System Administrator Laboratory 102-1

System Administrator Laboratory

This is an apple!.

Last Update: 2015-09-26 00:16:53

Course Information

Homework

LVM and KVM

Description

In this project you need to build a VM for the following homeworks.

Info If you are not familiar with LVM, KVM(virt-install, virsh), you can see the references, google it, or discuss with anybody.

Deadline

2013/10/07

Requirements

  • A LVM logical volume under VG vmvg
    • Name with your student ID.
    • Size less than 30G.
  • A fully operating Debian virtual machine
    • Memory 2G.
    • Network interface bridged to br0.
    • Disk bound to your LV (Logical Volume).
    • Text console ONLY, no graphical interfaces (don't install desktop environment).
    • Package repository set to testing distribution, and should be up-to-date.
    • Able to connect to console by using virsh console <vmname>.
    • Able to connect to your VM via IPv6 on CSIE workstations.

Instruction

Be careful! Don't effect other users.
  1. Login to intern.csie.ntu.edu.tw with your student ID.
  2. Use lvcreate to create your own LV (Logical Volume).
  3. Use virt-install command to build your own VM.
  4. Run updates.
  5. Test ssh connection.
  6. You have done!! Congratulations!!

Reference

Hint

  • Some parameter you may use in virt-install:
    --connect
    --name
    --ram
    --network
    --nographics
    --extra-args console=ttyS0
    --disk
    --location http://debian.csie.ntu.edu.tw/debian/dists/Debian7.1/main/installer-amd64/

LDAP

Description

In this project you need to build a LDAP server and remote login with your LDAP account.

Deadline

2015/??/??

Requirements

  • A LDAP server under your VM.
    • Root domain name isdc=<student ID>,dc=csie,dc=ntu,dc=edu,dc=tw
  • Create an account that can remote-login by ssh.
    • Account Name:ta217
    • Password:SAL2013
    • Change the permission of attribute homeDirectory that the value can be read only by admin or yourself.
    • You must do some modify on pam such that we can use passwd to change LDAP password.

Additional Requirements for 2014

  • Make sure that LDAP users can change their password using passwd
  • Automatically create home directory when logging in if it does not exist.
    • Path:/home/ldapuser/<account>
  • Modify default files added to user home directories
    • Hint:/etc/skel

Additional Requirements for 2015

  • Install another VM
  • Configure LDAP login on your second VM
  • Allow users to use different login shells on the first and the second VM
    • Hint:/usr/local/etc/nslcd.confon bsd*.csie.ntu.edu.tw
  • Add a group called sysadmin in LDAP and allow users in it use sudo
    • Hint:ldapsearch -x cn=linuxadminandldapsearch -x cn=bsdadmin

Hint

  • Don't add backend.
  • You can try these on 217 workstation (linux*.csie.ntu.edu.tw, bsd*.csie.ntu.edu.tw):
    • ldapsearch -x uid=<student id>
    ldapvi -Z --tls never -D uid=<student id>,ou=People,dc=csie,dc=ntu,dc=edu,dc=tw
  • Installation hint:
    • dpkg-reconfigure debconf
    • ldapscripts
    • ldapsearch/ldapvi to test LDAP
    • id to test NSS
    • ssh login to test PAM

Instruction

Follow the instruction in the slides

Reference

NFS

Description

The project is pretty easy. You will know how to build the NFS server and client.

Deadline

2013/11/11

Requirements

  • Build your second kvm machine with name <studentID>-2 that can login by your LDAP accounts.
  • Build a NFS server on your first machine, export your /home folder, and mount /home forder on your second machine using automount.

Reference

  • Vbird NFS
  • You can see /etc/auto.* on linuxX as reference.

Web server

Description

In this homework, you will learn

  1. How to build web server with apache2 and lighttpd, and modify thier configuration.
  2. How to use php/mysql.
  3. Writing php page and link with mysql database.

Deadline

2013/12/02

Requirements

In this homework, please work on your first machine.

  • Install apache2 and lighttpd.
  • Modify the apache2/lighttpd configuration
    • Make apache2 only serve https on port 443. ( DocumentRoot/ is /var/www )
    • Make lighttpd only serve http on port 80. ( DocumentRoot/ is /var/www )
    • Enable userdir module in both http/https services.
      Request /~USER/URL will link to /home/USER/public_html/URL
    • Enable php module in both service.

