The Definitive Guide to CentOS - Peter Membrey, Tim Verhoeven, Ralph Angenendt
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
The Definitive Guide to CentOS Peter Membrey, Tim Verhoeven, Ralph Angenendt
The Definitive Guide to CentOS Copyright © 2009 by Peter Membrey, Tim Verhoeven, Ralph Angenendt All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-1930-9 ISBN-13 (electronic): 978-1-4302-1931-6 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Lead Editor: Michelle Lowman Technical Reviewers: Bert de Bruijn, Karanbir Singh Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Tony Campbell, Gary Cornell, Jonathan Gennick, Michelle Lowman, Matthew Moodie, Jeffrey Pepper, Frank Pohlmann, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Project Manager: Beth Christmas Copy Editor: Kim Wimpsett Associate Production Director: Kari Brooks-Copony Production Editor: Candace English Compositor: Lynn L’Heureux Proofreader: April Eddy Indexer: BIM Indexing & Proofreading Services Artist: April Milne Cover Designer: Kurt Krames Manufacturing Director: Tom Debolski Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail kn`ano)ju
For my dear wife Sarah and xiaobao (little baby): without your unwavering support, none of this would have been possible. —Peter Membrey
Contents at a Glance Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Part 1 N N N Getting Started with CentOS CHAPTER 1 Introducing CentOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 CHAPTER 2 Installing CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 CHAPTER 3 Getting Started with CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 CHAPTER 4 Using Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Part 2 N N N Going into Production CHAPTER 5 Using Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 CHAPTER 6 Setting Up Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 CHAPTER 7 Understanding DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 CHAPTER 8 Setting Up DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 CHAPTER 9 Sharing Files with Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 CHAPTER 10 Setting Up Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Part 3 N N N Enterprise Features CHAPTER 11 Using Core Builds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 CHAPTER 12 Using High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 CHAPTER 13 Monitoring Your Network Using Nagios . . . . . . . . . . . . . . . . . . . . . . . . . 299 INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 v
Contents Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Part 1 N N N Getting Started with CentOS CHAPTER 1 Introducing CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 What Is Enterprise Linux?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Extended Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Low-Risk Security Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 ABI/API Stability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Regular Updates and Bug Fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Summary of Enterprise Linux’s Benefits . . . . . . . . . . . . . . . . . . . . . . . . 7 What Is CentOS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 How to Read This Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 CHAPTER 2 Installing CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Getting CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Checking the Checksums . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Burning the ISOs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Performing a Super-Quick CentOS Install . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 vii
viii NCO NTENT S Setting Other Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Securely Erasing Your Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Creating a Custom Partition Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Using Software RAID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Setting IP Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 CHAPTER 3 Getting Started with CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 CentOS Filesystem Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Relative and Absolute Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Filesystem Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 /root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 /etc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 /proc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 /var . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 /boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 /bin and /sbin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 /dev. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 /home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 /lib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 /lost+found . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 /media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 /mnt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 /usr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 /opt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 /srv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 /sys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 /tmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Getting Your Hands on a Command Prompt . . . . . . . . . . . . . . . . . . . . 51 Getting an SSH Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Using SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
NC O N T E N T S ix You’re Logged In; Now What? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 First, the Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Important Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 pwd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 mkdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 cd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 rmdir. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 rm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 touch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 nano . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 cat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 CHAPTER 4 Using Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 What Are RPMs? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 What Are Yum Repositories? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 CentOS Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Official CentOS Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Third-Party Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Getting Started with Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Updating Your Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Installing a Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Installing a Group of Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Searching for Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Adding a Custom Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Setting It Up with RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 How to Do It Without an RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Yumex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
