rhel advanced training

8/12/2019 RHEL Advanced Training

1/65

Prepared By Vinodh Kombissan Date Feb 1, 2010 Page 1

Redhat Enterprise Linux 5Advanced Sys Admin

Vinodh Kombissan (RHCE)

Lead Consultant Sys Mgmt

February 01, 2010

redhat


2/65


Schedule

Day 1

Welcome

Pre-Quiz

Linux Basics - Summary

Package Management (RPM/YUM)

LAB - Activity

Day 2

Boot Sequence

GRUB Kernel/Initrd

Advanced File Permission

Disk Quota / ACL

LAB - Activity

Day 3

RAID

LVM

DHCP Master/Client

LAB - Activity

Day 4

NFS Master/Client

NIS Master/Client

HTTP Server

Mail Server (POP3/IMAPS)

Squid Proxy

LAB - ActivityDay 5

Kickstart Server

LABActivity

Post Quiz


3/65


Introduction

Name Short ID

Role

Responsibility

Experience

Area of interest

Any previous experience in any UNIX flavors Current rating on Linux knowledge (1-10)

Expectations from the program?


4/65


Ground Rules

In order to ensure the productivity of our training, we will need to be.

Pagers and mobile phones off

Full participation

Be Interactive but only one speaker at a time

Respect the views of others

Silence indicates agreement

Punctual

Keep to the break times agreed


5/65


Pre Quiz

Write your Name and Employee ID without fail.

20 questions, multiple choices in 30 minutes

Use the pre-quiz columns for writing your answers

Do not discuss

A question can have more than one correct answer, but choose the

best one.

Please encircle your guessed answers to find how good you are at

guessing

Chocolates will be distributed for:

1. Pre-quiz highest scorer

2. Post-quiz highest scorer

3. One with maximum difference


6/65


Course Objective

Minimize time and resources spent managing systems.

Maximize productivity, reliability, and performance.

Provide remote system management solutions. Trainees ready for RHCE certification

Pre-requisite: RHEL Basics training or equivalent (RH-033) or (RH-133)

VI editor knowledge
http://www.redhat.com/


7/65Prepared By Vinodh Kombissan Date Feb 1, 2010 Page 7

Role of Administrator

Pre-installation planning of:

User accounts/groupsStorage allocation/paging space

Subsystem (printing, networks...)

Standard naming conventions

Determine system policies

Install and configure hardware

Configure the software

Configure the network

System backup

Create/manage user accounts

Define and manage subsystems

Manage system resources (for example, disk space) Performance monitoring

Capacity planning

Managing licenses for products

Document system configuration and keep it current



Package Management (RPM)

The RPM Package Manager (RPM) is an open packaging system, which

runs on Red Hat Enterprise Linux as well as other Linux and UNIX systems.

RPM has five basic modes of operation installing,

uninstalling,

upgrading, querying

Verifying

RPM database is maintained in /var/lib/rpm

RPM Packages are available at The Red Hat Enterprise Linux CD-ROMs

Red Hat Network

RPM package naming conventionpackagename-version-release.arch.rpm

xinetd-2.3.14-10.el5.rpm



Single letter Fullword

-q --query

-i --install

-V --verify

-U --upgrade

-e --erase

-v --verbose

-h --hash

-l --list

-f --find

-K --checksig--import

--force

--replacepkgs

-R --requires

Description

Query rpm database for installed rpm

install a rpm package

Verify Installed rpm packages consistency

Upgrade a rpm version

remove a rpm package

verbose output

Shows progress % in hashes

lists files created by package

find the package name of missing file

Verify package genuinityImport rpm checksum keys

force re-install

force re-install

Shows dependency

RPM command options



RPM - Verification

Installed package file verification# rpmV package

# rpmVp rpmfile

# rpm

Va

Signature verification BEFORE package

install# rpmimport /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

# rpmK package.rpm



YUM Yellowdog Updater Modified

repofile

(Path to repo directory)

repo directory

(RPM package repository )

