% CST8207 - CentOS Download, Installation, and Configuration % Ian! D. Allen - - [www.idallen.com] % Fall 2013 - September to December 2013 - Updated Fri Nov 29 00:58:59 EST 2013 Overview for CentOS Installation ================================ - You will create a VMware Workstation Virtual Machine running a minimal server-style installation of CentOS 6.4 (\~300MB minimal installation, no GUI) using the instructions below. This is *not* a Desktop system. - Installing and configuring a server (not Desktop) CentOS operating system requires significant Linux expertise. You may not initially know the meaning of all the instructions you must follow, below. By the end of the course, you will know what everything means. - VMware Workstation will try to guide you into an “Easy” or automatic install; you must *not* do an Easy/automatic install. - Failure to follow these instructions exactly may lead to future penalties. > If you want to play with an easy-install desktop version of Linux, don’t do > it using the system you will install in this document. This document > installs a *server* system, not a *Desktop* system. A Desktop system should > be something graphical and desktop-friendly such as [Ubuntu] or [Mint]. > You can’t use the CentOS system in this document as a Desktop system. This > document is configuring a minimal, non-GUI, **server** version of Linux. Using Other Virtualization Software ----------------------------------- You can use any virtualization software you like to create and run this server-style CentOS virtual machine, e.g. VirtualBox, Parallels, etc., but faculty only fully support questions about **VMware** (and maybe **VirtualBox**). It’s what we know. It isn’t the virtualization software that’s important; it’s the running CentOS virtual machine. Download `CentOS-6.4-i386-minimal.iso` ====================================== > You can start this ISO download process and wait for it to finish while you > move on to the next step to [Create an Empty Virtual Machine] In this section, you will download the `CentOS-6.4-i386-minimal.iso` to your machine. It **must** be the `CentOS-6.4-i386-minimal.iso`, no other version is acceptable for this server. You can get the `CentOS-6.4-i386-minimal.iso` image from one of the following places. We recommend that you choose the first one if you are on campus; it’s the fastest one. Download Method 1: From the CSTECH Downloads Folder --------------------------------------------------- This method only works on the Algonquin campus. **Use a wired connection to download big files such as ISO images; don’t use wireless!** 1. On your laptop use a browser to go to the Web site on campus. 2. Choose any room from the left side-bar (e.g. T114). Go to **Drivers and Downloads**, **Linux**, **CentOS**, [**CentOS-6.4-i386-minimal**]. 3. Choose exactly this 315508736-byte ISO file: `CentOS-6.4-i386-minimal.iso` 4. Also download the [`CentOS-6.4-i386-minimal-md5.txt`] file containing the *md5sum* file checksum hash. Download Method 2: From the Internet (slow) ------------------------------------------- This is slower than the above methods. Use it only if you have to: 1. On your laptop use a browser to go to the Web site . 2. Go to Downloads, Mirrors, Mirror List. 3. Pick an HTTP mirror and find the `CentOS-6.4-i386-minimal.iso` to download: 4. Choose exactly this 315508736-byte ISO file: `CentOS-6.4-i386-minimal.iso` 5. Also download the `md5sum.txt` file containing the *md5sum* file checksum hashes. Verify the Downloaded ISO ------------------------- To verify the downloaded ISO, you can get a copy of the checksum file from the same Linux CentOS folder where you found the ISO image. 1. Verify that you have the exact ISO file named `CentOS-6.4-i386-minimal.iso` that is 315,508,736 bytes (301MB). 2. To verify the download, you will need some form of checksum program that runs on your local computer that can calculate **md5** or **sha** hashes. Unix/Linux/OSX machines already have the `md5sum` command available; you don’t need to download anything; read the `man` page or just run `md5sum` followed by the ISO image name. For Windows users, one suggestion to use (thanks Richard!) is [**HashTab**]: a. Windows only: Download and install [**HashTab**] for Windows. (Unix/Linux/OSX users don’t need this program.) b. Copy the desired checksum hash to the clipboard (e.g. from the `md5sum.txt` file). c. Right click in the file you wish to verify, i.e. select your ISO image `CentOS-6.4-i386-minimal.iso` d. Click **Properties** and then **file hashes**. - It will compare the hashes to the one(s) in your clipboard. - MD5 and SHA-1 are the defaults, but it can be customized to include others. 3. Verify the checksum hash of the ISO file against the checksum hash recorded in any of the checksum files located in the same folder. (For example, open `md5sum.txt` and locate the checksum for your ISO file and compare it with the checksum of the ISO file you downloaded.) > Sysadmin Tip: You can install the free [**Cygwin**] package on your own > Windows laptop to get BASH and all the Unix tools for Windows, including > `md5sum`, `find`, etc. MacOSX users already have most of the tools > installed and available in any **Terminal** window. Create an Empty Virtual Machine in VMware ========================================= These detailed instructions are for **VMware**. You may use any other virtualization software you like (e.g. **VirtualBox**), but you’re on your own if things go wrong. In this section, you will create an empty Linux **32bit** CentOS-compatible Virtual Machine with no operating system installed. You can do this while you are waiting for your CentOS minimal `CentOS-6.4-i386-minimal.iso` to download. **Do *not* let VMware use “Easy Install”!