Configuring SFTP

To configure SFTP pleass follow the steps, I followed this steps ans configured successfully.
For this step no need to install FTP, just make sure that ssh running.

#Configuring SFTP
---------------------
groupadd ftpaccess
useradd -m kiran -s /sbin/nologin -g ftpaccess
passwd kiran
chown root /home/kiran
chmod 750 /home/kiran
mkdir /home/kiran/www
chown kiran:ftpaccess /home/kiran/www


#comment this line in /etc/ssh/sshd_config

#Subsystem sftp /usr/libexec/openssh/sftp-server

#set the selinux to premessive mode
sestatus
setenforce 0

#copy the below lines in /etc/ssh/sshd_config

PasswordAuthentication yes
ChallengeResponseAuthentication  yes
Subsystem sftp internal-sftp
Match group sftp_users
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /home
ForceCommand internal-sftp

systemctl restart sshd

Access the machine use filezilla or any ftp client.

Openstack juno script installation

https://github.com/kuvvarapu/openstack_juno_install

Twiki Installation

Puppet Server and Client Setup

PupperMaster

--------------

OS: Ubuntu 14.04

wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb

dpkg -i puppetlabs-release-trusty.deb

apt-get update

apt-get install puppetmaster-passenger

service apache2 stop

Lock the Version

--------------------

puppet help | tail -n 1

vi /etc/apt/preferences.d/00-puppet.pref

/etc/apt/preferences.d/00-puppet.pref

Package: puppet puppet-common puppetmaster-passenger

Pin: version 3.6*

Pin-Priority: 501

Setup Names and certificates

-----------------------------------

rm -rf /var/lib/puppet/ssl

Configure Certificate

---------------------------

vi /etc/puppet/puppet.conf

[main]

logdir=/var/log/puppet

vardir=/var/lib/puppet

ssldir=/var/lib/puppet/ssl

rundir=/var/run/puppet

factpath=$vardir/lib/facter

templatedir=$confdir/templates

certname = puppet

dns_alt_names = puppet,puppet.nyc2.example.com

[master]

# These are needed when the puppetmaster is run by passenger

# and can safely be removed if webrick is used.

ssl_client_header = SSL_CLIENT_S_DN

ssl_client_verify_header = SSL_CLIENT_VERIFY

Generate New Certificate

--------------------------------

puppet master --verbose --no-daemonize

Notice: Starting Puppet master version 3.6.2,

press CTRL C

puppet cert list -all

Configure puppet master

-------------------------------

 vi /etc/puppet/puppet.conf

Main Manifest file

------------------------

touch /etc/puppet/manifests/site.pp

Start Puppet master

--------------------------

service apache2 service

Ubuntu

----------

Install Puppet Agent

--------------------------

wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb

 dpkg -i puppetlabs-release-trusty.deb

apt-get update

apt-get install puppet

vi /etc/default/puppet

START=yes

Lock the Version

-------------------

 vi /etc/apt/preferences.d/00-puppet.pref

# /etc/apt/preferences.d/00-puppet.pref

Package: puppet puppet-common

Pin: version 3.6*

Pin-Priority: 501

Configure Agent

---------------------

vi /etc/puppet/puppet.conf

[agent]

server = puppet.nyc2.example.com

service puppet start

Sign Request On Master

------------------------

puppet cert list

Here you will see the appropriate client certificate without + sign

Sign a Request

puppet cert sign host1.nyc2.example.com

 puppet cert sign –all

after this step you will see the + sign on the certificate finger print

REVOKE Certificates

---------------------

puppet cert clean hostname

puppet cert list --all

Puppet Client Centos

----------------------------

 wget http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm

 rpm -Uvh puppetlabs-release-el-6.noarch.rpm

yum install puppet

vim /et c/puppet/puppet.conf

[agent]

server = bingo

# puppet agent –test

This will generate certificate

Go to puppermaster and then do the following steps

#puppet cert list -a

Here you can see the clinet request

# puppet cert sign “hostname”

Test the result in client

Openstack

                                      OpenStack Practical Experience

Installation on a SingleMachine

H/w Requirements:

Two Nic's

AMD/VT Enabled

S/w Requirements:

Ubuntu

Mysql

Installation Procedure:

Installing Controller and compute in One Machine

Prerequisite Installation

NTP :

#apt-get install ntp

used for syncronize the time between clients

Mysql:

    #apt-get install python-mysqldb mysql-server

Edit mysql configuration file /etc/mysql/my.cnf and set the bind address

[myqsqld]

bind-address = 10.10.10.10

    #service mysql restart (to update changes)

Secure Installation of mysql (Removing unnecesary users and db's)

   #mysql_secure_installation

If above fails use the below caommand

   #mysql_install_db

 

OpenStack Packages installation Environment Setup

Adding openstack repository from source

   #apt-get install python-software-properties

   #add-apt-repository cloud-archive:havana

Update the Package Database

   #apt-get update && apt-get dist-upgrade

   #init 6 (restart the server)

Messaging Server (Rabbitmq Server)

This server depends on AMQP protocol used for communication

     #apt-get install rabbitmq-server

default account and password of the rabbitmq server is guest guest

To Change default password of rabbitmq server

    #rabbitmqctl newpassword guest oldpassword

Now you are ready to install openstack packages

Installing Keystone( Identity Service)

Usage: Authentication & User management

    #apt-get install keystone

Configure the keystone to work with mysql database

   #vim /etc/keystone/keystone.conf

[sql]

connection = mysql://keystone:password@10.10.10.10/dbname

ex: connection = mysql://keystone:hacker@10.10.10.10/keystone

By defaullt the keystone installation comes with SQLite db ,Remove it.

    #rm -rf /var/lib/keystone

Create a keystone database in mysql

   #mysql -u root -p

mysql> CREATE DATABASE keystone;

mysql> GRANT ALL PRIVILEGES ON keystone.* TO \ 'keystone'@'10.10.10.10' IDENTIFIED BY 'hacker';

mysql> GRANT ALL PRIVILEGES ON keystone.* TO \ 'keystone'@'% IDENTIFIED BY 'hacker';

Making the keystone to sync with mysql and create tables automatical

    #keystone-manage db_sync

Verification:

1. Login to mysql with keystone user and password and check whether tables are created or not.

2.service keystone restart

Create USERS, TENANTS, ROLES

Users:

Tenants:

Roles:

To be Continued.......

SVN as a Backup Solution

                 SVN as a Backup Solution

Installing and Configuring Keepalived for failover

OS	Centos Final 6.4
Requirements	·         Gcc kernel-headers kernel-devel ·         Keepalived package
Procedure: ·         # yum install gcc kernel-headers kernel-devel ·         #yum install keepalived  Go to  configuration file First machine 192.168.32.130  #vim /etc/keepalived/keepalived.conf       Vrrp_instance VI_1 {        Interface eth1       State MASTER       Virtual_router_id  10       Priority 101       Virtual_ipaddress {             192.168.32.129} } On another machine 192.168.32.131 Vrrp_instance VI_1{            Interface eth1           Stare BACKUP           Virtual_router_id 10           Priority 100           Virtual_ipaddress{             192.168.32.129 } } Start keepalived # /etc/init.d/keepalived start # chkconfig keepalived on Checking #ip addr show eth1

Important:  

         #echo  “1” > /proc/sys/net/ipv4/ip_forwarding

For kernel routing