- Centos Linux Release 7.3.1611
- Centos 7 Iso Image Download
- Centos 7 Download Iso
- Centos 7.6 Iso Download
Name Last modified Size Description; Parent Directory - CentOS-7-x86_64-DVD-1505-01.iso: 2015-06-02 19:46: 4.0G. /Software/OS/Linux.Collections/CentOS/7.3.1611/ File Name ↓ File Size ↓ Date ↓; Parent directory/--CentOS-7-x86_64-DVD-1611.iso: 4.1 GiB.
Updated article as of November 2017 at the URL below.
Revision October 23, 2017; Revised IPv6 section due to being broken after last revision; Thank you, Botsmack!
Revision October 19, 2017; Note regarding the removal of ::1 from /etc/hosts
Revision October 7, 2017; yum-plugin-versionlock and yum-plugin-priorities to optional packages
Revision July 30, 2017; corrected typo in sealvm.sh as reported by a-roussos. Thank you!
Revision March 13, 2017; change ifcfg from PREFIX to NETMASK to support cloud-init
Revision March 9, 2017; Small tweak of 'Disable IPv6'
Published February 19, 2017
The purpose of this guide is provide the steps to install and configure a standardized CentOS 7.3.1611 (aka RHEL) x86_64 base operating system. In addition, several optional sections prepare the installation for use with virtualization platforms.
Current CentOS-7 Release Notes can be found at https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.
CentOS FAQ can be found at http://wiki.centos.org/FAQ/CentOS7.
Base CentOS Installation Task Overview
NOTE
The 'Minimal' in the article title was originally in reference to the Minimal installation media. However, this guide is applicable to any CentOS 7 1611 media installation and not limited to the 'Minimal' installation media.
Obtain Media
If you are new to Linux or new to CentOS minimal installations, I would advise reviewing all the information at the URL below. For this article, I am using x86_64 version, also, known as 64 bit.
Download: http://wiki.centos.org/Download
I use either the Minimal or NetInstall installation media. The primary advantage with the Minimal is you installation without having to exit to the Internet. The primary advantage of the NetInstall is that the packages installed are the current packages and no update is needed.
The NetInstall ISO installer has only the necessary bits to boot a very basic operating system then using http or ftp to download the packages to be installed. This differs from the other installation methods that use the local repository found on the installation media. There is no link to the NetInstall ISO on CentOS's download page. However, if select mirrors and you browse, you will find it with the other ISO installation media.
For example:
http://mirrors.ocf.berkeley.edu/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall-1611.iso
During the install, you will need to provide a repository URL such as:
http://mirrors.ocf.berkeley.edu/centos/7/os/x86_64/
For the Minimal installation media, click the Minimal link.
Install
Boot from media and, generally, accept the defaults. You have an opportunity to provide time zone, a host name, configure network interfaces, provide DNS IP addresses, domain search, etc. If configured at this point, the installation script automatically configures the resulting installation using these settings. It is a time saver, however, I am going to assume these settings have not been set or changes will be needed.
Host Name
View current host name
Set the hostname
Results
Network
Network Manager
Red Hat has been changing how networking is configured and managed with an emphasis on the use of Network Manager. Network Manager is installed and in use by default on CentOS 7. Configure using either
nmtui
or nmcli
. nmtui
has a very intuitive interface but nmcli
is useful for scripting.If you have multiple interfaces, connect an Ethernet cable to the desired port, then execute
ip addr
to identify the interface. If using DHCP, it will show an IP address assigned. If not using DHCP, you should see 'up' status. Execute nmtui
and 'Edit' the interface then using nmtui
, again, to 'Activate'.Removing Network Manager
For Minimal installations of CentOS, my preference is to remove Network Manager. I see no compelling reason to use it on a server.
