Sunday, 24 November 2019

NIS - NFS - autofs - bind - router, apache vhosts, Cert - iSCSI Reference

NIS - NFS  - BIND

yum install ypserv / apt install ypserv
yum install rpcbind /apt install rpcbidn
ypdomainname nis-server  / apt install nis-server

# cat /etc/sysconfig/network
# Created by cloud-init on instance boot automatically, do not edit.
#
NETWORKING=yes
NISDOMAIN=nis-server
# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

172.16.0.12     nis-server
172.16.0.14     nis-client


systemctl start rpcbind ypserv ypxfrd yppasswdd
systemctl enable rpcbind ypserv ypxfrd yppasswdd
/usr/lib64/yp/ypinit -m (for ubunto /usr/lib/yp/ypinit -m)
useradd -g 1024 -u 1024 testuser01


yum install nfs-utils
# cat /etc/exports
/home   172.16.0.0/28(rw,no_root_squash)
[root@ip-172-16-0-12 ~]# showmount -e
Export list for ip-172-16-0-12.ec2.internal:
/home 172.16.0.0/28

firewall-cmd --add-service=nfs --permanent
firwall-cmd --add-service{nfs3,mountd,rpc-bind} --permanent
firewall-cmd --reload

systemctl start rpcind nfs-server
systemctl enable rpcbind nfs-server


NIS and NFS Client


[root@nis-client ~]# yum install ypbind rpcbind nfs-utils
[root@nis-client ~]# ypdomainname nis-server
[root@nis-client ~]# echo "172.16.0.12 nis-server" >> /etc/sysconfig/network
[root@nis-client ~]# echo "172.16.0.12 nis-server" >> /etc/hosts
[root@nis-client ~]# echo "172.16.0.9 nis-client" >> /etc/hosts

[root@nis-client ~]# authconfig --enablenis --nisdomain=nis-server --nisserver=nis-server --enablemkhomedir --update
[root@nis-client ~]# systemctl start rpcbind ypbind
[root@nis-client ~]# systemctl enable rpcbind ypbind
ypwhich
[root@nis-client /]# mount nis-server:/home /home
[root@nis-client /]# vi /etc/fstab

reference: https://www.server-world.info/en

Automount using autofs

root@debian01:/photos# apt-get install autofs
root@debian01:~# showmount -e server1
Export list for server1:
/movies 172.18.14.0/24
/photos 172.18.14.0/24
/users  172.18.14.0/24,192.168.10.0/24

mkdir /nfs
vim /etc/auto.master
/nfs /etc/auto.photos

vim /etc/auto.photos
phtos server1:/photos
movies server1:/movies

service autofs start

root@debian01:~# df -h
Filesystem                 Size  Used Avail Use% Mounted on
rootfs                     4.5G  3.7G  596M  87% /
udev                        10M     0   10M   0% /dev
tmpfs                      208M  604K  207M   1% /run
/dev/mapper/debian01-root  4.5G  3.7G  596M  87% /
tmpfs                      5.0M     0  5.0M   0% /run/lock
tmpfs                      415M  224K  415M   1% /run/shm
/dev/sda1                  228M   32M  185M  15% /boot
/dev/sr0                   1.1G  1.1G     0 100% /media/cdrom0
root@debian01:~# ls /nfs
movies  photos
root@debian01:~# ls /nfs/movies/
movie1.mpeg  movie2.mpeg
root@debian01:~# ls /nfs/photos
photo1.jpg  photo2.jpg
root@debian01:~# df -h
Filesystem                 Size  Used Avail Use% Mounted on
rootfs                     4.5G  3.7G  596M  87% /
udev                        10M     0   10M   0% /dev
tmpfs                      208M  604K  207M   1% /run
/dev/mapper/debian01-root  4.5G  3.7G  596M  87% /
tmpfs                      5.0M     0  5.0M   0% /run/lock
tmpfs                      415M  224K  415M   1% /run/shm
/dev/sda1                  228M   32M  185M  15% /boot
/dev/sr0                   1.1G  1.1G     0 100% /media/cdrom0
server1:/movies            3.5G  1.4G  2.2G  39% /nfs/movies
server1:/photos            3.5G  1.4G  2.2G  39% /nfs/photos
root@debian01:~#



BIND

yum install bind
[root@rac1 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1;192.168.4.21; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost;192.168.4.0/24;192.168.5.0/24; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "testlab.com" IN {
type master;
file "forward.testlab.com";
allow-update { none; };
};
zone "4.168.192.in-addr-arpa" IN {
type master;
file "reverse.testlab.com";
allow-update { none; };
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@rac1 ~]# cat /var/named/forward.testlab.com
$TTL 86400
@       IN      SOA     rac1.testlab.com.       root.testlab.com. (
        2011071001  ;Serial
       1800        ;Retry
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          rac1.testlab.com.
@      IN  A           192.168.4.21

rac1-vip         IN  A           192.168.4.31

rac1-priv        IN  A           192.168.5.21
rac2             IN  A           192.168.4.22
rac2-vip         IN  A           192.168.4.32
rac2-priv        IN  A           192.168.5.22
scan             IN  A           192.168.5.26
scan             IN  A           192.168.5.27
scan             IN  A           192.168.5.28
rac1            IN      A       192.169.4.21
[root@rac1 ~]# cat /var/named/reverse.testlab.com
$TTL 86400
@       IN      SOA     rac1.testlab.com.       root.testlab.com. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          rac1.testlab.com.
@    IN  A              192.168.1.21
rac1    IN      A       192.168.1.21


10      IN      PTR     rac1-vip

20      IN      PTR     rac1-priv
30      IN      PTR     rac2
40      IN      PTR     rac2-vip
50      IN      PTR     rac2-priv
60      IN      PTR     scan
61      IN      PTR     scan
62      IN      PTR     scan
[root@serv1
[root@serv1 named]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="bab7d116-b33a-43ff-b27e-bf2a1bd1dce4"
DEVICE="eth0"
ONBOOT="yes"
IPV6_PRIVACY="no"
# this is required to stop changing /etc/resolve.conf using dhcp-client script
PEERDNS=no

[root@serv1 named]# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search testlab.com mshome.net
nameserver 192.168.1.10
nameserver 172.18.14.4

------ Troubleshooting

named-checkconf /etc/named.conf
named-checkconf -z /etc/named.conf
named-checkzone testlab.com /var/named/forward.testlab.com
named-checkszone testlab.com /var/named/reverse.testlab.com

service named restart
systemctl restart named
-------------------





[root@server1 ~]# named-checkconf -z
zone logic.com/IN: loaded serial 2011071001
zone 10.10.168.192.in.addr-arpa/IN: loaded serial 2011071001
zone logic1.com/IN: loaded serial 2011071001
zone 11.10.168.192.in.addr-arpa/IN: loaded serial 2011071001
zone logic20.com/IN: loaded serial 2011071001
zone 12.11.168.192.in.addr-arpa/IN: loaded serial 2011071001
zone logic21.com/IN: loaded serial 2011071001
zone logic22.com/IN: loaded serial 2011071001
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0


[root@client2 conf.d]# httpd -S
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server client2.logic20.com (/etc/httpd/conf.d/logic20.conf:1)
         port 80 namevhost client2.logic20.com (/etc/httpd/conf.d/logic20.conf:1)
                 alias logic20.com
         port 80 namevhost client2.logic21.com (/etc/httpd/conf.d/logic21.conf:1)
                 alias logic21.com
         port 80 namevhost client2.logic22.com (/etc/httpd/conf.d/logic22.conf:1)
                 alias logic22.com
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authn-socache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex proxy: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

elinks logic.com  -- on server1
elinks loigc1.com -- on client1
elinks loigc20.com -- on client2
elinks loigc21.com -- on client2
elinks logic22.com -- on client2

Router

Client
ifconfig enp0s8 10.0.0.1 netmask 255.255.255.0
sudo route add default gw 10.0.0.254
/etc/resolv.conf
nameserver 8.8.8.8

Server
ifconfig enp0s8 10.0.0.254 255.255.255.0
iptables -L -r
--enable masquerading
sudo iptables --table nat --append POSTROUTING --out-nterface enp0s3 -j MASQUERADE
--enable ipforwarding
sudo iptables --append FORWAARD --in-interface enp0s8 -j ACCEPT
--eanble ip forwarding on sysctl system

sudo sysctl -w net.ipv4.ip_forward=1
iptables-save
sudo sh -c "iptables-save > /etc/iptables.rules"
iptables-restore < /etc/iptables.rules


for firewalld
# firewall-cmd --direct --permanent --add-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE
# firewall-cmd --direct --permanent  --add-rule ipv4 filter FORWARD 0 -i eth1 -o eth0 -j ACCEPT
# firewall-cmd --direct  --permanent --add-rule ipv4 filter FORWARD 0 -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# firewall-cmd --reload


[root@server1 ~]# firewall-cmd --permanent --add-service http
success
[root@server1 ~]# firewall-cmd --permanent --add-service  dns
success
[root@server1 ~]# firewall-cmd --permanent --add-service  nfs


eth0 connected to internet for out traffic
eth1 connected to internal network  incoming traffic form internal network

2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:54:4e:3b brd ff:ff:ff:ff:ff:ff
    inet 172.18.14.51/28 brd 172.18.14.63 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe54:4e3b/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:54:4e:3c brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.10/24 brd 192.168.10.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe54:4e3c/64 scope link
       valid_lft forever preferred_lft forever
[root@server1 ~]# ip rout show
default via 172.18.14.49 dev eth0 proto static metric 100
default via 172.18.14.51 dev eth1 proto static metric 101
169.254.0.0/16 dev eth1 scope link metric 1003
172.18.14.48/28 dev eth0 proto kernel scope link src 172.18.14.51 metric 100
172.18.14.51 dev eth1 proto static scope link metric 101
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.10 metric 101

ip route add 192.168.11.0/24 via 192.168.10.10 dev eth1

Multiple sites on single host

Add in /etc/httpd/conf/httpd.conf
IncludeOptional sites-enabled/*.conf

mkdir /etc/httpd/sites_availbale
cd /etc/httpd/sites_availbale

cat site1.conf

        ServerName site1
        ServerAlias site1
        DocumentRoot    /var/www/site1/
cat site2.conf

        ServerName site2
        ServerAlias site2
        DocumentRoot    /var/www/site2/


ln -s site1.conf /etc/httpd/sites_enabled/site1.conf
ln -s site2.conf /etc/httpd/sites_enabled/site2.conf

mkdir /etc/httpd/sites_enabled

mkdir /var/wwww/site1
cat > index.html
site1


cat > index.html
site2

chown -R apache:apache /var/www/site1
chown -R apache:apache/var/www/site2

systemctl restart httpd


Apache Virtual Host - Self Signed Certificate - TLS


yum install openssl, mod_ssl
cd /etc/pki/tls/certs
virtual host is logic5.logic1.com
generate private  key using givne
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out logic5.logic1.com.key
provide generated key to certificate authority  along with certificate signing request
generate certificate signing request
[root@server1 certs]#  openssl req -new -key logic5.logic1.com.key -out logic5.logic1.com.csr


generate certificate using given

[root@server1 certs]# openssl x509 -req -days 365 -signkey logic5.logic1.com.key -in logic5.logic1.com.csr -out logic5.logic1.com.crt

[root@server1 certs]# pwd
/etc/pki/tls/certs
[root@server1 certs]# ls -lt
total 28
-rw-r--r--. 1 root root 1277 May 21 06:15 logic5.logic1.com.crt
-rw-r--r--. 1 root root 1074 May 21 06:10 logic5.logic1.com.csr
-rw-r--r--. 1 root root 1704 May 21 06:02 logic5.logic1.com.key

[root@server1 certs]# openssl s_client -connect logic5.logic1.com:443 -state

cd /etc/httpd/conf.d/ssl.conf
in the end add virtual host entry


DocumentRoot "/var/www/logic5"
ServerName logic5.logic1.com:443
SSLCertificateFile /etc/pki/tls/certs/logic5.logic1.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/logic5.logic1.com.key


check syntax

[root@server1 ~]# httpd -t
Syntax OK
[root@server1 ~]# httpd -S
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server server1.logic1.com (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost server1.logic1.com (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost logic5.logic1.com (/etc/httpd/conf.d/ssl.conf:217)
*:80                   is a NameVirtualHost
         default server server1.logic1.com (/etc/httpd/sites-enabled/logic2.conf:1)
         port 80 namevhost server1.logic1.com (/etc/httpd/sites-enabled/logic2.conf:1)
                 alias logic1.com
         port 80 namevhost logic1.com (/etc/httpd/sites-enabled/logic3.conf:1)
                 alias logic3.com
         port 80 namevhost logic5.logic1.com (/etc/httpd/sites-enabled/logic5.conf:1)
                 alias logic5.com
         port 80 namevhost server1.logic1.com (/etc/httpd/sites-available/logic2.conf:1)
                 alias logic1.com
         port 80 namevhost logic1.com (/etc/httpd/sites-available/logic3.conf:1)
                 alias logic3.com
         port 80 namevhost logic5.logic1.com (/etc/httpd/sites-available/logic5.conf:1)


https://logic5.logic1.com and see the certificate



cat /etc/apt/source.list

deb http://archive.debian.org/debian/ wheezy  main contrib
apt-get install xfsprogs

change display manager in debian
update-alternatives --config x-session-manager
dpkg-reconfigure gdm3


iSCSI
Clients
 yum install iscsi-initiator-utils
iscsiadm --mode discovery --type sendtargets --portal x.x.x.x
iscsiadm --mode node --targetname iqn.2016-09-rhel.com --portal x.x.x.x --login
lsblk
Servers
yum install taragetcli
lsblk
targetcli> create block device, create iscsi, create luns, create acl use cd command in targetcli
 




No comments:

Post a Comment