Thursday, 21 May 2015

Configuring SFTP

To configure SFTP pleass follow the steps, I followed this steps ans configured successfully.
For this step no need to install FTP, just make sure that ssh running.

#Configuring SFTP
---------------------
groupadd ftpaccess
useradd -m kiran -s /sbin/nologin -g ftpaccess
passwd kiran
chown root /home/kiran
chmod 750 /home/kiran
mkdir /home/kiran/www
chown kiran:ftpaccess /home/kiran/www


#comment this line in /etc/ssh/sshd_config

#Subsystem sftp /usr/libexec/openssh/sftp-server

#set the selinux to premessive mode
sestatus
setenforce 0

#copy the below lines in /etc/ssh/sshd_config

PasswordAuthentication yes
ChallengeResponseAuthentication  yes
Subsystem sftp internal-sftp
Match group sftp_users
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /home
ForceCommand internal-sftp

systemctl restart sshd

Access the machine use filezilla or any ftp client.

Tuesday, 3 February 2015

Puppet Server and Client Setup



PupperMaster
--------------
OS: Ubuntu 14.04


wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
dpkg -i puppetlabs-release-trusty.deb
apt-get update
apt-get install puppetmaster-passenger
service apache2 stop

Lock the Version
--------------------
puppet help | tail -n 1
vi /etc/apt/preferences.d/00-puppet.pref

/etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.6*
Pin-Priority: 501
Setup Names and certificates
-----------------------------------
rm -rf /var/lib/puppet/ssl

Configure Certificate
---------------------------
vi /etc/puppet/puppet.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
certname = puppet
dns_alt_names = puppet,puppet.nyc2.example.com
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
Generate New Certificate
--------------------------------
puppet master --verbose --no-daemonize

Notice: Starting Puppet master version 3.6.2,

press CTRL C

puppet cert list -all


Configure puppet master
-------------------------------
 vi /etc/puppet/puppet.conf

Main Manifest file
------------------------
touch /etc/puppet/manifests/site.pp

Start Puppet master
--------------------------
service apache2 service


Ubuntu
----------
Install Puppet Agent
--------------------------
wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
 dpkg -i puppetlabs-release-trusty.deb
apt-get update
apt-get install puppet
vi /etc/default/puppet
START=yes

Lock the Version
-------------------
 vi /etc/apt/preferences.d/00-puppet.pref
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common
Pin: version 3.6*
Pin-Priority: 501
Configure Agent
---------------------
vi /etc/puppet/puppet.conf
[agent]
server = puppet.nyc2.example.com
service puppet start


Sign Request On Master
------------------------
puppet cert list

Here you will see the appropriate client certificate without + sign


Sign a Request

puppet cert sign host1.nyc2.example.com
 puppet cert sign –all

after this step you will see the + sign on the certificate finger print



REVOKE Certificates
---------------------
puppet cert clean hostname
puppet cert list --all



Puppet Client Centos
----------------------------

 rpm -Uvh puppetlabs-release-el-6.noarch.rpm
yum install puppet

vim /et c/puppet/puppet.conf
[agent]
server = bingo

# puppet agent –test
This will generate certificate

Go to puppermaster and then do the following steps
#puppet cert list -a
Here you can see the clinet request

# puppet cert sign “hostname”

Test the result in client