Tag: installation

How to Deploy a DNS Server on CentOS 7

jbcortezfLeave a comment

In this step-by-step tutorial I’ll try to make it as faster as I can in the way you will not waste your entire life reading to make something working.

I’ll not explain every detail and what is a DNS Server (but I promisse I can make a post regarding this topic for those who don’t know).

This Post is to make you do what you need to do without bla bla bla.

The initial setup in my case is:

Hostname: ns.zlab.com

IPADDR=192.168.193.2
NETMASK=255.255.255.0
GATEWAY=192.168.193.1
DNS1=8.8.8.8
DNS2=8.8.4.4

First of all, make a clean centOS 7 installation and update it with:

yum update -y

Reboot

shutdown -rf now

Done this, you will need to install the bind packages and configure some files.

yum install bind bind-utils -y

Than, you will need to create the zones directory (where you’ll place the files regarding your DNS zones ;-)).

mkdir /etc/named/zones

On /etc/named.conf you will need it to be like this (pay attention on piece of text in bold – that’s what you’ll need to adapt in order to fit your needs).

vi /etc/named.conf

Copy the code above, adapt to your needs, paste and save.

Note that what was modified:

The server IP Address: 192.168.192.2
The allow-query session to: any
Add the code block with Google’s DNS Forward Information (You can use your Preferred DNS).

        forwarders {
                8.8.8.8;
                8.8.4.4;
        };

Add the line that will include the file with the zone information itself.

include "/etc/named/named.conf.local";

The final version should looks like this:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
        listen-on port 53 { 127.0.0.1; 192.168.193.2; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        forwarders {
                8.8.8.8;
                8.8.4.4;
        };


        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.root.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";

After that, let’s create the /etc/named/named.conf.local file.

vi /etc/named/named.conf.local

This must the the content (please adapt it to your needs, the lines you need to adjust are in bold).

zone "zlab.com" {
    type master;
    file "/etc/named/zones/zlab.com";
};

zone "193.168.192.in-addr.arpa" {
    type master;
    file "/etc/named/zones/db.192.168.193";  # 192.168.193.0/24 subnet
};

Than, create the zone files, in my case is zlab.com and db.192.168.193.

vi /etc/named/zones/zlab.com

The content should be like this (change according to your needs) :

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     zlab.com. admin.zlab.com. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.zlab.com.
ns.zlab.com.              IN      A       192.168.193.2

Note that this line 

ns.zlab.com.              IN      A       192.168.193.2

is the record about your DNS server itself. I’ll need to add the rest of your infrastructure using the same schema, example:

ns.zlab.com.              IN      A       192.168.193.2
ldap.zlab.com.            IN      A       192.168.193.10
w10.zlab.com.             IN      A       192.168.193.20

Save the file and edit the reverse zone file, in my case db.192.168.193 file.

vi /etc/named/zones/db.192.168.193

The content should be like this (change according to your needs) :

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     zlab.com. admin.zlab.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.

; also list other computers
10      IN      PTR     ns.zlab.com.           ; 192.168.193.2

Note that this line

10      IN      PTR     ns.zlab.com.           ; 192.168.193.2

is the record about your DNS server itself. I’ll need to add the rest of your infrastructure using the same schema, example:

10      IN      PTR     ns.zlab.com.           ; 192.168.193.2
10      IN      PTR     ldap.zlab.com.         ; 192.168.193.10
10      IN      PTR     w10.zlab.com.          ; 192.168.193.20

Save the file.

Change the server DNS to 127.0.0.1 so your network config should look like this:

IPADDR=192.168.193.2
NETMASK=255.255.255.0
GATEWAY=192.168.193.1
DNS1=127.0.0.1

Restart the bind daemon.

systemctl restart named

Make it enabled in the system (to be enabled after reboot)

systemctl enable named

Set firewall rules:

firewall-cmd --permanent --new-service=named
firewall-cmd --permanent --zone=public --add-port=53/tcp
firewall-cmd --permanent --zone=public --add-port=53/udp
firewall-cmd --reload

Now is the best part, make it work on your infrastructure!

It’s really simple now!

Where you in normal situation would setup Google or your Internet Provider DNS, you set the DNS Server IP Address.

Example for linux centOS machines:

IPADDR=192.168.193.X
NETMASK=255.255.255.0
GATEWAY=192.168.193.1
DNS1=192.168.193.2

You’ll need to adapt it according to your client Operational System.

