when it asks `Is this ok [y/N]:` answer with `y` (yes) and *Enter*. - The first time you do this, `yum` will also ask you to import a GPG **CentOS 6 Official Signing Key**. Answer with `y` (yes). - The installation will print `Complete!` when it finishes. 4. Back up the file `/etc/ntp.conf` then edit the original file to add the line `tinker panic 0` on its own line just above the `driftfile` line. - Use the `diff` command to compare the back-up file with the new file and make sure only the one line changed. - This line tells the `ntpd` program that it can always change the clock value, no matter how far off it is. Normally the `ntpd` daemon refuses to change a clock value that is more than 1,000 seconds wrong. - This doesn’t always work, and sometimes NTP can’t synchronize your clock inside some versions of VMware or under some host operating systems. Sometimes, installing the VMware Tools package can mitigate this problem; more on that later. 5. Run: `chkconfig --list ntpd` (and note the spelling of the service name `ntpd`). You will see one line indicating that the `ntpd` time daemon is turned **off** in every Run Level. 6. Run: `chkconfig ntpd on` (again note the spelling of `ntpd`). 7. Run: `chkconfig --list ntpd` (again note the spelling of `ntpd`). You will see one line indicating that the `ntpd` time daemon is now turned **on** in Run Levels 2 through 5: [root@abcd0001 ~]# chkconfig --list ntpd ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off 8. Run: `service ntpd start` and you should see one line saying `Starting ntpd: [OK]`. (If you already started `ntpd`, you won’t see the `[OK]`.) 9. Run: `tail /var/log/messages` or `fgrep 'ntpd' /var/log/messages` and confirm that there are several log entries for `ntpd` saying `Listen normally`. If you see errors, fix them and run `service ntpd restart` to restart `ntpd`. 10. If all goes well, `ntpd` starting up will have reset your system clock to the correct time. (Run the `date` command and see.) The log file might say something like `clock_step +14398.864481s` indicating a time change of (for example) 14398 seconds. If nothing happened, try waiting 5–10 minutes and see if the time updates. You can perform the other edits below while you wait for this to happen. Continue reading: 11. Installing NTP doesn’t always work to keep your system time updated, and sometimes NTP can’t synchronize your clock inside some versions of VMware or under some host operating systems. Sometimes, installing the VMware Tools package can mitigate this problem; more on that later. Even with `ntpd` running, the system may take 5-10 minutes to re-synchronize its time after a VM Pause, Suspend, or reboot. (Earlier versions of CentOS were faster at time synchronization.) Servers in the real world are not paused, suspended, or rebooted as often as at school. Installing **VMware Tools** will often help with getting the time right after a VM pause or suspend. **VMware Tools** will be installed in a separate document, later. Disable SELinux --------------- Security Enabled Linux is turned on, which can cause many problems for novice Linux users. On a real server, we would leave it enabled. You will learn SELinux configuration in later Linux courses. 1. Back up the file `/etc/sysconfig/selinux` then edit the original file and change the `SELINUX` variable setting from `SELINUX=enforcing` to `SELINUX=disabled`. - Use the `diff` command to compare the back-up file with the new file and make sure only the one line changed. 2. We won’t check to see that this works until after the next reboot. Disable GRUB Pretty Boot ------------------------ The system boot messages are being hidden by a pretty but unhelpful CentOS graphics “splash” screen. The screen covers up many useful system messages at boot time. As a sysadmin, you *want* to see *all* the boot messages. 1. Make a temporary snapshot of your VM now, in case you make a mistake in the following edit. If you damage lines in this GRUB configuration file, your machine may not boot at all. You’ll have to restore from the snapshot and reconfigure. 2. Back up the file `/boot/grub/grub.conf` then edit the original file: a. Change the value of the `timeout` from `5` to `30`. b. Comment out the `hiddenmenu` line to make the GRUB menu visible on boot. (Insert a single `#` comment character in front of `hiddenmenu` so that it looks like `#hiddenmenu` and will be ignored.) c. Remove the two words `rhgb quiet` from the far right end of the very long `kernel` line to get rid of the silly CentOS animated graphics screen. (Make sure you don’t accidentally break this line into pieces. Keep it one long line.) d. The resulting file should be two words smaller than the back-up file: [root@abcd0001 ~]# wc -lw /boot/grub/grub.conf* 17 82 /boot/grub/grub.conf 17 84 /boot/grub/grub.conf.bak e. Use the `diff` command to compare the back-up file with the new file and make sure only the intended lines have changed. 3. You will know if your edits are accurate at the next reboot, coming up in the next section. If the reboot fails, restore back to your temporary snapshot and try the edit again. 