x NCO NTENT S Part 2 N N N Going into Production CHAPTER 5 Using Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 How Does the Server Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 A Brief Introduction to SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Why Run Your Own Server? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 What It Involves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 When to Let Someone Else Do It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 What Is a Virtual Private Server (VPS)?. . . . . . . . . . . . . . . . . . . . . . . . . 83 Picking a Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Installing Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Configuring the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Making Sure Apache Starts Each Time the Server Reboots . . . . . . . 88 Starting Up and Testing Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Configuring Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Where Is Everything? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Configuring ServerAdmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Configuring ServerName. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Saving the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Testing Your New Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Restarting Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 .htaccess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Enabling .htaccess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 How to Password Protect a Directory . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Configuring Password Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Creating User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Improving Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Enabling Compression in Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Why You Don’t Compress Everything . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Improving Server Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Things to Watch Out For . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
NC O N T E N T S xi Setting Up Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Getting Started with Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Creating Your First Virtual Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Using vhosts.d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Using SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Installing mod_ssl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Getting Your Shiny New Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Signing Your Own Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 What to Do with an Intermediary Certificate . . . . . . . . . . . . . . . . . . . 109 Putting Your New Certificate to Work . . . . . . . . . . . . . . . . . . . . . . . . . 109 Removing the Password Protection from the Key . . . . . . . . . . . . . . 110 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 CHAPTER 6 Setting Up Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 How Do Mail Servers Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Why Run Your Own Mail Server?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 When Not to Run Your Own Mail Server. . . . . . . . . . . . . . . . . . . . . . . 117 Which Mail Server to Choose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Installing the Mail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Configuring the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Making Sure Postfix Starts During Boot . . . . . . . . . . . . . . . . . . . . . . . 121 Configuring Postfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Configuring Your System to Send Mail . . . . . . . . . . . . . . . . . . . . . . . . 124 Configuring Your System to Receive Mail . . . . . . . . . . . . . . . . . . . . . 132 Setting Up Users to Receive Mails . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Taking a Few Antispam Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Receiving Mails for Several Domains . . . . . . . . . . . . . . . . . . . . . . . . . 137 Authenticating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Encrypted Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Usernames, Passwords, and Such . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Retrieving Mails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Configuring Your Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Configuring Dovecot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Using Webmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
xii NCO NTENT S CHAPTER 7 Understanding DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 What Is DNS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 DNS Was Born . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 The WHOIS System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 The Root DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 The Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 The Hosts File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 nsswitch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 NSCD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 What Is BIND?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Primary and Secondary Name Servers. . . . . . . . . . . . . . . . . . . . . . . . 164 Installing BIND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Setting Up a Caching Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Making DNS Available to Other Machines . . . . . . . . . . . . . . . . . . . . . 168 Configuring BIND to Host Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 A Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 CNAME Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 MX Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 NS Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Quick Round-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Creating a Master Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Creating a Slave Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Allowing Zone Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Gotchas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 Forgetting to Increment the Serial Number . . . . . . . . . . . . . . . . . . . . 179 Forgetting the Dot in the Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 CHAPTER 8 Setting Up DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 How Does DHCP Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 DHCP and CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Installing DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Configuring the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
NC O N T E N T S xiii Configuring DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 A Minimal Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Extended Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 Defining Static IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Grouping Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Shared Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Relaying DHCP Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 PXE Booting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Configuring dhcpd for PXE Boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 DHCP Integration with DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 CHAPTER 9 Sharing Files with Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Windows Networking Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 The Basic Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Workgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Windows Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Samba and CentOS Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Preparing to Set Up Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Installing Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Configuring Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Example Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Minimal Stand-Alone Samba Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Shares and Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Extended Stand-Alone Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Samba As a Domain Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 CHAPTER 10 Setting Up Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . 219 What Is a Virtual Private Network? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Using SSH for Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Virtual Private Networks with IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 IPSec Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Using IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
