Versions Compared

Old Version 34

changes.mady.by.user Andrew May

Saved on

compared with

New Version 35

changes.mady.by.user Karl Amrhein

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Although RHEL 7 is also available if required by your application for support, CentOS 7 is preferred and recommended instead.  Any instructions below for CentOS 7 also apply for RHEL 7.

Step-by-step guide

These are the steps to install and configure CentOS 7 with Chef at SLAC for a headless bare metal server.
To request a CentOS 7 virtual machine (VM) in VMware or OpenStack, please email unix-admin@slac.stanford.edu .

...

  1. Install CentOS 7 using either the Minimal or the DVD ISO available here (available on the SLAC network or VPN).  The ISO image can also be used for a USB key install.

    http://yum.slac.stanford.edu/iso/centos/7

     

  2. Log into your new CentOS 7 host. 
    Become root by using sudo or /bin/su. 
    Install Chef on bare metal or a VM by running this command as root:

    curl -s http://yum.slac.stanford.edu/go-chef | /bin/sh

    If you want to only configure yum, and not run any of the other Chef recipes, then don't run the above command, run this instead:

    curl -s http://yum.slac.stanford.edu/go-chef | sed -e 's/^chef-client.*/chef-client -r recipe[slac_yum]/' 

    That command is using 'sed' to replace the last line of the go-chef script.  Note these instructions are subject to frequent change, so please check back to this page for the most recent instructions. Configuring only yum, and nothing else, means that your CentOS 7 host is unmodified except it can now apply yum updates, even if your machine is on a private 172.X subnet.

     

  3. Before you exit your root prompt, you need to modify this file:

    /etc/security/access.netgroup.conf

    Add a line that looks like this (replace 'ksa' with your username):

    + : ksa : ALL

    Make sure to add that line above the last line.  Here is an example of what the file might look like if you wanted to grant login access to SLAC users ksa and vanilla:

    + : root : LOCAL  134.79.0.0/16 172.16.0.0/12
    + : ksa : ALL
    + : vanilla : ALL
    + : @u-scs-staff : ALL
    - : ALL : ALL

     

  4. And still before you exit your root prompt, create a sudoers entry for yourself inside the /etc/sudoers.d directory.
    If you do not want or need sudo access, you can skip this step.

    You can copy and paste the following (replace 'ksa' with your username):

    cat > /etc/sudoers.d/user-ksa << EOF
    ksa   ALL=ALL
    EOF

    Be sure to read and fill out the sudo request form.  This is required for auditing purposes:
    https://www.slac.stanford.edu/comp/unix/auth/superuser-req.shtml

     

  5. If you would like a Kerberos host keytab installed on your CentOS 7 host, send an email to unix-admin@slac.stanford.edu .
    Without a Kerberos host keytab, you will need to enter your SLAC password when connecting via ssh, even when you already have a Kerberos ticket granting ticket (TGT).  If you have unix-admin install a Kerberos host keytab, then you can use passwordless GSSPAI via ssh to connect without a password when you already have a Kerberos TGT.

...