4. If everything is working, you may delete the temporary snapshot you made. Verify Correct CentOS Configuration ----------------------------------- Having made all the above configuration changes, your CentOS configuration must pass all of the following verification steps after you reboot it: 1. Safely shut down and reboot the system using: `shutdown -r now` - If you are using a remote SSH connection, you will be disconnected. - You will see some Linux kernel messages on the VMware console before the machine restarts. - **NEVER** reboot a Linux machine using the VMware Power button! - **ALWAYS** reboot a Linux machine using `shutdown`! - As the machine reboots, open up the VMware system console and verify that you now see the full GRUB boot menu (image below). 2. Verify the new GNU GRUB boot menu (image below): a. The `GNU GRUB` menu should now be visible (not hidden) – see the image below. b. In 30 seconds the menu will time out and boot the highlighted kernel menu entry (usually the first one), or you can push the **Enter** key to boot it immediately. If you don’t see the GRUB menu, you forgot to edit the GRUB configuration file above (or your edits were wrong). Try again. ![CentOS 6 GRUB Menu] 3. After the boot, when the machine is up and running, log in on the console again (or, better, use an `ssh` or **PuTTY** connection to the CentOS local IP address) and log in as the user `root` so you can run some verification commands. 4. Run `alias` and make sure the `root` account has no dangerous aliases. 5. Check that the commands you just typed, above, are appearing at the bottom (end) of the `root` BASH history file and that the history environment variables set in the `root` `.bashrc` are all set in the current shell. 6. Run: `free` and verify that you have a `total` Memory of about 256MB, e.g. approximately `248836KB`. - If you have more than about 256MB, you forgot to change the VMware Memory settings for this VM. Shut CentOS down safely with `shutdown` and fix the VM Hardware Memory settings and reboot. 7. Run the `selinuxenabled` command followed by `echo "$?"` to display the command exit status variable contents. The status must be `1` (indicating failure – SELinux should not be enabled). If you see zero, you forgot to disable `SELINUX` above. Try again. [root@abcd0001 ~]# selinuxenabled ; echo $? 1 8. In file `/etc/sysconfig/clock` verify that the `ZONE` variable is set to a local Ontario city time zone (not New York). 9. Run: `pgrep -l ntpd` and verify that the output is one line (a process number and the word `ntpd`). If you don’t see anything, you forgot to enable NTP above. Try again. 10. Look at the first ten lines of `/etc/ntp.conf` and verify that you find the `tinker panic 0` line you added. 11. Search for the word `ONBOOT` in file `/etc/sysconfig/network-scripts/ifcfg-eth0` and verify that its value is set to `yes`. 12. Run: `ifconfig eth0` and verify that its `inet addr:` has an IP address listed. - If you logged in successfully using an SSH connection, you already know networking is working! 13. Run: `ip route` and verify that you have a `default via` route listed for `dev eth0`. (This default is your gateway IP address.) 14. Examine file `/etc/resolv.conf` and verify that there is at least one`nameserver` line in the file. (It will probably be the same IP as the gateway IP.) 15. Confirm that you can `ping` your own machine name with zero packet loss and that your host name resolves to the IP loopback address `127.0.0.2`: [root@abcd0001 ~]# ping -c 1 "$HOSTNAME" PING abcd0001 (127.0.0.2) 56(84) bytes of data. 64 bytes from abcd0001 (127.0.0.2): icmp_seq=1 ttl=64 time=0.072 ms --- abcd0001 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.072/0.072/0.072/0.000 ms 16. Make sure the `man` command works: `man --version` 17. Make sure the `mail` command is installed: `mail -V` 18. Make sure the full `Huge` version of VIM is installed: `vim --version` 19. Run: `rpm -q -a | wc -l` and verify that you have exactly `220` packages installed. - Do *not* install in this CentoS virtual machine any packages other than those specified in these instructions and your assignments. - Servers have very strict control over which packages are permitted to be installed. Fewer packages means fewer problems. Consult with your instructor if any of the above verification steps fail. Sometimes you can recover a missed configuration step without starting over from scratch. Install VMware Tools -------------------- > These Tools instructions below are for **VMware** users. If you are using > **VirtualBox** virtulalization software, see the section “Install > VirtualBox Guest Additions” in [VirtualBox CentOS Installation Guide > HTML][3]. 1. Make a temporary snapshot of your VM now, in case you make a mistake in the following installation. If you mis-install the VMware tools, un-installing it may be difficult. You’ll have to restore from the snapshot and reconfigure. 2. Follow this link to [**Install VMware Tools**] and confirm that the installation worked. If you have problems or make mistakes, restore back to the temporary snapshot and try again. 