RPM - Aiderex Technology
Download
Report
Transcript RPM - Aiderex Technology
Welcome!
RHCE-II Part
Durgesh Tomar
Unit 1
Package Management
2
What is RPM?
The RPM Package Manager greatly simplifies the distribution,
installation, up-gradation and removal of software on RHEL systems.
Software to be installed using rpm is distributed through rpm package
files, which are essentially compressed archives of files and associated
dependency information. Package files are named using the following
format:
name-version-release.architecture.rpm
3
RPM Package Management
The RPM Package Manager greatly simplifies the distribution, installation,
upgrading and removal of software on red Hat enterprise Linux Systems.
The local RPM database is maintained in /var/lib/rpm/
-i
install
-F
Freshen
-U
upgrade
-v
Verbose
-h
print hash
-e
erase
E.g.:
rpm –ivh zip-2.3.8.i386.rpm
4
RPM : query
rpm -q vsftpd
:
rpm -qa
rpm -qi
vsftpd
:
To show general information
rpm -ql
vsftpd
:
To show list of files installed for a given package
rpm -qip packagename.rpm
:
To show general info of package
rpm -qlp packagename.rpm
:
To show list of file in a package
:
To check if package is installed or not
To queries all installed packages
5
RPM : verification
Importing Public gpg key:
Check your package with public key
rpm --checksig httpd-2.2.3-11.el5_1.3.i386.rpm
To check installed gpg public keys
rpm --import /var/ftp/pub/RPM-GPG-KEY-redhat-release
rpm –qa gpg*
The importing of public key simply means that the above said RPM-GPGKEY-redhat-release is being copied to /etc/pki/rpm/gpg/ with the name
RPM-GPG-KEY-redhat-release
6
What is yum?
A repository is a prepared directory or Web site that contains software
packages and index files. Repositories commonly store packages in
separate directories by architecture.
i386 Suitable for any current Intel-compatible computer noarch
Compatible with all computer architectures
ppc Suitable for PowerPC systems, such as Apple Power Macintosh
x86_64 Suitable for 64-bit Intel-compatible processors, such as AMD
yum is a Software Management Utilities which automatically locate and
obtain the correct RPM packages and dependencies for that particular RPM
from these repositories.
If several versions of the same package are available, your management
utility automatically selects the latest version.
If a new application has requirements that conflict with existing software,
yum aborts without making any changes to your system.
7
Configuring yum
Insert media and install vsftpd as:
rpm –ivh /media/RHEL_5.2 i386 DVD/Server/vsftpd*
Now cd to /media/RHEL_5.2 i386 DVD/ and copy all the contents of the
media to /var/ftp/pub/
Create a file in /etc/yum.repos.d/base.repo and add following contents.
[server_repo]
name=Server repository
baseurl=ftp://192.168.1.250/pub/Server
enabled=1
gpgcheck=0
8
Configuring yum
[VT_repo]
name=VT repository
baseurl=ftp://192.168.1.250/pub/VT
enabled=1
gpgcheck=0
[Cluster_repo]
name=Cluster repository
baseurl=ftp://192.168.1.250/pub/Cluster
enabled=1
gpgcheck=0
9
Configuring yum
[ClusterStorage_repo]
name=ClusterStorage repository
baseurl=ftp://192.168.1.250/pub/ClusterStorage
enabled=1
gpgcheck=0
10
Configuring yum
Start and chkconfig vsftpd services:
service vsftpd start
chkconfig vsftpd on
11
Yum: queries
yum search ifconfig
yum list all
yum info firefox
yum whatprovides */ifconfig
12
Yum: install and remove
yum install packagename
yum remove packagename
yum update packagename
yum grouplist
yum groupinstall group-name
13
Graphical Package management
pup
A graphical tool based on yum that provides the functionality to check all
available repositories for updates.
Applications > System Tools > Software Updater
pirut
Provides an graphical interface to view, install, and remove packages.
Application > Add/Remove software
14
Unit 2
System Initialization
15
Boot sequence
BIOS Initialization
Boot Loader
Stage 1 (IPL Initial Program Loader) :
small, resides in MBR or boot sector contains
information about only Stage 2 and loads the stage 2
Stage 2:
grub.conf [ /boot/grub/grub.conf ] symbolic link [ /etc/grub.conf ]
This is the core image of GRUB reads the file
Kernel Initialization
init Process (/sbin/init)
init also loads [ /etc/inittab ] file into memory
init starts and enters desired run level by executing
/etc/rc.d/rc.sysinit
/etc/redhat-release
/etc/rc.d/rc and /etc/rc.d/rc?.d/
/etc/rc.d/rc.local
/etc/issue
Virtual consoles
X Display Manager
16
Boot Loader Components
Bios passes control to MBR which contains Initial Program Loader (IPL) Stage 1,
which passes control to Stage 2.
Bios passes control to MBR which contains Initial Program Loader (IPL) of other
Operating System, which should be configured to pass control to your Linux
Boot loader stage 1, which is present on Boot sector.
The size of IPL should not exceed 446kbytes.
17
Kernel Initialization
Device Detection
Device driver initialization
Mounts root filesystem read only
Loads initial process (init)
The kernel initialization output scroll quickly. A good way to examine this
output is to view /var/log/dmesg.
18
Init initialization
init reads its configuration file: /etc/inittab
/etc/inittab contains the information on how init should set up the system in
every run level as well as the run level to use as default.
Initial run level
System initialization script
Run Level specific script directories
Trap certain key sequences
Define UPS power fail / restore scripts
Spawn gettys on virtual consoles
Initialize X in run level 5
Because init is the first process, it will always have a PID of number 1.
pstree –p
; show pid
19
Run Levels
Run Levels are different modes to run linux with different configuration.
Init defines 0 to 6 run levels
Defines in file [ /etc/inittab ]
Following are the details of run levels that linux defines by default:
Runlevel
Effect
0
Halt
1,s,emergency
Single user modes ( Only root user can be
logged on. Used to perform Maintenance )
2
Multi-user, without NFS networking
3
Full multi-user mode. ( Includes networking )
4
User definable, but duplicate of run level 3
5
X11 ( Includes networking )
6
Reboot
Note :- If there is no run level defined then system will attempt to
boot to run level 9 which is undefined.
20
/etc/rc.d/rc.sysinit
Important tasks include:
Activate udev and selinux
Set kernel parameters in /etc/sysctl.conf
Sets the system clock
Loads keymaps
Enables swap partitions
Sets hostname
Root filesystem check and remount
Activate RAID and LVM devices
Enable disk quotas
Check and mount other filesystems
Cleans up old locks and pid files
21
/etc/rc.d/rc
Important tasks include:
Responsible for starting / stopping services when then runlevel changes.
You can change the runlevel without shutdown or restart using init x
command where x represent the runlevel you want to start.
Each run level has a corresponding directory:
/etc/rc.d/rc?.d/
All the init scripts resides in /etc/rc.d/init.d/ and /etc/rc.d/rc?.d/ contains
shortcut to these scripts.
22
/etc/rc.d/rc.local
Run after the run level specific scripts.
Because the rc.local script is run each time the system boots, it is convenient
place to execute commands that need to be run as part of the boot process.
However for daemons that need both starting and stopping, you should
consider writing an init.d script to handle it.
23
The xinetd service
Manage service on demand.
