statement:
This deployment specification is based on my previous workplace projects require finishing additions made, only for projects demonstrate the use, can not meet the special requirements of the company, do not copy.
Each company's business operations have their own characteristics, need to develop their own standards and requirements to deliver products according to the company, operational characteristics of this sector.
Fang welcome you to discuss the exchange, in order to produce a document with details of the operation of a larger scope.
1, the terms defined
standard server: a metal bare server running the operating system and the state to implement the public network connection and SSH login function, does not contain customized business operating environment installation and commissioning. The product is delivered ready to run the business environment before deployment.
2, the operating system
operating system mainly refers to the release of the suite based on Linux kernel, unless otherwise noted, the agreement refers to the operating system Linux distribution kit.
A preparation before implementation
1, access to the machine's CPU architecture, determine the installed operating system is 32-bit or 64-bit;
2, view the machine's hardware information, determine whether the hardware compatibility support by the operating system;
3, and demand-side operating system release confirmed version of the optional requirements, without the specified requirements, the default 64-bit basic environment installation CentOS latest stable version without the GUI;
4, and needs confirmation partition needs, without the specified requirements, boot, root, home, data should be divided LVM mount the individual, and turn on the ACL control Data;
. 5, and needs confirmation firewall and SELinux needs, without the specified requirements, firewall open after the default, open system installed SELinux security control;
6, network resources, and management and planning information to confirm the IP address, and whether to use the current IP IPV6 paragraph and article number of machines allocated;
configuration 7, and host resource management planning department confirmed that the host name and host name of the current host is assigned, DNS parsing;
Second, the operating system installation requirements
1, using customized image storage server through normalized image as the installation source, such as the demand side has specified requirements, will be designated as system installation source mirror;
2, installation language "English (United States)", as the demand side has designated requirements, the installation of the specified language;
3, time zone, select "New York (US East)", as the demand side has specified requirements, select the specified language;
4, on disk partitions, boot should be divided into no less than 1024M, and then build LVM on no less than 10240M LVM partitioning of root and home, data. Demand side has specified requirements, in accordance with the requirements specified disk partition;
5, on the file system format, the default mount ext4, the demand side has specified requirements, specified file system is mounted;
6, on the management of LVM, LVM Group Name uniform with LVMgroup name (where indicated start counting from zero digit); Logic Vloume name name installation partition mount point name, such as the root mount point, the name the root;
. 7, whether the division swap, not the default division, but the demand side has specified requirements, as specified in claim dividing the size of the swap. If the division of the swap, the Logic Vloume Name should be named swap;
8, the configuration of the IP address, priority allocation of static IPv4 addresses. Fill in the main recommendations during installation IP and check the boot, and fill the assigned main gateway and the DNS;
9, set on the host name, uniform application of the real meaning of the word lowercase spelling;
10, about the accident password settings, generate a unified 16-bit strong passwords in random password generator tool storage server software provided, and make a record, handed over to the demand side;
11, about system components, the default selection "Base system", do not hook option GUI environment package, default install vim, gcc, ftp, Chinese language support.
Third, after initializing the operating system installed configuration
1, modify the file / etc / inittab, confirm the default run level 3, namely the above mentioned id: 3: initdefault:;
2, create a user management system sub-root level and set the initial 16-bit random password;
3, modify the file / etc / ssh / sshd_config, close SSH root user login permissions, modify the default SSH port number and make a record handed over to the demand side (such as the demand side has specified requirements are in accordance with the requirements specified configuration);
4, the configuration file / etc / sudoers, given time root-level user management to obtain temporary permission to the root;
5, to perform setup, eliminating unnecessary system boot services;
6, in the system / etc / sysconfig / network-scripts /, / etc / fstab, / etc / system, /etc/rc.d/rc.sysinit and other critical files and directories do the initial backup, backup directory defaults to / Home / systemoriginal /;
7, the first implementation of the depot system components and update the current system;
8, to set data directory ACL control authority, currently only allow the secondary root level administrative users read and write to this directory, the setfacl -md: USERNAME: rwx / the Data;
9, to delete the initial setup for a checkup and inspection results recorded in the delivery document, After mistakenly open OS firewall and SELinux control.
Fourth, the delivery of standardized machine
1, the standard server to complete the initial configuration of assets for the record, warehousing;
2, will be deployed to deliver documents and verify the implementation of the conclusions generated in the process were submitted to the host resource management, network resource management, business resource management, asset management and the department operation and maintenance knowledge base;
3, the transfer of assets to a standard server product delivery department and receives electrical signed receipt.
孟伯,20200312
交流联系:WeChat 1807479153;QQ 1807479153 ;Phone:177 3781 5124