Difference between revisions of "Manager"
From DHVLab
Wiki admin (talk | contribs) (→DHCP Daemon) |
Wiki admin (talk | contribs) (→BIND Daemon) |
||
Line 77: | Line 77: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
− | == BIND Daemon == | + | == BIND Daemon == |
+ | <syntaxhighlight lang="bash"> | ||
+ | #install required packages | ||
+ | yum install bind bind-utils | ||
+ | </syntaxhighlight> | ||
+ | /etc/named.conf | ||
+ | <syntaxhighlight lang="text"> | ||
+ | options { | ||
+ | listen-on port 53 { 127.0.0.1; DMZ_MANAGER_IP; NODES_MANAGER_IP;}; | ||
+ | directory "/var/named"; | ||
+ | dump-file "/var/named/data/cache_dump.db"; | ||
+ | statistics-file "/var/named/data/named_stats.txt"; | ||
+ | memstatistics-file "/var/named/data/named_mem_stats.txt"; | ||
+ | allow-query { 127.0.0.1; DMZ_NETWORK/24; NODES_NETWORK/24;}; | ||
+ | allow-transfer { trusted; }; | ||
+ | recursion yes; | ||
+ | forwarders { | ||
+ | LOCAL_DNS_SERVER_IP; | ||
+ | PROVIDER_DNS_SERVER_IP; | ||
+ | OTHER_DNS_SERVERS; | ||
+ | }; | ||
+ | forward only ; | ||
+ | dnssec-enable yes; | ||
+ | dnssec-validation yes; | ||
+ | bindkeys-file "/etc/named.iscdlv.key"; | ||
+ | managed-keys-directory "/var/named/dynamic"; | ||
+ | pid-file "/run/named/named.pid"; | ||
+ | session-keyfile "/run/named/session.key"; | ||
+ | }; | ||
+ | acl "trusted" { | ||
+ | localhost; | ||
+ | }; | ||
+ | logging { | ||
+ | channel default_debug { | ||
+ | file "data/named.run"; | ||
+ | severity dynamic; | ||
+ | }; | ||
+ | }; | ||
+ | zone "." IN { | ||
+ | type hint; | ||
+ | file "named.ca"; | ||
+ | }; | ||
+ | include "/etc/named.rfc1912.zones"; | ||
+ | include "/etc/named.root.key"; | ||
+ | include "/etc/named/named.conf.local"; | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | /etc/named/named.conf.local | ||
+ | <syntaxhighlight lang="text"> | ||
+ | zone "DMZ.YOUR_DOMAIN" IN { | ||
+ | type master; | ||
+ | file "/etc/named/zones/dmz.YOUR_DOMAIN.zone"; | ||
+ | }; | ||
+ | |||
+ | zone "XXX.XXX.XXX.in-addr.arpa" IN { | ||
+ | type master; | ||
+ | file "/etc/named/zones/XXX.XXX.XXX.zone"; | ||
+ | }; | ||
+ | |||
+ | zone "nodes.YOUR_DOMAIN" IN { | ||
+ | type master; | ||
+ | file "/etc/named/zones/nodes.YOUR_DOMAIN.zone"; | ||
+ | }; | ||
+ | |||
+ | zone "XXX.XXX.XXX.in-addr.arpa" IN { | ||
+ | type master; | ||
+ | file "/etc/named/zones/XXX.XXX.XXX.zone"; | ||
+ | }; | ||
+ | </syntaxhighlight> | ||
+ | Create zone files<br/> | ||
+ | /etc/named/zones/dmz.YOUR_DOMAIN.zone | ||
+ | <syntaxhighlight lang=""> | ||
+ | $TTL 1D | ||
+ | |||
+ | dmz.YOUR_DOMAIN. IN SOA MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. ( | ||
+ | 200612060 ; serial | ||
+ | 2H ; refresh slaves | ||
+ | 5M ; retry | ||
+ | 1W ; expire | ||
+ | 1M ; Negative TTL | ||
+ | ) | ||
+ | @ IN NS MANAGER.dmz.YOUR_DOMAIN. | ||
+ | MANAGER.YOUR_DOMAIN. IN A MANAGER_IP ; Firewall/Gateway | ||
+ | WEB.dmz.YOUR_DOMAIN. IN A WEBSERVER_IP ; Webserver | ||
+ | ... | ||
+ | </syntaxhighlight> | ||
+ | /etc/named/zones/XXX.XXX.XXX.zone | ||
+ | <syntaxhighlight lang="text"> | ||
+ | $TTL 1D | ||
+ | @ IN SOA MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. ( | ||
+ | 200612060 ; serial | ||
+ | 2H ; refresh slaves | ||
+ | 5M ; retry | ||
+ | 1W ; expire | ||
+ | 1M ; Negative TTL | ||
+ | ) | ||
+ | IN NS MANAGER.dmz.YOUR_DOMAIN. | ||
+ | XXX IN PTR MANAGER.dmz.YOUR_DOMAIN. | ||
+ | XXX IN PTR WEB.dmz.YOUR_DOMAIN. | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | <syntaxhighlight lang="bash"> | ||
+ | #fix permissions | ||
+ | chgrp named -R /var/named | ||
