Toolpack prerequisite CentOS7 A
(Changed 5 to 7) |
(→Toolpack Development Prerequisite (Optional)) |
||
Line 336: | Line 336: | ||
The Toolpack System Development prerequisite section is only required for customers that will develop their own application using the Toolpack API: | The Toolpack System Development prerequisite section is only required for customers that will develop their own application using the Toolpack API: | ||
− | yum install libxml2-devel libpcap-devel unixODBC-devel libaio libaio-devel libxslt | + | yum install libxml2-devel libpcap-devel unixODBC-devel libaio libaio-devel libcurl-devel.x86_64 libxslt |
== Validation Guide (highly recommended) == | == Validation Guide (highly recommended) == |
Revision as of 13:41, 17 October 2017
Applies to version(s) v2.8 to v2.9
WARNING: The host MUST have been installed with the CentOS 7 DVD/ISO pointed in this procedure.
WARNING: The host MUST have been installed using the "Minimal" package set within the CentOS installation wizard.
Contents |
Install the base CentOS 7 server
Download the following DVD image:
http://download.distribution.telcobridges.com/3rdparty/prerequisite/bin/centos/CentOS-7.0-1406-x86_64-DVD.iso
Press Enter to choose the graphical installation:
- Enable the ethernet interface and set the hostname (make sure it is not localhost.localdomain)
- Select the "Minimal" install package
Configure network connection
If the IP interface was not configured and enabled during installation, it can be configure with the following command from a console connection or a monitor/keyboard connected to the server.
To list the ethernet card installed on your machine:
nmcli d
If your device shows the STATE as "disconnect", start the Network manager by typing:
nmtui
- Select "Edit a connection" and press Enter
- Select your network interface, select "Edit" (use arrows to change options), press Enter
- Set IPv4 static address or choose “Automatic” (for DHCP) in IPv4 CONFIGURATION and check "Automatically connect" check box.
- Select "Quit", press Enter
service network restart
Check your ip interface using:
ip addr
Add base packages
To continue installation, you need to download a few packages not provided by the minimal installation:
yum install net-tools wget
Configure TelcoBridges repository
Online repository procedure
This procedure requires internet access and a DNS configured on your unit
Add TelcoBridges repository file
vi /etc/yum.repos.d/TB-Base.repo
Paste the following information in that file:
# TelcoBridges-Base.repo # # This repository is using TelcoBridges frozen version of CentOS # to help client installing the required version of the # applications required to run Toolpack # [tb-base] name=TelcoBridges-$releasever - Base baseurl=http://repo.telcobridges.com/centos/7/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-TB7
Get TelcoBridges repository key
cd /etc/pki/rpm-gpg/ wget http://repo.telcobridges.com/centos/7/os/x86_64/RPM-GPG-KEY-TB7
Offline repository procedure
This procedure does not requires internet access.
Install TelcoBridges repository locally
Download the .iso image of the repository
http://repo.telcobridges.com/centos/7/isos/x86_64/tb_centos7_x86_64_repo.iso
- Upload this .iso file to the "/root" directory of the server with scp or a SFTP tool like FileZilla
- Mount the .iso file on your server
mkdir -p /repo/centos/7 mount -t iso9660 -o loop /root/tb_centos7_x86_64_repo.iso /repo/centos/7
Add the mount point permanently to the system to make it stay after a reboot.
# cp /etc/fstab /etc/fstab.bak # echo "/root/tb_centos7_x86_64_repo.iso /repo/centos/7 iso9660 loop 0 0" >> /etc/fstab
Add TelcoBridges repository file
vim /etc/yum.repos.d/TB-Base.repo
Paste the following information in that file:
# TelcoBridges-Base.repo # # This repository is using TelcoBridges frozen version of CentOS # to help client installing the required version of the # applications required to run Toolpack # [tb-base] name=TelcoBridges-$releasever - Base baseurl=file:///repo/centos/7/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-TB7
Get TelcoBridges repository key
cd /etc/pki/rpm-gpg/ cp /repo/centos/7/RPM-GPG-KEY-TB7 .
