Thursday, 21 May 2015

Configuring SFTP

To configure SFTP pleass follow the steps, I followed this steps ans configured successfully.
For this step no need to install FTP, just make sure that ssh running.

#Configuring SFTP
groupadd ftpaccess
useradd -m kiran -s /sbin/nologin -g ftpaccess
passwd kiran
chown root /home/kiran
chmod 750 /home/kiran
mkdir /home/kiran/www
chown kiran:ftpaccess /home/kiran/www

#comment this line in /etc/ssh/sshd_config

#Subsystem sftp /usr/libexec/openssh/sftp-server

#set the selinux to premessive mode
setenforce 0

#copy the below lines in /etc/ssh/sshd_config

PasswordAuthentication yes
ChallengeResponseAuthentication  yes
Subsystem sftp internal-sftp
Match group sftp_users
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /home
ForceCommand internal-sftp

systemctl restart sshd

Access the machine use filezilla or any ftp client.

Tuesday, 3 February 2015

Puppet Server and Client Setup

OS: Ubuntu 14.04

dpkg -i puppetlabs-release-trusty.deb
apt-get update
apt-get install puppetmaster-passenger
service apache2 stop

Lock the Version
puppet help | tail -n 1
vi /etc/apt/preferences.d/00-puppet.pref

Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.6*
Pin-Priority: 501
Setup Names and certificates
rm -rf /var/lib/puppet/ssl

Configure Certificate
vi /etc/puppet/puppet.conf
certname = puppet
dns_alt_names = puppet,
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
Generate New Certificate
puppet master --verbose --no-daemonize

Notice: Starting Puppet master version 3.6.2,

press CTRL C

puppet cert list -all

Configure puppet master
 vi /etc/puppet/puppet.conf

Main Manifest file
touch /etc/puppet/manifests/site.pp

Start Puppet master
service apache2 service

Install Puppet Agent
 dpkg -i puppetlabs-release-trusty.deb
apt-get update
apt-get install puppet
vi /etc/default/puppet

Lock the Version
 vi /etc/apt/preferences.d/00-puppet.pref
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common
Pin: version 3.6*
Pin-Priority: 501
Configure Agent
vi /etc/puppet/puppet.conf
server =
service puppet start

Sign Request On Master
puppet cert list

Here you will see the appropriate client certificate without + sign

Sign a Request

puppet cert sign
 puppet cert sign –all

after this step you will see the + sign on the certificate finger print

REVOKE Certificates
puppet cert clean hostname
puppet cert list --all

Puppet Client Centos

 rpm -Uvh puppetlabs-release-el-6.noarch.rpm
yum install puppet

vim /et c/puppet/puppet.conf
server = bingo

# puppet agent –test
This will generate certificate

Go to puppermaster and then do the following steps
#puppet cert list -a
Here you can see the clinet request

# puppet cert sign “hostname”

Test the result in client

Thursday, 3 April 2014


                                      OpenStack Practical Experience

Installation on a SingleMachine

H/w Requirements:
Two Nic's
AMD/VT Enabled
S/w Requirements:

Installation Procedure:
Installing Controller and compute in One Machine

Prerequisite Installation
#apt-get install ntp
used for syncronize the time between clients

    #apt-get install python-mysqldb mysql-server
Edit mysql configuration file /etc/mysql/my.cnf and set the bind address
bind-address =
    #service mysql restart (to update changes)
Secure Installation of mysql (Removing unnecesary users and db's)
If above fails use the below caommand
OpenStack Packages installation Environment Setup
Adding openstack repository from source
   #apt-get install python-software-properties
   #add-apt-repository cloud-archive:havana
Update the Package Database
   #apt-get update && apt-get dist-upgrade
   #init 6 (restart the server)

Messaging Server (Rabbitmq Server)
This server depends on AMQP protocol used for communication
     #apt-get install rabbitmq-server
default account and password of the rabbitmq server is guest guest
To Change default password of rabbitmq server
    #rabbitmqctl newpassword guest oldpassword
Now you are ready to install openstack packages

Installing Keystone( Identity Service)
Usage: Authentication & User management
    #apt-get install keystone
Configure the keystone to work with mysql database
   #vim /etc/keystone/keystone.conf

connection = mysql://keystone:password@
ex: connection = mysql://keystone:hacker@
By defaullt the keystone installation comes with SQLite db ,Remove it.
    #rm -rf /var/lib/keystone
Create a keystone database in mysql
   #mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO \ 'keystone'@'' IDENTIFIED BY 'hacker';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO \ 'keystone'@'% IDENTIFIED BY 'hacker';
Making the keystone to sync with mysql and create tables automatical
    #keystone-manage db_sync

1. Login to mysql with keystone user and password and check whether tables are created or not.
2.service keystone restart

To be Continued.......

Thursday, 20 March 2014

Tuesday, 31 December 2013

Installing and Configuring Keepalived for failover

Centos Final 6.4
·         Gcc kernel-headers kernel-devel
·         Keepalived package

·         # yum install gcc kernel-headers kernel-devel
·         #yum install keepalived

 Go to  configuration file
First machine

 #vim /etc/keepalived/keepalived.conf

      Vrrp_instance VI_1 {
       Interface eth1
      State MASTER
      Virtual_router_id  10
      Priority 101
      Virtual_ipaddress {

On another machine

Vrrp_instance VI_1{
           Interface eth1
          Stare BACKUP
          Virtual_router_id 10
          Priority 100

Start keepalived
# /etc/init.d/keepalived start
# chkconfig keepalived on

#ip addr show eth1


         #echo  “1” > /proc/sys/net/ipv4/ip_forwarding

For kernel routing