Have a Question?
< All Topics
Print

Initial Server Setup With CentOS 8

Some of the commonly commands for Initial Server Setup with CentOS 8

Update System with DNF

Update the system with the latest kernel, system security patches, software repositories, and packages.

dnf check-update
dnf update

EPEL Stands for Extra Packages for Enterprise Linux, it is a free and opensource additional packages repository available for CentOS and RHEL servers.

dnf install -y epel-release

Delete all downloaded software packages with all cached repositories to free up some disk space

dnf clean all

Change Hostname

Check the hostname with hostnamectl

[root@prod-centos conf]# hostnamectl
   Static hostname: centos
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 40eda33f2226462898345eb3f52057c2
           Boot ID: 0ec1a0f2a3344468a377a379a3fdf25b
    Virtualization: vmware
  Operating System: CentOS Linux 8 (Core)
       CPE OS Name: cpe:/o:centos:centos:8
            Kernel: Linux 4.18.0-147.8.1.el8_1.x86_64
      Architecture: x86-64

Change the hostname from prod-centos to centos

[root@prod-centos conf]# hostnamectl set-hostname centos

The new hostname is show when you login next time

[root@centos ~]#

Timezone

Change the timezone to Asia/Kuala_Lumpur

sudo timedatectl set-timezone Asia/Kuala_Lumpur

Static IP Address

Option 1 – Set Static IP Address with Network Manager Command Line Interface (nmcli) without rebooting the server

# Check NIC installed
$ nmcli dev status
DEVICE  TYPE      STATE      CONNECTION
ens33   ethernet  connected  ens33

# Static IP Address
$ nmcli con mod enps03 ipv4.addresses 192.168.1.228/24
# Gateway 
$ nmcli con mod enps03 ipv4.gateway 192.168.2.1
# DNS Server
$ nmcli con mod enps03 ipv4.dns “8.8.8.8”
# Change from DHCP to Static
$ nmcli con mod enps03 ipv4.method manual
# Apply the changes
$ nmcli networking off
$ nmcli networking on

Option 2 – Modify the /etc/sysconfig/network-scripts/ifcfg-ens192 with the following

  • BOOTPROTO = "none" – Default is DHCP
  • IPADDR = IP Address for host
  • PREFIX – IP Subnet
  • GATEWAYS – Default IP Address for default Gateway
  • DNS1 = IP Address of DNC server
vi /etc/sysconfig/network-scripts/ifcfg-ens192
  BOOTPROTO="none"
  DEVICE="ens192"
  ONBOOT="yes"
  IPADDR="192.168.1.231"
  PREFIX="24"
  GATEWAY="192.168.1.1"
  DNS1="192.168.1.230"
  DOMAIN="lab.aventislab.com"

Reboot to apply the new IP Addresses to be applied

Install Open-VM-Tools

dnf install open-vm-tools

#Verify VM Tools is installed
$ ps ax | grep vmware
	5151 pts/0    S+     0:00 grep --color=auto vmware

Cockpit – WebUI for Server Management

Install Cockpit

dnf -y install cockpit

Start Cockpit and enable it to start automatically when server boot up

systemctl start cockpit
systemctl enable cockpit.socket

Allow Cockpit (TCP 9090) in Firewall

firewall-cmd --zone=public --add-service=cockpit --permanent
firewall-cmd --reload

Verify Cockpit is listening on Port 9090 and

[root@centos ~]# ss -tulpn | grep :9090
tcp     LISTEN   0        128                    *:9090                *:*       users:(("systemd",pid=1,fd=41))


[root@centos ~]# systemctl status cockpit.socket
● cockpit.socket - Cockpit Web Service Socket
   Loaded: loaded (/usr/lib/systemd/system/cockpit.socket; enabled; vendor preset: disabled)
   Active: active (listening) since Wed 2020-08-12 18:15:02 +08; 2h 11min ago
     Docs: man:cockpit-ws(8)
   Listen: [::]:9090 (Stream)
  Process: 821 ExecStartPost=/bin/ln -snf active.motd /run/cockpit/motd (code=exited, status=0/SUCCESS)
  Process: 814 ExecStartPost=/usr/share/cockpit/motd/update-motd  localhost (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 10987)
   Memory: 1.4M
   CGroup: /system.slice/cockpit.socket

Aug 12 18:15:02 centos.aventislab.com systemd[1]: Starting Cockpit Web Service Socket.
Aug 12 18:15:02 centos.aventislab.com systemd[1]: Listening on Cockpit Web Service Socket.

Login to Cockpit via https://IPADDRESS:9090

Initial Server Setup with CentOS 8

Replace the Default SSL Certificate for Cockpit

Convert the the AventisLab.pfx to Certificate & Key file following Replace ESXi Self-signed Certificate

#Extract the private key from PFX 
openssl pkcs12 -in AventisLab.pfx -nocerts -out AventisLab.pem
Enter Import Password:
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

#Extract Cert from PFX 
openssl pkcs12 -in AventisLab.pfx -clcerts -nokeys -out AventisLab.cert
Enter Import Password:

#Remove the passphase 
openssl rsa -in AventisLab.pem -out AventisLab.key
Enter pass phrase for AventisLab.pem:
writing RSA key

Copy the content of AventisLAb.key file to the bottom of AventisLab.cert and save it

cat AventisLab.key
-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

vi AventisLab.cert
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

Upload AventisLab.cert to CENTOS

# Upload to RHEL 
scp AventisLab.cert [email protected]:/tmp

# Copy to/etc/cockpit/ws-certs.d
cp /tmp/AventisLab.cert /etc/cockpit/ws-certs.d

# Restart Cockpit 
systemctl enable --now cockpit.socket

# Verify lab.cert is used for cockpit now
remotectl certificate
	certificate: /etc/cockpit/ws-certs.d/AventisLab.cert

No SSL Certificate error message prompted when you login to Cockpit

Table of Contents
Scroll to Top