Build CentOS 8 on ESXi 6.7 with minimal configuration
Introduction
I tried to install CentOS 8 on ESXi with the minimum configuration. Only very basic settings are made.
Target device and environment, etc.
Verification environment
- ESXi 6.7
- CentOS8(8.1.1911)
Network information
| item | value |
|---|---|
| Server FQDN | vmnetserv01.prosper2.net |
| Server address | 10.254.10.251 |
Work content
Media preparation
The ISO is dropped from a domestic mirror. It's easier to log in to ESXi with SSH and get it with wget.
$ ssh root@esxi
So log in
# cd /vmfs/..../images (move to location to save ISO)
# wget http://ftp.iij.ad.jp/pub/linux/centos/8/isos/x86_64/CentOS-8.1.1911-x86_64-boot.iso
VM creation on ESXi
Create an empty VM.
There is "CentOS 8" in the guest OS version, so select it
Select the ISO file you downloaded earlier
Installation of CentOS 8
Once powered on, you need an option to match the resolution.
Press the ʻUp key on the startup screen to select "Install CentOS Linux 8". Press the ʻe key to switch to the option input screen.
On this screen, insert resolution = 1024x768 and type Ctrl-x to launch the installer.
Follow the installer. After selecting the language, this screen will appear.
Complete the network settings.
Software is minimal and sufficient
After selecting the installation destination, you will be able to press the "Install" button, so click it.
Create a root password and user while the download and installation are in progress.
When creating a user, it will be easier later if you check "Make this user an administrator".
CentOS 8 settings
You can log in with ssh in the initial state, so log in as the created user.
I'm tired of sudo every time, so I end up doing sudo su -.
SSH settings
Disable root login and fix port
# vi /etc/ssh/sshd_config
-----8<-----snip-----8<-----
#Port 22
Port XXXX
#PermitRootLogin yes
PermitRootLogin no
-----8<-----snip-----8<-----
# systemctl restart sshd
firewall settings
cockpit seems to be an application that can manage servers from the web, but since it is not used, close it. If you change the SSH port with the above settings, set the firewall accordingly. (In this example, it remains TCP22)
# firewall-cmd --list-services
cockpit dhcpv6-client ssh
# firewall-cmd --remove-service dhcpv6-client --zone=public --permanent
# firewall-cmd --remove-service cockpit --zone=public --permanent
# firewall-cmd --reload
# firewall-cmd --list-service
ssh
SELinux disabled
I'm always sorry. .. ..
# vi /etc/selinux/config
-----8<-----snip-----8<-----
#SELINUX=enforcing
SELINUX=disabled
-----8<-----snip-----8<-----
So, restart once.
Put in frequently used packages
It seems that package management has become something called dnf. The main body looks like a dnf-3.
$ ll /usr/bin/yum
lrwxrwxrwx.1 root root 5 December 19 10:43 /usr/bin/yum -> dnf-3
$ ll /usr/bin/dnf
lrwxrwxrwx.1 root root 5 December 19 10:43 /usr/bin/dnf -> dnf-3
Let's update unconditionally at first.
$ sudo dnf -y install epel-release
$ sudo dnf -y update
$ sudo dnf -y install screen vim lftp wget open-vm-tools mlocate tcpdump unzip bind-utils telnet
Time setting
Check the time zone
$ date
Friday, February 7, 2020 21:59:21 EST
(Where is EST, that)
$ sudo timedatectl set-timezone Asia/Tokyo
$ date
Tuesday, February 4, 2020 11:02:51 JST
It seems that the NTP settings have been made from the beginning.
$ chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* ec2-13-230-38-136.ap-nor> 2 6 377 57 -65us[ +200us] +/- 40ms
^+ 122x215x240x51.ap122.ftt> 2 6 377 58 -254us[+9893ns] +/- 48ms
^- mx.execve.net 2 6 377 56 +1322us[+1322us] +/- 164ms
^+ hit-bridge.com 2 6 377 56 +152us[ +152us] +/- 47ms
I see, the load is distributed at the time of initial setting.
$ grep pool /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
pool 2.centos.pool.ntp.org iburst
$ dig 2.centos.pool.ntp.org +short
13.230.38.136
203.178.135.73
122.215.240.52
45.76.111.149
SNMP (added later)
Move SNMP so that it can be monitored remotely.
The package can be net-snmp.
$ sudo dnf -y install net-snmp net-snmp-utils
You can add it to the original configuration file or rewrite it completely.
/etc/snmp/snmpd.conf
com2sec p2user default rocomm
group p2group v2c p2user
view p2view included .1
access p2group "" any noauth exact p2view none none
Make a hole in the port and start the service
# firewall-cmd --add-service=snmp --zone=public --permanent
# firewall-cmd --reload
# systemctl enable snmpd
# systemctl start snmpd
Make sure you can see it from another device.
$ snmpwalk -c rocomm -v 2c 10.254.10.251 sysdescr
SNMPv2-MIB::sysDescr.0 = STRING: Linux vmnetserv01.prosper2.net 4.18.0-147.5.1.el8_1.x86_64 #1 SMP Wed Feb 5 02:00:39 UTC 2020 x86_64
at the end
It is troublesome to upgrade the version of openssl on CentOS7, so I would like to switch to CentOS8 from now on!
Source
There is nothing in particular.
Recommended Posts