Red Hat System Administration II

RH134

Welcome

Course Objectives and Structure

Schedule

Chapter 1: Improve Command-line Productivity

Goal: Run commands more efficiently by using advanced features of the Bash shell, shell scripts, and various Red Hat Enterprise Linux utilities.

Objectives:

• Run commands more efficiently by using advanced features of the Bash shell, shell scripts, and various Red Hat Enterprise Linux utilities.

• Run repetitive tasks with for loops, evaluate exit codes from commands and scripts, run tests with operators, and create conditional structures with if statements.

• Create regular expressions to match data, apply regular expressions to text files with the grep command, and use grep to search files and data from piped commands.

Guided Exercise: Write Simple Bash Scripts

Guided Exercise: Loops and Conditional Constructs in Scripts

Guided Exercise: Match Text in Command Output with Regular Expressions

Lab: Improve Command-line Productivity

Summary

• Create and execute Bash scripts to accomplish administration tasks.
• Use loops to iterate through a list of items from the command line and in a shell script.
• Use conditional structures to incorporate decision-making into shell scripts.
• Search for text in log and configuration files by using regular expressions and the grep command.

Chapter 2: Schedule Future Tasks

Goal: Schedule tasks to execute at a specific time and date.

Objectives:

• Set up a command to run once at a future time.

• Schedule commands to run on a repeating schedule with a user's crontab file.

• Schedule commands to run on a repeating schedule with the system crontab file and directories.

• Enable and disable systemd timers, and configure a timer that manages temporary files.

Guided Exercise: Schedule a Deferred User Job

Guided Exercise: Schedule Recurring User Jobs

Guided Exercise: Schedule Recurring System Jobs

Guided Exercise: Manage Temporary Files

Quiz: Schedule Future Tasks

Summary

• Deferred jobs or tasks are scheduled to run once in the future.
• Recurring user jobs execute the user's tasks on a repeating schedule.
• Recurring system jobs accomplish, on a repeating schedule, administrative tasks with system-wide impact.
• The systemd timer units can execute both the deferred and recurring jobs.

Chapter 3: Analyze and Store Logs

Goal: Locate and accurately interpret system event logs for troubleshooting purposes.

Objectives:

• Describe the basic Red Hat Enterprise Linux logging architecture to record events.

• Interpret events in the relevant syslog files to troubleshoot problems or to review system status.

• Find and interpret entries in the system journal to troubleshoot problems or review system status.

• Configure the system journal to preserve the record of events when a server is rebooted.

• Maintain accurate time synchronization with Network Time Protocol (NTP) and configure the time zone to ensure correct time stamps for events that are recorded by the system journal and logs.

Quiz: Describe System Log Architecture

Guided Exercise: Review Syslog Files

Guided Exercise: Review System Journal Entries

Guided Exercise: Preserve the System Journal

Guided Exercise: Maintain Accurate Time

Lab: Analyze and Store Logs

Summary

• The systemd-journald and rsyslog services capture and write log messages to the appropriate files.
• The /var/log directory contains log files.
• Periodic rotation of log files prevents them from filling up the file-system space.
• The systemd journals are temporary and do not persist across a reboot.
• The chronyd service helps to synchronize time settings with a time source.
• You can update the time zone of the server based on its location.

Chapter 4: Archive and Transfer Files

Goal: Archive and copy files from one system to another.

Objectives:

• Archive files and directories into a compressed file with tar, and extract the contents of an existing tar archive.

• Transfer files to or from a remote system securely with SSH.

• Efficiently and securely synchronize the contents of a local file or directory with a remote server copy.

Guided Exercise: Manage Compressed tar Archives

Guided Exercise: Transfer Files Between Systems Securely

Guided Exercise: Synchronize Files Between Systems Securely

Lab: Archive and Transfer Files

Summary

• The tar command creates an archive file from a set of files and directories. This command also extracts and lists files from an archive file.
• The tar command provides a set of compression methods to reduce archive size.
• Besides providing a secure remote shell, the SSH service also provides the sftp command to transfer files securely to and from a remote system that runs the SSH server.
• The rsync command securely and efficiently synchronizes files between two directories, of which either one can be on a remote system.

Chapter 5: Tune System Performance

Goal: Improve system performance by setting tuning parameters and adjusting the scheduling priority of processes.

Objectives:

• Optimize system performance by selecting a tuning profile that the tuned daemon manages.

• Prioritize or deprioritize specific processes, with the nice and renice commands.

