Setup Vagrant¶
การทดสอบการสร้าง virtual machine ด้วย vagrant
$ mkdir lab
$ cd lab
$ vim vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
$script = <<SCRIPT
yum update -y
SCRIPT
Vagrant.configure(2) do |config|
config.vm.define :client do |node|
node.vm.box = "centos/7"
node.vm.hostname = "client.example.com"
node.vm.provision :shell, :inline => "echo root:linux | chpasswd"
node.vm.provision :shell, :inline => $script
node.vm.network :private_network, :ip => "10.20.30.40"
node.vm.provider :libvirt do |domain|
domain.cpus = 2
domain.memory = 2048
end
end
config.vm.define :server do |node|
node.vm.box = "centos/7"
node.vm.hostname = "server.example.com"
node.vm.provision :shell, :inline => "echo root:linux | chpasswd"
node.vm.provision :shell, :inline => $script
node.vm.network :private_network, :ip => "10.20.30.41"
node.vm.provider :libvirt do |domain|
domain.cpus = 2
domain.memory = 2048
domain.storage :file, :size => '20G'
domain.storage :file, :size => '20G'
domain.storage :file, :size => '20G'
end
end
end
ใช้คำสั่ง vagrant up
$ vagrant up --provider libvirt
$ vagrant status
Current machine states:
client running (libvirt)
server running (libvirt)
การเข้าไปยัง vm ให้ใช้ vagrant ssh โดยให้เปิด terminal 2 terminal
Terminal1:
vagrant ssh client
[vagrant@client ~]$ ssh vagrant@10.20.30.41
The authenticity of host '10.20.30.41 (10.20.30.41)' can't be established.
ECDSA key fingerprint is 5a:f0:f3:a2:a8:a9:de:d9:2b:89:4b:5b:f6:f4:9e:51.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.20.30.41' (ECDSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Terminal2:
vagrant ssh server
[vagrant@server ~]$ sudo su -
[root@server ~]# vi /etc/ssh/sshd_config +79
PasswordAuthentication yes
[root@server ~]# systemctl restart sshd
Terminal1:
vagrant ssh client
[vagrant@client ~]$ ssh vagrant@10.20.30.41
vagrant@10.20.30.41's password:
Last login: Tue Oct 11 13:38:00 2016 from 10.20.30.40
[vagrant@server ~]$ hostname
server.example.com
ตั้งค่า ให้กับ /etc/hosts โดยให้ทำทั้ง 2 เครื่อง
Terminal1,Terminal2:
sudo su -
HOST=$(cat << HOST
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.20.30.40 client.example.com client
10.20.30.41 server.example.com server
HOST
)
echo "$HOST" > /etc/hosts
cat /etc/hosts
ทำการทดสอบ ping
ping server -c 4
ping client -c 4
สร้าง rsa key บนเครื่อง client แล้วส่งไปที่ เครื่องserver ด้วยคำสั่ง
Terminal1:
[vagrant@client ~]$ ssh-keygen -t rsa -b 4096 -C "Client"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vagrant/.ssh/id_rsa.
Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.
The key fingerprint is:
a8:13:11:42:3a:d3:70:b8:5a:66:a9:09:3b:75:64:b5 Client
The key's randomart image is:
+--[ RSA 4096]----+
|.o+ ... |
|.= .o. . |
|+..+. E |
|oo* .. . |
|oO .. . S |
|* o |
| . o |
| . |
| |
+-----------------+
ทำการ copy key ไปยังเครื่อง server
Terminal1:
[vagrant@client ~]$ ssh-copy-id server
The authenticity of host 'server (10.20.30.41)' can't be established.
ECDSA key fingerprint is 5a:f0:f3:a2:a8:a9:de:d9:2b:89:4b:5b:f6:f4:9e:51.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
vagrant@server's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'server'"
and check to make sure that only the key(s) you wanted were added.
ทดสอบ ssh ไปยัง server:
[vagrant@client ~]$ ssh server
Last login: Tue Oct 11 14:49:04 2016 from 10.20.30.40
[vagrant@server ~]$ hostname
server.example.com
ตั้งค่า network service:
sudo systemctl start network
sudo systemctl enable network
sudo systemctl disable NetworkManager
sudo systemctl stop NetworkManager
ตั้งค่า Timeserver (Terminal 2 ):
$ sudo yum install chrony -y
$ sudo vi /etc/chrony.conf
//เปลี่ยนแปลง time server
server 1.th.pool.ntp.org iburst
server 0.asia.pool.ntp.org iburst
server 2.asia.pool.ntp.org iburst
//อนุญาติให้เครื่องในวง 10.20.30.0/24 สามารถ syncได้
allow 10.20.30.0/24
$ sudo systemctl restart chronyd
$ chronyc source
210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- ntp02.cpe.rmutt.ac.th 2 6 7 1 -16ms[ -11ms] +/- 225ms
^* time1.isu.net.sa 1 6 7 0 +5882us[ +11ms] +/- 140ms
^+ 202-65-114-202.jogja.citr 2 6 7 1 -13ms[-7965us] +/- 93ms
ตั้งค่า Timeserver (Terminal 1 ):
sudo yum install chrony -y
vi /etc/chrony.conf
//เปลี่ยนแปลง time server ให้ชื้ไปยัง server
server 10.20.30.41 iburst
sudo systemctl restart chronyd
$ chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 10.20.30.41 3 6 1 1 +6209us[+6209us] +/- 84ms