Wednesday, February 29, 2012

Remote installation of centos linux

Remote installation of centos linux
Remote installation or installing centos linux from a remote location can be done is a few ways. We can do remote installation using mainly three methods. NFS, FTP and HTTP. And when doing remote installation we can pull the graphical screen via VNC to our local system. We can categorize the installation again into two. Attended and unattended. In attended installation, we have to sit in front of the system and give answers. In unattended installation, we can write the answers into a file and notify the installation process to read the answers from it. In linux unattended installation can be done with kickstart file. We can save all things in some installation server and configure network instillation via PXE so that it'll need just a few clicks for the entire installation. We will discuss all the following methods in this article.

Monday, February 27, 2012

Configuring dhcp server in linux



DHCP is Dynamic host configuration protocol
The Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol for hosts on Internet Protocol (IP) networks. Computers that are connected to IP networks must be configured before they can communicate with other hosts. The most essential information needed is an IP address, and a default route and routing prefix. DHCP eliminates the manual task by a network administrator. It also provides a central database of devices that are connected to the network and eliminates duplicate resource assignments.
In addition to IP addresses, DHCP also provides other configuration information, particularly the IP addresses of local Domain Name Server (DNS), network boot servers, or other service hosts. Let's see how to install  and configure dhcp server in a centos 5 or redhat el5 system.

Here we will set the dhcp server for the network 192.168.137.0/24

Network 192.168.137.0/24

Client's ip range        192.168.137.150 - 192.168.137.250
Gateway 192.168.137.1
Bcast 192.168.137.255
DNS servers  8.8.8.8 and 8.8.4.4

The package name is dhcp. We will install usign yum.
[root@server ~]# yum install dhcp
[root@server ~]# rpm -q dhcp
dhcp-3.0.5-13.el5
[root@server ~]#

/etc/dhcpd.conf - is the  main configuration file

/var/lib/dhcpd  - Lease directory
/var/lib/dhcpd/dhcpd.leases - IPV4 Leases

The default dhcp configuration file will be a reference to the sample file.
[root@server ~]# cat /etc/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#[root@server ~]#

We will copy the sample file and edit it.
root@server ~]# cp /usr/share/doc/dhcp*/dhcpd.conf.sample /etc/dhcpd.conf
root@server ~]# cat  /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.137.0 netmask 255.255.255.0 {
        option routers                  192.168.137.1;
        option subnet-mask              255.255.255.0;
        option domain-name              "lap.work";
        option domain-name-servers      8.8.8.8, 8.8.4.4;
        range dynamic-bootp 192.168.137.150 192.168.137.250;
        default-lease-time 21600;
        max-lease-time 43200;
}
[root@server ~]#

Check the service and start it.
[root@server ~]# /etc/init.d/dhcpd status
dhcpd is stopped
[root@server ~]# /etc/init.d/dhcpd start
Starting dhcpd:                                            [  OK  ]
[root@server ~]# chkconfig dhcpd on

Now from the client machine we can set the network settings on the eth0 device to dhcp and restart the network.

DHCP works in DORA format

Client sends DHCPDISCOVER (D)
Server sends DHCPOFFER (O)
Client sends DHCPREQUEST (R)
Server sends DHCPACK (A)

Now on taling the /var/log/messages on dhcp server we can see that all this happens while we restart the network on client
[root@server ~]# tail -f /var/log/messages
Feb 27 22:50:09 server dhcpd: DHCPDISCOVER from 00:0c:29:8d:16:93 via eth0
Feb 27 22:50:10 server dhcpd: DHCPOFFER on 192.168.137.250 to 00:0c:29:8d:16:93 via eth0
Feb 27 22:50:10 server dhcpd: DHCPREQUEST for 192.168.137.250 (192.168.137.100) from 00:0c:29:8d:16:93 via eth0
Feb 27 22:50:10 server dhcpd: DHCPACK on 192.168.137.250 to 00:0c:29:8d:16:93 via eth0

