Preparation Set 5
Stratis
[root@serverX ~]# rpm -q stratisd
stratisd-3.6.7-1.el9.aarch64
[root@serverX ~]# rpm -q stratis-cli
stratis-cli-3.6.0-1.el9.noarch
[root@serverX ~]# systemctl start stratisd
[root@serverX ~]# systemctl start start
[root@serverX ~]# systemctl start enable
# Create Pool
[root@serverX ~]# stratis pool create --help | less
[root@serverX ~]# stratis pool create loanpool /dev/nvme0n6
[root@serverX ~]# stratis pool list
Name Total / Used / Free Properties UUID Alerts
loanpool 2 GiB / 524 MiB / 1.49 GiB ~Ca,~Cr, Op 4a9b1088-229c-4af9-98b5-f6b7585ae3bb WS001
# Add Partition to existing pool / Increase space in a pool
[root@serverX ~]# stratis pool add-data loanpool /dev/nvme0n5p2
[root@serverX ~]# stratis pool list
Name Total / Used / Free Properties UUID Alerts
loanpool 4 GiB / 530 MiB / 3.48 GiB ~Ca,~Cr, Op 4a9b1088-229c-4af9-98b5-f6b7585ae3bb
# Creating file system
[root@serverX ~]# stratis fs create loanpool eduloanfs
[root@serverX ~]# stratis fs create loanpool homeloanfs
[root@serverX ~]# stratis fs list
Pool Filesystem Total / Used / Free / Limit Created Device UUID
loanpool eduloanfs 1 TiB / 546 MiB / 1023.47 GiB / None Oct 13 2024 10:15 /dev/stratis/loanpool/eduloanfs 116c4377-f431-4dd0-95bb-4fc7ff2fd086
loanpool homeloanfs 1 TiB / 546 MiB / 1023.47 GiB / None Oct 13 2024 10:15 /dev/stratis/loanpool/homeloanfs bb3be8ae-0cac-433c-8cce-5b636bb539d3
# Mounting
[root@serverX ~]# vim /etc/fstab
/dev/stratis/loanpool/homeloanfs /root/homeloan xfs defaults,x-systemd.requires=stratisd.service 0 0
/dev/stratis/loanpool/eduloanfs /root/eduloan xfs defaults,x-systemd.requires=stratisd.service 0 0
[root@serverX ~]# systemctl daemon-reload
[root@serverX ~]# mount -a Configure users skel with a welcome file and Documents dir for new users. And add a logged message when logged in.
[root@serverA skel]# pwd
/etc/skel
[root@serverA skel]# ls
Documents welcome
[root@serverA skel]# cat welcome
Hello ! Welcome to the linux server.
[root@serverA ~]# useradd sanjeeb
[root@serverA ~]# passwd sanjeeb
[root@serverA sanjeeb]# vim .bashrc
[root@serverA sanjeeb]# tail -1 .bashrc
echo "Logged in to Sanjeeb !"
[root@serverA ~]# su - sanjeeb
Logged in to Sanjeeb !
[sanjeeb@serverA ~]$ ls
Documents welcomeChange passwd expiration days to 10 with and warning 3 days before
[root@serverA ~]# chage -M 10 -W 3 sanjeeb
[root@serverA ~]# chage -l sanjeeb
Last password change : Oct 13, 2024
Password expires : Oct 23, 2024
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 10
Number of days of warning before password expires : 3SSH Access to root
# Method 1
[root@serverA ~]# vim /etc/ssh/sshd_config
PermitRootLogin yes
[root@serverA ~]# systemctl restart sshd
# Method 2
# Login to another user and switch account
sanjeeb@Sanjeebs-MacBook-Pro ~ % ssh sanjeeb@192.168.208.136
sanjeeb@192.168.208.136's password:
Last login: Sun Oct 13 17:00:48 2024
Logged in to Sanjeeb !
