├── pictures ├── gpt1.png ├── lvm1.png ├── mkswap.png ├── nmtui.png ├── repo.png ├── shadow.png ├── crontab.png ├── rollback.png ├── file-type.png ├── ls-symbolic.png ├── lvm-mapper.png ├── sticky-bit.png ├── thinktank.png ├── topcommands.png ├── podman-images.png ├── stat-command.png ├── symbolic-link.png ├── directory-owner.png ├── file-type-list.png ├── suid-capital-s.png ├── topmorecommands.png ├── hardlinkvssymbolic.png └── rootless-containers.png ├── Qemu and KVM.md ├── Rsyslog.md ├── Reset Root Password.md ├── Crontab.md ├── Scheduling Tasks.md ├── Processes.md ├── Man Pages.md ├── Time.md ├── Bash Scripting.md ├── Boot Procedure.md ├── Random Notes.md ├── Find.md ├── README.md ├── Storage.md ├── NFS and Autofs.md ├── Users and Groups.md ├── Software management.md ├── SELinux.md ├── Systemd.md ├── RHCSA 9 Exam Objectives.md ├── Networking.md ├── File and Folder permissions.md ├── Compare and manipulate file content.md ├── LVM.md └── Containers.md /pictures/gpt1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/gpt1.png -------------------------------------------------------------------------------- /pictures/lvm1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/lvm1.png -------------------------------------------------------------------------------- /pictures/mkswap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/mkswap.png -------------------------------------------------------------------------------- /pictures/nmtui.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/nmtui.png -------------------------------------------------------------------------------- /pictures/repo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/repo.png -------------------------------------------------------------------------------- /pictures/shadow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/shadow.png -------------------------------------------------------------------------------- /pictures/crontab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/crontab.png -------------------------------------------------------------------------------- /pictures/rollback.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/rollback.png -------------------------------------------------------------------------------- /pictures/file-type.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/file-type.png -------------------------------------------------------------------------------- /pictures/ls-symbolic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/ls-symbolic.png -------------------------------------------------------------------------------- /pictures/lvm-mapper.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/lvm-mapper.png -------------------------------------------------------------------------------- /pictures/sticky-bit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/sticky-bit.png -------------------------------------------------------------------------------- /pictures/thinktank.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/thinktank.png -------------------------------------------------------------------------------- /pictures/topcommands.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/topcommands.png -------------------------------------------------------------------------------- /pictures/podman-images.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/podman-images.png -------------------------------------------------------------------------------- /pictures/stat-command.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/stat-command.png -------------------------------------------------------------------------------- /pictures/symbolic-link.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/symbolic-link.png -------------------------------------------------------------------------------- /pictures/directory-owner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/directory-owner.png -------------------------------------------------------------------------------- /pictures/file-type-list.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/file-type-list.png -------------------------------------------------------------------------------- /pictures/suid-capital-s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/suid-capital-s.png -------------------------------------------------------------------------------- /pictures/topmorecommands.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/topmorecommands.png -------------------------------------------------------------------------------- /pictures/hardlinkvssymbolic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/hardlinkvssymbolic.png -------------------------------------------------------------------------------- /pictures/rootless-containers.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/1980is/rhcsa-9/HEAD/pictures/rootless-containers.png -------------------------------------------------------------------------------- /Qemu and KVM.md: -------------------------------------------------------------------------------- 1 | # Qemu and KVM 2 | 3 | ## Disk management 4 | 5 | Expand disk by 2GiB. 6 | ``sudo qemu-img resize /var/lib/libvirt/images/rhel9.3.qcow2 +2G`` 7 | -------------------------------------------------------------------------------- /Rsyslog.md: -------------------------------------------------------------------------------- 1 | # Rsyslog 2 | 3 | For information on journalctl, go to the Systemd page. 4 | 5 | Rsyslog needs the rsyslogd service to be running. 6 | 7 | The configuration file is in "/etc/rsyslog.conf". 8 | Drop files can be places in "/etc/rsyslog.d/" 9 | 10 | Read https://www.rsyslog.com/doc/master/index.html and add to this page. -------------------------------------------------------------------------------- /Reset Root Password.md: -------------------------------------------------------------------------------- 1 | # Reset Root Password 2 | 3 | Things have changed in RHEL 9. rd.break does not work anymore. 4 | These are the steps that need to be taken. 5 | 6 | 1. Find the line that loads the Linux kernel and add ``init=/bin/bash`` to the end of the line. 7 | 2. ``mount -o remount,rw /`` This is necessary because it's mounted as read-only. 8 | 3. ``passwd root`` 9 | 4. ``touch /.autorelabel`` 10 | 5. ``exec /usr/lib/systemd/systemd/`` To reboot the machine or ``/sbin/reboot -f`` -------------------------------------------------------------------------------- /Crontab.md: -------------------------------------------------------------------------------- 1 | # Crontab 2 | 3 | ![Crontab](/pictures/crontab.png) 4 | 5 | ``crontab -e`` 6 | Edits the current crontab using the editor specified by the VISUAL or EDITOR environment variables. 7 | 8 | 9 | ## Anacron 10 | 11 | 12 | 13 | ## At 14 | 15 | The **atd** service needs to be running to run one-time only jobs. 16 | 17 | ``at 11:25AM`` to schedule job. 18 | You enter an interactive shell and you use Ctrl-D to close it. 19 | 20 | Use ``at -l`` to list all pending jobs. 21 | To see the contents of a scheduled job. ``at -c [job_number]`` 22 | Use ``atrm`` to remove jobs from the list. 23 | -------------------------------------------------------------------------------- /Scheduling Tasks.md: -------------------------------------------------------------------------------- 1 | # Scheduling Tasks 2 | 3 | For the exam, don't study and learn about crond. Study and learn about crond for real world legacy systems that you work on everyday. **Systemd timers** is what is primarily used on RHEL 9 and that's reflected on the exam. 4 | 5 | ``systemctl list-units -t timer`` 6 | 7 | **Logrotate example.** 8 | 9 | "/usr/lib/systemd/system/" 10 | ``ls logro*`` 11 | You will see "logrotate.timer" 12 | 13 | ``systemctl cat logrotate.timer`` 14 | 15 | ``systemctl status logrotate.service`` 16 | You will see a line. 17 | "TriggeredBy: ● logrotate.timer" 18 | 19 | -------------------------------------------------------------------------------- /Processes.md: -------------------------------------------------------------------------------- 1 | # Managing processes 2 | 3 | ## General notes 4 | 5 | Use cgroups instead of nice and renice to manage processes. 6 | 7 | To list, read, and set kernel tunables. 8 | ``sysctl -a`` 9 | 10 | To make system tuning easier, use ``tuned`` 11 | ``tuned`` is a systemd service that works with different profiles. 12 | ``tuned-adm list`` shows current profiles. 13 | 14 | ## General commands 15 | 16 | **Find process by name** 17 | ``pidof processname`` 18 | ``pgrep processname`` 19 | ``ps aux | grep 'firefox'`` 20 | 21 | **Show hierarchical relations between processes** 22 | ``ps -fax`` 23 | 24 | **Show all processes owned by armann** 25 | ``ps -fU armann`` 26 | 27 | **Shows a process tree for a specific process** 28 | ``ps -d --forest -C sshd`` 29 | 30 | 31 | ## Working with TOP 32 | 33 | ![Commands for TOP](pictures/topcommands.png) 34 | 35 | ![More Top Commands](/pictures/topmorecommands.png) 36 | -------------------------------------------------------------------------------- /Man Pages.md: -------------------------------------------------------------------------------- 1 | # Man Pages 2 | 3 | ``apropos -s 1,8 cp`` 4 | This command searches sections 1 and 8 for the cp command. 5 | 6 | You can also find information like this. ``man 5 passwd`` 7 | This displays only section 5 for passwd.  8 | 9 | ### Man page sections 10 | 11 | 1. Section # 1 : User command (executable programs or shell commands) 12 | 2. Section # 2 : System calls (functions provided by the kernel) 13 | 3. Section # 3 : Library calls (functions within program libraries) 14 | 4. Section # 4 : Special files (usually found in /dev) 15 | 5. Section # 5 : File formats and conventions eg /etc/passwd 16 | 6. Section # 6 : Games 17 | 7. Section # 7 : Miscellaneous (including macro packages and conventions) 18 | 8. Section # 8 : System administration commands (usually only for root) 19 | 9. Section # 9 : Kernel routines [Non standard] 20 | 21 | ## PInfo  22 | 23 | ``pinfo '(coreutils) ls invocation'`` 24 | 25 | ## Other  26 | 27 | A third source of information consists of files that are sometimes copied to the /usr/share/doc directory. -------------------------------------------------------------------------------- /Time.md: -------------------------------------------------------------------------------- 1 | # General information 2 | 3 | The time zone configured on the server is found in /etc/localtime. This is a symbolic link that points to one of the time zones files in /usr/share/zoneinfo. 4 | 5 | # Configure time service clients 6 | 7 | ``hwclock`` sets the hardware time. 8 | If the hardware clock is not correct but the system time is you can sync the hardware time to the 9 | system time with ``hwclock --systohc`` 10 | 11 | Use ``date`` so show current date and time. 12 | 13 | Use ``timedatectl`` to manage time and time zone configuration. 14 | 15 | ``timedatectl status`` show all time properties in use. 16 | ``timedatectl list-timezones`` show all available timezones. 17 | ``timedatectl set-timezone Europe/Rome`` 18 | ``timedatectl set-time`` \ 19 | ``timedatectl set-timezone`` \ 20 | ``timedatectl set-ntp`` enables or disables NTP sync. 21 | 22 | An NTP service must be configured. The default for RHEL is Chrony. 23 | If your server is running **systemd-timesyncd.service** you must disable that service before enabling Chrony. 24 | 25 | ## Chronyd 26 | Chronyd is the default RHEL 9 NTP service. 27 | Use "/etc/chrony.conf" to change sync parameters. 28 | 29 | Use iburst to permit fast synchronization. 30 | 31 | After changing the conf file restart the chronyd service. 32 | 33 | ``chronyc sources -v`` to see the servers you are synchronizing with. 34 | -------------------------------------------------------------------------------- /Bash Scripting.md: -------------------------------------------------------------------------------- 1 | # Bash Scripting 2 | 3 | Check out [Bash Guide For Beginners](https://tldp.org/LDP/Bash-Beginners-Guide/html/). 4 | 5 | Every bash script is an executable file that runs tasks. Most often shell scripts 6 | are used to automate routine tasks. 7 | 8 | Every shell script starts with the Shebang ``#!`` \ 9 | If you are using the Bash shell the Shebang would be ``#!