Preparation Set 2
Q1:Break into serverA and then set the root password to root. Set the target as multi-user and make sure it boots into that automatically. Reboot to confirm.
# Select the Rescue Mode by up down arrows , and press e # Add the following line at the end of the text 'quiet' rd.break # Press ctrl+x # Follow the commands switch_root:/# mount -o remount,rw /sysroot switch_root:/# chroot /sysroot sh-5.1# passwd sh-5.1# touch /.autorelabel sh-5.1# systemctl set-default multi-user sh-5.1# systemctl get-default sh-5.1# exit switch_root:/# reboot
Q2 : Configure Hostname and Ip Address on this machine
IP Address : 192.168.208.138
NetMask : 255.255.255.0
Gateway : 192.168.208.2
DNS : 192.168.208.2
[root@serverA ~]# nmcli conn add con-name serverAnet2 ifname ens160 type ethernet ipv4.method manual ipv4.addresses 192.168.208.138/24 ipv4.dns 192.168.208.2 ipv4.gateway 192.168.208.2 Connection 'serverAnet2' (db86b64e-9645-4888-9a40-34d0a6256327) successfully added. [root@serverA ~]# nmcli conn show NAME UUID TYPE DEVICE serverAnet 62012638-3b99-4f06-9501-1387844d33a5 ethernet ens160 lo f1ffff9a-fa27-4b6a-b791-1a5bb234841d loopback lo serverAnet2 db86b64e-9645-4888-9a40-34d0a6256327 ethernet -- Wired connection 1 4569ab1e-41c7-4a01-bb5b-d02ad68c5d8b ethernet -- [root@serverA ~]# nmcli conn up serverAnet2 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3) [root@serverA ~]# cat /etc/NetworkManager/system-connections/serverAnet2.nmconnection [connection] id=serverAnet2 uuid=db86b64e-9645-4888-9a40-34d0a6256327 type=ethernet interface-name=ens160 [ethernet] [ipv4] address1=192.168.208.138/24,192.168.208.2 dns=192.168.208.2; method=manual [ipv6] addr-gen-mode=default method=auto [proxy]
Q3: Enable ssh access for root on both servers.
# Configuration file of ssh [root@serverA ~]# vim /etc/ssh/sshd_config PermitRootLogin yes # Restart the sshd service [root@serverA ~]# systemctl restart sshd #SERVER A [root@serverA ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:bZchcrO7nh452I8+I299R0Prtog3KhdrZHO+s+tYJCI root@serverA The key's randomart image is: +---[RSA 3072]----+ | | | | | . + . | | + + o . | | ES.+.o.. .| | .+.Oo. o.| | . O.*....| | ..+@==oo.| | B%*=BBo.| +----[SHA256]-----+ [root@serverA ~]# ssh-copy-id root@192.168.208.137 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.208.137's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.208.137'" and check to make sure that only the key(s) you wanted were added. [root@serverA ~]# ssh root@192.168.208.137 Activate the web console with: systemctl enable --now cockpit.socket Last login: Tue Oct 8 14:28:52 2024 from 192.168.208.138
Q4: Configure min length of password to be 8
[root@serverA ~]# vim /etc/security/pwquality.conf [root@serverA ~]# grep minlen /etc/security/pwquality.conf minlen = 8
Q5: Create a script to add new group from a list
[root@serverA scripts]# cat grouplist.txt dba_admin:5010 dba_managers:5011 dba_staff:5012 dba_intern:5013 it_staff:5014 it_managers:5015 [root@serverA scripts]# cat creategroup.sh for i in $(cat ./grouplist.txt) do groupname=$(echo $i | cut -f 1 -d :) groupid=$(echo $i | cut -f 2 -d :) groupadd -g $groupid $groupname echo "group created : $groupname:$groupid " done
Q6:Create a script to delete two last groups from /etc/group
[root@serverA scripts]# cat groupdel.sh for i in $(tail -2 /etc/group) do groupname=$(echo $i | cut -f 1 -d :) groupdel $groupname echo "Deleted $groupname" done
Q7: Secure copy all the script files to server B
