Learning RHEL Networking

Table of Contents

Learning RHEL Networking

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Introducing Enterprise Linux 7

Red Hat Enterprise Linux

CentOS

Fedora

Determining your distribution and version

The /etc/system-release file

The /etc/issue file

Using lsb_release

Determining the kernel version

Summary

2. Configuring Network Settings

Elevating privileges

The su command

Delegating with the sudo command

Using ip and hostnamectl

Consistent naming for network devices

A real-life network device naming example

Disabling consistent network device naming

Using the ip command to display configurations

Using the ip command to implement configuration changes

Persisting network configuration changes

Configuring the RHEL 7 hostname with hostnamectl

Introduction to the Red Hat NetworkManager

Interacting with the NetworkManager using the Control Center

Adding a new profile with the Control Center

Interacting with the NetworkManager using nmtui

Extreme interaction with NetworkManager using nmcli

Summary

3. Configuring Key Network Services

Domain Name System

Installing and configuring a Caching Only DNS server

Configuring clients to use this server

Configuring the DNS zone

Referencing the zone from /etc/named.conf

Creating the zone file

Configuring a DHCP server

Configuring time services on RHEL 7

Implementing chronyd

Implementing ntpd

Implementing PTP on RHEL 7

Implementing e-mail delivery on RHEL 7

Adding an MX record to the DNS server

Summary

4. Implementing iSCSI SANs

The iSCSI target (server)

Managing logical volumes with LVM

Partitioning the disk

Creating the physical volume

Creating the volume group

Creating logical volumes

Installing the targetd service and targetcli tools

Managing iSCSI targets with targetcli

Creating storage backstores

Creating iSCSI targets

Adding LUNS to the iSCSI target

Adding ACLS

Working with the iSCSI Initiator

Summary

5. Implementing btrfs

Overview of btrfs

Overview of the lab environment

Installing btrfs

Creating the btrfs filesystem

The Copy-On-Write technology

Resizing btrfs filesystems

Adding devices to the btrfs filesystem

Volume management the old way

Volume management with btrfs

Balancing the btrfs filesystem

Mounting multidisk btrfs volumes from /etc/fstab

Creating a RAID1 mirror

Using btrfs snapshots

Optimizing btrfs for solid state drives

Managing snapshots with snapper

Summary

6. File Sharing with NFS

An overview of NFS

Overview of the lab environment

The NFS server configuration

Simple exports

Advanced exports

Pseudo-root

Using exportfs to create temporary exports

Hosting NFSv4 behind a firewall

Hosting NFSv3 behind a firewall

Diagnosing NFSv3 issues

Using static ports for NFSv3

Configuring the NFS client

Auto-mounting NFS with autofs

Summary

7. Implementing Windows Shares with Samba 4

An overview of Samba and Samba services

An overview of the lab environment

Configuring time and DNS

Managing Samba services

The Samba client on RHEL 7

Configuring file shares in Samba

Troubleshooting Samba

Summary

8. Integrating RHEL 7 into Microsoft Active Directory Domains

Overview of identity management

An overview of the lab environment

Preparing to join an Active Directory domain

Using realm to manage domain enrolment

Logging on to RHEL 7 using Active Directory credentials

User and group management with adcli

Listing the Active Directory information

Creating Active Directory users

Creating Active Directory groups

Managing the Active Directory group membership

Delegating Active Directory accounts with sudo

Leaving a domain

Understanding Active Directory as an identity provider for sssd

Configuring NSS

Configuring PAM

Configuring Kerberos

Configuring SSSD

Summary

9. Deploying the Apache HTTPD Server

Configuring the httpd service

Installing Apache 2.4

The configuration

Configuring the DocumentRoot directory

Controlling the Apache web service

Setting up the server name

Setting up a custom error page

Loading modules

Virtual servers

Name-based

The name resolution

The Apache configuration

IP-based

Port-based

Automating virtual hosts

Summary

10. Securing the System with SELinux

What is SELinux

Understanding SELinux

Modes

The disabled mode

The permissive mode

The enforcing mode

Labels

Policy types

Minimum

Targeted

MLS

Policies

Working with the targeted policy type

Unconfined domains

SELinux tools

chcon and restorecon

Boolean values

Troubleshooting SELinux

The log file

The audit2allow command

Permissive domains

Summary

11. Network Security with firewalld

The firewall status

Routing

Zone management

Source management

Firewall rules using services

Firewall rules using ports

Masquerading and Network Address Translation

Using rich rules

Implementing direct rules

Reverting to iptables

Summary

Index

Learning RHEL Networking

Learning RHEL Networking

Copyright © 2015 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: June 2015