/bin/bash`` \ 10 | Now "/bin" is no longer an ordinary directory. It is therefore recommended 11 | to use the following Shebang since it sources your environment and will point you 12 | to the correct Bash shell. 13 | 14 | **#!/usr/bin/env bash** 15 | 16 | 17 | It's a good practice but not mandatory to use the **.sh** extension for shell script files. 18 | 19 | ## Helpful Tools 20 | 21 | ### Test command 22 | The test command is useful since it can test the properties of files, values of integers, 23 | properties of files, etc. Test can be used for if, then, else statements. 24 | 25 | Here is a simple bash script using the test command. 26 | 27 | ```` 28 | #!/bin/bash 29 | 30 | if test $1 -eq 500 31 | then 32 | echo "You picked the right number!" 33 | else 34 | echo "You failed!" 35 | fi 36 | ```` 37 | You can also put the if statement into brackets. The square brackets are the same as the test command. 38 | ```` 39 | #!/bin/bash 40 | 41 | if [ $1 -eq 500 ] 42 | then 43 | echo "You picked the right number!" 44 | else 45 | echo "You failed!" 46 | fi 47 | ```` 48 | ### Script Debug Mode 49 | 50 | ``bash -x mygreatscript.sh`` Shows you the script in debug mode. 51 | -------------------------------------------------------------------------------- /Boot Procedure.md: -------------------------------------------------------------------------------- 1 | # Boot Procedure 2 | 3 | ## Grub 4 | The location of Grub depends upon if you boot using BIOS system or en EFI system. To know if you are on a BIOS or EFI system. ``dmesg | grep "EFI"``. If you get nothing you booted using BIOS. You can ``dmesg | grep "BIOS"`` just to be sure. 5 | Another way is to use ``lsblk`` and if your boot disk is mounted on "/boot" than you are using BIOS. 6 | If it says "/boot/efi". You guessed it, you are using EFI. :) 7 | 8 | You need to edit the configuration file in "/etc/default/grub" to make changes persistent. Afterwards you must compile the changes to **grub.cfg**. You cannot edit that file directly. 9 | 10 | ### For BIOS/MBR 11 | 12 | To make static changes to Grub edit "/etc/default/grub". 13 | Commit the changes you make. ``grub2-mkconfig -o /boot/grub2/grub.cfg`` 14 | 15 | ### For EFI 16 | 17 | To make static changes to Grub edit "/etc/default/grub". Commit the changes you make. ``grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg`` 18 | 19 | ## Systemd Targets 20 | 21 | - emergency.target 22 | - Used for troubleshooting in a minimal environment. 23 | - rescue.target 24 | - Also used for troubleshooting but not in a minimal environment. 25 | - multi-user.target 26 | - The default environment, without a GUI. 27 | - graphical.target 28 | - A fully functioning target like multi-user.target but with a GUI. 29 | 30 | To know what target you are in do ``systemctl get-default``. You can also do ``systemctl list-dependencies`` 31 | Since I'm in the grapical.target, it lists first the default.target and then underneath it is multi-user.target. 32 | 33 | ### Change the default systemd target 34 | 35 | Let's set the default to a non GUI target. ``systemctl set-default multi-user.target`` 36 | You must reboot the machine to enter the new default target. 37 | 38 | ### Change a running target 39 | 40 | Let's say we are running in a multi-user.target (GUI) and we want to 41 | switch to a non-graphical target we run this command. ``systemctl isolate multi-user.target`` 42 | Once we are done and we want to get back to the GUI we issue``systemctl set-default multi-user.target`` 43 | 44 | ### Change a target during boot in Grub 45 | 46 | Add this the end of the linux line. ``systemd.unit=emergency.target`` You can use any of the targets I listed before instead of emergency. 47 | 48 | ## Debug Shell 49 | 50 | How to use early boot debug shell: 51 | 1. systemctl enable --now debug-shell.service 52 | 2. During boot you can access the virtual terminal on TTY9. (Ctrl-Alt-F9) 53 | 3. Enter a root shell without entering a password 54 | 4. When you have finished using it you should disable the service right away. 55 | ``systemctl disable --now debug-shell.service `` 56 | -------------------------------------------------------------------------------- /Random Notes.md: -------------------------------------------------------------------------------- 1 | # Random Notes 2 | 3 | ## Bash completion 4 | 5 | Install bash completion on the exam if it's missing. 6 | ``sudo dnf install bash-completion`` 7 | 8 | ## Sudo 9 | 10 | Extend the auth token for sudo. The default is 5 minutes. Put this line into "/etc/sudoers" file. 60, equals 60 minutes. 11 | 12 | ``Defaults timestamp_type=global,timestamp_timeout=60`` 13 | 14 | ## Hard and symbolic links 15 | 16 | *Symbolic links can be made to both directories and files. Hard links can only be made to files on the same filesystem and not directories.* 17 | 18 | Use that ``stat`` command to see information about the file. Such as its **Inode** number and whether it's a symbolic link or a hard link. 19 | 20 | To create a symbolic link. ``ln -s filenameIwant2link2 symboliclinkfilename`` 21 | To create a hard link. ``ln filenameIwant2link2 hardlinkfilename`` 22 | 23 | ### Symbolic Links ### 24 | The best way to understand symbolic links is like a shortcut in Windows or whatever it's called in MacOs. Probably shortcut as well. :) It has a seperate Inode number and if you delete the file the symbolic link (shortcut) is pointing to, the symbolic link will no longer work. 25 | 26 | Here we create a symbolic link to the file "turtles". ``stat turtles`` "Links: 2" refers to the number of hard links pointing to the Inode number behind "turtles". For ``stat symbolic-link-turtles`` you can see it tells us it's a symbolic link and it's set to "Links: 1". 27 | 28 | ![Symbolic Link](pictures/symbolic-link.png) 29 | 30 | You can also see if it's a symbolic link by doing ls -l. The "l" at the beginning of "lrwxrwxrwx" tells us it's a symbolic link. 31 | 32 | ![symbolic link ls](pictures/ls-symbolic.png) 33 | 34 | ### Hard Links ### 35 | The best way to understand hard links is by thinking of it as two or more files sharing the same Inode number. If you edit one of the files that points to the same Inode number, you edit them all. If you have multiple files pointing to the same Inode number, you can delete one of the files and it will have no effect on the rest. 36 | 37 | Let's create a file "turtles", and then a hard link named turtles-hardlink. 38 | 39 | ![hardlinkvssymbolic](pictures/hardlinkvssymbolic.png) 40 | 41 | You can see the same Inode number, "7677212". After the permissions you see the number "2". This is telling us how many links are to the current Inode number. 42 | 43 | You can edit either file and both will change, you can also delete "turtles" and it will have no effect on "hardlink-turtles". 44 | 45 | ![The Stat command](pictures/stat-command.png) 46 | 47 | ## Tar 48 | 49 | Create an archive and compress it using gzip compression. 50 | ``tar -czf /home/armando/backup.tgz /etc`` 51 | 52 | To use different compression algorithms. Switch out "z" from the above command with either option. 53 | - j = bzip2 54 | - J = xz -------------------------------------------------------------------------------- /Find.md: -------------------------------------------------------------------------------- 1 | # Find / Search 2 | 3 | How to search. 4 | 5 | find \[/path/to/directory] \[search_parameters] 6 | If you don't specify a directory, it searches the working directory. 7 | 8 | ## General commands 9 | 10 | ### Or operator 11 | ``find -name stallone -o -name brucewillis`` 12 | 13 | Use -o as an "or" operator to find either stallone or brucewillis. 14 | 15 | ## Search for by permissions 16 | 17 | Find files with exactly 664 permissions. 18 | ``find -perm 664`` 19 | 20 | Find files with at least 664 permissions. 21 | ``find -perm -664`` 22 | 23 | Find files where the "owner" has at least execute permissions. 24 | ``find -perm -100`` 25 | 26 | Find files where "others" don't have read permission. 27 | ``find \! -perm -o=r`` 28 | 29 | Find files where at least "owner", "group" and "others" had read permissions. 30 | ``find -perm /u=r,g=r,o=r`` 31 | 32 | Find files with any of these permissions. 33 | ``find -perm /664`` 34 | 35 | Find files where the "group" has at least write permission and "others" don't have read and write access. 36 | 37 | ``sudo find /var/log/ -perm -g=w ! -perm /o=rw`` 38 | 39 | ## By size  40 | 41 | The following options exist for size. 42 | - Bytes = c 43 | - Kilobytes = k 44 | - Megabytes = M 45 | - Gigabytes = G 46 | 47 | Find files that are larger than 100M. 48 | ``find / -type f -size +100M`` 49 | 50 | Find tiles that are smaller than 1000 bytes. 51 | ``find /etc/ -type f -size -1000c``  52 | 53 | ## Folder or file  54 | 55 | Find a directory named "Music" in your home directory. 56 | ``find ~ -type d -name "Music"`` 57 | 58 | This searches everything for a file named "linux.conf". 59 | ``find / -name linux.conf`` 60 | 61 | Find both "bear" and "Bear". 62 | ``find -iname bear`` 63 | 64 | ## Copy found items 65 | 66 | Find all files under "/etc" named hosts and copy them to "/tmp". 67 | ``find /etc/ -name "hosts" -exec cp {} /tmp \;`` 68 | 69 | ## By date and time 70 | 71 | ### Find modified within a timeframe 72 | Find all files that have been modified in the last five minutes in the "dev" directory. Think about "mm" as "modified minute". The latter command finds everything that was modified **more** than five minutes ago. 73 | 74 | ``find /dev/ -mmin -5`` 75 | 76 | ``find /dev/ -mmin +5`` 77 | 78 | To search for modified files in 24 hour blocks. This command finds all files modified in my "Documents" directory in the last 24 hours. 0 stands for the last 24 hours. 1 stands for between 24-48 hours and so on. 79 | 80 | ``find Documents/ -mtime 0`` 81 | 82 | ## By change time - metadata e.g., permissions 83 | 84 | Modification time reflects when something is created or edited. 85 | **Change time is not modified time.** 86 | 87 | Change time reflects changed Metadata. For example if someone changes the permission. We can find that information with the following command. This finds all changed metadata within the last 5 minutes in the Documents directory. 88 | 89 | ``find Documents/ -cmin -5`` 90 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # My RHCSA 9 study notes 2 | 3 | Hey! Welcome to my RHCSA 9 think tank. 🤠 4 | 5 | Check out [linux.ninja](https://www.linux.ninja) 6 | There I have updated notes and videos for the RHCSA exam. 7 | 8 | My YouTube channel, [YouTube - Linux Ninja](https://www.youtube.com/@TheLinuxNinja) 9 | 10 | ![Think-Tank](pictures/thinktank.png) 11 | 12 | As I prepare for the RHCSA 9 exam I will write down everything that I study. Feel free clone this repository and use it how you want. I also welcome pull requests if you want to add information. 13 | 14 | I will continually keep adding to the table of contents and to the files listed as my study progresses so I recommend you come back later if you are also studying for the RHCSA or studying Linux in general. 