change IP address range
As described in previous posts, we have some servers in lxc network now.
I would like that servers shall have static IP addresses. Say, in the range from 10.0.3.2 until 10.0.3.99.
And client shall have dynamically assigned address, which should not conflict with server’s ones. Let’s limit range of IP addresses, which DHCP Server, dnsmasq assigns for.
You can configure IP address range by modifying lxc file under /etc/default directory.
$ diff lxc lxc.org
27,28c27,28
< LXC_DHCP_RANGE="10.0.3.100,10.0.3.199"
< LXC_DHCP_MAX="100"
---
> LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
> LXC_DHCP_MAX="253"
After restart, you will see that dnsmasq will set IP address range as follows:
dnsmasq -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/lxc/dnsmasq.pid --conf-file= --listen-address 10.0.3.1 --dhcp-range 10.0.3.100,10.0.3.199 --dhcp-lease-max=100 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative
Name Server
Now let’s move on to Name Server. Sometimes you would like to have your own name services to manipulate protocol like SMTP.
I hereby demonstrate procedure to set up BIND (version 9). In this example, we use fictitious domain, example.org.
We disregard redundancy and focus on primary server. That is, we omit secondary server :-).
By the way, following articles are good reference for you.
In this sample, we Ubuntu as platform. And goal is to setup instance as follows.
Installation
Installation is quite simple.
$ sudo apt-get install bind9 dnsutils
That’s all.
Server Configurations
Configuration files are stored under /etc/bind directory. You will modify some file and add zone files for forward/reverse lookup.
├── bind.keys
├── db.0
├── db.127
├── db.255
├── db.empty
├── db.local
├── db.root
├── named.conf
├── named.conf.default-zones
├── named.conf.local
├── named.conf.options
├── rndc.key
└── zones.rfc1918
Forward Zone
Append following lines into named.conf.local file so as to specify your domain name and its zone file.
zone "example.org" {
type master;
file "/etc/bind/db.example.org";
};
Create zone file, db.example.org, so as to describe host in the domain.
;
; BIND data file for example.org
;
$TTL 604800
@ IN SOA example.org. root.example.org. (
20130928 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
IN A 10.0.3.10
;
@ IN NS dns.example.org.
@ IN A 10.0.3.10
@ IN AAAA ::1
dns IN A 10.0.3.10
;MTA
IN MX 10 mta.example.org.
mta IN A 10.0.3.20
Reverse Zone
And now configure for reverse lookup. Same as forward lookup, append following lines into named.conf.local.file.
zone "3.0.10.in-addr.arpa" {
type master;
file "/etc/bind/db.10";
};
And create a file named db.10 as follows.
;
; BIND reverse data file for network 10.0.3.0
;
$TTL 604800
@ IN SOA example.org. root.example.org. (
20130928 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.
10 IN PTR dns.example.org.
20 IN PTR mta.example.org.
Logging
Log message has been and will be your friend for debugging problem. Append following lines to named.conf.local file.
logging {
channel query.log {
file "/var/log/query.log";
severity debug 3;
};
category queries { query.log; };
};
And create a log file and change file owner to bind user.
$ sudo touch /var/log/query.log
$ sudo chown bind /var/log/query.log
You will see log messages like this.
client 127.0.0.1#34060 (mta.example.org): query: mta.example.org IN A +E (127.0.0.1)
start service
$ sudo service bind9 restart
Directory Server
Sometimes you may (or may not) want to have a Directory Server at your hand for, say, storing your addresses. Let us try if we can have Directory Server in virtual instance.
In this scenario, we use x86(i686) machine as host (not x64).
Download x86 version of Directory Server installer (V19710-01.zip) from OTN. And deploy it onto target virtual machine.
$ scp V19710-01.zip root@10.0.3.xxx:~/
As virtual machine have very limited number of tools, therefore you need to install basic commands like tar/unzip. Following sample will install Directory Server under /home/dsee7 directory.
$ sudo yum install unzip tar
$ unzip V19710-01.zip
$ tar xfv DSEE.7.0.Linux-X86-zip.tar.gz
$ DSEE_ZIP_Distribution/
$ unzip -d /home sun-dsee7.zip
Ok, installation finished. Now let’s move on to configuration.
Let’s create instance.
$ ./dsadm create /home/dsee7/instance
Choose the Directory Manager password:
Confirm the Directory Manager password:
Use 'dsadm start '/home/dsee7/instance'' to start the instance
Now you may encounter problem that instance start fails.
$ ./dsadm start ../instance/
ERROR<4167> - Startup - conn=-1 op=-1 msgId=-1 - System error Load library /home/dsee7/lib/pwdstorage-plugin.so: error /home/dsee7/lib/../lib/private/libfreebl3.so: version 'NSSRAWHASH_3.12.3' not found (required by /lib/libcrypt.so.1)
libcrypt.so is dependent upon NSS.
$ ldd pwdstorage-plugin.so
./pwdstorage-plugin.so: /home/dsee7/lib/./../lib/private/libfreebl3.so: version 'NSSRAWHASH_3.12.3' not found (required by /lib/libcrypt.so.1)
And libfreebl3.so seems not to have it.
$ find / -name libfreebl3.so -ls
27270228 320 -rwxr-xr-x 1 root root 325256 Aug 7 16:17 /lib/libfreebl3.so
27660408 364 -rwxr-xr-x 1 root root 372385 Aug 27 2009 /home/dsee7/lib/private/libfreebl3.so
27791820 0 lrwxrwxrwx 1 root root 23 Sep 22 20:03 /usr/lib/libfreebl3.so -> ../../lib/libfreebl3.so
$ objdump -x /lib/libfreebl3.so |grep NSSRAWHASH_3.12.3
3 0x00 0x04ceacd3 NSSRAWHASH_3.12.3
$ objdump -x /home/dsee7/lib/private/libfreebl3.so |grep NSSRAWHASH_3.12.3
$
As temporary workaround, configure libfreebl3.so to reference one, which OS provides.
$ ls -l libfreebl3.so*
lrwxrwxrwx 1 root root 18 Sep 24 04:37 libfreebl3.so -> /lib/libfreebl3.so
-rwxr-xr-x 1 root root 372385 Aug 27 2009 libfreebl3.so.org
Now you can start daemon.
$ ./dsadm start ../instance/
Directory Server instance '/home/dsee7/instance' started: pid=523
Let’s create a suffix to store entires.
$ ./dsconf create-suffix "dc=lupin, dc=org"