Class.. Below is hw6/lab6. Please read the lab ahead of time and also print it out and bring to the lab. Thanks. Type your answer in the below..and MAKE THEM BOLDFACE so they stand out (or lose points). --------------------------------------------------------------------- System Admin. - Unix Name ____________________________ Spring 2006 System Name ___________________________ Lab6/HW6 - 40 points Three Part Homework. Part I You will do this part in the lab....working together with others on your table (lan) as a group. This has to be done as a group/partner..so dont miss class! (20 points) Part II you can do on a "sun" client any time you wish, you will do this part on your own (use any sun client of clam, like those suns in bsb 133). (this is not for bsb 416..not for the linux boxes) (10 points) Part III Final Lab. You will work together as a class and implement a web server on your linux box. (10 points) ---------------------------------------------------------- Part I. (20 points) Networking. In this lab/hw, you will work with others at your table, step by step, to network our linux systems together. (similar to what we did with Windows). Networking (server and clients) is another big part of a system admins duties. Hardware: Each system needs a NIC (network interface card), and they all already do have one (pre-installed). Next you need a hub or a switch to connect all of the systems up into a network. We also need a twisted pair (utp) wire with rj45 connectors to plug one end into the nic and the other into an empty port on the hub/switch. The hub/switch is also plugged into a power outlet. This type of connection (also called a star topology) allows our systems to communicate with each other, as part of an ethernet lan (local area network). Software: Our linux machine has the software built into it, to talk over the network, using the tcp/ip protocol and NFS (Network File System) for file sharing (unix uses NFS). NFS is specific to unix...tcp/ip is a protocol used by NFS. tcp/ip is a widely used networking protocol for both local area networks (lan) and wide area networks (wan) like the internet. Both UNIX and Windows servers use tcp/ip for networking. And in both cases also, the underlying network architecture is Ethernet. Steps: 0. Hardware: install and turn on power to switch. Run twisted pair cable from the nic on each system to an empty port on the hub/switch. Thats it. 1. Turn on your system and login as root. 2. Look at /etc/hosts, you should see nothing more than the localhost entry. (thats what come with a standard install) more /etc/hosts Q. What do you see? (these are all the names your local system is known by) Keep in mind 127.0.0.1 is a special ip address for your own local system (localhost). /etc/hosts can be used for name/ip number resolution, instead of or along with dns. Type in the command "ifconfig". This shows the configuration of the network interfaces on the system. The only network interface it should see is "lo" which is the internal loopback interface used for testing (its not a real network interface) and "eth0" (the network card interface). You should see something like: eth0 etc... etc.. lo Link encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:2864 errors:0 dropped:0 overruns:0 frame:0 TX packets:2864 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 Again, lo is the LOopback interface, and its assigned to 127.0.0.1 (see above), and its the internal test network, not a real network interface (it points back to itself). "eth0" is the real network interface. Q. Under eth0: What is its hardware address (ethernet address)? What is its ip address? What is its subnet mask? Is this interface up and running? Number of collisions on this interface? Number of received (RX) and transmitted (TX) packets? Number of error packets (RX and TX)? Number of dropped packets (RX and TX)? Why is there no hardware address listed for interface "lo"? Next type in in the command "netstat -i", this would normally show you network information (-i shows incoming/outgoing packet counts). Again you should see info for eth0 and lo. Both commands, netstat and ifconfig, are useful to look at network information and gather stats...and to look for problems (like collisions, packets dropped, error packets, etc..). 3. If you remember, when we installed linux, we did all the needed network configuration. But we can check the configuration or make changes via a gui tool. Lets look at this: Start Here --> System Settings --> Network Q. Hardware Tab: What vendor makes the network card? Hosts Tab: What is the ip address listed? What name? DNS: Any DNS servers listed? Devices: highlight eth0 (probably already highlighted, this is your network interface..or if you are using eth1, highlight that) click EDIT Is DHCP used ? What ip address, subnet mask and default gateway is listed? If you need to make any changes/corrections, this would be the proper place to do so (and then reboot). In our case, everything should be ok since we entered the correct info during the install, so just cancel out of this and dont save any changes. Thus the above gui tool is what you would use to check and/or change any or your network settings. You can even enable dhcp thru the above. 