Red Hat System Administration II
RH134
Course Objectives and Structure
Schedule
Improving Command-line Productivity |
Managing SELinux Security |
Implementing Advanced Storage Features |
Managing Network Security |
Scheduling Future Tasks
|
Managing Basic Storage |
Accessing Network-Attached Storage |
Installing Red Hat Enterprise Linux |
Tuning System Performance |
Managing Logical Volumes |
Controlling the Boot Process |
Comprehensive Review |
Controlling Access to Files with ACLs |
|
|
|
Orientation to the Classroom Lab Environment
Chapter 1: Improving Command-line Productivity
Goal: Run commands more efficiently by using advanced features of the Bash shell, shell scripts, and various utilities provided by Red Hat Enterprise Linux.
Objectives:
-
Automate sequences of commands by writing a simple shell script.
-
Efficiently run commands over lists of items in a script or from the command-line using for loops and conditionals.
-
Find text matching a pattern in log files and command output using the grep
command and regular expressions.
Writing Simple Bash Scripts
Creating and Executing Bash Shell Scripts
Guided Exercise: Writing Simple Bash Scripts
Running Commands More Efficiently Using Loops
Using Loops to Iterate Commands
Using Exit Codes Within a Script
Guided Exercise: Running Commands More Efficiently Using Loops
Matching Text in Command Output with Regular Expressions
Writing Regular Expressions
Matching Regular Expressions with Grep
Guided Exercise: Matching Text in Command Output with Regular Expressions
Lab: Improving Command-line Productivity
Summary
- How to create and execute simple Bash scripts.
- How to use loops to iterate through a list of items from the command-line and in a shell script.
- How to search for text in log files and configuration files using regular expressions and
grep
.
Chapter 2:
Scheduling Future Tasks
Goal: Schedule tasks to automatically execute in the future.
Objectives:
-
Set up a command that runs once at some point in the future.
-
Schedule commands to run on a repeating schedule using a user’s crontab file.
-
Schedule commands to run on a repeating schedule using the system crontab file and directories.
-
Enable and disable systemd timers, and configure a timer that manages temporary files.
Scheduling a Deferred User Job
Describing Deferred User Tasks
Inspecting and Managing Deferred User Jobs
Guided Exercise: Scheduling a Deferred User Job
Scheduling Recurring User Jobs
Describing Recurring User Jobs
Scheduling Recurring User Jobs
Describing User Job Format
Guided Exercise: Scheduling Recurring User Jobs
Scheduling Recurring System Jobs
Describing Recurring System Jobs
Introducing Systemd Timer
Guided Exercise: Scheduling Recurring System Jobs
Guided Exercise: Managing Temporary Files
Quiz: Scheduling Future Tasks
Summary
- Jobs that are scheduled to run once in the future are called deferred jobs or tasks.
- Recurring user jobs execute the user's tasks on a repeating schedule.
- Recurring system jobs accomplish administrative tasks on a repeating schedule that have system-wide impact.
- The
systemd
timer units can execute both the deferred or recurring jobs.
Chapter 3: Tuning System Performance
Goal: Improve system performance by setting tuning parameters and adjusting scheduling priority of processes.
Objectives:
Adjusting Tuning Profiles
Installing and enabling tuned
Selecting a Tuning Profile
Managing profiles from the command line
Managing Profiles with Web Console
Web Console privileged login
Active performance profile
Select a preferred performance profile
Verify active performance profile
Guided Exercise: Adjusting Tuning Profiles
Influencing Process Scheduling
Linux Process Scheduling and Multitasking
Setting Nice Levels and Permissions
Nice levels as reported by top
Starting Processes with Different Nice Levels
Changing the Nice Level of an Existing Process
Guided Exercise: Influencing Process Scheduling
Lab: Tuning System Performance
Summary
- The
tuned
service automatically modifies device settings to meet specific system needs based on a pre-defined selected tuning profile.
