Toolpack prerequisite CentOS7 A

From TBwiki
(Difference between revisions)
Jump to: navigation, search
(Forgot mysqldump section)
(Asked to remove base repository before installing toolpack!)
Line 12: Line 12:
 
''WARNING'': This procedure assumes the Centos 7 machine was installed using the "Server with GUI" package set OR was installed from the TelcoBridges repository image.
 
''WARNING'': This procedure assumes the Centos 7 machine was installed using the "Server with GUI" package set OR was installed from the TelcoBridges repository image.
 
</span>  
 
</span>  
 +
 +
== CentOS update  ==
 +
 +
Update your system to CentOS 7
 +
 +
yum clean metadata
 +
yum update
 +
 +
If there was a kernel update, you need to reboot the machine to activate it:
 +
 +
shutdown -r now
  
 
== Stop toolpack system (if it is running)  ==
 
== Stop toolpack system (if it is running)  ==
Line 38: Line 49:
 
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
  
== Get TelcoBridges repository key ==
+
== Disable base CentOS repositories  ==
  
cd /etc/pki/rpm-gpg/
+
Edit the Centos repository configuration file
wget http://repo.telcobridges.com/centos/7/os/x86_64/RPM-GPG-KEY-TB7
+
  
== CentOS update ==
+
  vim /etc/yum.repos.d/CentOS-Base.repo
  
Update your system to CentOS 7
+
Disable all repositories in that file.  Example:
  
  yum clean metadata
+
  [base]
  yum update
+
  '''enabled=0'''
 +
name=CentOS-$releasever - Base
 +
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
 +
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
 +
gpgcheck=1
 +
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 +
 +
#released updates
 +
[updates]
 +
'''enabled=0'''
 +
name=CentOS-$releasever - Updates
 +
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
 +
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
 +
gpgcheck=1
 +
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 +
 +
#additional packages that may be useful
 +
[extras]
 +
'''enabled=0'''
 +
name=CentOS-$releasever - Extras
 +
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
 +
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
 +
gpgcheck=1
 +
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 +
 +
#additional packages that extend functionality of existing packages
 +
[centosplus]
 +
name=CentOS-$releasever - Plus
 +
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
 +
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
 +
gpgcheck=1
 +
'''enabled=0'''
 +
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
  
If there was a kernel update, you need to reboot the machine to activate it:
+
== Get TelcoBridges repository key ==
  
  shutdown -r now
+
  cd /etc/pki/rpm-gpg/
 +
wget http://repo.telcobridges.com/centos/7/os/x86_64/RPM-GPG-KEY-TB7
  
 
=== Reply to ARP only on local interfaces ===
 
=== Reply to ARP only on local interfaces ===
Line 88: Line 131:
 
  wget http://download.distribution.telcobridges.com/3rdparty/prerequisite/bin/linux/bundler-1.2.3.gem
 
  wget http://download.distribution.telcobridges.com/3rdparty/prerequisite/bin/linux/bundler-1.2.3.gem
 
  gem install --local ./bundler-1.2.3.gem
 
  gem install --local ./bundler-1.2.3.gem
 
+
 
  wget http://download.distribution.telcobridges.com/3rdparty/prerequisite/bin/linux/json-1.7.7.gem
 
  wget http://download.distribution.telcobridges.com/3rdparty/prerequisite/bin/linux/json-1.7.7.gem
 
  gem install --local ./json-1.7.7.gem
 
  gem install --local ./json-1.7.7.gem
Line 145: Line 188:
 
  skip-name-resolve
 
  skip-name-resolve
 
  expire_logs_days=60
 
  expire_logs_days=60
 
+
 
  [mysqldump]  
 
  [mysqldump]  
 
  max_allowed_packet = 200MB
 
  max_allowed_packet = 200MB

Revision as of 12:20, 9 September 2014

This page shows the Toolpack 2-8 prerequisites for CentOS 7.

WARNING: The host MUST have CentOS 7 installed.

WARNING: This procedure requires internet access and a DNS configured on your unit.

WARNING: This procedure assumes the Centos 7 machine was installed using the "Server with GUI" package set OR was installed from the TelcoBridges repository image.