** 1. Start VMware on your machine. Any version of VMware since Version 8 should work. 2. Choose **Create a New Virtual Machine** or **File | New Virtual Machine**. 3. **Welcome to the New Virtual Machine Wizard:** Choose **Typical (recommended)**. - **Typical** asks fewer questions than the full **Custom** install 4. **Guest Operating System Installation:** Select: **I will install the operating system later** - Do *not* let VMware use “Easy Install”! - *Do **not** let VMware use “Easy Install”!* - **Do *not* let VMware use “Easy Install”!** 5. **Select a Guest Operating System:** Select: **Linux**, Version **CentOS** - **Do *not* choose 64 bit!** - If the installation is asking you to create a userid for this step, then you need to start over: **Do *not* let VMware use “Easy Install”!** 6. **Name the Virtual Machine:** Use the name `CST8207-13F-CentOS-6.4` (no spaces) - You may want to change the **Location** if you keep your VMware images in a different folder on your host machine, otherwise leave **Location** unchanged. - You can invent your own name, if you prefer. 7. **Specify Disk Capacity:** Enter **2** GB (actually type the number `2` into the box) - If asked, say: **Store virtual disk as a single file (Monolithic)** Under the **Ready to Create Virtual Machine** screen, confirm these important settings: Operating System: CentOS Hard Disk: 2 GB, Monolithic Memory: 1024 MB 8. Finish. You will see **Virtual Machine Created**. 9. Close the New Virtual Machine Wizard. 10. In the VMware **VM | Settings | Hardware** page for this virtual machine: a. Select the **Sound Card** and un-check everything. b. Select the **USB Controller** and un-check everything. c. Select **Save** or **OK**. To confirm your settings: In VMware, select menu **VM | Settings** to open **Virtual Machine Settings** and look under the **Hardware** tab to confirm: Memory: 1024 MB (or 1GB) Processors: 1 Hard Disk: 2GB In the same **VM | Settings** window (“**Virtual Machine Settings**”), go to the **Options | General** tab and confirm: Guest Operating System: Linux Version: CentOS If you don’t see the above settings, delete this virtual machine and start over. Install The Operating System ============================ After you have downloaded and verified the checksum of the ISO file `CentOS-6.4-i386-minimal.iso`, you can next follow these instructions below to install this minimal CentOS ISO image into your empty CentOS virtual machine that you just created above. 1. The installation software requires more memory than the running CentOS server. If you are installing or re-installing your system, set your VM Memory to **1024MB** (1 GB) before you continue. 2. Connect your downloaded and checksum-verified `CentOS-6.4-i386-minimal.iso` ISO to your VMware virtual CD/DVD drive using the **VM | Settings**, **Hardware | CD/DVD** device page: a. On the CD/DVD device page, select radio button **Use ISO image:** and browse to the location of your downloaded CentOS ISO file and select it and **Open** it. b. On the CD/DVD device page, under **Device Status** check **Connect at power on**. c. Select **Save** or **OK**. 3. With the downloaded CentOS ISO connected to the CD/DVD of your virtual machine, in your VMware Workstation screen select **Power on this Virtual Machine** or **Start up this guest operating system**. You should see a blue CentOS 6 screen with the title “Welcome to CentOS 6.4!” and five menu entries: ![CentOS 6 Welcome] 4. Put aside your mouse for the moment – the next few configuration steps must be done using the keyboard: a. The first menu entry **Install or upgrade an existing system** is the one that will be chosen as the “Automatic boot” when the 60-second time-out expires. You can use the keyboard **Up/Down** arrow keys to move the cursor up and down to stop the time-out or choose some other menu entry. b. Use the arrow keys to choose the first menu entry **Install or upgrade an existing system** and push **Enter**. (This will happen automatically when the 60-second time-out occurs.) 5. You will see a text screen titled “Welcome to CentOS for i386” containing a box titled “Disc Found” and asking you if you want to test the media. a. In “Disc Found” use the Space bar to select the OK choice. You will see another box titled “Media Check”. b. In “Media Check” use the Space bar to select “Test”. The result must be “Success” or else your ISO file is corrupt and needs to be removed and downloaded again. c. In “Success” use Space to select “OK”. You will see a box saying “Media ejected”. (This is dumb. Now we have to reconnect the ISO file!) d. Release your cursor from the virtual machine and go back to the VMware **VM | Settings**, **Hardware | CD/DVD** device page: i. Under the CD/DVD **Device Status** section check **Connected**. ii. Select **Save** or **OK**. iii. Go back to your CentOS virtual machine console. iv. (You can also connect the CD using right-click on the CD/DVD icon in the bottom right and select “Connect”.) e. In “Media ejected” use Space to select OK. You will see another “Media Check” box asking you about testing additional media. Make sure the ISO file is connected to your CD/DVD before you continue from this step. f. In this “Media Check” box, use the TAB key to select “Continue” and then the Space bar to activate Continue. It should say “Media detected” and “Found local installation media” and then you should see a graphical CentOS 6 screen with a “Next” button on it (see below). a. If it says “**Error**” and it can’t find the CentOS installation disc, you forgot to reconnect the ISO file to your CD/DVD device, above. Connect the ISO and try again. b. If you only see a blue/gray text screen saying “**Welcome to CentOS!