Begin by stopping and disabling NetworkManager
Now remove NetworkManager
Results
Hand Crafting ifcfg
Files
By default, the CentOS installation will have created ifcfg files for detected interfaces. Backup the original files with the exception of
ifcfg-lo
which will remain unmodified. Note that all files starting with 'ifcfg' within network-scripts will be processed at start of the network service unless appending .orig
. When backing up the files, either place in a different directory or append .orig
.View Interfaces
Connect the interface to be configured and use
ip addr
identify the 'up' interface if using more than one interface.For example with DHCP
Note interface eth0 is in an
UP
state. This is the interface to be configured. The example only has one interface, however, additional interfaces without a network cable would not show an 'UP' state.Configure Interface
Create or edit a configuration file using
vi /etc/sysconfig/network-scripts/ifcfg-eth0
and replace the values given in the example below with yours; IPADDR, NETMASK, and GATEWAY. The entry 'DEFROUTE=yes' assumes the interface is to be the default route for unknown routes. All other interfaces should have 'DEFROUTE=no.' You may find many more values within the original ifcfg files for use with NetworkManager. If not using NetworkManager, these can be safely removed.After saving the ifcfg file, restart network services.
Results
Notes
NM_MANAGED=no
disables Network Manager for an interface, if using Network ManagerIPV6INIT=no
disables IPv6 for an interfaceDEFROUTE=no
orDEFROUTE=yes
excludes or sets an interface as the default route, respectively, if using Network ManagerPEERDNS=yes
adds the interface's DNS settings to the/etc/resolv.conf
PREFIX
is an alternative toNETMASK
Additional interfaces if needed have a much simpler configuration.
If using bonds, bridges, or teams, details can be found here:
Reference
Disable IPv6
Previously, I disabled IPv6 everywhere for my host builds. Unfortunately, developers are increasingly using the IPv6 and as a consequence, some services will break without it. To overcome this potential requirement, disable IPv6 for interfaces but permit its use at the kernel level. I provide instructions in the section titled 'Disable IPv6 Everywhere' if you want to kill IPv6 for the entirety of the box.
View IPv6 Settings using
sysctl -a
Note the value of '0' means the feature is not enabled. Enable the 'eth0' disable policy to stop the eth0 interface from using IPv6.
Edit
vi /etc/sysctl.conf
which will have no entries. We will add and enable eth0.disable for IPv6.Results
At this point, you can reboot or use
sysctl
to load /etc/sysctl.conf.Using
ip addr
note there is no IPv6 address associated with eth0.Disable IPv6 Everywhere
To disable the use of IPv6 for everything on the Linux host, enable 'all' and 'default' within sysctl.conf to ensure no interfaces uses IPv6.
You can enable IPv6 for a specific interface by adding it to sysctl.conf with a value of 0 to override the 'all' and 'default.' For example, to enable the IPv6 loopback interface or
::1
:Interface ::1
Recently had a nasty experience with upgrading IPA server from 4.3 to 4.5. Apparently the new ipa-server-upgrade does a check and if ::1 exists in the /etc/hosts file, the upgrade implodes. Stupid!
I am going to remove ::1 in my builds and see what breaks. I have seen evidence that a minority of developers assume IPv6 interfaces exist and don't bother to support IPv4. For $%@#*& sakes why?
NOZEROCONF
Add the following line to /etc/sysconfig/network to prevent zero configuration networking, i.e. 169.254.0.0/16 in the absence of static or DHCP IP address assignment. Ick!
Name Resolution
Network Manager or DHClient may have updated resolv.conf to reflect ifcfg's DNS1, DNS2, and DOMAIN settings. If not,
vi /etc/resolv.conf
and update appropriately. Mine is given below.Network Testing
Use ping to verify basic interface, routing, and name resolution operation.
firewalld & iptables
As with NetworkManager, I see no compelling reason for firewalld. It sits on top of iptables and adds unnecessary complexity.
My preference is to remove firewalld and use iptables directly.
Remove firewalld
Install iptables-services
Enable and start iptables-services.
Note
If you receive error 'Failed to execute operation: Access denied' when using systemctl to disable firewalld, you may have disabled 'Security Policy' during the graphical install which resulted it in not being installed.
Firewall Policies
Assuming the default policies are insufficient--they most assuredly are insufficient, create an iptables script to configure IPv4 policies. If IPv6 is enabled, need to create an ip6tables script as well.
Create file,
vi ip4-default.fw
copy+paste, save, then
./ip4-default.fw
Set the file to executable using
chmod +x ip4-default.fw
then execute ./ip4-default.fw
. Review the change using iptables -L -nv
.Results
If you did not disable IPv6 'everywhere,' it is probably permitting all incoming connections.
As with IPv4, create a file ip6-default.fw, enter policies, set as executable, execute, and review changes.
copy+paste, save, then
./ip6-default.fw
Results
SELinux
As much as I love the idea of SELinux, the reality is that developers as a whole have not adopted its use. As a consequence, I have lost far too many hours trouble shooting installation failures to identify SELinux as the culprit. I have not given up entirely on SELinux, but I would advise setting it to 'permissive' when installing new services and testing. Once testing is complete, set SELinux to 'enforcing' and test again.
Update the SELinux config file
vi /etc/selinux/config
to SELINUX=permissive
. Execute setenforce 0
to set the current session to permissive or reboot to utilize the updated config.Time zone
After installation, the default time zone is America/New_York. CentOS 7 uses
timedatectl
to manage time and date related settings.Check current settings using
timedatectl
Centos Linux Release 7.3.1611
Find your time zone
Set your time zone
Results
References http://www.server-world.info/en/note?os=CentOS_7&p=timezone
Time & Date
View the current date and time using
date
.Set the current local time and date using
timedatectl 2016-04-02 17:48:12
. The result is Sat Apr 2 17:48:12 PDT 2016
.Network Time
Time synchronization can play a big role in kerberos authentication and other services. By default 'chrony' is installed instead of the 'ntpd.' To update chrony time sources,
# vi /etc/chrony.conf
and update or add 'server' values.EPEL (optional)
To install Extra Packages for Linux (EPEL), simply install the package from the CentOS base repository.
Results
oVirt 4 Guest (optional)
If using CentOS 7 as an oVirt Guest (virtual machine), install your version of the oVirt repository and guest agent. I am using oVirt 4.0.
oVirt Repository
Results
oVirt Guest
Results
Enable and start the agent.
CloudInit (optional)
CloudInit handles early initialization of virtual machines. I use the cloud-init service with oVirt to configure network settings, passwords, and other settings when initializing from virtual machines templates.
Results
After installation, the cloud-init service is already enabled and will be running after reboot. I find its constant complaining to be a nuisance, so I stop and disable or stop the service until it is time to seal the virtual machine. Do remember to re-enable or use the sealvm.sh script in the section titled 'VM Template.'
Reference
Spacewalk 2.6 Client (optional)
Spacewalk is the upstream project for Satellite 5 aka Satellite Classic. I use it for patch and configuration management and a guide to build the Spacewalk 2.6 Server can be found at Spacewalk 2.6.
Spacewalk Client Repository
Install the repository's package matching the Spacewalk server.
Results
Spacewalk Client Packages
Spacewalk client packages to register and utilize core Spacewalk features like registration.
Results
To utilize Spacewalk, the host must be registered and additional functionality will require additional packages and configuration. Details on the steps to complete a Spacewalk client setup are found at the URL below.
Update
If using the CentOS 7 Minimal installation media, update prior to building services. If using the CentOS 7 NetInstall media, there should be no updates needed.
VM Template
If using the Linux host created using the instructions above as a virtual machine (VM) template, I use the following process to prepare the VM.
- Clean yum
- Clear machine-id
- Enable cloud-init
- Delete SSH host keys
- Delete history and logs
- sys-unconfig
- Convert virtual machine to template
- Deploy virtual machine using template
To simplify the process further, create a file, set it as executable and paste the following. Execute using
./sealvm.sh
as the last step in the template build process.cut+paste
Reference
Done!?
The build is complete. However, you may want to consider the following:
Disable Postfix
Depending on the purpose of the system, postfix may not be needed.
Additional Packages
I install a number of optional packages for my builds including:
Results
Updated article as of November 2017 at the URL below.
Revision October 23, 2017; Revised IPv6 section due to being broken after last revision; Thank you, Botsmack!
Revision October 19, 2017; Note regarding the removal of ::1 from /etc/hosts
Revision October 7, 2017; yum-plugin-versionlock and yum-plugin-priorities to optional packages
Revision July 30, 2017; corrected typo in sealvm.sh as reported by a-roussos. Thank you!
Revision March 13, 2017; change ifcfg from PREFIX to NETMASK to support cloud-init
Revision March 9, 2017; Small tweak of 'Disable IPv6'
Published February 19, 2017
The purpose of this guide is provide the steps to install and configure a standardized CentOS 7.3.1611 (aka RHEL) x86_64 base operating system. In addition, several optional sections prepare the installation for use with virtualization platforms.
Current CentOS-7 Release Notes can be found at https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.
CentOS FAQ can be found at http://wiki.centos.org/FAQ/CentOS7.
Base CentOS Installation Task Overview
NOTE
The 'Minimal' in the article title was originally in reference to the Minimal installation media. However, this guide is applicable to any CentOS 7 1611 media installation and not limited to the 'Minimal' installation media.
Obtain Media
If you are new to Linux or new to CentOS minimal installations, I would advise reviewing all the information at the URL below. For this article, I am using x86_64 version, also, known as 64 bit.
Download: http://wiki.centos.org/Download
I use either the Minimal or NetInstall installation media. The primary advantage with the Minimal is you installation without having to exit to the Internet. The primary advantage of the NetInstall is that the packages installed are the current packages and no update is needed.
The NetInstall ISO installer has only the necessary bits to boot a very basic operating system then using http or ftp to download the packages to be installed. This differs from the other installation methods that use the local repository found on the installation media. There is no link to the NetInstall ISO on CentOS's download page. However, if select mirrors and you browse, you will find it with the other ISO installation media.
For example:
http://mirrors.ocf.berkeley.edu/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall-1611.iso
During the install, you will need to provide a repository URL such as:
http://mirrors.ocf.berkeley.edu/centos/7/os/x86_64/
For the Minimal installation media, click the Minimal link.
Install
Boot from media and, generally, accept the defaults. You have an opportunity to provide time zone, a host name, configure network interfaces, provide DNS IP addresses, domain search, etc. If configured at this point, the installation script automatically configures the resulting installation using these settings. It is a time saver, however, I am going to assume these settings have not been set or changes will be needed.
Host Name
View current host name
Set the hostname
Results
Network
Network Manager
Red Hat has been changing how networking is configured and managed with an emphasis on the use of Network Manager. Network Manager is installed and in use by default on CentOS 7. Configure using either
nmtui
or nmcli
. nmtui
has a very intuitive interface but nmcli
is useful for scripting.If you have multiple interfaces, connect an Ethernet cable to the desired port, then execute
ip addr
to identify the interface. If using DHCP, it will show an IP address assigned. If not using DHCP, you should see 'up' status. Execute nmtui
and 'Edit' the interface then using nmtui
, again, to 'Activate'.Removing Network Manager
For Minimal installations of CentOS, my preference is to remove Network Manager. I see no compelling reason to use it on a server.
