Mar 27, 2010

Bonding in rhel

                                                            Bonding in RHEL

              Red Hat Enterprise Linux allows administrators to bind multiple network interfaces together into a single channel using the bonding kernel module and a special network interface called a channel bonding interface. Channel bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy.

The following is a sample channel bonding configuration file:
#vi /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.1.27
NETMASK=255.255.255.0
NETWORK=10.0.1.0
USERCTL=no

             After the channel bonding interface is created, the network interfaces to be bound together must be configured by adding the MASTER= and SLAVE= directives to their configuration files. The configuration files for each of the channel-bonded interfaces can be nearly identical.
For example, if two Ethernet interfaces are being channel bonded, both eth0 and eth1 may look like the following example:
#vi /etc/sysconfig/network-scripts/ifcfg-ethX
DEVICE=ethX
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
In this example, replace X  with the numerical value for the interface.
       For a channel bonding interface to be valid, the kernel module must be loaded. To ensure that the module is loaded when the channel bonding interface is brought up, add the following line to /etc/modprobe.conf:
alias bond0 bonding

Mar 6, 2010

KickStart Server Configuration

Automating Installation with Kickstart

Objective:
operating system installations via a network connection using a Kickstart server. It is frequently much faster than using CDs and the process can be automated.

OS Details:

Kernel Version : 2.6.16-8.el5

Pre-Requisites:

1) RHEL5.0 Installed and following services should be running.

(a) dhcpd
(b) nfs
(c) portmap
(d) nfslock


2) The following files need to be edited

(a) /etc/dhcpd.conf
(b) /etc/exports
(c) /data/install/kickstart/ks.cfg

Test Setup Details:
IP address: 151.8.99.21
Subnet mask: 255.255.0.0
Hostname: station


Configuration:

1.Configure the network and provide the appropriate IP address and Host name. (In my case IP address: 151.8.99.21; Net mask: 255.255.0.0 hostname: station)

2.Create the directories to copy the necessary files

#mkdir –p /data/install/ISO
#mkdir /data/install/kickstart
3. Create ISO images of the installation CDs and place them in the /data/install/ISO directory.
#cd /data/install/ISO
#mount /dev/cdrom /mnt
#mkisofs –J –r –T –o RHEL-disc1.iso /mnt
#umount /mnt

Second CD
#mount /dev/cdrom /mnt
#mkisofs –J –r –T –o RHEL-disc2.iso /mnt
#umount /mnt

Third CD

#mount /dev/cdrom /mnt
#mkisofs –J –r –T –o RHEL-disc3.iso /mnt
#umount /mnt

Fourth CD

#mount /dev/cdrom /mnt
#mkisofs –J –r –T –o RHEL-disc4.iso /mnt
#umount /mnt

Fifth CD

#mount /dev/cdrom /mnt
#mkisofs –J –r –T –o RHEL-disc5.iso /mnt
#umount /mnt


4.Add the following entries in /etc/exports file

#vi /etc/exports
/data/install *(ro,sync)


5.Make sure that the portmap, nfs, and nfslock daemons are all running to create an NFS server.


6.Run the exportfs command to add this directory to the NFS database of network available directories.

#exportfs –a

7.The installation client will prompt you for the IP address that should use for the installation process. This is done by using DHCP server.

#cp /usr/share/doc/dhcp-3.0.5/dhcpd.conf.sample /etc/dhcpd.conf

#vi /etc/dhcpd.conf

ddns-update-style interim;
ignore client-updates;

subnet 151.8.0.0 netmask 255.255.0.0 {

# --- default gateway
option routers 151.8.99.21;
option subnet-mask 255.255.0.0;

option nis-domain "domain.org";
option domain-name "domain.org";
option domain-name-servers 192.168.1.1;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;

range dynamic-bootp 151.8.99.22 151.8.99.29;
default-lease-time 21600;
max-lease-time 43200;
filename "/data/install/kickstart/ks.cfg";
next-server 151.8.99.21;

# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}
}


8.Create a customized kickstart configuration file by using “ Applications  Systems Tools  Kickstart”. Save this file (File  Save) to /data/install/kickstart directory.

