Manager
From DHVLab
Network Configuration
NFS Server
#install required packages
yum install nfs-utils libnfsidmap
#create exports
cat << EOT >> /etc/exports
/exports/homes DMZ_NETWORK/DMZ_SUBNETMASK (rw,sync,no_root_squash,no_all_squash,fsid=1)
NODE_NETWORK/NODE_SUBNETMASK(rw,sync,no_root_squash,no_all_squash,fsid=1)
EOT
#start and enable NFS server
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
systemctl start rpc-statd
systemctl start nfs-idmapd
DHCP Daemon
#install required packages
yum install dhcp
Edit configuration file
/etc/dhcp/dhcpd.conf
authoritative;
#DMZ network definition
subnet DMZ_NETWORK netmask DMZ_SUBNETMASK {
interface NIC2;
range DMZ_NETWORK_START_IP DMZ_NETWORK_END_IP;
default-lease-time 600;
max-lease-time 7200;
option domain-name "DMZ.YOUR_DOMAIN";
option domain-name-servers MANAGER_DMZ_IP;
option broadcast-address DMZ_NETWORK_BROADCAST;
option subnet-mask DMZ_SUBNETMASK;
option routers MANAGER_DMZ_IP;
}
#Nodes network definition
subnet NODES_NETWORK netmask NODES_SUBNETMASK {
interface NIC1;
range NODE_NETWORK_START_IP NODE_NETWORK_START_IP;
default-lease-time 600;
max-lease-time 7200;
option domain-name "NODE.YOUR_DOMAIN";
option domain-name-servers MANAGER_NODE_IP;
option broadcast-address NODE_NETWORK_BROADCAST;
option subnet-mask NODES_SUBNETMASK;
option routers MANAGER_NODES_IP;
}
#...
#define fixed addresses
host HOST_0_NAME {
hardware ethernet XX:XX:XX:XX:XX:XX;
fixed-address HOST_0_IP;
option host-name "HOST_0_NAME";
}
host HOST_1_NAME {
hardware ethernet XX:XX:XX:XX:XX:XX;
fixed-address HOST_1_IP;
option host-name "HOST_1_NAME";
}
#....
systemctl start dhcpd.service
systemctl enable dhcpd.service
BIND Daemon
#install required packages
yum install bind bind-utils
/etc/named.conf
options {
listen-on port 53 { 127.0.0.1; DMZ_MANAGER_IP; NODES_MANAGER_IP;};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 127.0.0.1; DMZ_NETWORK/24; NODES_NETWORK/24;};
allow-transfer { trusted; };
recursion yes;
forwarders {
LOCAL_DNS_SERVER_IP;
PROVIDER_DNS_SERVER_IP;
OTHER_DNS_SERVERS;
};
forward only ;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
acl "trusted" {
localhost;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";
/etc/named/named.conf.local
zone "DMZ.YOUR_DOMAIN" IN {
type master;
file "/etc/named/zones/dmz.YOUR_DOMAIN.zone";
};
zone "XXX.XXX.XXX.in-addr.arpa" IN {
type master;
file "/etc/named/zones/XXX.XXX.XXX.zone";
};
zone "nodes.YOUR_DOMAIN" IN {
type master;
file "/etc/named/zones/nodes.YOUR_DOMAIN.zone";
};
zone "XXX.XXX.XXX.in-addr.arpa" IN {
type master;
file "/etc/named/zones/XXX.XXX.XXX.zone";
};
Create zone files
/etc/named/zones/dmz.YOUR_DOMAIN.zone
$TTL 1D
dmz.YOUR_DOMAIN. IN SOA MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
200612060 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
@ IN NS MANAGER.dmz.YOUR_DOMAIN.
MANAGER.YOUR_DOMAIN. IN A MANAGER_IP ; Firewall/Gateway
WEB.dmz.YOUR_DOMAIN. IN A WEBSERVER_IP ; Webserver
...
/etc/named/zones/XXX.XXX.XXX.zone
$TTL 1D
@ IN SOA MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
200612060 ; serial
2H ; refresh slaves
5M ; retry
1W ; expire
1M ; Negative TTL
)
IN NS MANAGER.dmz.YOUR_DOMAIN.
XXX IN PTR MANAGER.dmz.YOUR_DOMAIN.
XXX IN PTR WEB.dmz.YOUR_DOMAIN.
#fix permissions
chgrp named -R /var/named
chown -v root:named /etc/named.conf
#enable service
systemctl enable named
systemctl start named