Professional Documents
Culture Documents
A Collaborative share is a directory that has been shared across the network and a specific
group of users have permissions to access, create and modify files on that directory. Usually,
a collaborative directory is specific to a Project and rights have been given to the working
users.
We have already configured NFS shares and Kerberized NFS shares in our previous posts.
Now, we will create an NFS share for group collaboration.
System Specification:
We are using two Red Hat Enterprise Linux (RHEL) 7 servers. One as the NFS Server as
well as Identity Management Server and the other as the NFS Client.
Identity Management Server ipaserver.example.com
Note: we are configuring our same FreeIPA server as the Kerberized NFS Server.
-----------------------------------------------------
Principal: nfs/ipaserver.example.com@EXAMPLE.COM
# kadmin.local
Authenticating as principal admin/admin@EXAMPLE.COM with password.
kadmin.local: quit
# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 host/ipaserver.example.com@EXAMPLE.COM
3 host/ipaserver.example.com@EXAMPLE.COM
3 host/ipaserver.example.com@EXAMPLE.COM
3 host/ipaserver.example.com@EXAMPLE.COM
1 nfs/ipaserver.example.com@EXAMPLE.COM
1 nfs/ipaserver.example.com@EXAMPLE.COM
1 nfs/ipaserver.example.com@EXAMPLE.COM
1 nfs/ipaserver.example.com@EXAMPLE.COM
To configure NFS Service, we have to install nfs-utils package. Usually, this package
is automatically installed during installation of Red Hat Enterprise Linux (RHEL) 7.
However, you can install it anytime using yum command.
This system is not registered to Red Hat Subscription Management. You can use
subscription-manager to register.
Nothing to do
If semanage command does not available on your system then install policycoreutils-
python package.
ln -s '/usr/lib/systemd/system/nfs-server.service'
'/etc/systemd/system/nfs.target.wants/nfs-server.service'
# systemctl start nfs-secure-server; systemctl enable nfs-secure-server
ln -s '/usr/lib/systemd/system/nfs-secure-server.service'
'/etc/systemd/system/nfs.target.wants/nfs-secure-server.service'
Allow nfs and other supplementary services through Linux firewall.
# firewall-cmd --permanent --add-service={mountd,nfs,rpc-bind}
success
# firewall-cmd --reload
success
/nfsshare client2.example.com
[root@client2 nfsshare]#
System Specification:
We use the same Linux server that we have configured as PXE Boot
Server in our previous article. The specifications have been re-
mentioned below for convenience of the readers.
CPU: 2 Core (2.4 Mhz)
Memory: 2 GB
Storage: 50 GB
Operating System: RHEL 7.5
Hostname: pxe-server.itlab.com
IP Address: 192.168.116.41/24
#vi /var/ftp/pub/rhel7/rhel7.cfg
The final contents of the rhel7.cfg are:
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$vyNMLtgd$VmtByshddZSBK..uuFhoH0
# Use network installation
url --url="ftp://192.168.116.41/pub/rhel7"
# System language
lang en_US
# System authorization information
auth --useshadow --passalgo=sha512
# Use graphical install
graphical
firstboot --disable
# SELinux configuration
selinux --enforcing
# Firewall configuration
firewall --enabled --ssh
# Network information
network --bootproto=dhcp --device=eth0
# Reboot after installation
reboot
# System timezone
timezone Asia/Karachi
# System bootloader configuration
bootloader --location=mbr --boot-drive=sda
autopart --type=lvm
# Partition clearing information
clearpart --none --initlabel
%addon com_redhat_kdump --disable --reserve-mb='auto'
%end
# Packages to be installed
%packages
@core
%end
We have successfully created a Kickstart file for automated
installations. To make it usable by our PXE boot server, we have to
include it in the menu command of tftp .
Configure PXE boot server to use Kickstart file:
Edit the PXE boot menu for BIOS based clients.
#vi /var/lib/tftpboot/pxelinux.cfg/default
and append the kickstart directive therein. Contents of this file after
editing are:
default menu.c32
prompt 0
timeout 30
menu title Ahmer's PXE Menu
label Install RHEL 7.5
kernel /networkboot/rhel7/vmlinuz
append initrd=/networkboot/rhel7/initrd.img
inst.repo=ftp://192.168.116.41/pub/rhel7
ks=ftp://192.168.116.41/pub/rhel7/rhel7.cfg
Similarly, edit the PXE boot menu for UEFI based clients.
#vi /var/lib/tftpboot/grub.cfg
and append the kickstart directive therein. Contents of this file after
editing are:
set timeout=60
System Specification:
For this article, we are using two CentOS 7 virtual machines as
the Galera Cluster nodes.
Hostname: mariadb-01.example.com mariadb-02.example.com
IP Address: 192.168.116.81 /24 192.168.116.82/24
CPU: 2.4 Ghz (2 cores) 2.4 Ghz (2 cores)
Memory: 2 GB 2 GB
Operating System: CentOS 7.6 CentOS 7.6
MariaDB Version: 10.3.12 10.3.12
We are assuming that the reader has some intermediate
knowledge of MariaDB and Linux platform. Therefore, we
highly recommend the readers to read and build some basic
understanding of these topics before reading this article. I
recommend following two books on these topics.
1 - Getting Started with MariaDB - Second Edition
2 - Mastering CentOS 7 Linux Server
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Type 'help;' or '\h' for help. Type '\c' to clear the current
input statement.