[sanjeeb@serverA ~]$ su - root
Password:
Last login: Sun Oct 13 17:07:49 +0545 2024 from 192.168.208.1 on pts/1
Last failed login: Sun Oct 13 17:08:00 +0545 2024 from 192.168.208.1 on ssh:notty
There was 1 failed login attempt since the last successful login.Create 4 users, anna, john, student1 and Robert. anna and john are member of students group, config all users with passwd “toor”
[root@serverA ~]# groupadd students
[root@serverA ~]# tail -1 /etc/group
students:x:1001:
[root@serverA ~]# echo "toor" | passwd --stdin anna
Changing password for user anna.
passwd: all authentication tokens updated successfully.
[root@serverA ~]# echo "toor" | passwd --stdin john
Changing password for user john.
passwd: all authentication tokens updated successfully.
[root@serverA ~]# echo "toor" | passwd --stdin student1
Changing password for user student1.
passwd: all authentication tokens updated successfully.
[root@serverA ~]# echo "toor" | passwd --stdin Robert
Changing password for user Robert.
passwd: all authentication tokens updated successfully.
[root@serverA ~]# usermod -G students anna
[root@serverA ~]# usermod -G students john
[root@serverA ~]# groups anna
anna : anna students
[root@serverA ~]# groups john
john : john students
[root@serverA ~]# cat /etc/passwd | grep -E 'anna|john'
anna:x:1001:1002::/home/anna:/bin/bash
john:x:1002:1003::/home/john:/bin/bash
Robert is part of group Admins, this group can execute any sudo tasks with no passwd
[root@serverA ~]# groupadd Admins
[root@serverA ~]# usermod -G Admins Robert
[root@serverA ~]# groups Robert
Robert : Robert Admins
[root@serverA ~]# visudo
%Admins ALL=(ALL) NOPASSWD: ALL
# Now checking Permission
[Robert@serverA /]$ sudo cd /root
[Robert@serverA /]$ ls
afs bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr varUser student1 can execute any sudo task with no passwd
[root@serverA ~]# visudo
student1 ALL=(ALL) NOPASSWD: ALL
# Check permission with sudo
[student1@serverA ~]$ sudo useradd user1Create user named guest, this user have no interactive shell
[root@serverA ~]# useradd guest -s /sbin/nologin
[root@serverA ~]# cat /etc/passwd | grep -E 'guest'
guest:x:1005:1007::/home/guest:/sbin/nologinConfigure network
- ip add: 192.168.74.92/24
- secondary ip add: 192.168.74.93/24
- gateway: 192.168.74.2
- DNS: 192.168.74.2
- Hostname: local.lab.com
- Configure NTP service, Synchronize the server time, NTP server: time.google.com, set timezone Asia/Shanghai
[root@serverA ~]# rpm -q NetworkManager
NetworkManager-1.45.7-1.el9.aarch64
[root@serverA ~]# systemctl status NetworkManager
[root@serverA ~]# systemctl start NetworkManager
[root@serverA ~]# systemctl enable NetworkManager
[root@serverA ~]# nmcli conn show
NAME UUID TYPE DEVICE
ens160 916ca0c1-c413-3960-9f7f-dfe49bc0924d ethernet ens160
lo f87dd6ad-38f2-4203-97ce-7b4ebe49a42a loopback lo
[root@serverA ~]# nmcli conn add con-name default ifname ens160 type ethernet ipv4.method manual ipv4.address '192.168.208.136/24,192.168.208.100/24' ipv4.gateway 192.168.208.2 ipv4.dns 192.168.208.2
Connection 'default' (b396904b-6d80-4e2c-ae3a-cb221cfd9d44) successfully added.
