CentOS 7 Setup Steps
The following are steps to perform after each instance launch or they can be baked into a new AWS image or VM-level recipe with your preferred management infrastructure.
|1||ssh to the new instance|
For example, where serviceforge2.pem is the key file associated with the new instance at the time it was created:
|2||Set the root password to be the current Serviceforge root password|
|3||Update the operating system|
|4||Change the hostname|
Update /etc/sysconfig/network to contain the desired hostname.
Update /etc/hosts to contain the new hostname entry for 127.0.0.1
Reboot the instance with the following command:
|5||Change the instance's DNS server to be internal Serviceforge VPC DNS|
Edit /etc/resolv.conf to look like the following (if it has not already been set to these values by the AWS DHCP settings):
|6||Add the staff group and your named user|
If necessary add the staff group, add your user, create your .ssh directory, create your authorized keys file and set its permissions appropriately:
Place your desired ssh public key(s) in the authorized_keys file and confirm you can connect to the instance as your named user and su - root before proceeding.
Reconfigure SSH to:
Edit the /etc/ssh/sshd_config file to reflect the following. Note some of these settings will already be present in either commented or uncommented form:
Note: this final directive will make it impossible for you to ssh to this instance as the root user, so be certain you have completed the previous step and verified you have access to a new user account that can su to root before making and activating these changes. Once you are certain of that, you can activate these changes with the following command:
|8||Configure iptables host-based firewall to open only relevant ports to relevant networks||By default this AWS CentOS image will have an iptables configuration that opens port 22 for SSH. Add only additional port required for the services implemented on this instance such as 80/443 for web servers.|
|9||Ensure that the hostname and IP are added to the internal Serviceforge VPC DNS||Add the host and IP to internal Serviceforge VPC DNS or request that it be added.|