Build React Native App (4) - Redux, Jest, and NativeBase

Image
From this blog, typescript feature will be added. There are couple of ways to implement static type checking like; flow from facebook, PropTypes and Typescript. Typescript is well integrated with Visual Studio Code and supports better linter, error messages, and intellisense. Reference site Github Sample Ex4 Currnet version D:\GitRepo\reactnative>npm --version 6.3.0 D:\GitRepo\reactnative>react-native --version react-native-cli: 2.0.1 react-native: n/a - not inside a React Native project directory D:\GitRepo\reactnative>yarn --version 1.9.4 Creating React Native App $ react-native init ex4 If you want to specify the version, add "--version 0.57.3" at the end. Add NativeBase to React Native $ npm install native-base --save ... + native-base@2.8.1 added 71 packages from 42 contributors, removed 50 packages, updated 829 packages and audited 34989 packages in 138.542s found 0 vulnerabilities $ $ yarn yarn install v1.9.4 warning package-lock.json found. You...
1 comment

Automation with Ansible (6) - DDNS(Dynamic DNS) implementation with DNS(BIND) and DHCP on CentOS 7

Running DNS and integrate with DHCP on CentOS

We've reviewed how to add dhcp static IP address from DHCP and how to add it using ansible. This tutorial will show how to update DNS entry dynamically as soon as new IP is added into DHCP.

Reference

DDNS Reference DDNS Reference

Steps to implement DDNS

DNS setting
  • dns domain name: svcdmztest.flair.local
  • hostname: nsdmz01
  • ip: 10.201.0.30
Setup steps
  1. Install BIND, Bind-utils, and DHCP
  2. Generate Key (HMAC-SHA256 doesn't work this this version)
  3. Configure DNS(BIND) settings
  4. Configure DHCP settings
  5. Add filewall rules
  6. Modify nameserver
  7. Start DHCP and DNS service

1. Install BIND, Bind-utils and DHCP on CentOS

If notname is not set, please set with hostnamectl
[root@nsdmz01 log]# hostnamectl set-hostname nsdmz01

[root@nsdmz01 ~]# yum install bind bind-utils dhcp
...
completed

2. Generate KEY

To update DNS record, DHCP and DNS should have common key.
  1. Generate key
[root@nsdmz01 ~]# dnssec-keygen -v 5 -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DDNS_UPDATE
Kddns_update.+157+15152
[root@nsdmz01 ~]# cp Kddns_update.+157+15152.private ddns_update
[root@nsdmz01 ~]# vi ddns_update
[root@nsdmz01 ~]# cat ddns_update
key DDNS_UPDATE {
        algorithm       HMAC-MD5;
        secret          "rV3cpOLSKtvjwxMedTIzzg==";
};
[root@nsdmz01 ~]#
  1. Copy the "ddns_update" file to dhcp and named folder under "/etc/"
[root@nsdmz01 ~]# cp ddns_update /etc/named
[root@nsdmz01 ~]# cp ddns_update /etc/dhcp/
[root@nsdmz01 ~]# chown named:named /etc/named/ddns_update
[root@nsdmz01 ~]# chown root:root /etc/dhcp/ddns_update
[root@nsdmz01 ~]# chmod 640 /etc/named/ddns_update
[root@nsdmz01 ~]# chmod 640 /etc/dhcp/ddns_update
  1. Create log folder under "/var/log"
[root@nsmdz01 named]# cd /var/log
[root@nsmdz01 log]# mkdir named
[root@nsmdz01 log]# chown named:named named
[root@nsmdz01 log]#

