Red Hat System Administration II

RH134

Welcome

Course Objectives and Structure

Schedule

Day One Day Two Day Three Day Four
Improving Command-line Productivity Managing SELinux Security Implementing Advanced Storage Features Managing Network Security
Scheduling Future Tasks Managing Basic Storage Accessing Network-Attached Storage Installing Red Hat Enterprise Linux
Tuning System Performance Managing Logical Volumes Controlling the Boot Process Comprehensive Review
Controlling Access to Files with ACLs

Orientation to the Classroom Lab Environment

Internationalization

Chapter 1: Improving Command-line Productivity

Goal: Run commands more efficiently by using advanced features of the Bash shell, shell scripts, and various utilities provided by Red Hat Enterprise Linux.


Objectives:

  • Automate sequences of commands by writing a simple shell script.

  • Efficiently run commands over lists of items in a script or from the command-line using for loops and conditionals.

  • Find text matching a pattern in log files and command output using the grep command and regular expressions.

Writing Simple Bash Scripts

Creating and Executing Bash Shell Scripts

Guided Exercise: Writing Simple Bash Scripts

Running Commands More Efficiently Using Loops

Using Loops to Iterate Commands

Using Exit Codes Within a Script

Testing Script Inputs

Conditional Structures

Guided Exercise: Running Commands More Efficiently Using Loops

Matching Text in Command Output with Regular Expressions

Writing Regular Expressions

Matching Regular Expressions with Grep

Guided Exercise: Matching Text in Command Output with Regular Expressions

Lab: Improving Command-line Productivity

Summary

  • How to create and execute simple Bash scripts.
  • How to use loops to iterate through a list of items from the command-line and in a shell script.
  • How to search for text in log files and configuration files using regular expressions and grep.

Chapter 2: Scheduling Future Tasks

Goal: Schedule tasks to automatically execute in the future.


Objectives:

  • Set up a command that runs once at some point in the future.

  • Schedule commands to run on a repeating schedule using a user’s crontab file.

  • Schedule commands to run on a repeating schedule using the system crontab file and directories.

  • Enable and disable systemd timers, and configure a timer that manages temporary files.

Scheduling a Deferred User Job

Describing Deferred User Tasks

Inspecting and Managing Deferred User Jobs

Guided Exercise: Scheduling a Deferred User Job

Scheduling Recurring User Jobs

Describing Recurring User Jobs

Scheduling Recurring User Jobs

Describing User Job Format

Guided Exercise: Scheduling Recurring User Jobs

Scheduling Recurring System Jobs

Describing Recurring System Jobs

Introducing Systemd Timer

Guided Exercise: Scheduling Recurring System Jobs

Managing Temporary Files

Managing Temporary Files

Guided Exercise: Managing Temporary Files

Quiz: Scheduling Future Tasks

Summary

  • Jobs that are scheduled to run once in the future are called deferred jobs or tasks.
  • Recurring user jobs execute the user's tasks on a repeating schedule.
  • Recurring system jobs accomplish administrative tasks on a repeating schedule that have system-wide impact.
  • The systemd timer units can execute both the deferred or recurring jobs.

Chapter 3: Tuning System Performance

Goal: Improve system performance by setting tuning parameters and adjusting scheduling priority of processes.


Objectives:

  • Optimize system performance by selecting a tuning profile managed by the tuned daemon.

  • Prioritize or de-prioritize specific processes with the nice and renice commands.

Adjusting Tuning Profiles

Tuning Systems

Installing and enabling tuned

Selecting a Tuning Profile

Managing profiles from the command line

Managing Profiles with Web Console

Web Console privileged login

Active performance profile

Select a preferred performance profile

Verify active performance profile

Guided Exercise: Adjusting Tuning Profiles

Influencing Process Scheduling

Linux Process Scheduling and Multitasking

Relative Priorities

Setting Nice Levels and Permissions

Reporting Nice Levels

Nice levels as reported by top

Starting Processes with Different Nice Levels

Changing the Nice Level of an Existing Process

Guided Exercise: Influencing Process Scheduling

Lab: Tuning System Performance

Summary

  • The tuned service automatically modifies device settings to meet specific system needs based on a pre-defined selected tuning profile.
  • To revert all changes made to system settings by a selected profile, either switch to another profile or deactivate the tuned service.
  • The system assigns a relative priority to a process to determine its CPU access. This priority is called the nice value of a process.
  • The nice command assigns a priority to a process when it starts. The renice command modifies the priority of a running process.

