Overview
These are my notes that I created as I prepared for the RHCSA (EX200V8K) exam. I passed but did not attain a perfect score so I make no guarantee as to these notes being 100% correct. Use them merely as a guideline and conduct your own research.
As of February 2021 the exam was based upon Red Hat Enterprise Linux 8.2 and the objectives below. However these are subject to change so be sure to check the link below for the current information:
Notes
Understand and use essential tools
- Understand and use essential tools
+ Access a shell prompt and issue commands with correct syntax
> Change shells
- # usermod -s
> Switch virtual terminals
- Text: Alt+F2
- GUI: Ctrl+Alt+F2
> alias
- one user
+ # echo "alias pshead='ps aux | head'" >> ~/.bashrc
- all users
+ # echo "alias pshead='ps aux | head'" >> /etc/profile.d/allusers.sh
+ Use input-output redirection (>, >>, |, 2>, etc.)
> Standard output: ./script.sh > output.txt
> Error output: ./script.sh 2> output.txt
> All output: ./script.sh &> output.txt
+ Use grep and regular expressions to analyze text
> # cat /etc/ssh/sshd_config | awk '!/^#/' | grep -v ^$
+ Access remote systems using SSH
> Text: ssh [email protected]
> GUI: ssh -X [email protected]
+ Log in and switch users in multiuser targets
> # su - user1
+ Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2
> # tar --help
+ Create and edit text files
> vi, vim
+ Create, delete, copy, and move files and directories
> cp, mkdir, rm
+ Create hard and soft links
> ln
+ List, set, and change standard ugo/rwx permissions
> ls -l, chmod
+ Locate, read, and use system documentation including man, info, and files in /usr/share/doc
> # man lvextend
> /usr/share/doc/Create simple shell scripts
- Create simple shell scripts
+ Conditionally execute code (use of: if, test, [], etc.)
> examples: /etc/init.d/functions
+ Use Looping constructs (for, etc.) to process file, command line input
> examples: /etc/init.d/functions
+ Process script inputs ($1, $2, etc.)
> examples: /etc/init.d/functions
+ Processing output of shell commands within a script
> # for i in $(seq 1 3); do touch file_$i; done
+ Processing shell command exit codes
> # bash -x script.sh
> # echo $?Operate running systems
- Operate running systems
+ Boot, reboot, and shut down a system normally
> # shutdown = systemctl poweroff
> # reboot = systemctl reboot
+ Boot systems into different targets manually
> grub2
- cli
+ add: 3
+ add: systemd.unit=multi-user.target
- graphical
+ add: systemd.unit=graphical.target
> shell
- # systemctl list-units --type=target
- # systemctl get-default
- # systemctl set-default graphical.target
+ Interrupt the boot process in order to gain access to a system
> grub2
- no root password
+ add: 'rd.break'
+ # mount -o remount,rw /sysroot
+ # chroot /sysroot
+ # passwd
+ # touch /.autorelabel
+ # exit
+ # exit
+ Identify CPU/memory intensive processes and kill processes
> # ps aux
> # top
+ Adjust process scheduling
> # top
- hit 'r' key
> -20 top priority
> 19 low priority
> # nice
> # renice
+ Manage tuning profiles
> # dnf install tuned
> # systemctl enable --now tuned.service
> # tuned-adm --help
+ Locate and interpret system log files and journals
> # /var/log/{cron,maillog,messages,secure}
> systemd-journald
- # journalctl --boot
- # journalctl --follow
- # journalctl --unit=crond.service
- # journalctl _UID=1000
+ Preserve system journals
> # mkdir /var/log/journal
> # chgrp systemd-journal /var/log/journal
> # chmod 2755 /var/log/journal
> # systemctl restart systemd-journald.service
+ Start, stop, and check the status of network services