xiv NCO NTENT S Configuring OpenVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Looking at an Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Configuring the Server Side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Configuring the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Some Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 Doing It the Even Easier Way . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 Part 3 N N N Enterprise Features CHAPTER 11 Using Core Builds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 What Are Core Builds? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 What Can’t Core Builds Do? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Why Create a Core Build? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 What Are Kickstart Files? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Anatomy of a Kickstart File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 The Command Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 %packages Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 The Scripts Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Using a Kickstart File on a Web Server . . . . . . . . . . . . . . . . . . . . . . . 267 Dynamically Creating Kickstart Files . . . . . . . . . . . . . . . . . . . . . . . . . 268 Installing CentOS over HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Updating Your Kickstart File to Install CentOS via HTTP . . . . . . . . . . . . . . 271 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 CHAPTER 12 Using High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Clustering and High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Theory of HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 Split Brain and Fencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Service or Virtual IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 HA Cluster Suite Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 HA Clustering with CentOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
NC O N T E N T S xv Preparing Your Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 Installing CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Installing HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Configuring CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Configuring HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Building Clusters Using CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 Creating a Basic Cluster with CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 Advanced Configurations Using CCS . . . . . . . . . . . . . . . . . . . . . . . . . 288 Advanced Example with CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Building Clusters Using HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 Creating a Basic Cluster with HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 Advanced Configurations Using HPS . . . . . . . . . . . . . . . . . . . . . . . . . 294 Advanced Setup with HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 CHAPTER 13 Monitoring Your Network Using Nagios . . . . . . . . . . . . . . . . . . 299 How Nagios Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Installing Nagios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Initial Setup of Nagios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 Nagios Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Objects and Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 Basic Nagios Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Contacts and Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Advanced Nagios Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Foreword W hen I go back in time to when I bought my very first technical book (about Perl 4 programming), I had no idea what it would mean to me. Of course, I had expected to learn about Perl, but indirectly the book opened a whole new world to me. The book introduced me to Unix and taught me valuable things about operating systems in general. It taught me about filesystems and networking, about Perl modules and Perl developers, and about open source and communities. Not only did it help me to discover all these things, but it also made clear what I didn’t know. And although the book didn’t go into detail about a lot of topics, the fact that it gave me a framework, a place to put newfound information and relate it to what I already knew, was more important than anything else in that book. Over the years I realized that the book itself was not that special, except that it allowed me to start doing things with little hassle, learn from them, and build on that. And the book was excellent in building momentum, with me learning and doing in a rapid whirlpool of instant joy and eagerness for more. And although I was far from being a good Perl programmer when I finished the book, it gave me the confidence to explore without the fear of breaking things. When you apply the examples of this book, The Definitive Guide to CentOS, I hope you will get the same satisfaction and build that same confidence to help others with CentOS. By reading this book and trying the examples, you become a member of the CentOS community—or, as we say, the C in CentOS. But what is so special about CentOS? Why CentOS? Well, if you look at the different Linux distributions that exist today, CentOS has a unique appeal because it doesn’t try to consist of the latest and greatest open source soft- ware (which is in itself a never-ending story); it focuses instead on being the most reliable and secure environment that is resistant to change over a seven-year lifetime. And apart from resisting change, about every 24 to 30 months a newer CentOS version pops up with newer software that is again tested for stability and goes unchanged for another seven- year time span. It is up to you to decide when to stay or move to another version at any point in time. Those design characteristics make CentOS (and its commercial twin, Red Hat Enter- prise Linux) perfect for environments where you don’t want to inflict too much change, like an enterprise data center, but the same applies to, say, your office computer or your personal laptop. With CentOS you minimize the time to maintain the operating system and included software for the longest period possible. And as a benefit, you can discuss xvi