[root@serverA ~]# scp scripts/* root@192.168.208.137:/root/ creategroup.sh 100% 195 424.6KB/s 00:00 groupdel.sh 100% 127 394.3KB/s 00:00 grouplist.txt 100% 95 242.4KB/s 00:00 script1.sh 100% 189 486.0KB/s 00:00 script2.sh 100% 144 437.8KB/s 00:00 student.sh 100% 228 786.9KB/s 00:00 userlist.txt 100% 166 519.0KB/s 00:00 [root@serverB ~]# ls creategroup.sh groupdel.sh grouplist.txt script1.sh script2.sh student.sh userlist.txt
Q8: Change password for nancy mike harry natasha user1 using script
[root@serverA scripts]# cat changepassword.sh num=0 for i in nancy mike harry natasha user1 do echo $i echo "redhat" | passwd --stdin $i done
Q9: Define Command Alias
# Temporary alias to view last ten log messages [root@serverA log]# alias logive='tail -10 /var/log/messages' [root@serverA log]# logive Oct 9 13:49:00 serverA chronyd[942]: System clock wrong by 1.454455 seconds Oct 9 13:49:42 serverA systemd[1]: Starting PackageKit Daemon... Oct 9 13:49:42 serverA systemd[1]: Started PackageKit Daemon. Oct 9 13:50:05 serverA chronyd[942]: System clock wrong by 1.291550 seconds Oct 9 13:51:10 serverA chronyd[942]: System clock wrong by 1.703638 seconds Oct 9 13:52:14 serverA chronyd[942]: System clock wrong by 1.964906 seconds Oct 9 13:53:19 serverA chronyd[942]: System clock wrong by 1.901705 seconds Oct 9 13:54:24 serverA chronyd[942]: System clock wrong by 1.837731 seconds Oct 9 13:55:29 serverA chronyd[942]: System clock wrong by 1.761417 seconds Oct 9 13:56:34 serverA chronyd[942]: System clock wrong by 1.209373 seconds # Permanent alias to clear screen using safagara [root@serverA ~]# vim .bashrc [root@serverA ~]# tail -1 .bashrc alias safagara='clear' [root@serverA ~]# source .bashrc [root@serverA ~]# safagara
Q10: On server1 create a tar w/gzip archive of /etc called etc_archive.tar.gz in the /archives directory.
[root@serverA archives]# tar -zcvf /archives/etc_archive.tar.gz /etc
Q11: On server1 create a star w/bzip2 archive of /usr/share/doc called doc_archive.tar.bz2 in the /archives directory.
[root@serverA archives]# tar -jcvf /archives/doc_archive.tar.bz2 /usr/share/doc
Q12: On server1 create a folder called /links, and under links create a file called file01. Create a soft link called file02 pointing to file01, and a hard link called file03 pointing to file01. Check your work.
[root@serverA links]# vim file01 [root@serverA links]# ln -s file01 file02 [root@serverA links]# ln file01 file03 [root@serverA links]# ls -lai total 12 270703 drwxr-xr-x. 2 root root 48 Oct 9 14:59 . 128 dr-xr-xr-x. 22 root root 4096 Oct 9 14:53 .. 320748 -rw-r--r--. 2 root root 15 Oct 9 14:59 file01 320749 lrwxrwxrwx. 1 root root 6 Oct 9 14:59 file02 -> file01 320748 -rw-r--r--. 2 root root 15 Oct 9 14:59 file03
Q13: Find all setuid files on server1 and save the list to /root/suid.txt.
[root@serverA /]# find / -type f -perm -u+s >/root/suid.txt find: ‘/proc/6193/task/6193/fdinfo/5’: No such file or directory find: ‘/proc/6193/fdinfo/6’: No such file or directory [root@serverA /]# cat /root/suid.txt /usr/bin/chage /usr/bin/gpasswd /usr/bin/newgrp /usr/bin/fusermount3 /usr/bin/mount /usr/bin/umount /usr/bin/fusermount /usr/bin/pkexec /usr/bin/su /usr/bin/crontab /usr/bin/sudo /usr/bin/chfn /usr/bin/vmware-user-suid-wrapper /usr/bin/passwd /usr/bin/chsh /usr/bin/at /usr/sbin/pam_timestamp_check /usr/sbin/unix_chkpwd /usr/sbin/grub2-set-bootflag /usr/sbin/userhelper /usr/sbin/mount.nfs /usr/lib/polkit-1/polkit-agent-helper-1 /usr/libexec/sssd/krb5_child /usr/libexec/sssd/ldap_child /usr/libexec/sssd/proxy_child /usr/libexec/sssd/selinux_child /usr/libexec/dbus-1/dbus-daemon-launch-helper /usr/libexec/Xorg.wrap /usr/libexec/cockpit-session
Q14: Find all files larger than 3MB in the /etc directory on server1 and copy them to /largrfiles.