**”, you forgot to increase the Memory to 1024MB for the installation. Power off, do that, and try again. ![CentOS 6 Splash Screen] 6. On the CentOS 6 page, the mouse is working again. Use it or Space to select the Next button. You should see a “What language” page. 7. On the “What language” page use the default English selection. (You may be tempted to chose your own non-English language, but if you do so your Instructor will not be able to help you with any problems. Always use the default English language.) Select Next. 8. On the “Select the appropriate keyboard” page use the default “U.S. English” keyboard. Select Next. 9. On the “What type of devices” page use the default “Basic Storage Devices”. Select Next. 10. On the “Storage Device Warning” page select “Yes, discard any data”. (If you are re-installing your system, you will instead see here an “At least one existing installation” page that asks you to either overwrite or upgrade your existing installation. Choose appropriately.) 11. On the “Please name this computer” page: a. For **Hostname:** enter your eight-character Algonquin Blackboard userid (all lower-case). Select Next. 12. On the “Please select the nearest city” page: a. Turn *off* “System clock uses UTC”. Un-check this box. b. Select Next. 13. On the “The root account” page enter (twice) a `root` account [password that you can remember]. Keep it simple – this is a low-security student course machine and not a high-security bank! Select Next. 14. On the “Which type of installation” page select “Create Custom Layout”. We are going to use a simple two-partition system instead of the default (and more complex) Logical Volume Manager layout. Select Next. 15. On the “Please Select A Device” page click on the “Free” line then click on “Create”. (If you are re-installing your system, you will first need to select each existing partition and Delete it to make the free space.) a. On the “Create Storage” page use the default “Standard Partition” then click on “Create”. b. On the “Add Partition” page: i. Use the drop-down list for “Mount Point:” and select `/` (the ROOT). ii. Leave the “File System Type” as `ext4`. iii. Type `1500` into the “Size (MB)” box. iv. Check “Force to be a primary partition” v. Select “OK”. c. You should now have a ROOT (`/`) partition of type `ext4` on `sda1`. Delete this partition and start over if this is not true. 16. On the “Please Select A Device” page click on the “Free” line then click on “Create”. a. On the “Create Storage” page use the default “Standard Partition” then click on “Create”. b. On the “Add Partition” page: i. Ignore the Mount Point. ii. Change the “File System Type” to `swap`. iii. Ignore the “Size (MB)” box. iv. Check “Fill to maximum allowable size” v. Check “Force to be a primary partition” vi. Select “OK”. c. You should now have a swap partition on `sda2`. Delete this partition and start over if this is not true. 17. On the “Please Select A Device” page click on “Next”. 18. On the “Format Warnings” page click “Format”. This completely wipes your Linux virtual disk, not your host machine’s disk. 19. On the “Writing storage configuration to disk” page click “Write changes to disk”. 20. On the “Install boot loader page” page leave the default setting checked (“Install boot loader on `/dev/sda`”) and click “Next”. 21. You should see a progress bar saying “Packages completed” as exactly 198 CentOS packages are installed into the system. (If the number is not exactly 198, you are using the wrong ISO image.) The installation will take a few minutes. ![CentOS 6 Install Packages] 22. On the “Congratulations, your CentOS installation is complete” page select “Reboot”. 23. The system should reboot into a black login screen with the banner `CentOS release 6.4 (Final)` and a login prompt preceded by the hostname of the machine, similar to this: CentOS release 6.4 (Final) Kernel 2.6.32-358.el6.i686 on an i686 abcd0001 login: The machine name in front of the `login:` prompt should be your own Blackboard userid, not `abcd0001`. Verify Correct CentOS Installation ---------------------------------- Log in on the console as the user `root` with the password that you remembered from the above installation and run the following verification commands. Your CentOS installation must pass all of the following verification steps: 1. Run: `hostname` and verify that it prints your eight-character Blackboard userid as the machine name. 2. In file `/etc/sysconfig/network` verify that the `NETWORKING` variable is set to `yes` and the `HOSTNAME` variable is set to your Blackboard userid. 3. Run: `fdisk -clu` and verify that your Disk `/dev/sda` is `2147 MB` and that the disk partitions `/dev/sda1` and `/dev/sda2` have `1,536,000` and `560,128` blocks (a block is 1024 bytes). It should look almost exactly like the following, except your machine name and `Disk identifier` number will differ: [root@abcd0001 ~]# fdisk -clu Disk /dev/sda: 2147 MB, 2147483648 bytes 255 heads, 63 sectors/track, 261 cylinders, total 4194304 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System /dev/sda1 * 2048 3074047 1536000 83 Linux /dev/sda2 3074048 4194303 560128 82 Linux swap / Solaris 4. Run: `rpm -q -a | wc` and verify that you have exactly `198` packages installed. 5. Run: `df -h` and verify that your `/dev/sda1` virtual disk partition mounted on `/` (the ROOT) has a **Size** of `1.5G` (ignore the other sizes – they may differ slightly): [root@abcd0001 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 1.5G 602M 800M 43% / tmpfs 122M 0 122M 0% /dev/shm 6. Run: `swapon -s` and verify that partition `/dev/sda2` is listed as an active swap partition: [root@abcd0001 ~]# swapon -s Filename Type Size Used Priority /dev/sda2 partition 560120 0 -1 You may need to delete this virtual machine and re-install if any of the above numbers or verification steps are wrong – consult with your instructor. Networking is not enabled on this server yet. It is a good idea to configure your system a bit before enabling networking, so we will enable networking later. Snapshot your Fresh Installation -------------------------------- Make sure your CentOS virtual machine passes the all above verify steps before saving it! 1. Shut down your CentOS machine by typing: `shutdown -h now` - **NEVER** power off a Linux machine using the VMware Power button! - **ALWAYS** power off a Linux machine using `shutdown` or `halt`. 