Skip to main content

Post build configurations on Redhat VM

 






*************************************

Post build configuration on Linux VM:

*************************************

Set the hostname.


hostnamectl set-hostname <Servername>



*****************************************

Network configuration :


Make sure VM gets the ipv4 ip address either from DHCP or assign the static ip address to it.

 Question: How to assign the static ip address to the linux machine using the nmcli ?



 Answer: fire the below commands:


nmcli device

nmcli connection modify enpos3 ipv4.addresses 10.253.1.34/24

nmcli connection modify enpos3 ipv4.gateway 10.253.1.1

nmcli connection modify enpos3 ipv4.method manual

nmcli connection modify enpos3 ipv4.dns 8.8.8.8

nmli connection down enpos3

nmcli connection up enpos3

ip address show enpos3

nmcli connection show


************************†******************

Register to RHΝ.


Register to redhat network if the linux vm is redhat vm.


subscription-manager register --org <org>  --activationkey <activation key> --force


****************************************


Apply updates and reboot.

yum update -y

reboot


************************************


Sentinel one install.


first open winscp and transfer the rpm or deb file from windows to linux server on /var/tmp location.


Now fire the below 4 commands to install the sentinel one on the server:


 rpm -i  --nodigest SentinelAgent-Linux-22-2-2-2-x86-64-release.rpm


 /opt/sentinelone/bin/sentinelctl management token set <token for sentinel one>


 /opt/sentinelone/bin/sentinelctl control start


 systemctl status sentinelone.service


*****************************************

AD configuration and domain join:

 

yum install samba-common-tools realmd oddjob oddjob-mkhomedir sssd adcli krb5-workstation: install the required packages to join the server to domain.


 cat /etc/os-release : check the server OS info


realm list : this command gives the domain info


realm join -v -- user=adminid@DOMAINNAMELOCAL: join the server to domain 

realm list :now you will see the domain information


cp -p /etc/sssd/sssd.conf /etc/sssd/sssd.conf_bkp1: take the backup of the sssd config file because We need to make some changes into that file.


ls -ld /etc/sssd/sssd.conf* : check if the backup has been taken or not.


vi /etc/sssd/sssd.conf : open the sssd.conf file and set "use fully qualified_names" parameter to

False.


cat /etc/sssd/sssd.conf  | grep -i fully :check if the changes are reflecting or not.


systemctl restart sssd  : restart the sssd service.


realm permit -g "LA Servername_root: first create this group in AD and add the members to this group and then fire this command.


realm list :  above created group will reflect in the output of realm list.


 id admin_spathan: server is joined to domain, server must recognise you and should give the

output of the groups you are part of.


 id admin spathan | grep -i servername : check if the user is part of the local administrator group.


groupadd admins : create the group for admins


 vi /etc/sudoers :add this admins group in the sudoers file so that members of the admins group can become the superuser. 

(add this line to sudoers file: admins ALL=(ALL) ALL)


usermod-aG admins admin_spathan :  add the members to admins group


systemctl restart/status sssd :  restart the sssd service and check its status.


realm list


usermod -aG admins clientid  :who requested access on the server 


cat /etc/group: check if the members are added to admins group.


now take the new putty console and check if you are able to login to the server using your admin id.



****************************************



Disable SELINUX: 


First take the backup of the /etc/selinux/config file.


 vi /etc/selinux/config: open the file in vi editor and set "SELINUX=disabled". 

 cat /etc/selinux/config: check of the changes are reflecting or not.

Reboot the machine.

************"*********************

  enable Rsyslog:


systemctl status rsyslog

systemctl start/enable rsyslog

systemctl status rsyslog



**************************************

Reserve the ip address:


Go to dhcp server in AD and go to address lease and reserve the ip address.

*****************************************

Move computer account to appropriate OU:


when you deploy the vm in vcenter/oracle cloud/OVM/nutanix,  and when you join the server to domain , computer account gets created automatically in the AD. we need to move this computer account to correct linux OU.

*******************************************

SNMPV3 setup :


SNMP V3 setup is done on rhel 8 and above version. SNMP v2 setup is done on centos and rhel below 8 versions.


we cant add the servers to solarwinds if we wont do the SNMP configuration on the VMs.


How to do the SNMPv3 setup on Server?

 

yum install net-snmp net-snmp-libs  net-snmp-agent-libs  net-snmp-utils




net-snmp-create-v3-user  -ro  -a SHA  -x AES  -A <password for username>    <username>


history


systemctl start snmpd.service


systemctl enable snmpd.service


snmpwalk  -v3  -u <username>  -A  <password for username> -a SHA -c public -I authNoPriv

localhost 1.3.6.1.4.1.2021.4.3



netstat -na | grep :161


netstat -tulnp | grep LISTEN | grep :161


netstat -tulnp | grep LISTEN | grep :22


firewall-cmd  --add-port=161/tcp : enable the  firewall of not enabled allready.


firewall-cmd   --add-port=161/udp


netstat -na | grep :161


systemctl restart snmpd


systemctl status snmpd

netstat -na | grep :161


**************************************


Add the servers to Solarwinds using SNMP polling method.


After firing the above commands, go to solarwinds and add the server to solarwinds so that solarwinds would be able to track the resources of the server and send the necessary notifications when necessary.

*****************************************

Create Subtask for  DNS entry.


when the server gets the static or dynamic ip from DHCP, we need to make subtask to associated team to create the DNS entry.


***********************************

Create subtask for sentinelone:


we have installed the anti virus in the server. we need to check if the server is reflecting in the sentinel one console or not.

sentinel one console access is given to information security team. we need to check with this team.


**********************************


Create subtask for Backup.


we need to create the backup of server as well, in future if some thing goes wrong, we can restore the server if server is added to backup.


**************************************


If the user has requested to add the new disk of 100 gb and create the /data filesystem for it, then add the diskof 100GB to server in vcenter/oracle cloud/oracle VM/nutanix.


lsblk: this command will show the newly added disk in the server. if the newly added disk is sdb then fire the below commands.

 fdisk /dev/sdb


n: create new partition


p: primary partition


Pick the partition number: 1

first sector: default 2048


Last sector: default

partition 1 of type Linux of size 100Gb is set.

t: change partition type

8e: change partition type to linux Ivm

w: write the table to disk and exit.

fdisk -1: it will now show the /dev/sdb1 partition created on the /dev/sdb disk.

 lsblk: This will show the disk sdb and partition /dev/sdb1 of 100 GB

partprobe

pvcreate /dev/sdb1 :create the physical volume of 100GB.


pvs


lsblk


vgcreate datavg /dev/sdb1 :create the volume group of 100GB


lsblk


vgs


lvcreate -1 100% FREE -n datalv datavg: create the logical volume of 100GB from volume group

lvs


lvdisplay :  will give the lv path


lsblk


df -hT


history


mkfs.xfs /dev/datavg/dataIv :its creating the xfs  filesystem of 100GB. /dev/datavg/datalv is the LV path 


mkdir /data : creating the/data directory


mount /dev/datavg/datalv  /data: mount the filesystem on data directory


df -hT  :   it will now show the /data filesystem


cat /etc/fstab  : make the entry of /data filesystem in the fstab file

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

vi /etc/fstab
and add the below line to fstab file : 

/dev/datavg/datalv      /data          xfs      defaults    0   0 



where 
/dev/datavg/datalv    : LV path.
 /data    : directory on which the filesystem is mounted . 

xfs   :   filesystem type .
and save the file .

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

cat /etc/fstab


umount  /data: unmount /data filesystem .


df -hT  :  check if the /data filesystem unmounted or not. 


 mount  /data :mount /data in the fstab file.


df-h:  check if it is showing the /data filesystem  in df -h output or not . 


******


Comments

Post a Comment

Popular posts from this blog

Linux basic commands

 Linux basic commands: du  -sh  *  |  sort  -h  -r   |  head  -n  40  :    list out first 40 files in the directory that are taking more space in the directory.  cd : change directory Is-l listing the items in long listing format  pwd : print working directory Is-I format: type :no of links:owner : group:size :month :day :time :name cd/: go to/directory whoami: tells us by which username we are logged in. touch jerry: creates the file named jerry in present working directory. cp jerry lex: copy the content of jerry file and paste it to lex file. vi text1: creates the file text1 and open it in vi editor mkdir superman: creates the directory called superman mkdir abc def  : creates 2 folder in one command. touch filename wont work in /etc/ folder if logged in by normal account. man cp: shows manual for cp command. echo "india is my country"> file1 puts the text in file1. rm filename: remove the filename  mv lex luther renames the file from lex to luther  mv luther /h
Post a Comment
Read more

patching tasks

 Patching a Linux system is a critical task to ensure that the system remains secure, stable, and up-to-date with the latest features and fixes. Here’s a comprehensive guide to the tasks involved in Linux patching: 1. Pre-Patching Preparation Backup System : Ensure you have a full system backup, including critical data, configuration files, and applications. Test the backup to verify its integrity. Check Disk Space : Verify that you have enough disk space, particularly on /var , /tmp , and /boot partitions. Review Current Patch Level : Determine the current patch level and installed packages using package management tools like yum , apt , dpkg , or rpm . Check System Logs : Review system logs to identify any issues that might affect the patching process. Test in a Staging Environment : If possible, apply patches in a staging environment that mirrors production to identify potential issues. Notify Stakeholders : Inform stakeholders about the scheduled maintenance window and expected do
Post a Comment
Read more