Difference between revisions of "CentOS 7 Igel Cloud Gateway"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) (Created page with "==Purpose== To install the Igel Cloud Gateway on CentOS 7 in AWS. Reason for CentOS is for an instance pre-configured with SELinux. Officially Igel supports RHEL 7, but there...") |
Michael.mast (talk | contribs) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
To install the Igel Cloud Gateway on CentOS 7 in AWS. Reason for CentOS is for an instance pre-configured with SELinux. Officially Igel supports RHEL 7, but there are some changes I needed to make to get things to work with CentOS. | To install the Igel Cloud Gateway on CentOS 7 in AWS. Reason for CentOS is for an instance pre-configured with SELinux. Officially Igel supports RHEL 7, but there are some changes I needed to make to get things to work with CentOS. | ||
==Prep CentOS Image== | ==Prep CentOS Image== | ||
| + | *Update | ||
| + | <pre>sudo yum upgrade -y</pre> | ||
| + | *Install python<ref>https://kb.igel.com/igelicg-2.01/preparing-the-linux-machine-19181657.html</ref>. At the time of writing Igel supports Python 2.7 which CentOS 7 ships with. However, this is going EoL<ref>https://pythonclock.org/</ref> and it would be good to run something newer. The only issue we will run into is that CentOS 7 requires python2.7 to work properly (i.e. yum) | ||
| + | <pre> | ||
| + | sudo yum install python3 | ||
| + | </pre> | ||
| + | *Create dedicated user and add to wheel group (this can be done with single command, but I forgot). | ||
| + | <pre> | ||
| + | sudo useradd igel | ||
| + | sudo passwd igel | ||
| + | sudo usermod -G wheel igel | ||
| + | </pre> | ||
| + | *create bash alias to use python3 by adding the following to bashrc for the igel user (This is still a work in progress, and will not enforce the use of python3) | ||
| + | <pre>alias python='/usr/bin/python3'</pre> | ||
| + | *Update sshd.conf to allow the igel user to use password authentication. | ||
| + | <pre> | ||
| + | Match User igel | ||
| + | PasswordAuthentication yes | ||
| + | </pre> | ||
| + | |||
| + | ==Deploy Using UMS== | ||
| + | |||
| + | ===Disabling IPv6=== | ||
| + | This was originally added because I had routing issues on my instance, but was able to resolve it so this is not necessary. | ||
*If not using IPv6, disable it.<ref>https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-ipv6/</ref> (I do not condone this, but my environment has third party support that is scared of IPv6) | *If not using IPv6, disable it.<ref>https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-ipv6/</ref> (I do not condone this, but my environment has third party support that is scared of IPv6) | ||
| − | *Append the following to /etc/sysctl.conf | + | *Append the following to /etc/sysctl.conf <ref>https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-ipv6/</ref> |
<pre> | <pre> | ||
net.ipv6.conf.all.disable_ipv6 = 1 | net.ipv6.conf.all.disable_ipv6 = 1 | ||
| Line 14: | Line 38: | ||
net.ipv6.conf.default.disable_ipv6 = 1 | net.ipv6.conf.default.disable_ipv6 = 1 | ||
</pre> | </pre> | ||
| − | <ref> | + | *Add the following to the yum config /etc/yum.conf <ref>http://blogoless.blogspot.com/2014/12/centos-7-ipv6-and-yum.html</ref> |
| + | <pre> | ||
| + | ip_resolve=4 | ||
| + | </pre> | ||
Latest revision as of 14:20, 11 November 2019
Purpose
To install the Igel Cloud Gateway on CentOS 7 in AWS. Reason for CentOS is for an instance pre-configured with SELinux. Officially Igel supports RHEL 7, but there are some changes I needed to make to get things to work with CentOS.
Prep CentOS Image
- Update
sudo yum upgrade -y
- Install python[1]. At the time of writing Igel supports Python 2.7 which CentOS 7 ships with. However, this is going EoL[2] and it would be good to run something newer. The only issue we will run into is that CentOS 7 requires python2.7 to work properly (i.e. yum)
sudo yum install python3
- Create dedicated user and add to wheel group (this can be done with single command, but I forgot).
sudo useradd igel sudo passwd igel sudo usermod -G wheel igel
- create bash alias to use python3 by adding the following to bashrc for the igel user (This is still a work in progress, and will not enforce the use of python3)
alias python='/usr/bin/python3'
- Update sshd.conf to allow the igel user to use password authentication.
Match User igel
PasswordAuthentication yes
Deploy Using UMS
Disabling IPv6
This was originally added because I had routing issues on my instance, but was able to resolve it so this is not necessary.
- If not using IPv6, disable it.[3] (I do not condone this, but my environment has third party support that is scared of IPv6)
- Append the following to /etc/sysctl.conf [4]
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
- Reload the config to apply
[centos@ip ~]$ sudo sysctl -p net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1
- Add the following to the yum config /etc/yum.conf [5]
ip_resolve=4
- ↑ https://kb.igel.com/igelicg-2.01/preparing-the-linux-machine-19181657.html
- ↑ https://pythonclock.org/
- ↑ https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-ipv6/
- ↑ https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-ipv6/
- ↑ http://blogoless.blogspot.com/2014/12/centos-7-ipv6-and-yum.html
