Deploy, configure, and maintain systems Flashcards
networking dynamically(from DHCP)
#cat /etc/sysconfig/network-cripts/ifcfg-eno1 NAME=eno1 HWADDR=[Mac Address] TYPE=ethernet UUID=[uuid number(hex)] ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=dhcp
Networking statically
-edit file /etc/sysconfig/network-scripts/ifcfg-eno1 NAME="eno1" BOOTPROTO="static" DNS1="10.1.1.1" GATEWAY= "10.1.1.1" HWADDR=[MAC Address] IPADDR="10.1.1.3" NETMASK="255.255.255.0" IPV6INIT="yes" NM_CONTROLLED="yes" ONBOOT="yes" TYPE="Ethernet" UUID="[UUID hex number]"
after making changes to eth files
systemctl restart network
Primary network configuration files
/etc/hosts
/etc/resolv.conf
/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-
/etc/hosts
Purpose is to resolve host names that cannot be resolved any other way. It can also be used to resolve host names on small networks with no DNS server. This file should contain a line specifying the IP address of the loopback device(127.0.0.1) as localhost.domain
/etc/resolv.conf
This file specifies the IP addresses of DNS servers and the search domain. Unless configured to do otherwise, the network initialization scripts populate this file. Review man 5 resolv.conf
/etc/sysconfig/network
This file specifies routing and host information for all network interfaces. It is used to contain directives which are to have global effect and not to be interface specific
/etc/sysconfig/network-scripts/ifcfg-
for each network interface, there is a corresponding interface script
Cron VS at
Cron is used to schedule recurring task while at is used to schedule a task to run at a particular time
Setting up a cron
systemctl list-unit-files | grep crond
make sure that crond is set to boot
#systemctl status crond.service check that crond is started
# cat /etc/crontab see rule example of job definition
* * * * *
1st star is for min(0-59)
2nd star is for hours(0-23)
3rd star is for day (1-31
)4th star is for month(1-12)
5th star is for day of the week(Sunday = 0 or 7, 0-6 Sunday-Saturday)
Review
#ls /var/spool/cron
#cat /var/spool/cron/root
Cron jobs that run periodically
These jobs are stored and run periodically # /etc/cron.daily # /etc/cron.weekly # /etc/cron.hourly # /etc/cron.monthly
List crontab
#crontab -l list crontab as owner #crontab -l -u user1 list crontab as root for user1
edit crontab
#crontab -e edit crontab for current user # crontab -e -u user1 edit crontab for user1only root can edit other user's crontab
/etc/cron.deny and /etc/cron.allow
add user to /etc/cron.deny or /etc/cron.allow to deny or allow them to be able to create cron jobs
Setting up at
#systemctl status atd.service check that the atd service has started # systemctl list-unit-files | grep atd make sure it's set to start at boot
List of commands for at
#at -f file.sh now+2minutes sets a job to run in 2 mins # atq jobs that are submitted # atrm 3 remove a job(enter job number) #at -f some.sh 12pm tomorrow run at 12PM tomorrow #ls /var/spool/at where the scrip for scheduled jobs are
Kickstart
- After an install a ks file is automatically created and stored in /root/anaconda-ks.cfg
- You can create a ks file by hand or you can use the system kickstart utility located here:Applications -> System tools -> kickstart (it’s not installed by default)
- in the kickstart file, the lines that starts with”@” means a group package to be installed. The lines that starts with “-“ means to exclue those packages from being installed.
Installing from a KS in an NFS partition
- first boot from the boot cd. Then press the ESC key
- at the boot prompt type(press Enter afterward)boot: linus ks=nfs:IP:/srv/nfs/ks.cfg
Installing from a KS in an FTP or http location
While still booting from an actual install cd, you could add the location of the ks to an ftp or http server, and add such entry in the KS file:usr –url=http://ip/rhel6
-After booting from the DVD install, press the tab key, then enter:> vmlinuz initrd = initrd.img ks=http://ip/rhel/ks.cfg ksdevice=eth0
or> vmlinuz initrd = initrd.img asknetwork ks=http://your.web.com/rhel6.cfg ksdevice=eth0
Kernel boot options:
- linux ks = ftp://host/ks.cfg
- linux ks = http://host/ks.cfg
- linux ks = nfs:host:/ks.cfg
- linux ks=hd:/dev/dir/ks.cfg
- linux ks=file:/dev/dir/ks.cfg
setup NTP service
NTP (Network Time Protocol) is a service to keep servers time synchronized.
Install the NTP package: # yum install -y ntp
Activate the NTP service at boot: # systemctl enable ntpd
Start the NTP service: # systemctl start ntpd
The NTP configuration is in the /etc/ntp.conf file.
To get information about the time synchronization process, type: # ntpq -p
To quickly synchronize a server, type: # systemctl stop ntpd # ntpdate pool.ntp.org
adjust time server 95.81.173.74 offset -0.005354 sec # systemctl start ntpd
the ntpdate command
1- first check whether the selected NTP server is accessible #ntpdate -q server-address 2- run the command followed by one or more server addresses #ntpdate server_address ....enable running the ntpdate at boot time ##systemctl enable ntpdate.service
Note if the synchronization with the time server at boot time keeps failing
You can find a relevant error message in the /var/log/boot.log. Then try to add the following line to /etc/sysconfig/network
NETWORKINGWAIT=1
Best to set the ntpd daemon
The most convenient way is to set the netpd daemon to synchronize the time at boot time automatically
1. Open the NTP configuration file /etc/ntp.conf
2. add or edit the list of public NTP serversserver 0 rhel.pool.ntp.org iburst
-The iburst directive is to speed up the initial synchronization as of redhat 6.5, it is added by default.
3. In the same file, set the proper permissions giving unrestricted access to localhost only restrict 127.0.0.1restrict 6::1
4. save all changes, exit and restart the NTP daemon
#service ntpd restart
5 make sure that ntp is started at boot time
#systemctl enable ntp.service
Note, if you are setting up the NTP server for others to access, remember to enable port 123 in the firewall.
Yum repos
- yum repos are located in /etc/yum.repos.d
- all repository should end with .repo
- no two repository can have the same repository ID
Example of a repo file
[localnet] name = local network yum repo baseurl = ftp://192.168.75.132/pub/ enabled=1 gpgcheck=0 gpgkey=file:///etc/......review man yum.conf
To register for red hat subscription
rhn_register then follow the instructions
Setting up a local repo with a disk
- first mount the disk
-copy the packages from Packages into another directory-next install the package createrepo - Optionally, update the repository structure (if new packages have been added):
# yum install -y createrepo
# createrepo /repo
-Then create a file in /etc/yum.repos.d/ similar to
# vi mylocal.repo
[mylocal]
name=mylocal
baseurl=file:///directory/path/to/repo
enabled=1
gpgcheck=0
Clean up the yum cache: # yum clean all
rpm commands
To install (-i) a new package (here httpd-2.2.15-29.el6.x86_64.rpm), type: # rpm -ivh httpd-2.2.15-29.el6.x86_64.rpm
To upgrade (-U) an existing package (here httpd-2.2.15-29.el6.x86_64.rpm), type: # rpm -Uvh httpd-2.2.15-29.el6.x86_64.rpm
To erase (-e) an existing package (here httpd-2.2.15-29.el6.x86_64), type: # rpm -evh httpd-2.2.15-29.el6.x86_64
To get the list of all the installed packages, type: # rpm -qa
To get some details about a package (here httpd-2.2.15-29.el6.x86_64), type: # rpm -qi httpd-2.2.15-29.el6.x86_64
To get the package file list (here httpd-2.2.15-29.el6.x86_64), type: # rpm -ql httpd-2.2.15-29.el6.x86_64
To get the list of all the modified files in the system, type: # rpm -qVa
To get the change history of a package (here openssl), type: # rpm -q --changelog openssl
import the gpg key of repository #rpm --import gpgkey
Caution: If it is very useful to know the rpm command to query the system, it’s better not to use it to install a package:
rpm doesn’t check package dependencies, you’ll have to do it yourself or use yum.
to see a list of repos
#yum repolist # yum repolist all
To get the list of the disabled repositories, type: # yum repolist disabled
Yum commands
To install a new package (here httpd), type: # yum install httpd
To remove an existing package (here httpd), type: # yum remove httpd
To get some details about a package (here httpd), type: # yum info httpd
To install a package group (here “Web Server”), type: # yum groupinstall "Web Server"
To remove a package group (here “Web Server”), type: # yum groupremove "Web Server"
To get the list of installed package groups, type: # yum grouplist
To get some details about a package group (here “Web Server”), type: # yum groupinfo "Web Server"
To define which package provides a specified file (here semanage), type: # yum whatprovides */semanage
To search for a particular string (here seinfo), type: # yum search seinfo
To update the current base of installed packages, type: # yum update
To get the list of all the available packages, type: # yum list
To get the list of all the installed packages, type: # yum list installed
To display the list of all the available but not alerady installed packages, type: # yum list available
To get the list of the available repository, type: # yum repolist
To clean up the yum cache, type: # yum clean all
To get the list of the dependencies associated with a package (here httpd), type: # yum deplist httpd
Get kernel current version
uname -r
kernel details
- better to install a new kernel than to upgrade existing kernel
- /boot/grub/grub.conf boot process (bootloader) uses this file
- to know which kernel to booth with, the default is set to 0
- To install kernel
#yum install kernel
#rpm -ivh kernel.rpm do not use -U-
not recommended how to update kernel
#yum upgrade kernel
#rpm -Uvh kernel.rpm
Modify the system bootloader
-Edit the /boot/grub/grub.conf
What happens when a system boot
BIOS-> BootLoader(GRUB)(/boot) -> kernel(vmlinuz) -> mount file system “/” (read-only) -> /sbin/init
to check which parameters has been passed in during boot
cat /proc/cmdline
to add/pass parameter to the kernel
you need to edit /boot/grub/grub.conf
example of parameter that can be added
Console=ttyS0
To setup password protect at Grub
-Generate hash key #grup-md5-crypt password: - copy the hash key to /boot/grub/grub.conf-restart server for changes to take effect - test by trying to access grub
To permanently enable/disable a repository (here epel), type:
# yum-config-manager --enable epel # yum-config-manager --disable epel
To temporary enable/disable a repository (here epel) in order to install a specific package (here Pound), type:
# yum --enablerepo=epel install Pound Note: Use the –disablerepo option to temporary disable a repository
To configure an access to a remote repository, create the /etc/yum.repos.d/remote.repo file and add the following lines:
[base]
name=CentOS-$releasever - Base
baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
enabled=1
Alternatively to NTP, you can install the new chrony service that is quicker to synchronize clocks in mobile and virtual systems.
Install the chrony service: # yum install -y chrony
Activate the chrony service at boot: # systemctl enable chronyd
Start the chrony service: # systemctl start chronyd
The Chrony configuration is in the /etc/chrony.conf file.
To get information about the main time reference, type: # chronyc tracking
To get equivalent information to the ntpq command, type:
# chronyc sources -v # chronyc sourcestats -v
To quickly synchronize a server, type: # ntpdate pool.ntp.org
on master you must add the following into /etc/chrony.conf
# Allow NTP client access from local network. allow 192.168.0.0/24
– copy the key file to the clients
– open up ntp service port firewall-cmd
On clients you must specify the following and disable “server” in /etc/chrony.conf
# Use Peer peer 192.168.0.33
To configure network services to start automatically at boot (for example httpd), type:
systemctl enable httpd
To check the configuration, type: # systemctl is-enabled httpd
Configure systems to launch virtual machines at boot.
To launch a virtual machine called vm.example.com at boot, type the following command:
# virsh autostart vm.example.com To disable this same launch at boot, type:
# virsh autostart vm.example.com --disable To get the list of all the virtual machines, type:
virsh list –all
To create a VM called postfix.example.com (here with an IP address of 192.168.1.10, a gateway in 192.168.1.1, a DNS server in 192.168.1.1, a repository server in 192.168.1.5, Pass1234 as a password, and a total disk size of 6GB), create the file /var/www/html/conf/ks_postfix.cfg and paste the following lines:
keyboard –vckeymap=us –xlayouts=’us’
lang en_US.UTF-8
network –device=eth0 –bootproto=static –ip=192.168.1.10 –netmask=255.255.255.0 –gateway=192.168.1.1 –nameserver=192.168.1.1 –activate –ipv6=auto
network –hostname=postfix.example.com
rootpw Pass1234
timezone America/Los_Angeles –isUtc
bootloader –location=mbr –boot-drive=vda
clearpart –all –initlabel –drives=vda
ignoredisk –only-use=vda
part pv.9 –fstype=”lvmpv” –ondisk=vda –size=5000
part /boot –fstype=”ext4” –ondisk=vda –size=500
volgroup rhel –pesize=4096 pv.9
logvol swap –fstype=”swap” –size=500 –name=swap –vgname=rhel
logvol / –fstype=”ext4” –size=3072 –name=root –vgname=rhel
%packages
@base
@core
%end
reboot
Then, run the following command:
/bin/virt-install \
- -virt-type kvm \
- -name=postfix.example.com \
- -disk path=/var/lib/libvirt/images/postfix.example.com.img,size=6 \
- -ram=1024 \
- -vcpus=1 \
- -os-variant=rhel7 \
- -accelerate \
- -graphics vnc \
- v -l http://192.168.1.5/repo/CentOS/7/os/x86_64/ \
- -network bridge:br0 \
- x ks=http://192.168.1.5/conf/ks_postfix.cfg
Note1: http in the previous command can be replaced with nfs, ftp, etc.
Note2: If you get this message “ERROR internal error: process exited while connecting to monitor: qemu-kvm: -chardev pty,id=charserial0: Failed to create chardev“, follow this thread.
Replace “devpts /dev/pts devpts defaults 0 0” with “devpts /dev/pts devpts gid=5,mode=620 0 0” in the /etc/fstab file of the KVM host.
Configure a physical machine to host virtual guests.
Download the CentOS 7 distribution (see Software requirements) and install it with default configuration.
Choose a domain name (example.com strongly recommended), a host name (for example master.example.com) and an IP address compatible with your network environment (here 192.168.1.5, gateway is supposed to be 192.168.1.1).
Update your system: # yum update
Install the KVM packages: # yum group install "Virtualization Host" # yum install -y virt-install # yum install -y virt-top
Start the libvirtd service: # systemctl start libvirtd
Activate the Chronyd/NTP service at boot and start it: # systemctl enable chronyd && systemctl start chronyd
Configure systems to boot into a specific target automatically.
To configure a system to boot into multi-user level without graphical interface, type: # systemctl set-default multi-user.target
To configure a system to boot into multi-user level with graphical interface, type: # systemctl set-default graphical.target
To check the current configuration, type: # systemctl get-default multi-user.target
To set a service to start or stop on boot you can use systemctl like so:
systemctl enable sshd.service
Likewise, to make sure a service does not start on boot (or disable), you can use systemctl like so:
systemctl disable sshd.service
You can check if a service is enabled or disable by using the “status” option to systemctl like this:
systemctl status sshd.service