Begin by stopping and disabling NetworkManager
Now remove NetworkManager
Results
Hand Crafting ifcfg
Files
By default, the CentOS installation will have created ifcfg files for detected interfaces. Backup the original files with the exception of
ifcfg-lo
which will remain unmodified. Note that all files starting with 'ifcfg' within network-scripts will be processed at start of the network service unless appending .orig
. When backing up the files, either place in a different directory or append .orig
.View Interfaces
Connect the interface to be configured and use
ip addr
identify the 'up' interface if using more than one interface.For example with DHCP
Note interface eth0 is in an
UP
state. This is the interface to be configured. The example only has one interface, however, additional interfaces without a network cable would not show an 'UP' state.Configure Interface
Create or edit a configuration file using
vi /etc/sysconfig/network-scripts/ifcfg-eth0
and replace the values given in the example below with yours; IPADDR, NETMASK, and GATEWAY. The entry 'DEFROUTE=yes' assumes the interface is to be the default route for unknown routes. All other interfaces should have 'DEFROUTE=no.' You may find many more values within the original ifcfg files for use with NetworkManager. If not using NetworkManager, these can be safely removed.After saving the ifcfg file, restart network services.
Results
Notes
NM_MANAGED=no
disables Network Manager for an interface, if using Network ManagerIPV6INIT=no
disables IPv6 for an interfaceDEFROUTE=no
orDEFROUTE=yes
excludes or sets an interface as the default route, respectively, if using Network ManagerPEERDNS=yes
adds the interface's DNS settings to the/etc/resolv.conf
PREFIX
is an alternative toNETMASK
Additional interfaces if needed have a much simpler configuration.
If using bonds, bridges, or teams, details can be found here:
Reference
Disable IPv6
Previously, I disabled IPv6 everywhere for my host builds. Unfortunately, developers are increasingly using the IPv6 and as a consequence, some services will break without it. To overcome this potential requirement, disable IPv6 for interfaces but permit its use at the kernel level. I provide instructions in the section titled 'Disable IPv6 Everywhere' if you want to kill IPv6 for the entirety of the box.
View IPv6 Settings using
sysctl -a
Note the value of '0' means the feature is not enabled. Enable the 'eth0' disable policy to stop the eth0 interface from using IPv6.
Edit
vi /etc/sysctl.conf
which will have no entries. We will add and enable eth0.disable for IPv6.Results
At this point, you can reboot or use
sysctl
to load /etc/sysctl.conf.Using
ip addr
note there is no IPv6 address associated with eth0.Disable IPv6 Everywhere
To disable the use of IPv6 for everything on the Linux host, enable 'all' and 'default' within sysctl.conf to ensure no interfaces uses IPv6.
You can enable IPv6 for a specific interface by adding it to sysctl.conf with a value of 0 to override the 'all' and 'default.' For example, to enable the IPv6 loopback interface or
::1
:Interface ::1
Recently had a nasty experience with upgrading IPA server from 4.3 to 4.5. Apparently the new ipa-server-upgrade does a check and if ::1 exists in the /etc/hosts file, the upgrade implodes. Stupid!
I am going to remove ::1 in my builds and see what breaks. I have seen evidence that a minority of developers assume IPv6 interfaces exist and don't bother to support IPv4. For $%@#*& sakes why?
Centos 7 Iso Image Download
NOZEROCONF
Add the following line to /etc/sysconfig/network to prevent zero configuration networking, i.e. 169.254.0.0/16 in the absence of static or DHCP IP address assignment. Ick!
Name Resolution
Network Manager or DHClient may have updated resolv.conf to reflect ifcfg's DNS1, DNS2, and DOMAIN settings. If not,
vi /etc/resolv.conf
and update appropriately. Mine is given below.Network Testing
Use ping to verify basic interface, routing, and name resolution operation.
firewalld & iptables
As with NetworkManager, I see no compelling reason for firewalld. It sits on top of iptables and adds unnecessary complexity.
My preference is to remove firewalld and use iptables directly.
Remove firewalld
Install iptables-services
Enable and start iptables-services.
Note
If you receive error 'Failed to execute operation: Access denied' when using systemctl to disable firewalld, you may have disabled 'Security Policy' during the graphical install which resulted it in not being installed.
Firewall Policies
Assuming the default policies are insufficient--they most assuredly are insufficient, create an iptables script to configure IPv4 policies. If IPv6 is enabled, need to create an ip6tables script as well.
