Refer to the following article until CentOS installation.
In this article, I write about things that didn’t go smoothly and what I was wondering about when setting up.
I tried installing CentOS 7 using VirtualBox on a Mac
MacBook Pro (macOS Catalina version 10.15.6)
For macOS, select ʻOS x hosts
It seems that the old names of macOS were ʻOS X and
Mac OS X.
By the way, the name is OSTEN.
Install CentOS image files
In addition to normal CentOS, there is a CentOS stream, but this is for developers, so this time I will install normal CentOS.
Regarding CentOS streams, the following sites were concise and easy to understand.
CentOS Project announces the start of “CentOS Stream”
There are three ISOs to download:
x86_64, ʻARM64 (aarch64)
, and ʻIBM Power (ppc64le). Select x86_64 this time.
The above three are a system of instruction words for operating a microprocessor (CPU / MPU).
I don’t know the details, but I decided that there would be no problem for personal use, so I chose the one that I often see.
Select a mirror site that is close to you and install dvd.iso.
The outline of boot.iso and dvd.iso is as follows.
Since it is downloaded from the CDN (*) and installed, it cannot be installed unless it is connected to the Internet. This time I installed a dvd that seems simple.
*CDN Content Delivery Network
A network that enables smooth distribution of content such as files. By arranging cache servers that copy the contents of the origin server all over the world, instead of storing the content to be downloaded only on one original server (origin server), users can use the content from the nearest cache server. Can be downloaded.
As a result, not only the load distribution of the origin server but also the traffic flowing through the entire Internet can be reduced, and the download becomes faster for the user.
Details are below.
Kagoya’s server laboratory
It includes all the packages that can be installed from the installer and is commonly used. However, the capacity is large.
The capacity is small because it contains only the minimum required packages. I will prepare the packages I need later.
A document file that only describes the contents of the package.
Files available with Torrent client software.
In addition, Torrent is a technology that realizes load distribution by distributing files to multiple servers when downloading one file from the Internet. Many people will be able to download large amounts of data at high speed at the same time. Since the capacity of iso is large, it seems that it is because it can be downloaded at high speed.
Create a virtual machine in VirtualBox
Virtual hard disk capacity
If it was 8GB, it was not enough to install CentOS, so I set it to 20GB.
The capacity required to install CentOS was about 9GB.
Controller: Assign dvd.iso to the secondary master of the IDE.
When booting after installing the OS, prioritize the hard disk over optics. Or remove the iso assigned to optics. Otherwise, the OS will boot from the optical iso, not from the installed hard disk, and the behavior will be strange.
~~ Since it is difficult to use because it is cut off or small, use VBox VGA as the graphics controller. ~~
↑ It’s good halfway, but before and after the installation was completed, the screen glowed colorfully and stopped moving, so I forcibly disconnected. The default VMS VGA is inconvenient because the screen is cut off until the installation is completed, but after the installation is completed, it can be used without being cut off, so there is no need to change the graphics controller. It is not recommended to operate with VBoxVGA because the screen at startup may become colorful (the operation itself was possible as usual).
Settings to enable copy / paste between host ⇄ guest (VirtualBox)
See the site below.
Solve it yourself! If you don’t cry, let’s cry by yourself
Enable copy and paste between host and guest in VirtualBox.
Changed Settings-> General-> Advanced-> “Clipboard Sharing” and “Drag & Drop” disabled settings. This time it is set in both directions.
In addition, since this setting requires installation of
Guest Additions on the CentOS side, refer to” CentOS settings “described later (The above site is Ubuntu, but it is almost the same as the installation on CentOS, and it is easy to understand because it has a photo. .).
Install CentOS on a virtual machine
When restarting after installation, it ends with “VirtualBox VM has terminated for an unexpected reason.” If you select Reopen, a caution statement will be displayed.
In summary, it says, “Specify a machine on the command line and boot.”
Click here for the command in the caution statement.
% VirtualBoxVM --startvm <name | id >
When I followed the instructions, I was able to start.
% VirtualBoxVM --startvm testCentOS
Error display at startup after installing CentOS
ʻERROR Failed to send host log message` is displayed, but it disappears when the graphics controller is set to VBoxVGA.
Instead, as mentioned above, the characters on the screen become colorful and strange. If you want to use VBoxVGA, do it after installing CentOS. It is not recommended to set it to VBoxVGA because it does not matter if an error message is displayed.