Services which are needed less frequently or require additional resource
management, are typically controlled by the xinetd service.
xinetd used /etc/services in its configuration file for port-to-service
management.
/etc/xinetd.conf is the main configuration file for xinetd demon to set global
configuration which is shared by all managed services.
includedir /etc/xinetd.d directive in xinetd.conf includes each file in
/etc/xinetd.d.
Service specific files are stored in /etc/xinetd.d/ directory.
24
grub.conf
Following command can be used to generate the password twice as:
/sbin/grub-md5-crypt
Password:
Retype password:
$1$0k6/J/$jvYIiTDmyBTmYeQ0wSdWr/i
/sbin/grub-md5-crypt
Password:
Retype password:
$1$Fx6/J/$UQLo1ZkNesHkp6t.aFMrE0
25
grub.conf
default=1
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$0k6/J/$jvYIiTDmyBTmYeQ0wSdWr/i
title Red Hat Enterprise Linux Server (2.6.18-8.el5)
root (hd0,0)
password --md5 $1$Fx6/J/$UQLo1ZkNesHkp6t.aFMrE0
kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-8.el5.img
title Windows XP
rootnoverify(hd0,1)
chainloader +1
26
reinstall grub:
You need to execute the following command to fill first 446 bytes of MBR with zero's,
which will overwrite grub information
dd if=/dev/zero of=/dev/sda bs=446 count=1
reinstall grub:
Change boot sequence to CD-ROM and boot from RHEL CD-1. At boot prompt, type
linux rescue and boot into rescue mode with the following selections:Choose Language
: English
Keyboard: us
Setup Networking: No
rescue: continue
Now at sh-3.00# prompt type command grub. When grub prompt appears type the
following commands one by one:
grub> root (hd0,0)
grub> setup (hd0)
grub> quit
Now at sh-3.00# type "exit, which will reboot your system. On rebooting, you will get
grub manager, where you can select the OS you want to boot.
27
Controlling Services
Utilities to control default system services
system-config-services : graphical utility that requires an X
interface to control services. Services can be added, deleted or reordered in run level 3 through 5 with this utility
ntsysv : is a console-based interactive utility that allows you to
control what services run when entering a given run level. It
configures the current run level by default by using the - -level
option you can configure other run levels
chkconfig : scripts can be managed at each run level with the on
and off chkconfig options.
service : command is used to start or stop a standalone service
immediately, we also can use other options start, stop, restart and
reload
28
Unit 3
Kernel Services
29
The Linux Kernel
It is the kernel’s responsibility to control hardware, enforce security and
allocate resources such as CPU and memory.
Operating system is not Linux but rather a collection of application that
make use of the facilities provided by the Linux Kernel.
Duties of kernel are System management, memory management, security
management, process scheduling.
Kernel is always installed under /boot/vmlinuz-*.
Kernel documents are available when kernel-doc rpm is installed and are
available under /usr/share/doc/kernel-doc-*/Documentation/
30
Type of Kernel
SMP – Regular Kernel
PAE Kernel
Xen kernel used for virtualization.
The kernel now a days used are Modular kernel. In these type of kernel,
Only a few modules essential to all system are compiled directly into the
kernel, rest of the modules are dynamically loaded as required from
/lib/modules/. The benefit of modular kernel is that only required modules
are loaded in memory and later on modules are added or removed as
required.
31
Kernel Module Utilities
lsmod command displays status of module in kernel.
modprobe command will add or remove modules from the Linux Kernel.
modprobe –a <module-name> will insert specified module.
modprobe –r <module-name> will remove the specified module.
modprobe –l
List all the available modules
insmod <module-name> and rmmod <module-name> are the two
commands to add and remove kernel modules.
modinfo <module-name> command displays information about a specified
kernel module. E.g. modinfo pcnet32
32
How to make Linux box understand NTFS file
system?
Following kernel module is required to be installed to make your linux box
understand NTFS file system:
Add NTFS module to kernel as:
rpm -ivh kernel-module-ntfs-2.6.9-5.rpm
/sbin/modprobe ntfs
at this stage module has been added to kernel. To check if NTFS module
have been added use following commands:
dmesg | grep NTFS
cat /proc/filesystems
Now you can mount your NTFS Partition on Linux.
How to access NTFS partition in linux?
Now you can mount ntfs partition on to Linux as:
mount -t ntfs /dev/hda6 /mnt/
33
configuration file for modprobe
/etc/modprobe.conf configuration file contains
alias to module or
contains options and parameters that are required to be passed to the
module when the module loads or
commands to execute when a module is loaded or unloaded.
34
initrd Drive
All the kernel modules are present in /lib/module/$(uname), but as the root
filesystem is not mounted on booting time, these modules cannot be
accessed, but these modules are required to mount root filesystem. So, it is
the initrd RAM drive which provides necessary modules to the kernel to boot
and mount root filesystem.
Making init RAM drive when corrupted or missing.
1)
Boot from first cd and at prompt write linux rescue.
2)
chroot /mnt/sysimage
3)
mkinitrd /boot/initrd-$(uname –r).img $(uname –r)
4)
reboot your system.
35
Making init RAM drive with specific module:
1)
Placing particular module in an initial Ram Disk: You can place a module in
initrd image as
mkinitrd --with=scsi_mod /boot/initrd-$(uname –r).img $(uname –r)
2)
You can also add the directive in /etc/modprobe.conf:
alias scsi_hostadapter ata_piix
mkinitrd /boot/initrd-$(uname –r).img $(uname –r)
-
/etc/modprobe.conf
Adding a module add the dependent modules on which the module being
added depends.
36
The /proc filesystem
/proc is a virtual filesystem containing information about the running kernel. Contents
of “files” under /proc may be viewed using cat. Some of the information is Read Only
and some can be read-write. Modifications apply immediately but the change in value
will not be retain on next reboot.
/proc/<PID>/
-
stores information about running process.
/proc/cmdline
-
displays the parameter passed to the kernel during booting time.
/proc/cpuinfo
-
provide processor information.
/proc/mdstat
-
software raid information
/proc/meminfo
-
system memory usage
/proc/swaps
-
swap partition information
/proc/modules
-
information about dynamically loaded modules.
/proc/partitions -
provide partition information about known block devices.
/proc/version
-
provide kernel version
/proc/mounts
-
mounted filesystem
/proc/sys/kernel/hostname
-
system hostname
/proc/sys/net/ipv4/ip_forward
-
ip forwarding on or off
/proc/sys/vm/drop_caches
-
value 1 forces the kernel to free up some
memory for cache
37
sysctl : persistent kernel configuration
kernel parameters can be modified in /etc/sysctl.conf.
display kernel parameters:
sysctl -a
Setting kernel parameters:
1) Open the file /etc/sysctl.conf and change the value of below from 0 to 1
net.ipv4.ip_forward=1
Loading modified parameters as:
sysctl –p
will enable ip forwarding on your system.
2) The parameter can also be changed as
sysctl –w net.ipv4.ip_forward=1
3) echo “1” > /proc/sys/net/ipv4/ip_forward
38
How to configure your Linux box as router
To make your Linux Box as router, your network card needs to be
configured for networks for which your Linux Box is going to work as Router.
