External/Floating outgoing/incoming network
I have used following steps to test this.
- Create tenant network, tenant subnet
- Create shared router
- For external network, I have created external network ext-net outside of script because we have to do some manual stuff here. For external networking make sure physical Ethernet port is added into external bridge br-ex and network configuration file ifcfg-br-ex and ifcfg-ethX is created with relevant info.
- Add tenant network interface to router and set gateway of router to external network.
- Create VM instance into tenant network.
- Create and assign floating IP to VM
- Add security rule for PING and SSH testing.
- For external/outgoing access ping to 126.96.36.199 (google DNS) from VM and for floating incoming access ssh to VM using floating IP from outside.
Continue reading “Neutron Validation Testing Part 3”
Today I am going to show you how to use access control list (ACL) permissions in rhel7. Traditionally we have assigned permission to one user/owner and one group for file or directory but in some cases we need other user or other group apart from owner need to have readonly access or write access on same directory. To achieve this we have access control list permission concept in Linux.
Other users and and groups can also access file or directory even when they are not owners and member of group who is having ownership on that file or directory.
we use only two commands getfacl to see ACL permissions on directory/file and setfacl to set ACL permissions. We can even set default ACL so that new files and sub-directories created in directory will inherit ACL permissions of parent directory.
The filesystem needs to be mounted with ACL support enabled. XFS filesystems have built-in ACL support and Ext4 filesystem in RHEL7 have ACL option enabled by default. In earlier versions of RHEL you may need the ACL option included with mount request.
First we see ACL permission on file named prod.conf.
Continue reading “Access Control List (ACL) Permissions in RHEL 7/Centos 7”
In this post I am going to show you how to configure SSH key based authentication on rhel7/centos7. Configuration of SSH key based authentication is little different in rhel7 compared to traditional method of manually copying public key to another server. Users can login using ssh with password and authenticate using public key authentication.
On every server we have two keys private and public. Private key is used as authentication credentials like password which must be kept secret and secure. Public key we need to copy on the server where user want to login and used to verify private key so public key does not need to be secret.
How authentication happens in SSH key key based authentication. SSH server that has public key can issue a challenge that can only be answered by system who is holding private key as a result user can authenticate without password only with the help of public key and system grant login access to the user.
Use ssh-keygen command to generate private and public key as follows
Continue reading “Configure SSH key based authentication on rhel 7/centos 7”