3. If everything is working, you may delete the temporary snapshot you made. With the addition of the library needed by VMware Tools, your CentOS VM should have exactly 221 packages installed: $ rpm -q -a | wc -l 221 Creating a System Administrator Account --------------------------------------- In this section you will create your own system administration account on your CentOS VM. This personal account can be customized for you, including your own aliases and shell options (things you should *not* set in the `root` account). All work is done on your CentOS Virtual Machine. > Do not add extensive customization to the `root` account on a system, since > such customization may not suit all `root` users of the system and may > break automated programs that need to become the `root` user. ### Review of key commands used - Remember that a character used in your shell prompt indicates whether or not the current shell is running as the `root` user. For an interactive `root` shell, your shell prompt includes the `#` character that indicates `root` privileges. Ordinary users get the `$` character in the prompt. - The CentOS `useradd` command creates a new account, storing information about the account in the `/etc/passwd` file and about the account groups in the `/etc/group` file. It also can create a HOME directory for the account and places standard start-up files into it. - The `passwd` command sets a password for an account, storing the password in the *shadow* password file named `/etc/shadow`. An account cannot be used until a password has been set. - Recall that `man` pages often list options with both GNU long-form syntax using double dashes, e.g. `--comment`, and old short-form syntax using single dashes, e.g. `-c`, for the same option. The long-form syntax is easier to understand, but the short-form syntax is easier to type. Use whichever syntax you prefer. ### Before creating the sysadmin account 1. Make a temporary snapshot of your VM now, in case you make a mistake in the following installation. If you mis-install the new account, un-installing it may be difficult. You’ll have to restore from the snapshot and restart. 2. If necessary, login to your CentOS Virtual Machine as the `root` user (the only user). (We recommend using an SSH connection to your VM rather than working on the VMware console.) 3. Do the following reading (no typing) in the CentOS `man useradd` manual page: a. Read the **SYNOPSIS** syntax and note where the new **LOGIN** name must always be used on the `useradd` command line. (It’s always the **last** thing on the command line; don’t put it anywhere else!) b. Read about the `--comment` option and following argument used to define your *full name*. The (quoted) full name argument must immediately follow the `--comment` option argument on the command line. See below. c. Read about the Red Hat `--system` *system account* option (`-r`) and how using it will require you to use the `--create-home` option (`-m`) as well. Remember that. - The `uid` field for a *system account* will be less than the value of `UID_MIN` found in the `login.defs` file. Look up the numeric value for `UID_MIN` in the `login.defs` file; you will need that number later. d. Read about the `--create-home` option (`-m`). You must use this when creating your *system account*. e. You will need to use all three of the above options correctly. Do *NOT* place anything between the `--comment` option and the quoted *full name* string that must follow it. ### Create the sysadmin account 4. Following the **SYNOPSIS** syntax given in the `useradd` man page, create a command line to add a new **system account** with the following settings (three options will be needed as well as the new **LOGIN** name): a. **COMMENT**: The comment option must be the exact text used for the fifth field of your own account line in `/etc/passwd` on the CLS: - The fifth field in `/etc/passwd` is called the **GECOS** field or **user’s name or comment** field. - The text you must copy and paste from the CLS and use as a comment field on CentOS is in the form: “*Firstname Lastname - CST1234-14F-NNN*” where *CST1234* is your course number, *Firstname* and *Lastname* are *your* name and *NNN* is your own three-digit lab section number. - **Warning:** Prevent the spaces in this comment field from being seen by the shell! - Copy and paste all this information from your GECOS entry in the CLS password file to be the (quoted) argument immediately following the `--comment` option on the `useradd` command line. b. Use the option to make sure the account is created as a **system account**. (System accounts have no password expiry.) c. Use the option to create the HOME directory at the same time. (This option is required when you create a *system account*.) d. **LOGIN**: Use your eight-character College/Blackboard/CLS username as the name of the new account to be created. As mentioned earlier, pay strict attention to where this userid must appear on the `useradd` command line! 5. After creating your account with `useradd`, verify it: a. Search for the newly created account line in the password file: - Make sure it has the correct **GECOS/comment/name** field that should be a copy of the same field on the CLS. b. Run `id abcd0001` where *abcd0001* is your new account name. - To be a system account, the userid number for the account must be less than `UID_MIN` that you remember from the `login.defs` file, above. Verify that the `uid` and `gid` are less than `UID_MIN`, indicating a system account. c. Make sure the newly created account also has a HOME directory created in the file system. - Note that some default hidden files have been put into the HOME directory, copied from the directory `/etc/skel`. (As system admin, you could put custom files in the `/etc/skel` directory that would be given to all newly created accounts. We don’t do that in this course.) 