Child pages
  • Install RHEL or CentOS
Skip to end of metadata
Go to start of metadata

Install RHEL 5 or CentOS 5

This guide should help you install TUSK on a CentOS/RHEL 5 machine. Please do not install or upgrade to other versions of CentOS or RHEL. It assumes that you are going to run both the DB and the Web Server on a single machine or virtual machine. This machine must be 64-bit.

  • These instructions are aimed at virtualized or hardware hosts running TUSK.
  • Some legacy partners or clients are still using 32-bit operating systems for the closed source TUSK 3.12. These are not supported for OpenTUSK, and require a maintenance agreement with TUSK to arrange support.

Install RHEL 5 or CentOS 5 from KickStart

It's much easier to install RHEL 6 or CentOS virtual machines with the "kickstart" tool, if network access is available when installing the host.

  • Review the TUSK published virtual machine guest configuration.
  • Boot from the DVD.
  • Select the "install" option.
  • Hit "Tab" to edit the command line.
    linux ksdevice=eth0 ks=http://down.tusk.tufts.edu/ks/tusk-vm.cfg hostname=[hostname] ip=[ipaddress] netmask=[netmask] gateway=[gateway] dns=[dns-server]
    
  • Accept the standard language and keyboard as appropriate for your local hardware.
  • Double check the disk partitioning for your local needs.
    • Let kickstart rewrite the disk partitions: the question is only active to make sure you don't erase disks you want to keep.
  • Manually select a new root password.
  • When the installation is complete, reboot.

Install RHEL 5 or CentOS 5 manually

If the network is unavailable at installation time, or you want a different configuration, use these guidelines as pointers.

  • Review the TUSK published virtual machine guest configuration for guidelines.
  • Boot from the DVD.
  • Select the "install" option.
  • Hit "Tab" to edit the command line.
    linux hostname=[hostname] ip=[ipaddress] netmask=[netmask] gateway=[gateway] dns=[dns-server]
    
  • Accept the standard language and keyboard as appropriate for your local hardware.
  • Double check the disk partitioning for your local needs.
    • 1 Gig for /boot, filesystem ext3, on a primary partition.
    • The rest of the available disk space as an LVM physical volume group.
      • Add all that disk space to a volume group with a unique name.[vg_hostname].
    • 10 Gig LVM volume for "/", filesystem ext4, on that first volume group.
    • 2 Gig swap partition on that first volume group.
  • Manually select a new root password.
  • Select software manually.

Select software from RHEL or CentOS Software Groups

Kickstart referes to the following software groups.

  • Select nothing among the top level categories. We don't need Gnome desktop or all that other bulky software.
  • Select "Customize now" before proceeding.
    • Select "Applications".
      • Select "Applications=>Editors".
        • Select the optional package "emacs-[version]".
      • Select "Applications=>Text Based Internet".
    • Select "Base system".
      • Select "Base System=>Administrator Tools".
      • Select "Base System=>Base".
        • Unselect "Base System=>Dialup Networking Support".
      • Select "Base System=>Legacy Software Support".
      • Select "Base System=>System Tools".
    • Select "Virtualization"
      • Select "Virtualizion=>KVM".
        • Select the optional package "kvm-tools-[version]".

Post-OS Installation Steps.

There are steps that any TUSK server needs which are not in the basic OS installation.

Activate NTP

Few things are as frustrating as a bad time setting: run these commands with root privileges to reset the system time and lock it to the standard external NTP servers.

/sbin/chkconfig ntpd on
/sbin/service ntpd stop
/usr/sbin/ntpdate
/sbin/service ntpd start
date

Security Configurations

Disable SELinux

SELinux is a powerful security system that interferes with some TUSK operations. Until further notice, disable it.

  • To disable it manually, run this command with root privileges.
    sed -i 's/^SELINUX.*/SELINUX=permissive/g' /etc/selinux/config
    
  • Reboot as soon as feasible to make sure SELinux is disabled

Configure the firewall

This really depends on local policy. The simplest configuration possible is for a single host running TUSK locally with MySQL locally.

  • Run this command:
    /usr/sbin/system-config-securitylevel-tui
    
  • Enable only SSH, HTTP, and HTTPS for access

More complex firewalls should be reviewed and configured locally, particularly for MySQL (which should be restricted to only authorized hosts).

