Note:- This only for the practice purpose. Know the exam set-up
and clear your RHCE 7 in first attempt. Wish you all the best.
Domain Name:
System1: system1.district10.example.com use as Server
System2: system2.district10.example.com use as Client
IP Address:
System1:172.24.10.110/24
System1:172.24.10.120/24
Name Server: 172.24.10.250
Gateway:172.24.10.254
Root password : zaldebro
Your Domain: district10.example.com
Your Subnet : 172.24.10.0/255.255.255.0
Yum path http://station.district0.example.com/content/rhel7.0/x86_64/dvd
Note:(for this subnetmask CIDR value is /24)
(or)
#ssh -X root@172.24.10.110
Password:zaldebro
[root@system1 ~]#iptables -F
[root@system1 ~] # systemctl mask iptables.service
[root@system1 ~] # systemctl mask ip6tables.service
[root@system1 ~] # systemctl mask ebtables.service
(or)
#ssh -X root@172.24.10.120
Password:zaldebro
[root@system1 ~]#iptables -F
[root@system2 ~] # systemctl mask iptables.service
[root@system2 ~] # systemctl mask ip6tables.service
[root@system2 ~] # systemctl mask ebtables.service
1. Enable Selinux on enforcing method
Do This on Both Server and Client
server side: (System1)
[root@system1 ~]# getenforce
[root@system1 ~]# vim /etc/sysconfig/selinux
Set SELINUX = enforcing
:wq
[root@system1 ~]#setenforce 1
[root@system1 ~]#init 6
[root@system1 ~]# getenforce
Enforcing
Client Side: (System2)
[root@system2 ~]# getenforce
[root@system2 ~]# vim /etc/sysconfig/selinux
Set SELINUX = enforcing
:wq
[root@system2 ~]#setenforce 1
[root@system2 ~]#init 6
[root@system2 ~]# getenforce
Enforcing
[root@ system2 ~]#
Yum Client Configuration
2.Configure repository. Create a
Repository for your virtual machines. The URL is
http://station.district0.example.com/content/rhel7.0/x86_64/dvd
Do This on Both Server and Client
System1 :
[root@ system1 ~]# cd /etc/yum.repos.d/
[root@ system1 ~]# vim system1.repo
[system1]
name=server
baseurl=http://station.district0.example.com/content/rhel7.0/x86_64/dvd
enabled=1
gpgcheck=0
[root@ system1 ~]# yum clean all
[root@ system1 ~]# yum repolist all
System 2:
[root@ system2 ~]# cd /etc/yum.repos.d/
[root@ system2 ~]# vim system1.repo
[system2]
name=client
baseurl=http://station.district0.example.com/content/rhel7.0/x86_64/dvd
enabled=1
gpgcheck=0
[root@ system2 ~]# yum clean all
[root@ system2 ~]# yum repolist all
3. SSH Configuration.
-Clients within my133ilt.org should
NOT have access to ssh on your systems
-Clients with domain
district10.example.com should be able to access the systems
in
case you my133ilt.org has (172.25.70.0/255.255.0.0)
Ans:
Do This on Both Server and Client
[root@ system1 ~]# vim /etc/hosts.allow
sshd:
*.district10.example.com (Note sshd:space
*.given domain nam)
:wq
(or)
[root@ system1 ~]# vim /etc/hosts.allow
sshd: 172.25.10.0/255.255.255.0 (Note
sshd:space *.given domain address)
[root@ system1 ~]# vim /etc/hosts.deny
sshd: *.my133ilt.org
(Note
sshd:space *.given domain name)
:wq
[root@ system1 ~]# vim /etc/hosts.deny
sshd: 172.25.70.0/255.255.255.0
(Note
sshd:space *.given domain address)
4. Port forwarding.
-Configure system1 to forward
traffic incoming on port 80/tcp from source network
172.24.X.0/255.255.255.0 to
port on 5243/tcp
Ans:
Server side
client:(to verify in your local
environment ask me if not working)
server5.example.com:5243
[root@ system1 ~]# firewall-cmd -
-permanent - -add-rich-rule 'rule family=ipv4 source address=172.24.10.0/24
forward-port port=5243 protocol=tcp to-port=80'
[root@ system1 ~]# firewall-cmd -
-reload
[root@ system1 ~]# firewall-cmd -
-list-rich-rules
( or)
Configure serverX to forward traffic
incoming on port 80/tcp from source network
172.25.X.0/255.255.255.0 to port on
5243/tcp.
[root@ system1 ~]# firewall-config
Configuration : Permanent
Select → Rich
Rule Tab
click →Add
Family : ipv4
Check Elements →
forward-port [ Click
this tab ]
|
|
V
protocol
: tcp
Port
/ Port Range: 5243
Destination
check Local
forwarding
Port
/ Port Range: 80
click
[ok]
Source :172.24.10.0/24
click [OK]
click option →reload
Firewalld (in terminal put #
firewall-cmd - -list-rich-rules )
5. User Environment.
-Create a command called qstat on
both system1 and system2. It should able to execute the following
command(ps eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm)
The command should be executable by
all users..
Ans:
Server side :
[root@ system1 ~]# vim /bin/qstat
ps eo
pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
:wq
[root@ system1 ~]#chmod a+x /bin/qstat
[root@ system1 ~]#qstat
PID TID
CLS
RTPRIO NI PRI PSR %CPU
STAT WCHAN
COMMAND
1271 1271 TS
-
0 19
0 0.0 Ss+ poll_schedule_ Xorg
1502 1502 TS
-
0 19 0
0.0 Ss+ n_tty_read
agetty
1632 1632 TS
- 0 19
0 0.0 Ss
wait
bash
29595 29595 TS
-
0 19
0
0.0 S+
wait bash
29596 29596 TS
-
0 19
0 0.0 R+
-
ps
Client side :
[root@ system1 ~]# vim /bin/qstat
ps eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
:wq
[root@ system1 ~]#chmod a+x /bin/qstat
[root@ system1 ~]#qstat
PID TID
CLS
RTPRIO NI PRI PSR %CPU
STAT WCHAN
COMMAND
1271 1271 TS
-
0 19
0
0.0 Ss+ poll_schedule_ Xorg
1502 1502 TS
-
0 19 0
0.0 Ss+ n_tty_read
agetty
1632 1632 TS
- 0 19
0 0.0 Ss
wait
bash
29595 29595 TS
-
0 19
0 0.0 S+
wait
bash
29596 29596 TS
-
0 19
0 0.0 R+
-
ps
______________________________________________________________________________________
6.IPV 6 Connection
-Configure eth0 with a static ipv6
addresses as follows.
-configure a static IPV6 address in
system1 as fddb:fe2a:ab1e::c0a8:64/64.
-configure a static IPV6 address in
system2 as fddb:fe2a:ab1e::c0a8:02/64.
