Monday, January 23, 2017

Project Alphaberry - Part 2

Well, I started digging into the metal a bit this week. I now have a few linux machines laying around, and the starts of a real server infrastructure. Project Alphaberry continues…

Installing Linux is something I was putting off a bit, I will admit, I didn’t know anything about it, how to even get started, but I knew I wanted to run a minimal CentOS 7.x. I downloaded the latest image from the CentOS download portal. It was an ISO, and I had a 64GB Patriot USB Drive sitting around that I had previously used for Windows 8 installations around the house. I have seem a lot of guides on using the Win32 Disk Imager, however, I found a more performant version called Rufus when doing research on the Raspberry part of the project. Not only was it a breeze to use, it was extremely fast.

Now that I had my image installed, I wanted to do a “dry run”, for some reason I thought this was going to be complicated, so I picked up my old laptop (i3, 8GB memory, 256 SSD) and decided it could be used as a sandbox. I popped in the USB stick, rebooted, and was prompted with about a 5 step installer, and within about 10 minutes was up and running at the command prompt, with wireless internet access at that… I kinda cheered, and kinda slapped myself on the forehead for this part, it was ridiculously easy.

From this point, I just did some playing around with this laptop, and figured out how to allow me to close the laptop lid without it going into sleep mode.

In the file: /etc/systemd/logind.conf

[Login]
HandleLidSwitch=ignore

More information about that config can be found on freedesktop.org. It goes over all the settings in that file, as well as the valid options for it. Now I can just lay the laptop somewhere next to a power cable with the wireless, close the lid, and its all good to go. This allows me to play around with it from my own laptop, even though I have built in Ubuntu on Windows thingy, it isn’t really “complete”, and isn’t the actual OS I want to play with, CentOS has a lot of differences from Ubuntu.

Moving on to the Alpha, I upgrade the memory to the new 16GB real fast, and swapped out the hard drive with the 256GB SSD. From there I just plugged the computer back into the desk my wife had everything hooked up to, dropped in the USB drive, and booted it up. Within a few minutes, I had everything up and running, this time I opted to NOT setup the wireless, as it will be hard wired into the network. Unfortunately, I completely failed to setup the ethernet… I shutdown the system, moved it over to the “work area”, hooked up the new managed switch and the Alpha to my main router, turned it on, checked out my router to find the IP from the list and… it wasn’t there.

Remembering that I have a managed switch, I realized that I didn’t… manage to set shit up. Within a few minutes of bumping my head, I realized that the default IP for the switch is 192.168.0.1, while my subnet is 192.167.1.x. This, was disheartening, getting a route to that other subnet was, not ideal, I attempted to setup a static route on my router, and it just… didn’t take. Then I remembered that this archaic round thing came with the router, turns out it has management software, since my laptop wasn’t made in the age of spinning disks, I downloaded the management software, which found the router right away, and allowed me to change the IP address to something my router wouldn’t struggle with. However, my Alpha still wasn’t showing up.

So this was a lesson I learned pretty early on, not configuring any networking on a server, before disconnecting any way to manage it, is stupid. It was at this point I lugged an HDMI display into the work area, and grabbed one of my old USB keyboards, both of these will probably be useful to have around for the Pi stuff anyway. Once I got in, I realized that I should setup the server to use a static IP. This took me in odd directions, however, I got that running with a minor tweak to one file (this might be different for you, use ip addr to find the right interface).

In the file: /etc/sysconfig/network-scripts/ifcfg-enp3s0

TYPE=Ethernet
BOOTPROTO=none
DHCPCLASS=
IPADDR=192.168.1.101
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
USERCTL=no
IPV6INIT=no
PEERDNS=yes
ONBOOT=yes
DEVICE=enp3s0
HWADDR=<MAC ADDRESS>

Now, i’m not 100% sure what some of that in there is, or if I need it, I will be asking some of the guru’s at work tomorrow a bit more on that. Additionally, I want to rename this to eth0 rather than enp3s0 to make my life easier. However, this works, once I restarted the network via systemctl restart network, it was showing in my device list for my router, and I was able to SSH from my laptop.

Speaking of SSH, there are a few SSHD settings I changed right off the bat, it was recommended to change these for a bit more security.

In the file: /etc/ssh/sshd_config

 Protocol 2
 PermitRootLogin no

These are commented out by default, so I uncommented them and changed them to the above settings, then I restarted the SSHD service via systemctl restart sshd.service. Now I can only login to root via the console, and it uses the latest SSH protocol only.

Finally, I did a full system update/upgrade, and installed some tools:

yum -y update && yum -y upgrade
yum -y install nmap wget telnet unzip

Finally, I made sure that selinux was installed and initialized:

yum -y install selinux-policy
getenforce

Security Enhanced Linux is basically some low level additional security that is wrapped into the kernel. Something I would want on an “admin” server, which is basically what the Alpha part of the Alphaberry is for.

And here we are, at the next stage, I now have a stable Linux server running, fully up to date, static IP address, and some basic tooling ready to go. The next step on my TODO list is go get the DNS server working, spoiler alert, I already spent the mind crunching time to do that today, and am actually now using the new DNS server not only on the linux servers, but on this laptop to test it out, it works.

C:\>nslookup linux-sandbox.home.renevo.com
Server:  alpha-01.home.renevo.com
Address:  192.168.1.101

Name:    linux-sandbox.home.renevo.com
Address:  192.168.1.199

The next post will be a basic overview of how I set it up, and how I plan on managing it, because as it sits, editing those configuration files sucks.

Until next time, feel free to leave any comments/suggestions either below, or hit me up on twitter via @TribalTom.

No comments: