centos_specifics

Sources: access.redhat.com, techmint

cat /etc/redhat-release #prints OS name along with release number.

Network configuration steps.

ip addr list #lists all connected NICs Network Interface Card

ifdown eth0 #to turn off eth0

ifup eth0 #to turn on eth0  #Complains "/sbin/ifup: configuration for eth<N> not found", Incase if hardware is attached later after os installation. Need to create one like following sample file in path /etc/sysconfig/network-scripts/ifcfg-eth<N>

#File: /etc/sysconfig/network-scripts/ifcfg-eth<N>

DEVICE=eth<N>

HWADDR=<ONE LISTED BY LIST COMMAND> e.g- 08:00:27:B2:19:2e 

TYPE=Ethernet

UUID=<GENERATE ONE USING UUIDGEN COMMAND> #uuidgen is default available in linux.

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=dhcp # OR static with IPADDR

#If static ip needed on any NIC, change above config file as following:

ONBOOT=yes

BOOTPROTO=static

IPADDR=192.168.56.1

#To Turn off firewalls: This might be required on systems within a network which is already secured by a firewall. 

chkconfig iptables off

chkconfig ip6tables off

#If you see error like iptables is not a service try firewalld... found working with centos 7

systemctl status firewalld

firewall-cmd --list-ports

firewall-cmd --list-services

firewall-cmd --add-port=80/tcp --permanent

firewall-cmd --reload

#To Disable selinux security feature: Change in file /etc/sysconfig/selinux as:   

SELINUX=disabled

# Install mysql.

    yum install mysql-server

    service mysqld start

    /usr/bin/mysqladmin -u root password 'new-password'

    /usr/bin/mysqladmin -u root -h <HOST_NAME> password 'new-password'

    chkconfig mysqld on ##To set mysql service to be started at system start-up.

#install pip

    curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"

    python get-pip.py

    pip install bs4

yum grouplist ##This will show all groups available and then choose group you want to install or run directly

yum groupinstall 'Development Tools' ##This will save you from other problems which might come in future while installing from source.

#Add new harddisk.

ls /dev/sd* #lists all connected StorageDevice

fdisk /dev/sdb #assuming new storage device is /dev/sdb, create new partition

mkfs.ext4 -L test /dev/sdb #this assigns label to new device and installs FileSystem on it.

mkdir /newDrive

mount /dev/sdb /newDrive  #this mounts new drive to directory /newDerive.

#Navigate through application & other menus in top(desktop installation only) without mouse.

Alt + F1

#Switch through various centos workspaces.

Ctrl + Alt + UP/DOWN arrows

#Install chrome Sources:www.tecmint.com(Landed in error for dependency...)

1.Create a file called /etc/yum.repos.d/google-chrome.repo and add the following lines of code to it.

[google-chrome]

name=google-chrome

baseurl=http://dl.google.com/linux/chrome/rpm/stable/$basearch

enabled=1

gpgcheck=1

gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub

2. Check if repo is ready for use.

yum info google-chrome-stable

3. Install

yum install google-chrome-stable

OR,

yum install https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm

#install docker. Sources: www.liquidweb.com

#install java: Setup default java to newly extracted jdk path using alternatives...-------------------

#Adding a new alternative for "java".

sudo update-alternatives --install /usr/bin/java java /media/mydisk/jdk/bin/java 1

# Setting the new alternative as default for "java".

sudo update-alternatives --config java

---------------------------------------------------------JAVA ALTERNATIVES-------------------------------------

Problem#1: ifconfig : command not found

Soln: installed net-tools : 

yum install net-tools

Problem#2: npm unable to download packages. (npm ERR! Error: CERT_UNTRUSTED)

Soln:

Clear cache .

Every Linux System has three options to clear cache without interrupting any processes or services.

1. Clear PageCache only.

# sync; echo 1 > /proc/sys/vm/drop_caches

2. Clear dentries and inodes.

# sync; echo 2 > /proc/sys/vm/drop_caches

3. Clear PageCache, dentries and inodes.

# sync; echo 3 > /proc/sys/vm/drop_caches 

Explanation of above command.

sync will flush the file system buffer. Command Separated by “;” run sequentially. The shell wait for each command to terminate before executing the next command in the sequence. As mentioned in kernel documentation, writing to drop_cache will clean cache without killing any application/service, command echo is doing the job of writing to file.

