rh133 red hat linux system administration

background image

RH133 - Red Hat Linux System Administration

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]

RH133 - Red Hat Linux System Administration

Introduction - RH133: Red Hat Linux System Administration

Copyright
Welcome
Red Hat Enterprise Linux
Red Hat Enterprise Linux Variants
Red Hat Subscription Model
Contacting Technical Support
Red Hat Network
Red Hat Services and Products
Fedora and EPEL
Audience and Prerequisites
Objectives
Pre/Post-Assessments
Lab Exercises
Classroom Network
Notes on Internationalization

Lecture 1 - Administrative Access

Objectives
Console Access
XOrg: Configuring the X11 Server
Review: Remote Access with SSH
Review: Implementing ssh RSA Keys
Remote X Clients
Multiplexing or Sharing Terminal Sessions with screen
Review: Privilege Escalation
Configuring sudo
Domain Management with virt-manager
Domain Management with virsh
End of Lecture 1

Lecture 2 - Package Management

Objectives
Software as Packages
About yum
Enabling Private yum Repositories
Querying with yum
Managing Packages with yum
About the Red Hat Network
Red Hat Network Client

background image

RH133 - Red Hat Linux System Administration

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]

Creating a Private yum Repository
Advanced Installation and Removal with rpm
Updating to a New Kernel RPM
Advanced Queries with rpm
Verifying with rpm
End of Lecture 2

Lecture 3 - System Services and Security

Objectives
Monitoring System Logs
syslogd and klogd Configuration
Review: Automating Tasks with cron
System crontab Files
Default Daily Cron Jobs
The anacron System
Managing Printers with CUPS
Accurate Time with Network Time Protocol
SELinux
SELinux Policy: Troubleshooting
End of Lecture 3

Lecture 4 - System Initialization

Objectives
Checking Your System State
Runlevels
Controlling Services
Boot Sequence: Detailed Overview
GRand Unified Bootloader (GRUB)
GRUB Components and Configuration
Kernel Initialization
init Initialization
System Initialization
Standalone Service Initialization
Non-Service Startup
Transient Services
End of Lecture 4

Lecture 5 - Kernel Monitoring and Configuration

Objectives
The Linux Kernel
Kernel Components
Kernels and Support Limits
Monitoring Processes and Resources

background image

RH133 - Red Hat Linux System Administration

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]

Kernel Monitoring and Configuration with

/proc

and

/sys

Kernel Configuration with sysctl
Exploring Hardware Devices
Review of

/dev

Managing Devices With udev
Kernel Modules
Utilizing and Configuring Kernel Modules
The Initial RAM Disk (initrd)
End of Lecture 5

Lecture 6 - Network Configuration

Objectives
Network Interfaces and /sbin/ip
Network Configuration Utilities
Interface Configuration Files
Device Aliases
Configuring the Routing Table
Verifying IP Connectivity
Hostnames
DNS Configuration
Filtering Network Traffic
Network Monitoring Utilities
Ethernet Channel Bonding
End of Lecture 6

Lecture 7 - Filesystem Administration

Objectives
Partitions and Filesystems
Inodes and Directories
Managing Removable Media
Accessing Network File Shares using NFS
Mounting NFS Shares On-Demand
End of Lecture 7

Lecture 8 - Additional Storage

Objectives
Adding New Filesystems
Partitioning a Physical Disk
Making Filesystems
Mounting Filesystems with mount
Mount Points and

/etc/fstab

Unmounting Filesystems
Modifying a Filesystem Superblock

background image

RH133 - Red Hat Linux System Administration

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]

Adding Virtual Memory
End of Lecture 8

Lecture 9 - User Administration

Objectives
Review: User and Group Databases
Adding a New User Account
Modifying / Deleting User Accounts
Password Aging Policies
Administering Auxiliary Groups
Configuring the Quota System
Managing Quotas
End of Lecture 9

Lecture 10 - Filesystems for Group Collaboration

Objectives
Review: Viewing/Setting Ownership and Permissions
Review: Default File Ownership and Permissions
User Private Groups
Special Directory Permissions
Access Control Lists (ACLs)
Viewing and Managing ACLs
Review: Permission Precedence
Collaborate with Multiple Groups
End of Lecture 10

Lecture 11 - Centralized User Administration

Objectives
Components of Authentication
Enabling Centralized Authentication
Network Information Service (NIS)
NIS Client Tools
Lightweight Directory Access Protocol (LDAP)
LDAP Client Tools
Authentication Configuration In-depth
Name Service Switch (NSS)
Pluggable Authentication Modules (PAM)
Configuring Centralized Home Directories
Authentication Review
End of Lecture 11

Lecture 12 - Software RAID

Objectives

background image

RH133 - Red Hat Linux System Administration

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]

Redundant Array of Inexpensive Disks
Adding a Software RAID Device
Software RAID Monitoring
Software RAID Recovery
End of Lecture 12

Lecture 13 - Logical Volume Management

Objectives
What is Logical Volume Manager (LVM)?
LVM Tools
Creating Logical Volumes
Resizing Logical Volumes
Resizing Volume Groups
Logical Volume Manager Snapshots
Using LVM Snapshots
End of Lecture 13

Lecture 14 - Virtualization and Automated Installation

Objectives
Virtualization with Xen
Preparing Domain-0
Installing a New Domain-U
Install Automation with Kickstart
Starting a Kickstart Installation
Anatomy of a Kickstart File
Kickstart: Commands Section
Kickstart: Commands Section
Kickstart: Packages Section
Kickstart: Scripts Section
Creating a Network Installation Server
End of Lecture 14

Lecture 15 - Troubleshooting with Rescue Mode

Objectives
Method of Fault Analysis
Gathering Additional Data
Things to Check: Boot Process
Recovery Runlevels
Filesystem Problems During Boot
Rescue Environment
Rescue Environment Utilities
Rescue Environment Details
End of Lecture 15

background image

RH133 - Red Hat Linux System Administration

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]

Appendix A - Working with Virtual Systems

Working with Virtual Systems
Working with Virtual Systems

background image

Introduction

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page01.html[5/3/2010 2:06:31 AM]

Introduction

RH133: Red Hat Linux System

Administration

RH133-RHEL5u4-en-7-20090928/d096429atitle

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Copyright

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page02.html[5/3/2010 2:06:32 AM]

Copyright

The contents of this course and all its modules and related materials,

including handouts to audience members, are Copyright © 2009 Red

Hat, Inc.
No part of this publication may be stored in a retrieval system,

transmitted or reproduced in any way, including, but not limited to,

photocopy, photograph, magnetic, electronic or other record, without

the prior written permission of Red Hat, Inc.
This instructional program, including all material provided herein, is

supplied without any guarantees from Red Hat, Inc. Red Hat, Inc.

assumes no liability for damages or legal action arising from the use or

misuse of contents or details contained herein.
If you believe Red Hat training materials are being used, copied, or

otherwise improperly distributed please email training@redhat.com or

phone toll-free (USA) +1 866 626 2994 or +1 919 754 3700.

1

RH133-RHEL5u4-en-7-20090928/216f53f8

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Welcome

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page03.html[5/3/2010 2:06:32 AM]

Welcome

Please let us know if you need any special assistance while

visiting our training facility.

Please introduce yourself to the rest of the class!

2

RH133-RHEL5u4-en-7-20090928/a8aa45c4

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Red Hat Enterprise Linux

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page04.html[5/3/2010 2:06:33 AM]

Red Hat Enterprise Linux

Enterprise-targeted Linux operating system
Focused on mature open source technology
Extended release cycle between major versions

With periodic minor releases during the cycle
Certified with leading OEM and ISV products

All variants based on the same code

Certify once, run any application/anywhere/anytime

Services provided on subscription basis

3

RH133-RHEL5u4-en-7-20090928/9b4b75ae

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Red Hat Enterprise Linux Variants

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page05.html[5/3/2010 2:06:33 AM]

Red Hat Enterprise Linux Variants

Red Hat Enterprise Linux Advanced Platform

Unlimited server size and virtualization support
HA clusters and cluster file system

Red Hat Enterprise Linux

Basic server solution for smaller non-mission-critical servers
Virtualization support included

Red Hat Enterprise Linux Desktop

Productivity desktop environment
Workstation option adds tools for software and network service

development
Multi-OS option for virtualization

4

RH133-RHEL5u4-en-7-20090928/47a77a3d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Red Hat Subscription Model

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page06.html[5/3/2010 2:06:34 AM]

Red Hat Subscription Model

Red Hat sells subscriptions that entitle systems to

receive a set of services that support open source

software

Red Hat Enterprise Linux and other Red Hat/JBoss solutions and

applications

Customers are charged an annual subscription fee per

system

Subscriptions can be migrated as hardware is replaced
Can freely move between major revisions, up and down
Multi-year subscriptions are available

A typical service subscription includes:

Software updates and upgrades through Red Hat Network
Technical support (web and phone)
Certifications, stable APIs/versions, and more

5

RH133-RHEL5u4-en-7-20090928/f98c808c

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Contacting Technical Support

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page07.html[5/3/2010 2:06:34 AM]

Contacting Technical Support

Collect information needed by technical support:

Define the problem
Gather background information
Gather relevant diagnostic information, if possible
Determine the severity level

Contacting technical support by WWW:

http://www.redhat.com/support/

Contacting technical support by phone:

See

http://www.redhat.com/support/policy/sla/contact/

US/Canada: 888-GO-REDHAT (888-467-3342)

6

RH133-RHEL5u4-en-7-20090928/c12d09d3

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Red Hat Network

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page08.html[5/3/2010 2:06:35 AM]

Red Hat Network

A systems management platform providing lifecycle

management of the operating system and applications

Installing and provisioning new systems
Updating systems
Managing configuration files
Monitoring performance
Redeploying systems for a new purpose

"Hosted" and "Satellite" deployment architectures

7

RH133-RHEL5u4-en-7-20090928/93398b3e

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Red Hat Services and Products

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page09.html[5/3/2010 2:06:35 AM]

Red Hat Services and Products

Red Hat supports software products and services

beyond Red Hat Enterprise Linux

JBoss Enterprise Middleware
Systems and Identity Management
Infrastructure products and distributed computing
Training, consulting, and extended support

http://www.redhat.com/products/

8

RH133-RHEL5u4-en-7-20090928/649b8772

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Fedora and EPEL

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page10.html[5/3/2010 2:06:36 AM]

Fedora and EPEL

Open source projects sponsored by Red Hat
Fedora distribution is focused on latest open source

technology

Rapid six month release cycle
Available as free download from the Internet

EPEL provides add-on software for Red Hat Enterprise

Linux
Open, community-supported proving grounds for

technologies which may be used in upcoming enterprise

products
Red Hat does not provide formal support

9

RH133-RHEL5u4-en-7-20090928/8744dbe2

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Audience and Prerequisites

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page11.html[5/3/2010 2:06:37 AM]

Audience and Prerequisites

Audience: Linux or UNIX users, who understand the

basics of Red Hat Enterprise Linux, that desire further

technical training to continue the process of becoming a

system administrator.
Prerequisites: RH033 Red Hat Linux Essentials or

equivalent experience with Red Hat Enterprise Linux.