Settings to enable copy and paste between host ⇄ guest (CentOS side)
Click devices → Insert Guest Additions CD Image … on the menu bar and follow the instructions such as entering the password. It will be installed automatically, so when the installation is completed normally, click Activity → File → Guest Additions and select Extract.
When I restarted CentOS at the end, I could copy and paste, but this time it didn’t go smoothly.
The following error occurred during installation.
-There is no kernel header.
Install by referring to here.
VirtualBox Guest Additions Error Handling (CentOS)
root# yum -y update kernel root# yum -y install kernel-devel kernel-headers gcc gcc-c++
In addition, -y is an option to execute as if all inquiries were answered with Yes. Is this really okay at the time of installation? It means to answer the question on the terminal such as Yes and proceed with the installation.
After installation, shut down CentOS, set Geust Additions to optical in VirtualBox, start it, click Activity → File → Guest Additions, run the software, and say “Install make, perl, gcc.” Error message.
root# yum install make perl gcc Since there is gcc, I will install other than that. Install below
After rebooting and running again, the error occurs again.
“Look at the log to see what went wrong.”
Look at /var/log/vboxadd-setup.log to find out what went wrong
Looking at the log, he said, “Please install one of the three.”
cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel
ʻElfutils-libelf-devel` was the only one I could install (there was no other match and I couldn’t install it). When I ran Guest Additions without restarting, the mouse was seamless.
After rebooting, you can copy and paste.
You can check the current time zone with the following command.
centos$ timedatectl status
Set in Japan.
centos$ timedatectl set-timezone Asia/Tokyo
Summary of what I did when I put CentOS in VirtualBox
Settings → Set network adapter 1 to NAT and adapter 2 to host-only adapter. If vboxnet0 is not automatically selected at this time, set the following VirtualBox and then set the adapter 2.
Note that NAT is for connecting to an external NW, and host-only adapter is for connecting to host ⇄ guest (ssh is planned).
Tools → Network
If vboxnet0 has not been created, click Create and vboxnet0 will be created.
Enter GUI operation with the following command.
-Edit enp0s3 (NAT).
Changed to enable automatic connection to ignore IPv6.
CentOS will be able to connect to the external Internet. NAT treats VirtualBox as a router and allows it to connect to the external Internet.
centos$ ping google.com
Check communication with the outside by such means.
-Edit enp0s8 (host-only adapter)
Set IPv4 manually and set the address. Check the address of vboxnet0 with the ʻifconfig` command on the host OS, and set an address different from that address (in the same segment. You can usually change the last number).
Example) vboxnet0 192.168.56.1/24 Host side IP address
IPv4 address 192.168.56.10/24 Guest side IP address
Also enable automatic connection.
Now you can connect with the guest OS and the host OS.
centos$ ping 192.168.56.1
Check the communication between guest ⇄ guest and host ⇄ guest.
- If the guest → host ping does not work, try pinging after disconnecting the host’s Internet and turning off the host’s firewall.
Creating a general user with root privileges
How to enable general users to execute commands that require root privileges
Created by user (test1).
root# useradd test1 root# passwd test1 ~Set password~
root# su - test1 test1$ id ~Turns out to be test1~
No password entered.
root# visudo -f /etc/sudoers.d/test test1 ALL=(ALL) NOPASSWD:ALL
The visudo command is a command to change the sudo authority, and edits the sudoers file that describes the sudo authority setting.
Option -f specifies the sudoers file.
Host name setting
root#nmcli general hostname host name root# cat /etc/hostname hostname
In CentOS8, firewalld and nftables are adopted as firewalls.
A combination of filter conditions called “zone” is created and rules are added.
Here, icmp, ssh, tcp are allowed, and ssh, tcp are allowed only from the host.
Basics of server construction 12 items to set after installing CentOS Linux 8
First, check the currently set zone.
root# firewall-cmd --get-default-zone public root# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces:Interface name sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Currently, the interface name is unconditionally allowed to connect to the cockpit, dhcpv6-client, and ssh services.
(1) After creating a new zone, (2) change the default public zone setting.
