Lab Environment Setup Pt. 2

Before I was going to stand up my XenServer host, I needed some network storage for installation ISOs, virtual disks (potentially), and other random stuff. I decided to stand up a CentOS 7 NFS server for that purpose.

To start, I pulled down the minimal CentOS 7 ISO and made a bootable USB drive using dd:

$ sudo dd if=/home/jmehl/Downloads/nameofCentOSISO.iso of=/dev/sdb status=progress && sync

 

I ended up installing the CentOS instance on the ThinkServer from my last post. Once it was installed, I performed my usual initial configuration on CentOS/RHEL servers:

  • Configured .vimrc – very important 😉
    • set number          # shows line numbers by default
    • syntax on              # turns on syntax highlighting by default
  • Configured hostname:
    • $ sudo hostnamectl nfs-server
  • Setup static networking:
    • $ sudo vim /etc/sysconfig/network-scripts/ifcfg-eno1
    • Change BOOTPROTO to static
    • Add the following lines:
      • IPADDR= your ip address
      • NETMASK= your subnet mask
      • DNS1= your primary DNS IP
      • GATEWAY= your default gateway IP
      • ONBOOT=yes
  • Setup key authentication with SSH from my management machine:
    • From my management machine:
      • $ ssh-keygen        # This will place newly generated keys in ~/.ssh
      • $ ssh-copy-id jmehl@nfs-server   # copies my local public key over to the nfs-server (in jmehl’s ~/.ssh/authorized_keys file). You must supply the login credentials of the jmehl account here.
      • $ ssh jmehl@nfs-server     # should log in without password prompt
    • Once you are logged in, we should harden the sshd_config a little:
      • $ sudo vim /etc/ssh/sshd_config
      • Uncomment #PermitRootLogin no
      • Change #PasswordAuthentication yes to PasswordAuthentication no 
      • $ sudo systemctl restart sshd.service
  • Patch the system fully:
    • $ sudo yum update -y && sudo yum upgrade -y

Now that the server is set up, I started on the NFS configuration. I started by installing the nfs-utils package:

$ sudo yum install -y nfs-utils

 

Make the share directory:

$ sudo mkdir /var/nfs_share

 

Enable the nfs-server service:

$ sudo systemctl enable nfs-server

 

Start the nfs-server service:

$ sudo systemctl start nfs-server

 

Alter the permissions on the share directory:

$ sudo chmod -R 777 /var/nfs-share

 

In general, chmod 777 is a bad idea. Since this was a lab environment, I didn’t care too much. If you’re ever performing something like this in a production environment, or just want to learn how a secure NFS setup works, Red Hat has an awesome write-up.

Add to the /etc/exports file:

/var/nfs_share *(rw,sync,no_root_squash,no_all_squash)

 

Just as a note, I ran into a problem with my /etc/exports that turned out it was because I had put spaces in between my export options. There are no spaces between any options!

Another side note, this /etc/exports line is basically allowing access to the /var/nfs_share directory from any requesting client (hence the wildcard *). Not recommended for secure environments.

Update the local NFS file system table:

$ sudo exportfs -a

 

Allow nfs traffic through firewalld:

$ sudo firewall-cmd --permanent --zone=public --add-service=nfs

 

Update firewalld config:

$ sudo firewall-cmd --reload

 

Restart the nfs-server service:

$ sudo systemctl restart nfs-server

 

Now that the NFS server is configured properly, we can test the connection from any given client on the local network by attempting to locally mount the shared directory:

$ sudo mount -t nfs nfs-server:/var/nfs_share /mnt

 

This will mount the shared directory /var/nfs_share locally on your machine under /mnt.

If you want that share to be mounted persistently on the client (across reboots), add the following to /etc/fstab:

nfs-server:/var/nfs_share /mnt nfs rw,sync,hard,intr 0 0

 

Now that there is network storage for our VMs, next time, we can setup the XenServer host!

rofi-grey Theme

Spent a while creating a rofi color scheme today, so I uploaded my .Xresources to my github. The theme is essentially a basic grey theme, designed for working with my current XFCE4 setup, with the Xfce-dusk GTK theme.

https://github.com/mehlsec/rofi-grey

I have an XFCE4 keybinding to the Windows button on my keyboard (I know, heresy) that calls rofi in run mode, specifying the path to my .Xresources as the config file as well. The full command is:

$ rofi -config ~/.Xresources -show run