-Both machines are able to
communicate within the network fddb:fe2a:able/64
-The changes should be permanent even
after the reboot
Ans :
Server Side:
[root@ system1 ~]#nmcli connection
show
NAME
UUID
TYPE
DEVICE
System eth0
5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[root@ system1 ~]#nmcli device
status
DEVICE TYPE
STATE
CONNECTION
eth0 ethernet
connected System eth0
eno1 ethernet
disconnected --
eno2 ethernet
disconnected --
lo
loopback unmanaged
--
[root@ system1 ~]# nmcli
connection modify "System eth0" ipv6.addresses fddb:fe2a:ab1e::c0a8:64/64
ipv6.method manual
[root@ system1 ~]# nmcli
connection up "System eth0"
Client Side:
[root@ system2 ~]# nmcli
connection show
NAME
UUID
TYPE
DEVICE
System eth0 5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
802-3-ethernet eth0
[root@ system2 ~]# nmcli device
status
DEVICE TYPE
STATE
CONNECTION
eth0
ethernet connected
System eth0
eno1 ethernet
disconnected --
eno2 ethernet
disconnected --
lo
loopback unmanaged
--
[root@ system2 ~]# nmcli
connection modify "System eth0" ipv6.addresses
fddb:fe2a:ab1e::c0a8:02/64
ipv6.method manual
[root@ system2 ~]# nmcli
connection up "System eth0"
Client Side:-
[root@ system2 ~]# ping6
fddb:fe2a:ab1e::c0a8:64
Server Side:-
[root@ system1 ~]# ping6
fddb:fe2a:ab1e::c0a8:02 (do this on both side if
packet transmited & received same means
correct
other wise wrong )
______________________________________________________________________________________
7. Link aggregation Configure
your system1 and system2, which watches for link changes and selects
an active port for data transfers.
System1 should have the address as 172.24.10.10/255.255.255.0.
System2 should have the address as
172.24.10.20/255.255.255.0
[root@ system1 ~]# nmcli
connection show
NAME
UUID
TYPE
DEVICE
System eth0
5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[root@ system1 ~]# nmcli device status
DEVICE TYPE
STATE
CONNECTION
eth0
ethernet connected
System eth0
eno1 ethernet
disconnected --
eno2 ethernet
disconnected --
lo
loopback unmanaged
–
System1 Side:
[root@ system1 ~]# nmcli
connection add type team ifname team config '{"runner":
{"name": "activebackup"}}'
[root@ system1 ~]# nmcli
connection modify team-team ipv4.addresses 172.24.10.10/24 ipv4.method manual
[root@ system1 ~]# nmcli
connection show
NAME
UUID
TYPE
DEVICE
System eth0
5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
team-team
e10a27c3-bd4a-431a-a284-50375a3c4717 team team
[root@ system1 ~]# nmcli
connection add type team-slave ifname eno1 master team
[root@ system1 ~]# nmcli
connection add type team-slave ifname eno2 master team
[root@ system1 ~]# nmcli
connection up team-team
[root@ system1 ~]# teamdctl
team state
setup:
runner: activebackup
ports:
eno1
link watches:
link
summary: up
instance[link_watch_0]:
name:
ethtool
link:
up
eno2
link watches:
link
summary: up
instance[link_watch_0]:
name:
ethtool
link:
up
runner:
active port: eno2
Client Side :
[root@ system2 ~]# nmcli
connection show
NAME
UUID
TYPE
DEVICE
System eth0
5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
[root@ system2 ~]# nmcli device status
DEVICE TYPE
STATE
CONNECTION
eth0
ethernet connected
System eth0
eno1 ethernet
disconnected --
eno2 ethernet
disconnected --
lo
loopback unmanaged –
System2 Side:
[root@ system2 ~]# nmcli
connection add type team ifname team config '{"runner":
{"name": "activebackup"}}'
[root@ system2 ~]# nmcli
connection modify team-team ipv4.addresses 172.24.10.20/24 ipv4.method manual
[root@ system2 ~]# nmcli
connection show
NAME
UUID
TYPE
DEVICE
System eth0
5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 802-3-ethernet eth0
team-team
e10a27c3-bd4a-431a-a284-50375a3c4717 team
team
[root@ system2 ~]# nmcli
connection add type team-slave ifname eno1 master team
[root@ system2 ~]# nmcli
connection add type team-slave ifname eno2 master team
[root@ system2 ~]# nmcli
connection up team-team
[root@ system2 ~]# teamdctl
team state
setup:
runner: activebackup
ports:
eno1
link watches:
link
summary: up
instance[link_watch_0]:
name:
ethtool
link:
up
eno2
link watches:
link
summary: up
instance[link_watch_0]:
name:
ethtool
link:
up
runner:
active port: eno2
server side:-
#ping -I team-team 172.25.10.20
____________________________________________________________________________________
8. SMTP
Configuration. Configure the SMTP mail service on system1 and system2 which
relay the mail
only from local system through
station.network0.example.com, all outgoing mail have their sender
domain as district10.example.com. Verify
the mail server is working by sending mail to a local user clarke.
Check the mail on both system1 and
system2 with the below URL
http://rhcert.district0.example.com
System1
[root@ system1 ~]# yum
install postfix* -y
[root@ system1 ~]# firewall-cmd
–permanent –add-service=smtp
[root@ system1 ~]# firewall-cmd
–reload
[root@ system1 ~]# systemctl
restart postfix.service
[root@ system1 ~]# systemctl
enable postfix.service
[root@ system1 ~]# vim
/etc/postfix/main.cf
Line No 99 : (Remove # ) myorigin
= district10.example.com
Line No 116 : inet_interfaces =
loopback-only
Line No 164 : mydestination =
Line No 317 : (Remove # ) relayhost = [station.network0.example.com]
[root@ system1 ~]# systemctl
restart postfix.service
[root@ system1 ~]# mail -s
“HAI” clarke
This is test mail
.
EOT
To Verify
Click the above Links
System2
[root@ system2 ~]# yum
install postfix* -y
[root@ system2 ~]# firewall-cmd
–permanent –add-service=smtp
[root@ system2 ~]# firewall-cmd
–reload
[root@ system2 ~]# systemctl
restart postfix.service
[root@ system2 ~]# systemctl
enable postfix.service
[root@ system2 ~]# vim
/etc/postfix/main.cf
Line No 99 : (Remove # ) myorigin
= district10.example.com
Line No 116 : inet_interfaces =
loopback-only
Line No 164 : mydestination = “”
Line No 317 : (Remove # ) relayhost = [station.network0.example.com]
[root@ system2 ~]# systemctl restart
postfix.service
[root@ system2 ~]# mail -s
“HAI” clarke
This is test mail
.
EOT
To Verify
9. NFS server
- Configure system1
with the following requirements.
- Share the
/nfsshare directory within the district10.example.com domain clients only,
share must not be writable.
Ans:
[root@ system1 ~]# yum install
nfs* -y
[root@ system1 ~]# systemctl
start nfs-server
[root@ system1 ~]# systemctl
enable nfs-server
[root@ system1 ~]# mkdir
/nfsshare
(Note :
Here no need to give nfsnobody permission for read only share)
[root@ system1 ~]# vim
/etc/exports
/nfsshare
*.district10.example.com(ro,sync)
:wq
[root@ system1 ~]# exportfs -a
[root@ system1 ~]# exportfs -r
[root@ system1 ~]# exportfs
[root@ system1 ~]# exportfs
[root@ system1 ~]# systemctl
restart nfs-server
[root@ system1 ~]# firewall-cmd
--permanent --add-service=nfs
[root@ system1 ~]# firewall-cmd
--permanent --add-service=rpc-bind
t
[root@ system1 ~]# firewall-cmd
--permanent –add-service=mountd
[root@ system1 ~]# firewall-cmd
–reload
[root@ system1 ~]# showmount -e
172.24.10.110
Export list for server2:
/nfsshare *. district10.example.com
Nfs mount
-Mount /nfsshare directory on system2
under /public directory persistently at system boot time.
