Preparation Set 5
Stratis
[root@serverX ~]# rpm -q stratisd stratisd-3.6.7-1.el9.aarch64 [root@serverX ~]# rpm -q stratis-cli stratis-cli-3.6.0-1.el9.noarch [root@serverX ~]# systemctl start stratisd [root@serverX ~]# systemctl start start [root@serverX ~]# systemctl start enable # Create Pool [root@serverX ~]# stratis pool create --help | less [root@serverX ~]# stratis pool create loanpool /dev/nvme0n6 [root@serverX ~]# stratis pool list Name Total / Used / Free Properties UUID Alerts loanpool 2 GiB / 524 MiB / 1.49 GiB ~Ca,~Cr, Op 4a9b1088-229c-4af9-98b5-f6b7585ae3bb WS001 # Add Partition to existing pool / Increase space in a pool [root@serverX ~]# stratis pool add-data loanpool /dev/nvme0n5p2 [root@serverX ~]# stratis pool list Name Total / Used / Free Properties UUID Alerts loanpool 4 GiB / 530 MiB / 3.48 GiB ~Ca,~Cr, Op 4a9b1088-229c-4af9-98b5-f6b7585ae3bb # Creating file system [root@serverX ~]# stratis fs create loanpool eduloanfs [root@serverX ~]# stratis fs create loanpool homeloanfs [root@serverX ~]# stratis fs list Pool Filesystem Total / Used / Free / Limit Created Device UUID loanpool eduloanfs 1 TiB / 546 MiB / 1023.47 GiB / None Oct 13 2024 10:15 /dev/stratis/loanpool/eduloanfs 116c4377-f431-4dd0-95bb-4fc7ff2fd086 loanpool homeloanfs 1 TiB / 546 MiB / 1023.47 GiB / None Oct 13 2024 10:15 /dev/stratis/loanpool/homeloanfs bb3be8ae-0cac-433c-8cce-5b636bb539d3 # Mounting [root@serverX ~]# vim /etc/fstab /dev/stratis/loanpool/homeloanfs /root/homeloan xfs defaults,x-systemd.requires=stratisd.service 0 0 /dev/stratis/loanpool/eduloanfs /root/eduloan xfs defaults,x-systemd.requires=stratisd.service 0 0 [root@serverX ~]# systemctl daemon-reload [root@serverX ~]# mount -a
Configure users skel with a welcome file and Documents dir for new users. And add a logged message when logged in.
[root@serverA skel]# pwd /etc/skel [root@serverA skel]# ls Documents welcome [root@serverA skel]# cat welcome Hello ! Welcome to the linux server. [root@serverA ~]# useradd sanjeeb [root@serverA ~]# passwd sanjeeb [root@serverA sanjeeb]# vim .bashrc [root@serverA sanjeeb]# tail -1 .bashrc echo "Logged in to Sanjeeb !" [root@serverA ~]# su - sanjeeb Logged in to Sanjeeb ! [sanjeeb@serverA ~]$ ls Documents welcome
Change passwd expiration days to 10 with and warning 3 days before
[root@serverA ~]# chage -M 10 -W 3 sanjeeb [root@serverA ~]# chage -l sanjeeb Last password change : Oct 13, 2024 Password expires : Oct 23, 2024 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 3
SSH Access to root
# Method 1 [root@serverA ~]# vim /etc/ssh/sshd_config PermitRootLogin yes [root@serverA ~]# systemctl restart sshd # Method 2 # Login to another user and switch account sanjeeb@Sanjeebs-MacBook-Pro ~ % ssh sanjeeb@192.168.208.136 sanjeeb@192.168.208.136's password: Last login: Sun Oct 13 17:00:48 2024 Logged in to Sanjeeb ! [sanjeeb@serverA ~]$ su - root Password: Last login: Sun Oct 13 17:07:49 +0545 2024 from 192.168.208.1 on pts/1 Last failed login: Sun Oct 13 17:08:00 +0545 2024 from 192.168.208.1 on ssh:notty There was 1 failed login attempt since the last successful login.