2. In the VMware **VM | Settings | Hardware** page for this virtual machine: a. Change the **Memory** from `1024MB` down to `256MB`. - You will need to put Memory back up to 1024MB if you need to re-install the system from CD. - Keeping system memory small (e.g. 256MB) makes snapshots of running systems faster. b. Select the **Sound Card** and un-check everything. (You should have already done this when creating the VM.) c. Select the **USB Controller** and un-check everything. (You should have already done this.) d. Select **Save** or **OK**. 3. Use VMware (or your virtualization software) to create a Snapshot of your new VM. Label the Snapshot **Fresh Minimal Installation** and enter a dated comment explaining how you created it and what installation parameters you used: a. Minimal ISO: `CentOS-6.4-i386-minimal.iso` b. Memory `256MB` c. Disk `2GB` d. Hostname `abcd0001` (should be your Blackboard userid) e. 198 packages f. no network at boot time 4. Use **VM | Snapshot | Snapshot Manager** to confirm your snapshot. - You will have this snapshot to come back to if you ever need it. Problems with Snapshots of Running Systems ------------------------------------------ A snapshot of a running (not fully shut down) system is quick to resume if you ever need to go back to it, but a running snapshot has some potentially serious problems: 1. Snapshots take more space if you take them when the machine is running, since the snapshot has to save all the system memory. Snapshots are smaller if you take them of a system that is powered off. 2. Often you need to restore a snapshot and also make some **VM | Settings** changes. If you snapshot a running system, then you have to shut it down every time you restore it when you want to make **VM | Settings** changes. Better to create the snapshot of the powered-off system. 3. A snapshot of a running system can only safely be resumed (restarted) on the system that created it, or a system running a similar CPU type. You cannot safely back-up the running snapshot files onto a different CPU type and resume it there. A snapshot of a running system may be useless if you try to restart it on a different computer, such as might happen if your laptop computer fails and you need to borrow another. When possible, make your important snapshots of virtual machines that are actually powered off. Configure CentOS ================ This configuration section assumes you are starting your configuration from the **Fresh Minimal Installation** snapshot from the previous section. Before you begin, you need to understand some terms. (These few points are not action items; they are for your information.) Make note of these things: A. When it says “*back up a file*” below, it means copy the file, preserving time and owner information, into the *same* directory with a `.bak` suffix on the file name, for example: $ cp -p /foo/bar /foo/bar.bak $ cp -p /some/path/name/file /some/path/name/file.bak You may find this shell alias useful: `alias cp='cp -p -i'`\ but remember that aliases are not saved when the shell exits. Remember to edit the *original* file, not the back-up file. B. When it says “*edit a file*” below, it usually means use the `vi` (not `vim`) text editor, because that’s the only editor there is. Every Unix/Linux system has `vi` installed. (Servers, including this one, don’t by default install the dumb `nano` editor.) - If you haven’t learned how to use a `vi` editor, you won’t be able to do the editing work below until after you have learned how to install the dumb `nano` editor. (And you won’t be able to install the dumb `nano` editor until your machine can connect to the Internet.) Isn’t it about time you learned some `vi`? C. When it says “*comment out*” something below, it means insert a comment character (usually `#`) at the very start of the line, e.g. change `hiddenmenu` to `#hiddenmenu` or change `alias rm='rm -i'` to `#alias rm='rm -i'`. The comment character turns the whole line into a *comment* – something that the program reading the file will ignore. Make the configuration changes below to your **Fresh Minimal Installation** machine. Remember to preserve modification times on all files copied! If you have network connection problems below see [Network Diagnostics]. Boot the Fresh Minimal Installation snapshot -------------------------------------------- 1. Boot your **Fresh Minimal Installation** snapshot from the previous section. 2. Log in as the `root` user. Enable networking ----------------- Networking is not yet enabled on boot. Enable it, so that you can connect to your CentOS system using a proper SSH connection instead of using the limited VMware system console: 1. Back up the file `/etc/sysconfig/network-scripts/ifcfg-eth0` then edit the original file and change the `ONBOOT` variable setting from `ONBOOT=no` to `ONBOOT=yes`. (Always edit the original file, not the back-up file!) 2. Run: `service network restart` - You should now see two lines for `eth0`:\ `Bringing up interface eth0:` and\ `Determining IP information for eth0... done. [OK]` - If you have network connection problems see [Network Diagnostics]. 3. Confirm that you have a working IP address on `eth0`: a. Run: `ifconfig eth0 | fgrep 'inet addr'` and see one line of output containing your system IP address (your `inet addr`). **Write down this local IP address; you will need it shortly.