[root@serverA /]# find /etc -type f -size +3M -exec cp -rf {} /largrfiles/ \; [root@serverA /]# ls afs bin dev exams home lib loans mnt proc root sbin sys usr autorelabel boot etc found largrfiles lib64 media opt remote run srv tmp var [root@serverA largrfiles]# ls -lh total 16M -r--r--r--. 1 root root 13M Oct 9 15:07 hwdb.bin -rw-r--r--. 1 root root 3.5M Oct 9 15:07 policy.33
Q15: Persistently mount /export/dba_files from the server 192.168.55.47 under /mnt/dba_files.
[root@serverA mnt]# showmount -e 192.168.208.137 Export list for 192.168.208.137: /export/dba_files 192.168.208.138 [root@serverA mnt]# vim /etc/fstab [root@serverA mnt]# tail -1 /etc/fstab 192.168.208.137:/export/dba_files /mnt/dba_files nfs defaults 0 0 [root@serverA mnt]# systemctl daemon-reload [root@serverA mnt]# mount -a [root@serverA mnt]# ls dba_files hgfs wshare
Q16: Create a job using at to write "This task was easy!" to /exams/at_job.txt in 10 minutes.
[root@serverA exams]# rpm -q at at-3.1.23-11.el9.aarch64 [root@serverA exams]# systemctl status atd [root@serverA exams]# at now + 10 minutes warning: commands will be executed using /bin/sh at> echo "This task was easy!" >/exams/at_job.tx at> <EOT> job 1 at Wed Oct 9 16:37:00 2024
Q17: Create a job using cron to write "Wow! I'm going to pass this test!" every Tuesday at 3pm to /var/log/messages.
[root@serverA ~]# rpm -q cronie cronie-1.5.7-11.el9.aarch64 [root@serverA ~]# systemctl status crond.service [root@serverA ~]# crontab -e [root@serverA ~]# crontab -l 00 15 * * 2 echo "Wow! I'm going to pass this test!">>/var/log/messages
Q18: Write a script named awesome.sh in the root directory on server1.
- a) If “me” is given as an argument, then the script should output “Yes, I’m awesome.”
- b) If “them” is given as an argument, then the script should output “Okay, they are awesome.”
- c) If the argument is empty or anything else is given, the script should output “Usage ./awesome.sh me|them”
[root@serverA ~]# touch awesome.sh [root@serverA ~]# chmod u+x awesome.sh [root@serverA ~]# ls -lh awesome.sh -rwxr--r--. 1 root root 0 Oct 9 16:41 awesome.sh [root@serverA ~]# cat awesome.sh if [ $1 == "me" ] then echo " Yes, I’m awesome." elif [ $1 == "you" ] then echo "Okay, they are awesome." else echo "Usage ./awesome.sh me|them" fi [root@serverA ~]# vim awesome.sh [root@serverA ~]# ./awesome.sh me Yes, I’m awesome. [root@serverA ~]# ./awesome.sh you “Okay, they are awesome.” [root@serverA ~]# ./awesome.sh they Usage ./awesome.sh me|them
Put SELinux on server2 in permissive mode.
