KB450296 – CentOS Configuration Guide

Last modified: May 20, 2021
You are here:
Estimated reading time: 6 min

CentOS Configuration

Scope/Description:

This document will walk through how 45Drives configures a Storinator running CentOS 7. We will walk through gaining access to the Cockpit UI, using ZFS to create your RAID, and creating Samba / NFS shares.

Please note this article references CentOS8 in the screenshots. This UI functions are the same for a CentOS7 system.

Prerequisites:

Must have 45Drives’ master image of CentOS 7 installed on your Storinator. This master image will have the Cockpit UI pre-installed along with all the necessary packages for ZFS, Samba, and NFS.

Knowing whether an IP address will be assigned via DHCP, or having to set one manually would be ideal as you’ll need an IP address before you can access the Cockpit UI.

Steps:

  • Either via IPMI or via a monitor with keyboard and mouse plugged into the sever – you’ll see this console login screen. Default login is root and passwordAlso note the line that says Web console: https://localhost:9090/ – That is the cockpit UI that we’ll be using to do this setup in, but we need to know the IP Address of this machine before we can head there.
  • Once you login, you can run the ip a command to get a list of all network interfaces and their assigned IP Addresses. You can see below highlighted in yellow, our address in this example is 192.168.114.88.

  • If you do not see an IP address listed, you can either run dhclient which will use DHCP to assign an IP, or you can use nmtui which will allow you to manually assign your IP address.
  • nmtui
  • Edit a connection

  • eno1 and eno2 will be the two onboard ports, in this example I’ll assign a static IP to eno1.
  • Fill out all fields with the correct information
  • Scroll down to <OK> and then go to Activate a Connection
  • With eno1 highlighted, go over to <Deactivate> and hit Enter. You will see <Activate> and then hit Enter again to re-activate the interface.
  • Scroll down to <Back> and then click OK to return to the command line.
  • Now you’re ready to head to the Cockpit UI – open a browser and enter http://IP.ADDRESS:9090 – in this example it would be http://192.168.114.88:9090
  • You’ll be greeted with this login page, default credentials are the same that we used logging into the console – root and password
  • Once you’re in the UI, you can make further changes to the network by clicking on the Networking tab.
  • Existing network interfaces can be modified under the Interfaces block. To create a bonded NIC, click on Add Bond. Check off the NIC Interfaces you want to bond, as well as choosing the bonding Mode you want to use. When you click Apply, the bond will appear down in the Interface block, and you can assign your IP address by clicking on bond0.
  • Next, click on the File Sharing tab, this is where we’ll create our ZFS array and configure our shares. The first time opening this tab you’ll be see the following pop up – uncheck the Display boot storage pool option. Log level is fine to leave it as the default.
  • When creating a zpool with Cockpit, it will only allow you to create 1 VDEV when originally creating the pool, so if you’re planning on having more than 1, you’ll have to add the others after the pool is created.
  • Click on Create Storage Pool to open up the configuration window. You’ll need to enter a name as well as chose your RAID level (Virtual Device).
  • Uncheck the Disks WWN box, and then in Disk Identifier – select Virtual Device Mapping, this will use device aliasing to match up disks to the physical slot in the chassis
  • Click on the disks you want to include in your first VDEV, you’ll see a checkmark in the box once the disk is selected.
  • All other default options are fine, unless your specific use case deems for further customization. Click create to build your storage pool.
  • Once the storage pool is built, you may want to add another VDEV – to do so, click on the pool in the list to have a drop down of options appear. Click on Status followed by the 3 vertical dots on the far right shown below. Click on Add Virtual Device to add another Vdev.
  • This will open up a window in which we need to uncheck the Disks WWN box and select Virtual Device Mapping as our Disks Identifier. Then select the next group of disks that you want to be in this VDEV, once they’re all selected click on Add.
  • If you have any other VDEVs to add to your storage pool, repeat the above until you have used all of the disks you wanted to.
  • Next we’ll want to create a Dataset, the Cockpit UI lists these as Filesystems. Click on the Filesystems tab highlighted below and then click on the blue button that says Create Filesystem.
  • Enter your Filesystems name, for this example we’ll simply call it zpool-data. Within this window, you’ll also have the choice to create an NFS share or a Samba Share with this Filesystem. You can also choose not to enable either share, and make that addition later on by editing the Filesystem. We’ll leave both unchecked here and click Create.
  • There are 2 different paths that you can take when it comes to setting up / configuring permissions for Samba shares
    • Linux users / groups
    • Using Windows ACLs
  • We’ll start out by going over using Linux users / groups.
    • To get a list of all current groups – head to the terminal tab and run the command
      [root@centos8 ~]# getent group
    • If you want to create a new group, for example we’ll make one called RnD – we would run
      [root@centos8 ~]# groupadd RnD
    • Now if we were to re-run getent group we should see that group at the bottom of the list.
    • Now we’ll go to the Accounts tab in the UI where we can create a new user, assign groups and set Samba passwords.
      Click on Create New Account
    • First simply fill out the person’s first name and username, followed by their password for this specific machine, then click create.
    • To enable and configure the samba share, click on the 3 dots to the right of the filesystem and click Enable Samba share.
    • A window will open where you’ll get to pick the Share name (doesn’t need to be the same name as the Filesystem). You can check off Additional to open a text box to enter all of the smb.conf share definition – in this case we’d want to add valid users (where if it is a group, you lead it with an @)
    • Next thing to do is go back to the terminal to assign ownership of the filesystem (zfs calls it a dataset) to our RnD group and ensure that the group level has write permissions.
      Note: the path to your filesystem may differ from this example.