4. Now, Try pinging your neighbor's machine: ping -c 5 128.6.100.xx where xx is the ip # of your neighbors system, the -c states to try 5 pings in a row. [if you forget the -c option, ping will go on forever, and you would have to do a control-c to break out of the pinging] Q. What do you get? What is the % packet loss (hopefully near zero)? Why? What is the number of packets transmitted and received? What is the average response time? Try pinging yourself: ping 128.6.100.xx where xx is your own systems number Q. Does this work? Try pinging a system that is not connected to the same hub/switch as your system, like 128.6.100.99 (which doesnt exist). Q. What happens now? Whats the response/message you get? What is the Packet Loss? How many packets transmitted? How many packets received? Try disconnecting your system from the hub/switch (turn off the switch or remove your cable connection to the switch). Q. Does pinging your neighbor's machine work now? (connect your system back up to the network) 5. client/server networking. Lan. First, turn off the firewall on all of your systems (both clients and servers). That will make this process below easier. (normally you dont turn your firewalls off..but just to ease this homework, we will). To turn off the firewall, Red Hat --> System Settings --> Security Level then change the security level from "medium" to "No Firewall". You are going to work with your neighbor/partner. One of you will setup your system as a server (and the other person will watch you). Then they will setup their system as a client to your machine (and you can watch them). Then both systems will be networked together. [If there is an odd number of people sitting on one row, let one be the server and the other 2 to be clients.] Make sure to work together as a team and watch your neighbor and what they do. You will end up sharing files (data and executable files) between your server and client. This is all part of a LAN (Local Area Network). a. server side (one of you do this, the other watches and helps): First setup your system as a server. The nfsd (the file sharing daemon, part of NFS) needs to be running. Check "ps -ax | grep nfs" . Q. Is this "nfsd" daemon running? If not, and its probably not, you will have to start it up... Go to Start --> System Settings--> Server Settings ---> Services Scroll down to you find "nfs". Check mark it (so it starts on reboot) and also click the start button so it starts up. ALso from the File pull down menu, select "Save Changes". [Thus the above tool, allows you to stop/start/restart any services and control whether the service starts up automatically on a reboot!] Now do a "ps -ax | grep nfs". Q. Do you see the nfs daemon running? How many daemons? Q. Check the Status box in the Server Configuration window... what 3 daemons are now running (all are part of nfs)? Next, edit /etc/exports (which is the file that describes what directories, and their subtree, are shared to others) on the server. Do this by entering: emacs /etc/exports Put the following in the file (one line): /home neighboripnumber(ro) where neighboripnumber is the ip no. of your neighbors system You must type the above in exactly! EXACTLY!!! (something like "/home 128.6.100.10(ro)" for example) The above states to share the /home directory on the server to the client named "neighboripnumber" and share it with the "ro" option (read only). Now reboot the server to have this change take affect. (or go into the above services tool, and restart the nfsd daemons). After rebooting, double check that the nfsd are running before going further (ps -ax | grep nfs). Note- when you share a directory or partition, like /home, all the files and directories below (the entire subtree) is shared. With the above /etc/exports, you first list, line by line, all the directories you wish to share, and then on the same line list the name of the machines (clients) you want to share them to. You can even use wildcards (like *.rutgers.edu). Then after the name of the systems, you can specify many different options in parenthesis, like ro=read only, rw=read write, etc..). This is good security...you only share what directories on the server that others need to have access to (you dont share everything), you list specifically what clients have access to what directories on your servers, and you can give them various types of access (read-only, read-write, etc..). note - when listing clients in the above /etc/exports file, we are using ip numbers and not names. We could use names if we had DNS running or if we added the names/ip numbers to the /etc/hosts file on the server. Now type the command "showmount", which shows you which clients have mounted files from your server. Q. Is anyone listed? Also type in "showmount -e" which shows what directories you have exported. Q. What is listed? Finally, lets copy an executable file, and create another file, in /home for sharing/testing purposes: cd /home (go to the /home directory you are sharing) cp /bin/date /home/newdate (copy the executable date into this directory under a different name) emacs hello (create a file in this directory called "hello" and add some text to it..save it) ls -l you should see all the files in /home, including your text file you created called "hello" and the "newdate" binary (executable) file. Thats it for the server side!!! b. client side (one person does the work, and the other watches): Do the following cd / (go up to the root) mkdir stan (create empty directory, what they call a mount point) cd stan ls -l (should be empty) Q. What do you see? cd / (go back up to the root level) Enter the following command (BE EXACT!!): mount -t nfs neighboripnumber:/home /stan (the nfs mount command) (where neighboripnumber is the ip number of your neighbors system, /home is the directory on the server that is being shared, and /stan is your mount point (empty directory) to connect with the server) cd /stan ls -l (should see files from the server) (thus you can now access files/directories from the server, on your client..thanks to the NFS mount command. This is what client/server networking is all about.) Note - in unix/linux, you dont use drive letters (no A: or H: or anything). Instead, you map the client to the server using an empty directory/mount point (/stan in the above example). Q. What do you see in /stan? Try running the newdate program (enter the leading ./ as below): ./newdate Q. What happens (it should show you the current date/time)? thus you can execute a file from the server...on your