Enable users as needed

  • These commands require root privileges.
  • Enable 'wheel' group members to allow admins to use 'sudo'.
    • Use this command to edit /etc/sudoers
      /usr/sbin/visudoers
      
  • Uncomment the %wheel line below to allow wheel group members to run root commands.
    ## Allows people in group wheel to run all commands
    %wheel  ALL=(ALL)       ALL
    
  • Add TUSK user with "apache" group membership.
    /usr/sbin/groupadd -g 1100 tusk
    /usr/sbin/useradd -M -s /bin/bash -c "TUSK user" -u 1100 -g 1100 tusk
    /usr/sbin/usermod -G apache tusk
    
    • Note: The uid and gid of "1100" for tusk are simply convenient, consistent values. They simply need to be consistent across multiple TUSK servers in your environment, but can be selected as needed.
  • Add accounts for local admins and developer.
    • Modify as necessary to provide consistent uids and gids.
      /usr/sbin/useradd -c 'User name' username
      passwd username
      
    • System admins should be in 'wheel' group to use 'sudo'.
      /usr/sbin/usermod -a -G wheel adminname
      
    • TUSK administrators should be in 'tusk' group to edit 'tusk' owned configurations.
      /usr/sbin/usermod -a -G tusk develname
      

Create Tuskoper User if Tufts Will be Supporting You Directly

Note: you must have a signed contract for Tufts to support your installation.

  • These commands require root privileges.
  • Create the tuskoper user. (This requires root privileges.)
    /usr/sbin/groupadd -g 1101 tuskoper
    /usr/sbin/useradd -u 1101 -g tuskoper -c 'TUSK Operator' tuskoper
    
  • Set a robust password for the tuskoper user and send it securely to the TUSK office.
    passwd tuskoper
    
  • If preferred, TUSK can send an encrypted password that can be loaded this way:
    /usr/sbin/usermod -p 'encryptedpassword' tuskoper
    
  • Add the 'tuskoper' user to the 'wheel' group to allow full sudo access:
    /usr/sbin/usermod -a -G wheel tuskoper
    
  • Verify that the 'tuskoper' user can run sudo commands.
    su - tuskoper
    sudo +-l
    # various sudo settings printed
    Root user may run the follwing commands on this host:
    (ALL) ALL
    

Activate YUM repositories for TUSK environments

Activate basic YUM access for the operating system

  • CentOS has this built-in.
  • RHEL requires registration with Red Hat or setting up a local yum repository.

Install Additional YUM Repositories

  • This requires root privileges.
  • Activate the "opentusk" yum repository by putting this content in /etc/yum.repos.d/opentusk.repo.
    [opentusk]
    name=OPENTUSK software repository for Enterprise Linux $releasever - $basearch
    baseurl=http://repo4.tusk.tufts.edu/$releasever/$basearch
    enabled=1
    gpgcheck=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OPENTUSK-4
    
    [opentusk-dev]
    name=OPENTUSK dev software repository for Enterprise Linux $releasever - $basearch
    baseurl=http://repo4.tusk.tufts.edu/$releasever/$basearch
    enabled=0
    gpgcheck=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OPENTUSK-4
    
    [opentusk-source]
    name=OPENTUSK source repository for Enterprise Linux $releasever
    baseurl=http://repo4.tusk.tufts.edu/$releasever/SRPM
    enabled=0
    gpgcheck=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OPENTUSK-4
    
  • With the opentusk repository activated, activate and update the other repositories with the latest critical software
    yum install --nogpgcheck -y opentusk-release
    yum install --nogpgcheck -y epel-release
    yum install -y epel-release
    
    • Update and deactivate the rpmforge repository. It has useful packages, but should be disabled by default to avoid conflicts with EPEL.
      yum install --nogpgcheck -y rpmforge-release
      yum install -y rpmforge-release --enablerepo=rpmforge
      sed -i 's/^enabled.*/enabled = 0/g' /etc/yum.repos.d/rpmforge.repo # Requires rpmforge-release installed first.
      

Install useful system packages

  • Install probing and testing tools
    yum install -q -y lftp
    yum install -q -y lynx
    yum install -q -y ncftp
    yum install -q -y wget
    
  • Install source control tools
    yum install -q -y cvs
    yum install -q -y git
    

Restart Host with updated SELinux and kernels

Restart the host to ensure that the SELinux changes, new kernels, and newly installed services start correctly.

sudo reboot
  • No labels