RH133 - Red Hat Linux System Administration

RH133 - Red Hat Linux System Administration

Introduction - RH133: Red Hat Linux System Administration
Copyright
Welcome
Red Hat Enterprise Linux
Red Hat Enterprise Linux Variants
Red Hat Subscription Model
Contacting Technical Support
Red Hat Network
Red Hat Services and Products
Fedora and EPEL
Audience and Prerequisites
Objectives
Pre/Post-Assessments
Lab Exercises
Classroom Network
Notes on Internationalization
Lecture 1 - Administrative Access

Objectives
Console Access
XOrg: Configuring the X11 Server
Review: Remote Access with SSH
Review: Implementing ssh RSA Keys
Remote X Clients
Multiplexing or Sharing Terminal Sessions with screen
Review: Privilege Escalation
Configuring sudo
Domain Management with virt-manager
Domain Management with virsh
End of Lecture 1
Lecture 2 - Package Management

Objectives
Software as Packages
About yum
Enabling Private yum Repositories
Querying with yum
Managing Packages with yum
About the Red Hat Network
Red Hat Network Client
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/index.html[5/3/2010 2:06:30 AM]
Creating a Private yum Repository

Advanced Installation and Removal with rpm
Updating to a New Kernel RPM
Advanced Queries with rpm
Verifying with rpm
End of Lecture 2
Lecture 3 - System Services and Security

Objectives
Monitoring System Logs
syslogd and klogd Configuration
Review: Automating Tasks with cron
System crontab Files
Default Daily Cron Jobs
The anacron System
Managing Printers with CUPS
Accurate Time with Network Time Protocol
SELinux
SELinux Policy: Troubleshooting
End of Lecture 3
Lecture 4 - System Initialization

Objectives
Checking Your System State
Runlevels
Controlling Services
Boot Sequence: Detailed Overview
GRand Unified Bootloader (GRUB)
GRUB Components and Configuration
Kernel Initialization
init Initialization
System Initialization
Standalone Service Initialization
Non-Service Startup
Transient Services
End of Lecture 4
Lecture 5 - Kernel Monitoring and Configuration

Objectives
The Linux Kernel
Kernel Components
Kernels and Support Limits
Monitoring Processes and Resources
Kernel Monitoring and Configuration with /proc and /sys

Kernel Configuration with sysctl
Exploring Hardware Devices
Review of /dev
Managing Devices With udev
Kernel Modules
Utilizing and Configuring Kernel Modules
The Initial RAM Disk (initrd)
End of Lecture 5
Lecture 6 - Network Configuration

Objectives
Network Interfaces and /sbin/ip
Network Configuration Utilities
Interface Configuration Files
Device Aliases
Configuring the Routing Table
Verifying IP Connectivity
Hostnames
DNS Configuration
Filtering Network Traffic
Network Monitoring Utilities
Ethernet Channel Bonding
End of Lecture 6
Lecture 7 - Filesystem Administration

Objectives
Partitions and Filesystems
Inodes and Directories
Managing Removable Media
Accessing Network File Shares using NFS
Mounting NFS Shares On-Demand
End of Lecture 7
Lecture 8 - Additional Storage

Objectives
Adding New Filesystems
Partitioning a Physical Disk
Making Filesystems
Mounting Filesystems with mount
Mount Points and /etc/fstab
Unmounting Filesystems
Modifying a Filesystem Superblock
Adding Virtual Memory

End of Lecture 8
Lecture 9 - User Administration

Objectives
Review: User and Group Databases
Adding a New User Account
Modifying / Deleting User Accounts
Password Aging Policies
Administering Auxiliary Groups
Configuring the Quota System
Managing Quotas
End of Lecture 9
Lecture 10 - Filesystems for Group Collaboration

Objectives
Review: Viewing/Setting Ownership and Permissions
Review: Default File Ownership and Permissions
User Private Groups
Special Directory Permissions
Access Control Lists (ACLs)
Viewing and Managing ACLs
Review: Permission Precedence
Collaborate with Multiple Groups
End of Lecture 10
Lecture 11 - Centralized User Administration

Objectives
Components of Authentication
Enabling Centralized Authentication
Network Information Service (NIS)
NIS Client Tools
Lightweight Directory Access Protocol (LDAP)
LDAP Client Tools
Authentication Configuration In-depth
Name Service Switch (NSS)
Pluggable Authentication Modules (PAM)
Configuring Centralized Home Directories
Authentication Review
End of Lecture 11
Lecture 12 - Software RAID

Objectives
Redundant Array of Inexpensive Disks

Adding a Software RAID Device
Software RAID Monitoring
Software RAID Recovery
End of Lecture 12
Lecture 13 - Logical Volume Management

Objectives
What is Logical Volume Manager (LVM)?
LVM Tools
Creating Logical Volumes
Resizing Logical Volumes
Resizing Volume Groups
Logical Volume Manager Snapshots
Using LVM Snapshots
End of Lecture 13
Lecture 14 - Virtualization and Automated Installation

Objectives
Virtualization with Xen
Preparing Domain-0
Installing a New Domain-U
Install Automation with Kickstart
Starting a Kickstart Installation
Anatomy of a Kickstart File
Kickstart: Commands Section
Kickstart: Packages Section
Kickstart: Scripts Section
Creating a Network Installation Server
End of Lecture 14
Lecture 15 - Troubleshooting with Rescue Mode

Objectives
Method of Fault Analysis
Gathering Additional Data
Things to Check: Boot Process
Recovery Runlevels
Filesystem Problems During Boot
Rescue Environment
Rescue Environment Utilities
Rescue Environment Details
End of Lecture 15
Appendix A - Working with Virtual Systems

Working with Virtual Systems
Introduction
Introduction
RH133: Red Hat Linux System

Administration
RH133-RHEL5u4 -en-7-20090928/d096429atitle
Copyright 2009 Red Hat, Inc.All rights reserved
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/introduction/page01.html[5/3/2010 2:06:31 AM]
Copyright
Copyright
The contents of this course and all its modules and related materials,
including handouts to audience members, are Copyright 2009 Red
Hat, Inc.
No part of this publication may be stored in a retrieval system,
transmitted or reproduced in any way, including, but not limited to,
photocopy, photograph, magnetic, electronic or other record, without
the prior written permission of Red Hat, Inc.
This instructional program, including all material provided herein, is
supplied without any guarantees from Red Hat, Inc. Red Hat, Inc.
assumes no liability for damages or legal action arising from the use or
misuse of contents or details contained herein.
If you believe Red Hat training materials are being used, copied, or
otherwise improperly distributed please email training@redhat.com or
phone toll-free (USA) +1 866 626 2994 or +1 919 754 3700.
1
RH133-RHEL5u4 -en-7-20090928/216f53f8
Welcome
Welcome
Please let us know if you need any special assistance while
visiting our training facility.
Please introduce yourself to the rest of the class!
2
RH133-RHEL5u4 -en-7-20090928/a8aa45c4

Enterprise-targeted Linux operating system
Focused on mature open source technology
Extended release cycle between major versions
With periodic minor releases during the cycle
Certified with leading OEM and ISV products
All variants based on the same code

Certify once, run any application/anywhere/anytime
Services provided on subscription basis
3
RH133-RHEL5u4 -en-7-20090928/9b4b75ae

Red Hat Enterprise Linux Advanced Platform
Unlimited server size and virtualization support
HA clusters and cluster file system

Basic server solution for smaller non-mission-critical servers
Virtualization support included
Red Hat Enterprise Linux Desktop

Productivity desktop environment
Workstation option adds tools for software and network service
development
Multi-OS option for virtualization
4
RH133-RHEL5u4 -en-7-20090928/47a77a3d

Red Hat sells subscriptions that entitle systems to
receive a set of services that support open source
software
Red Hat Enterprise Linux and other Red Hat/JBoss solutions and
applications
Customers are charged an annual subscription fee per

system
Subscriptions can be migrated as hardware is replaced
Can freely move between major revisions, up and down
Multi-year subscriptions are available
A typical service subscription includes:

Software updates and upgrades through Red Hat Network
Technical support (web and phone)
Certifications, stable APIs/versions, and more
5
RH133-RHEL5u4 -en-7-20090928/f98c808c

Collect information needed by technical support:
Define the problem
Gather background information
Gather relevant diagnostic information, if possible
Determine the severity level
Contacting technical support by WWW:

http://www.redhat.com/support/
Contacting technical support by phone:

See http://www.redhat.com/support/policy/sla/contact/
US/Canada: 888-GO-REDHAT (888-467-3342)
6
RH133-RHEL5u4 -en-7-20090928/c12d09d3
Red Hat Network
Red Hat Network

A systems management platform providing lifecycle
management of the operating system and applications
Installing and provisioning new systems
Updating systems
Managing configuration files
Monitoring performance
Redeploying systems for a new purpose
"Hosted" and "Satellite" deployment architectures
7
RH133-RHEL5u4 -en-7-20090928/93398b3e

Red Hat supports software products and services
beyond Red Hat Enterprise Linux
JBoss Enterprise Middleware
Systems and Identity Management
Infrastructure products and distributed computing
Training, consulting, and extended support
http://www.redhat.com/products/
8
RH133-RHEL5u4 -en-7-20090928/649b8772
Fedora and EPEL
Fedora and EPEL

Open source projects sponsored by Red Hat
Fedora distribution is focused on latest open source
technology
Rapid six month release cycle
Available as free download from the Internet
EPEL provides add-on software for Red Hat Enterprise

Linux
Open, community-supported proving grounds for
technologies which may be used in upcoming enterprise
products
Red Hat does not provide formal support
9
RH133-RHEL5u4 -en-7-20090928/8744dbe2

