Category Archives: Linux

Install Apache Web server with Ansible

Below is the topology that I have used to install the Apache webserver via Ansible.

This image has an empty alt attribute; its file name is image-460.png

Make sure the Debian server allows Linuxmint to access by using Public key authentication.

On Linuxmint sever.

Create a new tungapache.yaml file

---
- hosts: tunglamp
  become: yes
  vars:
    firstname: "XXX"
    lastname: "YYY"
  tasks:
    - name: Update Debian Server 10 System packages
      become: yes
      apt:  update_cache=yes
    - name: install apache2
      apt: name=apache2 state=latest
    - name: Copy index text page
        template:
          src: "files/index.html.j2"
          dest: "/var/www/html/index.html"

Add Debian server with corresponding IP address information on hosts file.

Go to /etc/ansible directory and create a new files directory.

#pwd /etc/ansible
sudo mkdir files
sudo touch index.html.j2 && sudo nano index.html.j2
<html>
<head>
	<title>{{ firstname}} - {{ lastname }}</title> 
</head>
<body>
	<h1>{{ firstname }} - {{ lastname }}</h1> 
	<h3>Welcome to Tung's Ansbile Test Page</h3>
	<img src="http://imagefromtheinternet.jpg">
</body>
</html>

Run ansible-playbook to install apache webserver on remote Debian Linux server.

ansible-playbook -i /etc/ansible/hosts tungapache.yaml -u root

Check web content on the Debian server.

http://192.168.5.27/index.html

Install Ansible on Linux

The lab below simulates how to check a Linux server with Ansible.

Install Ansible on Linuxmint.

sudo apt install ansible

Set a password root for Linuxmint.

sudo passwd root

Install a new Debian Linux Server to test.

Install sshd service on Linuxmint.

sudo apt install ssh

Modify /etc/hosts.

Create a hosts file under /etc/ansible directory.

Create a new group_vars directory under /etc/ansible.

sudo mkdir group_vars
cd /etc/ansible/group_vars

Create a new tunglamp file.

Try to run a command and it fails.

ansible -m ping all -vvv

We need to setup Public key authentication on LinuxMint.

ssh-keygen -b 4096

Copy the key to the Debian server that you want to access.

ssh-copy-id root@192.168.5.27

Run the command below to make sure you can access to Debian server without a password.

ssh root@192.168.5.27

Check Debian server via Ansible.

ansible -m ping tunglamp
ansible -m shell -a 'free -m' tunglamp
ansible -m shell -s 'ifconfig -a | grep inet' tunglamp

Install Zabbix on Linux server

Zabbix is an open-source monitoring software tool for diverse IT components, including networks, servers, virtual machines (VMs), and cloud services. Zabbix is able to monitor a lot of things, also provides a single pane of glass view of your whole IT infrastructure.

Configure the Zabbix repository.

yum install -y centos-release-scl

Install the Zabbix repository configuration package.

rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm

Install Zabbix Server.

yum install -y zabbix-web-mysql-scl zabbix-apache-conf-scl zabbix-server-mysql zabbix-agent --enablerepo=zabbix-frontend

Change timezone.

vi /etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf
php_value[date.timezone] = America/Vancouver

Install MySQL or MariaDB.

yum install -y mariadb-server mariadb

Start mariadb service.

systemctl start mariadb
systemctl status mariadb

Login to MariaDB and create the database and user for our Zabbix installation.

mysql -u root -p

Create a database with information eblow.

DBName:zabbixdb
DBUser: zabbixuser
DBPassword:123456

MariaDB [(none)]> create database zabbixdb character set utf8 collate utf8_bin;
MariaDB [(none)]> grant all privileges on zabbixdb.* to zabbixuser@localhost identified by '123456';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit

Import initial schema and database. 

cd /usr/share/doc/zabbix-server-mysql*/
zcat create.sql.gz | mysql -u zabbixuser -p zabbixdb

Update Database Configuration

Edit the zabbix_server.conf file.

