Posts in Category: rhce

Postfix – Set up a Postfix Null Client on RHEL/CentOS 7

A null client (aka a forwarding agent):

  • Is a machine that has a mail server software running on it – you can install a mail client, e.g. Thunderbird so to create mails for the mail server to send.
  • Can only send mail. It can’t even send mail locally
  • Doesn’t try to work out how to best route the email to it’s destination. In fact, it is quite crude and sends all mails to a central mail server, which in turn does the actual routing work.

You can follow along this article by using our CentOS 7 postfix vagrant demo project. In our example we have the following setup:

+--------------------+    +--------------------------+    +--------------------+
|               															

Samba – Set up CIFS Server on RHEL/CentOS 7

If you have directories on your machine that you want to share out to other machines then you can do this by setting up your machine as an NFS server. However with NFS you can only share out folders to machine that are also in the same private network. If you want share folders to other machines over the public internet, then that’s where you need to use the Samba/CIFS protocol. You can follow along this article using this Samba vagrant project on Github.

We will walk through the following example:

+--------------------------+              +--------------------------+
|                      															

NFS – Use Kerberos to control NFS access on CentOS/RHEL 7

The NFS setups we’ve covered so far didn’t have any authentication or encryption setup. To some extent that wasn’t needed since NFS only works inside internal networks. However it is possible to setup authentication+encryption using Kerberos. Here’s an example setup that we’ll be working through:

                   +------------------------------+
                   |                              |
                 															

NFS – Set up private group folders

Let’s say you want to setup group folder that’s available via nfs. However this time only a particulat Linux group is allowed to have read+write access to this folder. You can do this by ensuring the exported folder is owned by a group, and then setup the SGID. You can follow along this article using this vagrant project on Github.

We will walk through the following example:

+--------------------------+              +--------------------------+
|                          |              |      															

NFS – Set up an NFS server on CentOS/RHEL 7

If you have directories on your machine that you want to share out to other machines then you can do this by setting up your system as an NFS server. You can follow along this article using this vagrant project on Github.

We will walk through the following example:

+--------------------------+              +--------------------------+
|                          |              |                          |
|															

DNS – Connectiong a CentOS/RHEL 7 client to an internal DNS server

If you want to override the dhcp provided dns server, to a custom internal dns server, then you need to make the configuration via NetworkManager.

You can follow along with this article using our dns demo vagrant environment.

Let’s say your custom dns server’s ip address is 192.170.10.100, then before you do any configurations to start using it, first you should test to see that you can connect to it:

[root@dns-client ~]# nc -v 192.170.10.100 53
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.170.10.100:53.

If that works, then the next thing to do is manually test the dns server by seding a test query:

[root@dns-client ~]# dig  @192.170.10.100 codingbee.net

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> @192.170.10.100 codingbee.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59367
;;															

DNS – Configure a caching-only name server on CentOS/RHEL 7

A caching-only DNS server is a server that sits inside an internal network that all the other boxes in the internal network uses when it wants they do a dns lookup. You can follow along with this article using our dns demo vagrant environment.

A caching-only DNS server doesn’t have a full dns db, instead it would query actual dns servers to get the info and then feed it back to the requester. It will than cache the request so that it responds quicker if the request is made again.
There’s a few reason for using caching-only DNS servers:

  • Better security – internal servers can do dns lookup within the internal network, so can close the dns port from network to the public
  • Better performance – you get

RHCE – Make websites more secure by setting up HTTPS and SSL/TLS for CentOS 7

So far we have configured web servers to allow connections via the http protocol. However http is not secure which is why it’s better to use https.

When using https, we actually encrypt all data traffic using Symmetric and Asymmetric Encryption.

To setup the above encryption system on our Apache server, we need to first to install the ssl addon module that will allow Apache to be able to communicate on the SSL/TLS layer:

$ yum install mod_ssl

Next we need to install the software that is used for generating public-private key-pairs, so that we can create a key-pair for our web server.

$ yum install openssl

Next we create the private key and it’s csr file. We generate the private key by running the following:

$ openssl genpkey -algorithm RSA -out cb.com.private.key -pkeyopt rsa_keygen_bits:2048
...+++
.......................................+++

Here,


System monitoring and reporting using sysstat and dstat on CentOS/RHEL 7

It’s often useful to measure and view various system utilisation metrics, such as for:

  • cpu
  • memory
  • disk
  • network

There are a lot of tools that can measure and collect these metrics, including:

  • dstat – suited for creating realtime reports
  • sysstat – suited for creating historical reports

dstat in action

Dstat shows realtime system utilisation data. First you need to install it:

$ yum install dstat

running dstat on it’s own gives a steady stream of output until you exit out:

[root@target man]# dstat
You did not select any stats, using -cdngy by default.
----total-cpu-usage---- -dsk/total- -net/total- ---paging-- ---system--
usr sys idl wai hiq siq| read  writ| recv  send|  in   out | int   csw
  0   0 100   0   0   0|  23k   53k|   0  															

iSCSI – target and initiators

iSCSI (internet Small Computer System Interface) is an IP based storage networking protocol that’s designed for sharing block storage over the internet. iSCSI follows the Server-Client model. The Server (aka Target) makes storage available for Clients (aka Initiators) to use.

The Target makes the storage available in the form of a block device (e.g. /dev/sdb). As a result the Initiators views the remote storage as a locally attached block device, and therefore treats the remote block device like an ordinary block device, e.g. you can run command like fdisk, pvcreate, mkfs.ext4,…etc against it. This means that when Initiator successfully establish a session with a Target, one or more block devices in the /dev folder (e.g. /dev/sdc) will suddenly appear and be ready for use.

However, these remote block devices