RH133 - Red Hat Linux System Administration
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]
RH133 - Red Hat Linux System Administration
Introduction - RH133: Red Hat Linux System Administration
Copyright
Welcome
Red Hat Enterprise Linux
Red Hat Enterprise Linux Variants
Red Hat Subscription Model
Contacting Technical Support
Red Hat Network
Red Hat Services and Products
Fedora and EPEL
Audience and Prerequisites
Objectives
Pre/Post-Assessments
Lab Exercises
Classroom Network
Notes on Internationalization
Lecture 1 - Administrative Access
Objectives
Console Access
XOrg: Configuring the X11 Server
Review: Remote Access with SSH
Review: Implementing ssh RSA Keys
Remote X Clients
Multiplexing or Sharing Terminal Sessions with screen
Review: Privilege Escalation
Configuring sudo
Domain Management with virt-manager
Domain Management with virsh
End of Lecture 1
Lecture 2 - Package Management
Objectives
Software as Packages
About yum
Enabling Private yum Repositories
Querying with yum
Managing Packages with yum
About the Red Hat Network
Red Hat Network Client
RH133 - Red Hat Linux System Administration
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]
Creating a Private yum Repository
Advanced Installation and Removal with rpm
Updating to a New Kernel RPM
Advanced Queries with rpm
Verifying with rpm
End of Lecture 2
Lecture 3 - System Services and Security
Objectives
Monitoring System Logs
syslogd and klogd Configuration
Review: Automating Tasks with cron
System crontab Files
Default Daily Cron Jobs
The anacron System
Managing Printers with CUPS
Accurate Time with Network Time Protocol
SELinux
SELinux Policy: Troubleshooting
End of Lecture 3
Lecture 4 - System Initialization
Objectives
Checking Your System State
Runlevels
Controlling Services
Boot Sequence: Detailed Overview
GRand Unified Bootloader (GRUB)
GRUB Components and Configuration
Kernel Initialization
init Initialization
System Initialization
Standalone Service Initialization
Non-Service Startup
Transient Services
End of Lecture 4
Lecture 5 - Kernel Monitoring and Configuration
Objectives
The Linux Kernel
Kernel Components
Kernels and Support Limits
Monitoring Processes and Resources
RH133 - Red Hat Linux System Administration
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]
Kernel Monitoring and Configuration with
Kernel Configuration with sysctl
Exploring Hardware Devices
Review of
Managing Devices With udev
Kernel Modules
Utilizing and Configuring Kernel Modules
The Initial RAM Disk (initrd)
End of Lecture 5
Lecture 6 - Network Configuration
Objectives
Network Interfaces and /sbin/ip
Network Configuration Utilities
Interface Configuration Files
Device Aliases
Configuring the Routing Table
Verifying IP Connectivity
Hostnames
DNS Configuration
Filtering Network Traffic
Network Monitoring Utilities
Ethernet Channel Bonding
End of Lecture 6
Lecture 7 - Filesystem Administration
Objectives
Partitions and Filesystems
Inodes and Directories
Managing Removable Media
Accessing Network File Shares using NFS
Mounting NFS Shares On-Demand
End of Lecture 7
Lecture 8 - Additional Storage
Objectives
Adding New Filesystems
Partitioning a Physical Disk
Making Filesystems
Mounting Filesystems with mount
Mount Points and
RH133 - Red Hat Linux System Administration
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]
Adding Virtual Memory
End of Lecture 8
Lecture 9 - User Administration
Objectives
Review: User and Group Databases
Adding a New User Account
Modifying / Deleting User Accounts
Password Aging Policies
Administering Auxiliary Groups
Configuring the Quota System
Managing Quotas
End of Lecture 9
Lecture 10 - Filesystems for Group Collaboration
Objectives
Review: Viewing/Setting Ownership and Permissions
Review: Default File Ownership and Permissions
User Private Groups
Special Directory Permissions
Access Control Lists (ACLs)
Viewing and Managing ACLs
Review: Permission Precedence
Collaborate with Multiple Groups
End of Lecture 10
Lecture 11 - Centralized User Administration
Objectives
Components of Authentication
Enabling Centralized Authentication
Network Information Service (NIS)
NIS Client Tools
Lightweight Directory Access Protocol (LDAP)
LDAP Client Tools
Authentication Configuration In-depth
Name Service Switch (NSS)
Pluggable Authentication Modules (PAM)
Configuring Centralized Home Directories
Authentication Review
End of Lecture 11
RH133 - Red Hat Linux System Administration
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]
Redundant Array of Inexpensive Disks
Adding a Software RAID Device
Software RAID Monitoring
Software RAID Recovery
End of Lecture 12
Lecture 13 - Logical Volume Management
Objectives
What is Logical Volume Manager (LVM)?
LVM Tools
Creating Logical Volumes
Resizing Logical Volumes
Resizing Volume Groups
Logical Volume Manager Snapshots
Using LVM Snapshots
End of Lecture 13
Lecture 14 - Virtualization and Automated Installation
Objectives
Virtualization with Xen
Preparing Domain-0
Installing a New Domain-U
Install Automation with Kickstart
Starting a Kickstart Installation
Anatomy of a Kickstart File
Kickstart: Commands Section
Kickstart: Commands Section
Kickstart: Packages Section
Kickstart: Scripts Section
Creating a Network Installation Server
End of Lecture 14
Lecture 15 - Troubleshooting with Rescue Mode
Objectives
Method of Fault Analysis
Gathering Additional Data
Things to Check: Boot Process
Recovery Runlevels
Filesystem Problems During Boot
Rescue Environment
Rescue Environment Utilities
Rescue Environment Details
End of Lecture 15
RH133 - Red Hat Linux System Administration
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]
Introduction
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page01.html[5/3/2010 2:06:31 AM]
Introduction
RH133: Red Hat Linux System
Administration
RH133-RHEL5u4-en-7-20090928/d096429atitle
Copyright © 2009 Red Hat, Inc.All rights reserved
Copyright
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page02.html[5/3/2010 2:06:32 AM]
Copyright
The contents of this course and all its modules and related materials,
including handouts to audience members, are Copyright © 2009 Red
Hat, Inc.
No part of this publication may be stored in a retrieval system,
transmitted or reproduced in any way, including, but not limited to,
photocopy, photograph, magnetic, electronic or other record, without
the prior written permission of Red Hat, Inc.
This instructional program, including all material provided herein, is
supplied without any guarantees from Red Hat, Inc. Red Hat, Inc.
assumes no liability for damages or legal action arising from the use or
misuse of contents or details contained herein.
If you believe Red Hat training materials are being used, copied, or
otherwise improperly distributed please email training@redhat.com or
phone toll-free (USA) +1 866 626 2994 or +1 919 754 3700.
1
RH133-RHEL5u4-en-7-20090928/216f53f8
Copyright © 2009 Red Hat, Inc.All rights reserved
Welcome
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page03.html[5/3/2010 2:06:32 AM]
Welcome
Please let us know if you need any special assistance while
visiting our training facility.
Please introduce yourself to the rest of the class!
2
RH133-RHEL5u4-en-7-20090928/a8aa45c4
Copyright © 2009 Red Hat, Inc.All rights reserved
Red Hat Enterprise Linux
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page04.html[5/3/2010 2:06:33 AM]
Red Hat Enterprise Linux
Enterprise-targeted Linux operating system
Focused on mature open source technology
Extended release cycle between major versions
With periodic minor releases during the cycle
Certified with leading OEM and ISV products
All variants based on the same code
Certify once, run any application/anywhere/anytime
Services provided on subscription basis
3
RH133-RHEL5u4-en-7-20090928/9b4b75ae
Copyright © 2009 Red Hat, Inc.All rights reserved
Red Hat Enterprise Linux Variants
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page05.html[5/3/2010 2:06:33 AM]
Red Hat Enterprise Linux Variants
Red Hat Enterprise Linux Advanced Platform
Unlimited server size and virtualization support
HA clusters and cluster file system
Red Hat Enterprise Linux
Basic server solution for smaller non-mission-critical servers
Virtualization support included
Red Hat Enterprise Linux Desktop
Productivity desktop environment
Workstation option adds tools for software and network service
development
Multi-OS option for virtualization
4
RH133-RHEL5u4-en-7-20090928/47a77a3d
Copyright © 2009 Red Hat, Inc.All rights reserved
Red Hat Subscription Model
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page06.html[5/3/2010 2:06:34 AM]
Red Hat Subscription Model
Red Hat sells subscriptions that entitle systems to
receive a set of services that support open source
software
Red Hat Enterprise Linux and other Red Hat/JBoss solutions and
applications
Customers are charged an annual subscription fee per
system
Subscriptions can be migrated as hardware is replaced
Can freely move between major revisions, up and down
Multi-year subscriptions are available
A typical service subscription includes:
Software updates and upgrades through Red Hat Network
Technical support (web and phone)
Certifications, stable APIs/versions, and more
5
RH133-RHEL5u4-en-7-20090928/f98c808c
Copyright © 2009 Red Hat, Inc.All rights reserved
Contacting Technical Support
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page07.html[5/3/2010 2:06:34 AM]
Contacting Technical Support
Collect information needed by technical support:
Define the problem
Gather background information
Gather relevant diagnostic information, if possible
Determine the severity level
Contacting technical support by WWW:
http://www.redhat.com/support/
Contacting technical support by phone:
http://www.redhat.com/support/policy/sla/contact/
US/Canada: 888-GO-REDHAT (888-467-3342)
6
RH133-RHEL5u4-en-7-20090928/c12d09d3
Copyright © 2009 Red Hat, Inc.All rights reserved
Red Hat Network
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page08.html[5/3/2010 2:06:35 AM]
Red Hat Network
A systems management platform providing lifecycle
management of the operating system and applications
Installing and provisioning new systems
Updating systems
Managing configuration files
Monitoring performance
Redeploying systems for a new purpose
"Hosted" and "Satellite" deployment architectures
7
RH133-RHEL5u4-en-7-20090928/93398b3e
Copyright © 2009 Red Hat, Inc.All rights reserved
Red Hat Services and Products
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page09.html[5/3/2010 2:06:35 AM]
Red Hat Services and Products
Red Hat supports software products and services
beyond Red Hat Enterprise Linux
JBoss Enterprise Middleware
Systems and Identity Management
Infrastructure products and distributed computing
Training, consulting, and extended support
http://www.redhat.com/products/
8
RH133-RHEL5u4-en-7-20090928/649b8772
Copyright © 2009 Red Hat, Inc.All rights reserved
Fedora and EPEL
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page10.html[5/3/2010 2:06:36 AM]
Fedora and EPEL
Open source projects sponsored by Red Hat
Fedora distribution is focused on latest open source
technology
Rapid six month release cycle
Available as free download from the Internet
EPEL provides add-on software for Red Hat Enterprise
Linux
Open, community-supported proving grounds for
technologies which may be used in upcoming enterprise
products
Red Hat does not provide formal support
9
RH133-RHEL5u4-en-7-20090928/8744dbe2
Copyright © 2009 Red Hat, Inc.All rights reserved
Audience and Prerequisites
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page11.html[5/3/2010 2:06:37 AM]
Audience and Prerequisites
Audience: Linux or UNIX users, who understand the
basics of Red Hat Enterprise Linux, that desire further
technical training to continue the process of becoming a
system administrator.
Prerequisites: RH033 Red Hat Linux Essentials or
equivalent experience with Red Hat Enterprise Linux.