client. Try looking at the data file on the server called "hello". "more hello" Q. What do you see? So you can access data files and executable files from the server, on the client...using nfs. This is what networking a lan is all about.... Next try creating a file in the /mountpt area on the client: touch xyz (the touch command tries to create an empty file, called xyz.) Q. What happens? Why? Try to erase any of the file in the /mountpt directory rm newdate Q. Can you erase files...why/why not? Go back to the server and enter "showmount". Q. Can you now see the client system connected to your server? (hopefully yes). Go back to the clients. Finally, cd / umount /stan (un mount that directory) cd /stan ls -l (should be empty) Note - the mount command can be used to mount local hard drive partitions, as you did in the last lab (like mount /dev/hda3). And can also be used to mount a directory/partition from a server to a client, as above. In either case, you can put the needed info into /etc/fstab, so that all of this mounting (both local and over the network) occurs at bootup time, instead of having to manually enter the mount commands. Thus all of the above is normally transparent to the normal user. ------------------------------------------------------------- ------------------------------------------------------------- ------------------------------------------------------------- Part II. (10 points) Installing Software This homework is an example of installing software on a unix platform. The below steps is whats typically done when installing software that one obtained off the web or from a vendor. You will be using your clam account for this. Sign onto a sun workstation on campus (like those in bsb 133) and login under X windows. You have to be on a sun workstation (client), not on clam itself. You can do this anytime you like...work on your own!! (this is not done in our lab in bsb416) Go to the web site: http://crab.rutgers.edu/~kolasa using a browser. Look under system-admin --> hw Freeware software is often available at web sites, and often come in tar/zipped format. The zipped format (like .gz for gnu zip) if useful to compress the file so it takes up less space...and the tar format (.tar) is really a tarfile (what unix people call a tarball). The tar file is actually a collection of many files that have been tarred up, into a single file, including permissions, ownership/group info, etc... tarfiles are useful to backup partitions and directories to tape..or for installation of software. At the above web site, you will see a software package I want you to install in your account on clam. I will check everyones account to grade this assignment, to make sure things are properly installed and in the correct location with the proper permissions/ownership/group, and that everything is working ok. There is nothing to turn in, with this assignment, just install it and test it, and I will check your account afterwards. Make sure you follow the below instructions EXACTLY. Good system admins have to be EXACT! The software package (only 10k in size) is greasymouse.tar.gz , which is a little program that causes your mouse to get "greasy" and slide all over the screen. Its kinda cool and fun... Steps to install: 1. created the directory "usr" in your home directory and then a subdirectory under that called "local". So you should create ~/usr/local (soft of simulating where you would put this software, if installing it on a system wide basis on a server... but you are only installing this in your own account on clam). Next, in the above ~/usr/local area, create a subdirectory called "greasymouse". So the steps are: mkdir usr chmod ugo+rx usr cd usr mkdir local chmod ugo+rx local cd local mkdir greasymouse ls -lg chmod ugo+rx greasymouse (set permissions so everyone can access these directories) ls -lg cd greasymouse 2. go to the above web site, and download the greasymouse software into the above greasymouse directory you created. You should know how to download files using a web browser..its simply point and click (and you are compsci majors). 3. Greasymouse: a. go into the greasymouse directory ls -l (check the size of greasymouse..its listed in bytes) b. uncompress (un-zip) the greasymouse file: gunzip greasymouse.tar.gz This will expand the file, and leave the results sitting in greasymouse.tar ls -l check the size of greasymount.tar, it should be bigger now, since you unzipped it (uncompressed it) c. Now you have a tar file, and you need to untar it (dump out its contents) tar -xvf greasymouse.tar ls -l the -x options says to expand, -v is verbose mode, and -f states the following filename is what needs to be untarred. Notice that when you untar the tarfile (tarball), it expands into many files, including permission/ownership/group/date information. Feel free to look at the README file first (more README). Look closely at everything... d. The above tarfile (tarball) comes with a README file, a C program (greasymouse.c) and a Makefile (which has the proper instructions to compile and link the program). To compile everything, just execute the Makefile by typing in "make". (Free free to look at the Makefile, "more Makefile"). This should compile/link everything using the gnu C compiler (gcc). ls -l You should now see the greasymouse executable (just called greasymouse). Set permissions on it, so that anyone can run it: chmod ugo+rx greasymouse ls -l e. test to see how it works: ./greasymouse Move the mouse and watch it slide all over the screen...a real greasy mouse! How to stop this program? Wait to the mouse slides over the window where you started this script and do a control-c to abort the program. Thats it. Its kinda fun, making your mouse greasy and slippery. (and hard to control) Double check permissions/ownership/group on all of your files. I dont really care about the owner or group used in this