  • Connect to our mysql server intern.csie.ntu.edu.tw

    • User Name: intern
    • Password: announce on wslab FB group.
    • Database: intern
    create your own table named your student ID. The structure is as follow:
    • id(int)
    • timestamp(datetime)
    • IP(varchar)
    • comment(varchar)
    You can using table example as template.

  • Create simple web pages with the following features.
    • Put it under /var/www
    • Show the entries in your table in our database.
    • A function that can insert new entry with user-typing comment into your table.

Reference

Hint

You can test your result by
  • ssh tunnel
  • text-based browser. e.g. lynx, w3m ...

Mail server

Description

In this homework, you will learn how to setup mail server.

This homework is extremely simplified, since the restricted environment.

Deadline

2013/05/21

Requirements

In this homework, please work on your first machine.

  • Read this page (you can skip the package install, configuration part and any related to sendmail server) You should understand the following:
    • MX records
    • SMTP, POP3, IMAP
    • Commands to interact with postfix daemon
  • Install postfix. This will remove exim4, which is okay.
  • Domain: use <student id>.csie.org as the domain your mail system. (mydestination)
  • Receive mail: for every account.
  • Send mail: use mail to send mail to other local account or outside domains addresses.
    (Note: you might not be able to send to domains outside since you don't have public IP and PTR record. Upon writing this requirements, sending to Gmail is okay.)
  • Alias: setup an alias sal for your account using alias_maps.

Additional Requirements for 2014

  • Configure postfix to write sasl_username to log files in order to identify mis-behaving accounts.
  • Setup dovecot to let users download their mail using POP3 and IMAP protocols with TLS.
  • Use dovecot mdbox instead of mbox to store users mail.
  • Setup roundcube webmail.

Bonus for 2014

  • Setup mail alias and mailing list using LDAP.
  • Delete spam mail in mail queue and block mis-behaving accounts.
  • Install software such as spamassassin, postgrey, amavis to reduce spam mail.

Reference

Hint

When install postfix, you can select "Internet site" for type, and config domain name.

You can test the result using the command mail rcpt@xxx.csie.org

You can view logs at /var/log/mail.log.

MRTG

Description

In this homework, you will learn how to setup bacic monitoring using Munin, and how to write your own plugins.

You can refer to 217's monitoring page for sample result.

Deadline

2013/06/18

Requirements

In this homework, please work on your first machine and second machine.

On your first machine:

  • Install munin and munin-node
  • Setup dynamic graph and html generation (w/ CGI or FastCGI) on your web server (apache or lighttpd).
  • Setup munin to monitor your second machine

On your second machine:

  • Install munin-node
  • Set whitelist IP of your first machine, so it can pull data.
  • Write a plugin to monitor ping of www.ntu.edu.tw

Reference

Hint

  • Files you may need to look at:

    /etc/munin/munin.conf
/etc/munin/munin-node.conf
/etc/munin/plugins/*

  • A plugin is simply a executable/script that outputs to stdout; for example:

    $ ./a-plugin config
graph_title Load average
graph_vlabel load
load.label load
$ ./a-plugin
load.value 0.08

  • Your plugin will be run as the munin user (unless specified), so make sure all needed files are accessible from this user. You can test it by:

    # munin-run a-plugin config
# munin-run a-plugin
  • Make sure to do invoke-rc.d munin-node restart after any changes to configuration.
  • You can utilize external programs to do this homework, eg. ping.
  • munin-node defaults to listen on port 4949, you can telnet into and test it.

Must-knows but not required in this homework

If the system services have changed, you can run this command to re-detect monitor config:

# munin-node-configure --shell | bash

Schedule

Week Topic Homework Note
109/16Introduction Introduction[pdf]
209/23 KVM HW1 announced.
309/30
410/07 LDAP HW1 due. HW2 announced. LDAP[pdf]
510/14
610/21
710/28 NFS HW2 due. HW3 announced.
811/04 [Midterm]
911/11Web serverHW3 due.
1011/18 HW4 announced.
1111/25
1212/02Mail serverHW4 due. HW5 announced.
1312/09
1412/16mrtgHW5 due. HW6 announced.
1512/23
1612/30HW6 due.
1701/06 [Final]