1. NFS 패키지 설치
   [root@server ~]# yum -y install nfs-utils nfs-utils-lib
   
   
   
2. 서비스 등록 & 시작
   [root@server ~]# systemctl enable rpcbind
   [root@server ~]# systemctl enable nfs-server
   [root@server ~]# systemctl enable nfs-lock
   [root@server ~]# systemctl enable nfs-idmap
   
   [root@server ~]# systemctl start rpcbind
   [root@server ~]# systemctl start nfs-server
   [root@server ~]# systemctl start nfs-lock
   [root@server ~]# systemctl start nfs-idmap
   
   
   
3. 방화벽 등록
   
   
1. 모든 IP에 대해 오픈
   
   서비스 포트 등록
   [root@server ~]# firewall-cmd --permanent --add-port=111/tcp
   [root@server ~]# firewall-cmd --permanent --add-port=54302/tcp
   [root@server ~]# firewall-cmd --permanent --add-port=20048/tcp
   [root@server ~]# firewall-cmd --permanent --add-port=2049/tcp
   [root@server ~]# firewall-cmd --permanent --add-port=46666/tcp
   [root@server ~]# firewall-cmd --permanent --add-port=42955/tcp
   [root@server ~]# firewall-cmd --permanent --add-port=875/tcp
   
   방화벽 재시작
   [root@server ~]# firewall-cmd --reload
   
   방화벽 상태 확인
   [root@server ~]# firewall-cmd --list-all
   public (active)
     target: default
     icmp-block-inversion: no
     interfaces: eth0
     sources:
     services: dhcpv6-client ssh
     ports: 1111/tcp 54302/tcp 20048/tcp 2049/tcp 46666/tcp 42955/tcp 875/tcp
     protocols:
     masquerade: no
     forward-ports:
     source-ports:
     icmp-blocks:
     rich rules:
   
   공유 설정
   [root@server ~]# vi /etc/exports
     /share *(rw,sync,no_root_squash,no_subtree_check)
   
   NFS 서비스 reload
   [root@server ~]# exportfs -r
   
   
   
2. 특정 IP만 오픈
   
   소스 IP 등록
   [root@server ~]# firewall-cmd --permanent --add-source=xxx.xxx.xxx.xxx
   [root@server ~]# firewall-cmd --permanent --add-source=yyy.yyy.yyy.yyy
   
   rule 등록
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="111" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="54302" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="20048" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="2049" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="46666" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="42955" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="875" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="111" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="54302" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="20048" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="2049" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="46666" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="42955" portocol="tcp" accept'
   [root@server ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="875" portocol="tcp" accept'
   
   방화벽 재시작
   [root@server ~]# firewall-cmd --reload
   
   방화벽 상태 확인
   [root@server ~]# firewall-cmd --list-all
   public (active)
     target: default
     icmp-block-inversion: no
     interfaces: eth0
     sources: xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
     services: dhcpv6-client ssh
     ports:
     protocols:
     masquerade: no
     forward-ports:
     source-ports:
     icmp-blocks:
     rich rules:
           rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="111" portocol="tcp" accept
           rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="54302" portocol="tcp" accept
           rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="20048" portocol="tcp" accept
           rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="2049" portocol="tcp" accept
           rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="46666" portocol="tcp" accept
           rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="42955" portocol="tcp" accept
           rule family="ipv4" source address="xxx.xxx.xxx.xxx" port port="875" portocol="tcp" accept
           rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="111" portocol="tcp" accept
           rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="54302" portocol="tcp" accept
           rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="20048" portocol="tcp" accept
           rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="2049" portocol="tcp" accept
           rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="46666" portocol="tcp" accept
           rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="42955" portocol="tcp" accept
           rule family="ipv4" source address="yyy.yyy.yyy.yyy" port port="875" portocol="tcp" accept
   
   공유 설정
   [root@server ~]# vi /etc/exports
     /share xxx.xxx.xxx.xxx(rw,sync,no_root_squash,no_subtree_check)
     /share yyy.yyy.yyy.yyy(rw,sync,no_root_squash,no_subtree_check)
   
   NFS 서비스 reload
   [root@server ~]# exportfs -r

postfix 실행이 되지 않아서 systemctl 을 통해 확인을 해보았다.