Audience: Linux or UNIX users, who understand the
basics of Red Hat Enterprise Linux, that desire further
technical training to continue the process of becoming a
system administrator.
Prerequisites: RH033 Red Hat Linux Essentials or
equivalent experience with Red Hat Enterprise Linux.
10
RH133-RHEL5u4 -en-7-20090928/7bfc7df0
Objectives
Objectives
Control administrative access to Red Hat Enterprise Linux
Manage software packages with yum and rpm
Set up core system services and security
Understand system and service initialization
Monitor the kernel and configure kernel parameters
Set up IPv4 networking
Maintain existing filesystems and integrate new
filesystems
Perform local user and group administration
Enhance user management with SetGID, ACLs, and
quotas
Enable centralized authentication with NIS and LDAP
Implement partitioning with Software RAID and LVM
Install virtual systems with Kickstart
Troubleshoot boot process with rescue mode
11
RH133-RHEL5u4 -en-7-20090928/2698ef4d
Some units begin with a pre-assessment
3-5 simple questions about the unit's subject
Just leave blank if you don't know the answer
Questions are asked again at the end of the unit
12
RH133-RHEL5u4 -en-7-20090928/25ef6d50
Lab Exercises
Lab Exercises
Labs
Fundamental exercise providing basic goals, reinforcing the
lecture
Lab Solutions
Offers step-by-step detailed methodology
Found for all exercises that do not have specific steps
themselves
Challenge Labs
Advanced exercise, reinforcing more advanced topics from the
lecture
Not all students may have the time to complete
Optional Labs
Optional exercise that may depend on classroom specific
environment
13
RH133-RHEL5u4 -en-7-20090928/1549fbcf
Classroom Network
Classroom Network
example.com network (192.168.0.0/24)
instructor.example.com (192.168.0.254)
Main classroom server: Provides DHCP, DNS, routing and other services
stationX.example.com (192.168.0.X)
Student systems
serverX.example.com (192.168.0.X+100)
Virtual server hosted on student stations (Not used in all classes)
remote.test network (192.168.1.0/24)

crackerX.remote.test (192.168.1.X)
Virtual client hosted on student systems (Not used in all classes)
14
RH133-RHEL5u4 -en-7-20090928/dba1a63a
Red Hat Enterprise Linux supports nineteen languages
Default system-wide language can be selected
During installation
With system-config-language (System->Administration>Language)
Users can set personal language preferences

From graphical login screen (stored in ~/.dmrc)
For interactive shell (with LANG environment variable in
~/.bashrc)
Alternate languages can be used on a per-command basis:
[user@host ~]$ LANG=ja_JP.UTF-8 date
15
RH133-RHEL5u4 -en-7-20090928/8a224f80
Lecture 1
Lecture 1
Administrative Access
RH133-RHEL5u4 -en-7-20090928/0ce6e3f0title
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/unit-1/page01.html[5/3/2010 2:06:40 AM]
Objectives
Objectives
Upon completion of this unit, you should be able to:
Access and administer text and graphical consoles
Remotely access the system for administration
Gain administrative privilege
Access virtualized systems
RH133-RHEL5u4 -en-7-20090928/0ce6e3f0objectives
Console Access
Console Access
Direct administrative access is obtained through
consoles:
Physical Console
Virtual Console
mingetty
prefdm
Serial Console
agetty
System Console
Graphical and remote access is often obtained through:

Pseudoterminal
11
RH133-RHEL5u4 -en-7-20090928/dd7963e0

Client / server architecture
Server configuration:
Auto-configured as part of installation or even at runtime
Stored in /etc/X11/xorg.conf
Manually: system-config-display [--reconfig]
Client configuration:
Default in /etc/sysconfig/desktop
Runlevel 3: startx
Runlevel 5: prefdm
12
RH133-RHEL5u4 -en-7-20090928/9e0e8949

Encrypted remote shell
ssh [user@]host
Copy files securely

scp [-rp] source destination
Remote file: [user@]host:/dir/file
Execute commands remotely

ssh [user@]host 'ifconfig eth0'
Configuration in /etc/ssh/ and ~/.ssh/

Can tunnel X11 and other TCP based network traffic
Supports key based authentication
13
RH133-RHEL5u4 -en-7-20090928/9be59077

Generate public/private key pair:
$ ssh-keygen -t rsa
Copy public key to remote server:

$ ssh-copy-id -i .ssh/id_rsa.pub user@host
Test:
$ ssh user@host
14
RH133-RHEL5u4 -en-7-20090928/280427f5
Remote X Clients
Remote X Clients
X protocol communication is unencrypted
Host-based sessions through xhost expose to all users
User-based sessions implemented through xauth
ssh -X host 'Xclientapp'
May automatically install xauth keys on remote machine
Can tunnel X protocol in secure encrypted ssh connection
Sets DISPLAY environment variable
15
RH133-RHEL5u4 -en-7-20090928/171d6d0d
Multiplexing or Sharing Terminal Sessions with screen
Multiplexing or Sharing Terminal Sessions

with screen
Start multiple windows from a single parent shell
Windows are independent of each other
Continues to run even if user switches to another window
Detach from parent without stopping programs
Reconnect from same or different physical machine
Share windows with other people
Highly configurable
16
RH133-RHEL5u4 -en-7-20090928/4dbe0a23

Know a secret: su
$ su -
But the root password must be shared
Be on a list: sudo
$ sudo command
Must be configured before use: visudo
Tied to executable: SUID and SGID

$ passwd
Can be used to provide a back door
17
RH133-RHEL5u4 -en-7-20090928/306c3b47
Configuring sudo
Configuring sudo
Configure (as root):
# visudo
user MACHINE = (RunAs) COMMANDS

Cmnd_Alias
student
%wheel
barney
KILL = /usr/bin/kill
ALL=(ALL) ALL
ALL=(ALL) NOPASSWD: ALL
localhost=(ALL) KILL
Test (as the listed user):

$ sudo priv_cmd
18
RH133-RHEL5u4 -en-7-20090928/856898c1

Applications->System Tools->Virtual Machine Manager
GUI for virtual machine management
Run/Shutdown VMs
Pause/Unpause VMs
Save/Restore VMs
Access VM physical/serial console
Also includes easy virtual machine installation wizard

Based on libvirt
A toolkit used to interact with the virtualization capabilities on
Linux
Integrates with multiple virtualization environments (Xen, KVM,
etc.)
19
RH133-RHEL5u4 -en-7-20090928/05753c44

Command line management tool
Controlling domains
virsh start domain
virsh shutdown|reboot|destroy domain
virsh suspend|resume domain
virsh save domain state-file
virsh restore state-file
virsh autostart domain
Monitoring
virsh console domain
virsh list [--all|domain]
110
RH133-RHEL5u4 -en-7-20090928/ecfaeb1f
End of Lecture 1
End of Lecture 1
Questions and Answers
Summary
The X Server can be configured with system-config-display
For CLI remote-access, use ssh user@host
Include -X to enable remote-execution of GUI applications
Root privileges can be selectively delegated via sudo

virt-manager and virsh provide GUI and CLI control of virtual
machines
RH133-RHEL5u4 -en-7-20090928/0ce6e3f0summary
Lecture 2
Lecture 2
Package Management
RH133-RHEL5u4 -en-7-20090928/60c26cfdtitle
Objectives
Objectives
Add, remove, and manage software using yum
Configure yum to connect to a private repository
Connect to and use the Red Hat Network
Create a private yum repository
Perform advanced tasks with rpm
RH133-RHEL5u4 -en-7-20090928/60c26cfdobjectives
package-version-release.arch.rpm
version - upstream developer version
release - packager changes (fixes/backports documented in
changelog)
arch - processor architecture of binaries
Contains:
Files Archive: Binaries, Documentation, Default Config
Summary, Description, Changelog
Instructions: Dependencies, Pre/Post Install/Uninstall
Signature
Upgrading replaces with newer version or release

.rpmsave versus .rpmnew
21
RH133-RHEL5u4 -en-7-20090928/703b4685
About yum
About yum
Command-line front-end to rpm
Introduced with Fedora and Red Hat Enterprise Linux 5
Replacement for up2date
Designed to resolve package dependencies

Can locate packages across multiple repositories
Red Hat Network Hosted or Satellite Servers
Private http/ftp yum repository servers
Graphical front-ends to yum

system-config-packages (pirut)
pup
22
RH133-RHEL5u4 -en-7-20090928/eeac61a8

Create a file in /etc/yum.repos.d/ for your repository
Name must end in .repo
Contains one or more stanzas:
[repo-name]
name=A nice description
baseurl=http://yourserver.com/path/to/repo
enabled=1
gpgcheck=1
Default settings in /etc/yum.conf
Repository information is cached

Downloaded from above baseurl subdirectory named repodata
To clear the cache: yum clean dbcache|all
23
RH133-RHEL5u4 -en-7-20090928/15b36764
Querying with yum
Querying with yum

Listing packages and information
yum list [all] [package_glob]
yum list (installed|available|updates...
[package_glob])
yum grouplist
yum info package
yum groupinfo packagegroup
Searching packages and files

yum search searchterm
yum provides filename
24
RH133-RHEL5u4 -en-7-20090928/52d59cec

Installing new packages:
yum install package...
yum localinstall rpmfile...
yum groupinstall packagegroup...
Removing:
yum remove package...
Upgrade to later version/release:

yum update [package...]
25
RH133-RHEL5u4 -en-7-20090928/2d62dcb9

Centralized platform for systems management
Hosted, Satellite, Proxy
Web based management interface

Uses HTTPS for all transactions
Entitlements grant access to software channels and
modules
Custom channels can be locally administered
Additional modules support Management, Provisioning, and
Monitoring
26
RH133-RHEL5u4 -en-7-20090928/c54c73a8

Registration via rhn_register
Select the updates location (RHN or local satellite/proxy)
Enter Account information
Can be automated with rhnreg_ks
Interactive usage
yum uses plug-in for RHN communication
Already configured in /etc/yum/pluginconf.d/rhnplugin.conf
Remote management
Actions queued on RHN server
rhnsd polls RHN every four hours
rhn_check polls immediately
27
RH133-RHEL5u4 -en-7-20090928/bdc39cd4

Create a directory to hold your packages
Make this directory available via http or ftp
Install the createrepo RPM
Run createrepo -v /dir/packagedir
Creates/Re-creates a repodata subdirectory
Files contain extracted package header information
28
RH133-RHEL5u4 -en-7-20090928/7786da96

