The Definitive Guide to CentOS - Peter Membrey, Tim Verhoeven, Ralph Angenendt

Page created by Glen Warner
 
CONTINUE READING
The Definitive Guide
to CentOS

Peter Membrey, Tim Verhoeven,
Ralph Angenendt
The Definitive Guide to CentOS
Copyright © 2009 by Peter Membrey, Tim Verhoeven, Ralph Angenendt
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage or retrieval
system, without the prior written permission of the copyright owner and the publisher.
ISBN-13 (pbk): 978-1-4302-1930-9
ISBN-13 (electronic): 978-1-4302-1931-6
Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1
Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence
of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark
owner, with no intention of infringement of the trademark.
Lead Editor: Michelle Lowman
Technical Reviewers: Bert de Bruijn, Karanbir Singh
Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Tony Campbell,
   Gary Cornell, Jonathan Gennick, Michelle Lowman, Matthew Moodie, Jeffrey Pepper,
   Frank Pohlmann, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh
Project Manager: Beth Christmas
Copy Editor: Kim Wimpsett
Associate Production Director: Kari Brooks-Copony
Production Editor: Candace English
Compositor: Lynn L’Heureux
Proofreader: April Eddy
Indexer: BIM Indexing & Proofreading Services
Artist: April Milne
Cover Designer: Kurt Krames
Manufacturing Director: Tom Debolski
Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor,
New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail kn`ano)ju
For my dear wife Sarah and xiaobao (little baby): without your unwavering support,
                      none of this would have been possible.
                                 —Peter Membrey
Contents at a Glance

Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Part 1 N N N Getting Started with CentOS
  CHAPTER 1                     Introducing CentOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
  CHAPTER 2                     Installing CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
  CHAPTER 3                     Getting Started with CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
  CHAPTER 4                     Using Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

Part 2 N N N Going into Production
  CHAPTER 5                     Using Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
  CHAPTER 6                     Setting Up Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
  CHAPTER 7                     Understanding DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
  CHAPTER 8                     Setting Up DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
  CHAPTER 9                     Sharing Files with Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
  CHAPTER 10                    Setting Up Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Part 3 N N N Enterprise Features
  CHAPTER 11                    Using Core Builds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
  CHAPTER 12                    Using High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
  CHAPTER 13                    Monitoring Your Network Using Nagios . . . . . . . . . . . . . . . . . . . . . . . . . 299

  INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

                                                                                                                                                             v
Contents

Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

Part 1 N N N Getting Started with CentOS
  CHAPTER 1                     Introducing CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
                                What Is Enterprise Linux?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
                                     Extended Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
                                     Low-Risk Security Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
                                     ABI/API Stability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
                                     Regular Updates and Bug Fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
                                     Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
                                     Summary of Enterprise Linux’s Benefits . . . . . . . . . . . . . . . . . . . . . . . . 7
                                What Is CentOS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
                                How to Read This Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

  CHAPTER 2                     Installing CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
                                Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
                                Getting CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
                                      Checking the Checksums . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
                                      Burning the ISOs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
                                Performing a Super-Quick CentOS Install . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

                                                                                                                                                             vii
viii   NCO NTENT S

                     Setting Other Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
                           Securely Erasing Your Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
                           Creating a Custom Partition Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
                           Using Software RAID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
                           Setting IP Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
                     Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

        CHAPTER 3    Getting Started with CentOS                                   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

                     CentOS Filesystem Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
                           Relative and Absolute Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
                           Filesystem Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
                           / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
                           /root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
                           /etc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
                           /proc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
                           /var . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
                           /boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
                           /bin and /sbin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
                           /dev. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
                           /home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
                           /lib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
                           /lost+found . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
                           /media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
                           /mnt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
                           /usr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
                           /opt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
                           /srv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
                           /sys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
                           /tmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
                           Getting Your Hands on a Command Prompt . . . . . . . . . . . . . . . . . . . . 51
                     Getting an SSH Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
                     Using SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
NC O N T E N T S   ix

            You’re Logged In; Now What? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
            First, the Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
            Important Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
                   pwd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
                   ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
                   mkdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
                   cd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
                   rmdir. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
                   rm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
                   touch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
                   nano . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
                   cat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
            Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

CHAPTER 4   Using Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
            What Are RPMs? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
            What Are Yum Repositories? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
            CentOS Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
                  Official CentOS Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
                  Third-Party Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
            Getting Started with Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
                  Updating Your Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
                  Installing a Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
                  Installing a Group of Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
                  Searching for Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
            Adding a Custom Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
                  Setting It Up with RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
                  How to Do It Without an RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
            Yumex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
            Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
x   NCO NTENT S

    Part 2 N N N Going into Production
     CHAPTER 5    Using Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
                  How Does the Server Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
                        A Brief Introduction to SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
                  Why Run Your Own Server? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
                        What It Involves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
                        When to Let Someone Else Do It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
                        What Is a Virtual Private Server (VPS)?. . . . . . . . . . . . . . . . . . . . . . . . . 83
                        Picking a Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
                  Installing Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
                        Configuring the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
                        Making Sure Apache Starts Each Time the Server Reboots . . . . . . . 88
                        Starting Up and Testing Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
                  Configuring Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
                        Where Is Everything? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
                        Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
                        Configuring ServerAdmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
                        Configuring ServerName. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
                        Saving the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
                        Testing Your New Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . 94
                        Restarting Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
                  .htaccess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
                        Enabling .htaccess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
                        How to Password Protect a Directory . . . . . . . . . . . . . . . . . . . . . . . . . . 95
                        Configuring Password Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
                        Creating User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
                  Improving Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
                        Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
                        Enabling Compression in Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
                        Why You Don’t Compress Everything . . . . . . . . . . . . . . . . . . . . . . . . . . 98
                  Improving Server Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
                        Things to Watch Out For . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
                        Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
NC O N T E N T S   xi

            Setting Up Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
                  Getting Started with Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
                  Creating Your First Virtual Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
                  Using vhosts.d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
            Using SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
                  Installing mod_ssl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
            Getting Your Shiny New Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
                  Signing Your Own Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
                  What to Do with an Intermediary Certificate . . . . . . . . . . . . . . . . . . . 109
                  Putting Your New Certificate to Work . . . . . . . . . . . . . . . . . . . . . . . . . 109
                  Removing the Password Protection from the Key . . . . . . . . . . . . . . 110
            Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

CHAPTER 6   Setting Up Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
            How Do Mail Servers Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
                  Why Run Your Own Mail Server?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
                  Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
                  When Not to Run Your Own Mail Server. . . . . . . . . . . . . . . . . . . . . . . 117
                  Which Mail Server to Choose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
            Installing the Mail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
                  Configuring the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
                  Making Sure Postfix Starts During Boot . . . . . . . . . . . . . . . . . . . . . . . 121
            Configuring Postfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
                  Configuring Your System to Send Mail . . . . . . . . . . . . . . . . . . . . . . . . 124
                  Configuring Your System to Receive Mail . . . . . . . . . . . . . . . . . . . . . 132
                  Setting Up Users to Receive Mails . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
                  Taking a Few Antispam Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
                  Receiving Mails for Several Domains . . . . . . . . . . . . . . . . . . . . . . . . . 137
            Authenticating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
                  Encrypted Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
                  Usernames, Passwords, and Such . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
            Retrieving Mails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
                  Configuring Your Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
                  Configuring Dovecot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
            Using Webmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
            Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
xii   NCO NTENT S

       CHAPTER 7    Understanding DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
                    What Is DNS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
                          DNS Was Born . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
                          The WHOIS System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
                          The Root DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
                          The Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
                          The Hosts File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
                          nsswitch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
                    NSCD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
                    What Is BIND?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
                          Primary and Secondary Name Servers. . . . . . . . . . . . . . . . . . . . . . . . 164
                          Installing BIND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
                    Setting Up a Caching Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
                          Making DNS Available to Other Machines . . . . . . . . . . . . . . . . . . . . . 168
                          Configuring BIND to Host Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
                          A Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
                          CNAME Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
                          MX Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
                          NS Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
                          Quick Round-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
                    Creating a Master Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
                    Creating a Slave Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
                    Allowing Zone Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
                    Gotchas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
                          Forgetting to Increment the Serial Number . . . . . . . . . . . . . . . . . . . . 179
                          Forgetting the Dot in the Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
                    Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

       CHAPTER 8    Setting Up DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
                    How Does DHCP Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
                    DHCP and CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
                    Installing DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
                          Configuring the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
NC O N T E N T S   xiii

             Configuring DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
                  A Minimal Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
                  Extended Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
                  Defining Static IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
                  Grouping Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
                  Shared Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
                  Relaying DHCP Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
             PXE Booting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
                  Configuring dhcpd for PXE Boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
             DHCP Integration with DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
             Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

CHAPTER 9    Sharing Files with Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
             Windows Networking Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
                   The Basic Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
                   Workgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
                   Windows Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
                   Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
             Samba and CentOS Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
             Preparing to Set Up Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
             Installing Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
             Configuring Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
                   Example Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
                   Minimal Stand-Alone Samba Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 209
                   Shares and Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
                   Extended Stand-Alone Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
                   Samba As a Domain Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
             Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

CHAPTER 10   Setting Up Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . 219
             What Is a Virtual Private Network? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
             Using SSH for Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
             Virtual Private Networks with IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
                   IPSec Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
                   Using IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
xiv   NCO NTENT S

                    Configuring OpenVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
                         Looking at an Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
                         Configuring the Server Side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
                         Configuring the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
                         Some Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
                         Doing It the Even Easier Way . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
                    Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

      Part 3 N N N Enterprise Features
       CHAPTER 11   Using Core Builds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
                    What Are Core Builds? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
                          What Can’t Core Builds Do? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
                          Why Create a Core Build? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
                    What Are Kickstart Files? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
                          Anatomy of a Kickstart File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
                          The Command Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
                          %packages Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
                          The Scripts Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
                          Using a Kickstart File on a Web Server . . . . . . . . . . . . . . . . . . . . . . . 267
                          Dynamically Creating Kickstart Files . . . . . . . . . . . . . . . . . . . . . . . . . 268
                    Installing CentOS over HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
                    Updating Your Kickstart File to Install CentOS via HTTP . . . . . . . . . . . . . . 271
                    Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

       CHAPTER 12   Using High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
                    Clustering and High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
                    Theory of HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
                         Split Brain and Fencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
                         Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
                         Service or Virtual IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
                    HA Cluster Suite Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
                    HA Clustering with CentOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
NC O N T E N T S   xv

                             Preparing Your Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
                                   Installing CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
                                   Installing HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
                             Configuring CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
                             Configuring HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
                             Building Clusters Using CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
                                   Creating a Basic Cluster with CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
                                   Advanced Configurations Using CCS . . . . . . . . . . . . . . . . . . . . . . . . . 288
                                   Advanced Example with CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
                             Building Clusters Using HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
                                   Creating a Basic Cluster with HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
                                   Advanced Configurations Using HPS . . . . . . . . . . . . . . . . . . . . . . . . . 294
                                   Advanced Setup with HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
                             Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

CHAPTER 13                   Monitoring Your Network Using Nagios . . . . . . . . . . . . . . . . . . 299
                             How Nagios Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
                             Installing Nagios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
                             Initial Setup of Nagios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
                             Nagios Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
                             Objects and Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
                             Basic Nagios Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
                             Contacts and Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
                             Advanced Nagios Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
                             Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Foreword

