{"id":63,"date":"2008-03-29T01:00:25","date_gmt":"2008-03-29T07:00:25","guid":{"rendered":"http:\/\/www.pervasivecode.com\/blog\/2008\/03\/29\/centos-51-minimal-vps-install-guide\/"},"modified":"2009-05-30T10:55:46","modified_gmt":"2009-05-30T16:55:46","slug":"centos-51-minimal-vps-install-guide","status":"publish","type":"post","link":"http:\/\/www.pervasivecode.com\/blog\/2008\/03\/29\/centos-51-minimal-vps-install-guide\/","title":{"rendered":"CentOS 5.1 Minimal VPS Install Guide"},"content":{"rendered":"<p>I&#8217;m working on a project that is deploying on CentOS 5.1, and I found it not entirely obvious how to install a really stripped down server, as a starting point for a lean and mean, hardened production server. Since I&#8217;m doing work on this at home on VMWare, and it&#8217;s being deployed on a VPS initially (and probably will remain virtualized for ease of management as it scales up), this guide is specifically aimed at this kind of configuration.<\/p>\n<p><!--more--><\/p>\n<p><b>Assumptions:<\/b><\/p>\n<ul>\n<li>this server uses an x86_64 CPU architecture, not i386 (or for an ultra-small disk footprint, consider i386 since it doesn&#8217;t need duplicate 64 and 32 bit glibc libraries)<\/li>\n<li>this is a server VPS (running in VMware or Xen) so it isn&#8217;t interested in low-level hardware management<\/li>\n<ul>\n<li>no need for ACPI (sleep\/hibernate)<\/li>\n<li>no need for laptop CPU power reduction<\/li>\n<li>no need for SMART disk monitoring (since the VPS disk is virtualized)<\/li>\n<li>no need for MD (software RAID) since it&#8217;s a VPS; any RAID is happening at a lower level (host OS \/ dom0)<\/li>\n<li>no need to use LVM2 to mirror a logical volume (again because RAID is handled outside of the VPS)<\/li>\n<li>no need for bluetooth, hot-plug hardware, or PCMCIA<\/li>\n<\/ul>\n<li>this server may have more than one CPU (or may be given additional VCPUs later due to load) so multi-CPU support is desired<\/li>\n<li>this is a headless server so no GUI features are desirable<\/li>\n<li>there are no legacy services that need RPC<\/li>\n<li>NFS will not be used<\/li>\n<li>SELinux will be left in the default configuration (&#8220;Enforcing&#8221; the &#8220;Targeted&#8221; policy).<\/li>\n<\/ul>\n<p><b>Basic Installation:<\/b><\/p>\n<p>Start with the Centos 5.1 x86_64 install DVD.<br \/>\nBoot the DVD.<br \/>\nSelect English language and U.S. English keyboard layout.<br \/>\nChoose to Install the OS (not upgrade).<br \/>\nChoose &#8220;Remove linux partitions on selected drives and create default layout.&#8221;<br \/>\nSelect DHCP network configuration, or the static IP address for this server.<br \/>\n  (I choose DHCP, and tell the DHCP server to use a specific IP for this host based on its Ethernet MAC address.)<br \/>\nChoose the time zone the server is in (for me this is America\/Los Angeles), and enable the &#8220;System clock uses UTC&#8221; option.<br \/>\nPick a complex root password (https:\/\/grc.com\/passwords can generate one for you) and enter it.<br \/>\nWhen given a chance to install additional tasks, uncheck everything (no additional tasks) and choose the &#8220;Customize now&#8221; radio button.<br \/>\nIn the next screen, go into every group and uncheck everything. (*Nothing* should be checked when you&#8217;re done. Be careful not to miss anything!)<br \/>\nConfirm that you want the installer to begin the installation process. (For me this process took about 6 minutes.)<br \/>\nConfirm that you want to reboot, and make sure that the server will boot from the hard disk instead of the installation media.<br \/>\nWhen the server boots, log in as root. (You can disconnect from the console and use SSH instead at this point if it&#8217;s more convenient.)<\/p>\n<p><b>More Minimizing:<\/b><br \/>\nRun this command to tell yum to go grab the latest package info from out on the internet.<br \/>\n  <code>yum grouplist<\/code><br \/>\nRun this command to make sure you didn&#8217;t install anything other than the bare minimum:<br \/>\n  <code>yum -C grouplist<\/code><br \/>\nYou shouldn&#8217;t see a section called &#8220;Installed Groups:&#8221;. If you do see it, it means you missed something you were supposed to disable in the previous section.