Primary RPM options:
Install/Upgrade: rpm -i | -F | -U rpmfile...
Removal: rpm -e package...
Output options: -v, -h
URL support: ftp:// (with globbing), http://
Advanced options:
Reinstall: --replacepkgs
Downgrade: --oldpackage
Ignore conflicts: --replacefiles
Ignore dependencies: --nodeps
29
RH133-RHEL5u4 -en-7-20090928/e117b1c6

Kernels are installed in parallel, not upgraded
Do not use rpm -U or rpm -F ! Use rpm -i !
yum properly handles with either update or install
Updating (adding) a kernel

yum update kernel
Boot new kernel to test
Reboot to old kernel if a problem arises
yum remove kernel-oldversion if no problems
210
RH133-RHEL5u4 -en-7-20090928/383d31a0

Four basic types of queries:
Installed version: rpm -q package
All installed: rpm -q -a [package_glob]
Package file (uninstalled): rpm -q -p rpmfile
File owner: rpm -q -f file_path_name
Types of information to query:

-i general information about package
-l list of files in package
Many others that yum cannot provide
211
RH133-RHEL5u4 -en-7-20090928/dec172a6
Verifying with rpm
Verifying with rpm

Installed package file verification:
# rpm -V package
# rpm -V -p rpmfile
# rpm -V -a
Signature verification before package installation:

# rpm --import RPM-GPG-KEY-redhat-release
# rpm -qa gpg-pubkey
# rpm -K rpmfile
212
RH133-RHEL5u4 -en-7-20090928/5317c18a
End of Lecture 2
End of Lecture 2
Summary
yum installs packages and their dependencies from remote
repositories
Repositories are configured in yum.conf and
/etc/yum.repos.d/
Red Hat distributes updates via the Red Hat Network
Systems must be registered to access RHN
Usually done during installation or post-install with rhn_register
Registered systems poll for updates via rhnsd

rpm can be used for advanced queries and tasks not suited to
yum
RH133-RHEL5u4 -en-7-20090928/60c26cfdsummary
Lecture 3
Lecture 3
System Services and Security
RH133-RHEL5u4 -en-7-20090928/f9757bb4title
Objectives
Objectives
Monitor and configure system logs
Automate tasks with cron
Configure printing
Understand the importance of time synchronization
Describe SELinux service security features
RH133-RHEL5u4 -en-7-20090928/f9757bb4objectives

Centralized logging daemons: syslogd, klogd, auditd
Log file examples:
/var/log/dmesg: Kernel boot messages
/var/log/messages: Standard system error messages
/var/log/maillog: Mail system messages
/var/log/secure: Security, authentication, and xinetd
messages
/var/log/audit/audit.log: Kernel auditing messages
Application log files and directories also reside in

/var/log/
31
RH133-RHEL5u4 -en-7-20090928/ff94a96f

klogd traps kernel messages to syslogd
Both controlled by /etc/rc.d/init.d/syslog
Script configured in: /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-m 0"
Configuring syslogd:
/etc/syslog.conf
facility.priority
log_location
logger generates messages to syslogd from

command-line
32
RH133-RHEL5u4 -en-7-20090928/9884cb30

Used to schedule recurring events
Use crontab to edit, install, and view job schedules
crontab [-u user] file
crontab [-l|-r|-e]
echo '*/15 8-17 * * 1-5 echo Breaktime' | crontab
Restrict / allow user access to crond

/etc/cron.allow
/etc/cron.deny
33
RH133-RHEL5u4 -en-7-20090928/af02b4eb

Different format than user crontab files
Default /etc/crontab runs executables in
/etc/cron.hourly/
/etc/cron.daily/
/etc/cron.weekly/
/etc/cron.monthly/
/etc/cron.d/ contains additional system crontab files
34
RH133-RHEL5u4 -en-7-20090928/b95b894d

tmpwatch
Cleans old files in specific directories
Keeps /tmp from filling up
logrotate
Keeps log files from getting too large
Configuration in: /etc/logrotate.conf and
/etc/logrotate.d/
logwatch
Provides a summary about system activity
Reports suspicious messages
Configuration in: /etc/logwatch/
35
RH133-RHEL5u4 -en-7-20090928/d4d80c40
The anacron System
The anacron System

anacron runs jobs when the system boots
Configuration file: /etc/anacrontab
Field 1: if the job has not been run in this many days...
Field 2: wait this number of minutes before running it
Field 3: job identifier
Field 4: the job to run
Default is tied to /etc/crontab

Runs missed daily, weekly, and monthly jobs
Vital for computers that are not up continually
36
RH133-RHEL5u4 -en-7-20090928/faec00ed

Configuration tools
system-config-printer
Web based: http://localhost:631
Command line: lpadmin and lpinfo
Configuration files
/etc/cups/cupsd.conf
/etc/cups/printers.conf
PPD files used to describe printers

Uses the Internet Printing Protocol (IPP)
Allows remote browsing of printer queues
Based on HTTP/1.1
37
RH133-RHEL5u4 -en-7-20090928/2ba4c1c2

Many applications require accurate timing
Workstation hardware clocks tend to drift without
correction
NTP counters the drift by manipulating the length of a
second
NTP clients should use three time servers
Configuration tool: system-config-date
Configuration file: /etc/ntp.conf
Test with ntpq
38
RH133-RHEL5u4 -en-7-20090928/a58abd8e
SELinux
SELinux
Mandatory Access Control -vs- Discretionary Access
Control
Any action not explicitly allowed is denied by default
A binary policy defines:

Security contexts (credentials)
Rules to allow specific actions
Booleans to conditionally enable or disable rules
Audit requirements (logging)
Default policy is targeted

Protects the system from a compromised service, not from local
users
Most local processes are unconfined_t
Supplemental Media
Security Engineer Dan Walsh on the role of SELinux
39
RH133-RHEL5u4 -en-7-20090928/357f91f4

Modes: Enforcing, Permissive, or Disabled
Persistent
/etc/sysconfig/selinux
system-config-securitylevel
Runtime
getenforce and setenforce 0 | 1
Kernel arguments: selinux=0 | 1 or enforcing=0 | 1
Logs: /var/log/{messages,audit/audit.log}
General advice
man -k selinux
setroubleshootd, sealert -b and sealert -a
Advises how to avoid errors, not ensure security!
310
RH133-RHEL5u4 -en-7-20090928/95dcaa4d
End of Lecture 3
End of Lecture 3
Summary
Most system logs are stored in /var/log/
Automated jobs can be scheduled with crontab -e
Syntax documented in man 5 crontab
Printers can be configured with system-config-printer

Network Time Protocol synchronizes date and time between
systems
Configure with system-config-date
SELinux identifies and limits processes by type

SELinux mode can be controlled with system-configsecuritylevel
RH133-RHEL5u4 -en-7-20090928/f9757bb4summary
Lecture 4
Lecture 4
RH133-RHEL5u4 -en-7-20090928/d1f5685etitle
Objectives
Objectives
Check your current system state
Start, stop and check services
Change to different runlevels
Understand the boot sequence
RH133-RHEL5u4 -en-7-20090928/d1f5685eobjectives

Red Hat Enterprise Linux Release:
cat /etc/redhat-release
Identifying your kernel:

Current kernel: uname -r
Available kernels: yum list installed kernel\* or rpm -qa
kernel\*
Identifying the runlevel:

Current runlevel: /sbin/runlevel or who -r
Default runlevel: grep initdefault: /etc/inittab
41
RH133-RHEL5u4 -en-7-20090928/ac8c2018
Runlevels
Runlevels
init defines runlevels 0-6, S, and emergency
Defines sets of services to auto-start
The runlevel is selected by either

Default in /etc/inittab at boot
id:5:initdefault:
Passing an argument from the bootloader

Using the command init new_runlevel
42
RH133-RHEL5u4 -en-7-20090928/425374e8
Graphical: system-config-services
Standalone Services
service servicename start|stop|restart|status
chkconfig --list servicename
chkconfig servicename on|off|reset
Transient Services
chkconfig --list servicename
chkconfig servicename on|off
43
RH133-RHEL5u4 -en-7-20090928/6c6818ba

BIOS initialization
Bootloader
Kernel initialization
init starts and enters desired runlevel by executing:
/etc/rc.d/rc.sysinit
/etc/rc.d/rc and /etc/rc.d/rc[0-6].d/
/etc/rc.d/rc.local
Virtual consoles
X Display Manager if appropriate
44
RH133-RHEL5u4 -en-7-20090928/b500c19a

Image selection
Select with space followed by up/down arrows on the boot
splash screen
Argument passing
Change an existing stanza in menu editing mode
Issue boot commands interactively on the GRUB command line
Password protection
Can block image selection
Can block menu editing mode
pyGRUB used for Xen paravirtualized systems

Boot system using: xm create -c domain
45
RH133-RHEL5u4 -en-7-20090928/9ccb1955

1st Stage
Small, added to MBR or boot sector during installation
Use /sbin/grub-install to repair
2nd Stage
Loaded from filesystem containing /boot
Configured in /boot/grub/grub.conf
To boot Linux: title, kernel, root filesystem, and initial

ramdisk
46
RH133-RHEL5u4 -en-7-20090928/90d7471d
Kernel boot time functions
Device detection
Device driver initialization (modules loaded from initrd<version>.img)
Mounts root filesystem read only
Loads initial process (init, PID 1)
Logged to /var/log/dmesg
47
RH133-RHEL5u4 -en-7-20090928/03283c0c
init Initialization
init Initialization
init reads its config: /etc/inittab
Initial runlevel
System initialization scripts
Runlevel specific script directories
Trap certain key sequences
Define UPS power fail / restore scripts
Spawn gettys on virtual consoles
Initialize X in runlevel 5
48
RH133-RHEL5u4 -en-7-20090928/56efac20
Activate udev and selinux
Sets kernel parameters in /etc/sysctl.conf
Sets the system clock
Loads keymaps
Enables swap partitions
Sets hostname
Root filesystem check and remount read-write
Activate RAID and LVM devices
Enable disk quotas
Check and mount other local filesystems
Cleans up stale locks and PID files
49
RH133-RHEL5u4 -en-7-20090928/96e6b7ef

/etc/rc.d/rc defines which standalone services to
start
l5:5:wait:/etc/rc.d/rc 5
Each runlevel has a corresponding directory:

/etc/rc.d/rc5.d/
K* symbolic links called with a stop argument
S* symbolic links called with a start argument
The System V init scripts reside in:

/etc/rc.d/init.d/
Behavior configured with files under /etc/sysconfig/
410
RH133-RHEL5u4 -en-7-20090928/80a6c1ac
Non-Service Startup
Non-Service Startup
/etc/rc.d/rc.local
Runs near the end of the runlevel specific scripts (S99local)
Common place for custom modification
Better practice:
Create a System V init script
Existing /etc/rc.d/init.d/ scripts can be used as a starting
point
411
RH133-RHEL5u4 -en-7-20090928/24249dc4
Transient Services
Transient Services
xinetd manages on-demand services
Less-frequently needed services
Host-based authentication
Service statistics and logging
Service IP redirection
Configuration files:
/etc/xinetd.conf
/etc/xinetd.d/service
412
RH133-RHEL5u4 -en-7-20090928/85a7f343
End of Lecture 4
End of Lecture 4
Summary
Understand system runlevels and kernels
Manage system services
Change runlevels
Understand the boot sequence
Use the GRUB bootloader
Access virtualization consoles
RH133-RHEL5u4 -en-7-20090928/d1f5685esummary
Lecture 5
Lecture 5
Kernel Monitoring and Configuration
RH133-RHEL5u4 -en-7-20090928/35efbaa5title
Objectives
Objectives
Understand the purpose and organization of the kernel
Know how to configure the kernel using /proc and
sysctl
Explore hardware devices available on the system
Understand how to load and configure kernel modules
RH133-RHEL5u4 -en-7-20090928/35efbaa5objectives
The Linux Kernel
The Linux Kernel

The kernel constitutes the core part of the Linux
operating system
Kernel duties:
System initialization: detects hardware resources and boots up
the system
Process scheduling: determines when processes should run and
for how long
Memory management: allocates memory on behalf of running
processes
Security: enforces permissions, SELinux contexts and firewall
rules
Provides buffers and caches to speed up hardware access
Implements standard network protocols and filesystem formats
Documentation available in the kernel-doc RPM

package
51
RH133-RHEL5u4 -en-7-20090928/92f1ab86
Kernel Components
Kernel Components
Multiple kernels may be installed at the same time
Different variants have different features, allows easier version
upgrades
Kernel version is part of the absolute filename to avoid

conflicts
/boot/vmlinuz-version
Main kernel binary file
/boot/initrd-version.img
Initial RAM disk providing critical kernel modules at boot
/lib/modules/version/
Kernel modules (drivers and extensions) matching a particular
kernel binary
52
RH133-RHEL5u4 -en-7-20090928/18d2993d

RHEL 5.4 32-bit x86 kernels:
kernel: up to 32 processors, 4 GB RAM
kernel-PAE: up to 32 processors, 16 GB RAM (PAE36)
kernel-xen: up to 32 processors, 16 GB RAM (Dom0 limits)
RHEL 5.4 64-bit x86-64 kernels:

kernel: up to 64 processors, 512 GB RAM
kernel-xen: up to 126 processors, 512 GB RAM (Dom0 limits)
53
RH133-RHEL5u4 -en-7-20090928/fbe8c43f

Kernel state: uname, uptime, tload
Processes: ps, top, gnome-system-monitor
Memory: free, vmstat, swapon -s, pmap
Disk Utilization: df, fdisk -l, iostat, lsof
Support Summary: sosreport
54
RH133-RHEL5u4 -en-7-20090928/47534075
Kernel Monitoring and Configuration with /proc and /sys
Kernel Monitoring and Configuration with

/proc and /sys
Virtual filesystems: proc and sysfs
Used to display:
Process information: /proc/<PID>
Memory resources: /proc/meminfo
Disk partitions: /proc/partitions
Modify kernel configuration:

System hostname: /proc/sys/kernel/hostname
Apply immediately, but do not persist across a reboot
55
RH133-RHEL5u4 -en-7-20090928/7ed18921

sysctl adds persistence to /proc/sys settings
Statements added to /etc/sysctl.conf automatically
processed during boot
Configuration maintained or monitored using the sysctl
command:
List all current settings: sysctl -a
Reprocess settings from sysctl.conf: sysctl -p
Set a /proc value dynamically: sysctl -w
net.ipv4.ip_forward=1
56
RH133-RHEL5u4 -en-7-20090928/62d68590

Utilities:
lspci and lsusb
For x86 and x86-64: dmidecode and x86info
HAL: Hardware Abstraction Layer

Snapshot of all connected devices
hal-device lists in text mode
hal-device-manager displays in a graphical window
57
RH133-RHEL5u4 -en-7-20090928/93c12b3d
Review of /dev
Review of /dev
Files under /dev are used to access drivers
Three file attributes determine which driver to access:
Device type (character or block)
Major number
Minor number
Block devices:
/dev/sda, /dev/sdb - SCSI, SATA, or USB storage
/dev/md0, /dev/md1 - Software RAID
Character devices:
/dev/null, /dev/zero - Software devices
/dev/random, /dev/urandom - Random numbers
58
RH133-RHEL5u4 -en-7-20090928/928a814a

udev manages files stored under /dev/
Files are only created if corresponding device is plugged
in
Files are automatically removed when device is
disconnected
udev statements under /etc/udev/rules.d/
determine:
Filenames
Permissions
Owners and groups
Commands to execute when a new device shows up
mknod does not persist across a reboot

59
RH133-RHEL5u4 -en-7-20090928/3a0a555e
Kernel Modules
Kernel Modules
Small kernel extensions
May be loaded and unloaded at will
Can implement drivers, filesystems, firewall, and more
Provided with the kernel RPM
Are located under /lib/modules/$(uname -r)/
Compiled for a specific kernel version
Third party modules may be added
510
RH133-RHEL5u4 -en-7-20090928/336394fa

lsmod provides a list of loaded modules
modinfo displays information about any available
module
modprobe can load and unload modules
/etc/modprobe.conf used for module configuration:
Parameters to pass to a module whenever it is loaded
Aliases to represent a module name
Commands to execute when a module is loaded or unloaded
511
RH133-RHEL5u4 -en-7-20090928/b7faceca

To mount the root filesystem, the kernel typically needs
to load modules:
ext3, jbd, raid1, scsi_mod ...
third-party hardware RAID modules
Compressed cpio archive created by kernel installation

kept in /boot
Use mkinitrd to rebuild
# mkinitrd /boot/initrd-$(uname -r).img $(uname -r)
Manually add modules:

--with
/etc/modprobe.conf
/etc/sysconfig/mkinitrd/
512
RH133-RHEL5u4 -en-7-20090928/9ceefd67
End of Lecture 5
End of Lecture 5
Summary
Different kernel variants based on processor and features
Persistently configure kernel tunables in /etc/sysctl.conf
Hardware and /dev managed through udev and HAL
Currently loaded kernel modules can be listed with lsmod
Modules needed to mount "/" are loaded from initrd
RH133-RHEL5u4 -en-7-20090928/35efbaa5summary
Lecture 6
Lecture 6
Network Configuration
RH133-RHEL5u4 -en-7-20090928/5be9f76btitle
Objectives
Objectives
Configure TCP/IP network interfaces and routing
Configure DNS name resolution
Do basic monitoring and filtering of network traffic
Describe how interfaces could be bonded
RH133-RHEL5u4 -en-7-20090928/5be9f76bobjectives

Networking scripts refer to logical interface names:
Ethernet: eth0, eth1 ...
Dial-up: ppp0, ppp1 ...
Loopback: lo
Display network interfaces/configuration by using:

ip [-s] link [show [ethX]]
ip addr [show [ethX]]
61
RH133-RHEL5u4 -en-7-20090928/ef3454bc

system-config-network
Device and Gateway
Static Routes
DNS and Hostname
system-config-network-tui
Device and Gateway
Changes are not immediate

Deactivate and Activate buttons
ifdown ethX ; ifup ethX
service network restart
62
RH133-RHEL5u4 -en-7-20090928/fc8c85f8

/etc/sysconfig/network-scripts/ifcfg-name
Set DEVICE to map configuration to device name
Set HWADDR to map configuration to MAC address
Set BOOTPROTO=dhcp for dynamic configuration
Set IPADDR and NETMASK for static configuration
Set ETHTOOL_OPTS to force speed and duplex settings
Requires at least DEVICE and BOOTPROTO or IPADDR
Options documented in sysconfig.txt
63
RH133-RHEL5u4 -en-7-20090928/f3878596
Device Aliases
Device Aliases
Useful for virtual hosting
Bind multiple IP addresses to a single NIC
<device>:<alias>, i.e. eth1:0, eth1:1 ...
Create a separate interface configuration file for each

device alias:
ifcfg-ethX:y
Must use static networking
64
RH133-RHEL5u4 -en-7-20090928/4da924e4

The routing table tells the kernel how to reach different
networks
Networks are associated with interfaces and, optionally,
routers
Networks attached to interfaces are added
automatically
A default gateway is used if no explicit route is given
View table with ip route
Configure table with:
GATEWAY in ifcfg-* or /etc/sysconfig/network
Settings in /etc/sysconfig/network-scripts/route-ethX
65
RH133-RHEL5u4 -en-7-20090928/68f9a1ab
ping
Network packet loss and latency measurement tool
traceroute
Displays network path to a destination
mtr
Combines the functionality of traceroute and ping in a single
tool
These and other tools available in the gnome-nettool

GUI
66
RH133-RHEL5u4 -en-7-20090928/946d0776
Hostnames
Hostnames
System hostname set in /etc/sysconfig/network
If not explicitly set, DHCP or DNS will be used
Can be viewed or temporarily set with hostname

Other name/IP mappings can be defined in /etc/hosts
127.0.0.1
localhost
::1
10.0.0.1
test1
localhost.localdomain
localhost6.localdomain6 localdomain6
testmachine1.lab.example.com
67
RH133-RHEL5u4 -en-7-20090928/1d931e2b
DNS Configuration
DNS Configuration
DNS servers resolve names not in /etc/hosts
Precedence controlled by /etc/nsswitch.conf
Configured in /etc/resolv.conf
search example.com
nameserver 192.168.0.254
nameserver 10.0.0.254
Test with gethostip, host, or dig
68
RH133-RHEL5u4 -en-7-20090928/10a51ef7

Filtering in the kernel
Only inspects packet headers
Consists of:
netfilter modules
iptables command
init.d/iptables script
Basic policy adjustments with system-configsecuritylevel
69
RH133-RHEL5u4 -en-7-20090928/8b4addc5

Network interfaces (ip)
Show what interfaces are available on a system
Local diagnostic (netstat)

Show active connections, routes, and statistics
Port scanners (nmap)

Show what services are available on a system
Packet sniffers (tcpdump, wireshark)

Stores and analyzes all network traffic visible to the "sniffing"
system
610
RH133-RHEL5u4 -en-7-20090928/97975493

Highly available network interface
Avoids single point of failure
Aggregating bandwidth and load balancing are possible
Many NICs can be bonded into a single virtual interface

Plug each interface into different switches on the same network
Network driver must be able to detect link
Configuration steps:
Load bonding module in /etc/modprobe.conf
Configure bond0 interface and its slave interfaces
/proc/net/bond0/info
611
RH133-RHEL5u4 -en-7-20090928/cdd47f47
End of Lecture 6
End of Lecture 6
Summary
system-config-network provides GUI or TUI networkconfiguration
Network configuration is stored in:
/etc/sysconfig/network-scripts/ifcfg-* (interface-specific
settings)
/etc/sysconfig/network-scripts/routes-* (non-standard routes)
/etc/resolv.conf (DNS servers)
/etc/sysconfig/network (other global settings)
Basic packet filtering can be configured with system-configsecuritylevel

Bonded interfaces provide aggregated bandwidth and load
balancing
RH133-RHEL5u4 -en-7-20090928/5be9f76bsummary
Lecture 7
Lecture 7
Filesystem Administration
RH133-RHEL5u4 -en-7-20090928/764d17a8title
Objectives
Objectives
Monitor filesystems
Access removable media
Access data from remote systems using NFS
Mount NFS filesystems on demand
RH133-RHEL5u4 -en-7-20090928/764d17a8objectives

Disk drives are divided into partitions
cat /proc/partitions
fdisk -l /dev/sda
Primary, Extended, Logical
Partitions are formatted with filesystems for users to

store data
Default filesystem: ext3, the Third Extended Linux Filesystem
Other common filesystems: ext2, vfat, iso9660, and gfs
Filesystems are mounted into the tree before access

mount
df [-h]
71
RH133-RHEL5u4 -en-7-20090928/d40210a3

The inode table of a filesystem contains a list of all files
df -i
Each inode (index node) of a file contains metadata:

file type, permissions, UID, GID, size and time stamps
the link count (count of path names pointing to this file)
pointers to the file's data blocks on disk
A directory contains a list of filenames

The directory data block contains mapping of filename to inode
number
ls -i
72
RH133-RHEL5u4 -en-7-20090928/3ac1e82c

Removable media mounted under /media automatically
Mounting performed by graphical environments
HAL (Hardware Abstraction Layer) monitors removable media
HAL automatically mounts when media detected
HAL calls gnome-mount and gnome-umount
Users can call these commands directly
When mounting manually, use /mnt
73
RH133-RHEL5u4 -en-7-20090928/74b2da34

Servers export directories using NFS
# rpcinfo -p nfsserver
# showmount -e nfsserver
Clients mount NFS exported directories to local

directories
Remote directories appear to be local to local users
# mkdir /pub
Remote directories can be manually mounted

# mount nfsserver:/exported/dir /pub
Can be automatically mounted at boot time in /etc/fstab

nfsserver:/exported/dir
/pub
nfs
soft
0 0
74
RH133-RHEL5u4 -en-7-20090928/cf0f81c4

NFS shares can be automatically mounted on demand
using the automounter
No additional server-side configuration required
NFS shares mounted when accessed by any user and umounted
when no longer in use
Two tier configuration:

First tier: /etc/auto.master lists automounting directory and
file that lists mounts within the directory
Second tier specified in /etc/auto.master: lists mount point,
options, and directory to be mounted
All per-server exports accessed automatically via /net
75
RH133-RHEL5u4 -en-7-20090928/fb411586
End of Lecture 7
End of Lecture 7
Summary
Disks are divided into partitions, which contain filesystems
Filesystems are associated with mountpoints using mount
df -h displays a usage summary for each mounted filesystem
Removable media is mounted under /media
To mount an nfs share, run mount nfsserver:/share
/mntpoint
To list shares on an NFS server, run showmount -e nfsserver
NFS shares can be auto-mounted with /etc/fstab or /net
RH133-RHEL5u4 -en-7-20090928/764d17a8summary
Lecture 8
Lecture 8
Additional Storage
RH133-RHEL5u4 -en-7-20090928/5b177302title
Objectives
Objectives
Add new partitions/filesystems
Troubleshoot filesystems
Add virtual memory
RH133-RHEL5u4 -en-7-20090928/5b177302objectives

Identify device
Partition device
Make filesystem
Label filesystem (optional)
Add entry to /etc/fstab
Create mount point
Mount new filesystem
81
RH133-RHEL5u4 -en-7-20090928/3346f175

Backup the partition table
# sfdisk -d /dev/sda > /tmp/partitions.sda
Partition the disk

# fdisk /dev/sda
Restore partition table after major mistake

# sfdisk /dev/sda < /tmp/partitions.sda
Update /proc/partitions
# partprobe /dev/sda
82
RH133-RHEL5u4 -en-7-20090928/3b2c7cf3
Making Filesystems
Making Filesystems
Make the filesystem with a label
# mkfs -t ext3 -L guest_data /dev/sda5
Calls mkfs.ext3 (default mkfs.ext2)
mkfs.ext3 [options] device

Calls specific filesystem utilities like mke2fs
mke2fs [options] device
83
RH133-RHEL5u4 -en-7-20090928/951e21c9

Make a mountpoint
# mkdir -p /srv/guest_data
Mount the filesystem

# mount -o rw LABEL=guest_data /srv/guest_data
Default -o options for ext3:

Executable: rw, suid, dev, exec, auto, nouser, and async
Filesystem embedded by anaconda: acl, user_xattr
Overridden by /etc/fstab or command line -o option
84
RH133-RHEL5u4 -en-7-20090928/76188a1b

Maintains the hierarchy across system reboots
Used by mount, fsck, and other programs
May use filesystem volume labels in the device field
LABEL=/mnt/data
/mnt/data
ext3
defaults
1 2
mount -a will mount all auto filesystems in

/etc/fstab
Recommended for testing fstab syntax before reboot!
85
RH133-RHEL5u4 -en-7-20090928/71945f5d
umount [options] device | mount_point
Cannot unmount a filesystem that is in use
Use fuser to check and/or kill processes
Use remount option to change a mounted filesystem's

options
mount -o remount,ro /data
86
RH133-RHEL5u4 -en-7-20090928/005aa956

View filesystem features
# dumpe2fs /dev/sda5 | less
Change filesystem features

# tune2fs -i0 -c0 /dev/sda5
Display or change the filesystem label

#
#
#
#
e2label /dev/sda5
e2label /dev/sda5 new_label
blkid -s LABEL
findfs LABEL=new_label
87
RH133-RHEL5u4 -en-7-20090928/e6331d68

Swap space is hard disk space that extends system
RAM
Create a swap file (or partition)
# dd if=/dev/zero of=/var/local/swapfile bs=1k count=1M
Write special signature

# mkswap /var/local/swapfile
Add entry to /etc/fstab

/var/local/swapfile
swap
swap
defaults 0 0
Activate swap space

# swapon -a
88
RH133-RHEL5u4 -en-7-20090928/86c9214a
End of Lecture 8
End of Lecture 8
Summary
To create a new filesystem:
1.
2.
3.
4.
Run
Run
Add
Run
fdisk device and create a partition of type Linux.

mkfs -t fstype partition to create a filesystem
to /etc/fstab
mount -a
To create a new swap partition:

1.
2.
3.
4.
Run
Run
Add
Run
fdisk device and create a new partition of type Linux Swap

mkswap partition
to /etc/fstab
swapon -a
RH133-RHEL5u4 -en-7-20090928/5b177302summary
Lecture 9
Lecture 9
User Administration
RH133-RHEL5u4 -en-7-20090928/b862a9d9title
Objectives
Objectives
Manage user and group accounts
Set up filesystem quotas
RH133-RHEL5u4 -en-7-20090928/b862a9d9objectives

User: /etc/passwd and /etc/shadow
Maps name to UID, GID, home directory, and login shell
Maps name to password and expiration
Group: /etc/group and /etc/gshadow

Maps group to GID and user members
Maps group to password and group administrators
Management: system-config-users and/or command

line tools
91
RH133-RHEL5u4 -en-7-20090928/c8c69acd

useradd [options] username
Defaults in: /etc/default/useradd and
/etc/login.defs
Equivalent to:
editing /etc/passwd, /etc/shadow, /etc/group, /etc/gshadow
creating and populating home directory from /etc/skel/
setting permissions and ownership
Set account password using passwd

Accounts may be added in a batch with newusers
92
RH133-RHEL5u4 -en-7-20090928/ccb9c36e

To change fields in a user's /etc/passwd entry you
can:
Edit the file by hand with vipw
Use usermod [options] username
To remove a user either:

Manually remove the user from /etc/passwd, /etc/shadow,
/etc/group, /etc/gshadow, /var/spool/mail, etc.
Use userdel [-r] username
93
RH133-RHEL5u4 -en-7-20090928/6c92294e

By default, passwords do not expire
Forcing passwords to expire is part of a strong security
policy
Modify default expiration settings in /etc/login.defs
To modify existing users, either:
Edit /etc/shadow by hand
Use chage [options] username
94
RH133-RHEL5u4 -en-7-20090928/4bf07712

Creation: groupadd [-g gid] auxgroup
Add users to group (either):
# usermod -aG auxgroup username
# gpasswd -a username auxgroup
# vigr
Rename/Delete: groupmod and groupdel
95
RH133-RHEL5u4 -en-7-20090928/385bb9e8

Implemented within the kernel
Enabled on a per-filesystem basis
Individual policies for groups or users
Limit by the number of 1K-blocks or inodes
Implement both soft and hard limits
Initialization
Partition mount options: usrquota, grpquota
Initialize database: quotacheck -cugm /filesystem
Start or stop quotas: quotaon, quotaoff
96
RH133-RHEL5u4 -en-7-20090928/464ba9be
Managing Quotas
Managing Quotas
Implementation
Edit quotas directly: edquota username
From a shell: setquota username 4096 5120 40 50 /foo
Define prototypical users: edquota -p user1 user2
Reporting
User inspection: quota
Quota overviews: repquota
Miscellaneous utilities: warnquota
97
RH133-RHEL5u4 -en-7-20090928/ce800e7d
End of Lecture 9
End of Lecture 9
Summary
system-config-users provides GUI user and group management
useradd, usermod and userdel provide CLI user management
userdel leaves home directory and mail unless -r is provided
groupadd, groupmod and groupdel provide CLI group

management
Quotas can limit by space (kilobytes) or inodes
To enable quotas on a filesystem
1. Edit /etc/fstab, add usrquota and/or groupquota options.
2. Run mount -o remount partition
3. Run quotacheck -cm partition
quotacheck -cgm partition for group quotas
4. Run quotaon -a
5. Define quotas with edquota and/or setquota
RH133-RHEL5u4 -en-7-20090928/b862a9d9summary
Lecture 10
Lecture 10
Filesystems for Group Collaboration
RH133-RHEL5u4 -en-7-20090928/88a9a6b5title
Objectives
Objectives
Manage file security
Create collaborative directories using SetGID
Extend filesystem security with ACLs
RH133-RHEL5u4 -en-7-20090928/88a9a6b5objectives
Review: Viewing/Setting Ownership and Permissions
Review: Viewing/Setting Ownership and

Permissions
View current settings:
$ ls -l filename
Every file is owned by a UID and a GID

Three permission categories: user (owner), group and others
Change user and/or group:

# chown user:group filename
$ chgrp group filename
Change permissions:
$ chmod ugo+x filename
$ chmod 775 filename
101
RH133-RHEL5u4 -en-7-20090928/ce1927b2
Review: Default File Ownership and Permissions
Review: Default File Ownership and

Permissions
Ownership is based on the creator:
User is creator
Group is normally creator's primary group
Permissions start with:

Read and Write for files
Read, Write, and eXecute for directories
Permissions are withheld by creator's umask

Non-system users' default umask is 002 (no w for other)
Files will have permissions of 664 (-rw-rw-r--)
Directories will have permissions of 775 (drwxrwxr-x)
102
RH133-RHEL5u4 -en-7-20090928/827416a8
User Private Groups
User Private Groups

A group of the same name as the user
Automatically created when user is created
User's primary group is this private group
User's new files are assigned to this group
Prevents new files from belonging to a public group

May encourage making files world-accessible
103
RH133-RHEL5u4 -en-7-20090928/da58ce2e

SGID is used to create a collaborative directory
When a file is created in a directory with the SGID bit set, it
belongs to the same group as the directory, rather than the
creator's primary group
# chmod g+s directory
Sticky allows only the owner of a file to delete it

Normally users with write permissions to a directory can delete
any file in that directory regardless of that file's permissions or
ownership
# chmod o+t directory
104
RH133-RHEL5u4 -en-7-20090928/5f6747fc

Grant or deny access to multiple users or groups
Non-root users cannot chown files
Avoids users sharing files with chmod 777
Uses same rwx permissions
Implemented as a mount option (acl)

Embedded in filesystem superblock at install time
Backup utilities/scripts may need to be updated to

support
105
RH133-RHEL5u4 -en-7-20090928/b424c0cc

Viewing:
$ getfacl filename
Modifying (Adding or Changing):

$ setfacl -m u:gandalf:rw filename
Removing (Expunging):
$ setfacl -x u:gandalf filename
106
RH133-RHEL5u4 -en-7-20090928/5373192c

Three access categories: User, Group, and Other
Compare process UID to
UID of file => user permissions apply
ACL UID of file => ACL's permissions apply
Otherwise, compare list of process GIDs to

GID of file => group permissions apply
ACL GID of file => ACL's permissions apply
Since there can be multiple matches at this level, it is additive
within this level
If neither match, other permissions apply
107
RH133-RHEL5u4 -en-7-20090928/18ce0827

ACLs for groups use g: instead of u:
Automatic ACL setting
New files inherit default ACL (if set) from directory
$ setfacl -m d:g:groupname:rw directory
Defaults for groups can share files with multiple groups
108
RH133-RHEL5u4 -en-7-20090928/2432d270
End of Lecture 10
End of Lecture 10
Summary
chmod g+sw dir creates a fully-collaborative environment
Members of the group that owns dir can create, delete an modify all
files in it
chmod o+t dir creates a limited-collaboration environment

Users with write access can create and delete only their own files.
Collaborative directories with SGID

Filesystem access to a list of users/groups
RH133-RHEL5u4 -en-7-20090928/88a9a6b5summary
Lecture 11
Lecture 11
Centralized User Administration
RH133-RHEL5u4 -en-7-20090928/552a371ctitle
Objectives
Objectives
Describe how Red Hat Enterprise Linux accesses user
information
Configure system to use centralized authentication
services
RH133-RHEL5u4 -en-7-20090928/552a371cobjectives
Two types of information are required to log in
Account information: Who is this user?
UID number, default shell, home directory, groups, etc
Authentication Credentials: Is this really the user?

Password, key, retinal scan, etc
Account and authentication information may be stored

remotely
Allows for common logins across multiple systems
111
RH133-RHEL5u4 -en-7-20090928/68f23321

system-config-authentication
Provided by the authconfig-gtk package
Presents GUI interface if possible
Use authconfig-tui to force text-based interface
Also supports making changes via command-line arguments
Supported account information services:

(local files), NIS, LDAP, Hesiod, Winbind/Active-Directory
Supported authentication mechanisms:

(NSS), Kerberos, LDAP, SmartCard, SMB, Winbind/ActiveDirectory
Supplemental Media
Developer Nalin Dahyabhai on system-config-authentication
112
RH133-RHEL5u4 -en-7-20090928/187a7489

Configuration files converted to maps on server
Related maps are grouped into domains
Clients join a domain and treat its maps like local files
Common maps include:
passwd
group
hosts
Requires installation of ypbind and portmap RPMs

Password hashes are transmitted unencrypted!
113
RH133-RHEL5u4 -en-7-20090928/3f042508
NIS Client Tools
NIS Client Tools

ypwhich: Displays the name of the NIS server being
used
ypdomainname: Displays or sets the NIS domain to
join
ypcat mapname: Prints the contents of a map from the
server
rpcinfo -p hostname: Verify NIS server (ypserv)
availability
114
RH133-RHEL5u4 -en-7-20090928/7cf7c83d

Network-accessible database tuned for high read traffic
May also be used for service configs, extended user
info, etc.
More modern implementation than NIS, supports
encryption
Server configuration can be more complex than with
NIS
Requires installation of nss_ldap and openldap RPMs
115
RH133-RHEL5u4 -en-7-20090928/47a9c83e
LDAP Client Tools
LDAP Client Tools

Query an LDAP server: ldapsearch
-ZZ: Require an SSL-encrypted connection
-x: Use simple authentication (required without extra
configuration)
-H ldap://hostname[:port]: Connect to specific server
Test SSL connection to server

# openssl s_client -connect hostname:port
116
RH133-RHEL5u4 -en-7-20090928/af3d628d

system-config-authentication really does three
things:
Configure Pluggable Authentication Modules (PAM)
Used by applications to authenticate users
Configure the Name Service Switch (NSS) if necessary

Retrieves account information from local files, NIS and LDAP
Configure service-specific configuration files if necessary

/etc/yp.conf (NIS)
/etc/openldap/ldap.conf (LDAP)
117
RH133-RHEL5u4 -en-7-20090928/1fed6861

Groups information from multiple sources into
"entries":
passwd: Account information
shadow: Authentication information
groups: Group information
Other entries exist, not related to authentication
Entries are defined in /etc/nsswitch.conf

Applications may query NSS directly or via PAM
getent entry displays the contents of an entry
118
RH133-RHEL5u4 -en-7-20090928/12316b4f

Applications delegate authentication to the libpam
library
PAM prompts, validates, and tells app to accept or
reject
Allows all applications to use the same auth process
...though application-specific instructions may also be included
Default configuration uses NSS for most user/auth data

Documentation: /usr/share/doc/pam-<version>/
Supplemental Media
Developer Nalin Dahyabhai on why PAM was developed
119
RH133-RHEL5u4 -en-7-20090928/5ddea6b6

Home directories for users may be shared via NFS
Gives users consistent files and settings across systems
autofs can be configured to mount home dirs upon

login
Configuration shortcuts make this easier
* matches all possible directory names
& represents the name of the requested directory
Do not enable on systems where untrusted users may

have root access!
1110
RH133-RHEL5u4 -en-7-20090928/bc2f339f
1111
RH133-RHEL5u4 -en-7-20090928/f10e8921
End of Lecture 11
End of Lecture 11
Summary
Authentication is configured using system-configauthentication
User and authentication information are accessed via PAM and
NSS
Information can be stored locally or on a central server
Supported centralized mechanisms include NIS, LDAP and
Kerberos
RH133-RHEL5u4 -en-7-20090928/552a371csummary
Lecture 12
Lecture 12
Software RAID
RH133-RHEL5u4 -en-7-20090928/c4a86305title
Objectives
Objectives
Configure high-availability storage with RAID
Recover a degraded software RAID array
RH133-RHEL5u4 -en-7-20090928/c4a86305objectives

Multiple disks grouped together into arrays
Benefits include better performance and/or fault tolerance
RAID Level defines how grouped
Spare disks can add extra redundancy
Hardware RAID built into add-on card or motherboard

Requires driver (kernel module)
Array generally seen as a SCSI disk: /dev/sda
Software RAID is built into Linux kernel

RAID devices are named: /dev/md0, /dev/md1, and so on
mdadm provides the administrative interface
121
RH133-RHEL5u4 -en-7-20090928/febf917e

1. Create partitions of type 0xfd (Linux RAID Autodetect)
2. Combine partitions into a RAID device
# mdadm -C /dev/md0 -a yes -l 5 -n 3 partitions...
3. Format the RAID device

# mkfs.ext3 /dev/md0
4. Add an entry to /etc/fstab:

/dev/md0
/mountpoint
ext3
defaults
1 2
122
RH133-RHEL5u4 -en-7-20090928/cf177c50

Log entries are sent to syslogd
Interactively check status with:
# mdadm --detail /dev/md0
# cat /proc/mdstat
mdmonitor provides notification services on the status

Must create/setup /etc/mdadm.conf
MAILADDR=user@mydomain.TLD
123
RH133-RHEL5u4 -en-7-20090928/b921501f

To simulate disk failure
# mdadm /dev/md0 -f /dev/sda1
Recovering from a software RAID disk failure

1. Replace and reboot, or hot-remove if hardware supports it
# mdadm /dev/md0 -r /dev/sda1
2. Add replacement partition into array

# mdadm /dev/md0 -a /dev/sda1
To disassemble/stop a disk array

# mdadm -S /dev/md0
124
RH133-RHEL5u4 -en-7-20090928/c4a2635a
End of Lecture 12
End of Lecture 12
Summary
RAID coordinates multiple disks to work as one
Spare disks can be designated for auto-recovery in most RAID
levels
RAID devices are created and managed with mdadm
RH133-RHEL5u4 -en-7-20090928/c4a86305summary
Lecture 13
Lecture 13
Logical Volume Management
RH133-RHEL5u4 -en-7-20090928/43bbab7etitle
Objectives
Objectives
Use storage more efficiently with logical volumes
Back up logical volumes with minimal risk and
downtime
RH133-RHEL5u4 -en-7-20090928/43bbab7eobjectives

A layer of abstraction that allows easy manipulation of
volumes
Supports resizing of filesystems
Allows filesystems to span multiple physical devices
Block devices are designated as Physical Volumes
One or more Physical Volumes are used to create a Volume
Group
Volume Groups are defined with Physical Extents of a fixed size
Logical Volumes are composed of Physical Extents from Volume
Group
Filesystems may be created on Logical Volumes
131
RH133-RHEL5u4 -en-7-20090928/d3fefa7b
LVM Tools
LVM Tools
system-config-lvm provides GUI control
System->Administration->Logical Volume Management
Physical View manages PVs in selected volume group
Logical View manages LVs in selected volume group
lvm subcommand provides CLI control

lvm help lists sub-commands
lvm vgdisplay -v lists status of all VGs, LVs and PVs
Each sub-command has a symbolic link to lvm
Allows sub-commands to be called without lvm prefix
132
RH133-RHEL5u4 -en-7-20090928/3ba9f3d7

1. Prepare underlying block devices
Can use partitions of type 0x8e or software RAID devices
2. Create physical volumes

# pvcreate /dev/hda3
3. Create volume group containing physical volume

# vgcreate vg0 /dev/hda3
4. Create logical volumes inside volume groups

# lvcreate -L 256M -n data vg0
5. Format and mount logical volume (/dev/vg0/data)
133
RH133-RHEL5u4 -en-7-20090928/e58489b4

Growing logical volumes and filesystems
lvextend can grow logical volumes
resize2fs can grow ext3 filesystems online or offline
Shrinking filesystems and logical volumes

Must be done offline (umount)
Requires a filesystem check (e2fsck) first
Filesystem then reduced (resize2fs)
Lastly, lvreduce can then reduce the volume
134
RH133-RHEL5u4 -en-7-20090928/49b3eb2a

Volume Groups can be enlarged with:
# vgextend vg0 /dev/sdb1
Volume Groups can be reduced with:

# pvmove /dev/hda3
# vgreduce vg0 /dev/hda3
135
RH133-RHEL5u4 -en-7-20090928/cd4f1508

Snapshots are special Logical Volumes that are an exact copy of an
existing Logical Volume at the time the snapshot is created
Snapshots are perfect for backups and other operations where a
temporary copy of an existing dataset is needed
Snapshots only consume space where they are different from the
original Logical Volume
Snapshots are allocated space at creation but do not use it until changes are
made to the original Logical Volume or the Snapshot
When data is changed on the original Logical Volume the older data is copied
to the Snapshot
Snapshots contain only data that has changed on the original Logical Volume
or the Snapshot since the Snapshot was created.
136
RH133-RHEL5u4 -en-7-20090928/b0d3cfac
Using LVM Snapshots
Using LVM Snapshots

1. Create snapshot of existing Logical Volume
# lvcreate -l 64 -s -n datasnap /dev/vg0/data
2. Mount snapshot
# mkdir -p /mnt/datasnap
# mount -o ro /dev/vg0/datasnap /mnt/datasnap
3. Perform backup
4. Remove snapshot
# umount /mnt/datasnap
# lvremove /dev/vg0/datasnap
137
RH133-RHEL5u4 -en-7-20090928/76376063
End of Lecture 13
End of Lecture 13
Summary
LVM organizes space into logical groups independent of device
boundaries
LVM components can be managed with lvm or system-configlvm
LVM Snapshots allow backing up of read-only filesystems with
minimal downtime
RH133-RHEL5u4 -en-7-20090928/43bbab7esummary
Lecture 14
Lecture 14
Virtualization and Automated

Installation
RH133-RHEL5u4 -en-7-20090928/7005d523title
Objectives
Objectives
Define virtualization
Interactively install virtual machine
Create and utilize Kickstart files
Set up an anaconda server
RH133-RHEL5u4 -en-7-20090928/7005d523objectives

Xen is the basis for virtualization in RHEL 5
Paravirtualized guests running RHEL 5 and RHEL 4.5 and later
Full virtualization for unmodified operating systems
Xen Architecture
Hypervisor runs on hardware directly
Hypervisor boots privileged RHEL 5 domain (Dom0)
xend and other supporting services run in Dom0
User Domains (DomU) managed by Dom0
141
RH133-RHEL5u4 -en-7-20090928/d3606ba1
Preparing Domain-0
Preparing Domain-0
Ensure that hardware supports virtualization
Perform a normal installation of the machine
Ensure that kernel-xen, xen, and virt-manager are
installed
Select Virtualization component at install-time
Verify subscribed to RHN "RHEL Virtualization" channel, install
with yum
Verify xend and libvirtd configured to start on boot

Configure kernel-xen as default kernel and reboot
142
RH133-RHEL5u4 -en-7-20090928/6e8cd1be

GUI Wizard: virt-manager
Define the name of the domain
Select VCPUs, RAM, Network, and VBDs
Specify the location of the installer and optionally a kickstart file
CLI Tool: virt-install

DomUs can be configured to start when Dom0 boots:
# chkconfig xendomains on
# virsh autostart domain
143
RH133-RHEL5u4 -en-7-20090928/7b41fb0f

Scripted installation method
Supports all anaconda features
Template /root/anaconda-ks.cfg is autogenerated during
installs
Configuration utility: system-config-kickstart

Syntax checker: ksvalidator
144
RH133-RHEL5u4 -en-7-20090928/8c700fc0

Anaconda boot option ks enters Kickstart mode
DHCP based kickstart: ks
Network based kickstart: ks=url
From local medium: ks=hd:device:/path/to/file
Boot media can be modified for custom installations:

Optical media: boot.iso or Installation CD/DVD
USB media: diskboot.img
Network boot with PXE
Other bootloaders such as GRUB
145
RH133-RHEL5u4 -en-7-20090928/86a85abc

Commands section
Configures the system
Omitted directives are prompted to the user
Packages section
%packages selects packages and groups for installation
Dependencies are always resolved
Scripts section(s)
Optional section(s) to customize the system
%pre scripts are run before installation
%post scripts are run after installation
146
RH133-RHEL5u4 -en-7-20090928/878e019c

Starting the Installation
Installation Mode
install performs a fresh install.
upgrade upgrades an existing installation.
Installation Method:
cdrom
url --url url
nfs --server host --path directory
harddrive --partition=device --dir=/path/to/install_tree
Media Sets
Two available: Client and Server
May contain packages from additional layered products
key defines the Installation Number to access additional
content
147
RH133-RHEL5u4 -en-7-20090928/6c5dd313

Important Directives
Required Directives
Must be specified, otherwise the installer configures them
interactively
Localization options: keyboard, lang, timezone
Authentication: rootpw, authconfig
Bootloader: bootloader
Optional Directives
Network: network [options]
Security: firewall, selinux, services
Installer behavior: firstboot, poweroff|reboot, interactive,
text
148
RH133-RHEL5u4 -en-7-20090928/9dcd9a8f

Add package groups with @package_group
Add single packages with package_name (no version)
Remove packages from the list with -package_name
Use wildcards to specify multiple packages
Dependencies are always resolved
Additional languages with @lang-support
149
RH133-RHEL5u4 -en-7-20090928/68e06ece

%pre gives you the first word
Executes as a bash shell script
Executes after Kickstart file is parsed
%post gives you the final word

Can specify interpreter (bash is default)
chrooted by default, but may be run without chroot
1410
RH133-RHEL5u4 -en-7-20090928/b29c2d23

Provides an easy distribution platform for the enterprise
Necessary for network-based installs
Often faster than CDROM-based installation methods
Share the media directories

NFS, FTP, and/or HTTP
Can be used as a local yum repository
1411
RH133-RHEL5u4 -en-7-20090928/de147035
End of Lecture 14
End of Lecture 14
Summary
Virtualization allows for more efficient use of hardware
resources
virt-manager provides GUI management of virtual machines
virsh and virt-install provide CLI management of virtual
machines
Kickstart files allow for automation of Red Hat Enterprise Linux
installation
Installation leaves a template kickstart in /root/anacondaks.cfg
system-config-kickstart can be used to create new kickstart
files
ksvalidator can be used to check kickstart file syntax
Network installation can be performed via HTTP, FTP, and NFS
RH133-RHEL5u4 -en-7-20090928/7005d523summary
Lecture 15
Lecture 15
Troubleshooting with Rescue Mode
RH133-RHEL5u4 -en-7-20090928/9e12a361title
Objectives
Objectives
Develop a strategy for troubleshooting
Use the rescue environment
Access virtualized disks from Domain-0
RH133-RHEL5u4 -en-7-20090928/9e12a361objectives

Characterize the problem
Reproduce the problem
Find further information
Eliminate possible causes
Try the easy things first
Configuration files
Backup before changing
Use tools when available
151
RH133-RHEL5u4 -en-7-20090928/569b2e74

Useful commands
history
grep
diff
find /dir -cmin -60
strace command
tail -f logfile
Generate additional information

*.debug in syslog
--debug option in application
152
RH133-RHEL5u4 -en-7-20090928/b82d3507

Bootloader configuration
Kernel
Starting init
/sbin/init
Entering runlevel [0-6]
/etc/rc.d/rc, /etc/rc.d/rc[0-6].d/
/etc/rc.d/rc.local
Virtual Consoles
X Display Manager
153
RH133-RHEL5u4 -en-7-20090928/b66db28d
Recovery Runlevels
Recovery Runlevels
Pass runlevel to init
On boot from GRUB splash screen
kernel line
module line (Xen)
From shell prompt using: init or telinit
Runlevel 1
Process rc.sysinit and rc1.d scripts
Runlevel s, S, or single
Process only rc.sysinit
emergency
Run sulogin only
154
RH133-RHEL5u4 -en-7-20090928/d41a13ea

rc.sysinit attempts to mount local filesystems
Upon failure, user is dropped to an sulogin shell
fsck may be used to fix corrupted filesystems
Before running fsck:
Check fstab for mistakes
Before editing:
# mount -o remount,rw /
Manually test mounting filesystems
155
RH133-RHEL5u4 -en-7-20090928/ccb93c5a
Rescue Environment
Rescue Environment
Required when root filesystem is unavailable
Non-system specific
Boot from installer kernel/initrd
boot: linux rescue
156
RH133-RHEL5u4 -en-7-20090928/80d921ea

Disk Maintenance Utilities
lvm
Networking Utilities
Miscellaneous Utilities
Logging:
/tmp/syslog
/tmp/anaconda.log
157
RH133-RHEL5u4 -en-7-20090928/89192dc9

Filesystem reconstruction
Asks if filesystems should be mounted: /mnt/sysimage/*
$PATH includes hard drive's directories
chroot /mnt/sysimage
NFS method mounted: /mnt/source
Define MANPATH to access man pages
Filesystem nodes
System-specific device files provided
mknod knows major/minor #'s
158
RH133-RHEL5u4 -en-7-20090928/234c0a01
End of Lecture 15
End of Lecture 15
Summary
Remember the order of events in the boot sequence:
BIOS
Grub
Kernel
/sbin/init (reading /etc/inittab)
/etc/rc.d/rc runlevel
mingetty/prefdm
Enter linux rescue at boot: prompt for rescue mode

kpartx can be used to examine VM disks
RH133-RHEL5u4 -en-7-20090928/9e12a361summary
Appendix A
Appendix A
RH133-RHEL5u4 -en-7-20090928/4d3c8f4dtitle
file:///C|/Users/redqueen/Desktop/slides/slides/RH133-RHEL5u4-en-slides-7-20090928/html/appendix-A/page01.html[5/3/2010 2:08:21 AM]

Connecting to virtual systems
Connecting to virtual systems

For many labs you will be asked to connect to a virtual server to complete the lab work.
These servers can be accessed in different ways. The preferred way to access these virtual
machines, a.k.a. domains, is via the ssh command. Depending on your classroom
environment there may be other ways to access these machines.
The following sections discuss tools for managing virtual machines in Red Hat Global
Learning Services physical and virtual training environments, respectively:
Working with virtual machines in a physical-classroom environment
Working with virtual machines in a physical-classroom

environment
If you are in a physical classroom environment, ssh is the recommended method for
connecting to virtual machines, but you have alternatives if that does not work. If you
experience problems connecting using ssh, you can try using the following virsh
commands. Extended usage info on these commands can be found in man virsh.
virsh is the command line management tool used for almost all aspects of controlling and
working with virtual systems. It can also be used to get access directly to a serial console
of a virtual system. This is useful for connecting to virtual systems for monitoring installs,
examining the boot process, or for attaching to hosts that may not yet be configured for
network access. virsh must be run from the Dom-0, or host machine, of the virtual hosts.
It can not be run on the virtual systems themselves.
Using virsh to control domains
Using virsh to control domains

virsh start domain
Used to 'power on' a virtual host.
virsh shutdown domain
Does a 'clean' shutdown of a virtual host.
virsh reboot domain
Reboots a virtual system.
virsh destroy domain
Is akin to pulling the power plug.
virsh suspend domain
'Pauses' the virtual system. The host is still in memory but is no longer running.
virsh resume domain
Changes a virtual system out of the suspended state back into a running state.
virsh save domain state-file
Saves the running state of a domain to a file to be restored later. This is roughly the
equivalent of 'hibernating' a virtual system.
virsh restore state-file
Restore a previously saved domain running state from a virsh save file.
Using virsh to monitor domains
Using virsh to monitor domains

virsh console domain
Opens a local serial console to a running domain. This gives command-line access to
your virtual system.
Ctrl + ]
Disconnects from the console of a domain.
virsh list [ domain]
List currently running domains.
xentop
Displays a list of currently running domains and gives information in a constantly
updating format. It is like top for Xen hosts.
Booting virtual systems into recovery runlevels
Booting virtual systems into recovery runlevels

Virtual systems can be booted into recovery runlevels like emergency and single-user
mode, but the process is different than with a physical system.
1. Shut down the virtual system by clicking Shutdown in virt-manager or running
virsh destroy domain from the command line.
2. Boot the virtual system to a boot-loader prompt by running xm create -c domain
(don't forget the -c option!). This will open a console connection to domain in your
terminal, allowing you to access the boot-loader.
3. As soon as you see the boot-loader menu, press a to halt the countdown and begin
appending arguments to the kernel command line.
4. Add emergency for emergency mode or 1 for single user mode to the kernel
arguments and press Enter .
5. Disconnect from the console by pressing Ctrl-]
6. Open a graphical connection to the virtual system by double-clicking on it in virtmanager, which you can start from the command line or by navigating to
Applications->System Tools->Virtual Machine Manager
A1
RH133-RHEL5u4 -en-7-20090928/00c3746e

Working with virtual machines in a virtual-training environment
Working with virtual machines in a virtual-training environment

In a virtual classroom, your workstations are virtual machines. Because running virtual machines within
another virtual machine is not currently supported, you will not have access to other virtual systems directly
using the virsh command. You should instead use ssh to access your virtual systems, or use the web
interface.
You will have a link in the Virtual Training Tools bar for each of the virtual machines assigned for your class.
To manage any of your virtual machines, click the station X or server X link. You will get a new browser
window that will contain your virtual machine. Near the top of the window you will have buttons to manage
your virtual machine.
FigureA.1.ServerX+100 screenshot
The POWER ON button
The POWER ON button

Use the POWER ON button to boot the machine. This is like pressing the power button on a physical
machine.
The POWER OFF button
The POWER OFF button

Use the POWER OFF button to immediately shut down the machine. This is similar to unplugging the
machine. Optionally you can run the poweroff or shutdown -h now commands from a terminal to
gracefully shut it down.
The KICKSTART button
The KICKSTART button

Use the KICKSTART button to use the instructors kickstart file to rebuild your machine. You will not be able
to interact with the installation--it will be totally automated. Once the machine is done kickstarting, it will
remain in the powered off state. Press the POWER ON button to power it on. This button is only available in
the station X machine.
The RESET button
The RESET button

Use the RESET button to reset your virtual machine using an LVM snapshot. You will have a fresh
installation, and once that is created, it will boot the virtual machine. This button is only available in the
server X machine.
The INSTALL button
The INSTALL button

Use the INSTALL button to run an interactive installation. It will ask all the question about partitioning,
packages, etc. Once the machine is done installing, it will remain in the powered off state. Press the POWER
ON button to power it on.
The RESCUE button
The RESCUE button

Use the RESCUE button to send your machine into rescue mode. You will be able to interact with your
installation in a rescue environment.
The CUSTOM (kernel boot args) box
The CUSTOM (kernel boot args) box

Use the CUSTOM (kernel boot args) box to append arguments to the kernel as you boot. When you press
the POWER ON button, it will pop up a dialog box to verify that you want to power on the machine. This will
include a box for kernel boot arguments. These may include arguments such as single, emergency, 3, etc.
If there is anything in the CUSTOM box when you click the POWER ON button, it will be appended to the
kernel line as an argument.
FigureA.2.Custom boot arguments
Note that if you add any kernel arguments at boot time, and you soft reboot the machine (e.g., typing
reboot at the command line) the same kernel arguments will be used when the virtual machine boots.
The Ctrl-Alt-Del button
The Ctrl-Alt-Del button

Use the Ctrl-Alt-Del button to send a Ctrl-Alt-Del to the virtual machine. Note that GNOME by default
ignores this keystroke, so you may only be able to use it in text mode.
The Ctrl-Alt-... drop-down menu
The Ctrl-Alt-... drop-down menu

Use the Ctrl-Alt-... drop-down menu to change virtual terminals. For instance, to change to tty1, click the
Ctrl-Alt-... menu, then press F1. To return to the GUI (tty7), click Ctrl-Alt-... menu, then press F7.
A2
RH133-RHEL5u4 -en-7-20090928/3fe0a14d

RH133 - Red Hat Linux System Administration

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

RH133 - Red Hat Linux System Administration

Hochgeladen von

Copyright:

Verfügbare Formate

RH133 - Red Hat Linux System Administration