> # systemctl status network
> # systemctl restart network
> # nmcli dev status
> # nmcli con reload
> # nmcli con down eth0
> # nmcli con up eth0
> # nmtui
> files/folders
- /etc/sysconfig/network
+ Securely transfer files between systems
> scpConfigure local storage
- Configure local storage
+ List, create, delete partitions on MBR and GPT disks
> fdisk, gdisk, partprobe, mkfs, mount, lsblk
> mbr (32bit logical addresses up to 2TB, 15 partitions - 3 primary, 12 logical)
> gpt (64bit logical addresses up to 8million TB, 128 partitions)
+ Create and remove physical volumes
> pvcreate, pvremove, pvs
+ Assign physical volumes to volume groups
> vgcreate, vgremove, vgextend, vgs
+ Create and delete logical volumes
> lvcreate, lvremove, lvs
+ Configure systems to mount file systems at boot by universally unique ID (UUID) or label
> blkid
> xfs_admin
+ Add new partitions and logical volumes, and swap to a system non-destructively
> see above
> mkswap, swapon, swapoffCreate and configure file systems
- Create and configure file systems
+ Create, mount, unmount, and use vfat, ext4, and xfs file systems
> see above
> /etc/fstab
+ Mount and unmount network file systems using NFS
> server
- server1 (192.168.122.1)
- /etc/exports
/nfsshare/data 192.168.122.0/24(rw,no_root_squash)
/nfsshare/user 192.168.122.0/24(rw,no_root_squash)
- # setsebool -P use_nfs_home_dirs on
> client
- /etc/fstab
+ server1:/nfsshare/data /mnt/nfs nfs defaults,sync 0 0
- autofs
+ # dnf install autofs
+ # systemctl enable --now autofs.service
+ /net
> /etc/auto.master
/net -hosts
+ /home
> examples
- # man auto.master
- # man 5 autofs
> /etc/auto.master
/home /etc/auto.home
> /etc/auto.home
* -rw server1:/nfsshare/user/&
> # systemctl restart autofs
+ Extend existing logical volumes
> vgextend, lvextend, xfs_growfs, resize2fs
+ Create and configure set-GID directories for collaboration
> # mkdir /shared
> # groupadd sharegroup
> # gpasswd -M user1,user2,user3 sharegroup
> # chown nobody:sharegroup /shared
> # chmod 2770 /shared
+ Configure disk compression
> # dnf install kmod-kvdo vdo
> # vdo create --name vdo01 --dev /dev/vdd --vdoLogicalSize 10G
> # mkfs.xfs -K /dev/mapper/vdo01
> # mkdir /vdo01
> # cp -a /usr/share/doc/vdo/examples/systemd/VDO.mount.example /etc/systemd/system/vdo01.mount
- What = /dev/mapper/vdo01
- Where = /vdo01
> # restorecon -FRv /etc/systemd/system/
> # systemctl enable --now vdo01.mount
> # vdostats --human-readable
> # df -h /vdo01
> # vdo status --name vdo01
+ Manage layered storage
> # dnf install stratis-cli stratisd
> # systemctl enable --now stratisd.service
> # stratis pool create pool01 /dev/vdc
> # stratis pool list
> # stratis filesystem create pool01 fs01
> # stratis pool list
> # blkid /stratis/pool01/fs01
> # echo 'UUID="c51fc678-afbb-4942-bbca-56f3158e946c" /mountdir01 xfs defaults,x-systemd.requires=stratisd.service 0 0' >> /etc/fstab
> # mdkir /mountdir01
> # mount -a
> # for i in `seq 1 5`; do touch /mountdir01/file$i; done
> # stratis filesystem snapshot pool01 fs01 fs01-snap01
> # stratis filesystem list
> # rm -f /mountdir01/file{1,2}
> # mdkir /mountdir02
> # mount /stratis/pool01/fs01-snap01 /mountdir02
> # ls /mountdir0*
> reboot and verify mount
+ Diagnose and correct file permission problems
> ls -l, chmod, chown, getfacl, setfacl, lsattr, chattrDeploy, configure, and maintain systems
- Deploy, configure, and maintain systems
+ Schedule tasks using at and cron
> crontab, /etc/cron.allow, /etc/cron.deny
> at HH:MM yyyy-mm-dd, atq, /etc/at.allow, /etc/at.deny
+ Start and stop services and configure services to start automatically at boot