10
RH133-RHEL5u4-en-7-20090928/7bfc7df0
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page12.html[5/3/2010 2:06:37 AM]
Objectives
Control administrative access to Red Hat Enterprise Linux
Manage software packages with yum and rpm
Set up core system services and security
Understand system and service initialization
Monitor the kernel and configure kernel parameters
Set up IPv4 networking
Maintain existing filesystems and integrate new
filesystems
Perform local user and group administration
Enhance user management with SetGID, ACLs, and
quotas
Enable centralized authentication with NIS and LDAP
Implement partitioning with Software RAID and LVM
Install virtual systems with Kickstart
Troubleshoot boot process with rescue mode
11
RH133-RHEL5u4-en-7-20090928/2698ef4d
Copyright © 2009 Red Hat, Inc.All rights reserved
Pre/Post-Assessments
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page13.html[5/3/2010 2:06:38 AM]
Pre/Post-Assessments
Some units begin with a pre-assessment
3-5 simple questions about the unit's subject
Just leave blank if you don't know the answer
Questions are asked again at the end of the unit
12
RH133-RHEL5u4-en-7-20090928/25ef6d50
Copyright © 2009 Red Hat, Inc.All rights reserved
Lab Exercises
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page14.html[5/3/2010 2:06:38 AM]
Lab Exercises
Labs
Fundamental exercise providing basic goals, reinforcing the
lecture
Lab Solutions
Offers step-by-step detailed methodology
Found for all exercises that do not have specific steps
themselves
Challenge Labs
Advanced exercise, reinforcing more advanced topics from the
lecture
Not all students may have the time to complete
Optional Labs
Optional exercise that may depend on classroom specific
environment
13
RH133-RHEL5u4-en-7-20090928/1549fbcf
Copyright © 2009 Red Hat, Inc.All rights reserved
Classroom Network
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page15.html[5/3/2010 2:06:39 AM]
Classroom Network
example.com network (192.168.0.0/24)
instructor.example.com (192.168.0.254)
Main classroom server: Provides DHCP, DNS, routing and other services
stationX.example.com (192.168.0.X)
Student systems
serverX.example.com (192.168.0.X+100)
Virtual server hosted on student stations (Not used in all classes)
remote.test network (192.168.1.0/24)
crackerX.remote.test (192.168.1.X)
Virtual client hosted on student systems (Not used in all classes)
14
RH133-RHEL5u4-en-7-20090928/dba1a63a
Copyright © 2009 Red Hat, Inc.All rights reserved
Notes on Internationalization
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page16.html[5/3/2010 2:06:39 AM]
Notes on Internationalization
Red Hat Enterprise Linux supports nineteen languages
Default system-wide language can be selected
During installation
With system-config-language (System->Administration-
>Language)
Users can set personal language preferences
From graphical login screen (stored in ~/.dmrc)
For interactive shell (with LANG environment variable in
~/.bashrc
)
Alternate languages can be used on a per-command basis:
[user@host ~]$ LANG=ja_JP.UTF-8 date
15
RH133-RHEL5u4-en-7-20090928/8a224f80
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 1
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page01.html[5/3/2010 2:06:40 AM]
Lecture 1
Administrative Access
RH133-RHEL5u4-en-7-20090928/0ce6e3f0title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page02.html[5/3/2010 2:06:40 AM]
Objectives
Upon completion of this unit, you should be able to:
Access and administer text and graphical consoles
Remotely access the system for administration
Gain administrative privilege
Access virtualized systems
RH133-RHEL5u4-en-7-20090928/0ce6e3f0objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Console Access
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page03.html[5/3/2010 2:06:41 AM]
Console Access
Direct administrative access is obtained through
consoles:
Physical Console
Virtual Console
mingetty
prefdm
Serial Console
agetty
System Console
Graphical and remote access is often obtained through:
Pseudoterminal
1-
1
RH133-RHEL5u4-en-7-20090928/dd7963e0
Copyright © 2009 Red Hat, Inc.All rights reserved
XOrg: Configuring the X11 Server
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page04.html[5/3/2010 2:06:41 AM]
XOrg: Configuring the X11 Server
Client / server architecture
Server configuration:
Auto-configured as part of installation or even at runtime
Stored in /etc/X11/xorg.conf
Manually: system-config-display [--reconfig]
Client configuration:
Default in /etc/sysconfig/desktop
Runlevel 3: startx
Runlevel 5: prefdm
1-
2
RH133-RHEL5u4-en-7-20090928/9e0e8949
Copyright © 2009 Red Hat, Inc.All rights reserved
Review: Remote Access with SSH
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page05.html[5/3/2010 2:06:42 AM]
Review: Remote Access with SSH
Encrypted remote shell
ssh [user@]host
Copy files securely
scp [-rp] source destination
Remote file: [user@]host:/dir/file
Execute commands remotely
ssh [user@]host 'ifconfig eth0'
Configuration in /etc/ssh/ and ~/.ssh/
Can tunnel X11 and other TCP based network traffic
Supports key based authentication
1-
3
RH133-RHEL5u4-en-7-20090928/9be59077
Copyright © 2009 Red Hat, Inc.All rights reserved
Review: Implementing ssh RSA Keys
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page06.html[5/3/2010 2:06:42 AM]
Review: Implementing ssh RSA Keys
Generate public/private key pair:
$ ssh-keygen -t rsa
Copy public key to remote server:
$ ssh-copy-id -i .ssh/id_rsa.pub user@host
Test:
$ ssh user@host
1-
4
RH133-RHEL5u4-en-7-20090928/280427f5
Copyright © 2009 Red Hat, Inc.All rights reserved
Remote X Clients
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page07.html[5/3/2010 2:06:43 AM]
Remote X Clients
X protocol communication is unencrypted
Host-based sessions through xhost expose to all users
User-based sessions implemented through xauth
ssh -X host 'Xclientapp'
May automatically install xauth keys on remote machine
Can tunnel X protocol in secure encrypted ssh connection
Sets DISPLAY environment variable
1-
5
RH133-RHEL5u4-en-7-20090928/171d6d0d
Copyright © 2009 Red Hat, Inc.All rights reserved
Multiplexing or Sharing Terminal Sessions with screen
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page08.html[5/3/2010 2:06:43 AM]
Multiplexing or Sharing Terminal Sessions
with screen
Start multiple windows from a single parent shell
Windows are independent of each other
Continues to run even if user switches to another window
Detach from parent without stopping programs
Reconnect from same or different physical machine
Share windows with other people
Highly configurable
1-
6
RH133-RHEL5u4-en-7-20090928/4dbe0a23
Copyright © 2009 Red Hat, Inc.All rights reserved
Review: Privilege Escalation
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page09.html[5/3/2010 2:06:44 AM]
Review: Privilege Escalation
Know a secret: su
$ su -
But the root password must be “shared”
Be on a list: sudo
$ sudo command
Must be configured before use: visudo
Tied to executable: SUID and SGID
$ passwd
Can be used to provide a “back door”
1-
7
RH133-RHEL5u4-en-7-20090928/306c3b47
Copyright © 2009 Red Hat, Inc.All rights reserved
Configuring sudo
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page10.html[5/3/2010 2:06:44 AM]
Configuring sudo
Configure (as root):
# visudo
user MACHINE = (RunAs) COMMANDS
Cmnd_Alias KILL = /usr/bin/kill
student ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL
barney localhost=(ALL) KILL
Test (as the listed user):
$ sudo priv_cmd
1-
8
RH133-RHEL5u4-en-7-20090928/856898c1
Copyright © 2009 Red Hat, Inc.All rights reserved
Domain Management with virt-manager
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page11.html[5/3/2010 2:06:45 AM]
Domain Management with virt-manager
Applications->System Tools->Virtual Machine Manager
GUI for virtual machine management
Run/Shutdown VMs
Pause/Unpause VMs
Save/Restore VMs
Access VM physical/serial console
Also includes easy virtual machine installation wizard
Based on libvirt
A toolkit used to interact with the virtualization capabilities on
Linux
Integrates with multiple virtualization environments (Xen, KVM,
etc.)
1-
9
RH133-RHEL5u4-en-7-20090928/05753c44
Copyright © 2009 Red Hat, Inc.All rights reserved
Domain Management with virsh
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page12.html[5/3/2010 2:06:46 AM]
Domain Management with virsh
Command line management tool
Controlling domains
virsh start domain
virsh shutdown|reboot|destroy domain
virsh suspend|resume domain
virsh save domain state-file
virsh restore state-file
virsh autostart domain
Monitoring
virsh console domain
virsh list [--all|domain]
1-
10
RH133-RHEL5u4-en-7-20090928/ecfaeb1f
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 1
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page13.html[5/3/2010 2:06:46 AM]
End of Lecture 1
Questions and Answers
Summary
The X Server can be configured with system-config-display
For CLI remote-access, use ssh user@host
Include -X to enable remote-execution of GUI applications
Root privileges can be selectively delegated via sudo
virt-manager and virsh provide GUI and CLI control of virtual
machines
RH133-RHEL5u4-en-7-20090928/0ce6e3f0summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 2
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page01.html[5/3/2010 2:06:47 AM]
Lecture 2
Package Management
RH133-RHEL5u4-en-7-20090928/60c26cfdtitle
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page02.html[5/3/2010 2:06:47 AM]
Objectives
Upon completion of this unit, you should be able to:
Add, remove, and manage software using yum
Configure yum to connect to a private repository
Connect to and use the Red Hat Network
Create a private yum repository
Perform advanced tasks with rpm
RH133-RHEL5u4-en-7-20090928/60c26cfdobjectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Software as Packages
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page03.html[5/3/2010 2:06:48 AM]
Software as Packages
package-version-release.arch.rpm
version
- upstream developer version
release
- packager changes (fixes/backports documented in
“changelog”)
arch
- processor architecture of binaries
Contains:
Files Archive: Binaries, Documentation, “Default” Config
Summary, Description, Changelog
Instructions: Dependencies, Pre/Post Install/Uninstall
Signature
Upgrading replaces with newer version or release
.rpmsave
versus .rpmnew
2-
1
RH133-RHEL5u4-en-7-20090928/703b4685
Copyright © 2009 Red Hat, Inc.All rights reserved
About yum
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page04.html[5/3/2010 2:06:48 AM]
About yum
Command-line front-end to rpm
Introduced with Fedora and Red Hat Enterprise Linux 5
Replacement for up2date
Designed to resolve package dependencies
Can locate packages across multiple repositories
Red Hat Network Hosted or Satellite Servers
Private http/ftp yum repository servers
Graphical front-ends to yum
system-config-packages (pirut)
pup
2-
2
RH133-RHEL5u4-en-7-20090928/eeac61a8
Copyright © 2009 Red Hat, Inc.All rights reserved
Enabling Private yum Repositories
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page05.html[5/3/2010 2:06:49 AM]
Enabling Private yum Repositories
Create a file in /etc/yum.repos.d/ for your repository
Name must end in .repo
Contains one or more stanzas:
[repo-name]
name=A nice description
baseurl=http://yourserver.com/path/to/repo
enabled=1
gpgcheck=1
Default settings in /etc/yum.conf
Repository information is cached
Downloaded from above baseurl subdirectory named repodata
To clear the cache: yum clean dbcache|all
2-
3
RH133-RHEL5u4-en-7-20090928/15b36764
Copyright © 2009 Red Hat, Inc.All rights reserved
Querying with yum
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page06.html[5/3/2010 2:06:49 AM]
Querying with yum
Listing packages and information
yum list [all] [package_glob]
yum list (installed|available|updates...
[package_glob])
yum grouplist
yum info package
yum groupinfo packagegroup
Searching packages and files
yum search searchterm
yum provides filename
2-
4
RH133-RHEL5u4-en-7-20090928/52d59cec
Copyright © 2009 Red Hat, Inc.All rights reserved
Managing Packages with yum
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page07.html[5/3/2010 2:06:50 AM]
Managing Packages with yum
Installing new packages:
yum install package...
yum localinstall rpmfile...
yum groupinstall packagegroup...
Removing:
yum remove package...
Upgrade to later version/release:
yum update [package...]
2-
5
RH133-RHEL5u4-en-7-20090928/2d62dcb9
Copyright © 2009 Red Hat, Inc.All rights reserved
About the Red Hat Network
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page08.html[5/3/2010 2:06:51 AM]
About the Red Hat Network
Centralized platform for systems management
Hosted, Satellite, Proxy
Web based management interface
Uses HTTPS for all transactions
Entitlements grant access to software channels and
modules
Custom channels can be locally administered
Additional modules support Management, Provisioning, and
Monitoring
2-
6
RH133-RHEL5u4-en-7-20090928/c54c73a8
Copyright © 2009 Red Hat, Inc.All rights reserved
Red Hat Network Client
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page09.html[5/3/2010 2:06:51 AM]
Red Hat Network Client
Registration via rhn_register
Select the updates location (RHN or local satellite/proxy)
Enter Account information
Can be automated with rhnreg_ks
Interactive usage
yum uses plug-in for RHN communication
Already configured in /etc/yum/pluginconf.d/rhnplugin.conf
Remote management
Actions queued on RHN server
rhnsd polls RHN every four hours
rhn_check polls immediately
2-
7
RH133-RHEL5u4-en-7-20090928/bdc39cd4
Copyright © 2009 Red Hat, Inc.All rights reserved
Creating a Private yum Repository
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page10.html[5/3/2010 2:06:52 AM]
Creating a Private yum Repository
Create a directory to hold your packages
Make this directory available via http or ftp
Install the createrepo RPM
Run createrepo -v /dir/packagedir
Creates/Re-creates a repodata subdirectory
Files contain extracted package header information
2-
8
RH133-RHEL5u4-en-7-20090928/7786da96
Copyright © 2009 Red Hat, Inc.All rights reserved
Advanced Installation and Removal with rpm
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page11.html[5/3/2010 2:06:52 AM]
Advanced Installation and Removal with rpm
Primary RPM options:
Install/Upgrade: rpm -i | -F | -U rpmfile...
Removal: rpm -e package...