Now edit the file /etc/sysctl.conf on this system as:
net.ipv4.ip_forward=1 ;this is 0 by default
Now, to let your system re-read sysctrl.conf file, use following command:
sysctl -p
39
Device nodes
Device nodes are the access points for device.
/dev/hda
IDE Hard Disk or CD-ROM
Block Device
/dev/sda
Sata, SCSI and usb storage
Block Device
/dev/md0
Software RAID
Block Device
/dev/tty[1-6]
Virtual console
character device
/dev/pts/* represents virtual terminal
devpts is a virtual filesystem under /dev/pts/ directory which provides
pseudo terminals which are used by program like gnome-terminal, ssh
server etc.
character device
40
Accessing drives through /dev
Below command will display message “message” on /dev/tty1
echo “message” > /dev/tty1
below command will print on serial device:
cat file.txt > /dev/ttyS0
41
Managing /dev/ with udev
Linux is shopped with thousands of files under the /dev/ directory. But it
certainly was not elegant to provide device files for every device, which will
never be added to the system.
A better way was to provide udev under /dev, which consists of utilities and
configuration files which provide rules that apply whenever a device is
connected to the system and detected by the kernel. udev makes it possible
to create or remove files on the fly, when the corresponding device is
plugged in or disconnected.
It is also possible for the system administrator to add rules in order to modify
default names and permissions used under /dev/, these rules are located in
/etc/udev/rules.d/.
42
Adding files under /dev
mknod and MAKEDEV utility can be used to create device files.
This would require knowledge about the device type, major and minor
numbers and work.
43
Exploring Hardware devices
hal-device
list all devices in text mode
hal-device-manager
displays all devices on a graphical window. You need to install package as
yum install hal*
lspci
list all PCI devices
lsusb
list usb devices
hwbrowser
command to browse hardware. You need to install package as
yum install hwbrowser*
44
Monitoring Processes and resources
Memory:
free command – displays amount of free and used memory in the system
vmstat command – displays virtual memory statistics.
pmap – report memory map of a process
Processes:
ps
: reports snapshot of current process
top
: displays linux tasks
gnome-system-monitor
: similar to top command
Kernel State:
uname
: print system information
uptime
: Tell how long the system has been running
tload
: graphic representation of system load average
45
Unit 4
System Services
46
Console
Physical console:
/dev/tty1 for virtual consoles
/dev/fb1 for framebuffer based drivers for xen and non-x86 architectures.
Virtual Console:
There are 6 virtual consoles. You can switch between them by pressing
ctrl+alt+Fx where x is 1 to 6. You can also change virtual console using
command chvt n where n is the virtual console number to which you want to
move.
Serial Console:
/dev/ttyS0 serial console. Used generally to provide a text login on a serial
console, for which the /etc/inittab file must be configured.
mingetty program is used for text logins on virtual consoles and can be
configured to listen on Physical Serial Port. This could be useful for
maintenance or for serving a whole room full of dumb terminals.
prefdm program is used to start a display manager X session.
47
Console
System Console:
The kernel normally maps /dev/console to the physical console by
default; output written at boot to /dev/console goes to /dev/tty1 (/dev/fb1
if using the framebutter).
init normally opens /dev/console to print its boot messages (including
graphical boot).
Pseudoterminal or pty
A terminal display that is connected to a software program, not a hardware
device. Represented by /dev/pts/# where # represents a number.
48
X11 Server
X Windows System also called X or X11 is the foundation of GUI in redhat.
Maintained by http://www.X.org and XOrg project http://xorg.freedesktop.org
adds hardware drivers for a variety of video cards and input devices to
manage visual representation of data.
The X Server is the program that speaks through your video hardware. Any
application that wants to communicate through the display is an X client.
The logs of X are stored in /var/log/Xorg.0.log file.
To provide the local X server fonts not shipped with the RHEL distribution,
copy them to a directory under /usr/share/fonts, or to the end-user directory
$HOME/.fonts. The next time an X session starts, the xft system
automatically configure fonts under these directories for most client
application, with an exception, of openoffice suit which has its own font
management system.
49
X11 Server configuration
Can be configured using
system-config-display
Stored in /etc/X11/xorg.conf
/etc/sysconfig/desktop is read to determine whether Gnome or KDE is the
preferred desktop environment.
If not defined or the defined is not installed, a number of other window
managers are attempted in the following order:
Gnome > KDE > twm
Runlevel 3: startx or init
Runlevel 5: prefdm
When in runlevel 5 /sbin/init will run /etc/X11/prefdm. This script invokes the
X server and a display manager, set in the file /etc/sysconfig/desktop
When the user logs out, the X server is restarted by the display manager
with a new login
50
ssh (Secure SHell) client
ssh is a client remote login program to connect remote system and for
executing commands on remote system. This program provides secure
encrypted communication over an insecure network. By default you can use
ssh to login remote system using any user with a valid password.
If your DNS server is configured you can use host name to login, else if not,
you need to use ip address of the remote system to login.
51
ssh to specific remote user
If you want to ssh to specific user, you can do that as:
ssh [email protected]
where sunil is the user on 192.168.1.25 to who you want to ssh.
52
Executing command remotely using ssh
You can execute almost any command on remote system as:
ssh 192.168.1.24 “df -h”
53
Copying file securely
FTP isn’t very secure to copy file remotely because username and
passwords and the data sent across the network are unencrypted.
scp command can be used as an alternate to ftp command as scp does not
support anonymous user like ftp.
COPY FILE FROM LOCAL SYSTEM TO REMOTE SYSTEM
scp /root/abc.txt [email protected]:/root/
COPY FILE FROM REMOTE SYSTEM TO LOCAL SYSTEM
ssh [email protected] “ls –l”
scp [email protected]:/root/abc.txt /root/
54
Copying file securely
COPY FILE FROM ONE REMOTE SYSTEM TO ANOTHER REMOTE
SYSTEM
scp [email protected]:/root/abc.txt [email protected]:/root/
COPYING FILE RECURSIVELY
While sitting on ip 24, I can recursively copy the entire directory of 25 to 30
using -r recursively copy option.
scp –r [email protected]:/root/data/ [email protected]:/root/
55
SSH AND SCP WITHOUT PASSWORD
first you need to generate a key using ssh-keygen.
ssh-keygen
you can generate two version of key using ssh-keygen, namely rsa or dsa. If
–t option is not DEFAULT is rsa. When the rsa key is generated two files
namely id_rsa and id_rsa.pub are created in ~/.ssh/ directory and when the
dsa key is generated two files namely id_dsa and id_dsa.pub are created in
~/.ssh/. In both the case file with the extension .pub is a public key, which is
to be shared and the second file contains private key, which is not to be
shared. The key can be generated using ssh-keygen as:
ssh-keygen –t dsa
56
SSH AND SCP WITHOUT PASSWORD
During this process you are asked the following things:
[root@localhost .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
fa:4d:c3:d5:79:f1:16:bb:9c:02:ad:26:a0:bc:cb:1f [email protected]
[root@localhost .ssh]#
57
SSH AND SCP WITHOUT PASSWORD
Now you need to copy the public id-rsh.pub file to the system in the users home
directory, which you want to access through your system using ssh.
[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
15
The authenticity of host '192.168.1.25 (192.168.1.25)' can't be established.
RSA key fingerprint is 24:08:bf:50:1e:d5:7f:7e:28:03:81:51:74:0b:b5:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.25' (RSA) to the list of known hosts.
