How to install and configure DokuWiki in RHEL7

Let’s create the VM first:

[root@rhel7 ~]# virt-install \
> --hvm \
> --name wiki \
> --ram 1024 \
> --disk path=/kvm/wiki.img,size=50 \
> --vcpus 1 \
> --os-type linux \
> --os-variant rhel7 \
> --network bridge=virbr0 \
> --graphics none \
> --location 'http://192.168.122.3/rhel7' \
> --extra-args "ks=http://192.168.122.3/ksfiles/rhel7-minimal-ks.cfg \
> console=tty0 console=ttyS0,115200 SERVERNAME=wiki.jefrey.io IPADDR=192.168.122.9"

Starting install...
...
...
[root@wiki ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.9  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:fe53:e0cd  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:53:e0:cd  txqueuelen 1000  (Ethernet)
        RX packets 3870  bytes 229466 (224.0 KiB)
        RX errors 0  dropped 33  overruns 0  frame 0
        TX packets 224  bytes 19775 (19.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@wiki ~]# 
[root@wiki ~]# vi /etc/sysconfig/network
[root@wiki ~]# cat !$
cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=wiki.jefrey.io
GATEWAY=192.168.122.1
GATEWAYDEV=eth0
[root@wiki ~]#

Went to http://download.dokuwiki.org/ for me to have a copy of the installer then I copied it to the server.

[root@wiki ~]# ls -lrt
total 2528
-rw-r--r--. 1 root root    1670 May 31 23:01 anaconda-postinstall.log
-rw-------. 1 root root    5512 May 31 23:01 anaconda-ks.cfg
-rw-r--r--. 1 root root 2573285 May 31 23:19 dokuwiki-90058711fa07482559bd90b004ebed40.tgz
[root@wiki ~]#

Install the necessary packages:

[root@wiki ~]# yum -y install httpd mod_ssl php php-gd
...
Complete!
[root@wiki ~]# 
[root@wiki ~]# vi /etc/httpd/conf.d/options.conf 
[root@wiki ~]# cat !$
cat /etc/httpd/conf.d/options.conf
TraceEnable off

## Disable Signature
ServerSignature Off

## Disable Banner
ServerTokens Prod
[root@wiki ~]#

Although DokuWiki operates with the default PHP settings,
it is recommended to tune your PHP configuration (php.ini) as described here.
At least you should edit your /etc/php.ini and set the following:

# vi /etc/php.ini
expose_php = Off

Restart httpd:

[root@wiki ~]# systemctl restart httpd
[root@wiki ~]# systemctl status httpd
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
   Active: active (running) since Sun 2015-05-31 23:46:28 SGT; 11s ago
  Process: 1512 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 Main PID: 1517 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   CGroup: /system.slice/httpd.service
           ├─1517 /usr/sbin/httpd -DFOREGROUND
           ├─1518 /usr/sbin/httpd -DFOREGROUND
           ├─1519 /usr/sbin/httpd -DFOREGROUND
           ├─1520 /usr/sbin/httpd -DFOREGROUND
           ├─1521 /usr/sbin/httpd -DFOREGROUND
           └─1522 /usr/sbin/httpd -DFOREGROUND

May 31 23:45:48 wiki.jefrey.io systemd[1]: Starting The Apache HTTP Server...
May 31 23:46:08 wiki.jefrey.io httpd[1517]: AH00557: httpd: apr_sockaddr_inf...o
May 31 23:46:08 wiki.jefrey.io httpd[1517]: AH00558: httpd: Could not reliab...e
May 31 23:46:28 wiki.jefrey.io systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@wiki ~]#

Test if PHP module is loaded in Apache using:

[root@wiki ~]# httpd -M | grep php
 php5_module (shared)
[root@wiki ~]#

Configure firewalld for http:

[root@wiki ~]# firewall-cmd --permanent --zone=trusted --add-source=192.168.122.0/24
[root@wiki ~]# firewall-cmd --permanent --zone=public --add-service=http
[root@wiki ~]# firewall-cmd --reload

Virtual hosts configurations:

[root@wiki ~]# vi /etc/httpd/conf.d/vhosts.conf
[root@wiki ~]# cat /etc/httpd/conf.d/vhosts.conf 
# Load my vhosts
IncludeOptional vhosts.d/*.conf
[root@wiki ~]# 
[root@wiki ~]# mkdir /etc/httpd/vhosts.d
[root@wiki ~]# vi /etc/httpd/vhosts.d/wiki.jefrey.io.conf
[root@wiki ~]# 
[root@wiki ~]# cat /etc/httpd/vhosts.d/wiki.jefrey.io.conf 
<VirtualHost 192.168.122.9:80>
    ServerAdmin webmaster@jefrey.io
    DocumentRoot "/var/www/html/dokuwiki"
    ServerName wiki.jefrey.io
    ServerAlias www.wiki.jefrey.io
    ErrorLog "/var/log/httpd/wiki.jefrey.io-error_log"
    CustomLog "/var/log/httpd/wiki.jefrey.io-access_log" combined

    <Directory "/var/www/html/dokuwiki/">
        DirectoryIndex index.php
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>
[root@wiki ~]#
[root@wiki ~]# systemctl restart httpd
[root@wiki ~]# systemctl status httpd
httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
   Active: active (running) since Mon 2015-06-01 12:24:01 SGT; 4s ago
  Process: 2127 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 Main PID: 2132 (httpd)
   Status: "Processing requests..."
   CGroup: /system.slice/httpd.service
           ├─2132 /usr/sbin/httpd -DFOREGROUND
           ├─2133 /usr/sbin/httpd -DFOREGROUND
           ├─2134 /usr/sbin/httpd -DFOREGROUND
           ├─2135 /usr/sbin/httpd -DFOREGROUND
           ├─2136 /usr/sbin/httpd -DFOREGROUND
           └─2137 /usr/sbin/httpd -DFOREGROUND

Jun 01 12:24:01 wiki.jefrey.io systemd[1]: Starting The Apache HTTP Server...
Jun 01 12:24:01 wiki.jefrey.io httpd[2132]: AH00112: Warning: DocumentRoot [...t
Jun 01 12:24:01 wiki.jefrey.io systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@wiki ~]#

Extract and fix permissions for DokuWiki:

[root@wiki ~]# tar xf dokuwiki-90058711fa07482559bd90b004ebed40.tgz -C /var/www/html
[root@wiki ~]# 
[root@wiki ~]# ls -lrt /var/www/html/
total 8
-rw-r--r--. 1 root root   91 Jun  1 12:05 index.html
drwxr-xr-x. 7 root root 4096 Jun  1 12:25 dokuwiki
[root@wiki ~]# 
[root@wiki ~]# mv /var/www/html/index.html /var/www/html/index.html.old
[root@wiki ~]# 
[root@wiki ~]# chown apache: -R /var/www/html/dokuwiki
[root@wiki ~]# 
[root@wiki ~]# ls -lrt /var/www/html/
total 8
-rw-r--r--. 1 root   root     91 Jun  1 12:05 index.html.old
drwxr-xr-x. 7 apache apache 4096 Jun  1 12:25 dokuwiki
[root@wiki ~]#

