Configuring the DHCP Server
Okay, let’s set the IP address of the server. The next series of steps are for setting up the network interface on your DHCP server. It is impor- tant you get this right or ZTP will not work:
root@[localhost ztpuser]# ifconfig eth0 192.168.2.252/24 [root@localhost ztpuser]# ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=1.16 ms 64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=4.32 ms
^C
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1929ms rtt min/avg/max/mdev = 1.167/2.745/4.324/1.579 ms
IMPORTANT You have to be able to resolve web addresses to pull the DHCP and HTTP daemons, so you have to have a working DNS server to query. It may be necessary to open UDP port 53 to this DHCP server.
The location of your name server is /etc/resolv.conf. And if you more or cat that file, and nothing is there, it will not work. Make sure that you have at least one DNS server listed in the file, and if you need a quick fix, do this:
[root@localhost ztpuser]# echo “nameserver 8.8.8.8” >> /etc/resolv.conf
Using the more command or the cat command – take a look inside the file. Here you can see the 8.8.8.8 name server appended using the same command:
[root@localhost ztpuser]# more /etc/resolv.conf
# Generated by NetworkManager nameserver 192.168.2.1
nameserver 8.8.8.8 <<< here you can see the entry that you appended to the file
Using the nslookup command from the Linux CLI, you can see that you are getting answers back from the first nameserver in the resolv.conf file:
[root@localhost ztpuser]# nslookup google.com Server: 192.168.2.1
Address: 192.168.2.1#53 Non-authoritative answer:
Name: google.com Address: 216.58.216.206
Let’s turn on the SSH daemon (if you haven’t already done so):
root@[localhost ztpuser]# service sshd start
Now check that you are able to ssh to the server:
sreisinger$ ssh ztpuser@192.168.2.252 ztpuser@192.168.2.252’s password:
Last login: Sat Oct 10 11:43:47 2015 from 192.168.2.2
Let’s switch to the root user:
[ztpuser@localhost ~]$ su root Password:
And use the yum command to install the DHCP and HTTP daemons:
[root@localhost ztpuser]# yum install dhcp
Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process
Loading mirror speeds from cached hostfile * base: mirror-centos.hostingswift.com * extras: centos.host-engine.com * updates: centos.mirror.nac.net Resolving Dependencies
--> Running transaction check
---> Package dhcp.x86_64 12:4.1.1-49.P1.el6.centos will be installed
--> Processing Dependency: portreserve for package: 12:dhcp-4.1.1-49.P1.el6.centos.x86_64 --> Running transaction check
---> Package portreserve.x86_64 0:0.0.4-9.el6 will be installed --> Finished Dependency Resolution
Dependencies Resolved
--- Package Arch Version Repository Size --- Installing:
dhcp x86_64 12:4.1.1-49.P1.el6.centos base 822 k Installing for dependencies:
portreserve x86_64 0.0.4-9.el6 base 23 k Transaction Summary
--- Install 2 Package(s)
Total download size: 844 k Installed size: 1.9 M Is this ok [y/N]: y Downloading Packages:
(1/2): dhcp-4.1.1-49.P1.el6.centos.x86_64.rpm | 822 kB 00:00 (2/2): portreserve-0.0.4-9.el6.x86_64.rpm | 23 kB 00:00
--- Total 1.1 MB/s | 844 kB 00:00
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Importing GPG key 0xC105B9DE:
Userid : CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>
Package: centos-release-6-7.el6.centos.12.3.x86_64 (@base/$releasever) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction
Installing : portreserve-0.0.4-9.el6.x86_64 1/2 Installing : 12:dhcp-4.1.1-49.P1.el6.centos.x86_64 2/2 Verifying : portreserve-0.0.4-9.el6.x86_64 1/2
Verifying : 12:dhcp-4.1.1-49.P1.el6.centos.x86_64 2/2 Installed:
dhcp.x86_64 12:4.1.1-49.P1.el6.centos Dependency Installed:
portreserve.x86_64 0:0.0.4-9.el6
Complete!
