Preparation Set 2
Q1:Break into serverA and then set the root password to root. Set the target as multi-user and make sure it boots into that automatically. Reboot to confirm.
# Select the Rescue Mode by up down arrows , and press e
# Add the following line at the end of the text 'quiet'
rd.break
# Press ctrl+x
# Follow the commands
switch_root:/# mount -o remount,rw /sysroot
switch_root:/# chroot /sysroot
sh-5.1# passwd
sh-5.1# touch /.autorelabel
sh-5.1# systemctl set-default multi-user
sh-5.1# systemctl get-default
sh-5.1# exit
switch_root:/# rebootQ2 : Configure Hostname and Ip Address on this machine
IP Address : 192.168.208.138
NetMask : 255.255.255.0
Gateway : 192.168.208.2
DNS : 192.168.208.2
[root@serverA ~]# nmcli conn add con-name serverAnet2 ifname ens160 type ethernet ipv4.method manual ipv4.addresses 192.168.208.138/24 ipv4.dns 192.168.208.2 ipv4.gateway 192.168.208.2
Connection 'serverAnet2' (db86b64e-9645-4888-9a40-34d0a6256327) successfully added.
[root@serverA ~]# nmcli conn show
NAME UUID TYPE DEVICE
serverAnet 62012638-3b99-4f06-9501-1387844d33a5 ethernet ens160
lo f1ffff9a-fa27-4b6a-b791-1a5bb234841d loopback lo
serverAnet2 db86b64e-9645-4888-9a40-34d0a6256327 ethernet --
Wired connection 1 4569ab1e-41c7-4a01-bb5b-d02ad68c5d8b ethernet --
[root@serverA ~]# nmcli conn up serverAnet2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@serverA ~]# cat /etc/NetworkManager/system-connections/serverAnet2.nmconnection
[connection]
id=serverAnet2
uuid=db86b64e-9645-4888-9a40-34d0a6256327
type=ethernet
interface-name=ens160
[ethernet]
[ipv4]
address1=192.168.208.138/24,192.168.208.2
dns=192.168.208.2;
method=manual
[ipv6]
addr-gen-mode=default
method=auto
[proxy]Q3: Enable ssh access for root on both servers.
# Configuration file of ssh
[root@serverA ~]# vim /etc/ssh/sshd_config
PermitRootLogin yes
# Restart the sshd service
[root@serverA ~]# systemctl restart sshd
#SERVER A
[root@serverA ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:bZchcrO7nh452I8+I299R0Prtog3KhdrZHO+s+tYJCI root@serverA
The key's randomart image is:
+---[RSA 3072]----+
| |
| |
| . + . |
| + + o . |
| ES.+.o.. .|
| .+.Oo. o.|
| . O.*....|
| ..+@==oo.|
| B%*=BBo.|
+----[SHA256]-----+
[root@serverA ~]# ssh-copy-id root@192.168.208.137
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.208.137's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.208.137'"
and check to make sure that only the key(s) you wanted were added.
