Centos_6_3_notes

jfesler edited this page Oct 14, 2014 · 3 revisions

summary jfesler setup a virgin centos 6.3 box; notes from it to reproduce it again later.

This was done in the post-svn-world, where we now have packages and rsync for installation and keeping current.

Introduction

Jason's notes building a virgin centos 6.3 box

Time Spent

Roughly 2 hours (but I had notes from the last time)

Install packages


# install these on a fresh system

yum install \
  httpd httpd-devel \
  php  php-mysql php-mbstring  \
  rrdtool rrdtool-php rrdtool-perl \
  bind bind-devel bind-utils bind-chroot \
  locales sudo \
  perl-YAML-Syck perl-YAML \
  perl-JSON \
  perl-Socket6 \
  gcc g++ gmake make \
  wget curl lynx nc \
  mysql mysql-server \
  rsync \
  yum-plugin-security


# Other packages. Requires EPEL, so lets grab it.
# not really needed except that jfesler hates vi, prefers his wordstar clone .. :-)
 rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install joe 

Set up accounts =

#set up ~jfesler
useradd jfesler
passwd jfesler
mkdir ~jfesler/.ssh
cat >> ~jfesler/.ssh/authorized_keys
  [paste in keys]
chown jfesler:jfesler ~jfesler/.ssh ~jfesler/.ssh/authorized_keys
which 
#set up root
mkdir ~root/.ssh
cat >> ~root/.ssh/authorized_keys
  [paste in keys]

# set up sudo - enable %wheel
usermod -a -G wheel jfesler
visudo   # enable %wheel

Set up firewalls and selinux

# set up iptables and ip6tables
joe /etc/sysconfig/iptables      # permit tcp 80, udp 53
joe /etc/sysconfig/ip6tables     # permit tcp 80, udp 53
joe /etc/selinux/config  

service iptables restart
service ip6tables restart
service selinux restart

name server configs

InstallDNS

Set up the chroot directories magically:

service named start
service named stop

/var/named/chroot/etc/named.conf


options
{
        // Put files that named is allowed to write in the data/ directory:
        directory               "/var/named";           // "Working" directory
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";


        /*
          Specify listenning interfaces. You can use list of addresses (';' is
          delimiter) or keywords "any"/"none"
        */
        listen-on port 53       { any; };
        listen-on-v6 port 53    { any; };
        allow-query             { any; };
        allow-query-cache       { any; };
        allow-transfer {"none";};
        allow-recursion {"none";};
        recursion no;
        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;
};

        zone "ns1.test-ipv6.ams.vr.org" {
                type master;
                file "ns1.test-ipv6.ams.vr.org";
        };
        zone "v6ns.test-ipv6.ams.vr.org" {
                type master;
                file "v6ns.test-ipv6.ams.vr.org";
        };

/var/named/chroot/var/named/ns1.test-ipv6.ams.vr.org

$TTL     360
@        IN SOA ns1.gigo.com. root.ns1.gigo.com. (
         2011010101 ; Serial
         86400        ; refresh (  24 hours)
         7200         ; retry   (   2 hours)
         3600000      ; expire  (1000 hours)
         172800 )     ; minimum (   2 days)

          NS    ns1.test-ipv6.ams.vr.org. 
           AAAA  2607:f740:d::f77
aaaa      AAAA  2607:f740:d::f77
ds      AAAA  2607:f740:d::f77
ds      A  208.111.44.226
a      A  208.111.44.226
v6      AAAA  2607:f740:d::f77
v4      A  208.111.44.226
ipv6      AAAA  2607:f740:d::f77
ipv4      A  208.111.44.226
www6      AAAA  2607:f740:d::f77
www4      A  208.111.44.226

/var/named/chroot/var/named/v6ns.test-ipv6.ams.vr.org


$TTL     360
@        IN SOA ns1.gigo.com. root.ns1.gigo.com. (
         2011010101 ; Serial
         86400        ; refresh (  24 hours)
         7200         ; retry   (   2 hours)
         3600000      ; expire  (1000 hours)
         172800 )     ; minimum (   2 days)

          NS    ns1.test-ipv6.ams.vr.org.
aaaa      AAAA  2607:f740:d::f77
ds      AAAA  2607:f740:d::f77
ds      A  208.111.44.226
a      A  208.111.44.226
v6      AAAA  2607:f740:d::f77
v4      A  208.111.44.226
ipv6      AAAA  2607:f740:d::f77
ipv4      A  208.111.44.226
www6      AAAA  2607:f740:d::f77
www4      A  208.111.44.226

Start named



chkconfig --add named
chkconfig named on
service named restart

apache php

InstallApachePHP

 chkconfig --add httpd
 chkconfig httpd on

mod_ip setup

InstallModIP

cd 
rsync -av fsky@rsync.test-ipv6.com:stable/mod_ip .
cd mod_ip
./configure
make
make install

Skipping over the httpd.conf part for the moment, see the apache section coming up

Source checkout and build

InstallContent

rsync  fsky@rsync.test-ipv6.com:stable/content/. /var/www/html/. -a --delete --exclude site 

Apache virtual host

InstallApacheVirtualHost

/etc/httpd/conf/httpd.conf

Look for <Directory "/var/www/html"> and configure to these values:

    Options multiviews Indexes FollowSymLinks        
    AllowOverride all 

Add these in appropriate places

LoadModule mod_ip_module modules/mod_ip.so
ServerAdmin jfesler@test-ipv6.com

Start httpd

chkconfig --add httpd
chkconfig httpd on
service httpd restart

Site configuration

cd /var/www/html
mkdir site
cp config.js.example site/config.js
cp private.js.example site/private.js
joe site/*.js

MySQL

service mysqld start
/usr/bin/mysql_secure_installation
service mysqld restart
chkconfig --add mysqld 
chkconfig mysqld on
% mysql -p 
mysql> CREATE DATABASE testipv6;

mysql> GRANT ALL on testipv6.* to 'exampleusername'@'localhost' identified by 'examplepassword';
mysql> exit;
service mysqld restart

Edit /var/www/html/site/private.js

  "db": {
    "host": "localhost",
    "db": "testipv6",
    "username": "xxxxxxxx",
    "password": "xxxxxxxx",      
  },
  "paths": {
    "rrd": "/var/www/html/site/rrd",
    "png": "/var/www/html/site/chart",
  },

Get the charts package

cd 
rsync -av fsky@rsync.test-ipv6.com:stable/extras .
cd extras
mysql -u xxxxx -p testipv6 < falling-sky-chart.sql

set up crontab

crontab -e
0 * * * * /root/extras/falling-sky-chart.pl --config /var/www/html/site/config.js

Testing

/root/extras/falling-sky-chart.pl --config /var/www/html/site/config.js

Finish cron jobs

MAILTO=jfesler@test-ipv6.com
0 * * * * /root/extras/falling-sky-chart.pl --config /var/www/html/site/config.js
*/15 * * * * rsync fsky@rsync.test-ipv6.com:stable/content/. /var/www/html/. --exclude site -a -q --delete
30 5 * * *  yum --security check-update