Pick the minimal one, we will install the rest of the required packages as we go along;
http://mirror.strencom.net/centos/7.9.2009/isos/x86_64/
Pre-requisite : You need a current version of Virtual installed on your system
- Create a new Server instance on VirtualBox.
- Name : server1
- Type : Linux
- Version : Red Hat (64 bit)
-
Select Memory Size of 1024 Ram
-
Select "Create a virtual hard disk now" option, 8GB is fine
-
Select VDI Hard Disk file type. Accept the suggested File Location and Size. Click "Create", this will create a server in your virtual box.
-
Select your new server and click on Storage and Optical Drive. Select the CentOS-7-x86_64-Minimal-2009.iso you downloaded earlier.
-
Click on Network. For Adapter 1, ensure "Enable Network Adapter" is selected and that it is attached to "NAT Network". For Adapter 3, ensure "Enable Network Adapter" is selected and that it is attached to "Host-only Adapter". The name should be something like vboxnet0.
-
Start the server and select "Install CentOS 7" in the boot up menu.
-
In the installation select and language and region and click continue. In the next screen, go into "Installation Destination" and click "Done" to confirm the setting.
-
In "Network and Host Name" enter your hostname, server1.example.com, and ensure both network adapters are enabled, and click done.
-
Click "Begin Installation" to start the actual installation. When the installation is running, set the root password, and then create an additional user. The username should be "centos", and ensure you make the user an administrator.
Log in as root. Check the ip address settings of the server
[root@master1 ~]# ip a s
To show the IP addresses associated with the server. Device no. 3 will not have an IP address, this means that one of the network adapters is not up and running.
We need to do is ensure both network adapters are up and running. Run;
[root@master ~]# nmcli conn show
NAME UUID TYPE DEVICE
enp0s3 e596a2c1-f21f-498d-b090-2daf612aa967 ethernet enp0s3
enp0s8 993075f3-e472-4b5e-92a3-fe3b2b0f2f70 ethernet --
One of the adapters will not have it's device name populated, this means that it's not up and running. To enable it run the following;
[root@master1 ~]# nmcli conn up enp0s8.
Check the connection status again, and you will see both adapters have a device name associated with them;
[root@master ~]# nmcli conn show
NAME UUID TYPE DEVICE
enp0s3 e596a2c1-f21f-498d-b090-2daf612aa967 ethernet enp0s3
enp0s8 993075f3-e472-4b5e-92a3-fe3b2b0f2f70 ethernet enp0s8
If you run;
[root@master1 ~]# ip a s
You will see that your server now has an IP address. Networking is now configured.
Finally, make sure your network adapter settings are reboot persistent, run the following commands;
[root@master1 ~]# sed -i s/ONBOOT=no/ONBOOT=yes/ /etc/sysconfig/network-scripts/ifcfg-enp0s3
[root@master1 ~]# sed -i s/ONBOOT=no/ONBOOT=yes/ /etc/sysconfig/network-scripts/ifcfg-enp0s8
- First, perform a general update on all packages;
[root@master1 ~]# yum update
- Next, install some tools we'll be needing
[root@master1 ~]# yum install -y redhat-lsb-core net-tools epel-release kernel-headers kernel-devel screen
- Install the graphical packages
[root@master1 ~]# yum groupinstall -y "X Window System" "MATE Desktop"
- Finally, set the server to use the graphical target as the default and then call the isolate command to switch to it.
[root@master1 ~]# systemctl set-default graphical.target
[root@master1 ~]# systemctl isolate graphical.target
This is useful for running your server in VirtualBox, and being able to resize the screen, capture input, etc.
- Launch your server and log in as the centos user (or the additional user apart from root that you created above)
- In the VirtualBox window menu for your server, select Devices and then select "Load Virtual Box Guest Additions CD"
- In GUI for your server, a dialog will appear, Click the Run button. You will be asked to provide root credentials.
- Once the guest additions have been installed you can reboot the machine.
- Test SSH access to a different server, server2 in this case
ssh root@192.168.99.105
This will create a .ssh directory in our home dir. To simplify access we can add a config file
cd .ssh
vi config
The contents of the config file should be as follows;
Host server2
HostName 192.168.99.105
User centos
Port 22
Now we can login using;
ssh server2
- To generate a public/private key pair and copy it to our target server run the following commands;
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub server2
Now when you run ssh server2
you will be asked for the passphrase you provided when you created the keypain.
- To ensure that you can only ssh as root on the target server using key auth, you need to login to the target server. Once on the target server login as root (su -l).
vi /etc/ssh/sshd_config
Ensure that the setting for "PermitRootLogin" is uncommented and has a value of without-password
Save the file and restart sshd using systemctl restart sshd
[root@server1 .ssh]# ssh-agent bash
[root@server1 .ssh]# ssh-add
You will be asked to enter your passphrase. But once you add it you don't need to enter it again when using your keypair.
A pre-requisite for this is having your ssh client and key-based auth configured
[root@server1 ~]# vi .screenrc
Enter the following lines;
screen -t server1 0 bash
screen -t s1 1 ssh server2
First of all we need to check if our hostname has been set
centos@server1 ~]$ hostname
server1.example.com
Then we need to gain root privileges
[centos@server1 ~]$ su -
Password:
Last login: Wed Mar 24 20:53:01 GMT 2021 on pts/0
Then we need to add an entry for our machine and hostname into our /etc/hosts
file.
We can confirm our ip address by running ip a s
. We can confirm that our hosts
file has the entry by pinging the hostname FQDN.
[root@server1 ~]# echo "192.168.99.107 server1.example.com" >> /etc/hosts
[root@server1 ~]# ping server1.example.com
PING server1.example.com (192.168.99.107) 56(84) bytes of data.
64 bytes from server1.example.com (192.168.99.107): icmp_seq=1 ttl=64 time=0.064 ms
64 bytes from server1.example.com (192.168.99.107): icmp_seq=2 ttl=64 time=0.055 ms
We can check to make sure no ldap server is listening
[root@server1 ~]# netstat -ltn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
Next we need to add a firewall rule to allow ldap traffic through. The firewall settings need to be reloaded for it to take effect in the current session (otherwise we need to create a new session)
[root@server1 ~]# firewall-cmd --permanent --add-service=ldap
success
[root@server1 ~]# firewall-cmd --reload
success
Finally we install the various ldap packages and tools using yum
[root@server1 ~]# yum install -y openldap openldap-clients openldap-servers migrationtools.noarch