NF O R E W O R D xvii your environment with an estimated 10 million users worldwide running the same soft- ware as you do. The CentOS project and its community are there to assist you with any problems you might encounter, and when you think the time is right, we want to help you transform from being a CentOS user to a contributing member. For this not much is needed, other than the willingness to help others as they have helped you. If you learn something valuable, we welcome you to share it on the CentOS wiki, mailing lists, or forums. Or simply blog about your experience and interact with your peers. The collective work of writing this book is a milestone for the CentOS community— not only because it is the first book of its kind but mostly because it is the result of a joint effort of the community; Peter Membrey, Ralph Angenendt, Tim Verhoeven, and Bert de Bruijn are contributing members of our community. I am pleased that this book is a good start to learning CentOS and an entry point to the larger worlds of Linux and open source. But most of all, I sincerely hope it does not answer all your questions but instead inspires you to question more. Dag Wieers Infrastructure Support and Event Advocacy CentOS Project
About the Authors NPETER MEMBREY lives in Hong Kong and is actively promoting open source in all its various forms and guises, especially in education. He has had the honor of working for Red Hat and received his first RHCE at the tender age of 17. He is now a Chartered IT Professional and one of the world’s first professionally registered ICT Techni- cians. Currently studying for a master’s degree in IT, he hopes to study locally and earn a PhD in the not-too-distant future. He lives with his wife Sarah and is desperately trying (and sadly failing) to come to grips with Cantonese. NTIM VERHOEVEN is a Linux system administrator during the day and a core member of the CentOS Project during his free time. He has been working with Linux for more then ten years and has been involved with the CentOS Project since 2007. He is interested in all things related to enterprise Linux. He lives in Belgium and has an engineering degree in computer science. NRALPH ANGENENDT has been working as a systems and network administrator since 1998. After being introduced to Linux in 1995, Ralph’s interest in non-Unix-like operating sys- tems dropped dramatically, so his work environment mostly consists of Linux servers. Besides having a sweet tooth for domesticating mail servers, Ralph has a strong interest in automated system administration. That’s the reason why the networks he is responsible for run Cfengine: to ease the pains of administrating growing sites. Since 2006, Ralph has been a member of the CentOS development team, where he leads the documentation force and does some infrastructure management. You can probably meet him at open source conventions in Europe, largely in Germany and the Benelux countries. xviii
About the Technical Reviewer NBERT DE BRUIJN is a freelance Linux and virtualization specialist who specializes in training and knowledge transfer on VMware and CentOS/Red Hat projects. Bert started his professional IT life on early Linux versions and commercial Unix variants such as SunOS, Solaris, and BSDi. He cofounded a local LUG chapter, helping the community get the best out of free software. Bert prefers to use his experience rather than his RHCE or LPIC-2 certification to show his Linux skills. xix
Acknowledgments I t’s not until you actually try to write a book that you realize just how many people are involved in its creation. It goes without saying that without the support I received from Apress, this book wouldn’t be here. I’d therefore like to specifically thank Michelle Lowman and Beth Christmas for their patience and tolerance going well beyond the call of duty—I hope you like the results! I would also like to thank the CentOS community for everything they have done. Their continued hard work is what makes CentOS such a great operating system, and I really hope that this book will give something back to the community that has given me so much. Thanks to everyone at the project who has been involved in the book’s develop- ment, including Karanbir Singh, Bert de Bruijn, Tim Verhoeven, Ralph Angenendt, and Dag Wieers. I am very fortunate to be studying at the University of Liverpool, which is an expe- rience that has completely changed my life. I would like to show my gratitude to Britt Janssen and Ranjay Ghai, who worked solidly for nearly two months on my application and whose hard work made everything possible. Last but certainly not least, I would like to make a special acknowledgment to two people without whom I would not be where I am today. So, special thanks to Mr. David Uden and Dr. Malcolm Herbert—two people who put their trust in me many years ago and without whom I have no doubt I would be doing something very different today. Peter Membrey Thanks to all the people who make CentOS possible. Community, this also means you! Ralph Angenendt xx
Introduction A lthough CentOS has a huge number of benefits over other operating systems, we can- not escape the fact that it’s also free. With virtual machines starting to replace traditional hosted services, people are finding that having their own server is not only much more flexible but also often cheaper. But running your own server is very different from simply using a hosted service, and this is where The Definitive Guide to CentOS comes in. It has been written to help new- comers to the platform get up and running in production as quickly and as painlessly as possible. Each of the chapters has a specific task-oriented goal and explains how to do the majority of tasks that people are looking to do. Just like CentOS itself, we hope to be able to improve and refine this definitive guide. We would be grateful for any and all feedback with regard to the book and how it could be improved to better suit the needs of new users. Your experiences are hard won, and we would love to hear what you have to say. After all, The Definitive Guide to CentOS is here to help, and who better to advise and provide feedback than the very people who have made their first steps with it? This book will let you hit the ground running, and the CentOS community will ensure that you are able to keep in the race! Who This Book Is For The Definitive Guide to CentOS is for anyone who wants to build a production system with the CentOS operating system. Previous Linux administration experience is help- ful but not required. We’ll show you how to get started and how to build on existing knowledge. How the Book Is Laid Out The book is laid out in three parts. The first part explains what CentOS is, where it came from, and where it hopes to be. It also talks in some depth about enterprise Linux and why you should run it on your systems. The first part also covers installation and getting started. xxi
xxii NINT ROD UCTIO N The second part is the largest section and has chapters dedicated to specific topics such as setting up a web server or an e-mail server. These are all task-oriented chapters so that you can immediately start doing what you need to do. Generally speaking, these chapters can be read in any order, although it might make sense to read certain chap- ters before others, such as reading about DNS before trying to configure subdomains in Apache. The third part contains more advanced topics that will be of interest to people deploying CentOS in an enterprise environment. The topics will still be of interest to many people, but the concepts are somewhat more advanced than those in the previous part and may require multiple servers and so forth. The book was written so that you can dip in and take whatever you need from it. You can realistically read it in any order you choose and apply each chapter completely inde- pendently from the others. The idea is that it will allow you to quickly get up and running and to focus on the things you need sooner rather than later.
You can also read