Create 4 users, anna, john, student1 and Robert. anna and john are member of students group, config all users with passwd “toor”
[root@serverA ~]# groupadd students [root@serverA ~]# tail -1 /etc/group students:x:1001: [root@serverA ~]# echo "toor" | passwd --stdin anna Changing password for user anna. passwd: all authentication tokens updated successfully. [root@serverA ~]# echo "toor" | passwd --stdin john Changing password for user john. passwd: all authentication tokens updated successfully. [root@serverA ~]# echo "toor" | passwd --stdin student1 Changing password for user student1. passwd: all authentication tokens updated successfully. [root@serverA ~]# echo "toor" | passwd --stdin Robert Changing password for user Robert. passwd: all authentication tokens updated successfully. [root@serverA ~]# usermod -G students anna [root@serverA ~]# usermod -G students john [root@serverA ~]# groups anna anna : anna students [root@serverA ~]# groups john john : john students [root@serverA ~]# cat /etc/passwd | grep -E 'anna|john' anna:x:1001:1002::/home/anna:/bin/bash john:x:1002:1003::/home/john:/bin/bash
Robert is part of group Admins, this group can execute any sudo tasks with no passwd
[root@serverA ~]# groupadd Admins [root@serverA ~]# usermod -G Admins Robert [root@serverA ~]# groups Robert Robert : Robert Admins [root@serverA ~]# visudo %Admins ALL=(ALL) NOPASSWD: ALL # Now checking Permission [Robert@serverA /]$ sudo cd /root [Robert@serverA /]$ ls afs bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
User student1 can execute any sudo task with no passwd
[root@serverA ~]# visudo student1 ALL=(ALL) NOPASSWD: ALL # Check permission with sudo [student1@serverA ~]$ sudo useradd user1
Create user named guest, this user have no interactive shell
[root@serverA ~]# useradd guest -s /sbin/nologin [root@serverA ~]# cat /etc/passwd | grep -E 'guest' guest:x:1005:1007::/home/guest:/sbin/nologin
Configure network
- ip add: 192.168.74.92/24
- secondary ip add: 192.168.74.93/24
- gateway: 192.168.74.2
- DNS: 192.168.74.2
- Hostname: local.lab.com
- Configure NTP service, Synchronize the server time, NTP server: time.google.com, set timezone Asia/Shanghai
[root@serverA ~]# rpm -q NetworkManager NetworkManager-1.45.7-1.el9.aarch64 [root@serverA ~]# systemctl status NetworkManager [root@serverA ~]# systemctl start NetworkManager [root@serverA ~]# systemctl enable NetworkManager [root@serverA ~]# nmcli conn show NAME UUID TYPE DEVICE ens160 916ca0c1-c413-3960-9f7f-dfe49bc0924d ethernet ens160 lo f87dd6ad-38f2-4203-97ce-7b4ebe49a42a loopback lo [root@serverA ~]# nmcli conn add con-name default ifname ens160 type ethernet ipv4.method manual ipv4.address '192.168.208.136/24,192.168.208.100/24' ipv4.gateway 192.168.208.2 ipv4.dns 192.168.208.2 Connection 'default' (b396904b-6d80-4e2c-ae3a-cb221cfd9d44) successfully added. [root@serverA ~]# nmcli conn show NAME UUID TYPE DEVICE ens160 916ca0c1-c413-3960-9f7f-dfe49bc0924d ethernet ens160 lo f87dd6ad-38f2-4203-97ce-7b4ebe49a42a loopback lo default b396904b-6d80-4e2c-ae3a-cb221cfd9d44 ethernet -- [root@serverA ~]# nmcli conn up default Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3) [root@serverA ~]# hostname -I 192.168.208.136 192.168.208.100 [root@serverA ~]# cat /etc/NetworkManager/system-connections/default.nmconnection [connection] id=default uuid=b396904b-6d80-4e2c-ae3a-cb221cfd9d44 type=ethernet interface-name=ens160 [ethernet] [ipv4] address1=192.168.208.136/24,192.168.208.2 address2=192.168.208.100/24 dns=192.168.208.2; method=manual [ipv6] addr-gen-mode=default method=auto [proxy] [root@serverA ~]# ping 192.168.208.100 [root@serverA ~]# ping 192.168.208.136 [root@serverA ~]# ping 192.168.208.2 [root@serverA ~]# rpm -q chrony chrony-4.3-1.el9.aarch64 [root@serverA ~]# systemctl start chronyd [root@serverA ~]# systemctl enable chronyd [root@serverA ~]# systemctl status chronyd [root@serverA ~]# vim /etc/chrony.conf server time.google.com iburst [root@serverA ~]# systemctl restart chronyd.service [root@serverA ~]# timedatectl set-ntp true [root@serverA ~]# timedatectl set-timezone Asia/Shanghai [root@serverA ~]# timedatectl Local time: Sun 2024-10-13 12:51:33 CST Universal time: Sun 2024-10-13 04:51:33 UTC RTC time: Sun 2024-10-13 12:41:56 Time zone: Asia/Shanghai (CST, +0800) System clock synchronized: yes NTP service: active RTC in local TZ: no