[root@serverA ~]# nmcli conn show
NAME UUID TYPE DEVICE
ens160 916ca0c1-c413-3960-9f7f-dfe49bc0924d ethernet ens160
lo f87dd6ad-38f2-4203-97ce-7b4ebe49a42a loopback lo
default b396904b-6d80-4e2c-ae3a-cb221cfd9d44 ethernet --
[root@serverA ~]# nmcli conn up default
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@serverA ~]# hostname -I
192.168.208.136 192.168.208.100
[root@serverA ~]# cat /etc/NetworkManager/system-connections/default.nmconnection
[connection]
id=default
uuid=b396904b-6d80-4e2c-ae3a-cb221cfd9d44
type=ethernet
interface-name=ens160
[ethernet]
[ipv4]
address1=192.168.208.136/24,192.168.208.2
address2=192.168.208.100/24
dns=192.168.208.2;
method=manual
[ipv6]
addr-gen-mode=default
method=auto
[proxy]
[root@serverA ~]# ping 192.168.208.100
[root@serverA ~]# ping 192.168.208.136
[root@serverA ~]# ping 192.168.208.2
[root@serverA ~]# rpm -q chrony
chrony-4.3-1.el9.aarch64
[root@serverA ~]# systemctl start chronyd
[root@serverA ~]# systemctl enable chronyd
[root@serverA ~]# systemctl status chronyd
[root@serverA ~]# vim /etc/chrony.conf
server time.google.com iburst
[root@serverA ~]# systemctl restart chronyd.service
[root@serverA ~]# timedatectl set-ntp true
[root@serverA ~]# timedatectl set-timezone Asia/Shanghai
[root@serverA ~]# timedatectl
Local time: Sun 2024-10-13 12:51:33 CST
Universal time: Sun 2024-10-13 04:51:33 UTC
RTC time: Sun 2024-10-13 12:41:56
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: noManage text files and daily tasks
Find lines with “ac” on file /root/lines and copy it to /mnt/lines file
[root@serverA ~]# cat lines
dracula
accumulation
accent
believe
Rich
Poor
Factory
Never
Ever
Happened
Mavac
Sevac
Trivac
Gin ac ac ac
Beer ac ac ac
Wine dc dc dc
[root@serverA ~]# grep 'ac' /root/lines >/mnt/lines
[root@serverA ~]# cat /mnt/lines
dracula
accumulation
accent
Factory
Mavac
Sevac
Trivac
Gin ac ac ac
Beer ac ac acFind every file owned by student1 and copy it to /mnt/student1 folder
[root@serverA ~]# cd /mnt
[root@serverA mnt]# mkdir student1
[root@serverA ~]# find / -user student1 -exec cp -rf {} /mnt/student1 \;Find every file bigger than 5MB and copy it to /mnt/bigger folder
[root@serverA ~]# find / -type f -size +5M -exec cp -rf {} /mnt/bigger \;Configure a cron job to echo “Hello cron working” every 2 days at 2PM
[root@serverA ~]# rpm -q cronie
cronie-1.5.7-10.el9.aarch64
[root@serverA ~]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@serverA ~]# crontab -l
00 14 */2 * * echo “Hello cron working”
Create a bash script to echo “creating script” and then create a file named “working” under /
[root@serverA scripts]# pwd
/root/scripts
[root@serverA scripts]# tail -1 /root/.bashrc
export PATH=$PATH:/root/scripts
[root@serverA scripts]# touch s1.sh
[root@serverA scripts]# chmod u+x s1.sh
[root@serverA scripts]# ls -lh
total 0
-rwxr--r--. 1 root root 0 Oct 13 13:13 s1.sh
[root@serverA ~]# source .bashrc
[root@serverA /]# cat /root/scripts/s1.sh
echo "creating script"
touch /workingCreate 3 compress files of /etc/hosts file called hosts.tar.gzip, hosts.tar.bzip2 and hosts.tar.xz under /mnt
[root@serverA mnt]# tar -zcvf hosts.tar.gzip /etc/hosts
[root@serverA mnt]# tar -jcvf hosts.tar.bzip2 /etc/hosts
[root@serverA mnt]# tar -Jcvf hosts.tar.xz /etc/hosts
Create a symbolic link of /usr/bin/echo under /mnt name It echo2
[root@serverA ~]# ln -s /usr/bin/echo /mnt/echo2
[root@serverA ~]# ls -lh /mnt
total 16K
lrwxrwxrwx. 1 root root 13 Oct 13 13:53 echo2 -> /usr/bin/echoPermissions and ACL
Copy fstab file to /mnt/fstab, owner is root and group is admins, groups have full permissions, others are not allowed to do anything.
