Content Server
Step 1 : Install httpd on Content Server (IP: 172.30.93.206)
Yum install httpd -y
Step 2: Create a folder under /var/www/html called Content
mkdir -p /var/www/html/Content
Step 3: Give read,write,execute permission for the directory
Chmod 777 /var/www/html/CentOS7
Step 4: Copy all the required iso to particular folder. And mount that folder to recently created /var/www/html/CentOS7. mount CentOS.iso /var/www/html/CentOS7
Step 5: Check by opening the Browser http:content.gmrit.pdcloudex.com/CentOS7
Step 6: Create a local repository.
[localrepo] name= localrepo baseurl= http://172.30.93.206 enabled= 1 gpgcheck= 0
Step 7: Check the repository.
yum repolist
DNS Server
Step 1: Install require packages for DNS Server Configuration.
yum install bind bind-utils -y
Step 2: Edit ‘/etc/named.conf’ file.
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 127.0.0.1; 172.30.93.206; 184.168.221.37; }; ##Master DNS IP # listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 172.30.92.0/23; 172.30.93.0/23; }; ##IP Ranges /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
Step 3: Edit /etc/named.rfc1912.zones. And add zones like this at the end of the file
zone "gmrit.pdcloudex.com" IN { type master; file "pdforward.zone"; allow-update { none; }; }; zone "93.30.172.in-addr.arpa" IN { type master; file "pdreverse.zone"; allow-update { none; }; };
Step 4: Create forward zones under path /var/named/pdforward.zone. And add the Entries of your servers like this.
$TTL 1D @ IN SOA content.gmrit.pdcloudex.com. root.gmrit.pdcloud.ex.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS content.gmrit.pdcloudex.com. ## List OF Entries @ IN A 172.30.93.206 content IN A 172.30.93.206 controller1 IN A 172.30.93.202 compute1 IN A 172.30.93.203 compute2 IN A 172.30.93.204 compute3 IN A 172.30.93.205 ipa IN A 172.30.93.207 rhel7 IN A 172.30.93.2 cfme IN A 172.30.93.208
Step 5: Create forward zones under path /var/named/pdreverse.zone. And add the Entries of your servers like this.
$TTL 1D
@ IN SOA content.gmrit.pdcloudex.com. root.gmrit.pdcloudex.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS content.gmrit.pdcloudex.com. ## List OF Entries @ IN PTR gmrit.pdcloudex.com. content IN A 172.30.93.206 controller1 IN A 172.30.93.202 compute1 IN A 172.30.93.203 compute2 IN A 172.30.93.204 compute3 IN A 172.30.93.205 ipa IN A 172.30.93.207 206 IN PTR content.gmrit.pdcloudex.com. 202 IN PTR controller1.gmrit.pdcloudex.com. 203 IN PTR compute1.gmrit.pdcloudex.com. 204 IN PTR compute2.gmrit.pdcloudex.com. 205 IN PTR compute3.gmrit.pdcloudex.com. 207 IN PTR ipa.gmrit.pdcloudex.com. 2 IN PTR rhel7. 208 IN PTR cfme.gmrit.pdcloudex.com.
Step 6: Restart and Enable the Service.
systemctl restart named systemctl enable named
Step 7. Firewall Configuration.
firewalld-cmd --permanent --add-port=53/tcp firewalld-cmd --permanent --add-port=53/udp
Step 8: Reload the firewall.
Firewall-cmd --reload.
Step 9: Configuring permissions, selinux and Ownerships.
chgrp named -R /var/named. chown -v root:named /etc/named.conf restorecon -rv /var/named restorecon /etc/named.conf
Step 10: Check the zone configuration files for syntax checks.
named-checkconf /etc/named.conf
Step 11. For Forward Zones.
named-checkzone gmrit.pdcloudex.com var/named/pdforward.zone
Step 12. For Reverse Zones.
named-checkzone gmrit.pdcloudex.com var/named/pdreverse.zone
Step 13. Add the DNS Server details in your networks.
vi /etc/sysconfig/network-scripts/ifcfg-eth0 # Generated by dracut initrd NAME="eth0" HWADDR="52:54:00:95:75:AE" ONBOOT="yes" NETBOOT="yes" UUID="a8ba98b5-23aa-49d8-b044-e71cbfd9937d" IPV6INIT="yes" BOOTPROTO="none" IPADDR="172.30.93.206" NETMASK="255.255.254.0" GATEWAY="172.30.92.1" TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" PREFIX="23" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" DNS1=172.30.93.206 DNS2=8.8.8.8 DOMAIN='gmrit.pdcloudex.com pdcloudex.com'
Step 14: Edit the /etc/resolve.conf
nameserver 172.30.93.206
Step 15. systemctl restart network
Step 16. Test the configuration. It should provide a sample output like this.
dig content.gmrit.pdcloudex.com ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> content.gmrit.pdcloudex.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57365 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;content.gmrit.pdcloudex.com. IN A ;; ANSWER SECTION: content.gmrit.pdcloudex.com. 86400 IN A 172.30.93.206 ;; AUTHORITY SECTION: gmrit.pdcloudex.com. 86400 IN NS content.gmrit.pdcloudex.com. ;; Query time: 0 msec ;; SERVER: 172.30.93.206#53(172.30.93.206) ;; WHEN: Tue Feb 20 15:37:22 IST 2018 ;; MSG SIZE rcvd: 86
Step 16. If it shows answer: 1 then it shows that DNS is configured properly and working fine.
NTP Server Configuration
Step 1: Install NTP Package.
yum install ntp
Step 2: We need to allow clients from your networks to synchronize time with this server. To accomplish this, add the following line to NTP configuration file, where restrict statement controls, what network is allowed to query and sync time – replace network IPs accordingly. (vim /etc/ntp.conf)
Step 3: Add the firewall rules and Start the Sercvice.
# firewall-cmd --add-service=ntp --permanent # firewall-cmd --reload
Step 4: Start the ntp Service.
# systemctl start ntpd # systemctl enable ntpd # systemctl status ntpd
Step 5: Verify the Server time sync.
# ntpq -p # date -R