[root@serverA ~]# ssh root@192.168.208.137
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Tue Oct 8 14:28:52 2024 from 192.168.208.138Q4: Configure min length of password to be 8
[root@serverA ~]# vim /etc/security/pwquality.conf
[root@serverA ~]# grep minlen /etc/security/pwquality.conf
minlen = 8Q5: Create a script to add new group from a list
[root@serverA scripts]# cat grouplist.txt
dba_admin:5010
dba_managers:5011
dba_staff:5012
dba_intern:5013
it_staff:5014
it_managers:5015
[root@serverA scripts]# cat creategroup.sh
for i in $(cat ./grouplist.txt)
do
groupname=$(echo $i | cut -f 1 -d :)
groupid=$(echo $i | cut -f 2 -d :)
groupadd -g $groupid $groupname
echo "group created : $groupname:$groupid "
doneQ6:Create a script to delete two last groups from /etc/group
[root@serverA scripts]# cat groupdel.sh
for i in $(tail -2 /etc/group)
do
groupname=$(echo $i | cut -f 1 -d :)
groupdel $groupname
echo "Deleted $groupname"
doneQ7: Secure copy all the script files to server B
[root@serverA ~]# scp scripts/* root@192.168.208.137:/root/
creategroup.sh 100% 195 424.6KB/s 00:00
groupdel.sh 100% 127 394.3KB/s 00:00
grouplist.txt 100% 95 242.4KB/s 00:00
script1.sh 100% 189 486.0KB/s 00:00
script2.sh 100% 144 437.8KB/s 00:00
student.sh 100% 228 786.9KB/s 00:00
userlist.txt 100% 166 519.0KB/s 00:00
[root@serverB ~]# ls
creategroup.sh groupdel.sh grouplist.txt script1.sh script2.sh student.sh userlist.txtQ8: Change password for nancy mike harry natasha user1 using script
[root@serverA scripts]# cat changepassword.sh
num=0
for i in nancy mike harry natasha user1
do
echo $i
echo "redhat" | passwd --stdin $i
doneQ9: Define Command Alias
# Temporary alias to view last ten log messages
[root@serverA log]# alias logive='tail -10 /var/log/messages'
[root@serverA log]# logive
Oct 9 13:49:00 serverA chronyd[942]: System clock wrong by 1.454455 seconds
Oct 9 13:49:42 serverA systemd[1]: Starting PackageKit Daemon...
Oct 9 13:49:42 serverA systemd[1]: Started PackageKit Daemon.
Oct 9 13:50:05 serverA chronyd[942]: System clock wrong by 1.291550 seconds
Oct 9 13:51:10 serverA chronyd[942]: System clock wrong by 1.703638 seconds
Oct 9 13:52:14 serverA chronyd[942]: System clock wrong by 1.964906 seconds
Oct 9 13:53:19 serverA chronyd[942]: System clock wrong by 1.901705 seconds
Oct 9 13:54:24 serverA chronyd[942]: System clock wrong by 1.837731 seconds
Oct 9 13:55:29 serverA chronyd[942]: System clock wrong by 1.761417 seconds
Oct 9 13:56:34 serverA chronyd[942]: System clock wrong by 1.209373 seconds
# Permanent alias to clear screen using safagara
[root@serverA ~]# vim .bashrc
[root@serverA ~]# tail -1 .bashrc
alias safagara='clear'
[root@serverA ~]# source .bashrc
[root@serverA ~]# safagaraQ10: On server1 create a tar w/gzip archive of /etc called etc_archive.tar.gz in the /archives directory.
[root@serverA archives]# tar -zcvf /archives/etc_archive.tar.gz /etcQ11: On server1 create a star w/bzip2 archive of /usr/share/doc called doc_archive.tar.bz2 in the /archives directory.
[root@serverA archives]# tar -jcvf /archives/doc_archive.tar.bz2 /usr/share/docQ12: On server1 create a folder called /links, and under links create a file called file01. Create a soft link called file02 pointing to file01, and a hard link called file03 pointing to file01. Check your work.
[root@serverA links]# vim file01
[root@serverA links]# ln -s file01 file02
[root@serverA links]# ln file01 file03
[root@serverA links]# ls -lai
total 12
270703 drwxr-xr-x. 2 root root 48 Oct 9 14:59 .
128 dr-xr-xr-x. 22 root root 4096 Oct 9 14:53 ..
320748 -rw-r--r--. 2 root root 15 Oct 9 14:59 file01
320749 lrwxrwxrwx. 1 root root 6 Oct 9 14:59 file02 -> file01
320748 -rw-r--r--. 2 root root 15 Oct 9 14:59 file03Q13: Find all setuid files on server1 and save the list to /root/suid.txt.