3. Configure DNS(BIND) setting

  1. Create zone file.
[root@nsdmz01 named]# cd /var/named
[root@nsdmz01 named]# mkdir master
[root@nsdmz01 named]# chown named:named master
[root@nsdmz01 named]#
[root@nsdmz01 named]# cd master
[root@nsdmz01 master]# vi svcdmztest.flair.local.fwd
[root@nsdmz01 master]# vi svcdmztest.flair.local.rev
[root@nsdmz01 master]# chown named:named *
[root@nsdmz01 master]# chmod 640 *
[root@nsdmz01 master]# cat svcdmztest.flair.local.fwd
$TTL 1D ; 1 day
@       IN SOA  nsdmz01.svcdmztest.flair.local. root.svcdmztest.flair.local. (
                                3          ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                10800      ; minimum (3 hours)
                                )
                NS      nsdmz01.svcdmztest.flair.local.
nsmdz01    IN      A       10.201.0.30
[root@nsdmz01 master]# cat svcdmztest.flair.local.rev
$TTL 1D ; 1 day
@       IN SOA  nsdmz01.svcdmztest.flair.local. root.svcdmztest.flair.local. (
                                3          ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                10800      ; minimum (3 hours)
                                )
                NS      nsmdz01.svcdmztest.flair.local.
30      IN      PTR     nsmdz01.svcdmztest.flair.local.
[root@nsdmz01 master]# ll
total 8
-rw-r-----. 1 named named 310 Mar 21 18:30 svcdmztest.flair.local.fwd
-rw-r-----. 1 named named 324 Mar 21 18:31 svcdmztest.flair.local.rev
[root@nsdmz01 master]#
  1. set selinux security
[root@nsdmz01 named]# yum install policycoreutils-python
...
completed!
[root@nsdmz01 named]# semanage boolean --modify --on named_write_master_zones
  1. Testing zone file
[root@nsdmz01 named]# cd master
[root@nsdmz01 master]# named-checkzone svcdmztest.flair.local.fwd svcdmztest.flair.local.rev
zone svcdmztest.flair.local.fwd/IN: loaded serial 3
OK

3. Configure /etc/named.conf

Please look at comments starting with ** # Commnet: **
[root@nsdmz01 master]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
        # comment: modified
        listen-on port 53 { 10.201.0.30; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        # comment: modified
        allow-query     { 10.201.0.0/24; };
        #added. Two intenral DNS servers. This can be any DNS server
        forwarders { 172.16.10.11; 172.16.10.12; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        # comment: not changed. Must be yes to allow to resolve external names thorugh forwarders
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

# comment: modified, log file will be keep 7 files and 1MB per file
logging {
        channel default_debug {
                file "data/named.run" versions 7 size 1m;
                print-category yes;
                print-severity yes;
                print-time yes;
                severity dynamic;
        };
        channel update_debug {
                file "/var/log/named/update-debug.log" versions 7 size 1m;
                severity debug;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel security_info {
                file "/var/log/named/named-auth.info" versions 7 size 1m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        category default { default_debug; };
        category update { update_debug; };
        category security { security_info; };
};

zone "." IN {
        type hint;
        file "named.ca";
};

# Comment: added
zone "svcdmztest.flair.local" {
        type master;
        file "master/svcdmztest.flair.local.fwd";
        allow-update { key "DDNS_UPDATE"; };
};

# Comment: added
zone "0.201.10.in-addr.arpa" {
        type master;
        file "master/svcdmztest.flair.local.rev";
        allow-update { key "DDNS_UPDATE"; };
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/ddns_update";
[root@nsdmz01 master]#

4. Configure DHCP setting

[root@nsdmz01 master]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
ddns-domainname = "svcdmztest.flair.local";
ddns-rev-domainname = "in-addr.arpa";
default-lease-time 3600;
max-lease-time 7200;
ddns-updates on;
ddns-update-style interim;
authoritative;
update-static-leases on;
log-facility local0;

include "/etc/dhcp/ddns_update";

subnet 10.201.0.0 netmask 255.255.255.0 {
        option routers                  10.201.0.1;
        option subnet-mask              255.255.255.0;
        option domain-search            "svcdmztest.flair.local";
        option domain-name-servers      10.201.0.30;
        allow   client-updates;
        allow   unknown-clients;
        range   10.201.0.100   10.201.0.149;
}

zone svctest.flair.local. {
        primary 10.201.0.30;
        key DDNS_UPDATE;
}

zone 0.201.10.in-addr.arpa. {
        primary 10.201.0.30;
        key DDNS_UPDATE;
}
[root@nsdmz01 master]#

5. Set up Firewall. Allow DNS Port 53

If firewall is running, run below command
[root@nsmdz01 master]# firewall-cmd --permanent --add-service=dns
[root@nsmdz01 master]# firewall-cmd --reload

6. Modify nameserver on nsdmz01

[root@nsdmz01 master]# cat /etc/resolv.conf
nameserver 10.201.0.30
search svcdmztest.flair.local
[root@nsdmz01 master]#

7. Start DNS and DHCP services

[root@nsdmz01 ~]# systemctl start dhcpd
[root@nsdmz01 ~]# systemctl start named
[root@nsdmz01 ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-03-22 11:46:34 EDT; 18s ago
     Docs: man:dhcpd(8)
           man:dhcpd.conf(5)
 Main PID: 10996 (dhcpd)
   Status: "Dispatching packets..."
   CGroup: /system.slice/dhcpd.service
           └─10996 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid

Mar 22 11:46:34 nsdmz01 dhcpd[10996]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not...g fil

Mar 22 11:46:34 nsdmz01 dhcpd[10996]: Internet Systems Consortium DHCP Server 4.2.5
Mar 22 11:46:34 nsdmz01 dhcpd[10996]: Copyright 2004-2013 Internet Systems Consortium.
Mar 22 11:46:34 nsdmz01 dhcpd[10996]: All rights reserved.
Mar 22 11:46:34 nsdmz01 dhcpd[10996]: For info, please visit https://www.isc.org/software/dhcp/
Mar 22 11:46:34 nsdmz01 dhcpd[10996]: Wrote 1 leases to leases file.
Mar 22 11:46:34 nsdmz01 dhcpd[10996]: Listening on LPF/ens160/00:50:56:8f:09:68/10.201.0.0/24
Mar 22 11:46:34 nsdmz01 dhcpd[10996]: Sending on   LPF/ens160/00:50:56:8f:09:68/10.201.0.0/24
Mar 22 11:46:34 nsdmz01 dhcpd[10996]: Sending on   Socket/fallback/fallback-net
Mar 22 11:46:34 nsdmz01 systemd[1]: Started DHCPv4 Server Daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@nsdmz01 ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-03-22 11:46:38 EDT; 18s ago
  Process: 11009 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 11006 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -
 "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 11012 (named)
   CGroup: /system.slice/named.service
           └─11012 /usr/sbin/named -u named -c /etc/named.conf

Mar 22 11:46:38 nsdmz01 named[11012]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...6.ARP

Mar 22 11:46:38 nsdmz01 named[11012]: automatic empty zone: D.F.IP6.ARPA
Mar 22 11:46:38 nsdmz01 named[11012]: automatic empty zone: 8.E.F.IP6.ARPA
Mar 22 11:46:38 nsdmz01 named[11012]: automatic empty zone: 9.E.F.IP6.ARPA
Mar 22 11:46:38 nsdmz01 named[11012]: automatic empty zone: A.E.F.IP6.ARPA
Mar 22 11:46:38 nsdmz01 named[11012]: automatic empty zone: B.E.F.IP6.ARPA
Mar 22 11:46:38 nsdmz01 named[11012]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Mar 22 11:46:38 nsdmz01 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Mar 22 11:46:38 nsdmz01 named[11012]: command channel listening on 127.0.0.1#953
Mar 22 11:46:38 nsdmz01 named[11012]: command channel listening on ::1#953
Hint: Some lines were ellipsized, use -l to show in full.
[root@nsdmz01 ~]#

