The Definitive Guide to CentOS - Peter Membrey, Tim Verhoeven, Ralph Angenendt
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
The Definitive Guide to CentOS Peter Membrey, Tim Verhoeven, Ralph Angenendt
The Definitive Guide to CentOS Copyright © 2009 by Peter Membrey, Tim Verhoeven, Ralph Angenendt All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-4302-1930-9 ISBN-13 (electronic): 978-1-4302-1931-6 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Lead Editor: Michelle Lowman Technical Reviewers: Bert de Bruijn, Karanbir Singh Editorial Board: Clay Andres, Steve Anglin, Mark Beckner, Ewan Buckingham, Tony Campbell, Gary Cornell, Jonathan Gennick, Michelle Lowman, Matthew Moodie, Jeffrey Pepper, Frank Pohlmann, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh Project Manager: Beth Christmas Copy Editor: Kim Wimpsett Associate Production Director: Kari Brooks-Copony Production Editor: Candace English Compositor: Lynn L’Heureux Proofreader: April Eddy Indexer: BIM Indexing & Proofreading Services Artist: April Milne Cover Designer: Kurt Krames Manufacturing Director: Tom Debolski Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax 201-348-4505, e-mail kn`ano)ju
For my dear wife Sarah and xiaobao (little baby): without your unwavering support,
none of this would have been possible.
—Peter MembreyContents at a Glance
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Part 1 N N N Getting Started with CentOS
CHAPTER 1 Introducing CentOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
CHAPTER 2 Installing CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
CHAPTER 3 Getting Started with CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
CHAPTER 4 Using Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Part 2 N N N Going into Production
CHAPTER 5 Using Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
CHAPTER 6 Setting Up Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
CHAPTER 7 Understanding DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
CHAPTER 8 Setting Up DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
CHAPTER 9 Sharing Files with Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
CHAPTER 10 Setting Up Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Part 3 N N N Enterprise Features
CHAPTER 11 Using Core Builds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
CHAPTER 12 Using High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
CHAPTER 13 Monitoring Your Network Using Nagios . . . . . . . . . . . . . . . . . . . . . . . . . 299
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
vContents
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
About the Technical Reviewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Part 1 N N N Getting Started with CentOS
CHAPTER 1 Introducing CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
What Is Enterprise Linux?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Extended Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Low-Risk Security Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
ABI/API Stability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Regular Updates and Bug Fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Summary of Enterprise Linux’s Benefits . . . . . . . . . . . . . . . . . . . . . . . . 7
What Is CentOS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
How to Read This Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
CHAPTER 2 Installing CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Getting CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Checking the Checksums . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Burning the ISOs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Performing a Super-Quick CentOS Install . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
viiviii NCO NTENT S
Setting Other Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Securely Erasing Your Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Creating a Custom Partition Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Using Software RAID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Setting IP Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
CHAPTER 3 Getting Started with CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
CentOS Filesystem Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Relative and Absolute Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Filesystem Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
/root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
/etc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
/proc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
/var . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
/boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
/bin and /sbin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
/dev. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
/home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
/lib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
/lost+found . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
/media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
/mnt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
/usr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
/opt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
/srv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
/sys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
/tmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Getting Your Hands on a Command Prompt . . . . . . . . . . . . . . . . . . . . 51
Getting an SSH Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Using SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52NC O N T E N T S ix
You’re Logged In; Now What? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
First, the Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Important Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
pwd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
mkdir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
cd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
rmdir. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
rm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
touch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
nano . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
cat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
CHAPTER 4 Using Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
What Are RPMs? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
What Are Yum Repositories? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
CentOS Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Official CentOS Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Third-Party Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Getting Started with Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Updating Your Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Installing a Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Installing a Group of Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Searching for Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Adding a Custom Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Setting It Up with RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
How to Do It Without an RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Yumex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76x NCO NTENT S
Part 2 N N N Going into Production
CHAPTER 5 Using Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
How Does the Server Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
A Brief Introduction to SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Why Run Your Own Server? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
What It Involves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
When to Let Someone Else Do It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
What Is a Virtual Private Server (VPS)?. . . . . . . . . . . . . . . . . . . . . . . . . 83
Picking a Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Installing Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Configuring the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Making Sure Apache Starts Each Time the Server Reboots . . . . . . . 88
Starting Up and Testing Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Configuring Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Where Is Everything? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Configuring ServerAdmin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Configuring ServerName. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Saving the Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Testing Your New Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Restarting Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
.htaccess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Enabling .htaccess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
How to Password Protect a Directory . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Configuring Password Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Creating User Accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Improving Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Enabling Compression in Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Why You Don’t Compress Everything . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Improving Server Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Things to Watch Out For . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100NC O N T E N T S xi
Setting Up Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Getting Started with Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Creating Your First Virtual Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Using vhosts.d . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Using SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Installing mod_ssl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Getting Your Shiny New Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Signing Your Own Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