      [root@centos8 ~]# chown -R root:RnD /zpool/zpool-data/
      [root@centos8 ~]# chmod 775 -R /zpool/zpool-data/
    • Next make sure that the samba service is added to our firewall exception list
      [root@centos8 ~]# firewall-cmd --permanent --add-service=samba; firewall-cmd --reload
    • Now you should be able to map the share as a network drive with the folder syntax being \\serverIP\shareName – make sure you check off Connect using different credentials and enter your user and samba password when prompted.
  • Next we’ll go over the steps necessary if you’re binding to an AD and using Windows ACLs to control permissions.
    • First you’ll want to join the server to the AD – which is outlined here.
    • When you join the AD, it will auto populate all of the necessary global settings in the smb.conf file.
    • Next you’ll want to add two lines to the global section of the smb.conf file.
      vfs objects = acl_xattr
      map acl inherit = yes

    • Now we need to grant the SeDiskOperatorPrivilege privilege to any domain groups / users that are going to be configuring share permissions.
      [root@centos8 ~]# net rpc rights grant "45LAB\domain admins" SeDiskOperatorPrivilege -U "45LAB\bk"
      Enter 45LAB\bk's password:
      Successfully granted rights.
      
      
    • You can list all users and groups who have this privilege by running:
      [root@centos8 ~]# net rpc rights list privileges SeDiskOperatorPrivilege -U "45LAB/bk"
      Enter 45LAB/bk's password:
      SeDiskOperatorPrivilege:
      SeDiskOperatorPrivilege:
      BUILTIN\Administrators
      45LAB\domain admins
    • Now we’ll go to the File Sharing tab and configure our samba share. Configure it as a barebones share as all permissions are set on the Windows side of things.
    • Now we need to set ownership and permisions to the dataset to the domain group that we set SeDiskOperatorPrivelege to:
      [root@centos8 ~] chown root:"45LAB\domain admins" /zpool/zpool-data
      [root@centos8 ~] chmod 0770 /zpool/zpool-data

    • For further details on Windows ACLS – check out this link
  •  Now looking at NFS.
    • We’ll want to create a Dataset, the Cockpit UI lists these as Filesystems. Click on the Filesystems tab highlighted below and then click on the blue button that says Create Filesystem.
    • Enter your Filesystems name, for this example we’ll simply call it zpool-data. Within this window, you’ll also have the choice to create an NFS share or a Samba Share with this Filesystem. You can also choose not to enable either share, and make that addition later on by editing the Filesystem. We’ll leave both unchecked here and click Create.
    • When we check off NFS Share, another line will show up called NFS Options. Here can you add another other export settings, but we’ll just leave the defaults.
    • Now if we go to the terminal to check to see if we’re exporting:
      [root@centos8 ~]# showmount -e
      Export list for centos8.45lab.local:
      /zpool/NFS-data *
      
      
    • Add the NFS service as a Firewall exception:
      [root@centos8 ~]# firewall-cmd --permanent --add-service=nfs
      [root@centos8 ~]# firewall-cmd --permanent --add-port=111/tcp
      [root@centos8 ~]# firewall-cmd --reload
      
      
    • You should now be able to mount this to a client machine.
Was this article helpful?
Dislike 2
Views: 495
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access