Ans:
[root@ system2 ~]# mkdir
/public
[root@ system2 ~]# yum
install nfs-utils* -y
[root@ system2 ~]# vim
/etc/fstab
172.24.10.110:/nfsshare
/public nfs defaults
0
0
:wq
[root@ system2 ~]# mount -a
[root@ system2 ~]# df -h
Filesystem
Size
Used Avail Use% Mounted
on
/dev/vda1
10G
3.1G 7.0G 31% /
devtmpfs
906M
0
906M 0% /dev
tmpfs
921M
140K 921M 1% /dev/shm
tmpfs
921M
17M
904M 2% /run
tmpfs
921M
0
921M 0% /sys/fs/cgroup
172.24.10.110:/nfsshare
10G 3.6G
6.5G
36% /public
[root@ system2 ~]# cd
/public
Read Only share Output:
[root@ system2 public]# touch
nfs.txt
touch:
cannot touch ‘777’: Read-only file system
NFS KERBEROS
NFS Secure:
-Share the /nfssecure, enable krb5p
security to secure access to the NFS share from
URL http://station.network0.example.com/pub/keytabs/system1.keytab
Create a directory named as protected
under /nfssecure The exported directory should have
read/write access from all subdomains
of the distric10.example.com domain. Ensure the directory
/nfssecure/protected should be owned
by the user harry with read/write permission..
[root@ system1 ~]# yum install
nfs* krb5* -y ( we already installed nfs
package for previous
normal
share he we just install krb5 packages only )
[root@ system1 ~]# wget
-O /etc/krb5.keytabhttp://server1.domain70.example.com/pub/keytabs/system1.keytab
Saving to: ‘/etc/krb5.keytab’
100%[============================================================================================================>]
1,242 --.-K/s in 0s
2015-12-15 13:06:28 (137 MB/s) -
‘/etc/krb5.keytab’ saved [1242/1242]
[root@ system1 ~]# systemctl
start nfs-server
[root@ system1 ~]# systemctl
start nfs-secure
[root@ system1 ~]# systemctl
start nfs-secure-server
[root@ system1 ~]# systemctl
enable nfs-server
[root@ system1 ~]# systemctl
enable nfs-secure
[root@ system1 ~]# systemctl
enable nfs-secure-server
[root@ system1 ~]# mkdir -p
/nfssecure/protected
[root@ system1 ~]# firewall-cmd
--permanent --add-service=nfs
[root@ system1 ~]# firewall-cmd
--permanent --add-service=rpc-bind
[root@ system1 ~]# firewall-cmd
--permanent - -add-service=mountd
[root@ system1 ~]# firewall-cmd
- -reload
[root@ system1 ~]# chown harry /nfssecure/protected
[root@ system1 ~]# vim
/etc/exports
/nfssecure *.district10.example.com(rw,sync,sec=krb5p)
:wq
[root@ system1 ~]# systemctl restart
nfs-secure-server
[root@ system1 ~]# showmount -e
172.24.10.110
Export list for server2:
/nfsshare
*.district10.example.com
/nfssecure *.district10.example.com
NFS Secure Client:
Mount /nfssecure/protected with krb5p
secured share on system2 beneath /secure/protected
provided with keytab http://station.network0.example.com/pub/keytabs/system2.keytab
The user harry able to write files on
/secure directory
# yum install nfs-utils* krb5*
-y
# mkdir /secure/protected
# setfacl -m u:harry:rwx /secure/
# wget -O /etc/krb5.keytab
http://station.network0.example.com/pub/keytabs/system2.keytab
# systemctl start nfs-secure
# systemctl enable nfs-secure
# vim /etc/fstab
172.24.10.110:/nfsshare
/public nfs defaults
0
0
172.24.10.110:/nfssecure/protected /secure/protected
nfs defaults, sec=krb5p 0
0
:wq
# mount -a
# df -h
Filesystem
Size
Used Avail Use% Mounted
on
/dev/vda1 10G
3.1G 7.0G 31% /
devtmpfs
906M
0
906M 0% /dev
tmpfs
921M
140K 921M 1% /dev/shm
tmpfs 921M
17M 904M 2% /run
tmpfs
921M
0 921M 0% /sys/fs/cgroup
172.24.10.110:/nfsshare
10G
3.6G
6.5G
36% /public
172.24.10.110:/nfssecure/protected 10G
3.3G 6.8G
33% /secure/protected
password:
# df -h
Filesystem Size
Used Avail Use% Mounted
on
/dev/vda1
10G
3.1G 7.0G 31% /
devtmpfs
906M
0
906M 0% /dev
tmpfs
921M
140K 921M 1% /dev/shm
tmpfs
921M
17M 904M 2% /run
tmpfs
921M
0 921M 0% /sys/fs/cgroup
172.24.10.110:/nfsshare
10G
3.6G
6.5G
36% /public
172.24.10.110:/nfssecure/protected 10G
3.3G 6.8G
33% /secure/protected
Read/Write Share Output:
[harry@system2 ~ ] # cd /secure/protected
[harry@system2 secure/protected ] #
touch one; mkdir two
[harry@system2 secure ] # ls
one two
SAMBA :
11. SMB access.
Share the /sambadir directory via SMB
on system1 Your SMB server must be a member of the STAFF
workgroup The share name must be data
.The data share must be available to
district10.example.com domain clients
only The data share must be browseable .Susan must have
read access to the share,
authenticating with the same password “password”, if necessary
[root@ system1 ~]# yum install
samba* -y
[root@ system1 ~]# systemctl
start smb nmb
[root@ system1 ~]# systemctl
enable smb nmb
ln -s
'/usr/lib/systemd/system/smb.service'
'/etc/systemd/system/multi-user.target.wants/smb.service'
ln -s
'/usr/lib/systemd/system/nmb.service' '/etc/systemd/system/multi-user.target.wants/nmb.service'
[root@ system1 ~]# firewall-cmd
--permanent --add-service=samba
success
[root@ system1 ~]# firewall-cmd
--reload
success
[root@ system1 ~]# mkdir
/sambadir
[root@ system1 ~]# semanage
fcontext -a -t samba_share_t '/sambadir(/.*)?'
[root@ system1 ~]# restorecon
-Rv /sambadir/
restorecon reset /sambadir context
unconfined_u:object_r:default_t:s0->unconfined_u:object_r:samba_share_t:s0
[root@ system1 ~]# ll -Zd
/sambadir/
drwxr-xr-x. root root unconfined_u:object_r:samba_share_t:s0
/sambadir/
(all the samba user will be added in our
machine because it all are domain users )
[root@ system1 ~]# smbpasswd -a
Susan
New SMB password:password
Retype new SMB password:password
Added user Susan.
[root@ system1 ~]# smbpasswd -a
frankenstein
New SMB password:SaniTago
Retype new SMB password:SaniTago
Added user frankenstein.
[root@ system1 ~]# smbpasswd -a
martin
New SMB password:SaniTago
Retype new SMB password:SaniTago
Added user martin.