#vi /data/install/kickstart/ks.cfg

#platform=x86, AMD64, or Intel EM64T
# System authorization information
auth --useshadow --enablemd5
key --skip
# System bootloader configuration
bootloader --location=mbr
# Partition clearing information
clearpart --all --initlabel
# Use graphical install
graphical
# Firewall configuration
firewall --disabled
# Run the Setup Agent on first boot
firstboot --disable
# System keyboard
keyboard us
# System language
lang en_US
# Installation logging level
logging --level=info
# Use NFS installation media
nfs --server=151.8.99.21 --dir=/data/install/ISO
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on
#Root password
rootpw eso123

# SELinux configuration
selinux --disabled
# System timezone
timezone Asia/Calcutta
# Install OS instead of upgrade
install
# X Window System configuration information
xconfig --defaultdesktop=GNOME --depth=8 --resolution=800x600
# Disk partitioning information
part /boot --bytes-per-inode=4096 --fstype="ext3" --size=100
part / --bytes-per-inode=4096 --fstype="ext3" --size=10000
part swap --bytes-per-inode=4096 --fstype="swap" --size=512
%packages
@GNOME Desktop Environment
@editors
@graphics
@Text-based Internet
@Development Tools
@FTP Server
@Administration Tools
@base
@java


9.Need either a bootable CD or bootable diskette for client installation. Boot from CD or diskette and start the kickstart installation by “boot: ks”.

LDAP Server Configuration

LDAP Configuration in RHEL 5.0


Release:
RedHat Enterprise Linux 5.0

Problem:
LDAP Configuration in RHEL 5.0


Solution:
Assumptions:
Domain Name                : tech.in
Host Name                    : server
IP Address                     : 172.16.1.248

Server Side Configuration:

1)      Install the required RPMs for LDAP server
a.       Openldap
b.       Openldap-devel
c.       Openldap-clients
d.       Openldap-servers
e.       Nss_ldap

2)      Create a dedicated directory for putting all database information, with the ownership of “ldap”. Default directory is /var/lib/ldap.
# mkdir /var/lib/ldap/tech.in
# chown ldap:ldap /var/lib/ldap/tech.in

3)      Create an encrypted password for LDAP “root” user and save the output, because it is needed in the “slapd.conf” file
# slappasswd

4)      Update the LDAP configuration file
# vi /etc/openldap/slapd.conf

#####################################          
# ldbm and/or bdb database definitions
#####################################    
database         ldbm
suffix           "dc=tech,dc=in"
rootdn           "cn=Manager,dc=tech,dc=in"
rootpw           {SSHA}+TARB6GQJ7rJvzx5f8h7fGT9r0fwDh32                          (* It is generated from "slappasswd" command)
directory        /var/lib/ldap/example

5)      Start the LDAP daemon to load the contents of the slapd.conf file
# service ldap start

6)      Crete a user account
# useradd –g users ldaptest
# passwd ldaptest

Note: The user’s password must be in LDAP Data Interchange Files (LDIF) format before it can be imported to the LDAP database.

7)      Extract the “ldaptest” user information from the /etc/passwd file and save it for converting to LDIF format
# grep ldaptest /etc/passwd > /etc/openldap/passwd.ldaptest

8)      If  it is freshly configured LDAP database, “root” user account also needed
# grep root /etc/passwd > /etc/openldap/passwd.root

9)      Now convert the /etc/passwd data into an LDIF format using the “migrate_passwd.pl” conversion program

# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.ladptest /etc/openldap/ldaptest.ldif

# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif

10)    Before import this LDIF files to LDAP database we need to edit this LDIF file
# vi /etc/openldap/ldaptest.ldif

dn: uid=ldaptest,ou=People,dc=tech,dc=in
uid: ldaptest
cn: ldaptest
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$Z2XOYyLu$QNCNnYWqL1hh9.7S3HWEv.
shadowLastChange: 14771
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 503
gidNumber: 100
homeDirectory: /home/ldaptest

11)    In slapd.conf, “root” user have a common name (CN) of “Manager”. Add this information to the root LDIF file.
# vi /etc/openldap/root.ldif

dn: uid=root,ou=People,dc=tech,dc=in
uid: root
cn: Manager
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$RyAMPQs9$LejMX5ACSu2Qe4Os6fzFa/
shadowLastChange: 14766
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

dn: uid=operator,ou=People,dc=tech,dc=in
uid: operator
cn: operator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}*
shadowLastChange: 14711
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 11
gidNumber: 0
homeDirectory: /root
gecos: operator

12)    The attributes of the “tech.in” domain defined by using the below LDIF file.
# vi /etc/openldap/tech.in.ldif

dn: dc=tech,dc=in
dc: tech
description: Root LDAP entry for tech.in
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject

dn: ou=People,dc=tech,dc=in
ou: People
description: All people in organisation
objectClass: organizationalUnit

13)    Import all the three LDIF files into the database using the ldapadd command
# ldapadd –x –D “cn=Manager,dc=tech,dc=in” –W –f /etc/openldap/tech.in.ldif

# ldapadd –x –D “cn=Manager,dc=tech,dc=in” –W –f /etc/openldap/root.ldif

# ldapadd –x –D “cn=Manager,dc=tech,dc=in” –W –f /etc/openldap/ldaptest.ldif

14)    View all the LDAP database entries using the ldapsearch command
# ldapsearch –x –b ‘dc=tech,dc=in’ ‘(objectclass=*)’