Hope it helps you.

How to Install Docker on CentOS 7 Version

jbcortezfLeave a comment

Hello Guys, here’s the steps:

Suppose we’re running it as root.

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum update
yum install docker
systemctl start docker
systemctl enable docker
systemctl status docker

That’s it, quite simple right?

How to build a NIM Server on AIX 6.1 from the Scratch :: Part 1

jbcortezfLeave a comment

Hello Fellas!

Here is a good how to build from the Scratch a NIM Server under AIX 6.1. (The operation for version 7.1 stills the same, anyway).

Well, for this environment i dedicate one vg for this NIM as best practices. So, let’s take a look on our vgs:

# lspv
hdisk0          00047ff1211f84d2                    rootvg          active      
hdisk1          00047ff12252331b                    nimvg           active

Remembering our OS version

# oslevel -s
6100-08-02-1316

Checking fot the NIM packages already installed by default regarding nim environment:

# lslpp -l | grep nim
bos.sysmgt.nim.client     6.1.8.15  COMMITTED  Network Install Manager -
bos.sysmgt.nim.client     6.1.8.15  COMMITTED  Network Install Manager -

So, with our AIX 6.1 cd0 mounted, let’s install the nim SPOT and nim MASTER packages:

# installp -Ld /dev/cd0 | grep nim
X11.Dt:X11.Dt.helpmin:6.1.2.0::I:T:::::N:AIX CDE Minimum Help Files ::::0:0846:
X11.msg.DE_DE:X11.msg.DE_DE.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - German (UTF)::::0::
X11.msg.EN_US:X11.msg.EN_US.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - U.S. English (UTF)::::0::
X11.msg.FR_FR:X11.msg.FR_FR.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - French (UTF)::::0::
X11.msg.IT_IT:X11.msg.IT_IT.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - Italian (UTF)::::0::
X11.msg.JA_JP:X11.msg.JA_JP.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - Japanese (UTF)::::0::
X11.msg.Ja_JP:X11.msg.Ja_JP.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - Japanese::::0::
X11.msg.de_DE:X11.msg.de_DE.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - German::::0::
X11.msg.en_US:X11.msg.en_US.Dt.helpmin:6.1.0.0::I:T:::::N:AIX CDE Minimum Help Files - U.S. English::::0:0747:
X11.msg.fr_FR:X11.msg.fr_FR.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - French::::0::
X11.msg.it_IT:X11.msg.it_IT.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - Italian::::0::
X11.msg.ja_JP:X11.msg.ja_JP.Dt.helpmin:6.1.4.0::I:T:::::N:AIX CDE Minimum Help Files - Japanese IBM-eucJP::::0::
bos.sysmgt:bos.sysmgt.nim.client:6.1.8.15::I:C:::::N:Network Install Manager - Client Tools ::::0:1316:
bos.sysmgt:bos.sysmgt.nim.master:6.1.8.15::I:T:::::N:Network Install Manager - Master Tools ::::0:1316:
bos.sysmgt:bos.sysmgt.nim.spot:6.1.8.15::I:T:::::N:Network Install Manager - SPOT ::::0:1316:

Let’s install first the nim.spot filesets:

# installp -agXd /dev/cd0 bos.sysmgt.nim.spot
+-----------------------------------------------------------------------------+
Pre-installation Verification...
+-----------------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results... SUCCESSES --------- Filesets listed in this section passed pre-installation verification and will be installed. Selected Filesets ----------------- bos.sysmgt.nim.spot 6.1.8.15 # Network Install Manager - SPOT << End of Success Section >> +-----------------------------------------------------------------------------+ BUILDDATE Verification ... +-----------------------------------------------------------------------------+ Verifying build dates...done FILESET STATISTICS ------------------ 1 Selected to be installed, of which: 1 Passed pre-installation verification ---- 1 Total to be installed +-----------------------------------------------------------------------------+ Installing Software... +-----------------------------------------------------------------------------+ installp: APPLYING software for: bos.sysmgt.nim.spot 6.1.8.15 . . . . . << Copyright notice for bos.sysmgt >> . . . . . . . Licensed Materials - Property of IBM 5765G6200 Copyright International Business Machines Corp. 1993, 2013. All rights reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. . . . . . << End of copyright notice for bos.sysmgt >>. . . . Finished processing all filesets. (Total time: 16 secs). +-----------------------------------------------------------------------------+ Summaries: +-----------------------------------------------------------------------------+ Installation Summary -------------------- Name Level Part Event Result ------------------------------------------------------------------------------- bos.sysmgt.nim.spot 6.1.8.15 USR APPLY SUCCESS #

Then, we can install the nim.master filesets:

# installp -agXd /dev/cd0 bos.sysmgt.nim.master
+-----------------------------------------------------------------------------+
Pre-installation Verification...
+-----------------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results...

