Category Archives: Linux Tip

Linux Quickies (6) – Build a Time Server

Leave a reply

The last in a short series of posts concerning things I’ve probably documented elsewhere (though not always) but which could do with being re-stated or refreshed a bit. This series closes with a look at how to make a freshly-built RCSL server act as an authoritative NTP time server.

Do all that follows as root.

1. Install the software

yum install ntp

2. Configure the server

vi /etc/ntp.conf
server 127.127.1.0
fudge 127.127.1.0 stratum 2
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable

These server line looks a bit like an IP address, but is actually a pseudo address. The 127 elements basically say “I am an time server”, whilst the “1″ element in the address tells the ntp daemon to use the server’s own system clock as the source of time information. The fudge line says “any clients who are configured to use me as their source of authoritative time will think I am a Stratum 2 time server (pretty darn’d accurate, in other words).”

3. Start the service

service ntpd start
chkconfig ntp on

The first command starts the NTP daemon immediately; the second configures it to auto-start every time the server is bounced.

4. Configure Clients

Any client that you want to make use of the new time server should have the ntp software installed and its ntp.conf file configured as follows:

server 192.168.8.250
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable

…which is pretty much the same sort of thing as the time server itself has -except it has no fudge component because the client isn’t pretending to be a server; and the server component is the IP address of the remote time server being sought as a source of time, rather than a pseudo address.

 

 

Linux Quickies (5) – Build a DHCP Server

Leave a reply

The fifth in a short series of posts concerning things I’ve probably documented elsewhere (though not always) but which could do with being re-stated or refreshed a bit. This time, it’s time to turn a freshly-built RCSL server into a DHCP server -one that other boxes can look to to be assigned IP addresses dynamically.

As ever, do all that follows as root.

1. Installation and Configuration

yum install dhcp
vi /etc/dhcp/dhcpd.conf
#Clear out any existing content and replace it with...
option domain-name            "dizwell.home";
option domain-name-servers    192.168.8.250;
default-lease-time   600;
max-lease-time 6000;
authoritative;
subnet 192.168.8.0 netmask 255.255.255.0 {
  range dynamic-bootp 192.168.8.200 192.168.8.240;
  option broadcast-address 192.168.8.255;
}

This configuration is hopefully quite self-explanatory. It simply states what domain IP addresses are allocated for and the length of time they’ll be allocated (in seconds). The meat is really in the last three lines: I’m asking for addresses in the 192.168.8.200 – 240 range to be served up by this server to any 192.168.8.x client that wants them.

This is a very minimal configuration file: it’s sufficient for my purposes, but I haven’t tried to cover things like fixed IP addresses for specific clients (so-called “lease reservations”) or dynamic updates of DNS. Generally, this is because my servers run things like Oracle and, as such, would generally be configured with completely static IP addresses anyway. The only use for DHCP I really have, in fact, is for doing Kickstart installations of servers: the new build needs a dynamically-assigned IP address just until it gets to the part where a proper, static one can be assigned.

2. Switch On

    chkconfig dhcpd on
    service dhcpd start

The first command ensures DHCP will start at every subsequent server reboot; the second switches the DHCP daemon on right now.

Linux Quickies (4) – Build an NFS Server

Leave a reply

The fourth in a short series of posts concerning things I’ve probably documented elsewhere (though not always) but which could do with being re-stated or refreshed a bit. This time, it’s how to turn a freshly-built RCSL distro into a functioning NFS server. As always this depends on having basic networking already sorted, which was discussed in the first post of the series.

Do all that follows as root:

1. Install the software

yum install rpcbind nfs-utils

2. Create some directories

mkdir /griddata
mkdir /dbdata

These are just examples: you can create your shared directories anywhere you like and call them anything you like, too, of course. But these two are fine for my purposes and keep things simple.

3. Configure Shares

vi /etc/exports
#Add the following to the file
/dbdata 192.168.8.0/24(rw,sync,no_wdelay,insecure_locks,no_root_squash)
/griddata 192.168.8.0/24(rw,sync,no_wdelay,insecure_locks,no_root_squash)

This says that the two directories I created are made available to any other host on the 192.168.8… network. A bunch of share options are then specified, chosen to allow maximal access but minimal inconvenience to clients.