[root@serverA /]# find / -type f -perm -u+s >/root/suid.txt
find: ‘/proc/6193/task/6193/fdinfo/5’: No such file or directory
find: ‘/proc/6193/fdinfo/6’: No such file or directory
[root@serverA /]# cat /root/suid.txt
/usr/bin/chage
/usr/bin/gpasswd
/usr/bin/newgrp
/usr/bin/fusermount3
/usr/bin/mount
/usr/bin/umount
/usr/bin/fusermount
/usr/bin/pkexec
/usr/bin/su
/usr/bin/crontab
/usr/bin/sudo
/usr/bin/chfn
/usr/bin/vmware-user-suid-wrapper
/usr/bin/passwd
/usr/bin/chsh
/usr/bin/at
/usr/sbin/pam_timestamp_check
/usr/sbin/unix_chkpwd
/usr/sbin/grub2-set-bootflag
/usr/sbin/userhelper
/usr/sbin/mount.nfs
/usr/lib/polkit-1/polkit-agent-helper-1
/usr/libexec/sssd/krb5_child
/usr/libexec/sssd/ldap_child
/usr/libexec/sssd/proxy_child
/usr/libexec/sssd/selinux_child
/usr/libexec/dbus-1/dbus-daemon-launch-helper
/usr/libexec/Xorg.wrap
/usr/libexec/cockpit-sessionQ14: Find all files larger than 3MB in the /etc directory on server1 and copy them to /largrfiles.
[root@serverA /]# find /etc -type f -size +3M -exec cp -rf {} /largrfiles/ \;
[root@serverA /]# ls
afs bin dev exams home lib loans mnt proc root sbin sys usr
autorelabel boot etc found largrfiles lib64 media opt remote run srv tmp var
[root@serverA largrfiles]# ls -lh
total 16M
-r--r--r--. 1 root root 13M Oct 9 15:07 hwdb.bin
-rw-r--r--. 1 root root 3.5M Oct 9 15:07 policy.33Q15: Persistently mount /export/dba_files from the server 192.168.55.47 under /mnt/dba_files.
[root@serverA mnt]# showmount -e 192.168.208.137
Export list for 192.168.208.137:
/export/dba_files 192.168.208.138
[root@serverA mnt]# vim /etc/fstab
[root@serverA mnt]# tail -1 /etc/fstab
192.168.208.137:/export/dba_files /mnt/dba_files nfs defaults 0 0
[root@serverA mnt]# systemctl daemon-reload
[root@serverA mnt]# mount -a
[root@serverA mnt]# ls
dba_files hgfs wshareQ16: Create a job using at to write "This task was easy!" to /exams/at_job.txt in 10 minutes.
[root@serverA exams]# rpm -q at
at-3.1.23-11.el9.aarch64
[root@serverA exams]# systemctl status atd
[root@serverA exams]# at now + 10 minutes
warning: commands will be executed using /bin/sh
at> echo "This task was easy!" >/exams/at_job.tx
at> <EOT>
job 1 at Wed Oct 9 16:37:00 2024Q17: Create a job using cron to write "Wow! I'm going to pass this test!" every Tuesday at 3pm to /var/log/messages.
[root@serverA ~]# rpm -q cronie
cronie-1.5.7-11.el9.aarch64
[root@serverA ~]# systemctl status crond.service
[root@serverA ~]# crontab -e
[root@serverA ~]# crontab -l
00 15 * * 2 echo "Wow! I'm going to pass this test!">>/var/log/messagesQ18: Write a script named awesome.sh in the root directory on server1.
- a) If “me” is given as an argument, then the script should output “Yes, I’m awesome.”
- b) If “them” is given as an argument, then the script should output “Okay, they are awesome.”
- c) If the argument is empty or anything else is given, the script should output “Usage ./awesome.sh me|them”
[root@serverA ~]# touch awesome.sh
[root@serverA ~]# chmod u+x awesome.sh
[root@serverA ~]# ls -lh awesome.sh
-rwxr--r--. 1 root root 0 Oct 9 16:41 awesome.sh
[root@serverA ~]# cat awesome.sh
if [ $1 == "me" ]
then
echo " Yes, I’m awesome."
elif [ $1 == "you" ]
then
echo "Okay, they are awesome."
else
echo "Usage ./awesome.sh me|them"
fi
[root@serverA ~]# vim awesome.sh
[root@serverA ~]# ./awesome.sh me
Yes, I’m awesome.
[root@serverA ~]# ./awesome.sh you
“Okay, they are awesome.”
[root@serverA ~]# ./awesome.sh they
Usage ./awesome.sh me|themPut SELinux on server2 in permissive mode.
