Presentation is loading. Please wait.

Presentation is loading. Please wait.

System Administration Practice Homework6 - LDAP login + Puppet + Jail yench / lctseng / chchang2222.

Published byMelissa Townsend Modified over 8 years ago

Similar presentations

Presentation on theme: "System Administration Practice Homework6 - LDAP login + Puppet + Jail yench / lctseng / chchang2222."— Presentation transcript:

1 System Administration Practice Homework6 - LDAP login + Puppet + Jail yench / lctseng / chchang2222

2 Computer Center, CS, NCTU 2 LDAP – Overview (Total 60%) LDAP client : sabsd LDAP slave : saduty LDAP master : sahome bind Self-bind LDAP replication bind Self-bind

3 Computer Center, CS, NCTU 3 LDAP Base Requirement (35%)  3 accounts (sauser, sata, saadm) in LDAP (5%)  User info must includes (5%) telephoneNumber postalAddress birthdate  Basic LDAP ACL (5%) Every one can access user info except userPassword Self and manager(rootdn) can ‘write’ passwd  Password must encrypted (5%)  Master works (5%)  Slave works (5%)  Replication between master and slave (5%) http://www.openldap.org/doc/admin23/syncrepl.html

4 Computer Center, CS, NCTU 4 LDAP Advanced Requirement (25%)  LDAP over SSL (ldaps) on master and slave (5%)  Password script for LDAP user (5%) https://www.freebsd.org/doc/en/articles/ldap-auth/client.html  User Policy (15%)

5 Computer Center, CS, NCTU 5 LDAP - User policy  sauser – allow to login on all hosts (5%) Can access user info except userPassword  sata – allow to login all hosts (5%) Can access user info except userPassword If login on sahome, sata can ‘write’ others password. (ACL)  saadm – only allow to login on sahome (ACL) (5%) Visible on other hosts Can ‘write’ information of every user.

6 Computer Center, CS, NCTU 6 Puppet (Total 35%)  Setup (10%) sahome is the puppet master all machines are puppet agents  Manifest to control different host (5%)  File Distribution (5%)  Offline user management (5%)  Service deployment (5%)  Command execution (5%)

7 Computer Center, CS, NCTU 7 Puppet – Setup (10%)  Master (4%) On sahome Run puppetmaster service Daemon runs without any error  Master agent (2%) On sahome Master as agent of itself Using ‘puppet agent -t’ to fetch any manifest and execute  Normal agent (4%, 2% for each) On saduty, sabsd Using ‘puppet agent -t’ to fetch any manifest and execute Make sure the certificates are correct

8 Computer Center, CS, NCTU 8 Puppet – Node Manifest (5%)  Define three node definition in site.pp  Node ‘master’ (2%) Apply on sahome Should create an empty file called ‘/tmp/sa-puppet-master’  Node ‘slave’ (2%) Apply on saduty Should create an empty file called ‘/tmp/sa-puppet-slave’  Node ‘default’ (1%) Apply on all machines, excludes sahome and saduty  In this homework, it will apply on sabsd Should create an empty file called ‘/tmp/sa-puppet-default’

9 Computer Center, CS, NCTU 9 Puppet – File Distribution (5%)  Distribute files to agents You need to write modules  Single file (3%) Will modify /etc/hosts Three versions of ‘/etc/hosts’ files should be distributed to sahome, saduty and sabsd respectively  You may create multiple modules Make sure your puppet still work correctly  Directory (2%) Create a directory called ‘sa-demo’, put some files under it Recursively distribute the directory to all agents Target path /tmp/sa-demo

10 Computer Center, CS, NCTU 10 Puppet – Offline User Management (5%)  Change root’s shell into /bin/sh  We will change the shell back to /bin/csh to test your module  Apply on sabsd

11 Computer Center, CS, NCTU 11 Puppet – Service Deployment (5%)  Install pure-ftpd on sabsd via puppet module  Enable pure-ftpd service Must keep running after reboot Test it by using service pure-ftpd start/stop  You need to transfer pure-ftpd.conf before start the service pure-ftpd.conf must provided by puppet module  Make sure you have declared dependency  When demo, TA may: Remove your pure-ftpd.conf Remove the pure-ftpd package Stop the pure-ftpd service  Make sure your puppet module can handle above situations

12 Computer Center, CS, NCTU 12 Puppet – Command Execution (5%)  sabsd runs a script given by master The script can be downloaded from: https://nasa.cs.nctu.edu.tw/sa/2015/files/sa-hw6 https://nasa.cs.nctu.edu.tw/sa/2015/files/sa-hw6  Script filename /root/sa-hw6  Script must be executable (file mode) Working directory: /tmp Run as ‘nobody’ euid = 65534, egid = 65534  Note: This script requires package ‘ruby’ installed Remember to add ‘/usr/local/bin’ as your path (for ruby)