6. Test your new sysadmin account from your current `root` shell: a. Run the command line `su --login abcd0001` where *abcd0001* is your new account name. - No password will be required when run from `root` - This will start a login subshell with your account privileges. - You should see no error messages. - The `id` command should tell you that you are using your new sysadmin account and groups. - The `pwd` command should show your HOME directory in the usual place. - Fix any errors before you continue. b. Exit the `su` subshell, which will return you to your `root` login shell, with the `#` prompt character. 7. If you didn’t succeed in creating your sysadmin account and HOME directory correctly, with the correct comment (GECOS) and correct `uid` field values, you may restore your snapshot and try again, or delete the account using `userdel -r` and try again. ### Set permissions on the sysadmin account HOME directory 8. After having successfully created your sysadmin account, adjust the permissions of the new account HOME directory, if necessary, as follows: a. Set the permissions (mode) of the new HOME directory for your new account such that: - The owner (that is, you) can do everything - The group can search but not read or write - Other users can do nothing (no permissions) b. You will need a particular option to `ls` to show the permissions of a *directory* instead of the permissions of everything *inside* the directory. ### Set password for sysadmin account 9. Before you can log in, you must (as `root`) set a password for your new sysadmin account, as follows: a. Review the section “Choose a hard-to-guess password” in the CentOS `man passwd`. b. Assign your new sysadmin account a strong password that you can [remember][password that you can remember]. - Make sure you assign the password to the **new** account; do not change your `root` account password. - **Warning:** If you do not type the *username* argument to the password command, you are changing the password of the account that you are signed in with (i.e. the `root` account!). Do **not** change your `root` password! Change the password of your new syadmin non-root account. ### Test the sysadmin account 10. Test your new sysadmin account using a loopback login via `localhost` (see the example commands and output given below): a. Run: `ssh abcd0001@localhost`\ where *abcd0001* is your new account name. b. Say `yes` to accept the new host key, if asked. c. Enter your new sysadmin account password. - If the password doesn’t work, you probably changed the `root` password by mistake in an earlier step. Fix it and try again. d. Upon success, you will be logged in through the network as your sysadmin account through the SSH daemon and the `localhost` loopback connetion. e. The `id` command should tell you that you are using your new sysadmin account and groups. f. The `pwd` command should show your HOME directory in the usual place. g. Type `who` to see who is logged in. Your new account should be there. h. Exit this sysadmin login session to return to your `root` login. (Your prompt should again show the `#` character as `root`.) Sample output for the above commands is given below – your hostname and account name should be **your** userid: [root@abcd0001 ~]# ssh abcd0001@localhost CentOS release 6.6 (Final) Kernel \r on an \m abcd0001@localhost's password: Last login: Sun Nov 2 15:51:40 2014 from localhost [abcd0001@abcd0001 ~]$ id uid=498(abcd0001) gid=498(abcd0001) groups=498(abcd0001) [abcd0001@abcd0001 ~]$ pwd /home/abcd0001 [abcd0001@abcd0001 ~]$ who root pts/0 Nov 2 14:44 (172.16.174.1) abcd0001 pts/1 Nov 2 15:58 (localhost) [abcd0001@abcd0001 ~]$ exit logout Connection to localhost closed. [root@abcd0001 ~]# ### Customize the sysadmin account and clean up 10. Customize your new sysadmin account: a. Log in as your new sysadmin account, either directly or using `su` (as you did above). b. Type `alias` and note that the account has some aliases defined in it, set using system configuration files under `/etc/profile.d`. c. Copy your settings from the CLS and edit your own `.bashrc` to undo aliases that you don’t want and have only the alias, options, and settings that you do want. 11. If everything is working, you may delete the temporary snapshot you made. This concludes the creation of your own personal sysadmin account. Enable `sudo` and the `wheel` group ----------------------------------- Logging in to a machine as `root` is not recommended. Many servers actually disable direct login by the `root` user; you have to log in as the sysadmin user and then use `su` or `sudo` to run `root` commands. You can already use the `su` account to become the `root` user, using the `root` password. We will now enable our sysadmin account to use the `sudo` command by enabling the `wheel` group and adding our account to that group. 1. Make a temporary snapshot of your VM now, in case you make a mistake in the following installation. 