centos 7

Linux Service Management:
 LFCS : Linux Essestials
        Linux Operation Essestials
        Linux user and Group Management
        Linux Storage management.
        Linux Networking
        Linux Service Management
        Linux Virtualization.
       
Linux Service Management :
 DNS, DHCP, PXE and FTP.
 HTTP, PHP and MariaDB.
 Email
 Printing
 SELinux and Services
 Practical.

Install centos7.2 on server1.
 ps -fp 1
 [We are running systemd on PID 1]

 To check the service status :
 # systemctl status sshd

 Advantages of Systemctl :
  
   systemctl s
   if you double tap tab.. you will get the results.
  
   sytemctl status sshd
  
   systemctl disable sshd
  
   systemctl status sshd
   [ Still the service could be running]
  
   systemctl enable sshd
   systemctl disable sshd
  
   Mask the service : The masking of service will prevent it being started by an administrator.
                      We will give a warning saying that this service is masked, but it won't start.
                      So if we have deleberately disabled a service, and we don't want it started, we can mask it.
                     
                     # systemctl mask sshd
                   
                     To unmask the service
                   
                     # systemctl unmask sshd
                   
                     Enable the service sshd
                   
                     # systemctl enable sshd
                   
###################################################################################
 Centos 7 Networking :

# ip address show

or

# ip a s

Then it will list of available NIC interfaces for this server.

#nmcli conn show
(To know the connection status of the network interfaces)

# nmcli conn up enp0s3
(To bring the interface enp0s3 up if it is not currently up.)

# nmcli conn show

Editing the NIC coniguration files to set NIC interfaces should be up while reboot of the server.

# sed -i s/ONBOOT=no/ONBOOT=yes/ /etc/sysconfig/network-scripts/ifcfg-enp0s3
(Now the parameter onboot=yes will be set in the enp0s3 interface config file)

You should be able to check by running the grep.

# grep ONBOOT !$
(!$ refers to the last argument which is /etc/sysconfig/network-scripts/ifcfg-enp0s3)

###################################################################################

File types :

Regular Files are listed with -
Directories  are listed with d
Symbolic links are listed with l
Block devices (like sda, sda1,sdb, sdb1....) are listed with b
Character devices like tty command to show us that who are logged on to are listed with c
Named Pipes we also have a files with named pipes then show with a p as their first character.
Socket show some form of open connection and they show s as their first character.

###############################################################################################

basic commands :

cp - copy
mv - move or rename
rm - remove or delete

A lot of options, they are not going to be similar across these three commands.

-i -  It will take us to the interactive mode to prompt us if it going to do something bad.
-r or -R used for recursion.
* -  we can group characters or files together with star.
? - represents single character.
[] - Group of characters in the square bracket.


Hard link count - we could see it represents how many names that were linked to one set of metadata.
                  It also helps us to count how many sub-directories it has just remove two (. and ..) from the total count.
              
. - current directory.
.. - parent directory.

#################################################################################################     Editing files with SED.

# cat /etc/ntp.conf

# sed '/^#/d ; /^$/d' ntp.conf

(^# =  search for only # (commented lines) and then /d means delete. means delete the commented lines.)
(^$ =  serach for empty lines and /d means deleted. means delete the empty lines)
( semicolon seperates our expressions)

The above command just only prints the output. But we have not yet modified the file yet.
we can easily do that using

# sed -i '/^#/d ; /^$/d' ntp.conf

__________________________________________________________________________________________

We are going to create a function

# type ls

# type grep

# type vi

We can get the aliases by using the command type.

The function will exist in memory, normally we are going to have this loaded through a login script.
But we are just going to create it directly from the command line.

# function clean_file {
sed -i '/^#/d;/^$/d' $1
}

# clean_file ntp.conf
(Here we have commented out empty lines.)


Lets see in depth of SED later.

#############################################################################

 Single partition - good idea - create - atleast - separate for boot and swap.
Good idea to put boot on separate partition
It is better to use GPT instead of MBR especially you are working with Large Drives.
Don't write directly to the block device files, bad things can happen. /dev/sda /de/sdb.
It doesn't understand partitions exist on this device.

Device files - accessed via file interfaces.
Character files - teminal


Filesystems :
  
    XFS is a Journaled filesystem that uses inodes support direct I/O and has a 64-bit address space.
    it also supports delayed allocations, it's really worth using for big data database, as it is really scalable.
  
    ext4 we can customize the inode size between 128 to 4096 bytes.
    mke2fs -t ext4 /dev/sdc1
    if you want to specify the size of inode then use
    mke2fs -t ext4 -I 4096 /dev/sdc1
  
    Note : The defaults of mke2fs command will be defined in /etc/mke2fs.conf file.
  
    ext3 has journal
    ext4 has journal and bunch more options.
  
Mounting :
  
    we use mount command to mount the partitions.
    For automount we use /etc/fstab file.
    vi /etc/fstab
    /dev/sdc1 /testmount    ext4    rw,discard    0    0
    Now let us see how to mount the partition using UUID
  
    by using blkid command, we can get the UUID of the partition.
    We can also use lsblk -fs so it will display the UUID info in tree format.
    in /etc/fstab file using UUID
    uuid=<uuid no.>        mountpoint    fstype    fsoptions    fsckvalue    dumpvalue
    uuid's dont change across reboots.
  
Unmounting :
    If a mount point is not unmounting, then we will use the lsof and fuser command to check what PID's are restricting to unmount.
    # lsof /testmount
    # fuser -cuv /testmount
  
Lazy Unmount :
    If any imp process is running on the partition and we want to unmount it after the completion of that proecess then Lazy unmount will come into the picture.
    # umount -l /testmount/
    So it will detach the filesystem now and do evertyhing that it can and then once the filesystem is totally no longer in use, it will do the rest of unmoounting.
      

Superblock :
    Each unix file system has atleast one of them.
    In order to access any file in a filesystem normally require access to Superblock.
    Even you can't even mount the filesystem, if you cant read the superblock.
    Linux will normally maintain a copy of each mounted filesystem's superblock in memory for fast and more efficient access to it.
    to see information of superblock on ext based filesystem, we can run the dumpe2fs
  
    # dumpe2fs /dev/sdc1
    # dumpe2fs | grep -i superblock
    superblock will contain a metadata of a particular filesystem.
  
inode :
    stands for index node.
    On a flie system each and every file have inodes.
    Every single object on a filesystem will have its own inode.
    inode will contain a metadata of a particular file.
    The number of inodes in the filesystem has a direct pairing on the number of files.
    #  ls -i /etc
  
Labels :
    Everytime we can not use UUID in fstab file, it is 128 bit long.
    Another way to simplify it, we use Labels.
    To see a filesystem label we use the blkid command.
    # blkid
  
    # e2label /dev/sdc1 "label test"
  
    # mke2fs -t ext4 -L userlabel /dev/sdc1
  
    In fstab we will specify the filesystem as
    # vi /etc/fstab
    Label="label test" /testmount ext4 rw,discard    0    0

##############################################################################            
                   
Configuring BIND DNS service :

    Barkley Internet Name Domain.
   
    Objectivies :
   
    Configure a basic DNS server1
    Maintain a DNS zone
    Configure a caching-only name server1
    Configure a caching-only name server to forward DNS queries
   
    Install and test BIND.
    (once we have got that installed and up and running, it will be a DNS name caching server.
     So we can make queries but the lookups are going to done on the root zone servers.)
   
     We can also configure DNS forwarding. So very often you will have a DNS service that works at your ISP.
     So rathen than your DNS server going out and retrieving the actual source results, we can go through and configure all zones are some zones to go through and look at an intermediary server.
   
     So first off we are going to install and test BIND, and that's going to be setting up a caching-only server.
   
 Installing and testing BIND on centos 7 system :
   we are installing this on server1.
  
   # yum install -y bind bind-utils
  
   # systemctl enable named
  
   # systemctl start named
  
   [ Package : bind  Service : Named  config : caching]
  
   It will start with the basic configuration.
   The basic configuration is going to allow it as a caching-only server.
   With a caching-only server, we do cache the results so we do really store some DNS names.
  