4. Start it up

/etc/rc.d/init.d/rpcbind start
/etc/rc.d/init.d/nfslock start
/etc/rc.d/init.d/nfs start
service nfs restart
chkconfig nfs on

These first four commands get the NFS service working initially; the last command ensures it starts automatically at every subsequent server reboot.

Linux Quickies (3) – Build a DNS Server

Leave a reply

The third in a short series of posts concerning things I’ve probably documented elsewhere (though not always) but which could do with being re-stated or refreshed a bit. This time, it’s how to turn a freshly-built RCSL distro into a functioning DNS server. As before, this depends on having basic networking already sorted, which was discussed in the first post of the series.

Note that in this article, I’m only going to bother doing forward names resolution. That is, I’m going to configure my DNS server to be able to turn the hostname “alpher.dizwell.home” into an IP address of 192.168.8.101. I’m not interested here in being able to turn an IP address back into a hostname, which is called reverse names lookup. If you are interested in doing that, my full-blown DNS article has the details.

Finally, note that the example data used in this article suits the networking setup I described in an earlier post. You would obviously want to change domain names, host names and IP addresses to suit your own environment.

Anyway… let’s get on!

Do all that follows as root:

1. Install the software

yum install bind bind-utils

2. Configure the “named” service

vi /etc/named.conf
#Remove all existing content and add the following:
options {
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { localhost; 192.168.8.0/24; };
    recursion yes;
    dnssec-enable no;
    dnssec-validation no;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";
};
logging {
    channel default_debug {
        file "data/named.run";
        severity dynamic;
     };
};
zone "." IN {
     type hint;
     file "named.ca";
};
zone "dizwell.home" IN {
    type master;
    file "dizwell.hosts";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Note that this configuration doesn’t include anything about “forwarders” -DNS servers to forward lookup requests to if this server can’t resolve them itself. That’s because the network this is intended for can’t get to the Internet (see the earlier post for an explanation of why this is a design feature!), and therefore there’s nothing to forward to. Forwarding is included in my full-scale DNS article, though.

3. Configure the forward lookup zone

vi /var/named/dizwell.hosts
#Add the following
$TTL 86400
@ IN SOA marconi.dizwell.home. hjr.dizwell.com. (
2013030001     ;Serial
3600         ;Refresh
1800         ;Retry
604800         ;Expire
86400         ;Minimum TTL
)

        IN NS   marconi.dizwell.home.
        IN A    192.168.8.250

marconi         IN A    192.168.8.250
alpher          IN A    192.168.8.101
bethe           IN A    192.168.8.102
gammow          IN A    192.168.8.103
dalton          IN A    192.168.8.104
tesla           IN A    192.168.8.251
;; end of zone
;;

4. Finish Up

vi /etc/resolv.conf
#Make sure the following lines exist
search dizwell.home
nameserver 192.168.8.250

You set these two lines to tell a machine which host is acting as the DNS server for lookups in which zone. Here, I’m configuring the DNS server itself to know that it should consult itself for lookups that involve anything to do with the dizwell.home domain. All other servers I build as part of this domain will also need to have the resolv.conf file configured in this way.

service named start
chkconfig named on

The first command turns on the “named” service now; the chkconfig command ensures it restarts automatically every time the server is rebooted. Once the service is running correctly, you should be able to do something like this:

nslookup bethe

That should return a result such as:

Server:     192.168.8.250
Address:    192.168.8.250#53

Name:    bethe.dizwell.home
Address: 192.168.8.102

…which indicates that a successful name resolution lookup has been performed. Note that this should work even if you haven’t built a server called “Bethe” yet. The point is that the DNS server knows what IP address that name maps to, regardless of whether the IP address is actually being used yet or not.

Linux Quickies (2) – Build a Webserver

Leave a reply

The second in a short series of posts concerning things I’ve probably documented elsewhere (though not always) but which could do with being re-stated or refreshed a bit. This time, it’s how to turn a freshly-built RCSL distro into a functioning web server -which depends on getting networking right, as documented in the previous piece.