- To revert all changes made to system settings by a selected profile, either switch to another profile or deactivate the
tuned
service.
- The system assigns a relative priority to a process to determine its CPU access. This priority is called the
nice
value of a process.
- The
nice
command assigns a priority to a process when it starts. The renice
command modifies the priority of a running process.
Chapter 4: Controlling Access to Files with ACLs
Goal: Interpret and set Access Control Lists (ACLs) on files to handle situations requiring complex user and group access permissions.
Objectives:
-
Describe use cases for ACLs, identify files that have ACLs set, and interpret the effect of those ACLs.
-
Set and remove ACLs on files and define default ACLs automatically set by a directory on newly created files.
Access Control List Concepts
Viewing and Interpreting ACL Permissions
Examples of ACL Use by the Operating System
Practice: Interpreting File ACLs
Changing ACL File Permissions
Controlling Default ACL File Permissions
Guided Exercise: Securing Files with ACLs
Lab: Controlling Access to Files with ACLs
Summary
- ACLs provide fine-grained access control to files and directories.
- The
getfacl
command displays the ACLs on a file or directory.
- The
setfacl
command sets, modifies, and removes default and standard ACLs on files and directories.
- Use default ACLs for controlling new files and directories permissions.
- Red Hat Enterprise Linux uses
systemd
and udev
to apply predefined ACLs on devices, folders, and files.
Chapter 5: Managing SELinux Security
Goal: Protect and manage the security of a server by using SELinux.
Objectives:
-
Describe how SELinux protects resources and how to select the enforcement mode.
-
Configure a file's SELinux context to control how processes interact with that file.
-
Configure SELinux booleans to allow runtime policy changes for varying access needs.
-
Investigate SELinux log messages and troubleshoot SELinux AVC denials.
Changing the SELinux Enforcement Mode
How SELinux Protects Resources
Why use Security Enhanced Linux?
Basic SELinux security concepts
SELinux File Context
SELinux access
Changing the current SELinux mode
Setting the default SELinux mode
Guided Exercise: Changing the SELinux Enforcement Mode
Controlling SELinux File Contexts
Changing the SELinux context of a file
Defining SELinux Default File Context Rules
Guided Exercise: Controlling SELinux File Contexts
Adjusting SELinux Policy with Booleans
Guided Exercise: Adjusting SELinux Policy with Booleans
Investigating and Resolving SELinux Issues
Troubleshooting SELinux Issues
Monitoring SELinux Violations
SELinux Policy in Web Console
SELinux Policy Solution in Web Console
No SELinux Alerts in Web Console
Guided Exercise: Investigating and Resolving SELinux Issues
Lab: Managing SELinux Security
Summary
- The
getenforce
and setenforce
commands are used to manage the SELinux mode of a system.
- The
semanage
command is used to manage SELinux policy rules. The restorecon
command applies the context defined by the policy.
- Booleans are switches that change the behavior of the SELinux policy. They can be enabled or disabled and are used to tune the policy.
- The
sealert
displays useful information to help with SELinux troubleshooting.
Chapter 6: Managing Basic Storage
Goal: Create and manage storage devices, partitions, file systems, and swap spaces from the command line.
Objectives:
-
Create storage partitions, format them with file systems, and mount them for use.
-
Create and manage swap spaces to supplement physical memory.
Adding Partitions, File Systems, and Persistent Mounts
MBR Partitioning of the /dev/vdb storage device
GPT Partitioning of the /dev/vdb storage device
Managing Partitions with Parted
Guided Exercise: Adding Partitions, File Systems, and Persistent Mounts
Introducing Swap Space Concepts
Guided Exercise: Managing Swap Space
Lab: Managing Basic Storage
Summary
- You use the
parted
command to add, modify, and remove partitions on disks with the MBR or the GPT partitioning scheme.
- You use the
mkfs.xfs
command to create XFS file systems on disk partitions.
- You need to add file-system mount commands to
/etc/fstab
to make those mounts persistent.
