Ceph is an open-source distributed software solution. It is designed to serve block, file, and object workloads for a cluster system. There are a lot of advantages when using Ceph. Ceph supports distributed object storage on multiple cluster nodes, provides redundancy between cluster nodes and is able to scale out cluster storage nodes with Ceph.

Ceph is able to run on commodity hardware without vendor lock-in. Moreover, Ceph is also a unified storage infrastructure that supports storage clusters that may grow or shrink and allows to add and remove hardware while the Ceph cluster is online.

This lab below is used to deploy three Proxmox nodes on the Ceph clsuter.

Add a new second hard drive on Proxmox1, Proxmox2, and Proxmox3 nodes.

Install Ceph cluster on node 1.

Create an OSD on Proxmox node 1, node 2 and node 3.

Create Ceph Pool on Ceph storage.

Create a new Linux VM on Ceph.

Add this machine to the HA Ceph.

Hard turn off the Proxmox node1.

Linux VM has been migrated to Proxmox node2 with a couple of minutes of downtime.

Doing live migration the VM2 on Proxmox node 2 to node 3.

It is interesting to see there is no downtime when doing live migration VM2 on Proxmox node 2 to node 3 in the Ceph cluster.

Below is a lab to create a Proxmox cluster.

Node1: pve01.linuxlab.local – 192.168.5.19

Node2: proxmox02.linuxlab.local – 192.168.5.21

Node3: proxmox03.linuxlab.local – 192.168.5.22

Step #1 Check hostname, date and /etc/hosts

192.168.5.19 pve01.linuxlab.local pve01
192.168.5.21 pve02.linuxlab.local pve02
192.168.5.22 pve03.linuxlab.local pve03

ping pve01
ping pve02
ping pve03

Creating Cluster via Proxmox GUI interface.

Click on Datacenter | Cluster | Create Cluster

Click on Copy information.

Install a LinuxMint VM on Proxmox node 3.

Proxmox Virtual Environment is an open-source server virtualization management solution based on QEMU/KVM and LXC. It is an affordable virtualization solution for small businesses

Create a new Linux VM on Virtualbox to install Proxmox. Click the link below to download Proxmox VE 7.1 ISO Installer, then mount the iso to the VM to install Proxmox.

https://www.proxmox.com/en/downloads/category/iso-images-pve

To enable “Nested VT-x/AMD-V” function on Proxmox, open a terminal console and type the command below.

VBoxManage -nologo list vms
vboxmanage modifyvm "Virtual machine name of Proxmox" –nested-hw-virt on
vboxmanage modifyvm "proxmox1" --nested-hw-virt on
vboxmanage modifyvm "proxmox2" --nested-hw-virt on
vboxmanage modifyvm "proxmox3" --nested-hw-virt on

After installing Proxmox, open any web browser (such as Firefox on LinuxMint), access Proxmox web management interface (https://IPaddressofProxmox:8006).

Upload source installation such as LinuxMint, Windows OS iso files to install Linux and MS Windows VMs.

Create and install a Linux machine on Proxmox server.

LinuxMint VM can ping google.ca.

Below is a workaround solution to fix VirtualBox issue is running in MacOS Monterey.

Open Terminal.

sudo nano /Applications/VirtualBox.app/Contents/Resources/VirtualBoxVM.app/Contents/Info.plist 

Changed the following parameter from true to false: <key>NSHighResolutionCapable</key>     <false/>

Saved the file, reopen VirtualBox. We can see typing keyword in Virtualbox VM is faster than before.

It is capable to provide 433 Mbps speed on 5GHz with a dual USB adapter by using this adapter.

Install TP-Link AC600 Archer T2U Nano on LinuxMint.

sudo apt install dkms git build-essential libelf-dev linux-headers-$(uname -r)
# Cloning into 'rtl8812au'
git clone https://github.com/aircrack-ng/rtl8812au.git
cd rtl8812au/
sudo make dkms_install

Unplug the TP-Link Archer T2U Plus adapter and plug it in again. The LED will start to blink. Verify the driver has been installed successfully.

sudo dkms status

Then setup your new wireless USB adapter device.

OCS stands for Open Computers and Software Inventory Next Generation. This is an open-source assets management and deployment solution.

Below is a couple of steps to install OCS inventory.

Prerequisites

yum install -y epel-release yum-utils vim wget

wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm --no-check-certificate

wget https://rpm.ocsinventory-ng.org/ocsinventory-release-latest.el7.ocs.noarch.rpm --no-check-certificate

yum install -y ocsinventory-release-latest.el7.ocs.noarch.rpm remi-release-7.rpm

yum-config-manager --enable remi && yum-config-manager --enable remi-php73

Create a .repo file so that MariaDB can be installed.