If you have to clear the disk cache, the first command is safest in enterprise and production as  “...echo 1 > ….” will clear the PageCache only. It is not recommended to use third option above  “...echo 3 >” in production until you know what you are doing, as it will clear PageCache, dentries and inodes.

Add swap memory. Sources: aws-ec2

dd if=/dev/zero of=/swapfile bs=1G count=4 #4gb swap of 4 blocks (1GB each)

chmod 600 /swapfile

mkswap /swapfile

swapon /swapfile

swapon -s

Add swap to fstab for automatic load at reboot.

vi /etc/fstab

/swapfile swap swap defaults 0 0

Add menu to KDE application Launcher

Create an <APP_NAME.desktop> file as follows(Example for Yed graph editor application ) and place it into /usr/share/applications/.

[Desktop Entry]

Name=yEd Graph Editor

Comment=yEd Graph Editor

Exec=/opt/yed-3.18.2/yedcutor.sh 

Icon=/opt/yed-3.18.2/icons/yicon16.png

Terminal=false

Type=Application

Network

scan all open ports using nmap

setup local DNS using /etc/hosts (entries to be copied on all nodes ) & /etc/nsswitch.conf 

#Adding protocols to local firewall.. make iptable changes permanent. iptables written in /etc/sysconfig/iptables. 

iptables --list

iptables -I INPUT -p tcp -s 0/0 --dport 8080 -j ACCEPT

service iptables save

service iptables restart

setup dhcp, bind, kdc(kerberos), ldap.. 

Setting up Domain Name System (DNS) using "bind" for private network

## Setup Server Node (dns01, a virtual machine running Centos 07)

# Install

yum install bind bind-utils

# Turned off Firewall and disable Selinux security

#Enable, start and view status

systemctl enable named

systemctl named start

systemctl named status

# Configure

vi /etc/named.conf

listen-on port 53 { 127.0.0.1; 192.168.56.102; };

allow-query     { localhost; 192.168.56.0/24; };

vi /etc/named.rfc1912.zones

zone "fswc.local" IN {

        type master;

        file "/var/named/fswc.local.fwd";

        allow-update { none; };

};

zone "56.168.192.in-addr.arpa" IN {

        type master;

        file "/var/named/fswc.local.rev";

        allow-update { none; };

};

vi /var/named/fswc.local.fwd

$TTL 1D

@       IN      SOA dns01.fswc.local. root.fswc.local. (

                1001;Serial

                3H  ;Refresh

                15M ;Retry

                1W  ;Expire

                1D  ;TTL

        )

@       IN      NS      dns01.fswc.local.

dns01   IN      A       192.168.56.102

dev01   IN      A       192.168.56.105

centos-ldap IN  A       192.168.56.107

vi /var/named/fswc.local.rev

$TTL 1D

@       IN      SOA     dns01.fswc.local. root.fswc.local. (

                1001;Serial

                3H  ;Refresh

                15M ;Retry

                1W  ;Expire

                1D  ;MINTTL

        )

@       IN      NS      dns01.fswc.local.

102     IN      PTR     dns1.fswc.local.

105     IN      PTR     dev01.fswc.local.

systemctl restart named

# Validate your zone configuration.

named-checkzone <zonename> <zonefile>

## Setup Client node (dev01, a virtual machine running Centos 07) 

# Next configure your client nodes. mostly need to update /etc/resolv.conf replacing search value with new zone and nameserver with ip of dns server.

