Deploy, configure, and maintain systems

Question 1

networking dynamically(from DHCP)

Answer 1

#cat /etc/sysconfig/network-cripts/ifcfg-eno1
NAME=eno1
HWADDR=[Mac Address]
TYPE=ethernet
UUID=[uuid number(hex)]
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=dhcp

Question 2

Networking statically

Answer 2

-edit file /etc/sysconfig/network-scripts/ifcfg-eno1
NAME="eno1"
BOOTPROTO="static"
DNS1="10.1.1.1"
GATEWAY=
"10.1.1.1"
HWADDR=[MAC Address]
IPADDR="10.1.1.3"
NETMASK="255.255.255.0"
IPV6INIT="yes"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="[UUID hex number]"

Question 3

after making changes to eth files

Answer 3

systemctl restart network

Question 4

Primary network configuration files

Answer 4

/etc/hosts
/etc/resolv.conf
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-

Question 5

/etc/hosts

Answer 5

Purpose is to resolve host names that cannot be resolved any other way. It can also be used to resolve host names on small networks with no DNS server. This file should contain a line specifying the IP address of the loopback device(127.0.0.1) as localhost.domain

Question 6

/etc/resolv.conf

Answer 6

This file specifies the IP addresses of DNS servers and the search domain. Unless configured to do otherwise, the network initialization scripts populate this file. Review man 5 resolv.conf

Question 7

/etc/sysconfig/network

Answer 7

This file specifies routing and host information for all network interfaces. It is used to contain directives which are to have global effect and not to be interface specific

Question 8

/etc/sysconfig/network-scripts/ifcfg-

Answer 8

for each network interface, there is a corresponding interface script

Question 9

Cron VS at

Answer 9

Cron is used to schedule recurring task while at is used to schedule a task to run at a particular time

Question 10

Setting up a cron

Answer 10

systemctl list-unit-files | grep crond

make sure that crond is set to boot
#systemctl status crond.service check that crond is started
# cat /etc/crontab see rule example of job definition
* * * * *
1st star is for min(0-59)
2nd star is for hours(0-23)
3rd star is for day (1-31
)4th star is for month(1-12)
5th star is for day of the week(Sunday = 0 or 7, 0-6 Sunday-Saturday)
Review
#ls /var/spool/cron
#cat /var/spool/cron/root

Question 11

Cron jobs that run periodically

Answer 11

These jobs are stored and run periodically
# /etc/cron.daily
# /etc/cron.weekly
# /etc/cron.hourly
# /etc/cron.monthly

Question 12

List crontab

Answer 12

#crontab -l      list crontab as owner
#crontab -l -u user1    list crontab as root for user1

Question 13

edit crontab

Answer 13

#crontab -e     edit crontab for current user
# crontab -e -u user1   edit crontab for user1only root can edit other user's crontab

Question 14

/etc/cron.deny and /etc/cron.allow

Answer 14

add user to /etc/cron.deny or /etc/cron.allow to deny or allow them to be able to create cron jobs

Question 15

Setting up at

Answer 15

#systemctl status atd.service     check that the atd service has started
# systemctl list-unit-files | grep atd
make sure it's set to start at boot

Question 16

List of commands for at

Answer 16

#at -f file.sh now+2minutes    sets a job to run in 2 mins
# atq    jobs that are submitted
# atrm 3   remove a job(enter job number)
#at -f some.sh 12pm tomorrow   run at 12PM tomorrow
#ls /var/spool/at   where the scrip for scheduled jobs are

Question 17

Kickstart

Answer 17

• After an install a ks file is automatically created and stored in /root/anaconda-ks.cfg
• You can create a ks file by hand or you can use the system kickstart utility located here:Applications -> System tools -> kickstart (it’s not installed by default)
• in the kickstart file, the lines that starts with”@” means a group package to be installed. The lines that starts with “-“ means to exclue those packages from being installed.

Question 18

Installing from a KS in an NFS partition

Answer 18

• first boot from the boot cd. Then press the ESC key

- at the boot prompt type(press Enter afterward)boot: linus ks=nfs:IP:/srv/nfs/ks.cfg

Question 19

Installing from a KS in an FTP or http location

Answer 19

While still booting from an actual install cd, you could add the location of the ks to an ftp or http server, and add such entry in the KS file:usr –url=http://ip/rhel6
-After booting from the DVD install, press the tab key, then enter:> vmlinuz initrd = initrd.img ks=http://ip/rhel/ks.cfg ksdevice=eth0
or> vmlinuz initrd = initrd.img asknetwork ks=http://your.web.com/rhel6.cfg ksdevice=eth0

Question 20

Kernel boot options:

Answer 20

• linux ks = ftp://host/ks.cfg
• linux ks = http://host/ks.cfg
• linux ks = nfs:host:/ks.cfg
• linux ks=hd:/dev/dir/ks.cfg
• linux ks=file:/dev/dir/ks.cfg

Question 21

setup NTP service

Answer 21

NTP (Network Time Protocol) is a service to keep servers time synchronized.

Install the NTP package:
# yum install -y ntp

Activate the NTP service at boot:
# systemctl enable ntpd

Start the NTP service:
# systemctl start ntpd

The NTP configuration is in the /etc/ntp.conf file.

To get information about the time synchronization process, type:
# ntpq -p

To quickly synchronize a server, type:
# systemctl stop ntpd
# ntpdate pool.ntp.org

adjust time server 95.81.173.74 offset -0.005354 sec
# systemctl start ntpd

Question 22

the ntpdate command

Answer 22

1- first check whether the selected NTP server is accessible
#ntpdate -q server-address
2- run the command followed by one or more server addresses
#ntpdate server_address ....enable running the ntpdate at boot time
##systemctl enable ntpdate.service

Question 23

Note if the synchronization with the time server at boot time keeps failing

Answer 23

You can find a relevant error message in the /var/log/boot.log. Then try to add the following line to /etc/sysconfig/network
NETWORKINGWAIT=1

Question 24

Best to set the ntpd daemon

Answer 24

The most convenient way is to set the netpd daemon to synchronize the time at boot time automatically
1. Open the NTP configuration file /etc/ntp.conf
2. add or edit the list of public NTP serversserver 0 rhel.pool.ntp.org iburst
-The iburst directive is to speed up the initial synchronization as of redhat 6.5, it is added by default.
3. In the same file, set the proper permissions giving unrestricted access to localhost only restrict 127.0.0.1restrict 6::1
4. save all changes, exit and restart the NTP daemon
#service ntpd restart
5 make sure that ntp is started at boot time
#systemctl enable ntp.service
Note, if you are setting up the NTP server for others to access, remember to enable port 123 in the firewall.

Question 25

Yum repos

Answer 25

• yum repos are located in /etc/yum.repos.d
• all repository should end with .repo
• no two repository can have the same repository ID

Question 26

Example of a repo file

Answer 26

[localnet]
name = local network yum repo
baseurl = ftp://192.168.75.132/pub/
enabled=1
gpgcheck=0
gpgkey=file:///etc/......review man yum.conf

Question 27

To register for red hat subscription

Answer 27

rhn_register then follow the instructions

Question 28

Setting up a local repo with a disk

Answer 28

• first mount the disk
  -copy the packages from Packages into another directory-next install the package createrepo
• Optionally, update the repository structure (if new packages have been added):
  # yum install -y createrepo
  # createrepo /repo
  -Then create a file in /etc/yum.repos.d/ similar to
  # vi mylocal.repo
  [mylocal]
  name=mylocal
  baseurl=file:///directory/path/to/repo
  enabled=1
  gpgcheck=0

Clean up the yum cache:
# yum clean all

Question 29

rpm commands

Answer 29

To install (-i) a new package (here httpd-2.2.15-29.el6.x86_64.rpm), type:
# rpm -ivh httpd-2.2.15-29.el6.x86_64.rpm

To upgrade (-U) an existing package (here httpd-2.2.15-29.el6.x86_64.rpm), type:
# rpm -Uvh httpd-2.2.15-29.el6.x86_64.rpm

To erase (-e) an existing package (here httpd-2.2.15-29.el6.x86_64), type:
# rpm -evh httpd-2.2.15-29.el6.x86_64

To get the list of all the installed packages, type:
# rpm -qa

To get some details about a package (here httpd-2.2.15-29.el6.x86_64), type:
# rpm -qi httpd-2.2.15-29.el6.x86_64

To get the package file list (here httpd-2.2.15-29.el6.x86_64), type:
# rpm -ql httpd-2.2.15-29.el6.x86_64

To get the list of all the modified files in the system, type:
# rpm -qVa

To get the change history of a package (here openssl), type:
# rpm -q --changelog openssl

import the gpg key of repository
#rpm --import gpgkey

Caution: If it is very useful to know the rpm command to query the system, it’s better not to use it to install a package:

rpm doesn’t check package dependencies, you’ll have to do it yourself or use yum.

Question 30

to see a list of repos

Answer 30

#yum repolist
# yum repolist all

To get the list of the disabled repositories, type:
# yum repolist disabled

Question 31

Yum commands

Answer 31

To install a new package (here httpd), type:
# yum install httpd

To remove an existing package (here httpd), type:
# yum remove httpd

To get some details about a package (here httpd), type:
# yum info httpd

To install a package group (here “Web Server”), type:
# yum groupinstall "Web Server"

To remove a package group (here “Web Server”), type:
# yum groupremove "Web Server"

To get the list of installed package groups, type:
# yum grouplist

To get some details about a package group (here “Web Server”), type:
# yum groupinfo "Web Server"

To define which package provides a specified file (here semanage), type:
# yum whatprovides */semanage

To search for a particular string (here seinfo), type:
# yum search seinfo

To update the current base of installed packages, type:
# yum update

To get the list of all the available packages, type:
# yum list

To get the list of all the installed packages, type:
# yum list installed

To display the list of all the available but not alerady installed packages, type:
# yum list available

To get the list of the available repository, type:
# yum repolist

To clean up the yum cache, type:
# yum clean all

To get the list of the dependencies associated with a package (here httpd), type:
# yum deplist httpd

Question 32

Get kernel current version

Answer 32

uname -r

Question 33

kernel details

Answer 33

• better to install a new kernel than to upgrade existing kernel
• /boot/grub/grub.conf boot process (bootloader) uses this file
• to know which kernel to booth with, the default is set to 0
• To install kernel
  #yum install kernel
  #rpm -ivh kernel.rpm do not use -U-
  not recommended how to update kernel
  #yum upgrade kernel
  #rpm -Uvh kernel.rpm

Question 34

Modify the system bootloader

Answer 34

-Edit the /boot/grub/grub.conf
What happens when a system boot
BIOS-> BootLoader(GRUB)(/boot) -> kernel(vmlinuz) -> mount file system “/” (read-only) -> /sbin/init

Question 35

to check which parameters has been passed in during boot

Answer 35

cat /proc/cmdline

Question 36

to add/pass parameter to the kernel

Answer 36

you need to edit /boot/grub/grub.conf

Question 37

example of parameter that can be added

Answer 37

Console=ttyS0

Question 38

To setup password protect at Grub

Answer 38

-Generate hash key
#grup-md5-crypt
password:
- copy the hash key to /boot/grub/grub.conf-restart server for changes to take effect
- test by trying to access grub

Question 39

To permanently enable/disable a repository (here epel), type:

Answer 39

# yum-config-manager --enable epel
# yum-config-manager --disable epel

Question 40

To temporary enable/disable a repository (here epel) in order to install a specific package (here Pound), type:

Answer 40

# yum --enablerepo=epel install Pound
Note: Use the –disablerepo option to temporary disable a repository

Question 41

To configure an access to a remote repository, create the /etc/yum.repos.d/remote.repo file and add the following lines:

Answer 41

[base]
name=CentOS-$releasever - Base
baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
enabled=1

Question 42

Alternatively to NTP, you can install the new chrony service that is quicker to synchronize clocks in mobile and virtual systems.

Answer 42

Install the chrony service:
# yum install -y chrony

Activate the chrony service at boot:
# systemctl enable chronyd

Start the chrony service:
# systemctl start chronyd

The Chrony configuration is in the /etc/chrony.conf file.