Update CentOS
Disable base CentOS repositories
Edit the Centos repository configuration file
vi /etc/yum.repos.d/CentOS-Base.repo
Disable all repositories in that file. Example:
[base] enabled=0 name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #released updates [updates] enabled=0 name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] enabled=0 name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Package update
Remove conflicting packages with TelcoBridges repository part of the original DVD
yum remove NetworkManager xfsprogs
Update your system to latest packages from TelcoBridges repository
yum clean all yum update
If there was a kernel update, you need to reboot the machine to activate it:
shutdown -r now
Reply to ARP only on local interfaces
Modify the file /etc/sysctl.conf to add the following lines:
net.ipv4.conf.default.arp_ignore=1 net.ipv4.conf.all.arp_ignore=1
Then restart network interfaces using the following command:
service network restart
Disabling SELinux
Check SELinux status
sestatus
If SELinux is enable, see the Disabling SELinux article to disable it.
Disabling Firewalld
systemctl mask firewalld systemctl stop firewalld
Install Toolpack Prerequisites
Then, install Toolpack set of pre-requisite packages. When asked to 'Importing GPG key', answer yes.
yum groupinstall Toolpack-Prerequisites
Configure ODBC
Be sure that Toolpack system is stopped before manipulating MySQL.
tbtoolpack stop
vi /etc/odbcinst.ini
Remove the '#' in front of each lines of the [MySQL] section Modify the 'Driver' line to set the correct driver
Example:
[MySQL] Description = ODBC for MySQL Driver = /usr/lib/libmyodbc5.so Setup = /usr/lib/libodbcmyS.so Driver64 = /usr/lib64/libmyodbc5.so Setup64 = /usr/lib64/libodbcmyS.so FileUsage = 1
Configure MariaDB
vi /etc/my.cnf
Add these variables in the file under the [mysqld] section:
- log-bin=mariadb-bin
- relay-log=mariadb-relay-bin
- innodb_doublewrite=1
- innodb_flush_log_at_trx_commit=1
- sync_binlog=1
- expire_logs_days=30
- max_binlog_size=500M
- server-id=[UniqueId]
- innodb_stats_on_metadata=0
The server-id needs to be a non-zero unique value (do not use 0). If you use the host redundancy feature, the value MUST to be different on each host .
Add below to remove database dependencies with DNS servers (**Applicable to TMG users only)
skip-name-resolve
Add max_allowed_packet to increase the maximum size of binary blobs in the database. Make sure it is in the [mysqld] section AND [mysqldump] section
max_allowed_packet = 200MB
Example:
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 log-bin=mariadb-bin server-id=1123476 max_allowed_packet = 200MB skip-name-resolve expire_logs_days=30 max_binlog_size=500M relay-log=mariadb-relay-bin innodb_doublewrite=1 innodb_flush_log_at_trx_commit=1 sync_binlog=1 innodb_stats_on_metadata=0 [mysqldump] max_allowed_packet = 200MB
Enable and start MariaDB
systemctl enable mariadb systemctl start mariadb
Use the MariaDB wizard to secure your server installation.
mysql_secure_installation
You should:
- Set new root password
- Remove anonymous users
- Disallow root login remotely
- Remove test database and accesses
- Reload privilege tables
Example:
mysql_secure_installation Set root password? [Y/n] Y New password: AVeryStrongPassword Re-enter new password: AVeryStrongPassword Password updated successfully! Reloading privilege tables.. ... Success! Remove anonymous users? [Y/n] Y ... Success! Disallow root login remotely? [Y/n] Y ... Success! Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... Thanks for using MariaDB!
Restart the MariaDB service
systemctl restart mariadb
Configure MariaDB user
- Create a tbdb user (required by Toolpack)
Example:
mysql -uroot -pAVeryStrongPassword USE mysql; CREATE USER 'tbdb'@'%' IDENTIFIED BY 'tbdbpw'; GRANT ALL PRIVILEGES ON *.* TO 'tbdb'@'%' IDENTIFIED BY 'tbdbpw'; FLUSH PRIVILEGES; exit
Install additional ruby gems
wget http://download.distribution.telcobridges.com/3rdparty/prerequisite/bin/linux/bundler-1.2.3.gem gem install --local ./bundler-1.2.3.gem
wget http://download.distribution.telcobridges.com/3rdparty/prerequisite/bin/linux/json-1.7.7.gem gem install --local ./json-1.7.7.gem
Toolpack Development Prerequisite (Optional)
The Toolpack System Development prerequisite section is only required for customers that will develop their own application using the Toolpack API:
yum install libxml2-devel libpcap-devel unixODBC-devel libaio libaio-devel libcurl-devel.x86_64 libxslt
Validation Guide (highly recommended)
If you would like to verify your installation go to the Toolpack Validation Guide
Toolpack System installation
Now that the prerequisite are installed, now it is time to install the Toolpack system