Do all that follows as root:

1. Disable SELinux

vi /etc/selinux/config
#Change the line
SELINUX=enforcing 
to read
SELINUX=disabled

SELinux prevents the web server working properly. There are ways of configuring SELinux so that it doesn’t do that, but it’s a pain and I’m not documenting it here. You don’t have to completely disable SELinux: setting the parameter to permissive will keep it switched on, but it will just warn (quietly) that web serving breaches policy, rather than stopping web serving in its tracks.

2. Disable (or modify) the Firewall

service iptables stop
chkconfig iptables off

These two commands switch off the firewall and prevent it from re-starting. Without these commands, port 80 is blocked by default, so although your web server runs, no-one would be able to talk to it, which is a bit pointless. If you prefer having a firewall switched on, you can leave it on by issuing neither of those two previous commands and instead, just open up ports 80 and 443 (for https traffic), inbound and outbound, like so:

vi /etc/sysconfig/iptables
#Add these lines BEFORE the two existing REJECT statements
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT 
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
-A OUTPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT 
-A OUTPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
service iptables restart

3. Install and configure the Software

yum install httpd
service httpd start

If you want to configure lots of subtle options, then the configuration file is available in /etc/httpd/conf/httpd.conf -but usually, everything just works OK without any further configuration. You can at this point open a browser on a remote PC and enter the url http://192.168.8.250 (or whatever your web server’s IP address is). If all is well, you’ll see a test page that will just say “It works!” (if you’re using Scientific Linux) or a more elaborate test page with banner, graphics and explanatory text (if you’re using CentOS).

Your document root is /var/www/html, so drop any files you want to view via http in there, and change your remote browser’s URL to match. For example:

vi /var/www/html/dizwell.html
#Add the following line, then save:
<h1>This is a Dizwell web page</h1>

Now browse remotely to http://192.168.8.250/dizwell.html and you’ll see this:

Linux Quickies (1) – Assign a Static IP and Hostname

1 Reply

A short series of posts concerning things I’ve probably documented elsewhere (though not always) but which could do with being re-stated or refreshed a bit. We begin with: How to assign a static IP address and a proper hostname to a machine that has neither (perhaps because a minimal install of RCSL distro).

Do all that follows as root:

vi /etc/sysconfig/network-scripts/ifcfg-eth0
#Add these lines
DEVICE="eth0"
IPADDR=192.168.8.101
BOOTPROTO=none
ONBOOT="yes"
NETMASK=255.255.255.0
DNS1=192.168.8.250
USERCTL=yes
 service network restart
vi /etc/sysconfig/network
#Add these lines
NETWORKING=yes
HOSTNAME=alpher.dizwell.home
hostname alpher.dizwell.home
vi /etc/hosts
#Add a line which reads something like 
192.168.8.101 alpher.dizwell.home alpher

That is, the machine’s IP address needs to be matched up to a fully-qualified hostname (one with a domain name component) and a short-form hostname (one lacking the domain name component).

Finish off with:

reboot

Minimising Evolution

Leave a reply

You want to run Evolution as your email client, but you then notice it doesn’t have a ‘keep running, but minimized in the system tray, so it can keep checking for new email periodically without cluttering up my taskbar’ option.

The official line on this seems to be that this is an insane requirement and that to satisfy it would count as “abuse” of the perfect Gnome environment… but that’s just typical arrogant bluster from the Gnome and/or Evolution developers. However, because it’s the official line, there really is no native, built-in way to do this very simple deed.

Here’s one possible solution, however, which I found met my requirements without necessitating that I take a degree in advanced physics to make it happen.

  • Download AllTray
  • Right-click the tarball and extract
  • As root, go the the alltray-0.70 directory and issue three commands, in sequence:
    • ./configure
    • make
    • make install
  • Alter the launcher for Evolution (on the top panel, for example) so that instead of just triggering the command “evolution” it now triggers the command “alltray evolution”.

When you now launch Evolution with that quicklaunch icon, the program will immediately minimize itself to the system tray. An envelope icon will appear there. Click it once to make Evolution appear full-screen, once more to re-minimize (or, click close). To genuinely close the program, right-click the envelope icon and click Exit. Evolution will momentarily appear full-screen before closing itself.