= Red Hat 6.5 Post Install =

**Summary**: All sorts of things to configure after installing a Red Hat server. \\
**Date**: Around 2014 \\
**Refactor**: 29 March 2025: Checked links and formatting. \\
{{tags>redhat linux}}


> Note that if you experience the GSSAPI errors in the /var/log/messages logfile and experience slow logon times you should disable LDAP referral in the config file, see [[fixredhatgssapi]]

After creating a server with kickstart from [[redhat65management]] you need to do some more configuration depending on the exact machine. This post install page will tell you all the steps but change details depending on your requirements:

= Create Extra Disks =

First list the devices of the system so you can locate the new disk:
* ls /dev/
Partition the new disk with LVM:
* sudo fdisk -cu /dev/sdd
  * Command: n (Add a new partition)
    * Partition number: 1
    * Keep defaults for sectors (use entire disk)
  * Command: t (change a partition's system id)
    * 8e (for Linux LVM)
  * Command: w (write table to disk and exit)
Show current Volume Groups:
* sudo vgs
Create new volume group on the partitioned disk:
* sudo vgcreate vg_rhapplserver_data /dev/sdd1
Create a logical volume in the volume group:
* sudo lvcreate -n data -l 100%FREE vg_rhapplserver_data
Create the mountpoint:
* sudo mkdir /data
Format the filesystem on the logical volume:
* sudo mkfs.ext4 /dev/vg_rhapplserver_data/data
Add the filesystem to the /etc/fstab file:
* sudo vim /etc/fstab
<code>
/dev/mapper/vg_rhapplserver_data-data /data                 ext4    defaults        1 2
</code>
Mount the filesystem:
* sudo mount /data

= Add Local Application Users =

Request all users to check which user ids (uid) are in use:

<code>
cut -d: -f1,3 /etc/passwd
</code>

Local application users should have a uid over 50000. To create the user issue this command:
<code>
sudo mkdir -p /appl/
sudo useradd --uid 55555 -p 'XXXXXXXXXXXXXXXXX' -d /appl/appl1user -m appl1user
</code>
Don't forget to put the password in KeePass.

= Create NFS Shares =

> Note that the NFS share creation should take place here: [[redhatnfsserver]]

To prevent that users are not recognized as file owners edit the /etc/idmapd.conf:
<code>
[adminsjoerd@nfsserver rhmgmtsrv-jobs]$ egrep -v '^#|^$' /etc/idmapd.conf
[General]
Domain = getshifting.local
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
</code>
Also create the applicationuser on the NFS server as well with the same id:
<code>
[adminsjoerd@nfsserver ~]$ sudo useradd --uid 55555 appl1user
--- now files are created as expected instead of as nobody:nobody
</code>

One server specific share is needed and needs to be created, and the server shared temp directory which is used to transfer data between servers is also needed.

NFS shares:

* /appl/scriptlogs (100 GB)
  * sudo mkdir /data/rhmgmtsrv-jobs
  * sudo chown -R 55555:55555 /data/rhmgmtsrv-jobs/
* /appl/appl_tmp (50 GB)

> Note:
For the mixed NFS share for local and AD accounts as is the case for the interface share this setup is preferred:
<code>
[adminsjoerd@nfsserver biztalk-acp]$ sudo chown -R srv-linux-bizacc:55555 /data/biztalk-acp/appl1/
[adminsjoerd@nfsserver biztalk-acp]$ sudo chown -R srv-linux-bizacc:55556 /data/biztalk-acp/appl2/
[adminsjoerd@nfsserver biztalk-acp]$ sudo chown -R srv-linux-bizacc:55554 /data/biztalk-acp/appl3/
[adminsjoerd@nfsserver biztalk-acp]$ sudo chmod g+w appl3/
[adminsjoerd@nfsserver biztalk-acp]$ sudo chmod g+w appl2/
[adminsjoerd@nfsserver biztalk-acp]$ sudo chmod g+w appl1/
drwxrwxr-x. 2 srv-linux-bizacc appl3user     4096 Sep 11 13:53 appl3
drwxrwxr-x. 2 srv-linux-bizacc appl2user     4096 Sep 11 11:43 appl2
drwxrwxr-x. 2 srv-linux-bizacc appl1user 4096 Sep 11 11:43 appl1
</code>

Add the servers specific share to the /etc/exports file on the NFS server, and check if the server has access to the appl_tmp share:

<code>
[adminsjoerd@nfsserver ~]$ cat /etc/exports
# Share the home directory will all redhat 6.5 servers
/data/all-servers-home applprda4*.getshifting.local(rw,sync)
/data/all-servers-home applprdd4*.getshifting.local(rw,sync)
/data/all-servers-home applacpa4*.getshifting.local(rw,sync)
/data/all-servers-home applacpd4*.getshifting.local(rw,sync)
/data/all-servers-home applacta0*.getshifting.local(rw,sync)
/data/all-servers-home applactd0*.getshifting.local(rw,sync)
/data/all-servers-home rhapplserver.getshifting.local(rw,sync)
# Share the appl_home directory will all unix and redhat servers
/data/all-servers-appl_tmp applprd*.getshifting.local(rw,sync)
/data/all-servers-appl_tmp applacp*.getshifting.local(rw,sync)
/data/all-servers-appl_tmp applact*.getshifting.local(rw,sync)
# Server specific shares
/data/rhmgmtsrv-jobs rhmgmtsrv.getshifting.local(rw,sync,fsid=0)
</code>