What to Do with an Intermediary Certificate . . . . . . . . . . . . . . . . . . . 109
Putting Your New Certificate to Work . . . . . . . . . . . . . . . . . . . . . . . . . 109
Removing the Password Protection from the Key . . . . . . . . . . . . . . 110
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
CHAPTER 6 Setting Up Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
How Do Mail Servers Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Why Run Your Own Mail Server?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
When Not to Run Your Own Mail Server. . . . . . . . . . . . . . . . . . . . . . . 117
Which Mail Server to Choose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Installing the Mail Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Configuring the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Making Sure Postfix Starts During Boot . . . . . . . . . . . . . . . . . . . . . . . 121
Configuring Postfix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuring Your System to Send Mail . . . . . . . . . . . . . . . . . . . . . . . . 124
Configuring Your System to Receive Mail . . . . . . . . . . . . . . . . . . . . . 132
Setting Up Users to Receive Mails . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Taking a Few Antispam Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Receiving Mails for Several Domains . . . . . . . . . . . . . . . . . . . . . . . . . 137
Authenticating Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Encrypted Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Usernames, Passwords, and Such . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Retrieving Mails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Configuring Your Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Configuring Dovecot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Using Webmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154xii NCO NTENT S
CHAPTER 7 Understanding DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
What Is DNS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
DNS Was Born . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
The WHOIS System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
The Root DNS Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
The Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
The Hosts File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
nsswitch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
NSCD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
What Is BIND?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Primary and Secondary Name Servers. . . . . . . . . . . . . . . . . . . . . . . . 164
Installing BIND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Setting Up a Caching Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Making DNS Available to Other Machines . . . . . . . . . . . . . . . . . . . . . 168
Configuring BIND to Host Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
A Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
CNAME Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
MX Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
NS Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Quick Round-Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Creating a Master Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Creating a Slave Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Allowing Zone Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Gotchas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Forgetting to Increment the Serial Number . . . . . . . . . . . . . . . . . . . . 179
Forgetting the Dot in the Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
CHAPTER 8 Setting Up DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
How Does DHCP Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
DHCP and CentOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Installing DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Configuring the Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184NC O N T E N T S xiii
Configuring DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
A Minimal Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Extended Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Defining Static IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Grouping Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Shared Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Relaying DHCP Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
PXE Booting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Configuring dhcpd for PXE Boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
DHCP Integration with DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
CHAPTER 9 Sharing Files with Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Windows Networking Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
The Basic Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Workgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Windows Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Samba and CentOS Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Preparing to Set Up Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Installing Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Configuring Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Example Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Minimal Stand-Alone Samba Setup . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Shares and Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Extended Stand-Alone Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Samba As a Domain Member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
CHAPTER 10 Setting Up Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . 219
What Is a Virtual Private Network? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Using SSH for Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
Virtual Private Networks with IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
IPSec Explained . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Using IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230xiv NCO NTENT S
Configuring OpenVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Looking at an Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Configuring the Server Side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Configuring the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Some Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Doing It the Even Easier Way . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Part 3 N N N Enterprise Features
CHAPTER 11 Using Core Builds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
What Are Core Builds? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
What Can’t Core Builds Do? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Why Create a Core Build? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
What Are Kickstart Files? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Anatomy of a Kickstart File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
The Command Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
%packages Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
The Scripts Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Using a Kickstart File on a Web Server . . . . . . . . . . . . . . . . . . . . . . . 267
Dynamically Creating Kickstart Files . . . . . . . . . . . . . . . . . . . . . . . . . 268
Installing CentOS over HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
Updating Your Kickstart File to Install CentOS via HTTP . . . . . . . . . . . . . . 271
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
CHAPTER 12 Using High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Clustering and High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Theory of HA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Split Brain and Fencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Service or Virtual IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
HA Cluster Suite Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
HA Clustering with CentOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278NC O N T E N T S xv
Preparing Your Cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Installing CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Installing HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Configuring CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Configuring HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Building Clusters Using CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Creating a Basic Cluster with CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Advanced Configurations Using CCS . . . . . . . . . . . . . . . . . . . . . . . . . 288
Advanced Example with CCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Building Clusters Using HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Creating a Basic Cluster with HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Advanced Configurations Using HPS . . . . . . . . . . . . . . . . . . . . . . . . . 294
Advanced Setup with HPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
CHAPTER 13 Monitoring Your Network Using Nagios . . . . . . . . . . . . . . . . . . 299
How Nagios Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Installing Nagios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Initial Setup of Nagios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Nagios Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Objects and Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Basic Nagios Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Contacts and Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Advanced Nagios Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315Foreword
W hen I go back in time to when I bought my very first technical book (about Perl 4
programming), I had no idea what it would mean to me. Of course, I had expected to
learn about Perl, but indirectly the book opened a whole new world to me. The book
introduced me to Unix and taught me valuable things about operating systems in general.
