ASL - Luglio 2017
10 Luglio
R. Alfieri:
L'ambiente Linux
Host disponibili: infn100.hpc.unipr.it (template) , infn101.hpc.unipr.it , infn102.hpc.unipr.it , infn103.hpc.unipr.it (clone di ws01.hpc.unipr.it)
Approfondmenti: Linux GUI - linux Shell - Riceche e filtri - Shell programming
LDAP
http://www.ldapadmin.org/download/ldapadmin.html - ldap-profile
Confgurazione LDAP:
ldap01.hpc.unipr.it base: ou=infn,dc=hpc,dc=unipr,dc=it base: ou=hpc,dc=hpc,dc=unipr,dc=it
Configurazione infn103 come server WWW dell'INFN
- Attivata l'autenticazione LDAP con script sssd-dc_hpc-ou_infn.sh ( baseDN= ou=infn,dc=hpc,dc=unipr,dc=it )
- Sincronizzati i dati dal server web attuale (www.fis.unipr.it):
rsync -av web.fis.unipr.it:/var/www/html/infn/ /var/www/html/infn/ rsync -av web.fis.unipr.it:/var/www/html/dokuwiki/data/pages/infn/ /var/www/html/dokuwiki/data/pages/infn/ rsync -av web.fis.unipr.it:/var/www/html/dokuwiki/data/media/infn/ /var/www/html/dokuwiki/data/media/infn/
Nuovo server: http://infn103.hpc.unipr.it/
Abilitazione di userdir:
- modificato il file /etc/httpd/conf.d/userdir.conf
# UserDir disabled
UserDir html
<Directory "/hpc/home/*/html" >
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
<Directory "/hpc/home/staff/*/html" >
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
11 Luglio
Configurazione infn101 come server SMTP dell'INFN
Riferimenti: https://tecadmin.net/install-sendmail-server-on-centos-rhel-server/
Installati i seguenti pacchetti:
yum install sendmail sendmail-cf sendmail-doc cyrus-sasl-{lib,plain}
Copiato i seguenti file di configurazione dal vecchio server posta.fis.unipr.it:
scp posta.fis.unipr.it:/etc/mail/access /etc/mail/ scp posta.fis.unipr.it:/etc/mail/local-host-names /etc/mail/
Configurato il file /etc/mail/sendmail.mc:
echo "define('SMART_HOST', 'relay.fis.unipr.it')dnl" >> /etc/mail/sendmail.mc
echo "dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl" >> /etc/mail/sendmail.mc
m4 sendmail.mc > sendmail.cf
systemctl restart sendmail.service
Modificato /etc/aliases:
echo "asl: roberto.alfieri, cristian.ghiorzi,tommaso.arpiosi" >> /etc/aliases newaliases
Configurazione DOVECOT
Da fare
Configurazione infn102 come server DNS dell'INFN
Creazione server DNS su macchina infn102 con installazione bind
./sssd-dc_hpc-ou_infn.sh # connessione di infn102 al LDAP INFN.
yum install bind
modifica di /etc/named.conf
cat << EOF >> /etc/named.conf
listen-on port 53 { 127.0.0.1; 160.78.32.102; };
allow-query { localhost; 160.78.0.0/16; 192.135.11.0/24;};
zone "pr.infn.it" { type master; file "infn/pr_infn.soa"; };
EOF
cd /var/named/infn scp server:/var/named/fis/pr_infn.soa . scp server.fis.unipr.it:/var/named/fis/pr_infn.db . scp server.fis.unipr.it:/var/named/fis/pr_infn.cname .
dig @infn102 www.pr.infn.it
12 Luglio
Visita al Data Center di Ateneo
Samba
Installazione Samba
yum install samba yum install system-config-samba yum install samba-common
Configurazione Samba
[global]
workgroup = INFN
hosts allow = 127. 160.78. 192.135.11.
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
creazione share pubblica
[global]
.
.
.
map to guest = Bad User
[Anonymous]
path = /etc/samba/anonymous
browsable =yes
writable = yes
guest ok = yes
read only = no
Creazione di una share con autenticazione
goupadd smbgrp useradd <nomeutente> -G smbrgrp smbpasswd -a <nomeutente> mkdir -p secured cd /samba chmod -R 777 secured
Configurazione per autenticazione
[secured] path = /etc/samba/secured # valid users = @smbgrp valid users = @G_ASL , @smbgrp, roberto.alfieri guest ok = no writable = yes browsable = yes
Autenticazione SAMBA
Da configurare smb-ldaptoools
Point-and-print per windows10
13 Luglio
Configurazione DHCP su infn102
installazione DHCP
yum install dhcp
configurazione DHCP
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
option domain-name "pr.infn.it";
option domain-name-servers 192.135.11.20, 160.78.48.10;
option subnet-mask 255.255.255.0;
option ntp-servers 192.135.11.20;
not authoritative;
default-lease-time 3600;
max-lease-time 86400; # 24 ore
ignore unknown-clients;
ddns-update-style none;
shared-network INFN
{
option ntp-servers 192.135.11.20;
not authoritative;
default-lease-time 3600;
max-lease-time 86400; # 24 ore
ignore unknown-clients;
ddns-update-style none;
shared-network INFN
{
subnet 192.135.11.0 netmask 255.255.255.128
{
authoritative;
range 192.135.11.195 192.135.11.239;
option routers 192.135.11.254;
option subnet-mask 255.255.255.128;
}
subnet 160.78.34.0 netmask 255.255.255.0
{
authoritative;
range 160.78.34.211 160.78.34.252;
option routers 160.78.34.254;
}
subnet 160.78.32.0 netmask 255.255.255.0
{
authoritative;
option routers 160.78.34.254;
}
}