Testing and checking log

log

There are couple of places to check logs
  1. Using journalctl -xe
  2. Looking at files in /var/log/named folder
  3. Looking at /var/log/messages file
[root@nsdmz01 master]# journalctl -xe
Mar 21 18:58:12 nsdmz01 named[1600]: automatic empty zone: 125.100.IN-ADDR.ARPA
Mar 21 18:58:12 nsdmz01 named[1600]: automatic empty zone: 126.100.IN-ADDR.ARPA
Mar 21 18:58:12 nsdmz01 named[1600]: automatic empty zone: 127.100.IN-ADDR.ARPA
Mar 21 18:58:12 nsdmz01 named[1600]: automatic empty zone: 127.IN-ADDR.ARPA
...
[root@nsdmz01 master]# ll /var/log/named
total 0
-rw-r--r--. 1 named named 0 Mar 21 18:58 named-auth.info
-rw-r--r--. 1 named named 0 Mar 21 18:58 update-debug.log
[root@nsdmz01 master]# ll /var/log/named
total 0
-rw-r--r--. 1 named named 0 Mar 21 18:58 named-auth.info
-rw-r--r--. 1 named named 0 Mar 21 18:58 update-debug.log
[root@nsdmz01 master]# grep dhcpd /var/log/messages
...
Mar 21 18:57:06 nsdmz01 dhcpd: Internet Systems Consortium DHCP Server 4.2.5
Mar 21 18:57:06 nsdmz01 dhcpd: Copyright 2004-2013 Internet Systems Consortium.
Mar 21 18:57:06 nsdmz01 dhcpd: All rights reserved.
Mar 21 18:57:06 nsdmz01 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Mar 21 18:57:06 nsdmz01 dhcpd: Wrote 0 leases to leases file.
Mar 21 18:57:06 nsdmz01 dhcpd: Listening on LPF/ens160/00:50:56:8f:09:68/10.201.0.0/24
Mar 21 18:57:06 nsdmz01 dhcpd: Sending on   LPF/ens160/00:50:56:8f:09:68/10.201.0.0/24
Mar 21 18:57:06 nsdmz01 dhcpd: Sending on   Socket/fallback/fallback-net
[root@nsdmz01 master]#

test with nsupdate

[root@nsdmz01 ~]# cat nstest
server 10.201.0.30
zone svcdmztest.flair.local
update add test2.svcdmztest.flair.local 600 IN A 10.201.0.3
send
zone 0.201.10.in-addr.arpa
update add 3.0.201.10.in-addr.arpa 600 IN PTR test2.svcdmztest.flair.local.
send
[root@nsdmz01 ~]# nsupdate -k ddns_update nstest
[root@nsdmz01 master]# nslookup test2 10.201.0.30
Server:         10.201.0.30
Address:        10.201.0.30#53

Name:   test2.svcdmztest.flair.local
Address: 10.200.0.3
[root@nsdmz01 ~]# nslookup 10.201.0.3 10.201.0.30
Server:         10.201.0.30
Address:        10.201.0.30#53

3.0.201.10.in-addr.arpa name = test2.svcdmztest.flair.local.
[root@nsdmz01 master]#

DHCP Testing

Create new vm and this is the ipconfig result
Result from client
[ansible@ns01 ~]$ ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.201.0.100  netmask 255.255.255.0  broadcast 10.201.0.255
        inet6 fe80::1387:f886:5c4b:11bb  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:8f:7e:8f  txqueuelen 1000  (Ethernet)
        RX packets 22  bytes 3758 (3.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 90  bytes 11589 (11.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Log from server
[root@nsdmz01 master] journalctl -xe
-- The start-up result is done.
Mar 21 19:27:48 nsdmz01 dhcpd[1547]: DHCPREQUEST for 10.201.0.100 from 00:50:56:8f:7e:8f (ns01) via ens160
Mar 21 19:27:48 nsdmz01 dhcpd[1547]: DHCPACK on 10.201.0.100 to 00:50:56:8f:7e:8f (ns01) via ens160
Mar 21 19:27:48 nsdmz01 dhcpd[1547]: Added new forward map from ns01.svcdmztest.flair.local to 10.201.0.100
Mar 21 19:27:48 nsdmz01 dhcpd[1547]: Added reverse map from 100.0.201.10.in-addr.arpa to ns01.svcdmztest.flair.local
[root@nsdmz01 master]#
Ping from nameserver. The client hostname is ns01 as you see the log
[root@nsdmz01 master]# ping ns01
PING ns01.svcdmztest.flair.local (10.201.0.100) 56(84) bytes of data.
64 bytes from ns01.svcdmztest.flair.local (10.201.0.100): icmp_seq=1 ttl=64 time=0.523 ms
64 bytes from ns01.svcdmztest.flair.local (10.201.0.100): icmp_seq=2 ttl=64 time=0.374 ms
 