Output options: -v, -h
URL support: ftp:// (with globbing), http://
Advanced options:
Reinstall: --replacepkgs
Downgrade: --oldpackage
Ignore conflicts: --replacefiles
Ignore dependencies: --nodeps
2-
9
RH133-RHEL5u4-en-7-20090928/e117b1c6
Copyright © 2009 Red Hat, Inc.All rights reserved
Updating to a New Kernel RPM
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page12.html[5/3/2010 2:06:53 AM]
Updating to a New Kernel RPM
Kernels are installed in parallel, not upgraded
Do not use rpm -U or rpm -F ! Use rpm -i !
yum properly handles with either update or install
Updating (adding) a kernel
yum update kernel
Boot new kernel to test
Reboot to old kernel if a problem arises
yum remove kernel-oldversion if no problems
2-
10
RH133-RHEL5u4-en-7-20090928/383d31a0
Copyright © 2009 Red Hat, Inc.All rights reserved
Advanced Queries with rpm
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page13.html[5/3/2010 2:06:53 AM]
Advanced Queries with rpm
Four basic types of queries:
Installed version: rpm -q package
All installed: rpm -q -a [package_glob]
Package file (uninstalled): rpm -q -p rpmfile
File owner: rpm -q -f file_path_name
Types of information to query:
-i general information about package
-l list of files in package
Many others that yum cannot provide
2-
11
RH133-RHEL5u4-en-7-20090928/dec172a6
Copyright © 2009 Red Hat, Inc.All rights reserved
Verifying with rpm
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page14.html[5/3/2010 2:06:54 AM]
Verifying with rpm
Installed package file verification:
# rpm -V package
# rpm -V -p rpmfile
# rpm -V -a
Signature verification before package installation:
# rpm --import RPM-GPG-KEY-redhat-release
# rpm -qa gpg-pubkey
# rpm -K rpmfile
2-
12
RH133-RHEL5u4-en-7-20090928/5317c18a
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 2
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page15.html[5/3/2010 2:06:54 AM]
End of Lecture 2
Questions and Answers
Summary
yum installs packages and their dependencies from remote
repositories
Repositories are configured in yum.conf and
/etc/yum.repos.d/
Red Hat distributes updates via the Red Hat Network
Systems must be registered to access RHN
Usually done during installation or post-install with rhn_register
Registered systems poll for updates via rhnsd
rpm can be used for advanced queries and tasks not suited to
yum
RH133-RHEL5u4-en-7-20090928/60c26cfdsummary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 3
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page01.html[5/3/2010 2:06:55 AM]
Lecture 3
System Services and Security
RH133-RHEL5u4-en-7-20090928/f9757bb4title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page02.html[5/3/2010 2:06:55 AM]
Objectives
Upon completion of this unit, you should be able to:
Monitor and configure system logs
Automate tasks with cron
Configure printing
Understand the importance of time synchronization
Describe SELinux service security features
RH133-RHEL5u4-en-7-20090928/f9757bb4objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Monitoring System Logs
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page03.html[5/3/2010 2:06:56 AM]
Monitoring System Logs
Centralized logging daemons: syslogd, klogd, auditd
Log file examples:
/var/log/dmesg
: Kernel boot messages
/var/log/messages
: Standard system error messages
/var/log/maillog
: Mail system messages
/var/log/secure
: Security, authentication, and xinetd
messages
/var/log/audit/audit.log
: Kernel auditing messages
Application log files and directories also reside in
/var/log/
3-
1
RH133-RHEL5u4-en-7-20090928/ff94a96f
Copyright © 2009 Red Hat, Inc.All rights reserved
syslogd and klogd Configuration
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page04.html[5/3/2010 2:06:57 AM]
syslogd and klogd Configuration
klogd traps kernel messages to syslogd
Both controlled by /etc/rc.d/init.d/syslog
Script configured in: /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-m 0"
Configuring syslogd:
/etc/syslog.conf
facility.priority log_location
logger generates messages to syslogd from
command-line
3-
2
RH133-RHEL5u4-en-7-20090928/9884cb30
Copyright © 2009 Red Hat, Inc.All rights reserved
Review: Automating Tasks with cron
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page05.html[5/3/2010 2:06:57 AM]
Review: Automating Tasks with cron
Used to schedule recurring events
Use crontab to edit, install, and view job schedules
crontab [-u user] file
crontab [-l|-r|-e]
echo '*/15 8-17 * * 1-5 echo Breaktime' | crontab
Restrict / allow user access to crond
/etc/cron.allow
/etc/cron.deny
3-
3
RH133-RHEL5u4-en-7-20090928/af02b4eb
Copyright © 2009 Red Hat, Inc.All rights reserved
System crontab Files
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page06.html[5/3/2010 2:06:58 AM]
System crontab Files
Different format than user crontab files
Default /etc/crontab runs executables in
/etc/cron.hourly/
/etc/cron.daily/
/etc/cron.weekly/
/etc/cron.monthly/
/etc/cron.d/
contains additional system crontab files
3-
4
RH133-RHEL5u4-en-7-20090928/b95b894d
Copyright © 2009 Red Hat, Inc.All rights reserved
Default Daily Cron Jobs
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page07.html[5/3/2010 2:06:58 AM]
Default Daily Cron Jobs
tmpwatch
Cleans old files in specific directories
Keeps /tmp from filling up
logrotate
Keeps log files from getting too large
Configuration in: /etc/logrotate.conf and
/etc/logrotate.d/
logwatch
Provides a summary about system activity
Reports suspicious messages
Configuration in: /etc/logwatch/
3-
5
RH133-RHEL5u4-en-7-20090928/d4d80c40
Copyright © 2009 Red Hat, Inc.All rights reserved
The anacron System
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page08.html[5/3/2010 2:06:59 AM]
The anacron System
anacron runs jobs when the system boots
Configuration file: /etc/anacrontab
Field 1: if the job has not been run in this many days...
Field 2: wait this number of minutes before running it
Field 3: job identifier
Field 4: the job to run
Default is tied to /etc/crontab
Runs “missed” daily, weekly, and monthly jobs
Vital for computers that are not up continually
3-
6
RH133-RHEL5u4-en-7-20090928/faec00ed
Copyright © 2009 Red Hat, Inc.All rights reserved
Managing Printers with CUPS
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page09.html[5/3/2010 2:06:59 AM]
Managing Printers with CUPS
Configuration tools
system-config-printer
Web based:
Command line: lpadmin and lpinfo
Configuration files
/etc/cups/cupsd.conf
/etc/cups/printers.conf
PPD files used to describe printers
Uses the Internet Printing Protocol (IPP)
Allows remote browsing of printer queues
Based on HTTP/1.1
3-
7
RH133-RHEL5u4-en-7-20090928/2ba4c1c2
Copyright © 2009 Red Hat, Inc.All rights reserved
Accurate Time with Network Time Protocol
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page10.html[5/3/2010 2:07:00 AM]
Accurate Time with Network Time Protocol
Many applications require accurate timing
Workstation hardware clocks tend to drift without
correction
NTP counters the drift by manipulating the length of a
second
NTP clients should use three time servers
Configuration tool: system-config-date
Configuration file: /etc/ntp.conf
Test with ntpq
3-
8
RH133-RHEL5u4-en-7-20090928/a58abd8e
Copyright © 2009 Red Hat, Inc.All rights reserved
SELinux
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page11.html[5/3/2010 2:07:00 AM]
SELinux
Mandatory Access Control -vs- Discretionary Access
Control
Any action not explicitly allowed is denied by default
A binary policy defines:
Security contexts (credentials)
Rules to allow specific actions
Booleans to conditionally enable or disable rules
Audit requirements (logging)
Default policy is targeted
Protects the system from a compromised service, not from local
users
Most local processes are unconfined_t
Supplemental Media
Security Engineer Dan Walsh on the role of SELinux
3-
9
RH133-RHEL5u4-en-7-20090928/357f91f4
Copyright © 2009 Red Hat, Inc.All rights reserved
SELinux Policy: Troubleshooting
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page12.html[5/3/2010 2:07:01 AM]
SELinux Policy: Troubleshooting
Modes: Enforcing, Permissive, or Disabled
Persistent
/etc/sysconfig/selinux
system-config-securitylevel
Runtime
getenforce and setenforce 0 | 1
Kernel arguments: selinux=0 | 1 or enforcing=0 | 1
Logs: /var/log/{messages,audit/audit.log}
General advice
man -k selinux
setroubleshootd, sealert -b and sealert -a
Advises how to avoid errors, not ensure security!
3-
10
RH133-RHEL5u4-en-7-20090928/95dcaa4d
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 3
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page13.html[5/3/2010 2:07:02 AM]
End of Lecture 3
Questions and Answers
Summary
Most system logs are stored in /var/log/
Automated jobs can be scheduled with crontab -e
Syntax documented in man 5 crontab
Printers can be configured with system-config-printer
Network Time Protocol synchronizes date and time between
systems
Configure with system-config-date
SELinux identifies and limits processes by type
SELinux mode can be controlled with system-config-
securitylevel
RH133-RHEL5u4-en-7-20090928/f9757bb4summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 4
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page01.html[5/3/2010 2:07:02 AM]
Lecture 4
System Initialization
RH133-RHEL5u4-en-7-20090928/d1f5685etitle
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page02.html[5/3/2010 2:07:03 AM]
Objectives
Upon completion of this unit, you should be able to:
Check your current system state
Start, stop and check services
Change to different runlevels
Understand the boot sequence
RH133-RHEL5u4-en-7-20090928/d1f5685eobjectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Checking Your System State
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page03.html[5/3/2010 2:07:03 AM]
Checking Your System State
Red Hat Enterprise Linux Release:
cat /etc/redhat-release
Identifying your kernel:
Current kernel: uname -r
Available kernels: yum list installed kernel\* or rpm -qa
kernel\*
Identifying the runlevel:
Current runlevel: /sbin/runlevel or who -r
Default runlevel: grep initdefault: /etc/inittab
4-
1
RH133-RHEL5u4-en-7-20090928/ac8c2018
Copyright © 2009 Red Hat, Inc.All rights reserved
Runlevels
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page04.html[5/3/2010 2:07:04 AM]
Runlevels
init defines runlevels 0-6, S, and emergency
Defines sets of services to auto-start
The runlevel is selected by either
Default in /etc/inittab at boot
id:5:initdefault:
Passing an argument from the bootloader
Using the command init new_runlevel
4-
2
RH133-RHEL5u4-en-7-20090928/425374e8
Copyright © 2009 Red Hat, Inc.All rights reserved
Controlling Services
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page05.html[5/3/2010 2:07:04 AM]
Controlling Services
Graphical: system-config-services
Standalone Services
service servicename start|stop|restart|status
chkconfig --list servicename
chkconfig servicename on|off|reset
Transient Services
chkconfig --list servicename
chkconfig servicename on|off
4-
3
RH133-RHEL5u4-en-7-20090928/6c6818ba
Copyright © 2009 Red Hat, Inc.All rights reserved
Boot Sequence: Detailed Overview
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page06.html[5/3/2010 2:07:05 AM]
Boot Sequence: Detailed Overview
BIOS initialization
Bootloader
Kernel initialization
init starts and enters desired runlevel by executing:
/etc/rc.d/rc.sysinit
/etc/rc.d/rc
and /etc/rc.d/rc[0-6].d/
/etc/rc.d/rc.local
Virtual consoles
X Display Manager if appropriate
4-
4
RH133-RHEL5u4-en-7-20090928/b500c19a
Copyright © 2009 Red Hat, Inc.All rights reserved
GRand Unified Bootloader (GRUB)
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page07.html[5/3/2010 2:07:05 AM]
GRand Unified Bootloader (GRUB)
Image selection
Select with space followed by up/down arrows on the boot
splash screen
Argument passing
Change an existing stanza in menu editing mode
Issue boot commands interactively on the GRUB command line
Password protection
Can block image selection
Can block menu editing mode
pyGRUB used for Xen paravirtualized systems
Boot system using: xm create -c domain
4-
5
RH133-RHEL5u4-en-7-20090928/9ccb1955
Copyright © 2009 Red Hat, Inc.All rights reserved
GRUB Components and Configuration
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page08.html[5/3/2010 2:07:06 AM]
GRUB Components and Configuration
1st Stage
Small, added to MBR or boot sector during installation
Use /sbin/grub-install to repair
2nd Stage
Loaded from filesystem containing /boot
Configured in /boot/grub/grub.conf
To boot Linux: title, kernel, root filesystem, and initial
ramdisk
4-
6
RH133-RHEL5u4-en-7-20090928/90d7471d
Copyright © 2009 Red Hat, Inc.All rights reserved
Kernel Initialization
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page09.html[5/3/2010 2:07:06 AM]
Kernel Initialization
Kernel boot time functions
Device detection
Device driver initialization (modules loaded from initrd-
<version>.img
)
Mounts root filesystem read only
Loads initial process (init, PID 1)
Logged to /var/log/dmesg
4-
7
RH133-RHEL5u4-en-7-20090928/03283c0c
