Installing basic packages (CentOS 7)¶
This documentation page will describe which packages are to be installed on the system.
Please note that most of the steps are the same for both systems. When anything will differ, it will be clearly pointed out.
CentOS setup¶
Here you can find the ISO image used to install the OS:
Initial OS installation¶
- When the bootload starts, select “Install CentOS7”
- Choose language for the installation process and click continue
- Choose keyboard layout
- Set Date and Time
- There will be a warning about the installation destination “Automatic partitioning selected”. Notice that by default the installer will use an XFS FileSystem for the boot partition and will use LVM for the rest of the system.
- You may now configure the network (button “config network”).If you do so you will also be able to setup NTP time synchronization in the Time and Date section
- Choose wich applications will be installed on the system by clicking on Software Selection, we will choose “Minimal”.
- Click Begin Installation
- Create a password for the root user
The install procedure will go on installing a basic set of packages. At the end you will be requested to reboot the system.
Network configuration¶
If you configured the network interface during the installation process you skip this section
List the network interfaces
service network status
Edit the config file for the intercafe /etc/sysconfig/network-scripts/<interface name> paying attention to these properties:
BOOTPROTO="static"
ONBOOT="yes"
IPADDR=84.33.2.27
NETMASK=.......
GATEWAY=.......
Edit the file /etc/resolv.conf and add your nameservers.
In the sample VM Google’s DNS have been set:
nameserver 8.8.8.8
nameserver 8.8.4.4
Start the network service:
service network start
Check the connection is up by pinging and external server:
ping google.com
Attention
Please note that in CentOS7 only ssh incoming connections are allowed; all other incoming connections are disabled by default.
In the paragraph related to the httpd service you can find details about how to enable incoming traffic.
Note that after configuring the network, you may continue installing the system setup using a ssh connection.
Installing base packages¶
Internal clock sync¶
CentOS 7 default is to use Chrony
Install Chrony with the following command:
yum install -y chrony
Edit /etc/chrony.conf with the desired settings. For example you can sync with the CentOS servers:
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
...
Start it:
systemctl start chronyd
And enable it to autostart at boot:
systemctl enable chronyd
Other utilities¶
Install:
yum install mc # mc (along with zip) can be used to navigate inside .war files
yum install zip unzip
yum install wget
Installing fail2ban¶
- Install::
- yum install fail2ban
crate file /etc/fail2ban/jail.local with the following configuration:
[INCLUDES]
before = paths-fedora.conf
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 3600
findtime = 1800
maxretry = 5
SSH servers
[sshd]
enabled = true
port = 22
action = firewallcmd-ipset[name=SSH, port=22, protocol=tcp, bantime=3600]
logpath = /var/log/secure
Installing PostgreSQL and PostGIS¶
Repositories¶
Download the package for configuring the PGDG repository:
CentOS:
wget http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-centos94-9.4-1.noarch.rpm
and install it:
rpm -ivh pgdg-centos94-9.4-1.noarch.rpm
EPEL 7 repository will provide GDAL packages:
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -ivh epel-release-7-5.noarch.rpm
Update the packages list:
yum clean all
yum check-update
Install PG:
yum install postgresql94-server postgis2_94
Verify:
# rpm -qa | grep postg
postgresql94-libs-9.4.4-1PGDG.rhel7.x86_64
postgresql94-9.4.4-1PGDG.rhel7.x86_64
postgis2_94-2.1.8-1.rhel7.x86_64
postgresql94-server-9.4.4-1PGDG.rhel7.x86_64
Init the DB:
/usr/pgsql-9.4/bin/postgresql94-setup initdb
Setting PostgreSQL access¶
Edit the file /var/lib/pgsql/9.4/data/pg_hba.conf so that the local connection entries
will change to:
# "local" is for Unix domain socket connections only
local all postgres peer
local all all md5
# IPv4 local connections:
host all postgres 127.0.0.1/32 ident
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all postgres ::1/128 ident
host all all ::1/128 md5
Setup automatic start¶
Configure automatic service startup at boot time
systemctl enable postgresql-9.4
Start the service right now
systemctl start postgresql-9.4
Creating system users¶
Create tomcat user¶
[root@cerco ~]# adduser -m -s /bin/bash tomcat
[root@cerco ~]# passwd tomcat
Installing apache httpd¶
Apache httpd is used as entry point for web accesses. It will be configured as a reverse proxy for the requests to the running web applications.
Install httpd:
yum install httpd
Create the file /etc/httpd/conf.d/00_servername.conf and configure the ServerName.
If no name is assigned to the IP address assigned to this machine, we’ll set the IP address here:
ServerName 84.33.2.27:80
Configure the automatic start at boot
systemctl enable httpd
Start the service right away
systemctl start httpd
Check if the machine is reachable from outside, pointing your browser to:
http://84.33.2.27
If you cannot reach the machine, proceed with next section.
Configure incoming requests¶
If the machine is not reachable from the outside, allow the incoming connections by issuing this command:
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
Installing java¶
CentOS¶
For CentOS systems, you can download the JDK RPM from this page:
Oracle does not expose a URL to automatically dowload the JDK because an interactive licence acceptance is requested. You may start downloading the JDK RPM from a browser, and then either:
stop the download from the browser and use on the server the dynamic download URL your browser has been assigned, or
finish the download and transfer the JDK RPM to the server using
scp.install the RPM using the following command line
rpm -ivh jdk-7u51-linux-x64.rpm
Verify the proper installation on the JDK:
# java -version
java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.79-b03, mixed mode)
# javac -version
javac 1.7.0_79
You may want anyway to use the Oracle JDK.