--- ns01.svcdmztest.flair.local ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.374/0.448/0.523/0.077 ms
[root@nsdmz01 master]#

Summary

I've spent almost 4 days to figure this setting and what a pain. Especially, the setting of selinux caused the main issue to block writing files to zone file and days to find out solution. Hope to save your time.

Comments

Post a Comment

Popular posts from this blog

Build React Native App (4) - Redux, Jest, and NativeBase

Image
From this blog, typescript feature will be added. There are couple of ways to implement static type checking like; flow from facebook, PropTypes and Typescript. Typescript is well integrated with Visual Studio Code and supports better linter, error messages, and intellisense. Reference site Github Sample Ex4 Currnet version D:\GitRepo\reactnative>npm --version 6.3.0 D:\GitRepo\reactnative>react-native --version react-native-cli: 2.0.1 react-native: n/a - not inside a React Native project directory D:\GitRepo\reactnative>yarn --version 1.9.4 Creating React Native App $ react-native init ex4 If you want to specify the version, add "--version 0.57.3" at the end. Add NativeBase to React Native $ npm install native-base --save ... + native-base@2.8.1 added 71 packages from 42 contributors, removed 50 packages, updated 829 packages and audited 34989 packages in 138.542s found 0 vulnerabilities $ $ yarn yarn install v1.9.4 warning package-lock.json found. You...
Read more

Replacing text in PDF file using iTextSharp

ReplacingTextUsingITextSharp title: Replacing text in PDF file using iTextSharp tags: - PDF - Replace Text - iTextSharp date: Nov 11, 2016 Overview I’ve trying to replace text in PDF file and this is most simple way to replace text in PDF files. Before approaching this, I’ve tried to replace text using command toolkit with pdftk, qpdf to decrypt, and sfk181 to replace string with new, but this approach faced couple of issues; 1. font, 2. text area size. After long investigation, this may be easy way to replace text. Put white colored rectangle on top of string and stamp text on the location like erase text using whitner and write on top of it. Tools Visual Studio 2013 C# iTextSharp Code using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using iTextSharp.text.pdf; using iTextSharp.text.pdf.parser; using iTextSharp.text; using System.IO; namespace EMTechnicalDieline { class Program ...
Read more

Using GIT(Bitbucket), Visual Studio Code

Concept of Git Git has two repositories; local and remote. Two different commands type to commit the changes; 1. commit/add: load/save changes to the local repository. 2. push/pull/clone: load/save changes from/to remote repository. How to setup remote git server , bitbucket , with Visual Studio Code To use git, I downloaded it from [git-scm](“ https://git-scm.com/downloads “) and installed with bash mode to keep the comparability for different platform. Set up remote repository * Create project from bitbucket. In this case, I created “blogmarkdown”. Remember the URL for the git repository. To find out the repository, just add “.git” at the end of the URL from bitbucket. For me, it will be “ https://alexjoh@bitbucket.org/alexjoh/blogmarkdown.git ” Link the remote with local folder * Create local folder. In my case, I created d:\gitrepo Initialize git local repo. Change the folder to the gitrepo and run git init If there are existing files from a remote git re...
Read more