Child pages
  • Docker Node Setup Steps
Skip to end of metadata
Go to start of metadata

Overview

 

CentOS 7 Setup Steps

The following are steps to perform after each instance launch or they can be baked into a new AWS image or VM-level recipe with your preferred management infrastructure.

IDTaskProcedure
1ssh to the new instance

For example, where serviceforge2.pem is the key file associated with the new instance at the time it was created:

swheat:keys swheat$ ssh -i serviceforge2.pem root@asdev1a.vpc.serviceforge.net
Last login: Sun Oct  18 14:22:19 2015 from 10.64.0.12
[root@ip-10-64-1-117 ~]# 
2Set the root password to be the current Serviceforge root password
[root@asdev1a ssh]# passwd
Changing password for user root.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
3Update the operating system
yum update
4Change the hostname

Update /etc/sysconfig/network to contain the desired hostname.

NETWORKING=yes
HOSTNAME=asdev1a.vpc.serviceforge.net
NOZEROCONF=yes

Update /etc/hosts to contain the new hostname entry for 127.0.0.1

[root@asdev1a ~]# more /etc/hosts
127.0.0.1   asdev1a.vpc.serviceforge.net
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 

Reboot the instance with the following command:

shutdown -r now
5Change the instance's DNS server to be internal Serviceforge VPC DNS

Edit /etc/resolv.conf to look like the following (if it has not already been set to these values by the AWS DHCP settings):

 

search vpc.serviceforge.net
nameserver 10.64.0.164
6Add the staff group and your named user

If necessary add the staff group, add your user, create your .ssh directory, create your authorized keys file and set its permissions appropriately:

[root@asdev1a ssh]# groupadd staff
[root@asdev1a ssh]# useradd -g staff swheat
[root@asdev1a ssh]# su - swheat
[root@asdev1a ssh]# mkdir .ssh
[root@asdev1a ssh]# touch .ssh/authorized_keys
[root@asdev1a ssh]# chmod 700 .ssh/authorized_keys

Place your desired ssh public key(s) in the authorized_keys file and confirm you can connect to the instance as your named user and su - root before proceeding.

7

Reconfigure SSH to:

  1. disable password authentication
  2. disable root login
  3. allow public key authentication only

Edit the /etc/ssh/sshd_config file to reflect the following. Note some of these settings will already be present in either commented or uncommented form:

PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
PermitEmptyPasswords no
PasswordAuthentication no
PermitRootLogin no

Note: this final directive will make it impossible for you to ssh to this instance as the root user, so be certain you have completed the previous step and verified you have access to a new user account that can su to root before making and activating these changes. Once you are certain of that, you can activate these changes with the following command:

serivce sshd restart
8Configure iptables host-based firewall to open only relevant ports to relevant networksBy default this AWS CentOS image will have an iptables configuration that opens port 22 for SSH. Add only additional port required for the services implemented on this instance such as 80/443 for web servers.
9Ensure that the hostname and IP are added to the internal Serviceforge VPC DNSAdd the host and IP to internal Serviceforge VPC DNS or request that it be added.


 

 

 

  • No labels