2 1

repo file is to be created in local machine under/etc/yum.repos.d with

.repo extension

repo directory could be on local machine or on a remote server

Sample repo file

# cat /etc/yum.repos.d/myrepo.repo

[myrepo]name=Server1 repository

baseurl=ftp://server1/pub/server

enabled=1

gpgcheck=0



YUM command options

# yum clean all clean yum cache# yum list list package information from repo

# yum install install package with dependency

# yum provides list files created by package

# yum whatprovides find the package name of given file

# yum remove uninstall package# yum update updates an installed package

Creating a yum repo directoryCreate a repo directory # mkdir /myrepo

Copy the rpm packages # cp *.rpm /myrepo

Install createrepo package # rpm ivh createrepo*.rpm

Run createrepo command # createrepov /myrepo

Create a repo file # vi /etc/yum.repos.d/myrepo.repo

Clean yum cache # yum clean all

Create new yum cache # yum list


13/65



BIOS

POST

Select boot device

Master Boot Record (512 bytes)

GRUB (446 bytes) Partition Table (66 bytes)

kernel initrd

Detect hardware and install driver modules

Mount root filesystem as Read-Only

Start init process (PID 1) read /etc/inittab

Gotoinitdefault runlevelRun rc.sysinit script

Run rc?.d/* script

Run rc.local script

Start Virtual consoles

Start X11

Create device files (udev)

Enable SELinux

Enable SWAP and set hostname, IP address

Mount root as Read-Write read /etc/fstab

Start RAID or LVM & mount other filesystem

Enable quota

Set Kernel parameters (/etc/sysctl.conf)

Boot Sequence
http://upload.wikimedia.org/wikipedia/commons/d/d0/Compact_disc.svg



Boot Loader Components Boot Loader

1st Stage - small, resides in MBR or boot sector2nd Stage - loaded from boot partition

Minimum specifications for Linux:

Label, kernel location, OS root filesystem and location of theinitial ramdisk (initrd)

GRUB the GRand Unified Bootloader Command-line interface available at boot prompt

Boot from ext2/ext3, ReiserFS, JFS, FAT, minix, or FFS file systems

Configurtion file is/boot/grub/grub.conf

Changes to grub.conf take effect immediately

If MBR on /dev/hda is corrupted, reinstall the first stage bootloaderwith:

# /sbin/grub-install


16/65


Boot Loader (GRUB)Sample/etc/grub/grub.conf

# Note that you do not have to rerun grub after making changes to this file

# NOTICE: You have a /boot partition. This means that

# all kernel and initrd paths are relative to /boot/, eg.

# root (hd0,0)

# kernel /vmlinuz-version ro root=/dev/hda2

# initrd /initrd-version.img

#boot=/dev/hda

default=1

timeout=10

splashimage=(hd0,0)/grub/splash.xpm.gz

title Red Hat Enterprise Linux (2.6.9-5.EL)

root (hd0,0)

kernel /vmlinuz-2.6.9-5.EL ro root=LABEL=/

initrd /initrd-2.6.9-5.EL.img

title Red Hat Enterprise Linux (2.6.9-1.906_EL)

root (hd0,0)

kernel /vmlinuz-2.6.9-1.906_EL ro root=LABEL=/

initrd /initrd-2.6.9-1.906_EL.img


17/65


Initial RAM Disk Image

The initial RAM disk allows a modular kernel to have access to

modules that it might need to boot from before the kernel has

access to the device where the modules normally reside.