10

RH133-RHEL5u4-en-7-20090928/7bfc7df0

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page12.html[5/3/2010 2:06:37 AM]

Objectives

Control administrative access to Red Hat Enterprise Linux
Manage software packages with yum and rpm
Set up core system services and security
Understand system and service initialization
Monitor the kernel and configure kernel parameters
Set up IPv4 networking
Maintain existing filesystems and integrate new

filesystems
Perform local user and group administration
Enhance user management with SetGID, ACLs, and

quotas
Enable centralized authentication with NIS and LDAP
Implement partitioning with Software RAID and LVM
Install virtual systems with Kickstart
Troubleshoot boot process with rescue mode

11

RH133-RHEL5u4-en-7-20090928/2698ef4d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Pre/Post-Assessments

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page13.html[5/3/2010 2:06:38 AM]

Pre/Post-Assessments

Some units begin with a pre-assessment

3-5 simple questions about the unit's subject
Just leave blank if you don't know the answer

Questions are asked again at the end of the unit

12

RH133-RHEL5u4-en-7-20090928/25ef6d50

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lab Exercises

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page14.html[5/3/2010 2:06:38 AM]

Lab Exercises

Labs

Fundamental exercise providing basic goals, reinforcing the

lecture

Lab Solutions

Offers step-by-step detailed methodology
Found for all exercises that do not have specific steps

themselves

Challenge Labs

Advanced exercise, reinforcing more advanced topics from the

lecture
Not all students may have the time to complete

Optional Labs

Optional exercise that may depend on classroom specific

environment

13

RH133-RHEL5u4-en-7-20090928/1549fbcf

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Classroom Network

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page15.html[5/3/2010 2:06:39 AM]

Classroom Network

example.com network (192.168.0.0/24)

instructor.example.com (192.168.0.254)

Main classroom server: Provides DHCP, DNS, routing and other services

stationX.example.com (192.168.0.X)

Student systems

serverX.example.com (192.168.0.X+100)

Virtual server hosted on student stations (Not used in all classes)

remote.test network (192.168.1.0/24)

crackerX.remote.test (192.168.1.X)

Virtual client hosted on student systems (Not used in all classes)

14

RH133-RHEL5u4-en-7-20090928/dba1a63a

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Notes on Internationalization

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page16.html[5/3/2010 2:06:39 AM]

Notes on Internationalization

Red Hat Enterprise Linux supports nineteen languages
Default system-wide language can be selected

During installation
With system-config-language (System->Administration-

>Language)

Users can set personal language preferences

From graphical login screen (stored in ~/.dmrc)
For interactive shell (with LANG environment variable in
~/.bashrc

)

Alternate languages can be used on a per-command basis:

[user@host ~]$ LANG=ja_JP.UTF-8 date

15

RH133-RHEL5u4-en-7-20090928/8a224f80

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 1

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page01.html[5/3/2010 2:06:40 AM]

Lecture 1

Administrative Access

RH133-RHEL5u4-en-7-20090928/0ce6e3f0title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page02.html[5/3/2010 2:06:40 AM]

Objectives

Upon completion of this unit, you should be able to:

Access and administer text and graphical consoles
Remotely access the system for administration
Gain administrative privilege
Access virtualized systems

RH133-RHEL5u4-en-7-20090928/0ce6e3f0objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Console Access

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page03.html[5/3/2010 2:06:41 AM]

Console Access

Direct administrative access is obtained through

consoles:

Physical Console
Virtual Console

mingetty
prefdm

Serial Console

agetty

System Console

Graphical and remote access is often obtained through:

Pseudoterminal

1-

1

RH133-RHEL5u4-en-7-20090928/dd7963e0

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

XOrg: Configuring the X11 Server

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page04.html[5/3/2010 2:06:41 AM]

XOrg: Configuring the X11 Server

Client / server architecture
Server configuration:

Auto-configured as part of installation or even at runtime
Stored in /etc/X11/xorg.conf
Manually: system-config-display [--reconfig]

Client configuration:

Default in /etc/sysconfig/desktop
Runlevel 3: startx
Runlevel 5: prefdm

1-

2

RH133-RHEL5u4-en-7-20090928/9e0e8949

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Review: Remote Access with SSH

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page05.html[5/3/2010 2:06:42 AM]

Review: Remote Access with SSH

Encrypted remote shell

ssh [user@]host

Copy files securely

scp [-rp] source destination
Remote file: [user@]host:/dir/file

Execute commands remotely

ssh [user@]host 'ifconfig eth0'

Configuration in /etc/ssh/ and ~/.ssh/

Can tunnel X11 and other TCP based network traffic
Supports key based authentication

1-

3

RH133-RHEL5u4-en-7-20090928/9be59077

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Review: Implementing ssh RSA Keys

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page06.html[5/3/2010 2:06:42 AM]

Review: Implementing ssh RSA Keys

Generate public/private key pair:

$ ssh-keygen -t rsa

Copy public key to remote server:

$ ssh-copy-id -i .ssh/id_rsa.pub user@host

Test:

$ ssh user@host

1-

4

RH133-RHEL5u4-en-7-20090928/280427f5

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Remote X Clients

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page07.html[5/3/2010 2:06:43 AM]

Remote X Clients

X protocol communication is unencrypted
Host-based sessions through xhost expose to all users
User-based sessions implemented through xauth
ssh -X host 'Xclientapp'

May automatically install xauth keys on remote machine
Can tunnel X protocol in secure encrypted ssh connection
Sets DISPLAY environment variable

1-

5

RH133-RHEL5u4-en-7-20090928/171d6d0d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Multiplexing or Sharing Terminal Sessions with screen

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page08.html[5/3/2010 2:06:43 AM]

Multiplexing or Sharing Terminal Sessions

with screen

Start multiple windows from a single parent shell

Windows are independent of each other
Continues to run even if user switches to another window
Detach from parent without stopping programs
Reconnect from same or different physical machine
Share windows with other people

Highly configurable

1-

6

RH133-RHEL5u4-en-7-20090928/4dbe0a23

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Review: Privilege Escalation

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page09.html[5/3/2010 2:06:44 AM]

Review: Privilege Escalation

Know a secret: su

$ su -

But the root password must be “shared”

Be on a list: sudo

$ sudo command

Must be configured before use: visudo

Tied to executable: SUID and SGID

$ passwd

Can be used to provide a “back door”

1-

7

RH133-RHEL5u4-en-7-20090928/306c3b47

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Configuring sudo

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page10.html[5/3/2010 2:06:44 AM]

Configuring sudo

Configure (as root):

# visudo

user MACHINE = (RunAs) COMMANDS

Cmnd_Alias KILL = /usr/bin/kill
student ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL
barney localhost=(ALL) KILL

Test (as the listed user):

$ sudo priv_cmd

1-

8

RH133-RHEL5u4-en-7-20090928/856898c1

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Domain Management with virt-manager

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page11.html[5/3/2010 2:06:45 AM]

Domain Management with virt-manager

Applications->System Tools->Virtual Machine Manager
GUI for virtual machine management

Run/Shutdown VMs
Pause/Unpause VMs
Save/Restore VMs
Access VM physical/serial console

Also includes easy virtual machine installation wizard
Based on libvirt

A toolkit used to interact with the virtualization capabilities on

Linux
Integrates with multiple virtualization environments (Xen, KVM,

etc.)

1-

9

RH133-RHEL5u4-en-7-20090928/05753c44

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Domain Management with virsh

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page12.html[5/3/2010 2:06:46 AM]

Domain Management with virsh

Command line management tool
Controlling domains

virsh start domain
virsh shutdown|reboot|destroy domain
virsh suspend|resume domain
virsh save domain state-file
virsh restore state-file
virsh autostart domain

Monitoring

virsh console domain
virsh list [--all|domain]

1-

10

RH133-RHEL5u4-en-7-20090928/ecfaeb1f

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 1

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page13.html[5/3/2010 2:06:46 AM]

End of Lecture 1

Questions and Answers
Summary

The X Server can be configured with system-config-display
For CLI remote-access, use ssh user@host

Include -X to enable remote-execution of GUI applications

Root privileges can be selectively delegated via sudo
virt-manager
and virsh provide GUI and CLI control of virtual

machines

RH133-RHEL5u4-en-7-20090928/0ce6e3f0summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 2

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page01.html[5/3/2010 2:06:47 AM]

Lecture 2

Package Management

RH133-RHEL5u4-en-7-20090928/60c26cfdtitle

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page02.html[5/3/2010 2:06:47 AM]

Objectives

Upon completion of this unit, you should be able to:

Add, remove, and manage software using yum
Configure yum to connect to a private repository
Connect to and use the Red Hat Network
Create a private yum repository
Perform advanced tasks with rpm

RH133-RHEL5u4-en-7-20090928/60c26cfdobjectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Software as Packages

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page03.html[5/3/2010 2:06:48 AM]

Software as Packages

package-version-release.arch.rpm

version

- upstream developer version

release

- packager changes (fixes/backports documented in

“changelog”)
arch

- processor architecture of binaries

Contains:

Files Archive: Binaries, Documentation, “Default” Config
Summary, Description, Changelog
Instructions: Dependencies, Pre/Post Install/Uninstall
Signature

Upgrading replaces with newer version or release

.rpmsave

versus .rpmnew

2-

1

RH133-RHEL5u4-en-7-20090928/703b4685

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

About yum

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page04.html[5/3/2010 2:06:48 AM]

About yum

Command-line front-end to rpm

Introduced with Fedora and Red Hat Enterprise Linux 5
Replacement for up2date

Designed to resolve package dependencies
Can locate packages across multiple repositories

Red Hat Network Hosted or Satellite Servers
Private http/ftp yum repository servers

Graphical front-ends to yum

system-config-packages (pirut)
pup

2-

2

RH133-RHEL5u4-en-7-20090928/eeac61a8

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Enabling Private yum Repositories

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page05.html[5/3/2010 2:06:49 AM]

Enabling Private yum Repositories

Create a file in /etc/yum.repos.d/ for your repository

Name must end in .repo
Contains one or more stanzas:

[repo-name]
name=A nice description
baseurl=http://yourserver.com/path/to/repo
enabled=1
gpgcheck=1

Default settings in /etc/yum.conf

Repository information is cached

Downloaded from above baseurl subdirectory named repodata
To clear the cache: yum clean dbcache|all

2-

3

RH133-RHEL5u4-en-7-20090928/15b36764

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Querying with yum

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page06.html[5/3/2010 2:06:49 AM]

Querying with yum

Listing packages and information

yum list [all] [package_glob]
yum list (installed|available|updates...
[package_glob])
yum grouplist
yum info
package
yum groupinfo packagegroup

Searching packages and files

yum search searchterm
yum provides filename

2-

4

RH133-RHEL5u4-en-7-20090928/52d59cec

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Managing Packages with yum

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page07.html[5/3/2010 2:06:50 AM]

Managing Packages with yum

Installing new packages:

yum install package...
yum localinstall rpmfile...
yum groupinstall packagegroup...

Removing:

yum remove package...

Upgrade to later version/release:

yum update [package...]

2-

5

RH133-RHEL5u4-en-7-20090928/2d62dcb9

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

About the Red Hat Network

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page08.html[5/3/2010 2:06:51 AM]

About the Red Hat Network

Centralized platform for systems management

Hosted, Satellite, Proxy

Web based management interface
Uses HTTPS for all transactions
Entitlements grant access to software channels and

modules

Custom channels can be locally administered
Additional modules support Management, Provisioning, and

Monitoring

2-

6

RH133-RHEL5u4-en-7-20090928/c54c73a8

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Red Hat Network Client

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page09.html[5/3/2010 2:06:51 AM]

Red Hat Network Client

Registration via rhn_register

Select the updates location (RHN or local satellite/proxy)
Enter Account information
Can be automated with rhnreg_ks

Interactive usage

yum uses plug-in for RHN communication
Already configured in /etc/yum/pluginconf.d/rhnplugin.conf

Remote management

Actions queued on RHN server
rhnsd polls RHN every four hours
rhn_check polls immediately

2-

7

RH133-RHEL5u4-en-7-20090928/bdc39cd4

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Creating a Private yum Repository

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page10.html[5/3/2010 2:06:52 AM]

Creating a Private yum Repository

Create a directory to hold your packages
Make this directory available via http or ftp
Install the createrepo RPM
Run createrepo -v /dir/packagedir

Creates/Re-creates a repodata subdirectory
Files contain extracted package header information

2-

8

RH133-RHEL5u4-en-7-20090928/7786da96

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Advanced Installation and Removal with rpm

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page11.html[5/3/2010 2:06:52 AM]

Advanced Installation and Removal with rpm

Primary RPM options:

Install/Upgrade: rpm -i | -F | -U rpmfile...
Removal: rpm -e package...
Output options: -v, -h
URL support: ftp:// (with globbing), http://

Advanced options:

Reinstall: --replacepkgs
Downgrade: --oldpackage
Ignore conflicts: --replacefiles
Ignore dependencies: --nodeps

2-

9

RH133-RHEL5u4-en-7-20090928/e117b1c6

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Updating to a New Kernel RPM

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page12.html[5/3/2010 2:06:53 AM]

Updating to a New Kernel RPM

Kernels are installed in parallel, not upgraded

Do not use rpm -U or rpm -F ! Use rpm -i !
yum properly handles with either update or install

Updating (adding) a kernel

yum update kernel
Boot new kernel to test
Reboot to old kernel if a problem arises
yum remove kernel-oldversion if no problems

2-

10

RH133-RHEL5u4-en-7-20090928/383d31a0

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Advanced Queries with rpm

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page13.html[5/3/2010 2:06:53 AM]

Advanced Queries with rpm

Four basic types of queries:

Installed version: rpm -q package
All installed: rpm -q -a [package_glob]
Package file (uninstalled): rpm -q -p rpmfile
File owner: rpm -q -f file_path_name

Types of information to query:

-i general information about package
-l list of files in package
Many others that yum cannot provide

2-

11

RH133-RHEL5u4-en-7-20090928/dec172a6

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Verifying with rpm

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page14.html[5/3/2010 2:06:54 AM]

Verifying with rpm

Installed package file verification:

# rpm -V package
# rpm -V -p rpmfile
# rpm -V -a

Signature verification before package installation:

# rpm --import RPM-GPG-KEY-redhat-release
# rpm -qa gpg-pubkey
# rpm -K rpmfile

2-

12

RH133-RHEL5u4-en-7-20090928/5317c18a

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 2

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-2/page15.html[5/3/2010 2:06:54 AM]

End of Lecture 2

Questions and Answers
Summary

yum installs packages and their dependencies from remote

repositories
Repositories are configured in yum.conf and
/etc/yum.repos.d/
Red Hat distributes updates via the Red Hat Network
Systems must be registered to access RHN

Usually done during installation or post-install with rhn_register

Registered systems poll for updates via rhnsd
rpm
can be used for advanced queries and tasks not suited to

yum

RH133-RHEL5u4-en-7-20090928/60c26cfdsummary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 3

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page01.html[5/3/2010 2:06:55 AM]

Lecture 3

System Services and Security

RH133-RHEL5u4-en-7-20090928/f9757bb4title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page02.html[5/3/2010 2:06:55 AM]

Objectives

Upon completion of this unit, you should be able to:

Monitor and configure system logs
Automate tasks with cron
Configure printing
Understand the importance of time synchronization
Describe SELinux service security features

RH133-RHEL5u4-en-7-20090928/f9757bb4objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Monitoring System Logs

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page03.html[5/3/2010 2:06:56 AM]

Monitoring System Logs

Centralized logging daemons: syslogd, klogd, auditd
Log file examples:

/var/log/dmesg

: Kernel boot messages

/var/log/messages

: Standard system error messages

/var/log/maillog

: Mail system messages

/var/log/secure

: Security, authentication, and xinetd

messages
/var/log/audit/audit.log

: Kernel auditing messages

Application log files and directories also reside in
/var/log/

3-

1

RH133-RHEL5u4-en-7-20090928/ff94a96f

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

syslogd and klogd Configuration

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page04.html[5/3/2010 2:06:57 AM]

syslogd and klogd Configuration

klogd traps kernel messages to syslogd
Both controlled by /etc/rc.d/init.d/syslog

Script configured in: /etc/sysconfig/syslog

SYSLOGD_OPTIONS="-m 0"

Configuring syslogd:

/etc/syslog.conf

facility.priority log_location

logger generates messages to syslogd from

command-line

3-

2

RH133-RHEL5u4-en-7-20090928/9884cb30

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Review: Automating Tasks with cron

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page05.html[5/3/2010 2:06:57 AM]

Review: Automating Tasks with cron

Used to schedule recurring events
Use crontab to edit, install, and view job schedules

crontab [-u user] file
crontab [-l|-r|-e]
echo '*/15 8-17 * * 1-5 echo Breaktime' | crontab

Restrict / allow user access to crond

/etc/cron.allow

/etc/cron.deny

3-

3

RH133-RHEL5u4-en-7-20090928/af02b4eb

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

System crontab Files

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page06.html[5/3/2010 2:06:58 AM]

System crontab Files

Different format than user crontab files
Default /etc/crontab runs executables in

/etc/cron.hourly/

/etc/cron.daily/

/etc/cron.weekly/

/etc/cron.monthly/

/etc/cron.d/

contains additional system crontab files

3-

4

RH133-RHEL5u4-en-7-20090928/b95b894d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Default Daily Cron Jobs

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page07.html[5/3/2010 2:06:58 AM]

Default Daily Cron Jobs

tmpwatch

Cleans old files in specific directories
Keeps /tmp from filling up

logrotate

Keeps log files from getting too large
Configuration in: /etc/logrotate.conf and
/etc/logrotate.d/

logwatch

Provides a summary about system activity
Reports suspicious messages
Configuration in: /etc/logwatch/

3-

5

RH133-RHEL5u4-en-7-20090928/d4d80c40

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

The anacron System

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page08.html[5/3/2010 2:06:59 AM]

The anacron System

anacron runs jobs when the system boots
Configuration file: /etc/anacrontab

Field 1: if the job has not been run in this many days...
Field 2: wait this number of minutes before running it
Field 3: job identifier
Field 4: the job to run

Default is tied to /etc/crontab

Runs “missed” daily, weekly, and monthly jobs
Vital for computers that are not up continually

3-

6

RH133-RHEL5u4-en-7-20090928/faec00ed

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Managing Printers with CUPS

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page09.html[5/3/2010 2:06:59 AM]

Managing Printers with CUPS

Configuration tools

system-config-printer
Web based:

http://localhost:631

Command line: lpadmin and lpinfo

Configuration files

/etc/cups/cupsd.conf

/etc/cups/printers.conf

PPD files used to describe printers
Uses the Internet Printing Protocol (IPP)

Allows remote browsing of printer queues
Based on HTTP/1.1

3-

7

RH133-RHEL5u4-en-7-20090928/2ba4c1c2

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Accurate Time with Network Time Protocol

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page10.html[5/3/2010 2:07:00 AM]

Accurate Time with Network Time Protocol

Many applications require accurate timing
Workstation hardware clocks tend to drift without

correction
NTP counters the drift by manipulating the length of a

second
NTP clients should use three time servers
Configuration tool: system-config-date
Configuration file: /etc/ntp.conf
Test with ntpq

3-

8

RH133-RHEL5u4-en-7-20090928/a58abd8e

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

SELinux

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page11.html[5/3/2010 2:07:00 AM]

SELinux

Mandatory Access Control -vs- Discretionary Access

Control

Any action not explicitly allowed is denied by default

A binary policy defines:

Security contexts (credentials)
Rules to allow specific actions
Booleans to conditionally enable or disable rules
Audit requirements (logging)

Default policy is targeted

Protects the system from a compromised service, not from local

users
Most local processes are unconfined_t

Supplemental Media

Security Engineer Dan Walsh on the role of SELinux

3-

9

RH133-RHEL5u4-en-7-20090928/357f91f4

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

SELinux Policy: Troubleshooting

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page12.html[5/3/2010 2:07:01 AM]

SELinux Policy: Troubleshooting

Modes: Enforcing, Permissive, or Disabled

Persistent

/etc/sysconfig/selinux
system-config-securitylevel

Runtime

getenforce and setenforce 0 | 1
Kernel arguments: selinux=0 | 1 or enforcing=0 | 1

Logs: /var/log/{messages,audit/audit.log}
General advice

man -k selinux
setroubleshootd
, sealert -b and sealert -a
Advises how to avoid errors, not ensure security!

3-

10

RH133-RHEL5u4-en-7-20090928/95dcaa4d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 3

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-3/page13.html[5/3/2010 2:07:02 AM]

End of Lecture 3

Questions and Answers
Summary

Most system logs are stored in /var/log/
Automated jobs can be scheduled with crontab -e

Syntax documented in man 5 crontab

Printers can be configured with system-config-printer
Network Time Protocol synchronizes date and time between

systems

Configure with system-config-date

SELinux identifies and limits processes by type
SELinux mode can be controlled with system-config-

securitylevel

RH133-RHEL5u4-en-7-20090928/f9757bb4summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 4

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page01.html[5/3/2010 2:07:02 AM]

Lecture 4

System Initialization

RH133-RHEL5u4-en-7-20090928/d1f5685etitle

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page02.html[5/3/2010 2:07:03 AM]

Objectives

Upon completion of this unit, you should be able to:

Check your current system state
Start, stop and check services
Change to different runlevels
Understand the boot sequence

RH133-RHEL5u4-en-7-20090928/d1f5685eobjectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Checking Your System State

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page03.html[5/3/2010 2:07:03 AM]

Checking Your System State

Red Hat Enterprise Linux Release:

cat /etc/redhat-release

Identifying your kernel:

Current kernel: uname -r
Available kernels: yum list installed kernel\* or rpm -qa

kernel\*

Identifying the runlevel:

Current runlevel: /sbin/runlevel or who -r
Default runlevel: grep initdefault: /etc/inittab

4-

1

RH133-RHEL5u4-en-7-20090928/ac8c2018

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Runlevels

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page04.html[5/3/2010 2:07:04 AM]

Runlevels

init defines runlevels 0-6, S, and emergency

Defines sets of services to auto-start

The runlevel is selected by either

Default in /etc/inittab at boot

id:5:initdefault:

Passing an argument from the bootloader
Using the command init new_runlevel

4-

2

RH133-RHEL5u4-en-7-20090928/425374e8

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Controlling Services

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page05.html[5/3/2010 2:07:04 AM]

Controlling Services

Graphical: system-config-services
Standalone Services

service servicename start|stop|restart|status
chkconfig --list servicename
chkconfig servicename on|off|reset

Transient Services

chkconfig --list servicename
chkconfig servicename on|off

4-

3

RH133-RHEL5u4-en-7-20090928/6c6818ba

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Boot Sequence: Detailed Overview

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page06.html[5/3/2010 2:07:05 AM]

Boot Sequence: Detailed Overview

BIOS initialization
Bootloader
Kernel initialization
init starts and enters desired runlevel by executing:

/etc/rc.d/rc.sysinit

/etc/rc.d/rc

and /etc/rc.d/rc[0-6].d/

/etc/rc.d/rc.local
Virtual consoles
X Display Manager if appropriate

4-

4

RH133-RHEL5u4-en-7-20090928/b500c19a

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

GRand Unified Bootloader (GRUB)

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page07.html[5/3/2010 2:07:05 AM]

GRand Unified Bootloader (GRUB)

Image selection

Select with space followed by up/down arrows on the boot

splash screen

Argument passing

Change an existing stanza in menu editing mode
Issue boot commands interactively on the GRUB command line

Password protection

Can block image selection
Can block menu editing mode

pyGRUB used for Xen paravirtualized systems

Boot system using: xm create -c domain

4-

5

RH133-RHEL5u4-en-7-20090928/9ccb1955

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

GRUB Components and Configuration

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page08.html[5/3/2010 2:07:06 AM]

GRUB Components and Configuration

1st Stage

Small, added to MBR or boot sector during installation
Use /sbin/grub-install to repair

2nd Stage

Loaded from filesystem containing /boot
Configured in /boot/grub/grub.conf

To boot Linux: title, kernel, root filesystem, and initial

ramdisk

4-

6

RH133-RHEL5u4-en-7-20090928/90d7471d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kernel Initialization

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page09.html[5/3/2010 2:07:06 AM]

Kernel Initialization

Kernel boot time functions

Device detection
Device driver initialization (modules loaded from initrd-
<version>.img

)

Mounts root filesystem read only
Loads initial process (init, PID 1)

Logged to /var/log/dmesg

4-

7

RH133-RHEL5u4-en-7-20090928/03283c0c

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

init Initialization

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page10.html[5/3/2010 2:07:07 AM]

init Initialization

init reads its config: /etc/inittab

Initial runlevel
System initialization scripts
Runlevel specific script directories
Trap certain key sequences
Define UPS power fail / restore scripts
Spawn gettys on virtual consoles
Initialize X in runlevel 5

4-

8

RH133-RHEL5u4-en-7-20090928/56efac20

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

System Initialization

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page11.html[5/3/2010 2:07:08 AM]

System Initialization

/etc/rc.d/rc.sysinit

Activate udev and selinux
Sets kernel parameters in /etc/sysctl.conf
Sets the system clock
Loads keymaps
Enables swap partitions
Sets hostname
Root filesystem check and remount read-write
Activate RAID and LVM devices
Enable disk quotas
Check and mount other local filesystems
Cleans up stale locks and PID files

4-

9

RH133-RHEL5u4-en-7-20090928/96e6b7ef

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Standalone Service Initialization

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page12.html[5/3/2010 2:07:08 AM]

Standalone Service Initialization

/etc/rc.d/rc

defines which standalone services to

start

l5:5:wait:/etc/rc.d/rc 5

Each runlevel has a corresponding directory:

/etc/rc.d/rc5.d/

K*

symbolic links called with a stop argument

S*

symbolic links called with a start argument

The System V init scripts reside in:

/etc/rc.d/init.d/
Behavior configured with files under /etc/sysconfig/

4-

10

RH133-RHEL5u4-en-7-20090928/80a6c1ac

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Non-Service Startup

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page13.html[5/3/2010 2:07:09 AM]

Non-Service Startup

/etc/rc.d/rc.local

Runs near the end of the runlevel specific scripts (S99local)
Common place for custom modification

Better practice:

Create a System V init script
Existing /etc/rc.d/init.d/ scripts can be used as a starting

point

4-

11

RH133-RHEL5u4-en-7-20090928/24249dc4

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Transient Services

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page14.html[5/3/2010 2:07:09 AM]

Transient Services

xinetd manages on-demand services

Less-frequently needed services
Host-based authentication
Service statistics and logging
Service IP redirection

Configuration files:

/etc/xinetd.conf

/etc/xinetd.d/service

4-

12

RH133-RHEL5u4-en-7-20090928/85a7f343

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 4

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-4/page15.html[5/3/2010 2:07:10 AM]

End of Lecture 4

Questions and Answers
Summary

Understand system runlevels and kernels
Manage system services
Change runlevels
Understand the boot sequence
Use the GRUB bootloader
Access virtualization consoles

RH133-RHEL5u4-en-7-20090928/d1f5685esummary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 5

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page01.html[5/3/2010 2:07:10 AM]

Lecture 5

Kernel Monitoring and Configuration

RH133-RHEL5u4-en-7-20090928/35efbaa5title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page02.html[5/3/2010 2:07:11 AM]

Objectives

Upon completion of this unit, you should be able to:

Understand the purpose and organization of the kernel
Know how to configure the kernel using /proc and

sysctl
Explore hardware devices available on the system
Understand how to load and configure kernel modules

RH133-RHEL5u4-en-7-20090928/35efbaa5objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

The Linux Kernel

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page03.html[5/3/2010 2:07:11 AM]

The Linux Kernel

The kernel constitutes the core part of the Linux

operating system
Kernel duties:

System initialization: detects hardware resources and boots up

the system
Process scheduling: determines when processes should run and

for how long
Memory management: allocates memory on behalf of running

processes
Security: enforces permissions, SELinux contexts and firewall

rules
Provides buffers and caches to speed up hardware access
Implements standard network protocols and filesystem formats

Documentation available in the kernel-doc RPM

package

5-

1

RH133-RHEL5u4-en-7-20090928/92f1ab86

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kernel Components

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page04.html[5/3/2010 2:07:12 AM]

Kernel Components

Multiple kernels may be installed at the same time

Different variants have different features, allows easier version

upgrades

Kernel version is part of the absolute filename to avoid

conflicts
/boot/vmlinuz-version

Main kernel binary file

/boot/initrd-version.img

Initial RAM disk providing critical kernel modules at boot

/lib/modules/version/

Kernel modules (drivers and extensions) matching a particular

kernel binary

5-

2

RH133-RHEL5u4-en-7-20090928/18d2993d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kernels and Support Limits

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page05.html[5/3/2010 2:07:13 AM]

Kernels and Support Limits

RHEL 5.4 32-bit x86 kernels:

kernel

: up to 32 processors, 4 GB RAM

kernel-PAE

: up to 32 processors, 16 GB RAM (PAE36)

kernel-xen

: up to 32 processors, 16 GB RAM (Dom0 limits)

RHEL 5.4 64-bit x86-64 kernels:

kernel

: up to 64 processors, 512 GB RAM

kernel-xen

: up to 126 processors, 512 GB RAM (Dom0 limits)

5-

3

RH133-RHEL5u4-en-7-20090928/fbe8c43f

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Monitoring Processes and Resources

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page06.html[5/3/2010 2:07:13 AM]

Monitoring Processes and Resources

Kernel state: uname, uptime, tload
Processes: ps, top, gnome-system-monitor
Memory: free, vmstat, swapon -s, pmap
Disk Utilization: df, fdisk -l, iostat, lsof
Support Summary: sosreport

5-

4

RH133-RHEL5u4-en-7-20090928/47534075

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kernel Monitoring and Configuration with /proc and /sys

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page07.html[5/3/2010 2:07:14 AM]

Kernel Monitoring and Configuration with
/proc

and /sys

Virtual filesystems: proc and sysfs
Used to display:

Process information: /proc/<PID>
Memory resources: /proc/meminfo
Disk partitions: /proc/partitions

Modify kernel configuration:

System hostname: /proc/sys/kernel/hostname
Apply immediately, but do not persist across a reboot

5-

5

RH133-RHEL5u4-en-7-20090928/7ed18921

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kernel Configuration with sysctl

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page08.html[5/3/2010 2:07:14 AM]

Kernel Configuration with sysctl

sysctl adds persistence to /proc/sys settings
Statements added to /etc/sysctl.conf automatically

processed during boot
Configuration maintained or monitored using the sysctl

command:

List all current settings: sysctl -a
Reprocess settings from sysctl.conf: sysctl -p
Set a /proc value dynamically: sysctl -w

net.ipv4.ip_forward=1

5-

6

RH133-RHEL5u4-en-7-20090928/62d68590

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Exploring Hardware Devices

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page09.html[5/3/2010 2:07:15 AM]

Exploring Hardware Devices

Utilities:

lspci and lsusb
For x86 and x86-64: dmidecode and x86info

HAL: Hardware Abstraction Layer

Snapshot of all connected devices
hal-device lists in text mode
hal-device-manager displays in a graphical window

5-

7

RH133-RHEL5u4-en-7-20090928/93c12b3d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Review of /dev

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page10.html[5/3/2010 2:07:15 AM]

Review of /dev

Files under /dev are used to access drivers
Three file attributes determine which driver to access:

Device type (character or block)
Major number
Minor number

Block devices:

/dev/sda

, /dev/sdb - SCSI, SATA, or USB storage

/dev/md0

, /dev/md1 - Software RAID

Character devices:

/dev/null

, /dev/zero - Software devices

/dev/random

, /dev/urandom - Random numbers

5-

8

RH133-RHEL5u4-en-7-20090928/928a814a

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Managing Devices With udev

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page11.html[5/3/2010 2:07:16 AM]

Managing Devices With udev

udev manages files stored under /dev/
Files are only created if corresponding device is plugged

in
Files are automatically removed when device is

disconnected
udev statements under /etc/udev/rules.d/

determine:

Filenames
Permissions
Owners and groups
Commands to execute when a new device shows up

mknod does not persist across a reboot

5-

9

RH133-RHEL5u4-en-7-20090928/3a0a555e

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kernel Modules

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page12.html[5/3/2010 2:07:16 AM]

Kernel Modules

Small kernel extensions
May be loaded and unloaded at will
Can implement drivers, filesystems, firewall, and more
Provided with the kernel RPM

Are located under /lib/modules/$(uname -r)/
Compiled for a specific kernel version

Third party modules may be added

5-

10

RH133-RHEL5u4-en-7-20090928/336394fa

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Utilizing and Configuring Kernel Modules

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page13.html[5/3/2010 2:07:17 AM]

Utilizing and Configuring Kernel Modules

lsmod provides a list of loaded modules
modinfo displays information about any available

module
modprobe can load and unload modules
/etc/modprobe.conf

used for module configuration:

Parameters to pass to a module whenever it is loaded
Aliases to represent a module name
Commands to execute when a module is loaded or unloaded

5-

11

RH133-RHEL5u4-en-7-20090928/b7faceca

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

The Initial RAM Disk (initrd)

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page14.html[5/3/2010 2:07:17 AM]

The Initial RAM Disk (initrd)

To mount the root filesystem, the kernel typically needs

to load modules:

ext3

, jbd, raid1, scsi_mod ...

third-party hardware RAID modules

Compressed cpio archive created by kernel installation

kept in /boot
Use mkinitrd to rebuild

# mkinitrd /boot/initrd-$(uname -r).img $(uname -r)

Manually add modules:

--with
/etc/modprobe.conf

/etc/sysconfig/mkinitrd/

5-

12

RH133-RHEL5u4-en-7-20090928/9ceefd67

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 5

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-5/page15.html[5/3/2010 2:07:18 AM]

End of Lecture 5

Questions and Answers
Summary

Different kernel variants based on processor and features
Persistently configure kernel tunables in /etc/sysctl.conf
Hardware and /dev managed through udev and HAL
Currently loaded kernel modules can be listed with lsmod
Modules needed to mount "/" are loaded from initrd

RH133-RHEL5u4-en-7-20090928/35efbaa5summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 6

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page01.html[5/3/2010 2:07:19 AM]

Lecture 6

Network Configuration

RH133-RHEL5u4-en-7-20090928/5be9f76btitle

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page02.html[5/3/2010 2:07:19 AM]

Objectives

Upon completion of this unit, you should be able to:

Configure TCP/IP network interfaces and routing
Configure DNS name resolution
Do basic monitoring and filtering of network traffic
Describe how interfaces could be bonded

RH133-RHEL5u4-en-7-20090928/5be9f76bobjectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Network Interfaces and /sbin/ip

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page03.html[5/3/2010 2:07:20 AM]

Network Interfaces and /sbin/ip

Networking scripts refer to logical interface names:

Ethernet: eth0, eth1 ...
Dial-up: ppp0, ppp1 ...
Loopback: lo

Display network interfaces/configuration by using:

ip [-s] link [show [ethX]]
ip addr [show [ethX
]]

6-

1

RH133-RHEL5u4-en-7-20090928/ef3454bc

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Network Configuration Utilities

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page04.html[5/3/2010 2:07:20 AM]

Network Configuration Utilities

system-config-network

Device and Gateway
Static Routes
DNS and Hostname

system-config-network-tui

Device and Gateway

Changes are not immediate

Deactivate and Activate buttons
ifdown ethX ; ifup ethX
service network restart

6-

2

RH133-RHEL5u4-en-7-20090928/fc8c85f8

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Interface Configuration Files

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page05.html[5/3/2010 2:07:21 AM]

Interface Configuration Files

/etc/sysconfig/network-scripts/ifcfg-name

Set DEVICE to map configuration to device name
Set HWADDR to map configuration to MAC address
Set BOOTPROTO=dhcp for dynamic configuration
Set IPADDR and NETMASK for static configuration
Set ETHTOOL_OPTS to force speed and duplex settings
Requires at least DEVICE and BOOTPROTO or IPADDR

Options documented in sysconfig.txt

6-

3

RH133-RHEL5u4-en-7-20090928/f3878596

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Device Aliases

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page06.html[5/3/2010 2:07:21 AM]

Device Aliases

Useful for virtual hosting
Bind multiple IP addresses to a single NIC

<device>:<alias>

, i.e. eth1:0, eth1:1 ...

Create a separate interface configuration file for each

device alias:

ifcfg-ethX:y
Must use static networking

6-

4

RH133-RHEL5u4-en-7-20090928/4da924e4

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Configuring the Routing Table

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page07.html[5/3/2010 2:07:22 AM]

Configuring the Routing Table

The routing table tells the kernel how to reach different

networks
Networks are associated with interfaces and, optionally,

routers
Networks attached to interfaces are added

automatically
A default gateway is used if no explicit route is given
View table with ip route
Configure table with:

GATEWAY

in ifcfg-* or /etc/sysconfig/network

Settings in /etc/sysconfig/network-scripts/route-ethX

6-

5

RH133-RHEL5u4-en-7-20090928/68f9a1ab

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Verifying IP Connectivity

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page08.html[5/3/2010 2:07:23 AM]

Verifying IP Connectivity

ping

Network packet loss and latency measurement tool

traceroute

Displays network path to a destination

mtr

Combines the functionality of traceroute and ping in a single

tool

These and other tools available in the gnome-nettool

GUI

6-

6

RH133-RHEL5u4-en-7-20090928/946d0776

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Hostnames

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page09.html[5/3/2010 2:07:23 AM]

Hostnames

System hostname set in /etc/sysconfig/network

If not explicitly set, DHCP or DNS will be used

Can be viewed or temporarily set with hostname
Other name/IP mappings can be defined in /etc/hosts

127.0.0.1 localhost.localdomain
localhost
::1 localhost6.localdomain6 localdomain6
10.0.0.1 testmachine1.lab.example.com
test1

6-

7

RH133-RHEL5u4-en-7-20090928/1d931e2b

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

DNS Configuration

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page10.html[5/3/2010 2:07:24 AM]

DNS Configuration

DNS servers resolve names not in /etc/hosts

Precedence controlled by /etc/nsswitch.conf

Configured in /etc/resolv.conf

search example.com
nameserver 192.168.0.254
nameserver 10.0.0.254

Test with gethostip, host, or dig

6-

8

RH133-RHEL5u4-en-7-20090928/10a51ef7

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Filtering Network Traffic

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page11.html[5/3/2010 2:07:24 AM]

Filtering Network Traffic

Filtering in the kernel
Only inspects packet headers
Consists of:

netfilter modules
iptables command
init.d/iptables

script

Basic policy adjustments with system-config-

securitylevel

6-

9

RH133-RHEL5u4-en-7-20090928/8b4addc5

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Network Monitoring Utilities

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page12.html[5/3/2010 2:07:25 AM]

Network Monitoring Utilities

Network interfaces (ip)

Show what interfaces are available on a system

Local diagnostic (netstat)

Show active connections, routes, and statistics

Port scanners (nmap)

Show what services are available on a system

Packet sniffers (tcpdump, wireshark)

