13,420
edits
Changes
no edit summary
{{Admon/important|This is NOT Assignment 1 Part 2!|This is the '''ROUGH WORK''' for Murray Saul's section for OPS335 Assignment 1 - Part 2. These assignment specifications are NOT complete. <br><br>Once the assignment specifications are ready, then a link will appear in the [https://wiki.cdot.senecacollege.ca/wiki/OPS335 Main OPS335 WIKI] .}}<br><br>
== Purpose ==
== General Requirements ==
'''Weight''': 57% of the overall grade
'''Due Date''': During Week 6 9 (in class)
=== Virtual Set-up Master Name Server ('''balsam''')=== Perform the following steps for this section: #Create a clone virtual machine called '''balsam''' from the '''seedling''' cloning-source. Refer to the table below for '''address''' and '''hostname'''.#Create a '''regular user''' for this virtual machine using '''your Seneca userID'''.#Setup a DNS server on your '''balsam''' virtual machine with noting the following items below:<ol type="a"><li>This virtual machine will be the '''Master DNS server'''.</li><li>This machine will provide '''forward''' and '''reverse''' lookups of ALL virtual machines in the '''coniferous.trees.ops''' zone, including resource records for virtual machines that do not currently exist.</li><li> Make certain to include an '''MX record''' for your admin e-mail contact: '''yoursenecaid@coniferous.trees.ops'''</li><li>This machine will allow other machines (outside the '''coniferous.trees.ops.''' zone) to perform DNS lookups among ALL virtual machines within the '''coniferous.trees.ops''' network.</li><li>Any machine in the '''coniferous.trees.ops''' network may use this machine to perform queries of machines outside the network, however it will route all such queries through the DNS server you created in lab #3.</li></ol> === Set-up Slave Name Server ('''spruce''') === Perform the following steps for this section: #Create a clone virtual machine called '''spruce''' from the '''seedling''' cloning-source. Refer to the table below for '''address''' and '''hostname'''.#Create a '''regular user''' for this virtual machine using '''your Seneca userID'''.#Setup a DNS server on your '''spuce''' virtual machine with noting the following items below:<ol type="a"><li>This virtual machine will be the '''Slave DNS server''' (in case the Master Name Server goes down).</li><li>This virtual machine will obtain its zone files by copying them from the Master Name Server.</li><li>This Slave DNS server will check for updated records from the Master DNS server every day. If the initial attempt fails, then it will attempt every hour until it succeeds.</li><li>This machine will provide '''forward''' and '''reverse''' lookups of ALL virtual machines in the '''coniferous.trees.ops''' zone, the zone files for which will be obtained from '''balsam.coniferous.trees.ops'''.</li><li>Only machines within the '''coniferous.trees.ops''' domain will be allowed to query this machine.</li><li>This machine will not provide recursive lookup capabilities for any machines.<br><br></li></ol> === Network Configuration ===
=== Table of Virtual Machines / DNS Records ===
|-style="background-color:# Don't make the virtual drive too big: you will need space for it as well as space for the clones you from your cloning source<br>(2GB should be enough for any cloning source and clone VM that you create for this assignment).66cccc;"# Make certain that you can login to your cloning source. The minimum commands required are: | '''hostseedling.coniferous.trees.ops''', || '''dig172.30.20.100''', || '''netstat''', '''linksCloning-source'''.# Do not install software on your cloning source: you are expected used to install create other servers for other software on your "cloned" VMs insteadassignments. For example, if you are required to install bind in a clone, install it in the clone as opposed to the |-style="cloning sourcebackground-color:#66cccc;".# Configure your network with a static configuration. Refer to the table below for IP address and hostname.# Make certain that you have | '''iptables'balsam.coniferous.trees.ops'' services enabled and running instead of '|| 'Firewalld''172. The default rules should suffice30.# If you have created a regular user when you installed the machine, delete that regular user (you are to use only the root account)20.# Set up an SSH server on this "cloning source". Make sure that the root account is only permitted to log in using key authentication. If user users are required to be created later, they should be permitted to log in with a their username and password.# Generate a new key pair on your Host Machine (don2'''t delete the existing one), called: || '''id_rsa_asg1Master'''# Make sure you can log in from your regular user on your Host Machine to root on the "cloning source" virtual machine using specifically that key.# Do not place that newly-generated private key on the "cloning source" VM.Name Server
|-style="background-color:#66cccc;"
| '''spruce.coniferous.trees.ops''' || '''172.30.20.3''' || '''Slave''' Name Server
|- style="background-color:white;"
| '''pine.coniferous.trees.ops''' || ''' 172.30.20.5''' || '''SMTP''' mail Server
|- style=== Clone "ns1background-color:white;" VM from | '''fir.coniferous.trees.ops''' || '''172.30.20.6''' || '''IMAP''' mail Server|- style="Cloning Sourcebackground-color:white;" & Perform Setup Tasks===|'''bristlecone.coniferous.trees.ops''' || '''172.30.20.8''' || '''Samba''' Server|}
*Download and run a shell script to check your work (Depending on your OPS335 Instructor):
::'''Murray Saul's Classes (Sections A & B):'''<ol><li>Login as '''root''' on your '''host''' machine.</li><li>Change to the '''/root/bin''' directory.</li><li>Make certain that both your '''balsam''' and '''spruce''' virtual machines are running.<li>Issue the command to download a checking script for your assignment to your '''host''' machine: <source>wget http://matrix.senecac.on.ca/~murray.saul/ops335/check-assn1-p2.bash</source></li><li>Set execute permissions and run the command: '''/root/bin/check-assn1-p2.bash'''<br>(You shell script contents will be mailed to your Seneca email and to your OPS335 instructor's Seneca email. If you do '''NOT''' receive an e-mail message in your Seneca email account, then there is a problem, and you '''MUST''' rerun or contact your OPS335 instructor immediately.<br><br></li></ol>
*'''Additional Assignment Information:'''<ol type="a"><li>This assignment is to be completed individually. '''Group submissions are not allowed'''.</li><li>You are NOT allowed to use local hostname resolution (i.e. no entries in your '''/etc/hosts''' file).<li>Test your machine to make sure it works. If a machine is not accessible (e.g. will not boot, can not be accessed through ssh from your host, etc.), or is otherwise non-functional, you may be told to '''resubmit'''.</li><li>'''Late submissions are a subject to a penalty of 10% per day'''.</li><ol>
=== Reference Materials: List of Machines / DNS Records =Evaluation Rubric==
{| class="wikitable"width=60%! Name !! Address !! Purpose|-| colspan=2 style="text-align:center;background-color:#cccccc;" |'''Student Demonstration (in class)'''|-| style="font-weight:bold" | Evaluation Item | width=10% style="text-align:right;font-weight:bold" | Mark|-| ::'''balsam''' and '''spruce''' VMs created| style="text-align:right" | /1|-| ::'''balsam''' and '''spruce''' VMs can connect to Internet| style="text-align:right" | /1|-| ::'''balsam''' and '''spruce''' VMs can perform '''DNS queries outside network'''| style="text-align:right" | /1|-| ::'''balsam''' and '''spruce''' VMs can perform '''forward DNS lookups''' for ALL machines within network| style="text-align:right" | /1|-| ::'''balsam''' and '''spruce''' VMs can perform '''reverse DNS lookups''' for ALL machines within network| style="text-align:right" | /1|-| colspan=2 style="text-align:center;background-color:#cccccc;" |'''Configuration (Checking Script Output)'''|-| style="font-weight:bold;" | Evaluation Item | width=10% style="text-align:right;font-weight:bold" | Mark
|-
| colspan=2 | '''host.ops335a1.orgMaster Name Server (balsam) - General Configuration''' || 10.161.X.1 || Your host machine
|-
| '''ns1.ops335a1.org''' ::Domain set|style="text-align:right" | 10.161.X.2 || Master name server/1
|-
| '''ns2.ops335a1.org''' ::Has correct ip addresses|style="text-align:right" | 10.161.X.3 || Slave name server/1
|-
| file.ops335a1.org ::Default gateway set|style="text-align:right" | 10.161.X.4 || File server/1
|-
| www.ops335a1.org ::DNS1 set|style="text-align:right" | 10.161.X.5 || Web server/1
|-
| ::DNS2 set| style="text-align:right" | /1|-| colspan=2 | '''Master Name Server (balsam) - Named Configuration'''source|-| ::Zone transfer (to slave DNS server) limited to spruce only| style="text-align:right" | /2|-| ::Forwards to VM1| style="text-align:right" | /2|-| ::Recursion limited to coniferous| style="text-align:right" | /2|-| ::coniferous.trees.ops forward lookup| style="text-align:right" | /3|-| ::Server is master for coniferous.ops335a1trees.orgops| style="text-align:right" | /2|-| ::NS records in forward zone| style="text-align:right" | /1|-| ::No extra NS records| style="text-align:right" | /1|-| ::Refresh timer set| style="text-align:right" | /1|-| ::Retry timer set| style="text-align:right" | /1|-| ::A records| style="text-align:right" | /3|-| ::spiral.galaxies.ops reverse lookup| style="text-align:right" | /3|-| ::Server is master for 172.30.20| style="text-align:right" | /1|-| ::NS records in 20.30.172| style="text-align:right" | /2|-| ::No extra NS records| style="text-align:right" | /1|-| ::PTR records| style="text-align:right" | /3|-| ::Hierarchy to sub-domain| style="text-align:right" | /3 |-| colspan=2 | '''Slave Name Server (spruce) - General Configuration' ''|-| ::Domain set| style="text-align:right" | /1|-| ::Has correct ip addresses| style="text-align:right" | /1|-| ::Default gateway set| style="text-align:right" | /1|-| ::DNS1 set| style="text-align:right" | /1|-| ::DNS2 set| style="text-align:right" | /1|-| colspan=2 | '''Slave Name Server (spuce) - Named Configuration'''|-| ::Queries limited to coniferous.trees.ops| style="text-align:right" | /2|-| ::Non-recursive| style="text-align:right" | /1|-| ::coniferous.trees.ops forward lookup| style="text-align:right" | /3|-| ::Server is slave for coniferous.trees.ops| style="text-align:right" | /1|-| ::Master for coniferous.trees.ops set| style="text-align:right" | /1|-| ::coniferous.trees.ops reverse lookup| style="text-align:right" | /3|-| 10::Server is slave for 172.30.16120| style="text-align:right" | /1|-| ::Master for 172.X30.254 20 set| style="text-align:right" | /1|-| ::Zone transfer works| style="text-align:right" | /4|-| colspan=2 | Disk image '''Firewall policies'''|-| ::queries allowed| style="text-align:right" | /2|-| ::queries limited to clone from when creating new machines.coniferous| style="text-align:right" | /1|- |'''Less Deductions (half-mark for EACH VM)::*'''SELinux''' NOT Enforcing:*'''VM hostname''' NOT set:*firewalld '''enabled''' / '''running''':*iptables '''disabled''' / '''not running''':*No Yum update</li><li>Named NOT active:*local hostname resolution remaining in '''/etc/hosts'''| |-| '''TOTAL''' | style="text-align:right" | '''/64'''
|}