# Temporary
[root@serverA ~]# setenforce 0
[root@serverA ~]# getenforce
Permissive
# Permanent
[root@serverA ~]# vim /etc/selinux/config
SELINIUX=permissiveModify the bootloader with the following parameters:
- Increase the timeout using GRUB_TIMEOUT=10
- Add the following line: GRUB_TIMEOUT_STYLE=hidden
- Add quiet to the end of the GRUB_CMDLINE_LINUX line
- Set grub password
[root@serverA default]# pwd
/etc/default
[root@serverA default]# ls
grub useradd
[root@serverA default]# vim grub
GRUB_TIMEOUT=10
GRUB_TIMEOUT_STYLE=hidden
GRUB_CMDLINE_LINUX
[root@serverA default]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Adding boot menu entry for UEFI Firmware Settings ...
done
[root@serverA grub2]# grub2-setpassword
Enter password:
Confirm password:
# user.cfg file is generated
[root@serverA grub2]# ls
fonts grub.cfg grubenv user.cfg
[root@serverA grub2]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Adding boot menu entry for UEFI Firmware Settings ...
doneQ19: Configure NTP synchronization on serverA. Point them to us.pool.ntp.org.
[root@serverA ~]# rpm -q chrony
chrony-4.6-1.el9.aarch64
[root@serverA ~]# systemctl status chrony
[root@serverA ~]# vim /etc/chrony.conf
server us.pool.ntp.org iburst
[root@serverA ~]# systemctl restart chronyd
[root@serverA ~]# timedatectl set-ntp true
[root@serverA ~]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 5-243-119-74.ritternet.c> 0 7 0 - +0ns[ +0ns] +/- 0nsQ20: On serverB, create a new 2GiB volume group on /dev/nvme0n2 named "platforms_vg".
# Creating PV
[root@serverB ~]# pvcreate /dev/nvme0n2
Physical volume "/dev/nvme0n2" successfully created.
[root@serverB ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/nvme0n1p3 cs lvm2 a-- 18.41g 0
/dev/nvme0n2 lvm2 --- 5.00g 5.00g
[root@serverB ~]# pvdisplay /dev/nvme0n2
"/dev/nvme0n2" is a new physical volume of "5.00 GiB"
--- NEW Physical volume ---
PV Name /dev/nvme0n2
VG Name
PV Size 5.00 GiB
Allocatable NO
PE Size 0
Total PE 0
Free PE 0
Allocated PE 0
PV UUID w2w0QG-KmiP-PFLH-i7ug-lFhE-GT03-pGWMMV
# Creating VG
[root@serverB ~]# vgcreate platforms_vg /dev/nvme0n2
Volume group "platforms_vg" successfully created
[root@serverB ~]# vgs
VG #PV #LV #SN Attr VSize VFree
cs 1 2 0 wz--n- 18.41g 0
platforms_vg 1 0 0 wz--n- <5.00g <5.00g
[root@serverB ~]# vgdisplay platforms_vg
--- Volume group ---
VG Name platforms_vg
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size <5.00 GiB
PE Size 4.00 MiB
Total PE 1279
Alloc PE / Size 0 / 0
Free PE / Size 1279 / <5.00 GiB
VG UUID h5BI36-oqCW-GysU-F6BW-iWGG-EY1k-sf2a74Q21: Under the "platforms_vg" volume group, create a 500MiB logical volume name "platforms_lv" and format it as ext4.
[root@serverB ~]# lvcreate -L 500M --name platforms_lv /dev/platforms_vg
Logical volume "platforms_lv" created.
[root@serverB ~]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root cs -wi-ao---- 16.41g
swap cs -wi-ao---- 2.00g
platforms_lv platforms_vg -wi-a----- 500.00m
[root@serverB ~]# mkfs -t ext4 /dev/platforms_vg/platforms_lv
mke2fs 1.46.5 (30-Dec-2021)
Creating filesystem with 512000 1k blocks and 128016 inodes
Filesystem UUID: 7b622c82-cbdb-42c6-b96b-78b036b3bc1b
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409
Allocating group tables: done
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
[root@serverB ~]# blkid /dev/platforms_vg/platforms_lv
/dev/platforms_vg/platforms_lv: UUID="7b622c82-cbdb-42c6-b96b-78b036b3bc1b" TYPE="ext4"
[root@serverB ~]# lvdisplay /dev/platforms_vg/platforms_lv
--- Logical volume ---
LV Path /dev/platforms_vg/platforms_lv
LV Name platforms_lv
VG Name platforms_vg
LV UUID 32KpXC-96VG-zjPX-Mu0n-vIOj-8l98-0neu8g
LV Write Access read/write
LV Creation host, time serverB, 2024-10-10 06:25:00 +0545
LV Status available
# open 0
LV Size 500.00 MiB
Current LE 125
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:2Q22: Mount it persistently under /mnt/platforms_lv.