The initial RAM disk image is placed under /boot filesystem as

initrd-.img

To Create a new initrd image with an updated SCSI driver# cp p /boot/initrd-.img /boot/initrd-.img.old

# mkinitrd --with=

Eg:# mkinitrd initrd_new.img $(uname r) with=SCSI


18/65


RHEL Kernel Manage major activity in linux environment

Detects hardware

Loads respective modules

Process scheduling

Memory management

Security and permission management Modify system performance by changing kernel parameters

(/etc/sysctl.conf)

To know the kernel Version

# unamer

To list all kernel modules

# lsmod

To add or remove hernel modules

# modprobe


19/65


RHEL Kernel

Red Hat Enterprise Linux contains the following kernel packages

kernel Contains the kernel for multi-processor systems. For x86 system,

only the first 4GB of RAM is used. As such, x86 systems with over 4GB of

RAM should use the kernel-PAE.

kernel-PAE (only for i686 systems) This package offers the following keyconfiguration options Support for over 4GB of RAM (up to 16GB for the x86)

PAE (Physical Address Extension) or 3-level paging on x86 processors that support PAE

4GB/4GB split: 4GB of virtual address space for the kernel and almost 4GB for each user

process on x86 systems

kernel-xen Includes a version of the Linux kernel which is needed to runVirtualization.


20/65


Boot Process Kernel boot time functions

Device detection

Device driver initializationMounts root file system read only

Loads initial process (init)

init reads its configuration file /etc/inittab and start other processes as configured.

Run Levelsinit defines run levels 0-6, S, emergencyThe run level is selected by either

the default in /etc/inittab at boot passing an argument from the boot loader using the command init

To check current and previous run levels

runlevelDefault run level is specifies in/etc/inittabid:3:initdefault

Run level defines which services to startEach run level has a corresponding directory:

/etc/rc.d/rcX.dThe System V init scripts reside in:

/etc/rc.d/init.d


21/65


22/65


System Startup and Shutdown

inittab

The inittab file describes which processes are started at bootup and during normal

operation. An entry in the inittab file has the following format:

id:runlevels:action:process


23/65


24/65


Who Has Access to a File/Directory?

The UNIX system incorporates a three-tier structure to define who has access

to each file and directory:

user The owner of the filegroup A group that may have access to the file

other Everyone else

The ls -l command displays the owner and group who has access to the file.

$ ls -l-rw-r--r-- 1 user3 class 37 Jul 24 11:06 f1-rwxr-xr-x 1 user3 class 37 Jul 24 11:08 f2drwxr-xr-x 2 user3 class 1024 Jul 24 12:03 memo

| |

owner group


25/65


File permissions

Types of usersOwner, Group, Others

Types of file permissions

(-) no permission

(r) read permission - ( 4 ) (w) write permission - (2)

(x) execute permission - (1)

First character shows file types

(-) ordinary file

(d) directory ( l) symbolic/soft link

( c ) character device file

( b ) block device file

( p ) named pipe


26/65


27/65


Security & User Administration

Security Concepts

User Accounts

Each user has a unique name, numeric ID and password

File ownership is determined by a numeric ID

The owner is usually the user who created the file, but ownership can be transferred

by root

Default users:

root Super user adm,sys,bin, IDs that own system files but cannot be used for login

Groups

A group is a set of users, all of whom need access to a given set of files

Every user is a member of atleast one group and can be a member of several groupsThe user has access to files in their groupset. To list the groupset use groups

The users primary group is used for file ownership on creation. To change the

primary group use the newgrp

Default groups:

System administrators

Staff ordinary users


28/65


Security & User Administration

Reading Permissions

Changing Permissions


29/65


ACLAccess Control List

To set ACL permissions the filesystem has to be mounted with ACL settings

# mount o remount,acl

To get ACL information of file

# getfacl # file: filename

# owner: john

# group: john

user::rw-

group::r

other::r

To Set ACL permission for a file for user student

# setfacl m u:student:rw

To remove ACL permission

# setfacl x u:student


30/65


Disk Quota

Restrictions

By size in bytes

By number of files

Disk quota is used to limit the users from

over using the given space and burden the

filesystem


31/65


Disk Quota

Step 1: To Set quota the filesystem should be mounted with usrquota option

# mount o remount,usrquota

Step 2: Create quota database

# quotacheck c

Step 3: enable quota

# quotaon

Step 4: Setquota for users

# setquota u 600 900 0 0

Step 5: Check quota using quota or repquota command

# repquota a (or)

# quota


32/65


RAID Redundant Array of Independent Disks

Different RAID Levels

RAID 0

RAID 1

RAID 3

RAID 5

RAID 10

RAID 01

RAID 0


33/65


RAID 0

A RAID 0 (also known as a stripe set or striped

volume) splits data evenly across two or more

disks (striped) with no parity information forredundancy.