homework, but in reality, if you were the system admin of clam, you would change the owner to "root" for all the file/directories and change the group to something like "root" or "staff" . But in this case, leave the owner/group alone. But you should set permissions correctly, so that others can execute the needed files (greasymouse) and files that others dont need to access (like the README and Makefile) set permissions so that others have no access. Thus double check your permissions on everything. And make sure you installed everything in the right location in your clam account (follow instructions exactly) -------- Again, nothing to turn in with regards to the above Part II, just install the above package in your clam account, as described above, and I will check and test things out myself. Dont erase anything you install, until after the semester is over. Hopefully, this assignment gave you a feel of how freeware software from the internet is often installed, how to use a Makefile, how to change permissions (chown), and the use of zipped/compressed files and tarballs. All of this is key for a system admin. --------------------------------------------------------------- --------------------------------------------------------------- --------------------------------------------------------------- Part III (10 points). Running a web server... We will do this together in class, in bsb 416. Each of you are going to start up a web server on your system. Linux/Unix systems typically use the apache freeware software as web server software. During the installation of your system, you picked the apache web software to be installed. So the software should already be on your system, it only needs to be configured and started. (if you needed to get the apache software, you could install it from the system install CDs you have or from the web, http://www.apache.org) 1. First, open a terminal window and see if the apache web server daemon (httpd) is already running. ps -ax | grep httpd Is it running? (probably not) 2. Go into: Start-->System Settings --> Server Settings --> HTTP Server this is a tool to configure your web (http) server. Look at the different tabs, Main, Virtual Hosts, Server, Performance Tuning and listen to the explaination in class. Under the Main Tab, make sure the port number for the web server is set to 80 (thats the default port number for http on the internet). Also give your web server a name, like "server1". Thats all you really need to configure, most of the other defaults are fine. 3. Go into: Start --> System Settings --> Server Settings --> Services (this is similar to the services icon in windows control panel, it lets you check services running on the system, start them, stop them, restart, set to start up automatically on reboot, etc..). Scroll thru the list and find httpd. Is it running? WHat does it say about it? Now check mark httpd (so it will automatically start on any reboot) and also click on the Start button so it starts right now. Does it start up? Double check by doing a "ps -ax | grep httpd" in a terminal window. Do you see httpd running? How many of the daemons? Thus the apache web server software (httpd) was installed during the installation of your system, and in the above, you have configured it and also started it up. Lets now test to see how it works. 4. Open up a web browser (mozilla). You will find an icon for this right next to the red hat icon on the bottom left of your desktop). Launch the browser. When the browser starts up, pick File-->Open. ANd type in the url: http://128.6.100.99 (99 does not exist). Does this work? What error message do you get? Now try to browse your own web server on your own system: http://128.6.100.xx (where xx is your own web server) Does this work? Now try a neighbors system: http://128.6.100.yy (where yy is your neighbors system) Does this work? 5. Note, that from the above, you get a default web page. How do you create your own web page? see below.. Well, with apache on your serer, the configuration file that configures the web server is located at: /etc/httpd/conf/httpd.conf Lets take a look at this as a class. Its a configuration script (the # is just comments). The "DocumentRoot" variable tells apache where the start of the web pages are located at on the system. It should say "/var/www/html" Next, lets go to the above cd /var/www/html ls -l Do you see anything? By default, apache looks for a file here called "index.html" to be the main web server document. Since its not here, you get the above default page. Lets create such a file. You normally would use some web composing tool to create such a file, like Dreamweaver or Netscape Composer or something..or just edit plain html text. Lets keep it simple: emacs index.html put in a few words, whatever you like. Then save the file. (normally, you would put in some html code, like tags and such..but we are making this page simple) Check permissions (should be readable to everyone). ls -l Now start up your web browser to view the above...on your system and your neighbors. http://128.6.100.xx and http://128.6.100.yy Do you see the new web page you created? and that your neighbor created? 6. If you had any problems with the above, its possible the firewall is in the way. And needs to be turned off. It should have been turned off already from Part I above. Let turn the firewall back on and see what happens. Start-->System Settings-->Security Level (this allows you to change the firewall settings) and switch the level from No Firewall to Medium. Now try again to view your neighbors web server (and they should try to view yours). Does it work? What error message do you get? Thus you can see how a firewall can be used to block certain connections...in this case, httpd connections on port 80. Thats it....thus you were able to install a web server, configure it, and run it successfully. Congrats..