RHCSA Part 2 Sander Van Vugt

Click
to edit Master title style
Red Hat Certified System

Administrator (RHCSA)
Crash Course, Part 2
Managing LVM Logical Volumes
Understanding LVM
Click to edit Master title style
•  LVM was introduced to make managing storage flexible
•  Multiple-device volumes
•  Easy to resize
•  Physical volumes are the storage devices
•  The volume group joins all available storage devices
•  Logical volumes are created from the volume group
•  There is no direct relation between storage devices and logical
volumes
Creating LVM Logical Volumes
•  Create partitions with type 8e
•  Use pvcreate to mark devices as PV
•  pvcreate /dev/sdb1
•  pvdisplay / pvs show configuration
•  vgcreate create the volume group
•  vgcreate vgdata /dev/sdb1
•  vgdisplay / vgs show configuration
•  lvcreate creates the logical volume
•  lvcreate -L 1G -n lvdata vgdata
•  lvdisplay / lvs will verify
•  Use mkfs to put a file system on top
Understanding LVM Volume Names
•  LVM volume names are managed through Device
Mapper
•  Device mapper names /dev/dm-0 etc. are not intuitive
and should NOT be used for persistent mounts
•  Symbolic links are used to refer to the device mapper
names
•  /dev/vgname/lvname
•  /dev/mapper/vgname-lvname
Configuring Swap Devices
•  Linux uses swap in a smart way
•  Swap is created on devices or as files
•  Use mkswap to create a swap device
•  When using a partition, set partition type to 82
Extending an LVM Logical Volume
•  lvextend -r -l +50%FREE /dev/vgdata/lvdata
•  Always use the -r option to resize the file system as
well
•  Notice that XFS can be extended, not reduced

Managing KVM Virtual Machines
Understanding KVM Architecture
•  KVM needs hardware virtualization support
•  Look for vmx/vms flag in /proc/cpuinfo
•  libvirtd is used as a management interface
•  Tools like virt-manager and virsh interface with libvirtd
Managing KVM Virtual Machines
•  libvirtd service should be running
•  systemctl status libvirtd
•  virt-manager is used to create and manage VMs
•  virsh offers a command line interface for VM
management

Configuring External Authentication
Understanding External Authentication Options
•  By default, user accounts are in /etc/passwd and /etc/
shadow
•  In large environments, this is not efficient
•  LDAP/Kerberos is a generic solution to centralize
authentication
•  Active Directory can be used as an alternative
Configuring sssd
•  sssd is the service that tells a system how to
authenticate
•  It comes automatically with a graphical installation
•  In non-graphical installations, use yum groups install
"Directory Client" to meet dependency requirements
•  Use authconfig-tui or authconfig to write configuration
information

Configuring Remote Mounts
Understanding Remote File Systems
•  NFS is an old standard solution to mount remote UNIX
and Linux file systems
•  Samba / CIFS is based on Microsoft standards to offer
Windows-like shares or access windows-like shares
Mounting NFS Shares
•  Use showmount -e remotehost to verify the
availability of remote NFS shares
•  Use mount server:/share /mnt to mount the NFS share
•  NFS shares can be mounted through fstab also
•  Make sure to use the _netdev mount option
Mounting Samba Shares
•  Install the cifs-utils and samba-client packages
•  Use smbclient -L remotehost to show available Samba
shares
•  Use mount -o username=user,password=password //
server/share /mnt to mount run-time
•  In fstab, use the _netdev,username and password
options

Configuring Autofs
Understanding Autofs
•  Autofs mounts a file system only when its mount point
is accessed
•  This is very useful for NFS mounted remote home
directories
•  /etc/auto.master is used to specify the parent directory
of the mount point and the file that contains additional
mount instructions
•  In this additional file, you'll specify the subdirectory
where to mount, mount options as well as the remote
file system
Day 1 Final Lab
•  Add a 500 MiB partition, format it with the XFS file
system and mount it persistently on the /new directory
•  Create a 200 MiB logical volume and configure it to be
used as swap
•  Make sure that both will automatically remount after a
reboot