+ More data storage space

+ Good write performance

- Low read performance- No redundancy

RAID 1
http://upload.wikimedia.org/wikipedia/commons/9/9b/RAID_0.svg


34/65


RAID 1

A RAID 1 creates an exact copy (or mirror) of a

set of data on two or more disks. This is useful

when read performance or reliability are moreimportant than data storage capacity.

- Less data storage space

- Low write performance

+ High read performance+ High redundancy

RAID 3
http://upload.wikimedia.org/wikipedia/commons/b/b7/RAID_1.svg


35/65


RAID 3

A RAID 3 uses byte-level striping with adedicated parity disk.

+ ~ increased data storage space

+ ~ increased write performance

+ ~ increased read performance

+ ~ increased redundancy

- One disk is heavily loaded with

Parity

RAID 5


36/65


RAID 5

A RAID 5 uses byte-level striping with arotating parity .

+ ~ increased data storage space

+ ~ increased write performance

+ ~ increased read performance

+ ~ increased redundancy+ All disks is loaded with Parity
http://upload.wikimedia.org/wikipedia/commons/6/64/RAID_5.svg


37/65


RAID commands

Create Partitions using fdisk utility

Change the partition type to fdAutomated RAID Array

Create RAID devices

# mdadmC /dev/md0 -level 1 n 2 /dev/had{5,6}

Check RAID detail

# mdadm --detail /dev/md0

To verify by failing a drive

# mdadmfail /dev/hda6

To remove a RAID device

# mdadmremove /dev/hda6


38/65


LVM useful facts: A disk must be first initialized into a physical volume

One or more Physical Volume pools to form a Volume group

One PV can be part of One VG only

A volume group may contain one to 255 physical volumes

Disk space from the Volume group is allocated into logical volumes, A volume group

can contain 255 logical volumes.

A logical volume can exists on one disk or can reside on portions of many disks.

The disk space within a logical volume can be used for swap, dump, raw data, or can

create a filesystem on it.

LVM divides physical disk into addressable units called physical extents. Default PE

size is 4 MB, can be varied from 1MB to 256MB

The basic allocation unit for logical volume is called logical extents, the size of logical

extent will be the same as physical extent size.


39/65


LVM Disk Partitioning

logical volume 1

logicalvolume 3

logical volume 2

logical volume 2

logicalvolume 1

logical

volume 3

Physical

Volume 2PhysicalVolume 1

Physical

Volume 3Volume

Group 01

Volume

Group 00


40/65


LVM Device Files

/dev

hda

hdb

vg01

lvol1

lvol2

block

pv

device

files

block lv

device files


41/65


LVM Extents

LEs for lvol1

LE0

LE1

LE2

LE3

LEs for lvol2

LE0

LE1

LE2

LE3

PEs for c0tld0

PE0

PE1

PE2

PE3

PE4

PE5

PE6

PE7

PE8

PE9


42/65


LVM Data structure:

LVM Data Structure contains:

PVRA (Physical Volume Reserve Area)

Created by pvcreate command and contains physical volume information

VGRA (Volume Group Reserve Area)

Created by the vgcreate command and contains the volume group status area (VGSA) and

volume group descriptor area (VGDA), which contains device driver information used for the vg.

