CentOS 8 - Installation instructions¶
Before you start¶
Check that your machine is properly registered (in case it is on the CERN network)
Check that CERN Domain Name Service is updated for your machine (in case it is in the CERN network):
host yourmachine command should return an answer.
Check that your machine meets minimum system requirements
Memory: Minimum 2 GB (system will run with 1 GB but performance will be affected)
Disk space: 10 GB (including 1 GB user data) for default setup ( 1 GB for minimal setup)
Please see Network/PXE installation procedure at: Linux Installation, IF YOU USE it you may skip following points up to the system installation.
Prepare boot media (you will need a single recordable CD or USB memory key). (Check the boot media preparation page for instructions how to prepare (and check) your boot media.)
Available boot media - boot CD/USB image http://linuxsoft.cern.ch/cern/centos/8/BaseOS/x86_64/os/images/boot.iso
Installation method - http: http://linuxsoft.cern.ch/cern/centos/8/BaseOS/x86_64/os
Note: use CD/USB image installation method ONLY if Network/PXE installation is not possible.
Installation language and keyboard selection:
Select 'Installation Destination', 'Date & Time', 'Installation Source' and 'Software Selection' are already preselected:
Select the device to be used for the installation:
If selected device has been already used for previous version of operating system use 'Reclaim space':
Select 'Begin installation':
Set 'root' (administrative account) password. Note: 'User creation' option creates only local user accounts, NOT CERN accounts. Once completed, click on reboot to reboot the system:
Manual post-install configuration adjustment¶
If you have selected not to run X graphical environment on your machine, or you have installed system using kickstart and you want to apply site configuration settings, here is a short recipe:
- Install Locmap
dnf install locmap-release
dnf install locmap
/usr/bin/locmap --enable afs
/usr/bin/locmap --enable kerberos
/usr/bin/locmap --configure all
Automatic update system (can also be set for machines outside CERN network)
/etc/sysconfig/yum-autoupdate and set:
YUMUPDATE=0 to be informed about available updates (by e-mail to
YUMUPDATE=1 for the automatic updates to be applied
Next configure automatic update system:
/usr/bin/systemctl enable yum-autoupdate
- Apply CERN site configuration defaults
for module in afs chrony cvmfs kerberos lpadmin postfix ssh sudo; do sudo locmap --enable $module; donefollowed by
/usr/bin/locmap --configure allto configure all locmap modules in your system
You can use
/usr/bin/locmap --list to check all the available puppet modules with their current state.
- Configure CVMFS filesystem
/usr/bin/locmap --enable cvmfsto enable the cvmfs puppet module
and then run
/usr/bin/locmap --configure cvmfsto setup CVMFS filesystem
Check currently running/enabled services:
- turn off those services you do not need:
/usr/bin/systemctl stop servicename;
/usr/bin/systemctl disable servicename
- turn on other services (once you configured them) via
/usr/bin/systemctl enable servicename
- To immediately start the service, use
/usr/bin/systemctl start servicename
Locmap default puppet modules will configure user accounts, root access, printers¶
After the successfull installation and initial configuration of the system, if the computer is on the CERN network and you chose the default options locmap script should have already create user accounts, provide root access, add printers, ... based on the Xldap information of the device. Otherwise as root, run:
/usr/bin/locmap --configure all
- Forward root e-mails to the LanDB responsible by updating
/root/.k5loginto allow Kerberized root access for the LanDB responsible
/etc/sudoersto allow sudo root access for the LanDB responsible
- Add AFS accounts for the LanDB responsible and main users.
- Add printers in the building(s) where the machine resides and where the LANdb responsible and main users have their offices.
Note that this tool expands E-groups.
Alternatively, you can (as root):
run /usr/sbin/addusercern my_login_id to add AFS user accounts
/root/.forwardto forward e-mails sent to the root account, and make sure the SElinux context is correct. Example:
# cat /root/.forward User.Name@cern.ch # restorecon /root/.forward # ls -Z /root/.forward -rw-r--r--. root root system_u:object_r:mail_home_t:s0 /root/.forward
/root/.k5loginto allow kerberized root logins, and make sure the SElinux context is correct. Example:
# cat /root/.k5login my_login_id@CERN.CH # restorecon /root/.k5login # ls -Z /root/.k5login -rw-r--r--. root root system_u:object_r:krb5_home_t:s0 /root/.k5login
/usr/sbin/lpadmincern printername --addA list of all printers available at CERN in given building can be obtained using:
# /usr/sbin/lpadmincern --building XXXX --list
Applying software updates¶
You should update your system immediately after its installation: Eventual security errata and bug fixes will be applied this way before you start using it.
As root run:
/usr/bin/yum -y update
to apply all available updates.