+ | chown -v root:named /etc/named.conf | ||
+ | |||
+ | #enable service | ||
+ | systemctl enable named | ||
+ | systemctl start named | ||
+ | </syntaxhighlight> | ||
== LDAP Server == | == LDAP Server == |
Revision as of 21:03, 9 September 2016
Network Configuration
NFS Server
#install required packages
yum install nfs-utils libnfsidmap
#create exports
cat << EOT >> /etc/exports
/exports/homes DMZ_NETWORK/DMZ_SUBNETMASK (rw,sync,no_root_squash,no_all_squash,fsid=1)
NODE_NETWORK/NODE_SUBNETMASK(rw,sync,no_root_squash,no_all_squash,fsid=1)
EOT
#start and enable NFS server
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
systemctl start rpc-statd
systemctl start nfs-idmapd
DHCP Daemon
#install required packages
yum install dhcp
Edit configuration file
/etc/dhcp/dhcpd.conf
authoritative;
#DMZ network definition
subnet DMZ_NETWORK netmask DMZ_SUBNETMASK {
interface NIC2;
range DMZ_NETWORK_START_IP DMZ_NETWORK_END_IP;
default-lease-time 600;
max-lease-time 7200;
option domain-name "DMZ.YOUR_DOMAIN";
option domain-name-servers MANAGER_DMZ_IP;
option broadcast-address DMZ_NETWORK_BROADCAST;
option subnet-mask DMZ_SUBNETMASK;
option routers MANAGER_DMZ_IP;
}
#Nodes network definition
subnet NODES_NETWORK netmask NODES_SUBNETMASK {
interface NIC1;
range NODE_NETWORK_START_IP NODE_NETWORK_START_IP;
default-lease-time 600;
max-lease-time 7200;
option domain-name "NODE.YOUR_DOMAIN";
option domain-name-servers MANAGER_NODE_IP;
option broadcast-address NODE_NETWORK_BROADCAST;
option subnet-mask NODES_SUBNETMASK;
option routers MANAGER_NODES_IP;
}
#...
#define fixed addresses
host HOST_0_NAME {
hardware ethernet XX:XX:XX:XX:XX:XX;
fixed-address HOST_0_IP;
option host-name "HOST_0_NAME";
}
host HOST_1_NAME {
hardware ethernet XX:XX:XX:XX:XX:XX;
fixed-address HOST_1_IP;
option host-name "HOST_1_NAME";
}
#....
systemctl start dhcpd.service
systemctl enable dhcpd.service
BIND Daemon
#install required packages
yum install bind bind-utils
/etc/named.conf
options {
listen-on port 53 { 127.0.0.1; DMZ_MANAGER_IP; NODES_MANAGER_IP;};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 127.0.0.1; DMZ_NETWORK/24; NODES_NETWORK/24;};
allow-transfer { trusted; };
recursion yes;
forwarders {
LOCAL_DNS_SERVER_IP;
PROVIDER_DNS_SERVER_IP;
OTHER_DNS_SERVERS;
};
forward only ;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
acl "trusted" {
localhost;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";
/etc/named/named.conf.local
zone "DMZ.YOUR_DOMAIN" IN {
type master;
file "/etc/named/zones/dmz.YOUR_DOMAIN.zone";
};
zone "XXX.XXX.XXX.in-addr.arpa" IN {
type master;
file "/etc/named/zones/XXX.XXX.XXX.zone";
};
zone "nodes.YOUR_DOMAIN" IN {
type master;
file "/etc/named/zones/nodes.YOUR_DOMAIN.zone";
};
zone "XXX.XXX.XXX.in-addr.arpa" IN {
type master;
file "/etc/named/zones/XXX.XXX.XXX.zone";
};
Create zone files
/etc/named/zones/dmz.YOUR_DOMAIN.zone
$TTL 1D
dmz.YOUR_DOMAIN. IN SOA MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
200612060 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
@ IN NS MANAGER.dmz.YOUR_DOMAIN.
MANAGER.YOUR_DOMAIN. IN A MANAGER_IP ; Firewall/Gateway
WEB.dmz.YOUR_DOMAIN. IN A WEBSERVER_IP ; Webserver
...
/etc/named/zones/XXX.XXX.XXX.zone
$TTL 1D
@ IN SOA MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
200612060 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
IN NS MANAGER.dmz.YOUR_DOMAIN.
XXX IN PTR MANAGER.dmz.YOUR_DOMAIN.
XXX IN PTR WEB.dmz.YOUR_DOMAIN.
#fix permissions
chgrp named -R /var/named
chown -v root:named /etc/named.conf
#enable service
systemctl enable named
systemctl start named