Stores and analyzes all network traffic visible to the "sniffing"

system

6-

10

RH133-RHEL5u4-en-7-20090928/97975493

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Ethernet Channel Bonding

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page13.html[5/3/2010 2:07:26 AM]

Ethernet Channel Bonding

Highly available network interface

Avoids single point of failure
Aggregating bandwidth and load balancing are possible

Many NICs can be bonded into a single virtual interface

Plug each interface into different switches on the same network
Network driver must be able to detect link

Configuration steps:

Load bonding module in /etc/modprobe.conf
Configure bond0 interface and its slave interfaces

/proc/net/bond0/info

6-

11

RH133-RHEL5u4-en-7-20090928/cdd47f47

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 6

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-6/page14.html[5/3/2010 2:07:26 AM]

End of Lecture 6

Questions and Answers
Summary

system-config-network provides GUI or TUI network-

configuration
Network configuration is stored in:

/etc/sysconfig/network-scripts/ifcfg-*

(interface-specific

settings)
/etc/sysconfig/network-scripts/routes-*

(non-standard routes)

/etc/resolv.conf

(DNS servers)

/etc/sysconfig/network

(other global settings)

Basic packet filtering can be configured with system-config-

securitylevel
Bonded interfaces provide aggregated bandwidth and load

balancing

RH133-RHEL5u4-en-7-20090928/5be9f76bsummary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 7

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page01.html[5/3/2010 2:07:27 AM]

Lecture 7

Filesystem Administration

RH133-RHEL5u4-en-7-20090928/764d17a8title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page02.html[5/3/2010 2:07:27 AM]

Objectives

Upon completion of this unit, you should be able to:

Monitor filesystems
Access removable media
Access data from remote systems using NFS
Mount NFS filesystems on demand

RH133-RHEL5u4-en-7-20090928/764d17a8objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Partitions and Filesystems

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page03.html[5/3/2010 2:07:28 AM]

Partitions and Filesystems

Disk drives are divided into partitions

cat /proc/partitions
fdisk -l /dev/sda
Primary, Extended, Logical

Partitions are formatted with filesystems for users to

store data

Default filesystem: ext3, the Third Extended Linux Filesystem
Other common filesystems: ext2, vfat, iso9660, and gfs

Filesystems are mounted into the tree before access

mount
df [-h]

7-

1

RH133-RHEL5u4-en-7-20090928/d40210a3

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Inodes and Directories

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page04.html[5/3/2010 2:07:28 AM]

Inodes and Directories

The inode table of a filesystem contains a list of all files

df -i

Each inode (index node) of a file contains metadata:

file type, permissions, UID, GID, size and time stamps
the link count (count of path names pointing to this file)
pointers to the file's data blocks on disk

A directory contains a list of filenames

The directory data block contains mapping of filename to inode

number
ls -i

7-

2

RH133-RHEL5u4-en-7-20090928/3ac1e82c

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Managing Removable Media

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page05.html[5/3/2010 2:07:29 AM]

Managing Removable Media

Removable media mounted under /media automatically

Mounting performed by graphical environments
HAL (Hardware Abstraction Layer) monitors removable media
HAL automatically mounts when media detected
HAL calls gnome-mount and gnome-umount
Users can call these commands directly

When mounting manually, use /mnt

7-

3

RH133-RHEL5u4-en-7-20090928/74b2da34

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Accessing Network File Shares using NFS

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page06.html[5/3/2010 2:07:29 AM]

Accessing Network File Shares using NFS

Servers export directories using NFS

# rpcinfo -p nfsserver
# showmount -e nfsserver

Clients mount NFS exported directories to local

directories

Remote directories appear to be local to local users

# mkdir /pub

Remote directories can be manually mounted

# mount nfsserver:/exported/dir /pub

Can be automatically mounted at boot time in /etc/fstab

nfsserver:/exported/dir /pub nfs soft 0 0

7-

4

RH133-RHEL5u4-en-7-20090928/cf0f81c4

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Mounting NFS Shares On-Demand

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page07.html[5/3/2010 2:07:30 AM]

Mounting NFS Shares On-Demand

NFS shares can be automatically mounted on demand

using the automounter

No additional server-side configuration required
NFS shares mounted when accessed by any user and umounted

when no longer in use

Two tier configuration:

First tier: /etc/auto.master lists automounting directory and

file that lists mounts within the directory
Second tier specified in /etc/auto.master: lists mount point,

options, and directory to be mounted

All per-server exports accessed automatically via /net

7-

5

RH133-RHEL5u4-en-7-20090928/fb411586

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 7

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-7/page08.html[5/3/2010 2:07:30 AM]

End of Lecture 7

Questions and Answers
Summary

Disks are divided into partitions, which contain filesystems
Filesystems are associated with mountpoints using mount
df -h
displays a usage summary for each mounted filesystem
Removable media is mounted under /media
To mount an nfs share, run mount nfsserver:/share
/mntpoint
To list shares on an NFS server, run showmount -e nfsserver
NFS shares can be auto-mounted with /etc/fstab or /net

RH133-RHEL5u4-en-7-20090928/764d17a8summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 8

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page01.html[5/3/2010 2:07:31 AM]

Lecture 8

Additional Storage

RH133-RHEL5u4-en-7-20090928/5b177302title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page02.html[5/3/2010 2:07:32 AM]

Objectives

Upon completion of this unit, you should be able to:

Add new partitions/filesystems
Troubleshoot filesystems
Add virtual memory

RH133-RHEL5u4-en-7-20090928/5b177302objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Adding New Filesystems

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page03.html[5/3/2010 2:07:32 AM]

Adding New Filesystems

Identify device
Partition device
Make filesystem
Label filesystem (optional)
Add entry to /etc/fstab
Create mount point
Mount new filesystem

8-

1

RH133-RHEL5u4-en-7-20090928/3346f175

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Partitioning a Physical Disk

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page04.html[5/3/2010 2:07:33 AM]

Partitioning a Physical Disk

Backup the partition table

# sfdisk -d /dev/sda > /tmp/partitions.sda

Partition the disk

# fdisk /dev/sda

Restore partition table after major mistake

# sfdisk /dev/sda < /tmp/partitions.sda

Update /proc/partitions

# partprobe /dev/sda

8-

2

RH133-RHEL5u4-en-7-20090928/3b2c7cf3

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Making Filesystems

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page05.html[5/3/2010 2:07:33 AM]

Making Filesystems

Make the filesystem with a label

# mkfs -t ext3 -L guest_data /dev/sda5

Calls mkfs.ext3 (default mkfs.ext2)

mkfs.ext3 [options] device

Calls specific filesystem utilities like mke2fs

mke2fs [options] device

8-

3

RH133-RHEL5u4-en-7-20090928/951e21c9

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Mounting Filesystems with mount

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page06.html[5/3/2010 2:07:34 AM]

Mounting Filesystems with mount

Make a mountpoint

# mkdir -p /srv/guest_data

Mount the filesystem

# mount -o rw LABEL=guest_data /srv/guest_data

Default -o options for ext3:

Executable: rw, suid, dev, exec, auto, nouser, and async
Filesystem embedded by anaconda: acl, user_xattr
Overridden by /etc/fstab or command line -o option

8-

4

RH133-RHEL5u4-en-7-20090928/76188a1b

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Mount Points and /etc/fstab

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page07.html[5/3/2010 2:07:34 AM]

Mount Points and /etc/fstab

Maintains the hierarchy across system reboots

Used by mount, fsck, and other programs
May use filesystem volume labels in the device field

LABEL=/mnt/data /mnt/data ext3 defaults 1 2

mount -a will mount all auto filesystems in
/etc/fstab

Recommended for testing fstab syntax before reboot!

8-

5

RH133-RHEL5u4-en-7-20090928/71945f5d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Unmounting Filesystems

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page08.html[5/3/2010 2:07:35 AM]

Unmounting Filesystems

umount [options] device | mount_point
Cannot unmount a filesystem that is in use

Use fuser to check and/or kill processes

Use remount option to change a mounted filesystem's

options

mount -o remount,ro /data

8-

6

RH133-RHEL5u4-en-7-20090928/005aa956

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Modifying a Filesystem Superblock

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page09.html[5/3/2010 2:07:36 AM]

Modifying a Filesystem Superblock

View filesystem features

# dumpe2fs /dev/sda5 | less

Change filesystem features

# tune2fs -i0 -c0 /dev/sda5

Display or change the filesystem label

# e2label /dev/sda5
# e2label /dev/sda5 new_label
# blkid -s LABEL
# findfs LABEL=new_label

8-

7

RH133-RHEL5u4-en-7-20090928/e6331d68

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Adding Virtual Memory

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page10.html[5/3/2010 2:07:36 AM]

Adding Virtual Memory

Swap space is hard disk space that extends system

RAM
Create a swap file (or partition)

# dd if=/dev/zero of=/var/local/swapfile bs=1k count=1M

Write special signature

# mkswap /var/local/swapfile

Add entry to /etc/fstab

/var/local/swapfile swap swap defaults 0 0

Activate swap space

# swapon -a

8-

8

RH133-RHEL5u4-en-7-20090928/86c9214a

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 8

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-8/page11.html[5/3/2010 2:07:37 AM]

End of Lecture 8

Questions and Answers
Summary

To create a new filesystem:

1. Run fdisk device and create a partition of type Linux.
2. Run mkfs -t fstype partition to create a filesystem
3. Add to /etc/fstab
4. Run mount -a

To create a new swap partition:

1. Run fdisk device and create a new partition of type Linux Swap
2. Run mkswap partition
3. Add to /etc/fstab
4. Run swapon -a

RH133-RHEL5u4-en-7-20090928/5b177302summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 9

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page01.html[5/3/2010 2:07:37 AM]

Lecture 9

User Administration

RH133-RHEL5u4-en-7-20090928/b862a9d9title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page02.html[5/3/2010 2:07:38 AM]

Objectives

Upon completion of this unit, you should be able to:

Manage user and group accounts
Set up filesystem quotas

RH133-RHEL5u4-en-7-20090928/b862a9d9objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Review: User and Group Databases

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page03.html[5/3/2010 2:07:38 AM]

Review: User and Group Databases

User: /etc/passwd and /etc/shadow

Maps name to UID, GID, home directory, and login shell
Maps name to password and expiration

Group: /etc/group and /etc/gshadow

Maps group to GID and user members
Maps group to password and group administrators

Management: system-config-users and/or command

line tools

9-

1

RH133-RHEL5u4-en-7-20090928/c8c69acd

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Adding a New User Account

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page04.html[5/3/2010 2:07:39 AM]

Adding a New User Account

useradd [options] username
Defaults in: /etc/default/useradd and
/etc/login.defs
Equivalent to:

editing /etc/passwd, /etc/shadow, /etc/group, /etc/gshadow
creating and populating home directory from /etc/skel/
setting permissions and ownership

Set account password using passwd
Accounts may be added in a batch with newusers

9-

2

RH133-RHEL5u4-en-7-20090928/ccb9c36e

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Modifying / Deleting User Accounts

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page05.html[5/3/2010 2:07:39 AM]

Modifying / Deleting User Accounts

To change fields in a user's /etc/passwd entry you

can:

Edit the file by hand with vipw
Use usermod [options] username

To remove a user either:

Manually remove the user from /etc/passwd, /etc/shadow,
/etc/group

, /etc/gshadow, /var/spool/mail, etc.

