Monday, January 23, 2017

Project Alphaberry - Part 2

Well, I started digging into the metal a bit this week. I now have a few linux machines laying around, and the starts of a real server infrastructure. Project Alphaberry continues…

Installing Linux is something I was putting off a bit, I will admit, I didn’t know anything about it, how to even get started, but I knew I wanted to run a minimal CentOS 7.x. I downloaded the latest image from the CentOS download portal. It was an ISO, and I had a 64GB Patriot USB Drive sitting around that I had previously used for Windows 8 installations around the house. I have seem a lot of guides on using the Win32 Disk Imager, however, I found a more performant version called Rufus when doing research on the Raspberry part of the project. Not only was it a breeze to use, it was extremely fast.

Now that I had my image installed, I wanted to do a “dry run”, for some reason I thought this was going to be complicated, so I picked up my old laptop (i3, 8GB memory, 256 SSD) and decided it could be used as a sandbox. I popped in the USB stick, rebooted, and was prompted with about a 5 step installer, and within about 10 minutes was up and running at the command prompt, with wireless internet access at that… I kinda cheered, and kinda slapped myself on the forehead for this part, it was ridiculously easy.

From this point, I just did some playing around with this laptop, and figured out how to allow me to close the laptop lid without it going into sleep mode.

In the file: /etc/systemd/logind.conf

[Login]
HandleLidSwitch=ignore

More information about that config can be found on freedesktop.org. It goes over all the settings in that file, as well as the valid options for it. Now I can just lay the laptop somewhere next to a power cable with the wireless, close the lid, and its all good to go. This allows me to play around with it from my own laptop, even though I have built in Ubuntu on Windows thingy, it isn’t really “complete”, and isn’t the actual OS I want to play with, CentOS has a lot of differences from Ubuntu.

Moving on to the Alpha, I upgrade the memory to the new 16GB real fast, and swapped out the hard drive with the 256GB SSD. From there I just plugged the computer back into the desk my wife had everything hooked up to, dropped in the USB drive, and booted it up. Within a few minutes, I had everything up and running, this time I opted to NOT setup the wireless, as it will be hard wired into the network. Unfortunately, I completely failed to setup the ethernet… I shutdown the system, moved it over to the “work area”, hooked up the new managed switch and the Alpha to my main router, turned it on, checked out my router to find the IP from the list and… it wasn’t there.

Remembering that I have a managed switch, I realized that I didn’t… manage to set shit up. Within a few minutes of bumping my head, I realized that the default IP for the switch is 192.168.0.1, while my subnet is 192.167.1.x. This, was disheartening, getting a route to that other subnet was, not ideal, I attempted to setup a static route on my router, and it just… didn’t take. Then I remembered that this archaic round thing came with the router, turns out it has management software, since my laptop wasn’t made in the age of spinning disks, I downloaded the management software, which found the router right away, and allowed me to change the IP address to something my router wouldn’t struggle with. However, my Alpha still wasn’t showing up.

So this was a lesson I learned pretty early on, not configuring any networking on a server, before disconnecting any way to manage it, is stupid. It was at this point I lugged an HDMI display into the work area, and grabbed one of my old USB keyboards, both of these will probably be useful to have around for the Pi stuff anyway. Once I got in, I realized that I should setup the server to use a static IP. This took me in odd directions, however, I got that running with a minor tweak to one file (this might be different for you, use ip addr to find the right interface).

In the file: /etc/sysconfig/network-scripts/ifcfg-enp3s0

TYPE=Ethernet
BOOTPROTO=none
DHCPCLASS=
IPADDR=192.168.1.101
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
USERCTL=no
IPV6INIT=no
PEERDNS=yes
ONBOOT=yes
DEVICE=enp3s0
HWADDR=<MAC ADDRESS>

Now, i’m not 100% sure what some of that in there is, or if I need it, I will be asking some of the guru’s at work tomorrow a bit more on that. Additionally, I want to rename this to eth0 rather than enp3s0 to make my life easier. However, this works, once I restarted the network via systemctl restart network, it was showing in my device list for my router, and I was able to SSH from my laptop.

Speaking of SSH, there are a few SSHD settings I changed right off the bat, it was recommended to change these for a bit more security.

In the file: /etc/ssh/sshd_config

 Protocol 2
 PermitRootLogin no

These are commented out by default, so I uncommented them and changed them to the above settings, then I restarted the SSHD service via systemctl restart sshd.service. Now I can only login to root via the console, and it uses the latest SSH protocol only.

Finally, I did a full system update/upgrade, and installed some tools:

yum -y update && yum -y upgrade
yum -y install nmap wget telnet unzip

Finally, I made sure that selinux was installed and initialized:

yum -y install selinux-policy
getenforce

Security Enhanced Linux is basically some low level additional security that is wrapped into the kernel. Something I would want on an “admin” server, which is basically what the Alpha part of the Alphaberry is for.

And here we are, at the next stage, I now have a stable Linux server running, fully up to date, static IP address, and some basic tooling ready to go. The next step on my TODO list is go get the DNS server working, spoiler alert, I already spent the mind crunching time to do that today, and am actually now using the new DNS server not only on the linux servers, but on this laptop to test it out, it works.

C:\>nslookup linux-sandbox.home.renevo.com
Server:  alpha-01.home.renevo.com
Address:  192.168.1.101

Name:    linux-sandbox.home.renevo.com
Address:  192.168.1.199

The next post will be a basic overview of how I set it up, and how I plan on managing it, because as it sits, editing those configuration files sucks.

Until next time, feel free to leave any comments/suggestions either below, or hit me up on twitter via @TribalTom.

7 comments:

IT Tutorials said...

Thanks for your article .its very useful for everyone. best aws training in chennai | aws course fees details

Diya shree said...

Good job and thanks for sharing such a good blog You’re doing a great job. Keep it up !!

Python Training in Chennai | Python Training in Chennai, OMR | Python Training in Chennai, Velachery | Best Python Training in Chennai | Python Training Institute in Chennai | Best Python Training in Credo Systemz, Chennai

Diya shree said...

Hey, it's really nice information to share here. Thanks for your blog, keep posting like this regularly. Thank you!!!

PMP Training in Chennai | Best PMP Training in Chennai |
Project Management Requirements | PMP Certification Training Courses and Books |
PMP Certification Courses in Velachery & OMR | PMP Certification training in chennai | Project Manager Interview Questions & Answer

IT Tutorials said...



Get the most advanced AWS Course by Professional expert. Just attend a FREE Demo session.
For further details call us @ 9884412301 | 9600112302
AWS training in chennai | AWS training in velachery

Jack son said...

The four hour test is completely PC based and has been led more often than not at the major PMI's for example Venture Management Institutes.ExcelR PMP Certification

digitaltucr said...

They're produced by the very best degree developers who will be distinguished for your polo dress creating. You'll find polo Ron Lauren inside exclusive array which include particular classes for men, women.
ExcelR PMP certification

Priyanka said...

Attend The Data Analytics Courses From ExcelR. Practical Data Analytics Courses Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Data Analytics Courses.
ExcelR Data Analytics Courses