-
Run the default vagrant machine (vagrant init).
Login into the machine.
Destroy the machine. -
Update the vagrant file:
Change box type to Centos 7.
Run the machine.
Login into the machine and check it out. -
Machine network configuration:
-
- Forward guest port 80 to host port 8080.
- Login into the machine install Apache HTTPD or Ngnix and start the service.
- From the host machine:
Open browser with the follwing url: http://localhost:8080.
The default page for Apache HTTPD/Ngnix should show.
-
- Change machine network configuration to private network, type: dhcp.
- Run vagrant reload command.
- Login into the machine.
- Find the private network ip address.
- From the host machine:
Open browser with the follwing url: http://< machine-dhcp-private-ip > .
The default page for Apache HTTPD/Ngnix should show.
-
- This time we will use a hardcoded ip address.
- Change machine network configuration to private network, ip: 10.0.0.10.
- Please check that the ip is not in use.
- Run vagrant reload command.
- From the host machine:
Open browser with the follwing url: http://10.0.0.10 .
The default page for Apache HTTPD/Ngnix should show.
- Check the current provider the VM is running under.
- Login into the the machine and check a amount of CPU's and RAM the machine has.
Use two diffenrt commands for each setting. - Update the vagrant file with the following configuration:
- Change the provider to virtualbox (if it is already then make explicit).
- Change CPU's to double of the amount you have registered in the previous task.
- Change RAM to double of you the amount have registered in the previous task.
- Reload the vagrant machine.
- Login into the the machine and check a amount of CPU's and RAM the machine has.
- Create Multi-Machine vagrant file:
- Run the default vagrant machine (vagrant init).
- Make necessary changes to the vagrant file to define 3 machines.
The machines will simulate a load balancer and two web servers topology:- lb1
- web1
- web2
- Boxes type should be Centos 7.
- Run vagrant status and login into all the machines to verify they are all running.
- Configure private network to all machines:
- Configure a private network ip address to all machines (on same network).
- Run vagrant reload.
- Login to one of the machine and check connectivity to the other machines with
ping
command.
- Create a Multi-Machine vagrant file with the following machines:
- app-host1
- app-host2
- lb-host1
- lb-host2
- Running non privillged application:
- Run 2 python application on the (same) host (app-host1)
- Output should be
Python application #1
andPython application #2
respectively. - Applications should be listining on porty 8080 and 9090 respectively.
- Applications should not as privilaged (root) user.
- Applications should run in the background.
- Bonus: Run both a application as Daemons.
- Configure Apache as as a reverse proxy for both application:
- Apache should run on the same host on which the applications are running on.
- Create two Virtual Hosts for both application
python1.example.com
andpython2.example.com
respectively. - Generate two self signed certificates to match the hostname in virtualhost and configure the virtualhosts with the certificate.
- Replicate the host configuration on a second host (app-host2):
- Application configuration
- Apache configuration
- Configure HAProxy Load Balancer:
- Install and configure Haproxy on a new host (lb-host1).
- Configure a TCP frontend to perform basic health check and round-robin load balancing.
- Configure backend as the two Application servers.
- Test the health check functionality by stopping the
httpd
(Apache) daemon on one the host. Can the application still be reached via HAproxy?
- Replicate Haproxy configuration on new host and implement HAProxy High Availability:
- Install and configure Haproxy on a new host (lb-host2).
- Replicate the configuration from the first HAProxy host.
- Install and Configure KeepAlived on both hosts and test the floating IP functionallity.
- Implement Authentication mechanism via Apache configuration:
- Use
mod_auth_gssapi
. - Use
AuthType GSSAPI
. - Create a keytab to store the domain credentials and configure apache to use the keytab.
- Allow all users to login.
- Application should read the
REMOTE_USER
header and print users user name as he accsess the application.