|
|
(17 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
|
| |
|
| = Introduction = | | == Introduction == |
|
| |
|
| There are no software or configuration differences between the PMA-65 and PMA-85 appliances.
| | All Performance Management Appliances (PMA) are based on a hardened versions on CentOS 7 64-bit Linux Operating System. |
|
| |
|
| <span class="tx f163" style="border-width: 0px 0px 0px 11pt; top: 22.8pt; width: 109.2pt; height: 9.7pt; letter-spacing: -0.05pt; word-spacing: 0.09pt;">Both solutions are build on a </span>hardened distribution of <span class="tx" style="left: 228.4pt; top: 32.5pt; width: 30.2pt; height: 9.7pt; letter-spacing: -0.09pt;">CentOS</span><span class="tx" style="left: 258.7pt; top: 32.5pt; width: 2.9pt; height: 9.7pt;"> </span><span class="tx" style="left: 261.5pt; top: 32.5pt; width: 5pt; height: 9.7pt;">7</span><span class="tx" style="left: 266.6pt; top: 32.5pt; width: 2.9pt; height: 9.7pt;"> </span><span class="tx" style="left: 269.5pt; top: 32.5pt; width: 10.2pt; height: 9.7pt; letter-spacing: -0.07pt;">64</span><span class="tx" style="left: 279.7pt; top: 32.5pt; width: 3.6pt; height: 9.7pt;">-</span><span class="tx" style="left: 283.3pt; top: 32.5pt; width: 110pt; height: 9.7pt; letter-spacing: -0.05pt; word-spacing: 0.09pt;">bit Linux Operating System</span><span class="tx" style="border-width: 0px 10pt 0px 0px; left: 393.3pt; top: 32.5pt; width: 64pt; height: 9.7pt; letter-spacing: -0.05pt; word-spacing: 0.09pt;">. </span>We are using <span class="tx" style="border-width: 0px 0px 0px 11pt; top: 42.3pt; width: 25.8pt; height: 9.7pt; letter-spacing: -0.05pt;">Kernel</span><span class="tx" style="left: 35.8pt; top: 42.3pt; width: 3.6pt; height: 9.7pt;">-</span><span class="tx" style="left: 39.4pt; top: 42.3pt; width: 91.2pt; height: 9.7pt; letter-spacing: -0.04pt; word-spacing: -0.03pt;">based Virtual Machine </span><span class="tx" style="left: 130.6pt; top: 42.3pt; width: 27.9pt; height: 9.7pt; letter-spacing: -0.05pt;">(KVM) </span><span class="tx" style="left: 158.5pt; top: 42.3pt; width: 103.9pt; height: 9.7pt; letter-spacing: -0.05pt; word-spacing: -0.01pt;">as virtualization platform.</span>
| | Kernel-based Virtual Machine (KVM) is used as virtualization platform. |
|
| |
|
| | | |
|
| |
|
| = Access to the appliance = | | == Solution == |
|
| |
|
| {{#invoke:Message box|ambox |type=info|text=A really nice terminal emulator that handles both SSH and VNC connections is called MobaXterm. Freely available at: [http://mobaxterm.mobatek.net/download.html http://mobaxterm.mobatek.net/download.html]}}
| | === Accessing the appliance === |
|
| |
|
| The appliance is accessible through SSH using your favorite terminal emulator. The appliance ships with two predefined user accounts, ''root ''and ''comcert''. The ''comcert'' user is reserved for COMCERT staff members. The ''root'' user is granted rights sufficient for all operations.
| | |
| <pre> # ssh -l root <IPaddressPMA-65>
| |
| </pre>
| |
|
| |
|
| = Access to the virtual machines = | | {{#invoke:Message box|ambox |type=info|text=We recommend using MobaXterm to access the appliance. Download MobaXterm at: [http://mobaxterm.mobatek.net/download.html http://mobaxterm.mobatek.net/download.html]}} |
|
| |
|
| The virtual machines running on this appliance are accessible through SSH, HTTP and VNC.
| | |
|
| |
|
| *SSH
| | The appliance is accessible through ssh using your favorite terminal emulator. The appliance ships with two user accounts, ''Administrator'' and ''comcert''. User ''Administrartor'' has been created to allow the end-user to safely shut down and reboot the appliance. User ''comcert'' is reserved for COMCERT support engineers. To connect to PMA from another terminal session, run the following command: |
| <pre># ssh -l TVadmin <IPaddressTVC> | | <pre>ssh -l Administrator <IPaddressPMA></pre> |
| # ssh -l TVadmin <IPaddressTVF>
| |
| </pre> | |
|
| |
|
| *HTTP
| | |
| | |
| https://<IPaddressTVC>
| |
| | |
| https://<IPaddressTVF>
| |
| | |
| *VNC
| |
|
| |
|
| Console vTVC <IPaddressPMA-65>:9801
| | === Shutdown or reboot the appliance === |
| | |
| Console vTVF <IPaddressPMA-65>:9802
| |
|
| |
|
| | | |
|
| |
|
| = Reboot / Halt appliance =
| | {{#invoke:Message box|ambox |type=warning|text=All applications and virtuals machines must be brought-down properly before shutting down or rebooting the appliance. Failure to do so may result in irreparable damage to the databases and loss of recorded data.}} |
| | |
| {{#invoke:Message box|ambox |type=warning|text=Before rebooting or halting the appliance the virtual machines should be brought down properly. Failure to do so may result in irreparable damage to the database and consquently in data loss.}} | |
| | |
| Shutdown the instance properly:
| |
| <pre>[TVadmin@vtvc ~]$ sudo su -
| |
| Last login: Fri Oct 7 19:26:23 UTC 2016 on pts/0
| |
| [root@vtvc ~]# shutdown -h now
| |
| </pre>
| |
| <pre>[TVadmin@vtvf ~]$ sudo su -
| |
| Last login: Fri Oct 7 19:26:23 UTC 2016 on pts/0
| |
| [root@vtvf ~]# shutdown -h now
| |
| </pre>
| |
| | |
| Verify the instances are powered off:
| |
| <pre>[root@appliance ~]# virsh list --all
| |
| </pre>
| |
| | |
| Now it is safe to shut down the appliance:
| |
| <pre>[root@appliance ~]# shutdown -h now
| |
| </pre>
| |
| | |
| Now it is safe to reboot the appliance:
| |
| <pre>[root@appliance ~]# shutdown -r now
| |
| </pre>
| |
| | |
| The instances are started automatically when the appliance boots.