Copyright © 2009 Red Hat, Inc.All rights reserved
init Initialization
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page10.html[5/3/2010 2:07:07 AM]
init Initialization
init reads its config: /etc/inittab
Initial runlevel
System initialization scripts
Runlevel specific script directories
Trap certain key sequences
Define UPS power fail / restore scripts
Spawn gettys on virtual consoles
Initialize X in runlevel 5
4-
8
RH133-RHEL5u4-en-7-20090928/56efac20
Copyright © 2009 Red Hat, Inc.All rights reserved
System Initialization
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page11.html[5/3/2010 2:07:08 AM]
System Initialization
/etc/rc.d/rc.sysinit
Activate udev and selinux
Sets kernel parameters in /etc/sysctl.conf
Sets the system clock
Loads keymaps
Enables swap partitions
Sets hostname
Root filesystem check and remount read-write
Activate RAID and LVM devices
Enable disk quotas
Check and mount other local filesystems
Cleans up stale locks and PID files
4-
9
RH133-RHEL5u4-en-7-20090928/96e6b7ef
Copyright © 2009 Red Hat, Inc.All rights reserved
Standalone Service Initialization
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page12.html[5/3/2010 2:07:08 AM]
Standalone Service Initialization
/etc/rc.d/rc
defines which standalone services to
start
l5:5:wait:/etc/rc.d/rc 5
Each runlevel has a corresponding directory:
/etc/rc.d/rc5.d/
K*
symbolic links called with a stop argument
S*
symbolic links called with a start argument
The System V init scripts reside in:
/etc/rc.d/init.d/
Behavior configured with files under /etc/sysconfig/
4-
10
RH133-RHEL5u4-en-7-20090928/80a6c1ac
Copyright © 2009 Red Hat, Inc.All rights reserved
Non-Service Startup
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page13.html[5/3/2010 2:07:09 AM]
Non-Service Startup
/etc/rc.d/rc.local
Runs near the end of the runlevel specific scripts (S99local)
Common place for custom modification
Better practice:
Create a System V init script
Existing /etc/rc.d/init.d/ scripts can be used as a starting
point
4-
11
RH133-RHEL5u4-en-7-20090928/24249dc4
Copyright © 2009 Red Hat, Inc.All rights reserved
Transient Services
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page14.html[5/3/2010 2:07:09 AM]
Transient Services
xinetd manages on-demand services
Less-frequently needed services
Host-based authentication
Service statistics and logging
Service IP redirection
Configuration files:
/etc/xinetd.conf
/etc/xinetd.d/service
4-
12
RH133-RHEL5u4-en-7-20090928/85a7f343
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 4
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page15.html[5/3/2010 2:07:10 AM]
End of Lecture 4
Questions and Answers
Summary
Understand system runlevels and kernels
Manage system services
Change runlevels
Understand the boot sequence
Use the GRUB bootloader
Access virtualization consoles
RH133-RHEL5u4-en-7-20090928/d1f5685esummary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 5
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page01.html[5/3/2010 2:07:10 AM]
Lecture 5
Kernel Monitoring and Configuration
RH133-RHEL5u4-en-7-20090928/35efbaa5title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page02.html[5/3/2010 2:07:11 AM]
Objectives
Upon completion of this unit, you should be able to:
Understand the purpose and organization of the kernel
Know how to configure the kernel using /proc and
sysctl
Explore hardware devices available on the system
Understand how to load and configure kernel modules
RH133-RHEL5u4-en-7-20090928/35efbaa5objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
The Linux Kernel
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page03.html[5/3/2010 2:07:11 AM]
The Linux Kernel
The kernel constitutes the core part of the Linux
operating system
Kernel duties:
System initialization: detects hardware resources and boots up
the system
Process scheduling: determines when processes should run and
for how long
Memory management: allocates memory on behalf of running
processes
Security: enforces permissions, SELinux contexts and firewall
rules
Provides buffers and caches to speed up hardware access
Implements standard network protocols and filesystem formats
Documentation available in the kernel-doc RPM
package
5-
1
RH133-RHEL5u4-en-7-20090928/92f1ab86
Copyright © 2009 Red Hat, Inc.All rights reserved
Kernel Components
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page04.html[5/3/2010 2:07:12 AM]
Kernel Components
Multiple kernels may be installed at the same time
Different variants have different features, allows easier version
upgrades
Kernel version is part of the absolute filename to avoid
conflicts
/boot/vmlinuz-version
Main kernel binary file
/boot/initrd-version.img
Initial RAM disk providing critical kernel modules at boot
/lib/modules/version/
Kernel modules (drivers and extensions) matching a particular
kernel binary
5-
2
RH133-RHEL5u4-en-7-20090928/18d2993d
Copyright © 2009 Red Hat, Inc.All rights reserved
Kernels and Support Limits
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page05.html[5/3/2010 2:07:13 AM]
Kernels and Support Limits
RHEL 5.4 32-bit x86 kernels:
kernel
: up to 32 processors, 4 GB RAM
kernel-PAE
: up to 32 processors, 16 GB RAM (PAE36)
kernel-xen
: up to 32 processors, 16 GB RAM (Dom0 limits)
RHEL 5.4 64-bit x86-64 kernels:
kernel
: up to 64 processors, 512 GB RAM
kernel-xen
: up to 126 processors, 512 GB RAM (Dom0 limits)
5-
3
RH133-RHEL5u4-en-7-20090928/fbe8c43f
Copyright © 2009 Red Hat, Inc.All rights reserved
Monitoring Processes and Resources
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page06.html[5/3/2010 2:07:13 AM]
Monitoring Processes and Resources
Kernel state: uname, uptime, tload
Processes: ps, top, gnome-system-monitor
Memory: free, vmstat, swapon -s, pmap
Disk Utilization: df, fdisk -l, iostat, lsof
Support Summary: sosreport
5-
4
RH133-RHEL5u4-en-7-20090928/47534075
Copyright © 2009 Red Hat, Inc.All rights reserved
Kernel Monitoring and Configuration with /proc and /sys
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page07.html[5/3/2010 2:07:14 AM]
Kernel Monitoring and Configuration with
/proc
and /sys
Virtual filesystems: proc and sysfs
Used to display:
Process information: /proc/<PID>
Memory resources: /proc/meminfo
Disk partitions: /proc/partitions
Modify kernel configuration:
System hostname: /proc/sys/kernel/hostname
Apply immediately, but do not persist across a reboot
5-
5
RH133-RHEL5u4-en-7-20090928/7ed18921
Copyright © 2009 Red Hat, Inc.All rights reserved
Kernel Configuration with sysctl
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page08.html[5/3/2010 2:07:14 AM]
Kernel Configuration with sysctl
sysctl adds persistence to /proc/sys settings
Statements added to /etc/sysctl.conf automatically
processed during boot
Configuration maintained or monitored using the sysctl
command:
List all current settings: sysctl -a
Reprocess settings from sysctl.conf: sysctl -p
Set a /proc value dynamically: sysctl -w
net.ipv4.ip_forward=1
5-
6
RH133-RHEL5u4-en-7-20090928/62d68590
Copyright © 2009 Red Hat, Inc.All rights reserved
Exploring Hardware Devices
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page09.html[5/3/2010 2:07:15 AM]
Exploring Hardware Devices
Utilities:
lspci and lsusb
For x86 and x86-64: dmidecode and x86info
HAL: Hardware Abstraction Layer
Snapshot of all connected devices
hal-device lists in text mode
hal-device-manager displays in a graphical window
5-
7
RH133-RHEL5u4-en-7-20090928/93c12b3d
Copyright © 2009 Red Hat, Inc.All rights reserved
Review of /dev
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page10.html[5/3/2010 2:07:15 AM]
Review of /dev
Files under /dev are used to access drivers
Three file attributes determine which driver to access:
Device type (character or block)
Major number
Minor number
Block devices:
/dev/sda
, /dev/sdb - SCSI, SATA, or USB storage
/dev/md0
, /dev/md1 - Software RAID
Character devices:
/dev/null
, /dev/zero - Software devices
/dev/random
, /dev/urandom - Random numbers
5-
8
RH133-RHEL5u4-en-7-20090928/928a814a
Copyright © 2009 Red Hat, Inc.All rights reserved
Managing Devices With udev
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page11.html[5/3/2010 2:07:16 AM]
Managing Devices With udev
udev manages files stored under /dev/
Files are only created if corresponding device is plugged
in
Files are automatically removed when device is
disconnected
udev statements under /etc/udev/rules.d/
determine:
Filenames
Permissions
Owners and groups
Commands to execute when a new device shows up
mknod does not persist across a reboot
5-
9
RH133-RHEL5u4-en-7-20090928/3a0a555e
Copyright © 2009 Red Hat, Inc.All rights reserved
Kernel Modules
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page12.html[5/3/2010 2:07:16 AM]
Kernel Modules
Small kernel extensions
May be loaded and unloaded at will
Can implement drivers, filesystems, firewall, and more
Provided with the kernel RPM
Are located under /lib/modules/$(uname -r)/
Compiled for a specific kernel version
Third party modules may be added
5-
10
RH133-RHEL5u4-en-7-20090928/336394fa
Copyright © 2009 Red Hat, Inc.All rights reserved
Utilizing and Configuring Kernel Modules
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page13.html[5/3/2010 2:07:17 AM]
Utilizing and Configuring Kernel Modules
lsmod provides a list of loaded modules
modinfo displays information about any available
module
modprobe can load and unload modules
/etc/modprobe.conf
used for module configuration:
Parameters to pass to a module whenever it is loaded
Aliases to represent a module name
Commands to execute when a module is loaded or unloaded
5-
11
RH133-RHEL5u4-en-7-20090928/b7faceca
Copyright © 2009 Red Hat, Inc.All rights reserved
The Initial RAM Disk (initrd)
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page14.html[5/3/2010 2:07:17 AM]
The Initial RAM Disk (initrd)
To mount the root filesystem, the kernel typically needs
to load modules:
ext3
, jbd, raid1, scsi_mod ...
third-party hardware RAID modules
Compressed cpio archive created by kernel installation
kept in /boot
Use mkinitrd to rebuild
# mkinitrd /boot/initrd-$(uname -r).img $(uname -r)
Manually add modules:
--with
/etc/modprobe.conf
/etc/sysconfig/mkinitrd/
5-
12
RH133-RHEL5u4-en-7-20090928/9ceefd67
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 5
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page15.html[5/3/2010 2:07:18 AM]
End of Lecture 5
Questions and Answers
Summary
Different kernel variants based on processor and features
Persistently configure kernel tunables in /etc/sysctl.conf
Hardware and /dev managed through udev and HAL
Currently loaded kernel modules can be listed with lsmod
Modules needed to mount "/" are loaded from initrd
RH133-RHEL5u4-en-7-20090928/35efbaa5summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 6
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page01.html[5/3/2010 2:07:19 AM]
Lecture 6
Network Configuration
RH133-RHEL5u4-en-7-20090928/5be9f76btitle
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page02.html[5/3/2010 2:07:19 AM]
Objectives
Upon completion of this unit, you should be able to:
Configure TCP/IP network interfaces and routing
Configure DNS name resolution
Do basic monitoring and filtering of network traffic
Describe how interfaces could be bonded
RH133-RHEL5u4-en-7-20090928/5be9f76bobjectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Network Interfaces and /sbin/ip
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page03.html[5/3/2010 2:07:20 AM]
Network Interfaces and /sbin/ip
Networking scripts refer to logical interface names:
Ethernet: eth0, eth1 ...
Dial-up: ppp0, ppp1 ...
Loopback: lo
Display network interfaces/configuration by using:
ip [-s] link [show [ethX]]
ip addr [show [ethX]]
6-
1
RH133-RHEL5u4-en-7-20090928/ef3454bc
Copyright © 2009 Red Hat, Inc.All rights reserved
Network Configuration Utilities
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page04.html[5/3/2010 2:07:20 AM]
Network Configuration Utilities
system-config-network
Device and Gateway
Static Routes
DNS and Hostname
system-config-network-tui
Device and Gateway
Changes are not immediate
Deactivate and Activate buttons
ifdown ethX ; ifup ethX
service network restart
6-
2
RH133-RHEL5u4-en-7-20090928/fc8c85f8
Copyright © 2009 Red Hat, Inc.All rights reserved
Interface Configuration Files
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page05.html[5/3/2010 2:07:21 AM]
Interface Configuration Files
/etc/sysconfig/network-scripts/ifcfg-name
Set DEVICE to map configuration to device name
Set HWADDR to map configuration to MAC address
Set BOOTPROTO=dhcp for dynamic configuration
Set IPADDR and NETMASK for static configuration
Set ETHTOOL_OPTS to force speed and duplex settings
Requires at least DEVICE and BOOTPROTO or IPADDR
Options documented in sysconfig.txt
6-
3
RH133-RHEL5u4-en-7-20090928/f3878596
Copyright © 2009 Red Hat, Inc.All rights reserved
Device Aliases
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page06.html[5/3/2010 2:07:21 AM]
Device Aliases
Useful for virtual hosting
Bind multiple IP addresses to a single NIC
<device>:<alias>
, i.e. eth1:0, eth1:1 ...
