Difference between revisions of "Manager"

From DHVLab

(DHCP Daemon)
(BIND Daemon)
Line 77: Line 77:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
== BIND Daemon ==  
+
== BIND Daemon ==
 +
<syntaxhighlight lang="bash">
 +
#install required packages
 +
yum install bind bind-utils
 +
</syntaxhighlight>
 +
/etc/named.conf
 +
<syntaxhighlight lang="text">
 +
options {
 +
        listen-on port 53 { 127.0.0.1; DMZ_MANAGER_IP; NODES_MANAGER_IP;};
 +
        directory      "/var/named";
 +
        dump-file      "/var/named/data/cache_dump.db";
 +
        statistics-file "/var/named/data/named_stats.txt";
 +
        memstatistics-file "/var/named/data/named_mem_stats.txt";
 +
        allow-query    { 127.0.0.1; DMZ_NETWORK/24; NODES_NETWORK/24;};
 +
        allow-transfer { trusted; };
 +
        recursion yes;
 +
        forwarders {
 +
                LOCAL_DNS_SERVER_IP;
 +
                PROVIDER_DNS_SERVER_IP;
 +
                OTHER_DNS_SERVERS;
 +
        };
 +
        forward only ;
 +
        dnssec-enable yes;
 +
        dnssec-validation yes;
 +
        bindkeys-file "/etc/named.iscdlv.key";
 +
        managed-keys-directory "/var/named/dynamic";
 +
        pid-file "/run/named/named.pid";
 +
        session-keyfile "/run/named/session.key";
 +
};
 +
acl "trusted" {
 +
        localhost;
 +
};
 +
logging {
 +
        channel default_debug {
 +
                file "data/named.run";
 +
                severity dynamic;
 +
        };
 +
};
 +
zone "." IN {
 +
        type hint;
 +
        file "named.ca";
 +
};
 +
include "/etc/named.rfc1912.zones";
 +
include "/etc/named.root.key";
 +
include "/etc/named/named.conf.local";
 +
</syntaxhighlight>
 +
 
 +
/etc/named/named.conf.local
 +
<syntaxhighlight lang="text">
 +
zone "DMZ.YOUR_DOMAIN" IN {
 +
        type master;
 +
        file "/etc/named/zones/dmz.YOUR_DOMAIN.zone";
 +
};
 +
 
 +
zone "XXX.XXX.XXX.in-addr.arpa" IN {
 +
        type master;
 +
        file "/etc/named/zones/XXX.XXX.XXX.zone";
 +
};
 +
 
 +
zone "nodes.YOUR_DOMAIN" IN {
 +
        type master;
 +
        file "/etc/named/zones/nodes.YOUR_DOMAIN.zone";
 +
};
 +
 
 +
zone "XXX.XXX.XXX.in-addr.arpa" IN {
 +
        type master;
 +
        file "/etc/named/zones/XXX.XXX.XXX.zone";
 +
};
 +
</syntaxhighlight>
 +
Create zone files<br/>
 +
/etc/named/zones/dmz.YOUR_DOMAIN.zone
 +
<syntaxhighlight lang="">
 +
$TTL 1D
 +
 
 +
dmz.YOUR_DOMAIN.      IN    SOA    MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
 +
                            200612060                ; serial
 +
                            2H                        ; refresh slaves
 +
                            5M                        ; retry
 +
                            1W                        ; expire
 +
                            1M                        ; Negative TTL
 +
)
 +
@                    IN      NS      MANAGER.dmz.YOUR_DOMAIN.
 +
MANAGER.YOUR_DOMAIN.  IN      A      MANAGER_IP      ; Firewall/Gateway
 +
WEB.dmz.YOUR_DOMAIN.  IN      A      WEBSERVER_IP    ; Webserver
 +
...
 +
</syntaxhighlight>
 +
/etc/named/zones/XXX.XXX.XXX.zone
 +
<syntaxhighlight lang="text">
 +
$TTL 1D
 +
@                    IN      SOA    MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
 +
                              200612060                ; serial
 +
                              2H                      ; refresh slaves
 +
                              5M                      ; retry
 +
                              1W                      ; expire
 +
                              1M                      ; Negative TTL
 +
)
 +
                      IN      NS      MANAGER.dmz.YOUR_DOMAIN.
 +
XXX                  IN      PTR    MANAGER.dmz.YOUR_DOMAIN.
 +
XXX                  IN      PTR    WEB.dmz.YOUR_DOMAIN.
 +
</syntaxhighlight>
 +
 
 +
<syntaxhighlight lang="bash">
 +
#fix permissions
 +
chgrp named -R /var/named
 +
chown -v root:named /etc/named.conf
 +
 
 +
#enable service
 +
systemctl enable named
 +
systemctl start named
 +
</syntaxhighlight>
  