# Update /etc/hostname too setting it as node.domain e.g dev01.fswc.local

Setting up Active directory using openldap for private network

# sources : LearnITGuide,  cleanup script on github

## Setup Server node (centos-ldap, a virtual machine running Centos 07)

# Install 

yum -Y install openldap migrationtools openldap-clients

# Configure

slappasswd #this will prompt password and re-enter password, finally will output hash text for password, that we will use in later steps as value for olcRootPW. 

cd /etc/openldap/slapd.d/cn=config

vi olcDatabase\=\{2\}hdb.ldif # need to update (Suffix & RootDN) and add few lines here (olcRootPW, TLSCertificateFile & TLSCertificateKeyFile).

olcSuffix: dc=fswc,dc=local

olcRootDN: cn=Manager,dc=fswc,dc=local

olcRootPW: {SSHA}a+IhMqN12342h4d4C2UbBMWc2+63OH8XLl1 

olcTLSCertificateFile: /etc/pki/tls/certs/fswcldap.pem

olcTLSCertificateKeyFile: /etc/pki/tls/certs/fswcldapkey.pem

vi olcDatabase\=\{1\}monitor.ldif # need to update domain name in value for olcAccess

olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern

 al,cn=auth" read by dn.base="cn=Manager,dc=fswc,dc=local" read by * none

slaptest -u

# Create certificates 

openssl req -new -x509 -nodes -out /etc/pki/tls/certs/fswcldap.pem -keyout /etc/pki/tls/certs/fswcldapkey.pem

Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:MH

Locality Name (eg, city) [Default City]:BUD

Organization Name (eg, company) [Default Company Ltd]:FSWC

Organizational Unit Name (eg, section) []:OPS

Common Name (eg, your name or your server's hostname) []:centos-ldap.fswc.local

Email Address []:root@centos-ldap.fswc.local

# Start/Enable slapd service

systemctl enable slapd

systemctl start slapd

systemctl status slapd -l

# Problem starting slapd- error message was not helpful. hence tried starting manually with debug mode on. "/usr/sbin/slapd -d 255", it worked but with 'root' user. However, when service slapd is started normally it attempts to start with user 'ldap', and it continued to fail. After checking on internet found cleanup script and that helped.

# Add 3 schemas

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/cosine.ldif

ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/nis.ldif

ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/inetorgperson.ldif

# Turned off firewall and disabled SeLinux security.

# Use migrationtools to add users in active directory. LDIF - LDAP Data Interchange Format.

cd /usr/share/migrationtools/

vi migrate_common.ph  #update domain name in Line # 71, 74 and turn on line 90..

vi /root/base.ldif #add following content and update domain name wherever needed. 

useradd rohit

useradd rohit.v1

useradd rohit.verma

grep "10[0-9][0-9]" /etc/passwd > ~/users.txt

grep "10[0-9][0-9]" /etc/group > ~/groups.txt

./migrate_passwd.pl ~/users.txt ~/users.ldif

./migrate_group.pl ~/groups.txt ~/groups.ldif

ldapadd -x -W -D "cn=Manager,dc=fswc,dc=local" -f /root/base.ldif

ldapadd -x -W -D "cn=Manager,dc=fswc,dc=local" -f /root/users.ldif

ldapadd -x -W -D "cn=Manager,dc=fswc,dc=local" -f /root/groups.ldif

ldapsearch -x cn=rohit.verma -b dc=fswc,dc=local

vi /etc/exports

/home *(rw,sync)

yum install rpcbind nfs-utils

systemctl enable rpcbind

systemctl enable nfs

systemctl start rpcbind

systemctl start nfs

showmount -e #this should show "/home" for ldap server name . 

# Setup Client node(dev01, a virtual machine running Centos 07).  

# update /etc/hostname, /etc/resolv.conf to point to appropriate DNS server. 

vi /etc/hostname

dev01.fswc.local

vi /etc/resolv.conf

nameserver 192.168.56.102

#disable firewall and disable selinux security 

#install client and configure authentication

yum install -y openldap-clients nss-pam-ldapd nfs-utils

authconfig-tui

check "Use LDAP" and "Use LDAP Authentication" # On next scree feed LDAP server details

Server - ldap://centos-ldap.fswc.local/

Base DN - dc=fswc, dc=local

getent passwd rohit.verma #this should return a line similar to '/etc/passwd' file

vi /etc/fstab

centos-ldap:/home       /home   auto    defaults        0 0

mount -a #mounts home directory of ldap server into client node '/home' directory

su - rohit.verma  #Since we are logged in as root and trying to switch user password is not prompted. if we directly try login as user form AD on client node, then password is prompted.