Set SELinux:

[root@wiki ~]# setsebool -P httpd_unified on
[ 3205.317418] SELinux:  Context unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).
[ 3205.501270] SELinux:  Context system_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).
[root@wiki ~]# 
[root@wiki ~]# getsebool -a | grep unif
httpd_unified --> on
[root@wiki ~]#

Went to http://wiki.jefrey.io/install.php
and configured the installation; afterwards:

[root@wiki ~]# rm -f /var/www/html/dokuwiki/install.php
[root@wiki ~]# 
[root@wiki ~]# ls -lrtZ /var/www/html/dokuwiki/
-rw-rw-r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 VERSION
-rw-rw-r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 README
-rw-rw-r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 index.php
-rw-rw-r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 feed.php
-rw-rw-r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 doku.php
-rw-rw-r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 COPYING
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 bin
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 data
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 inc
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 lib
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 conf
[root@wiki html]#

DokuWiki is up and running!

How to install and configure NFS server and client in RHEL7

Let’s create the VM first:

[root@rhel7 ~]# virt-install \
> --hvm \
> --name nfs \
> --ram 1024 \
> --disk path=/kvm/nfs.img,size=150 \
> --vcpus 1 \
> --os-type linux \
> --os-variant rhel7 \
> --network bridge=virbr0 \
> --graphics none \
> --location 'http://192.168.122.3/rhel7' \
> --extra-args "ks=http://192.168.122.3/ksfiles/rhel7-minimal-ks.cfg \
> console=tty0 console=ttyS0,115200 SERVERNAME=nfs.jefrey.io IPADDR=192.168.122.8"

Starting install...
...
...
[root@nfs ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.8  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:febf:6868  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:bf:68:68  txqueuelen 1000  (Ethernet)
        RX packets 19017  bytes 1381634 (1.3 MiB)
        RX errors 0  dropped 34  overruns 0  frame 0
        TX packets 16758  bytes 917087 (895.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@nfs ~]# 
[root@nfs ~]# pvs
  PV         VG   Fmt  Attr PSize   PFree
  /dev/vda2  vg00 lvm2 a--  149.50g    0 
[root@nfs ~]# 
[root@nfs ~]# df -h
Filesystem                      Size  Used Avail Use% Mounted on
/dev/mapper/vg00-root           117G  1.4G  116G   2% /
devtmpfs                        492M     0  492M   0% /dev
tmpfs                           498M     0  498M   0% /dev/shm
tmpfs                           498M  6.6M  491M   2% /run
tmpfs                           498M     0  498M   0% /sys/fs/cgroup
/dev/mapper/vg00-home          1014M   33M  982M   4% /home
/dev/mapper/vg00-var             10G   81M   10G   1% /var
/dev/mapper/vg00-var_log         10G   35M   10G   1% /var/log
/dev/mapper/vg00-var_log_audit  5.0G   40M  5.0G   1% /var/log/audit
/dev/mapper/vg00-tmp            5.0G   33M  5.0G   1% /tmp
/dev/vda1                       509M   52M  458M  11% /boot
[root@nfs ~]# 
[root@nfs ~]# vi /etc/sysconfig/network
[root@nfs ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nfs.jefrey.io
GATEWAY=192.168.122.1
GATEWAYDEV=eth0
[root@nfs ~]#

Install the package and continue with the configurations:

[root@nfs ~]# yum -y install nfs-utils
[root@nfs ~]# vi /etc/exports
[root@nfs ~]# cat /etc/exports
/nfsshare 192.168.122.0/24(rw,no_root_squash)
[root@nfs ~]# 
[root@nfs ~]# mkdir /nfsshare
[root@nfs ~]# 
[root@nfs ~]# systemctl restart rpcbind
[root@nfs ~]# systemctl start nfs-server
[root@nfs ~]# systemctl start nfs-lock
[root@nfs ~]# systemctl start nfs-idmap
[root@nfs ~]# systemctl enable rpcbind
[root@nfs ~]# systemctl enable nfs-server
[root@nfs ~]# systemctl enable nfs-idmap
[root@nfs ~]# 
[root@nfs ~]# exportfs 
/nfsshare         192.168.122.0/24
[root@nfs ~]# 
[root@nfs ~]# firewall-cmd --permanent --add-port=111/tcp
[root@nfs ~]# firewall-cmd --permanent --add-port=54302/tcp
[root@nfs ~]# firewall-cmd --permanent --add-port=20048/tcp
[root@nfs ~]# firewall-cmd --permanent --add-port=2049/tcp
[root@nfs ~]# firewall-cmd --permanent --add-port=46666/tcp
[root@nfs ~]# firewall-cmd --permanent --add-port=42955/tcp
[root@nfs ~]# firewall-cmd --permanent --add-port=875/tcp
[root@nfs ~]# firewall-cmd --reload
[root@nfs ~]#

To do in NFS client:

[root@ns2 ~]# yum -y install nfs-utils
[root@ns2 ~]# mkdir /nfsshare
[root@ns2 ~]# mount -t nfs nfs.jefrey.io:/nfsshare /nfsshare
[root@ns2 ~]# df -h
Filesystem                      Size  Used Avail Use% Mounted on
/dev/mapper/vg00-root            17G  916M   16G   6% /
devtmpfs                        492M     0  492M   0% /dev
tmpfs                           498M     0  498M   0% /dev/shm
tmpfs                           498M  6.6M  491M   2% /run
tmpfs                           498M     0  498M   0% /sys/fs/cgroup
/dev/mapper/vg00-home          1014M   33M  982M   4% /home
/dev/mapper/vg00-tmp            5.0G   33M  5.0G   1% /tmp
/dev/mapper/vg00-var             10G   83M   10G   1% /var
/dev/mapper/vg00-var_log         10G   36M   10G   1% /var/log
/dev/mapper/vg00-var_log_audit  5.0G   41M  5.0G   1% /var/log/audit
/dev/vda1                       509M   52M  458M  11% /boot
nfs.jefrey.io:/nfsshare         117G  1.4G  116G   2% /nfsshare
[root@ns2 ~]#

Add the following in /etc/fstab should you want it to persist across reboots:

nfs.jefrey.io:/nfsshare    /nfsshare            nfs        defaults    0 0

Testing from the client:

[root@ns2 ~]# echo "Test file from `hostname`" > /nfsshare/testfile
[root@ns2 ~]# ls -lart /nfsshare/
total 8
dr-xr-xr-x. 18 root root 4096 Jul 12 18:24 ..
drwxr-xr-x.  2 root root   21 Jul 12 18:33 .
-rw-r--r--.  1 root root   29 Jul 12 18:33 testfile
[root@ns2 ~]# 
[root@ns2 ~]# cat /nfsshare/testfile 
Test file from ns2.jefrey.io
[root@ns2 ~]#

Visible in the server:

[root@nfs ~]# ls -lart /nfsshare/
total 8
dr-xr-xr-x. 19 root root 4096 Jul 12 18:17 ..
drwxr-xr-x.  2 root root   21 Jul 12 18:33 .
-rw-r--r--.  1 root root   29 Jul 12 18:33 testfile
[root@nfs ~]# 
[root@nfs ~]# cat /nfsshare/testfile 
Test file from ns2.jefrey.io
[root@nfs ~]#

Done!