Managing the Boot Procedure
Understanding the Boot Procedure
•  Different phases are processed while booting
•  GRUB
•  loading of kernel and initramfs
•  systemd
Entering Boot Parameters
•  On the GRUB prompt, type e to open the interactive
menu
•  Look for the line that starts linux16, and add any option
you would like to use
•  systemd.unit=rescue.target opens a resuce shell
•  remove rhgb quiet to see what's happening while
booting
Modifying GRUB
•  Make modifications to /etc/default/grub
•  Write modifications to /boot/grub2/grub.cfg and apply
them using grub2-mkconfig -o /boot/grub2/grub.cfg
to make them persistent
Understanding Systemd
•  Systemd is more than a service manager, it manages
many aspects of the OS
•  Managed items include
•  services
•  mounts
•  timers
•  and much more
•  For startup, targets are used to group required items
Understanding Systemd
•  Systemd is more than a service manager, it manages
many aspects of the OS
•  Managed items are configured as units
•  Managed items include
•  services
•  mounts
•  timers
•  and much more
•  For startup, targets are used to group required items
Managing Systemd Services
•  systemctl status unit
•  systemctl start unit
•  systemctl enable unit
•  systemctl disable unit
•  systemctl stop unit
•  Tip! Use tab completion to explore the many options of
the systemctl command
Managing Systemd Targets
•  A systemd target is a group of unit files
•  Some targets are just a group
Some targets define the state a system should be
started in
•  graphical.target
•  multi-user.target
•  rescue.target
•  emergency.target
Monitoring the Systemd Journal
•  Syslog has been the logging solution on Linux for ages
•  It basically rules facilities and priorities to send messages
to specific destinations
•  RHEL 7 offers rsyslogd which is syslog compatible
•  Systemd comes with systemd-journald
•  As this integrates with systemd, it allows catching all
messages that are generated through systemd units
•  Use systemctl status unitname for information that is
logged for a specific service
•  Or use journalctl for generic log

Troubleshooting Linux
Troubleshooting a Lost Root Password
•  Interrupt the GRUB boot sequence, add rd.break to the end of the
line that loads the kernel
•  mount -o remount,rw /mnt/sysroot
•  chroot /mnt/sysroot
•  passwd
•  touch /.autorelabel
•  reboot
Troubleshooting File System Issues
•  "Enter root password for maintenance mode" is the most common
issue
•  It's nearly always due to an error in /etc/fstab
•  Avoid it, using mount -a after making changes to /etc/fstab
•  To troubleshoot, make sure you're in a read/write file system
•  Edit /etc/fstab to remove the problematic line(s)

Managing SELinux
Understanding SELinux
•  SELinux is used to make sure that only actions that have been
specifically allowed get through, everything else will be denied
•  To do this, SELinux uses context labels on different objects
•  files and directories
•  ports
•  processes
•  users
•  These context types are used in the SELinux policy to enforce
security

Managing SELinux Modes
•  SELinux is either disabled or enabled
•  To switch between these states a reboot is required
•  When enabled, SELinux can be in permissive mode or
in enforcing mode
•  Set default mode in /etc/sysconfig/selinux
•  Use getenforce to get current mode
•  Use setenforce to toggle between enforcing and
permissive in runtime
Understanding SELinux Context Labels
•  Context labels consist of three parts
•  user
•  role
•  type
•  Only type is relevant for RHCSA
•  Monitor context types using the -Z option with many commands
•  Change context type using semanage
•  For RHCSA, focus on semanage fcontext to change file context
Managing SELinux File Context Labels
•  First, you'll need to find the context label that is required
•  Follow guidelines generated by sealert in syslog
•  Use man -k _selinux to find the appropriate man page
•  Look at default context
•  Set the context using semanage fcontext
•  Tip: man semanage-fcontext has a useful examples section
•  Use restorecon to apply the context from the SELinux policy to the
file system
Understanding Booleans
•  A boolean is an on/off-switch to enable or disable
specific functionality
•  Use getsebool -a for an overview of available booleans
•  Use setsebool [-P] to change booleans
Applying Default Context
•  Managing default context is an important skill for
RHCSA
•  Use touch .autorelabel to apply default context to all
files and directories
•  Use restorecon [-r] to apply default context to files and
directories
Troubleshooting SELinux
•  Make sure that sealert is available on your system
•  It writes messages to /var/log/messages if an SELinux
alert arises
•  These message provide good first steps that can be
applied to troubleshoot SELinux issues
•  Use the suggestions with caution, they are not always
that good

Managing Firewalling
Understanding Firewalld
•  The Linux kernel implements firewalling through
netfilter
•  firewalld addresses this firewall, using the firewall-cmd
command to manage its rules
•  In firewalld, services, ports and other items are applied
to zones to allow traffic coming in
Managing Firewalld Services and Ports
•  firewall-cmd is the command to manage the firewall
•  Notice that there is a difference between the runtime
configuration and permanent configuration
•  As a result, you'll need to run commands twice. Once
with and once without the --permanent option
Creating Firewalld Services
•  Firewalld services are defined in XML files
•  See /usr/lib/firewalld/services for examples
•  You can easily create your own, by creating XML files in /
etc/firewalld/services

Where to go from here
RHCSA with virtual machines

Q&A

RHCSA Part 2 Sander Van Vugt

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

RHCSA Part 2 Sander Van Vugt

Transféré par

Droits d'auteur :

Formats disponibles

Click

to edit Master title style

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Red Hat Certified System

Vous aimerez peut-être aussi