106
edits
Changes
no edit summary
1. Set up two VMs on separate physical machines using '''KVM-QEMU''', both serving the same web content on a non-public network. Configure these machines for fail-over, so that if one goes offline, the other one will take over for it. 2. On a third physical machine, set up a VM with a publicly-accessible way to reach the web content. 3. Configure each VM to start automatically when the host boots. Ensure that the hosts and the VMs are well-secured (no unnecessary services, SELinux enabled, and so forth). 4. Document the solution, and ensure that everyone on the team is able to recreate or extend the solution if needed. = Team B Teams Solution = Both team A and B implemented very similar solutions, so this is a refined and combined version of the solutions provided by both teams.
== Setup VMs ==
* Since the VMs will not be performing extensive computing, RAM was set to 4096MB and CPU cores was set to 2.
=== Forbid SSH Login As Root User ===
Inside the VM, do the following:
1. Edit the <code>/etc/ssh/sshd_config</code> file to update or add <code>PermitRootLogin no</code>.
2. Restart the SSH server with <code>systemctl restart sshd</code>.
=== Enable AutoStart ===
Once a VM is running, using virt-manager:
1. Right click on the VM and select '''open'''.
2. In the newly opened window, go to '''hardware details''' (light bulb icon) and select '''Boot Options'''.
3. Tick the '''Autostart''' box to enable starting the VM on host boot up.
=== Known Problems ===
* Confirm the web page is accessible to a machine within the subnet.
* Confirm the web page is '''NOTnot''' accessible to a machine outside the subnet.
5. When the firewall setting are satisfactory, use <code>sudo firewall-cmd --runtime-to-permanent</code> to permanently apply the changes.
6. Confirm access to the public-facing VM from outside of the subnet is available with <code>curl [IP_address_of_the_public-facing_VM]</code>; the curl command should return the content served by the Apache Server VMs.