RHCSA 7 LAB Server Preparation (1 of 2 videos)

Hello everyone, this is Asghar Ghori Thank you for viewing my video presentation made for Linux certification virtual summit On how to perform various tasks on a sample Red Hat CSX I'm system we call the station one in the video presentation in that video I also mentioned that we have server one with IP 192 168 0 200 slash 24 and gate with 192 168 0.1. Already set up to provide DNS and NTP services and HTTP yum repo hosting the CentOS 7 dot all software and an FTP repo hosting a newer version of

the Linux kernel moreover server 1 also had a combination of open LDAP and NFS services providing authentication And home directory share services for LDAP user 1 user account These network services were configured on server 1 to support the implementation of some of the sample we're at CSA exam tasks illustration 1 in this video today I'm gonna show you how I configure those network services on server 1 you can use these steps in this video And the video presentation I made for the summit to p

ractice the sample rather CSA exam scenarios again I'm not gonna provide theoretical information Associated with this item that's beyond the scope of this video Ok let's get it started first of all I'll show you how how I configure the young repository on a brand new installation of server 1 To make the central 7 dot all packages available from Bar www HTML CentOS directory why the HTTP protocol here are the instructions I followed I attached the CentOS 7 dot all eyes were image to the server on

e virtual machine then on server 1 I mounted the ISO image on the Amenti directory And I confirmed with the DF command And there it is you can see it. I then created a file in the etc' Young dog repository directory called Santos dot repo Santos repo is the ID for these people comments Santos seven dot all software base URL equals File colon slash slash slash M&T enable equals one g PG check Equals zero the file is created save the file and quit VI Now run the yum clean all command to clean the

cache And then execute yum repo list to load the new Repo configuration and as you can see 3538 packages are available from the new repository that we just considered now I'm going to install the HTTP Software yum - were installed httpd Software is installed successfully then I under the bar aged www HTML directory I created Santos subdirectory here and Then I added the FS tab file and added an entry for the ISO image for automatic mount on bar www.h, tml santos rattori iso Nine-sixes zero is th

e optical file system type read-only? No checks save the file and quit unmount the Iso image from the Amenti folder and confirm and then one the amount - Aikman and? execute the DF command again to see the new mount point ok now I Added the HTTP Service to work through the firewall ad service HTTP and Then reloaded the firewall rules Then I Secured the seat systemctl command to enable the HTTP Service to auto restart ad system reboot and then I started this service Httpd httpd service has been s

uccessful in Started then I went back into the repository directory and opened this file in VI and changed the base URL from local file to HTTP protocol IP address of this over 192 168 0 dot 200 slash Centaurs directory name then again come clean all and then young Repo list should be able to see the file and as you can see the repo has been he is now available from the HTTP server Next I built the FTP young repository to a store a newer version of the Linux kernel had war FTP pub kernel directo

ry this service was for the tasks to Install a newer version of the kernel Illustration one I have already downloaded a kernel And it is currently sitting in the Downloads directory under root There are a couple of carnal files, we're gonna use the first one only okay, so I install the HTTP Sorry, I saw the vsf TPD software yum install - why we SFTP D And then under the VAR FTP popular tree I created kernel subdirectory and Copied the kernel file from my home downloads directory - here After the

file has been copied I applied the as a Linux file context Handi On the entire wall have to be public and Then I added the FTP service to the firewall - - permanent - service FTP Firewall - C and D - - reload To load the new rules and then systemctl enable V SFTP D service, and then systemctl start v SF. DVD software Ok and then in the Etsy young d'autre paused rd directory I made a copy of the existing repo file as cardinal dark repo and Then open the kernel door repo file for editing Change a

to kernel ripple Sent was Colonel softer Rpm base URL is FTP IP address the same and pub kernel Enabled opposed one g PG jack save the content and exit out of the VI editor Now I'm gonna run I ran the YUM We pulled his command and should be able to see the new people no we don't see Well I forgot to run the create repo command so far FTP pub Kernel directory Create repo repository - we for verbosity and in the current directory And the repo has been set up we should now be able to see young Ind

y yum repo d'estouteville, okay, so there is one under the status column, you can see that there is one Software package available from this repo Next or I configure the DNS service on server one to support Forward and reverse lookups for both server one and station one systems Install the The binds of and bind service offer and bind client utilities with the yum command Then I opened the named adultcon file In the ETSU directory, and I added the IP address of server 1 to the listen on director