[root@ system1 ~]# ll -d
/sambadir/
drwxr-xr-x. 2 root root 6 Dec 16 10:12
/sambadir/
[root@ system1 ~]# vim
/etc/samba/smb.conf
Line No 89 : workgroup = STAFF
Line No end of the Document:
[data]
path=/sambadir
hosts allow=172.24.10.
browseable=yes
valid users=susan
read list=susan
:wq
[root@ system1 ~]# systemctl
restart smb nmb
[root@ system1 ~]# smbclient -L
//172.24.10.110
Enter root's password: (just enter)
Anonymous login successful
Domain=[STAFF] OS=[Unix] Server=[Samba
4.1.1]
Sharename
Type Comment
---------
----
-------
data
Disk
IPC$
IPC
IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[STAFF] OS=[Unix] Server=[Samba
4.1.1]
Server
Comment
---------
-------
SYSTEM1
Samba Server Version 4.1.1
Workgroup
Master
---------
-------
STAFF
[root@ system1 ~]# smbclient
//172.24.10.110/data -U Susan
Enter susan's password:
Domain=[STAFF] OS=[Unix] Server=[Samba
4.1.1]
smb: \> ls
.
D
0 Wed Dec 16 10:12:30 2015
..
D
0 Wed Dec 16 10:12:30 2015
40913
blocks of size 262144. 27465 blocks available
smb: \>
12.SAMBA Mount
Share /opstack with SMB share name
must be cluster.
The user frankenstein has
readable,writeable,accesseable to the /opstack SMB share. The user martin
has read access to the /opstack SMB
share. Both users should have the SMB passwd "SaniTago".
The share must be browseable
Mount the samba share /opstack
permanently beneath /mnt/smbspace on system2 as a multiuser
mount. The samba share should be
mounted with the credentials of martin.
[root@ system1 ~]# mkdir
/opstack
[root@ system1 ~]# ll -Zd
/opstack/
drwxr-xr-x. root root
unconfined_u:object_r:default_t:s0 /opstack/
[root@ system1 ~]# semanage
fcontext -a -t samba_share_t '/opstack(/.*)?'
[root@ system1 ~]# restorecon
-Rv /opstack/
restorecon reset /opstack context
unconfined_u:object_r:default_t:s0->unconfined_u:object_r:samba_share_t:s0
[root@ system1 ~]# ll -lZd
/opstack/
drwxr-xr-x. root root
unconfined_u:object_r:samba_share_t:s0 /opstack/
[root@ system1 ~]# chmod 775
/opstack/
[root@ system1 ~]# chgrp
frankenstein /opstack/
[root@ system1 ~]# vim
/etc/samba/smb.conf
Line No 89 : workgroup = STAFF
Line No end of the Document:
[data]
path=/sambadir
hosts allow=172.24.10.
browseable=yes
valid users=Susan
read list=Susan
[cluster]
path=/opstack
valid users=@frankenstein,martin
read list=martin
write list=@frankenstein
:wq
[root@server2 ~]# systemctl restart
smb.service nmb.service
[root@server2 ~]# smbclient -L
//172.24.10.110
Enter root's password: (just
enter)
Anonymous login successful
Domain=[STAFF] OS=[Unix] Server=[Samba
4.1.1]
Sharename
Type
Comment
---------
----
-------
data
Disk
cluster Disk
IPC$ IPC
IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[STAFF] OS=[Unix] Server=[Samba
4.1.1]
Server
Comment
---------
-------
SYSTEM1
Samba Server Version 4.1.1
Workgroup
Master
---------
-------
STAFF
[root@server2 ~]# smbclient
//172.24.10.110/cluster -U frankenstein
Enter frankenstein's password:
Domain=[STAFF] OS=[Unix] Server=[Samba
4.1.1]
smb: \> mkdir test
.
D
0 Wed Dec 16 10:32:03 2015
..
D
0 Wed Dec 16 10:32:03 2015
40913
blocks of size 262144. 27466 blocks available
smb: \> exit
[root@server2 ~]# smbclient
//172.24.10.110/cluster -U martin
Enter martin's password:
Domain=[STAFF] OS=[Unix] Server=[Samba
4.1.1]
smb: \> ls
.
D
0 Wed Dec 16 10:32:03 2015
..
D
0 Wed Dec 16 10:32:03 2015
40913
blocks of size 262144. 27466 blocks available
smb: \> exit
SAMBA Client :
12. Smb mount.
-mount the samba share /opstack permanently
beneath /mnt/smbspace on
system2 as a multiuser mount.
-the samba share should be mounted
with the credentials of martin.
[root@desktop2 ~]# yum install
cifs-utils* -y
[root@desktop2 ~]# mkdir /mnt/smbspace
MultiUser Mount
[root@desktop2 ~]# vim /etc/fstab
//172.25.2.11/cluster /mnt/smbspace
cifs credentials=/root/credential.txt,multiuser 0
0
:wq
[root@desktop2 ~]# vim
/root/credential.txt
username=martin
password=SaniTago( press enter)
:wq
[root@desktop2 ~]# mount -a
[root@desktop2 ~]# df -h
Filesystem Size Used Avail Use% Mounted
on
/dev/vda1
10G 3.1G 6.9G 31% /
devtmpfs
906M 0 906M 0% /dev
tmpfs
921M 80K 921M 1%
/dev/shm
tmpfs
921M 17M 904M 2%
/run
tmpfs
921M 0 921M 0%
/sys/fs/cgroup
//172.25.2.11/cluster 10G 3.3G 6.8G 33%
/mnt/smbspace
172.24.70.25:/nfsshare
10G
3.6G
6.5G 36% /public
172.25.70.25:/nfssecure/protected 10G
3.3G
6.8G
33% /secure/protected
[root@desktop2 ~]# cd /mnt/smbspace/
[root@desktop2 smbspace]# touch
samba.txt
read only file system touch cannot
allow
WEB SERVER
Normal :
– Implement a webserver for the
site http://system1.district10.example.com
– Download the webpage from
http://station.district0.example.com/pub/rhce/rhce.html
– rename the downloaded file in
to index.html.
– copy the file into the document
root.
– Do not make any modification with
the content of the index.html.
– Webserver must be available to
clients with domain district10.example.com
– Clients within my22ilt.org should
NOT access the webserver on your systems
[root@system1 ~]# systemctl start httpd
[root@system1 ~]# systemctl
enable httpd
ln -s
'/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@system1 ~]# firewall-cmd
--permanent --add-service=http
success
[root@system1 ~]# firewall-cmd
--reload
success
[root@system1 ~]# cd
/var/www/html/
[root@system1 html]# ls
rhce.html
[root@system1 html]# mv rhce.html
index.html
[root@system1 html]# ls
index.html
[root@system1 html]# mv rhce.html
index.html
[root@system1 html]# ls
index.html
[root@system1 html]# systemctl
restart httpd.service
[root@system1 html]# vim
/etc/httpd/conf/httpd.conf
<virtualhost *:80>
servername
system1.district10.example.com
documentroot /var/www/html
</virtualhost>
[root@system1 html]# httpd -t
Syntax OK
[root@system1 html]# systemctl
restart httpd.service
[root@system1 html]# cd
[root@system1 ~]# vim /etc/hosts.deny
[root@system1 ~]# cat /etc/hosts.deny
#
#
hosts.deny This file contains access rules which are used
to
# deny
connections to network services that either use
# the
tcp_wrappers library or that have been
# started
through a tcp_wrappers-enabled xinetd.
#
# The
rules in this file can also be set up in
# /etc/hosts.allow
with a 'deny' option instead.
#
# See
'man 5 hosts_options' and 'man 5 hosts_access'
# for
information on rule syntax.
