rhcsa 9 lab
resize the logical volume
Create 2 partitions with a size of 1GiB each and set the lvm partition type vgcreate vgfiles /dev/sde1 lvcreate -l 255 -n lvfiles /dev/vgfiles mkfs.ext4 /dev/vgfiles/lvfiles df -h vgs vgextend vgfiles /dev/sde2 lvextend -r -l +50%FREE /dev/vgfiles/lvfiles df -h
Container Mapping Ports
podman run -d --name mynginx -p 8080:80 nginx podman port -a sudo firewall-cmd --add-port=8080/tcp --permanent sudo firewall-cmd --reload
Manage Systemd Install and manage httpd service. Make sure it started automatically Edit its configuration such that on failure, it will resume after 1 minute
systemctl edit httpd.service restart=always restartSec=60s systemctl restart httpd.service systemctl enable httpd.service
Configure sudo Use useradd linda Create a sudo configuration that allows linda to perform common user management tasks: allow useradd, usermod, userdel, and passwd except root. Ensure that user only need to enter password for sudo every 60 min
useradd linda sudo visudo -f linda linda ALL=/usr/sbin/useradd, /usr/sbin/usermod, /usr/sbin/userdel , /usr/bin/passwd, ! /usr/bin/passwd root defaults timestamp type=global,timestamp_timeout=60
Manage Users and Groups Make sure new users require a password with a maximum validity of 90 days. Ensure that while create users, an empty with the name newfile is create in their home directory create users anna, audrey, linda, and lisa set the password for anna and audrey to 'password', disable the password for linda and lisa. create the group profs and students, make sure users anna and audrey are member of profs and linda and lisa member of students
vi /etc/login.defs PASS_MAX_DAY 90 touch /etc/skel/newfile useradd passwd passwd -l user will lock the password groupadd profs groupadd students groupmod -U anna,audrey profs lid -g students
Write shell script
vi script.sh #!/bin/bash if [ -z $1 ] then echo you need to specify a directory name exit 9 fi for i in $1/*.txxt do cp $i $i.bak mv $i.bak /tmp done
Modify Grub2 Persistent Parameters
vim /etc/default/grub on mbr system: grub2-mkconfig -o /boot/grub2/grub.cfg on UFI system: grub2-mkconf -o /boo/efi/EFI/redhad/grub.cfg do lsblk look at boot disk only as boot partition then you are on mbr. if you on ufi you can see a separate vfat partition
Managing SSH setup ssh on port 22 allow root to login GUI can be forward
vim /etc/ssh/sshd_config PermitRootLogin yes X11Forwarding yes systemctl restart sshd
Understand Wildcard Mounts
* -rw nfsserver:/home/ldap/& systemctl restart autofs
Understand Automount
/etc/auto.master identify the directory automount and file that has additional mount option /nfsdata /etc/auto.nfsdata in /etc/auto.nfsdata identify the subdirectory on which to mount and what to mount exactly files -rw nfsserver:/nfsdata Ensure that autofs service is started systemctl enable --now autofs chedc /etc/auto.misc for syntax examples
Managing Software Ensure system is using a reposity of base packages as well as appstream find the package that contains the seinfo program file and install it download the httpd package and query to see if there any script
cd /etc/yum.repos.d/ vi base.repo [BaseOS] name=BaseOS baseurl=file:////repo/BaseOS gpgcheck=0 vi appstream.repo [AppStream] name=AppStream baseurl=file:///repo/AppStream gpgcheck=0 dnf search all seinfo or dnf provides */seinfo dnf install -y setools-console rpm -qp --scripts httpd
Configure a Kickstart file Create a kickstart file with the name my-ks.cfg and make sure it can be used for automated installation: Installer prompts for a password enable network connectivity at boot set servername to server10.example.com
cd /root copy anaconda-ks.cfg my-ks.cfg vim my-ks.cfg network --bootproto=dhcp --device=ens160 --ipv6=auto --activate --hostname=server10.example.com remove rootpw dnf provides */ksvalidator dnf install -y pykickstart ksvalidator my-fs.cfg
Configure a Base NFS Server
dnf install nfs-utils mkdir -p /nfsdata /home/ldap/ldapuser{1..9} echo "/nfsdata *(rw,no_root_squash)" >> /ext/exports echo "/home/ldap *(rw,no_root_squash) >> /etc/exports systemctl enable --now nfs-server for i in nfs mountd rpc-bind; do firewall-cmd --add-service $i --permanent; done firewall-cmd --reload
Managing Stratis Volumes
dnf install stratis-cli stratisd systemctl enable --now stratisd stratis pool create mypool /dev/sdb stratis pool list stratis pool add-data mypool /dev/sdc stratis blockdev list stratis fs create mypool myfs stratis fs list mkdir /myfs lsblk --output=UUID /dev/stratis/mypool/myfs >> /etc/fstab edit /etc/fstab to include: UUID=d8ff.../myfs xfs defaults, x-systemd.requires=stratisd.service 0 0
Change a lost Root Password
enter the Grub menu by add init=/bin/bash mount -o remount,rw / passwd root touch /.autorelabel exec /usr/lib/systemd/systemd
Working with Text Files 1. Use head and tail to display the 5th line of the file /etc/passwd 2. Use sed to display the 5th line of the file /etc/passwd 3. Use awk in a pipe to filter the last column out on the ps aux 4. Use grep to show the names of all files in /etc/that have lines that contain the text 'root' as a word 5. Use grep to show all lines from all files in /etc that contain exactly 3 characters. 6. Use grep to find all files that contain the string "alex" but not "alexander".