① Create new zone manage root# firewall-cmd --new-zone=manage --permanent Give the zone permission to connect root# firewall-cmd --zone=manage --set-target=ACCEPT --permanent SSH,Allow FTP root# firewall-cmd --zone=manage --add-service=ssh --permanent root# firewall-cmd --zone=manage --add-service=ftp --permanent Specify the IP address that allows connection root# firewall-cmd --zone=manage --add-source=IP address of the host/Prefix length--permanent Reflect the settings root# firewall-cmd --reload root# firewall-cmd --get-active-zones Reflected if there is manage (2) Delete the ssh connection permission from the public zone (because you can connect from all IP addresses) root# firewall-cmd --remove-service=ssh --zone=public --permanent root# firewall-cmd --reload root# firewall-cmd --list-all
permanent is an option to make it a permanent setting.
Automatic start / stop of unnecessary services
Stopping appropriate services will improve security and reduce the load on CPU and memory.
Stop the service referring to the following site.
When stopping, check the individual service name before doing so.
After the stop setting is completed, restart the server with
systemctl reboot to reflect it.
Pico Grill of Pichi Nushi
CentOS 8 service selection
systemd-Do not run unnecessary things on the server-Introduction to Linux security (1)
Red Hat Customer Portal
3.6. SYSTEMD optimization for faster startup time
[Sub-PC home server plan CentOS 7 version] Check services (daemons) and disable unnecessary ones
A service that automatically runs only once at a specified time. There is no setting by default, and there is no plan to use it, so stop.
-Import-state.service Boot the OS from the network storage. Stop because I won’t.
-Irabalance.service Interrupt processing is performed by multiple CPUs (normally only one CPU performs interrupt processing). Since the VM is set to one CPU, it is stopped.
There may be other services that can be stopped, but I’m not sure because there are many, so I won’t touch them.
Set the chronyd that automatically adjusts the server time with vi as follows, and restart with
systemctl restart chronyd.
# pool 2.centos.pool.ntp.org iburst commented pool ntp.jst.mfeed.ad.jp iburst
iburst is an option to make inquiries to the synchronization destination server four times in a row to accelerate time synchronization.
The above ntp.jst.mfeed.ad.jp server is provided free of charge in the “Internet Multifeed Time Information Service for Public” (https://www.mfeed.ad.jp/ntp/overview. html).
The time zone does not change automatically.
Check if it is reflected.
root# chronyc tracking If Leap status is Normaln, synchronization is OK. root# chronyc sources You can check the synchronization destination candidates.*Is the synchronization destination server.
First, create a general user (this time we have already done this).
Next, change the ssh settings using vi on the CentOS side as follows.
PermitRootLogin from yes to no.
This setting prevents ssh login as root, which improves security (since root has a broken user name, you can ssh login if you know the password, and you can connect root with ssh = security is bad. It becomes a state.).
About line 46 PermitRootLogin no AllowUsers username on the appropriate line Username
After entering edit mode with vi, the line number is added with
: set number, so it is easy to find it if you search after setting it.
Also, by adding a user name to ʻAllowUsers
, you can log in with ssh by limiting to that user (users not mentioned cannot log in). AllowUsers can specify not only CentOS users who allow ssh, but also the source IP address (to be exact, the host is specified), such as user name @ IP address`.
After that, restart with
systemctl restart sshd.service, reflect the settings, and then ssh login from the host. Yes because only the first connection is asked yes / no.
With this setting, password authentication will be performed instead of the public key method.
hogehoge% ssh -l root -b 192.168.56.1(Specify the IP address of vboxnet0 as the source) 192.168.56.10 [[email protected]'s password: Permission denied, please try again.
-l is the user’s specification and -b is the source address.
You can see that the root that could not log in is now rejected.
If you do not reach the password input screen, it means that ssh has not arrived, so check if you can ping at that time.
If you receive it, the NW settings will be correct, so check the firewall settings and ssh settings again.
If you do not receive the ping, the IP address may be incorrect.
-When setting the zone on the firewall, did you specify an appropriate IP address as the source IP address that allows ssh?
When communicating with the host ⇄ guest, communicate with the IP address of vboxnet0 instead of the IP address of the host that is normally used.
-Are the uppercase and lowercase letters of the user name set in the ssh configuration file really correct?
The case of the user name on the CentOS terminal and the user name on the GUI may differ.
This time, when changing the ssh configuration file, I am working without backing up the file, but in reality it is better to copy and back up before working.