2. If necessary, login to your CentOS Virtual Machine as the `root` user. (We recommend using an SSH connection to your VM rather than working on the VMware console.) 3. Enable `sudo` to use the existing `wheel` group, as follows: a. Use a command to search for all lines containing the word `wheel` in the file `/etc/sudoers` and redirect those lines into the new file `/etc/sudoers.d/wheel` b. The new `wheel` file should contain 3 lines, 19 words, 108 characters. Display the file: all three lines are commented out. c. Edit the new `wheel` file and remove the comment and the space that follows it from the second line in the file. The second line should now be: `%wheel ALL=(ALL) ALL` d. Save the file and exit the editor when the second line is correct. e. The edited `wheel` file should contain 3 lines, 18 words, 106 characters: exactly one word less and two characters less than the unedited file. 4. Enable your new sysadmin account to be a member of the `wheel` group, as follows: a. Run this command (as `root`): `gpasswd -a abcd0001 wheel` where *abcd0001* is replaced by *your* sysadmin account userid. b. If it works, you will see: `Adding user abcd0001 to group wheel` c. Search for the group `wheel` line in the system group file `/etc/group` and confirm that your userid is on that line. 5. Test that your sysadmin accound can use `sudo` now: a. As you did earlier to test your sysadmin account, use the same `su` command line and options to start a login subshell running as your sysadmin (non-`root`) account. b. Your prompt in this unprivileged subshell will change from `#` to `$`. c. Confirm that `id` shows your sysadmin uid and gid and that you now have a `wheel` group listed as one of your groups. d. In this subshell, as your sysadmin account (not `root`), type: `sudo id` - You will be prompted for your *own* password (not the `root` password). - Enter your own password (not the `root` password). - The `id` command should be run as the `root` user and show zeroes for the uid and gid. e. Immediately re-run the same `sudo id` command line, and note that you don’t have to type the password this time. The `sudo` command remembers your password for a few minutes so that you don’t have to keep typing it for multiple `sudo` commands. 6. Exit your account subshell and return to the `root` shell. 7. If everything is working, you may delete the temporary snapshot you made. This concludes the enabling of `sudo` for your own personal sysadmin account. > Your sysadmin account can now run any privileged commands as the `root` > user using `sudo`. To enhance the security of the system, we could now > safely disable the `root` account password so that no direct `root` logins > would be possible, but we won’t do that just yet since students often > forget their sysadmin account passwords and need to use the `root` account > to reset them. Update all system packages -------------------------- The system has been installed mostly from the original distribution CD, so it needs to have updates downloaded and installed from the Internet. **We don’t recommend trying to download large software images over wireless. Find a network jack and plug in.** 1. Run: `yum check-update` - It will show a list of packages that need updating. 2. Run (avoid wireless): `yum update` - Say `yes`. - About 14 packages (48MB) will be downloaded and updated as of November 15, 2014. (You may see more.) > If the list of updates installed includes the linux kernel package, you > should safely shut down and reboot the system using: > `shutdown -r now` to install the new kernel. This is only necessary > if you updated the *linux kernel* package. The system updates may mean that you now have one or two more than the original 221 installed packages. Snapshot your Configured Installation ===================================== Make sure your CentOS virtual machine passes the all above verification steps before saving it! 1. To avoid all the resume problems mentioned earlier, you may want to [shut down your machine before taking a major snapshot]. 2. Use VMware (or your virtualization software) to create a power-off Snapshot of your new **Configured Installation** VM. a) Safely shut down and power off your machine, so that you don’t have to save the system memory as part of the snapshot. (*Always use the correct Linux `shutdown` command line, not the VMware power buttons!*) b) Label the Snapshot **Configured Installation** c) Enter a dated comment explaining how you created it and what configuration changes you made (above) from the previous snapshot. Enter one line of comment for every configuration change you made, above. (You can mostly copy-and-paste the Table of Contents of this web page!) 3. Use **VM | Snapshot | Snapshot Manager** to confirm your snapshot. - You will have this snapshot to come back to if you ever need it. 4. You can delete any intermediate snapshots that you don’t need, leaving only the **Fresh Minimal Installation** and the **Configured Installation**. ![CentOS 6 Configuration Snapshot] * * * * * This ends the initial Installation and Configuration of a minimal server-style CentOS system. The next sections explain some important things to know about your new virtual server. * * * * * Suspending and Shutting Down Safely =================================== - **NEVER POWER OFF OR RESET/RESTART YOUR CENTOS VIRTUAL MACHINE VIA VMWARE POWER OFF OR RESET/RESTART!