How to configure Postfix to use Gmail as mail relay in RHEL7

Let’s create the VM first:

[root@rhel7 ~]# virt-install \
> --hvm \
> --name mx1 \
> --ram 1024 \
> --disk path=/kvm/mx1.img,size=50 \
> --vcpus 1 \
> --os-type linux \
> --os-variant rhel7 \
> --network bridge=virbr0 \
> --graphics none \
> --location 'http://192.168.122.3/rhel7' \
> --extra-args "ks=http://192.168.122.3/ksfiles/rhel7-minimal-ks.cfg \
> console=tty0 console=ttyS0,115200 SERVERNAME=mx1.jefrey.io IPADDR=192.168.122.7"

Starting install...
...
...
[root@mx1 ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.7  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:feaf:920a  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:af:92:0a  txqueuelen 1000  (Ethernet)
        RX packets 1174  bytes 83014 (81.0 KiB)
        RX errors 0  dropped 32  overruns 0  frame 0
        TX packets 101  bytes 11919 (11.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@mx1 ~]#
[root@mx1 ~]# host mx1
mx1.jefrey.io has address 192.168.122.7
[root@mx1 ~]# 
[root@mx1 ~]# ping -c2 www.google.com
PING www.google.com (74.125.68.147) 56(84) bytes of data.
64 bytes from sc-in-f147.1e100.net (74.125.68.147): icmp_seq=1 ttl=43 time=10.4 ms
64 bytes from sc-in-f147.1e100.net (74.125.68.147): icmp_seq=2 ttl=43 time=13.4 ms

--- www.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2505ms
rtt min/avg/max/mdev = 10.402/11.922/13.442/1.520 ms
[root@mx1 ~]#
[root@mx1 ~]# vi /etc/sysconfig/network
[root@mx1 ~]# cat !$
cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=mx1.jefrey.io
GATEWAY=192.168.122.1
GATEWAYDEV=eth0
[root@mx1 ~]#

The gmail account that’ll be use has less secure access to application turned on, refer to https://www.google.com/settings/security/lesssecureapps

Let’s install the necessary packages and make start on boot (although this maybe already in place):

[root@mx1 ~]# yum -y install postfix cyrus-sasl-plain mailx
[root@mx1 ~]# systemctl enable postfix
[root@mx1 ~]# systemctl restart postfix
[root@mx1 ~]# systemctl status postfix

Edit the configuration file; I added the last 8 lines:

[root@mx1 ~]# vi /etc/postfix/main.cf
[root@mx1 ~]# 
[root@mx1 ~]# grep -v '#' /etc/postfix/main.cf | sed '/^$/d'
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = localhost
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
 
  
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
myhostname = mx1.jefrey.io
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
[root@mx1 ~]#

Edit /etc/postfix/sasl_passwd. Format of the content is:

[smtp.gmail.com]:587 gmail-id@gmail.com:password

[root@mx1 ~]# vi /etc/postfix/sasl_passwd
[root@mx1 ~]# 
[root@mx1 ~]# cat /etc/postfix/sasl_passwd 
[smtp.gmail.com]:587 jcxxxb@gmail.com:XXXXXXXX
[root@mx1 ~]#

Set necessary permissions:

[root@mx1 ~]# postmap /etc/postfix/sasl_passwd
[root@mx1 ~]# chown root:postfix /etc/postfix/sasl_passwd*
[root@mx1 ~]# chmod 640 /etc/postfix/sasl_passwd*
[root@mx1 ~]#

Test:

[root@mx1 ~]# echo "This is a test." | mail -s "test message" jcxxxb@gmail.com
[root@mx1 ~]# 
[root@mx1 ~]# tail -5 /var/log/maillog 
Jun  3 23:17:13 mx1 postfix/pickup[1247]: 525305B4E: uid=0 from=<root>
Jun  3 23:17:13 mx1 postfix/cleanup[1320]: 525305B4E: message-id=<20150603151713.525305B4E@mx1.jefrey.io>
Jun  3 23:17:13 mx1 postfix/qmgr[1248]: 525305B4E: from=<root@mx1.jefrey.io>, size=433, nrcpt=1 (queue active)
Jun  3 23:17:16 mx1 postfix/smtp[1261]: 525305B4E: to=<jcxxxb@gmail.com>, relay=smtp.gmail.com[74.125.200.108]:587, delay=3.2, delays=0.06/0/2.1/1.1, dsn=2.0.0, status=sent (250 2.0.0 OK 1433344637 d12sm1114425pbu.14 - gsmtp)
Jun  3 23:17:16 mx1 postfix/qmgr[1248]: 525305B4E: removed
[root@mx1 ~]#

Done!

How to install and configure NTP server in RHEL7

Let’s create the VM first:

[root@rhel7 ~]# virt-install \
> --hvm \
> --name ntp \
> --ram 1024 \
> --disk path=/kvm/ntp.img,size=50 \
> --vcpus 1 \
> --os-type linux \
> --os-variant rhel7 \
> --network bridge=virbr0 \
> --graphics none \
> --location 'http://192.168.122.3/rhel7' \
> --extra-args "ks=http://192.168.122.3/ksfiles/rhel7-minimal-ks.cfg \
> console=tty0 console=ttyS0,115200 SERVERNAME=ntp.jefrey.io IPADDR=192.168.122.4"

Starting install...
...
...
[root@ntp ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.4  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:fe1e:123f  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:1e:12:3f  txqueuelen 1000  (Ethernet)
        RX packets 2636  bytes 176249 (172.1 KiB)
        RX errors 0  dropped 35  overruns 0  frame 0
        TX packets 955  bytes 70327 (68.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@ntp ~]#
[root@ntp ~]# vi /etc/sysconfig/network
[root@ntp ~]# cat !$
cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ntp.jefrey.io
GATEWAY=192.168.122.1
GATEWAYDEV=eth0
[root@ntp ~]#

Install the package, edit the configuration file, make it start on boot and check if it’s syncing:

[root@ntp ~]# yum -y install ntp
[root@ntp ~]# 
[root@ntp ~]# chkconfig ntpd on
Note: Forwarding request to 'systemctl enable ntpd.service'.
ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'
[root@ntp ~]# 
[root@ntp ~]# vi /etc/ntp.conf 
[root@ntp ~]# 
[root@ntp ~]# grep -v '#' /etc/ntp.conf | sed '/^$/d'
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1 
restrict ::1
restrict 192.168.122.0 mask 255.255.255.0 nomodify notrap
server 0.sg.pool.ntp.org
server 1.sg.pool.ntp.org
server 2.sg.pool.ntp.org
server 3.sg.pool.ntp.org
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
logfile /var/log/ntp.log
[root@ntp ~]# 
[root@ntp ~]# service ntpd restart
Redirecting to /bin/systemctl restart  ntpd.service
[root@ntp ~]# ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 54.251.61.122   .INIT.          16 u    -   64    0    0.000    0.000   0.000
 203.174.83.202  .INIT.          16 u    -   64    0    0.000    0.000   0.000
 103.233.241.1   .INIT.          16 u    -   64    0    0.000    0.000   0.000
 128.199.169.185 .INIT.          16 u    -   64    0    0.000    0.000   0.000
[root@ntp ~]# 
[root@ntp ~]# 
[root@ntp ~]# ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 54.251.61.122   137.189.4.10     2 u    8   64    1   15.034   -8.561   0.000
 203.174.83.202  133.100.10.8     2 u    8   64    1   15.865  -14.194   0.000
 103.233.241.1   128.227.205.3    2 u    8   64    1   28.849  -20.912   0.000
*128.199.169.185 187.253.153.32   2 u    8   64    1   14.592  -13.859   0.000
[root@ntp ~]#

My server is syncing!

Add the port to firewalld so clients can sync:

[root@ntp ~]# firewall-cmd --zone=public --add-port=123/udp --permanent
success
[root@ntp ~]# firewall-cmd --reload
success
[root@ntp ~]#

Should you wish to configure an NTP client manually, here’s the main stuff that needs to be completed:

# yum -y install ntp
# cp /etc/ntp.conf /etc/ntp.conf.orig
# > /etc/ntp.conf
# vi /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict default nomodify notrap nopeer noquery
restrict 127.0.0.1 
restrict ::1
server ntp.jefrey.io
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
disable monitor
logfile /var/log/ntp.log

# firewall-cmd --add-service=ntp --permanent
# firewall-cmd --reload
# systemctl start ntpd
# systemctl enable ntpd
# systemctl status ntpd

It should be syncing to the NTP server.

How to install and configure DNS (bind) server in RHEL7

Let’s create the VM first:

[root@rhel7 ~]# virt-install \
> --hvm \
> --name ns1 \
> --ram 1024 \
> --disk path=/kvm/ns1.img,size=50 \
> --vcpus 1 \
> --os-type linux \
> --os-variant rhel7 \
> --network bridge=virbr0 \
> --graphics none \
> --location 'http://192.168.122.3/rhel7' \
> --extra-args "ks=http://192.168.122.3/ksfiles/rhel7-minimal-ks.cfg \
> console=tty0 console=ttyS0,115200 SERVERNAME=ns1.jefrey.io IPADDR=192.168.122.5"

Starting install...
...
...
[root@ns1 ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.5  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:fe99:e7b8  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:99:e7:b8  txqueuelen 1000  (Ethernet)
        RX packets 15194  bytes 3061536 (2.9 MiB)
        RX errors 0  dropped 8  overruns 0  frame 0
        TX packets 4869  bytes 719542 (702.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@ns1 ~]#
[root@ns1 ~]# vi /etc/sysconfig/network
[root@ns1 ~]# cat !$
cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns1.jefrey.io
GATEWAY=192.168.122.1
GATEWAYDEV=eth0
[root@ns1 ~]#

Now, let’s install the bind and bind-utils then add DNS to firewall:

[root@ns1 ~]# yum -y install bind bind-utils
[root@ns1 ~]# 
[root@ns1 ~]# firewall-cmd --add-service=dns --permanent
[root@ns1 ~]# firewall-cmd --reload

Next is to set the DNS server configurations:

[root@ns1 ~]# vi /etc/named.conf
[root@ns1 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.122.5; };
    listen-on-v6 port 53 { none; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.122.0/24; };
    allow-transfer    { localhost; 192.168.122.6/24; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "jefrey.io" IN {
    type master;
    file "jefrey.io.forward";
    allow-update { none; };
};

zone "122.168.192.in-addr.arpa" IN {
    type master;
    file "jefrey.io.reverse";
    allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

[root@ns1 ~]#

Next is to create my forward and reverse zones:

[root@ns1 ~]# vi /var/named/jefrey.io.forward 
[root@ns1 ~]# cat /var/named/jefrey.io.forward 
$TTL 86400
@       IN SOA  ns1.jefrey.io. root.jefrey.io. (
            2015062101      ; serial
            3600    ; refresh
            1800    ; retry
            604800  ; expire
            86400   ; minimum
)
@                IN      NS      ns1.jefrey.io.
@                IN      NS      ns2.jefrey.io.
@                IN      A       192.168.122.5
@                IN      A       192.168.122.6
@                IN      A       192.168.122.3
@                IN      A       192.168.122.4
@                IN      A       192.168.122.7
@                IN      A       192.168.122.8
@                IN      A       192.168.122.70
@                IN      A       192.168.122.71
@                IN      A       192.168.122.72
ns1                IN      A       192.168.122.5
ns2                IN      A       192.168.122.6
www                IN      A       192.168.122.3
ntp                IN      A       192.168.122.4
mx1                IN      A       192.168.122.7
nfs                IN      A       192.168.122.8
wiki            IN      A       192.168.122.9
nagios            IN      A       192.168.122.10
rhev-m1            IN      A       192.168.122.70
rhev-h1            IN      A       192.168.122.71
rhev-h2            IN      A       192.168.122.72
[root@ns1 ~]# 
[root@ns1 ~]# vi /var/named/jefrey.io.reverse 
[root@ns1 ~]# cat /var/named/jefrey.io.reverse 
$TTL 86400
@       IN SOA  ns1.jefrey.io. root.jefrey.io. (
            2015062101      ; serial
            3600    ; refresh
            1800    ; retry
            604800  ; expire
            86400   ; minimum
)
@                IN      NS      ns1.jefrey.io.
@                IN      NS      ns2.jefrey.io.
@                IN      PTR     jefrey.io.
ns1                IN      A       192.168.122.5
ns2                IN      A       192.168.122.6
www                IN      A       192.168.122.3
ntp                IN      A       192.168.122.4
mx1                IN      A       192.168.122.7
nfs                IN      A       192.168.122.8
wiki            IN      A       192.168.122.9
nagios            IN      A       192.168.122.10
rhev-m1         IN      A       192.168.122.70
rhev-h1         IN      A       192.168.122.71
rhev-h2         IN      A       192.168.122.72
5                 IN      PTR     ns1.jefrey.io.
6                 IN      PTR     ns2.jefrey.io.
3                 IN      PTR     www.jefrey.io.
4                 IN      PTR     ntp.jefrey.io.
7                 IN      PTR     mx1.jefrey.io.
8                 IN      PTR     nfs.jefrey.io.
9                 IN      PTR     wiki.jefrey.io.
10                 IN      PTR     nagios.jefrey.io.
70                 IN      PTR     rhev-m1.jefrey.io.
71                 IN      PTR     rhev-h1.jefrey.io.
72                 IN      PTR     rhev-h2.jefrey.io.
[root@ns1 ~]#