      W    hen I go back in time to when I bought my very first technical book (about Perl 4
      programming), I had no idea what it would mean to me. Of course, I had expected to
      learn about Perl, but indirectly the book opened a whole new world to me. The book
      introduced me to Unix and taught me valuable things about operating systems in general.
      It taught me about filesystems and networking, about Perl modules and Perl developers,
      and about open source and communities.
           Not only did it help me to discover all these things, but it also made clear what I
      didn’t know. And although the book didn’t go into detail about a lot of topics, the fact
      that it gave me a framework, a place to put newfound information and relate it to what
      I already knew, was more important than anything else in that book.
           Over the years I realized that the book itself was not that special, except that it
      allowed me to start doing things with little hassle, learn from them, and build on that.
      And the book was excellent in building momentum, with me learning and doing in a
      rapid whirlpool of instant joy and eagerness for more. And although I was far from being
      a good Perl programmer when I finished the book, it gave me the confidence to explore
      without the fear of breaking things.
           When you apply the examples of this book, The Definitive Guide to CentOS, I hope
      you will get the same satisfaction and build that same confidence to help others with
      CentOS. By reading this book and trying the examples, you become a member of the
      CentOS community—or, as we say, the C in CentOS. But what is so special about CentOS?
      Why CentOS?
           Well, if you look at the different Linux distributions that exist today, CentOS has a
      unique appeal because it doesn’t try to consist of the latest and greatest open source soft-
      ware (which is in itself a never-ending story); it focuses instead on being the most reliable
      and secure environment that is resistant to change over a seven-year lifetime. And apart
      from resisting change, about every 24 to 30 months a newer CentOS version pops up with
      newer software that is again tested for stability and goes unchanged for another seven-
      year time span. It is up to you to decide when to stay or move to another version at any
      point in time.
           Those design characteristics make CentOS (and its commercial twin, Red Hat Enter-
      prise Linux) perfect for environments where you don’t want to inflict too much change,
      like an enterprise data center, but the same applies to, say, your office computer or your
      personal laptop. With CentOS you minimize the time to maintain the operating system
      and included software for the longest period possible. And as a benefit, you can discuss

xvi
NF O R E W O R D   xvii

your environment with an estimated 10 million users worldwide running the same soft-
ware as you do.
     The CentOS project and its community are there to assist you with any problems you
might encounter, and when you think the time is right, we want to help you transform
from being a CentOS user to a contributing member.
     For this not much is needed, other than the willingness to help others as they have
helped you. If you learn something valuable, we welcome you to share it on the CentOS
wiki, mailing lists, or forums. Or simply blog about your experience and interact with
your peers.
     The collective work of writing this book is a milestone for the CentOS community—
not only because it is the first book of its kind but mostly because it is the result of a joint
effort of the community; Peter Membrey, Ralph Angenendt, Tim Verhoeven, and Bert de
Bruijn are contributing members of our community. I am pleased that this book is a good
start to learning CentOS and an entry point to the larger worlds of Linux and open source.
But most of all, I sincerely hope it does not answer all your questions but instead inspires
you to question more.
                                                                                  Dag Wieers
                                                Infrastructure Support and Event Advocacy
                                                                              CentOS Project
About the Authors

        NPETER MEMBREY lives in Hong Kong and is
        actively promoting open source in all its various
        forms and guises, especially in education. He
        has had the honor of working for Red Hat and
        received his first RHCE at the tender age of 17. He
        is now a Chartered IT Professional and one of the
        world’s first professionally registered ICT Techni-
        cians. Currently studying for a master’s degree
        in IT, he hopes to study locally and earn a PhD in
        the not-too-distant future. He lives with his wife
        Sarah and is desperately trying (and sadly failing)
        to come to grips with Cantonese.

        NTIM VERHOEVEN is a Linux system administrator during the day and a core member of
        the CentOS Project during his free time. He has been working with Linux for more then
        ten years and has been involved with the CentOS Project since 2007. He is interested in all
        things related to enterprise Linux. He lives in Belgium and has an engineering degree in
        computer science.

        NRALPH ANGENENDT has been working as a systems and network administrator since 1998.
        After being introduced to Linux in 1995, Ralph’s interest in non-Unix-like operating sys-
        tems dropped dramatically, so his work environment mostly consists of Linux servers.
        Besides having a sweet tooth for domesticating mail servers, Ralph has a strong interest in
        automated system administration. That’s the reason why the networks he is responsible
        for run Cfengine: to ease the pains of administrating growing sites.
             Since 2006, Ralph has been a member of the CentOS development team, where he
        leads the documentation force and does some infrastructure management. You can
        probably meet him at open source conventions in Europe, largely in Germany and the
        Benelux countries.

xviii
About the Technical Reviewer

NBERT DE BRUIJN is a freelance Linux and virtualization specialist who specializes in
training and knowledge transfer on VMware and CentOS/Red Hat projects. Bert started
his professional IT life on early Linux versions and commercial Unix variants such as
SunOS, Solaris, and BSDi. He cofounded a local LUG chapter, helping the community
get the best out of free software. Bert prefers to use his experience rather than his
RHCE or LPIC-2 certification to show his Linux skills.