[email protected]'s password:
58
VNC
Run vino-preferences on command prompt, which will popup the gui interface to
configure vnc as below:
59
VNC
Here select “Allow other users to view your desktop”, which will allow other users to
view your desktop, if you also select “Allow other users to control your desktop”, the
other users will also be able to control your desktop. Under Security option, if you
select “Ask you for confirmation”, every time a user tries to connect your system, and
you will be prompted to allow or deny that connection, as shown below.
If you unselect “Ask you for conformation” anyone can connect your system through
vnc without your permission.
Another option under Security tab is “Require the user to enter this password”, which
when checked, the password field gets enabled, where you need to enter the
password. Now, whenever the user tries to vnc your linux box, he will be prompted for
a password.
To connect using vnc execute command: vncviewer 172.24.0.15
60
Accessing graphical tools of remote system
ssh –XY 192.168.1.25
After executing this command, you can execute any gui command like neat or
system-config-display to get gui tools interface of 192.168.1.25 on to your system.
Execute gdmsetup on prompt. You will get the following screen, where you need to
click “Remote” table and under style you need to select “Same as Local” and then
close this dialog box using close button:
61
62
Accessing graphical tools of remote system
Now you need to restart 192.168.1.25. After the system get restarted you
need to execute the following command on to your local system:
Xnest :1 –query 192.168.1.25
Where :1 is the display number.
You will get the login screen of 192.168.1.25 on to your local system, where
you can login, but you cannot use root login as by default root cannot login
using Xnest command. The screen looks like the below one:
63
64
Network time protocol
Configuration file : /etc/ntp.conf
To configure system date and Network Time Protocol: system-config-date
65
Unit 5
Filesystem Management
66
Introduction
Linux specific partitions would normally be one of the following types:
5 or f :
extended
82
:
Linux swap
83
:
Linux
8e
:
Linux LVM
fd
:
linux RAID auto
Partition Limit:
63 total partitions on each IDE Disk
15 total partitions on each SCSI Disk
67
Managing Partitions
Partition can be created using :
fdisk
sfdisk
parted
partprobe :
At system bootup, the kernel makes its own in-memory copy of the partition
tables from the disk. Most tools like fdisk edit the on-disk copy of the
partition tables. To update the in-memory copies, run partprobe.
68
CREATING LINUX PARTITIONS:
Step-1 – Check the drive
fdisk -l
Step-2 – Create new partition
fdisk
/dev/hda
Step-3 – Write the new table to running kernel configuration
partprobe
Step-4 – Format the new partition
mkfs.ext3
/dev/hdaN
Step-5 – Mount the new partition
a) Temporary : Give the following command
mount
-t ext3
/dev/hdaN
/mnt/newdata
b) Permanent : vi
/etc/fstab
/dev/hdaN
/mnt/newdata
ext3
Step-6 – Activate the mounting of new partition
mount
defaults
0
0
-a
69
Making filesystem and filesystem label
-t specifies the filesystem type:
-j creates ext3 journal, -L specifies Label, and –c specifies check the device
for badblocks before creating the filesystem:
mke2fs –j –L dump –c /dev/sda6
Labeling a device using e2label command:
e2label /dev/sda6 dump
e2label /dev/sda6
Mounting a filesystem using label:
mkfs –t ext3 /dev/sda6
mount LABEL=dump
/mnt/data
Mount Permanent –
vi
/etc/fstab
LABEL=newlabel
/mnt/newdata
ext3
defaults 0
0
70
tune2fs
Display filesystem information.
Change maximum mount count after which the system will be scanned.
tune2fs –i 356 /dev/sda6
Disable mandatory filesystem check:
tune2fs –c 100 /dev/sda6
Check filesystem after 365 days:
tune2fs –l /dev/sda6
tune2fs –i 0 –c 0 /dev/sda6
To view the current settings use the dumpe2fs command. This command
also displays the layout of the filesystem.
71
/etc/fstab
Used by mount, fsck and other programs.
mount –a command can be used to mount all filesystems listed in the
/etc/fstab.
Format:
Device
Label=/boot /boot
Device
mount_point
fs_type
options
dump_freq
ext3
defaults
1
fsck_order
2
Device file name or filesystem label of the device to mount
mount_point The path used to access the filesystem
FS_type
The filesystem type
Options
A comma separated list of options,
Dump_freq
0=never dump, 1=daily, 2=every other day etc.
fsck_order
0=ignore, 1=scan first, 2=scan second, 3=scan third etc.
Filesystems that have the same number greater than 1 and
on separate device are checked in parallel.
72
mount
Users home directories should be mounted with deny permission to execute
files managed there:
mount –t ext3 –o noexec /dev/hda7 /home
Mount iso image:
mount –t iso9660 –o loop /iso/documents.iso /mnt/cdimage
Mount /dev/hda2 partition so that each file is owned by a specific UID and
GID. Normally Filesystem data would be owned by root, denying direct file
manipulation to others.
mount –t vfat –o uid=515,gid=520 /dev/hda2 /mnt
This mounts a directory already mounted on the filesystem on another
mounting point.
mount --bind /somedirectory /anotherdirectory
73
mount
Mount all file system mentioned in /etc/fstab.
mount –a
Remount my / filesystem as read-write
mount –o remount,rw /
mount all filesystem mention in /etc/fstab
74
Mounting nfs filesystem
mounting using mount command:
mkdir /mnt/server1
mount –t nfs 172.24.0.250:/var/ftp/pub /mnt/server1
Entry in /etc/fstab
172.24.0.250:/var/ftp/pub /mnt/server1
nfs defaults
00
/etc/init.d/netfs mounts any network filesystem that are configured to be
mounted at boot time.
75
What is SWAP Space?
Swap space in Linux is used when the amount of physical memory (RAM)
is full. If the system needs more memory resources and the RAM is full,
inactive pages in memory are moved to the swap space. While swap space
can help machines with a small amount of RAM, it should not be
considered a replacement for more RAM. Swap space is located on hard
drives, which have a slower access time than physical memory.
Swap should equal 2x physical RAM.
76
CREATING SWAP PARTITION
Step-1 – Create a partition type of “swap” using FDISK
fdisk /dev/hda
Step-2 – Change the System ID of partition and Format the partition as
SWAP
Press t for change the system ID of New Partition to linux SWAP
Save and exit from fdisk command and run partprobe command
mkswap /dev/hdaN
Step-3 – Permanent availability to the system
vi /etc/fstab
/dev/hdaN swap
swap
Step-4 – Enable the SWAP space
swapon
defaults
00
-a
77
CREATING SWAP PARTITION
swapon -a : switch will make available all the devices marked as swap
in /etc/fstab. Device that are already running as swap are silently
skipped.
swapon -s : displays summary about swap devices Which can also
checked as:
cat /proc/swaps
78
remove swap partition
Step 1.
Check your swap details:
[root@ns1 ~]# swapon -s
Step 2.
Disable swap partition as:
[root@ns1 ~]# swapoff /dev/sdb1
Step 3.
Remove the entry from /etc/fstab.
Step 4.
Now you can safely delete the /dev/sdb1 partition if required.
Step 5.
Check swap information again, you will see that the swap partition is no
more in use.
[root@ns1 ~]# swapon -s
79
CREATING SWAP FILE
Step-1 – Creating a SWAP file
dd if=/dev/zero
of=/swapfile bs=1M
count=300
Step-2 – Configuring this file as SWAP
mkswap
/swapfile
Step-3 – Add the following entries in /etc/fstab as:
/swapfile swap swap defaults 0 0
Step-4 – Activating and confirming
swapon -a
swapon -s
80
remove swap file
Step 1.
Check your swap details:
[root@ns1 ~]# swapon -s
Step 2.
Disable use of swap file as:
swapoff /swapfile
Step 3.
Remove the entry from /etc/fstab.
Step 4.
Delete file /swapfile
Step 5.
Now, check swap information again, you will see that the swap file is no
more in use
[root@ns1 ~]# swapon -s
81
Unit 6
User Administration
82
/etc/passwd, /etc/shadow, /etc/group files
Authentication information is stored in plain text files:
/etc/passwd
Stores user information. Username, password placeholder, uid number,
primary gid number, GECOS field, home directory and shell
/etc/shadow
stores users name and password, see man 5 shadow for details.
/etc/group
Stores group information: group name, group password placeholder, gid
number, and a comma separated list of group members.
/etc/gshadow
Stores group password and related information.
It contains, group name, encrypted password, comma separated list of
group administrator, comma separated list of group members.
83
Adding user
useradd - Create a new user or update a user information.
useradd joshi
above command add a new account called joshi to the machine, as well as
set up that user's home directory, create a private group (named joshi) for
the user, but the user is locked.
The next step would be to assign joshi a password which you can do by
simply typing the following command:
passwd joshi
if password is not specified during user creation using -p option the account
is created with "Local password is locked" enabled, which means account is
locked.
84
/etc/skel
/etc/skel is the directory which contains the following files and directory,
which are copied to the home directory of every user you create.
.bash_logout, .bashrc, .bash_profile, .emacs, .mozilla/
85
/etc/default/useradd file
/etc/default/useradd file contains the default values which are as under:
# useradd defaults file
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
These default values are used if not passed during user creation.
86
/etc/default/useradd file
Option GROUP specifies the group id (GID) to which a user belong if -n option is
specified, it will turn off the default behavior of creating a group having the same
name as the user, during user creation.
Option HOME defines the directory where user's home directory is created by default.
This default option can be overridden by using -d option.
Option INACTIVE defines the number of days (after password expires) for which
system will force you to change the password and will not allow you to login until the
password is changed. After the said number of days the account expires.
Option SHELL defines the user's login shell. This default option can be overridden
using -s option during user creation.
Option SKEL defines the path of the director which contains the files and directories
which are copied to the users home directory when the user login is created. Here
you can place additional files and directories, which you want to be copied to users
home directory, when user is created. This option can be overridden using -k option
using user creation.
87
Creating new users in batch
newusers command is used to update and create new users in batch.
You need to create file in the /etc/passwd file format with a second field
having password in plane text format.
Use newusers yourfile to create all the users mentioned in yourfile name.
One drawback of using this method is that the users home directories do not
get populated with the file from /etc/skel/
newusers myusers
Where myusers is the file containing the users details in format similar to
/etc/passwd file.
If you are using MD5 password (the default), ensure that newusers will
generate MD5 passwords, else the users will not be able to login.
/etc/login.defs needs an entry like this:
MD5_CRYPT_ENAB yes
88
usermod - Modify a user account
-c comment
Change the comment field.
-d home_dir
Change the home directory
-e expire_date
Set date on which the account will expire and be
disabled.
-g group
Change the initial login group.
[-a] -G group,[…]
A comma separated list of supplementary groups for
the user. If the user is currently a member of a group
which is not listed, the user will be removed from the
group. Adding the –a option before the –G option will
append the user to the specified groups.
-l login_name
Change the login name.
89
usermod - Modify a user account
-s shell
Change the login shell.
-u uid
Change the login ID.
-p password
Change the string in the password field. This must be
the encrypted password.
-L
Lock the password. This renders the account unusable.
-U
Unlock the password.
90
userdel – delete a user account
userdel - Delete a user account and related files
-r
Files in the user’s home directory will be removed along with the
home directory itself and the user’s mail spool.
Deleting accounts without deleting the associated Home directories
may cause issues with the file ownership when future users are added
to the system.
91
groupadd
groupadd - Create a new group
groupadd [-g gid ] [-r] group
-r option instruct to a system account. The first available gid lower than
499 will be automatically assigned unless –g option is used which can be
used to specify the required gid.
groupmod - Modify a group
groupmod [-g gid ] [-n group_name ] group
-g specified the numeric value of gid.
-n specifies the new group name.
groupdel - Delete a group
groupdel <groupname>
• You may not remove the primary group of any existing user.
• You must remove the user before you remove the group.
92
Password Aging Policies
chage user password expiry information.
chage
[-m mindays]
[-M maxdays]
[-d lastday]
[-I inactive]
[-E expiredate]
[-W warndays]
user
chage –l user
93
Password Aging Policies
All options are restricted to root except –l (show account aging
information) which can be used by non-privileged user.
-m mindays
This option specifies the minimum days after which the password change
is allowed.
-M maxdays
Maximum number of days for which the password is valid. Maximum days
is the day starting from the day when user is first permitted to use passwd
to change the password till the last day he has to change the password
before he can use his account.
-d YYYY-MM-DD
Can be used to change the date on which the password was last changed.
94
Password Aging Policies
-I inactive
Set the number of days of inactivity after a password has expired before
the account is locked.
-E YYYY-MM-DD
Specifies the date on which the account will no longer be accessible.
-W warndays
Specifies the number of days before a password change is required.
chage username – without options will let you change the settings
interactively.
95
Say last password was changed today i.e. on 04-03-2009
[root@ns1 ~]# chage –m 3 –M 10 –I 2 –W 4 test
5
user cannot change his password
6
user cannot change his password
7
user cannot change his password
8
user can change password using passwd but he is not forced to do this
9
user can change password using passwd but he is not forced to do this
10
user can change password using passwd but he is not forced to do this
11
user can change password using passwd but he is not forced to do this
12
your password expires in 3 days
13
your password expires in 2 days
14
your password expires in 1 days
15
your password expires in 0 days
16
You are forced to change the password, before he can use his account.
17
You are forced to change the password, before he can use his account.
18
password expires.
96
sudo
If server is required to be administrated by many people it is not a good
idea to allow all of them the root account. This is because it becomes
difficult to determine exactly who did what, when and where.
The sudo utility is designed to overcome this difficulty. The sudo utility
allows users defined in the /etc/sudoers configuration file to have
temporary access to run commands they would not be able to use due to
file permission restrictions. When a user is defined in the /etc/sudoers
configuration file, he can execute privileged commands but he has to prefix
sudo before the privileged command.
When running the command with sudo prefix, you will be prompted for
your regular password before it is executed. After providing a correct
password, you can execute all the mentioned privileged command for 5
minutes without being re-prompted for a password.
All commands run as sudo are logged in the log file /var/log/messages.
You can configure /etc/sudoers configuration file by executing visudo
command.