** b. Run: `ip route | fgrep 'default'` and see one line of output containing your default gateway IP address. c. Run: `ping -c 1` *X.X.X.X* where *X.X.X.X* is your default gateway IP address. (This may not work if you are using Bridged networking on-campus at Algonquin College because the ITS department blocks `ping`.) Sample output for the above commands is given below – your hostname and CentOS IP addresses (write it down) will differ: [root@abcd0001 ~]# fgrep 'ONBOOT' /etc/sysconfig/network-scripts/ifcfg-eth0 ONBOOT=yes [root@abcd0001 ~]# service network restart Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Determining IP information for eth0... done. [ OK ] [root@abcd0001 ~]# ifconfig eth0 | fgrep 'inet addr' inet addr:192.168.9.141 Bcast:192.168.9.255 Mask:255.255.255.0 [root@abcd0001 ~]# ip route | fgrep 'default' default via 192.168.9.254 dev eth0 [root@abcd0001 ~]# ping -c 1 192.168.9.254 PING 192.168.9.254 (192.168.9.254) 56(84) bytes of data. 64 bytes from 192.168.9.254: icmp_seq=1 ttl=64 time=1.78 ms --- 192.168.9.254 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 2ms rtt min/avg/max/mdev = 1.780/1.780/1.780/0.000 ms Make sure the `ping` shows `0% packet loss` (unless you are at Algonquin College, using Bridged networking, and `ping` is being blocked by ITS, sorry). Did you write down your CentOS IP address? Use an SSH connection instead of the console -------------------------------------------- 1. In your host operating system (not in CentOS), create an SSH remote connection to the CentOS IP address for your machine that you wrote down in the previous step. (This IP address was listed beside the output for `inet addr` for `eth0`.) - Connect using **PuTTY** on Windows, or `ssh` on Macintosh or Linux. - Log in to your own machine (not the CLS) as `root` with your `root` password. - Do not try to log in as `root` to the CLS! The CLS will lock out your IP address! Log in to **your** machine using **your** IP address! 2. Once you are logged in to your own CentOS machine, type `who` and see that `root` is logged in once on a VMware system console (`tty1`) and once remotely via an SSH *pseudo-terminal* (`pts/0`). [root@abcd0001 ~]# who root tty1 Oct 15 23:26 root pts/0 Oct 16 01:22 (192.168.244.128) [root@abcd0001 ~]# tty /dev/pts/0 You may find it easier to use and configure your CentOS system using an SSH terminal connection that you can resize and in which you can use copy/paste instead of the fixed-size VMware CentOS console that you cannot resize or use copy/paste. **I recommend using the SSH connection for all sysadmin work (including the rest of this document). Do not use the crappy VMware console. Note that, unlike using the system console, SSH network connections do not survive across a VM Suspend and Restore. All SSH sessions active when you suspend your VM will be disconnected.** Remove confusing and dangerous `root` aliases --------------------------------------------- CentOS has provided the `root` account with some personal shell aliases that change the behaviour of some important commands and this is a bad idea. Type `alias` and you will see some aliases similar to these: [root@abcd0001 ~]# alias alias cp='cp -i' alias l.='ls -d .* --color=auto' alias ll='ls -l --color=auto' alias ls='ls --color=auto' alias mv='mv -i' alias rm='rm -i' alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde' The aliases for `ls` and `which` are harmless, but the options added in the aliases for `cp`, `mv`, and `rm` change the behaviour of these commands significantly. (How? RTFM for each command, but not on CentOS because the system has no manual pages installed!) On real servers, the `root` account is often shared among several sysadmin, and so you must *not* define your own personal aliases in the `root` account. Commands must work exactly as expected, not the way aliases might change them to work. We will remove these dangerous aliases from our `root` account: 1. Back up the file `/root/.bashrc` then edit the original file: a. Remove or comment out the alias for `rm`. b. Remove or comment out the alias for `cp`. c. Remove or comment out the alias for `mv`. 2. In addition to making the above essential changes, you might also optionally add `unalias -a` to make sure that no misleading aliases are defined for the `root` account. - Add this `unalias` line at the *bottom* (end) of the `.bashrc`, *after* all the existing lines in the file. Keep your own personal aliases in your own account and `source` them when you need them. Do **NOT** put personal aliases into the `root` account itself. (Review [Aliases for Sysadmin].) Enable shell History -------------------- Shell history for `root` is important to a sysadmin. It’s one way of knowing what commands were typed as `root`. Although the shell is saving its history upon exit, the history from different shells is not being saved, so history can be lost if you run more than one shell (e.g. multiple windows or multiple logins). Also, history is not being saved until a shell exits, which means you can also lose history if a shell is killed prematurely. We will fix this: 1. Confirm that you have already backed up the file `/root/.bashrc` then edit the original file again: a. Insert this line at the top (beginning) of the file: [ -z "${PS1-}" ] && return b. Add these lines at the bottom (end) of the file: # check the window size after each command and update LINES and COLUMNS # append history to history file instead of overwriting it shopt -s checkwinsize shopt -s histappend # keep a lot of shell history # keep time stamps on each entry # update history file after every command (not just on exit) export HISTSIZE=9000 export HISTFILESIZE=99000 export HISTTIMEFORMAT= PROMPT_COMMAND='history -a' c. Save your changes and exit your text editor back to the command prompt. 