[root@serverB ~]# vim /etc/fstab
/dev/platforms_vg/platforms_lv /mnt/platforms_lv ext4 defaults 0 0
[root@serverB ~]# systemctl daemon-reload
[root@serverB ~]# mount -a
[root@serverB ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n2 259:4 0 5G 0 disk
└─platforms_vg-platforms_lv 253:2 0 500M 0 lvm /mnt/platforms_lvQ23: Extend the "platforms_lv" volume and partition by 500MiB.
[root@serverB ~]# lvextend -L +500M /dev/platforms_vg/platforms_lv
Size of logical volume platforms_vg/platforms_lv changed from 500.00 MiB (125 extents) to 1000.00 MiB (250 extents).
Logical volume platforms_vg/platforms_lv successfully resized.
[root@serverB ~]# resize2fs /dev/platforms_vg/platforms_lvQ24: On serverB, create a 500MiB swap partition on /dev/nvme0n3 and mount it persistently.
# Create a new partition
[root@serverB ~]# gdisk /dev/nvme0n3
Command (? for help): n
Partition number (1-128, default 1):
First sector (34-4194270, default = 2048) or {+-}size{KMGTP}:
Last sector (2048-4194270, default = 4194270) or {+-}size{KMGTP}: +500M
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300): 8200
Changed type of partition to 'Linux swap'
Command (? for help): p
Number Start (sector) End (sector) Size Code Name
1 2048 1026047 500.0 MiB 8200 Linux swap
Command (? for help): w
Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/nvme0n3.
The operation has completed successfully.
[root@serverB ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
...
nvme0n3 259:5 0 2G 0 disk
└─nvme0n3p1 259:7 0 500M 0 part
[root@serverB ~]# mkswap /dev/nvme0n3p1
Setting up swapspace version 1, size = 500 MiB (524283904 bytes)
no label, UUID=a11734f4-084d-4260-8880-477c5fb68967
[root@serverB ~]# vim /etc/fstab
/dev/nvme0n3p1 swap swap defaults 0 0
[root@serverB ~]# systemctl daemon-reload
[root@serverB ~]# swapon -a
[root@serverB ~]# swapon /dev/nvme0n3p1
[root@serverB ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
...
nvme0n3 259:5 0 2G 0 disk
└─nvme0n3p1 259:7 0 500M 0 part [SWAP]
[root@serverB ~]# free -h
total used free shared buff/cache available
Mem: 3.5Gi 1.9Gi 696Mi 30Mi 1.1Gi 1.6Gi
Swap: 2.5Gi 0.0Ki 2.5GiQ25: On serverB, using the remaining space on /dev/nvme0n3, create a volume group with the name networks_vg.
[root@serverB ~]# gdisk /dev/nvme0n3
Command (? for help): p
Number Start (sector) End (sector) Size Code Name
1 2048 1026047 500.0 MiB 8200 Linux swap
Command (? for help): n
Partition number (2-128, default 2):
First sector (34-4194270, default = 1026048) or {+-}size{KMGTP}:
Last sector (1026048-4194270, default = 4194270) or {+-}size{KMGTP}:
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300): 8e00
Changed type of partition to 'Linux LVM'
Command (? for help): p
Number Start (sector) End (sector) Size Code Name
1 2048 1026047 500.0 MiB 8200 Linux swap
2 1026048 4194270 1.5 GiB 8E00 Linux LVM
Command (? for help): w
Do you want to proceed? (Y/N): y
The operation has completed successfully.