Chapter 4: Controlling Access to Files with ACLs

Goal: Interpret and set Access Control Lists (ACLs) on files to handle situations requiring complex user and group access permissions.


Objectives:

  • Describe use cases for ACLs, identify files that have ACLs set, and interpret the effect of those ACLs.

  • Set and remove ACLs on files and define default ACLs automatically set by a directory on newly created files.

Interpreting File ACLs

Access Control List Concepts

Viewing and Interpreting ACL Permissions

Examples of ACL Use by the Operating System

Practice: Interpreting File ACLs

Securing Files with ACLs

Changing ACL File Permissions

Controlling Default ACL File Permissions

Guided Exercise: Securing Files with ACLs

Lab: Controlling Access to Files with ACLs

Summary

  • ACLs provide fine-grained access control to files and directories.
  • The getfacl command displays the ACLs on a file or directory.
  • The setfacl command sets, modifies, and removes default and standard ACLs on files and directories.
  • Use default ACLs for controlling new files and directories permissions.
  • Red Hat Enterprise Linux uses systemd and udev to apply predefined ACLs on devices, folders, and files.

Chapter 5: Managing SELinux Security

Goal: Protect and manage the security of a server by using SELinux.


Objectives:

  • Describe how SELinux protects resources and how to select the enforcement mode.

  • Configure a file's SELinux context to control how processes interact with that file.

  • Configure SELinux booleans to allow runtime policy changes for varying access needs.

  • Investigate SELinux log messages and troubleshoot SELinux AVC denials.

Changing the SELinux Enforcement Mode

How SELinux Protects Resources

Why use Security Enhanced Linux?

Basic SELinux security concepts

SELinux File Context

SELinux access

Changing the current SELinux mode

Setting the default SELinux mode

Guided Exercise: Changing the SELinux Enforcement Mode

Controlling SELinux File Contexts

Initial SELinux Context

Changing the SELinux context of a file

Defining SELinux Default File Context Rules

Guided Exercise: Controlling SELinux File Contexts

Adjusting SELinux Policy with Booleans

SELinux booleans

Guided Exercise: Adjusting SELinux Policy with Booleans

Investigating and Resolving SELinux Issues

Troubleshooting SELinux Issues

Monitoring SELinux Violations

Web Console

SELinux Policy in Web Console

SELinux Policy Solution in Web Console

No SELinux Alerts in Web Console

Guided Exercise: Investigating and Resolving SELinux Issues

Lab: Managing SELinux Security

Summary

  • The getenforce and setenforce commands are used to manage the SELinux mode of a system.
  • The semanage command is used to manage SELinux policy rules. The restorecon command applies the context defined by the policy.
  • Booleans are switches that change the behavior of the SELinux policy. They can be enabled or disabled and are used to tune the policy.
  • The sealert displays useful information to help with SELinux troubleshooting.

Chapter 6: Managing Basic Storage

Goal: Create and manage storage devices, partitions, file systems, and swap spaces from the command line.


Objectives:

  • Create storage partitions, format them with file systems, and mount them for use.

  • Create and manage swap spaces to supplement physical memory.

Adding Partitions, File Systems, and Persistent Mounts

Partitioning a Disk

MBR Partitioning of the /dev/vdb storage device

GPT Partitioning of the /dev/vdb storage device

Managing Partitions with Parted

Creating File Systems

Mounting File Systems

Guided Exercise: Adding Partitions, File Systems, and Persistent Mounts

Managing Swap Space

Introducing Swap Space Concepts

Creating a Swap Space

Activating a Swap Space

Guided Exercise: Managing Swap Space

Lab: Managing Basic Storage

Summary

  • You use the parted command to add, modify, and remove partitions on disks with the MBR or the GPT partitioning scheme.
  • You use the mkfs.xfs command to create XFS file systems on disk partitions.
  • You need to add file-system mount commands to /etc/fstab to make those mounts persistent.
  • You use the mkswap command to initialize swap spaces.