DBHost=localhost
DBName=zabbixdb
DBUser=zabbixuser
DBPassword=123456

Restart Zabbix service.

systemctl restart zabbix-server zabbix-agent httpd rh-php72-php-fpm

Enable the service to start automatically on system reboot.

systemctl enable zabbix-server zabbix-agent httpd rh-php72-php-fpm

Disable SELinux.

sudo setenforce 0

Allow Zabbix services on Firewall.

firewall-cmd --permanent --add-port=10050/tcp
firewall-cmd --permanent --add-port=10051/tcp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd –reload

Setup Zabbix via a web interface.

http://10.0.0.134/zabbix/

Enter zabbixdb, zabbixuser and password.

Zabbix Dashboard.

Username: Admin (Username is case sensitive.)

Passwordzabbix

Zabbix Dashboard.

Check ports are used on the Zabbix server.
netstat -antp | grep "LISTEN"

Install HTTPS web certificate on the Zabbix web interface.

Install mod security.

yum install mod_ssl -y

Copy web server certificate (used wildcard cert *.linuxlab.local) to Zabbix server.

Edit ssl.conf file.

vi /etc/httpd/conf.d/ssl.conf
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/wildcard.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/certs/wildcard-cert.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SSLCertificateChainFile /etc/pki/CA/certs/ourCA.crt

Restart Apache web service.

systemctl restart httpd
systemctl status httpd

Allow HTTPS on Firewall.

firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Access Zabbix server from Windows machine.

https://zabbix.linuxlab.local/zabbix/

Redirect HTTP to HTTPS on Apache by using .htaccess file.

cd /etc/httpd/conf.modules.d/
cat 00-base.conf | grep rewrite
cd /usr/share/zabbix/
touch .htaccess
vi .htaccess
###---
RewriteEngine On
RewriteCond %{HTTPS}  !=on
#RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/?(.*) https://zabbix.linuxlab.local/$1 [R,L]

Access Zabbix via HTTP. It will redirect the link to HTTPS.

Install Graylog open-source log management on Linux server

Graylog is an open-source log management system. Graylog centrally captures, collects, enhances, stores, and analyzes log data. It is an affordable alternative to Splunk.

Below are a couple of steps to install Graylog on CentOS 7.

Edit interface, change ONBOOT from “no” to “yes”, and restart network service.

Step #1: Update your system and install needed packages.

hostnamectl set-hostname graylog
yum update -y
yum install epel-release
yum install pwgen vim

Step #2: Install JAVA

yum install java-1.8.0-openjdk-headless.x86_64

Check the java version.

java -version

Create a repository file. Then add the content below to this repository. 

vim /etc/yum.repos.d/mongodb-org.repo
--
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc

Install MongoDB

yum install mongodb-org

Enable and start mongoDB service on system.

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl start mongod.service
sudo systemctl --type=service --state=active | grep mongod

Check MongoDB service port.

netstat -antp | grep 27017

Step #4: Installing Elasticsearch

Graylog can be used with Elasticsearch 6x, 7.x, In this lab, I have used version 6x of Elasticsearch.

Install the Elastic GPG key.

rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Create a repository, then add the following contents to the file.

vim /etc/yum.repos.d/elasticsearch.repo 

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Install the open-source version of Elasticsearch.

yum install elasticsearch-oss

Modify the Elasticsearch configuration file. Set the cluster name to graylog and add “action.auto_create_index: false” to the file.

vim /etc/elasticsearch/elasticsearch.yml

Save and exit the file.

Enable, start and check the status of elastic search on the system.

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl --type=service --state=active | grep elasticsearch

Check elastic search health.

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

Step #5: Installing the Graylog

Now install the Graylog repository configuration with the following commands:

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm

Install Graylog-server.

yum install graylog-server

Configure Graylog:

Add “password_secret” and “root_password_sha2” to server.conf file.

Generate password_secret.

pwgen -N 1 -s 96

Generate root_password_sha2.

echo -n foss@dan123 | sha256sum | cut -d” ” -f1

Edit etc/graylog/server/server.conf file.

vim /etc/graylog/server/server.conf

Uncomment the following line.

http_bind_address = 127.0.0.1:9000

and add http_bind_address = 10.0.0.33:9000

Enable and Start service.

systemctl enable graylog-server.service
systemctl start graylog-server.service

Monitor server logs.

tail -f /var/log/graylog-server/server.log

Copy Geo-IP database to Graylog server.