It taught me about filesystems and networking, about Perl modules and Perl developers,
and about open source and communities.
Not only did it help me to discover all these things, but it also made clear what I
didn’t know. And although the book didn’t go into detail about a lot of topics, the fact
that it gave me a framework, a place to put newfound information and relate it to what
I already knew, was more important than anything else in that book.
Over the years I realized that the book itself was not that special, except that it
allowed me to start doing things with little hassle, learn from them, and build on that.
And the book was excellent in building momentum, with me learning and doing in a
rapid whirlpool of instant joy and eagerness for more. And although I was far from being
a good Perl programmer when I finished the book, it gave me the confidence to explore
without the fear of breaking things.
When you apply the examples of this book, The Definitive Guide to CentOS, I hope
you will get the same satisfaction and build that same confidence to help others with
CentOS. By reading this book and trying the examples, you become a member of the
CentOS community—or, as we say, the C in CentOS. But what is so special about CentOS?
Why CentOS?
Well, if you look at the different Linux distributions that exist today, CentOS has a
unique appeal because it doesn’t try to consist of the latest and greatest open source soft-
ware (which is in itself a never-ending story); it focuses instead on being the most reliable
and secure environment that is resistant to change over a seven-year lifetime. And apart
from resisting change, about every 24 to 30 months a newer CentOS version pops up with
newer software that is again tested for stability and goes unchanged for another seven-
year time span. It is up to you to decide when to stay or move to another version at any
point in time.
Those design characteristics make CentOS (and its commercial twin, Red Hat Enter-
prise Linux) perfect for environments where you don’t want to inflict too much change,
like an enterprise data center, but the same applies to, say, your office computer or your
personal laptop. With CentOS you minimize the time to maintain the operating system
and included software for the longest period possible. And as a benefit, you can discuss
xviNF O R E W O R D xvii
your environment with an estimated 10 million users worldwide running the same soft-
ware as you do.
The CentOS project and its community are there to assist you with any problems you
might encounter, and when you think the time is right, we want to help you transform
from being a CentOS user to a contributing member.
For this not much is needed, other than the willingness to help others as they have
helped you. If you learn something valuable, we welcome you to share it on the CentOS
wiki, mailing lists, or forums. Or simply blog about your experience and interact with
your peers.
The collective work of writing this book is a milestone for the CentOS community—
not only because it is the first book of its kind but mostly because it is the result of a joint
effort of the community; Peter Membrey, Ralph Angenendt, Tim Verhoeven, and Bert de
Bruijn are contributing members of our community. I am pleased that this book is a good
start to learning CentOS and an entry point to the larger worlds of Linux and open source.
But most of all, I sincerely hope it does not answer all your questions but instead inspires
you to question more.
Dag Wieers
Infrastructure Support and Event Advocacy
CentOS ProjectAbout the Authors
NPETER MEMBREY lives in Hong Kong and is
actively promoting open source in all its various
forms and guises, especially in education. He
has had the honor of working for Red Hat and
received his first RHCE at the tender age of 17. He
is now a Chartered IT Professional and one of the
world’s first professionally registered ICT Techni-
cians. Currently studying for a master’s degree
in IT, he hopes to study locally and earn a PhD in
the not-too-distant future. He lives with his wife
Sarah and is desperately trying (and sadly failing)
to come to grips with Cantonese.
NTIM VERHOEVEN is a Linux system administrator during the day and a core member of
the CentOS Project during his free time. He has been working with Linux for more then
ten years and has been involved with the CentOS Project since 2007. He is interested in all
things related to enterprise Linux. He lives in Belgium and has an engineering degree in
computer science.
NRALPH ANGENENDT has been working as a systems and network administrator since 1998.
After being introduced to Linux in 1995, Ralph’s interest in non-Unix-like operating sys-
tems dropped dramatically, so his work environment mostly consists of Linux servers.