Use this server and the upcoming slave as the new DNS server:

[root@ns1 ~]# vi /etc/resolv.conf
[root@ns1 ~]# cat /etc/resolv.conf 
search jefrey.io
nameserver 192.168.122.5
nameserver 192.168.122.6
[root@ns1 ~]#

Enable and start the service then try ping www.google.com:

[root@ns1 ~]# systemctl enabled named.service
[root@ns1 ~]# systemctl start named.service
[root@ns1 ~]# 
[root@ns1 ~]# ping -c3 www.google.com
PING www.google.com (74.125.68.106) 56(84) bytes of data.
64 bytes from 74.125.68.106: icmp_seq=1 ttl=41 time=15.7 ms
64 bytes from 74.125.68.106: icmp_seq=2 ttl=41 time=18.5 ms
64 bytes from 74.125.68.106: icmp_seq=3 ttl=41 time=27.8 ms

--- www.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 15.727/20.704/27.818/5.162 ms
[root@ns1 ~]#

Let’s test the resolution:

[root@ns1 ~]# dig www.jefrey.io

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> www.jefrey.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59663
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.jefrey.io.            IN    A

;; ANSWER SECTION:
www.jefrey.io.        86400    IN    A    192.168.122.3

;; AUTHORITY SECTION:
jefrey.io.        86400    IN    NS    ns2.jefrey.io.
jefrey.io.        86400    IN    NS    ns1.jefrey.io.

;; ADDITIONAL SECTION:
ns1.jefrey.io.        86400    IN    A    192.168.122.5
ns2.jefrey.io.        86400    IN    A    192.168.122.6

;; Query time: 0 msec
;; SERVER: 192.168.122.5#53(192.168.122.5)
;; WHEN: Sat Apr 25 01:55:31 SGT 2015
;; MSG SIZE  rcvd: 126

[root@ns1 ~]#

It’s working! Time to create the slave.

[root@rhel7 ~]# virt-install \
> --hvm \
> --name ns2 \
> --ram 1024 \
> --disk path=/kvm/ns2.img,size=50 \
> --vcpus 1 \
> --os-type linux \
> --os-variant rhel7 \
> --network bridge=virbr0 \
> --graphics none \
> --location 'http://192.168.122.3/rhel7' \
> --extra-args "ks=http://192.168.122.3/ksfiles/rhel7-minimal-ks.cfg \
> console=tty0 console=ttyS0,115200 SERVERNAME=ns2.jefrey.io IPADDR=192.168.122.6"

Starting install...
...
...
[root@ns2 ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.6  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:fe39:914b  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:39:91:4b  txqueuelen 1000  (Ethernet)
        RX packets 10016  bytes 2484328 (2.3 MiB)
        RX errors 0  dropped 9  overruns 0  frame 0
        TX packets 1273  bytes 170347 (166.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@ns2 ~]#
[root@ns2 ~]#
[root@ns2 ~]# vi /etc/sysconfig/network
[root@ns2 ~]# cat !$
cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns2.jefrey.io
GATEWAY=192.168.122.1
GATEWAYDEV=eth0
[root@ns2 ~]# 
[root@ns2 ~]# yum -y install bind bind-utils
[root@ns2 ~]# 
[root@ns2 ~]# firewall-cmd --add-service=dns --permanent
[root@ns2 ~]# firewall-cmd --reload
[root@ns2 ~]# 
[root@ns2 ~]# vi /etc/named.conf
[root@ns2 ~]# cat /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.122.6; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.122.0/24; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "jefrey.io" IN {
    type slave;
    file "slaves/jefrey.io.forward";
    masters { 192.168.122.5; };
};

zone "122.168.192.in-addr.arpa" IN {
    type slave;
    file "slaves/jefrey.io.reverse";
    masters { 192.168.122.5; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
[root@ns2 ~]#
[root@ns2 ~]# systemctl enabled named.service
[root@ns2 ~]# systemctl start named.service
[root@ns2 ~]#
[root@ns2 ~]# systemctl status named.service -l
named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
   Active: active (running) since Sat 2015-04-25 01:37:44 SGT; 21min ago
  Process: 1942 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 1940 ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf (code=exited, status=0/SUCCESS)
 Main PID: 1944 (named)
   CGroup: /system.slice/named.service
           └─1944 /usr/sbin/named -u named

Apr 25 01:37:45 ns2.jefrey.io named[1944]: transfer of '122.168.192.in-addr.arpa/IN' from 192.168.122.5#53: Transfer completed: 1 messages, 15 records, 370 bytes, 0.001 secs (370000 bytes/sec)
Apr 25 01:37:45 ns2.jefrey.io named[1944]: zone 122.168.192.in-addr.arpa/IN: sending notifies (serial 2015042501)
Apr 25 01:37:45 ns2.jefrey.io named[1944]: error (network unreachable) resolving 'pdns196.ultradns.co.uk/A/IN': 2001:7fe::53#53
Apr 25 01:37:45 ns2.jefrey.io named[1944]: error (network unreachable) resolving 'pdns196.ultradns.co.uk/AAAA/IN': 2001:7fe::53#53
Apr 25 01:37:45 ns2.jefrey.io named[1944]: error (network unreachable) resolving 'pdns196.ultradns.biz/A/IN': 2001:500:3682::12#53
Apr 25 01:37:45 ns2.jefrey.io named[1944]: error (network unreachable) resolving 'pdns196.ultradns.org/A/IN': 2001:502:4612::e8#53
Apr 25 01:44:14 ns2.jefrey.io named[1944]: error (network unreachable) resolving 'www.google.com.dlv.isc.org/DLV/IN': 2001:502:2eda::23#53
Apr 25 01:44:14 ns2.jefrey.io named[1944]: error (network unreachable) resolving 'www.google.com.dlv.isc.org/DLV/IN': 2001:502:ad09::23#53
Apr 25 01:44:14 ns2.jefrey.io named[1944]: error (network unreachable) resolving 'www.google.com.dlv.isc.org/DLV/IN': 2001:500:71::29#53
Apr 25 01:44:14 ns2.jefrey.io named[1944]: error (network unreachable) resolving 'www.google.com.dlv.isc.org/DLV/IN': 2001:500:60::29#53
[root@ns2 ~]#
[root@ns2 ~]# 
[root@ns2 ~]# vi /etc/resolv.conf 
[root@ns2 ~]# cat /etc/resolv.conf 
search jefrey.io
nameserver 192.168.122.5
nameserver 192.168.122.6
[root@ns2 ~]# 
[root@ns2 ~]# 
[root@ns2 ~]# ping -c3 www.google.com
PING www.google.com (74.125.68.104) 56(84) bytes of data.
64 bytes from 74.125.68.104: icmp_seq=1 ttl=42 time=14.8 ms
64 bytes from 74.125.68.104: icmp_seq=2 ttl=42 time=22.4 ms
64 bytes from 74.125.68.104: icmp_seq=3 ttl=42 time=21.0 ms

--- www.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 14.843/19.442/22.445/3.306 ms
[root@ns2 ~]# 
[root@ns2 ~]# dig ntp.jefrey.io

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> ntp.jefrey.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5001
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ntp.jefrey.io.            IN    A

;; ANSWER SECTION:
ntp.jefrey.io.        86400    IN    A    192.168.122.4

;; AUTHORITY SECTION:
jefrey.io.        86400    IN    NS    ns1.jefrey.io.
jefrey.io.        86400    IN    NS    ns2.jefrey.io.

;; ADDITIONAL SECTION:
ns1.jefrey.io.        86400    IN    A    192.168.122.5
ns2.jefrey.io.        86400    IN    A    192.168.122.6

;; Query time: 0 msec
;; SERVER: 192.168.122.5#53(192.168.122.5)
;; WHEN: Sat Apr 25 02:00:58 SGT 2015
;; MSG SIZE  rcvd: 126

[root@ns2 ~]#

NOTE: Don’t forget to update the serial everytime you make any zone change!!!

How to install Apache then make it as a kickstart server in RHEL7

Let’s create the VM first:

[root@rhel7 ~]# virt-install \
> --hvm \
> --name www \
> --disk path=/kvm/www.img,size=50 \
> --vcpus 1 \
> --ram 1024 \
> --os-type linux \
> --os-variant rhel7 \
> --network bridge=virbr0 \
> --cdrom=/tmp/rhel-server-7.0-x86_64.iso 

Starting install...
...
...
[root@www ~]# df -h
Filesystem                      Size  Used Avail Use% Mounted on
/dev/mapper/vg00-root            17G  820M   16G   5% /
devtmpfs                        491M     0  491M   0% /dev
tmpfs                           498M     0  498M   0% /dev/shm
tmpfs                           498M  6.6M  491M   2% /run
tmpfs                           498M     0  498M   0% /sys/fs/cgroup
/dev/mapper/vg00-home          1014M   33M  982M   4% /home
/dev/mapper/vg00-var             10G  7.4G  2.7G  74% /var
/dev/mapper/vg00-var_log         10G   35M   10G   1% /var/log
/dev/mapper/vg00-var_log_audit  5.0G   44M  5.0G   1% /var/log/audit
/dev/mapper/vg00-tmp            5.0G   33M  5.0G   1% /tmp
/dev/vda1                       509M   86M  424M  17% /boot
[root@www ~]# 
[root@www ~]# pvs
  PV         VG   Fmt  Attr PSize  PFree
  /dev/vda2  vg00 lvm2 a--  49.49g 4.00m
[root@www ~]# 
[root@www ~]# ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.3  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:febd:cca0  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:bd:cc:a0  txqueuelen 1000  (Ethernet)
        RX packets 7552  bytes 505891 (494.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10990  bytes 313493991 (298.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 12  bytes 1166 (1.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12  bytes 1166 (1.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@www ~]# hostnamectl status
   Static hostname: www.jefrey.io
         Icon name: computer
           Chassis: n/a
        Machine ID: 62841b6d91304d8dbf6a78df1c9f9b24
           Boot ID: 593fb6f3df544ac8ba47b0379fb42da7
    Virtualization: kvm
  Operating System: Red Hat Enterprise Linux Server 7.0 (Maipo)
       CPE OS Name: cpe:/o:redhat:enterprise_linux:7.0:GA:server
            Kernel: Linux 3.10.0-123.el7.x86_64
      Architecture: x86_64
[root@www ~]#

Now the VM is up and running, we’re off to the making of our kickstart server.

Prerequisite:
0. Copy the rhel-server-7.0-x86_64.iso to the server.

Steps:
0. Create the mount point:

    [root@www ~]# mkdir /mnt/iso

1. Mount the ISO:

    [root@www ~]# mount -o loop ./rhel-server-7.0-x86_64.iso /mnt/iso/

2. Copy the media.repo from the ISO and enable it:

    [root@www ~]# cp /mnt/iso/media.repo /etc/yum.repos.d/dvd.repo
    [root@www ~]# vi /etc/yum.repos.d/dvd.repo
    [root@www ~]# cat /etc/yum.repos.d/dvd.repo
    [InstallMedia]
    name=RHEL-7.0 Server.x86_64
    mediaid=1399449226.171922
    metadata_expire=-1
    gpgcheck=0
    cost=500
    enabled=1
    baseurl=file:///mnt/iso

3. Install Apache Web Server and createrepo:

    [root@www ~]# yum -y install httpd createrepo

4. Rename the welcome page conf file:

    [root@www ~]# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.orig

5. Edit httpd.conf, afterwards, save then quit vi:

    [root@www ~]# vi /etc/httpd/conf/httpd.conf
        # line 86: change to admin's email address
        ServerAdmin root@localhost
        # line 95: change to your server's name/ip
        ServerName 192.168.122.3:80
        # line 151: change
        AllowOverride All
        # line 164: add file name that it can access only with  
directory's name
        DirectoryIndex index.html index.cgi index.php
        # add the following at the end
        ServerTokens Prod
        KeepAlive On

6. Start httpd:

    [root@www ~]# systemctl start httpd

7. Enable httpd startup script:

    [root@www ~]# systemctl enable httpd

8. Add the source subnet to trusted zone in firewall:

    [root@www ~]# firewall-cmd --permanent --zone=trusted --add-source=192.168.122.0/24

9. Add httpd to public zone and reload firewalld:

    [root@www ~]# firewall-cmd --permanent --zone=public --add-service=http
    [root@www ~]# firewall-cmd --reload

10. Create the rhel7 iso content place holder to be served via http:

    [root@www ~]# mkdir /var/www/html/rhel7

11. Copy iso content to the folder:

    [root@www ~]# cp -rpv /mnt/iso/* /var/www/html/rhel7/
    [root@www ~]# cp -p /mnt/iso/.discinfo /mnt/iso/.treeinfo /var/www/html/rhel7/

12. Go to /var/www/html/:

    [root@www ~]# cd /var/www/html/

13. Create the repo:

    [root@www html]# createrepo .

14. Create the folder/files for kickstart:

    [root@www html]# mkdir ksfiles
    [root@www html]# cd ksfiles
    [root@www ksfiles]# vi www.repo
    [root@www ksfiles]# cat www.repo
    [www]
    name=RHEL-7.0 Server.x86_64
    mediaid=1399449226.171922
    metadata_expire=-1
    gpgcheck=0
    cost=500
    enabled=1
    baseurl=http://192.168.122.3/rhel7
    [root@www ksfiles]# 
    [root@www ksfiles]# vi ntp.conf
    [root@www ksfiles]# cat ntp.conf
    driftfile /var/lib/ntp/drift
    restrict default nomodify notrap nopeer noquery
    restrict 127.0.0.1 
    restrict ::1
    server ntp.jefrey.io
    includefile /etc/ntp/crypto/pw
    keys /etc/ntp/keys
    disable monitor
    logfile /var/log/ntp.log
    [root@www ksfiles]# 
    [root@www ksfiles]# vi step-tickers
    [root@www ksfiles]# cat step-tickers
    192.168.122.4
    [root@www ksfiles]# 
    [root@www ksfiles]# vi network
    [root@www ksfiles]# cat network
    NETWORKING=yes
    HOSTNAME=changeme.jefrey.io
    GATEWAY=192.168.122.1
    GATEWAYDEV=eth0
    [root@www ksfiles]# 
    [root@www ksfiles]# vi resolv.conf
    [root@www ksfiles]# cat resolv.conf
    search jefrey.io
    nameserver 192.168.122.5
    nameserver 192.168.122.6
    [root@www ksfiles]# 
    [root@www ksfiles]# vi rhel7-minimal-ks.cfg
    [root@www ksfiles]# cat rhel7-minimal-ks.cfg
    #version=RHEL7
    # System authorization information
    auth --enableshadow --passalgo=sha512

    # Use network installation
    url --url="http://192.168.122.3/rhel7"
    # Run the Setup Agent on first boot
    firstboot --disabled
    # Use text mode install
    text
    # Keyboard layouts
    keyboard --vckeymap=us --xlayouts='us'
    # System language
    lang en_US.UTF-8

    # Network information
    #network --bootproto=dhcp --device=eth0 --ipv6=auto --activate
    #network --hostname=desktop7
    # Root password
    rootpw --iscrypted $6$uXta3WTlMzXDeV5T$hY08p7EBQTJKFVfQybNQF49rQ/SK/2T3qUwWP7spMUHdHgCykFLYdUoe7vp/.kSWaW./HjDEvPBnvzxWgPfe20
    # Skip EULA
    eula --agreed
    # System services
    services --enabled="sshd"
    # System timezone
    timezone Asia/Singapore --ntpservers=192.168.122.4
    # Reboot the machine when the installation is finished
    reboot
    # Include files
    %include /tmp/network1.cfg
    %include /tmp/partitioning.cfg

    %packages
    @Base
    @Core
    # default from core
    -aic94xx-firmware*
    -alsa*
    -biosdevname
    -bfa-firmware
    -btrfs-progs*
    -dracut-config-rescue
    -dracut-network
    -ivtv*
    -iwl*firmware
    -iprutils
    -kexec-tools
    -kernel-tools
    -libertas*
    -microcode_ctl
    -NetworkManager*
    -plymouth*
    -ql*firmware
    postfix
    linux-firmware
    # default from base
    -abrt*
    bash-completion
    -blktrace
    bridge-utils
    bzip2
    chrony
    -cryptsetup
    -dmraid
    -dosfstools
    ethtool
    -fprintd-pam
    -gnupg2
    -hunspell-en
    -hunspell
    -kpatch
    -ledmon
    -libaio
    -libreport-plugin-mailx
    -libstoragemgmt
    lvm2
    -man-pages-overrides
    -man-pages
    -mdadm
    mlocate
    mtr
    -nano
    nc
    net-tools
    nmap
    ntp
    ntpdate
    -pinfo
    -plymouth
    pm-utils
    -rdate
    -rfkill
    rng-tools
    rsync
    -scl-utils
    -setuptool
    smartmontools
    -sos
    -sssd-client
    strace
    sysstat
    -systemtap-runtime
    tcpdump
    -tcsh
    -teamd
    time
    unzip
    -usbutils
    vim-enhanced
    virt-what
    wget
    which
    -words
    xfsdump
    xz
    -yum-langpacks
    yum-plugin-security
    yum-utils
    zip
    acpid
    redhat-lsb-core
    %end

    # PreInstall stuff
    %pre --log=/root/anaconda-preinstall.log
    #!/bin/bash

    # get hostname and ipaddr from virt-install SERVERNAME and IPADDR arguments
    for x in `cat /proc/cmdline`; do
            case $x in SERVERNAME*)
                eval $x
            echo "network --device=eth0 --bootproto=dhcp --hostname ${SERVERNAME} --activate" > /tmp/network.cfg
            ;;
        esac;
    done
    for y in `cat /proc/cmdline`; do
            case $y in IPADDR*)
            eval $y
            SERVERNAME1=`awk '{ print $5 }' /tmp/network.cfg`
            echo "network --device=eth0 --bootproto=static --hostname ${SERVERNAME1} --ip=${IPADDR} --netmask=255.255.255.0 --gateway=192.168.122.1 --nameserver=192.168.122.5 --nameserver=192.168.122.6 --activate" > /tmp/network1.cfg
            ;;
        esac;
    done

    # Check physical and virtio disks
    for disk in /sys/block/sd* /sys/block/vd*
    do
            dsk=$(basename $disk)

            if [[ `cat $disk/ro` -eq 1 ]];
            then
                    echo "Skipping disk $dsk: READONLY"
                    continue;
            fi

            if [[ `cat $disk/removable` -eq 1 ]];
            then
                    echo "Skipping disk $dsk: REMOVABLE"
                    continue;
            fi

            if [[ `cat $disk/size` -lt 20971520 ]];
            then
                    echo "Skipping disk $dsk: Smaller then 10G"
                    continue;
            else
                    echo "Using disk $dsk"
                    chosen=$dsk;
                    break;
            fi
    done

    incfile=/tmp/partitioning.cfg
    > $incfile

    if [[ -n $chosen ]];
    then
        ehco "bootloader --location=mbr" >> $incfile
            echo "zerombr" >> $incfile
            echo "ignoredisk --only-use=$chosen" >> $incfile
            echo "clearpart --all --initlabel" >> $incfile
            echo "part /boot --fstype=xfs --asprimary --size=512" >> $incfile
            echo "part pv.01 --size=1 --grow" >> $incfile
            echo "volgroup vg00 --pesize=4096 pv.01" >> $incfile
            echo "logvol /var --fstype=xfs --name=var --vgname=vg00 --size=10240" >> $incfile
            echo "logvol /var/log --fstype=xfs --name=var_log --vgname=vg00 --size=10240" >> $incfile
            echo "logvol /var/log/audit --fstype=xfs --name=var_log_audit --vgname=vg00 --size=5120" >> $incfile
            echo "logvol /tmp --fstype=xfs --name=tmp --vgname=vg00 --size=5120" >> $incfile
            echo "logvol /home --fstype=xfs --name=home --vgname=vg00 --size=1024" >> $incfile
            echo "logvol swap --name=swap --vgname=vg00 --size=2048" >> $incfile
            echo "logvol / --fstype=xfs --name=root --vgname=vg00 --size=1 --grow" >> $incfile
    else
            echo "" > $incfile
    fi

    %end

    # PostInstall stuff
    %post --log=/root/anaconda-postinstall.log
    /usr/bin/wget -O /etc/yum.repos.d/www.repo http://192.168.122.3/ksfiles/www.repo
    /usr/bin/wget -O /etc/ntp.conf http://192.168.122.3/ksfiles/ntp.conf
    /usr/bin/wget -O /etc/ntp/step-tickers http://192.168.122.3/ksfiles/step-tickers
    /usr/bin/wget -O /etc/sysconfig/network http://192.168.122.3/ksfiles/network
    /usr/bin/wget -O /etc/resolv.conf http://192.168.122.3/ksfiles/resolv.conf
    #
    /usr/bin/firewall-cmd --permanent --zone=public --add-port=123/udp
    /usr/bin/firewall-cmd --permanent --zone=public --add-port=53/udp
    /usr/bin/systemctl disable chronyd.service
    /usr/bin/systemctl enable ntpd.service
    /usr/bin/systemctl start ntpd.service
    %end
    [root@www ksfiles]#

15. Rename the repo then edit it:

    [root@www ksfiles]# mv /etc/yum.repos.d/dvd.repo /etc/yum.repos.d/www.repo
    [root@www ksfiles]# vi /etc/yum.repos.d/www.repo
    [root@www ksfiles]# cat /etc/yum.repos.d/www.repo
    [www]
    name=RHEL-7.0 Server.x86_64
    mediaid=1399449226.171922
    metadata_expire=-1
    gpgcheck=0
    cost=500
    enabled=1
    baseurl=http://localhost/
    [root@www ksfiles]#

 

Done! Next, let’s use this kickstart server to provision VMs.

How to install KVM in RHEL7

kvm

KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.

Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc.

More info about KVM.

 

Prerequisites:

  1. 64-bit machine
  2. Virtualization is enabled in BIOS
  3. CPU supports VM-extension (AMD-V or Intel’s VT-X)

 

My environment:

[root@rhel7 ~]# hostnamectl status
   Static hostname: rhel7.jefrey.io
         Icon name: computer-laptop
           Chassis: laptop
        Machine ID: 35025622daf04dff8104f45566d7e53a
           Boot ID: 42e1a45da6ac4a81ab38dc634a3fde3d
  Operating System: Red Hat Enterprise Linux Server 7.0 (Maipo)
       CPE OS Name: cpe:/o:redhat:enterprise_linux:7.0:GA:server
            Kernel: Linux 3.10.0-123.el7.x86_64
      Architecture: x86_64
[root@rhel7 ~]#
[root@rhel7 ~]# mount -o loop /dev/cdrom /mnt/iso
[root@rhel7 ~]#
[root@rhel7 ~]# cp /mnt/iso/media.repo /etc/yum.repos.d/dvd.repo
[root@rhel7 ~]# vi /etc/yum.repos.d/dvd.repo
[root@rhel7 ~]# cat /etc/yum.repos.d/dvd.repo
[InstallMedia]
name=RHEL-7.0 Server.x86_64
mediaid=1399449226.171922
metadata_expire=-1
gpgcheck=0
cost=500
enabled=1
baseurl=file:///mnt/iso
[root@rhel7 ~]#

Install KVM and related packages:

[root@rhel7 ~]# yum -y install qemu-kvm libvirt virt-install bridge-utils virt-manager virt-viewer libguestfs-tools
...
Complete!
[root@rhel7 ~]#
[root@rhel7 ~]# lsmod | grep kvm
kvm_intel             138567  0 
kvm                   441119  1 kvm_intel
[root@rhel7 ~]# 
[root@rhel7 ~]# 
[root@rhel7 ~]# systemctl start libvirtd
[root@rhel7 ~]# 
[root@rhel7 ~]# systemctl enable libvirtd

/kvm will be my VM datastore – need to set SELinux label:

[root@rhel7 ~]# rpm -qa | grep policycore
policycoreutils-python-2.2.5-11.el7.x86_64
policycoreutils-2.2.5-11.el7.x86_64
[root@rhel7 ~]# 
[root@rhel7 ~]# 
[root@rhel7 ~]# ls -lZ / | grep kvm
drwxr-xr-x. root root system_u:object_r:etc_runtime_t:s0 kvm
[root@rhel7 ~]# 
[root@rhel7 ~]# ls -lZ /kvm
[root@rhel7 ~]# 
[root@rhel7 ~]# semanage fcontext --add -t virt_image_t '/kvm(/.*)?'
[root@rhel7 ~]# 
[root@rhel7 ~]# semanage fcontext -l | grep virt_image_t
/kvm(/.*)?                                         all files          system_u:object_r:virt_image_t:s0 
/var/lib/imagefactory/images(/.*)?                 all files          system_u:object_r:virt_image_t:s0 
/var/lib/libvirt/images(/.*)?                      all files          system_u:object_r:virt_image_t:s0 
[root@rhel7 ~]# 
[root@rhel7 ~]# restorecon -R -v /kvm
restorecon reset /kvm context system_u:object_r:etc_runtime_t:s0->system_u:object_r:virt_image_t:s0
[root@rhel7 ~]# 
[root@rhel7 ~]# ls -laZ /kvm
drwxr-xr-x. root root system_u:object_r:virt_image_t:s0 .
drwxr-xr-x. root root system_u:object_r:root_t:s0      ..
[root@rhel7 ~]#

Check the new IP configuration:

[root@rhel7 ~]# ifconfig 
eno1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 2c:27:d7:ae:ea:f1  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2405  bytes 1481070 (1.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2405  bytes 1481070 (1.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::fc54:ff:fe1e:123f  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:1e:12:3f  txqueuelen 0  (Ethernet)
        RX packets 467  bytes 43711 (42.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 231  bytes 125372 (122.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.118  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2404:e800:ea0a:f0:be77:37ff:feb8:2c75  prefixlen 64  scopeid 0x0<global>
        inet6 fd14:828:7c50:0:be77:37ff:feb8:2c75  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::be77:37ff:feb8:2c75  prefixlen 64  scopeid 0x20<link>
        ether bc:77:37:b8:2c:75  txqueuelen 1000  (Ethernet)
        RX packets 1576  bytes 477726 (466.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1634  bytes 846931 (827.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@rhel7 ~]#

Now I’m ready to create VMs!