# See
'man tcpd' for information on tcp_wrappers
#
#
sshd: *.my133ilt.org
httpd: *.my22ilt.org
:wq
[root@ system1 ~]# vim /etc/hosts.allow
sshd:
*.district10.example.com
httpd: *.district10.example.com
:wq
[root@system1 ~]# systemctl
restart httpd.service
[root@system1 ~]#
use firefox
this normal webpage
[root@system1 ~]# yum install elinks*
-y
[root@system1 ~]# elinks
system1.example.com
this normal webpage
client side
[root@system1 ~]# elinks
system1.example.com
this normal webpage
Secure Web Page Hosting
Secured webserver
– configure the website https://system1.district10.example.com with
TLS
– SSLCertificate file http://classroom.example.com/pub/rhce/tls/certs/system1.networkX.crt
– SSLCertificatekeyfile
http://classroom.example.com/pub/rhce/tls/private/system1.networkX.key
[root@system1 ~]# yum install httpd*
mod_ssl* -y
[root@system1 ~]# vim
/etc/httpd/conf.d/ssl.conf
Line No 56: <VirtualHost
_default_:443>
Line No 59: DocumentRoot
"/var/www/html"
Line No 60:ServerName
https://system1.district10example.com:443
Line No 70:SSLEngine on
Line No 75:SSLProtocol all -SSLv2
Line No 80:SSLCipherSuite
HIGH:MEDIUM:!aNULL:!MD5
Line No 93:(remove
#)SSLHonorCipherOrder on
Line No 100: SSLCertificateFile
/etc/pki/tls/certs/system1.network10.crt (change local host to your
system
hostname)
Line No 107: SSLCertificateKeyFile
/etc/pki/tls/private/system1.network10.key (change local host to
your
system hostname)
Line No 122 : SSLCACertificateFile
/etc/pki/tls/certs/exampleca.crt
</virtualhost>
[root@system1 ~]# cd
/etc/pki/tls/certs/
[root@system1 certs]# wget http://classroom.example.com/pub/tls/certs/system1.network10.crt
[ [root@system1 certs]# cd
/etc/pki/tls/private/
[root@system1 private]#
wget http://classroom.example.com/pub/tls/private/system1.network10.key
[root@system1 private]# cd
[root@system1 ~]# systemctl restart
httpd.service
[root@system1 ~]# firewall-cmd
--permanent --add-service=https
success
[root@system1 ~]# firewall-cmd --reload
success
[root@system1 ~]#
use firefox
this normal webpage
Confidential Web Hosting
webpage content modification.
Implement website for http://system1.district10.example.com/owndir
Create a directory named as “owndir” under
the document root of webserver
Download http://station.network0.example.com/pub/rhce/restrict.html
rename the file into index.html
The content of the owndir should be
visible to everyone browsing from your local
system but should not be accessible
from other location
User harry can edit the contents of
the directory
[root@system1 ~]# cd
/var/www/html/
[root@system1 html]# mkdir owndir
[root@system1 html]# cd owndir/
[root@system1 owndir]# wget
http://station.district0.example.com/pub/rhce/restrict.html
[root@system1 owndir]#
ls
restrict.html
[root@system1 owndir]#
mv restrict.html index.html
[root@system1 owndir]#
ls
index.html
[root@system1 owndir]#
vim /etc/httpd/conf/httpd.conf
[root@system1 owndir]#
chown harry /var/www/html/owndir/
<virtualhost *:80>
servername
system1.district10.example.com
documentroot /var/www/html
</virtualhost>
<directory
/var/www/html/owndir>
order deny,allow
deny from all
allow from 172.24.10.110
</directory>
[root@system1 ~]#
systemctl restart httpd.service
firefox:
this restricted page
client :
[root@system2 ~]#
firefox
1. Forbidden
You don't have
permission to access /owndir on this server.
Virtual hosting.
– Setup a virtual host with an
alternate document root .
– Extend your web to include a
virtual for the site http://www.district10.example.com
– Set the document root as
/usr/local/vhost
– Download http://station.network0.example.com/pub/rhce/vhost.html
– rename it as index.html place
this document root of the virtual host
– Note: The other websites configures
for your server must still accessible.
vhosts.networkX.example.com is
already provide by the name server on
example.com
[root@system1~]# mkdir
/usr/local/vhost
[root@system1~]# cd /usr/local/vhost
[root@system1 vhost]#
wget http://station.network0.example.com/pub/rhce/vhost.html
[root@system1 vhost]#
semanage fcontext -a -t httpd_sys_content_t ' /usr/local/SIT
(/.*)?'
[root@system1 vhost]#
restorecon -Rv /usr/local/SIT/
restorecon reset /usr/local/vhost context
unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /usr/local/vhost/vhost.html context
unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
[root@system1 vhost]#
ls
vhost.html
[root@system1 vhost]#
mv vhost.html index.html
[root@system1 SIT]#
ls
index.html
[root@system1 SIT]#
vim /etc/httpd/conf/httpd.conf
<virtualhost *:80>
servername www.district10.example.com
documentroot /usr/local/vhosts
</virtualhost>
<directory /usr/local/vhosts>
require all granted
</directory>
[root@system1 ~]# vim /etc/hosts
172.25.10.110 www.district10.example.com
:wq
firefox
this is virtual web page
client side :
(In our Examination no need to put hosts entry , if “hosts entry”
entered also no issuses)
[root@system2 ~]# vim /etc/hosts
172.25.10.110 www.district10.example.com
:wq
firefox
this is virtual web page
Dynamic Webpage configuration.
-configure website http://dynamic.district10.example.com:8899 on system1 with the document root/var/www/scripts
-site should executes webapp.wsgi
-page is already provided on http://station.district0.example.com/pub/webapp.wsgi
-content of the script should not be modified.
[root@system1~]# cd /var/www/scripts
[root@system1~]# semanage fcontext -a -t
httpd_sys_script_exec_t '/var/www/scripts(/.*)?'
[root@system1~]# semanage port -a -t
http_port_t -p tcp 8899
[root@server70 ~]# restorecon -Rv /var/www/scripts
restorecon reset /var/www/scripts context unconfined_u:object_r:var_t:s0->unconfined_u:object_r:httpd_sys_script_exec_t:s0
restorecon reset /var/www/scripts/webapp.wsgi
context
unconfined_u:object_r:var_t:s0->unconfined_u:object_r:httpd_sys_script_exec_t:s0
[root@server70 ~]# vim /etc/httpd/conf/httpd.conf
listen 8899
<virtualhost *:8899>
servername dynamic.district10.example.com
documentroot /var/www/scripts
WSGIScriptAlias / /var/www/scripts/webapp.wsgi
</virtualhost>
<directory /var/www/scripts>
require all granted
</directory>
[root@system1 ~]# vim /etc/hosts
172.25.10.110 dynamic.district10.example.com
:wq
O/P
Goto Firefox
Address: dynamic.distrcit10.example.com:8899
UNIX EPOCH time is now:
1450238773.24
(if you press F5 time time will be automatically
changed)
18. Script 1
-create a script on serverX called /root/random with following details.
-When run as /root/random user, should bring the output as �kernel�
-When run as /root/random kernel, should bring the output as �user�
-When run with any other arguments or without argument,
should bring the stderr as �/root/random user|kernel�
[root@server2 ~]# vim /root/random
read a
case $a in
user )
echo "kernel";;
kernel )
echo "user";;
* )
echo "/root/random
user|kernel" >> stderr
esac
[root@server2 ~]# chmod a+x /root/random
[root@server2 ~]# /root/random
user
kernel
[root@server2 ~]# /root/random
kernel
user
[root@server2 ~]# /root/random
f
[root@server2 ~]# ls
anaconda-ks.cfg random stderr
[root@server2 ~]# cat stderr
/root/random user|kernel
[root@server2 ~]#
19. Script 2
-Create a script on serverX called /root/createusers
-When this script is called with the testfile argument, it should add all
the users from the file
-Download the file from http://station.district0.example.com/pub/rhce/testfile
-All users should have the login shell as /bin/false, password not required.
-When this script is called with anyother arguments, it should
print the message as �Input File Not Found�
-When this script is run without any arguments, it should
display �Usage: /root/createusers�
Note: If the users are added no need to delete.
[root@server2 ~]# cat testfile
arul
john
david
[root@server2 ~]# vim /root/createusers
a=""
case "$@" in
testfile )
for i in `cat /root/testfile`
do
useradd -s /bin/false
$i
done;;
$a)echo "Input File Not Found";;
*)echo "Usage: /root/createusers";;
esac
[root@server2 ~]# chmod a+x /root/createusers
[root@server2 ~]# /root/createusers
Usage: /root/createusers
[root@server2 ~]# /root/createusers 111
Input File Not Found
[root@server2 ~]# tail -n 5 /etc/passwd
pulse:x:171:171:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
gnome-initial-setup:x:993:991::/run/gnome-initial-setup/:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
[root@server2 ~]# /root/createusers testfile
[root@server2 ~]# tail -n 5 /etc/passwd
tcpdump:x:72:72::/:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
arul:x:1001:1001::/home/arul:/bin/false
john:x:1002:1002::/home/john:/bin/false
david:x:1003:1003::/home/david:/bin/false
MARIADB :
22.MaridDB Configuration
Configure a MariaDB on System1
with a database name Contacts.
The Database must be accessible
locally only.
The root password must be
zaldebro.
Apart from root, only the user
Zyuichi must be able to query the Contacts Database.
Zyuichi must be identified by
zaldebro.
Restore a database on system1
from the backup file
http://station.district0.example.com/pub/rhce/backup.mdb
23.MariaDB Query
Find the first name of user with
password “ecosystem”
MariaDB [student]> use mysql
MariaDB [mysql]> show tables;
MariaDB [mysql]> show grants for john@'172.25.5.%';
MariaDB [mysql]> select * from tables_priv;
[root@server2 ~]# yum
groupinstall mariadb mariadb-client -y
[root@server2 ~]# systemctl start
mariadb
[root@server2 ~]# systemctl
enable mariadb
ln -s
'/usr/lib/systemd/system/mariadb.service'
'/etc/systemd/system/multi-user.target.wants/mariadb.service'
[root@server2 ~]# firewall-cmd
--permanent --add-service=mysql
success
[root@server2 ~]# firewall-cmd
--permanent --add-port=3306/tcp
success
[root@server2 ~]# firewall-cmd
--reload
success
[root@server2 ~]# vim /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
skip-networking=1 (this line ) {note if
skip-networking=1 means deny remote login
skip-networking=0
means allow remote login)
[root@server2 ~]#
mysql_secure_installation
Enter current password for root
(enter for none): ( if fresh installation means just enter)
Set root password? [Y/n] Y
New password: zaldebro
Re-enter new password: zaldebro
Password updated successfully!
Reloading privilege tables..
... Success!
Remove anonymous users? [Y/n] y
... Success!
Disallow root login remotely? [Y/n] y
... Success!
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reload privilege tables now? [Y/n] y
... Success!
[root@server2 ~]# mysql -u root -p
Enter password: zaldebro
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.35-MariaDB MariaDB Server
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current
input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database
|
+--------------------+
| information_schema |
| mysql
|
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> create database Contacts;
MariaDB [(none)]> show databases;
+--------------------+
| Database
|
+--------------------+
| information_schema |
| mysql
|
| performance_schema |
| Contacts |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> exit
Bye
[root@server2 ~]# wget http://station.district0.example.com/pub/rhce/backup.mdb
--2015-12-16 12:24:49-- http://station.district0.example.com/pub/rhce/backup.mdb
Resolving c (c)... 172.25.254.254
Connecting to c (c)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3785 (3.7K)
Saving to: ‘backup.mdb’
100%[============================================================================================================>]
3,785 --.-K/s in 0s
2015-12-16 12:24:49 (460 MB/s) - ‘backup.mdb’ saved [3785/3785]
[root@server2 ~]# ls
anaconda-ks.cfg backup.mdb
[root@server2 ~]# mysql -u root -p Contacts < backup.mdb
Enter password: zaldebro
[root@server2 ~]# mysql -u root -p
Enter password: zaldebro
MariaDB [(none)]> use Contacts
Database changed
MariaDB [Contacts]> show tables;
+-------------------+
| Tables_in_student |
+-------------------+
| category
|
| manufacturer |
| product
|
+-------------------+
3 rows in set (0.00 sec)
MariaDB [Contacts]> describe product;
+-----------------+--------------+------+-----+---------+----------------+------------
| Field
|
Type | Null |
Key | Default | Extra |
+-----------------+--------------+------+-----+---------+----------------+-----------------
| id
|
int(11)
|
NO | PRI | NULL | auto_increment |
| name
|
varchar(100) | NO
| | NULL
| |
| price
|
double | NO |
| NULL |
|
| stock
|
int(11) | NO |
| NULL | |
| id_category
|
int(11) | NO |
| NULL
| |
| id_manufacturer |
int(11) | NO |
| NULL
| |
+-----------------+--------------+------+-----+---------+----------------+
6 rows in set (0.00 sec)
MariaDB [student]> help grant
example:
CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
GRANT ALL ON db1.* TO 'jeffrey'@'localhost';
GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
GRANT USAGE ON *.* TO 'jeffrey'@'localhost' WITH
MAX_QUERIES_PER_HOUR 90;
MariaDB [student]> create user 'Zyuichi'@'localhost' identified
by 'zaldebro';
Query OK, 0 rows affected (0.00 sec)
MariaDB [student]> grant all on student.product to
'Zyuichi'@'localhost';
Query OK, 0 rows affected (0.00 sec)
MariaDB [student]> Select first name from tablename
where password=”echosystem”;
Client :
[root@desktop2 ~]# yum groupinstall
mariadb-client* -y
[root@desktop2 ~]# mysql -u root -p
-h 172.25.2.11
Enter password:
ERROR 1045 (28000): Access denied
for user 'root'@'desktop2.example.com' (using password: YES)
[root@desktop13 ~]# mysql -u
Zyuichi -p -h 172.25.13.11
Enter password: zaldebro
ERROR 1130 (HY000): Host
'desktop13.example.com' is not allowed to connect to this MariaDB server
[root@desktop13 ~]#
17) script:1
--->create a script on serverX called /root/random with the
following details
--->when run as /root/random Postconf, should bring the output
as "Postroll"
--->when run as /root/random Postroll, should bring the output
as "Postconf"
--->when run with only other argument or wihout argument, should
bring the stderr as
"/root/random Postconf | Postroll"
$@ is to refer argument as a separate word
case Stating this is conditioned structure to reduce difficulties
from a normal statement like
if/then/elif/then/else
“” To disabled meaning of special characters
#vim /root/random
case $@ in
postconf ) echo "Postroll";;
Postroll ) echo "postconf";;
*) echo
"/root/random postconf | Postroll";;
esac
#chmod a+x /root/random
18) script 2:
--->create a script on serverX called /root/createusers
--->when this script is called with the test file argument, it
should add all the users from the file
--->downloaded the fire from
http://station.network0.example.com/pub/testfile
--->all user should have the login shell as /bin/false, passwd
not required.