[root@serverA ~]# cp /etc/fstab /mnt/fstab
[root@serverA ~]# cd /mnt
[root@serverA mnt]# ls -lh | grep fstab
-rw-r--r--. 1 root root 666 Oct 13 14:19 fstab
[root@serverA mnt]# chown root:admins fstab
[root@serverA mnt]# ls -lh | grep fstab
-rw-r--r--. 1 root admins 666 Oct 13 14:19 fstab
[root@serverA mnt]# chmod g+rwx fstab
[root@serverA mnt]# ls -lh | grep fstab
-rw-rwxr--. 1 root admins 666 Oct 13 14:19 fstab
[root@serverA mnt]# chmod o-rwx fstab
[root@serverA mnt]# ls -lh | grep fstab
-rw-rwx---. 1 root admins 666 Oct 13 14:19 fstabUser anna has write and read permission in the file
[root@serverA mnt]# setfacl -m u:anna:rw- fstab
[root@serverA mnt]# getfacl fstab
# file: fstab
# owner: root
# group: admins
user::rw-
user:anna:rw-
group::rwx
mask::rwx
other::---Create a folder called users under /home, every file created under users dir must preserve its parent group owner.
[root@serverA home]# chmod g+s users
[root@serverA home]# ls -ld users
drwxr-sr-x. 2 root root 6 Oct 13 14:22 users
[anna@serverA home]$ sudo chmod g+s users
[anna@serverA home]$ ls -ld users/
drwxr-sr-x. 2 root root 6 Oct 13 14:24 users/
[anna@serverA home]$ sudo chown anna:admins users
[anna@serverA home]$ ls -ld users/
drwxr-sr-x. 2 anna admins 6 Oct 13 14:24 users/
[root@serverA home]# cd users/
[root@serverA users]# touch f1
[root@serverA users]# ls -lh
total 0
-rw-r--r--. 1 root admins 0 Oct 13 14:28 f1anyone except the owner of a file under users dir can delete it (Sticky)
[student1@serverA home]$ sudo chmod o+t test/
[john@serverA home]$ ls -ld test/
drwxrwxrwt. 2 anna admins 86 Oct 13 15:01 test/
[john@serverA test]$ ls -lh
total 0
-rw-r--r--. 1 anna anna 0 Oct 13 14:57 a1
-rw-r--r--. 1 anna anna 0 Oct 13 14:57 a2
-rw-r--r--. 1 anna anna 0 Oct 13 14:57 a3
-rw-r--r--. 1 john john 0 Oct 13 14:59 j1
-rw-r--r--. 1 john john 0 Oct 13 14:59 j2
-rw-r--r--. 1 john john 0 Oct 13 15:00 j3
-rw-r--r--. 1 student1 student1 0 Oct 13 14:57 s1
-rw-r--r--. 1 student1 student1 0 Oct 13 14:57 s2
-rw-r--r--. 1 student1 student1 0 Oct 13 14:57 s3
[john@serverA test]$ rm -rf s1
rm: cannot remove 's1': Operation not permitted
[john@serverA test]$ rm -rf a1
rm: cannot remove 'a1': Operation not permitted
[john@serverA test]$ rm -rf j1configure umask 033 for all user, users root and Student1 must have their own 022 umaks
# By Default for all users , /etc/profile
[root@serverA ~]# vim /etc/profile
[root@serverA ~]# useradd student3
[root@serverA ~]# passwd student3
Changing password for user student3.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@serverA ~]# su - student3
[student3@serverA ~]$ umask
0033
# For specifica user
# Student2
[student1@serverA ~]$ vim .bashrc
umask 0022
[student1@serverA ~]$ source .bashrc
[student1@serverA ~]$ umask
0022
# Root
[root@serverA ~]# vim .bashrc
umask 0022
[root@serverA ~]# source .bashrc
[root@serverA ~]# umask
0022Firewall and Selinux
An apache service is running under port 92, and the root folder is under /web, fix it and set the right label. Change ssh port to 90 and set the right selinux conf
[root@serverA ~]# rpm -q httpd
package httpd is not installed
[root@serverA ~]# yum -y install httpd