> systemctl (start, stop, enable, disable)
+ Configure systems to boot into a specific target automatically
> # systemctl get-default
> # systemctl list-units --type=target --all
> # systemctl set-default multi-user.target
+ Configure time service clients
> chronyd, /etc/chrony.conf
> # chronyc -n sources
+ Install and update software packages from Red Hat Network, a remote repository, or from the local file system
> # man dnf.conf
> # yum-config-manager --add-repo=ftp://192.168.122.1/pub/inst/
> # vim /etc/yum.repos.d/custom.repo
[repo-custom]
baseurl=file:///mnt/
gpgcheck=0
> # subscription-manager register --username=redhat_username
+ Work with package module streams
> # dnf module list
> # dnf module list postgresql
> # dnf module info postgresql:12
> # dnf module enable postgresql:12
> # dnf install postgresql
> # dnf distro-sync
+ Modify the system bootloader
> modify: grubby, /etc/default/grub
> # grub2-mkconfig -o /boot/grub2/grub.cfgManage basic networking
- Manage basic networking
+ Configure IPv4 and IPv6 addresses
> nmcli, nmtui, nm-connection-editor
+ Configure hostname resolution
> hostnamectl
> nmcli, nmtui, nm-connection-editor
> resolution search priority /etc/nsswitch.conf
hosts: files dns myhostname
> don't use /etc/resolv.conf will be overwritten by NetworkManager at boot
+ Configure network services to start automatically at boot
> ONBOOT=yes
+ Restrict network access using firewall-cmd/firewall
> # firewall-cmd --list-all
> # firewall-cmd --get-servicesManage users and groups
- Manage users and groups
+ Create, delete, and modify local user accounts
> /etc/login.defs
> /etc/skel
+ Change passwords and adjust password aging for local user accounts
> # chage -l
+ Create, delete, and modify local groups and group memberships
> groupadd, gpasswd
+ Configure superuser access
> sudoManage security
- Manage security
+ Configure firewall settings using firewall-cmd/firewalld
> service: firewalld
> config: firewall-cmd, firewall-config
> info
- # firewall-cmd --get-services
- # firewall-cmd --list-all
+ Create and use file access control lists
> getfacl, setfacl
+ Configure key-based authentication for SSH
> on client use ssh-keygen, ssh-copy-id
+ Set enforcing and permissive modes for SELinux
> /etc/sysconfig/selinux
> setenforce
+ List and identify SELinux file and process context
> # ls -lZ
> # ps -eZ
+ Restore default file contexts
> # restorecon -Fv file1
> # restorecon -FRv folder1/
+ Use boolean settings to modify system SELinux settings
> # getseebool -a
> # setsebool -P
+ Diagnose and address routine SELinux policy violations
> # yum install setroubleshoot-server
> # sealert -a /var/log/audit/audit.logManage containers
- Manage containers
+ setup
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/building_running_and_managing_containers/
> # dnf module install container-tools
+ Find and retrieve container images from a remote registry
> registries defined in /etc/containers/registries.conf
> # podman search postgresql-10
> # podman search --no-trunc registry.redhat.io/rhscl/postgresql-10-rhel7
> # podman login registry.redhat.io
> # podman pull registry.redhat.io/rhscl/postgresql-10-rhel7
+ Inspect container images
> local
- # podman images
- # podman inspect registry.redhat.io/rhscl/postgresql-10-rhel7
- # podman tag ab2bd6c55ca1 mypostgres
- # podman rmi -f ab2bd6c55ca1
> remote
- # skopeo inspect docker://registry.redhat.io/rhel8/httpd-24
+ Perform container management using commands such as podman and skopeo
> create
- # podman create --name mypostgres registry.redhat.io/rhscl/postgresql-10-rhel7