Guided Exercise: Adjust Tuning Profiles

Guided Exercise: Influence Process Scheduling

Lab: Tune System Performance

Summary

• The tuned service automatically modifies device settings to meet specific system needs based on a predefined selected tuning profile.
• To revert all changes of the selected profile to the system settings, either switch to another profile or deactivate the tuned service.
• The system assigns a relative priority to a process to determine its CPU access. This priority is called the nice value of a process.
• The nice command assigns a priority to a process when it starts.
• The renice command modifies the priority of a running process.

Chapter 6: Manage SELinux Security

Goal: Protect and manage server security by using SELinux.

Objectives:

• Explain how SELinux protects resources, change the current SELinux mode of a system, and set the default SELinux mode of a system.

• Manage the SELinux policy rules that determine the default context for files and directories with the semanage fcontext command, and apply the context defined by the SELinux policy to files and directories with the restorecon command.

• Activate and deactivate SELinux policy rules with the setsebool command, manage the persistent value of SELinux Booleans with the semanage boolean -l command, and consult man pages that end with _selinux to find useful information about SELinux Booleans.

• Use SELinux log analysis tools and display useful information during SELinux troubleshooting with the sealert command.

Guided Exercise: Change the SELinux Enforcement Mode

Guided Exercise: Control SELinux File Contexts

Guided Exercise: Adjust SELinux Policy with Booleans

Guided Exercise: Investigate and Resolve SELinux Issues

Lab: Manage SELinux Security

Summary

• Use the getenforce and setenforce commands to manage the SELinux mode of a system.
• The semanage command manages SELinux policy rules. The restorecon command applies the context that the policy defines.
• Booleans are switches that change the behavior of the SELinux policy. You can enable or disable them to tune the policy.
• The sealert command displays useful information to help with SELinux troubleshooting.

Chapter 7: Manage Basic Storage

Goal: Create and manage storage devices, partitions, file systems, and swap spaces from the command line.

Objectives:

• Create storage partitions, format them with file systems, and mount them for use.

• Create and manage swap spaces to supplement physical memory.

Guided Exercise: Add Partitions, File Systems, and Persistent Mounts

Guided Exercise: Manage Swap Space

Lab: Manage Basic Storage

Summary

• The parted command adds, modifies, and removes partitions on disks with the MBR or the GPT partitioning scheme.
• The mkfs.xfs command creates XFS file systems on disk partitions.
• The /etc/fstab file contains devices that must be persistently mounted.
• The mkswap command initializes swap spaces.

Chapter 8: Manage Storage Stack

Goal: Create and manage logical volumes that contain file systems or swap spaces from the command line.

Objectives:

• Describe logical volume manager components and concepts, and implement LVM storage and display LVM component information.

• Analyze the multiple storage components that make up the layers of the storage stack.

Guided Exercise: Create and Extend Logical Volumes

Guided Exercise: Manage Layered Storage

Lab: Manage Storage Stack

Summary

• You can use LVM to create flexible storage by allocating space on multiple storage devices.
• Physical volumes, volume groups, and logical volumes are managed by the pvcreate, vgreduce, and lvextend commands.
• Logical volumes can be formatted with a file system or swap space, and they can be mounted persistently.
• Storage can be added to volume groups, and logical volumes can be extended dynamically.
• Storage stack uses layers and components to manage storage efficiently.
• Virtual Data Optimizer (VDO) uses LVM for compression and deduplication of data.
• You can use Stratis to configure initial storage or to enable advanced storage features.

Chapter 9: Access Network-Attached Storage

Goal: Access network-attached storage with the NFS protocol.

Objectives:

• Identify NFS export information, create a directory to use as a mount point, mount an NFS export with the mount command or by configuring the /etc/fstab file, and unmount an NFS export with the umount command.

• Describe the benefits of using the automounter, and automount NFS exports by using direct and indirect maps.

Guided Exercise: Manage Network-Attached Storage with NFS

Guided Exercise: Automount Network-Attached Storage

Lab: Access Network-Attached Storage

Summary

• Mount and unmount an NFS share from the command line.
• Configure an NFS share to mount automatically at startup.
• Configure the automounter with direct and indirect maps, and describe their differences.

Chapter 10: Control the Boot Process

Goal: Manage the boot process to control offered services and to troubleshoot and repair problems.

Objectives:

• Describe the Red Hat Enterprise Linux boot process, set the default target when booting, and boot a system to a non-default target.

• Log in to a system and change the root password when the current root password is lost.