192.168.0.1 drew semicolon and the same thing in the allow query Director these two entries are added. I saved the file and I Added the Forward and reverse own information To the end of the file Zone Example.com Internet we face home Type master File name for this zone FD dot example.com Allow update And this Forward zone entry is added the other is owned was 0.16 8.19 - dot n dot - a DDR In three places type master File for this zone Read out example.com Plow updates Okay, so the additions have

been made we just wanted to ensure that there are no typos in the zone entries Okay forward zone River zone Okay, the entries look good save the file except out of the VI editor now. I'm gonna I added D As I created zone configuration files Every dot example.com and re dot example.com under the wire named a directory VI Every dot example.com and then TTL One day maybe okay act in start of authority silver one start example.com root and emails example.com dot And Make sure this is an fqdn Today'

s date 2016 10 2700 Alright, let's say one hour refresh Close this is treatment and then Internet name server server one nor example.com Server one Internet address record 192 168 0 200 station one In okay one nine two one six eight dot zero dot one hundred, so these are d so So we added name server entry in here and also the server one and station one IP addresses as a records save the file and Then create our heed our example.com zone file for the reversal Dollar TTL one day Add in start of qu

ality server one dart example.com dark email address example.com 2016 October 27 zeros you Refresh We try expired And close this statement Now let's set the record for the name server and the And the point of record at in NS server one third example.com dot add in Pointer Example.com dot server 1e Racal 192 168 0 dot 200 Station 1 Got 100 200 in PTR server one dot example.com dog and It station 1 Save the file and quickly I And then we're gonna check whether the Whether there are any syntax erro

rs or any other issues with these 3 files we have just read it so named D. - check conf to check the ET c name d torque on file no error messages then check the the zone files First the Example.com VAR name D F. G dot example.com which is for the forward zone? Everything is ok then name D. There is check on check zone For the reverse one one six eight dot one nine two dot in - addr dot r VAR name D or example.com Okay everything is loaded perfectly there. Is there are no issues Now I change the

owning group on all the files under one name D. - name d CH GRP name d That's straight on all the files and confirm And then we're going to apply the Selinux file context on these files the two files that we just created so restore Gone, we can simply run Like the - uppercase are drawn all the files under wire name D directory And firewall there CMD - permanent - - a service equals DNS and then firewall CMD - as we go so The updated rule is added to the follow and then Update the updated the res

olver dot configuration file in the et cetera tree search Example.com name server 192 168 0 200 save the file and exit out of the VI editor and in the and modified the interface configuration file to ensure that When the interface is Is really enabled it won't override the contents of the result or con file So Peer DNS Okay We're gonna add this directive here Pierre Deanna's Sorry - no save the file and Apply the Configuration to the interface so nmcli def disconnect The EMP or simply restart th

e networking systems et al restart network And we can Do a cut on the result dot-com file to ensure that the information was not overwritten Then we the systemctl Enabled named D. Which is the bind or DNS service and systemctl? It start name D To test the functionality of your DNS server We can use the we could use the NSL nslookup command Server 1 and see what the output is Ok it shows that the server DNS look look up command used it's 192 168 0 or 200, which is the IP of? this system and stati

on 1 Same 192 168 0 or 200 DNS server is used to look up the IP of station 1 The next service I configured was the open LDAP service with a user account called LDAP user 1 using TLS certificate called station 1 sir dot Pam available from HTTP repository under server 1 slash pop certs directory Ok so I created the user account for LDAP user 1 mkdir under the slash home slash users directory User a minus D. Slash home slash user slash LDAP user one for LDAP user one HECO I Set the password to user