2. Run `source ~/.bashrc` to source the new file to set up the history in the current shell. Make sure you see no output and no errors! 3. After sourcing the file, print the changed history variables to confirm: [root@abcd0001 ~]# source ~/.bashrc [root@abcd0001 ~]# printenv | fgrep 'HIST' HISTSIZE=9000 HISTFILESIZE=99000 HISTCONTROL=ignoredups HISTTIMEFORMAT= [root@abcd0001 ~]# echo "$PROMPT_COMMAND" history -a 4. Check that the commands you just typed, above, are appearing at the bottom (end) of the `root` BASH history file `.bash_history`. (What command shows you the last few lines of a text file?) Enable localhost for your machine name -------------------------------------- The file `/etc/hosts` usually contains a local copy of the name of the current machine, paired with the `localhost` IP address. CentOS is missing this, which means you can’t `ping` your own host name. 1. Back up the file `/etc/hosts` then edit the original file and add your machine’s host name by adding the line `127.0.0.2 abcd0001` where *abcd0001* is replaced by *your* machine’s host name: [root@abcd0001 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.2 abcd0001 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 2. Confirm that you can now `ping` your own machine name with zero packet loss: [root@abcd0001 ~]# echo "$HOSTNAME" abcd0001 [root@abcd0001 ~]# ping -c 1 "$HOSTNAME" PING abcd0001 (127.0.0.2) 56(84) bytes of data. 64 bytes from abcd0001 (127.0.0.2): icmp_seq=1 ttl=64 time=0.072 ms --- abcd0001 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.072/0.072/0.072/0.000 ms The name *abcd0001* above must be *your* machine’s name, not `abcd0001`. Enable Internet Time using NTP and `ntpd` ----------------------------------------- The system time is not being synchronized with the Internet. We need to use the `yum` install command to fetch and install the Network Time Protocol (NTP) package named `ntp` with its time daemon named `ntpd`: 1. Run: `yum info ntp` - The NTP package is named `ntp`. - The first time you do this, `yum` will download some package lists before it answers the `info` query. - If `yum` cannot connect to the Internet, see [Network Diagnostics]. - If `yum` seems to hang for a long time, see [Appendix I]. 2. Confirm that `yum` shows `Name : ntp` under `Available Packages`. - If you see `ntp` under `Installed Packages`, you have already installed it. 3. Run: `yum install ntp` and when it asks `Is this ok [y/N]:` answer with `y` (yes). - The first time you do this, `yum` will also ask you to import a GPG **CentOS 6 Official Signing Key**. Answer with `y` (yes). 4. Back up the file `/etc/ntp.conf` then edit the original file to add the line `tinker panic 0` on its own line just above the `driftfile` line. - This line tells the `ntpd` program that it can always change the clock value, no matter how far off it is. Normally the `ntpd` daemon refuses to change a clock value that is more than 1,000 seconds wrong. 5. Run: `chkconfig --list ntpd` (and note the spelling of the service name `ntpd`). You will see one line indicating that the `ntpd` time daemon is turned **off** in every Run Level. 6. Run: `chkconfig ntpd on` (again note the spelling of `ntpd`). 7. Run: `chkconfig --list ntpd` (again note the spelling of `ntpd`). You will see one line indicating that the `ntpd` time daemon is now turned **on** in Run Levels 2 through 5: [root@abcd0001 ~]# chkconfig --list ntpd ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off 8. Run: `service ntpd start` and you should see one line saying `Starting ntpd: [OK]`. (If you already started `ntpd`, you won’t see the `[OK]`.) 9. Run: `tail /var/log/messages` or `fgrep 'ntpd' /var/log/messages` and confirm that there are several log entries for `ntpd` saying `Listening` and one saying `kernel time sync status`. If you see errors, fix them and run `service ntpd restart` to restart `ntpd`. 10. After about 5-10 minutes, `ntpd` will have reset your system clock and you will see log lines saying `synchronized to` and `time reset` in the system log. You can perform the other edits below while you wait for this to happen. Even with `ntpd` running, the system may take 5-10 minutes to re-synchronize its time after a VM Pause, Suspend, or reboot. (Earlier versions of CentOS were faster at time synchronization.) Servers in the real world are not paused, suspended, or rebooted as often as at school. Installing **VMware Tools** will often help with getting the time right after a VM pause or suspend. **VMware Tools** will be installed in a separate document, later. Configure Time Zone ------------------- The system time zone file is not correct for our time zone. 1. Run: `tzselect` and answer the questions to find the full name of the **Eastern Time – Ontario** time zone. (Hint: It is two words separated by a slash, and has the name `Toronto` in it.) Ignore the advice about your `.profile` file – you are the **sysadmin** of this machine and you are setting the system time zone, not an individual user’s time zone. 2. Back up the file `/etc/sysconfig/clock` then edit the original file to change the `ZONE` variable to `ZONE="XXX/YYY"` where *XXX/YYY* is the name of the time zone printed by `tzselect` (including the double quotes). The word `Toronto` is in this name. 3. Run: `tzdata-update` to copy the correct time zone information from under directory `/usr/share/zoneinfo/` to `/etc/localtime`. 4. Run a checksum (any kind) on the file `/etc/localtime` and on the file under directory `/usr/share/zoneinfo/` corresponding to the `Toronto` time zone and verify that both files have the same checksum. (Hint: You will need to search for the correct `Toronto` file under that directory. What command finds file names by basename? What command can calculate a checksum?) Disable SELinux --------------- Security Enabled Linux is turned on, which can cause many problems for novice Linux users. On a real server, we would leave it enabled. You will learn SELinux configuration in later Linux courses. 