** - Never use the VMware **Power off** or **Reset/Restart** buttons in a virtual machine that you care about! - Never close or kill VMware without first suspending or shutting down all your virtual machines. - Powering off or restarting a virtual machine via the VMware power button can corrupt your disk and lose all your work. You can either *Pause*, *Suspend*, or *Shut Down* (power off) your VM as follows: Pausing ------- The VMware **Pause** button simply stops the virtual machine from using much CPU. It doesn’t save any state or allow you to close VMware; the virtual machine is still fully loaded into host O/S memory. All network and SSH connections will be disconnected when you **Pause** the machine. Save your work before you **Pause**. Suspending ---------- VMware **Suspend** is the fastest way to save your machine state so that you can close VMware or reboot your host O/S. The current state of the machine, including all the system memory, is saved to disk and then the VM is stopped. Most times you will want to suspend your Virtual Machine so that you can resume it quickly where you left off: 1. Save any work you are doing over a remote SSH connection. - All network and SSH connections will be disconnected during a **Suspend**. 2. Go to **VM** and **Power** and choose **Suspend** 3. Wait until VMware fully saves the state of the machine to disk. 4. You may now safely close VMware and then shut down or reboot your host O/S, as needed. 5. You can’t change most VMware settings on a suspended machine, since the machine is still considered “active”. Resuming -------- When you resume your Virtual Machine after a **Suspend**, if you use **bridged** networking, you may need to refresh the network settings for your new network location by running (as `root` or with `sudo`): `service network restart` and your CentOS local IP address may change as a result. Safely Shutting Down (Power Off) -------------------------------- If you need to reconfigure most parts of the VMware Virtual Machine that is running your Linux server, you need to fully shut down the running virtual machine before VMware will let you change the VMware settings. (**Suspending** won’t work, since the machine is still active.) Here’s how to safely shut down any running Linux system, virtual or not: 1. Log in as `root` (or login in as a user and then become `root` or use `sudo`, if you have disabled `root` logins) 2. Save any work you are doing in the virtual machine. 3. As `root` run: `shutdown -h now` - You can also schedule a shutdown at a later time; see the man page. 4. Wait until the Virtual Machine fully shuts down and stops. 5. You may now change VMware settings or safely close VMware, and then shut down or reboot your host O/S, as needed. Safely Rebooting a running system --------------------------------- Again, don’t use the VMware power buttons to reboot a system. Use the Linux commands: 1. Log in as `root` (or login in as a user and then become `root` or use `sudo`, if you have disabled `root` logins) 2. Save any work you are doing in the virtual machine. 3. As `root` run: `shutdown -r now` - You can also schedule a reboot at a later time; see the man page. 4. The system will shut down and then reboot itself. Switching Consoles with `ALT+F2` ================================ Most Linux machines running in multi-user mode (not single-user) allow you to have multiple system consoles active by typing `ALT+F2` (hold down `ALT` and simultaneously push `Function Key 2`) to switch to the second console, `ALT+F3` to the next one, etc. The default, first, console is of course `ALT+F1`. This only works on console terminals, including VMware console terminals, not on remote login sessions. Multiple consoles allow you to multi-task and have multiple “windows” on the system console without all the overhead of a graphical user interface. > When you log out of a server console, make sure you check all the alternate > consoles and log them out, too! Don’t leave an open `root` login session > active when you walk away from the machine console! You can’t do `ALT+F2` inside a **PuTTY** or **SSH** session, but there are programs such as [`tmux`] and [`screen`] that let you do that type of multiple console interface and much, much more. * * * * * Appendix I: What to do if `yum` doesn’t work ============================================ This **Appendix** is only necessary if you find that the `yum` installer hangs or does not work. If `yum` hangs or fails, do these steps until it works: 1. If `^C` (`Ctrl-C`) will not interrupt the hung `yum` command, use `^Z` to `STOP` the `yum` command and then `kill %yum` to kill it. (If that doesn’t kill it, use `kill -9 %yum`) a. Another way to kill a hung `yum` session is to switch to a second console (e.g. `ALT-F2`), log in as `root`, find the process ID of the hung `yum` process, use `kill` to send that process ID a `SIGTERM` or `SIGKILL` termination signal, then switch back to the first console again. 2. Make sure your host operating system is **not** using wireless. Change your host O/S to use a wired connection and **disable your wireless** so that it is not used. (Never use wireless if wires are available!) 