head -5 /etc/passwd | tail -1 sed -n 5p /etc/passwd ps aux | awk '{ print $NF }' cd /etc ; grep 'root\b' * 2>/dev/null grep '^...$' * 2>/dev/null grep '\balex\b' *
Managing Partitions Create a primary partion with a size 1G. Format ext4 and mount /mount/files using uuid Create an extended partition with all remain disk and create a 500MG Xfs logical partition and mount on /mount/xfs using label myxfs Create a 500Mb swap partition and mount it persistently
lsblk fdisk /dev/nvme01n1 n p enter +1G n e enter enter n enter enter +500M n enter enter +500M t swap p w mkdir -p /mounts/files /mounts/xfs mkfs.ext4 /dev/nvme0n1p1 -- note the UUID mkfs.xfs -L myxfs /dev/nvme0n1p5 mkswap /dev/nvme0n1p6 blkid vim /etc/fstab UUID="whateveruuid" /mounts/files ext4 defaults 0 0 LABEL=myxfs /mounts/xfs xfs defaults 0 0 /dev/nvme0n1p6 none swap defaults 0 0 findmnt --verify mount -a reboot
Managing Stratis Create a stratis pool with a size of 10GB with name stratispool, containing 2 filesystems: myfiles and myprograms Mount these volumes persistently on /myfiles and /myprograms Copy all files from /etc/ with name start with a, c, or f to /myfiles Create a snapshop of myfiles delete all files from /myfiles with name start with a Verify that you can access those files from snapshot
lsblk stratis pool create pool20 /dev/sde stratis pool list stratis fs create pool20 myfiles stratis fs create pool20 myprograms stratis fs list stratis fs list | awk '/progra/ { print $NF }' >> /etc./fstab stratis fs list | awk '/files/ { print $NF }' >> /etc/fstab vi /etc/fstab UUID=dkdkdkdk /myfiles xfs x-systemd.requires=stratisd.service 0 0 UUID=dkledwwlw /myprograms xfs x-systemd.requires=stratisd.service 0 0 mkdir /myfiles /myprograms mount -a cp /etc/[acf]* /myfiles stratis filesystem snapshot pool20 myfiles myfiles-snap mkdir /myfiles-snap rm /myfiles/a* -f mount /dev/stratis/pool20/myfiles-snap /myfiles-snap
Mount NFS Share
make sure nfs-utils installed showmount -e nfsserver mount nfsserver:/share /mnt
Manage Permissions Create a shared group /data/profs and /data/students members of the group have full read/write to their directory modify default permission so normal users have umask that allows user and group to write, create and execute files and directories while deny others
mkdir -p /data/profs mkdir -p /data/students chgrp profs profs chgrp students students chmod 770 students chmod 770 profs vi /etc/bashrc umask 007
Configure logging Make sure the systemd journal is logged persistently Create an entry in rsyslog that writes all messages with severity of error or higher to /var/log/error Ensure that /var/log/error is rotated on monthly basis, and the last 12 logs are kept.