13 Computer Center, CS, NCTU 13 Puppet – Command Execution - How to verify your work  Result : /tmp/sa-demo-out on agents  Grading Executable : 2% PATH : 1% CWD : 1% EUID 、 EGID: 1% Date: 2015-12-22 14:40:59 +0800 Checking PATH: /root ===> true Checking CWD: /tmp ===> true Checking EUID: 65534 ===> true Checking EGID: 65534 ===> true

14 Computer Center, CS, NCTU 14 Jail (10 %)  Originally, you may use 3 (virtual) machines to install FreeBSD  Now, Use only 1 machine with Jail  Create a jail for each host

15 Computer Center, CS, NCTU 15 Deadline  Date: 1/20 (May subject to minor adjustment)  Demo after final exam  More details about demo will be announced soon

16 Computer Center, CS, NCTU 16 Help!  Newsgroup cs.course.sysadm  BS2 board CS-SysAdmin  CSCC (EC building 3F)  ta@nasa.cs.nctu.edu.tw (For complex problems)  IRC channel #nctuNASA (Recommend) passwd: ILoveCSCC Use screen or tmux to stay online, so TAs can tag you to answer your questions.  Before you ask a question… 提問的智慧 : How To Ask Questions The Smart Way http://mis.ndhu.edu.tw/docu/question.htm

Download ppt "System Administration Practice Homework6 - LDAP login + Puppet + Jail yench / lctseng / chchang2222."

Similar presentations

SEHR (System for Electronic Healthdata Recording) Administrator Practice Guides SEHR Update Doc. Category: APG – administrator practice guides.

SEHR (System for Electronic Healthdata Recording) Administrator Practice Guides SEHR Update Doc. Category: APG – administrator practice guides.
System Administration Final Project - Micro Computer Center hchung, hwchiu.

System Administration Final Project - Micro Computer Center hchung, hwchiu.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Linux Operations and Administration

Linux Operations and Administration
© 2012 IBM Corporation Tivoli Workload Automation Informatica Power Center.

© 2012 IBM Corporation Tivoli Workload Automation Informatica Power Center.
System Administration HW1-1 changlp. Computer Center, CS, NCTU 2 Requirements  Basic Install up-to-date –RELEASE of FreeBSD  8.2-R Add a user and a.

System Administration HW1-1 changlp. Computer Center, CS, NCTU 2 Requirements  Basic Install up-to-date –RELEASE of FreeBSD  8.2-R Add a user and a.
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.

One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.
Building service testbeds on FIRE D5.2.5 Virtual Cluster on Federated Cloud Demonstration Kit August 2012 Version 1.0 Copyright © 2012 CESGA. All rights.

Building service testbeds on FIRE D5.2.5 Virtual Cluster on Federated Cloud Demonstration Kit August 2012 Version 1.0 Copyright © 2012 CESGA. All rights.
System Administration HW2 - FTP, Samba, BT, ZFS jwbai.

System Administration HW2 - FTP, Samba, BT, ZFS jwbai.
Final Project – NFS and NIS jwbai. Computer Center, CS, NCTU 2 Goal master.passwd passwd group netgroup amd.conf userA, /nis/home/userA userB, /nis/home/userB.

Final Project – NFS and NIS jwbai. Computer Center, CS, NCTU 2 Goal master.passwd passwd group netgroup amd.conf userA, /nis/home/userA userB, /nis/home/userB.
System Administration HW1 huanghs. Computer Center, CS, NCTU 2 Requirements  Basic Install FreeBSD and upgrade to up-to-date –RELEASE Recompile your.

System Administration HW1 huanghs. Computer Center, CS, NCTU 2 Requirements  Basic Install FreeBSD and upgrade to up-to-date –RELEASE Recompile your.
CT 320 Midterm Study Guide.

CT 320 Midterm Study Guide.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.

FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.

Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.
Module 6: Configuring User Environments Using Group Policy.

Module 6: Configuring User Environments Using Group Policy.
Module 7: Managing the User Environment by Using Group Policy.

Module 7: Managing the User Environment by Using Group Policy.
System Administration HW3 Shell Script changlp. Computer Center, CS, NCTU 2 Requirements  User socket statistic (20%) Use one-line command to show per-user.

System Administration HW3 Shell Script changlp. Computer Center, CS, NCTU 2 Requirements  User socket statistic (20%) Use one-line command to show per-user.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 MSE Virtual Appliance Presenter Name: Patrick Nicholson.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 MSE Virtual Appliance Presenter Name: Patrick Nicholson.
System Administration Practice Homework 1-2 : X Window System lctseng.

System Administration Practice Homework 1-2 : X Window System lctseng.

Similar presentations

Ads by Google