vim /etc/yum.repos.d/MariaDB.repo

Install the whole bunch of applications and extensions that are required to run OCS

yum install -y httpd MariaDB-client MariaDB-server perl-Archive-Zip perl-Compress-Zlib perl-DBD-MySQL perl-DBI perl-Mojolicious perl-Net-IP perl-Plack perl-SOAP-Lite perl-Switch perl-XML-Entities perl-XML-Simple php php-cli php-common php-curl php-domxml php-gd php-imap php-intl php-ldap php-mbstring php-mcrypt php-mysql php-mysqlnd php-opcache php-pdo php-pear-CAS php-pecl-apcu php-pecl-zip php-simplexml php-soap php-sodium php-xmlrpc php-zip

yum update && yum upgrade

Install OCS Inventory.

yum install -y ocsinventory

Configure the MariaDB database.

systemctl enable mariadb
systemctl start mariadb

Secure MySQL.

mysql_secure_installation

Create a new an ocsweb database and assign permissions for user ocs/ocs.

mysql -u root -p
MariaDB [(none)]> create database ocsweb;
CREATE USER 'ocs'@'localhost' IDENTIFIED BY 'ocs';
GRANT ALL PRIVILEGES ON ocsweb. * TO 'ocs'@'localhost' IDENTIFIED BY 'ocs';
flush privileges;
exit;

Allow HTTP and HTTPS on Firewall.

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd –reload
firewall-cmd --list-services

Configure the MariaDB database.

systemctl enable mariadb && systemctl start mariadb

Setup OCS user/password on OCS configuration/

vim /etc/httpd/conf.d/ocsinventory-server.conf

# Name of database
PerlSetEnv OCS_DB_NAME ocsweb
PerlSetEnv OCS_DB_LOCAL ocsweb
# User allowed to connect to database
PerlSetEnv OCS_DB_USER ocs
# Password for user
PerlSetVar OCS_DB_PWD ocs

Enables and restarts Apache Web Service.

systemctl enable httpd && systemctl start httpd

Enter user/password is admin/admin to log on.

Rename the “install.php” file in the “OCSReports” directory.

mv /usr/share/ocsinventory-reports/ocsreports/install.php /usr/share/ocsinventory-reports/ocsreports/install.php.bak

Create a logon script OCSinventory.bat

@echo off
\\dc1.cisalab.local\shared\OCS-Windows-Agent-2.9.0.0_x64\OCS-Windows-Agent-Setup-x64.exe /S /SERVER=http://10.0.0.13/ocsinventory

Create a new GPO and link the script to the domain level.

Restart Windows 10 domain-joined machine.

OCS inventory agent has been automatically installed on this machine.

Check TCP connection from Windows 10 machine to OCS Inventory server.

Get-NetTcpConnection -RemoteAddress 10.0.0.13

Create a CentOS 7 VPS.

Update your system & disable SELinux

Start the installation by updating system packages to the latest release.

#sudo yum -y update

Next, disable SELinux in CentOS

edit /etc/selinux/config file and run a command setenforce 0 to disable SELinux in CentOS.

Reboot Linux VPS server.

Add the OpenProject Repository

Next is to add OpenProject Repository by executing the below commands in your terminal.

# sudo yum -y install wget # sudo wget -O /etc/yum.repos.d/openproject.repo https://dl.packager.io/srv/opf/openproject/dev/installer/el/7.repo

Install OpenProject on CentOS 7

Run the commands below to install OpenProject on CentOS 7 # sudo yum -y install openproject

Run the command below to configure OpenProject

#sudo openproject configure Select “Install a new PostgreSQL server and database locally”

Select “Install Apache2 server”

Choose Sendmail application as the default send email service on CentOS.

Enter admin email to be used for access and notifications.

Choose to install Memcache server.

The installation was failed because the issue below

Run the command below to generate a self-signed certificate for OpenProject. # sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/certs/openproject.cisa2380.tk.key -out /etc/ssl/certs/openproject.cisa2380.tk.crt

# mkdir /etc/ssl/private/

# cp /etc/ssl/certs/openproject.cisa2380.tk.key /etc/ssl/private/

Run the command below to complete the installation

#sudo openproject reconfigure

Allow port 80 and 443 on the CentOS firewall.

After finishing OpenProject installation, log into OpenProject with default user/password is admin/admin.

Install certbot on OpenProject.

Restart Apache web service.

# cat /etc/httpd/conf.d/openproject.conf

Log into the OpenProject and see the interface will be redirected to HTTPS.

This tutorial describes how to install Zimbra Collaboration Suite Open Source Edition on a CentOS/RHEL 7 VPS server.

Step 1: Create both A and MX records for Zimbra Mail Server. Create both A and MX records on the VPS to point to your Zimbra mail server

Step 2: Install System Packages for Zimbra

Login as a root account to install the following packages below:

# yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so.6

Next, disable SELinux in CentOS. Edit /etc/selinux/config file and run a command setenforce 0 to disable SELinux in CentOS

Install wget package:

# yum install wget

Set hostname on Zimbra host. # hostnamectl set-hostname mail

Disable unwanted services. Postfix mail service has already been installed and run on CentOS. We need to disable and remove the postfix service before installing Zimbra.