# Temporary [root@serverA ~]# setenforce 0 [root@serverA ~]# getenforce Permissive # Permanent [root@serverA ~]# vim /etc/selinux/config SELINIUX=permissive
Modify the bootloader with the following parameters:
- Increase the timeout using GRUB_TIMEOUT=10
- Add the following line: GRUB_TIMEOUT_STYLE=hidden
- Add quiet to the end of the GRUB_CMDLINE_LINUX line
- Set grub password
[root@serverA default]# pwd /etc/default [root@serverA default]# ls grub useradd [root@serverA default]# vim grub GRUB_TIMEOUT=10 GRUB_TIMEOUT_STYLE=hidden GRUB_CMDLINE_LINUX [root@serverA default]# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... Adding boot menu entry for UEFI Firmware Settings ... done [root@serverA grub2]# grub2-setpassword Enter password: Confirm password: # user.cfg file is generated [root@serverA grub2]# ls fonts grub.cfg grubenv user.cfg [root@serverA grub2]# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... Adding boot menu entry for UEFI Firmware Settings ... done
Q19: Configure NTP synchronization on serverA. Point them to us.pool.ntp.org.
[root@serverA ~]# rpm -q chrony chrony-4.6-1.el9.aarch64 [root@serverA ~]# systemctl status chrony [root@serverA ~]# vim /etc/chrony.conf server us.pool.ntp.org iburst [root@serverA ~]# systemctl restart chronyd [root@serverA ~]# timedatectl set-ntp true [root@serverA ~]# chronyc sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^? 5-243-119-74.ritternet.c> 0 7 0 - +0ns[ +0ns] +/- 0ns
Q20: On serverB, create a new 2GiB volume group on /dev/nvme0n2 named "platforms_vg".
# Creating PV [root@serverB ~]# pvcreate /dev/nvme0n2 Physical volume "/dev/nvme0n2" successfully created. [root@serverB ~]# pvs PV VG Fmt Attr PSize PFree /dev/nvme0n1p3 cs lvm2 a-- 18.41g 0 /dev/nvme0n2 lvm2 --- 5.00g 5.00g [root@serverB ~]# pvdisplay /dev/nvme0n2 "/dev/nvme0n2" is a new physical volume of "5.00 GiB" --- NEW Physical volume --- PV Name /dev/nvme0n2 VG Name PV Size 5.00 GiB Allocatable NO PE Size 0 Total PE 0 Free PE 0 Allocated PE 0 PV UUID w2w0QG-KmiP-PFLH-i7ug-lFhE-GT03-pGWMMV # Creating VG [root@serverB ~]# vgcreate platforms_vg /dev/nvme0n2 Volume group "platforms_vg" successfully created [root@serverB ~]# vgs VG #PV #LV #SN Attr VSize VFree cs 1 2 0 wz--n- 18.41g 0 platforms_vg 1 0 0 wz--n- <5.00g <5.00g [root@serverB ~]# vgdisplay platforms_vg --- Volume group --- VG Name platforms_vg System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size <5.00 GiB PE Size 4.00 MiB Total PE 1279 Alloc PE / Size 0 / 0 Free PE / Size 1279 / <5.00 GiB VG UUID h5BI36-oqCW-GysU-F6BW-iWGG-EY1k-sf2a74
Q21: Under the "platforms_vg" volume group, create a 500MiB logical volume name "platforms_lv" and format it as ext4.
[root@serverB ~]# lvcreate -L 500M --name platforms_lv /dev/platforms_vg Logical volume "platforms_lv" created. [root@serverB ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root cs -wi-ao---- 16.41g swap cs -wi-ao---- 2.00g platforms_lv platforms_vg -wi-a----- 500.00m [root@serverB ~]# mkfs -t ext4 /dev/platforms_vg/platforms_lv mke2fs 1.46.5 (30-Dec-2021) Creating filesystem with 512000 1k blocks and 128016 inodes Filesystem UUID: 7b622c82-cbdb-42c6-b96b-78b036b3bc1b Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409 Allocating group tables: done Writing inode tables: done Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done [root@serverB ~]# blkid /dev/platforms_vg/platforms_lv /dev/platforms_vg/platforms_lv: UUID="7b622c82-cbdb-42c6-b96b-78b036b3bc1b" TYPE="ext4" [root@serverB ~]# lvdisplay /dev/platforms_vg/platforms_lv --- Logical volume --- LV Path /dev/platforms_vg/platforms_lv LV Name platforms_lv VG Name platforms_vg LV UUID 32KpXC-96VG-zjPX-Mu0n-vIOj-8l98-0neu8g LV Write Access read/write LV Creation host, time serverB, 2024-10-10 06:25:00 +0545 LV Status available # open 0 LV Size 500.00 MiB Current LE 125 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:2
Q22: Mount it persistently under /mnt/platforms_lv.