Check log again.

Check Graylog Server listening port.

netstat -antp | grep 9000

Check the port is opened on a remote host.

Allow Graylog service on Firewall.

Access Graylog web interface on another machine.

Create a Ceph cluster on Proxmox cluster

Ceph is an open-source distributed software solution. It is designed to serve block, file, and object workloads for a cluster system. There are a lot of advantages when using Ceph. Ceph supports distributed object storage on multiple cluster nodes, provides redundancy between cluster nodes and is able to scale out cluster storage nodes with Ceph.

Ceph is able to run on commodity hardware without vendor lock-in. Moreover, Ceph is also a unified storage infrastructure that supports storage clusters that may grow or shrink and allows to add and remove hardware while the Ceph cluster is online.

This lab below is used to deploy three Proxmox nodes on the Ceph clsuter.

Add a new second hard drive on Proxmox1, Proxmox2, and Proxmox3 nodes.

Install Ceph cluster on node 1.

Create an OSD on Proxmox node 1, node 2 and node 3.

Create Ceph Pool on Ceph storage.

Create a new Linux VM on Ceph.

Add this machine to the HA Ceph.

Hard turn off the Proxmox node1.

Linux VM has been migrated to Proxmox node2 with a couple of minutes of downtime.

Doing live migration the VM2 on Proxmox node 2 to node 3.

It is interesting to see there is no downtime when doing live migration VM2 on Proxmox node 2 to node 3 in the Ceph cluster.

Install a Proxmox cluster

Below is a lab to create a Proxmox cluster.

Node1: pve01.linuxlab.local – 192.168.5.19

Node2: proxmox02.linuxlab.local – 192.168.5.21

Node3: proxmox03.linuxlab.local – 192.168.5.22

Step #1 Check hostname, date and /etc/hosts 

192.168.5.19 pve01.linuxlab.local pve01
192.168.5.21 pve02.linuxlab.local pve02
192.168.5.22 pve03.linuxlab.local pve03
ping pve01
ping pve02
ping pve03

Creating Cluster via Proxmox GUI interface.

Click on Datacenter | Cluster | Create Cluster

Click on Copy information.

Install a LinuxMint VM on Proxmox node 3.

Install Proxmox on Virtualbox (Nested VT-x)

Proxmox Virtual Environment is an open-source server virtualization management solution based on QEMU/KVM and LXC. It is an affordable virtualization solution for small businesses

Create a new Linux VM on Virtualbox to install Proxmox. Click the link below to download Proxmox VE 7.1 ISO Installer, then mount the iso to the VM to install Proxmox.

https://www.proxmox.com/en/downloads/category/iso-images-pve

To enable “Nested VT-x/AMD-V” function on Proxmox, open a terminal console and type the command below.

VBoxManage -nologo list vms
vboxmanage modifyvm "Virtual machine name of Proxmox" –nested-hw-virt on
vboxmanage modifyvm "proxmox1" --nested-hw-virt on
vboxmanage modifyvm "proxmox2" --nested-hw-virt on
vboxmanage modifyvm "proxmox3" --nested-hw-virt on

After installing Proxmox, open any web browser (such as Firefox on LinuxMint), access Proxmox web management interface (https://IPaddressofProxmox:8006).

Upload source installation such as LinuxMint, Windows OS iso files to install Linux and MS Windows VMs.

Create and install a Linux machine on Proxmox server.

LinuxMint VM can ping google.ca.

Typing keyword in VirtualBox VM is very slow and lag on MacOS Monterey

Below is a workaround solution to fix VirtualBox issue is running in MacOS Monterey.

Open Terminal.

sudo nano /Applications/VirtualBox.app/Contents/Resources/VirtualBoxVM.app/Contents/Info.plist

Changed the following parameter from true to false: <key>NSHighResolutionCapable</key>     <false/>

Saved the file, reopen VirtualBox. We can see typing keyword in Virtualbox VM is faster than before.

Install TP-Link AC600 Archer T2U Plus WiFi USB Adapter In LinuxMint

It is capable to provide 433 Mbps speed on 5GHz with a dual USB adapter by using this adapter.