--->when this script is called wih anyother argument, it should
print the message "Input File Not Found"
--->When this script is run without any argument, it should
dissplay "Usage "/root/createuser"
Note:- If the users are added no need to delete.
Ans:
#wget http://classroom.example.com/pub/testfile
#vim /root/createusers
a=""
case $@ in
testfile ) for b in `cat testfile`
do
useradd -s /bin/false $b;
done;;
$a ) echo "Usage:/root/createusers";;
* ) echo "Input file Not Found";;
esac
#chmod a+x /root/createusers
21. ISCSI Storage.
-
Create a new 3GB target on your system1.district10.example.com.
-
The logical block name should be lvm The server should export an iscsi
disk
called
iqn.2015-12.com.example.district10:system1
-
This target should only be allowed only be allowed to system2
[root@server2 ~]# yum install
target* -y
[root@server2 ~]# systemctl start
target
[root@server2 ~]# systemctl
enable target
ln -s '/usr/lib/systemd/system/target.service'
'/etc/systemd/system/multi-user.target.wants/target.service'
[root@server2 ~]# firewall-cmd
--permanent --add-port=3260/tcp
success
[root@server2 ~]# firewall-cmd
--reload
success
[root@server2 ~]# fdisk -l
[root@server2 ~]# fdisk /dev/vda
Command (m for help): p
Device Boot
Start
End
Blocks Id System
/dev/vda1 *
2048 472143871
236070912 83 Linux
/dev/vda2
472143872 488396799
8126464 82 Linux swap / Solaris
Command (m for help): n
Partition type:
p primary
(0 primary, 0 extended, 4 free)
e
extended
Select (default p): e
Partition number (1-4, default
1):
First sector (2048-20971519,
default 2048):
Using default value 2048
Last sector, +sectors or
+size{K,M,G} (2048-20971519, default 20971519):
Using default value 20971519
Partition 1 of type Extended and
of size 10 GiB is set
Command (m for help): n
Partition type:
p primary
(0 primary, 1 extended, 3 free)
l logical
(numbered from 5)
Select (default p): l
Adding logical partition 5
First sector (4096-20971519,
default 4096):
Using default value 4096
Last sector, +sectors or
+size{K,M,G} (4096-20971519, default 20971519): +4G
Partition 5 of type Linux and of
size 4 GiB is set
Command (m for help): t
Partition number (1,5, default
5): 5
Hex code (type L to list all
codes): 8e
Changed type of partition 'Linux'
to 'Linux LVM'
Command (m for help): w
The partition table has been
altered!
Calling ioctl() to re-read
partition table.
Syncing disks.
[root@server2 ~]# partprobe
/dev/vda
[root@server2 ~]# pvcreate
/dev/vda5
Physical volume
"/dev/vda5" successfully created
[root@server2 ~]# vgcreate one
/dev/vdb5
Volume group
"one" successfully created
[root@server2 ~]# lvcreate -L +3G
-n two /dev/mapper/one
Logical volume "two"
created
[root@server2 ~]# targetcli
/> /backstores/block
create lvm /dev/mapper/one-two
Created block storage
object lvm using /dev/mapper/one-two.
/> /iscsi create iqn.2015-12.com.example.district10:system1
Created target iqn.2015-12.com.example.district10:system1.
Created TPG 1.
/> /iscsi/iqn.2015-12.com.example.district10:system1/tpg1/acls create iqn.2015-
12.com.example.district10:system2
Created Node ACL for iqn.2015-12.com.example.district10:system2
/> /iscsi/iqn.2015-12.com.example.district10:system1/tpg1/luns create
/backstores/block/lvm
Created LUN 0.
Created LUN 0->0 mapping in
node ACL iqn.2015-12.com.example.district10:system2
/> /iscsi/iqn.2015-12.com.example.district10:system2/tpg1/portals create 172.24.10.110
Using default IP port 3260
Created network portal
172.24.10.110:3260.
/> saveconfig
Last 10 configs saved in
/etc/target/backup.
Configuration saved to
/etc/target/saveconfig.json
/> exit
Global pref
auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to
/etc/target/saveconfig.json
[root@server2 ~]# systemctl
restart target.service
ISCSI Initiator
-The system1 provides an iscsi port(3260).
-connect the disk with system2.district10.example.com and
configure filesystem with the following requirements.
-Create 2040 MB partition on ISCSI block device and assign the
filesystem as ext3.
-Mount the volume under /mnt/initiator at the system boot time.
Client :
[root@desktop2 ~]# yum install
iscsi-initiator-utils* -y
[root@desktop2 ~]# vim
/etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2015-12.com.example.district10:system2
:wq
[root@desktop2 ~]# systemctl
restart iscsi iscsid.service
[root@desktop2 ~]# systemctl
enable iscsi iscsid.service
ln -s
'/usr/lib/systemd/system/iscsid.service'
'/etc/systemd/system/multi-user.target.wants/iscsid.service'
[root@desktop2 ~]# iscsiadm -m
discovery -t st -p 172.25.2.11
172.25.2.11:3260,1 iqn.2015-12.com.example.district10:system1
[root@desktop2 ~]# iscsiadm -m
node -T iqn.2015-12.com.example.district10:system1 -p 172.25.2.11
[root@desktop2 ~]# iscsiadm -m
node -T iqn.2015-12.com.example.district10:system1 -p 172.25.2.11 -l
Logging in to [iface: default,
target: iqn.2015-12.com.example.district10:system1, portal: 172.25.2.11,3260]
(multiple)
Login to [iface: default,
target: iqn.2015-12.com.example.district10:system1, portal: 172.25.2.11,3260]
successful.
[root@desktop2 ~]# lsblk
NAME MAJ:MIN RM SIZE
RO TYPE MOUNTPOINT
sda
8:0 0
3G 0 disk
vda
253:0 0
10G 0 disk
└─vda1 253:1 0
10G 0 part /
vdb
253:16 0 10G 0 disk
[root@desktop2 ~]# fdisk /dev/sda
Command (m for help): p
Device Boot
Start
End
Blocks Id System
Command (m for help): n
Partition type:
p primary
(0 primary, 0 extended, 4 free)
e
extended
Select (default p): p
Partition number (1-4, default
1):
First sector (8192-6291455,
default 8192):
Using default value 8192
Last sector, +sectors or
+size{K,M,G} (8192-6291455, default 6291455): +2048M
Partition 1 of type Linux and of
size +2048MBs set
Command (m for help): p
Device Boot
Start
End
Blocks Id System
/dev/sda1
8192
1646591 819200
83 Linux
Command (m for help): w
[root@desktop2 ~]# partprobe
/dev/sda
[root@desktop2 ~]# mkfs.ext3
/dev/sda1
[root@desktop2 ~]# mkdir
/mnt/initiator
[root@desktop2 ~]# vim /etc/fstab
/dev/sda1
/mnt/initiator ext3
_netdev 0
0
:wq
[root@desktop2 ~]# mount -a
[root@desktop2 ~]# df -h
Filesystem
Size Used Avail Use% Mounted
on
//172.25.2.11/OPENGROUP 10G 3.3G
6.8G 33%
/mnt/smbspace
172.24.70.25:/nfsshare
10G
3.6G
6.5G
36%
/public
172.25.70.25:/nfssecure/protected 10G
3.3G
6.8G
33%
/secure/protected
/dev/sda1
2024M
33M
1998M
5%
/mnt/initiator
RHCE 7 QUESTIONS
and Answer
Domain Name:
System1:
system1.district10.example.com
System2:
system2.district10.example.com
IP Address:
System1:172.24.10.110/24
System1:172.24.10.120/24
Name Server: 172.24.10.250
Gateway:172.24.10.254
Root password : zaldebro
1.Configure selinux. Configure
your systems that should be running in Enforcing.