Production reference: 1170615

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78528-783-1

www.packtpub.com

Credits

Author

Andrew Mallett

Reviewers

Shichao An

Moinak Ghosh

Alexey Maksimov

Ranjith Rajaram

John Willis

Commissioning Editor

Nadeem Bagban

Acquisition Editor

Harsha Bharwani

Content Development Editor

Nikhil Potdukhe

Technical Editor

Parag Topre

Copy Editor

Relin Hedly

Project Coordinator

Vijay Kushlani

Proofreader

Safis Editing

Indexer

Monica Ajmera Mehta

Production Coordinator

Arvindkumar Gupta

Cover Work

Arvindkumar Gupta

About the Author

Andrew Mallett has been working in the IT industry since 1986. He has worked with Linux technologies since the release of the original Red Hat Linux 7 in 1999. Andrew not only possesses Linux skills and certifications, but also consults and teaches Linux and other technologies. He has written books on Linux on Citrix, which were published by Packt Publishing. Andrew has also been an active participant and works as a volunteer sysop. He is a SUSE Certified Linux Instructor, which enables him to help, support, and develop the official Novell SUSE curriculum worldwide.

Andrew currently works for his own company. He can be found on Twitter at http://theurbanpenguin.com and @theurbanpenguin. His published video courses on Linux can be found at http://www.pluralsight.com.

I live with my family in the UK. This year, I will celebrate 25 years of togetherness with my wife and friend, Joan, who has helped me sail through good and bad times. This book is dedicated to Joan and the 25 years of love she has selflessly provided.

About the Reviewers

Shichao An is a Red Hat Certified Engineer (RHCE). He uses Fedora as his desktop operating system. Shichao received his master's degree in computer science from the New York University. Currently, he works as a system administrator and focuses on managing Amazon EC2 servers and containerizes applications with Docker. Shichao is enthusiastic about open source and is active on GitHub, where he hosts some small projects and shares his learning roadmaps.

Alexey Maksimov is an IT professional raised in Russia. He has been living in New Zealand since 2008. He holds a diploma in mathematics and specializes in systems programming. During his extensive 15-year-long career, Alexey has gained broad infrastructure support experience from top notch enterprise-grade environments, such as Vodafone (New Zealand) and Mobile Telesystems (Russia).

Alexey's main area of interest is Oracle database administration. However, his skills also include impressive hands-on knowledge of networks and a range of UNIX-based systems, including Red Hat Linux, Oracle Linux, and Oracle Solaris, backed by industry certifications.

Alexey can be reached on LinkedIn at http://linkedin.com/in/newrnz/ or on his personal website at http://newr.co.nz/.

His healthy mix of skills enable him to speak to other professionals in their language, understand and solve their challenges, collaborate effectively, and see the big picture beyond the fence of his job description, delivering a tremendous value to his employer. He has also worked as a professional IT trainer, which is very important if you are writing or reviewing books.

Ranjith Rajaram is employed as a senior technical account manager at a leading open source Enterprise Linux company.

He started his career providing support to web hosting companies and managing servers remotely. Ranjith has also provided technical support to their end customers. Early in his career, he worked on Linux, Unix, and FreeBSD platforms.

For the past 12 years, he has been continuously learning something new. This is what he likes and admires about technical support. As a mark of respect to all his fellow technical support engineers, he has included developing software is humane but supporting them is divine in his e-mail signature.

At his current organization, he is involved in implementing, installing, and troubleshooting Linux environment networks. Apart from this, he is also an active contributor to the Linux container space, especially using Docker-formatted containers.

www.PacktPub.com

Support files, eBooks, discount offers, and more

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Free access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.

Preface

Welcome to Learning RHEL Networking. My name is Andrew Mallett and I will offer you expert guidance and tuition that will provide you with the skills to tame this powerful and popular Linux distribution. We will work with Red Hat Enterprise Linux 7.1. This latest release offers many improvements and is more likely to be the next version. The movement to the new system, the service management of systemd and the ecosystem that spawns from it offers so much new for administrators to absorb.

Writing about an Enterprise Linux distribution is important as we see the increase in the number of organizations deploying Linux. As a result, we require knowledgeable professionals to manage these systems. The Linux Foundation with Dice, a specialist recruitment company, surveyed many large organizations and found the following results:

93 percent of the organizations polled were looking to employ Linux professionals

91 percent of hiring managers reported that they found it difficult to find skilled Linux administrators

As a side note to this, it was additionally noted that salaries for Linux professionals had increased by 9 percent during the last 12 months.

With such confidence in Linux coming from so many organizations, the focus of this book has to be commercially driven for me and you. We want you to be able to improve your career prospects as well as your Linux knowledge.

Enterprise Linux distributions, such as CentOS, Red Hat, Debian, and SUSE Enterprise Linux, do not deploy the latest and greatest bleeding-edge technology that you may find on home or enthusiast-oriented distributions, such as Fedora or openSUSE. Rather, they allow these to be development platforms to hone and perfect the software before migrating it to an enterprise a few months or even years later. Enterprise Linux has to be dependable, reliable, resilient, and supportable by the organization deploying it and the backend support coming from the community or paid support teams. By definition, the latest in software development does not lend itself well to this; these are the latest development, and knowledge of these developments and best practices will take time to evolve and develop.

Although the book will focus on RHEL, you may equally use Fedora 21 or CentOS; either of these releases will be able to provide you with a compatible platform, where we can work through many examples that are provided in the book.

What this book covers

Chapter 1, Introducing Enterprise Linux 7, helps you understand how enterprise-level Linux differs from other bleeding-edge distributions and the relationship between Red Hat, CentOS, and Fedora. This short chapter gives you a great understanding of RHEL and helps you learn RHEL 7 on your choice of platform.

Chapter 2, Configuring Network Settings, discusses how to configure your network settings and how Red Hat allows you to set the IP address configuration on your host.

Chapter 3, Configuring Key Network Services, helps your RHEL host with a network address. This chapter teaches you how to add some command networking services and how to configure NTP, DNS, DHCP, and SMTP, time, name resolution, IP address assignment, and e-mails.

Chapter 4, Implementing iSCSI SANs, discovers RHEL 7. It offers a new kernel-based module to implement network-based storage. This chapter teaches you how to deploy iSCSI targets and connect from an RHEL client.

Chapter 5, Implementing btrfs, takes a look at Better FS. Having volume management built-in the filesystem allows easy storage management and is a common basis for sharing your filesystem on a network.

Chapter 6, File Sharing with NFS, explains NFS, a de facto Unix file sharing service, which still maintains its importance in the Enterprise Linux market. This chapter covers how to use NFSv4 and compares it with V3 so that you can appreciate its easier firewall management feature among many other new features.

Chapter 7, Implementing Windows Shares with Samba 4, covers instances where RHEL can provide services on a network and the client-side workstation will have Windows OS installed at their end. This requires RHEL to support these Windows clients. File and print services can be supplied through the Samba 4 service on RHEL 7.

Chapter 8, Integrating RHEL 7 into Microsoft Active Directory Domains, explores the fact that many enterprise organizations have already set up Identity Services and are run with Microsoft's Active Directory. It makes sense that these existing domain accounts should be used to access resources on the RHEL 7 server. The RHEL server can join the domain server and become a member server that allows you to share single sign-on to shared resources hosted on the Linux system.

Chapter 9, Deploying the Apache HTTPD Server, deploys a web server that can be important for your network. This may be to provision web access to an intranet or external access to the Internet. Many administrators use the Apache web server to provide access to local software repositories and install sources, so the importance of this service cannot be overlooked.

Chapter 10, Securing the System with SELinux, provides insights on the fact that with more and more systems connecting to the Internet, the vulnerability of your network facing services is increasing exponentially. SELinux has been included on RHEL since release 4, but very often, we read blogs that suggest that SELinux should be disabled. This chapter teaches you how to deploy