   If you want to allow a port you need to enable UDP # 53 and TCP # 53 that would normally open up.
  
   # netstat -ntulp
  
   port 53 should be listening.
   port 53 is for DNS lookups, along with 53 you will can see 953.
   port 953 is for controlling the DNS Server.
   We can use command line utilities to be able to remotely control our DNS server.
  
   # dig www.example.com @127.0.0.1
  
   So we are going to be performing the lookup on the local machine.
  
   The results will be remain same in the cache.
   To clear the cache, we need to restart the DNS service.
  
Configure DNS Forwarding :

    # netstat -ntulp.
   
    port 53 will be listening on both IP version 4 and IP version 6.
    We have setup a DNS server, but we can not connect from outside world to this DNS server.
    So any thing on our local network is not going to be able to connect in, only the local host, the 127 address.
   
    # vim /etc/named.conf
   
    The configuration is stored in /etc/named.conf file. Lets go through this file.
   
    each option value has a semicolon.
    Change the listen-on port 53 {any; };
    for ipv6 change it to none. save the changes.
    Before re-starting the service, it is better to check that it has any errors due to mis-type.
   
    # named-checkconf
   
    We use the above command to check if the configuration file has any errors.
    if the output is null/empty/blank then the configuration file has no issues.
   
    # named-checkconf -v
   
    So lets restart the service.
   
    # systemctl restart named
   
    # netstat -ntl
   
    Now you can see port 53 will be listening on IPV4 but not on IPV6.
   
  if we are able to connected to from the outside world, if this had a public IP address, then perhaps every man could query my system
  Which I don't want. so we are going to add in another option.
 
    # vim /etc/named.conf
   
    in allow-query  { localhost;  192.168.56.0/24; };
   
    save the changes.
    check the configuration named-checkconf
    named-checkconf -value
    no issues found in the configuration file.
    Lets restart the named service.
   
    # systemctl restart named
   
    # dig www.example.com @127.0.0.1
   
   
   
   
   

   
#################################################################################################
Configuring FTP Servers :

 install vsftpd on server1.
 configure vsftpd on server1.
 create ftp yum repo on server1.
 use ftp repo from server2.

 Install VSFTPd :
  # yum install -y vsftpd
 
  start the service
   # systemctl enable vsftpd
   # systemctl start vsftpd
  
  Now FTP server is up and Running. Lets take look at the ports.
   # netstat -ltn
  
  Now we should be able to connect to this server using ftp.
  Let connect to server through ftp from server2.
  Also we can browse from the host browser.
 
  Open browser ftp://<IP address of server1>
 
  Now we can see pub directory by default.
  which comes from /var/ftp/pub directory from server1 ftp.
  If you click in there there will be nothing in it.
 
 Configure VSFTPD :
   on server1
   # cd /etc/vsftpd
   # ls
   you can find vsftpd.conf
   # vim vsftpd.conf
   # In this configuration files I have removed all the commented lines.
     anonymous_enable=YES
     local_enable=YES (Login as standard account)
     write_enable=YES # (users to be writing through to the system they are going to upload, write and create directories)
     local_umask=022
     dirmessage_enable=YES
     xferlog_enable=YES
     connect_from_port_20=YES
     xferlog_std_format=YES
     listen=NO #(IPv4 listening )
     listen_ipv6=YES #(IPv6 listening)
     pam_service_name=vsftpd
     userlist_enable=YES
     tcp_wrappers=YES
     anon_world_readable_only=YES #(anonymous user can only read files)
   
     save and exit.
   