BBRA (Bad Block Relocation Area )

An area at the end of the disk used by LVM whenever a physical defect is seen on the phys

volume. This area is created by the pvcreate command


43/65


Creating Physical Volumes

PVRA/VGRA

BBRA

PVRA/VGRA

BBRA

/dev/hda /dev/hdb

pvcreate /dev/hdapvcreate /dev/hdb

A disk managed by LVM is known as a physical volume. Several special datastructures must be created on a disk before it can be used by LVM. Once

these data structures have been created, the disk is considered to be a

physical volume, and may be added to a volume group.


44/65


Creating Volume Groups

PVRA/VGRA PVRA/VGRA

/dev/hda /dev/hdb

Create: # vgcreate vg01 /dev/hda /dev/hdb

vg01

A volume group is a group of one or more physical volumes. The physicalvolumes in a volume group form a pool of disk space which may be allocated

to one or more logical volumes

C ti L i l V l


45/65


Creating Logical Volumes

c0t3d0

/dev/hdc

vg01

myswap

myfs1

myfs2

Create: lvcreate -L 16 -n myswap vg01lvcreate -L 16 -n myfs1 vg01lvcreate -L 16 -n myfs2 vg01

Disk space from a volume group may be allocated to one or more logical

volumes. A logical volume is analogous to a partition, and may contain a file

system, swap area, or raw partition

Logical Volume Manager


46/65



Why have a Filesystem?



47/65



Objectives

Monitor filesystem growth and control growing files

Manage filesystem disk space usageImplement basic filesystem integrity checks

Space Management

Filesystems expand upon notice, NOT automatically

To keep from running into problems:

Monitor filesystem growth

Determine causes

Control growing files

Manage filesystem space usage

Control user disk usage

Defragment filesystem

NFS M t


48/65


NFS MasterStep 1: Edit /etc/exports file

# vi /etc/exports/export_dir *(rw,sync)

Step 2: Start portmap and nfs service# service portmap start

# service nfs start

# chkconfig portmap on# chkconfig nfs on

Step 3: Run exportfs command# exportfs -va

Step 4: Verify exports using showmount command

# showmount -eStep 5: Mount the filesystem remotely

Client # mount Server_IP://export_dir /export_mnt

Step 6: verify remote mounts using showmount command# showmount -a


49/65


Advanced User Management

In this section we deal with users on network

NIS User

LDAP User

User Management

Password restrictions Authentication

Setting Disk quota

Advanced file permissions

Roaming user profile using NFS


50/65


NIS User Administration

Create NIS Master Step 1: Install ypbind, ypserv and yp-tools package

Step 2: Edit /etc/yp.conf and add the following entrydomain example.com server 192.168.0.254

ypserver 127.0.0.1

Step 3: Add the following entry to /etc/sysconfig/networkNISDOMAIN=example.com

Step 4: Set NIS domain name also update /etc/hosts with FQDN# domainname example.com

# ypdomainname example.com

Step 5: Start portmap, ypbind, ypserv and ypxfrd services and make

sure to enable it using chkconfig Step 6: Check if ports are listening

# rpcinfo -u localhost ypserv

Step 7: Initialize the maps# /usr/lib/yp/ypinit -m


51/65


NIS User Administration

On Clinet: system-config-authentication


52/65


DHCP

DHCP Dynamic Host Configuration Protocol

- Used to provide dynamic IP address to clients

Step 1 : Install dhcp RPM# rpm ivh dhcp*.rpm

Step 2 : copy-paste the default config file to /etc/dhcpd.conf# cp /usr/share/doc/dhcp-/dhcpd.conf.sample /etc/dhcpd.conf

Step 3 : Edit the dhcp configuration accordingly

Step 4 : Start dhcp server service and turn it on# service dhcpd start

# chkconfig dhcpd on


53/65


54/65


Mail Services

Understand electronic mail operation

Use the alternatives system to select a mail server

Perform basic configuration of a mail server

Configure postfix

Configure Dovecot for encrypted and unencrypted protocols Debug email services


55/65


Dovecot Configuration

Dovecot is an open source IMAP and POP3 server for

Linux/UNIX-like systems, written with security primarily in

mind.