Besides having a sweet tooth for domesticating mail servers, Ralph has a strong interest in
automated system administration. That’s the reason why the networks he is responsible
for run Cfengine: to ease the pains of administrating growing sites.
Since 2006, Ralph has been a member of the CentOS development team, where he
leads the documentation force and does some infrastructure management. You can
probably meet him at open source conventions in Europe, largely in Germany and the
Benelux countries.
xviiiAbout the Technical Reviewer
NBERT DE BRUIJN is a freelance Linux and virtualization specialist who specializes in
training and knowledge transfer on VMware and CentOS/Red Hat projects. Bert started
his professional IT life on early Linux versions and commercial Unix variants such as
SunOS, Solaris, and BSDi. He cofounded a local LUG chapter, helping the community
get the best out of free software. Bert prefers to use his experience rather than his
RHCE or LPIC-2 certification to show his Linux skills.
xixAcknowledgments
I t’s not until you actually try to write a book that you realize just how many people are
involved in its creation. It goes without saying that without the support I received from
Apress, this book wouldn’t be here. I’d therefore like to specifically thank Michelle
Lowman and Beth Christmas for their patience and tolerance going well beyond the
call of duty—I hope you like the results!
I would also like to thank the CentOS community for everything they have done.
Their continued hard work is what makes CentOS such a great operating system, and
I really hope that this book will give something back to the community that has given me
so much. Thanks to everyone at the project who has been involved in the book’s develop-
ment, including Karanbir Singh, Bert de Bruijn, Tim Verhoeven, Ralph Angenendt, and
Dag Wieers.
I am very fortunate to be studying at the University of Liverpool, which is an expe-
rience that has completely changed my life. I would like to show my gratitude to Britt
Janssen and Ranjay Ghai, who worked solidly for nearly two months on my application
and whose hard work made everything possible.
Last but certainly not least, I would like to make a special acknowledgment to two
people without whom I would not be where I am today. So, special thanks to Mr. David
Uden and Dr. Malcolm Herbert—two people who put their trust in me many years ago
and without whom I have no doubt I would be doing something very different today.
Peter Membrey
Thanks to all the people who make CentOS possible. Community, this also means you!
Ralph Angenendt
xxIntroduction
A lthough CentOS has a huge number of benefits over other operating systems, we can-
not escape the fact that it’s also free. With virtual machines starting to replace traditional
hosted services, people are finding that having their own server is not only much more
flexible but also often cheaper.
But running your own server is very different from simply using a hosted service, and
this is where The Definitive Guide to CentOS comes in. It has been written to help new-
comers to the platform get up and running in production as quickly and as painlessly as
possible. Each of the chapters has a specific task-oriented goal and explains how to do the
majority of tasks that people are looking to do.
Just like CentOS itself, we hope to be able to improve and refine this definitive guide.
We would be grateful for any and all feedback with regard to the book and how it could
be improved to better suit the needs of new users. Your experiences are hard won, and we
would love to hear what you have to say. After all, The Definitive Guide to CentOS is here
to help, and who better to advise and provide feedback than the very people who have
made their first steps with it?
This book will let you hit the ground running, and the CentOS community will ensure
that you are able to keep in the race!
Who This Book Is For
The Definitive Guide to CentOS is for anyone who wants to build a production system
with the CentOS operating system. Previous Linux administration experience is help-
ful but not required. We’ll show you how to get started and how to build on existing
knowledge.
How the Book Is Laid Out
The book is laid out in three parts. The first part explains what CentOS is, where it came
from, and where it hopes to be. It also talks in some depth about enterprise Linux and
why you should run it on your systems. The first part also covers installation and getting
started.
xxixxii NINT ROD UCTIO N
The second part is the largest section and has chapters dedicated to specific topics
such as setting up a web server or an e-mail server. These are all task-oriented chapters
so that you can immediately start doing what you need to do. Generally speaking, these
chapters can be read in any order, although it might make sense to read certain chap-
ters before others, such as reading about DNS before trying to configure subdomains in
Apache.
The third part contains more advanced topics that will be of interest to people
deploying CentOS in an enterprise environment. The topics will still be of interest to
many people, but the concepts are somewhat more advanced than those in the previous
part and may require multiple servers and so forth.
The book was written so that you can dip in and take whatever you need from it. You
can realistically read it in any order you choose and apply each chapter completely inde-
pendently from the others. The idea is that it will allow you to quickly get up and running
and to focus on the things you need sooner rather than later.You can also read