[root@serverB ~]# vim /etc/fstab /dev/platforms_vg/platforms_lv /mnt/platforms_lv ext4 defaults 0 0 [root@serverB ~]# systemctl daemon-reload [root@serverB ~]# mount -a [root@serverB ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS nvme0n2 259:4 0 5G 0 disk └─platforms_vg-platforms_lv 253:2 0 500M 0 lvm /mnt/platforms_lv
Q23: Extend the "platforms_lv" volume and partition by 500MiB.
[root@serverB ~]# lvextend -L +500M /dev/platforms_vg/platforms_lv Size of logical volume platforms_vg/platforms_lv changed from 500.00 MiB (125 extents) to 1000.00 MiB (250 extents). Logical volume platforms_vg/platforms_lv successfully resized. [root@serverB ~]# resize2fs /dev/platforms_vg/platforms_lv
Q24: On serverB, create a 500MiB swap partition on /dev/nvme0n3 and mount it persistently.
# Create a new partition [root@serverB ~]# gdisk /dev/nvme0n3 Command (? for help): n Partition number (1-128, default 1): First sector (34-4194270, default = 2048) or {+-}size{KMGTP}: Last sector (2048-4194270, default = 4194270) or {+-}size{KMGTP}: +500M Current type is 8300 (Linux filesystem) Hex code or GUID (L to show codes, Enter = 8300): 8200 Changed type of partition to 'Linux swap' Command (? for help): p Number Start (sector) End (sector) Size Code Name 1 2048 1026047 500.0 MiB 8200 Linux swap Command (? for help): w Do you want to proceed? (Y/N): y OK; writing new GUID partition table (GPT) to /dev/nvme0n3. The operation has completed successfully. [root@serverB ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS ... nvme0n3 259:5 0 2G 0 disk └─nvme0n3p1 259:7 0 500M 0 part [root@serverB ~]# mkswap /dev/nvme0n3p1 Setting up swapspace version 1, size = 500 MiB (524283904 bytes) no label, UUID=a11734f4-084d-4260-8880-477c5fb68967 [root@serverB ~]# vim /etc/fstab /dev/nvme0n3p1 swap swap defaults 0 0 [root@serverB ~]# systemctl daemon-reload [root@serverB ~]# swapon -a [root@serverB ~]# swapon /dev/nvme0n3p1 [root@serverB ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS ... nvme0n3 259:5 0 2G 0 disk └─nvme0n3p1 259:7 0 500M 0 part [SWAP] [root@serverB ~]# free -h total used free shared buff/cache available Mem: 3.5Gi 1.9Gi 696Mi 30Mi 1.1Gi 1.6Gi Swap: 2.5Gi 0.0Ki 2.5Gi
Q25: On serverB, using the remaining space on /dev/nvme0n3, create a volume group with the name networks_vg.
[root@serverB ~]# gdisk /dev/nvme0n3 Command (? for help): p Number Start (sector) End (sector) Size Code Name 1 2048 1026047 500.0 MiB 8200 Linux swap Command (? for help): n Partition number (2-128, default 2): First sector (34-4194270, default = 1026048) or {+-}size{KMGTP}: Last sector (1026048-4194270, default = 4194270) or {+-}size{KMGTP}: Current type is 8300 (Linux filesystem) Hex code or GUID (L to show codes, Enter = 8300): 8e00 Changed type of partition to 'Linux LVM' Command (? for help): p Number Start (sector) End (sector) Size Code Name 1 2048 1026047 500.0 MiB 8200 Linux swap 2 1026048 4194270 1.5 GiB 8E00 Linux LVM Command (? for help): w Do you want to proceed? (Y/N): y The operation has completed successfully. [root@serverB ~]# partprobe /dev/nvme0n3 [root@serverB /]# vgcreate -s 8M network_vg /dev/nvme0n3p2 Volume group "network_vg" successfully created [root@serverB /]# vgs VG #PV #LV #SN Attr VSize VFree cs 1 2 0 wz--n- 18.41g 0 network_vg 1 0 0 wz--n- <1.51g <1.51g platforms_vg 1 1 0 wz--n- <5.00g <4.02g [root@serverB /]# vgdisplay network_vg --- Volume group --- VG Name network_vg System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size <1.51 GiB PE Size 8.00 MiB Total PE 193 Alloc PE / Size 0 / 0 Free PE / Size 193 / <1.51 GiB VG UUID DtodYM-SUu8-P1VA-JzQg-KXwx-r0zp-Fnlkka
Q26: Under the "networks_vg" volume group, create a logical volume with the name networks_lv. Ensure it uses 8 MiB extents. Configure the volume to use 75 extents. Format it with the vfat file system and ensure it mounts persistently on /mnt/networks_lv.