상태 확인

[root@server ~]# systemctl start postfix.service

Job for postfix.service failed because the control process exited with error code. See "systemctl status postfix.service" and "journalctl -xe" for details.

[root@server ~]# systemctl status postfix.service

● postfix.service - Postfix Mail Transport Agent

   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)

   Active: failed (Result: exit-code) since Fri 2018-04-13 14:39:14 KST; 10s ago

  Process: 12901 ExecStart=/usr/sbin/postfix start (code=exited, status=1/FAILURE)

  Process: 12898 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)

  Process: 12893 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=75)

Apr 13 14:39:12 server systemd[1]: Starting Postfix Mail Transport Agent...

Apr 13 14:39:12 server aliasesdb[12893]: /usr/sbin/postconf: fatal: parameter inet_interfaces: no local interface found for ::1

Apr 13 14:39:13 server aliasesdb[12893]: newaliases: fatal: parameter inet_interfaces: no local interface found for ::1

Apr 13 14:39:13 server postfix[12901]: fatal: parameter inet_interfaces: no local interface found for ::1

Apr 13 14:39:14 server systemd[1]: postfix.service: control process exited, code=exited status=1

Apr 13 14:39:14 server systemd[1]: Failed to start Postfix Mail Transport Agent.

Apr 13 14:39:14 server systemd[1]: Unit postfix.service entered failed state.

Apr 13 14:39:14 server systemd[1]: postfix.service failed.

설정파일에 문제가 없는지 확인

[root@office_zabbix postfix]# postfix check

postfix: fatal: parameter inet_interfaces: no local interface found for ::1

::1은 IPv6에서 사용하는 loopback 인터페이스 주소로 IPv4에서는 127.0.0.1을 사용하며, 서버에서 IPv6를 사용하지 않으므로 hosts 파일의 해당부분을 주석처리를 하였습니다.

아래의 명령으로 NIC에 할당된 UUID를 확인할 수 있다.

[root@server ~]# nmcli connection

NAME               UUID                                  TYPE            DEVICE

Bond connection 1  9403949a-81b3-4418-a446-6784f0a1e07a  bond            bond0

bond0 slave 1      5ec90b16-76f5-4537-b2c8-00c434ee42d1  802-3-ethernet  p1p1

bond0 slave 2      37372477-e717-4d75-bdfe-1fb2fb99d653  802-3-ethernet  p1p2

em1                bb2e4fa0-55e6-4106-b2de-0b2aa1cda919  802-3-ethernet  --

em2                0796d073-cac4-4042-80ed-271ac75ce726  802-3-ethernet  --

em3                974b5488-4d5b-4cc8-8edf-5ea6535b972b  802-3-ethernet  --

em4                3948e11b-7005-4d0a-8a2e-116b6c16d856  802-3-ethernet  --

p1p1               c3708df4-b5c1-4e8c-8b75-7ac4fcb43e24  802-3-ethernet  --

p1p2               1ebab68c-a711-4205-b0b9-2cec095219d3  802-3-ethernet  --

[root@server ~]#

채널 본딩(Channel Bonding, 또는 이더넷 본딩) 은 호스트 컴퓨터에서 안전성이나 전송 속도를 높이기 위해서 두 개 이상의 네트워크 인터페이스를 다루는 기술 이다.

여러 개의 인터페이스를 하나의 인터페이스로 정의하여 패킷을 전송하며, Active/Backup 또는 Active/Active 로 구성이 가능하며, Active/Active방식의 경우 대역폭을 증가시킬 수 있다. (단 연결된 세션의 최대 대역폭은 1개의 인터페이스 속도에 제한 된다.)

구성 방식의 따라서, 연결된 스위치의 설정도 변경하여야 한다.