After adding the share to the exports file, export the shares:
<code>
sudo exportfs -ra
</code>

You can check if the export was successful using the showmount command:
<code>
[adminsjoerd@nfsserver data]$ showmount -e
Export list for nfsserver.getshifting.local:
/data/all-servers-appl_tmp applact*.getshifting.local,applacp*.getshifting.local,applprd*.getshifting.local
/data/rhmgmtsrv-jobs      rhmgmtsrv.getshifting.local
/data/all-servers-home     applactd0*.getshifting.local,applacta0*.getshifting.local,applacpd4*.getshifting.local,applacpa4*.getshifting.local,applprdd4*.getshifting.local,applprda4*.getshifting.local,rhapplserver.getshifting.local
</code>

> Note that the fsid=0 has something to do with NFS4, if I don't us it I get the error: mount.nfs4: mounting nfsserver:/data/rhmgmtsrv-jobs failed, reason given by server: No such file or directory

= Mount NFS Shares =

To prevent that users are not recognized as file owners edit the /etc/idmapd.conf:
<code>
[adminsjoerd@rhmgmtsrv]$ egrep -v '^#|^$' /etc/idmapd.conf
[General]
Domain = getshifting.local
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
</code>


After creating the NFS shares on the NFS server you now have to add them to the NFS client to use them. First make the mountpoints:

<code>
sudo mkdir -p /appl/scriptlogs
sudo mkdir /appl/appl_tmp
</code>

Then add the mount to the /etc/fstab file so the mounts will be automatically mounted after a restart:
<code>
nfsserver:/data/rhmgmtsrv-jobs      /appl/scriptlogs     nfs     hard,intr,rsize=8192,wsize=8192     0 0
nfsserver:/data/all-servers-appl_tmp      /appl/appl_tmp     nfs     hard,intr,rsize=8192,wsize=8192     0 0
</code>

If the mount is being used for oracle backup you need these settings:
<code>
bcksrv:Oracle       /dbbackup               nfs     rw,rsize=32768,wsize=32768,hard,nointr,bg,nfsvers=3,tcp,actimeo=0,timeo=600 0 0
</code>

The nfs mount options have the following results:
* hard/intr: The program accessing a file on a NFS mounted file system will hang when the server crashes. The process cannot be interrupted or killed (except by a "sure kill") unless you also specify intr. When the NFS server is back online the program will continue undisturbed from where it was. It is usually recommended to use hard mounts over soft mounts, as soft mounts could result in corrupted data.
* rsize=n and wsize=n: These specify the datagram size used by the NFS clients on read and write requests. We increase the block size to 8 K to obtain better performance because most files that will be placed on the mount will be big files.

Mount the shares like this:
<code>
sudo mount /appl/scriptlogs
sudo mount /appl/appl_tmp
</code>

= Create Other Local Directories And Set Permissions =

The two required directories should been created while creating the user and the mountpoints for the NFS shares. Check this and set the required permissions:
<code>
sudo mkdir /appl/appldata
sudo mkdir /appl/applcode
</code>

Set ownership:
<code>
sudo chown -R appl1user:appl1user /appl/appldata
sudo chown -R appl1user:appl1user /appl/applcode
</code>

For the Biztalk user (from Active Directory) the homedir in the userobject should be set to /appl/interfaces, make sure that directory also exists:

<code>
sudo mkdir /appl/appldata/acp/interfaces
</code>

Set the ownership as well:
<code>
sudo chown -R srv-linux-bizacp:UNIX-SRV-Accounts /appl/appldata/acp/interfaces
</code>

= SSH Access =

Make sure members of the three Unix Administrator groups can access the server over ssh by adding the groups in the /etc/ssh/sshd_config file:
<code>
# Only allow users in these groups to access over ssh
AllowGroups UNIX-Server-Admins UNIX-Server-AppM UNIX-SRV-Accounts
</code>

Then restart ssh daemon:
<code>
sudo service sshd restart
</code>

= Sudo =

Make sure members of the UNIX-Server-AppM can use sudo to switch to the local application user. That way they don't need to type the password of the users every time they have to do something. To configure this add a Command Aliases group to the sudoers file and allow the group to use that commandgroup:

<code>
Cmnd_Alias AMSU = /bin/su - appl1user
%UNIX-Server-AppM ALL=(ALL) NOPASSWD: AMSU
</code>

The part ALL=(ALL) means:
* ALL = on all servers
* (ALL) = As all users


= Firewall =

Open required ports:

<code>
[adminsjoerd@rhmgmtsrv appl_tmp]$ sudo iptables -I INPUT -p tcp --dport 21000 -j ACCEPT
[adminsjoerd@rhmgmtsrv appl_tmp]$ sudo iptables -I INPUT -p tcp --dport 22000 -j ACCEPT
[adminsjoerd@rhmgmtsrv appl_tmp]$ sudo service iptables save
</code>

= Other =

* Add the server to the correct backup policy in netbackup on the bckprdc01.
* Add the server to the CMDB
* Add the server to SCOM

= Markets User Limits =

Create the file /etc/security/limits.d/99-appl1user-limits.conf and add the following lines:

<code>
appl1user soft nproc 50000
appl1user hard nproc 709150
appl1user soft nofile 10000
appl1user hard nofile 10000
</code>

= Oracle Client Permissions =

Set the permissions so user can start the oracle client:
<code>
[adminsjoerd@applacta003 opt]$ sudo chmod -R go+rx oracle/
</code>