1,760
edits
Changes
→VM's server role and software requirements
* VM4 - 192.168.v.4, rns-ldap.<yourdomain>.ops
= Required Services and roles on each VM's server role and software requirements =
== DNS servers ==
:You need three DNS servers for this assignment:
:* Primary DNS server: running on VM2, pri-dns.<yourdomain>.ops, which is authoritative for your domain. It will be non-recursive, and must allow anyone to request answers to DNS queries of your domain.
:* Caching-only DNS server: running on VM3, co-nfs.<yourdomain>.ops, which allows DNS queries only from
network devices in your own private network. It will perform recursive DNS queries to the appropriate DNS serversor on its cache for answers.
:* Root Name server: running on VM4, rns-ldap.<yourdomain>.ops, which is authoritative for the root
zone only. It will answer queries from anyone to request DNS queries for the entire DNS namespace. You need to <b>collaborate</b> other root name server players in the virtual lab environment.
== NFS Server - on VM co-nfs ==
:* This machine VM will centrally host all of your <b>new network users’ </b> home directories, allowing remote
access through NFS version 4.
:* Use the appropriate export option(s) (pay particular attention to root_squash and
no_root_squash) when exporting network users' home directories.
:* Superuser on the other VMs should not have root privilege on the exported directory, with the
exception of the machine VM that is running the LDAP server.:* Machines VMs outside your assignment private network must not be able to contact this service. Everymachine VM in your network (including ones those that have not yet been created yet) must have access to this service.
:* Network users should not have read or write access to other network users' home directories.
==LDAP Server - on VM rns-ldap==
:* LDAP Domain Base Name – <yourdomain>.ops, where <yourdomain> is your assigned domain.:* This machine VM will act as an LDAPs server and provide user and group information to your other VMs.
:* Other students VMs in the virtual lab must not be able to contact this service.
==Network, firewall, and SELinux==
:* All your VMs must be accessible to each other using via the private network.
:* Do not allow DNS queries from any VMs in your network to any DNS servers in the lab
except your caching-only DNS server.
• SELinux must be turned on and run in enforcing mode on all of your VMs. You may need to
configure the SELinux booleans accordingly.
• You Your VM1 should must use iptables.service and VM2 to VM4 must use firewalld.service as their firewall. For firewalld.service, the ens192 interface should be set up in the 'public' zone and the ens224 interface should be set up in the ‘work’ zone. In addition to ssh traffic, your firewalls should only allow the traffic necessary to fulfil the roles described above.
==Method of implementation==
* All Do not configure the required services manually with CLI, all the configuration must be done by using one of the following automation framework:
** customized bash script with ssh, or
** fabric tasks, or