『PowerEdge: Red Hat Linuxシステムにネットワーキング サービスを導入する方法
Summary: これは、Red Hat Linuxシステムにネットワーキング サービスを導入する方法に関する一般的なガイドです。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
場合によっては、ネットワーキング サービスをRed Hat Linuxシステムに導入する必要があります。たとえば、DNS、DHCP、NTP、FTP、HTTP、EMailサービスなどです。
この記事では、これらのネットワーク サービスを導入するための概要手順を以下で共有します。
メモ: この記事のすべてのログは、VMware環境のローカル仮想ラボから取得されます。
この記事では、これらのネットワーク サービスを導入するための概要手順を以下で共有します。
手順の簡単な概要
- 検索およびインストール サービス(yum/rpm)
- サービスの開始と有効化(systemctl)
- ファイアウォール許可サービス(firewall-cmd)
- 最初にデフォルトの構成ファイル(*.conf、*.cnf、*.cfgなど)をバックアップした後で、サービス構成ファイルを検索および変更します。ヘルプと例を検索するには、「man」を使用します。「vim」を使用して構成ファイルを編集します。構文を確認してください。
- ファイルの権限とセキュリティ ポリシーの確認と設定(chmod/chown/setfacl/selinux)
- サービスを再開し、トラブルシューティングを行います(サービスの再開に失敗した場合)
- サービス ステータスをテストして検証します(期待どおりの結果であることを確認してください)
DHCPサービスでの特定のコマンドを含む手順の概要
- DHCPサービスの検索とインストール
[root@servera ~]# yum search dhcp* Last metadata expiration check: 0:13:07 ago on Thu 18 May 2023 06:54:40 AM GMT. ============================================================== Name Matched: dhcp* =============================================================== dhcp-libs.x86_64 : Shared libraries used by ISC dhcp client and server dhcp-libs.i686 : Shared libraries used by ISC dhcp client and server dhcp-libs.x86_64 : Shared libraries used by ISC dhcp client and server dhcp-relay.x86_64 : Provides the ISC DHCP relay agent dhcp-client.x86_64 : Provides the ISC DHCP client daemon and dhclient-script dhcp-common.noarch : Common files used by ISC dhcp client, server and relay agent dhcp-client.x86_64 : Provides the ISC DHCP client daemon and dhclient-script dhcp-common.noarch : Common files used by ISC dhcp client, server and relay agent dhcp-server.x86_64 : Provides the ISC DHCP server <-- this is the dhcp service installation package [root@servera ~]# [root@servera ~]# yum list dhcp-server Last metadata expiration check: 0:15:12 ago on Thu 18 May 2023 06:54:40 AM GMT. Available Packages <-- this package is available, if it shows "Installed Packages", means the service already installed dhcp-server.x86_64 12:4.3.6-34.el8 rhel-8.1-for-x86_64-baseos-rpms [root@servera ~]# [root@servera ~]# yum provides dhcp-server Last metadata expiration check: 0:17:31 ago on Thu 18 May 2023 06:54:40 AM GMT. dhcp-server-12:4.3.6-34.el8.x86_64 : Provides the ISC DHCP server Repo : rhel-8.1-for-x86_64-baseos-rpms <-- this is the yum repository that provide the service package Matched from: Provide : dhcp-server = 12:4.3.6-34.el8 [root@servera ~]# [root@servera ~]# yum -y install dhcp-server Last metadata expiration check: 0:20:30 ago on Thu 18 May 2023 06:54:40 AM GMT. Dependencies resolved. ============================================================================== Package Architecture Version Repository Size ============================================================================== Installing: dhcp-server x86_64 12:4.3.6-34.el8 rhel-8.1-for-x86_64-baseos-rpms 530 k Transaction Summary ============================================================================== Install 1 Package Total download size: 530 k Installed size: 1.3 M Downloading Packages: dhcp-server-4.3.6-34.el8.x86_64.rpm 5.6 MB/s | 530 kB 00:00 ----------------------------------------------------------------------------------------------------------------------------------------------- Total 5.3 MB/s | 530 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: dhcp-server-12:4.3.6-34.el8.x86_64 1/1 Installing : dhcp-server-12:4.3.6-34.el8.x86_64 1/1 Running scriptlet: dhcp-server-12:4.3.6-34.el8.x86_64 1/1 Verifying : dhcp-server-12:4.3.6-34.el8.x86_64 1/1 Installed: dhcp-server-12:4.3.6-34.el8.x86_64 Complete! [root@servera ~]#
- DHCPサービスを開始して有効にします
[root@servera ~]# rpm -ql dhcp-server | grep .service /usr/lib/systemd/system/dhcpd.service <-- find out the service name after installation /usr/lib/systemd/system/dhcpd6.service [root@servera ~]# [root@servera ~]# systemctl list-unit-files | grep dhcp dhcpd.service disabled <-- service disable by default dhcpd6.service disabled [root@servera ~]# [root@servera ~]# systemctl enable --now dhcpd <-- start and enable dhcp service Created symlink /etc/systemd/system/multi-user.target.wants/dhcpd.service → /usr/lib/systemd/system/dhcpd.service. Job for dhcpd.service failed because the control process exited with error code. See "systemctl status dhcpd.service" and "journalctl -xe" for details. [root@servera ~]# [root@servera ~]# systemctl status dhcpd <-- check dhcp service status ● dhcpd.service - DHCPv4 Server Daemon Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; vendor preset: disabled) <-- service enabled Active: failed (Result: exit-code) since Thu 2023-05-18 07:24:16 GMT; 56s ago <-- status is failed (Result: exit-code) Docs: man:dhcpd(8) <-- you can get help from here, by "man dhcpd" and "man dhcpd.conf" man:dhcpd.conf(5) Process: 3963 ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid $DHCPDARGS (code=exited, status=1/FAILURE) <-- showed mistakes why failure Main PID: 3963 (code=exited, status=1/FAILURE) May 18 07:24:16 servera dhcpd[3963]: have been made to the base software release in order to make May 18 07:24:16 servera dhcpd[3963]: it work better with this distribution. May 18 07:24:16 servera dhcpd[3963]: May 18 07:24:16 servera dhcpd[3963]: Please report issues with this software via: May 18 07:24:16 servera dhcpd[3963]: bugzilla-redhat-com May 18 07:24:16 servera dhcpd[3963]: May 18 07:24:16 servera dhcpd[3963]: exiting. May 18 07:24:16 servera systemd[1]: dhcpd.service: Main process exited, code=exited, status=1/FAILURE May 18 07:24:16 servera systemd[1]: dhcpd.service: Failed with result 'exit-code'. May 18 07:24:16 servera systemd[1]: Failed to start DHCPv4 Server Daemon. [root@servera ~]#
- ファイアウォール許可サービス
[root@servera ~]# firewall-cmd --permanent --add-service=dhcp success [root@servera ~]# [root@servera ~]# firewall-cmd --reload success [root@servera ~]# [root@servera ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 eth1 sources: services: cockpit dhcp dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@servera ~]#
- サービス構成ファイルの検索と変更
[root@servera ~]# rpm -qc dhcp-server /etc/dhcp/dhcpd.conf <-- this is the main configuration file /etc/dhcp/dhcpd6.conf /etc/openldap/schema/dhcp.schema /etc/sysconfig/dhcpd <-- this is another configuration file should review /var/lib/dhcpd/dhcpd.leases /var/lib/dhcpd/dhcpd6.leases [root@servera ~]# [root@servera ~]# cat /etc/dhcp/dhcpd.conf # # DHCP Server Configuration file. # see /usr/share/doc/dhcp-server/dhcpd.conf.example <-- this is configuration example # see dhcpd.conf(5) man page # [root@servera ~]# [root@servera ~]# cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bak <-- backup main configuration [root@servera ~]# [root@servera ~]# vim /etc/dhcp/dhcpd.conf <-- edit the main configuration file :r /usr/share/doc/dhcp-server/dhcpd.conf.example <-- read and copy example to this main configuration file Then make changes, get following result finally : # # dhcpd.conf # option domain-name "example-net"; option domain-name-servers 172.25.254.254; default-lease-time 800; max-lease-time 7200; authoritative; log-facility local7; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.200 192.168.0.254; option domain-name-servers 172.25.254.254; option domain-name "example-net"; option routers 192.168.0.1; option broadcast-address 192.168.0.255; default-lease-time 800; max-lease-time 7200; } # assign one specific ip address to host serverb host serverb { hardware ethernet 52:54:00:01:fa:0b; fixed-address 192.168.0.102; } [root@servera ~]# cat /etc/sysconfig/dhcpd # WARNING: This file is NOT used anymore. # If you are here to restrict what interfaces should dhcpd listen on, # be aware that dhcpd listens *only* on interfaces for which it finds subnet # declaration in dhcpd.conf. It means that explicitly enumerating interfaces # also on command line should not be required in most cases. # If you still insist on adding some command line options, # copy dhcpd.service from /lib/systemd/system to /etc/systemd/system and modify # it there. # example: <-- follow above guide to set dhcp running interface # $ cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/ # $ vi /etc/systemd/system/dhcpd.service # $ ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid <your_interface_name(s)> # $ systemctl --system daemon-reload # $ systemctl restart dhcpd.service [root@servera ~]# [root@servera ~]# vi /etc/systemd/system/dhcpd.service ... [Service] ... ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid eth1 <-- set interface "eth1" ... [root@servera ~]# dhcpd -t <-- syntax check after configuration file modified Internet Systems Consortium DHCP Server 4.3.6 Copyright 2004-2017 Internet Systems Consortium. All rights reserved. For info, please visit www-isc-org/software/dhcp/ ldap_gssapi_principal is not set,GSSAPI Authentication for LDAP will not be used Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file Config file: /etc/dhcp/dhcpd.conf Database file: /var/lib/dhcpd/dhcpd.leases PID file: /var/run/dhcpd.pid Source compiled to use binary-leases [root@servera ~]# [root@servera ~]# echo $? 0 <-- it means there's no errors, all fine for syntax check by command "dhcpd -t" [root@servera ~]#