[root@serverB ~]# partprobe /dev/nvme0n3
[root@serverB /]# vgcreate -s 8M network_vg /dev/nvme0n3p2
Volume group "network_vg" successfully created
[root@serverB /]# vgs
VG #PV #LV #SN Attr VSize VFree
cs 1 2 0 wz--n- 18.41g 0
network_vg 1 0 0 wz--n- <1.51g <1.51g
platforms_vg 1 1 0 wz--n- <5.00g <4.02g
[root@serverB /]# vgdisplay network_vg
--- Volume group ---
VG Name network_vg
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size <1.51 GiB
PE Size 8.00 MiB
Total PE 193
Alloc PE / Size 0 / 0
Free PE / Size 193 / <1.51 GiB
VG UUID DtodYM-SUu8-P1VA-JzQg-KXwx-r0zp-FnlkkaQ26: Under the "networks_vg" volume group, create a logical volume with the name networks_lv. Ensure it uses 8 MiB extents. Configure the volume to use 75 extents. Format it with the vfat file system and ensure it mounts persistently on /mnt/networks_lv.
[root@serverB /]# lvcreate -l 75 --name network_lv /dev/network_vg
Logical volume "network_lv" created.
[root@serverB /]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root cs -wi-ao---- 16.41g
swap cs -wi-ao---- 2.00g
network_lv network_vg -wi-a----- 600.00m
platforms_lv platforms_vg -wi-ao---- 1000.00m
[root@serverB /]# lvdisplay /dev/network_vg/network_lv
--- Logical volume ---
LV Path /dev/network_vg/network_lv
LV Name network_lv
VG Name network_vg
LV UUID dYeE1B-b1qx-dZ6M-BUfH-ZREx-MppZ-DWZoUw
LV Write Access read/write
LV Creation host, time serverB, 2024-10-10 07:05:55 +0545
LV Status available
# open 0
LV Size 600.00 MiB
Current LE 75
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:3
[root@serverB /]# mkfs -t vfat /dev/network_vg/network_lv
mkfs.fat 4.2 (2021-01-31)
[root@serverB /]# blkid /dev/network_vg/network_lv
/dev/network_vg/network_lv: UUID="C393-F585" TYPE="vfat"
[root@serverB ~]# vim /etc/fstab
[root@serverB ~]# tail -1 /etc/fstab
/dev/network_vg/network_lv /mnt/network_lv vfat defaults 0 0
[root@serverB ~]# systemctl daemon-reload
[root@serverB ~]# mount -a
[root@serverB ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
...
└─nvme0n3p2 259:7 0 1.5G 0 part
└─network_vg-network_lv 253:3 0 600M 0 lvm /mnt/network_lvQ27: On server2, create a 5TB thin-provisioned volume on /dev/nvme0n4 called "thin_vol" backed by a pool called "thin_pool" on a 4.5GB volume group called "thin_vg". Format it as xfs and mount it persistently under /mnt/thin_vol.
Thin LV (thin_vol) on a thin pool (thin_pool)
- pv
- vg
- lv - thin pool - lvcreate --type thin-pool -L|--size Size[m|UNIT] VG / lvcreate --type thin-pool -L 4.5G --name thin_pool /dev/thin_vg
- lv - thin lv - lvcreate -V|--virtualsize Size[m|UNIT] --thinpool LV VG / lvcreate -V 5T --thinpool thin_pool /dev/thin_vg
# Step 1 : Create PV thin_vg 4.5GB
[root@serverA ~]# pvcreate /dev/nvme0n4
WARNING: adding device /dev/nvme0n4 with idname eui.c01979bdec673bd0000c296e16438846 which is already used for missing device.
Physical volume "/dev/nvme0n4" successfully created.
[root@serverA ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/nvme0n1p3 cs lvm2 a-- 18.41g 0
/dev/nvme0n3 wgroup lvm2 a-- 5.99g 3.99g
/dev/nvme0n4 lvm2 --- 5.00g 5.00g
# Step 2: Create VG
[root@serverA ~]# vgcreate thin_vg /dev/nvme0n4
WARNING: adding device /dev/nvme0n4 with idname eui.c01979bdec673bd0000c296e16438846 which is already used for missing device.