구성도 : 

서버는 2 개의 10GE 인터페이스를 각각 다른 스위치로 연결시켜서 Active/Backup 동작

참고로, 서버 OS 는 CentOS 7 이며, Switch 는  Arista Switch 를 사용

서버 설정

1. Real NIC 설정 (p1p1)
   [root@server ~]# vi /etc/sysconfig/network-scripts/ifcfg-p1p1
   TYPE=Ethernet
   BOOTPROTO=dhcp
   DEFROUTE=yes
   PEERDNS=yes
   PEERROUTES=yes
   IPV4_FAILURE_FATAL=no
   IPV6INIT=yes
   IPV6_AUTOCONF=yes
   IPV6_DEFROUTE=yes
   IPV6_PEERDNS=yes
   IPV6_PEERROUTES=yes
   IPV6_FAILURE_FATAL=no
   IPV6_ADDR_GEN_MODE=stable-privacy
   NAME=p1p1
   UUID=c3708df4-b5c1-4e8c-8b75-7ac4fcb43e24
   DEVICE=p1p1
   ONBOOT=no
   ZONE=public
   
   
2. Real NIC 설정 (p1p2)
   [root@server ~]# vi /etc/sysconfig/network-scripts/ifcfg-p1p2
   TYPE=Ethernet
   BOOTPROTO=dhcp
   DEFROUTE=yes
   PEERDNS=yes
   PEERROUTES=yes
   IPV4_FAILURE_FATAL=no
   IPV6INIT=yes
   IPV6_AUTOCONF=yes
   IPV6_DEFROUTE=yes
   IPV6_PEERDNS=yes
   IPV6_PEERROUTES=yes
   IPV6_FAILURE_FATAL=no
   IPV6_ADDR_GEN_MODE=stable-privacy
   NAME=p1p2
   UUID=1ebab68c-a711-4205-b0b9-2cec095219d3
   DEVICE=p1p2
   ONBOOT=no
   ZONE=public
   
   
3. Slave NIC 설정 (p1p1)
   [root@server ~]# vi /etc/sysconfig/network-scripts/ifcfg-bond0_slave_1
   HWADDR=38:EA:A7:33:8A:8C
   TYPE=Ethernet
   NAME="bond0 slave 1"
   UUID=5ec90b16-76f5-4537-b2c8-00c434ee42d1
   DEVICE=p1p1
   ONBOOT=yes
   MASTER=bond0
   SLAVE=yes
   MTU=9000
   
   
4. Slave NIC 설정 (p1p2)
   [root@server ~]# vi /etc/sysconfig/network-scripts/ifcfg-bond0_slave_2
   HWADDR=38:EA:A7:33:8A:8D
   TYPE=Ethernet
   NAME="bond0 slave 2"
   UUID=37372477-e717-4d75-bdfe-1fb2fb99d653
   DEVICE=p1p2
   ONBOOT=yes
   MASTER=bond0
   SLAVE=yes
   MTU=9000
   
   
5. Bonding NIC 설정 (bond0)
   [root@server ~]# vi /etc/sysconfig/network-scripts/ifcfg-Bond_connection_1
   DEVICE=bond0
   TYPE=Bond
   BONDING_MASTER=yes
   BOOTPROTO=none
   DEFROUTE=yes
   IPV4_FAILURE_FATAL=no
   IPV6INIT=yes
   IPV6_AUTOCONF=yes
   IPV6_DEFROUTE=yes
   IPV6_FAILURE_FATAL=no
   IPV6_ADDR_GEN_MODE=stable-privacy
   NAME="Bond connection 1"
   UUID=9403949a-81b3-4418-a446-6784f0a1e07a
   ONBOOT=yes
   BONDING_OPTS="miimon=1 updelay=0 downdelay=0 mode=active-backup"
   PEERDNS=yes
   PEERROUTES=yes
   IPV6_PEERDNS=yes
   IPV6_PEERROUTES=yes
   IPV6_PRIVACY=no
   IPADDR=10.255.255.11
   NETMASK=255.255.255.0
   GATEWAY=10.255.255.254
   DNS1=192.168.0.1
   DNS2=192.168.0.2
   MTU=9000
   ZONE=public