2.Configure repository. Create
a Repository for your virtual machines. The URI ishttp://station.district0.example.com/content/rhel7.0/x86_64/dvd
3. SSH configuration.
Clients within my133ilt.org should
NOT have access to ssh on your systems
Clients with domain
district10.example.com should be able to access the systems
4. Port forwarding
Configure system1 to forward traffic
incoming on port 80/tcp from source network 172.24.X.0/255.255.255.0 to port on
5243/tcp
5. User Environment.
Create a command called qstat on both
system1 and system2. It should able to execute the following command(ps
eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm)
The command should be executable by
all users.
6. Ipv6 network.
Configure eth0 with a static ipv6
addresses as follows.
Configure a Static IPv6 address in
system1 as fddb:fe2a:ab1e::c0a8:64/64.
Configure a Static IPv6 address in
system2 as fddb:fe2a:ab1e::c0a8:02/64.
Both machines are able to communicate
within the network fddb:fe2a:able/64
The changes should be permanent even
after the reboot
7. Link aggregation Configure
your system1 and system2, which watches for link changes and selects an active
port for data transfers. System1 should have the address as
172.24.10.10/255.255.255.0. System2 should have the address as
172.24.10.20/255.255.255.0
8. SMTP Configuration.
Configure the SMTP mail service on system1 and system2 which relay the
mail only from local system through station.network0.example.com, all outgoing
mail have their sender domain as example.com. Verify the mail server is
working by sending mail to a local user clarke.
Check the mail on both system1 and
system2 with the below URL
9. NFS server.
Configure system1 with the following
requirements.
Share the /nfsshare directory within
the example.com domain clients only, share must not be writable. Share
the /nfssecure, enable krb5p security to secure access to the NFS share from
URIhttp://station.network0.example.com/pub/keytabs/system1.keytab
Create a directory named as protected
under /nfssecure The exported directory should have read/write access
from all subdomains of the example.com domain. Ensure the directory
/nfssecure/protected should be owned by the user harry with read/write
permission.
10. Nfs mount
Mount /nfsshare directory on system2
under /public directory persistently at system boot time. Mount
/nfssecure/protected with krb5p secured share on system2 beneath
/secure/protected provided with keytab
http://station.network0.example.com/pub/keytabs/system2.keytab
The user harry able to write files on
/secure directory
11. Smb access
Share the /sambadir directory via SMB
on system1 Your SMB server must be a member of the STAFF workgroup
The share name must be data .The data share must be available to
district10.example.com domain clients only The data share must be
browseable .Susan must have read access to the share, authenticating with the
same password “password”, if necessary
12.SAMBA Mount
Share /opstack with SMB share name
must be cluster.
The user frankenstein has
readable,writeable,accessible to the /opstack SMB share. The user martin
has read access to the /opstack SMB share. Both users should have the SMB
passwd "SaniTago".
The share must be browseable
Mount the samba share /opstack
permanently beneath /mnt/smbspace on system2 as a multiuser mount. The
samba share should be mounted with the credentials of martin.
13. Webserver.
Implement a webserver for the site
http://system1.district10.example.com
Download the webpage
fromhttp://station.district0.example.com/pub/rhce/rhce.html
Rename the downloaded file in to
index.html.
copy the file into the document root.
Do not make any modification with the
content of the index.html.
Webserver must be available to
clients with domain district10.example.com
Clients within my22ilt.org should NOT
access the webserver on your systems
14) Secured webserver
configure the websitehttps://system1.example.comwith
TLS
SSLCertificate file
http://classroom.example.com/pub/rhce/tls/certs/system1.networkX.crt
SSLCertificatekeyfile
http://classroom.example.com/pub/rhce/tls/private/system1.networkX.key
SSL CA certificate
filehttp://classroom.example.com/pub/exampleca.crt
15) Webpage content modification.
Implement website for
http://system1.district10.example.com/owndir
Create a directory named as
"owndir" under the document root of webserver
Download http://station.network0.example.com/pub/rhce/restrict.html
Rename the file into index.html
The content of the owndir should be
visible to everyone browsing from your local system but should not be
accessible from other location
User harry can edit the contents of
the directory
16) Virtual hosting
Setup a virtual host with an
alternate document root. Extend your web to include a virtual for the
sitehttp://www.district10.example.com
Set the document root as
/usr/local/vhosts
Downloadhttp://station.network0.example.com/pub/rhce/vhost.html
Rename it as index.html place
this document root of the virtual host
Note: The other websites configures
for your server must still accessible. vhosts.networkX.example.com is already
provide by the name server on example.com
17. Dynamic Webpage Configuration.
Configure
websitehttp://dynamic.district10.example.com:8899 on system1 with the
documentroot /var/www/scripts Site should executes webapp.wsgi.
Page is already provided on
http://station.district0.example.com/pub/webapp.wsgi Content of the
script should not be modified.
18) Script1
Create a script on system1 called
/root/random with following details. When run as /root/random user,
should bring the output as "user" When run as /root/random
kernel, should bring the output as "user" When run with any
other argument or without argument, should bring the stderr as
"/root/random user|kernel"
19) Script2
Create a script on system1 called
/root/createusers When this script is called with the argument, it should
add all the users from the file Download the file
fromhttp://station.district0.example.com/pub/testfile
All users should have the login shell
as /bin/false, password not required.
When this script is called with
anyother argument, it should print the message as "Input File Not
Found" When this script is run without any argument, it should
display "Usage: /root/createusers"
20. ISCSI Storage
Create a new 3GB target on your
system1.district10.example.com. The logical block name should be lvm The
server should export an iscsi disk called
iqn.2015-12.com.example.district10:system1. This target should only be
allowed to system2
21. ISCSI Initiator
The system1 provides an iscsi
port(3260).
connect the disk with
system2.district10.example.com and configure filesystem with the following
requirements.
Create 2040 MB partition on ISCSI
block device and assign the filesystem as ext3.
Mount the volume under /mnt/initiator
at the system boot time.
22.MaridDB Configuration
Configure a MariaDB on System1
with a database name Contacts.
The Database must be accessible
locally only.
The root password must be zaldebro.
Apart from root, only the user
Zyuichi must be able to query the Contacts Database.
Zyuichi must be identified by
zaldebro.
Restore a database on system1 from
the backup file http://station.district0.example.com/pub/rhce/backup.mdb
23.MariaDB Query
Find the first name of user with
password “ecosystem”
Hi Sir, do you have questions for openstack that will help me :)
উত্তরমুছুনhi Shuvhashis Paul; Do you have email.
উত্তরমুছুনdo you have two or more question
উত্তরমুছুনThanks and that i have a swell provide: House Renovation house renovation calgary
উত্তরমুছুন