> inspect
- # podman inspect cec9aae4540f
- # podman exec -it cec9aae4540f /bin/bash
> save
- # podman save --help
- # podman load --help
> remove
- # podman rm 54d8d38f2285
> skopeo
- # skopeo --help
+ Perform basic container management such as running, starting, stopping, and listing running containers
> list
- # podman ps -a
> start/stop
- # podman start mypostgres
- # podman stop cec9aae4540f
> run commands
- # podman run --rm registry.redhat.io/rhel8/httpd-24 cat /etc/os-release
- # podman run --rm registry.redhat.io/rhel8/httpd-24 ls /root/buildinfo
- # podman run --rm registry.redhat.io/rhel8/httpd-24 cat /root/buildinfo/Dockerfile-rhel8-httpd-24-1-120
- # podman run -dt --name website1 -p 8080:8080/tcp registry.redhat.io/rhel8/httpd-24
+ # curl --noproxy localhost http://localhost:8080
+ # podman stop website1
> logs
- # podman logs website1
+ Run a service inside a container
> # vim Dockerfile
FROM registry.access.redhat.com/ubi8/ubi-init
RUN yum -y install httpd; yum clean all; systemctl enable httpd;
RUN echo "RHCSA - Run a service inside a container" > /var/www/html/index.html
RUN mkdir /etc/systemd/system/httpd.service.d/; echo -e '[Service]\nRestart=always' > /etc/systemd/system/httpd.service.d/httpd.conf
EXPOSE 80
> # podman build --tag myservice .
> # setsebool -P container_manage_cgroup true
> # podman run -dt --name website2 -p 9090:80/tcp localhost/myservice
+ Configure a container to start automatically as a systemd service
> root
- # podman generate systemd --name website1 > /etc/systemd/system/container-website1.service
- # restorecon -FRv /etc/systemd/system/
- # systemctl daemon-reload
- # systemctl enable --now container-website1.service
- in example above was unable to connect to website successfully upon host reboot
+ required the following edit to service file
[Unit]
After=network.target network-online.target
> non-root
- $ podman pull registry.redhat.io/rhel8/httpd-24
- $ mkdir .httpd
- $ echo 'user1 website up and running' > .httpd/index.html
- $ podman create -t --name user1-website -p 8080:8080/tcp --privileged -v /home/user1/.httpd:/var/www/html registry.redhat.io/rhel8/httpd-24
- $ podman generate systemd --files --name user1-website
- $ mkdir -p .config/systemd/user
- $ mv container-user1-website.service .config/systemd/user/
- $ restorecon -FRv .config/
- $ systemctl --user enable --now container-user1-website.service
- $ curl --noproxy localhost http://localhost:8080/
user1 website up and running
+ Attach persistent storage to a container
> get image
- # podman pull registry.access.redhat.com/ubi8/ubi
> default location
- # podman volume create myvol123
- # podman volume inspect myvol123
- # podman create -t --name myubi1 -v myvol123:/containervolume1 registry.access.redhat.com/ubi8/ubi /bin/bash
- # podman start -ai myubi1
- [root@5073f5958106 /]# touch /containervolume1/testfile1
- [root@5073f5958106 /]# ls -l /containervolume1/
-rw-r--r--. 1 root root 0 Feb 8 05:36 testfile1
- [root@5073f5958106 /]# exit
- # ls -l /var/lib/containers/storage/volumes/myvol123/_data/
-rw-r--r--. 1 root root 0 Feb 8 13:36 testfile1
> custom location
- # mkdir /containervols
- # podman create -t --name myubi2 --privileged -v /containervols:/mnt registry.access.redhat.com/ubi8/ubi /bin/bash
- # podman inspect myubi2
- # podman start -ai myubi2
- [root@867ddc3d374b /]# touch /mnt/testfile2
- [root@867ddc3d374b /]# ls -l /mnt/
-rw-r--r--. 1 root root 0 Feb 9 02:40 testfile2
- [root@867ddc3d374b /]# exit
- # ls -l /containervols/
-rw-r--r--. 1 root root 0 Feb 9 10:40 testfile2
Download
Best viewed in Notepad++