Use userdel [-r] username

9-

3

RH133-RHEL5u4-en-7-20090928/6c92294e

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Password Aging Policies

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page06.html[5/3/2010 2:07:40 AM]

Password Aging Policies

By default, passwords do not expire
Forcing passwords to expire is part of a strong security

policy
Modify default expiration settings in /etc/login.defs
To modify existing users, either:

Edit /etc/shadow by hand
Use chage [options] username

9-

4

RH133-RHEL5u4-en-7-20090928/4bf07712

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Administering Auxiliary Groups

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page07.html[5/3/2010 2:07:40 AM]

Administering Auxiliary Groups

Creation: groupadd [-g gid] auxgroup
Add users to group (either):

# usermod -aG auxgroup username
# gpasswd -a username auxgroup
# vigr

Rename/Delete: groupmod and groupdel

9-

5

RH133-RHEL5u4-en-7-20090928/385bb9e8

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Configuring the Quota System

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page08.html[5/3/2010 2:07:41 AM]

Configuring the Quota System

Implemented within the kernel

Enabled on a per-filesystem basis
Individual policies for groups or users

Limit by the number of 1K-blocks or inodes
Implement both soft and hard limits

Initialization

Partition mount options: usrquota, grpquota
Initialize database: quotacheck -cugm /filesystem
Start or stop quotas: quotaon, quotaoff

9-

6

RH133-RHEL5u4-en-7-20090928/464ba9be

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Managing Quotas

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page09.html[5/3/2010 2:07:42 AM]

Managing Quotas

Implementation

Edit quotas directly: edquota username
From a shell: setquota username 4096 5120 40 50 /foo
Define prototypical users: edquota -p user1 user2

Reporting

User inspection: quota
Quota overviews: repquota
Miscellaneous utilities: warnquota

9-

7

RH133-RHEL5u4-en-7-20090928/ce800e7d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 9

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-9/page10.html[5/3/2010 2:07:42 AM]

End of Lecture 9

Questions and Answers
Summary

system-config-users provides GUI user and group management
useradd, usermod and userdel provide CLI user management

userdel leaves home directory and mail unless -r is provided

groupadd, groupmod and groupdel provide CLI group

management
Quotas can limit by space (kilobytes) or inodes
To enable quotas on a filesystem

1. Edit /etc/fstab, add usrquota and/or groupquota options.
2. Run mount -o remount partition
3. Run quotacheck -cm partition

quotacheck -cgm partition for group quotas

4. Run quotaon -a
5. Define quotas with edquota and/or setquota

RH133-RHEL5u4-en-7-20090928/b862a9d9summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 10

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page01.html[5/3/2010 2:07:43 AM]

Lecture 10

Filesystems for Group Collaboration

RH133-RHEL5u4-en-7-20090928/88a9a6b5title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page02.html[5/3/2010 2:07:43 AM]

Objectives

Upon completion of this unit, you should be able to:

Manage file security
Create collaborative directories using SetGID
Extend filesystem security with ACLs

RH133-RHEL5u4-en-7-20090928/88a9a6b5objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Review: Viewing/Setting Ownership and Permissions

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page03.html[5/3/2010 2:07:44 AM]

Review: Viewing/Setting Ownership and

Permissions

View current settings:

$ ls -l filename

Every file is owned by a UID and a GID
Three permission categories: user (owner), group and others

Change user and/or group:

# chown user:group filename
$ chgrp group filename

Change permissions:

$ chmod ugo+x filename
$ chmod 775 filename

10-

1

RH133-RHEL5u4-en-7-20090928/ce1927b2

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Review: Default File Ownership and Permissions

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page04.html[5/3/2010 2:07:44 AM]

Review: Default File Ownership and

Permissions

Ownership is based on the creator:

User is creator
Group is normally creator's primary group

Permissions start with:

Read and Write for files
Read, Write, and eXecute for directories

Permissions are withheld by creator's umask

Non-system users' default umask is 002 (no w for other)
Files will have permissions of 664 (-rw-rw-r--)
Directories will have permissions of 775 (drwxrwxr-x)

10-

2

RH133-RHEL5u4-en-7-20090928/827416a8

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

User Private Groups

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page05.html[5/3/2010 2:07:45 AM]

User Private Groups

A group of the same name as the user

Automatically created when user is created
User's primary group is this private group
User's new files are assigned to this group

Prevents new files from belonging to a “public” group
May encourage making files “world-accessible”

10-

3

RH133-RHEL5u4-en-7-20090928/da58ce2e

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Special Directory Permissions

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page06.html[5/3/2010 2:07:45 AM]

Special Directory Permissions

SGID is used to create a collaborative directory

When a file is created in a directory with the SGID bit set, it

belongs to the same group as the directory, rather than the

creator's primary group

# chmod g+s directory

Sticky allows only the owner of a file to delete it

Normally users with write permissions to a directory can delete

any file in that directory regardless of that file's permissions or

ownership

# chmod o+t directory

10-

4

RH133-RHEL5u4-en-7-20090928/5f6747fc

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Access Control Lists (ACLs)

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page07.html[5/3/2010 2:07:46 AM]

Access Control Lists (ACLs)

Grant or deny access to multiple users or groups

Non-root users cannot chown files
Avoids users sharing files with chmod 777
Uses same rwx permissions

Implemented as a mount option (acl)

Embedded in filesystem superblock at install time

Backup utilities/scripts may need to be updated to

support

10-

5

RH133-RHEL5u4-en-7-20090928/b424c0cc

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Viewing and Managing ACLs

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page08.html[5/3/2010 2:07:47 AM]

Viewing and Managing ACLs

Viewing:

$ getfacl filename

Modifying (Adding or Changing):

$ setfacl -m u:gandalf:rw filename

Removing (Expunging):

$ setfacl -x u:gandalf filename

10-

6

RH133-RHEL5u4-en-7-20090928/5373192c

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Review: Permission Precedence

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page09.html[5/3/2010 2:07:47 AM]

Review: Permission Precedence

Three access categories: User, Group, and Other
Compare process UID to

UID of file => user permissions apply
ACL UID of file => ACL's permissions apply

Otherwise, compare list of process GIDs to

GID of file => group permissions apply
ACL GID of file => ACL's permissions apply
Since there can be multiple matches at this level, it is additive

within this level

If neither match, other permissions apply

10-

7

RH133-RHEL5u4-en-7-20090928/18ce0827

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Collaborate with Multiple Groups

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page10.html[5/3/2010 2:07:48 AM]

Collaborate with Multiple Groups

ACLs for groups use “g:” instead of “u:”
Automatic ACL setting

New files inherit default ACL (if set) from directory

$ setfacl -m d:g:groupname:rw directory

Defaults for groups can share files with multiple groups

10-

8

RH133-RHEL5u4-en-7-20090928/2432d270

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 10

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-10/page11.html[5/3/2010 2:07:48 AM]

End of Lecture 10

Questions and Answers
Summary

chmod g+sw dir creates a fully-collaborative environment

Members of the group that owns dir can create, delete an modify all

files in it

chmod o+t dir creates a limited-collaboration environment

Users with write access can create and delete only their own files.

Collaborative directories with SGID
Filesystem access to a list of users/groups

RH133-RHEL5u4-en-7-20090928/88a9a6b5summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 11

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page01.html[5/3/2010 2:07:49 AM]

Lecture 11

Centralized User Administration

RH133-RHEL5u4-en-7-20090928/552a371ctitle

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page02.html[5/3/2010 2:07:49 AM]

Objectives

Upon completion of this unit, you should be able to:

Describe how Red Hat Enterprise Linux accesses user

information
Configure system to use centralized authentication

services

RH133-RHEL5u4-en-7-20090928/552a371cobjectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Components of Authentication

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page03.html[5/3/2010 2:07:50 AM]

Components of Authentication

Two types of information are required to log in

Account information: Who is this user?

UID number, default shell, home directory, groups, etc

Authentication Credentials: Is this really the user?

Password, key, retinal scan, etc

Account and authentication information may be stored

remotely

Allows for common logins across multiple systems

11-

1

RH133-RHEL5u4-en-7-20090928/68f23321

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Enabling Centralized Authentication

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page04.html[5/3/2010 2:07:50 AM]

Enabling Centralized Authentication

system-config-authentication

Provided by the authconfig-gtk package
Presents GUI interface if possible
Use authconfig-tui to force text-based interface
Also supports making changes via command-line arguments

Supported account information services:

(local files), NIS, LDAP, Hesiod, Winbind/Active-Directory

Supported authentication mechanisms:

(NSS), Kerberos, LDAP, SmartCard, SMB, Winbind/Active-

Directory

Supplemental Media

Developer Nalin Dahyabhai on system-config-authentication

11-

2

RH133-RHEL5u4-en-7-20090928/187a7489

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Network Information Service (NIS)

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page05.html[5/3/2010 2:07:51 AM]

Network Information Service (NIS)

Configuration files converted to “maps” on server
Related maps are grouped into “domains”
Clients join a domain and treat its maps like local files
Common maps include:

passwd

group

hosts

Requires installation of ypbind and portmap RPMs
Password hashes are transmitted unencrypted!

11-

3

RH133-RHEL5u4-en-7-20090928/3f042508

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

NIS Client Tools

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page06.html[5/3/2010 2:07:52 AM]

NIS Client Tools

ypwhich: Displays the name of the NIS server being

used
ypdomainname: Displays or sets the NIS domain to

join
ypcat mapname: Prints the contents of a map from the

server
rpcinfo -p hostname: Verify NIS server (ypserv)

availability

11-

4

RH133-RHEL5u4-en-7-20090928/7cf7c83d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lightweight Directory Access Protocol (LDAP)

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page07.html[5/3/2010 2:07:52 AM]

Lightweight Directory Access Protocol (LDAP)

Network-accessible database tuned for high read traffic
May also be used for service configs, extended user

info, etc.
More modern implementation than NIS, supports

encryption
Server configuration can be more complex than with

NIS
Requires installation of nss_ldap and openldap RPMs

11-

5

RH133-RHEL5u4-en-7-20090928/47a9c83e

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

LDAP Client Tools

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page08.html[5/3/2010 2:07:53 AM]

LDAP Client Tools

Query an LDAP server: ldapsearch

-ZZ: Require an SSL-encrypted connection
-x: Use simple authentication (required without extra

configuration)
-H ldap://hostname[:port]: Connect to specific server

Test SSL connection to server

# openssl s_client -connect hostname:port

11-

6

RH133-RHEL5u4-en-7-20090928/af3d628d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Authentication Configuration In-depth

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page09.html[5/3/2010 2:07:53 AM]

Authentication Configuration In-depth

system-config-authentication really does three

things:

Configure Pluggable Authentication Modules (PAM)

Used by applications to authenticate users

Configure the Name Service Switch (NSS) if necessary

Retrieves account information from local files, NIS and LDAP

Configure service-specific configuration files if necessary

/etc/yp.conf

(NIS)

/etc/openldap/ldap.conf

(LDAP)

11-

7

RH133-RHEL5u4-en-7-20090928/1fed6861

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Name Service Switch (NSS)

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page10.html[5/3/2010 2:07:54 AM]

Name Service Switch (NSS)

Groups information from multiple sources into

"entries":

passwd

: Account information

shadow

: Authentication information

groups

: Group information

Other entries exist, not related to authentication

Entries are defined in /etc/nsswitch.conf
Applications may query NSS directly or via PAM
getent entry displays the contents of an entry

11-

8

RH133-RHEL5u4-en-7-20090928/12316b4f

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Pluggable Authentication Modules (PAM)

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page11.html[5/3/2010 2:07:55 AM]

Pluggable Authentication Modules (PAM)

Applications delegate authentication to the libpam

library
PAM prompts, validates, and tells app to accept or

reject
Allows all applications to use the same auth process

...though application-specific instructions may also be included

Default configuration uses NSS for most user/auth data
Documentation: /usr/share/doc/pam-<version>/

Supplemental Media

Developer Nalin Dahyabhai on why PAM was developed

11-

9

RH133-RHEL5u4-en-7-20090928/5ddea6b6

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Configuring Centralized Home Directories

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page12.html[5/3/2010 2:07:55 AM]

Configuring Centralized Home Directories

Home directories for users may be shared via NFS

Gives users consistent files and settings across systems

autofs can be configured to mount home dirs upon

login
Configuration shortcuts make this easier

*

matches all possible directory names

&

represents the name of the requested directory

Do not enable on systems where untrusted users may

have root access!