1. Back up the file `/etc/sysconfig/selinux` then edit the original file and change the `SELINUX` variable setting from `SELINUX=enforcing` to `SELINUX=disabled`. Disable Pretty Boot ------------------- The system boot messages are being hidden by a pretty but unhelpful Fedora graphics screen. The screen covers up many useful system messages at boot time. As a sysadmin, you *want* to see *all* the boot messages. 1. Take a snapshot of your VM now, in case you make a mistake in the following edit. If you damage lines in this GRUB configuration file, your machine may not boot at all. You’ll have to restore from the snapshot and reconfigure. 2. Back up the file `/boot/grub/grub.conf` then edit the original file: a. Change the value of the `timeout` from `5` to `30`. b. Comment out the `hiddenmenu` line to make the GRUB menu visible on boot. (Insert a single `#` comment character in front of `hiddenmenu` so that it looks like `#hiddenmenu` and will be ignored.) c. Remove the two words `rhgb quiet` from the far right end of the very long `kernel` line to get rid of the silly Fedora animated graphics screen. (Make sure you don’t accidentally break this line into pieces. Keep it one long line.) d. The resulting file should be two words smaller than the back-up file: [root@abcd0001 ~]# wc -lw /boot/grub/grub.conf* 17 81 /boot/grub/grub.conf 17 83 /boot/grub/grub.conf.bak 3. You will know if your edits are accurate at the next reboot, coming up in the next section. If the reboot fails, restore back to your snapshot and try the edit again. Verify Correct CentOS Configuration ----------------------------------- Having made all the above configuration changes, your CentOS configuration must pass all of the following verification steps after you reboot it: 1. Reboot your CentOS machine by typing: `shutdown -r now` or simply `reboot` 2. Verify the new GNU GRUB boot menu: a. The `GNU GRUB` menu should now be visible (not hidden) – see the image below. b. In 30 seconds the menu will time out and boot the highlighted menu entry (usually the first one), or you can push the **Enter** key to boot it immediately. If you don’t see the GRUB menu, you forgot to edit the GRUB configuration file above (or your edits were wrong). ![CentOS 6 GRUB Menu] When the machine is running, log in on the console again as the user `root` and run some verification commands: 3. Run `alias` and make sure the `root` account has no dangerous aliases. 4. Check that the commands you just typed, above, are appearing at the bottom (end) of the `root` BASH history file `.bash_history`. 5. Run: `free` and verify that you have a `total` Memory of about 256MB (e.g. approximately `2489??KB`). (If you have more than about 256MB, you forgot to change the Memory settings for this VM. Shut it down safely and fix the Memory and reboot.) 6. Run this exactly as given (using *two* adjacent pipe symbols): `selinuxenabled || echo NO` and verify that the word `NO` appears on your screen. If not, you forgot to disable `SELINUX` above. [root@abcd0001 ~]# selinuxenabled || echo NO NO 7. In file `/etc/sysconfig/clock` verify that the `ZONE` variable is set to a local Ontario city time zone (not New York). 8. Run: `pgrep -l ntpd` and verify that the output is one line (a process number and the word `ntpd`). - The system can take 5-10 minutes to re-establish the correct time when started or resumed. 9. Search for the word `tinker` in file `/etc/ntp.conf` and verify that you find the `tinker panic 0` line you added. 10. Search for the word `ONBOOT` in file `/etc/sysconfig/network-scripts/ifcfg-eth0` and verify that its value is set to `yes`. 11. Run: `ifconfig eth0` and verify that its `inet addr:` has an IP address listed. 12. Run: `ip route` and verify that you have a `default via` route listed for `dev eth0`. 13. Examine file `/etc/resolv.conf` and verify that there is at least one`nameserver` line in the file. 14. Confirm that you can `ping` your own machine name with zero packet loss and that your host name resolves to the IP address `127.0.0.2`: [root@abcd0001 ~]# ping -c 1 "$HOSTNAME" PING abcd0001 (127.0.0.2) 56(84) bytes of data. 64 bytes from abcd0001 (127.0.0.2): icmp_seq=1 ttl=64 time=0.072 ms --- abcd0001 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.072/0.072/0.072/0.000 ms Consult with your instructor if any of the above verification steps fail. Snapshot your Configured Installation ------------------------------------- Make sure your CentOS virtual machine passes the all above verification steps before saving it! 1. To avoid all the problems mentioned earlier, you may want to [shut down your machine before taking a snapshot]. 2. Use VMware (or your virtualization software) to create a power-off Snapshot of your new **Configured Installation** VM. Label the Snapshot **Configured Installation** and enter a dated comment explaining how you created it and what configuration changes you made (above) from the previous snapshot. 3. Use **VM | Snapshot | Snapshot Manager** to confirm your snapshot. - You will have this snapshot to come back to if you ever need it. * * * * * This ends the initial Installation and Configuration of a minimal server-style CentOS system. The next sections explain some important things to know about your new virtual server. * * * * * Suspending and Shutting Down Safely =================================== - **NEVER POWER OFF YOUR CENTOS VIRTUAL MACHINE VIA VMWARE POWER OFF!