• Manually repair file-system configuration or corruption issues that stop the boot process.

Guided Exercise: Select the Boot Target

Guided Exercise: Reset the Root Password

Guided Exercise: Repair File-system Issues at Boot

Lab: Control the Boot Process

Summary

• The systemctl reboot and systemctl poweroff commands reboot and power down a system, respectively.
• The systemctl isolate target-name.target command switches to a new target at runtime.
• The systemctl get-default and systemctl set-default commands can query and set the default target.
• You can use the rd.break option on the kernel command line to interrupt the boot process before control is handed over from the initramfs image. The root file system is mounted read-only under /sysroot.
• The emergency target can diagnose and fix file-system issues.

Chapter 11: Manage Network Security

Goal: Control network connections to services with the system firewall and SELinux rules.

Objectives:

• Accept or reject network connections to system services with firewalld rules.

• Verify that network ports have the correct SELinux type for services to bind to them.

Guided Exercise: Manage Server Firewalls

Guided Exercise: Control SELinux Port Labeling

Lab: Manage Network Security

Summary

• The netfilter framework enables kernel modules to inspect every packet that traverses the system, including all incoming, outgoing, or forwarded network packets.
• The firewalld service simplifies management by classifying all network traffic into zones. Each zone has its own list of ports and services. The public zone is set as the default zone.
• The firewalld service ships with predefined services. You can list these services by using the firewall-cmd --get-services command.

Summary (continued)

• SELinux policy controls network traffic by labeling the network ports. For example, the ssh_port_t label is associated with the 22/TCP port. When a process wants to listen on a port, SELinux verifies whether the port's associated label is allowed to bind that port label.
• Use the semanage command to add, delete, and modify labels.

Chapter 12: Install Red Hat Enterprise Linux

Goal: Install Red Hat Enterprise Linux on servers and virtual machines.

Objectives:

• Install Red Hat Enterprise Linux on a server.

• Explain Kickstart concepts and architecture, create a Kickstart file with the Kickstart Generator website, modify an existing Kickstart file with a text editor and check its syntax with ksvalidator, publish a Kickstart file to the installer, and install Kickstart on the network.

• Install a virtual machine on your Red Hat Enterprise Linux server with the web console.

Guided Exercise: Install Red Hat Enterprise Linux

Guided Exercise: Automate Installation with Kickstart

Quiz: Install and Configure Virtual Machines

Lab: Install Red Hat Enterprise Linux

Summary

• The RHEL 9 binary DVD includes Anaconda and all required repositories for installation.
• The RHEL 9 boot ISO includes the Anaconda installer, and can access repositories over the network during installation.
• The Kickstart system can perform unattended installations.
• You can create Kickstart files by using the Kickstart Generator website or by copying and editing /root/anaconda-ks.cfg.
• The Virtualization Host DNF package group provides the packages for a RHEL system to become a virtualization host.
• The cockpit-machines package adds the Virtual Machines menu to Cockpit.

Chapter 13: Run Containers

Goal: Obtain, run, and manage simple lightweight services as containers on a single Red Hat Enterprise Linux server.

Objectives:

• Explain container concepts and the core technologies for building, storing, and running containers.

• Pull container images from a registry and run containers by using Podman.

• Authenticate to and explore the container images stored in remote container registries.

• Manage the lifecycle of a container from creation to deletion.

Quiz: Introduction to Containers

Guided Exercise: Creating Containers with Podman

Guided Exercise: Container Image Registries

Guided Exercise: Managing the Container Lifecycle

Lab: Run Containers

Summary

• A container is an encapsulated process that includes the required runtime dependencies for the program to run.
• Registries are used to store container images to later share them in a controlled manner.
• Containers are ephemeral by default, which means that the container engine removes the writable layer when you remove the container.
• Hypervisors are applications that provide the virtualization functionality for virtual machines. The container equivalent of a hypervisor is a container engine, such as Podman.

Summary (continued)

• Podman, which Red Hat Enterprise Linux provides, is a container engine that directly runs and manages container instances and container images on a single host.
• With Podman, you can find, run, build, or deploy OCI (Open Container Initiative) containers and container images. By default, Podman is daemonless.
• As a regular user, you can create systemd unit files to manage your rootless containers.

Chapter 14: Comprehensive Review

Lab: Fix Boot Issues and Maintain Servers

Lab: Configure and Manage File Systems and Storage

Lab: Configure and Manage Server Security

Lab: Run Containers