< Prerequisite: Install Centos 8.4
Typically this is a one time installation. Not to much automation here, just follow step by step with copy&paste
.
Clone this project to your home desktop e.g. your user home directory.
[home@home]
cd ~/
git clone https://github.com/disposab1e/okd-lab.git
To follow the copy&paste style of this guide it can be useful to set the IP address of your host to some commands. Just use your favorite tool and replace YO.UR.I.P
in this README.md
with your public IP address.
Accept all settings and use NO passphrase.
[home@home]
ssh-keygen -f ~/.ssh/okd_lab_id_rsa
[home@home]
ssh-copy-id -i ~/.ssh/okd_lab_id_rsa.pub lab@YO.UR.I.P
[home@home]
vi ~/.ssh/config
# Add to your existing file:
Host lab
HostName YO.UR.I.P
IdentityFile ~/.ssh/okd_lab_id_rsa
User lab
Host bastion-lab
HostName 10.0.0.2
ProxyJump YO.UR.I.P
User lab
ForwardAgent yes
Host bastion-root
HostName 10.0.0.2
ProxyJump YO.UR.I.P
User root
ForwardAgent yes
[home@home]
ssh lab@YO.UR.I.P
[lab@lab]
sudo tee -a /etc/sudoers << END
lab ALL=(ALL) NOPASSWD:ALL
END
[lab@lab]
sudo dnf -y update
[lab@lab]
sudo sed -i "s/PermitRootLogin yes/PermitRootLogin no/g" /etc/ssh/sshd_config
sudo sed -i "s/#PubkeyAuthentication yes/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
sudo sed -i "s/PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
sudo sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
sudo systemctl restart sshd
[lab@lab]
sudo passwd lab
choose: lab
[lab@lab]
sudo passwd root
choose: root
[lab@lab]
sudo dnf -y groupinstall "Server with GUI"
[lab@lab]
sudo dnf -y install tigervnc tigervnc-server
[lab@lab]
sudo bash -c 'cat << EOF > /etc/tigervnc/vncserver.users
:1=lab
EOF'
sudo bash -c 'cat << EOF > /etc/tigervnc/vncserver-config-defaults
session=gnome
alwaysshared
localhost
geometry=2560x1440
EOF'
[lab@lab]
vncpasswd
choose: vnclab
Choose "n" at the end
[lab@lab]
sudo systemctl enable --now vncserver@:1
[lab@lab]
sudo ln -sf /lib/systemd/system/runlevel3.target /etc/systemd/system/default.target
[lab@lab]
sudo systemctl stop cups
sudo systemctl disable cups
sudo systemctl mask cups
sudo systemctl stop rpcbind
sudo systemctl disable rpcbind
sudo systemctl mask rpcbind
sudo systemctl stop rpcbind.socket
sudo systemctl disable rpcbind.socket
sudo systemctl mask rpcbind.socket
sudo systemctl stop avahi-daemon
sudo systemctl disable avahi-daemon
sudo systemctl mask avahi-daemon
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
sudo systemctl mask ModemManager
sudo systemctl disable bluetooth
sudo systemctl mask bluetooth
sudo systemctl stop geoclue
sudo systemctl disable geoclue
sudo systemctl mask geoclue
sudo systemctl stop mcelog
sudo systemctl disable mcelog
sudo systemctl mask mcelog
sudo systemctl stop kdump
sudo systemctl disable kdump
sudo systemctl mask kdump
sudo systemctl stop mdmonitor
sudo systemctl disable mdmonitor
sudo systemctl mask mdmonitor
[lab@lab]
sudo firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
sudo firewall-cmd --reload
sudo firewall-cmd --zone=public --list-all
[lab@lab]
sudo dnf -y install cockpit cockpit-machines cockpit-networkmanager
sudo systemctl enable cockpit.socket
sudo mkdir /etc/systemd/system/cockpit.socket.d
sudo bash -c 'cat << EOF > /etc/systemd/system/cockpit.socket.d/listen.conf
[Socket]
ListenStream=
ListenStream=127.0.0.1:9090
EOF'
sudo systemctl daemon-reload
sudo systemctl restart cockpit.socket
[lab@lab]
sudo firewall-cmd --permanent --zone=public --remove-service=cockpit
sudo firewall-cmd --reload
sudo firewall-cmd --zone=public --list-all
[lab@lab]
sudo dnf -y install @virtualization-client
[lab@lab]
sudo usermod -aG libvirt lab
newgrp libvirt
[lab@lab]
sudo dnf -y install epel-release
sudo dnf -y install ansible git git-lfs
[lab@lab]
sudo dnf -y install nmap
sudo lsof -n -i TCP| fgrep LISTEN
nmap -sT YO.UR.I.P
sudo nmap -sU YO.UR.I.P
[lab@lab]
sudo reboot
[home@home]
ssh -C -L 0.0.0.0:5901:localhost:5901 -N lab@YO.UR.I.P
- System Tools Settings: Power - Never Blank Screen
- System Tools Settings: Privacy - Screen Lock - Off
Next > Provision infrastructure