Client side Configuration:

15)    Install the required RPMs
a.       Openldap
b.       Openldap-clients
c.       Openldap-devel
d.       Nss_ldap

16)    LDAP clients are configured using the /etc/openldap/ldap.conf file. Mention the LDAP server IP and domain name here
#vi /etc/openldap/ldap.conf

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.
HOST    172.16.1.248
BASE    dc=tech, dc=in
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
~

17)    Add the LDAP server information to the client using the authconfig command
# authconfig–tui



    
Note: After this step check the “/etc/nsswitch.conf” file and ensure that, it has references to the LDAP.
     
18)    Restart the SSH daemon to re-read the modified nsswitch.conf file
# service sshd restart

19)    Create home directories for “ldaptest” user in client machine.
# mkdir /home/ldaptest
# chmod 700 /home/ldaptest
# chown ldaptest:users /home/ldaptest
# cp /etc/skel/.bash* /home/ldaptest
# chown ldaptest /home /home/ldaptest/.bash*

20)    Now login as a “ldaptest” user and check




Modifying LDAP account by “root” user:

21)   Create a script to add a user into LDAP database and place it into the “/usr/local/bin/addldapuser
# vi /usr/local/bin/addldapuser

#!/bin/bash
grep $1 /etc/passwd > /tmp/changeldappasswd.tmp
/usr/share/openldap/migration/migrate_passwd.pl /tmp/changeldappasswd.tmp /tmp/changeldappasswd.ldif.tmp
cat /tmp/changeldappasswd.ldif.tmp | sed s/padl/tech/ > /tmp/changeldappasswd.ldif
cat /tmp/changeldappasswd.ldif | sed s/com/in/ > /tmp/changeldappasswd.ldif
ldapadd -x -D "cn=Manager,dc=tech,dc=in" -W –f /tmp/changeldappasswd.ldif
rm -f /tmp/changeldappasswd.*

22)   Script to delete a LDAP user
# vi /usr/local/bin/deleteldapuser

#!/bin/bash
ldapdelete -x -W -D "cn=Manager,dc=tech,dc=in" "uid=$1,ou=People,dc=tech,dc=in"


23)   To modify the LDAP user  accounts use the below scripts
# vi /usr/local/bin/modifyldapuser

#!/bin/bash
grep $1 /etc/passwd > /tmp/modifyldapuser.tmp
/usr/share/openldap/migration/migrate_passwd.pl /tmp/modifyldapuser.tmp /tmp/modifyldapuser.ldif.tmp
cat /tmp/modifyldapuser.ldif.tmp | sed s/padl/tech/ >  /tmp/modifyldapuser.ldif
cat /tmp/modifyldapuser.ldif | sed s/com/in/ > /tmp/modifyldapuser.ldif
/usr/bin/ldapmodify -x -D "cn=Manager,dc=tech,dc=in" -W –f /tmp/modifyldapuser.ldif
rm -f /tmp/modifyldapuser.*

24)   Make the Scripts executables using the “chmod” command
# chmod 700 /usr/local/bin/addldapuser
# chmod 700 /usr/local/bin/deleteldapuser
# chmod 700 /usr/local/bin/modifyldapuser

25)   Ldap Admin is free Win32 administration tool for LDAP directory management. This application lets you browse, search, modify, create and delete objects on LDAP server.

Enable Auto root Login

#vi /etc/inittab

        Find the Below line,

    1:2345:respawn:/sbin/mingetty tty1

        Replace this line by below one,

    1:2345:respawn:/sbin/mingetty --autologin root --noclear tty1



        In terminal 1, root user gets automatically login in every restart. If you wants, enable autologin in the remaining terminals also with the same.

VNC Server Configuration

Package    :

Service : vncserver

Configuration : /root/.vnc/xstartup


1) Start the vncserver service
    # service vncserver start

2) Give the password to the vncserver access
    # vncpasswd

3) Then execute the command vncserver
    # vncserver

4)The output of the command is like this

    New 'roswell:1 (root)' desktop is roswell:1

    Starting applications specified in /root/.vnc/xstartup
    Log file is /root/.vnc/roswell:1.log

5) vim /etc/sysconfig/vncservers
       VNCSERVERS = "2:root"
       VNCSERVERGS[2] = "-gcometry 800*600"

6) GOTO the runlevel 5
    #startx

7) Then open the configuration file
    # vi /root/.vnc/xstartup

    #!/bin/sh

    # Uncomment the following two lines for normal desktop:
     unset SESSION_MANAGER
     exec /etc/X11/xinit/xinitrc

    [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
    [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
    xsetroot -solid grey
    vncconfig -iconic &
    xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
    startx &

        Save and exit

Notice that the last line is "startx &" as this command will launch Gnome upon login via VNCserver. If you are using a KDE desktop, the line "startkde &" should replace the last line.

