- Understand and use essential tools + Access a shell prompt and issue commands with correct syntax > Change shells - # usermod -s > Switch virtual terminals - Text: Alt+F2 - GUI: Ctrl+Alt+F2 > alias - one user + # echo "alias pshead='ps aux | head'" >> ~/.bashrc - all users + # echo "alias pshead='ps aux | head'" >> /etc/profile.d/allusers.sh + Use input-output redirection (>, >>, |, 2>, etc.) > Standard output: ./script.sh > output.txt > Error output: ./script.sh 2> output.txt > All output: ./script.sh &> output.txt + Use grep and regular expressions to analyze text > # cat /etc/ssh/sshd_config | awk '!/^#/' | grep -v ^$ + Access remote systems using SSH > Text: ssh root@server.internal > GUI: ssh -X root@server.internal + Log in and switch users in multiuser targets > # su - user1 + Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2 > # tar --help + Create and edit text files > vi, vim + Create, delete, copy, and move files and directories > cp, mkdir, rm + Create hard and soft links > ln + List, set, and change standard ugo/rwx permissions > ls -l, chmod + Locate, read, and use system documentation including man, info, and files in /usr/share/doc > # man lvextend > /usr/share/doc/ - Create simple shell scripts + Conditionally execute code (use of: if, test, [], etc.) > examples: /etc/init.d/functions + Use Looping constructs (for, etc.) to process file, command line input > examples: /etc/init.d/functions + Process script inputs ($1, $2, etc.) > examples: /etc/init.d/functions + Processing output of shell commands within a script > # for i in $(seq 1 3); do touch file_$i; done + Processing shell command exit codes > # bash -x script.sh > # echo $? - Operate running systems + Boot, reboot, and shut down a system normally > # shutdown = systemctl poweroff > # reboot = systemctl reboot + Boot systems into different targets manually > grub2 - cli + add: 3 + add: systemd.unit=multi-user.target - graphical + add: systemd.unit=graphical.target > shell - # systemctl list-units --type=target - # systemctl get-default - # systemctl set-default graphical.target + Interrupt the boot process in order to gain access to a system > grub2 - no root password + add: 'rd.break' + # mount -o remount,rw /sysroot + # chroot /sysroot + # passwd + # touch /.autorelabel + # exit + # exit + Identify CPU/memory intensive processes and kill processes > # ps aux > # top + Adjust process scheduling > # top - hit 'r' key > -20 top priority > 19 low priority > # nice > # renice + Manage tuning profiles > # dnf install tuned > # systemctl enable --now tuned.service > # tuned-adm --help + Locate and interpret system log files and journals > # /var/log/{cron,maillog,messages,secure} > systemd-journald - # journalctl --boot - # journalctl --follow - # journalctl --unit=crond.service - # journalctl _UID=1000 + Preserve system journals > # mkdir /var/log/journal > # chgrp systemd-journal /var/log/journal > # chmod 2755 /var/log/journal > # systemctl restart systemd-journald.service + Start, stop, and check the status of network services > # systemctl status network > # systemctl restart network > # nmcli dev status > # nmcli con reload > # nmcli con down eth0 > # nmcli con up eth0 > # nmtui > files/folders - /etc/sysconfig/network + Securely transfer files between systems > scp - Configure local storage + List, create, delete partitions on MBR and GPT disks > fdisk, gdisk, partprobe, mkfs, mount, lsblk > mbr (32bit logical addresses up to 2TB, 15 partitions - 3 primary, 12 logical) > gpt (64bit logical addresses up to 8million TB, 128 partitions) + Create and remove physical volumes > pvcreate, pvremove, pvs + Assign physical volumes to volume groups > vgcreate, vgremove, vgextend, vgs + Create and delete logical volumes > lvcreate, lvremove, lvs + Configure systems to mount file systems at boot by universally unique ID (UUID) or label > blkid > xfs_admin + Add new partitions and logical volumes, and swap to a system non-destructively > see above > mkswap, swapon, swapoff - Create and configure file systems + Create, mount, unmount, and use vfat, ext4, and xfs file systems > see above > /etc/fstab + Mount and unmount network file systems using NFS > server - server1 (192.168.122.1) - /etc/exports /nfsshare/data 192.168.122.0/24(rw,no_root_squash) /nfsshare/user 192.168.122.0/24(rw,no_root_squash) - # setsebool -P use_nfs_home_dirs on > client - /etc/fstab + server1:/nfsshare/data /mnt/nfs nfs defaults,sync 0 0 - autofs + # dnf install autofs + # systemctl enable --now autofs.service + /net > /etc/auto.master /net -hosts + /home > examples - # man auto.master - # man 5 autofs > /etc/auto.master /home /etc/auto.home > /etc/auto.home * -rw server1:/nfsshare/user/& > # systemctl restart autofs + Extend existing logical volumes > vgextend, lvextend, xfs_growfs, resize2fs + Create and configure set-GID directories for collaboration > # mkdir /shared > # groupadd sharegroup > # gpasswd -M user1,user2,user3 sharegroup > # chown nobody:sharegroup /shared > # chmod 2770 /shared + Configure disk compression > # dnf install kmod-kvdo vdo > # vdo create --name vdo01 --dev /dev/vdd --vdoLogicalSize 10G > # mkfs.xfs -K /dev/mapper/vdo01 > # mkdir /vdo01 > # cp -a /usr/share/doc/vdo/examples/systemd/VDO.mount.example /etc/systemd/system/vdo01.mount - What = /dev/mapper/vdo01 - Where = /vdo01 > # restorecon -FRv /etc/systemd/system/ > # systemctl enable --now vdo01.mount > # vdostats --human-readable > # df -h /vdo01 > # vdo status --name vdo01 + Manage layered storage > # dnf install stratis-cli stratisd > # systemctl enable --now stratisd.service > # stratis pool create pool01 /dev/vdc > # stratis pool list > # stratis filesystem create pool01 fs01 > # stratis pool list > # blkid /stratis/pool01/fs01 > # echo 'UUID="c51fc678-afbb-4942-bbca-56f3158e946c" /mountdir01 xfs defaults,x-systemd.requires=stratisd.service 0 0' >> /etc/fstab > # mdkir /mountdir01 > # mount -a > # for i in `seq 1 5`; do touch /mountdir01/file$i; done > # stratis filesystem snapshot pool01 fs01 fs01-snap01 > # stratis filesystem list > # rm -f /mountdir01/file{1,2} > # mdkir /mountdir02 > # mount /stratis/pool01/fs01-snap01 /mountdir02 > # ls /mountdir0* > reboot and verify mount + Diagnose and correct file permission problems > ls -l, chmod, chown, getfacl, setfacl, lsattr, chattr - Deploy, configure, and maintain systems + Schedule tasks using at and cron > crontab, /etc/cron.allow, /etc/cron.deny > at HH:MM yyyy-mm-dd, atq, /etc/at.allow, /etc/at.deny + Start and stop services and configure services to start automatically at boot > systemctl (start, stop, enable, disable) + Configure systems to boot into a specific target automatically > # systemctl get-default > # systemctl list-units --type=target --all > # systemctl set-default multi-user.target + Configure time service clients > chronyd, /etc/chrony.conf > # chronyc -n sources + Install and update software packages from Red Hat Network, a remote repository, or from the local file system > # man dnf.conf > # yum-config-manager --add-repo=ftp://192.168.122.1/pub/inst/ > # vim /etc/yum.repos.d/custom.repo [repo-custom] baseurl=file:///mnt/ gpgcheck=0 > # subscription-manager register --username=redhat_username + Work with package module streams > # dnf module list > # dnf module list postgresql > # dnf module info postgresql:12 > # dnf module enable postgresql:12 > # dnf install postgresql > # dnf distro-sync + Modify the system bootloader > modify: grubby, /etc/default/grub > # grub2-mkconfig -o /boot/grub2/grub.cfg - Manage basic networking + Configure IPv4 and IPv6 addresses > nmcli, nmtui, nm-connection-editor + Configure hostname resolution > hostnamectl > nmcli, nmtui, nm-connection-editor > resolution search priority /etc/nsswitch.conf hosts: files dns myhostname > don't use /etc/resolv.conf will be overwritten by NetworkManager at boot + Configure network services to start automatically at boot > ONBOOT=yes + Restrict network access using firewall-cmd/firewall > # firewall-cmd --list-all > # firewall-cmd --get-services - Manage users and groups + Create, delete, and modify local user accounts > /etc/login.defs > /etc/skel + Change passwords and adjust password aging for local user accounts > # chage -l + Create, delete, and modify local groups and group memberships > groupadd, gpasswd + Configure superuser access > sudo - Manage security + Configure firewall settings using firewall-cmd/firewalld > service: firewalld > config: firewall-cmd, firewall-config > info - # firewall-cmd --get-services - # firewall-cmd --list-all + Create and use file access control lists > getfacl, setfacl + Configure key-based authentication for SSH > on client use ssh-keygen, ssh-copy-id + Set enforcing and permissive modes for SELinux > /etc/sysconfig/selinux > setenforce + List and identify SELinux file and process context > # ls -lZ > # ps -eZ + Restore default file contexts > # restorecon -Fv file1 > # restorecon -FRv folder1/ + Use boolean settings to modify system SELinux settings > # getseebool -a > # setsebool -P + Diagnose and address routine SELinux policy