Versions Compared

Old Version 14

changes.mady.by.user jtel Support

Saved on

compared with

New Version 15

changes.mady.by.user jtel Support

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Sv translation
languageen

Introduction

The following steps are performed after OS installation, before a specific ROLE is configured. 

Cloud Variants

Info
titleAzure Cloud

For Azure Cloud installations, a user is specified when the VM is created. The root password remains hidden. It is, however, possible to change to root using the following command, using the user's own password:

Translations Ignore


Code Block
languagebash
sudo -s


Additionally, it is necessary to configure the network card(s) in a particular Zone. This is performed by editing the network configuration file(s):

Translations Ignore


Code Block
languagebash
vi /etc/sysconfig/network-scripts/ifcfg-eth0
 
... (add at end)
 
ZONE=public
 
...
 
service network restart


Make sure that firewalld is running and not iptables. The following commands are used to ensure this.

Translations Ignore


Code Block
languagebash
systemctl disable iptables
systemctl mask iptables
systemctl enable firewalld
systemctl start firewalld



System Update

Update the system to the newest patch release and install basic packages.

Note, if this fails due to a proxy server being present, skip this step and create the jtel user first. Then configure the proxy as shown here.

Translations Ignore


Code Block
languagebash
dnf -y update
dnf -y install nano unzip wget rsync sysstat nfs-utils cifs-utils nmap bind-utils tcpdump lsof tmux chrony virt-what policycoreutils-python-utils


If a new kernel is installed, then a reboot is required.

Translations Ignore


Code Block
languagebash
reboot


Mandatory Steps

jtel User

Create jtel User

Create the jtel user, and add to the group wheel, which allows the user to run commands with sudo.

Status
colourRed
titleCaution Password

Translations Ignore


Code Block
languagebash
useradd -m jtel
gpasswd -a jtel wheel
printf '<password>\n<password>\n' | passwd jtel


Configure wheel

The following command creates a configuration file allowing all users who are members of the wheel group to run commands as root with sudo.

Translations Ignore


Code Block
languagebash
cat <<EOFF > /etc/sudoers.d/wheelers
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
EOFF


Warning when using git as root

The following command makes it (intentionally) more difficult to use git as the root user. 

Translations Ignore


Code Block
languagebash
cat <<EOFF >> ~/.bashrc
alias git='printf "It looks like you are trying to run GIT as ROOT.\nFor jtel installations, GIT should always be run from the jtel user.\nIf you really want to run git as root, you will need to access it directly, using /usr/bin/git for example.\n"'
EOFF
source ~/.bashrc


Configure Chrony (NTP)

Chrony is a newer (better) replacement for ntpd. It is configured in a similar way, however the commands used to check the synchronisation are slightly different.

For further information, check out this link: https://opensource.com/article/18/12/manage-ntp-chrony

Setup chronyd

The following commands modify the basic chrony.conf file to remove usage of the default pool and any configured servers, and replace this with the 3 (very reliable) time servers from the German PTB.

Translations Ignore


Code Block
languagebash
# Replace all existing servers
sed -i -e "s/^server /# server /" /etc/chrony.conf
# Replace pool setting
sed -i -e "s/^pool /# pool /" /etc/chrony.conf
# Add PTB Servers
cat << EOFF >> /etc/chrony.conf

# Servers to use
server ptbtime1.ptb.de iburst
server ptbtime2.ptb.de iburst
server ptbtime3.ptb.de iburst
EOFF

# Enable chronyd
systemctl enable chronyd

# Stop (just in case it was started), then start and get status
systemctl stop chronyd
systemctl start chronyd
systemctl status chronyd


Check chronyd

Translations Ignore


Code Block
languagebash
# Check the status of the service
systemctl status chronyd

# Check the sources it is using
chronyc sources


Remove Anacron, Install Cron

The jtel system requires that cron jobs are performed at a particular time. jtel servers will usually run continuously. The anacron service (which is installed by default) may run a cron job later if the machine has been powered off. However, on a jtel system there is no point doing this, and sometimes this can be destructive. 

Therefore the anacron service is removed and replaced with the normal cron service. 

