I have attached file below



Practical Assignment Three: systemd systemd is the replacement to the legacy Unix SysV and BSD INIT daemons. It provides a suite of components for managing services, in addition to many other functions such as logging, device management, managing mounts, networks/sockets, etc. In this assignment, you will use systemd to create a simple service that runs as a web service (using Python’s SimpleHTTPServer method). Step 1: Configure Firewalls and test Python 1. Configure Google Cloud Firewall to allow ports 80 and 8080 to your VM (this step is optional, but makes the assignment more fun): a. Log in to your Google Cloud Console and navigate to your Virtual Instances in the Compute Engine. b. Click on your Linux server to see the properties, then click “edit” c. Find the section for “Network Tags” and add a tag. For example, I used “cis285-server”. You will reference this tag later; it is how this machine will be identified by Google’s virtual firewall. Be sure to click “Save” when you are done. d. Click the main menu button (the “hamburger” with three horizontal lines), and go to the “Network” group, “VPC Networks”, then “Firewall”. e. Create a new firewall rule. Select: i. Direction: Ingress ii. Targets: Specified Target Tags iii. Target Tags: (enter the value you used for your “network tag” previously; for mine, I used “cis285-server”) iv. Source Filter: IP Ranges v. Source IP Ranges: 0.0.0.0/0 vi. Protocols/Ports: Specify TCP “80, 8080” vii. Save the new rule. 2. Configure the firewall in your Linux Server: a. Use the “su” command so you will have the “root” context. (Look for the # prompt, not $). b. Your default zone should still be “public”; use the command firewall-cmd –get-active-zone to verify. i. If the active zone is not public, use this command to set it: 1. firewall-cmd --set-default-zone=public --permanent ii. Add FTP, HTTP, and port 8080 to your firewall rules: 1. firewall-cmd --zone=public --permanent --add-service=ftp 2. firewall-cmd --zone=public --permanent --add-service=http 3. firewall-cmd --zone=public --permanent --add-port=8080/tcp iii. Verify it worked: 1. firewall-cmd --zone=public --list-ports 2. firewall-cmd --zone=public --list-services 3. Run a simple web server in your user-space: a. Create the following web page file, and customize the code to include your name: i. /home/student/index.html This is my page!

This is a sample page

This is a sample web page to demonstrate Python's simple web server.

Brian Green
b. From the same directory in which you created the HTML file, start the Python command to run a web server: i. python -m SimpleHTTPServer 80 1. Note: if this fails to start, make sure you are running as “root” (use the su command to change to root). ii. Test your web server: 1. Using your Linux Client: a. SSH to your “client” b. Use YUM to install Telnet: sudo yum install telnet 2. Use the telnet command to call the web server and retrieve your web page: a. telnet hostname_or_ip 80 b. At the prompt, type: GET /index HTTP/1.1 [Enter] Host: foo [Enter] [Enter] c. Take a screen capture of the output from both the client and the server showing the loading of the page. Note, the HTML code should include your name. 3. Use a web browser to test your server (Optional): a. In the Google Cloud console, find the external IP of your server VM. This is the same IP you use to SSH to your Linux machine. b. Open a web browser and use that IP to view your web page! iii. Use CTRL-C to kill your Python web server. Part 2: Explore your Unit Files: 1. First, take a look at your systemd unit files in the following two directories: a. /lib/systemd/system b. /etc/systemd/system i. Which of these have more unit files? Why is that? ii. What file extensions do you see? 2. Use systemctl commands to view your system unit files: a. Use systemctl list-units –all command to view all your system units. b. Modify that command, so it will show all unit files where the state is “running” c. Modify that command to it will show all unit files where the type is “service” d. Combine both of the previous commands, so you will see all “running” “services”. i. Is this useful? e. Use the command systemctl list-unit-files i. How does this compare to the previous commands? Which do you prefer? ii. Can you show the same information? f. Use the command systemctl cat vsftpd.service to show the contents of the VSFTPd unit file. i. What “sections” are in this file? ii. What settings/parameters are in this file? g. Use the systemctl list-dependencies vsftpd.service command to view the services upon which VSFTPd is dependent. i. Which services does VSFTPd depend on? Part 3: The journald Daemon and Utilities 1. Use the journalctl -b command to see all the log entries since your last reboot. 2. Use the journalctl –since “1 hour ago” command to see all entries in the last hour. 3. Use the journalctl -u vsftpd.service -f command to look at the log entries for VSFTPd in real time. 4. Connect to your “Linux Client” using another SSH session and attempt to FTP to your server (as we did in Practical Assignment 2), however, provide the wrong password when prompted, so the FTP login will fail. a. What is the message you see in the journalctl logging for VSFTPd? Part 4: Create a Service Using a systemd Unit File: 1. Create the following unit file: a. /etc/system/system/yourservice.service (replace “yourservice” with a name of your choice; this is how you will reference your service later, using systemctl.) [Unit] Description=Brians super simple web service After=network.target [Service] Type=simple User=student WorkingDirectory=/home/student ExecStart=python -m SimpleHTTPServer 80 Restart=on-abort 2. Use systemctl daemon-reload so systemd will find your new service. 3. Verify the new unit file using systemctl cat yourservice.service 4. Start your service using systemctl start yourservice a. Note, that the service should fail to start. The issue is that the the ExecStart must be the full path to the command; systemd will not work with relative paths or environment variables. You will need to edit the Unit File, and set “ExecStart” from python to /usr/bin/python b. Use the command journalctl –daemon-reload to ensure the new version of the file will be used by systemd 5. Start your service using systemctl start yourservice a. Check the logs in journalctl for your service. i. What was the command you used to check the logs? ii. What was the error? b. The reason your service failed to start, is that it is running in the “student” user space, and only “root” users can bind to low port numbers (like 80). i. To fix this, edit your unit file, and change port 80 to 8080 ii. Use the command journalctl –daemon-reload to ensure the new version of the file will be used by systemd 6. Start your service using systemctl start yourservice a. What command can you run to verify the service is now running? 7. Use the journalctl utility to output logging in real-time on the server, while you use your client to test the web server: a. From your client: telnet hostname_or_ip 80 i. At the prompt, type: GET /index HTTP/1.1 [Enter] Host: foo [Enter] [Enter] ii. Take a screen capture of the output from both the client and the server showing the logging from the service. b. Optional: Use a web browser to test your web server: i. Use the URL http://your_ip:8080