mkdir -p /var/log/journal vim /etc/systemd/journald.conf #Storage=auto vim /etc/rsyslog.conf *.err /var/log/error systemctl restart rsyslog.service logger -p err hello cat /var/log/error cd /etc/logrotate.d cp chrony error vim error /var/log/error.log { monthly create rotate 12 dateext }
Manage Processes open a shell as linda run 2 background processes sleep 600; one with highest priority and one with lowest priority use the most efficient way to terminate all current sessions for linda
nice -n 10 sleep 600 & sleep 600 & pkill -u linda
Manage Network Configuration set hostname on server to rhcsaserver.example.com set server to a fixed ip address that match the current network configuration set 2nd ip address of 10.0.0.10/24 on the same network interface enable host name resolution for your local server hostname
nmtui set system hostname add connection new profile device ens160 or whatever the device ipv4 configuration addresses add 2nd ip address here gateway dns server
Understand Non-root User Mappings
podman inspect imagename podman unshare chown nn:nn directoryname podman unshare cat /proc/self/uid_map to verify mapping
Bind Mount Rootless containers
podman run -d --name mydb -e MYSQL_ROOT_PASSWORD=password quay.io/centos7/mariadb-103-centos7 podman exec mydb grep mysql /etc/passwd mkdir ~/mydb podman unshare chown 27:27 mydb podman unshare cat /proc/self/uid_map ls -ld mydb podman stop mydb podman rm mydb podman run -d --name mydb -e MYSQL_ROOT_PASSWORD=password -v /home/student1/mydb:/var/lib/mysql:Z quay.io/centos7/mariadb-103-centos7 podman ps ls -Z /home/student
Running Scheduled Jobs Ensure that systemd time that leans up tmp files is enabled Run a cron job that issue the command touch /tmp/cronfile 5 min from now Use at to schedule a job to poweroff your system at a convenient time later
systemctl list-unit-files -t timer systemctl cat systemd-tmpfiles-clean.timer crontab -e 13 15 * * * touch /tmp/cronfile at 5pm poweroff EOT
Allow Incoming HTTP traffic
systemctl status firewalld firewall-cmd --list-all firewall-cmd --get-services firewall-cmd --add-service http --permanent firewall-cmd --reload
Managing Files Use tar to create a compressed archive of all files in the /etc and /opt directorries. Write this archive to your home directory. Create a symbolic link to the archive you've just created in the /tmp directory Remove the archive from your home directory. What happens to the symbolic link
tar czvf etcandopt.tgz /etc /opt ln -s etcandopt.tgz /tmp/etcandopt.link rm etcandopt.tgz
Monitor Activity Use appropriate tools to check process and memory
top check load average check Mem
Using Bash Shell Set a variable color to the value red and ensure that this setting is available every time your current user account logs in. Also create an alias that runs the command ls -ltr while executing the dir command. Ensure that the Bash history file can grow to maximum size of 2500 entries.
vi .bash_profile export color=red alias dir='ls -ltr' export HIST_FILE_SIZE=2500 source .bash_profile dir echo $HIST_FILE_SIZE echo $color
Managing SELinux Configure httpd to bind on port 82 mv /etc/hosts /var/www/html and ensure file get SELinx context
vi /etc/httpd/conf/httpd.conf Listen 82 mv /etc/hosts /var/www/html semanage port -a -t http_port_t -p tcp 82 semanage fcontext -a -t httpd_syscontent_t "/web(/.*)?" restorecon -Rv /var/www/html systemctl restart httpd
Removing a VG from a PV
Create 2 partitions with size of 2GB each type lvm vgcreate vgdemo /dev/sdf1 lvcreate -L 1G -n lvdemo /dev/vgdemo vgextend vgdemo /dev/sdf2 pvs lvedtend -L +500M /dev/vgdemo/lvdemo /dev/sdf2 pvs mkfs.ext4 /dev/vgdemo/lvdemo mount /dev/vgdemo/lvdemo /mnt df -h | grep mnt dd if=/dev/zero of=/mnt/bigfile bs=1M count=1100 pvmove -v /dev/sdf2 /dev/sdf1 vgreduce vgdemo /dev/sdf2 pvs
starting containers as Systemd Services
loginctl enable-linger linda loginctl show-user linda login as the user mkdir ~/.config/systemd/user cd ~/.config/systemd/user podman run -d --name mynginx -p 8081:80 nginx podman generate systemd --name mynginx --files --new edit the file and check WantedBy=default.target systemctl --user daemon-reload systemctl --user enable container-mynginx.service systemctl --user start container-mynginx.service systemctl --user only work when login on the console or ssh not sudo or su reboot ps -faux | less /linda man pod-man-generate-systemd to view examples