Step 1 : Install dovecot RPM# rpm ivh dovecot-*.rpm

Step 2 : Find and remove dovecot.pem default permission file# find /etc name dovecot.pem exec rm {} \;

Step 3 : Create a new dovecot.pem file# make c /etc/pki/tls/certs dovecot.pem

Step 4 : Add the entries to /etc/dovecot.conf file with the updated

dovecot.pem file and enable required imap/pop protocol

Edit protocol and ssl_certs line in /etc/dovecot.conf file
http://www.dovecot.org/doc/COPYINGhttp://www.dovecot.org/doc/COPYING


56/65


Configure Postfix

Step 1: Install postfix RPM# rpm ivh postfix-*.rpm

Step 2: Stop sendmail service and turn it off# service sendmail stop

# chkconfig sendmail off

Step 3: Change the default MTA from sendmail to postfix# alternatives - - config mta

Step 4: Edit /etc/postfix/main.cf file and modify the inet_interfaces entryinet_interfaces

Step 5: add apropriate entries in /etc/aliases for aliasing.

sysadmin: trainer,student1,student3

Step 6: Start postfix service and turn it on# service postfix start

# chkconfig postfix on


57/65

IMAPS


58/65


IMAPS

Depending on the security setup it is recommended to add specific

IPTABLE rules to restrict access to domains

Eg: # iptables A INPUT s ! 192.168.0.0/24 p tcp dport 993 j REJECT

Will deny access to any network other than 192.168.0.0/24 network

Send a mail to the group called sysadmin and check if users receive mail intheir mailbox

# echo testmail | mail s Subject: testmail [email protected]

Verify mail# mail imaps://[email protected]

Default IMAPS port is 993
mailto:[email protected]


59/65


SQUID

Step 1: Install Squid rpm# rpm ivh squid*.rpm

Step 2: Edit the squid configuration file# vi /etc/squid/squid.conf

Change the following:

http_port from default 3128 to 8080Change Recommendedand INSERT lines in the file

Step 3: Start postfix service and turn it on# service squid start

# chkconfig squid on

Step 4: change the proxy setting in firefox

Kickstart Server


60/65


Kickstart Server

Kickstart server is used to build RedHat clients in network

It is an un-attended installation and holds the installation files

Supports installation via local CDROM/HDD/NFS/HTTP/FTP

Kickstart Config file

Command Section

Package Section

Pre and Post scripts section

Kickstart can be configured using ksconfig

system-config-kickstart provides a simple method of creating a

kickstart file that can be used to automate the installation process on

Red Hat Linux.

System-config-kickstart


61/65


System-config-kickstart


62/65


Install client

Boot the system using boot media and at

the boot prompt

boot: linux ks=nfs:server:/kickstart/ks.cfg

boot: linux ks=http:///

boot: linux ks=ftp:///

Post Quiz


63/65


Post Quiz

Write your Name and Employee ID without fail.

20 questions, multiple choices in 30 minutes

Use the post-quiz columns for writing your answers Do not discuss

A question can have more than one correct answer, but choose the

best one.

Please encircle your guessed answers to find how good you are at

guessing

Chocolates will be distributed for:

1. Pre-quiz highest scorer

2. Post-quiz highest scorer

3. One with maximum difference

Post Quiz


64/65


Post Quiz

Score Card

Sl no Trainee Name Pre-quiz Post-quiz Difference

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

Please provide your valuable feedback and suggestions!!!


65/65

Thank You

Vinodh Kombissan

[email protected]

Mobile: 9940041817

Nortel : +91 44 43721227

Extn 1227

Computer Sciences Corporation,

7th Floor , DLF IT Park, Tower 1B,

Manapakkam, Chennai - 600 086.

Please provide your valuable feedback and suggestions!!!

RHCE Certificate number: 805010021746212
mailto:[email protected]:[email protected]

rhel advanced training

Documents