Translations Ignore


Code Block
languagebash
dnf -y install cronie-noanacron
dnf -y remove cronie-anacron


Install Hypervisor Tools

The hypervisor tools make support from the hypervisor console better, when performing operations such as snapshots, starting and stopping and resetting the virtual machine. It is important that the correct tools are installed.

Warning

Note: you will not need to and should not do this in most cloud environments!

Detect the Hypervisor

Code Block
languagebash
virt-what

VMWare

The tools are installed as follows:

Translations Ignore


Code Block
languagebash
dnf -y install open-vm-tools


Hyper-V

Translations Ignore


Code Block
languagebash
titleInstalling Hyper-V Tools
dnf -y install hyperv-daemons


Other Hypervisors

Consult the manufacturer for further detals.

Hosts File

The jtel system uses aliases to reference the other machines in the installation. This removes all dependencies to cryptic host names, and customer DNS servers.

The hosts file must be provided on each system, and should contain aliases pointing to the following machines (red entries are not required).

AliasSignifiesSingle DB InstallationMaster-Slave InstallationRedundant Master-Master Installation
acd-dbmDatabase MasterThe database machine.The database master.The Load Balancer Virtual Shared IP Address.
acd-dbm1First Database Master

The first database master.
acd-dbm2Second Database Master

The second database master.
acd-dbsDatabase SlaveThe database machine.The database slave.The Load Balancer Virtual Shared IP Address.
acd-dbs1First Database Slave

The first database slave.
acd-dbs2Second Database Slave

The second database slave.
acd-dbrReporting DatabaseThe database machine.The database slave.The Load Balancer Virtual Shared IP Address.
acd-lbThe Load BalancerThe Load BalancerThe Load BalancerThe Load Balancer Virtual Shared IP Address.
acd-storeThe File StorageThe Load BalancerThe Load BalancerThe Load Balancer Virtual Shared IP Address.

acd-tel1
...
acd-telN

The Telephony Machine(s)
Numbered from 1 ... N		The Telephony Machine(s)
Numbered from 1 ... N		The Telephony Machine(s)
Numbered from 1 ... N		The Telephony Machine(s)
Numbered from 1 ... N

acd-jb1
...
acd-jbN

The Webserver Machine(s)
Numbered from 1 ... N		The Webserver Machine(s)
Numbered from 1 ... N		The Webserver Machine(s)
Numbered from 1 ... N		The Webserver Machine(s)
Numbered from 1 ... N

The hosts file is located in: /etc/hosts

Example Hosts File Single DB

Translations Ignore


Code Block
10.0.0.1 acd-lb
10.0.0.1 acd-store

10.0.0.11 acd-dbm
10.0.0.11 acd-dbs
10.0.0.11 acd-dbr

10.0.0.31 acd-tel1

10.0.0.41 acd-jb1
10.0.0.42 acd-jb2


Example Hosts File Master-Slave

Translations Ignore


Code Block
10.0.0.1 acd-lb
10.0.0.1 acd-store

10.0.0.11 acd-dbm
10.0.0.21 acd-dbs
10.0.0.21 acd-dbr

10.0.0.31 acd-tel1

10.0.0.41 acd-jb1
10.0.0.42 acd-jb2


Example Hosts File Redundant

Translations Ignore


Code Block
10.0.0.1 acd-dbm
10.0.0.1 acd-dbs
10.0.0.1 acd-dbr
10.0.0.1 acd-lb
10.0.0.1 acd-store

10.0.0.11 acd-dbm1
10.0.0.12 acd-dbm2
10.0.0.21 acd-dbs1
10.0.0.22 acd-dbs2

10.0.0.31 acd-tel1
10.0.0.32 acd-tel2

10.0.0.41 acd-jb1
10.0.0.42 acd-jb2
10.0.0.43 acd-jb3
10.0.0.44 acd-jb4



Optional Steps

SSH Keys

SSH keys can be added, to enable login to the jtel user via an ssh key. 

Translations Ignore


Code Block
languagebash
titleSSH Keys
mkdir -p /home/jtel/.ssh
cat << EOFF > /home/jtel/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgJWox9vkWssx24V6m+VB/9cfFUznUnVJqHeSnQFcE+ANzH+lgv90jQYXRf8XLSaKA4HZGO7SFUwLz7eNHk0lIS+TG+WKGrjl3GRvzNoYVAapeKUV7HjbeagQPNOCKTr6G8Vi/GVMyOx8XhJAgpr5gjyW9GdMdqnOS9uxd83BCh/UiAP9oVUbLiIIxbtmLAzyfJdjnbFP9sJXw96Vl040Fe4aoLofrkPyPu7cst6TPJx5myDhORG31nD/2iwUNLfv58m9ABMsePfhqzSp/Hi2XY/e5gikDh3xUxoBmL9fWwbiFb92AFW08rP1CtoCEtOe2nJkdtRzt0GiE+A+zgdDjw== support@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAuP5DEZDI6/CITTqk8qburqDuKNj6jnQ9Zbjz6BO+5P8MlrS8KT7y56u/PSqdO3OzD58D2JS0yNvM5RbBGYDUD1ng7VSJLFLfErbuCzJ/Q+BSRaee+7MhLWXdVSc/EY2B4qUcZGRL/NXHtAY/3KvSSU3wnhI4edLYMAzuxAhNEPRkmniq1CAuykDdHvm0kVQzaSShYDBQWIlbWIMG6jsCmMpZR7v+v6gKWeowQkM4T4XZ1f2K5zlQXd6FHGY8C/+XICefum2qgQtqgjfQMoqIQbnmfKDGIHPvkas287tdCbU4y1lTsJbTiT7INkd6QbiVUayVxVwwoV+G2F7WofN4nw== root@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArTi8N08gDz1CvDriZNALa1tHky/1+QNP0WU43dI7hkn2zH7fz9bXAs32z7dRjfgxaYXWPmClcDLDb0xwjGfMXK0HABPtp0bxh/58Y0QowBUJkcNi6hUphT+ArGkpjQb5CJcArnbLO727R8jJFgE1QpiWdehd5t3ec0wOL0NhnIE63S+DUm7+bQW6Z8Kmzl0+opGyoURLf8hxeAIUJwdeMFN7AIVPZlyuPobowwjGDXD9YpwXZ2oPtg6XISwW/O1fsetzmGkgD4gedxJxjc5x5ByZX98UsNJORrG5R5slLqQTJkJzGBLpH8kC9WLIEW0RduVR2mrQzOBRgA92i5ZUFw== lewis.graham@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9W40vFohIPQsH6Q5Rfef7xiC4WRHOkMaMsUXxLCnTCDGI0PDib23NBUTevcnAc+OrCUITRmwngRbcItbR9QM1qNhzrwS8ZI00psZVVnBUwVVpX4UJtmX0CDrtVwH1yz51/WnZVeS17JqoMjVMB3p+n1CjViwh6qlRTI/9F/KfaOfiLEiHnvcnmSq67R7o5wP65TR00xqA20E569M1lcdn43xL2GylkwHuWw+XcusKqf+lnaawFWhdZUTOuF3ZB+ssuEbXSyZEGtc5/HNUG8rg9tutzAfq3fNWc5Y5pY+B048g4oDyAQpwMB7i9OwNNk1IEZA+rmqIImf7XLVKIsNn andrey.tsvetkov@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkBiz9SsIXMO/a+7hCxNGQuQ4s/gqUZ6pyxDxjpDTD+bewxumyhn5aITbBSuHpx0n05JL4nGGdROii54ATildm3Uhi8JSljGy5uv97Sw8Kpy0eO314tOLU3NkAe2YOH1aUeArne4bYPebKBq0r1oln1Gu2+TFvCmMqu3FmleMv1xvw/waTwO57hSBPN83gOaJR7w6lOUp5HjYLSA0zRs1Os3g6ldQkHeGBknJ6jChqFXJHGl0KYzZGv3Q46fVTptS7NACxZs+ARUzJjbGjxnpHYK8rmSoTfoBS4qlN5+LxYKG341Hmq7cOsaISwUFbE/CbFOqUtjBviI1c7RLgtGnJQ== serge.djomo@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAuh3ZLgQo2e9Uv1vAQxxCGxe9D3u8DWh4egeteUAPj4b7tOxQ6to3zAlGytUR9R6sANL/CIP3nEA2d3r4km0FQWQ4QFCLTFjyXl0Kvsn1ahN8DljJ6mRlwtvN2r5mBIEy1ClGCh+Jvchzf4ZhXrWxOTYYO77O8wjj9Zbk0Y6wI2qBnE6TaxsRQ7Z61zTe80xfLPQLKjgQ/5Hdk0z0HAx3jEsZRo9CqMLb44UD+6jVCih1JPMFcnUu0uxRQdOHrg243tqAUmuqICWompZNO75v3HjIIXOebxVGBXugrYc2xR1q964/EE0ZR7JMWM+HJ47V8WJKkE126n9ZElCqNGIR+Q== heidi.mueller@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAilON3Cn1bZPBYtv67Bv63llD1KMTTH52/ioPLm+qYYDV80mSHSb+PHD9awXNKNv5iTecaQ/a56CkK0z+KI5zvJb3EiRZaRe70cIqdflHmTcasVPVk1hAma5xc5UOCr+dKokqMQGwpDRrDvdS3atflQznvlR8+qoxPjlKC4KDx0GOUeSOIPBO6DdYGPlFX6ohMVRE7p/vHIRAOfehmG1xFtfk+rGPmgiblPWWWklKYQUfMnHI0pqFJwrPW46nqdUlQwtknATZC2cuKe931zstFhuDsm218yS4hTTlcjw5i/DH7PFr9Y58BtY6ZTy8khwTUeMPpSxE7i2WYoqoJ7DXcw== sou@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA0czZLbpaxo/EY9iHDq9n6EWTALeYB7GVmp/mLwp66zeV4DbvTm+3FDUJSD9rqMJzJkAAEicFe+II/ZdIeZzG4JdYf66M/Y6k0w0Y8jJqDtsdgUf3OJ1hJ53Z+BwFqy1vD/a7N2hxlEKD2rzyAfVb+xzTzhJTjpX1kNiUxDMXRZs4ytW0CbOqZSpTJ3eT9NS9gH188KFTvHN8rPzDAxRKcexO2fSzNa7e+dYsfImOQoYlxFBX5YU74Ay9F5b7K95Cxe8EstvKNVmjkNWgnNWuS2d7eabepC1jv3z0FdOGiVoZ1SDgqKz8ysBa6Rzkt5L5peHYAKyH8TedeUk7kRIwZQ== dhia@jtel.de
EOFF
restorecon -R -v /home/jtel/.ssh
chown -R jtel:jtel /home/jtel/.ssh
chmod 0700 /home/jtel/.ssh
chmod 0644 /home/jtel/.ssh/authorized_keys