Install TP-Link AC600 Archer T2U Nano on LinuxMint.

sudo apt install dkms git build-essential libelf-dev linux-headers-$(uname -r)
# Cloning into 'rtl8812au'
git clone https://github.com/aircrack-ng/rtl8812au.git
cd rtl8812au/
sudo make dkms_install

Unplug the TP-Link Archer T2U Plus adapter and plug it in again. The LED will start to blink. Verify the driver has been installed successfully.

sudo dkms status

Then setup your new wireless USB adapter device.

Install OCS Inventory on Linux

OCS stands for Open Computers and Software Inventory Next Generation. This is an open-source assets management and deployment solution.

Below is a couple of steps to install OCS inventory.

Prerequisites

yum install -y epel-release yum-utils vim wget
wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm --no-check-certificate
wget https://rpm.ocsinventory-ng.org/ocsinventory-release-latest.el7.ocs.noarch.rpm --no-check-certificate
yum install -y ocsinventory-release-latest.el7.ocs.noarch.rpm remi-release-7.rpm
yum-config-manager --enable remi && yum-config-manager --enable remi-php73

Create a .repo file so that MariaDB can be installed.

vim /etc/yum.repos.d/MariaDB.repo

Install the whole bunch of applications and extensions that are required to run OCS 

yum install -y httpd MariaDB-client MariaDB-server perl-Archive-Zip perl-Compress-Zlib perl-DBD-MySQL perl-DBI perl-Mojolicious perl-Net-IP perl-Plack perl-SOAP-Lite perl-Switch perl-XML-Entities perl-XML-Simple php php-cli php-common php-curl php-domxml php-gd php-imap php-intl php-ldap php-mbstring php-mcrypt php-mysql php-mysqlnd php-opcache php-pdo php-pear-CAS php-pecl-apcu php-pecl-zip php-simplexml php-soap php-sodium php-xmlrpc php-zip
yum update && yum upgrade

Install OCS Inventory.

yum install -y ocsinventory

Configure the MariaDB database.

systemctl enable mariadb
systemctl start mariadb

Secure MySQL.

mysql_secure_installation

Create a new an ocsweb database and assign permissions for user ocs/ocs.

mysql -u root -p
MariaDB [(none)]> create database ocsweb;
CREATE USER 'ocs'@'localhost' IDENTIFIED BY 'ocs';
GRANT ALL PRIVILEGES ON ocsweb. * TO 'ocs'@'localhost' IDENTIFIED BY 'ocs';
flush privileges;
exit;

Allow HTTP and HTTPS on Firewall.

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd –reload
firewall-cmd --list-services

Configure the MariaDB database.

systemctl enable mariadb && systemctl start mariadb

Setup OCS user/password on OCS configuration/

vim /etc/httpd/conf.d/ocsinventory-server.conf
# Name of database
PerlSetEnv OCS_DB_NAME ocsweb
PerlSetEnv OCS_DB_LOCAL ocsweb
# User allowed to connect to database
PerlSetEnv OCS_DB_USER ocs
# Password for user
PerlSetVar OCS_DB_PWD ocs

Enables and restarts Apache Web Service.

systemctl enable httpd && systemctl start httpd
Check TCP ports are running on the server.
Access OCS Inventory web interface (http://IPaddressofOCS/ocsreports).

Enter user/password is admin/admin to log on.

Rename the “install.php” file in the “OCSReports” directory.

mv /usr/share/ocsinventory-reports/ocsreports/install.php /usr/share/ocsinventory-reports/ocsreports/install.php.bak
+ Install OCS Inventory agent via GPO.

Create a logon script OCSinventory.bat

@echo off
\\dc1.cisalab.local\shared\OCS-Windows-Agent-2.9.0.0_x64\OCS-Windows-Agent-Setup-x64.exe /S /SERVER=http://10.0.0.13/ocsinventory

Create a new GPO and link the script to the domain level.

Restart Windows 10 domain-joined machine.

OCS inventory agent has been automatically installed on this machine.

Check TCP connection from Windows 10 machine to OCS Inventory server.

Get-NetTcpConnection -RemoteAddress 10.0.0.13