    # systemctl restart vsftpd
    # netstat -ltn
   
   
Creating an FTP Repo

    mount the centos 7.2 dvd
    # mount /dev/sr0 /mnt
    # df -h
   
    # mkdir /var/ftp/pub/centos72
    # cd /mnt
    # find . | cpio -pmd /var/ftp/pub/centos72/
    Now we have copied the DVD files into the server1.
    # umount /mnt
    # df -h
    # ls /var/ftp/pub/centos72
    we can use this as a installation repository and also as yum repository
   
Use FTP Repo :
    on Server2 :
    # cd /etc/yum.repos.d/
    # ls
    # mv * /root/
    # ls
    (Now there are no repositories)
    # vim ftp.repo
    [ FTPc7 ]
    name=FTP Centos 7.2
    baseurl=ftp://server1.example.com/pub/centos72/
    enabled=1
    gpgcheck=0
   
    Save and exit.
   
    # yum clean all
    # yum install bash-completion
    (Now it will look for the repository on server1.)
    # yum repolist

################################################################################
NAGIOS :

Nagios Monitoring Tool :

Nagios is basically a monitoring tool.

It is an open source monitoring tool.

Two editions :
    Open source edition
    Enterprise Edition - Nagios Xi

Eg :  
If you want to monitor the hard disk usage on one of the server.
We will write down one small script, it will check whether the hard disk space is 80%, 90% or 100%.
From the monitoring software, Nagios will take the ssh run the script and results will be displayed in dash-board.
This is one way.

USING SNMP :
    Simple Network Management protocol. Using this we can tell the system, check the status of the HDD and display in dash-board.

NRPE Agent :
    nagios remote plugin executor.
    Nagios will communicate to the NRPE and instructs to run the specific script and provide the output.
    Comparing to SSH using NRPE is very simple and both are of the same nagios product.
    Even in that case also it needs to run the script and provides the results.
   
Nagios Plug-ins :
    On all the agents we will install NRPE and  Plugins.
    On the server we will install Nagios and Plugins and on your agents we will install nrpe and plugins.
   
   
Login into Server1 :
    #yum update
    #yum install gd gd-devel gcc glibc glibc-common
    #yum install epel-release
    #yum install nagios*
   
###

Main configuration file for Nagios is /etc/httpd/conf.d/nagios.conf

After installation of Nagios we need to  assign the password by using htpasswd nagiosadmin
# service nagios start
Now try to browse serverip (192.168.0.10/nagios)
As of now it is monitoring only on localhost (server1)
Now if you want to monitor the server2 Then
We need to install nrpe and plugins along with openssl on server2
Openssl will encrypt the traffic. because if the nagios server sends the data to clients, users can sniff it.
Download the agent software nrpe and

# rpm -qa | grep -i nrpe
# rpm -ql | grep -i nrpe

for windows the plugin name is nsclient++

Configuration file for NRPE is /etc/nagiso/nrpe.cfg

Nagios plugins are installed in /usr/lib/nagios/plugins folder.

vi /etc/nagios/nrpe.cfg
In the allowed hosts, we need to mention the IP of Nagios server IP.

Now at the server1 :

# cd /etc/nagio/objects
    move to the directory objects
    now copy the localhost.cfg to server2.cfg
# cp localhost.cfg server2.cfg

# vi server2.cfg
  change the host_name from localhost to server2
  change the IP address of the server
 
  After this now we need to tell what we need to monitor on server2.
  Let's configure to trace whether the system is up  or not
  scroll down and change the hostname from localhost to server2 at ping section.
  save and exit.
 
   Now we need to modify one more configuration file nagios.cfg, in that we need to tell nagios to monitor server2.cfg file as well.
   vi /etc/nagios/nagios.cfg
   in cfg_file copy and paste the line and change the localhost name to server2.
  
   Now if we want to manage multiple servers, do we need to create multiple files ?
  
   Inside the objects directory we need to create the folder mysql.
   So all the db servers resides under mysql.
   Now copy the template localhost.cfg to server names inside mysql.
   In the main configuration file (/etc/nagios/nagios.cfg) instead of changing cfg_file, we need to create cfg_dir=/etc/nagios/objects/mysql
   So now it will start monitoring all the mysql servers in mysql folder.

###################################################################################

Comments

Popular posts from this blog

Python reference Interview questions

[SOLVED]* Please wait for the system Event Notification service

Rebuild the initial ramdisk image in Red Hat Enterprise Linux