 
== LDAP Server ==
 
== LDAP Server ==

Revision as of 21:03, 9 September 2016


Network Configuration

NFS Server

#install required packages
yum install nfs-utils libnfsidmap

#create exports
cat << EOT >> /etc/exports
/exports/homes     DMZ_NETWORK/DMZ_SUBNETMASK  (rw,sync,no_root_squash,no_all_squash,fsid=1)   
                   NODE_NETWORK/NODE_SUBNETMASK(rw,sync,no_root_squash,no_all_squash,fsid=1)
EOT

#start and enable NFS server
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
systemctl start rpc-statd
systemctl start nfs-idmapd

DHCP Daemon

#install required packages
yum install dhcp

Edit configuration file
/etc/dhcp/dhcpd.conf

authoritative;
#DMZ network definition
subnet DMZ_NETWORK netmask DMZ_SUBNETMASK {
        interface NIC2;
        range DMZ_NETWORK_START_IP DMZ_NETWORK_END_IP;
        default-lease-time 600;
        max-lease-time 7200;
        option domain-name "DMZ.YOUR_DOMAIN";
        option domain-name-servers MANAGER_DMZ_IP;
        option broadcast-address DMZ_NETWORK_BROADCAST;
        option subnet-mask DMZ_SUBNETMASK;
        option routers MANAGER_DMZ_IP;
}
#Nodes network definition
subnet NODES_NETWORK netmask NODES_SUBNETMASK {
        interface NIC1;
        range NODE_NETWORK_START_IP NODE_NETWORK_START_IP;
        default-lease-time 600;
        max-lease-time 7200;
        option domain-name "NODE.YOUR_DOMAIN";
        option domain-name-servers MANAGER_NODE_IP;
        option broadcast-address NODE_NETWORK_BROADCAST;
        option subnet-mask NODES_SUBNETMASK;
        option routers MANAGER_NODES_IP;
}
#...
#define fixed addresses
host HOST_0_NAME {
                hardware ethernet XX:XX:XX:XX:XX:XX;
                fixed-address HOST_0_IP;
                option host-name "HOST_0_NAME";
}
host HOST_1_NAME {
                hardware ethernet XX:XX:XX:XX:XX:XX;
                fixed-address HOST_1_IP;
                option host-name "HOST_1_NAME";
}
#....


systemctl start dhcpd.service
systemctl enable dhcpd.service

BIND Daemon

#install required packages
yum install bind bind-utils

/etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; DMZ_MANAGER_IP; NODES_MANAGER_IP;};
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 127.0.0.1; DMZ_NETWORK/24; NODES_NETWORK/24;};
        allow-transfer { trusted; };
        recursion yes;
        forwarders {
                LOCAL_DNS_SERVER_IP;
                PROVIDER_DNS_SERVER_IP;
                OTHER_DNS_SERVERS;
        };
        forward only ;
        dnssec-enable yes;
        dnssec-validation yes;
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
acl "trusted" {
        localhost;
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";

/etc/named/named.conf.local

zone "DMZ.YOUR_DOMAIN" IN {
        type master;
        file "/etc/named/zones/dmz.YOUR_DOMAIN.zone";
};

zone "XXX.XXX.XXX.in-addr.arpa" IN {
        type master;
        file "/etc/named/zones/XXX.XXX.XXX.zone";
};

zone "nodes.YOUR_DOMAIN" IN {
        type master;
        file "/etc/named/zones/nodes.YOUR_DOMAIN.zone";
};

zone "XXX.XXX.XXX.in-addr.arpa" IN {
        type master;
        file "/etc/named/zones/XXX.XXX.XXX.zone";
};

Create zone files
/etc/named/zones/dmz.YOUR_DOMAIN.zone

$TTL 1D

dmz.YOUR_DOMAIN.      IN     SOA     MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
                             200612060                 ; serial
                             2H                        ; refresh slaves
                             5M                        ; retry
                             1W                        ; expire
                             1M                        ; Negative TTL
)
@                     IN      NS      MANAGER.dmz.YOUR_DOMAIN.
MANAGER.YOUR_DOMAIN.  IN      A       MANAGER_IP       ; Firewall/Gateway
WEB.dmz.YOUR_DOMAIN.  IN      A       WEBSERVER_IP     ; Webserver
...

/etc/named/zones/XXX.XXX.XXX.zone

$TTL 1D
@                     IN      SOA     MANAGER.dmz.YOUR_DOMAIN. YOUR_EMAIL.YOUR_DOMAIN. (
                              200612060                ; serial
                              2H                       ; refresh slaves
                              5M                       ; retry
                              1W                       ; expire
                              1M                       ; Negative TTL
)
                      IN      NS      MANAGER.dmz.YOUR_DOMAIN.
XXX                   IN      PTR     MANAGER.dmz.YOUR_DOMAIN.
XXX                   IN      PTR     WEB.dmz.YOUR_DOMAIN.
#fix permissions
chgrp named -R /var/named
chown -v root:named /etc/named.conf

#enable service
systemctl enable named
systemctl start named

LDAP Server