Shulou(Shulou.com)06/03 Report--

What the editor shares today is a detailed interpretation of the server deployment specification, which you may be familiar with or have never known before. Let's take a look at it with the editor.

Declaration:

This deployment specification is collated and added according to the project requirements of previous work units. It is only used for project display and can not meet the requirements of some special companies. Please do not copy it.

The business operation of each company has its own characteristics, and it is necessary to formulate its own product delivery standards and requirements according to the operational characteristics of the company and the department.

You are welcome to conduct exchanges and discussions in order to produce detailed operating documents with a wider scope of application.

1. Definition of terms

Standard server: the server changes from bare metal state to running operating system and realizes public network connection and SSH login function, which does not include business customization running environment installation and debugging. The product delivered is the state of readiness before the deployment of the business operating environment.

2. Operating system

The operating system mainly refers to the Linux kernel-based distribution suite, unless otherwise specified, the operating system specified in this document refers to the Linux distribution suite.

I. preparatory work before implementation

1. Get the CPU architecture of the machine and determine whether the installable operating system is 32-bit or 64-bit.

2. Check the hardware composition information of the machine to determine whether it is supported by the hardware compatibility of the operating system.

3. Confirm the optional requirements of the operating system distribution with the demand side. If there are no specified requirements, install the 64-bit GUI-free basic environment system of the latest stable version of CentOS by default.

4. Confirm the partition requirements with the demand side. If there are no specified requirements, boot, root, home and data should be separately mounted on LVM, and ACL control should be enabled on data.

5. Confirm the firewall and SELinux requirements with the demand side. If there are no specified requirements, enable the default of Firewall, and enable the SELinux security control after the system is installed.

6. Confirm with the network resource management department the planning information of the IP address, whether to use IPV6 and the number of IP paragraphs and entries assigned to the current machine

7. Confirm with the host resource management department the planning of the host name and the host name assigned to the current host and the DNS resolution configuration

II. Operating system installation requirements

1. Use the standardized image customized in the image storage server as the installation source, and if the demand side has specified requirements, use the specified image as the system installation source.

2. The installation language is "English (USA)". If there are specified requirements on the demand side, install the specified language.

3. Select "New York (US East)" in the time zone, and select the specified language if there are specified requirements on the demand side.

4. With regard to disk partitions, we should first divide boot of not less than 1024m, then establish LVM, and divide root, home and data of not less than 10240m on LVM. If the demand side has specified requirements, the disk will be partitioned in accordance with the specified requirements.

5. With regard to the file system format, ext4 is mounted by default. If there is a specified requirement on the demand side, the specified file system is mounted.

6. With regard to the management of LVM, LVM Group Name is uniformly named by LVMgroup (marked with Arabic numerals counting from 0); the mount point of Logic Vloume Name installation partition is named, if the mount point is root, it is named root

7. As to whether or not to divide swap, it will not be divided by default, but if there are specified requirements on the demand side, the size of swap will be divided according to the specified requirements. If the swap is divided, the Logic Vloume Name should be named swap

8. With regard to the configuration of IP address, the static address of IPv4 is preferred. It is recommended that during the installation process, fill in the main IP and check boot, and fill in the assigned gateway and master DNS

9. with regard to the setting of the host name, all the meaningful words in lowercase English are spelled uniformly.

10. with regard to the setting of the accident password, uniformly generate the 16-bit strong password according to the random password generation program provided in the software tool storage server, record it and hand it over to the demand side.

11. For system components, select "Base System" by default, do not check the GUI environment package, and install vim, gcc, ftp and Chinese language support by default.

III. Initialization configuration after installation of the operating system

1. Modify the file / etc/inittab to confirm that the default runlevel is 3, that is, id:3:initdefault:

2. Create a system sub-root administrative user and set an initial random password of 16 bits.

3. Modify the file / etc/ssh/sshd_config, turn off the SSH login rights of root users, modify the default port number of SSH and record and hand it over to the demand side (if the demand side has specified requirements, configure them according to the specified requirements)

4. Configuration file / etc/sudoers, which gives the secondary root administrative user the right to obtain temporary root

5. Execute setup to cancel unnecessary system boot service.

6. Make the first backup of / etc/sysconfig/network-scripts/, / etc/fstab, / etc/system, / etc/rc.d/rc.sysinit and other key files and directories in the system. The backup directory defaults to / home/systemoriginal/.

7. Perform the first software repository and system component update to the current system

8. Set ACL control permissions on the data directory. Currently, only sub-root administrative users are allowed to read and write to this directory, setfacl-m d:USERNAME:rwx / data

9. Make a check to delete the initialization settings, and record the inspection conclusion in the delivery document. After it is correct, turn on the firewall and SELinux control of OS.

IV. Delivery of standardized machines

1. Record the assets and store the standard servers that have completed the initialization configuration.

2. Submit the delivery documents and verification conclusions generated during the deployment and implementation to host resource management, network resource management, business resource management, asset management and the department's operation and maintenance knowledge base, respectively.

3. Hand over the standard server assets to the product delivery department and receive the telegram receipt.

As a senior professional cloud computing service provider and cloud security service provider in the industry, it is committed to providing cloud host rental services such as "cloud servers, bare metal servers, high defense servers, Hong Kong servers, American servers" and comprehensive solutions on cloud for the vast number of Internet enterprise users and enterprise users in traditional industries. It has the characteristics and advantages of "security and stability, easy to use, high service availability, high performance-to-price ratio". It is specially customized for enterprises on the cloud, and can meet the needs of rich and diversified application scenarios.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.