- You use the
mkswap
command to initialize swap spaces.
Chapter 7: Managing Logical Volumes
Goal: Create and manage logical volumes containing file systems and swap spaces from the command line.
Objectives:
-
Create and manage logical volumes from storage devices, and format them with file systems or prepare them with swap spaces.
-
Add and remove storage assigned to volume groups, and nondestructively extend the size of a logical volume formatted with a file system.
Logical Volume Management (LVM) Concepts
Logical volume management components
Reviewing LVM Status Information
Guided Exercise: Creating Logical Volumes
Extending Logical Volumes
Extending and Reducing a Volume Group
Extending a Logical Volume and XFS File System
Extending a Logical Volume and ext4 File System
Extend a logical volume and swap space
Guided Exercise: Extending Logical Volumes
Lab: Managing Logical Volumes
Summary
- LVM allows you to create flexible storage by allocating space on multiple storage devices.
- Physical volumes, volume groups, and logical volumes are managed by a variety of tools such as
pvcreate
, vgreduce
, and lvextend
.
- Logical volumes can be formatted with a file system or swap space, and they can be mounted persistently.
- Additional storage can be added to volume groups and logical volumes can be extended dynamically.
Chapter 8: Implementing Advanced Storage Features
Goal: Manage storage using the Stratis local storage management system and use the VDO volumes to optimize storage space in use.
Objectives:
Managing Layered Storage with Stratis
Describing the Stratis Architecture
Elements of Stratis
Stratis in the Linux storage management stack
Stratis layers
Guided Exercise: Managing Layered Storage with Stratis
Compressing and Deduplicating Storage with VDO
Describing Virtual Data Optimizer
VDO-based virtual machines
Implementing Virtual Data Optimizer
Guided Exercise: Compressing and Deduplicating Storage with VDO
Lab: Implementing Advanced Storage Features
Summary
- The Stratis storage management solution implements flexible file systems that grow dynamically with data.
- The Stratis storage management solution supports thin provisioning, snapshotting, and monitoring.
- The Virtual Data Optimizer (VDO) aims to reduce the cost of data storage.
- The Virtual Data Optimizer applies zero-block elimination, data deduplication, and data compression to optimize disk space efficiency.
Chapter 9: Accessing Network-Attached Storage
Goal: Access network-attached storage using the NFS protocol.
Objectives:
-
Mount, use, and unmount an NFS export from the command line and at boot time.
-
Configure the automounter with direct and indirect maps to automatically mount an NFS file system on demand, and unmount it when it is no longer in use.
-
Configure an NFS client to use NFSv4 using the new nfsconf
tool.
Mounting Network-Attached Storage with NFS
Mounting and Unmounting NFS Shares
Guided Exercise: Managing Network-Attached Storage with NFS
Automounting Network-Attached Storage
Mounting NFS Shares with the Automounter
Guided Exercise: Automounting Network-Attached Storage
Lab: Accessing Network-Attached Storage
Summary
- Mount and unmount an NFS export from the command line.
- Configure an NFS export to automatically mount at startup.
- Configure the automounter with direct and indirect maps, and describe their differences.
- Configure NFS clients to use NFSv4 using the new
nfsconf
tool.
Chapter 10: Controlling the Boot Process
Goal: Manage the boot process to control services offered and to troubleshoot and repair problems.
Objectives:
-
Describe the Red Hat Enterprise Linux boot process, set the default target used when booting, and boot a system to a non-default target.
-
Log in to a system and change the root password when the current root password has been lost.
-
Manually repair file system configuration or corruption issues that stop the boot process.