Volume group "thin_vg" successfully created
[root@serverA ~]# vgs
VG #PV #LV #SN Attr VSize VFree
cs 1 2 0 wz--n- 18.41g 0
thin_vg 1 0 0 wz--n- <5.00g <5.00g
wgroup 1 1 0 wz--n- 5.99g 3.99g
# Step 3 : Create a thin pool - lvcreate --type thin-pool -L|--size Size[m|UNIT] VG
[root@serverA ~]# lvcreate --type thin-pool -L 4.5G --name thin_pool thin_vg
Thin pool volume with chunk size 64.00 KiB can address at most <15.88 TiB of data.
Logical volume "thin_pool" created.
[root@serverA ~]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root cs -wi-ao---- 16.41g
swap cs -wi-ao---- 2.00g
thin_pool thin_vg twi-a-tz-- 4.50g 0.00 10.60
wshare wgroup -wi-ao---- 2.00g
# Step 4: Create a thin LV in a thin pool - lvcreate -V|--virtualsize Size[m|UNIT] --thinpool LV VG
[root@serverA ~]# lvcreate -V 5T --name thin_vol --thinpool thin_pool thin_vg
WARNING: Sum of all thin volume sizes (5.00 TiB) exceeds the size of thin pool thin_vg/thin_pool and the size of whole volume group (<5.00 GiB).
WARNING: You have not turned on protection against thin pools running out of space.
WARNING: Set activation/thin_pool_autoextend_threshold below 100 to trigger automatic extension of thin pools before they get full.
Logical volume "thin_vol" created.
[root@serverA ~]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root cs -wi-ao---- 16.41g
swap cs -wi-ao---- 2.00g
thin_pool thin_vg twi-aotz-- 4.50g 0.00 10.64
thin_vol thin_vg Vwi-a-tz-- 5.00t thin_pool 0.00
wshare wgroup -wi-ao---- 2.00g
[root@serverA ~]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
root cs -wi-ao---- 16.41g
swap cs -wi-ao---- 2.00g
thin_lv thin_vg Vwi-a-tz-- 5.00t thin_pool 0.00
thin_pool thin_vg twi-aotz-- 4.50g 0.00 10.64
wshare wgroup -wi-ao---- 2.00g
# File system
[root@serverA ~]# mkfs -t xfs /dev/thin_vg/thin_vol
meta-data=/dev/thin_vg/thin_vol isize=512 agcount=32, agsize=41943040 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=1 inobtcount=1 nrext64=0
data = bsize=4096 blocks=1342177280, imaxpct=5
= sunit=16 swidth=16 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=521728, version=2
= sectsz=512 sunit=16 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Discarding blocks...Done.
[root@serverA ~]# blkid /dev/thin_vg/thin_vol
/dev/thin_vg/thin_vol: UUID="468b9972-817f-41ae-8136-27ee87cbb614" TYPE="xfs"
# Mounting
[root@serverA ~]# vim /etc/fstab
/dev/thin_vg/thin_vol /mnt/thin_vol xfs defaults 0 0
[root@serverA ~]# systemctl daemon-reload
[root@serverA ~]# mount -a
[root@serverA ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
...
nvme0n4 259:7 0 5G 0 disk
├─thin_vg-thin_pool_tmeta 253:3 0 8M 0 lvm
│ └─thin_vg-thin_pool-tpool 253:5 0 4.5G 0 lvm
│ ├─thin_vg-thin_pool 253:6 0 4.5G 1 lvm
│ └─thin_vg-thin_vol 253:7 0 5T 0 lvm /mnt/thin_vol
└─thin_vg-thin_pool_tdata 253:4 0 4.5G 0 lvm
└─thin_vg-thin_pool-tpool 253:5 0 4.5G 0 lvm
├─thin_vg-thin_pool 253:6 0 4.5G 1 lvm
└─thin_vg-thin_vol 253:7 0 5T 0 lvm /mnt/thin_volQ28: On serverA, set a merged tuned profile using the the powersave and virtual-guest profiles.