1 2 3 4 LDAP user 1 so echo user 1 2 3 pipe password - - as DD in LDAP user Password is set for the new user account then we Did the file context? for slash home slash users LDAP user 1 to the SE Linux policy database - Add type public Content RW t Slash home slash user slash LDAP user 1 And then restore : - uppercase R. B. Slash home slash user slash al defuser one to apply The context to restore the context form the Linux policy database And it is Okay, then I installed the Open LDAP server s

oftware And servers software As well as Servers Software as well as open And the clients software so open LDAP open LDAP servers open and deadlines The service name for open LDAP server is called slap DSL a-p-d Enable the service for auto restart at subsequent system reboots, and you start the ServiceNow system CTL Enable T Systemctl start safety Service has been successfully started as well And then the firewall change 5-volt CMD - - permanent - - add service for LDAP And firewall CMD - I shoul

d we go? Okay, firewall configuration is done now created a separate file for capturing l-dopa LDAP log information so in the our syslog dot configuration file We added an entry in the rules section We can add it here Call it local for And we want all LDAP messages to be stored recorded in the world log LDAP dot log File we needed to see restored e our syslog service That's done the next step was to Create Password for the LDAP administration services so slap PA sswd Hit the enter key and enter

a password so I used LDAP one two three Delta one two three as the password and then I Coffee the output Elder ad - why I added the Two is climbers cosine and n is - - uppercase H L - I - f Okay, I'm gonna see it into the open LDAP directory Held up ad - uppercase Y external - uppercase H. Elder I : - f under the ski majority, there is a cosine L. Give form Edit and there's another one called n is So edit both is FEMA successfully, and then I created the of file To update the HDB database We are

let's call it h DB that elders, and I added these entries OLC database name is 2h Debbie Thomas Ian config Change type Modify replace OLC suffix Oh L C suffix : d C equals example PC equals comm DM. Oh Elsie database equals Ad B comma C N equals config Change type Modify replace OLC root then We'll see move TM 2 cm or administrator administrator name will be Adnan DC Both example is he was calm. Let me fix something up here Dn equals o LC database HDB, Coliseum it was config change target Modif

y replace OLC root Password OLC root Pw : and paste be Password that we Copied earlier and save the file and exit out of the VI editor Okay LDAP modify, and now we're gonna modify the Modifier D External - uppercase H LDAP I : - f h DV dot l default this one The changes will be written to the Ezio panel dev slab detour d CN equals config directory There is a file in there called OLC database equals to h DV dog eldest And the modifications were successful Now there is a monitor database that need

ed to be Updated as well, so we created a file called monitor L diff. I Didn't read en LC database Equals Monitor CN equals config Change type Modified Replace OLC access OLC access You precious jewel To pass tricked by the end or face Equals The Cauchy ID number Equals zero plus You ID number Equals 0 CM equals P R credential CN equals external CN equals Read by the end or base equals C n equals CN equals administrator, DC example dot DC calm By astrick not ok verify the changes and see if ther

e are any Typos that you can see no save the file quick beer And write this information to the monitor database Okay, we're gonna open this file again. There is something wrong in the file TN equals DN o LC database equals one More time changed I've modified it plays hole see access To a street by DN base missing something here Equal sign G ID number equal zero plus u ID number equals 0 c NP R 3 credentials he an external see an auth Read by DN dot base equals C n example The command again, and

this time it was successful Now we generated TLS certificate and private key Use the open SSL command to create a new request X5 for nine type and the output will be sent to The station One Third Pam file Under the Etsy opener labs serves directory Which is right in there so OpenSSL request new x5 for nine Output in the cert spirit recalled station one sir dark pan and key Will be stored in the same territory and the name of the file the proof key dot pan And number of days the validity for this