<br \/>\nIn that case, run this to remove it and all the packages in it:<br \/>\n  <code>yum -C groupremove SomeGroupName<\/code><\/p>\n<p>You can also run this command to count how many packages have been installed already:<br \/>\n  <code>yum -C list installed | wc -l<\/code><br \/>\nThe resulting count of packages installed should be 154.<\/p>\n<p>Next, run &#8220;<code>chkconfig --list | grep 3:on<\/code>&#8221; to see what services are enabled.<br \/>\nSeveral of them can safely be disabled (provided that the assumptions at the top of this guide are true), so run this:<br \/>\n  <code>for i in haldaemon lvm2-monitor messagebus netfs; do chkconfig $i off; done<\/code><br \/>\nThese are useful and should stay enabled:<br \/>\n  ip6tables<br \/>\n  iptables<br \/>\n  kudzu<br \/>\n  mcstrans<br \/>\n  network<br \/>\n  restorecond<br \/>\n  sshd<br \/>\n  syslog<br \/>\nIf for some reason there are others that are still enabled that aren&#8217;t on that list, you&#8217;ll have to decide for yourself.<\/p>\n<p>Run this command to remove a 9.7MB standalone documentation package that you almost certainly won&#8217;t be reading from the server:<br \/>\n  <code>yum -C remove Deployment_Guide-en-US<\/code><\/p>\n<p>If you wish, run this command to update your installed packages to the latest stable version.<br \/>\n  <code>yum update<\/code><br \/>\n  As of 3\/27\/2008 this installed a new kernel, updated 19 other packages, and required a 54MB download.<br \/>\n  Accept the CentOS package-signing GPG key when asked.<br \/>\n  If a kernel update is installed, it would be a good idea to reboot soon to make sure it works.<br \/>\n  You can also remove your old kernel (use &#8220;rpm -qa | grep kern&#8221; to find old ones) to save ~75MB.<br \/>\n    <code>yum remove kernel-2.6.18-53.el5<\/code> NOTE! ONLY do this if you updated your kernel and have 2 installed now.<\/p>\n<p><b>Useful Things You May Want To Install:<\/b><\/p>\n<p>These packages are very useful for administering servers, deploying software and data to them, and performing backups:<br \/>\n  <code>yum install bzip2 lsof man man-pages mlocate quota rsync sysstat vixie-cron wget which<\/code><\/p>\n<p>If your server has more than 1 CPU you may wish to install irqbalance, to distribute interrupt servicing duty across CPUs:<br \/>\n  <code>yum install irqbalance<\/code><\/p>\n<p>This package makes the system boot slightly faster using a very simple, safe technique:<br \/>\n  <code>yum install readahead<\/code><\/p>\n<p>If you aren&#8217;t familiar with the vim text editor, you can install nano, which is less powerful but very easy to use:<br \/>\n  <code>yum install nano<\/code><\/p>\n<p>Have fun! Hope this helps.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;m working on a project that is deploying on CentOS 5.1, and I found it not entirely obvious how to install a really stripped down server, as a starting point for a lean and mean, hardened production server. Since I&#8217;m doing work on this at home on VMWare, and it&#8217;s being deployed on a VPS &hellip; <a href=\"http:\/\/www.pervasivecode.com\/blog\/2008\/03\/29\/centos-51-minimal-vps-install-guide\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;CentOS 5.1 Minimal VPS Install Guide&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[52,2,15,42,39],"tags":[],"class_list":["post-63","post","type-post","status-publish","format-standard","hentry","category-centos","category-linux","category-servers","category-vmware","category-xen"],"_links":{"self":[{"href":"http:\/\/www.pervasivecode.com\/blog\/wp-json\/wp\/v2\/posts\/63"}],"collection":[{"href":"http:\/\/www.pervasivecode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.pervasivecode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.pervasivecode.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.pervasivecode.com\/blog\/wp-json\/wp\/v2\/comments?post=63"}],"version-history":[{"count":0,"href":"http:\/\/www.pervasivecode.com\/blog\/wp-json\/wp\/v2\/posts\/63\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.pervasivecode.com\/blog\/wp-json\/wp\/v2\/media?parent=63"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.pervasivecode.com\/blog\/wp-json\/wp\/v2\/categories?post=63"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.pervasivecode.com\/blog\/wp-json\/wp\/v2\/tags?post=63"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}