[root@serverA ~]# rpm -q tuned
tuned-2.24.0-1.el9.noarch
[root@serverA ~]# systemctl start tuned.service
[root@serverA ~]# systemctl status tuned.service
[root@serverA ~]# tuned-adm profile powersave virtual-guest
[root@serverA ~]# tuned-adm active
Current active profile: powersave virtual-guestQ29: On serverA, as the user cindy, create a container image from docker.io/library/httpd with the tag web_image.
[root@serverA ~]# rpm -q container-tools
container-tools-1-14.el9.noarch
[root@serverA ~]# loginctl enable-linger cindy
[root@serverA ~]# hostname -I
192.168.208.138
[root@serverA ~]# ssh cindy@192.168.208.138
The authenticity of host '192.168.208.138 (192.168.208.138)' can't be established.
ED25519 key fingerprint is SHA256:HOPA4UyrPYpCEWcP4vMfeocqZn9r5fEBYgg9+lXNyeY.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:1: 192.168.208.137
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.208.138' (ED25519) to the list of known hosts.
cindy@192.168.208.138's password:
# Configure registries.conf if not present
[cindy@serverA containers]$ pwd
/home/cindy/.config/containers
[cindy@serverA containers]$ cat registries.conf
unqualified-search-registries =["docker.io","quay.io"]
[[registry]]
insecure = true
blocked = false
location = "docker.io"
[cindy@serverA ~]$ vim Containerfile
[cindy@serverA ~]$ cat Containerfile
FROM docker.io/library/httpd
[cindy@serverA ~]$ podman build -t web_image .
STEP 1/1: FROM docker.io/library/httpd
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob 0ffcdbb5bd41 done |
Copying blob 14c9d9d19932 done |
Copying blob 4f4fb700ef54 done |
Copying blob f5db40045454 done |
Copying blob ac0ad684e55d done |
Copying blob b59792d2b7f1 done |
Copying config a3e79aafef done |
Writing manifest to image destination
COMMIT web_image
--> a3e79aafef7f
Successfully tagged localhost/web_image:latest
Successfully tagged docker.io/library/httpd:latest
a3e79aafef7f07a3a11d94f546220d8189719a5143d4bbda9568e48ffbac4a9d
[cindy@serverA ~]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web_image latest a3e79aafef7f 2 months ago 182 MB
docker.io/library/httpd latest a3e79aafef7f 2 months ago 182 MB
Q30: From the newly created image, deploy a container as a service with the container name cindy_web.The web config files should map to ~/web_files, and the local port of 8000 should be mapped to the container's port 80. Create a default page that says "Welcome to Cindy's Web Server!". The service should be enabled and the website should be accessible.
# Add port in http.conf from root
[root@serverA ~]# vim /etc/httpd/conf/httpd.conf
Listen 8000
# Tell Selinux
[root@serverA ~]# semanage port -a -t http_port_t -p tcp 8000
[root@serverA ~]# semanage port -l | grep 8000
http_port_t tcp 8000, 82, 7788, 5566, 80, 81, 443, 488, 8008, 8009, 8443, 9000
soundd_port_t tcp 8000, 9433, 16001
# Run the container in port 8000 / tell selinux about port / make volume ~/web_files
[cindy@serverA ~]$ podman run -d --name cindy_web -v /home/cindy/web_files:/usr/local/apache2/htdocs/:Z -p 8000:80 localhost/web_image:latest
dae967e62ceb5131a5a78e27edbccf17b92a4391534feb7a3c4e00f70a258f9d
[cindy@serverA ~]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dae967e62ceb localhost/web_image:latest httpd-foreground 3 seconds ago Up 4 seconds 0.0.0.0:8000->80/tcp, 80/tcp cindy_web
[cindy@serverA ~]$ curl localhost:8000
<h1>Welcome to Cindys Web Server!</h1>
# Run container as a service
[cindy@serverA user]$ pwd
/home/cindy/.config/systemd/user
[cindy@serverA user]$ ls
container-cindy_web.service
[cindy@serverA user]$ podman stop cindy_web
[cindy@serverA user]$ systemctl --user stop container-cindy_web.service
[cindy@serverA user]$ systemctl --user start container-cindy_web.service
[cindy@serverA user]$ systemctl --user status container-cindy_web.service