RHEL7 Setup OS

Exported on 19-Aug-2021 09:18:28

Install the common server requirements for RHEL7.

Parameters

Name Type Script Reference Default Value Comment
AD Full Domain Name Text adFullDomainName example.com
Internet NTP Servers Server Group internetNtpServers
Linux: Environment Name Text linuxEnvironmentName DEV1
Linux: Prompt Color Text linuxPromptColor 33m
Linux: Root User Linux OS Credential linuxRootUser
NTP Servers Server Group ntpServers
Smtp Server Generic Server smtpServer This placeholder represents the SMTP smart host server where all mail will be sent to. The SMTP smart host then sends the mail where it needs to go.
Target Environment Servers Server Group targetEnvironmentServers The servers in this group are added to the hosts file for this server being built
Target Server Generic Server targetServer
Target Server: Installer Tmp Path Text targetServerInstallerTmpPath /tmp/installers The temporary path used for installers that need to be copied to the server then installed.
Target Server: Lin Linux / Unix Server targetServerLin The target server is a generic placeholder, usually used for the server a script will run on. For example, the server being built if the procedure is building a server.
Target Subnet IPv4 Subnet targetSubnet

1 - RHEL7 SOS Configure OS

RHEL7 Configure OS

1.1 - LIN RHEL7 COS Deploy OS Config Files

Copy OS Config files onto server.

The connection details have changed from the last step.

Login as user on node

Connect via SSH
ssh user@hostname
Deploy archive RHEL7 etc Configs.tar to remote path /
  1. Locate Files archive "RHEL7 etc Configs.tar", This can be downloaded from Attune
  2. Copy the Files archive to the server
  3. Extract the root of the Files archive to /
  4. Check that the files are in the correct location

1.2 - LIN RHEL7 COS Fix OS Config Permissions

Updates the permissions on /etc/hosts.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
chmod ugo+r /etc/hosts

1.3 - RHEL7 Set Hostname

Overwrites the /etc/hostname with the new hostname. Sets the hostname of the server with the new hostname.

This step has the following parameters

Name Script Reference Default Value
Target Server {targetServer.hostname} None

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
echo "{targetServer.hostname}" > /etc/hostname

hostname "{targetServer.hostname}"

1.4 - RHEL7 Disable IPv6

Check if IPv6 is disabled. If not disabled then -disable it in /etc/sysctl.conf -Reload system paramaters. Remove IPv6 loopback from /etc/hosts if it exists.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
F="/etc/sysctl.conf"

if grep -q 'net.ipv6' ${F}; then
    echo "IPv6 is already disabled"
else
    echo "Disabling IPv6"
    echo "" >> $F
    echo "# Disable IPv6" >> $F
    echo "net.ipv6.conf.all.disable_ipv6 = 1" >> $F
    echo "net.ipv6.conf.default.disable_ipv6 = 1" >> $F
    sysctl -p
fi

sed -i '/::1/d' /etc/hosts

1.5 - LIN RHEL7 COS Update DNS Servers

Set Primary and Secondary DNS servers.

This step has the following parameters

Name Script Reference Default Value
Target Subnet {targetSubnet.dns2}
AD Full Domain Name {adFullDomainName.value} example.com
Target Subnet {targetSubnet.dns1}

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
nmcli con mod ens192 ipv4.dns "{targetSubnet.dns1} {targetSubnet.dns2}"
nmcli con mod ens192 ipv4.dns-search {adFullDomainName.value}
nmcli con up ens192

1.6 - LIN RHEL7 COS Setup Login Banner

Change permissions on /etc/login_banner. Configure SSH to use the /etc/login_banner. Restart SSH daemon.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
chmod 644 /etc/login_banner

sed -i 's,#Banner.*,Banner /etc/login_banner,g' /etc/ssh/sshd_config

systemctl restart sshd

1.7 - LIN RHEL7 COS Disable Firewall

Delete all INPUT Firewall rules. Overwrite the Firewall rules configuration file with a empty file to remove ensure no rules.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
echo "Removing the default rules from the RHEL6 firewall"
iptables -F INPUT

echo "" > /etc/sysconfig/iptables

1.8 - LIN RHEL7 COS Disable SELinux

If SELinux is enabled in /etc/selinux/config, then set it to disabled. If SELinux is enabled in /etc/sysconfig/selinux, then set it to disabled.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
disable() {
    if grep -q 'SELINUX=disabled' $F; then
        echo "SELINUX Already Disabled"
    else
        echo "Disabling SELINUX"
        sed -i 's/SELINUX=.*/SELINUX=disabled/' $F
    fi
}

F='/etc/selinux/config'
disable

F='/etc/sysconfig/selinux'
disable

2 - RHEL7 SOS Install Utilities

Install package updates and common dependencies for application servers.

2.1 - LIN RHEL7 PU Install Net-Tools

Install Base Linux networking programs.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y net-tools

2.2 - LIN RHEL7 PU Install Git

Install GIT open source control system.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y git

2.3 - LIN RHEL7 PU Install Unzip

Install unzip for working with ZIP archives.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y unzip

2.4 - LIN RHEL7 PU Install BZip2

Install bzip2 which is a block-sorting file compressor.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y bzip2

2.5 - LIN RHEL7 PU Install Rsync

Install rsync which is a faster, flexible tool for copying files to remote computers.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y rsync

2.6 - LIN RHEL7 PU Install Telnet

Install telnet tool to allow communication to another host.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y telnet

2.7 - LIN RHEL7 PU Install Wireshark

Install wireshark that will interactively dump and analyze network traffic.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y wireshark

2.8 - LIN RHEL7 PU Install Nano

Install the nano editor.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y nano

2.9 - LIN RHEL7 PU Deploy nmon

Copy nmon installer package to to server.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
Deploy archive RHEL7 EPEL nmon.tar to remote path {targetServerInstallerTmpPath}
  1. Locate Files archive "RHEL7 EPEL nmon.tar", This can be downloaded from Attune
  2. Copy the Files archive to the server
  3. Extract the root of the Files archive to {targetServerInstallerTmpPath}, relative to the home directory
  4. Check that the files are in the correct location

2.10 - LIN RHEL7 PU Install nmon

Install nmon which displays and records local system information. Remove the installer package.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
D={targetServerInstallerTmpPath}/pkg_nmon

yum install -y $D/nmon*rpm

rm -rf $D

2.11 - LIN RHEL7 PU Deploy iftop

Copy iftop installer package to to server.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
Deploy archive RHEL7 EPEL iftop.tar to remote path {targetServerInstallerTmpPath}
  1. Locate Files archive "RHEL7 EPEL iftop.tar", This can be downloaded from Attune
  2. Copy the Files archive to the server
  3. Extract the root of the Files archive to {targetServerInstallerTmpPath}, relative to the home directory
  4. Check that the files are in the correct location

2.12 - LIN RHEL7 PU Install iftop

Install iftop which displays bandwidth usage on an interface by host. Remove the installer package.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
D={targetServerInstallerTmpPath}/pkg_iftop

yum install -y $D/iftop*rpm

rm -rf $D

2.13 - LIN RHEL7 PU Deploy p7zip

Copy p7zip installer package to to server.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
Deploy archive RHEL7 EPEL p7zip.tar to remote path {targetServerInstallerTmpPath}
  1. Locate Files archive "RHEL7 EPEL p7zip.tar", This can be downloaded from Attune
  2. Copy the Files archive to the server
  3. Extract the root of the Files archive to {targetServerInstallerTmpPath}, relative to the home directory
  4. Check that the files are in the correct location

2.14 - LIN RHEL7 PU Install p7zip

Install p7zip a 7-zip file archiver. Remove the installer package.

This step has the following parameters

Name Script Reference Default Value
Target Server: Installer Tmp Path {targetServerInstallerTmpPath} /tmp/installers

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
D={targetServerInstallerTmpPath}/pkg_p7zip

yum install -y $D/p7zip*rpm

rm -rf $D

2.15 - LIN RHEL7 PU Install FTP

Install ftp to allow transfer of files to and from a remote network site.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install ftp -y

2.16 - LIN RHEL7 PU Install Netcat

Install ncat utility which reads and writes data across network connections.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y nmap-ncat

3 - RHEL7 SOS Setup NTP

NTP is the service used to keep all the servers time sync'd

3.1 - LIN RHEL7 NTP Remove Chrony

Remove chrony from the system.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum remove -y chrony

3.2 - LIN RHEL7 NTP Install Packages

Install ntp to allow the clock to be sync'd.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y ntp

3.3 - LIN RHEL7 NTP Deploy Config

Deploy ntp.conf file.

Login as user on node

Connect via SSH
ssh user@hostname
Deploy archive ntp.conf.tar to remote path /
  1. Locate Files archive "ntp.conf.tar", This can be downloaded from Attune
  2. Copy the Files archive to the server
  3. Extract the root of the Files archive to /
  4. Check that the files are in the correct location

3.4 - LIN RHEL7 NTP Setup update sysconfig

Enable ntp to slew the clock while making changes to ensure no issues with oracle. Enable the sync of the hardware clock after a successful ntpdate.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
F=/etc/sysconfig/ntpdate

# Add -x to the startup uptions
sed -i 's/OPTIONS="-u/OPTIONS="-x -u/g' $F

# Set to 'yes' to sync hw clock after successful ntpdate
sed -i 's/SYNC_HWCLOCK=no/SYNC_HWCLOCK=yes/g' $F

3.5 - LIN RHEL7 NTP Enable and Restart Service

Enable autostart of ntpd daemon. Start ntpd daemon.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
# Enable auto starting of NTP
systemctl enable ntpd

# Restart the NTP service
systemctl start ntpd

3.6 - LIN RHEL7 NTP Test Status

Print the status of NTP time syncing.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
# Print the status of NTP time syncing
ntpq -p

4 - RHEL7 SOS Setup Postfix

Setup the sendmail service to use a smart host and redirect all mail from root to a corporate IP

4.1 - LIN RHEL7 MAIL Install Packages

Install postfix a free open-source mail transfer agent. Install mailx a enhanced version of the mail command.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
yum install -y postfix mailx

4.2 - LIN RHEL7 MAIL Sendmail check hostname

Sendmail needs a fully qualified domain name to start, If sendmail takes 2 minutes to start, this is your problem.

This step has the following parameters

Name Script Reference Default Value
Smtp Server {smtpServer.fqn}
Target Server {targetServer.fqn}

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
# CHECK HOSTS FILE
# We are looking for this pattern
#
# 192.168.1.1 prodapp1 prodapp1.company.com
# PC_APP_IP PC_APP_HOSTNAME PC_APP_HOSTNAME.PC_DOMAIN_NAME

# Make sure our host file has our FQN at the end.
echo "Checking for line ending with {targetServer.fqn} in /etc/hosts"
grep "{targetServer.fqn}$" /etc/hosts

echo "Checking for the SMTP server in the hosts file"
grep "{smtpServer.fqn}$" /etc/hosts

4.3 - LIN RHEL7 MAIL Setup Postfix Config

Set the configs for postfix

This step has the following parameters

Name Script Reference Default Value
Smtp Server {smtpServer.hostname} None
Target Server {targetServer.domain} None

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
postconf -e 'disable_dns_lookups = yes'
postconf -e 'relayhost = {smtpServer.hostname}'
postconf -e 'mydomain = {targetServer.domain}'
postconf -e 'myorigin = $mydomain'

postfix check

4.4 - LIN RHEL7 MAIL Setup Sendmail aliases

Updating the aliases file redirects mail that would be delivered to the local linux user account to another email account.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
# Update /etc/aliases
F=/etc/aliases

# Add any email addresses you need forwarded from a local account to another acocunt into this file.
#

4.5 - LIN RHEL7 MAIL Setup Sendmail Compile and Restart

Apply all the sendmail configuration and restart the services

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
# Stop the mail service
echo "Stoping Sendmail"
systemctl stop postfix

# Remove all existing mail.
# f the mail service wasn't working, there could be 1000s of them
echo "Clearing out existing mail queues"
rm -f /var/spool/mqueue/*


# Start sendmail, this script also compiles /etc/aliaeses
echo "Starting Sendmail"
systemctl start postfix

echo "All Done"

4.6 - LIN RHEL7 MAIL Setup Sendmail Test

Test that the sendmail service is working and will send mail to the right email address.

TROUBLESHOOTING The sendmail log file is normally at /var/log/maillog, but this can be changed depending on the /etc/syslog.conf file. This command "grep -F 'mail.*' /etc/syslog.conf" will show you where the log file is.

Login as user on node

Connect via SSH
ssh user@hostname
This is a Bash Script make sure you run it with bash -l from a terminal session
#Clear mail queue
postsuper -d ALL

echo "Sending a test email to root with subject 'Attune Sendmail Config Complete'"
# Send test email to root
mail -v -s "Attune Sendmail Config Complete" root <<EOF
Attune has completed configuring sendmail on server `hostname`

Hopefully you get this email.

Email sent at `date`
EOF

((iter=0)) || true
MAX_ITER=30 # 1 minute of recovery
WAIT=2
while [ ${iter} -lt ${MAX_ITER} ]
do
    #check if mail queue is empty to see if mail was send successfully
    if mailq | grep -q 'Mail queue is empty'; then
        echo "Mail queue is empty, mail sent successfully."
        exit 0
    else
        echo "Mail queue is not empty. Please check the details below:"
        mailq
        echo "Retrying..."

    ((iter=iter+1))
    sleep ${WAIT}
    fi
done
exit 1