3. As `root` type: `service network restart` and try `yum` again. - You can try to `ping` hosts, but Algonquin College blocks most ICMP traffic so it may not work as a diagnostic tool. 4. If `yum` still hangs on the wired network, kill `yum` again (see above) and then try: a. Go to **VM | Settings** and **Hardware** and **Network Adapter** b. Change your networking from **Bridged** to **NAT** or from **NAT** to **Bridged** c. Save the new settings. d. Run: `service network restart` and try `yum` again. When `yum` finally works, you may need to accept a security key: say yes * * * * * Appendix II: Configure the local Time Zone ========================================== Use this section if the system time zone file is not correct for your time zone. 1. Run: `tzselect` and answer the questions to find the correct full name of the **Eastern Time – Ontario** time zone assigned to variable `TZ`. - **Hint:** The name is two words separated by a slash, and has the name `Toronto` in it. - Ignore the advice about your `.profile` file – you are the **sysadmin** of this machine and you are setting the system time zone, not an individual user’s time zone. - Write down the value assigned to the `TZ=` variable. 2. Back up the file `/etc/sysconfig/clock` then edit the original file to change the `ZONE` variable to `ZONE="XXX/YYY"` where *XXX/YYY* is the name of the time zone you just discovered using `tzselect`, above. (The word `Toronto` is in this name.) Include the double quotes around the variable assignment. - Use the `diff` command to compare the back-up file with the edited original file and make sure only *one* line has changed:\ `diff /etc/sysconfig/clock.bak /etc/sysconfig/clock` 3. Run the `tzdata-update` command. This will use the above `ZONE` information to copy the correct time zone information file from under directory `/usr/share/zoneinfo/` to the file `/etc/localtime` * * * * * Appendix III: Renaming Network Interfaces: `eth0`, `eth1` ========================================================= If `ifconfig eth0` says `device not found`, here’s how to fix it. If you have moved, cloned, or copied your CentOS virtual machine to another system, you may find that networking is not using the `eth0` interface but is using `eth1` (or some other name) instead. 1. Find out what your current interface name is, using one of these: a. `ip link list` - Look for the highest numbered `eth?` b. `netstat -ia` - Look for the highest numbered `eth?` c. `dmesg | fgrep 'eth'` - Look for `renamed network interface eth0 to eth?` d. `fgrep 'renamed' /var/log/messages` - Look for `renamed network interface eth0 to eth?` Usually the new interface name will be `eth1`, but it could be a larger number such as `eth2`, etc. In the examples below, we will assume `eth1` is the new interface, but you should use the actual number found in the above step. Look at the text file `/etc/udev/rules.d/70-persistent-net.rules` This file remembers the interface names and their MAC addresses. Your new copy/clone/moved VM has a new MAC address for its ethernet interface, so CentOS gave it a new interface name `eth1` instead of using `eth0`. Your job is to delete the old `eth0` interface line and change the name of the line with the new MAC address to be `eth0` from its current `eth1`: 2. Back up the file `/etc/udev/rules.d/70-persistent-net.rules` 3. Edit `/etc/udev/rules.d/70-persistent-net.rules` as follows: a. Delete the old PCI device line containing `NAME="eth0"` b. Edit the line containing the new MAC address and `NAME="eth1"` and change the new `eth1` to be the old `eth0` c. Write down the new MAC address from the `ATTR(address)==` field. 4. Back up the file `/etc/sysconfig/network-scripts/ifcfg-eth0` 5. Edit `/etc/sysconfig/network-scripts/ifcfg-eth0` as follows: a. On the `HWADDR` line replace the old MAC address with the new one. b. (You might also simply delete or comment-out the `HWADDR` line so that future MAC address changes don’t cause more failure.) 6. Safely shut down and reboot your machine. Networking should be configured normally using `eth0` again. - If `ifconfig eth0` still says `Device not found`, you renamed the wrong interface name. Go back and try again. Appendix IV: VMware bugs ======================== There are several critical Windows VMware bugs that trigger when installing Linux. Many seem related to using VMware on an AMD processor instead of an Intel processor, or using VMware on a base O/S that is not plain Windows 7 or 8. Some suggested fixes are listed below. > The mobile device requirements for the CST program specify that you must > have Intel hardware and run Windows 7 or 8 as a base operating system. > Students running other hardware or software are responsible for fixing > their own problems. Problems related to using the wrong hardware and > software aren’t usually accepted as reasons for assignment extensions, but > if you encounter any of these bugs, please contact your professor for a > possible extension to your CentOS assignments. 1. Your VM says “not enough memory” when you try to run it. VMware says to read this: 2. When you boot Linux you see `detecting hardware` followed by a long pause and then `BUG: soft lockup - CPU#0 stuck`. This has been seen on AMD hardware. See below for possible solutions. 