CentOS 8 - Installation instructions¶
Before you start¶
-
Check that your machine is properly registered (in case it is on the CERN network)
-
Check that CERN Domain Name Service is updated for your machine (in case it is in the CERN network):
host yourmachine
command should return an answer.
-
Check that your machine meets minimum system requirements
-
Memory: Minimum 2 GB (system will run with 1 GB but performance will be affected)
-
Disk space: 10 GB (including 1 GB user data) for default setup ( 1 GB for minimal setup)
-
Please see Network/PXE installation procedure at: Linux Installation, IF YOU USE it you may skip following points up to the system installation.
-
Prepare boot media (you will need a single recordable CD or USB memory key). (Check the boot media preparation page for instructions how to prepare (and check) your boot media.)
-
Available boot media - boot CD/USB image http://linuxsoft.cern.ch/cern/centos/8/BaseOS/x86_64/os/images/boot.iso
-
Installation method - http: http://linuxsoft.cern.ch/cern/centos/8/BaseOS/x86_64/os
-
Note: use CD/USB image installation method ONLY if Network/PXE installation is not possible.
System installation¶
Installation language and keyboard selection:
Select 'Installation Destination', 'Date & Time', 'Installation Source' and 'Software Selection' are already preselected:
Select the device to be used for the installation:
If selected device has been already used for previous version of operating system use 'Reclaim space':
Select 'Begin installation':
Set 'root' (administrative account) password. Note: 'User creation' option creates only local user accounts, NOT CERN accounts. Once completed, click on reboot to reboot the system:
Manual post-install configuration adjustment¶
If you have selected not to run X graphical environment on your machine, or you have installed system using kickstart and you want to apply site configuration settings, here is a short recipe:
- Install Locmap
- Run
dnf install locmap-release
-
Run
dnf install locmap
-
AFS client:
- Run
/usr/bin/locmap --enable afs
- Run
/usr/bin/locmap --enable kerberos
-
Run
/usr/bin/locmap --configure all
-
Automatic update system (can also be set for machines outside CERN network)
Edit /etc/sysconfig/yum-autoupdate
and set:
* YUMUPDATE=0
to be informed about available updates (by e-mail to root
)
* YUMUPDATE=1
for the automatic updates to be applied
Next configure automatic update system:
* /usr/bin/systemctl enable yum-autoupdate
- Apply CERN site configuration defaults
Run
for module in afs chrony cvmfs kerberos lpadmin postfix ssh sudo; do sudo locmap --enable $module; done
followed by/usr/bin/locmap --configure all
to configure all locmap modules in your system
You can use /usr/bin/locmap --list
to check all the available puppet modules with their current state.
- Configure CVMFS filesystem
- Run
/usr/bin/locmap --enable cvmfs
to enable the cvmfs puppet module -
and then run
/usr/bin/locmap --configure cvmfs
to setup CVMFS filesystem -
Check currently running/enabled services:
- via
/usr/bin/systemctl list-units
- turn off those services you do not need:
/usr/bin/systemctl stop servicename
;/usr/bin/systemctl disable servicename
- turn on other services (once you configured them) via
/usr/bin/systemctl enable servicename
- To immediately start the service, use
/usr/bin/systemctl start servicename
Locmap default puppet modules will configure user accounts, root access, printers¶
After the successfull installation and initial configuration of the system, if the computer is on the CERN network and you chose the default options locmap script should have already create user accounts, provide root access, add printers, ... based on the Xldap information of the device. Otherwise as root, run:
/usr/bin/locmap --configure all
This will:
- Forward root e-mails to the LanDB responsible by updating
/root/.forward
- Configure
/root/.k5login
to allow Kerberized root access for the LanDB responsible - Configure
/etc/sudoers
to allow sudo root access for the LanDB responsible - Add AFS accounts for the LanDB responsible and main users.
- Add printers in the building(s) where the machine resides and where the LANdb responsible and main users have their offices.
Note that this tool expands E-groups.
Alternatively, you can (as root):
-
run /usr/sbin/addusercern my_login_id to add AFS user accounts
-
edit
/root/.forward
to forward e-mails sent to the root account, and make sure the SElinux context is correct. Example:
# cat /root/.forward
User.Name@cern.ch
# restorecon /root/.forward
# ls -Z /root/.forward
-rw-r--r--. root root system_u:object_r:mail_home_t:s0 /root/.forward
- edit
/root/.k5login
to allow kerberized root logins, and make sure the SElinux context is correct. Example:
# cat /root/.k5login
my_login_id@CERN.CH
# restorecon /root/.k5login
# ls -Z /root/.k5login
-rw-r--r--. root root system_u:object_r:krb5_home_t:s0 /root/.k5login
/usr/sbin/lpadmincern printername --add
A list of all printers available at CERN in given building can be obtained using:
# /usr/sbin/lpadmincern --building XXXX --list
Applying software updates¶
You should update your system immediately after its installation: Eventual security errata and bug fixes will be applied this way before you start using it.
As root run:
/usr/bin/yum -y update
to apply all available updates.