                                                                                        xix
Acknowledgments

     I t’s not until you actually try to write a book that you realize just how many people are
     involved in its creation. It goes without saying that without the support I received from
     Apress, this book wouldn’t be here. I’d therefore like to specifically thank Michelle
     Lowman and Beth Christmas for their patience and tolerance going well beyond the
     call of duty—I hope you like the results!
           I would also like to thank the CentOS community for everything they have done.
     Their continued hard work is what makes CentOS such a great operating system, and
     I really hope that this book will give something back to the community that has given me
     so much. Thanks to everyone at the project who has been involved in the book’s develop-
     ment, including Karanbir Singh, Bert de Bruijn, Tim Verhoeven, Ralph Angenendt, and
     Dag Wieers.
           I am very fortunate to be studying at the University of Liverpool, which is an expe-
     rience that has completely changed my life. I would like to show my gratitude to Britt
     Janssen and Ranjay Ghai, who worked solidly for nearly two months on my application
     and whose hard work made everything possible.
           Last but certainly not least, I would like to make a special acknowledgment to two
     people without whom I would not be where I am today. So, special thanks to Mr. David
     Uden and Dr. Malcolm Herbert—two people who put their trust in me many years ago
     and without whom I have no doubt I would be doing something very different today.
                                                                                   Peter Membrey

     Thanks to all the people who make CentOS possible. Community, this also means you!
                                                                          Ralph Angenendt

xx
Introduction

A   lthough CentOS has a huge number of benefits over other operating systems, we can-
not escape the fact that it’s also free. With virtual machines starting to replace traditional
hosted services, people are finding that having their own server is not only much more
flexible but also often cheaper.
      But running your own server is very different from simply using a hosted service, and
this is where The Definitive Guide to CentOS comes in. It has been written to help new-
comers to the platform get up and running in production as quickly and as painlessly as
possible. Each of the chapters has a specific task-oriented goal and explains how to do the
majority of tasks that people are looking to do.
      Just like CentOS itself, we hope to be able to improve and refine this definitive guide.
We would be grateful for any and all feedback with regard to the book and how it could
be improved to better suit the needs of new users. Your experiences are hard won, and we
would love to hear what you have to say. After all, The Definitive Guide to CentOS is here
to help, and who better to advise and provide feedback than the very people who have
made their first steps with it?
      This book will let you hit the ground running, and the CentOS community will ensure
that you are able to keep in the race!

Who This Book Is For
The Definitive Guide to CentOS is for anyone who wants to build a production system
with the CentOS operating system. Previous Linux administration experience is help-
ful but not required. We’ll show you how to get started and how to build on existing
knowledge.

How the Book Is Laid Out
The book is laid out in three parts. The first part explains what CentOS is, where it came
from, and where it hopes to be. It also talks in some depth about enterprise Linux and
why you should run it on your systems. The first part also covers installation and getting
started.

                                                                                                 xxi
xxii   NINT ROD UCTIO N

            The second part is the largest section and has chapters dedicated to specific topics
       such as setting up a web server or an e-mail server. These are all task-oriented chapters
       so that you can immediately start doing what you need to do. Generally speaking, these
       chapters can be read in any order, although it might make sense to read certain chap-
       ters before others, such as reading about DNS before trying to configure subdomains in
       Apache.
            The third part contains more advanced topics that will be of interest to people
       deploying CentOS in an enterprise environment. The topics will still be of interest to
       many people, but the concepts are somewhat more advanced than those in the previous
       part and may require multiple servers and so forth.
            The book was written so that you can dip in and take whatever you need from it. You
       can realistically read it in any order you choose and apply each chapter completely inde-
       pendently from the others. The idea is that it will allow you to quickly get up and running
       and to focus on the things you need sooner rather than later.
You can also read