Logging in, you will be presented with a Gnome or KDE desktop.


9) From the client connect by using the vncviewer (IP:1)(refer 5 point)

    eg: 151.8.99.25:1

DNS server Configuration

packages   : bind* , cach*

Service    : named

Configuration : /var/named/chroot/var/named/
        /var/named/chroot/etc/


1) Install the bind and cach packages
    #yum install bind* cach*

2) Set a static ip to the server machine
    #vi /etc/sysconfig/network-scripts/ifcfg-eth0
        IPADDR=151.8.99.27
        NETMASK=255.255.0.0

3) Restart the service for the update
    #service network restart

4) Set the hostname to the server
    #vi /etc/sysconfig/network
    HOSTNAME=rmugu

5) Create forward and reverse zone files
    #cd /var/named/chroot/var/named
    #cp localdomain.zone fwd.zone
    #cp named.local rev.zone

6) Change the group name of fwd.zone and rev.zone file as named
    #chgrp named fwd.zone rev.zone

7) Edit the file fwd.zone
    #vi fwd.zone

        $TTL    86400
        @               IN SOA  rmugu.mugu.in. root@mugu.in. (
                                                    42              ; serial (d. adams)
                                              3H              ; refresh
                                              15M             ; retry
                                                    1W              ; expiry
                                                1D )            ; minimum
                        IN NS           rmugu.mugu.in.
        rmugu           IN A            151.8.99.27
        www             IN CNAME        rmugu

8) Edit the file rev.zone
    #vi rev.zone

        $TTL    86400
        @       IN      SOA     rmugu.mugu.in. root@rmugu.mugu.in.  (
                                              1997022700 ; Serial
                                              28800      ; Refresh
                                              14400      ; Retry
                                              3600000    ; Expire
                                              86400 )    ; Minimum
                IN      NS      rmugu.mugu.in.
        27      IN      PTR     rmugu

9) Edit the file named.caching-nameserver.conf
    #vi /var/named/chroot/etc/named.caching-nameserver.conf

        Line 15: Add your syatem ip address in last (DNS server ip)
                 listen-on port 53 { 127.0.0.1; 151.8.99.27; };
        Line 16: comment this line we are using ip v4 only
         //      listen-on-v6 port 53 { ::1; };
        Line 22: comment this line also
         //      query-source-v6 port 53;
        Line 23: allow query from all the hosts
                allow-query     { localhost; any; };
        Line 32 & 33 : allow all clients
                match-clients      { localhost; any; };
                match-destinations { localhost; any; };

10) Edit the file named.rfc1912.zones
    #vi /var/named/chroot/etc/named.rfc1912.zones

         In last line add this contents,
        zone "mugu.in" IN {
                type master;
                file "fwd.zone";
                allow-update { none; };
        };
        zone "99.8.151.in-addr.arpa" IN {
                type master;
                file "rev.zone";
                allow-update { none; };
        };

11) Edit the resolv.conf file to identify the DNS server
    #vi /etc/resolv.conf
    nameserver 151.8.99.27

12) Restart the service
    #service named restart

13) To check whether DNS configured correctly or not
    #dig rmugu.mugu.in
    #www.mugu.in
    #dig -x 151.8.99.27

Samba Server Configuration

Package    : samba

Service : smb

config  : /etc/samba/smb.conf



1) Install the samba Package
    #yum install samba

2) Create an directory to share the files
    #mkdir /data

3) Give full permission to the created directory
    #chmod 777 /data

4) In Configuration file made the changes to use effective
    WORKGROUOP=WORKGROUP
    In last line,
    [data]
    comment = data
    path = /data
    valid user = mugu
    writable = yes
    printable = no
    browseable = yes
    Save the configuration file

5) To check any error in smb.conf file
    #testparm -s

6) Create user and give the password to access the samba server
    #useradd mugu
    #smbpasswd -a mugu

7) In windows machine also set the workgroup as WORKGROUP
    My Computer----> Properties ----> Computer Name

8) Turn off the firewall in the windows machine
    Control Panel -----> Security Center

9) Sharing the partition you want to share with the Linux machine

10) Restart the service
    #service smb restart

11) Mount the Windows in Linux
    #mount -t cifs -o user=administrator //WinIP/C /media
     Where,
      cifs=Common Internet File System

12) To access the linux from the windows machine
    start--->Run--->\\151.8.99.27(Linux ip)

13) Give the Samba server username and password