violations > # yum install setroubleshoot-server > # sealert -a /var/log/audit/audit.log - Manage containers + setup > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/building_running_and_managing_containers/ > # dnf module install container-tools + Find and retrieve container images from a remote registry > registries defined in /etc/containers/registries.conf > # podman search postgresql-10 > # podman search --no-trunc registry.redhat.io/rhscl/postgresql-10-rhel7 > # podman login registry.redhat.io > # podman pull registry.redhat.io/rhscl/postgresql-10-rhel7 + Inspect container images > local - # podman images - # podman inspect registry.redhat.io/rhscl/postgresql-10-rhel7 - # podman tag ab2bd6c55ca1 mypostgres - # podman rmi -f ab2bd6c55ca1 > remote - # skopeo inspect docker://registry.redhat.io/rhel8/httpd-24 + Perform container management using commands such as podman and skopeo > create - # podman create --name mypostgres registry.redhat.io/rhscl/postgresql-10-rhel7 > inspect - # podman inspect cec9aae4540f - # podman exec -it cec9aae4540f /bin/bash > save - # podman save --help - # podman load --help > remove - # podman rm 54d8d38f2285 > skopeo - # skopeo --help + Perform basic container management such as running, starting, stopping, and listing running containers > list - # podman ps -a > start/stop - # podman start mypostgres - # podman stop cec9aae4540f > run commands - # podman run --rm registry.redhat.io/rhel8/httpd-24 cat /etc/os-release - # podman run --rm registry.redhat.io/rhel8/httpd-24 ls /root/buildinfo - # podman run --rm registry.redhat.io/rhel8/httpd-24 cat /root/buildinfo/Dockerfile-rhel8-httpd-24-1-120 - # podman run -dt --name website1 -p 8080:8080/tcp registry.redhat.io/rhel8/httpd-24 + # curl --noproxy localhost http://localhost:8080 + # podman stop website1 > logs - # podman logs website1 + Run a service inside a container > # vim Dockerfile FROM registry.access.redhat.com/ubi8/ubi-init RUN yum -y install httpd; yum clean all; systemctl enable httpd; RUN echo "RHCSA - Run a service inside a container" > /var/www/html/index.html RUN mkdir /etc/systemd/system/httpd.service.d/; echo -e '[Service]\nRestart=always' > /etc/systemd/system/httpd.service.d/httpd.conf EXPOSE 80 > # podman build --tag myservice . > # setsebool -P container_manage_cgroup true > # podman run -dt --name website2 -p 9090:80/tcp localhost/myservice + Configure a container to start automatically as a systemd service > root - # podman generate systemd --name website1 > /etc/systemd/system/container-website1.service - # restorecon -FRv /etc/systemd/system/ - # systemctl daemon-reload - # systemctl enable --now container-website1.service - in example above was unable to connect to website successfully upon host reboot + required the following edit to service file [Unit] After=network.target network-online.target > non-root - $ podman pull registry.redhat.io/rhel8/httpd-24 - $ mkdir .httpd - $ echo 'user1 website up and running' > .httpd/index.html - $ podman create -t --name user1-website -p 8080:8080/tcp --privileged -v /home/user1/.httpd:/var/www/html registry.redhat.io/rhel8/httpd-24 - $ podman generate systemd --files --name user1-website - $ mkdir -p .config/systemd/user - $ mv container-user1-website.service .config/systemd/user/ - $ restorecon -FRv .config/ - $ systemctl --user enable --now container-user1-website.service - $ curl --noproxy localhost http://localhost:8080/ user1 website up and running + Attach persistent storage to a container > get image - # podman pull registry.access.redhat.com/ubi8/ubi > default location - # podman volume create myvol123 - # podman volume inspect myvol123 - # podman create -t --name myubi1 -v myvol123:/containervolume1 registry.access.redhat.com/ubi8/ubi /bin/bash - # podman start -ai myubi1 - [root@5073f5958106 /]# touch /containervolume1/testfile1 - [root@5073f5958106 /]# ls -l /containervolume1/ -rw-r--r--. 1 root root 0 Feb 8 05:36 testfile1 - [root@5073f5958106 /]# exit - # ls -l /var/lib/containers/storage/volumes/myvol123/_data/ -rw-r--r--. 1 root root 0 Feb 8 13:36 testfile1 > custom location - # mkdir /containervols - # podman create -t --name myubi2 --privileged -v /containervols:/mnt registry.access.redhat.com/ubi8/ubi /bin/bash - # podman inspect myubi2 - # podman start -ai myubi2 - [root@867ddc3d374b /]# touch /mnt/testfile2 - [root@867ddc3d374b /]# ls -l /mnt/ -rw-r--r--. 1 root root 0 Feb 9 02:40 testfile2 - [root@867ddc3d374b /]# exit - # ls -l /containervols/ -rw-r--r--. 1 root root 0 Feb 9 10:40 testfile2