Contents

 [hide

CentOS update

Update your system to CentOS 7

yum clean metadata
yum update

If there was a kernel update, you need to reboot the machine to activate it:

shutdown -r now

Stop toolpack system (if it is running)

tbtoolpack stop

TelcoBridges repository

Add TelcoBridges repository file

vim /etc/yum.repos.d/TB-Base.repo

Paste the following information in that file:

# TelcoBridges-Base.repo
#
# This repository is using TelcoBridges frozen version of CentOS
# to help client installing the required version of the
# applications required to run Toolpack
#

[tb-base]
name=TelcoBridges-$releasever - Base
baseurl=http://repo.telcobridges.com/centos/7/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Disable base CentOS repositories

Edit the Centos repository configuration file

vim /etc/yum.repos.d/CentOS-Base.repo

Disable all repositories in that file. Example:

[base]
enabled=0
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates
[updates]
enabled=0
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
enabled=0
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Get TelcoBridges repository key

cd /etc/pki/rpm-gpg/
wget http://repo.telcobridges.com/centos/7/os/x86_64/RPM-GPG-KEY-TB7

Reply to ARP only on local interfaces

Modify the file /etc/sysctl.conf to add the following lines:

 net.ipv4.conf.default.arp_ignore=1
 net.ipv4.conf.all.arp_ignore=1

Then restart network interfaces using the following command:

 service network restart

Disabling SELinux

Check SELinux status

 sestatus

If SELinux is enable, see the Disabling SELinux article to disable it.

Disabling Firewalld

systemctl mask firewalld
systemctl stop firewalld

Install Toolpack Prerequisites

When asked to 'Importing GPG key', answer yes.

yum groupinstall Toolpack-Prerequisites

Install Gem

wget http://download.distribution.telcobridges.com/3rdparty/prerequisite/bin/linux/bundler-1.2.3.gem
gem install --local ./bundler-1.2.3.gem

wget http://download.distribution.telcobridges.com/3rdparty/prerequisite/bin/linux/json-1.7.7.gem
gem install --local ./json-1.7.7.gem

Configure ODBC

Be sure that Toolpack system is stopped before manipulating MySQL.

tbtoolpack stop
vim /etc/odbcinst.ini

Remove the '#' in front of each lines of the [MySQL] section Modify the 'Driver' line to set the correct driver


Example:

[MySQL]
Description     = ODBC for MySQL
Driver          = /usr/lib/libmyodbc5.so
Setup           = /usr/lib/libodbcmyS.so
Driver64        = /usr/lib64/libmyodbc5.so
Setup64         = /usr/lib64/libodbcmyS.so
FileUsage       = 1

Configure MariaDB

vim /etc/my.cnf

Add these variables in the file under the [mysqld] section:

  • log-bin
  • server-id=[UniqueId]

The server-id needs to be a non-zero unique value (do not use 0). If you use the host redundancy feature, the value needs to be different on each host .


Add max_allowed_packet to increase the maximum size of binary blobs in the database. Make sure it is in the [mysqld] section AND [mysqldump] section

 max_allowed_packet = 200MB


Add below to remove database dependencies with DNS servers (**Applicable to TMG users only)

 skip-name-resolve


Add this to make sure the mysql logs don't get too big

 expire_logs_days=60

Example:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
log-bin
server-id=1123476
max_allowed_packet = 200MB
skip-name-resolve
expire_logs_days=60

[mysqldump] 
max_allowed_packet = 200MB



Enable and start MariaDB

systemctl enable mariadb
systemctl start mariadb


Use the MariaDB wizard to secure your server installation.

mysql_secure_installation

You should:

  • Set new root password
  • Remove anonymous users
  • Disallow root login remotely
  • Remove test database and accesses
  • Reload privilege tables

Example:

mysql_secure_installation

Set root password? [Y/n] Y
New password: AVeryStrongPassword
Re-enter new password: AVeryStrongPassword
Password updated successfully!
Reloading privilege tables..
 ... Success!
Remove anonymous users? [Y/n] Y
 ... Success!
Disallow root login remotely? [Y/n] Y
 ... Success!
Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
Reload privilege tables now? [Y/n] Y
 ... Success!
Cleaning up...
Thanks for using MariaDB!

Restart the MariaDB service

systemctl restart mariadb

Configure MariaDB user

  • Create a tbdb user (required by Toolpack)

Example:

mysql -uroot -pAVeryStrongPassword

USE mysql;
CREATE USER 'tbdb'@'%' IDENTIFIED BY 'tbdbpw';
GRANT ALL PRIVILEGES ON *.* TO 'tbdb'@'%' IDENTIFIED BY 'tbdbpw';
FLUSH PRIVILEGES;
exit


Personal tools