| |
|
| |
|
| | | |
|
| |
|
| = Disable SSH login for root user =
| | Stage 1 - shutdown the application |
| | |
| A best practice is to disable the SSH login for the root user account. In the example found below we create a user account named ''customer ''with the password ''s3cure!'':
| |
| | |
| Add the user. In the following example, we will use the user name ''customer''. The command adduser will automatically create the user, initial group, and home directory.
| |
| <pre>[root@appliance ~]# adduser customer
| |
| [root@appliance ~]# id customer
| |
| uid=1001(admin) gid=1001(customer) groups=1001(customer)
| |
| [root@appliance ~]# ls -lad /home/customer/
| |
| drwx------ 2 customer customer 4096 Jun 25 16:01 /home/customer/
| |
| </pre>
| |
| | |
| Set the password for the ''customer'' user. When prompted, type and then retype the password.
| |
| <pre>[root@appliance ~]# passwd customer
| |
| Changing password for user customer.
| |
| New UNIX password: s3cure!
| |
| Retype new UNIX password: s3cure!
| |
| passwd: all authentication tokens updated successfully.
| |
| [root@appliance ~]#
| |
| </pre>
| |
| | |
| For sudo permissions for your new admin user, use the following command.
| |
| <pre>[root@appliance ~]# usermod -aG wheel customer
| |
| </pre>
| |
| | |
| SSH to the server with the new admin user and ensure that the login works.
| |
| <pre>[root@appliance ~]# ssh -l customer <IPaddressPMA-65>
| |
| customer@<IPaddressPMA-65>'s password: s3cure!
| |
| [customer@appliance]#
| |
| </pre>
| |
| | |
| Verify that you can su (switch user) to root with the admin user.
| |
| <pre>[customer@appliance ~]$ sudo su -
| |
| Password: s3cure!
| |
| [root@appliance ~]$ whoami
| |
| root
| |
| </pre>
| |
|
| |
|
| To disable root SSH login, edit /etc/ssh/sshd_config with your favorite text editor.
| | Stage 2 - shutdown the virtual machine |
| <pre>[root@appliance ~]# vi /etc/ssh/sshd_config
| |
| </pre>
| |
|
| |
|
| Change this line:
| | Stage 3 - shutdown or reboot the appliance |
| <pre>#PermitRootLogin yes
| |
| </pre>
| |
|
| |
|
| Edit to this:
| | For your convienience, two scripts are created that will take care of these three stages in the correct order. To execute a script, you must first connect to PMA and login as Administrator. |
| <pre>PermitRootLogin no
| |
| </pre>
| |
|
| |
|
| Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server.
| | Once authenticated, run one of the following commands: |
| <pre>[root@appliance ~]# systemctl restart sshd | | <pre>pma-reboot</pre> |
| [root@appliance ~]#
| | <pre>pma-shutdown</pre> |
| </pre> | |
|
| |
|
| You will now be able to connect to your server via ssh with the ''customer'' user and then use the command <span class="screenshot_callout">sudo su -</span> to switch to the root user.
| | It may take several minutes for the appliance to reboot or shutdown correctly. |
Introduction
All Performance Management Appliances (PMA) are based on a hardened versions on CentOS 7 64-bit Linux Operating System.
Kernel-based Virtual Machine (KVM) is used as virtualization platform.
Solution
Accessing the appliance
The appliance is accessible through ssh using your favorite terminal emulator. The appliance ships with two user accounts, Administrator and comcert. User Administrartor has been created to allow the end-user to safely shut down and reboot the appliance. User comcert is reserved for COMCERT support engineers. To connect to PMA from another terminal session, run the following command:
ssh -l Administrator <IPaddressPMA>
Shutdown or reboot the appliance
| All applications and virtuals machines must be brought-down properly before shutting down or rebooting the appliance. Failure to do so may result in irreparable damage to the databases and loss of recorded data. |
Stage 1 - shutdown the application
Stage 2 - shutdown the virtual machine
Stage 3 - shutdown or reboot the appliance
For your convienience, two scripts are created that will take care of these three stages in the correct order. To execute a script, you must first connect to PMA and login as Administrator.
Once authenticated, run one of the following commands:
pma-reboot
pma-shutdown
It may take several minutes for the appliance to reboot or shutdown correctly.