# systemctl stop postfix

# systemctl disable postfix

# yum remove postfix

Step 3: Install Zimbra Collaboration Suite Open Source Edition # wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.RHEL7_64.20190918004220.tgz

After the download completes, use unzip command to extract the archive

# tar xfz zcs-8.8.15_GA_3953.RHEL8_64.20200629025823.tgz

# cd zcs-8.8.15_GA_3953.RHEL8_64.20200629025823/ # ls

Run the command install.sh to install Zimbra. After a series of system checks, click y in continue installation

# ./install.sh

Next, the installation process will prompt a couple of questions that we need to choose to configure Zimbra properly.

Finally, it will start the Zimbra installation process. The system will be modified.  Continue? [N] y

Allow Zimbra services on Linux Firewall.

Step 4: Zimba Initial Configuration. After the installation finishes, access the Zimbra administration page via a link https://mail.cisa2380.tk:7071 or https://172.105.5.143:7071

Step 5: Create 500 Zimbra test users:

#su – zimbra

$cd /opt/mail/backup

$touch usercreation.sh

$nano usercreation.sh

[zimbra@mail backup]$ more usercreation.sh

#!/bin/bash

# Generate user list

#cd /var/tmp

x=1

while [ $x -lt 501 ] do

echo “ca demo$x@cisa2380.tk ‘@zimbra@password’ cn ‘Demo User${x}’ givenName ‘Demo’ zimbraPrefFromDisplay ‘Demo User${x}'” >> userlist.zmp

x=`expr $x + 1` done

# run the script ./usercreation.sh

Next, use the command below to create 500 Zimbra users from the userlist.zmp file $zmprov -f userlist.zmp

List down all Zimbra accounts with zmprov command $zmprov -l gaa

Checking on Zimbra Administration.

Step 6: Evaluate Zimbra performance by simulating concurrent Zimbra user’s login.

—-

[root@li1978-114 tmp]# cat usersimulate.sh

#!/bin/bash

# Simulate user login

# x start from 1 and end with 500

#x=1

for x in {1..500}

do

    curl -v -k ‘https://mail.cisa2380.tk/’ -H ‘Cookie: ZM_TEST=true’ –data ‘loginOp=login&username=demo$x@cisa2380.tk&password=@zimbrapassword’

    sleep 1s done

—-

Jitsi is a true open-source solution for video conferencing. Integrating with Zimbra Collaboration Suite, we have a feasible open-source collaboration solution that has been installed on Linux VPS servers.

Step 1 — Setting the System Hostname Creates jitsi and auth hostname records on an external DNS server as screenshots below

Change hostname of the machine to jitsi.cisa2380.tk.

#sudo hostnamectl set-hostname jitsi.cisa2380.tk

Ping the hostname to check it is reachable.

Step 2 — Configuring the Firewall

Allow some ports below for Jitsi services on Ubuntu Linux Firewall.

Port 80 : uses in the TLS certificate request.

Port 443: uses for the conference room creation web page.

Port 4443/tcp 10000/udp: uses to transmit and receive the encrypted call traffic.

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp

sudo ufw allow 4443/tcpsudo ufw allow 10000/udp

Step 3 — Installing Jitsi Meet

First, download the Jitsi GPG key with the wget downloading utility:

#wget https://download.jitsi.org/jitsi-key.gpg.key

#sudo nano /etc/apt/sources.list.d/jitsi-stable.list to add this line below to the file for the Jitsi repository:deb https://download.jitsi.org stable/

Finally, perform a system update to collect the package list from the Jitsi repository #sudo apt update

Install Jitsi meet with the command below.

#sudo apt install jitsi-meet

Enter the domain name for your Jitsi Meet instance.

Select the option below to create and use a self-signed TLS certificate for Jitsi system.

Step 4 — Obtaining a Signed TLS Certificate

#sudo apt install certbot

#sudo apt install certbot

Step 5 — Locking Conference Creation

Allow registered users to create conference rooms by changing the information as the file below

#sudo nano /etc/prosody/conf.avail/your_domain.cfg.lua

Change authentication = “anonymous” to authentication = “internal_plain”

Then, add to the end of the file:

VirtualHost “guest.jitsi.your_domain”

    authentication = “anonymous”     c2s_require_encryption = false

Next, edit the file /etc/jitsi/meet/jitsi.your_domain-config.js 

#sudo nano /etc/jitsi/meet/jitsi.your_domain-config.js

Change this line:

// anonymousdomain: ‘guest.jitsi.your_domain’,

To: anonymousdomain: ‘guest.jitsi.your_domain’,

Open /etc/jitsi/jicofo/sip-communicator.properties:

#sudo nano /etc/jitsi/jicofo/sip-communicator.properties

Add the line below to the end of the file. org.jitsi.jicofo.auth.URL=XMPP:jitsi.your_domain

Now, Jitsi Meet is configured to require authenticated users for video conferencing.

Use the prosodyctl utility to create user and password for Jitsi users.

#sudo prosodyctl register user your_domain password

Finally, restart the Jitsi Meet services.

sudo systemctl restart prosody.service

sudo systemctl restart jicofo.service sudo systemctl restart jitsi-videobridge2.service

The Jitsi server has been installed and securely configured.