[root@serverA ~]# systemctl start httpd
[root@serverA ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@serverA ~]# systemctl status httpd
[root@serverA ~]# vim /etc/httpd/conf/httpd.conf
Listen 92
[root@serverA html]# pwd
/var/www/html
[root@serverA html]# cat index.html
<h1>This is a latest Website !!</h1>
# Search code from vim /etc/ssh/sshd_config
[root@serverA ~]# semanage port -a -t http_port_t -p tcp 92
[root@serverA ~]# semanage port -l | grep 92
http_port_t tcp 92, 80, 81, 443, 488, 8008, 8009, 8443, 9000
[root@serverA ~]# systemctl restart httpd.service
[root@serverA ~]# netstat -tnl | grep 92
tcp6 0 0 :::92 :::* LISTEN
[root@serverA ~]# curl localhost:92
<h1>This is a latest Website !!</h1>
[root@serverA ~]# vim /etc/httpd/conf/httpd.conf
DocumentRoot "/var/www/website"
[root@serverA website]# vim index.html
[root@serverA website]# systemctl restart httpd
[root@serverA website]# curl localhost:92
<h1>This is another website</h1>Open port 92 firewalld, make the change persistent.
[root@serverA ~]# rpm -q firewalld
firewalld-1.2.5-1.el9.noarch
[root@serverA ~]# systemctl start firewalld
[root@serverA ~]# systemctl enable firewalld
[root@serverA ~]# systemctl status firewalld
[root@serverA ~]# firewall-cmd --permanent --add-service=http
success
[root@serverA ~]# firewall-cmd --permanent --add-port=92/tcp
[root@serverA ~]# firewall-cmd --reload
[root@serverA ~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: cockpit dhcpv6-client http ssh
ports: 92/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:Logging
Configure journald logs to be save persistently
[root@serverA ~]# vim /etc/systemd/journald.conf
[Journal]
Storage=persistent
[root@serverA ~]# systemctl restart systemd-journald
[root@serverA ~]# ls /var/log/journalConfigure rsyslog to save any critical log or higher to /var/log/crit
[root@serverA ~]# vim /etc/rsyslog.conf
*.crit /var/log/critical.log
[root@serverA ~]# systemctl restart rsyslog.serviceConfigure firewalld logs to be rotate every 3 weeks
[root@serverA ~]# vim /etc/logrotate.d/firewalld
/var/log/firewalld {
weekly
missingok
rotate 3
copytruncate
minsize 1M
}Storange: SWAP, LVM and Stratis
Create a 5 gb partition format It with ext3 and mount it on /mnt/ext3 persistently,mount must be with part UUID.
[root@serverA mnt]# gdisk /dev/nvme0n2
Command (? for help): n
Partition number (1-128, default 1):
First sector (34-10485726, default = 2048) or {+-}size{KMGTP}:
Last sector (2048-10485726, default = 10485726) or {+-}size{KMGTP}:
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300):
Changed type of partition to 'Linux filesystem'
Command (? for help): p
Disk /dev/nvme0n2: 10485760 sectors, 5.0 GiB
Model: VMware Virtual NVMe Disk
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): F9F8FF62-EF96-453E-9417-301C3F4A6525
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 10485726
Partitions will be aligned on 2048-sector boundaries
Total free space is 2014 sectors (1007.0 KiB)
Number Start (sector) End (sector) Size Code Name
1 2048 10485726 5.0 GiB 8300 Linux filesystem
Command (? for help): w
Do you want to proceed? (Y/N): y
The operation has completed successfully.
[root@serverA ~]# mkfs -t ext3 /dev/nvme0n2p1
mke2fs 1.46.5 (30-Dec-2021)
Creating filesystem with 1310459 4k blocks and 327680 inodes
Filesystem UUID: 6f6b3565-97a5-4728-8036-8a7e7198b780
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
[root@serverA ~]# blkid /dev/nvme0n2p1
/dev/nvme0n2p1: UUID="6f6b3565-97a5-4728-8036-8a7e7198b780" SEC_TYPE="ext2" TYPE="ext3" PARTLABEL="Linux filesystem" PARTUUID="4bb409f9-73c0-4ca9-9079-69421bd1556f"
[root@serverA ~]# tail -1 /etc/fstab
UUID="6f6b3565-97a5-4728-8036-8a7e7198b780" /mnt/ext3 ext4 defaults 0 0
[root@serverA ~]# systemctl daemon-reload
[root@serverA ~]# mount -a
[root@serverA ~]#
[root@serverA ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n2 259:4 0 5G 0 disk
└─nvme0n2p1 259:9 0 5G 0 part /mnt/ext3[root@serverA ~]# gdisk /dev/nvme0n3
Command (? for help): n
Partition number (1-128, default 1):
First sector (34-10485726, default = 2048) or {+-}size{KMGTP}:
Last sector (2048-10485726, default = 10485726) or {+-}size{KMGTP}:
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300): 8200
Changed type of partition to 'Linux swap'
Command (? for help): p
Number Start (sector) End (sector) Size Code Name
1 2048 10485726 5.0 GiB 8200 Linux swap
Command (? for help): w
Do you want to proceed? (Y/N): y
The operation has completed successfully.
[root@serverA ~]# mkswap /dev/nvme0n3p1
Setting up swapspace version 1, size = 5 GiB (5367635968 bytes)
no label, UUID=cd40a5ef-cca7-4ff6-94d7-f07ff4e5de0f
[root@serverA ~]# blkid /dev/nvme0n3p1
/dev/nvme0n3p1: UUID="cd40a5ef-cca7-4ff6-94d7-f07ff4e5de0f" TYPE="swap" PARTLABEL="Linux swap" PARTUUID="b94de884-d851-43c0-959e-202856707778"
[root@serverA ~]# free -h
total used free shared buff/cache available
Mem: 3.5Gi 1.1Gi 1.9Gi 10Mi 712Mi 2.4Gi
Swap: 2.0Gi 0B 2.0Gi
[root@serverA ~]#
[root@serverA ~]# vim /etc/fstab
[root@serverA ~]# tail -1 /etc/fstab
/dev/nvme0n3p1 swap swap default 0 0
[root@serverA ~]# systemctl daemon-reload
[root@serverA ~]# swapon -a
[root@serverA ~]# free -h
total used free shared buff/cache available
Mem: 3.5Gi 1.1Gi 1.9Gi 10Mi 712Mi 2.4Gi
Swap: 7.0Gi 0B 7.0GiCreate a vg called VG1 with a partition of 5gb, consider a PE size of 10MB
[root@serverA lvm]# pvs
PV VG Fmt Attr PSize PFree
/dev/nvme0n1p3 cs lvm2 a-- 18.41g 0
/dev/nvme0n4 VG1 lvm2 a-- 4.99g 4.99g
[root@serverA lvm]# vgcreate -s 10M VG1 /dev/nvme0n4
[root@serverA lvm]# vgdisplay VG1
--- Volume group ---
VG Name VG1
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 4.99 GiB
PE Size 10.00 MiB
Total PE 511
Alloc PE / Size 0 / 0
Free PE / Size 511 / 4.99 GiB
VG UUID F02ZEL-KtaB-tY8J-MrEb-BIkW-h7Xu-HIhJ8SCreate a lv called LV1 on top of VG1 with a size of 600MB, format it with ext4 and mount it under /mnt/lvm
[root@serverA ~]# lvcreate -L 600M --name LV1 VG1
Logical volume "LV1" created.
[root@serverA ~]# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
LV1 VG1 -wi-a----- 600.00m
root cs -wi-ao---- 16.41g
swap cs -wi-ao---- 2.00g
[root@serverA ~]# mkfs -t ext4 /dev/VG1/LV1
[root@serverA ~]# blkid /dev/VG1/LV1
/dev/VG1/LV1: UUID="0177cb94-3534-42ba-adb1-5e8da2667d42" TYPE="ext4"Extend the vg with another partition of 5 gb and extend the lv from 60LE to 700LE, final size must be between 6.9gb – 7.1gb.
