Red Hat Services Management and Automation

RH358

Welcome

Course Objectives and Structure

Schedule

Orientation to the Classroom Lab Environment

Internationalization

Chapter 1: Managing Network Services

Goal: Discuss and review the key tools and skills needed to manage network services.

Objectives:

Discuss the goal of this course and review how to manage services.
Review how to configure and manage network interfaces with NetworkManager and related tools.
Automate configuration of services and network interfaces with Ansible.

Controlling Network Services

Introduction to Red Hat Services Management and Automation

Introduction to Systemd

Listing Unit Files with Systemctl

Viewing the Status of a Service

Unit Dependencies

Masking Services

Enabling System Daemons to Start or Stop at Boot

Summary of Systemctl Commands

Guided Exercise: Controlling Network Services

Configuring Network Interfaces

NetworkManager Review

Viewing Networking Information

Adding a Network Connection

Controlling Network Connections

Modifying Network Connection Settings

Deleting a Network Connection

Who Can Modify Network Settings?

Summary of Commands

Guided Exercise: Configuring Network Interfaces

Automating Service and Network Interface Configuration

Automation with Red Hat Ansible Automation Platform

Automating Service Management

Configuring Networking with the Network System Role

Ansible Facts for Network Configuration

Guided Exercise: Automating Service and Network Interface Configuration

Lab: Managing Network Services

Summary

Determine the status of system daemons and network services started by systemd.
Start, stop, and enable services using systemctl.
Configure IPv4 and IPv6 networking using nmcli.
Use Ansible to configure network settings using the rhel-system-roles.network role.

Chapter 2: Configuring Link Aggregation

Goal: To configure and troubleshoot advanced network interface functionality, including teaming.

Objectives:

Use network teaming to provide link redundancy or higher throughput.
Manage a network team interface.
Automate the creation and configuration of a network team with Ansible.

Configuring Network Teaming

Introducing Network Teaming Concepts

Configuring Network Teams

Guided Exercise: Configuring Network Teaming

Managing Network Teaming

Network Teaming Configuration Files

Setting and Adjusting Team Configuration

Troubleshooting Network Teams

Guided Exercise: Managing Network Teaming

Automating Network Teaming

Configuring Network Teaming with Ansible

Guided Exercise: Automating Network Teaming

Lab: Configuring Link Aggregation

Summary

Define and activate network teams.
Change the configuration of a network team.
Change the runner used by a team interface.
Troubleshoot a network team with teamnl and teamdctl.
Automate the creation and configuration of network teams by using the rhel-system-roles.network Ansible Role and Ansible modules.

Chapter 3: Managing DNS and DNS Servers

Goal: Explain the operation of DNS service, troubleshoot DNS issues, and configure servers to act as a DNS caching name server or as an authoritative name server.

Objectives:

Describe the basic operation of the DNS protocol, what domains and zones are, and some key DNS resource records.
Configure a more secure caching name server using Unbound.
Troubleshoot problems with DNS name resolution using standard command-line utilities.
Configure authoritative DNS name servers using BIND 9.
Automate the creation and configuration of a caching name server with Unbound and an authoritative name server with BIND 9.

Describing the DNS Service

The Domain Name System

Anatomy of DNS Lookups

DNS lookup process

DNS Resource Records

Hosts and Resource Records

Strengthening DNS Security

Quiz: Describing the DNS Service

Configuring a Caching Name Server with Unbound

Installing and Configuring Unbound

Managing Unbound

Guided Exercise: Configuring a Caching Name Server with Unbound

Troubleshooting DNS Issues

Troubleshooting DNS

Confirming the Source of Name Resolution Issues

Investigating DNS Issues

Handling Old Data on Caching Name Servers

Identifying Issues with Zone Data

Guided Exercise: Troubleshooting DNS Issues

Configuring Authoritative Name Servers with BIND 9

Designing an Architecture for Authoritative Name Servers

DNS lookup by external customer

DNS lookup by internal client

DNS lookup with internal secondary server

Installing BIND

Configuring BIND

Editing Zone Files

Verifying Your Configuration

Running BIND

Guided Exercise: Configuring Authoritative Name Servers with BIND 9

Automating Name Server Configuration

Automating DNS Name Server Deployment

Deploying Unbound with Ansible

Deploying Authoritative BIND Servers with Ansible

Guided Exercise: Automating Name Server Configuration

Lab: Managing DNS for Servers

Summary

Describe the operation of the Domain Name System (DNS) and its components.
Define the resource records used to store data in DNS.
Install an Unbound caching name server, usable by other clients in the organization.
Install primary and secondary BIND authoritative name servers to provide information about your domains to external sources.
Perform basic troubleshooting and maintenance of client name resolution, DNS servers, their zone data, and their caches.
Automate deployment of name servers using Ansible Playbooks.

