1. Overview
In this article will describes the installation of a CentOS 7 Linux dedicated server. The main purpose of this guide is to provide a secure linux dedicated server from scratch with Logical Volume Manager (LVM) created during the Operating Systems (OS) installation.
The reason to have a Linux dedicated server OS on the LVM is that we can resize the space for a particular partition easily without effecting the application and system restart.
2. Prerequisites
In this article of how to install CentOS 7 Linux dedicated server with Logical Volume Manager (LVM), it is assumed that:
a. You already have VMware Workstation 11 up and running on your computer.
b. You have already downloaded CentOS 7, installer image iso file from CentOS Website.
3. Installation Requirement
The following is the requirement for this installation.
1. Server Specification | |
OS | CentOS 7 |
CPU | 2 Core |
RAM | 4 GB |
2. Host Name and IP Address Settings | ||
IPv4 Address | Enable | |
IP Address | 192.168.1.1 | |
Net Mask | 255.255.255.0 | |
Gateway | 192.168.1.1 | |
DNS1 | 192.168.1.1 | |
DNS2 | N/A | |
Search Domain | techspacekh.com | |
IPv6 Address | Disable | |
Host Name | vkcent-web01 |
3. Date and Time | ||||
Timezone | NTP | Format | ||
Asia/Phnom Penh | Enable | 24-hour * | 12-hour | |
4. Languages | English (United States) | |||
5. Keyboard | English (US) | |||
4. Security Policy |
|
6. Partition Configuration |
||||
Volume Group (VG) | Logical Volume (LV) | Size | Mount Point | File System |
vg-systems | lv-root | 4 GB | / | xfs |
lv-swap | 2 GB | /swap | xfs | |
lv-usr | 4 GB | /usr | xfs | |
lv-var | 3 GB | /var | xfs | |
lv-home | 3 GB | /home | xfs | |
lv-tmp | 2 GB | /tmp | xfs | |
N/A | N/A | 512 MB | /boot | xfs |
7. Software Selection | ||
Base Environment | Add-Ons for Selected Environment | |
|
|
|
|
||
8. Kdump | Enable | |
9. Set Root Password | Yes | |
10. Create Initial User | Yes |
4. Configure Partitioning
Here is where we configure LVM. From the Installation Summary window, under System section, click on Installation Destination option.
The Installation Destination window appears are the following. Go to Other Storage Options, under Partitioning section, choose the option of “I will configure partitioning.” and then click Done.
The Manual Partitioning window appears are the following. Choose LVM as the partitioning scheme and then click “+” sign to create a partition.
First, let create the “/boot” partition with 512MB of disk space as the following.
Now create a root “/” partition with 4GB of disk space as the following.
A Volume Group with a generate name is also created after the creation of the first LVM partition. To change the generated Volume Group named click on Modify….
Let change the Volume Group name to “vg-systems” as the following.
Next we can change the Logical Volume name to “lv-root” as the following and then click Update Settings.
Repeat the above steps again for partition “/home, /var ,/swap, /usr, and /tmp” and then click Done.
Click on Accept Changes to continue the installation process.
5. Network and Host Name
From the Installation Summary window, under System section, click on Network & Host Name option. The Network & Host Name window appears are the following. First turn the interface on, then enter the host name for your Linux dedicated server, in our case now is “vkcent-web01”, and then click on Configure….
Go to IPv4 Settings menu and enter the static IP address, Net mask, Gateway, DNS server, and Search domains as the following example.
Since the server is not using IPv6 and the security reason, it is strongly recommend to disable IPv6 on the server. Go to IPv6 Settings menu and choose Ignore option from the Method drop-down list, click Save and then click Done.
6. Date and Time
From the Installation Summary window, under Localization section, click on Date & Time option. The Date & Time window appears are the following. First turn the Network Time on for time synchronization with public NTP server, we can change it to local NTP server latter. Then, select the time zone, for example below, Asia is selected as Region and Phnom Penh is selected as City, select 24-hour as the time format and then click Done.
7. Security Policy
The Security Policy will configure the installed RHEL/CentOS 7 Linux dedicated server following restrictions and recommendations (compliance policies) defined by the Security Content Automation Protocol (SCAP) standard.
From the Installation Summary window, under Security section, click on Security Policy option. The Security Policy window appears are the following. First turn the Apply security policy on. Then, select the the security policy profile name “Standard System Security Profile“, as the following, click Select profile button, and then click Done.
8. Software Selection
In a secured production server environment, it is highly recommended to select a minimal installation option when installing CentOS 7 Linux to reduce the attack surface and resource usage. With the minimal installation selected, only fewer packages will be installed on the server, and we can easily install anything that we require after installation from the repository rather than having a bunch of packages pre-installed that may never even be used.
Also, we need to select some add-ons for this minimal installation that it is the basic packages that any Linux server or Linux dedicated server may need, such as Compatibility Libraries and Development Tools.
From the Installation Summary window, under Software section, click on Software Selection option. The Software Selection window appears are the following. From the Base Environment option list, selection Minimal Install and then check option Compatibility Libraries and Development Tools as the add-ons for the selected environment and then click Done.
9. User Setting
Now we need to set the password for root user and create a new normal user in the User Settings here.To do so, just click on the respective options below and finally click Done.
After the installation process is completed, it will ask to reboot the server, just click Reboot to finish the server installation process. After the reboot process completed, it will prompt for username and password to login.
10. Conclusion
You should have a secure CentOS 7 Linux dedicated server from scratch with Logical Volume Manager (LVM). Sooner or latter, if one of the logical volumes created above running our of space or almost reaches its total disk space capacity, we can always increase easily without effecting the running applications and it is not required to reboot the system. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.