[root@serverB /]# lvcreate -l 75 --name network_lv /dev/network_vg Logical volume "network_lv" created. [root@serverB /]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root cs -wi-ao---- 16.41g swap cs -wi-ao---- 2.00g network_lv network_vg -wi-a----- 600.00m platforms_lv platforms_vg -wi-ao---- 1000.00m [root@serverB /]# lvdisplay /dev/network_vg/network_lv --- Logical volume --- LV Path /dev/network_vg/network_lv LV Name network_lv VG Name network_vg LV UUID dYeE1B-b1qx-dZ6M-BUfH-ZREx-MppZ-DWZoUw LV Write Access read/write LV Creation host, time serverB, 2024-10-10 07:05:55 +0545 LV Status available # open 0 LV Size 600.00 MiB Current LE 75 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:3 [root@serverB /]# mkfs -t vfat /dev/network_vg/network_lv mkfs.fat 4.2 (2021-01-31) [root@serverB /]# blkid /dev/network_vg/network_lv /dev/network_vg/network_lv: UUID="C393-F585" TYPE="vfat" [root@serverB ~]# vim /etc/fstab [root@serverB ~]# tail -1 /etc/fstab /dev/network_vg/network_lv /mnt/network_lv vfat defaults 0 0 [root@serverB ~]# systemctl daemon-reload [root@serverB ~]# mount -a [root@serverB ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS ... └─nvme0n3p2 259:7 0 1.5G 0 part └─network_vg-network_lv 253:3 0 600M 0 lvm /mnt/network_lv
Q27: On server2, create a 5TB thin-provisioned volume on /dev/nvme0n4 called "thin_vol" backed by a pool called "thin_pool" on a 4.5GB volume group called "thin_vg". Format it as xfs and mount it persistently under /mnt/thin_vol.
Thin LV (thin_vol) on a thin pool (thin_pool)
- pv
- vg
- lv - thin pool - lvcreate --type thin-pool -L|--size Size[m|UNIT] VG / lvcreate --type thin-pool -L 4.5G --name thin_pool /dev/thin_vg
- lv - thin lv - lvcreate -V|--virtualsize Size[m|UNIT] --thinpool LV VG / lvcreate -V 5T --thinpool thin_pool /dev/thin_vg
# Step 1 : Create PV thin_vg 4.5GB [root@serverA ~]# pvcreate /dev/nvme0n4 WARNING: adding device /dev/nvme0n4 with idname eui.c01979bdec673bd0000c296e16438846 which is already used for missing device. Physical volume "/dev/nvme0n4" successfully created. [root@serverA ~]# pvs PV VG Fmt Attr PSize PFree /dev/nvme0n1p3 cs lvm2 a-- 18.41g 0 /dev/nvme0n3 wgroup lvm2 a-- 5.99g 3.99g /dev/nvme0n4 lvm2 --- 5.00g 5.00g # Step 2: Create VG [root@serverA ~]# vgcreate thin_vg /dev/nvme0n4 WARNING: adding device /dev/nvme0n4 with idname eui.c01979bdec673bd0000c296e16438846 which is already used for missing device. Volume group "thin_vg" successfully created [root@serverA ~]# vgs VG #PV #LV #SN Attr VSize VFree cs 1 2 0 wz--n- 18.41g 0 thin_vg 1 0 0 wz--n- <5.00g <5.00g wgroup 1 1 0 wz--n- 5.99g 3.99g # Step 3 : Create a thin pool - lvcreate --type thin-pool -L|--size Size[m|UNIT] VG [root@serverA ~]# lvcreate --type thin-pool -L 4.5G --name