Chapter 4: Managing DHCP and IP Address Assignment

Goal: Explain and configure services used for IPv4 and IPv6 address assignment, including DHCP, DHCPv6, and SLAAC.

Objectives:

Describe the operation of the DHCP protocol for IPv4, and configure a DHCP server to provide a pool of IPv4 addresses for DHCP clients, while providing reserved addresses to specific clients.
Discuss the role of DHCPv6 in IPv6, compare it to other IPv6 network autoconfiguration techniques, and configure a DHCPv6 server.
Automate the configuration of a DHCP server providing support for IPv4 and IPv6 addresses.

Configuring IPv4 Address Assignment with DHCP

Describing DHCP

Deploying a DHCP Server

Configuring a DHCP Client

Guided Exercise: Configuring IPv4 Address Assignment with DHCP

Configuring IPv6 Address Assignment

Overview of IPv6 Address Autoconfiguration

Reviewing IPv6 Link-local Address Assignment

Describing IPv6 Stateless Address Autoconfiguration

Implementing DHCPv6

Configuring the Automatic Address Assignment Method

Guided Exercise: Configuring IPv6 Address Assignment

Automating DHCP Configuration

Deploying a DHCP Server with Ansible

Configuring a DHCP Client with Ansible

Guided Exercise: Automating DHCP Configuration

Lab: Managing DHCP and IP Address Assignment

Summary

The DHCP server must have an IP address in the subnet or prefix that it manages.
The dhcp-server package provides both the DHCPv4 and DHCPv6 services.
DHCPv4 uses the MAC address of the clients to assign fixed IPv4 addresses.
DHCPv6 uses the DUID of the clients to assign fixed IPv6 addresses.
On clients, set the ipv4.method or ipv6.method to auto for IPv4 or IPv6 autoconfiguration.

Chapter 5: Managing Printers and Printing Files

Goal: Configure systems to print to a network printer that supports IPP Everywhere, and manage existing printer queues.

Objectives:

Create and manage a printer queue for a network printer, and use command-line tools to print files and manage printer queues.
Automate network printer configuration using Ansible.

Configuring and Managing Printers

Describing the CUPS Printing Architecture

Discovering Network Printers with IPP Everywhere

Creating a Print Queue

Printing Files and Managing Print Jobs

Managing Printer Queues

Guided Exercise: Configuring and Managing Printers

Automating Printer Configuration

Deploying CUPS with Ansible

Adding and Removing Printers

Managing Print Queues with Ansible

Guided Exercise: Automating Printer Configuration

Lab: Managing Printers and Printing Files

Summary

Install and use the tools needed to discover IPP Everywhere networked printers.
Install CUPS and use the lpadmin command to create and manage a print queue.
Manage print jobs with the lp, lpstat, and cancel commands.
Adjust print queue print job handling with the cupsenable, cupsdisable, cupsaccept, and cupsreject commands.
Automate printer installation and administration with Ansible.

Chapter 6: Configuring Email Transmission

Goal: Discuss how mail servers operate, and configure a server to use system tools and Postfix to send email messages through an outbound mail relay.

Objectives:

Configure a server to send all email through an outbound SMTP gateway.
Automate the configuration of Postfix to send all outbound email through an SMTP gateway.

Configuring a Send-only Email Service

Describing Email Architecture and Null Clients

Sending Email with Postfix

Troubleshooting Email Transmission

Guided Exercise: Configuring Send-only Email Service

Automating Postfix Configuration

Configuring SMTP with the Postfix System Role

Guided Exercise: Automating Postfix Configuration

Lab: Configuring Email Transmission

Summary

Many system applications can send email by using the helper application /usr/sbin/sendmail or by connecting to a local mail server on localhost port 25/TCP.
Postfix provides /usr/sbin/sendmail and the local mail server by default on Red Hat Enterprise Linux 8.
A null client is a local mail server that does not accept email for local delivery and submits all outbound email to a mail relay for delivery to other servers.

Summary (continued)

The main Postfix configuration file, /etc/postfix/main.cf, can be edited by hand or by using the postconf command.
The Ansible Role rhel-system-roles.postfix, also called linux-system-roles.postfix, provides an easy way to automate Postfix configuration.

Chapter 7: Configuring MariaDB SQL Databases

Goal: Discuss the basic operation of SQL-based relational databases, perform basic SQL queries for troubleshooting, and be able to set up a simple MariaDB database service.