Create a separate interface configuration file for each
device alias:
ifcfg-ethX:y
Must use static networking
6-
4
RH133-RHEL5u4-en-7-20090928/4da924e4
Copyright © 2009 Red Hat, Inc.All rights reserved
Configuring the Routing Table
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page07.html[5/3/2010 2:07:22 AM]
Configuring the Routing Table
The routing table tells the kernel how to reach different
networks
Networks are associated with interfaces and, optionally,
routers
Networks attached to interfaces are added
automatically
A default gateway is used if no explicit route is given
View table with ip route
Configure table with:
GATEWAY
in ifcfg-* or /etc/sysconfig/network
Settings in /etc/sysconfig/network-scripts/route-ethX
6-
5
RH133-RHEL5u4-en-7-20090928/68f9a1ab
Copyright © 2009 Red Hat, Inc.All rights reserved
Verifying IP Connectivity
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page08.html[5/3/2010 2:07:23 AM]
Verifying IP Connectivity
ping
Network packet loss and latency measurement tool
traceroute
Displays network path to a destination
mtr
Combines the functionality of traceroute and ping in a single
tool
These and other tools available in the gnome-nettool
GUI
6-
6
RH133-RHEL5u4-en-7-20090928/946d0776
Copyright © 2009 Red Hat, Inc.All rights reserved
Hostnames
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page09.html[5/3/2010 2:07:23 AM]
Hostnames
System hostname set in /etc/sysconfig/network
If not explicitly set, DHCP or DNS will be used
Can be viewed or temporarily set with hostname
Other name/IP mappings can be defined in /etc/hosts
127.0.0.1 localhost.localdomain
localhost
::1 localhost6.localdomain6 localdomain6
10.0.0.1 testmachine1.lab.example.com
test1
6-
7
RH133-RHEL5u4-en-7-20090928/1d931e2b
Copyright © 2009 Red Hat, Inc.All rights reserved
DNS Configuration
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page10.html[5/3/2010 2:07:24 AM]
DNS Configuration
DNS servers resolve names not in /etc/hosts
Precedence controlled by /etc/nsswitch.conf
Configured in /etc/resolv.conf
search example.com
nameserver 192.168.0.254
nameserver 10.0.0.254
Test with gethostip, host, or dig
6-
8
RH133-RHEL5u4-en-7-20090928/10a51ef7
Copyright © 2009 Red Hat, Inc.All rights reserved
Filtering Network Traffic
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page11.html[5/3/2010 2:07:24 AM]
Filtering Network Traffic
Filtering in the kernel
Only inspects packet headers
Consists of:
netfilter modules
iptables command
init.d/iptables
script
Basic policy adjustments with system-config-
securitylevel
6-
9
RH133-RHEL5u4-en-7-20090928/8b4addc5
Copyright © 2009 Red Hat, Inc.All rights reserved
Network Monitoring Utilities
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page12.html[5/3/2010 2:07:25 AM]
Network Monitoring Utilities
Network interfaces (ip)
Show what interfaces are available on a system
Local diagnostic (netstat)
Show active connections, routes, and statistics
Port scanners (nmap)
Show what services are available on a system
Packet sniffers (tcpdump, wireshark)
Stores and analyzes all network traffic visible to the "sniffing"
system
6-
10
RH133-RHEL5u4-en-7-20090928/97975493
Copyright © 2009 Red Hat, Inc.All rights reserved
Ethernet Channel Bonding
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page13.html[5/3/2010 2:07:26 AM]
Ethernet Channel Bonding
Highly available network interface
Avoids single point of failure
Aggregating bandwidth and load balancing are possible
Many NICs can be bonded into a single virtual interface
Plug each interface into different switches on the same network
Network driver must be able to detect link
Configuration steps:
Load bonding module in /etc/modprobe.conf
Configure bond0 interface and its slave interfaces
/proc/net/bond0/info
6-
11
RH133-RHEL5u4-en-7-20090928/cdd47f47
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 6
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page14.html[5/3/2010 2:07:26 AM]
End of Lecture 6
Questions and Answers
Summary
system-config-network provides GUI or TUI network-
configuration
Network configuration is stored in:
/etc/sysconfig/network-scripts/ifcfg-*
(interface-specific
settings)
/etc/sysconfig/network-scripts/routes-*
(non-standard routes)
/etc/resolv.conf
(DNS servers)
/etc/sysconfig/network
(other global settings)
Basic packet filtering can be configured with system-config-
securitylevel
Bonded interfaces provide aggregated bandwidth and load
balancing
RH133-RHEL5u4-en-7-20090928/5be9f76bsummary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 7
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page01.html[5/3/2010 2:07:27 AM]
Lecture 7
Filesystem Administration
RH133-RHEL5u4-en-7-20090928/764d17a8title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page02.html[5/3/2010 2:07:27 AM]
Objectives
Upon completion of this unit, you should be able to:
Monitor filesystems
Access removable media
Access data from remote systems using NFS
Mount NFS filesystems on demand
RH133-RHEL5u4-en-7-20090928/764d17a8objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Partitions and Filesystems
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page03.html[5/3/2010 2:07:28 AM]
Partitions and Filesystems
Disk drives are divided into partitions
cat /proc/partitions
fdisk -l /dev/sda
Primary, Extended, Logical
Partitions are formatted with filesystems for users to
store data
Default filesystem: ext3, the Third Extended Linux Filesystem
Other common filesystems: ext2, vfat, iso9660, and gfs
Filesystems are mounted into the tree before access
mount
df [-h]
7-
1
RH133-RHEL5u4-en-7-20090928/d40210a3
Copyright © 2009 Red Hat, Inc.All rights reserved
Inodes and Directories
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page04.html[5/3/2010 2:07:28 AM]
Inodes and Directories
The inode table of a filesystem contains a list of all files
df -i
Each inode (index node) of a file contains metadata:
file type, permissions, UID, GID, size and time stamps
the link count (count of path names pointing to this file)
pointers to the file's data blocks on disk
A directory contains a list of filenames
The directory data block contains mapping of filename to inode
number
ls -i
7-
2
RH133-RHEL5u4-en-7-20090928/3ac1e82c
Copyright © 2009 Red Hat, Inc.All rights reserved
Managing Removable Media
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page05.html[5/3/2010 2:07:29 AM]
Managing Removable Media
Removable media mounted under /media automatically
Mounting performed by graphical environments
HAL (Hardware Abstraction Layer) monitors removable media
HAL automatically mounts when media detected
HAL calls gnome-mount and gnome-umount
Users can call these commands directly
When mounting manually, use /mnt
7-
3
RH133-RHEL5u4-en-7-20090928/74b2da34
Copyright © 2009 Red Hat, Inc.All rights reserved
Accessing Network File Shares using NFS
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page06.html[5/3/2010 2:07:29 AM]
Accessing Network File Shares using NFS
Servers export directories using NFS
# rpcinfo -p nfsserver
# showmount -e nfsserver
Clients mount NFS exported directories to local
directories
Remote directories appear to be local to local users
# mkdir /pub
Remote directories can be manually mounted
# mount nfsserver:/exported/dir /pub
Can be automatically mounted at boot time in /etc/fstab
nfsserver:/exported/dir /pub nfs soft 0 0
7-
4
RH133-RHEL5u4-en-7-20090928/cf0f81c4
Copyright © 2009 Red Hat, Inc.All rights reserved
Mounting NFS Shares On-Demand
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page07.html[5/3/2010 2:07:30 AM]
Mounting NFS Shares On-Demand
NFS shares can be automatically mounted on demand
using the automounter
No additional server-side configuration required
NFS shares mounted when accessed by any user and umounted
when no longer in use
Two tier configuration:
First tier: /etc/auto.master lists automounting directory and
file that lists mounts within the directory
Second tier specified in /etc/auto.master: lists mount point,
options, and directory to be mounted
All per-server exports accessed automatically via /net
7-
5
RH133-RHEL5u4-en-7-20090928/fb411586
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 7
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page08.html[5/3/2010 2:07:30 AM]
End of Lecture 7
Questions and Answers
Summary
Disks are divided into partitions, which contain filesystems
Filesystems are associated with mountpoints using mount
df -h displays a usage summary for each mounted filesystem
Removable media is mounted under /media
To mount an nfs share, run mount nfsserver:/share
/mntpoint
To list shares on an NFS server, run showmount -e nfsserver
NFS shares can be auto-mounted with /etc/fstab or /net
RH133-RHEL5u4-en-7-20090928/764d17a8summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 8
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page01.html[5/3/2010 2:07:31 AM]
Lecture 8
Additional Storage
RH133-RHEL5u4-en-7-20090928/5b177302title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page02.html[5/3/2010 2:07:32 AM]
Objectives
Upon completion of this unit, you should be able to:
Add new partitions/filesystems
Troubleshoot filesystems
Add virtual memory
RH133-RHEL5u4-en-7-20090928/5b177302objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Adding New Filesystems
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page03.html[5/3/2010 2:07:32 AM]
Adding New Filesystems
Identify device
Partition device
Make filesystem
Label filesystem (optional)
Add entry to /etc/fstab
Create mount point
Mount new filesystem
8-
1
RH133-RHEL5u4-en-7-20090928/3346f175
Copyright © 2009 Red Hat, Inc.All rights reserved
Partitioning a Physical Disk
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page04.html[5/3/2010 2:07:33 AM]
Partitioning a Physical Disk
Backup the partition table
# sfdisk -d /dev/sda > /tmp/partitions.sda
Partition the disk
# fdisk /dev/sda
Restore partition table after major mistake
# sfdisk /dev/sda < /tmp/partitions.sda
Update /proc/partitions
# partprobe /dev/sda
8-
2
RH133-RHEL5u4-en-7-20090928/3b2c7cf3
Copyright © 2009 Red Hat, Inc.All rights reserved
Making Filesystems
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page05.html[5/3/2010 2:07:33 AM]
Making Filesystems
Make the filesystem with a label
# mkfs -t ext3 -L guest_data /dev/sda5
Calls mkfs.ext3 (default mkfs.ext2)
mkfs.ext3 [options] device
Calls specific filesystem utilities like mke2fs
mke2fs [options] device
8-
3
RH133-RHEL5u4-en-7-20090928/951e21c9
Copyright © 2009 Red Hat, Inc.All rights reserved
Mounting Filesystems with mount
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page06.html[5/3/2010 2:07:34 AM]
Mounting Filesystems with mount
Make a mountpoint
# mkdir -p /srv/guest_data
Mount the filesystem
# mount -o rw LABEL=guest_data /srv/guest_data
Default -o options for ext3:
Executable: rw, suid, dev, exec, auto, nouser, and async
Filesystem embedded by anaconda: acl, user_xattr
Overridden by /etc/fstab or command line -o option
8-
4
RH133-RHEL5u4-en-7-20090928/76188a1b
Copyright © 2009 Red Hat, Inc.All rights reserved
Mount Points and /etc/fstab
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page07.html[5/3/2010 2:07:34 AM]
Mount Points and /etc/fstab
Maintains the hierarchy across system reboots
Used by mount, fsck, and other programs
May use filesystem volume labels in the device field
LABEL=/mnt/data /mnt/data ext3 defaults 1 2
mount -a will mount all auto filesystems in
/etc/fstab
Recommended for testing fstab syntax before reboot!
8-
5
RH133-RHEL5u4-en-7-20090928/71945f5d
Copyright © 2009 Red Hat, Inc.All rights reserved
Unmounting Filesystems
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page08.html[5/3/2010 2:07:35 AM]
Unmounting Filesystems
umount [options] device | mount_point
Cannot unmount a filesystem that is in use
Use fuser to check and/or kill processes
Use remount option to change a mounted filesystem's
options
mount -o remount,ro /data
8-
6
RH133-RHEL5u4-en-7-20090928/005aa956
Copyright © 2009 Red Hat, Inc.All rights reserved
Modifying a Filesystem Superblock
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page09.html[5/3/2010 2:07:36 AM]
Modifying a Filesystem Superblock
View filesystem features
# dumpe2fs /dev/sda5 | less
Change filesystem features
# tune2fs -i0 -c0 /dev/sda5
Display or change the filesystem label
# e2label /dev/sda5
# e2label /dev/sda5 new_label
# blkid -s LABEL
# findfs LABEL=new_label
8-
7
RH133-RHEL5u4-en-7-20090928/e6331d68
Copyright © 2009 Red Hat, Inc.All rights reserved
Adding Virtual Memory
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page10.html[5/3/2010 2:07:36 AM]
Adding Virtual Memory
Swap space is hard disk space that extends system
RAM
Create a swap file (or partition)
# dd if=/dev/zero of=/var/local/swapfile bs=1k count=1M
Write special signature
# mkswap /var/local/swapfile
Add entry to /etc/fstab
/var/local/swapfile swap swap defaults 0 0
Activate swap space
# swapon -a
8-
8
RH133-RHEL5u4-en-7-20090928/86c9214a
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 8
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page11.html[5/3/2010 2:07:37 AM]
End of Lecture 8
Questions and Answers
Summary
To create a new filesystem:
1. Run fdisk device and create a partition of type Linux.
2. Run mkfs -t fstype partition to create a filesystem
3. Add to /etc/fstab
4. Run mount -a
To create a new swap partition:
1. Run fdisk device and create a new partition of type Linux Swap
2. Run mkswap partition
3. Add to /etc/fstab
4. Run swapon -a
RH133-RHEL5u4-en-7-20090928/5b177302summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 9
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page01.html[5/3/2010 2:07:37 AM]
Lecture 9
User Administration
RH133-RHEL5u4-en-7-20090928/b862a9d9title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page02.html[5/3/2010 2:07:38 AM]
Objectives
Upon completion of this unit, you should be able to:
Manage user and group accounts
Set up filesystem quotas
RH133-RHEL5u4-en-7-20090928/b862a9d9objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Review: User and Group Databases
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page03.html[5/3/2010 2:07:38 AM]
Review: User and Group Databases
User: /etc/passwd and /etc/shadow
Maps name to UID, GID, home directory, and login shell
Maps name to password and expiration
Group: /etc/group and /etc/gshadow
Maps group to GID and user members
Maps group to password and group administrators
Management: system-config-users and/or command
line tools
9-
1
RH133-RHEL5u4-en-7-20090928/c8c69acd
Copyright © 2009 Red Hat, Inc.All rights reserved
Adding a New User Account
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page04.html[5/3/2010 2:07:39 AM]
Adding a New User Account
useradd [options] username
Defaults in: /etc/default/useradd and
/etc/login.defs
Equivalent to:
editing /etc/passwd, /etc/shadow, /etc/group, /etc/gshadow
creating and populating home directory from /etc/skel/
setting permissions and ownership
Set account password using passwd
Accounts may be added in a batch with newusers
9-
2
RH133-RHEL5u4-en-7-20090928/ccb9c36e
Copyright © 2009 Red Hat, Inc.All rights reserved
Modifying / Deleting User Accounts
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page05.html[5/3/2010 2:07:39 AM]
Modifying / Deleting User Accounts
To change fields in a user's /etc/passwd entry you
can:
Edit the file by hand with vipw
Use usermod [options] username
To remove a user either:
Manually remove the user from /etc/passwd, /etc/shadow,
/etc/group
, /etc/gshadow, /var/spool/mail, etc.