11-

10

RH133-RHEL5u4-en-7-20090928/bc2f339f

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Authentication Review

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page13.html[5/3/2010 2:07:56 AM]

Authentication Review

11-

11

RH133-RHEL5u4-en-7-20090928/f10e8921

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 11

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-11/page14.html[5/3/2010 2:07:56 AM]

End of Lecture 11

Questions and Answers
Summary

Authentication is configured using system-config-

authentication
User and authentication information are accessed via PAM and

NSS
Information can be stored locally or on a central server
Supported centralized mechanisms include NIS, LDAP and

Kerberos

RH133-RHEL5u4-en-7-20090928/552a371csummary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 12

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page01.html[5/3/2010 2:07:57 AM]

Lecture 12

Software RAID

RH133-RHEL5u4-en-7-20090928/c4a86305title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page02.html[5/3/2010 2:07:57 AM]

Objectives

Upon completion of this unit, you should be able to:

Configure high-availability storage with RAID
Recover a degraded software RAID array

RH133-RHEL5u4-en-7-20090928/c4a86305objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Redundant Array of Inexpensive Disks

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page03.html[5/3/2010 2:07:58 AM]

Redundant Array of Inexpensive Disks

Multiple disks grouped together into “arrays”

Benefits include better performance and/or fault tolerance
RAID Level defines “how” grouped
Spare disks can add extra redundancy

Hardware RAID built into add-on card or motherboard

Requires driver (kernel module)
Array generally seen as a SCSI disk: /dev/sda

Software RAID is built into Linux kernel

RAID devices are named: /dev/md0, /dev/md1, and so on
mdadm provides the administrative interface

12-

1

RH133-RHEL5u4-en-7-20090928/febf917e

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Adding a Software RAID Device

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page04.html[5/3/2010 2:07:58 AM]

Adding a Software RAID Device

1. Create partitions of type 0xfd (Linux RAID Autodetect)
2. Combine partitions into a RAID device

# mdadm -C /dev/md0 -a yes -l 5 -n 3 partitions...

3. Format the RAID device

# mkfs.ext3 /dev/md0

4. Add an entry to /etc/fstab:

/dev/md0 /mountpoint ext3 defaults 1 2

12-

2

RH133-RHEL5u4-en-7-20090928/cf177c50

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Software RAID Monitoring

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page05.html[5/3/2010 2:07:59 AM]

Software RAID Monitoring

Log entries are sent to syslogd
Interactively check status with:

# mdadm --detail /dev/md0
# cat /proc/mdstat

mdmonitor provides notification services on the status

Must create/setup /etc/mdadm.conf

MAILADDR=user@mydomain.TLD

12-

3

RH133-RHEL5u4-en-7-20090928/b921501f

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Software RAID Recovery

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page06.html[5/3/2010 2:07:59 AM]

Software RAID Recovery

To simulate disk failure

# mdadm /dev/md0 -f /dev/sda1

Recovering from a software RAID disk failure

1. Replace and reboot, or hot-remove if hardware supports it

# mdadm /dev/md0 -r /dev/sda1

2. Add replacement partition into array

# mdadm /dev/md0 -a /dev/sda1

To disassemble/stop a disk array

# mdadm -S /dev/md0

12-

4

RH133-RHEL5u4-en-7-20090928/c4a2635a

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 12

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-12/page07.html[5/3/2010 2:08:00 AM]

End of Lecture 12

Questions and Answers
Summary

RAID coordinates multiple disks to work as one
Spare disks can be designated for auto-recovery in most RAID

levels
RAID devices are created and managed with mdadm

RH133-RHEL5u4-en-7-20090928/c4a86305summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 13

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page01.html[5/3/2010 2:08:00 AM]

Lecture 13

Logical Volume Management

RH133-RHEL5u4-en-7-20090928/43bbab7etitle

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page02.html[5/3/2010 2:08:01 AM]

Objectives

Upon completion of this unit, you should be able to:

Use storage more efficiently with logical volumes
Back up logical volumes with minimal risk and

downtime

RH133-RHEL5u4-en-7-20090928/43bbab7eobjectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

What is Logical Volume Manager (LVM)?

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page03.html[5/3/2010 2:08:02 AM]

What is Logical Volume Manager (LVM)?

A layer of abstraction that allows easy manipulation of

volumes
Supports resizing of filesystems
Allows filesystems to span multiple physical devices

Block devices are designated as Physical Volumes
One or more Physical Volumes are used to create a Volume

Group
Volume Groups are defined with Physical Extents of a fixed size
Logical Volumes are composed of Physical Extents from Volume

Group
Filesystems may be created on Logical Volumes

13-

1

RH133-RHEL5u4-en-7-20090928/d3fefa7b

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

LVM Tools

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page04.html[5/3/2010 2:08:02 AM]

LVM Tools

system-config-lvm provides GUI control

System->Administration->Logical Volume Management
Physical View manages PVs in selected volume group
Logical View manages LVs in selected volume group

lvm subcommand provides CLI control

lvm help lists sub-commands
lvm vgdisplay -v lists status of all VGs, LVs and PVs
Each sub-command has a symbolic link to lvm

Allows sub-commands to be called without lvm prefix

13-

2

RH133-RHEL5u4-en-7-20090928/3ba9f3d7

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Creating Logical Volumes

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page05.html[5/3/2010 2:08:03 AM]

Creating Logical Volumes

1. Prepare underlying block devices

Can use partitions of type 0x8e or software RAID devices

2. Create physical volumes

# pvcreate /dev/hda3

3. Create volume group containing physical volume

# vgcreate vg0 /dev/hda3

4. Create logical volumes inside volume groups

# lvcreate -L 256M -n data vg0

5. Format and mount logical volume (/dev/vg0/data)

13-

3

RH133-RHEL5u4-en-7-20090928/e58489b4

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Resizing Logical Volumes

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page06.html[5/3/2010 2:08:03 AM]

Resizing Logical Volumes

Growing logical volumes and filesystems

lvextend can grow logical volumes
resize2fs can grow ext3 filesystems online or offline

Shrinking filesystems and logical volumes

Must be done offline (umount)
Requires a filesystem check (e2fsck) first
Filesystem then reduced (resize2fs)
Lastly, lvreduce can then reduce the volume

13-

4

RH133-RHEL5u4-en-7-20090928/49b3eb2a

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Resizing Volume Groups

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page07.html[5/3/2010 2:08:04 AM]

Resizing Volume Groups

Volume Groups can be enlarged with:

# vgextend vg0 /dev/sdb1

Volume Groups can be reduced with:

# pvmove /dev/hda3
# vgreduce vg0 /dev/hda3

13-

5

RH133-RHEL5u4-en-7-20090928/cd4f1508

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Logical Volume Manager Snapshots

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page08.html[5/3/2010 2:08:04 AM]

Logical Volume Manager Snapshots

Snapshots are special Logical Volumes that are an exact copy of an

existing Logical Volume at the time the snapshot is created
Snapshots are perfect for backups and other operations where a

temporary copy of an existing dataset is needed
Snapshots only consume space where they are different from the

original Logical Volume

Snapshots are allocated space at creation but do not use it until changes are

made to the original Logical Volume or the Snapshot
When data is changed on the original Logical Volume the older data is copied

to the Snapshot
Snapshots contain only data that has changed on the original Logical Volume

or the Snapshot since the Snapshot was created.

13-

6

RH133-RHEL5u4-en-7-20090928/b0d3cfac

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Using LVM Snapshots

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page09.html[5/3/2010 2:08:05 AM]

Using LVM Snapshots

1. Create snapshot of existing Logical Volume

# lvcreate -l 64 -s -n datasnap /dev/vg0/data

2. Mount snapshot

# mkdir -p /mnt/datasnap
# mount -o ro /dev/vg0/datasnap /mnt/datasnap

3. Perform backup
4. Remove snapshot

# umount /mnt/datasnap
# lvremove /dev/vg0/datasnap

13-

7

RH133-RHEL5u4-en-7-20090928/76376063

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 13

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-13/page10.html[5/3/2010 2:08:06 AM]

End of Lecture 13

Questions and Answers
Summary

LVM organizes space into logical groups independent of device

boundaries
LVM components can be managed with lvm or system-config-

lvm
LVM Snapshots allow backing up of read-only filesystems with

minimal downtime

RH133-RHEL5u4-en-7-20090928/43bbab7esummary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 14

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page01.html[5/3/2010 2:08:06 AM]

Lecture 14

Virtualization and Automated

Installation

RH133-RHEL5u4-en-7-20090928/7005d523title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page02.html[5/3/2010 2:08:07 AM]

Objectives

Upon completion of this unit, you should be able to:

Define virtualization
Interactively install virtual machine
Create and utilize Kickstart files
Set up an anaconda server

RH133-RHEL5u4-en-7-20090928/7005d523objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Virtualization with Xen

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page03.html[5/3/2010 2:08:07 AM]

Virtualization with Xen

Xen is the basis for virtualization in RHEL 5

Paravirtualized guests running RHEL 5 and RHEL 4.5 and later
Full virtualization for unmodified operating systems

Xen Architecture

Hypervisor runs on hardware directly
Hypervisor boots privileged RHEL 5 domain (“Dom0”)
xend and other supporting services run in Dom0
User Domains (“DomU”) managed by Dom0

14-

1

RH133-RHEL5u4-en-7-20090928/d3606ba1

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Preparing Domain-0

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page04.html[5/3/2010 2:08:08 AM]

Preparing Domain-0

Ensure that hardware supports virtualization
Perform a normal installation of the machine
Ensure that kernel-xen, xen, and virt-manager are

installed

Select Virtualization component at install-time
Verify subscribed to RHN "RHEL Virtualization" channel, install

with yum

Verify xend and libvirtd configured to start on boot
Configure kernel-xen as default kernel and reboot

14-

2

RH133-RHEL5u4-en-7-20090928/6e8cd1be

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Installing a New Domain-U

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page05.html[5/3/2010 2:08:08 AM]

Installing a New Domain-U

GUI Wizard: virt-manager

Define the name of the domain
Select VCPUs, RAM, Network, and VBDs
Specify the location of the installer and optionally a kickstart file

CLI Tool: virt-install
DomUs can be configured to start when Dom0 boots:

# chkconfig xendomains on
# virsh autostart domain

14-

3

RH133-RHEL5u4-en-7-20090928/7b41fb0f

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Install Automation with Kickstart

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page06.html[5/3/2010 2:08:09 AM]

Install Automation with Kickstart

Scripted installation method

Supports all anaconda features
Template /root/anaconda-ks.cfg is autogenerated during

installs

Configuration utility: system-config-kickstart
Syntax checker: ksvalidator

14-

4

RH133-RHEL5u4-en-7-20090928/8c700fc0

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Starting a Kickstart Installation

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page07.html[5/3/2010 2:08:09 AM]

Starting a Kickstart Installation

Anaconda boot option ks enters Kickstart mode

DHCP based kickstart: ks
Network based kickstart: ks=url
From local medium: ks=hd:device:/path/to/file

Boot media can be modified for custom installations:

Optical media: boot.iso or Installation CD/DVD
USB media: diskboot.img
Network boot with PXE
Other bootloaders such as GRUB

14-

5

RH133-RHEL5u4-en-7-20090928/86a85abc

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Anatomy of a Kickstart File

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page08.html[5/3/2010 2:08:10 AM]

Anatomy of a Kickstart File

Commands section

Configures the system
Omitted directives are prompted to the user

Packages section

%packages

selects packages and groups for installation

Dependencies are always resolved

Scripts section(s)

Optional section(s) to customize the system
%pre

scripts are run before installation

%post

scripts are run after installation

14-

6

RH133-RHEL5u4-en-7-20090928/878e019c

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kickstart: Commands Section

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page09.html[5/3/2010 2:08:11 AM]

Kickstart: Commands Section

Starting the Installation

Installation Mode

install

performs a fresh install.

upgrade

upgrades an existing installation.

Installation Method:

cdrom
url --url url
nfs --server host --path directory
harddrive --partition=device --dir=/path/to/install_tree

Media Sets

Two available: Client and Server
May contain packages from additional layered products
key

defines the “Installation Number” to access additional

content

14-

7

RH133-RHEL5u4-en-7-20090928/6c5dd313

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kickstart: Commands Section

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page10.html[5/3/2010 2:08:11 AM]

Kickstart: Commands Section

Important Directives

Required Directives

Must be specified, otherwise the installer configures them

interactively
Localization options: keyboard, lang, timezone
Authentication: rootpw, authconfig
Bootloader: bootloader

Optional Directives

Network: network [options]
Security: firewall, selinux, services
Installer behavior: firstboot, poweroff|reboot, interactive,
text

14-

8

RH133-RHEL5u4-en-7-20090928/9dcd9a8f

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kickstart: Packages Section

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page11.html[5/3/2010 2:08:12 AM]

Kickstart: Packages Section

Add package groups with @package_group
Add single packages with package_name (no version)
Remove packages from the list with -package_name
Use wildcards to specify multiple packages
Dependencies are always resolved
Additional languages with @lang-support

14-

9

RH133-RHEL5u4-en-7-20090928/68e06ece

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Kickstart: Scripts Section

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page12.html[5/3/2010 2:08:13 AM]

Kickstart: Scripts Section

%pre

gives you the first word

Executes as a bash shell script
Executes after Kickstart file is parsed

%post

gives you the final word

Can specify interpreter (bash is default)
chrooted by default, but may be run without chroot

14-

10

RH133-RHEL5u4-en-7-20090928/b29c2d23

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Creating a Network Installation Server

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page13.html[5/3/2010 2:08:13 AM]

Creating a Network Installation Server

Provides an easy distribution platform for the enterprise

Necessary for network-based installs
Often faster than CDROM-based installation methods

Share the media directories

NFS, FTP, and/or HTTP
Can be used as a local yum repository

14-

11

RH133-RHEL5u4-en-7-20090928/de147035

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 14

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-14/page14.html[5/3/2010 2:08:14 AM]

End of Lecture 14

Questions and Answers
Summary

Virtualization allows for more efficient use of hardware

resources
virt-manager provides GUI management of virtual machines
virsh and virt-install provide CLI management of virtual

machines
Kickstart files allow for automation of Red Hat Enterprise Linux

installation
Installation leaves a template kickstart in /root/anaconda-
ks.cfg
system-config-kickstart can be used to create new kickstart

files
ksvalidator can be used to check kickstart file syntax
Network installation can be performed via HTTP, FTP, and NFS