Objectives:

Install and perform basic configuration of a MariaDB relational database server.
Examine, search, create, and change database information using Structured Query Language (SQL) and MariaDB statements.
Configure database users and assign them access rights in MariaDB.
Back up a MariaDB database safely and restore that backup.
Automate the installation and configuration of a MariaDB database server.

Installing a MariaDB Database

Describing the Importance of Relational Databases

Installing MariaDB

Securing the MariaDB Installation

Managing Connections to MariaDB

Local access to MariaDB

Remote access to MariaDB

Guided Exercise: Installing a MariaDB Database

Working with SQL in MariaDB

Accessing MariaDB Databases

Creating a New Database

Investigating a Database's Structure with SQL

Modifying Data in a Database

Guided Exercise: Working with SQL in MariaDB

Managing MariaDB Users and Access Rights

Creating User Accounts in MariaDB

Controlling User Privileges

Dropping User Accounts

Troubleshooting Database Access

Guided Exercise: Managing MariaDB Users and Access Rights

Creating and Restoring MariaDB Backups

Creating a Backup of MariaDB Databases

Performing a Logical Backup

Performing a Physical Backup

Restoring a Backup

Guided Exercise: Creating and Restoring MariaDB Backups

Automating MariaDB Deployment

Deploying MariaDB with Ansible

Configuring MariaDB Security with Ansible

Managing MariaDB Users with Ansible

Creating and Restoring from Backup Files with Ansible

Guided Exercise: Automating MariaDB Deployment

Lab: Configuring MariaDB SQL Databases

Summary

Describe basic relational database concepts.
Perform a MariaDB installation.
Use SQL to create, examine, and search databases.
Create users, and grant, revoke, and flush privileges.
Back up and restore a MariaDB database.
Automate the installation and configuration of MariaDB servers and clients.

Chapter 8: Configuring Web Servers

Goal: Provide web content from Apache HTTPD or Nginx web servers, and configure them with virtual hosts and TLS-based encryption.

Objectives:

Configure a basic web server using Apache HTTPD.
Configure Apache HTTPD to provide IP-based and name-based virtual hosts.
Configure Apache HTTPD to provide virtual hosts that use TLS to support the HTTPS protocol.
Configure a web server that provides HTTPS access to multiple virtual hosts using Nginx.
Automate configuration of Apache HTTPD and Nginx web servers using Ansible.

Configuring a Basic Web Server with Apache HTTPD

Installing Apache HTTP Server

Configuring Apache HTTP Server

Starting Apache HTTP Server

Guided Exercise: Configuring a Basic Web Server with Apache HTTPD

Configuring and Troubleshooting Virtual Hosts with Apache HTTPD

Providing Multiple Web Sites with Virtual Hosts

Configuring Apache HTTPD Virtual Hosts

Troubleshooting Virtual Hosts

Guided Exercise: Configuring and Troubleshooting Virtual Hosts with Apache HTTPD

Configuring HTTPS with Apache HTTPD

Describing the TLS Protocol

Obtaining a Server Certificate

Configuring a TLS-based Virtual Host

Redirecting HTTP Clients to the HTTPS Site

Guided Exercise: Configuring HTTPS with Apache HTTPD

Configuring a Web Server with Nginx

Installing Nginx

Configuring Nginx

Running Nginx

Guided Exercise: Configuring a Web Server with Nginx

Automating Web Server Configuration

Installing the Web Service Package

Deploying the Web Content

Deploying Server Certificates and Keys

Deploying Configuration Files

Configuring Firewall Rules

Ensuring the Web Server is Running

Preparing Handlers

Guided Exercise: Automating Web Server Configuration

Lab: Configuring Web Servers

Summary

Apache HTTP Server and Nginx both provide support for running a web server on Red Hat Enterprise Linux.
Both web servers allow you to support multiple web sites on the same server.
The HTTPS protocol uses TLS private keys and server certificates to protect communication between web browsers and web servers.

Summary (continued)

Each virtual host provided by the web server can have its own TLS certificate and private key, and the TLS certificate can support multiple names for the same site.
Ansible provides tools that you can use to manage TLS private keys, certificate signing requests, and certificates, as well as automating your web server deployment and configuration.

Chapter 9: Optimizing Web Server Traffic

Goal: Improve performance of your web servers by using Varnish to cache static content being served and HAProxy to terminate TLS connections and balance load between servers.

Objectives:

Improve web site performance by caching static web content with Varnish.
Improve web site performance by using HAProxy as a load balancer and an HTTPS terminator in front of your Varnish Cache.
Automate the configuration of HAProxy and Varnish using Ansible.

Caching Static Content with Varnish

Describing Varnish

Retrieving an object from the back-end web server

Retrieving an object from the cache

Deploying Varnish

Configuring Varnish

Troubleshooting and Managing Varnish

Guided Exercise: Caching Static Content with Varnish

Terminating HTTPS Traffic and Load Balancing with HAProxy

Describing HAProxy

Terminating HTTPS connections with HAProxy

Load balancing requests with HAProxy

Deploying and Configuring HAProxy

Configuring HAProxy in Front of Varnish

Load balancing requests to Varnish

Monitoring and Managing HAProxy

Guided Exercise: Terminating HTTPS Traffic and Load Balancing with HAProxy

Automating Web Service Optimization

Deploying HAProxy and Varnish with Ansible

Using the HAProxy Module for Rolling Updates

Guided Exercise: Automating Web Service Optimization

Lab: Optimizing Web Server Traffic

Summary

Varnish Cache speeds up web server response by caching commonly accessed objects in memory.
The cache configuration and access control list for Varnish is specified by writing statements in /etc/varnish/default.vcl using the Varnish Control Language (VCL).
To change the network port used by Varnish, you override the systemd service file's ExecStart parameter.
You can use HAProxy to balance load between multiple web servers.

Summary (continued)

HAProxy can also terminate HTTPS connections and forward them through a Varnish Cache for a web server.
You can use Ansible and its haproxy module to perform rolling upgrades of web content and software for an HAProxy-based load balanced web farm.

Chapter 10: Providing File-based Network Storage

Goal: Provide simple file-based network shares to clients using the NFS and SMB protocols.

Objectives:

Export file systems for network clients using the NFS protocol, restricting access based on source IP addresses.
Share file systems to network clients using the SMB protocol.
Automate configuration of network file systems using NFS and SMB.

Exporting NFS File Systems

Describing NFS

Enabling the NFS Server

Configuring NFS Exports

Inspecting NFS Exports

Guided Exercise: Exporting NFS File Systems

Providing SMB File Shares

Describing SMB

Sharing Directories with SMB

Installing Samba and Preparing Directories for Sharing

Configuring Samba

Preparing Samba Users

Starting Samba

Mounting SMB File Systems

Guided Exercise: Providing SMB File Shares

Automating File-based Storage Provisioning

Deploying an NFS Server with Ansible

Configuring NFS Clients with Ansible

Deploying Samba with Ansible

Configuring SMB Clients with Ansible

Guided Exercise: Automating File-based Storage Provisioning

Lab: Providing File-based Network Storage

Summary

NFS exports are declared in /etc/exports or /etc/exports.d/*.exports files on the NFS server.
The nfs-utils package is required on both the NFS server and NFS clients.
Directories shared using SMB must have the SELinux samba_share_t context type.
The Samba configuration file is /etc/samba/smb.conf.
The smbpasswd -a command adds users to the Samba database.
The samba package is required on Linux SMB servers. The cifs-utils package is required on Linux clients to mount SMB shares.

Summary (continued)

The credentials mount option points to a file that provides the user name and password for SMB authentication.
To access an SMB share that uses the multiuser mount option with minimal default credentials, users must run the cifscreds add command to authenticate with their SMB credentials for the current session.

Chapter 11: Accessing Block-based Network Storage

Goal: Configure iSCSI initiators on your servers to access block-based storage devices provided by network storage arrays or Ceph storage clusters.

Objectives:

Provide block-based storage to network clients using the iSCSI protocol.
Configure an iSCSI initiator to access a network-based block device, format a new iSCSI device with a file system, configure it for use at boot, and be able to safely discontinue the use of an existing iSCSI block device.
Automate the configuration of an iSCSI initiator on a server.

Providing iSCSI Storage

Describing iSCSI

Preparing the System to Provide iSCSI Targets

Configuring iSCSI Targets

Managing Targets in the Command-line Mode

Guided Exercise: Providing iSCSI Storage

Accessing iSCSI Storage

Configuring iSCSI Initiators

Disconnecting from Targets

Guided Exercise: Accessing iSCSI Storage

Automating iSCSI Initiator Configuration

Connecting to iSCSI Targets Using Ansible

Formatting iSCSI Devices

Guided Exercise: Automating iSCSI Initiator Configuration

Lab: Accessing Block-based Network Storage

Summary

The targetcli package provides the targetcli tool that you use to create targets.
Configuring an iSCSI client initiator requires installing the iscsi-initiator-utils package.
The initiator IQN is defined in the /etc/iscsi/initiatorname.iscsi file.
The iscsid service must be restarted whenever you modify the /etc/iscsi/initiatorname.iscsi file.
The Ansible open_iscsi module discovers and logs in to targets.
The Ansible storage system role formats and persistently mounts new block devices.