[root@serverA ~]# pvcreate /dev/nvme0n5p1
Physical volume "/dev/nvme0n5p1" successfully created.
[root@serverA ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/nvme0n1p3 cs lvm2 a-- 18.41g 0
/dev/nvme0n4 VG1 lvm2 a-- 4.99g 4.40g
/dev/nvme0n5p1 lvm2 --- <5.00g <5.00g
[root@serverA ~]# vgextend VG1 /dev/nvme0n5p1
[root@serverA ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/nvme0n1p3 cs lvm2 a-- 18.41g 0
/dev/nvme0n4 VG1 lvm2 a-- 4.99g 4.40g
/dev/nvme0n5p1 VG1 lvm2 a-- 4.99g 4.99g
[root@serverA ~]# vgs
VG #PV #LV #SN Attr VSize VFree
VG1 2 1 0 wz--n- 9.98g 9.39g
[root@serverA ~]# lvextend -l 700 /dev/VG1/LV1
Size of logical volume VG1/LV1 changed from 600.00 MiB (60 extents) to <6.84 GiB (700 extents).
Logical volume VG1/LV1 successfully resized.
[root@serverA ~]# lvdisplay /dev/VG1/LV1
--- Logical volume ---
LV Path /dev/VG1/LV1
LV Name LV1
VG Name VG1
LV UUID HIp0VX-jVVE-wWZx-AkZM-shJz-OtBO-ZGXqFd
LV Write Access read/write
LV Creation host, time serverA, 2024-10-13 17:16:53 +0800
LV Status available
# open 0
LV Size <6.84 GiB
Current LE 700
Segments 2
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:2
Create a stratis pool with a partition of 5gb called POOL1, create a fs called fs1 and mount it on /mnt/fs1
[root@serverA ~]# yum -y list *stratis*
Last metadata expiration check: -1 day, 21:50:26 ago on Sun 13 Oct 2024 07:37:36 PM CST.
Available Packages
stratis-cli.noarch 3.6.0-1.el9 appstream
stratisd.aarch64 3.6.7-1.el9 appstream
stratisd-dracut.aarch64 3.6.7-1.el9 appstream
stratisd-tools.aarch64 3.6.7-1.el9 appstream
[root@serverA ~]# yum -y install stratis-cli
[root@serverA ~]# yum -y install stratisd
[root@serverA ~]# systemctl start stratisd
[root@serverA ~]# systemctl enable stratisd
[root@serverA ~]# systemctl status stratisd
[root@serverA ~]# stratis pool create POOL1 /dev/nvme0n3p1
[root@serverA ~]# stratis pool list
Name Total / Used / Free Properties UUID Alerts
POOL1 5.00 GiB / 526 MiB / 4.49 GiB ~Ca,~Cr, Op b273563e-77e9-4e34-b5bd-6baf825e30a6 WS001
[root@serverA ~]# stratis filesystem create POOL1 fs1
[root@serverA ~]# stratis filesystem list
Pool Filesystem Total / Used / Free / Limit Created Device UUID
POOL1 fs1 1 TiB / 546 MiB / 1023.47 GiB / None Oct 13 2024 17:33 /dev/stratis/POOL1/fs1 2bc949f7-ad62-45c7-bdbf-a22da23964bd
[root@serverA ~]# vim /etc/fstab
[root@serverA ~]# tail -2 /etc/fstab
/dev/stratis/POOL1/fs1 /mnt/fs1 xfs defaults,x-systemd.requires=stratisd.service 0 0
[root@serverA ~]# systemctl daemon-reload
[root@serverA ~]# mount -aCreate a snapshot of fs1 called snap1 and mount it on /mnt/snap
[root@serverA ~]# stratis filesystem snapshot POOL1 fs1 snap1
[root@serverA ~]# tail -2 /etc/fstab
UUID="7e12cd69-c778-4bfe-9d43-0671f661225d" /mnt/snap xfs defaults 0 0
[root@serverA ~]# systemctl daemon-reload
[root@serverA ~]# mount -aConfigure autofs to mount a share home dir under /home/share, this home dir is accessible in 192.168.208.137/home/shareuser
[root@serverA home]# yum -y install nfs-utils
[root@serverA home]# showmount -e 192.168.208.137
Export list for 192.168.208.137:
/home/shareuser 192.168.208.136
[root@serverA share]# yum -y install autofs
[root@serverA share]# systemctl start autofs
[root@serverA share]# systemctl enable autofs
Created symlink /etc/systemd/system/multi-user.target.wants/autofs.service → /usr/lib/systemd/system/autofs.service.