15 | 16 | [The official Red Hat 9.1 Release Notes in pdf format.](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/pdf/9.1_release_notes/red_hat_enterprise_linux-9-9.1_release_notes-en-us.pdf) 17 | 18 | [The exam objectives](https://github.com/1980is/rhcsa-9/blob/main/RHCSA%209%20Exam%20Objectives.md) 19 | 20 | ## Table of Contents 21 | 22 | - [Bash Scripting](https://github.com/1980is/rhcsa-9/blob/main/Bash%20Scripting.md) 23 | - [Boot Procedure](https://github.com/1980is/rhcsa-9/blob/main/Boot%20Procedure.md) 24 | - [Compare and manipulate file content](https://github.com/1980is/rhcsa-9/blob/main/Compare%20and%20manipulate%20file%20content.md) 25 | - [Containers](https://github.com/1980is/rhcsa-9/blob/main/Containers.md) 26 | - [Crontab](https://github.com/1980is/rhcsa-9/blob/main/Crontab.md) 27 | - [File and Folder permissions](https://github.com/1980is/rhcsa-9/blob/main/File%20and%20Folder%20permissions.md) 28 | - [Find](https://github.com/1980is/rhcsa-9/blob/main/Find.md) 29 | - [LVM](https://github.com/1980is/rhcsa-9/blob/main/LVM.md) 30 | - [Man Pages](https://github.com/1980is/rhcsa-9/blob/main/Man%20Pages.md) 31 | - [NFS and Autofs (Automount)](https://github.com/1980is/rhcsa-9/blob/main/NFS%20and%20Autofs.md) 32 | - [Networking](https://github.com/1980is/rhcsa-9/blob/main/Networking.md) 33 | - [Processes](https://github.com/1980is/rhcsa-9/blob/main/Processes.md) 34 | - [Random notes](https://github.com/1980is/rhcsa-9/blob/main/Random%20Notes.md) 35 | - [Reset Root Password](https://github.com/1980is/rhcsa-9/blob/main/Reset%20Root%20Password.md) 36 | - [Rsyslog](https://github.com/1980is/rhcsa-9/blob/main/Rsyslog.md) 37 | - [SELinux](https://github.com/1980is/rhcsa-9/blob/main/SELinux.md) 38 | - [Scheduling Tasks](https://github.com/1980is/rhcsa-9/blob/main/Scheduling%20Tasks.md) 39 | - [Software management](https://github.com/1980is/rhcsa-9/blob/main/Software%20management.md) 40 | - [Storage](https://github.com/1980is/rhcsa-9/blob/main/Storage.md) 41 | - [Systemd](https://github.com/1980is/rhcsa-9/blob/main/Systemd.md) 42 | - [Time Service](https://github.com/1980is/rhcsa-9/blob/main/Time.md) 43 | - [Users and groups](https://github.com/1980is/rhcsa-9/blob/main/Users%20and%20Groups.md) 44 | -------------------------------------------------------------------------------- /Storage.md: -------------------------------------------------------------------------------- 1 | # Storage 2 | 3 | ## General notes 4 | 5 | ### Deleting partitions 6 | Deleting partitions in Fdisk does not delete the data on the partition. The only thing that's deleted is a line in the partition table. If you delete a partition in order to extend it, when you create a new one, Fdisk asks "*Do you want to remove the signature? [Y]es/[N]o"* 7 | Select **no**, otherwise you will delete all data on the partition. 8 | 9 | ### Listing devices 10 | To see disks and partitions. ``lsblk`` 11 | If for some reason you don't think that is correct you can ``cat /proc/partitions`` 12 | 13 | ## Mount 14 | 15 | This command checks the "/etc/fstab" file is valid. 16 | ``findmnt --verify`` 17 | 18 | To mount all unmounted devices. 19 | ``mount -a`` 20 | 21 | *During the exam, reboot the machine to verify all mounts!* 22 | If your system can't boot because of a problem with "/etc/fstab" you will fail the exam. 23 | 24 | In datacenter environments, block device names may change. Different solutions exist for persistent naming. 25 | 26 | - **UUID**: a UUID is automatically generated for each device that contains a filesystem or anything similar. 27 | - **Label**: while creating the filesystem, the option ``-L`` can be used to set an arbitrary name that can be used for mounting the filesystem. 28 | 29 | To set a label on an XFS filesystem you can use ``xfs_admin -L mygreatlabel /dev/sda6`` To label it the volume needs to be unmounted. In "/etc/fstab" the **first field** would be ``LABEL=mygreatlabel`` instead of "/dev/sda6." 30 | 31 | If you want to mount it based on UUID, you can find the UUID with ``blkid``. 32 | 33 | ### Mount via Systemd 34 | 35 | Based on the example below, the mount filename would be mnt-vda6.mount and located in /etc/systemd/system/. \ 36 | \ 37 | [Unit]\ 38 | Description=Mount vda6 \ 39 | \ 40 | [Mount] \ 41 | What=UUID="07b6fb67-8687-40d5-81a4-bb58e28e1e0a" \ 42 | Where=/mnt/vda6 \ 43 | Type=xfs \ 44 | Options=defaults \ 45 | \ 46 | [Install] \ 47 | WantedBy=multi-user.target 48 | 49 | ## Swap 50 | 51 | ### Swap from partition 52 | 53 | 1. Create the parition. Partitions types are important on the exam. In Fdisk remember to set the type to swap. 54 | 2. Set up a Linux swap area on the device or file we created. ``mkswap /dev/vdd1`` You could also do ``mkswap -L myswapspace /dev/vdd1`` and use the label to mount it in fstab. 55 | 3. Mount the swap space in "/etc/fstab". In the first field you can use /dev/vdd1 or the UUID, or the label if you created one. ![mkswap](pictures/mkswap.png) 56 | 4. In the "/etc/fstab" file remember to mount the swap file to **none** and set the filesystem as swap. 57 | 5. To activate the swap run ``swapon -a`` 58 | 6. Check out the new swap space ``free -h`` 59 | 60 | If you have multiple swap files you can see the priority with ``swapon -s`` 61 | 62 | ### Swap from file 63 | 64 | 1. sudo dd if=/dev/zero of=/swap count=2048 bs=1MiB 65 | 2. chmod 600 /swap 66 | 3. mkswap /swap 67 | 4. swapon /swap 68 | 5. fstab: /swap swap swap defaults 0 0 69 | -------------------------------------------------------------------------------- /NFS and Autofs.md: -------------------------------------------------------------------------------- 1 | # NFS and Autofs (Automount) 2 | 3 | ## NFS 4 | 5 | NFS is not a part of the RHCSA exam. It's just something we need to set up to work on autofs. I had two machines, the nfsserver and the client machine. On the nfsserver, do the following. 6 | 7 | Install NFS server. 8 | ``dnf install nfs-utils`` 9 | 10 | Create the directory that you want to export. 11 | ``mkdir /nfsdata`` 12 | 13 | Put it into the exports file. ``vim /etc/exports`` \ 14 | This is just an example, it's insecure, don't use it. ``/nfsdata *(rw,no_root_squash)`` 15 | 16 | Enable and start the NFS server in one command. 17 | ``systemctl enable --now nfs-server`` 18 | 19 | To quickly open up the firewall to allow NFS. It adds the nfs, mountd and rpc-bind services to the firewall services. 20 | 21 | ``for i in nfs mountd rpc-bind; do firewall-cmd --add-service $i --permanent; done`` 22 | 23 | ``firewall-cmd --reload`` 24 | 25 | ``firewall-cmd --list-all`` 26 | 27 | ## Autofs 28 | 29 | On the exam, check **"/etc/auto.misc"** for nice syntax examples that can help if you're stuck! 30 | You won't see auto.misc until you have installed the autofs package. 31 | 32 | Now on the client that will be using autofs, do the following. 33 | 34 | First make sure you can see the exports on from the NFS Server. 35 | 36 | ``showmount -e nfsservername`` 37 | 38 | Automount is common for home directories. An NFS server is providing access to home directories, and the home directory is automounted when the user logs in. 39 | 40 | Install autofs. 41 | 42 | ``dnf install autofs`` 43 | 44 | In "/etc/auto.master" you'll identify the directory that automount should manage, and the file that is used for additional mount information. 45 | 46 | - "/nfsdata" and "/etc/auto.nfsdata" 47 | - "/nfsdata" is the mounting point and the second line "/etc/auto.nfsdata" is a file you create that gives the necessary parameters to mount it. 48 | - In "/etc/auto.nfsdata" you'll identify the subdirectory on which to mount, and what to mount. 49 | - files -rw nfsservername:/nfsdata 50 | 51 | Files is a subdirectory under /nfsdata that is created when you cd into it. 52 | 53 | For nfsserver, put the ip or the DNS name of the server you want to automount from. 54 | 55 | Enable and start the autofs service. 56 | ``systemctl enable --now autofs`` 57 | 58 | This will automatically create the folders necessary under the root "/" folder. In this example it creates the ''/misc" and "/nfsdata" folders. If you cd /nfsdata, it should be empty. If you ``cd`` into files, even though /nfsdata is empty you will cd into the /nfsdata directory on the nfsserver. 59 | 60 | ### Home directories 61 | 62 | To support different directory names in one automount line, wildcards are used. 63 | 64 | Put the following line in "/etc/auto.master". 65 | /home/ldap /etc/auto.ldap 66 | This auto mounts all subdirectories under /ldap. 67 | 68 | Let's create the file "/etc/auto.ldap". 69 | 70 | ``vim /etc/auto.ldap`` 71 | 72 | Insert the line. 73 | ``* -rw localhost:/home/ldap/&`` 74 | 75 | Let's say you have multiple home directories under "/home/ldap/1", "/home/ldap/2", etc. The ampersand at the end replaces whatever comes after /ldap/. 76 | 77 | When that is done. 78 | ``systemctl restart autofs`` 79 | 80 | More coming later. 81 | 82 | 83 | -------------------------------------------------------------------------------- /Users and Groups.md: -------------------------------------------------------------------------------- 1 | # Users and Groups 2 | 3 | ## Users  4 | 5 | ### Adding users 6 | 7 | ``useradd john`` to create user john. 8 | Checkout useradd --help to see more available options. 9 | 10 | Files in **/etc/default/useradd** apply to useradd only. 11 | Alternatively, write default settings to **/etc/login.defs**. This is the main settings config file. 12 | 13 | Changing this will not affect previously created users, only users that will be created in the future. 14 | 15 | Files in **/etc/skel** are copied to the user home directory upon creation. If we want to send a message, scripts, etc. We can use **/etc/skel**. 16 | 17 | ## Managing users 18 | 19 | ### Passwords 20 | To view password settings for user John. 21 | ``chage -l john`` 22 | 23 | To set password options for John. 24 | ``chage john`` 25 | 26 | You can also view the password options in **/etc/shadow**. You can see if the user account is locked out. The second field is the password hash. If the password hash starts with **!** The user account is locked out. As you can see, the user John is locked out. 27 | 28 | ![The shadow file](pictures/shadow.png) 29 | 30 | You can also see if the account is locked with ``passwd -S armann`` 31 | 32 | If you want to transfer a password from another server to another one, simply copy the password hash in **/etc/shadow** from the server with the correct password and paste it into field number 2. 33 | 34 | To edit **/etc/passwd** use ``vipw``. Do not edit the file directly. 35 | 36 | ### User account management 37 | 38 | To lock a user account. 39 | ``usermod -L john`` 40 | 41 | To unlock an account. 42 | ``usermod -U john`` 43 | 44 | See previous logged in users. 45 | ``last`` 46 | 47 | See currently logged in users. 48 | ``w`` or ``who`` 49 | 50 | ### User file management 51 | 52 | **/etc/login.defs**: Used for default settings like UID settings, passwd default settings, and other things. 53 | 54 | **/etc/profile**: Used for default settings for all users when starting a login shell. 55 | 56 | **/etc/bashrc**: Used to define defaults for all users when starting a subshell. 57 | 58 | **~/.profile**: Specific settings for one user applied when starting a login shell. 59 | 60 | **~/.bashrc**: Specific settings for one user applied when starting a subshell. 61 | 62 | ## Groups 63 | 64 | To create a new group. ``groupadd groupname`` 65 | 66 | To see members of a group. ``groupmems -g sales`` or ``lid -g groupname``. For a specific user you can use ``id john`` or ``groups john``. The first group listed is the primary group. 67 | 68 | Add John to the group sales. ``usermod -aG sales john``. The new group for the user is applied when they log out and back in. If they don't want to do that and use the new group right away, that's when we use the ``newgrp`` command. Remember to use the ``-a`` option when adding people to groups. If you don't, it will **override** all secondary groups the member is a part of. 69 | 70 | Remove user John from the group printers. 71 | ``gpasswd -d john printers`` 72 | 73 | You can use ``newgrp sales`` to change the primary group to sales. This is only a **temporary** primary group change, when you exit, it's back to your original primary group. Remember that the ``newgrp`` command opens a subshell where the user is a member of the group sales. 74 | 75 | Use ``vigr`` to change the **/etc/groups** file. 76 | 77 | See all groups `cat /etc/group` 78 | 79 | ## SUDO  80 | 81 | To have sudo rights the user needs to be a part of the wheel group. 82 | 83 | To see current members of the wheel group. 84 | 85 | ``lid -g wheel`` 86 | 87 | Let's add John to the wheel group. ``usermod -aG wheel john`` 88 | 89 | Let's remove John from the wheel group. ``gpasswd -d john wheel`` 90 | -------------------------------------------------------------------------------- /Software management.md: -------------------------------------------------------------------------------- 1 | # Software management 2 | 3 | ## Common DNF commands 4 | 5 | ``dnf repolist`` \ 6 | ``dnf provides htop`` or ``dnf provides */Containerfile`` \ 7 | ``dnf search htop`` \ 8 | ``dnf search all htop`` \ 9 | ``dnf update`` The same as ``dnf upgrade``. The "update" is an alias for "upgrade". \ 10 | ``dnf group install`` Only mandatory and default packages are installed, to see optional packages use ``dnf group info`` and to install with all optional packages do ``dnf group install --with-optional`` \ 11 | ``dnf group list`` See group packages that you can install. \ 12 | ``dnf group list hidden`` Some groups are normally only installed through environment groups and not separately, and for that reason don't show when using ``dnf group list`` 13 | ``dnf list installed`` List installed software on the machine. 14 | 15 | ### History 16 | ``dnf history`` 17 | ``dnf history info 10`` 18 | 19 | ### Rollback and undo 20 | ``dnf history undo 10`` 21 | ``sudo dnf history rollback 10`` Let's say you want to undo everything that was installed after number 10. This command seen below would remove mutt, emacs and powertop. 22 | 23 | ![dnf rollback](pictures/rollback.png) 24 | 25 | To reinstall something that was removed. \ 26 | ``dnf history redo 15`` 27 | 28 | ## Repository management during exam 29 | 30 | During the exam your virtual machine **will not have access to the internet**. Hence, we cannot use subscription-manager and associated repos. **No repositories will be available by default**. This means we cannot install any packages by default. 31 | 32 | Red Hat will tell you that a repository is available at a certain location, and you will have to configure the repository for that manually. 33 | 34 | You need to be capable of configuring repository access, or you will **fail the exam**. 35 | 36 | ### Use subscription manager repositories 37 | This is just and FYI. **You will not** have access to these repositories during the exam!. 38 | To access repositories that are offered through subscription manager, use ``dnf config-manager --enable name-of-the-repository`` to add repository access. 39 | 40 | ### Create a repository locally 41 | To enable third party repositories, create a repo files in "/etc/yum.repos.d/". 42 | 43 | Let's create a local repository from the RHEL 9 ISO file. 44 | I mount the RHEL 9 ISO in the virtual cdrom drive. 45 | For me, it's mounted on "/run/media/armann/RHEL-9-0-0-BaseOS-x86_64". 46 | 47 | If you need to mount the cdrom manually. ``mount /dev/sr0 /mnt`` 48 | 49 | Let's copy the iso file to our computer. Make sure you have around 9GB available 50 | on the root of your hard disk. ``dd if=/dev/sr0 of=/rhel9.iso bs=1M status=progress`` 51 | 52 | Let's edit "/etc/fstab" so it's mounted automatically for us. You can see the last line, that's how we mount the rhel9.iso automatically after boot. 53 | 54 | ![repository](pictures/repo.png) 55 | 56 | Let's mount it. ``mount -a`` 57 | 58 | Now we need to manually create the repository file. \ 59 | Go under "/etc/yum.repos.d/". \ 60 | Create a file, ``vim baseos.repo`` 61 | 62 | Let's add the following lines into baseos.repo. 63 | 64 | [baseos] \ 65 | name=baseos \ 66 | baseurl=file:///opt/iso/BaseOS \ 67 | gpgcheck=0 68 | 69 | **Create another repo file.** \ 70 | Call it appstream.repo 71 | 72 | [appstream] \ 73 | name=appstream \ 74 | baseurl=file:///opt/iso/AppStream \ 75 | gpgcheck=0 76 | 77 | Now we can check to see if our repository file is okay. \ 78 | ``dnf repolist`` \ 79 | We should see baseos and appstream and no errors. 80 | 81 | ## DNF Modules 82 | 83 | **BaseOS repo** is for packages that don't change during the lifecycle of the OS. 84 | The **AppStream repo** is for packages that do change major versions during 85 | the lifecycle period of the Os. 86 | 87 | ## Subscription 88 | 89 | To see all the software you are entitled to use with the subscription attached to the machine. 90 | 91 | ``rct cat-cert /etc/pki/entitlement/5715597599610761455.pem`` 92 | -------------------------------------------------------------------------------- /SELinux.md: -------------------------------------------------------------------------------- 1 | # SELinux 2 | 3 | Selinux state is either enabled or disabled. You must reboot to switch between the two. 4 | Enabled has two modes, permissive or enforcing. 5 | 6 | If you want to temporarily disable SELinux to debug or analyze something you should 7 | change the SELinux state while booting by using a kernel parameter. 8 | 9 | - enforcing=0 will start SELinux in permissive mode. 10 | - enforcing=1 will start SELinux in enforcing mode. 11 | - selinux=0 will disable SELinux. 12 | 13 | ``getenforce`` to see the status of SELinux. 14 | 15 | ``setenforce`` to switch between modes, permissive or enforcing. This is temporary, it will go back 16 | to whatever is defined in "/etc/selinux/config" after the server is rebooted. 17 | 18 | ``ps Zaux`` 19 | 20 | ## Context and Context types 21 | 22 | ### Context 23 | 24 | Remember to look at `` man semanage-fcontext`` during the exam. At the bottom you have examples you can use. 25 | 26 | When files are created in a directory, they typically inherit the context of the parent directory and most services don't need additional SELinux configuration if default settings are used. 27 | 28 | When files are copied, they typically inherit the context of the parent directory. If it's not relabeled correctly you can use ``restorecon -Rv /mydirectory`` 29 | 30 | Use ``semanage fcontext`` to set the file context label. This will write the context to the SELinux Policy, but **it is not written yet to the filesystem**. 31 | A second step is necessary to write it to the filesystem by using ``restorecon`` 32 | 33 | Instead of using ``restorecon`` you can use ``touch /.autorelabel`` to relabel all files to the context that is specified in the policy. That should be our last option, it happens while rebooting. 34 | So ``restorecon`` is preferred. 35 | 36 | 37 | Use ``semanage fcontext -a`` to set a new context label. If you get an error that it already exists. Use the -m option. 38 | 39 | Use ``semanage fcontext -m`` to modify an existing context label. 40 | 41 | **Important for the exam!** See ``man semanage-fcontect`` for documentation. 42 | 43 | If you apply non-default configuration, check the default configuration context setting but if that's not available install the man pages with ``dnf install selinux-policy-doc`` and then ``man -k _selinux | grep http`` as an example. 44 | 45 | Do **NOT** use ``chcon`` as the changes it makes may be overwritten. 46 | 47 | Use ``semanage fcontext -I -C`` to show only settings that have changed in the current policy. 48 | 49 | ### Context Types 50 | 51 | In most configurations, only context type matters, so you can safely ignore user and role for RHCSA. Every object is labeled with a context label. 52 | 53 | - user: user specific context 54 | - role: role specific context 55 | - type: flags which type of operation is allowed on this object 56 | 57 | 58 | Many commands support the -Z option to see the context for files. 59 | ``ls -Z /etc/`` 60 | 61 | Context types are used in the rules in the policy to define which source object has access to which target object. 62 | 63 | ### Booleans 64 | 65 | A boolean is an easy-to-use configuration switch to enable or disable specific parts of the SELinux policy. 66 | 67 | For an overview of all booleans, use ``semanage boolean -I`` or ``getsebool -a``. 68 | 69 | To see all booleans that have a non-default setting ``semanage boolean -l -C`` 70 | 71 | An example to learn from. ``getsebool -a | grep ftp`` 72 | 73 | To set booleans, use ``setsebool -P boolean [on|off]`` 74 | 75 | ### Networking 76 | 77 | Network ports are also provided with an SELinux context label. The SELinux policy is configured to allow default port access. For any non-default port access, use ``semanage-port`` to apply the right label to the port. 78 | 79 | Use the examples section in man ``semanage-port`` for examples. 80 | 81 | ### Debug 82 | 83 | - Check to see if SEAlert is installed. ``dnf provides */sealert`` 84 | - ``journalctl | grep sealert`` 85 | - Find what you are looking for and run the the command it shows you, e.g., `` sealert -l 59cd7b4c-2b08-4bfc-8c15-4369f46c7355`` 86 | - Check the audit log for AVC errors. It's the most important source to debug SELinux problems. 87 | - ``grep AVC /var/log/audit/audit.log`` 88 | - 89 | -------------------------------------------------------------------------------- /Systemd.md: -------------------------------------------------------------------------------- 1 | # Systemd 2 | 3 | ## Common commands 4 | 5 | ``systemctl status`` 6 | 7 | List all services 8 | ``systemctl list-units -t service`` 9 | 10 | List dependencies 11 | ``systemctl list-dependencies`` 12 | A good overview of what is "on" and what is "off". 13 | 14 | To enable the service to start at boot 15 | ``systemctl enable name.service`` 16 | 17 | To manually start a service 18 | ``systemctl start name.service`` 19 | 20 | To restart a service 21 | ``systemctl restart name.service`` 22 | 23 | Reload config 24 | ``systemctl reload name.service`` 25 | `reload` will reload a specific service. That means that the systemd will send a SIGHUP signal to a service, and that signal will tell the service to reload its configuration files, which has nothing to do with systemd config files. 26 | 27 | Reload custom service files 28 | ``systemctl daemon-reload`` 29 | Location of custom systemd units is "/etc/systemd/system". This command reloads the service files in that directory. 30 | 31 | Check the configuration of a unit file 32 | ``systemctl cat sshd.service`` 33 | 34 | Edit unit file 35 | ``systemctl edit sshd.service`` 36 | By default it uses Nano. To change that to Vim. 37 | ``export SYSTEMD_EDITOR=/usr/bin/vim`` 38 | This creates a drop-in-file in "/etc/systemd/system/" 39 | If it does not create the drop-in-file automatically, do ``systemctl daemon-reload`` 40 | 41 | To see tunables for a service do ``systemctl show httpd.service`` 42 | 43 | /user/lib/systemd/system/ is for configuration files provided by packages. 44 | Do not edit those directly since they can be overwritten by newer packages. 45 | 46 | /etc/tuned/ and /usr/lib/tuned/ need an explanation for it here. 47 | 48 | Mask 49 | To prevent certain units from starting up, use ``systemctl mask``. It links a unit to the /dev/null device, which ensures it cannot be started. For instance ``systemctl mask nginx`` 50 | 51 | ``systemctl unmask`` removes the unit mask. 52 | 53 | ## Systemd Journal (journalctl) 54 | 55 | Show all boots that have been logged. Needs to have persistent journalling. 56 | ``journalctl --list-boots`` 57 | 58 | ``journalctl -xrb`` 59 | -x = Augment log lines with explanation texts from the message catalog. This will add explanatory help texts to log messages 60 | -r = Reverse output so that the newest entries are displayed first. 61 | -b = Show messages from a specific boot. This will add a match for "_BOOT_ID=". 62 | The argument may be empty, in which case logs for the current boot will be shown. 63 | 64 | ### How to make the journal persistent 65 | 66 | You could use rsyslog to make the journal persistent. 67 | 68 | "/etc/systemd/journal.conf" 69 | The setting "Storage=auto" ensures that persistent storage is happening automatically **after manually creating the directory** "/var/log/journal" 70 | 71 | Then we need to restart the journal service. 72 | ``systemctl restart systemd-journal-flush.service`` 73 | 74 | ### Common commands 75 | 76 | View only messages with a priority error and higher. 77 | ``journalctl -p err`` 78 | 79 | View the last 10 lines, and adds new messages when they are added. 80 | ``journalctl -f`` 81 | 82 | Show messages for the sshd service only. 83 | ``journalctl -u sshd.service`` 84 | 85 | ### See space used by Journalctl 86 | 87 | See current settings for growth and what it's currently using. 88 | ``journalctl | grep -E 'Runtime Journal|System Journal'`` 89 | 90 | 91 | ## Systemd Timers (Scheduling) 92 | 93 | When using systemd timers, the timer should be started, and **not** the service unit. 94 | 95 | ``systemctl list-units -t timer`` 96 | ``systemctl list-unit-files dnf-makecache*`` 97 | ``systemctl status dnf-makecache.timer`` 98 | Checkout the "Trigger and Triggers". 99 | 100 | To schedule and activate a timer you use the "OnCalendar" option. 101 | 102 | ``OnCalendar=*:00/20`` runs every 20 minutes. 103 | 104 | You can use "OnUnitActiveSec" to start the unit at a specific time after the unit was last activated. 105 | 106 | You can use "OnBootSec" or "OnStartupSec" to start the unit a specific time after booting. 107 | 108 | ## Working with Tuned 109 | 110 | Install tuned. ``dnf install tuned`` 111 | 112 | To see available commands, type this in and press double tab. ``tuned-adm`` 113 | 114 | To see available profiles. ``tune-adm list`` 115 | 116 | Config files for Tuned are located in "/usr/lib/tuned/". 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | -------------------------------------------------------------------------------- /RHCSA 9 Exam Objectives.md: -------------------------------------------------------------------------------- 1 | # Exam objectives 2 | 3 | ## Study points for the exam 4 | 5 | RHCSA exam candidates should be able to accomplish the tasks below without assistance. These have been grouped into several categories. 6 | 7 | Understand and use essential tools 8 | 9 | - Access a shell prompt and issue commands with correct syntax 10 | - Use input-output redirection (>, >>, |, 2>, etc.) 11 | - Use grep and regular expressions to analyze text 12 | - Access remote systems using SSH 13 | - Log in and switch users in multiuser targets 14 | - Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2 15 | - Create and edit text files 16 | - Create, delete, copy, and move files and directories 17 | - Create hard and soft links 18 | - List, set, and change standard ugo/rwx permissions 19 | - Locate, read, and use system documentation including man, info, and files in /usr/share/doc 20 | 21 | Create simple shell scripts 22 | 23 | - Conditionally execute code (use of: if, test, [], etc.) 24 | - Use Looping constructs (for, etc.) to process file, command line input 25 | - Process script inputs ($1, $2, etc.) 26 | - Processing output of shell commands within a script 27 | 28 | Operate running systems 29 | 30 | - Boot, reboot, and shut down a system normally 31 | - Boot systems into different targets manually 32 | - Interrupt the boot process in order to gain access to a system 33 | - Identify CPU/memory intensive processes and kill processes 34 | - Adjust process scheduling 35 | - Manage tuning profiles 36 | - Locate and interpret system log files and journals 37 | - Preserve system journals 38 | - Start, stop, and check the status of network services 39 | - Securely transfer files between systems 40 | 41 | Configure local storage 42 | 43 | - List, create, delete partitions on MBR and GPT disks 44 | - Create and remove physical volumes 45 | - Assign physical volumes to volume groups 46 | - Create and delete logical volumes 47 | - Configure systems to mount file systems at boot by universally unique ID (UUID) or label 48 | - Add new partitions and logical volumes, and swap to a system non-destructively 49 | 50 | Create and configure file systems 51 | 52 | - Create, mount, unmount, and use vfat, ext4, and xfs file systems 53 | - Mount and unmount network file systems using NFS 54 | - Configure autofs 55 | - Extend existing logical volumes 56 | - Create and configure set-GID directories for collaboration 57 | - Diagnose and correct file permission problems 58 | 59 | Deploy, configure, and maintain systems 60 | 61 | - Schedule tasks using at and cron 62 | - Start and stop services and configure services to start automatically at boot 63 | - Configure systems to boot into a specific target automatically 64 | - Configure time service clients 65 | - Install and update software packages from Red Hat Network, a remote repository, or from the local file system 66 | - Modify the system bootloader 67 | 68 | Manage basic networking 69 | 70 | - Configure IPv4 and IPv6 addresses 71 | - Configure hostname resolution 72 | - Configure network services to start automatically at boot 73 | - Restrict network access using firewall-cmd/firewall 74 | 75 | Manage users and groups 76 | 77 | - Create, delete, and modify local user accounts 78 | - Change passwords and adjust password aging for local user accounts 79 | - Create, delete, and modify local groups and group memberships 80 | - Configure superuser access 81 | 82 | Manage security 83 | 84 | - Configure firewall settings using firewall-cmd/firewalld 85 | - Manage default file permissions 86 | - Configure key-based authentication for SSH 87 | - Set enforcing and permissive modes for SELinux 88 | - List and identify SELinux file and process context 89 | - Restore default file contexts 90 | - Manage SELinux port labels 91 | - Use boolean settings to modify system SELinux settings 92 | - Diagnose and address routine SELinux policy violations 93 | 94 | Manage containers 95 | 96 | - Find and retrieve container images from a remote registry 97 | - Inspect container images 98 | - Perform container management using commands such as podman and skopeo 99 | - Build a container from a Containerfile 100 | - Perform basic container management such as running, starting, stopping, and listing running containers 101 | - Run a service inside a container 102 | - Configure a container to start automatically as a systemd service 103 | - Attach persistent storage to a container 104 | 105 | As with all Red Hat performance-based exams, configurations must persist after reboot without intervention. -------------------------------------------------------------------------------- /Networking.md: -------------------------------------------------------------------------------- 1 | # Networking 2 | 3 | ## Notes 4 | 5 | Do not use ifconfig anymore. It's been deprecated for over 20 years now. 6 | Ifconfig does not support secondary ip addresses for example. 7 | 8 | ## See information for your NIC 9 | 10 | ### Display IP addresses 11 | ``ip ad`` or ``nmcli`` 12 | 13 | ### Display route/gateway information 14 | ``ip -4 route`` 15 | ``ip -6 route`` 16 | 17 | Legacy command to see route information. 18 | ``netstat -rn`` or ``route -n`` 19 | 20 | ### Display ARP table 21 | ``arp -a`` 22 | 23 | ### Display the ARP default timeout 24 | ``cat cat /proc/sys/net/ipv4/neigh/default/gc_stale_time`` 25 | 26 | ## Change settings for your NIC 27 | 28 | ### Assign IP address 29 | 30 | You can use the "graphical" ``nmtui`` tool to configure your network connection. If you use ``nmtui``, remember to **set the subnet mask** when you enter the ip address. Using ``nmtui`` for the exam is better, it will save time. 31 | 32 | ![nmtui](pictures/nmtui.png) 33 | 34 | Another way is to use the ``nmcli`` tool. Remember to swap out the name for the correct name you see when you execute ``nmcli connection show`` 35 | ``nmcli connection edit enp1s0`` 36 | 37 | Now you are in the nmcli interface. Type ``print`` to see detailed information for the connection named "enp1s0". To see the name of all your connection, ``nmcli connection show`` and ``nmcli device show`` 38 | 39 | Find the connection name, ``nmcli connection show`` 40 | Make sure that the **bash-completion package** is installed when working with nmcli. 41 | 42 | Assign the IP address to the correct connection name. 43 | ``nmcli connection modify enp0s3 ipv4.addresses 192.168.1.21/24`` 44 | 45 | ip is an excellent command for troubleshooting but using the ip command only changes runtime environment, **it does not change anything in the configuration files.** 46 | 47 | Here are a few nmcli examples: 48 | 49 | ``nmcli device status`` \ 50 | ``nmcli connection show -active`` \ 51 | If the connection is unmanaged or not connecting, try this command. \ 52 | ``sudo nmcli connection mod connection.autoconnect yes`` 53 | 54 | **Activate Changes** \ 55 | ``nmcli connection reload`` \ 56 | This only makes the NM aware of the changes. \ 57 | You have to take the connection down and then up (``nmcli con down NAME; nmcli con up NAME``) or most changes can be applied directly with ``nmcli dev reapply NAME`` 58 | 59 | ### Change the gateway 60 | 61 | ``nmcli connection modify enp0s3 ipv4.gateway 192.168.1.254`` 62 | 63 | ### Use static instead of DHCP 64 | 65 | ``nmcli connection modify enp0s3 ipv4.method static`` 66 | 67 | ### Disabling and enabling an interface 68 | ``ip link set ens33 down`` 69 | ``ip link set ens33 up`` 70 | 71 | ### Changing the MTU for e.g., iSCSI 72 | ``nmcli con mod ensp92 802-3-ethernet.mtu 9000`` 73 | 74 | ## Firewall (netfilter/nftables) 75 | 76 | On the exam it's better to restart services than to reload them. 77 | 78 | The netfilter framework in the Linux kernel manages firewall operations, and it forwards specific operations to kernel modules. 79 | - Packet filtering 80 | - Network address translation 81 | - Port forwarding 82 | 83 | ### Firewalld 84 | 85 | Firewalld is a good interface to create and manage a simple firewall but the framework behind it is the Netfilter (nftables) firewall. 86 | 87 | To see config files for services, check out. 88 | "/usr/lib/firewalld/" 89 | 90 | ### General commands 91 | 92 | ``firewall-cmd --list-all`` 93 | 94 | ``firewall-cmd --get-services`` 95 | 96 | ``firewall-cmd --add-service squid --permanent`` \ 97 | Remember to use the permanent switch, otherwise the rule is written only to the runtime and is lost if you restart firewalld or the server! 98 | 99 | ``firewall-cmd --reload`` 100 | 101 | Add IP address to the trusted zone. 102 | ``firewall-cmd --zone=trusted --add-source=192.168.124.1 --permanent`` 103 | 104 | List configuration for all zones. 105 | ``firewall-cmd --list-all-zones`` 106 | 107 | ### Zones 108 | 109 | A zone is a default configuration to which network cards can be assigned to apply specific settings. 110 | 111 | ### Service 112 | 113 | You only need to know the service part for the RHCSA exam! 114 | 115 | ### Ports 116 | 117 | Optional elements to allow access to specific ports. 118 | 119 | ## Network Sockets 120 | 121 | Use ``ss`` to show socket information. This will show all connections. 122 | 123 | ``ss -tu`` shows connected TCP and UDP sockets. 124 | 125 | ``ss -tua`` shows connected TCP and UDP sockets + sockets in a listening state. 126 | 127 | ``ss -tulpn`` Shows TCP and UDP sockets in a listening state, it also adds process names or PID to the output. 128 | 129 | 130 | 131 | ## Debug 132 | 133 | - Use ``nm-connection-editor`` if you have issues with certs for you network cards. 134 | - Make sure your subnet mask is correct. 135 | - Ping your gateway to see if you can reach the router. 136 | - DNS not working, check "/etc/resolv.conf" to make sure it's correct. 137 | -------------------------------------------------------------------------------- /File and Folder permissions.md: -------------------------------------------------------------------------------- 1 | # File Management 2 | 3 | ## File and Folder permissions. 4 | 5 | When you do an ``ls -l``. The first identifier tells us what kind of file type it is. 6 | 7 | ![file-type-identifier](pictures/file-type-list.png) 8 | 9 | ![Types of files](pictures/file-type.png) 10 | 11 | Linux applies permissions in the following order. 12 | 13 | 1. Owner. 14 | 2. Group. 15 | 3. Others. 16 | 17 | If you are the owner, Linux doesn't check the group or other permissions. So if you have read only permission and you are a part of the group that has read & write permission, you only have read permission. **The permissions are applied from left to right**. 18 | 19 | ## ACL 20 | 21 | *ACL's are not a part of the RHCSA 9 but I still wrote down information about it.* 22 | 23 | There are two types of ACL.  24 | - The normal ACL.  25 | - The default ACL.  26 | 27 | To create an ACL list you use the command ``setfacl``.  28 | 29 | ``setfacl -R -m g:sales:rx filename`` 30 | ``Setfacl -m d:g:profs:rx foldername/`` 31 | 32 | This sets the group profs as a default group that can read and execute all files creating in foldername in the future. 33 | 34 | If fileacl not supported message appears, there is something wrong in the filesystem. 35 | 36 | To see the acl. 37 | 38 | ``getfacl foldername`` 39 | 40 | ## SUID, SGID, and Sticky Bit  41 | 42 | To apply SUID, SGID, and sticky bit, you can use chmod. SUID has numeric value 4, SGID has numeric value 2, and sticky bit has numeric value 1.  43 | 44 | **SUID = 4** 45 | 46 | It executes as the user that ownes the file. Let's say that root owns a file and John executes that file, it's executed as root, not John. It's dangerous and not recommended practice. 47 | 48 | *SUID on directories has no meaning*.  49 | 50 | ``chmod u+s filename`` This enables set user id for that file. If Root is the owner.  51 | You can also set it by using the bits. ``chmod 4775 filename`` 52 | 53 | To see if the SUID bit is set the permissions is an **s** in the user section. 54 | Looks like this: -rw**s**r--r-- 55 | 56 | If it's a lower case "s", then both the execute bit and the SUID bit are set. If it's and upper case, only the SUID bit is set. 57 | 58 | ![Uppercase S in SUID](pictures/suid-capital-s.png) 59 | 60 | To remove suid, ``chmod u-s filename`` or ``chmod 0664 filename`` where the 0 is the removes the special bit. 61 | 62 | **SGID = 2** 63 | 64 | It **inherits** DIR group owner when new files are created. It can good in shared environments. 65 | 66 | This enables set group id for that folder.   67 | ``chmod g+s foldername/`` 68 | You can also set it by using the bits. ``chmod 2775 foldername/`` 69 | 70 | To verify that group id is set for a folder, there is an s in the group sections. 71 | drwxrw**s**r-x. 72 | 73 | If it's a lower case "s", then both the execute bit and the GID bit are set. If it's and upper case, only the GID bit is set. 74 | 75 | To remove GID, ``chmod g-s foldername/`` 76 | 77 | If the group has rwx on the directory, that means that any member of the that owns the directory **can delete files** within that folder. We might not want Melinda to be able to delete files that John creates. *That's where the sticky bit comes in*. 78 | 79 | **STICKY = 1** 80 | 81 | *Sticky bit has no meaning on files but it does have meaning on directories*. 82 | 83 | The Sticky bit makes it so that delete only works if the **owner** deletes the file. Read about this problem under the SGID = 2 section. To check who is the owner of the current directory, ``ls -ld .`` You can also see it with the classic ``ls -la`` and it will be the first item listed. As you can see in the picture, the user armann and the group armann is the owner of the Goonies directory. You can also see that the Sticky bit is set for that directory. 84 | 85 | ![Directory owner](pictures/sticky-bit.png) 86 | 87 | 88 | This applies a sticky bit to all filed in the current directory. 89 | ``chmod +t *`` 90 | You can also set it by using the bits. ``chmod 1775 `` 91 | 92 | To see if the Sticky Bit is set the permission has a **t** at the end.  93 | ``-rw-r--r-t`` 94 | If it's a lower case "t", then both the execute bit for "others" and the Sticky bit are set. If it's and upper case T, only the Sticky bit is set, "others" does not have executable rights. 95 | 96 | ## Change ownership 97 | 98 | ``chown john:john alamo`` 99 | This changes the owner and the group on the file/folder alamo. 100 | If you just want to change the group you can do ``chown :john alamo`` 101 | You can also use the ``chgrp`` command. ``chgrp john alamo`` 102 | 103 | ## Change permissions 104 | 105 | - 0 No permission. 106 | - 1 Execute permission. 107 | - 2 Write permission. 108 | - 3 Write and execute permissions. 109 | - 4 Read permission. 110 | - 5 Read and execute permissions. 111 | - 6 Read and write permissions. 112 | - 7 Read, write, and execute permissions. 113 | 114 | This gives the owner full permission, group read and execute permission, and others no permission on "myfile". 115 | 116 | ``chmod 750 myfile`` 117 | 118 | This is known as the absolute mode. There is a relative mode that you can use. Let's say I wanted to make myfile executable. 119 | 120 | ``chmod +x myfile`` 121 | 122 | ## UMASK 123 | 124 | Type in ``umask`` to see the default umask. Unless you have changed it, it should be "0022". The umask is used to assign default permission for new files and directories. 125 | 126 | Default permission for directories is 777. Default permission for files is 666. 127 | 128 | To calculate the permission bits for a new file or directory, we subtract the umask value from the default value. 129 | 130 | - 666 - 022 = 644 131 | - 777 - 022 = 755 132 | 133 | The umask value can be found and configured in the following location. 134 | - /etc/profile System-wide default variables are stored. 135 | - /etc/bash.bashrc Default shell configuration files are stored 136 | -------------------------------------------------------------------------------- /Compare and manipulate file content.md: -------------------------------------------------------------------------------- 1 | # Compare and manipulate file content 2 | 3 | ## Extended Regular Expressions  4 | 5 | Checkout out [regexr.com](https://regexr.com/) for more information. 6 | 7 | If we want to do e.g., ``grep 'b.?t'`` we should use an **extended regular expression**. 8 | Those types of expressions start with **egrep**, not grep. 9 | 10 | In basic regular expressions the meta-characters ?, +, {, |, (, and ) lose their special meaning; instead use the backslashed (escaped) versions \\?, \\+, \\{, \\|, \\(, and \\). **It's easier to always use egrep and not grep**, then you don't have to escape the meta-characters. 11 | 12 | ``egrep -r "0{3,}" /etc/`` 13 | 14 | This gives us anything matching at least three zeros in "/etc/". 15 | If we wanted to use a regular expression we would have to escape the {} characters. 16 | 17 | ``grep -r "0\{3,\}" /etc/`` 18 | 19 | To search files in "/etc/" for the word "disabled". The ? character means that the "d" in disabled can exist once or zero times. So it would return words like, "disabled" or "disable". 20 | 21 | ``egrep -r "disabled?" /etc/ 22 | 23 | This searches "/etc/" for either disabled or enabled. 24 | 25 | ``egrep -r "enabled|disabled" /etc/`` 26 | 27 | Search in the "/dev/" directory for any file that begins with a-z, and has another character zero or more times, has a number from 0-9, and ends with any character 28 | 29 | ``egrep -r "/dev/[a-z]\*[0-9]?" /etc/`` 30 | 31 | ## Regular Expressions 32 | 33 | Regular Expressions are text patterns that are used by tools like grep and others. 34 | 35 | *Don't confuse regular expressions with globbing!* They may look like expressions with globbing, but are really different. 36 | 37 | ``grep 'a*' or a*`` 38 | 39 | a* is globbing, 'a*' is a Regular Expression. 40 | 41 | Regular expressions are used with specific tools only like grep, vim, awk and sed. **Extended** regular expressions enhance basic regex features. See man 7 regex for details. 42 | 43 | Regular expressions are built around **atoms**; an atom specifies what text is to be matched. Atoms can be single characters, a range of characters, or a dot. 44 | 45 | Atoms can also be a class, such as \[[:alpha:\]], \[[:digit:\]] or \[[:alnum:\]].  46 | 47 | Second is the repetition operator, specifying how often a character occurs. The third element is indicating where to find the next character. 48 | 49 | This searches the regtext file for anything beginning with b and ends with t. The dot is a wildcard charachter. 50 | 51 | ``grep 'b.t' regtext`` 52 | 53 | If we do ``grep 'b.\*t' sometextfile``. The * functions as a repitition operator. 54 | 55 | We use \\ to escape special characters so that Bash doesn't interpret them. 56 | Let's say we want to find all periods in "/etc/login.defs". If we did ``grep "." /etc/login.defs`` grep would return the whole document since the period operator functions as "match any one character" as we can see below. We would fix this by escaping the period. 57 | 58 | If we do this, only the periods in the document are highlighted red. ``grep "\." /etc/login.defs`` 59 | 60 | **Repetition** 61 | 62 | Here are some operators we can use for repition. 63 | 64 | A regular expression may be followed by one of several repetition operators: 65 | 66 | - ? The preceding item is optional and matched at most once. 67 | - \* The preceding item will be matched zero or more times. 68 | - \+ The preceding item will be matched one or more times. 69 | - {n} The preceding item is matched exactly n times. 70 | - {n,} The preceding item is matched n or more times. 71 | - {,m} The preceding item is matched at most m times. This is a GNU extension. 72 | - {n,m} The preceding item is matched at least n times, but not more than m times. 73 | 74 | **Other operators** 75 | 76 | - ^ beginning of the line. 77 | - $ end of line.  78 | - \< beginning of word.  79 | - \> end of word.   80 | - . match any ONE character. 81 | - | is an or operator. 82 | 83 | ## Grep options 84 | 85 | | | | 86 | |---|---| 87 | |-i | Not case sensitive. Matches upper- and lowercase letters. | 88 | |-v | Shows only lines that do not contain the regular expression. | 89 | |-r | Searches files in the current directory and all subdirectories.  | 90 | | -e | Searches for lines matching more than one regular expression. | 91 | | -A \ | Shows \ of lines after the matching regular expression. | 92 | | -B \ | Shows \ of lines before the matching regular expression. | 93 | 94 | ### Examples 95 | 96 | ``grep '\' * 2>/dev/null`` 97 | 98 | Show us all files in the working directory that have only three characters in their name.   99 | 100 | ``grep '^...$' *`` 101 | 102 | Count how many numbers begin with 2 in "textfile". 103 | 104 | ``grep -c '^2' textfile`` 105 | 106 | 107 | ## CUT and SORT 108 | 109 | ### Examples 110 | 111 | #### CUT 112 | 113 | Pipe the output of the third field in "/etc/passwd" to less. The delimeter between fields is ":"". 114 | 115 | ``cut -f 3 -d : /etc/passwd | less`` 116 | 117 | Here we use space as the delimiter. 118 | 119 | ``cut -d ' ' -f 1 userinfo.txt`` 120 | 121 | This command cuts the first field and changes everything in lowercase to uppercase. 122 | 123 | ``cut -d : -f 1 /etc/passwd | tr [:lower:] [:upper:]``  124 | 125 | #### SORT 126 | 127 | Cut out the first field in the "passwd" file and sort it alphabetically. 128 | 129 | ``cut -f 1 -d : /etc/passwd | sort`` 130 | 131 | How to remove duplicate lines when using sort. 132 | 133 | ``sort oscarwinners.txt | uniq`` 134 | 135 | 136 | ## AWK 137 | 138 | In AWK, the logic is: pattern { action }. 139 | 140 | ``awk 'NR==1 {print $1}' text.txt`` 141 | Prints out the first field of the first line in text.txt. 142 | 143 | ``awk -F : '/armann/ { print $4 }' /etc/passwd`` 144 | Searches for lines with /armann/ and prints out field number 4. 145 | 146 | ``awk '{gsub("Armann Jakob Palsson", "The Armanator"); print}' text.txt > tmp.txt && mv tmp.txt`` 147 | Changes my name, Armann Jakob Palsson to The Armanator. 148 | 149 | ``ps aux | awk '{print $NF }'`` 150 | Prints out the last field in each line outputted by ps aux. 151 | 152 | ## SED 153 | 154 | Switch out four for FOUR globally in the file "sedfile". 155 | 156 | ``sed -i s/four/FOUR/g sedfile`` 157 | 158 | Shows the fith line in passwd. 159 | 160 | ``sed -n 5p /etc/passwd/`` 161 | 162 | Deletes line 2, 20 and 25 from myfile. 163 | 164 | ``sed -i -e '2d;20,25d' ~/myfile`` 165 | 166 | Change enabled to disabled for lines from 500 to 2000. 167 | 168 | ``sed -i "-e 500,2000 s/enabled/disabled/g" /home/bob/values.conf`` 169 | 170 | Change disabled to enabled globally and ignore the case for disabled with the "i" operator. Will switch out "disabled", "Disabled", and "DISABLED" to "enabled." 171 | 172 | ``sed -i "s/disabled/enabled/gi" /home/bob/values.conf`` 173 | 174 | Replace all occurrence of string #%$2jh//238720//31223 with $2//23872031223 in "/home/bob/data.txt" file. 175 | 176 | ``sed -i 's~#%$2jh//238720//31223~$2//23872031223~g' /home/bob/data.txt`` 177 | 178 | ## Other commands 179 | 180 | ### DIFF 181 | To see the differences between two files. 182 | 183 | ``diff file1 file2`` 184 | 185 | To see context around lines that differ. 186 | 187 | ``diff -c file1 file2`` 188 | 189 | Easiest way is to use a side-by-side comparison of two files. You can use ``diff -y`` or ``sdiff`` both accomplish the same thing. 190 | 191 | ``diff -y file1 file2`` 192 | 193 | ### GREP 194 | 195 | Search a directory for "centos". -i stands for case insensitive. -r is recursive. 196 | 197 | ``grep -ir "centos" /etc/`` 198 | 199 | To match only whole words not parts of words use the -w option. 200 | 201 | ``grep -iw "red" /etc/`` This would not output anything that says "redhat". Only "red" and it also ignores the case because of the -i option. 202 | -------------------------------------------------------------------------------- /LVM.md: -------------------------------------------------------------------------------- 1 | # LVM Management 2 | 3 | ## Add a new disk to LVM without using partitions 4 | 5 | ### Step 1 6 | Let's start by scanning the scsi bus. This should discover any newly added disks without rebooting. 7 | 8 | ``for D in $(ls /sys/class/scsi_host/) ; do echo "- - -" > /sys/class/scsi_host/$D/scan ; done`` 9 | 10 | Then run ``partprobe`` 11 | 12 | If that does not work you can do this. 13 | 14 | ``ls /sys/class/scsi_device/`` 15 | For everything listed do the following, **edit the numbers** to reflect what's listed on your server. 16 | ``echo 1 > /sys/class/scsi_device/0\:0\:0\:0/device/rescan`` 17 | 18 | Then run ``partprobe`` 19 | 20 | ### Step 2 21 | Let's add the disk to the physical volume group. 22 | ``pvcreate /dev/vdb`` 23 | 24 | Make sure to **change vdb** for the disk you want to add. A quick way to **find the name of your new disk** is the command ``lsblk``. Let's check to see that it was successfully added. You use the ``pvs`` command to get a short summary about the disks in your physical volume group. To get more information use ``pvdisplay``. The new disk should be listed. 25 | 26 | ### Step 3 ### 27 | The next step is to add it to a current volume group, or create a new volume group if needed. If you don't know the name of your volume group, use ``vgs`` or ``vgdisplay`` to find it. 28 | 29 | To **expand a current volume group**. 30 | ``vgextend rhel_redhat9 /dev/vdb`` 31 | 32 | rhel_redhat9 is the name of the volume group you want to expand. Remember **to change** both the name of the volume group and the disk to your specifications. Let's verify that the volume group was increased by the size of the disk that was added to the physical volume group. Use ``vgs`` or ``vgdisplay`` to see that the volume group now has some free space that we can add to a logical volume group. 33 | 34 | ### Step 4 ### 35 | The last step is to add that free space to a logical volume group. If you don't know the name of your logical volume group, use ``lvs`` or ``lvdisplay`` to find it. Let's add all the free space to our logical volume group. 36 | 37 | ``lvextend -l +100%FREE /dev/rhel_redhat9/root`` 38 | 39 | Remember that "rhel_redhat9" is your volume group, and "root" is your logical volume group. 40 | Nextwe need to extend the filesystem on the mounted volume group. To see the filesystem type being used issue ``df -Th``. I am running xfs, to use all of the available space. 41 | 42 | ``xfs_growfs /dev/mapper/rhel_redhat9-root`` 43 | 44 | If you are running ext4, you can grow the filesystem with ``resize2fs``. 45 | 46 | Remember that it doesn't matter if you use the mapper path or not, both are symbolic links to the same thing. 47 | 48 | ![LVM-Mapper](pictures/lvm-mapper.png) 49 | 50 | ## Expand a LVM partition 51 | 52 | ### Step 1 ### 53 | Let's use this setup as an example. 54 | We have the "vdc" disk that has four partitions. 55 | Partition 1, 3 and 4 are all using the "opt" volume group, and "lv_opt" logical volume group. 56 | 57 | ![lsblk](pictures/lvm1.png) 58 | 59 | ### Step 2 ### 60 | Let's add 2GB to the 10GB "vdc" disk, and then expand the "vdc4" partition using all that extra space. 61 | 62 | **Let's use fdisk since the disklabel type is dos for the "vdc" disc. If the disklabel type is gpt, use gparted instead of fdisk.** You can see the disklabel type with ``fdisk -l``. 63 | 64 | ### Step 3 ### 65 | 66 | ``fdisk /dev/vdc`` 67 | 68 | Press "p" to print out the partition tables. Let's expand the last primary partition, "vdc4". Let's **check the free unpartitioned space** by pressing "F". If you are using an old version of fdisk, "F" will not be an option. 69 | 70 | Here is the scary part, **we must delete the partition and recreate it** using the new size that we want. As you can see the vdc4 partition is 2G in size. Let's add 2GB to it and make it 4GB. 71 | 72 | In fdisk, press "d" and select the partition you want to delete. 73 | 74 | Let's re-create the partition by pressing "n." Press "enter" and select the default first sector. 75 | 76 | For me it's going to be a primary parition number 4 and I select the default first sector that is proposed. 77 | 78 | The disk was originally 2GB and I want to add 2GB to the disk, I will write +4GB when it prompts me in the next step. If you want to use all of the space, just press "enter". 79 | Last sector, +/-sectors or +/-size{K,M,G,T,P} (12584960-52428799, default 52428799): **+4G** 80 | 81 | It asked me. "Do you want to remove the signature? [Y]es/[N]o:" I pressed N. **Since we are resizing a partition we must certainly want to keep it.** 82 | 83 | Press "w" to write the information to disk. Now vdc4 has 4GB instead of 2GB. 84 | 85 | ### Step 4 ### 86 | 87 | Let's add it to LVM. ``pvresize /dev/vdc4`` Let's verify the free space ``pvs`` 88 | 89 | If you run ``vgs`` you can see that the "ops" volume group now has free space since the vdc4 partition was allocated to the "ops" volume group. 90 | 91 | ### Step 5 ### 92 | 93 | Now we extend the logical volume group "lv_opt". 94 | ``lvextend -l +100%FREE /dev/opt/lv_opt`` 95 | 96 | ### Step 6 ### 97 | 98 | Grow the filesystem. 99 | ``xfs_growfs /dev/mapper/opt-lv_opt`` 100 | 101 | ## Create a volume group and a logical volume group ### 102 | 103 | ### Step 1 ### 104 | 105 | Add the disk or partition to the physical volume group. Change vdc1 for your disk/partition. 106 | ``pvcreate /dev/vdc1`` 107 | 108 | ### Step 2 ### 109 | 110 | Let's create the volume group named "var" using /dev/vdc1. 111 | ``vgcreate var /dev/vdc1`` 112 | 113 | ### Step 3 ### 114 | 115 | Let's create the logical volume group named "lvdata" and use all of the space available from the "var" volume group we just created. 116 | ``lvcreate -l 100%FREE -n lvdata var`` 117 | 118 | ### Step 4 ### 119 | 120 | Now we need to add a filesystem to our logical volume. 121 | ``mkfs.xfs /dev/var/lv_var`` 122 | 123 | ### Step 5 ### 124 | 125 | Mount the filesystem. Change /tmp/var for whatever you are using. 126 | ``mount /dev/var/lv_var /tmp/var/`` 127 | Mount it using /etc/fstab if you want the mount to survive a reboot. In /etc/fstab, this would mount the lv_var in the /tmp/var directory. 128 | 129 | ``/dev/opt/lv_var /tmp/var xfs defaults 0 0`` 130 | 131 | ## GPT Disks 132 | 133 | ### Step 1 134 | 135 | If you need to verify that you are using gpt, ``fdisk -l`` 136 | You should see, "Disk label type: gpt" 137 | If you see Dos, use another method then this one. 138 | 139 | Increase disk size in virtual host. 140 | 141 | Let's start by scanning the scsi bus. This should discover any increased disk size without rebooting. 142 | 143 | ``for D in $(ls /sys/class/scsi_host/) ; do echo "- - -" > /sys/class/scsi_host/$D/scan ; done`` 144 | 145 | Then run ``partprobe`` 146 | 147 | If that does not work you can do this. 148 | 149 | ``ls /sys/class/scsi_device/`` 150 | For everything listed do the following, **edit the numbers** to reflect what's listed on your server. 151 | ``echo 1 > /sys/class/scsi_device/0\:0\:0\:0/device/rescan`` 152 | 153 | Then run ``partprobe`` 154 | 155 | ### Step 2 156 | 157 | ``gdisk -l /dev/vda`` 158 | Change out vda for your disk. 159 | 160 | "Total free space is ..." should list the free space. 161 | 162 | ### Step 3 163 | 164 | ``gdisk /dev/vda`` 165 | 166 | Press "p" to print out your partition table. Take note of Start (sector) and the End (sector) for the partition you want to expand. 167 | 168 | Next, press "i", this will print out your "Partition unique GUID". 169 | You need to use it later so print it out now. 170 | 171 | Next we need to delete the partition. Press "d" and select the partition you want to expand. 172 | 173 | Then press "n" and create a new partition. 174 | 175 | Check to see if the "First sector" matches the "First sector" you saw when you printed out the partition tables. It should by default be fine, press Enter. 176 | 177 | The "Last sector" should be different, a higher number than before. Compare it to the "Last Sector" when you printed out the partition tables. If you want to use all of the free space available just press enter. If you want to increase it by a specific amount type in +2GB or whatever you need. 178 | 179 | Then it asks you about the filesystem type. Something like this: 180 | 181 | Current type is 'Linux filesystem' 182 | Hex code or GUID (L to show codes, Enter = 8300): 183 | 184 | We need to set it to LVM so press "L". 185 | Type in 8e00, you might need to do it twice. 186 | 187 | Press "p" and verify that the partition size has increased. 188 | 189 | Now press "x" to enter the "expert mode". 190 | 191 | Press "c" to set the GUID to the old value. 192 | Copy and paste in the old GUID. 193 | 194 | Next press "w", it will say, "Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING PARTITIONS!!" 195 | 196 | Press "Y". 197 | 198 | ### Step 4 199 | 200 | Run ``partprobe`` 201 | Run ``lsblk`` and you should see the increased size. 202 | /dev/vda3 was increased by 10GiB. 203 | 204 | ![partprobe](pictures/gpt1.png) 205 | 206 | ### Step 5 207 | 208 | Last step is to increase the size in LVM. 209 | 210 | ``pvresize /dev/vda3`` 211 | ``pvs`` To see the "PFree". In my case it was 10GiB. 212 | 213 | ``lvresize -r -l +100%FREE /dev/centos/root`` 214 | Make sure to use the your vg and lv names. 215 | 216 | ``df -Th`` Verify that you lvm has increased by the size you wanted. 217 | 218 | ## Create a VG with a different physical extent 219 | 220 | The default physical extent size is 4MB. If you want a larger physical extent 221 | you must do so when you create the VG. Let's say you want a VG names data and 222 | the physical extent size should be 8MB. 223 | 224 | ``vgcreate -s 8M data /dev/nvem0n1p2`` 225 | 226 | ### Debug 227 | 228 | 1. If you get this error. 229 | Warning: **Not all of the space available to /dev/sda appears to be used**, you can 230 | fix the GPT to use all of the space (an extra 10485760 blocks) or continue with 231 | the current setting? Fix/Ignore? 232 | 2. This is fixed with ``parted -l`` 233 | 2. If you have a machine that has been cloned. You might get this message when you run ``pvs`` **Device files last seen on "device" not found.** 234 | 4. ``rm /etc/lvm/devices/system.devices`` 235 | 5. ``vgimportdevices -a`` 236 | 6. 237 | 238 | 239 | -------------------------------------------------------------------------------- /Containers.md: -------------------------------------------------------------------------------- 1 | # Container management 2 | 3 | First install the container tools. 4 | 5 | ``dnf install container-tools`` 6 | 7 | ## Registries 8 | 9 | After the installation we have "/etc/containers". There we have for example, 10 | "registries.conf". Here we can set the registries it uses for images. The line is: "unqualified-search-registries =". 11 | I recommend adding "quay.io" to the registry list. 12 | 13 | Use ``podman login registry.redhat.io`` to login to Red Hat's registry. 14 | Use ``podman login registry.redhat.io --get-login`` to get your current login credentials. 15 | 16 | Users can have their own "registries.conf" file in "~/.config/containers/registries.conf". 17 | 18 | Search your registries for an image. 19 | ``podman search alpine`` 20 | 21 | Manage and inspect images no matter where they are. 22 | ``skopeo inspect docker://path-to-image`` 23 | 24 | ## Container File 25 | 26 | To automate container builds. What we want in our container image. 27 | 28 | By default you don't have any examples of container files. You can download example 29 | container files with getting the buildah-tests package. 30 | 31 | ``dnf install buildah-tests `` 32 | 33 | After the installation you can find the container files in multiple subdirectories 34 | under "/usr/share/buildah/test/system/bud/". You can also search for them ``find / -name Containerfile`` 35 | 36 | In a container file you need to at least define two things. 37 | 38 | - FROM (From where to pull the image.) 39 | - RUN (How to run the image, with what parameters.) 