The lease file at the server side is stored at
[root@server ~]# cat /var/lib/dhcpd/dhcpd.leases
# All times in this file are in UTC (GMT), not your local timezone.   This is
# not a bug, so please don't ask about it.   There is no portable way to
# store leases in the local timezone, so please don't request this as a
# feature.   If this is inconvenient or confusing to you, we sincerely
# apologize.   Seriously, though - don't ask.
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-V3.0.5-RedHat

lease 192.168.137.250 {
  starts 1 2012/02/27 17:04:49;
  ends 1 2012/02/27 23:04:49;
  binding state active;
  next binding state free;
  hardware ethernet 00:0c:29:8d:16:93;
}
[root@server ~]#

If you want you can make a separate log file for dhcp
add this line
log-facility local8;

so makes the dhcpd.conf
root@server ~]# cat  /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;
subnet 192.168.137.0 netmask 255.255.255.0 {
        option routers                  192.168.137.1;
        option subnet-mask              255.255.255.0;
        option domain-name              "lap.work";
        option domain-name-servers      8.8.8.8, 8.8.4.4;
        range dynamic-bootp 192.168.137.150 192.168.137.250;
        default-lease-time 21600;
        max-lease-time 43200;
log-facility local8;
}
[root@server ~]#
Restart the dhcpd service
touch the file /var/log/dhcpd.log
and in /etc/syslog.conf
add the line
local8.*       /var/log/dhcpd.log
and restart syslog servce

In client machine. It gets the ip 192.168.137.250  which is in the range we specified.
[root@server ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:8D:16:93
          inet addr:192.168.137.250  Bcast:192.168.137.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe8d:1693/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:361 errors:0 dropped:0 overruns:0 frame:0
          TX packets:544 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:39256 (38.3 KiB)  TX bytes:130376 (127.3 KiB)
          Interrupt:75 Base address:0x2000

And also the nameserver details
[root@server ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search lap.work
nameserver 8.8.8.8
nameserver 8.8.4.4
[root@server ~]#

The lease file at the client is
[root@server ~]# cat /var/lib/dhclient/dhclient-eth0.leases
lease {
  interface "eth0";
  fixed-address 192.168.137.250;
  option subnet-mask 255.255.255.0;
  option routers 192.168.137.1;
  option dhcp-lease-time 21600;
  option dhcp-message-type 5;
  option domain-name-servers 8.8.8.8,8.8.4.4;
  option dhcp-server-identifier 192.168.137.100;
  option domain-name "lap.work";
  renew 1 2012/2/27 19:37:49;
  rebind 1 2012/2/27 22:34:52;
  expire 1 2012/2/27 23:19:52;
}
[root@server ~]#

Verifying signatures using GPG or PGP


GPG - GNU Privacy Guard
GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories.

installing a gpg key. GPG is compatible with pgp ( Pretty good privacy). So you can install pgp key aslo.
gpg --import name.gpg

[root@work2 src]# gpg --import sendmail2011.asc
gpg: key A97884B0: public key "Sendmail Signing Key/2011 <sendmail@Sendmail.ORG>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found

Listing the installed gpg keys. This will list all the GPG/PGP keys currently installed on your system.
gpg --list-keys

[root@work2 src]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/CEEEF43B 2011-12-14
uid                  Sendmail Signing Key/2012 <sendmail@Sendmail.ORG>
sub   2048R/1998F74E 2011-12-14

pub   2048R/A97884B0 2011-01-04
uid                  Sendmail Signing Key/2011 <sendmail@Sendmail.ORG>
sub   2048R/620439A5 2011-01-04

Verifying a package. Now verifying the signature using the signature file downloaded against the key installed.
gpg --verify name.x.x.x.sig name.x.x.x.tar.gz

[root@work2 src]# gpg --verify sendmail.8.14.5.tar.gz.sig sendmail.8.14.5.tar.gz
gpg: Signature made Mon 16 May 2011 09:40:21 AM IST using RSA key ID A97884B0
gpg: Good signature from "Sendmail Signing Key/2011 <sendmail@Sendmail.ORG>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5872 6218 A913 400D E660  3601 39A4 C77D A978 84B0
[root@work2 src]#