Prerequisite Centos - ashwin-shetty/Documents-Wiki GitHub Wiki

Content

• 1. Create New User
• 2. Setup Java & WGET
• 3. Tomcat Server
• 4. DNS & Host Name Change
• 5. Add Machine to Active Directory
• 6. Docker Issues
• 7. Kerberos Command

Create New User

System IP : 11.0.16.51, Existing username : 'ashu', New User : 'monika'

1. Login to CentOs from bash client (Git Bash)

	ssh [email protected]

2. Change user pemission to root access

	sudo su

3. Create User name and password

# Create a user name
	adduser monika
# Setup password for created user
	passwd monika

4. Add user to 'root access or sudo' group

# In CentOs root access group name is wheel
	usermod -aG wheel monika

5. Test

# This is switch user command 
su monika
# OR
# Login to bash with new user to validate 
ssh [email protected]

Setup Java 8 & WGET

1. Install Java 8

# Install Java 8
sudo yum install java-1.8.0-openjdk.x86_64
# Check Java version 
java -version

2. Install WGET

 sudo yum install wget

Tomcat Server

1. Prerequisite

Install java and wget

2. Create tomcat user

Tomcat server needs to have its own user to execute the server

# Create a sub folder in 'opt'. 'opt' is a folder where we install all third part software's 
  sudo mkdir /opt/tomcat
# Create a group with name 'tomcat'
  sudo groupadd tomcat
# Create a user with name 'tomcat' with no login 
  sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat tomcat

3. Download tomcat and folder creation

# Download tomcat from server. Check for the link from browser
 wget https://apache.uib.no/tomcat/tomcat-9/v9.0.33/bin/apache-tomcat-9.0.33.tar.gz 
# Unzip the content to '/opt/tomcat' folder 
 sudo tar xf apache-tomcat-9*.tar.gz -C /opt/tomcat

4. Create a soft link

# Optional step it helps when we have to upgrade tomcat version 
 sudo ln -s /opt/tomcat/apache-tomcat-9.0.33 /opt/tomcat/latest

5. Change the ownership of folders to tomcat and give execute permission to scripts in bin folder

# Change tomcat folder owner to 'tomcat' user
 sudo chown -RH tomcat: /opt/tomcat/latest
# Give executable permission to shell scripts inside bin folder 
 sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

6. Setting up tomcat.service

Create a tomcat.service file and make sure JAVA_HOME has a correct path

[Unit]
Description=Tomcat 9 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"

Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

Shell Script commands

# copy file to 'etc/systemd/system'
 cp /home/ashu/tomcat.service /etc/systemd/system/tomcat.service
# give permission to the file
 chmod -R 777 /etc/systemd/system/tomcat.service
# reload configuration
sudo systemctl daemon-reload

# Test commands
# start tomcat
 sudo systemctl start tomcat
# status of tomcat
 sudo systemctl status tomcat
# stop tomcat
 sudo systemctl stop tomcat

7. Enable Firewall

By Default centOs firewall is enabled. if so we need white list the port

# start tomcat
# white list port 8080 for tomcat
 sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
# reload firewall config
 sudo firewall-cmd --reload

8. Testing

# Type server IP and port in browser to access tomcat server home page 
 http://11.0.16.51:8080 #my IP
 http://[CENTOS_SERVER_IP]:8080

DNS & Host Name Change

Add DNS and hostname to Machine

1. Open nmtui

# nmtui command triggers GUI to change network related configuration
sudo nmtui 

2. Edit Connection

 Select 'Edit a Connection' in GUI and change the dns IP to same IP as of Active Directory

3. Change host name

 Select 'Set system hostname'
# here 'linux-ashu' is the hostname of my system 'example.local' is my windows active directory server name
linux-ashu.example.local

4. Restart the hostnamed

sudo systemctl restart systemd-hostnamed

5. Verify the change

hostname

Add Machine to Active Directory

1. Install modules

yum install realmd sssd oddjob oddjob-mkhomedir samba-common-tools ntp ntpdate

2. Join to Domain

# 'example.local' is my windows active directory
# user1 is the Active Directory user name 
# We need to enter user1 credentials
realm join --user=user1 example.local

3. Test AD Connectivity

# List the connection details of Active Directory
 realm list

4. Sync time with Active Directory

#'example.local' is my windows active directory name
ntpdate example.local

5. Test Time

# Display the local time compare with time of active directory
date

Docker Issues

1. Adding existing user to docker user group

# When new user is created user needs to be added to docker user group
# Check if group is already exist. if not then docker has not been installed
$ sudo groupadd docker
# Add the logged in user to docker group
$ sudo usermod -aG docker $USER
# newgrp command configures the group membership with which a user wil log in
$ newgrp docker
# test if added group works
$ docker ps

2. Getting Inside Docker Container

docker exec -it <container_name> bash
docker exec -it <container_name> /bin/sh
#Check images
docker images

3. Copy Image from one machine to another

 --- Copy image from one machine to another 
 --- Docker save image to tar
 docker save -o image/ad-images.tar ad:0.1
 
 --- Copy tar file to another machine and execute 
 docker load -i ad-images.tar

Kerberos Command

1. Kerberos Initialise

kinit -kt /usr/local/tomcat/conf/tomcat.keytab HTTP/[email protected]

2. Kerberos Info about Tickets

 klist 
# OUTPUT
# Ticket cache: FILE:/tmp/krb5cc_0
# Default principal: HTTP/[email protected]

# Valid starting     Expires            Service principal
# 04/03/20 14:38:23  04/04/20 00:38:23  krbtgt/[email protected]
#         renew until 04/04/20 14:38:23

3. Kerberos Check Encryption Used

 klist -kte
# OUTPUT
# Keytab name: FILE:/usr/local/tomcat/conf/tomcat.keytab
# KVNO Timestamp         Principal
# ---- ----------------- --------------------------------------------------------
#   0 01/01/70 00:00:00 HTTP/[email protected] (aes256-cts-hmac-sha1-96)

4. Kerberos Check Principal name in keytab

[ashwin@linux-ashu conf]$ ktutil
ktutil:  read_kt tomcat.keytab
ktutil:  list
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    0 HTTP/[email protected]
   2    0 HTTP/[email protected]
   3    0 HTTP/[email protected]
   4    0 HTTP/[email protected]
   5    0 HTTP/[email protected]

4. Kerberos Check port is Open via Bash

timeout 1 bash -c '</dev/tcp/example.local/389 && echo Port is open || echo Port is closed' || echo Connection timeout