[root@serverA share]# systemctl status autofs
[root@serverA ~]# cat /etc/auto.master
/home /etc/auto.nfs --timeout=300
[root@serverA ~]# cat /etc/auto.nfs
share -rw,sync 192.168.208.137:/home/shareuser
[root@serverA home]# cd share
[root@serverA share]# ls
s1 s2 s3 s4 s5Containers
[root@serverA ~]# yum -y install container-tools
[root@serverA ~]# podman login docker.io
Username: kcsanjeeb091@gmail.com
Password:
Login Succeeded!
[root@serverB ~]# loginctl enable-linger sanjeeb
[root@serverB ~]# useradd sanjeeb
[root@serverB ~]# ssh sanjeeb@192.168.208.137
[sanjeeb@serverB containers]$ pwd
/home/sanjeeb/.config/containers
[sanjeeb@serverB containers]$ cat registries.conf
unqualified-search-registries = ['docker.io']
[[registry]]
insecure = false
blocked = false
location = "docker.io"
[sanjeeb@serverB ~]$ pwd
/home/sanjeeb
[sanjeeb@serverB ~]$ vim Containerfile
[sanjeeb@serverB ~]$ cat Containerfile
FROM docker.io/library/httpd
[sanjeeb@serverB ~]$ podman build -t myhttpd .
[sanjeeb@serverB ~]$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/myhttpd latest a3e79aafef7f 2 months ago 182 MB
docker.io/library/httpd latest a3e79aafef7f 2 months ago 182 MB
# Making Volume
[sanjeeb@serverB webapp]$ pwd
/home/sanjeeb/webapp
[sanjeeb@serverB webapp]$ vim index.html
[sanjeeb@serverB webapp]$ cat index.html
<h1>My latest website is up and running !!</h1>
[sanjeeb@serverB ~]$ podman run -d --name myhttpdcontainer -v ~/webapp:/usr/local/apache2/htdocs:Z -p 4499:80 localhost/myhttpd:latest
b6240e39cbc690aafaf584487e7e486c35423077ac2421220cd954a64b881f1b
[sanjeeb@serverB ~]$ podman stop myhttpdcontainer
[sanjeeb@serverB user]$ pwd
/home/sanjeeb/.config/systemd/user
[sanjeeb@serverB user]$ podman generate systemd --name myhttpdcontainer --files --new
/home/sanjeeb/.config/systemd/user/container-myhttpdcontainer.service
[sanjeeb@serverB user]$ systemctl --user enable container-myhttpdcontainer.service
Created symlink /home/sanjeeb/.config/systemd/user/default.target.wants/container-myhttpdcontainer.service → /home/sanjeeb/.config/systemd/user/container-myhttpdcontainer.service.
[sanjeeb@serverB user]$ systemctl --user start container-myhttpdcontainer.service
[sanjeeb@serverB user]$ systemctl --user status container-myhttpdcontainer.service
[sanjeeb@serverB user]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1128dcab8bf9 localhost/myhttpd:latest httpd-foreground 17 seconds ago Up 17 seconds 0.0.0.0:4499->80/tcp, 80/tcp myhttpdcontainer
# Adding firewall
[sanjeeb@serverB user]$ sudo firewall-cmd --permanent --add-port=4499/tcp
success
[sanjeeb@serverB user]$ sudo firewall-cmd --reload
success
[sanjeeb@serverB user]$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client http mountd nfs rpc-bind ssh
ports: 4499/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: