Mixing it up a bit and working in PowerShell to get some things done in Windows, I was cleaning up our lab and worked on a small script to remove DNS records (A and PTR). Nothing special, but loops through a CSV file to get the record and remove it.
So here is the snippet:
sl ".\Desktop\dnsRecords"
$servers = Import-Csv .\hostRecords.csv
ForEach ($server in $servers) {
$a = Get-DnsServerResourceRecord -RRType "A" -Name $server.hostname -ZoneName "in.lab" `
-Verbose -ErrorAction SilentlyContinue
$ipAddress = (($a.RecordData).IPv4Address).IPAddressToString
$arpa = $ipAddress -replace '^(\d+)\.(\d+)\.(\d+)\.(\d+)$','$3.$2.$1.in-addr.arpa'
$srv = $ipAddress -replace '^(\d+)\.(\d+)\.(\d+)\.(\d+)$','$4'
$ptr = Get-DnsServerResourceRecord -RRType "PTR" -Name "$srv" -ZoneName "$arpa" `
-Verbose ` -ErrorAction SilentlyContinue
Remove-DnsServerResourceRecord -RRType "PTR" -Name "$srv" -ZoneName "$arpa" `
-Verbose -ErrorAction SilentlyContinue -Confirm:$false -Force
Remove-DnsServerResourceRecord -RRType "A" -Name $server.hostname -ZoneName "in.lab" `
-Verbose -ErrorAction SilentlyContinue -Confirm:$false -Force
}
Basically it gets the A record and converts it into the PTR record and removes both. There is probably a cleaner way to do it, but thought it was useful to share. Hope it helps. Enjoy!
Thursday, February 22, 2018
Tuesday, February 20, 2018
CentOS Dual Network Setup
In our work environment we have a few Red Hat 6 virtual machines that have a dual nic setup. They were setup well before my time at the company, and they can't reach the outside world, meaning no updates and no registration. So, I decided to do some testing with a machine in Virtual Box.
Here is my setup, eth0 (NAT network 10.0.2.1), and eth1 (Host Only Network 192.168.56.0)
Default gateway will be 10.0.2.2 on the Virtual Box NAT network, and traffic originated from the machine will go out this interface, but replies will go out the same interface the request came to.
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 0.0.0.0 255.255.255.240 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
ip route
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.0.2.2 dev eth0
Edit eth0's config file. It is safe to give the machine a static IP from the NAT network, I haven't had any issues with it. You can leave this as DHCP for testing, but not recommended in production.
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
HWADDR=08:00:27:0D:24:6B
IPADDR=10.0.2.15
NETMASK=255.255.255.0
GATEWAY=10.0.2.2
NETWORK=10.0.2.1
BROADCAST=10.0.2.255
ifup eth0
cat /etc/iproute2/rt_tables
echo "# dual nic-gateway below" >> /etc/iproute2/rt_tables
echo "10 eth0table" >> /etc/iproute2/rt_tables
cat /etc/iproute2/rt_tables
Temporarily add the routes for eth0 to the route table:
ip route add 10.0.2.1/24 dev eth0 src 10.0.2.15 table eth0table
ip route add default via 10.0.2.2 dev eth0 table eth0table
ip rule add from 10.0.2.15/32 table eth0table
ip rule add to 10.0.2.15 table eth0table
ip route flush cache
To make it persist upon reboot, create the files route-eth0 and rule-eth0, then append the following lines.
vi /etc/sysconfig/network-scripts/route-eth0
10.0.2.2 dev eth0 src 10.0.2.15 table eth0table
default via 10.0.2.2 dev eth0 table eth0table
vi /etc/sysconfig/network-scripts/rule-eth0
from 10.0.2.15/32 table eth0table
to 10.0.2.15 table eth0table
vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
HWADDR=08:00:27:C7:DB:82
IPADDR=192.168.56.15
NETMASK=255.255.255.0
#GATEWAY=192.168.56.1
NETWORK=192.168.56.0
BROADCAST=192.168.56.255
ifup eth1
Add the table for eth1 to the rt_tables file for iproute2
echo "# dual nic-gateway below" >> /etc/iproute2/rt_tables
echo "11 eth1table" >> /etc/iproute2/rt_tables
cat /etc/iproute2/rt_tables
Temporarily add the routes for eth1 with the following commands:
ip route add 192.168.56.1/24 dev eth1 src 192.168.56.15 table eth1table
ip route add default via 192.168.56.1 dev eth1 table eth1table
ip rule add from 192.168.1.39/32 table eth1table
ip rule add to 192.168.1.39 table eth1table
ip route flush cache
To make it persist upon reboot, create the files route-eth0 and rule-eth0, then append the following lines
vi /etc/sysconfig/network-scripts/route-eth1
192.168.56.1 dev eth1 src 192.168.56.15 table eth1table
default via 192.168.56.1 dev eth1 table eth1table
vi /etc/sysconfig/network-scripts/rule-eth1
from 192.168.56.15/32 table eth1table
to 192.168.56.15 table eth1table
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 0.0.0.0 255.255.255.240 U 0 0 0 eth0
192.168.56.0 0.0.0.0 255.255.255.240 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
ip route
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
192.168.0.56/24 dev eth1 proto kernel scope link src 192.168.56.15
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
default via 10.0.2.2 dev eth0
That completes the setup. To test, you can ping using the source interface where eth0 should not be able to ping anything on eth1 and vice versa. Then make sure the default gateway stays with:
service network restart
Here is my setup, eth0 (NAT network 10.0.2.1), and eth1 (Host Only Network 192.168.56.0)
Default gateway will be 10.0.2.2 on the Virtual Box NAT network, and traffic originated from the machine will go out this interface, but replies will go out the same interface the request came to.
eth0
View the current route tables, prior to setting up the second interfaceroute -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 0.0.0.0 255.255.255.240 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
ip route
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.0.2.2 dev eth0
Edit eth0's config file. It is safe to give the machine a static IP from the NAT network, I haven't had any issues with it. You can leave this as DHCP for testing, but not recommended in production.
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
HWADDR=08:00:27:0D:24:6B
IPADDR=10.0.2.15
NETMASK=255.255.255.0
GATEWAY=10.0.2.2
NETWORK=10.0.2.1
BROADCAST=10.0.2.255
ifup eth0
cat /etc/iproute2/rt_tables
echo "# dual nic-gateway below" >> /etc/iproute2/rt_tables
echo "10 eth0table" >> /etc/iproute2/rt_tables
cat /etc/iproute2/rt_tables
Temporarily add the routes for eth0 to the route table:
ip route add 10.0.2.1/24 dev eth0 src 10.0.2.15 table eth0table
ip route add default via 10.0.2.2 dev eth0 table eth0table
ip rule add from 10.0.2.15/32 table eth0table
ip rule add to 10.0.2.15 table eth0table
ip route flush cache
To make it persist upon reboot, create the files route-eth0 and rule-eth0, then append the following lines.
vi /etc/sysconfig/network-scripts/route-eth0
10.0.2.2 dev eth0 src 10.0.2.15 table eth0table
default via 10.0.2.2 dev eth0 table eth0table
vi /etc/sysconfig/network-scripts/rule-eth0
from 10.0.2.15/32 table eth0table
to 10.0.2.15 table eth0table
eth1
Edit the config file for eth1, setting a static IP address and commenting out the gateway. If the gateway is not commented out, then anytime the network service restarts or the machine reboots it will set that as the default gateway.vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
HWADDR=08:00:27:C7:DB:82
IPADDR=192.168.56.15
NETMASK=255.255.255.0
#GATEWAY=192.168.56.1
NETWORK=192.168.56.0
BROADCAST=192.168.56.255
ifup eth1
Add the table for eth1 to the rt_tables file for iproute2
echo "# dual nic-gateway below" >> /etc/iproute2/rt_tables
echo "11 eth1table" >> /etc/iproute2/rt_tables
cat /etc/iproute2/rt_tables
Temporarily add the routes for eth1 with the following commands:
ip route add 192.168.56.1/24 dev eth1 src 192.168.56.15 table eth1table
ip route add default via 192.168.56.1 dev eth1 table eth1table
ip rule add from 192.168.1.39/32 table eth1table
ip rule add to 192.168.1.39 table eth1table
ip route flush cache
To make it persist upon reboot, create the files route-eth0 and rule-eth0, then append the following lines
vi /etc/sysconfig/network-scripts/route-eth1
192.168.56.1 dev eth1 src 192.168.56.15 table eth1table
default via 192.168.56.1 dev eth1 table eth1table
vi /etc/sysconfig/network-scripts/rule-eth1
from 192.168.56.15/32 table eth1table
to 192.168.56.15 table eth1table
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 0.0.0.0 255.255.255.240 U 0 0 0 eth0
192.168.56.0 0.0.0.0 255.255.255.240 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
ip route
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
192.168.0.56/24 dev eth1 proto kernel scope link src 192.168.56.15
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
default via 10.0.2.2 dev eth0
That completes the setup. To test, you can ping using the source interface where eth0 should not be able to ping anything on eth1 and vice versa. Then make sure the default gateway stays with:
service network restart
Sunday, February 11, 2018
Install VBox Additions on CentOS
After installing a GUI on a CentOS install in VirtualBox, you may want to install the VirtualBox Guest Additions to help with the display and using paste between the guest OS and host. The install requires the building of kernel modules with dkms (Dynamic Kernel Module Support) which simplifies kernel upgrades. Installing DKMS from the EPEL repository is recommended prior to installing the guest additions.
yum install dkms
Installing dkms may pull some other dependencies, which is all dependent on the source. If DKMS is not used then Guest Additions will need to be reinstalled after every kernel update.
Install the development environment and kernel source:
yum groupinstall "Development Tools"
yum install kernel-devel
After the above command completes, select Install Guest Additions.... with GUI version the CD image will automount. If autorun is enabled in a GUI you may get a popup asking if you want to let the autorun execute, and asking for root authorization. Use all the defaults and the install should complete.
The Guest Additions can also be installed if there is no GUI, or if there is no autorun, as root mount /dev/cdrom or /dev/sr0 (if necessary) and cd to the mountpoint. Type ./VBoxLinuxAdditions.run to start the install.
yum install dkms
Installing dkms may pull some other dependencies, which is all dependent on the source. If DKMS is not used then Guest Additions will need to be reinstalled after every kernel update.
Install the development environment and kernel source:
yum groupinstall "Development Tools"
yum install kernel-devel
After the above command completes, select Install Guest Additions.... with GUI version the CD image will automount. If autorun is enabled in a GUI you may get a popup asking if you want to let the autorun execute, and asking for root authorization. Use all the defaults and the install should complete.
The Guest Additions can also be installed if there is no GUI, or if there is no autorun, as root mount /dev/cdrom or /dev/sr0 (if necessary) and cd to the mountpoint. Type ./VBoxLinuxAdditions.run to start the install.
Saturday, February 10, 2018
CentOS7 Server with GUI
Most of my CentOS installs are minimal, and only a terminal. I did however recently require an install with a Gnome, but did not want to have everything that comes installed with the desktop selection. So, in VirtualBox I installed the minimal version and ran:
yum update -y
After the update was complete, I proceeded to install Gnome with the following:
yum group list
The output should be similar to what is listed below. Looking thorough the list, there are two versions you can choose after the minimal server install.
Available Environment Groups:
Minimal Install
Compute Node
Infrastructure Server
File and Print Server
Basic Web Server
Virtualization Host
Server with GUI
GNOME Desktop
KDE Plasma Workspaces
Development and Creative Workstation
Available Groups:
Compatibility Libraries
Console Internet Tools
Development Tools
Graphical Administration Tools
Legacy UNIX Compatibility
Scientific Support
Security Tools
Smart Card Support
System Administration Tools
System Management
Done
Selecting "Server with GUI", will add Gnome without all the additions in the desktop version. To install the environment group run:
yum groupinstall "Server with GUI"
After the previous command completes the next thing to do is enable the GUI on startup by running the following, and then reboot:
ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target
After the system reboots, accept the license.
yum update -y
After the update was complete, I proceeded to install Gnome with the following:
yum group list
The output should be similar to what is listed below. Looking thorough the list, there are two versions you can choose after the minimal server install.
Available Environment Groups:
Minimal Install
Compute Node
Infrastructure Server
File and Print Server
Basic Web Server
Virtualization Host
Server with GUI
GNOME Desktop
KDE Plasma Workspaces
Development and Creative Workstation
Available Groups:
Compatibility Libraries
Console Internet Tools
Development Tools
Graphical Administration Tools
Legacy UNIX Compatibility
Scientific Support
Security Tools
Smart Card Support
System Administration Tools
System Management
Done
Selecting "Server with GUI", will add Gnome without all the additions in the desktop version. To install the environment group run:
yum groupinstall "Server with GUI"
After the previous command completes the next thing to do is enable the GUI on startup by running the following, and then reboot:
ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target
After the system reboots, accept the license.
Afterwards you you may need to do some other configuration tasks, like creating local account if you already haven't created an administrator other than root. Then you will be taken to the desktop.
Subscribe to:
Posts (Atom)