40 | 41 | ## General Commands 42 | 43 | ``podman info`` 44 | 45 | ### List downloaded images 46 | ``podman images`` 47 | 48 | ### List running containers 49 | ``podman container ps`` 50 | 51 | ### List all containers 52 | ``podman container ps -a`` 53 | ``podman container list –all`` 54 | 55 | ### Get CPU and Memory usage for your containers 56 | ``podman stats`` 57 | 58 | ``podman diff`` 59 | 60 | 61 | ## Working with images 62 | 63 | ### Pull an image 64 | ``podman pull fedora:latest`` 65 | 66 | ### List images 67 | ``podman images`` 68 | You can also do, ``podman image ls`` 69 | 70 | ### Inspect image 71 | ``podman image inspect image-id or image name`` 72 | 73 | ### Remove Image 74 | ``podman image rmi "imageid"`` 75 | 76 | ### Tag image 77 | ``podman image tag nginx:latest nginx:version1`` 78 | 79 | ### Push image 80 | 81 | **First you need to log in to docker.** 82 | 83 | First you need to tag your image with your username for hub.docker.com and then the repo name. 84 | ``podman image tag nginx:latest 1980is/nginx`` 85 | The username for Docker Hub is 1980is, and the repo that's created is nginx. Let's push this image. 86 | ``podman push 1980is/nginx`` 87 | 88 | To understand this better, let's pull a random image first. After that, let's list our images, tag it and upload to Docker. 89 | 90 | 1. ``podman pull alpine`` 91 | 2. ``podman images`` 92 | 3. ``podman tag alpine:latest 1980is/alpine1`` The tag "alpine:latest" is the image we want to use. "1980is/alpine1", the 1980is is my DockerHub username and "alpine1" is the repository I want to use. 93 | 4. ``podman push alpine/alpine1`` This pushes the image into the alpine1 repository with the name latest. 94 | 95 | Let's say you want to use another tag than "latest". 96 | 97 | 1. ``podman tag alpine:latest 1980is/alpine1:broken`` This tags the alpine:latest image as "broken" and uses the alpine1 repository. 98 | 2. ``podman push 1980is/alpine1:broken`` 99 | 100 | ### Image history. 101 | To see the image layers. 102 | ``podman image history nginx`` 103 | 104 | ## Working with containers 105 | 106 | ### Run container 107 | ``podman container run -dit --name fedora-v1 fedora`` 108 | -d stands for detached mode. -i stands for interactive and -t stands for terminal. --name names the instance, you don't have to provide a name, then Docker will create a random name for the container. Fedora without any tags behind it, e.g., fedora:36, will make Docker pull the latest Fedora image, the equivalent of writing fedora:latest. 109 | 110 | ``podman run -d -p 8080:80 --name nginxtest nginx:latest`` 111 | 112 | ``podman container run --name webserv2 -d -p 9002:80 nginx`` 113 | This runs a nginx container named webserv1 in detached mode on port 9002. To check it out run http://localhost:9002/ in your browser. 114 | 115 | Create a container running MariaDB. 116 | 117 | ``podman run --detach --network podman --name some-mariadb --env MARIADB_USER=example-user --env MARIADB_PASSWORD=my_cool_secret --env MARIADB_ROOT_PASSWORD=my-secret-pw mariadb:latest`` 118 | 119 | ### Connect to container 120 | Connect to fedora-v1. 121 | ``podman attach fedora-v1`` 122 | 123 | Connect to MariaDB container named some-mariadb. 124 | ``podman exec -it some-mariadb mariadb -uroot -pmy-secret-pw`` 125 | 126 | ### Detach from container 127 | Press detach key sequence "**ctrl-p, ctrl-q**" 128 | 129 | ### Connect to a running container 130 | ``podman exec -it fedora-v1 bash`` 131 | To disconnect from the container write ``exit``. 132 | 133 | ### Stop container 134 | ``podman container stop fedora-v1`` 135 | 136 | ### Kill container 137 | ``podman container kill fedora-v1`` 138 | When stopping doesn't work, you can kill the container. 139 | 140 | ### Remove Container 141 | ``podman rm "containerid"`` 142 | 143 | This command removes **all** stopped containers. 144 | -a stands for all containers. -q returns only the container id. 145 | ``podman container ps -aq | xargs docker rm`` 146 | 147 | ### Environment variables 148 | 149 | When you need to pass information when you are building the container, you use environment variables. For instance when installing MariaDB. It needs a root password. You can do it this way. 150 | 151 | ``podman run --name mydb -e MYSQL_ROOT_PASSWORD=password quay.io/centos7/mariadb-103-centos7`` 152 | 153 | ## Auto-Start Containers 154 | 155 | ### Explanation 156 | 157 | To automatically start containers in a stand-alone situation, you can create a systemd user unit files for **rootless containers** and manage them with systemctl. 158 | 159 | If Kubernetes or OpenShift is used, containers will be automatically started by default. 160 | 161 | Systemd user services start when a user session is opened, and closed when the user session is stopped. Use ``loginctl enable-linger`` to change that behavior and start user services for a specific user (requires root privileges). 162 | 163 | ``loginctl enable-linger armann`` \ 164 | ``loginctl show-user armann`` At the top it lists "Linger: yes" if it's enabled. \ 165 | ``loginctl disable-linger armann`` 166 | 167 | First we should create this folder structure in the home directory of the user that will 168 | be running the container. 169 | 170 | ``mkdir ~/.config/systemd/user; cd ~/.config/systemd/user`` 171 | 172 | The systemd unit file needs to be generated in the "~/.config/systemd/user" so you must be 173 | in that directory when you run the command. 174 | 175 | ``podman generate systemd --name myweb --files --new`` 176 | 177 | To generate a service file for a **root container**, do it from "/etc/systemd/system/" as the current directory. 178 | 179 | The ``podman generate --new`` option will create a new container when 180 | the systemd unit is started, and delete that container when the unit is stopped. 181 | That's why you should always use the --new option. **Use the --new option on the exam!** 182 | 183 | Edit the file that is generated and change the "WantedBy" line, so it reads "WantedBy=default.target". Otherwise you will run into issues. 184 | 185 | Manage them using: \ 186 | ``systemctl --user daemon-reload`` \ 187 | ``systemct --user enable myapp.service`` (requires linger) \ 188 | ``systemctl --user start myapp.service`` 189 | 190 | **``systemctl --user`` commands only work when logging in on console or SSH and do not work in sudo and su sessions.** 191 | 192 | ### Steps 193 | 194 | 1. Create the user, must have a passwd. 195 | 2. ``useradd rambo; passwd rambo`` 196 | 2. We need to enable linger for the rambo user. 197 | 4. ``loginctl enable-linger rambo`` Verify with ``loginctl show-user username`` 198 | 3. SSH into the server. 199 | 4. ssh ``rambo@localhost`` 200 | 4. Create the directory that Podman will write the systemd unit file to. 201 | Remember you must be in the folder when you run podman generate systemd, hence the cd command. 202 | 6. ``mkdir -p ~/.config/systemd/user; cd ~/.config/systemd/user`` 203 | 5. Let's create and start the container we want systemd to automatically start. 204 | 8. ``podman run -d --name webmaster -p 8089:80 nginx`` 205 | 6. Now we need to generate the systemd unit file. 206 | 10. ``podman generate systemd --name webmaster --files --new`` 207 | 7. This will create the "container-webmaster.service" file. Next we need to 208 | check the file and make sure that wanted by is default.target. "WantedBy=default.target" 209 | 12. ``vim container-webmaster.service `` 210 | 8. Next we need to reload the user daemon. 211 | 9. ``systemctl --user daemon-reload` 212 | 9. Let's enable the service we created. 213 | 10. ``systemctl --user enable container-webmaster.service`` 214 | 11. Let's check the status of the service. It should be enabled but not running. 215 | 12. ``systemctl --user status container-webmaster.service`` 216 | 13. To see if it worked we must reboot the server. Once the reboot is over, check if you 217 | see the nginx process running under user rambo. You can also ``curl localhost:8089`` 218 | 14. ``ps faux | less`` Look for processes under user rambo. 219 | 220 | ## Container Network 221 | 222 | ``podman network list`` 223 | ``podman network inspect`` 224 | ``podman network inspect bridge`` 225 | 226 | ### Port Mapping 227 | 228 | Rootless containers do not have ips. It uses port mappings to communicate with the containers. You expose a specific port on the host that maps to a container. 229 | 230 | Port mappings can be set when starting the container, **you cannot change the port after starting the container**. 231 | 232 | Remember that rootless containers **can only map to a non-privileged port**. Ports higher than 1024. 233 | 234 | 235 | ## Storage 236 | 237 | ### Local persistent volume storage  238 | 239 | In Podman the local volumes are created in the home directory. 240 | ``podman volume create myvol`` 241 | ``podman volume inspect myvol`` 242 | 243 | You can create persistent storage with creating a directory on the container 244 | host and bind-mounting it to the container. Keep in mind that file ownership is important 245 | when bind-mounting directories on the host. 246 | 247 | If a container is started by the root user, UIDs and GIDs on the host match 248 | the UIDs and GIDs on the container. 249 | 250 | For a rootless container, you need to make sure that the UID of the user that 251 | runs the container application is owner of the bind-mounted directory. You can find 252 | out what user is running the container with ``podman inspect imagename`` 253 | 254 | ### NFS 255 | 256 | ``podman volume create --driver local --opt type=nfs --opt o=addr=192.168.122.36,rw --opt device=:/nfsdata nfsvol`` 257 | 258 | Run a container that uses that NFS storage.  259 | ``podman run -it --name voltest2 --rm --mount source=nfsvol,target=/data nginx sh`` 260 | 261 | 262 | ## Rootless Containers - NEEDS WORK 263 | 264 | See "Auto-Start Containers" section above. 265 | 266 | ### Bind Mounting in Rootless Containers 267 | 268 | To bind-mount directories for rootless containers find the UID of the user 269 | that runs the main application with ``podman inspect imagename`` or 270 | ``podman exec containername grep UID /etc/passwd`` if it's already running. 271 | 272 | ``podman unshare chown user:grp directoryname`` to set the container UID as the 273 | owner of the directory on the host that will be mounted in the container. 274 | The directory name **must be in the user home directory** because otherwise 275 | it wouldn't be a part of the user namespace! 276 | 277 | Use ``podman unshare cat /proc/self/uid_map`` to verify mapping. 278 | 279 | Verify the mapped user is the owner on the host using ``ls -ld /directoryname`` 280 | 281 | #### Steps 282 | 283 | ``podman run -d -p 3206:3206 --name armdb -v /home/student/armdb:/var/lib/mysql:Z -e MYSQL_ROOT_PASSWORD=123456 registry.access.redhat.com/rhscl/mariadb-100-rhel7`` 284 | 285 | 1. Run as non-root user 286 | 2. ``podman run -d --name armann-db -e MYSQL_ROOT_PASSWORD=123456`` 287 | 3. ``podman exec armann-db grep mysql /etc/passwd`` Note down the UID and GID. 288 | 4. ``mkdir armann-db`` Must be in the home directory of the user! 289 | 4. ``ls -Z`` To see Selinux label for the directory armann-db. 290 | 5. 291 | 292 | ![rootless containers](pictures/rootless-containers.png) 293 | 294 | ### Namespaces 295 | 296 | Rootless containers are launched in a namespace. Namespaces provide isolation and 297 | it tries to makes sure that everything in the container is contained to that namespace and is secure. 298 | 299 | Namespaces enable access by mapping UIDs between the namespace and the host OS. 300 | 301 | ## SELinux 302 | 303 | As file ownership has been taken care of in the preceding steps in "Rootless Containers", you are now ready to bind mount, taking care of SELinux as well. 304 | 305 | ``podman stop mydb`` 306 | ``podman rm mydb`` 307 | ``podman run -d --name mydb -e MYSQL_ROOT_PASSWORD=password -v /home/student/mydb:/var/lib/mysql:Z quay.io/centos7/mariadb-103-centos7`` 308 | ``ls -Z /home/student`` 309 | 310 | ## Debug 311 | 312 | ### Inspect container 313 | ``podman container inspect fedora-v1`` 314 | See container information. You can use the container name or container id. 315 | `` 316 | ### View container logs 317 | ``podman container logs fedora-v1`` 318 | 319 | ## Notes for myself 320 | 321 | Look into machinectl instead of using ``ssh username@localhost`` 322 | 323 | --------------------------------------------------------------------------------