Chapter 7: Managing Logical Volumes

Goal: Create and manage logical volumes containing file systems and swap spaces from the command line.


Objectives:

  • Create and manage logical volumes from storage devices, and format them with file systems or prepare them with swap spaces.

  • Add and remove storage assigned to volume groups, and nondestructively extend the size of a logical volume formatted with a file system.

Creating Logical Volumes

Logical Volume Management (LVM) Concepts

Implementing LVM storage

Logical volume management components

Reviewing LVM Status Information

Guided Exercise: Creating Logical Volumes

Extending Logical Volumes

Extending and Reducing a Volume Group

Extending a Logical Volume and XFS File System

Extending a Logical Volume and ext4 File System

Extend a logical volume and swap space

Guided Exercise: Extending Logical Volumes

Lab: Managing Logical Volumes

Summary

  • LVM allows you to create flexible storage by allocating space on multiple storage devices.
  • Physical volumes, volume groups, and logical volumes are managed by a variety of tools such as pvcreate, vgreduce, and lvextend.
  • Logical volumes can be formatted with a file system or swap space, and they can be mounted persistently.
  • Additional storage can be added to volume groups and logical volumes can be extended dynamically.

Chapter 8: Implementing Advanced Storage Features

Goal: Manage storage using the Stratis local storage management system and use the VDO volumes to optimize storage space in use.


Objectives:

  • Manage multiple storage layers using Stratis local storage management.

  • Optimize the use of storage space by using VDO to compress and deduplicate data on storage devices.

Managing Layered Storage with Stratis

Describing the Stratis Architecture

Elements of Stratis

Stratis in the Linux storage management stack

Stratis layers

Guided Exercise: Managing Layered Storage with Stratis

Compressing and Deduplicating Storage with VDO

Describing Virtual Data Optimizer

VDO-based virtual machines

Implementing Virtual Data Optimizer

Guided Exercise: Compressing and Deduplicating Storage with VDO

Lab: Implementing Advanced Storage Features

Summary

  • The Stratis storage management solution implements flexible file systems that grow dynamically with data.
  • The Stratis storage management solution supports thin provisioning, snapshotting, and monitoring.
  • The Virtual Data Optimizer (VDO) aims to reduce the cost of data storage.
  • The Virtual Data Optimizer applies zero-block elimination, data deduplication, and data compression to optimize disk space efficiency.

Chapter 9: Accessing Network-Attached Storage

Goal: Access network-attached storage using the NFS protocol.


Objectives:

  • Mount, use, and unmount an NFS export from the command line and at boot time.

  • Configure the automounter with direct and indirect maps to automatically mount an NFS file system on demand, and unmount it when it is no longer in use.

  • Configure an NFS client to use NFSv4 using the new nfsconf tool.

Mounting Network-Attached Storage with NFS

Mounting and Unmounting NFS Shares

The nfsconf Tool

Guided Exercise: Managing Network-Attached Storage with NFS

Automounting Network-Attached Storage

Mounting NFS Shares with the Automounter

Guided Exercise: Automounting Network-Attached Storage

Lab: Accessing Network-Attached Storage

Summary

  • Mount and unmount an NFS export from the command line.
  • Configure an NFS export to automatically mount at startup.
  • Configure the automounter with direct and indirect maps, and describe their differences.
  • Configure NFS clients to use NFSv4 using the new nfsconf tool.

Chapter 10: Controlling the Boot Process

Goal: Manage the boot process to control services offered and to troubleshoot and repair problems.


Objectives:

  • Describe the Red Hat Enterprise Linux boot process, set the default target used when booting, and boot a system to a non-default target.

  • Log in to a system and change the root password when the current root password has been lost.

  • Manually repair file system configuration or corruption issues that stop the boot process.

