Azure Cloud

For the Azure Cloud, you specify a user during the basic installation. The root password remains hidden. However, you can switch to root with the following command, the input of your own password is required:

sudo in Azure Cloud
sudo -s


Furthermore, it is necessary to assign the network card(s) to a zone. This is done by editing the network configuration:

Netzwerkeinstellungen Azure Cloud
vi /etc/sysconfig/network-scripts/ifcfg-eth0
 
... (add at end)
 
ZONE=public
 
...
 
service network restart

System update

System aktualisieren und erste Pakete installieren


Update and Installation
yum -y update
yum -y install nano unzip ntp ntpdate wget man openssh-clients rsync screen sysstat nfs-utils cifs-utils policycoreutils-python yum-plugin-versionlock yum-utils nmap bind-utils tcpdump lsof tmux tmpwatch
yum -y install https://repo.ius.io/ius-release-el7.rpm
yum -y install epel-release

# LAG: NO LONGER NEEDED
# Removed 17.09.2018 after feedback from FK
# yum -y install http://mirror1.hs-esslingen.de/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
# yum-config-manager --enable rpmforge-extras

Reboot

Reboot
reboot

disable ipv6 


ipv6

If the yum update fails because of IPv6, ipv6 can be disabled.

Disable IPv6
vi /etc/sysctl.d/disable-ipv6.conf

# Add the following lines

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

# Then issue the following command
sysctl -p
 
# Then edit yum.conf
vi /etc/yum.conf

# Add the following line
ip_resolve=4
 
# Then reboot
reboot

Basic configuration

Make sure firewalld is running (Required for Azure Cloud installation)

The following commands ensure that firewalld is running.

firewalld configuration
systemctl disable iptables
systemctl mask iptables
systemctl enable firewalld
systemctl start firewalld


Create User jtel

The following commands create the user jtel, add it to the group wheel and give it the password <password>:

jtel User
useradd -m jtel
gpasswd -a jtel wheel
printf '<password>\n<password>\n' | passwd jtel


Enter SSH key

Next, the SSH keys of the jtel project technicians are entered so that a secure login is possible without separate password entry. By default, neither the SSH configuration directory nor the corresponding configuration file exists in root's home directory. All this is generated with the commands in the following code block:

SSH Keys
mkdir -p /home/jtel/.ssh
cat << EOFF > /home/jtel/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgJWox9vkWssx24V6m+VB/9cfFUznUnVJqHeSnQFcE+ANzH+lgv90jQYXRf8XLSaKA4HZGO7SFUwLz7eNHk0lIS+TG+WKGrjl3GRvzNoYVAapeKUV7HjbeagQPNOCKTr6G8Vi/GVMyOx8XhJAgpr5gjyW9GdMdqnOS9uxd83BCh/UiAP9oVUbLiIIxbtmLAzyfJdjnbFP9sJXw96Vl040Fe4aoLofrkPyPu7cst6TPJx5myDhORG31nD/2iwUNLfv58m9ABMsePfhqzSp/Hi2XY/e5gikDh3xUxoBmL9fWwbiFb92AFW08rP1CtoCEtOe2nJkdtRzt0GiE+A+zgdDjw== support@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAuP5DEZDI6/CITTqk8qburqDuKNj6jnQ9Zbjz6BO+5P8MlrS8KT7y56u/PSqdO3OzD58D2JS0yNvM5RbBGYDUD1ng7VSJLFLfErbuCzJ/Q+BSRaee+7MhLWXdVSc/EY2B4qUcZGRL/NXHtAY/3KvSSU3wnhI4edLYMAzuxAhNEPRkmniq1CAuykDdHvm0kVQzaSShYDBQWIlbWIMG6jsCmMpZR7v+v6gKWeowQkM4T4XZ1f2K5zlQXd6FHGY8C/+XICefum2qgQtqgjfQMoqIQbnmfKDGIHPvkas287tdCbU4y1lTsJbTiT7INkd6QbiVUayVxVwwoV+G2F7WofN4nw== root@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArTi8N08gDz1CvDriZNALa1tHky/1+QNP0WU43dI7hkn2zH7fz9bXAs32z7dRjfgxaYXWPmClcDLDb0xwjGfMXK0HABPtp0bxh/58Y0QowBUJkcNi6hUphT+ArGkpjQb5CJcArnbLO727R8jJFgE1QpiWdehd5t3ec0wOL0NhnIE63S+DUm7+bQW6Z8Kmzl0+opGyoURLf8hxeAIUJwdeMFN7AIVPZlyuPobowwjGDXD9YpwXZ2oPtg6XISwW/O1fsetzmGkgD4gedxJxjc5x5ByZX98UsNJORrG5R5slLqQTJkJzGBLpH8kC9WLIEW0RduVR2mrQzOBRgA92i5ZUFw== lewis.graham@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9W40vFohIPQsH6Q5Rfef7xiC4WRHOkMaMsUXxLCnTCDGI0PDib23NBUTevcnAc+OrCUITRmwngRbcItbR9QM1qNhzrwS8ZI00psZVVnBUwVVpX4UJtmX0CDrtVwH1yz51/WnZVeS17JqoMjVMB3p+n1CjViwh6qlRTI/9F/KfaOfiLEiHnvcnmSq67R7o5wP65TR00xqA20E569M1lcdn43xL2GylkwHuWw+XcusKqf+lnaawFWhdZUTOuF3ZB+ssuEbXSyZEGtc5/HNUG8rg9tutzAfq3fNWc5Y5pY+B048g4oDyAQpwMB7i9OwNNk1IEZA+rmqIImf7XLVKIsNn andrey.tsvetkov@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkBiz9SsIXMO/a+7hCxNGQuQ4s/gqUZ6pyxDxjpDTD+bewxumyhn5aITbBSuHpx0n05JL4nGGdROii54ATildm3Uhi8JSljGy5uv97Sw8Kpy0eO314tOLU3NkAe2YOH1aUeArne4bYPebKBq0r1oln1Gu2+TFvCmMqu3FmleMv1xvw/waTwO57hSBPN83gOaJR7w6lOUp5HjYLSA0zRs1Os3g6ldQkHeGBknJ6jChqFXJHGl0KYzZGv3Q46fVTptS7NACxZs+ARUzJjbGjxnpHYK8rmSoTfoBS4qlN5+LxYKG341Hmq7cOsaISwUFbE/CbFOqUtjBviI1c7RLgtGnJQ== serge.djomo@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAuh3ZLgQo2e9Uv1vAQxxCGxe9D3u8DWh4egeteUAPj4b7tOxQ6to3zAlGytUR9R6sANL/CIP3nEA2d3r4km0FQWQ4QFCLTFjyXl0Kvsn1ahN8DljJ6mRlwtvN2r5mBIEy1ClGCh+Jvchzf4ZhXrWxOTYYO77O8wjj9Zbk0Y6wI2qBnE6TaxsRQ7Z61zTe80xfLPQLKjgQ/5Hdk0z0HAx3jEsZRo9CqMLb44UD+6jVCih1JPMFcnUu0uxRQdOHrg243tqAUmuqICWompZNO75v3HjIIXOebxVGBXugrYc2xR1q964/EE0ZR7JMWM+HJ47V8WJKkE126n9ZElCqNGIR+Q== heidi.mueller@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAilON3Cn1bZPBYtv67Bv63llD1KMTTH52/ioPLm+qYYDV80mSHSb+PHD9awXNKNv5iTecaQ/a56CkK0z+KI5zvJb3EiRZaRe70cIqdflHmTcasVPVk1hAma5xc5UOCr+dKokqMQGwpDRrDvdS3atflQznvlR8+qoxPjlKC4KDx0GOUeSOIPBO6DdYGPlFX6ohMVRE7p/vHIRAOfehmG1xFtfk+rGPmgiblPWWWklKYQUfMnHI0pqFJwrPW46nqdUlQwtknATZC2cuKe931zstFhuDsm218yS4hTTlcjw5i/DH7PFr9Y58BtY6ZTy8khwTUeMPpSxE7i2WYoqoJ7DXcw== sou@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA0czZLbpaxo/EY9iHDq9n6EWTALeYB7GVmp/mLwp66zeV4DbvTm+3FDUJSD9rqMJzJkAAEicFe+II/ZdIeZzG4JdYf66M/Y6k0w0Y8jJqDtsdgUf3OJ1hJ53Z+BwFqy1vD/a7N2hxlEKD2rzyAfVb+xzTzhJTjpX1kNiUxDMXRZs4ytW0CbOqZSpTJ3eT9NS9gH188KFTvHN8rPzDAxRKcexO2fSzNa7e+dYsfImOQoYlxFBX5YU74Ay9F5b7K95Cxe8EstvKNVmjkNWgnNWuS2d7eabepC1jv3z0FdOGiVoZ1SDgqKz8ysBa6Rzkt5L5peHYAKyH8TedeUk7kRIwZQ== dhia@jtel.de
EOFF
restorecon -R -v /home/jtel/.ssh
chown -R jtel:jtel /home/jtel/.ssh
chmod 0700 /home/jtel/.ssh
chmod 0644 /home/jtel/.ssh/authorized_keys


Note: do not use all other SSH keys. 

In order for these to function correctly, the SELINUX security labels must be adapted correctly. This is done by the command at the end of the code block.

Improve history function

The following command generates a configuration file to improve the history function of the shell:

History Function
cat <<EOFF > ~/.inputrc
"\e[A": history-search-backward
"\e[B": history-search-forward
set show-all-if-ambiguous on
set completion-ignore-case on
EOFF


Improve Screen Multiplexer

The following command improves the display of the screen multiplexer.

Screen Multiplexer
cat <<EOFF >> /etc/screenrc
# JTEL:Added
startup_message off
vbell off
hardstatus alwayslastline "%{kw} %{b}%H%{K}    < %-w%{Wb} %n %t %{-}%+w >"
# This lets work all functions keys in midnight commander
# termcapinfo xterm 'k1=\E[11~:k2=\E[12~:k3=\E[13~:k4=\E[14~'
EOFF


Wheel (sudo) Configuration

The following command creates a configuration component to give users of the wheel group the right to execute commands as root using the sudo tool:

Sudo Authorisation
cat <<EOFF > /etc/sudoers.d/wheelers
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
EOFF


Transfer shell configuration to jtel

The following commands replicate the shell configuration from the root user to the jtel user:

Configuration jtel User
cp -a /root/.inputrc /home/jtel
chown -R jtel:jtel /home/jtel/.inputrc


Root hint for GIT 

The following commands make it more difficult to execute GIT as root, since this should always be done in the context of the jtel user:

root Warning for GIT
cat <<EOFF >> ~/.bashrc
alias git='printf "It looks like you are trying to run GIT as ROOT.\nFor jtel installations, GIT should always be run from the jtel user.\nIf you really want to run git as root, you will need to access it directly, using /usr/bin/git for example.\n"'
EOFF
source ~/.bashrc


Transfer SSH keys to root

The following commands replicate the SSH keys from the jtel user to the root user:

Configuration jtel User
cp -a /home/jtel/.ssh /root
chown -R root:root /root/.ssh


Set NTP to PTB

The following commands enter the official time servers of the Physikalisch-Technische Bundesanstalt into the configuration file of the time synchronization service, configure the service to start automatically, synchronize the time once with one of the PTB servers and start the service

Time Synchronisation
sed -i -e "s/^server 0.centos.pool.ntp.org iburst$/server ptbtime1.ptb.de iburst\nserver ptbtime2.ptb.de iburst\nserver ptbtime3.ptb.de iburst\nserver 0.centos.pool.ntp.org iburst/" /etc/ntp.conf
chkconfig ntpd on
ntpdate ptbtime2.ptb.de
service ntpd start


Check NTP 

See here:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-Checking_the_Status_of_NTP.html

for an explanation

Check Time Synchronisation
ntpq -p


Uninstalling anacron, installing cron

Since the anacron service stops if one of the maintenance scripts does not run, it is uninstalled and the cron service is installed:

Uninstall anacron, Install cron
sudo yum -y install cronie-noanacron
sudo yum -y remove cronie-anacron


VMWare / Hyper-V / Virtualization Tools (NOT AZURE)

Install VMWare Tools

Install VMWare Tools´
yum -y install open-vm-tools

Hyper-V

Install Hyper-V Tools
yum -y install hyperv-daemons

Other virtualization environments

Contact the respective manufacturer.

Proxy Server Entry

If a proxy server is used then use the following commands to set this up for root and the jtel user - please adjust the upper lines:

Configure Proxy Server
 
PROXY_USERNAME=
PROXY_PASSWORD=
PROXY_SERVER=proxy.example.de
PROXY_PORT=3128
PROXY_EXCEPTIONS=.example.de,.local,10.200.21.

if [ -n "$PROXY_USERNAME" ] && [ -n "$PROXY_PASSWORD" ] 
then
	PROXY="http://$USERNAME:$PASSWORD@$PROXY_SERVER:$PROXY_PORT"
elif [ -n "$PROXY_USERNAME" ] 
then
	PROXY="http://$USERNAME@$PROXY_SERVER:$PROXY_PORT"
else
	PROXY="http://$PROXY_SERVER:$PROXY_PORT"
fi

cat <<EOFF >> ~/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF

cat <<EOFF >> /home/jtel/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF

source ~/.bashrc
 


Ensuring name resolution

Edit the /etc/hosts file, and enter the names of the different machines for the solution:

/etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6


192.168.1.10	acd-lb		acd-lb.example.com
192.168.1.10	acd-store	acd-store.example.com
192.168.1.21	acd-dbm		acd-dbm.example.com
192.168.1.22	acd-dbs		acd-dbs.example.com
192.168.1.22	acd-dbr		acd-dbr.example.com
192.168.1.31	acd-jb1		acd-jb1.example.com
192.168.1.32	acd-jb2		acd-jb2.example.com
192.168.1.40	acd-tel1	acd-tel1.example.com


  • No labels