3. When you boot Linux you see `lo: Disabled Privacy Extensions` followed by a long pause followed by a kernel traceback related to `ipv6` networking. Sometimes changing networks (moving to a different room) or rebooting Windows fixes the problem. This has been seen on AMD hardware. See below for possible solutions. 4. When you try to restart your `sshd` service, it fails. If you run `ssh-keygen -t rsa -f /tmp/junk` it fails with `rsa_generate_private_key: key generation failed`. This was seen in Centos 6.6 in VMware 8 on Windows 8 with an AMD processor. See below for possible solutions. 5. You see `software virtualization is incompatible with long mode on this platform` when you start your VM. Is this only on AMD hardware? See below for possible solutions. Possible Solutions ------------------ Students with hardware or software that don’t meet CST program requirements are responsible for fixing their own problems. The correct solution to avoid these bugs is to run the required CST program Intel hardware and Windows 7 or 8 base O/S. Failing that, these fixes below have worked for some students: - Install the free Oracle **VirtualBox** and use that to install Linux. - CST student Joshua Caseley has written a [VirtualBox CentOS Installation Guide HTML]. - Joshua tested this on seven different systems using both Intel and AMD processes and all of them work. - **Remember to set up SSH port forwarding to allow SSH in.** - Downgrade VMware and use an earlier version of VMware than version 10. - One student using AMD said only Workstation 8 would work, not 9 or 10. - Note that earlier versions of VMware will not open VMware 10 virtual machines created with VMware 10 machine formats (the default for VMware Workstation 10). - Try running VMware, perhaps an older version, inside an existing Windows VM and then running CentOS inside that. - Yes, you would be running Windows running VMware running Windows running VMware running CentOS. - Use the workstations on the second floor of T building to do your CentOS assignments. Keep your CentOS virtual machines on a portable external disk drive. * * * * * Appendix X: Document Revision History ===================================== - Fall 2013 – original document. - Fall 2014 – Convert to CentOS 6.6; major updates: added run yum update, sysadmin account and sudo, SSH banner, history, CLS download, VMware bugs, etc. * * * * * -- | Ian! D. Allen - idallen@idallen.ca - Ottawa, Ontario, Canada | Home Page: http://idallen.com/ Contact Improv: http://contactimprov.ca/ | College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/ | Defend digital freedom: http://eff.org/ and have fun: http://fools.ca/ [Plain Text] - plain text version of this page in [Pandoc Markdown] format [www.idallen.com]: http://www.idallen.com/ [VirtualBox CentOS Installation Guide HTML]: 000_centos_virtualbox_install.html [CentOS MinimalCD 6.5 Release Notes]: http://wiki.centos.org/Manuals/ReleaseNotes/CentOSMinimalCD6.5 [CentOS]: http://www.centos.org/ [Ubuntu]: http://ubuntu.com/ [Mint]: http://www.linuxmint.com/ [Create an Empty Virtual Machine]: #create-an-empty-virtual-machine-in-vmware [`CentOS-6.6-i386-minimal.iso`]: http://cstech/repo/linux/CentOS/CentOS-6.6-i386-minimal/CentOS-6.6-i386-minimal.iso [`CentOS-6.6-i386-minimal-MD5sum.txt`]: http://cstech/repo/linux/CentOS/CentOS-6.6-i386-minimal/CentOS-6.6-i386-minimal-MD5sum.txt [Course Linux Server]: 070_course_linux_server.html [1]: http://cst8207-alg.idallen.ca/distributions/CentOS-6.6-i386-minimal.iso [`md5sum.txt`]: http://cst8207-alg.idallen.ca/distributions/md5sum.txt [**HashTab**]: http://implbits.com/products/hashtab/ [**Cygwin**]: http://cygwin.com/ [CentOS 6 Welcome]: data/centos6_welcome.jpg "CentOS 6 Welcome" [CentOS 6 Disc Found]: data/centos6_discfound.jpg "CentOS 6 Disc Found" [CentOS 6 Splash Screen]: data/centos6_splash.jpg "CentOS 6 Splash Screen" [password that you can remember]: http://xkcd.com/936/ [CentOS 6 Partitions]: data/centos6_partitions.jpg "CentOS 6 Partitions" [CentOS 6 Install Packages]: data/centos6_install_packages.jpg "CentOS 6 Install Packages" [Appendix II]: #appendix-ii-configure-the-local-time-zone [Appendix III]: #appendix-iii-renaming-network-interfaces-eth0-eth1 [Network Diagnostics]: 000_network_diagnostics.html [2]: 000_centos_virtualbox_install.html#using-ssh-to-connect-to-your-virtualbox-vm [Remote Login]: 110_remote_login.html [Appendix I]: #appendix-i-what-to-do-if-yum-doesnt-work [Setting the SSH login banner]: #setting-the-ssh-login-banner [CentOS 6 GRUB Menu]: data/centos6_grub_menu.jpg "CentOS 6 GRUB Menu" [3]: 000_centos_virtualbox_install.html#install-virtualbox-guest-additions [**Install VMware Tools**]: 000_centos_vmware_tools.html [shut down your machine before taking a major snapshot]: #problems-with-snapshots-of-running-systems [CentOS 6 Configuration Snapshot]: data/centos6_configsnap.jpg "CentOS 6 Configuration Snapshot" [`tmux`]: http://www.techrepublic.com/blog/linux-and-open-source/is-tmux-the-gnu-screen-killer/ [`screen`]: http://www.rackaid.com/resources/linux-screen-tutorial-and-how-to/ [Plain Text]: 000_centos_install.txt [Pandoc Markdown]: http://johnmacfarlane.net/pandoc/