RH133-RHEL5u4-en-7-20090928/7005d523summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Lecture 15

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page01.html[5/3/2010 2:08:14 AM]

Lecture 15

Troubleshooting with Rescue Mode

RH133-RHEL5u4-en-7-20090928/9e12a361title

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Objectives

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page02.html[5/3/2010 2:08:15 AM]

Objectives

Upon completion of this unit, you should be able to:

Develop a strategy for troubleshooting
Use the rescue environment
Access virtualized disks from Domain-0

RH133-RHEL5u4-en-7-20090928/9e12a361objectives

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Method of Fault Analysis

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page03.html[5/3/2010 2:08:16 AM]

Method of Fault Analysis

Characterize the problem
Reproduce the problem
Find further information
Eliminate possible causes
Try the easy things first
Configuration files

Backup before changing
Use tools when available

15-

1

RH133-RHEL5u4-en-7-20090928/569b2e74

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Gathering Additional Data

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page04.html[5/3/2010 2:08:16 AM]

Gathering Additional Data

Useful commands

history
grep
diff
find /dir
-cmin -60
strace command
tail -f logfile

Generate additional information

*.debug

in syslog

--debug option in application

15-

2

RH133-RHEL5u4-en-7-20090928/b82d3507

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Things to Check: Boot Process

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page05.html[5/3/2010 2:08:17 AM]

Things to Check: Boot Process

Bootloader configuration
Kernel

Starting init

/sbin/init
/etc/rc.d/rc.sysinit

Entering runlevel [0-6]

/etc/rc.d/rc, /etc/rc.d/rc[0-6].d/
/etc/rc.d/rc.local
Virtual Consoles
X Display Manager

15-

3

RH133-RHEL5u4-en-7-20090928/b66db28d

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Recovery Runlevels

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page06.html[5/3/2010 2:08:17 AM]

Recovery Runlevels

Pass runlevel to init

On boot from GRUB splash screen

kernel

line

module

line (Xen)

From shell prompt using: init or telinit

Runlevel 1

Process rc.sysinit and rc1.d scripts

Runlevel s, S, or single

Process only rc.sysinit

emergency

Run sulogin only

15-

4

RH133-RHEL5u4-en-7-20090928/d41a13ea

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Filesystem Problems During Boot

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page07.html[5/3/2010 2:08:18 AM]

Filesystem Problems During Boot

rc.sysinit attempts to mount local filesystems
Upon failure, user is dropped to an sulogin shell
fsck may be used to fix corrupted filesystems
Before running fsck:

Check fstab for mistakes
Before editing:

# mount -o remount,rw /

Manually test mounting filesystems

15-

5

RH133-RHEL5u4-en-7-20090928/ccb93c5a

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Rescue Environment

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page08.html[5/3/2010 2:08:18 AM]

Rescue Environment

Required when root filesystem is unavailable
Non-system specific
Boot from installer kernel/initrd

boot: linux rescue

15-

6

RH133-RHEL5u4-en-7-20090928/80d921ea

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Rescue Environment Utilities

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page09.html[5/3/2010 2:08:19 AM]

Rescue Environment Utilities

Disk Maintenance Utilities

lvm

Networking Utilities
Miscellaneous Utilities
Logging:

/tmp/syslog

/tmp/anaconda.log

15-

7

RH133-RHEL5u4-en-7-20090928/89192dc9

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Rescue Environment Details

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page10.html[5/3/2010 2:08:19 AM]

Rescue Environment Details

Filesystem reconstruction

Asks if filesystems should be mounted: /mnt/sysimage/*
$PATH

includes hard drive's directories

chroot /mnt/sysimage
NFS method mounted: /mnt/source
Define MANPATH to access man pages

Filesystem nodes

System-specific device files provided
mknod knows major/minor #'s

15-

8

RH133-RHEL5u4-en-7-20090928/234c0a01

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

End of Lecture 15

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-15/page11.html[5/3/2010 2:08:20 AM]

End of Lecture 15

Questions and Answers
Summary

Remember the order of events in the boot sequence:

BIOS
Grub
Kernel

/sbin/init

(reading /etc/inittab)

/etc/rc.d/rc.sysinit
/etc/rc.d/rc runlevel
mingetty/prefdm

Enter linux rescue at boot: prompt for rescue mode
kpartx can be used to examine VM disks

RH133-RHEL5u4-en-7-20090928/9e12a361summary

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Appendix A

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page01.html[5/3/2010 2:08:21 AM]

Appendix A

Working with Virtual Systems

RH133-RHEL5u4-en-7-20090928/4d3c8f4dtitle

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Working with Virtual Systems

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page02.html[5/3/2010 2:08:21 AM]

Working with Virtual Systems

Connecting to virtual systems

Connecting to virtual systems

For many labs you will be asked to connect to a virtual server to complete the lab work.

These servers can be accessed in different ways. The preferred way to access these virtual

machines, a.k.a. domains, is via the ssh command. Depending on your classroom

environment there may be other ways to access these machines.

The following sections discuss tools for managing virtual machines in Red Hat Global

Learning Services physical and virtual training environments, respectively:

Working with virtual machines in a physical-classroom environment

Working with virtual machines in a physical-classroom

environment

If you are in a physical classroom environment, ssh is the recommended method for

connecting to virtual machines, but you have alternatives if that does not work. If you

experience problems connecting using ssh, you can try using the following virsh

commands. Extended usage info on these commands can be found in man virsh.

virsh is the command line management tool used for almost all aspects of controlling and

working with virtual systems. It can also be used to get access directly to a serial console

of a virtual system. This is useful for connecting to virtual systems for monitoring installs,

examining the boot process, or for attaching to hosts that may not yet be configured for

network access. virsh must be run from the Dom-0, or host machine, of the virtual hosts.

It can not be run on the virtual systems themselves.

Using virsh to control domains

Using virsh to control domains

virsh start

domain

Used to 'power on' a virtual host.
virsh shutdown

domain

Does a 'clean' shutdown of a virtual host.
virsh reboot

domain

Reboots a virtual system.
virsh destroy

domain

Is akin to pulling the power plug.
virsh suspend

domain

'Pauses' the virtual system. The host is still in memory but is no longer running.
virsh resume

domain

Changes a virtual system out of the suspended state back into a running state.
virsh save

domain state-file

Saves the running state of a domain to a file to be restored later. This is roughly the

equivalent of 'hibernating' a virtual system.
virsh restore

state-file

background image

Working with Virtual Systems

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page02.html[5/3/2010 2:08:21 AM]

Restore a previously saved domain running state from a virsh save file.

Using virsh to monitor domains

Using virsh to monitor domains

virsh console

domain

Opens a local serial console to a running domain. This gives command-line access to

your virtual system.

Ctrl + ]

Disconnects from the console of a domain.

virsh list [

domain

]

List currently running domains.
xentop

Displays a list of currently running domains and gives information in a constantly

updating format. It is like top for Xen hosts.

Booting virtual systems into recovery runlevels

Booting virtual systems into recovery runlevels

Virtual systems can be booted into recovery runlevels like emergency and single-user

mode, but the process is different than with a physical system.

1. Shut down the virtual system by clicking Shutdown in virt-manager or running

virsh destroy

domain

from the command line.

2. Boot the virtual system to a boot-loader prompt by running xm create -c

domain

(don't forget the -c option!). This will open a console connection to

domain

in your

terminal, allowing you to access the boot-loader.

3. As soon as you see the boot-loader menu, press

a

to halt the countdown and begin

appending arguments to the kernel command line.

4. Add

emergency

for emergency mode or

1

for single user mode to the kernel

arguments and press

Enter

.

5. Disconnect from the console by pressing Ctrl-]
6. Open a graphical connection to the virtual system by double-clicking on it in virt-

manager, which you can start from the command line or by navigating to

Applications->System Tools->Virtual Machine Manager

A-

1

RH133-RHEL5u4-en-7-20090928/00c3746e

Copyright © 2009 Red Hat, Inc.All rights reserved

background image

Working with Virtual Systems

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page03.html[5/3/2010 2:08:22 AM]

Working with Virtual Systems

Working with virtual machines in a virtual-training environment

Working with virtual machines in a virtual-training environment

In a virtual classroom, your workstations are virtual machines. Because running virtual machines within

another virtual machine is not currently supported, you will not have access to other virtual systems directly

using the virsh command. You should instead use ssh to access your virtual systems, or use the web

interface.

You will have a link in the Virtual Training Tools bar for each of the virtual machines assigned for your class.

To manage any of your virtual machines, click the station

X

or server

X

link. You will get a new browser

window that will contain your virtual machine. Near the top of the window you will have buttons to manage

your virtual machine.

Figure A.1. ServerX+100 screenshot

The POWER ON button

background image

Working with Virtual Systems

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page03.html[5/3/2010 2:08:22 AM]

The POWER ON button

Use the POWER ON button to boot the machine. This is like pressing the power button on a physical

machine.

The POWER OFF button

The POWER OFF button

Use the POWER OFF button to immediately shut down the machine. This is similar to unplugging the

machine. Optionally you can run the poweroff or shutdown -h now commands from a terminal to

gracefully shut it down.

The KICKSTART button

The KICKSTART button

Use the KICKSTART button to use the instructors kickstart file to rebuild your machine. You will not be able

to interact with the installation--it will be totally automated. Once the machine is done kickstarting, it will

remain in the powered off state. Press the POWER ON button to power it on. This button is only available in

the station

X

machine.

The RESET button

The RESET button

Use the RESET button to reset your virtual machine using an LVM snapshot. You will have a fresh

installation, and once that is created, it will boot the virtual machine. This button is only available in the

server

X

machine.

The INSTALL button

The INSTALL button

Use the INSTALL button to run an interactive installation. It will ask all the question about partitioning,

packages, etc. Once the machine is done installing, it will remain in the powered off state. Press the POWER

ON button to power it on.

The RESCUE button

The RESCUE button

Use the RESCUE button to send your machine into rescue mode. You will be able to interact with your

installation in a rescue environment.

The CUSTOM (kernel boot args) box

The CUSTOM (kernel boot args) box

Use the CUSTOM (kernel boot args) box to append arguments to the kernel as you boot. When you press

the POWER ON button, it will pop up a dialog box to verify that you want to power on the machine. This will

include a box for kernel boot arguments. These may include arguments such as single, emergency, 3, etc.

If there is anything in the CUSTOM box when you click the POWER ON button, it will be appended to the

kernel line as an argument.

Figure A.2. Custom boot arguments

background image

Working with Virtual Systems

file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page03.html[5/3/2010 2:08:22 AM]

Note that if you add any kernel arguments at boot time, and you soft reboot the machine (e.g., typing

reboot at the command line) the same kernel arguments will be used when the virtual machine boots.

The Ctrl-Alt-Del button

The Ctrl-Alt-Del button

Use the Ctrl-Alt-Del button to send a Ctrl-Alt-Del to the virtual machine. Note that GNOME by default

ignores this keystroke, so you may only be able to use it in text mode.

The Ctrl-Alt-... drop-down menu

The Ctrl-Alt-... drop-down menu

Use the Ctrl-Alt-... drop-down menu to change virtual terminals. For instance, to change to tty1, click the

Ctrl-Alt-... menu, then press F1. To return to the GUI (tty7), click Ctrl-Alt-... menu, then press F7.

A-

2

RH133-RHEL5u4-en-7-20090928/3fe0a14d

Copyright © 2009 Red Hat, Inc.All rights reserved


Document Outline


Wyszukiwarka

Podobne podstrony:
ENG LINUX System Administrators Nieznany
Red Hat Linux 8 Biblia rhl8bi
Red Hat Linux 8 cwiczenia praktyczne 2
Red Hat Linux 7 1 Ksiega eksperta rhl7ke
Red Hat Linux 9 Biblia
Red Hat Linux 9 Biblia rhl9bi
Serwery internetowe Red Hat Linux
Red Hat Linux 7 3 Ksiega eksperta rhl73k
Red Hat Linux 8 Biblia 2
Red Hat Linux 7 1 Ksiega eksperta rhl7ke
Po prostu Red Hat Linux 9
Po prostu Red Hat Linux 8 pprh8
Red Hat Linux 7 3 Ksiega eksperta 2
Po prostu Red Hat Linux 9 pprh9
Red Hat Linux 8 Ćwiczenia praktyczne
Red Hat Linux 7 1 Ksiega eksperta rhl7ke
Rozdzial 3 Red Hat Linux 8
Red Hat Linux 9 Biblia

więcej podobnych podstron