I tried to install CentOS 8 on ESXi with the minimum configuration. Only very basic settings are made.
The ISO is dropped from a domestic mirror. It's easier to log in to ESXi with SSH and get it with wget.
$ ssh [email protected] So log in # cd /vmfs/..../images (move to location to save ISO) # wget http://ftp.iij.ad.jp/pub/linux/centos/8/isos/x86_64/CentOS-8.1.1911-x86_64-boot.iso
Create an empty VM.
There is "CentOS 8" in the guest OS version, so select it
Select the ISO file you downloaded earlier
Once powered on, you need an option to match the resolution.
Press the ʻUp
key on the startup screen to select "Install CentOS Linux 8". Press the ʻe key to switch to the option input screen.
On this screen, insert
resolution = 1024x768 and type
Ctrl-x to launch the installer.
Follow the installer. After selecting the language, this screen will appear.
Complete the network settings.
Software is minimal and sufficient
After selecting the installation destination, you will be able to press the "Install" button, so click it.
Create a root password and user while the download and installation are in progress. When creating a user, it will be easier later if you check "Make this user an administrator".
You can log in with ssh in the initial state, so log in as the created user.
I'm tired of sudo every time, so I end up doing
sudo su -.
Disable root login and fix port
# vi /etc/ssh/sshd_config -----8<-----snip-----8<----- #Port 22 Port XXXX #PermitRootLogin yes PermitRootLogin no -----8<-----snip-----8<----- # systemctl restart sshd
cockpit seems to be an application that can manage servers from the web, but since it is not used, close it. If you change the SSH port with the above settings, set the firewall accordingly. (In this example, it remains TCP22)
# firewall-cmd --list-services cockpit dhcpv6-client ssh # firewall-cmd --remove-service dhcpv6-client --zone=public --permanent # firewall-cmd --remove-service cockpit --zone=public --permanent # firewall-cmd --reload # firewall-cmd --list-service ssh
I'm always sorry. .. ..
# vi /etc/selinux/config -----8<-----snip-----8<----- #SELINUX=enforcing SELINUX=disabled -----8<-----snip-----8<-----
So, restart once.
It seems that package management has become something called dnf. The main body looks like a dnf-3.
$ ll /usr/bin/yum lrwxrwxrwx.1 root root 5 December 19 10:43 /usr/bin/yum -> dnf-3 $ ll /usr/bin/dnf lrwxrwxrwx.1 root root 5 December 19 10:43 /usr/bin/dnf -> dnf-3
Let's update unconditionally at first.
$ sudo dnf -y install epel-release $ sudo dnf -y update $ sudo dnf -y install screen vim lftp wget open-vm-tools mlocate tcpdump unzip bind-utils telnet
Check the time zone
$ date Friday, February 7, 2020 21:59:21 EST (Where is EST, that) $ sudo timedatectl set-timezone Asia/Tokyo $ date Tuesday, February 4, 2020 11:02:51 JST
It seems that the NTP settings have been made from the beginning.
$ chronyc sources 210 Number of sources = 4 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* ec2-13-230-38-136.ap-nor> 2 6 377 57 -65us[ +200us] +/- 40ms ^+ 122x215x240x51.ap122.ftt> 2 6 377 58 -254us[+9893ns] +/- 48ms ^- mx.execve.net 2 6 377 56 +1322us[+1322us] +/- 164ms ^+ hit-bridge.com 2 6 377 56 +152us[ +152us] +/- 47ms
I see, the load is distributed at the time of initial setting.
$ grep pool /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). pool 2.centos.pool.ntp.org iburst $ dig 2.centos.pool.ntp.org +short 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11
Move SNMP so that it can be monitored remotely.
The package can be
$ sudo dnf -y install net-snmp net-snmp-utils
You can add it to the original configuration file or rewrite it completely.
com2sec p2user default rocomm group p2group v2c p2user view p2view included .1 access p2group "" any noauth exact p2view none none
Make a hole in the port and start the service
# firewall-cmd --add-service=snmp --zone=public --permanent # firewall-cmd --reload # systemctl enable snmpd # systemctl start snmpd
Make sure you can see it from another device.
$ snmpwalk -c rocomm -v 2c 10.254.10.251 sysdescr SNMPv2-MIB::sysDescr.0 = STRING: Linux vmnetserv01.prosper2.net 4.18.0-147.5.1.el8_1.x86_64 #1 SMP Wed Feb 5 02:00:39 UTC 2020 x86_64
It is troublesome to upgrade the version of openssl on CentOS7, so I would like to switch to CentOS8 from now on!
There is nothing in particular.