Use userdel [-r] username
9-
3
RH133-RHEL5u4-en-7-20090928/6c92294e
Copyright © 2009 Red Hat, Inc.All rights reserved
Password Aging Policies
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page06.html[5/3/2010 2:07:40 AM]
Password Aging Policies
By default, passwords do not expire
Forcing passwords to expire is part of a strong security
policy
Modify default expiration settings in /etc/login.defs
To modify existing users, either:
Edit /etc/shadow by hand
Use chage [options] username
9-
4
RH133-RHEL5u4-en-7-20090928/4bf07712
Copyright © 2009 Red Hat, Inc.All rights reserved
Administering Auxiliary Groups
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page07.html[5/3/2010 2:07:40 AM]
Administering Auxiliary Groups
Creation: groupadd [-g gid] auxgroup
Add users to group (either):
# usermod -aG auxgroup username
# gpasswd -a username auxgroup
# vigr
Rename/Delete: groupmod and groupdel
9-
5
RH133-RHEL5u4-en-7-20090928/385bb9e8
Copyright © 2009 Red Hat, Inc.All rights reserved
Configuring the Quota System
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page08.html[5/3/2010 2:07:41 AM]
Configuring the Quota System
Implemented within the kernel
Enabled on a per-filesystem basis
Individual policies for groups or users
Limit by the number of 1K-blocks or inodes
Implement both soft and hard limits
Initialization
Partition mount options: usrquota, grpquota
Initialize database: quotacheck -cugm /filesystem
Start or stop quotas: quotaon, quotaoff
9-
6
RH133-RHEL5u4-en-7-20090928/464ba9be
Copyright © 2009 Red Hat, Inc.All rights reserved
Managing Quotas
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page09.html[5/3/2010 2:07:42 AM]
Managing Quotas
Implementation
Edit quotas directly: edquota username
From a shell: setquota username 4096 5120 40 50 /foo
Define prototypical users: edquota -p user1 user2
Reporting
User inspection: quota
Quota overviews: repquota
Miscellaneous utilities: warnquota
9-
7
RH133-RHEL5u4-en-7-20090928/ce800e7d
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 9
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page10.html[5/3/2010 2:07:42 AM]
End of Lecture 9
Questions and Answers
Summary
system-config-users provides GUI user and group management
useradd, usermod and userdel provide CLI user management
userdel leaves home directory and mail unless -r is provided
groupadd, groupmod and groupdel provide CLI group
management
Quotas can limit by space (kilobytes) or inodes
To enable quotas on a filesystem
1. Edit /etc/fstab, add usrquota and/or groupquota options.
2. Run mount -o remount partition
3. Run quotacheck -cm partition
quotacheck -cgm partition for group quotas
4. Run quotaon -a
5. Define quotas with edquota and/or setquota
RH133-RHEL5u4-en-7-20090928/b862a9d9summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 10
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page01.html[5/3/2010 2:07:43 AM]
Lecture 10
Filesystems for Group Collaboration
RH133-RHEL5u4-en-7-20090928/88a9a6b5title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page02.html[5/3/2010 2:07:43 AM]
Objectives
Upon completion of this unit, you should be able to:
Manage file security
Create collaborative directories using SetGID
Extend filesystem security with ACLs
RH133-RHEL5u4-en-7-20090928/88a9a6b5objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Review: Viewing/Setting Ownership and Permissions
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page03.html[5/3/2010 2:07:44 AM]
Review: Viewing/Setting Ownership and
Permissions
View current settings:
$ ls -l filename
Every file is owned by a UID and a GID
Three permission categories: user (owner), group and others
Change user and/or group:
# chown user:group filename
$ chgrp group filename
Change permissions:
$ chmod ugo+x filename
$ chmod 775 filename
10-
1
RH133-RHEL5u4-en-7-20090928/ce1927b2
Copyright © 2009 Red Hat, Inc.All rights reserved
Review: Default File Ownership and Permissions
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page04.html[5/3/2010 2:07:44 AM]
Review: Default File Ownership and
Permissions
Ownership is based on the creator:
User is creator
Group is normally creator's primary group
Permissions start with:
Read and Write for files
Read, Write, and eXecute for directories
Permissions are withheld by creator's umask
Non-system users' default umask is 002 (no w for other)
Files will have permissions of 664 (-rw-rw-r--)
Directories will have permissions of 775 (drwxrwxr-x)
10-
2
RH133-RHEL5u4-en-7-20090928/827416a8
Copyright © 2009 Red Hat, Inc.All rights reserved
User Private Groups
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page05.html[5/3/2010 2:07:45 AM]
User Private Groups
A group of the same name as the user
Automatically created when user is created
User's primary group is this private group
User's new files are assigned to this group
Prevents new files from belonging to a “public” group
May encourage making files “world-accessible”
10-
3
RH133-RHEL5u4-en-7-20090928/da58ce2e
Copyright © 2009 Red Hat, Inc.All rights reserved
Special Directory Permissions
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page06.html[5/3/2010 2:07:45 AM]
Special Directory Permissions
SGID is used to create a collaborative directory
When a file is created in a directory with the SGID bit set, it
belongs to the same group as the directory, rather than the
creator's primary group
# chmod g+s directory
Sticky allows only the owner of a file to delete it
Normally users with write permissions to a directory can delete
any file in that directory regardless of that file's permissions or
ownership
# chmod o+t directory
10-
4
RH133-RHEL5u4-en-7-20090928/5f6747fc
Copyright © 2009 Red Hat, Inc.All rights reserved
Access Control Lists (ACLs)
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page07.html[5/3/2010 2:07:46 AM]
Access Control Lists (ACLs)
Grant or deny access to multiple users or groups
Non-root users cannot chown files
Avoids users sharing files with chmod 777
Uses same rwx permissions
Implemented as a mount option (acl)
Embedded in filesystem superblock at install time
Backup utilities/scripts may need to be updated to
support
10-
5
RH133-RHEL5u4-en-7-20090928/b424c0cc
Copyright © 2009 Red Hat, Inc.All rights reserved
Viewing and Managing ACLs
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page08.html[5/3/2010 2:07:47 AM]
Viewing and Managing ACLs
Viewing:
$ getfacl filename
Modifying (Adding or Changing):
$ setfacl -m u:gandalf:rw filename
Removing (Expunging):
$ setfacl -x u:gandalf filename
10-
6
RH133-RHEL5u4-en-7-20090928/5373192c
Copyright © 2009 Red Hat, Inc.All rights reserved
Review: Permission Precedence
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page09.html[5/3/2010 2:07:47 AM]
Review: Permission Precedence
Three access categories: User, Group, and Other
Compare process UID to
UID of file => user permissions apply
ACL UID of file => ACL's permissions apply
Otherwise, compare list of process GIDs to
GID of file => group permissions apply
ACL GID of file => ACL's permissions apply
Since there can be multiple matches at this level, it is additive
within this level
If neither match, other permissions apply
10-
7
RH133-RHEL5u4-en-7-20090928/18ce0827
Copyright © 2009 Red Hat, Inc.All rights reserved
Collaborate with Multiple Groups
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page10.html[5/3/2010 2:07:48 AM]
Collaborate with Multiple Groups
ACLs for groups use “g:” instead of “u:”
Automatic ACL setting
New files inherit default ACL (if set) from directory
$ setfacl -m d:g:groupname:rw directory
Defaults for groups can share files with multiple groups
10-
8
RH133-RHEL5u4-en-7-20090928/2432d270
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 10
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page11.html[5/3/2010 2:07:48 AM]
End of Lecture 10
Questions and Answers
Summary
chmod g+sw dir creates a fully-collaborative environment
Members of the group that owns dir can create, delete an modify all
files in it
chmod o+t dir creates a limited-collaboration environment
Users with write access can create and delete only their own files.
Collaborative directories with SGID
Filesystem access to a list of users/groups
RH133-RHEL5u4-en-7-20090928/88a9a6b5summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 11
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page01.html[5/3/2010 2:07:49 AM]
Lecture 11
Centralized User Administration
RH133-RHEL5u4-en-7-20090928/552a371ctitle
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page02.html[5/3/2010 2:07:49 AM]
Objectives
Upon completion of this unit, you should be able to:
Describe how Red Hat Enterprise Linux accesses user
information
Configure system to use centralized authentication
services
RH133-RHEL5u4-en-7-20090928/552a371cobjectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Components of Authentication
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page03.html[5/3/2010 2:07:50 AM]
Components of Authentication
Two types of information are required to log in
Account information: Who is this user?
UID number, default shell, home directory, groups, etc
Authentication Credentials: Is this really the user?
Password, key, retinal scan, etc
Account and authentication information may be stored
remotely
Allows for common logins across multiple systems
11-
1
RH133-RHEL5u4-en-7-20090928/68f23321
Copyright © 2009 Red Hat, Inc.All rights reserved
Enabling Centralized Authentication
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page04.html[5/3/2010 2:07:50 AM]
Enabling Centralized Authentication
system-config-authentication
Provided by the authconfig-gtk package
Presents GUI interface if possible
Use authconfig-tui to force text-based interface
Also supports making changes via command-line arguments
Supported account information services:
(local files), NIS, LDAP, Hesiod, Winbind/Active-Directory
Supported authentication mechanisms:
(NSS), Kerberos, LDAP, SmartCard, SMB, Winbind/Active-
Directory
Supplemental Media
Developer Nalin Dahyabhai on system-config-authentication
11-
2
RH133-RHEL5u4-en-7-20090928/187a7489
Copyright © 2009 Red Hat, Inc.All rights reserved
Network Information Service (NIS)
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page05.html[5/3/2010 2:07:51 AM]
Network Information Service (NIS)
Configuration files converted to “maps” on server
Related maps are grouped into “domains”
Clients join a domain and treat its maps like local files
Common maps include:
passwd
group
hosts
Requires installation of ypbind and portmap RPMs
Password hashes are transmitted unencrypted!
11-
3
RH133-RHEL5u4-en-7-20090928/3f042508
Copyright © 2009 Red Hat, Inc.All rights reserved
NIS Client Tools
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page06.html[5/3/2010 2:07:52 AM]
NIS Client Tools
ypwhich: Displays the name of the NIS server being
used
ypdomainname: Displays or sets the NIS domain to
join
ypcat mapname: Prints the contents of a map from the
server
rpcinfo -p hostname: Verify NIS server (ypserv)
availability
11-
4
RH133-RHEL5u4-en-7-20090928/7cf7c83d
Copyright © 2009 Red Hat, Inc.All rights reserved
Lightweight Directory Access Protocol (LDAP)
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page07.html[5/3/2010 2:07:52 AM]
Lightweight Directory Access Protocol (LDAP)
Network-accessible database tuned for high read traffic
May also be used for service configs, extended user
info, etc.
More modern implementation than NIS, supports
encryption
Server configuration can be more complex than with
NIS
Requires installation of nss_ldap and openldap RPMs
11-
5
RH133-RHEL5u4-en-7-20090928/47a9c83e
Copyright © 2009 Red Hat, Inc.All rights reserved
LDAP Client Tools
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page08.html[5/3/2010 2:07:53 AM]
LDAP Client Tools
Query an LDAP server: ldapsearch
-ZZ: Require an SSL-encrypted connection
-x: Use simple authentication (required without extra
configuration)
-H ldap://hostname[:port]: Connect to specific server
Test SSL connection to server
# openssl s_client -connect hostname:port
11-
6
RH133-RHEL5u4-en-7-20090928/af3d628d
Copyright © 2009 Red Hat, Inc.All rights reserved
Authentication Configuration In-depth
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page09.html[5/3/2010 2:07:53 AM]
Authentication Configuration In-depth
system-config-authentication really does three
things:
Configure Pluggable Authentication Modules (PAM)
Used by applications to authenticate users
Configure the Name Service Switch (NSS) if necessary
Retrieves account information from local files, NIS and LDAP
Configure service-specific configuration files if necessary
/etc/yp.conf
(NIS)
/etc/openldap/ldap.conf
(LDAP)
11-
7
RH133-RHEL5u4-en-7-20090928/1fed6861
Copyright © 2009 Red Hat, Inc.All rights reserved
Name Service Switch (NSS)
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page10.html[5/3/2010 2:07:54 AM]
Name Service Switch (NSS)
Groups information from multiple sources into
"entries":
passwd
: Account information
shadow
: Authentication information
groups
: Group information
Other entries exist, not related to authentication
Entries are defined in /etc/nsswitch.conf
Applications may query NSS directly or via PAM
getent entry displays the contents of an entry
11-
8
RH133-RHEL5u4-en-7-20090928/12316b4f
Copyright © 2009 Red Hat, Inc.All rights reserved
Pluggable Authentication Modules (PAM)
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page11.html[5/3/2010 2:07:55 AM]
Pluggable Authentication Modules (PAM)
Applications delegate authentication to the libpam
library
PAM prompts, validates, and tells app to accept or
reject
Allows all applications to use the same auth process
...though application-specific instructions may also be included
Default configuration uses NSS for most user/auth data
Documentation: /usr/share/doc/pam-<version>/
Supplemental Media
Developer Nalin Dahyabhai on why PAM was developed
11-
9
RH133-RHEL5u4-en-7-20090928/5ddea6b6
Copyright © 2009 Red Hat, Inc.All rights reserved
Configuring Centralized Home Directories
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page12.html[5/3/2010 2:07:55 AM]
Configuring Centralized Home Directories
Home directories for users may be shared via NFS
Gives users consistent files and settings across systems
autofs can be configured to mount home dirs upon
login
Configuration shortcuts make this easier
*
matches all possible directory names
&
represents the name of the requested directory
Do not enable on systems where untrusted users may
have root access!