- ファイルのアクセス許可とセキュリティ ポリシーのレビューと設定
ファイルのアクセス許可とセキュリティポリシーについては、DHCPサービスを変更する必要はありません。ここに特定の要件がある場合は、設計に従って変更を加えます。
- サービスを再起動します
[root@servera ~]# systemctl --system daemon-reload [root@servera ~]# [root@servera ~]# systemctl restart dhcpd.service [root@servera ~]# [root@servera ~]# systemctl status dhcpd ● dhcpd.service - DHCPv4 Server Daemon Loaded: loaded (/etc/systemd/system/dhcpd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2023-05-18 08:00:00 GMT; 16s ago <-- status is active (running) Docs: man:dhcpd(8) man:dhcpd.conf(5) Main PID: 4514 (dhcpd) Status: "Dispatching packets..." Tasks: 1 (limit: 11251) Memory: 5.2M CGroup: /system.slice/dhcpd.service └─4514 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid eth1 May 18 08:00:00 servera systemd[1]: Started DHCPv4 Server Daemon. May 18 08:00:12 servera dhcpd[4514]: DHCPDISCOVER from 52:54:00:01:fa:0d via eth1 May 18 08:00:12 servera dhcpd[4514]: DHCPDISCOVER from 52:54:00:02:fa:0d via eth1 May 18 08:00:13 servera dhcpd[4514]: DHCPOFFER on 192.168.0.200 to 52:54:00:01:fa:0d (serverd) via eth1 May 18 08:00:13 servera dhcpd[4514]: DHCPREQUEST for 192.168.0.200 (192.168.0.10) from 52:54:00:01:fa:0d (serverd) via eth1 May 18 08:00:13 servera dhcpd[4514]: DHCPACK on 192.168.0.200 to 52:54:00:01:fa:0d (serverd) via eth1 May 18 08:00:13 servera dhcpd[4514]: ICMP Echo Reply for 192.168.0.200 late or spurious. May 18 08:00:13 servera dhcpd[4514]: DHCPOFFER on 192.168.0.201 to 52:54:00:02:fa:0d (serverd) via eth1 May 18 08:00:13 servera dhcpd[4514]: DHCPREQUEST for 192.168.0.201 (192.168.0.10) from 52:54:00:02:fa:0d (serverd) via eth1 May 18 08:00:13 servera dhcpd[4514]: DHCPACK on 192.168.0.201 to 52:54:00:02:fa:0d (serverd) via eth1 [root@servera ~]# Notes: If service fails to restart, you should do further trouble-shooting to resolve it. From the below logs, you may find some valuable clues. [root@server ~]# tail /var/log/messages [root@server ~]# journalctl -u [service unit name]
- サービス ステータスのテストと検証
From another host serverb to check if dhcp service working fine. [root@serverb ~]# nmcli connection show | grep eth1 Wired connection 2 706e063c-ee02-349e-8311-2c9837611ec4 ethernet eth1 [root@serverb ~]# [root@serverb ~]# nmcli connection modify Wired\ connection\ 2 ipv4.method auto connection.autoconnect yes [root@serverb ~]# [root@serverb ~]# nmcli connection up Wired\ connection\ 2 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/260) [root@serverb ~]# [root@serverb ~]# ip address show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:01:fa:0b brd ff:ff:ff:ff:ff:ff inet 192.168.0.102/24 brd 192.168.0.255 scope global dynamic noprefixroute eth1 valid_lft 777sec preferred_lft 777sec inet6 fe80::dead:38b9:8837:8c6e/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@serverb ~]# [root@serverb ~]# ping 192.168.0.10 <-- servera is reachable PING 192.168.0.10 (192.168.0.10) 56(84) bytes of data. 64 bytes from 192.168.0.10: icmp_seq=1 ttl=64 time=3.21 ms 64 bytes from 192.168.0.10: icmp_seq=2 ttl=64 time=1.64 ms 64 bytes from 192.168.0.10: icmp_seq=3 ttl=64 time=1.19 ms ^C --- 192.168.0.10 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 10ms rtt min/avg/max/mdev = 1.189/2.013/3.210/0.867 ms [root@serverb ~]# [root@servera ~]# ip address show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:01:fa:0a brd ff:ff:ff:ff:ff:ff inet 192.168.0.10/24 brd 192.168.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::8779:8d69:d3cf:3fab/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@servera ~]#
以下は、よく知られているサービス名の表の一覧です。
図1: サービス名テーブル一覧
メモ: この記事のすべてのログは、VMware環境のローカル仮想ラボから取得されます。
Affected Products
Red Hat Enterprise Linux Version 8Article Properties
Article Number: 000213739
Article Type: How To
Last Modified: 14 Aug 2024
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.