97
sudo
User/group servername = (user_credibility) command_allowed
Allow sunil to access all commands using anyones creadibility.
sunil ALL=(ALL) ALL
Allow suing to use /bin/ls, /bin/kill using admin users credibility
sunil ALL = (admin) /bin/ls, /bin/kill
User_Alias LIMITEDTRUST=student1, student2
Cmnd_Alias MINIMUM=/bin/kill, /sbin/shutdown
LIMITEDTRUST ALL=(root) MINIMUM
98
suid and sgid
suid 4, sgid 2, stickbit 1
suid
When the suid special permission is set for an executable, it means that
the command will run with the authority of the owner of the file, rather than
the authority of the user running the command.
chmod u+s filename
chmod 4777 filename
suid has no effect on the directory.
sgid
The program runs with the permissions and authority of the group that is
associated with the program and not the actual user.
chmod g+s filename
chmod 2777 filename
The sgid permission for a directory means that files created in the directory
will inherit its group affiliation from the directory, rather than inheriting it
99
from the user.
Stickbit
With the sticky bit set, only the owner of the file, and the superuser, can
delete files within the directory.
chmod o+t filename
chmod 1777 filename
For security reasons, SUID and SGID permissions are not honoured when
set on non-compiled programs, such as shell scripts.
100
Monitoring logins
w commands shows who is logged in and what they are doing.
last shows successful logins and reboot history. last <username> will
display details about that specific user.
lastb shows last bad login attempts. last <username> will display details
about that specific user.
lastlog reports the most recent login of all users. lastlog <username> will
display details about that specific user.
101
Unit 7
Network configuration
102
Network interfaces
Ethernet: eth0, eth1…………
Dialup: ppp0, ppp1………….
Loopback: lo
RHEL stores network interface configuration information in files in the
/etc/sysconfig/network-scripts/ directory.
The file names are prefixed with ifcfg- followed by the logical adapter name.
To see the address assigned to each interface we can use:
ip addr [show [ethx]]
103
Network interfaces
The hardware or link layer information about the interface can be viewed
with /sbin/ip link. -s show more statistics :
ip [-s] link [show [ethx]]
104
Network interfaces
We can also use ifconfig to see network interface info. By default, ifconfig
will only display the active interface, use –a option to see statics of all
interface.
dhclient daemon can be used to negotiate a lease from a DHCP server.
ifup and ifdown scripts can be used to activate and deactivate a network
interface.
105
Driver selection
RHEL compiles network card drivers as kernel modules for easy adaptability
to any hardware configuration, which are loaded at boot time if networking
has been enabled.
The
appropriate module is loaded based on an alias line in
/etc/modprobe.conf.
grep ‘alias eth’ /etc/modprobe.conf
To see mac address of all the network cards:
grep ‘HWADDR’ /etc/sysconfig/network-scripts/ifcfg-eth*
106
Speed and duplex settings
Modules are configured to auto negotiate, by default.
Mismatches can cause communication problem.
The speed and duplex settings for the card can be viewed and / or changed
with /sbin/ethtool as
ethtool eth0
To manually force 100Mbps, full duplex operation on eth1:
ifdown eth1
ethtool –s eth1 autoneg off speed 100 duplex full
ifup eth1
To make the changes persist across a boot, you need to enter this settings
in ifcfg-ethX by adding the following ETHTOOL_OPTS line as:
ETHTOOL_OPTS=“autoneg off speed 100 duplex full”
107
IPv4 Interface configuration
Dynamic Host configuration protocol (DHCP) can be used to automatically
obtain an IP address and other configuration parameters from a central
server.
The BOOTPROTO variable in the interface configuration file controls the
use of dhclient to negotiate the lease.
If there is no DHCP server an address from the 169.254.0.0/16 network is
automatically assigned.
This address come from ZEROCONF and are non-routable and can be
disabled by adding an NOZEROCONF=yes to the interface configuration
file.
When BOOTPROTO is either static, none or simply missing, the dhclient is
not utilized and the network settings are additionally read from the interface
configuration file.
108
Device Aliases
useful for virtual hosting.
Bind multiple IP addresses to a single NIC.
cd /etc/sysconfig/network-scripts/
cp ifcfg-eth0 ifcfg-eth0:1
Now you need to make changed in ifcfg-eth0:1
109
Routing table
The routing table contains entries for each of the directly attached networks,
automatically.
When there is only one router, it is usually defined to be the “default
gateway/router”.
When there is more than one router, or more than one interface each
attached to different routers, we may selectively control which traffic to go
through which router by configuring additional routes.
You can check routing table as:
ip route
route
netstat –r
110
Routing table
Additional routes may be configured statically as:
ip route add 192.168.1.0/24 via 172.24.0.250
To make these static routes persist across a reboot, add it to the file
/etc/sysconfig/network-scripts/route-eth1 as
192.168.1.0/24 via 172.24.0.250
Routers use dynamic routing protocol (Router Information Protocol [RIP] for
small enterprise, Open Shortest Path First [OSPF] for large enterprise, and
Border Gateway Protocol [BGP] use by ISP and larger hosted sites).
Support for these dynamic routing protocol can be found in the package
quagga.
111
Default gateway
There are two location where gateway can be defined.
/etc/sysconfig/network
And in /etc/sysconfig/network-scripts/ifcfg-ethX.
If the gateway variable is defined in both the global network configuration file
and the interface configuration file, the one in the interface will win.
112
Verifying IP connectivity
ping : network packet loss and delay measurement tool.
ping –c 4 192.168.1.252
traceroute: display network path to a destination. It attempt to show the
path of routers that network packets take between the local system and a
remote system.
traceroute yahoo.com
mtr: combines the functionality of traceroute and ping in a single tool.
mtr 192.168.1.250
113
Local Resolver
A user need to resolve the hostname to ip and vice versa and require DNS
server.
This file is normally, checked before DNS.
A user can eliminate DNS lookups for communication using /etc/hosts file by
appending the following lines as
192.168.1.250
server1.localexample.com
server1
The minimum, your /etc/hosts must contain is an entry for localhost
127.0.0.1
localhost.localdomain
localhost
114
Remote Resolver
/etc/resolv.conf file is responsible for remote resolve.
nameserver 192.168.1.251
nameserver 172.24.0.251
/etc/nsswitch.conf file is responsible to define in which order the
/etc/resolv.conf and /etc/hosts should be referred for resolve:
hosts: files dns
dhclient daemon will automatically obtain a list of name server from the
DHCP server unless the interface configuration file contains:
PEERDNS=no
bind-utils package provides server utilities to query name servers.
DNS can be verified using host or dig command
host server1.example.com
host 172.24.0.250
dig www.yahoo.com
dig 172.24.0.250
115
Defining the Local Host name
Hostname is defined in /etc/sysconfig/network
To change the hostname you need to modify /etc/sysconfig/network files.
Host name can also be changed using command hostname, but the name
changed is not persistent and will return to original on next reboot.
/etc/rc.d/init.d/network startup script is responsible to set the hostname by
reading /etc/sysconfig/network and will define the hostname itself if missing.
The hostname if undefined is localhost.localdomain.
116
Network configuration utilities
system-config-network
will launch either the GUI or CLI version depending upon the environment
the command has been executed from.
system-config-network-gui
system-config-network-tui
117
IPv4 and IPv6
IPv4 is 32bits - supports 4 billion address and IPv6 is 128 bits - supports 340
trillion, trillion, trillion (i.e. 340 followed by 36 zeros) nodes.
IPv6 represents the next generation in Layer 3.
View the settings of the interface for IPv6 as:
Network utilities for IPv6 are
ping6, traceroute6, tracepath6
Static routes to IPv6 can be defined in :
ip -6 addr show eth0
/etc/sysconfig/network-scripts/route6-eth0.
For more information on IPv6, read the following articles:
http://tldp.org/HOWTO/Linux+IPv6-HOWTO/
118
Unit 8
Advanced User Administration
119
Authentication configuration
This following commands can be sued to configure authentication
mechanism
system-config-authentication
authconfig-tui
or
authconfig-gtk
120
ACL – Access Control List
Linux does not allow users to chown files.
ACLs allow users to share files without the risk of chmod 777.
ext3 filesystem supports access control list and many commands have been
modified to copy the associated ACL for a file.
Default acl to all files and folders is same as the permission given on that file
or folder. When acl permissions are modified, a + symbol is displayed at the
end of the permissions during long listing using ll or ls –l command.
121
getfacl command
This command is used to get file access control lists
<~ will display acl details of all the files
getfacl *
getfacl install.log
<~ will display acl details of install.log
In order to enable ACLs on a file system, the filesystem must be mounted
with the acl mount option as
mount –o remount, acl /home
In RHEL5, acl is set as a default mount option by the installer, thus there is
no need to add acl entry in /etc/fstab.
The default mount options for a file system can be see as:
tune2fs –l /dev/hda1 | grep options
122
ACL – Access Control List on files and
directories
Give sunil rwx permission on file file.txt owned by root:
Give group rwx permission to group on file file.txt owned by root:
setfacl –x u:sunil file.txt
Removing acl permission of group admin on file file.txt as:
setfacl –m g:admin:rwx file.txt
Remove acl permission of user sunil on file file.txt as
setfacl –m u:sunil:rwx file.txt
setfacl –x g:admin file.txt
This option will remove acl entries
setfacl –b <file name/directory>
123
ACL – Access Control List on directories
On directories, default access control list can be used
setfacl –m d:u:sunil:rw /dump
This means that all newly created contents or copied into the directory will
be readable and writable by user sunil.
-p option when used with the cp and mv command will preserve ACLs, as
well as any permission which have been set on a file.
124
quota
Disk space consumption can be restricted by implementing disk quotas.
Disk quotas can be configured for individual users as well as user groups.
quotas can be set not just to control the number of disk blocks consumed
but to control the number of inodes
To implement disk quotas, use the following steps:
1. Enable quotas per file system by modifying the /etc/fstab file.
2. Remount the file system(s).
3. Create the quota database files and generate the disk usage table.
4. Assign quota policies.
125
quota
Edit /etc/fstab
defaults,usrquota,grpquota
1 2
mount -o remount /home
Create quota database file in /home/aquota.user and aquota.group.
quotacheck
-c
–cug
/home
don’t read existing quota file
u=user
g=group
Quotaon turn quota on:
ext3
Remount /home as:
LABEL=/home /home
quotaon -vug /home v=verbose u=user g=group
Checking quota:
repquota /home
quotaoff /home can be used to stop quota
quotaon –a will turn quota on all partitions defined in /etc/fstab for quota implementation.
126
quota
Quota limits on users can be applied in 2 ways:
1)
edquota -u username or edquota username
edquota sunil
The file format is as under:
Filsystem
blocks
soft
hard
inodes
/dev/sda5
56
0
0
13
soft
hard
0
0
0 for soft/hard limit indicates that no limit has been applied i.e. unlimited.
1 blocks= 1k i.e. 56K of space has already been occupied by user sunil. Check using du –h
command.
Soft limit means, how much space a user can consume after which user will be warned that he
has crossed his soft limit, Hard limit means, how much space a user can consume after which
he/she will not be able to save further.
Inodes is 13 which means total 12 files are present in user sunil home directory + 1 i.e. its own
home directory. Check this using command tree –a /home/sunil
Soft Inode limit means the number of file a user can create after which he will be warned that he
has crossed his soft limit, Hard Inode Limit means that many number of file the user can create
after which he will not be able to create further files.
127
quota
2)
setquota -u <username> softHDDlimit hardHDDlimit softINODElimit hardINODElimit
setquota -u sunil 0 0 18 20 /home
to set quota limit for group g option is used instead of u.
To copy quota from one user to other:
edquota –p user1 user2
Grace period can be set using edquota –t command.
Users are permitted to exceed their soft limits for a grace period that may be
specified per filesystem. Once the grace period has expired, the soft limit is
enforced as a hard limit.
128
Reporting quota status
User inspection: quota sunil
Quota overviews: repquota /home
Miscellaneous utility: warnquota
warnquota
Checks the disk quota for each filesystem and mails a warning message to
those users who have reached their softlimit. It is typically runned via cron.
129
Unit 9
Advanced filesystem management
130
dump/restore
Used for ext2 and ext3 system backup.
Dump should only be used on unmounted filesystem or filesystems that are
read-only.
dump -0u -f /dev/nst1 /home
Will backup /home on tape device nst1. –u option will update the file
/etc/dumpdates, which will record dump information for future use by dump.
After a level 0 backup, dump will perform an incremental backup everyday
on active filesystems listed in /etc/fstab.
To restore data backed up with dump, make a clean filesystem (using mkfs),
mount the filesystem and cd to the directory where the filesystem is
mounted.
restore –rf /dev/nst1
131
RAID
RAID, redundant array of inexpensive disks, a technology that allowed
computer users to achieve high levels of storage reliability and
performance from low-cost and less reliable PC-class disk-drive
components.
Red Hat Enterprise Linux Version supports RAID-0, RAID-1, RAID-5,
RAID-6
132
RAID 0, 1, 5
In this type of RAID, the data is stripped across multiple disk(s), which
improves performances. If one disk fails, however, all of the data on the
array will be lost, as there is neither parity nor mirroring. A RAID 0 array
requires a minimum of two drives.
RAID 1 is mirroring of contents of the disks, making a form of 1:1 ratio realtime backup. The contents of each disk in the array are identical to that of
every other disk in the array. A RAID 1 array requires a minimum of two
drives. RAID 1 though during the writing process copy the data identically
to both drives, would not be suitable as a permanent backup solution, as
RAID technology by design allows for certain failures to take place.
RAID 5 (striped disks with distributed parity) combines three or more disks
in a way that protects data against the loss of any one disk. In this parity
information is interspersed across the drive array. The storage capacity of
the array is a function of the number of drives minus the space needed to
store parity. The maximum number of drives that can fail in any RAID 5
configuration without losing data is only one.
133
RAID 6
RAID 6 (striped disks with dual parity) same as RAID 5 except that it
combines four or more disks in a way that protects data against loss of any
two disks.
134
RAID 5 – creating
create three partition of 200M each using fdisk command.
partprobe
mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/sda{8,9,10}
mkfs -t ext3 /dev/md0
mkdir /raid-5; mount /dev/md0 /raid-5
Change your directory to /raid-5 and create some files.
You can also make entry of your raid device in /etc/fstab
135
RAID 5 – removing failed & adding device
mdadm --manage /dev/md0 --fail /dev/sda9 --remove /dev/sda9
mdadm --detail /dev/md0
Create a new partition using fdisk.
partprobe
mdadm --manage /dev/md0 --add /dev/sda11
mdadm --detail /dev/md0
136
RAID 5 – removing RAID 5
umount /raid-5
mdadm --manage /dev/md0 --stop
mdadm --detail /dev/md0
Remove partition using fdisk command.
partprobe
137
LVM
LVM is a method of combining hard drive space into logical volumes that
can be easily resized. Below is a diagrammatical representation of creating
LVM.
The /boot partition cannot be created on a logical volume group because
the boot loader cannot read Logical Volume. So, you need to create a
separate /boot partition.
Physical Volume cannot span over multiple drives.
138
Check the newly mounted Logical Volume
For Short details
pvscan
lvscan
vgscan
For Long Full Details
pvdisplay
lvdisplay
vgdisplay
139
140
LVM – creating LVM
Creating partition
Re-reading partition table.
mkfs -t ext3 /dev/VGSunil/LVSunil
Mounting Logical volume
lvcreate -L +300M -n LVSunil /dev/VGSunil
Creating filesystem.
vgcreate VGSunil /dev/sda{6,7,8}
Creating logical volume
pvcreate /dev/sda{6,7,8}
Creating volume group.
partprobe
Creating physical volume
First make three partition of size 200M, 300M and 500M
mkdir /LVSunil; mount /dev/VGSunil/LVSunil /LVSunil
/etc/fstab entry.
/dev/VGSunil/LVSunil
mount –a
/LVSunil
ext3
defaults
00
141
LVM – Extending LVM
Check current lvm size
Unmount LVSunil lvm:
resize2fs /dev/VGSunil/LVSunil
Re-scan logical volume (optional)
lvextend -L +300M /dev/VGSunil/LVSunil
Resizing filesystem
fsck -f /dev/VGSunil/LVSunil
Extending logical volume by 300M:
umount /dev/VGSunil/LVSunil
Scan logical volume (optional)
df -h
fsck -f /dev/VGSunil/LVSunil
Check the new size:
df -h
142
LVM – reducing LVM
Check your lvm size:
Unmount your logical volume
lvreduce /dev/VGSunil/LVSunil -L 400M
Mount your logical volume
resize2fs /dev/VGSunil/LVSunil 400M
Resize logical volume
fsck -f /dev/VGSunil/LVSunil
Resize your filesystem
umount /dev/VGSunil/LVSunil
Scan your logical volume for error
df -h
mount –a
Recheck the logical volume size:
df -h
143
LVM – removing LVM
Unmount logical volume
Removing logical volume
vgremove /dev/VGSunil
Removing physical volume
lvremove /dev/VGSunil/LVSunil
Removing volume group
umount /dev/VGSunil/LVSunil
pvremove -v /dev/sda{6,7,8}
Removing partitions using fdisk.
144
LVM – Extending VG
you need to create a partition of size 300M
partprobe /dev/sda
pvcreate /dev/sda6
vgcreate VGSunil /dev/sda6
lvcreate -L 280M -n LVSunil /dev/VGSunil
mkfs -t ext3 /dev/VGSunil/LVSunil
mkdir /LVSunil; mount /dev/VGSunil/LVSunil /LVSunil
cd /LVSunil
dd if=/dev/zero of=LVSunil bs=280M count=1
Create a new partition which will be used to extend Volume Group
VGSunil.
partprobe /dev/sda
umount /LVSunil/
pvcreate /dev/sda7
145
LVM – Extending VG
vgextend VGSunil /dev/sda7
lvextend -L +200M /dev/VGSunil/LVSunil
resize2fs /dev/VGSunil/LVSunil +200M
fsck -f /dev/VGSunil/LVSunil
mount /dev/VGSunil/LVSunil /LVSunil/
146
LVM – Snapshot
Creating lvm snapshot
lvdisplay can be used to check the space used by snapshot as
mkdir –p /mnt/LVSunil; mount –o ro /dev/lvmsnapshot /mnt/LVSunil
Snapshots can be expanded as other logical volume as:
lvdisplay /dev/VGSunil/lvmsnapshot
Mount snapshot
lvcreate –L 512M --snapshot --name lvmsnapshot /dev/VGSunil/LVSunil
lvextend –L +64M /dev/VGSunil/lvmsnapshot
Remove snapshot:
umount /mnt/LVSunil
lvremove /dev/VGSunil/lvmsnapshot
147
Unit 10
installation
148
Concepts
Kickstart allows the installer to read information from a designated file rather
than prompting the person doing the installation.
If a required item is omitted from the kickstart file, the installation pauses
and the user is prompted for that information.
Anaconda automatically generates a kickstart file during installation and
saves it under /root/anaconda-ks.cfg.
system-config-kickstart is a graphical tool for creating and modifying
kickstart file.
%post:
cat >> /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
PEERDNS=no
EOF
149
Concepts
linux askmethod
Floppy:
linux ks=floppy
nfs
linux ks=nfs:172.24.0.250:/var/ftp/pub/ph1.cfg
ftp
linux ks=ftp://172.24.0.250/pub/ph1.cfg
http
linux ks=http://172.24.0.250/ph1.cfg
Create bootable media: cdrecord –v boot.iso
Mounting iso image: mount –o loop boot.iso /mnt
Creating bootable usb: cat diskboot.img > /dev/sdb
150
Unit 11
Virtualization
151
Concepts
Hypervisor:
Manager of the Xen environment, controls and provide access to resources
such as storage, CPU and memory.
Domain:
Domain is the Xen term for the virtual machine in which a virtualized
operating system runs.
152
Concepts
Virtualization type:
Paravirtualization:
Paravirtualization is the native mode of Xen in which virtualized operating
systems include support for the Xen environment, as if it were a variety of
X86 or x86_64 CPU.
Full virtualization:
In this mode, Xen provides a complete machine simulation to run operating
systems which do not include Xen support.
153
Installing packages
User the following command to install packages:
yum groupinstall Virtualization
Reboot from xen kernel.
Start xend service and chkconfig as;
service xend restart; chkconfig xend on
Start Virtual machine manager as: virt-manager
Right click on localhost and select “connect”, now again right click and
select “New” to “create new Virtual System”. Give the following details:
System name: vserver
Virtualization method: Paravirtualized
Install media URL: ftp://172.24.0.250/pub
Simple file: /var/lib/xen/images/vserver.img
Size: 10000MB unselect “Allocate entire virtual disk now”
Connect to host network: Shared physical device
VM: 512 VCPU: 2
154
Concepts
Virtual Resources
CPUs:
A VCPU is a virtual CPU is used by Domain-U. Each Domain-U may be
configured to include 1 or more VCPUs.
Storage:
Xen can either use block devices or simple files as storage for the virtual
machines. Files can grow on demand, but must be in /var/lib/xen/images
due to SELinux restrictions. Storage devices are mapped to xvda.
Network
Each domain-U has a virtual network device that has a virtual crossover
connection to a device in Domain-0. virtual bridge: xenbr0
155
Checking CPU Support
•
To run full virtualization guests on systems with Hardware-assisted Virtual
Machine (HVM), Intel, or AMD platforms, you must check to ensure your
CPUs have the capabilities needed to do so.
•
To check if you have the CPU flags for Intel support, enter the following:
grep vmx /proc/cpuinfo
•
To check if you have the CPU flags for AMD support, enter the following:
grep svm /proc/cpuinfo
156
Thank You !!!