Note, login by ssh key only must be enabled (this is not discussed here, and a word of caution - make sure you have recorded the root password before you do this so at least you can access the machine via the console).

Anchor
Proxy Server
Proxy Server
Proxy Server

If a proxy server is used, the following commands will configure the proxy server for root and the jtel user. The top 5 lines should be modified.

Status
colourRed
titleCaution Password

Translations Ignore


Code Block
languagebash
 
PROXY_USERNAME=
PROXY_PASSWORD=
PROXY_SERVER=proxy.example.de
PROXY_PORT=3128
PROXY_EXCEPTIONS=.example.de,.local,10.

if [ -n "$PROXY_USERNAME" ] && [ -n "$PROXY_PASSWORD" ] 
then
	PROXY="http://$USERNAME:$PASSWORD@$PROXY_SERVER:$PROXY_PORT"
elif [ -n "$PROXY_USERNAME" ] 
then
	PROXY="http://$USERNAME@$PROXY_SERVER:$PROXY_PORT"
else
	PROXY="http://$PROXY_SERVER:$PROXY_PORT"
fi

cat <<EOFF >> ~/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF

cat <<EOFF >> /home/jtel/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF

source ~/.bashrc
 



Sv translation
languagede

The following steps are performed after OS installation, before a specific ROLE is configured. 

Azure Cloud

For Azure Cloud installations, a user is specified when the VM is created. The root password remains hidden. It is, however, possible to change to root using the following command, using the user's own password:

Translations Ignore


Code Block
languagebash
titlesudo in the Azure Cloud
sudo -s



Additionally, it is necessary to configure the network card(s) in a particular Zone. This is performed by editing the network configuration file(s):

Translations Ignore


Code Block
languagebash
titleNetwork settings Azure Cloud
vi /etc/sysconfig/network-scripts/ifcfg-eth0
 
... (add at end)
 
ZONE=public
 
...
 
service network restart


Todo .... from here

Old: 

System Update

Update the system to the newest patch release and install basic packages


Translations Ignore


Code Block
languagebash
titleUpdate and Installation
yum -y update
yum -y install nano unzip ntp ntpdate wget man openssh-clients rsync screen sysstat nfs-utils cifs-utils policycoreutils-python yum-plugin-versionlock yum-utils nmap bind-utils tcpdump lsof tmux
yum -y install https://repo.ius.io/ius-release-el7.rpm
yum -y install epel-release

# LAG: NO LONGER NEEDED
# Removed 17.09.2018 after feedback from FK
# yum -y install http://mirror1.hs-esslingen.de/repoforge/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
# yum-config-manager --enable rpmforge-extras


Reboot


Translations Ignore


Code Block
languagebash
titleReboot
reboot


ipv6 Disabeln


Warning
titleipv6

Falls das yum update scheitert, wegen IPv6, kann ipv6 disabled werden.


Translations Ignore


Code Block
titleDisable IPv6
vi /etc/sysctl.d/disable-ipv6.conf

# Folgende Zeilen hinzufügen

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

# Dann folgendes kommando


sysctl -p
 
# Dann yum.conf anpassen
 
vi /etc/yum.conf

# Folgendes hinzufügen

ip_resolve=4
 
# Dann neustart

reboot




Grundkonfiguration

Sicherstellen, dass firewalld läuft (Benötigt für Azure Cloud Installation)

Die nachfolgende Befehle stellen sicher, dass firewalld läuft;

Translations Ignore


Code Block
languagebash
titlefirewalld configuration
systemctl disable iptables
systemctl mask iptables
systemctl enable firewalld
systemctl start firewalld



User jtel erzeugen

Die nachfolgende Befehle erzeugen den Benutzer jtel, fügen ihn der Gruppe wheel zu und geben ihm das Passwort <password>:

Translations Ignore


Code Block
languagebash
titlejtel Benutzer
useradd -m jtel
gpasswd -a jtel wheel
printf '<password>\n<password>\n' | passwd jtel




SSH Schlüssel eintragen

Als nächstes werden die SSH-Schlüssel der jtel-Projekt-Techniker eingetragen, so dass ein gesichertes Login ohne separate Passworteingabe möglich wird. Standardmäßig existiert im Home-Verzeichnis von root weder das SSH-Konfigurationsverzeichnis noch die entsprechende Konfigurationsdatei. Dies alles wird mit den Befehlen im Nachfolgenden Code-Block erzeugt:

Translations Ignore


Code Block
languagebash
titleSSH Keys
mkdir -p /home/jtel/.ssh
cat << EOFF > /home/jtel/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgJWox9vkWssx24V6m+VB/9cfFUznUnVJqHeSnQFcE+ANzH+lgv90jQYXRf8XLSaKA4HZGO7SFUwLz7eNHk0lIS+TG+WKGrjl3GRvzNoYVAapeKUV7HjbeagQPNOCKTr6G8Vi/GVMyOx8XhJAgpr5gjyW9GdMdqnOS9uxd83BCh/UiAP9oVUbLiIIxbtmLAzyfJdjnbFP9sJXw96Vl040Fe4aoLofrkPyPu7cst6TPJx5myDhORG31nD/2iwUNLfv58m9ABMsePfhqzSp/Hi2XY/e5gikDh3xUxoBmL9fWwbiFb92AFW08rP1CtoCEtOe2nJkdtRzt0GiE+A+zgdDjw== support@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAuP5DEZDI6/CITTqk8qburqDuKNj6jnQ9Zbjz6BO+5P8MlrS8KT7y56u/PSqdO3OzD58D2JS0yNvM5RbBGYDUD1ng7VSJLFLfErbuCzJ/Q+BSRaee+7MhLWXdVSc/EY2B4qUcZGRL/NXHtAY/3KvSSU3wnhI4edLYMAzuxAhNEPRkmniq1CAuykDdHvm0kVQzaSShYDBQWIlbWIMG6jsCmMpZR7v+v6gKWeowQkM4T4XZ1f2K5zlQXd6FHGY8C/+XICefum2qgQtqgjfQMoqIQbnmfKDGIHPvkas287tdCbU4y1lTsJbTiT7INkd6QbiVUayVxVwwoV+G2F7WofN4nw== root@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArTi8N08gDz1CvDriZNALa1tHky/1+QNP0WU43dI7hkn2zH7fz9bXAs32z7dRjfgxaYXWPmClcDLDb0xwjGfMXK0HABPtp0bxh/58Y0QowBUJkcNi6hUphT+ArGkpjQb5CJcArnbLO727R8jJFgE1QpiWdehd5t3ec0wOL0NhnIE63S+DUm7+bQW6Z8Kmzl0+opGyoURLf8hxeAIUJwdeMFN7AIVPZlyuPobowwjGDXD9YpwXZ2oPtg6XISwW/O1fsetzmGkgD4gedxJxjc5x5ByZX98UsNJORrG5R5slLqQTJkJzGBLpH8kC9WLIEW0RduVR2mrQzOBRgA92i5ZUFw== lewis.graham@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9W40vFohIPQsH6Q5Rfef7xiC4WRHOkMaMsUXxLCnTCDGI0PDib23NBUTevcnAc+OrCUITRmwngRbcItbR9QM1qNhzrwS8ZI00psZVVnBUwVVpX4UJtmX0CDrtVwH1yz51/WnZVeS17JqoMjVMB3p+n1CjViwh6qlRTI/9F/KfaOfiLEiHnvcnmSq67R7o5wP65TR00xqA20E569M1lcdn43xL2GylkwHuWw+XcusKqf+lnaawFWhdZUTOuF3ZB+ssuEbXSyZEGtc5/HNUG8rg9tutzAfq3fNWc5Y5pY+B048g4oDyAQpwMB7i9OwNNk1IEZA+rmqIImf7XLVKIsNn andrey.tsvetkov@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkBiz9SsIXMO/a+7hCxNGQuQ4s/gqUZ6pyxDxjpDTD+bewxumyhn5aITbBSuHpx0n05JL4nGGdROii54ATildm3Uhi8JSljGy5uv97Sw8Kpy0eO314tOLU3NkAe2YOH1aUeArne4bYPebKBq0r1oln1Gu2+TFvCmMqu3FmleMv1xvw/waTwO57hSBPN83gOaJR7w6lOUp5HjYLSA0zRs1Os3g6ldQkHeGBknJ6jChqFXJHGl0KYzZGv3Q46fVTptS7NACxZs+ARUzJjbGjxnpHYK8rmSoTfoBS4qlN5+LxYKG341Hmq7cOsaISwUFbE/CbFOqUtjBviI1c7RLgtGnJQ== serge.djomo@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAuh3ZLgQo2e9Uv1vAQxxCGxe9D3u8DWh4egeteUAPj4b7tOxQ6to3zAlGytUR9R6sANL/CIP3nEA2d3r4km0FQWQ4QFCLTFjyXl0Kvsn1ahN8DljJ6mRlwtvN2r5mBIEy1ClGCh+Jvchzf4ZhXrWxOTYYO77O8wjj9Zbk0Y6wI2qBnE6TaxsRQ7Z61zTe80xfLPQLKjgQ/5Hdk0z0HAx3jEsZRo9CqMLb44UD+6jVCih1JPMFcnUu0uxRQdOHrg243tqAUmuqICWompZNO75v3HjIIXOebxVGBXugrYc2xR1q964/EE0ZR7JMWM+HJ47V8WJKkE126n9ZElCqNGIR+Q== heidi.mueller@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAilON3Cn1bZPBYtv67Bv63llD1KMTTH52/ioPLm+qYYDV80mSHSb+PHD9awXNKNv5iTecaQ/a56CkK0z+KI5zvJb3EiRZaRe70cIqdflHmTcasVPVk1hAma5xc5UOCr+dKokqMQGwpDRrDvdS3atflQznvlR8+qoxPjlKC4KDx0GOUeSOIPBO6DdYGPlFX6ohMVRE7p/vHIRAOfehmG1xFtfk+rGPmgiblPWWWklKYQUfMnHI0pqFJwrPW46nqdUlQwtknATZC2cuKe931zstFhuDsm218yS4hTTlcjw5i/DH7PFr9Y58BtY6ZTy8khwTUeMPpSxE7i2WYoqoJ7DXcw== sou@jtel.de
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA0czZLbpaxo/EY9iHDq9n6EWTALeYB7GVmp/mLwp66zeV4DbvTm+3FDUJSD9rqMJzJkAAEicFe+II/ZdIeZzG4JdYf66M/Y6k0w0Y8jJqDtsdgUf3OJ1hJ53Z+BwFqy1vD/a7N2hxlEKD2rzyAfVb+xzTzhJTjpX1kNiUxDMXRZs4ytW0CbOqZSpTJ3eT9NS9gH188KFTvHN8rPzDAxRKcexO2fSzNa7e+dYsfImOQoYlxFBX5YU74Ay9F5b7K95Cxe8EstvKNVmjkNWgnNWuS2d7eabepC1jv3z0FdOGiVoZ1SDgqKz8ysBa6Rzkt5L5peHYAKyH8TedeUk7kRIwZQ== dhia@jtel.de
EOFF
restorecon -R -v /home/jtel/.ssh
chown -R jtel:jtel /home/jtel/.ssh
chmod 0700 /home/jtel/.ssh
chmod 0644 /home/jtel/.ssh/authorized_keys



Hinweis: alle anderen SSH keys nicht mehr verwenden. 

Damit diese auch korrekt funktionieren, müssen die SELINUX-Security-Labels korrekt angepasst werden. Dies erledigt der Befehl am Ende des Code-Blocks.

History Funktion verbessern

Der Nachfolgende Befehl generiert eine Konfigurationsdatei zur Verbesserung der History-Funktion der Shell:

Translations Ignore


Code Block
languagebash
titleHistory Funktion
cat <<EOFF > ~/.inputrc
"\e[A": history-search-backward
"\e[B": history-search-forward
set show-all-if-ambiguous on
set completion-ignore-case on
EOFF



Screen Multiplexer verbessern

Der Nachfolgende Befehl verbessert die Darstellung des screen-Multiplexers.

Translations Ignore


Code Block
languagebash
titleScreen Multiplexer
cat <<EOFF >> /etc/screenrc
# JTEL:Added
startup_message off
vbell off
hardstatus alwayslastline "%{kw} %{b}%H%{K}    < %-w%{Wb} %n %t %{-}%+w >"
# This lets work all functions keys in midnight commander
# termcapinfo xterm 'k1=\E[11~:k2=\E[12~:k3=\E[13~:k4=\E[14~'
EOFF




Wheel (sudo) Konfiguration

Der Nachfolgende Befehl erzeugt eine Konfigurationskomponente, um den Benutzern der Gruppe wheel das Recht zu geben, Befehle als root mittels des Tools sudo auszuführen:

Translations Ignore


Code Block
languagebash
titleSudo authorization
cat <<EOFF > /etc/sudoers.d/wheelers
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
EOFF



Shell Konfiguration auf jtel übertragen

Die nachfolgende Befehle replizieren die Shell-Konfiguration vom Benutzer root in den Benutzer jtel:

Translations Ignore


Code Block
languagebash
titleConfiguration jtel user
cp -a /root/.inputrc /home/jtel
chown -R jtel:jtel /home/jtel/.inputrc




Root hinweis für GIT 

Die nachfolgende Befehle machen das Ausführen von GIT als root schwieriger, da dies immer im Kontext vom jtel user geschehen soll:

Translations Ignore


Code Block
languagebash
titleroot Note for GIT
cat <<EOFF >> ~/.bashrc
alias git='printf "It looks like you are trying to run GIT as ROOT.\nFor jtel installations, GIT should always be run from the jtel user.\nIf you really want to run git as root, you will need to access it directly, using /usr/bin/git for example.\n"'
EOFF
source ~/.bashrc



SSH Keys auf root übertragen

Die nachfolgende Befehle replizieren die SSH Keys vom Benutzer jtel in den Benutzer root:

Translations Ignore


Code Block
languagebash
titleConfiguration jtel user
cp -a /home/jtel/.ssh /root
chown -R root:root /root/.ssh



NTP auf PTB einstellen

Die nachfolgende Befehle tragen die offiziellen Zeitserver der Physikalisch-Technischen-Bundesanstalt in die Konfigurationsdatei des Zeitsynchonisationsdienstes ein, konfigurieren den Dienst so, dass er automatisch startet, synchronisieren die Zeit einmalig mit einem der PTB-Server und starten den Dienst.