Selecting the Boot Target

Describing the Red Hat Enterprise Linux 8 Boot Process

Rebooting and Shutting Down

Selecting a Systemd Target

Guided Exercise: Selecting the Boot Target

Resetting the Root Password

Resetting the Root Password from the Boot Loader

Inspecting Logs

Repairing Systemd Boot Issues

Guided Exercise: Resetting the Root Password

Repairing File System Issues at Boot

Diagnosing and Fixing File System Issues

Guided Exercise: Repairing File System Issues at Boot

Lab: Controlling the Boot Process

Summary

  • systemctl reboot and systemctl poweroff reboot and power down a system, respectively.
  • systemctl isolate target-name.target switches to a new target at runtime.
  • systemctl get-default and systemctl set-default can be used to query and set the default target.
  • Use rd.break on the kernel command line to interrupt the boot process before control is handed over from the initramfs. The root file system is mounted read-only under /sysroot.
  • The emergency target can be used to diagnose and fix file-system issues.

Chapter 11: Managing Network Security

Goal: Control network connections to services using the system firewall and SELinux rules.


Objectives:

  • Accept or reject network connections to system services using firewalld rules.

  • Control whether network services can use specific networking ports by managing SELinux port labels.

Managing Server Firewalls

Firewall Architecture Concepts

Configuring the firewall

The Web Console privileged login

The Web Console networking

The Web Console firewall allowed services list

The Web Console add services interface

The Web Console services filter search

The Web Console services list

Guided Exercise: Managing Server Firewalls

Controlling SELinux Port Labeling

SELinux Port Labeling

Managing SELinux Port Labeling

Guided Exercise: Controlling SELinux Port Labeling

Lab: Managing Network Security

Summary

  • The netfilter subsystem allows kernel modules to inspect every packet traversing the system. All incoming, outgoing or forwarded network packets are inspected.
  • The use of firewalld has simplified management by classifying all network traffic into zones. Each zone has its own list of ports and services. The public zone is set as the default zone.
  • The firewalld service ships with a number of pre-defined services. They can be listed using the firewall-cmd --get-services command.
  • Network traffic is tightly controlled by the SELinux policy. Network ports are labeled. For example, port 22/TCP has the label ssh_port_t associated with it. When a process wants to listen on a port, SELinux checks to see whether the label associated with it is allowed to bind that port label.
  • The semanage command is used to add, delete, and modify labels.

Chapter 12: Installing Red Hat Enterprise Linux

Goal: Install Red Hat Enterprise Linux on servers and virtual machines.


Objectives:

  • Install Red Hat Enterprise Linux on a server.

  • Automate the installation process using Kickstart.

  • Install a virtual machine on your Red Hat Enterprise Linux server using Cockpit.

Installing Red Hat Enterprise Linux

Selecting Installation Media

Manual Installation with Anaconda

Installation Summary window

Setting the root password and creating a user

Guided Exercise: Installing Red Hat Enterprise Linux

Automating Installation with Kickstart

Creating a Kickstart Profile

Kickstart File Commands

Example Kickstart File

Kickstart Installation Steps

Creating a Kickstart File

Basic Configuration with Kickstart Generator

Publish the Kickstart File to Anaconda

Boot Anaconda and Point it to the Kickstart File

Specifying the Kickstart file location during installation

Guided Exercise: Automating Installation with Kickstart

Installing and Configuring Virtual Machines

Introducing KVM Virtualization

KVM virtualization

Configuring a Red Hat Enterprise Linux Physical System as a Virtualization Host

Managing Virtual Machines with Cockpit

Managing virtual machines in Cockpit

Creating a virtual machine in Cockpit

Installing the virtual machine OS

Quiz: Installing and Configuring Virtual Machines

Lab: Installing Red Hat Enterprise Linux

Summary

  • The RHEL 8 binary DVD includes Anaconda and all repositories required for installation.
  • The RHEL 8 boot ISO includes the Anaconda installer, accessing repositories over the network during installation.
  • The Kickstart system performs unattended installations.
  • Kickstart files can be created using the Kickstart Generator website or by copying and editing /root/anaconda-ks.cfg.
  • The virt Yum module provides the packages for a RHEL system to become a virtualization host.
  • The cockpit-machines package adds the Virtual Machines menu to Cockpit.

Chapter 13: Comprehensive Review

Comprehensive Review

Reviewing

Lab: Fixing Boot Issues and Maintaining Servers

Lab: Configuring and Managing File Systems and Storage

Lab: Configuring and Managing Server Security

RH134-RHEL8.0-en-1-20190531