SUCCESSES
---------
Filesets listed in this section passed pre-installation verification
and will be installed.

Selected Filesets
-----------------
bos.sysmgt.nim.master 6.1.8.15 # Network Install Manager - Ma...

<< End of Success Section >>

+-----------------------------------------------------------------------------+
BUILDDATE Verification ...
+-----------------------------------------------------------------------------+
Verifying build dates...done
FILESET STATISTICS
------------------
1 Selected to be installed, of which:
1 Passed pre-installation verification
----
1 Total to be installed

+-----------------------------------------------------------------------------+
Installing Software...
+-----------------------------------------------------------------------------+

installp: APPLYING software for:
bos.sysmgt.nim.master 6.1.8.15

. . . . . << Copyright notice for bos.sysmgt >> . . . . . . .
Licensed Materials - Property of IBM

5765G6200
Copyright International Business Machines Corp. 1993, 2013.

All rights reserved.
US Government Users Restricted Rights - Use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM Corp.
. . . . . << End of copyright notice for bos.sysmgt >>. . . .

Successfully updated the Kernel Authorization Table.
Successfully updated the Kernel Role Table.
Successfully updated the Kernel Command Table.
Successfully updated the Kernel Device Table.
Successfully updated the Kernel Object Domain Table.
Successfully updated the Kernel Domains Table.
Finished processing all filesets. (Total time: 42 secs).

+-----------------------------------------------------------------------------+
Summaries:
+-----------------------------------------------------------------------------+

Installation Summary
--------------------
Name Level Part Event Result
-------------------------------------------------------------------------------
bos.sysmgt.nim.master 6.1.8.15 USR APPLY SUCCESS

After this 2 operations, we may have the filesets needed for the nim server configuration:

# lslpp -l | grep nim
bos.sysmgt.nim.client     6.1.8.15  COMMITTED  Network Install Manager -
bos.sysmgt.nim.master     6.1.8.15  COMMITTED  Network Install Manager -
bos.sysmgt.nim.spot       6.1.8.15  COMMITTED  Network Install Manager - SPOT
bos.sysmgt.nim.client     6.1.8.15  COMMITTED  Network Install Manager -

Starting the setup (using smit – easier):


# smit nim

Image 1.

  1. Select: Configure the NIM Environment

Image 2.

  1. Select: Configure a Basic NIM Environment (Easy Startup)

Image 3.

  1. Primary Network Interface for the NIM Master: Choose the network card used for the NIM network connection;
  2. Input device for installation images: In our case, i choose cd0 as the mounted AIX 6.1 ISO from the VIOS;
  3. LPP SOURCE Name: I Choose AIX61DISK1LPP to inform that this is the Disk 1 for the AIX 6.1 Installation media;
  4. Filesystem SIZE (MB): 4000 = 4GB (The size of the ISO file);
  5. VOLUME GROUP for new filesystem: nimvg (as the vg created for holding the files);

Image 4.

  1. SPOT Name: I choose AIX61DISK1SPOT to identify what the spot is about;
  2. Filesystem SIZE (MB): 650, as the space for swap files during installation/processing. The minimum is 500M.
  3. VOLUME GROUP for new filesystem: Again the nimvg as the vg defined for this use.

Image 5.

  1. Remove all newly added NIM definitions and filesystems if any part of this operation fails?: Yes, in case of fails, bring everything to the same place.

Image 6.

After all setting being inputed, hit enter, and start the Resource creation. (Be carefully, umount the /dev/cd0 to avoid mounting problems if using this drive as source for this LPP).

Image 7.

(After some time… ) Installation Finish.

So, next part we will talk about creating new LPP/SPOT resources. It’ll be available soon, stay tunned!