thin_pool thin_vg Thin pool volume with chunk size 64.00 KiB can address at most <15.88 TiB of data. Logical volume "thin_pool" created. [root@serverA ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root cs -wi-ao---- 16.41g swap cs -wi-ao---- 2.00g thin_pool thin_vg twi-a-tz-- 4.50g 0.00 10.60 wshare wgroup -wi-ao---- 2.00g # Step 4: Create a thin LV in a thin pool - lvcreate -V|--virtualsize Size[m|UNIT] --thinpool LV VG [root@serverA ~]# lvcreate -V 5T --name thin_vol --thinpool thin_pool thin_vg WARNING: Sum of all thin volume sizes (5.00 TiB) exceeds the size of thin pool thin_vg/thin_pool and the size of whole volume group (<5.00 GiB). WARNING: You have not turned on protection against thin pools running out of space. WARNING: Set activation/thin_pool_autoextend_threshold below 100 to trigger automatic extension of thin pools before they get full. Logical volume "thin_vol" created. [root@serverA ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root cs -wi-ao---- 16.41g swap cs -wi-ao---- 2.00g thin_pool thin_vg twi-aotz-- 4.50g 0.00 10.64 thin_vol thin_vg Vwi-a-tz-- 5.00t thin_pool 0.00 wshare wgroup -wi-ao---- 2.00g [root@serverA ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root cs -wi-ao---- 16.41g swap cs -wi-ao---- 2.00g thin_lv thin_vg Vwi-a-tz-- 5.00t thin_pool 0.00 thin_pool thin_vg twi-aotz-- 4.50g 0.00 10.64 wshare wgroup -wi-ao---- 2.00g # File system [root@serverA ~]# mkfs -t xfs /dev/thin_vg/thin_vol meta-data=/dev/thin_vg/thin_vol isize=512 agcount=32, agsize=41943040 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=1, rmapbt=0 = reflink=1 bigtime=1 inobtcount=1 nrext64=0 data = bsize=4096 blocks=1342177280, imaxpct=5 = sunit=16 swidth=16 blks naming =version 2 bsize=4096 ascii-ci=0, ftype=1 log =internal log bsize=4096 blocks=521728, version=2 = sectsz=512 sunit=16 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 Discarding blocks...Done. [root@serverA ~]# blkid /dev/thin_vg/thin_vol /dev/thin_vg/thin_vol: UUID="468b9972-817f-41ae-8136-27ee87cbb614" TYPE="xfs" # Mounting [root@serverA ~]# vim /etc/fstab /dev/thin_vg/thin_vol /mnt/thin_vol xfs defaults 0 0 [root@serverA ~]# systemctl daemon-reload [root@serverA ~]# mount -a [root@serverA ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS ... nvme0n4 259:7 0 5G 0 disk ├─thin_vg-thin_pool_tmeta 253:3 0 8M 0 lvm │ └─thin_vg-thin_pool-tpool 253:5 0 4.5G 0 lvm │ ├─thin_vg-thin_pool 253:6 0 4.5G 1 lvm │ └─thin_vg-thin_vol 253:7 0 5T 0 lvm /mnt/thin_vol └─thin_vg-thin_pool_tdata 253:4 0 4.5G 0 lvm └─thin_vg-thin_pool-tpool 253:5 0 4.5G 0 lvm ├─thin_vg-thin_pool 253:6 0 4.5G 1 lvm └─thin_vg-thin_vol 253:7 0 5T 0 lvm /mnt/thin_vol
Q28: On serverA, set a merged tuned profile using the the powersave and virtual-guest profiles.