To get information about the main time reference, type:
# chronyc tracking

To get equivalent information to the ntpq command, type:

# chronyc sources -v
# chronyc sourcestats -v

To quickly synchronize a server, type:
# ntpdate pool.ntp.org

on master you must add the following into /etc/chrony.conf

# Allow NTP client access from local network.
allow 192.168.0.0/24

– copy the key file to the clients
– open up ntp service port firewall-cmd

On clients you must specify the following and disable “server” in /etc/chrony.conf

# Use Peer
peer 192.168.0.33

Question 43

To configure network services to start automatically at boot (for example httpd), type:

Answer 43

systemctl enable httpd

To check the configuration, type:
# systemctl is-enabled httpd

Question 44

Configure systems to launch virtual machines at boot.

Answer 44

To launch a virtual machine called vm.example.com at boot, type the following command:

# virsh autostart vm.example.com
To disable this same launch at boot, type:

# virsh autostart vm.example.com --disable
To get the list of all the virtual machines, type:

virsh list –all

Question 45

To create a VM called postfix.example.com (here with an IP address of 192.168.1.10, a gateway in 192.168.1.1, a DNS server in 192.168.1.1, a repository server in 192.168.1.5, Pass1234 as a password, and a total disk size of 6GB), create the file /var/www/html/conf/ks_postfix.cfg and paste the following lines:

Answer 45

keyboard –vckeymap=us –xlayouts=’us’
lang en_US.UTF-8
network –device=eth0 –bootproto=static –ip=192.168.1.10 –netmask=255.255.255.0 –gateway=192.168.1.1 –nameserver=192.168.1.1 –activate –ipv6=auto
network –hostname=postfix.example.com
rootpw Pass1234
timezone America/Los_Angeles –isUtc
bootloader –location=mbr –boot-drive=vda
clearpart –all –initlabel –drives=vda
ignoredisk –only-use=vda
part pv.9 –fstype=”lvmpv” –ondisk=vda –size=5000
part /boot –fstype=”ext4” –ondisk=vda –size=500
volgroup rhel –pesize=4096 pv.9
logvol swap –fstype=”swap” –size=500 –name=swap –vgname=rhel
logvol / –fstype=”ext4” –size=3072 –name=root –vgname=rhel

%packages
@base
@core

%end
reboot

Then, run the following command:

/bin/virt-install \

• -virt-type kvm \
• -name=postfix.example.com \
• -disk path=/var/lib/libvirt/images/postfix.example.com.img,size=6 \
• -ram=1024 \
• -vcpus=1 \
• -os-variant=rhel7 \
• -accelerate \
• -graphics vnc \
• v -l http://192.168.1.5/repo/CentOS/7/os/x86_64/ \
• -network bridge:br0 \
• x ks=http://192.168.1.5/conf/ks_postfix.cfg

Note1: http in the previous command can be replaced with nfs, ftp, etc.
Note2: If you get this message “ERROR internal error: process exited while connecting to monitor: qemu-kvm: -chardev pty,id=charserial0: Failed to create chardev“, follow this thread.
Replace “devpts /dev/pts devpts defaults 0 0” with “devpts /dev/pts devpts gid=5,mode=620 0 0” in the /etc/fstab file of the KVM host.

Question 46

Configure a physical machine to host virtual guests.

Answer 46

Download the CentOS 7 distribution (see Software requirements) and install it with default configuration.

Choose a domain name (example.com strongly recommended), a host name (for example master.example.com) and an IP address compatible with your network environment (here 192.168.1.5, gateway is supposed to be 192.168.1.1).

Update your system:
# yum update

Install the KVM packages:
# yum group install "Virtualization Host"
# yum install -y virt-install
# yum install -y virt-top

Start the libvirtd service:
# systemctl start libvirtd

Activate the Chronyd/NTP service at boot and start it:
# systemctl enable chronyd && systemctl start chronyd

Question 47

Configure systems to boot into a specific target automatically.

Answer 47

To configure a system to boot into multi-user level without graphical interface, type:
# systemctl set-default multi-user.target

To configure a system to boot into multi-user level with graphical interface, type:
# systemctl set-default graphical.target

To check the current configuration, type:
# systemctl get-default
multi-user.target

Question 48

To set a service to start or stop on boot you can use systemctl like so:

Answer 48

systemctl enable sshd.service

Likewise, to make sure a service does not start on boot (or disable), you can use systemctl like so:

systemctl disable sshd.service

You can check if a service is enabled or disable by using the “status” option to systemctl like this:

systemctl status sshd.service