11-
10
RH133-RHEL5u4-en-7-20090928/bc2f339f
Copyright © 2009 Red Hat, Inc.All rights reserved
Authentication Review
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page13.html[5/3/2010 2:07:56 AM]
Authentication Review
11-
11
RH133-RHEL5u4-en-7-20090928/f10e8921
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 11
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page14.html[5/3/2010 2:07:56 AM]
End of Lecture 11
Questions and Answers
Summary
Authentication is configured using system-config-
authentication
User and authentication information are accessed via PAM and
NSS
Information can be stored locally or on a central server
Supported centralized mechanisms include NIS, LDAP and
Kerberos
RH133-RHEL5u4-en-7-20090928/552a371csummary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 12
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page01.html[5/3/2010 2:07:57 AM]
Lecture 12
Software RAID
RH133-RHEL5u4-en-7-20090928/c4a86305title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page02.html[5/3/2010 2:07:57 AM]
Objectives
Upon completion of this unit, you should be able to:
Configure high-availability storage with RAID
Recover a degraded software RAID array
RH133-RHEL5u4-en-7-20090928/c4a86305objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Redundant Array of Inexpensive Disks
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page03.html[5/3/2010 2:07:58 AM]
Redundant Array of Inexpensive Disks
Multiple disks grouped together into “arrays”
Benefits include better performance and/or fault tolerance
RAID Level defines “how” grouped
Spare disks can add extra redundancy
Hardware RAID built into add-on card or motherboard
Requires driver (kernel module)
Array generally seen as a SCSI disk: /dev/sda
Software RAID is built into Linux kernel
RAID devices are named: /dev/md0, /dev/md1, and so on
mdadm provides the administrative interface
12-
1
RH133-RHEL5u4-en-7-20090928/febf917e
Copyright © 2009 Red Hat, Inc.All rights reserved
Adding a Software RAID Device
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page04.html[5/3/2010 2:07:58 AM]
Adding a Software RAID Device
1. Create partitions of type 0xfd (Linux RAID Autodetect)
2. Combine partitions into a RAID device
# mdadm -C /dev/md0 -a yes -l 5 -n 3 partitions...
3. Format the RAID device
# mkfs.ext3 /dev/md0
4. Add an entry to /etc/fstab:
/dev/md0 /mountpoint ext3 defaults 1 2
12-
2
RH133-RHEL5u4-en-7-20090928/cf177c50
Copyright © 2009 Red Hat, Inc.All rights reserved
Software RAID Monitoring
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page05.html[5/3/2010 2:07:59 AM]
Software RAID Monitoring
Log entries are sent to syslogd
Interactively check status with:
# mdadm --detail /dev/md0
# cat /proc/mdstat
mdmonitor provides notification services on the status
Must create/setup /etc/mdadm.conf
MAILADDR=user@mydomain.TLD
12-
3
RH133-RHEL5u4-en-7-20090928/b921501f
Copyright © 2009 Red Hat, Inc.All rights reserved
Software RAID Recovery
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page06.html[5/3/2010 2:07:59 AM]
Software RAID Recovery
To simulate disk failure
# mdadm /dev/md0 -f /dev/sda1
Recovering from a software RAID disk failure
1. Replace and reboot, or hot-remove if hardware supports it
# mdadm /dev/md0 -r /dev/sda1
2. Add replacement partition into array
# mdadm /dev/md0 -a /dev/sda1
To disassemble/stop a disk array
# mdadm -S /dev/md0
12-
4
RH133-RHEL5u4-en-7-20090928/c4a2635a
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 12
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page07.html[5/3/2010 2:08:00 AM]
End of Lecture 12
Questions and Answers
Summary
RAID coordinates multiple disks to work as one
Spare disks can be designated for auto-recovery in most RAID
levels
RAID devices are created and managed with mdadm
RH133-RHEL5u4-en-7-20090928/c4a86305summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 13
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page01.html[5/3/2010 2:08:00 AM]
Lecture 13
Logical Volume Management
RH133-RHEL5u4-en-7-20090928/43bbab7etitle
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page02.html[5/3/2010 2:08:01 AM]
Objectives
Upon completion of this unit, you should be able to:
Use storage more efficiently with logical volumes
Back up logical volumes with minimal risk and
downtime
RH133-RHEL5u4-en-7-20090928/43bbab7eobjectives
Copyright © 2009 Red Hat, Inc.All rights reserved
What is Logical Volume Manager (LVM)?
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page03.html[5/3/2010 2:08:02 AM]
What is Logical Volume Manager (LVM)?
A layer of abstraction that allows easy manipulation of
volumes
Supports resizing of filesystems
Allows filesystems to span multiple physical devices
Block devices are designated as Physical Volumes
One or more Physical Volumes are used to create a Volume
Group
Volume Groups are defined with Physical Extents of a fixed size
Logical Volumes are composed of Physical Extents from Volume
Group
Filesystems may be created on Logical Volumes
13-
1
RH133-RHEL5u4-en-7-20090928/d3fefa7b
Copyright © 2009 Red Hat, Inc.All rights reserved
LVM Tools
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page04.html[5/3/2010 2:08:02 AM]
LVM Tools
system-config-lvm provides GUI control
System->Administration->Logical Volume Management
Physical View manages PVs in selected volume group
Logical View manages LVs in selected volume group
lvm subcommand provides CLI control
lvm help lists sub-commands
lvm vgdisplay -v lists status of all VGs, LVs and PVs
Each sub-command has a symbolic link to lvm
Allows sub-commands to be called without lvm prefix
13-
2
RH133-RHEL5u4-en-7-20090928/3ba9f3d7
Copyright © 2009 Red Hat, Inc.All rights reserved
Creating Logical Volumes
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page05.html[5/3/2010 2:08:03 AM]
Creating Logical Volumes
1. Prepare underlying block devices
Can use partitions of type 0x8e or software RAID devices
2. Create physical volumes
# pvcreate /dev/hda3
3. Create volume group containing physical volume
# vgcreate vg0 /dev/hda3
4. Create logical volumes inside volume groups
# lvcreate -L 256M -n data vg0
5. Format and mount logical volume (/dev/vg0/data)
13-
3
RH133-RHEL5u4-en-7-20090928/e58489b4
Copyright © 2009 Red Hat, Inc.All rights reserved
Resizing Logical Volumes
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page06.html[5/3/2010 2:08:03 AM]
Resizing Logical Volumes
Growing logical volumes and filesystems
lvextend can grow logical volumes
resize2fs can grow ext3 filesystems online or offline
Shrinking filesystems and logical volumes
Must be done offline (umount)
Requires a filesystem check (e2fsck) first
Filesystem then reduced (resize2fs)
Lastly, lvreduce can then reduce the volume
13-
4
RH133-RHEL5u4-en-7-20090928/49b3eb2a
Copyright © 2009 Red Hat, Inc.All rights reserved
Resizing Volume Groups
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page07.html[5/3/2010 2:08:04 AM]
Resizing Volume Groups
Volume Groups can be enlarged with:
# vgextend vg0 /dev/sdb1
Volume Groups can be reduced with:
# pvmove /dev/hda3
# vgreduce vg0 /dev/hda3
13-
5
RH133-RHEL5u4-en-7-20090928/cd4f1508
Copyright © 2009 Red Hat, Inc.All rights reserved
Logical Volume Manager Snapshots
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page08.html[5/3/2010 2:08:04 AM]
Logical Volume Manager Snapshots
Snapshots are special Logical Volumes that are an exact copy of an
existing Logical Volume at the time the snapshot is created
Snapshots are perfect for backups and other operations where a
temporary copy of an existing dataset is needed
Snapshots only consume space where they are different from the
original Logical Volume
Snapshots are allocated space at creation but do not use it until changes are
made to the original Logical Volume or the Snapshot
When data is changed on the original Logical Volume the older data is copied
to the Snapshot
Snapshots contain only data that has changed on the original Logical Volume
or the Snapshot since the Snapshot was created.
13-
6
RH133-RHEL5u4-en-7-20090928/b0d3cfac
Copyright © 2009 Red Hat, Inc.All rights reserved
Using LVM Snapshots
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page09.html[5/3/2010 2:08:05 AM]
Using LVM Snapshots
1. Create snapshot of existing Logical Volume
# lvcreate -l 64 -s -n datasnap /dev/vg0/data
2. Mount snapshot
# mkdir -p /mnt/datasnap
# mount -o ro /dev/vg0/datasnap /mnt/datasnap
3. Perform backup
4. Remove snapshot
# umount /mnt/datasnap
# lvremove /dev/vg0/datasnap
13-
7
RH133-RHEL5u4-en-7-20090928/76376063
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 13
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page10.html[5/3/2010 2:08:06 AM]
End of Lecture 13
Questions and Answers
Summary
LVM organizes space into logical groups independent of device
boundaries
LVM components can be managed with lvm or system-config-
lvm
LVM Snapshots allow backing up of read-only filesystems with
minimal downtime
RH133-RHEL5u4-en-7-20090928/43bbab7esummary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 14
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page01.html[5/3/2010 2:08:06 AM]
Lecture 14
Virtualization and Automated
Installation
RH133-RHEL5u4-en-7-20090928/7005d523title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page02.html[5/3/2010 2:08:07 AM]
Objectives
Upon completion of this unit, you should be able to:
Define virtualization
Interactively install virtual machine
Create and utilize Kickstart files
Set up an anaconda server
RH133-RHEL5u4-en-7-20090928/7005d523objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Virtualization with Xen
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page03.html[5/3/2010 2:08:07 AM]
Virtualization with Xen
Xen is the basis for virtualization in RHEL 5
Paravirtualized guests running RHEL 5 and RHEL 4.5 and later
Full virtualization for unmodified operating systems
Xen Architecture
Hypervisor runs on hardware directly
Hypervisor boots privileged RHEL 5 domain (“Dom0”)
xend and other supporting services run in Dom0
User Domains (“DomU”) managed by Dom0
14-
1
RH133-RHEL5u4-en-7-20090928/d3606ba1
Copyright © 2009 Red Hat, Inc.All rights reserved
Preparing Domain-0
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page04.html[5/3/2010 2:08:08 AM]
Preparing Domain-0
Ensure that hardware supports virtualization
Perform a normal installation of the machine
Ensure that kernel-xen, xen, and virt-manager are
installed
Select Virtualization component at install-time
Verify subscribed to RHN "RHEL Virtualization" channel, install
with yum
Verify xend and libvirtd configured to start on boot
Configure kernel-xen as default kernel and reboot
14-
2
RH133-RHEL5u4-en-7-20090928/6e8cd1be
Copyright © 2009 Red Hat, Inc.All rights reserved
Installing a New Domain-U
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page05.html[5/3/2010 2:08:08 AM]
Installing a New Domain-U
GUI Wizard: virt-manager
Define the name of the domain
Select VCPUs, RAM, Network, and VBDs
Specify the location of the installer and optionally a kickstart file
CLI Tool: virt-install
DomUs can be configured to start when Dom0 boots:
# chkconfig xendomains on
# virsh autostart domain
14-
3
RH133-RHEL5u4-en-7-20090928/7b41fb0f
Copyright © 2009 Red Hat, Inc.All rights reserved
Install Automation with Kickstart
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page06.html[5/3/2010 2:08:09 AM]
Install Automation with Kickstart
Scripted installation method
Supports all anaconda features
Template /root/anaconda-ks.cfg is autogenerated during
installs
Configuration utility: system-config-kickstart
Syntax checker: ksvalidator
14-
4
RH133-RHEL5u4-en-7-20090928/8c700fc0
Copyright © 2009 Red Hat, Inc.All rights reserved
Starting a Kickstart Installation
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page07.html[5/3/2010 2:08:09 AM]
Starting a Kickstart Installation
Anaconda boot option ks enters Kickstart mode
DHCP based kickstart: ks
Network based kickstart: ks=url
From local medium: ks=hd:device:/path/to/file
Boot media can be modified for custom installations:
Optical media: boot.iso or Installation CD/DVD
USB media: diskboot.img
Network boot with PXE
Other bootloaders such as GRUB
14-
5
RH133-RHEL5u4-en-7-20090928/86a85abc
Copyright © 2009 Red Hat, Inc.All rights reserved
Anatomy of a Kickstart File
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page08.html[5/3/2010 2:08:10 AM]
Anatomy of a Kickstart File
Commands section
Configures the system
Omitted directives are prompted to the user
Packages section
%packages
selects packages and groups for installation
Dependencies are always resolved
Scripts section(s)
Optional section(s) to customize the system
%pre
scripts are run before installation
%post
scripts are run after installation
14-
6
RH133-RHEL5u4-en-7-20090928/878e019c
Copyright © 2009 Red Hat, Inc.All rights reserved
Kickstart: Commands Section
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page09.html[5/3/2010 2:08:11 AM]
Kickstart: Commands Section
Starting the Installation
Installation Mode
install
performs a fresh install.
upgrade
upgrades an existing installation.
