Content Server  

Step 1 : Install httpd on Content Server (IP: 172.30.93.206)

Yum install httpd -y

Step 2: Create a folder under /var/www/html called Content

mkdir  -p /var/www/html/Content

Step 3: Give read,write,execute permission for the directory

Chmod 777 /var/www/html/CentOS7
Step 4: Copy all the required iso to particular folder. And mount that folder to recently created /var/www/html/CentOS7.

mount  CentOS.iso /var/www/html/CentOS7

Step 5: Check by opening the Browser http:content.gmrit.pdcloudex.com/CentOS7

Step 6: Create a local repository.

[localrepo]

name= localrepo

baseurl= http://172.30.93.206

enabled= 1

gpgcheck= 0

Step 7: Check the repository.

yum repolist

DNS Server

Step 1: Install require packages for DNS Server Configuration.

yum install bind bind-utils -y

Step 2: Edit ‘/etc/named.conf’ file.

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// See the BIND Administrator's Reference Manual (ARM) for details about the

// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {

listen-on port 53 { 127.0.0.1; 172.30.93.206; 184.168.221.37; }; ##Master DNS IP

# listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { localhost; 172.30.92.0/23; 172.30.93.0/23; }; ##IP Ranges

/*

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable

recursion.

- If your recursive DNS server has a public IP address, you MUST enable access

control to limit queries to your legitimate users. Failing to do so will

cause your server to become part of large scale DNS amplification

attacks. Implementing BCP38 within your network would greatly

reduce such attack surface

*/

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

zone "." IN {

type hint;

file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

Step 3: Edit /etc/named.rfc1912.zones. And add zones like this at the end of the file

zone "gmrit.pdcloudex.com" IN {

type master;

file "pdforward.zone";

allow-update { none; };

};

zone "93.30.172.in-addr.arpa" IN {

type master;

file "pdreverse.zone";

allow-update { none; };

};

Step 4: Create forward zones under path /var/named/pdforward.zone. And add the Entries of your servers like this.

$TTL 1D

@ IN SOA content.gmrit.pdcloudex.com. root.gmrit.pdcloud.ex.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS content.gmrit.pdcloudex.com. ## List OF Entries

@ IN A 172.30.93.206

content IN A 172.30.93.206

controller1 IN A 172.30.93.202

compute1 IN A 172.30.93.203

compute2 IN A 172.30.93.204

compute3 IN A 172.30.93.205

ipa IN A 172.30.93.207

rhel7 IN A 172.30.93.2

cfme IN A 172.30.93.208

Step 5: Create forward zones under path /var/named/pdreverse.zone. And add the Entries of your servers like this.

$TTL 1D
@ IN SOA content.gmrit.pdcloudex.com. root.gmrit.pdcloudex.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS content.gmrit.pdcloudex.com. ## List OF Entries

@ IN PTR gmrit.pdcloudex.com.

content IN A 172.30.93.206

controller1 IN A 172.30.93.202

compute1 IN A 172.30.93.203

compute2 IN A 172.30.93.204

compute3 IN A 172.30.93.205

ipa IN A 172.30.93.207

206 IN PTR content.gmrit.pdcloudex.com.

202 IN PTR controller1.gmrit.pdcloudex.com.

203 IN PTR compute1.gmrit.pdcloudex.com.

204 IN PTR compute2.gmrit.pdcloudex.com.

205 IN PTR compute3.gmrit.pdcloudex.com.

207 IN PTR ipa.gmrit.pdcloudex.com.

2 IN PTR rhel7.

208 IN PTR cfme.gmrit.pdcloudex.com.

Step 6: Restart and Enable the Service.

systemctl restart named

systemctl enable named

Step 7. Firewall Configuration.

firewalld-cmd --permanent --add-port=53/tcp

firewalld-cmd --permanent --add-port=53/udp

Step 8: Reload the firewall.

Firewall-cmd --reload.

Step 9: Configuring permissions, selinux and Ownerships.

chgrp named -R /var/named.

chown -v root:named /etc/named.conf

restorecon -rv /var/named

restorecon /etc/named.conf

Step 10: Check the zone configuration files for syntax checks.

named-checkconf /etc/named.conf

Step 11. For Forward Zones.

named-checkzone gmrit.pdcloudex.com var/named/pdforward.zone

Step 12. For Reverse Zones.

named-checkzone gmrit.pdcloudex.com var/named/pdreverse.zone

Step 13. Add the DNS Server details in your networks.

vi /etc/sysconfig/network-scripts/ifcfg-eth0

# Generated by dracut initrd

NAME="eth0"

HWADDR="52:54:00:95:75:AE"

ONBOOT="yes"

NETBOOT="yes"

UUID="a8ba98b5-23aa-49d8-b044-e71cbfd9937d"

IPV6INIT="yes"

BOOTPROTO="none"

IPADDR="172.30.93.206"

NETMASK="255.255.254.0"

GATEWAY="172.30.92.1"

TYPE="Ethernet"

PROXY_METHOD="none"

BROWSER_ONLY="no"

PREFIX="23"

DEFROUTE="yes"

IPV4_FAILURE_FATAL="no"

IPV6_AUTOCONF="yes"

IPV6_DEFROUTE="yes"

IPV6_FAILURE_FATAL="no"

DNS1=172.30.93.206

DNS2=8.8.8.8

DOMAIN='gmrit.pdcloudex.com pdcloudex.com'

Step 14: Edit the /etc/resolve.conf

nameserver 172.30.93.206

Step 15. systemctl restart network

Step 16. Test the configuration. It should provide a sample output like this.

dig content.gmrit.pdcloudex.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> content.gmrit.pdcloudex.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57365

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;content.gmrit.pdcloudex.com. IN A

;; ANSWER SECTION:

content.gmrit.pdcloudex.com. 86400 IN A 172.30.93.206

;; AUTHORITY SECTION:

gmrit.pdcloudex.com. 86400 IN NS content.gmrit.pdcloudex.com.

;; Query time: 0 msec

;; SERVER: 172.30.93.206#53(172.30.93.206)

;; WHEN: Tue Feb 20 15:37:22 IST 2018

;; MSG SIZE rcvd: 86

Step 16. If it shows answer: 1 then it shows that DNS is configured properly and working fine.

NTP Server Configuration

Step 1: Install NTP Package.

yum install ntp

Step 2: We need to allow clients from your networks to synchronize time with this server. To accomplish this, add the following line to NTP configuration file, where restrict statement controls, what network is allowed to query and sync time – replace network IPs accordingly. (vim /etc/ntp.conf)

Step 3: Add the firewall rules and Start the Sercvice.

# firewall-cmd --add-service=ntp --permanent
# firewall-cmd --reload

Step 4: Start the ntp Service.

# systemctl start ntpd
# systemctl enable ntpd
# systemctl status ntpd

Step 5: Verify the Server time sync.

# ntpq -p
# date -R