Selecting the Boot Target
Describing the Red Hat Enterprise Linux 8 Boot Process
Rebooting and Shutting Down
Selecting a Systemd Target
Guided Exercise: Selecting the Boot Target
Resetting the Root Password
Resetting the Root Password from the Boot Loader
Repairing Systemd Boot Issues
Guided Exercise: Resetting the Root Password
Repairing File System Issues at Boot
Diagnosing and Fixing File System Issues
Guided Exercise: Repairing File System Issues at Boot
Lab: Controlling the Boot Process
Summary
systemctl reboot
and systemctl poweroff
reboot and power down a system, respectively.
systemctl isolate target-name.target
switches to a new target at runtime.
systemctl get-default
and systemctl set-default
can be used to query and set the default target.
- Use
rd.break
on the kernel command line to interrupt the boot process before control is handed over from the initramfs
. The root file system is mounted read-only under /sysroot
.
- The emergency target can be used to diagnose and fix file-system issues.
Chapter 11: Managing Network Security
Goal: Control network connections to services using the system firewall and SELinux rules.
Objectives:
Managing Server Firewalls
Firewall Architecture Concepts
The Web Console privileged login
The Web Console networking
The Web Console firewall allowed services list
The Web Console add services interface
The Web Console services filter search
The Web Console services list
Guided Exercise: Managing Server Firewalls
Controlling SELinux Port Labeling
Managing SELinux Port Labeling
Guided Exercise: Controlling SELinux Port Labeling
Lab: Managing Network Security
Summary
- The
netfilter
subsystem allows kernel modules to inspect every packet traversing the system. All incoming, outgoing or forwarded network packets are inspected.
- The use of
firewalld
has simplified management by classifying all network traffic into zones. Each zone has its own list of ports and services. The public
zone is set as the default zone.
- The
firewalld
service ships with a number of pre-defined services. They can be listed using the firewall-cmd --get-services
command.
- Network traffic is tightly controlled by the SELinux policy. Network ports are labeled. For example, port
22/TCP
has the label ssh_port_t
associated with it. When a process wants to listen on a port, SELinux checks to see whether the label associated with it is allowed to bind that port label.
- The
semanage
command is used to add, delete, and modify labels.
Chapter 12: Installing Red Hat Enterprise Linux
Goal: Install Red Hat Enterprise Linux on servers and virtual machines.
Objectives:
-
Install Red Hat Enterprise Linux on a server.
-
Automate the installation process using Kickstart.
-
Install a virtual machine on your Red Hat Enterprise Linux server using Cockpit.
Installing Red Hat Enterprise Linux
Selecting Installation Media
Manual Installation with Anaconda
Installation Summary window
Setting the root password and creating a user
Guided Exercise: Installing Red Hat Enterprise Linux
Automating Installation with Kickstart
Creating a Kickstart Profile
Kickstart Installation Steps
Creating a Kickstart File
Basic Configuration with Kickstart Generator
Publish the Kickstart File to Anaconda
Boot Anaconda and Point it to the Kickstart File
Specifying the Kickstart file location during installation
Guided Exercise: Automating Installation with Kickstart
Installing and Configuring Virtual Machines
Introducing KVM Virtualization
KVM virtualization
Configuring a Red Hat Enterprise Linux Physical System as a Virtualization Host
Managing Virtual Machines with Cockpit
Managing virtual machines in Cockpit
Creating a virtual machine in Cockpit
Installing the virtual machine OS
Quiz: Installing and Configuring Virtual Machines
Lab: Installing Red Hat Enterprise Linux
Summary
- The RHEL 8 binary DVD includes Anaconda and all repositories required for installation.
- The RHEL 8 boot ISO includes the Anaconda installer, accessing repositories over the network during installation.
- The Kickstart system performs unattended installations.
- Kickstart files can be created using the Kickstart Generator website or by copying and editing
/root/anaconda-ks.cfg
.
- The virt Yum module provides the packages for a RHEL system to become a virtualization host.
- The cockpit-machines package adds the Virtual Machines menu to Cockpit.
Chapter 13: Comprehensive Review
Lab: Fixing Boot Issues and Maintaining Servers
Lab: Configuring and Managing File Systems and Storage
Lab: Configuring and Managing Server Security