Installation Method:
cdrom
url --url url
nfs --server host --path directory
harddrive --partition=device --dir=/path/to/install_tree
Media Sets
Two available: Client and Server
May contain packages from additional layered products
key
defines the “Installation Number” to access additional
content
14-
7
RH133-RHEL5u4-en-7-20090928/6c5dd313
Copyright © 2009 Red Hat, Inc.All rights reserved
Kickstart: Commands Section
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page10.html[5/3/2010 2:08:11 AM]
Kickstart: Commands Section
Important Directives
Required Directives
Must be specified, otherwise the installer configures them
interactively
Localization options: keyboard, lang, timezone
Authentication: rootpw, authconfig
Bootloader: bootloader
Optional Directives
Network: network [options]
Security: firewall, selinux, services
Installer behavior: firstboot, poweroff|reboot, interactive,
text
14-
8
RH133-RHEL5u4-en-7-20090928/9dcd9a8f
Copyright © 2009 Red Hat, Inc.All rights reserved
Kickstart: Packages Section
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page11.html[5/3/2010 2:08:12 AM]
Kickstart: Packages Section
Add package groups with @package_group
Add single packages with package_name (no version)
Remove packages from the list with -package_name
Use wildcards to specify multiple packages
Dependencies are always resolved
Additional languages with @lang-support
14-
9
RH133-RHEL5u4-en-7-20090928/68e06ece
Copyright © 2009 Red Hat, Inc.All rights reserved
Kickstart: Scripts Section
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page12.html[5/3/2010 2:08:13 AM]
Kickstart: Scripts Section
%pre
gives you the first word
Executes as a bash shell script
Executes after Kickstart file is parsed
%post
gives you the final word
Can specify interpreter (bash is default)
chrooted by default, but may be run without chroot
14-
10
RH133-RHEL5u4-en-7-20090928/b29c2d23
Copyright © 2009 Red Hat, Inc.All rights reserved
Creating a Network Installation Server
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page13.html[5/3/2010 2:08:13 AM]
Creating a Network Installation Server
Provides an easy distribution platform for the enterprise
Necessary for network-based installs
Often faster than CDROM-based installation methods
Share the media directories
NFS, FTP, and/or HTTP
Can be used as a local yum repository
14-
11
RH133-RHEL5u4-en-7-20090928/de147035
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 14
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page14.html[5/3/2010 2:08:14 AM]
End of Lecture 14
Questions and Answers
Summary
Virtualization allows for more efficient use of hardware
resources
virt-manager provides GUI management of virtual machines
virsh and virt-install provide CLI management of virtual
machines
Kickstart files allow for automation of Red Hat Enterprise Linux
installation
Installation leaves a template kickstart in /root/anaconda-
ks.cfg
system-config-kickstart can be used to create new kickstart
files
ksvalidator can be used to check kickstart file syntax
Network installation can be performed via HTTP, FTP, and NFS
RH133-RHEL5u4-en-7-20090928/7005d523summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Lecture 15
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page01.html[5/3/2010 2:08:14 AM]
Lecture 15
Troubleshooting with Rescue Mode
RH133-RHEL5u4-en-7-20090928/9e12a361title
Copyright © 2009 Red Hat, Inc.All rights reserved
Objectives
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page02.html[5/3/2010 2:08:15 AM]
Objectives
Upon completion of this unit, you should be able to:
Develop a strategy for troubleshooting
Use the rescue environment
Access virtualized disks from Domain-0
RH133-RHEL5u4-en-7-20090928/9e12a361objectives
Copyright © 2009 Red Hat, Inc.All rights reserved
Method of Fault Analysis
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page03.html[5/3/2010 2:08:16 AM]
Method of Fault Analysis
Characterize the problem
Reproduce the problem
Find further information
Eliminate possible causes
Try the easy things first
Configuration files
Backup before changing
Use tools when available
15-
1
RH133-RHEL5u4-en-7-20090928/569b2e74
Copyright © 2009 Red Hat, Inc.All rights reserved
Gathering Additional Data
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page04.html[5/3/2010 2:08:16 AM]
Gathering Additional Data
Useful commands
history
grep
diff
find /dir -cmin -60
strace command
tail -f logfile
Generate additional information
*.debug
in syslog
--debug option in application
15-
2
RH133-RHEL5u4-en-7-20090928/b82d3507
Copyright © 2009 Red Hat, Inc.All rights reserved
Things to Check: Boot Process
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page05.html[5/3/2010 2:08:17 AM]
Things to Check: Boot Process
Bootloader configuration
Kernel
Starting init
/sbin/init
/etc/rc.d/rc.sysinit
Entering runlevel [0-6]
/etc/rc.d/rc, /etc/rc.d/rc[0-6].d/
/etc/rc.d/rc.local
Virtual Consoles
X Display Manager
15-
3
RH133-RHEL5u4-en-7-20090928/b66db28d
Copyright © 2009 Red Hat, Inc.All rights reserved
Recovery Runlevels
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page06.html[5/3/2010 2:08:17 AM]
Recovery Runlevels
Pass runlevel to init
On boot from GRUB splash screen
kernel
line
module
line (Xen)
From shell prompt using: init or telinit
Runlevel 1
Process rc.sysinit and rc1.d scripts
Runlevel s, S, or single
Process only rc.sysinit
emergency
Run sulogin only
15-
4
RH133-RHEL5u4-en-7-20090928/d41a13ea
Copyright © 2009 Red Hat, Inc.All rights reserved
Filesystem Problems During Boot
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page07.html[5/3/2010 2:08:18 AM]
Filesystem Problems During Boot
rc.sysinit attempts to mount local filesystems
Upon failure, user is dropped to an sulogin shell
fsck may be used to fix corrupted filesystems
Before running fsck:
Check fstab for mistakes
Before editing:
# mount -o remount,rw /
Manually test mounting filesystems
15-
5
RH133-RHEL5u4-en-7-20090928/ccb93c5a
Copyright © 2009 Red Hat, Inc.All rights reserved
Rescue Environment
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page08.html[5/3/2010 2:08:18 AM]
Rescue Environment
Required when root filesystem is unavailable
Non-system specific
Boot from installer kernel/initrd
boot: linux rescue
15-
6
RH133-RHEL5u4-en-7-20090928/80d921ea
Copyright © 2009 Red Hat, Inc.All rights reserved
Rescue Environment Utilities
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page09.html[5/3/2010 2:08:19 AM]
Rescue Environment Utilities
Disk Maintenance Utilities
lvm
Networking Utilities
Miscellaneous Utilities
Logging:
/tmp/syslog
/tmp/anaconda.log
15-
7
RH133-RHEL5u4-en-7-20090928/89192dc9
Copyright © 2009 Red Hat, Inc.All rights reserved
Rescue Environment Details
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page10.html[5/3/2010 2:08:19 AM]
Rescue Environment Details
Filesystem reconstruction
Asks if filesystems should be mounted: /mnt/sysimage/*
$PATH
includes hard drive's directories
chroot /mnt/sysimage
NFS method mounted: /mnt/source
Define MANPATH to access man pages
Filesystem nodes
System-specific device files provided
mknod knows major/minor #'s
15-
8
RH133-RHEL5u4-en-7-20090928/234c0a01
Copyright © 2009 Red Hat, Inc.All rights reserved
End of Lecture 15
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page11.html[5/3/2010 2:08:20 AM]
End of Lecture 15
Questions and Answers
Summary
Remember the order of events in the boot sequence:
BIOS
Grub
Kernel
/sbin/init
(reading /etc/inittab)
/etc/rc.d/rc.sysinit
/etc/rc.d/rc runlevel
mingetty/prefdm
Enter linux rescue at boot: prompt for rescue mode
kpartx can be used to examine VM disks
RH133-RHEL5u4-en-7-20090928/9e12a361summary
Copyright © 2009 Red Hat, Inc.All rights reserved
Appendix A
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page01.html[5/3/2010 2:08:21 AM]
Appendix A
Working with Virtual Systems
RH133-RHEL5u4-en-7-20090928/4d3c8f4dtitle
Copyright © 2009 Red Hat, Inc.All rights reserved
Working with Virtual Systems
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page02.html[5/3/2010 2:08:21 AM]
Working with Virtual Systems
Connecting to virtual systems
Connecting to virtual systems
For many labs you will be asked to connect to a virtual server to complete the lab work.
These servers can be accessed in different ways. The preferred way to access these virtual
machines, a.k.a. domains, is via the ssh command. Depending on your classroom
environment there may be other ways to access these machines.
The following sections discuss tools for managing virtual machines in Red Hat Global
Learning Services physical and virtual training environments, respectively:
Working with virtual machines in a physical-classroom environment
Working with virtual machines in a physical-classroom
environment
If you are in a physical classroom environment, ssh is the recommended method for
connecting to virtual machines, but you have alternatives if that does not work. If you
experience problems connecting using ssh, you can try using the following virsh
commands. Extended usage info on these commands can be found in man virsh.
virsh is the command line management tool used for almost all aspects of controlling and
working with virtual systems. It can also be used to get access directly to a serial console
of a virtual system. This is useful for connecting to virtual systems for monitoring installs,
examining the boot process, or for attaching to hosts that may not yet be configured for
network access. virsh must be run from the Dom-0, or host machine, of the virtual hosts.
It can not be run on the virtual systems themselves.
Using virsh to control domains
Using virsh to control domains
virsh start
domain
Used to 'power on' a virtual host.
virsh shutdown
domain
Does a 'clean' shutdown of a virtual host.
virsh reboot
domain
Reboots a virtual system.
virsh destroy
domain
Is akin to pulling the power plug.
virsh suspend
domain
'Pauses' the virtual system. The host is still in memory but is no longer running.
virsh resume
domain
Changes a virtual system out of the suspended state back into a running state.
virsh save
domain state-file
Saves the running state of a domain to a file to be restored later. This is roughly the
equivalent of 'hibernating' a virtual system.
virsh restore
state-file
Working with Virtual Systems
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page02.html[5/3/2010 2:08:21 AM]
Restore a previously saved domain running state from a virsh save file.
Using virsh to monitor domains
Using virsh to monitor domains
virsh console
domain
Opens a local serial console to a running domain. This gives command-line access to
your virtual system.
Ctrl + ]
Disconnects from the console of a domain.
virsh list [
domain
]
List currently running domains.
xentop
Displays a list of currently running domains and gives information in a constantly
updating format. It is like top for Xen hosts.
Booting virtual systems into recovery runlevels
Booting virtual systems into recovery runlevels
Virtual systems can be booted into recovery runlevels like emergency and single-user
mode, but the process is different than with a physical system.
1. Shut down the virtual system by clicking Shutdown in virt-manager or running
virsh destroy
domain
from the command line.
2. Boot the virtual system to a boot-loader prompt by running xm create -c
domain
(don't forget the -c option!). This will open a console connection to
domain
in your
terminal, allowing you to access the boot-loader.
3. As soon as you see the boot-loader menu, press
a
to halt the countdown and begin
appending arguments to the kernel command line.
4. Add
emergency
for emergency mode or
1
for single user mode to the kernel
arguments and press
Enter
.
5. Disconnect from the console by pressing Ctrl-]
6. Open a graphical connection to the virtual system by double-clicking on it in virt-
manager, which you can start from the command line or by navigating to
Applications->System Tools->Virtual Machine Manager
A-
1
RH133-RHEL5u4-en-7-20090928/00c3746e
Copyright © 2009 Red Hat, Inc.All rights reserved
Working with Virtual Systems
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page03.html[5/3/2010 2:08:22 AM]
Working with Virtual Systems
Working with virtual machines in a virtual-training environment
Working with virtual machines in a virtual-training environment
In a virtual classroom, your workstations are virtual machines. Because running virtual machines within
another virtual machine is not currently supported, you will not have access to other virtual systems directly
using the virsh command. You should instead use ssh to access your virtual systems, or use the web
interface.
You will have a link in the Virtual Training Tools bar for each of the virtual machines assigned for your class.
To manage any of your virtual machines, click the station
X
or server
X
link. You will get a new browser
window that will contain your virtual machine. Near the top of the window you will have buttons to manage
your virtual machine.
Figure A.1. ServerX+100 screenshot
The POWER ON button
Working with Virtual Systems
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page03.html[5/3/2010 2:08:22 AM]
The POWER ON button
Use the POWER ON button to boot the machine. This is like pressing the power button on a physical
machine.
The POWER OFF button
The POWER OFF button
Use the POWER OFF button to immediately shut down the machine. This is similar to unplugging the
machine. Optionally you can run the poweroff or shutdown -h now commands from a terminal to
gracefully shut it down.
The KICKSTART button
The KICKSTART button
Use the KICKSTART button to use the instructors kickstart file to rebuild your machine. You will not be able
to interact with the installation--it will be totally automated. Once the machine is done kickstarting, it will
remain in the powered off state. Press the POWER ON button to power it on. This button is only available in
the station
X
machine.
The RESET button
The RESET button
Use the RESET button to reset your virtual machine using an LVM snapshot. You will have a fresh
installation, and once that is created, it will boot the virtual machine. This button is only available in the
server
X
machine.
The INSTALL button
The INSTALL button
Use the INSTALL button to run an interactive installation. It will ask all the question about partitioning,
packages, etc. Once the machine is done installing, it will remain in the powered off state. Press the POWER
ON button to power it on.
The RESCUE button
The RESCUE button
Use the RESCUE button to send your machine into rescue mode. You will be able to interact with your
installation in a rescue environment.
The CUSTOM (kernel boot args) box
The CUSTOM (kernel boot args) box
Use the CUSTOM (kernel boot args) box to append arguments to the kernel as you boot. When you press
the POWER ON button, it will pop up a dialog box to verify that you want to power on the machine. This will
include a box for kernel boot arguments. These may include arguments such as single, emergency, 3, etc.
If there is anything in the CUSTOM box when you click the POWER ON button, it will be appended to the
kernel line as an argument.
Figure A.2. Custom boot arguments
Working with Virtual Systems
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page03.html[5/3/2010 2:08:22 AM]
Note that if you add any kernel arguments at boot time, and you soft reboot the machine (e.g., typing
reboot at the command line) the same kernel arguments will be used when the virtual machine boots.
The Ctrl-Alt-Del button
The Ctrl-Alt-Del button
Use the Ctrl-Alt-Del button to send a Ctrl-Alt-Del to the virtual machine. Note that GNOME by default
ignores this keystroke, so you may only be able to use it in text mode.
The Ctrl-Alt-... drop-down menu
The Ctrl-Alt-... drop-down menu
Use the Ctrl-Alt-... drop-down menu to change virtual terminals. For instance, to change to tty1, click the
Ctrl-Alt-... menu, then press F1. To return to the GUI (tty7), click Ctrl-Alt-... menu, then press F7.
A-
2
RH133-RHEL5u4-en-7-20090928/3fe0a14d
Copyright © 2009 Red Hat, Inc.All rights reserved