Certificate it's up to 90 days and - north Country name no need straight of province locality for our purposes. We don't need all this information however We need to enter the hostname here so server One.com Email address no need There is an error message Oops So, it's The third subdirectory Server 1 dot example.com No need for thee okay at this time it worked perfectly fine, okay We're gonna change the ownership on the certs While that's sitting into source directory the two files in here CH o

wn LDAP both should be owned by The LDAP user and owning group all that as well Both files and Then the private key has read/write read/write permissions So we don't want other than the owner to be able to view The file contents so we said Jamal 600 on station one place keifa and confirm Now the certificate database need to be updated as well, so we're going to create a file called serve dot L div and DM : C N equals config change change type Modify replace OLC TLS certificate key file o LC t Al

ice so difficult Key file : e TC open all that certs? Station 1 5 K dot path The N equals C N equals config Change type Modify replace all the TLS certificate file We'll see TLS certificate file : Etsy open all that search station 1 So dot pan And that's it save the file and exit out of the VI editor And run the LDAP modify command with - my external - uppercase age elder URI - have this file name sir thought LD and it will update the It abraded decian config data piece Okay, so all this informa

tion is all set now the We're gonna. We set up the LDAP database now So CD into the wall the LDAP directory and copy the DB config dot example file from user sheer open LDAP servers directory Db2 here the file is copied Need to change the ownership and owning group to LDAP DB and this file is Should be called DB country Okay DB underscore come trick Let's go one step back User Let's see open alder likely attract to this factory and creator they start LD farm to apply some basic configuration inf

ormation in here the N equals DN is a DC equals example DZ equals comm DN Example sorry TC Object class Top object class Domain Dn Organizational unit people T C equals Example D C equals calm Organizational unit people and object class Organizational unit Now I'm gonna copy the these three lines Rather than typing them again : 1 2 3 4 5 6 comma 8 0 9 oops 6 comma 8 0 8 This group Good organizational unit save the file and exit out of the VI editor and apply these Add this database to CN equals

admin comedy see example Comedy see comm - f and this file elder father Pays daughter this Password is elder one two three and the entries are added Now we're going to build the elder structures Which is done and slap Test to test out all the configuration config file testing succeeded Now we migrated the LDAP user 1 user account welder, so we need Yum - why install migration tools software package Installed successfully and then under the user sheer migration tools directory Is a file called mi

grate? Common dot pH needed to modify this these Default mail domain and default based direct directives and needed to be said to example the values needed to be said to Example.com see if the file exit out of the VI editor And Migrate the data that Password file and Graph for LDAP user one and save the output Into a file called password Dot out And Use the migrate Password follow the script writing the directory To Create users thought LD fun out of this to convert the information in the passwo

rd or out file in the elder format And it is done now. We're going to repeat the same thing for the group Held up user one group and save the output to the group Toward outside and my great Group dot peel come on Go out groups dot LF done and now held up ad minus xw d CN equals admin comma DC example DC com- F users dot L div Password is L dev one two three done and do the same thing for Group start L define password is LDAP one two three and the group information and the user information both w

ere converted and add it to D/l that database Now we ran the LDAP search command to search for common name LDAP user one Domain Component example DC equals calm and if we see the information for LDAP user one That means And it's lowercase X That means the LDAP account LDAP database has been successfully created with LDAP user one account user account imported without any issues The next configuration Item the next Network services we configured on server one was NFS shared home directory slash h

ome slash users slash LDAP user one for the LDAP user account that we just created so YUM - why for confirmation install NFS you totes and RPC bind both packages Both are already there add Twelve all permanent - - add service NFS firewall there CMD - reload Firewall change done open the export file of VI editor and Slash home slash users slash LDAP user one directory exported out to station one in read write mode know squash let's Put it for now Okay contents save file created Systemctl enable N

FS door target systemctl Systemctl start NFS target Check the status of NFS door target and the services up and running and The home directory is now exported Export FS. - Avia Okay, it's exported to station one example column and the last item Was the network Time Protocol service configuration? yum install ntp Yes open the NTP dork on file in the HC directory Go to the server entries in there comment them we don't need them and edit our own entry server 127 127 or 1.0 for 127 127. 1.0 is vitam

tan And That's it save the file exit out systemctl enable Well firewall CMD - - permanent - - add service and TP firewall CMD - - really low and systemctl enable ntp Ntpd and systemctl start and TP d service And that's all for The server side configuration