** - Never use the **Power off** button in a virtual machine that you care about! - Never close or kill VMware without first suspending or shutting down all your virtual machines. - Powering off a virtual machine via the VMware power button can corrupt your disk and lose all your work. You can either *Suspend* or *Shut Down* (power off) your VM as follows: Suspending ---------- This is the fastest way to save your machine state. Most times you will want to suspend your Virtual Machine so that you can resume it quickly where you left off: 1. Go to **VM** and **Power** and choose **Suspend** 2. Wait until VMware fully saves the state of the machine. 3. You may now safely close VMware. Resuming -------- When you resume your Virtual Machine, you may need to refresh the network settings for your new network location by running (as `root`): `service network restart` Shutting Down (Power Off) ------------------------- If you need to reconfigure most parts of the VMware Virtual Machine that is running your Linux server, you need to shut down Linux before VMware will let you change the settings. Here’s how: 1. Log in as `root` (or login in as a user and then become `root`, if you have disabled `root` logins) 2. As `root` run: `shutdown -h now` or simply `halt` (if available) - You can also schedule a shutdown at a later time; see the man page. 3. Wait until the Virtual Machine fully shuts down and stops. 4. You may now change VMware settings or safely close VMware. Switching Consoles ================== Most Linux machines running in multi-user mode (not single-user) allow you to have multiple system consoles active by typing `ALT+F2` (hold down `ALT` and simultaneously push `Function Key 2`) to switch to the second console, `ALT+F3` to the next one, etc. The default, first, console is of course `ALT+F1`. This only works on console terminals, not on remote login sessions. Multiple consoles allow you to multi-task and have multiple “windows” on the system console without all the overhead of a graphical user interface. > When you log out of a server console, make sure you check all the alternate > consoles and log them out, too! Don’t leave an open `root` login session > active when you walk away from the machine console! You can’t do `ALT+F2` inside a **PuTTY** or **SSH** session, but there are programs such as [`screen`] and [`tmux`] that let you do that type of multiple console interface and much, much more. * * * * * Appendix I: What to do if `yum` doesn’t work ============================================ This **Appendix** is only necessary if you find that the `yum` installer hangs or does not work. If `yum` hangs or fails, do these steps until it works: 1. If `^C` (`Ctrl-C`) will not interrupt the hung `yum` command, use `^Z` to `STOP` the `yum` command and then `kill %yum` to kill it. (If that doesn’t kill it, use `kill -9 %yum`) a. Another way to kill a hung `yum` session is to switch to a second console (e.g. `ALT-F2`), log in as `root`, find the process ID of the hung `yum` process, use `kill` to send that process ID a `SIGTERM` or `SIGKILL` termination signal, then switch back to the first console again. 2. Make sure your host operating system is **not** using wireless. Change your host O/S to use a wired connection and **disable your wireless** so that it is not used. (Never use wireless if wires are available!) 3. As `root` type: `service network restart` and try `yum` again. - You can try to `ping` hosts, but Algonquin College blocks most ICMP traffic so it may not work as a diagnostic tool. 4. If `yum` still hangs on the wired network, kill `yum` again (see above) and then try: a. Go to **VM | Settings** and **Hardware** and **Network Adapter** b. Change your networking from **Bridged** to **NAT** or from **NAT** to **Bridged** c. Save the new settings. d. Run: `service network restart` and try `yum` again. When `yum` finally works, you may need to accept a security key: say yes * * * * * Appendix II: Document Revision History ====================================== - Version 1: 04:00 Oct 16 2013 - Version 2: 11:45 Oct 16 2013 - put enable networking first - Version 3: 14:20 Oct 16 2013 - check for tinker and 127.0.0.2 - Version 4: 20:15 Oct 17 2013 - clarified some wording; made SSH more prominent * * * * * -- | Ian! D. Allen - idallen@idallen.ca - Ottawa, Ontario, Canada | Home Page: http://idallen.com/ Contact Improv: http://contactimprov.ca/ | College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/ | Defend digital freedom: http://eff.org/ and have fun: http://fools.ca/ [Plain Text] - plain text version of this page in [Pandoc Markdown] format [www.idallen.com]: http://www.idallen.com/ [Ubuntu]: http://ubuntu.com/ [Mint]: http://www.linuxmint.com/ [Create an Empty Virtual Machine]: #create-an-empty-virtual-machine-in-vmware [**CentOS-6.4-i386-minimal**]: http://cstech/repo/linux/CentOS/CentOS-6.4-i386-minimal/ [`CentOS-6.4-i386-minimal-md5.txt`]: http://cstech/repo/linux/CentOS/CentOS-6.4-i386-minimal/CentOS-6.4-i386-minimal-md5.txt [**HashTab**]: http://www.implbits.com/hashtab.aspx [**Cygwin**]: http://cygwin.com/ [CentOS 6 Welcome]: data/centos64_welcome.jpg "CentOS 6 Welcome" [CentOS 6 Splash Screen]: data/centos64_splash.jpg "CentOS 6 Splash Screen" [password that you can remember]: http://xkcd.com/936/ [CentOS 6 Install Packages]: data/centos64_install_packages.jpg "CentOS 6 Install Packages" [Network Diagnostics]: 000_network_diagnostics.html [Aliases for Sysadmin]: 350_startup_files.html#recommended-sysadmin-shell-aliases [Appendix I]: #appendix-i-what-to-do-if-yum-doesnt-work [CentOS 6 GRUB Menu]: data/centos64_grub_menu.jpg "CentOS 6 GRUB Menu" [shut down your machine before taking a snapshot]: #problems-with-snapshots-of-running-systems [`screen`]: http://www.rackaid.com/resources/linux-screen-tutorial-and-how-to/ [`tmux`]: http://www.techrepublic.com/blog/linux-and-open-source/is-tmux-the-gnu-screen-killer/ [Plain Text]: 000_centos_install.txt [Pandoc Markdown]: http://johnmacfarlane.net/pandoc/