[root@serverA ~]# rpm -q tuned tuned-2.24.0-1.el9.noarch [root@serverA ~]# systemctl start tuned.service [root@serverA ~]# systemctl status tuned.service [root@serverA ~]# tuned-adm profile powersave virtual-guest [root@serverA ~]# tuned-adm active Current active profile: powersave virtual-guest
Q29: On serverA, as the user cindy, create a container image from docker.io/library/httpd with the tag web_image.
[root@serverA ~]# rpm -q container-tools container-tools-1-14.el9.noarch [root@serverA ~]# loginctl enable-linger cindy [root@serverA ~]# hostname -I 192.168.208.138 [root@serverA ~]# ssh cindy@192.168.208.138 The authenticity of host '192.168.208.138 (192.168.208.138)' can't be established. ED25519 key fingerprint is SHA256:HOPA4UyrPYpCEWcP4vMfeocqZn9r5fEBYgg9+lXNyeY. This host key is known by the following other names/addresses: ~/.ssh/known_hosts:1: 192.168.208.137 Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '192.168.208.138' (ED25519) to the list of known hosts. cindy@192.168.208.138's password: # Configure registries.conf if not present [cindy@serverA containers]$ pwd /home/cindy/.config/containers [cindy@serverA containers]$ cat registries.conf unqualified-search-registries =["docker.io","quay.io"] [[registry]] insecure = true blocked = false location = "docker.io" [cindy@serverA ~]$ vim Containerfile [cindy@serverA ~]$ cat Containerfile FROM docker.io/library/httpd [cindy@serverA ~]$ podman build -t web_image . STEP 1/1: FROM docker.io/library/httpd Trying to pull docker.io/library/httpd:latest... Getting image source signatures Copying blob 0ffcdbb5bd41 done | Copying blob 14c9d9d19932 done | Copying blob 4f4fb700ef54 done | Copying blob f5db40045454 done | Copying blob ac0ad684e55d done | Copying blob b59792d2b7f1 done | Copying config a3e79aafef done | Writing manifest to image destination COMMIT web_image --> a3e79aafef7f Successfully tagged localhost/web_image:latest Successfully tagged docker.io/library/httpd:latest a3e79aafef7f07a3a11d94f546220d8189719a5143d4bbda9568e48ffbac4a9d [cindy@serverA ~]$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE localhost/web_image latest a3e79aafef7f 2 months ago 182 MB docker.io/library/httpd latest a3e79aafef7f 2 months ago 182 MB
Q30: From the newly created image, deploy a container as a service with the container name cindy_web.The web config files should map to ~/web_files, and the local port of 8000 should be mapped to the container's port 80. Create a default page that says "Welcome to Cindy's Web Server!". The service should be enabled and the website should be accessible.
# Add port in http.conf from root [root@serverA ~]# vim /etc/httpd/conf/httpd.conf Listen 8000 # Tell Selinux [root@serverA ~]# semanage port -a -t http_port_t -p tcp 8000 [root@serverA ~]# semanage port -l | grep 8000 http_port_t tcp 8000, 82, 7788, 5566, 80, 81, 443, 488, 8008, 8009, 8443, 9000 soundd_port_t tcp 8000, 9433, 16001 # Run the container in port 8000 / tell selinux about port / make volume ~/web_files [cindy@serverA ~]$ podman run -d --name cindy_web -v /home/cindy/web_files:/usr/local/apache2/htdocs/:Z -p 8000:80 localhost/web_image:latest dae967e62ceb5131a5a78e27edbccf17b92a4391534feb7a3c4e00f70a258f9d [cindy@serverA ~]$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES dae967e62ceb localhost/web_image:latest httpd-foreground 3 seconds ago Up 4 seconds 0.0.0.0:8000->80/tcp, 80/tcp cindy_web [cindy@serverA ~]$ curl localhost:8000 <h1>Welcome to Cindys Web Server!</h1> # Run container as a service [cindy@serverA user]$ pwd /home/cindy/.config/systemd/user [cindy@serverA user]$ ls container-cindy_web.service [cindy@serverA user]$ podman stop cindy_web [cindy@serverA user]$ systemctl --user stop container-cindy_web.service [cindy@serverA user]$ systemctl --user start container-cindy_web.service [cindy@serverA user]$ systemctl --user status container-cindy_web.service