Translations Ignore


Code Block
languagebash
titleTime Synchronization
sed -i -e "s/^server 0.centos.pool.ntp.org iburst$/server ptbtime1.ptb.de iburst\nserver ptbtime2.ptb.de iburst\nserver ptbtime3.ptb.de iburst\nserver 0.centos.pool.ntp.org iburst/" /etc/ntp.conf
chkconfig ntpd on
ntpdate ptbtime2.ptb.de
service ntpd start




NTP Prüfen

Siehe hier:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-Checking_the_Status_of_NTP.html

für eine Erklärung.

Translations Ignore


Code Block
languagebash
titleCheck time synchronization
ntpq -p



Deinstallation anacron, Installation cron

Da der anacron Dienst stehen bleibt, wenn einer der Wartungsskripte nicht durchläuft, wird dieser deinstalliert, und der cron dienst installiert:

Translations Ignore


Code Block
languagebash
titleDeinstallation anacron, Installation cron
sudo yum -y install cronie-noanacron
sudo yum -y remove cronie-anacron



VMWare / Hyper-V / Virtualisierungs-Tools (NICHT BEI AZURE)

VMWare Tools installieren


Translations Ignore


Code Block
languagebash
titleInstalling VMWare Tools
yum -y install open-vm-tools


Hyper-V


Translations Ignore


Code Block
languagebash
titleInstalling Hyper-V Tools
yum -y install hyperv-daemons



Andere Virtualisierungsumgebungen

Den jeweiligen Hersteller kontaktieren.

Proxy Server Eintrag

Falls ein Proxyserver verwendet wird, dann folgende Befehle nutzen um dies für root und den jtel user einzurichten - die oberen Zeilen bitte anpassen:

Translations Ignore


Code Block
languagebash
titleProxy Server Setup
 
PROXY_USERNAME=
PROXY_PASSWORD=
PROXY_SERVER=proxy.example.de
PROXY_PORT=3128
PROXY_EXCEPTIONS=.example.de,.local,10.200.21.

if [ -n "$PROXY_USERNAME" ] && [ -n "$PROXY_PASSWORD" ] 
then
	PROXY="http://$USERNAME:$PASSWORD@$PROXY_SERVER:$PROXY_PORT"
elif [ -n "$PROXY_USERNAME" ] 
then
	PROXY="http://$USERNAME@$PROXY_SERVER:$PROXY_PORT"
else
	PROXY="http://$PROXY_SERVER:$PROXY_PORT"
fi

cat <<EOFF >> ~/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF

cat <<EOFF >> /home/jtel/.bashrc
export ALL_PROXY=$PROXY
export HTTP_PROXY=$PROXY
export HTTPS_PROXY=$PROXY
export FTP_PROXY=$PROXY
export RSYNC_PROXY=$PROXY
export http_proxy=$PROXY
export https_proxy=$PROXY
export ftp_proxy=$PROXY
export rsync_proxy=$PROXY
export NO_PROXY=$PROXY_EXCEPTIONS
EOFF

source ~/.bashrc
 




Sicherstellen der Namensauflösung

Die Datei /etc/hosts editieren, und die entsprechenden Namen der verschiednen Rechner für die Lösung eintragen:

Translations Ignore


Code Block
languagebash
title/etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6


192.168.1.10	acd-lb		acd-lb.example.com
192.168.1.10	acd-store	acd-store.example.com
192.168.1.21	acd-dbm		acd-dbm.example.com
192.168.1.22	acd-dbs		acd-dbs.example.com
192.168.1.22	acd-dbr		acd-dbr.example.com
192.168.1.31	acd-jb1		acd-jb1.example.com
192.168.1.32	acd-jb2		acd-jb2.example.com
192.168.1.40	acd-tel1	acd-tel1.example.com