Create file,
vi ip4-default.fw
copy+paste, save, then
./ip4-default.fw
Set the file to executable using
chmod +x ip4-default.fw
then execute ./ip4-default.fw
. Review the change using iptables -L -nv
.Results
If you did not disable IPv6 'everywhere,' it is probably permitting all incoming connections.
As with IPv4, create a file ip6-default.fw, enter policies, set as executable, execute, and review changes.
copy+paste, save, then
./ip6-default.fw
Results
SELinux
As much as I love the idea of SELinux, the reality is that developers as a whole have not adopted its use. As a consequence, I have lost far too many hours trouble shooting installation failures to identify SELinux as the culprit. I have not given up entirely on SELinux, but I would advise setting it to 'permissive' when installing new services and testing. Once testing is complete, set SELinux to 'enforcing' and test again.
Update the SELinux config file
vi /etc/selinux/config
to SELINUX=permissive
. Execute setenforce 0
to set the current session to permissive or reboot to utilize the updated config.Time zone
After installation, the default time zone is America/New_York. CentOS 7 uses
timedatectl
to manage time and date related settings.Check current settings using
timedatectl
Find your time zone
Set your time zone
Results
References http://www.server-world.info/en/note?os=CentOS_7&p=timezone
Time & Date
View the current date and time using
date
.Set the current local time and date using
timedatectl 2016-04-02 17:48:12
. The result is Sat Apr 2 17:48:12 PDT 2016
.Network Time
Time synchronization can play a big role in kerberos authentication and other services. By default 'chrony' is installed instead of the 'ntpd.' To update chrony time sources,
# vi /etc/chrony.conf
and update or add 'server' values.EPEL (optional)
To install Extra Packages for Linux (EPEL), simply install the package from the CentOS base repository.
Results
oVirt 4 Guest (optional)
If using CentOS 7 as an oVirt Guest (virtual machine), install your version of the oVirt repository and guest agent. I am using oVirt 4.0.
oVirt Repository
Results
oVirt Guest
Results
Enable and start the agent.
CloudInit (optional)
CloudInit handles early initialization of virtual machines. I use the cloud-init service with oVirt to configure network settings, passwords, and other settings when initializing from virtual machines templates.
Results
After installation, the cloud-init service is already enabled and will be running after reboot. I find its constant complaining to be a nuisance, so I stop and disable or stop the service until it is time to seal the virtual machine. Do remember to re-enable or use the sealvm.sh script in the section titled 'VM Template.'
Reference
Spacewalk 2.6 Client (optional)
Spacewalk is the upstream project for Satellite 5 aka Satellite Classic. I use it for patch and configuration management and a guide to build the Spacewalk 2.6 Server can be found at Spacewalk 2.6.
Spacewalk Client Repository
Install the repository's package matching the Spacewalk server.
Results
Spacewalk Client Packages
Spacewalk client packages to register and utilize core Spacewalk features like registration.
Results
To utilize Spacewalk, the host must be registered and additional functionality will require additional packages and configuration. Details on the steps to complete a Spacewalk client setup are found at the URL below.
Update
If using the CentOS 7 Minimal installation media, update prior to building services. If using the CentOS 7 NetInstall media, there should be no updates needed.
VM Template
If using the Linux host created using the instructions above as a virtual machine (VM) template, I use the following process to prepare the VM.
- Clean yum
- Clear machine-id
- Enable cloud-init
- Delete SSH host keys
- Delete history and logs
- sys-unconfig
- Convert virtual machine to template
- Deploy virtual machine using template
To simplify the process further, create a file, set it as executable and paste the following. Execute using
./sealvm.sh
as the last step in the template build process.cut+paste
Reference
Done!?
The build is complete. However, you may want to consider the following:
Disable Postfix
Depending on the purpose of the system, postfix may not be needed.
Centos 7 Download Iso
Additional Packages
I install a number of optional packages for my builds including:
Centos 7.6 Iso Download
Results