[root@localhost ztpuser]# yum install httpd
Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process
Loading mirror speeds from cached hostfile * base: mirror.fdcservers.net
* extras: centos.host-engine.com * updates: mirror.cs.uwp.edu Resolving Dependencies --> Running transaction check
---> Package httpd.x86_64 0:2.2.15-47.el6.centos will be installed
--> Processing Dependency: httpd-tools = 2.2.15-47.el6.centos for package: httpd-2.2.15-47.
el6.centos.x86_64
--> Processing Dependency: apr-util-ldap for package: httpd-2.2.15-47.el6.centos.x86_64 --> Processing Dependency: /etc/mime.types for package: httpd-2.2.15-47.el6.centos.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.2.15-47.el6.
centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.2.15-47.el6.centos.
x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.3.9-5.el6_2 will be installed ---> Package apr-util.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package httpd-tools.x86_64 0:2.2.15-47.el6.centos will be installed ---> Package mailcap.noarch 0:2.1.31-2.el6 will be installed
--> Finished Dependency Resolution Dependencies Resolved
Package Arch Version Repository Size --- Installing:
httpd x86_64 2.2.15-47.el6.centos updates 830 k Installing for dependencies:
apr x86_64 1.3.9-5.el6_2 base 123 k apr-util x86_64 1.3.9-3.el6_0.1 base 87 k apr-util-ldap x86_64 1.3.9-3.el6_0.1 base 15 k httpd-tools x86_64 2.2.15-47.el6.centos updates 77 k mailcap noarch 2.1.31-2.el6 base 27 k Transaction Summary
--- Install 6 Package(s)
Total download size: 1.1 M Installed size: 3.6 M Is this ok [y/N]: y Downloading Packages:
(1/6): apr-1.3.9-5.el6_2.x86_64.rpm | 123 kB 00:00 (2/6): apr-util-1.3.9-3.el6_0.1.x86_64.rpm | 87 kB 00:00
(3/6): apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm | 15 kB 00:00 (4/6): httpd-2.2.15-47.el6.centos.x86_64.rpm | 830 kB 00:00 (5/6): httpd-tools-2.2.15-47.el6.centos.x86_64.rpm | 77 kB 00:00 (6/6): mailcap-2.1.31-2.el6.noarch.rpm | 27 kB 00:00 --- Total 729 kB/s | 1.1 MB 00:01 Running rpm_check_debug
Running Transaction Test Transaction Test Succeeded Running Transaction
Installing : apr-1.3.9-5.el6_2.x86_64 1/6 Installing : apr-util-1.3.9-3.el6_0.1.x86_64 2/6 Installing : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 3/6 Installing : httpd-tools-2.2.15-47.el6.centos.x86_64 4/6 Installing : mailcap-2.1.31-2.el6.noarch 5/6 Installing : httpd-2.2.15-47.el6.centos.x86_64 6/6 Verifying : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 1/6 Verifying : apr-1.3.9-5.el6_2.x86_64 2/6 Verifying : httpd-tools-2.2.15-47.el6.centos.x86_64 3/6 Verifying : mailcap-2.1.31-2.el6.noarch 4/6 Verifying : httpd-2.2.15-47.el6.centos.x86_64 5/6 Verifying : apr-util-1.3.9-3.el6_0.1.x86_64 6/6 Installed:
httpd.x86_64 0:2.2.15-47.el6.centos Dependency Installed:
apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 httpd-tools.x86_64 0:2.2.15-47.el6.centos mailcap.noarch 0:2.1.31-2.el6
Yeah! Complete!
Check the Daemon Status
[root@localhost ztpuser]# service httpd status httpd is stopped
[root@localhost ztpuser]# service dhcpd status dhcpd is stopped
Use YUM to Install the TFTP Server
You may not like using TFTP (Trivial File Transfer Protocol), but it may be the only option, so here’s a quick section on how to set up a TFTP server on the VM:
[root@localhost ztpuser]# yum install tftp-server
Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process
Loading mirror speeds from cached hostfile * base: mirror-centos.hostingswift.com * extras: mirrors.advancedhosters.com
* updates: centos.mirror.nac.net Resolving Dependencies
--> Running transaction check
---> Package tftp-server.x86_64 0:0.49-7.el6 will be installed --> Finished Dependency Resolution
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Installing:
tftp-server x86_64 0.49-7.el6 base 39 k Transaction Summary
=====================================================================
Install 1 Package(s) Total download size: 39 k Installed size: 57 k Is this ok [y/N]: y Downloading Packages:
tftp-server-0.49-7.el6.x86_64.rpm | 39 kB 00:00 Running rpm_check_debug
Running Transaction Test Transaction Test Succeeded Running Transaction
Installing : tftp-server-0.49-7.el6.x86_64 1/1 Verifying : tftp-server-0.49-7.el6.x86_64 1/1 Installed:
tftp-server.x86_64 0:0.49-7.el6 Complete!
[root@localhost ztpuser]#
The TFTP daemon has a home location just like HTTP:
[root@localhost ztpuser]# find / -name tftpboot /var/lib/tftpboot ò This is where files are placed
Add the TFTP port into the IPTABLES firewall:
[root@localhost lib]# iptables -I INPUT 4 -i eth0 -p udp --dport 69 -j ACCEPT
Check the IPTABLE to see that dpt:tftp is in the list:
[root@localhost lib]# iptables -L Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED ACCEPT udp -- anywhere anywhere udp dpt:tftp
Now that you have the TFTP service added, let’s save the IPTABLE so it will be there when the service starts:
[root@localhost lib]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
TFTP is disabled by default so you need to enable it. While in that file you need to allow the creation of files on the tftpboot directory, so, add
–c and –v to the serv_args statement:
[root@localhost ztpuser]# cd /etc/xinetd.d [root@localhost xinetd.d]# pwd
/etc/xinetd.d
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp {
socket_type = dgram protocol = udp wait = yes user = root
server = /usr/sbin/in.tftpd server_args = -c -v -s /var/lib/
tftpboot ò add –c and –v to the front
disable = no ò By default this is yes change it to no per_source = 11
cps = 100 2 flags = IPv4 }
Now you need to make some permission changes to the tftpboot directory so you can load files to the server, if necessary.
NOTE Pushing files to the TFTP server is not required for ZTP for this Day One lab, but it does prove that the daemon is working and the ports are open. TFTP should be used in advanced ZTP processing, as that is an option in the Juniper Network Director application:
[root@localhost xinetd.d]# cd /var/lib [root@localhost lib]# chmod -R 757 tftpboot/
[root@localhost lib]# ls -al tftpboot/
total 28
drwxr-xrwx. 2 root root 4096 Oct 18 14:50 . drwxr-xr-x. 36 root root 4096 Oct 18 14:26 ..
-rwxr-xrwx. 1 root root 3348 Oct 11 10:10 network.conf -rwxr-xrwx. 1 root root 3348 Oct 11 10:10 router.conf -rwxr-xrwx. 1 root root 3348 Oct 11 09:59 VSRX.config
The TFTP daemon is actually referred to as xinetd by services. Use the
service command restart command after you have made the changes:
[root@localhost xinetd.d]# service xinetd restart
Stopping xinetd: [ OK ] Starting xinetd: [ OK ]
Now, let’s test to make sure you can push a file to the server and into the tftpboot directory:
sreisinger$ tftp 192.168.216.131 tftp> put test.txt
Sent 18 bytes in 0.0 seconds tftp>
And let’s check the server for the file. Navigate to /var/lib/tftpboot and issue the ls –la command:
[root@localhost tftpboot]# ls -la total 28
drwxr-xrwx. 2 root root 4096 Oct 18 14:50 . drwxr-xr-x. 36 root root 4096 Oct 18 14:26 ..
-rwxr-xrwx. 1 root root 3348 Oct 11 10:10 network.conf -rwxr-xrwx. 1 root root 3348 Oct 11 10:10 router.conf
-rwxr-xrwx. 1 nobody nobody 16 Oct 18 15:07 test.txt < The file is here with nobody -rwxr-xrwx. 1 root root 3348 Oct 18 14:26 VSRX.conf
[root@localhost tftpboot]#
Let’s review how you installed the TFTP server:
Installed the TFTP daemon;
Edited the TFTP configuration file;
Changed the permissions on the /var/lib/tftpboot directory;
Added the iptable rule for port 69;
Started the xinetd service;
Uploaded a test file to verify that it works.
The DHCP and HTTP server work together. The DHCP listens for requests from BOOTP clients and then sends the location of the files along with the file names to the BOOTP client. The BOOTP client then pulls the files using TCP from the HTTP server.
Follow along as the lab server configures the HTTP daemon:
[root@localhost ztpuser]# find / -name httpd.conf /etc/httpd/conf/httpd.conf
[root@localhost ztpuser]# cd /etc/httpd/conf [root@localhost conf]# pwd
/etc/httpd/conf
NOTE It is always a good idea to save files before editing them, especially if you aren’t familiar with the editor, or if you want to be able to revert back to the original state.
This step uses the cp command to save the httpd.conf file to orig.
httpd.conf. Using this notation lets you know two things when looking into the directory: one, the original integrity of the file is saved, and two, there have been changes:
[root@localhost conf]# cp httpd.conf orig.httpd.conf [root@localhost conf]# ls -al
total 96
drwxr-xr-x. 2 root root 4096 Oct 10 12:23 . drwxr-xr-x. 4 root root 4096 Oct 10 12:09 ..
-rw-r--r--. 1 root root 34419 Aug 18 00:57 httpd.conf -rw-r--r--. 1 root root 13139 Aug 24 12:53 magic
-rw-r--r--. 1 root root 34419 Oct 10 12:23 orig.httpd.conf [root@localhost conf]#