Manage text files and daily tasks
Find lines with “ac” on file /root/lines and copy it to /mnt/lines file
[root@serverA ~]# cat lines dracula accumulation accent believe Rich Poor Factory Never Ever Happened Mavac Sevac Trivac Gin ac ac ac Beer ac ac ac Wine dc dc dc [root@serverA ~]# grep 'ac' /root/lines >/mnt/lines [root@serverA ~]# cat /mnt/lines dracula accumulation accent Factory Mavac Sevac Trivac Gin ac ac ac Beer ac ac ac
Find every file owned by student1 and copy it to /mnt/student1 folder
[root@serverA ~]# cd /mnt [root@serverA mnt]# mkdir student1 [root@serverA ~]# find / -user student1 -exec cp -rf {} /mnt/student1 \;
Find every file bigger than 5MB and copy it to /mnt/bigger folder
[root@serverA ~]# find / -type f -size +5M -exec cp -rf {} /mnt/bigger \;
Configure a cron job to echo “Hello cron working” every 2 days at 2PM
[root@serverA ~]# rpm -q cronie cronie-1.5.7-10.el9.aarch64 [root@serverA ~]# crontab -e no crontab for root - using an empty one crontab: installing new crontab [root@serverA ~]# crontab -l 00 14 */2 * * echo “Hello cron working”
Create a bash script to echo “creating script” and then create a file named “working” under /
[root@serverA scripts]# pwd /root/scripts [root@serverA scripts]# tail -1 /root/.bashrc export PATH=$PATH:/root/scripts [root@serverA scripts]# touch s1.sh [root@serverA scripts]# chmod u+x s1.sh [root@serverA scripts]# ls -lh total 0 -rwxr--r--. 1 root root 0 Oct 13 13:13 s1.sh [root@serverA ~]# source .bashrc [root@serverA /]# cat /root/scripts/s1.sh echo "creating script" touch /working
Create 3 compress files of /etc/hosts file called hosts.tar.gzip, hosts.tar.bzip2 and hosts.tar.xz under /mnt
[root@serverA mnt]# tar -zcvf hosts.tar.gzip /etc/hosts [root@serverA mnt]# tar -jcvf hosts.tar.bzip2 /etc/hosts [root@serverA mnt]# tar -Jcvf hosts.tar.xz /etc/hosts
Create a symbolic link of /usr/bin/echo under /mnt name It echo2
[root@serverA ~]# ln -s /usr/bin/echo /mnt/echo2 [root@serverA ~]# ls -lh /mnt total 16K lrwxrwxrwx. 1 root root 13 Oct 13 13:53 echo2 -> /usr/bin/echo
Permissions and ACL
Copy fstab file to /mnt/fstab, owner is root and group is admins, groups have full permissions, others are not allowed to do anything.
[root@serverA ~]# cp /etc/fstab /mnt/fstab [root@serverA ~]# cd /mnt [root@serverA mnt]# ls -lh | grep fstab -rw-r--r--. 1 root root 666 Oct 13 14:19 fstab [root@serverA mnt]# chown root:admins fstab [root@serverA mnt]# ls -lh | grep fstab -rw-r--r--. 1 root admins 666 Oct 13 14:19 fstab [root@serverA mnt]# chmod g+rwx fstab [root@serverA mnt]# ls -lh | grep fstab -rw-rwxr--. 1 root admins 666 Oct 13 14:19 fstab [root@serverA mnt]# chmod o-rwx fstab [root@serverA mnt]# ls -lh | grep fstab -rw-rwx---. 1 root admins 666 Oct 13 14:19 fstab
User anna has write and read permission in the file
[root@serverA mnt]# setfacl -m u:anna:rw- fstab [root@serverA mnt]# getfacl fstab # file: fstab # owner: root # group: admins user::rw- user:anna:rw- group::rwx mask::rwx other::---
Create a folder called users under /home, every file created under users dir must preserve its parent group owner.
[root@serverA home]# chmod g+s users [root@serverA home]# ls -ld users drwxr-sr-x. 2 root root 6 Oct 13 14:22 users [anna@serverA home]$ sudo chmod g+s users [anna@serverA home]$ ls -ld users/ drwxr-sr-x. 2 root root 6 Oct 13 14:24 users/ [anna@serverA home]$ sudo chown anna:admins users [anna@serverA home]$ ls -ld users/ drwxr-sr-x. 2 anna admins 6 Oct 13 14:24 users/ [root@serverA home]# cd users/ [root@serverA users]# touch f1 [root@serverA users]# ls -lh total 0 -rw-r--r--. 1 root admins 0 Oct 13 14:28 f1
anyone except the owner of a file under users dir can delete it (Sticky)
[student1@serverA home]$ sudo chmod o+t test/ [john@serverA home]$ ls -ld test/ drwxrwxrwt. 2 anna admins 86 Oct 13 15:01 test/ [john@serverA test]$ ls -lh total 0 -rw-r--r--. 1 anna anna 0 Oct 13 14:57 a1 -rw-r--r--. 1 anna anna 0 Oct 13 14:57 a2 -rw-r--r--. 1 anna anna 0 Oct 13 14:57 a3 -rw-r--r--. 1 john john 0 Oct 13 14:59 j1 -rw-r--r--. 1 john john 0 Oct 13 14:59 j2 -rw-r--r--. 1 john john 0 Oct 13 15:00 j3 -rw-r--r--. 1 student1 student1 0 Oct 13 14:57 s1 -rw-r--r--. 1 student1 student1 0 Oct 13 14:57 s2 -rw-r--r--. 1 student1 student1 0 Oct 13 14:57 s3 [john@serverA test]$ rm -rf s1 rm: cannot remove 's1': Operation not permitted [john@serverA test]$ rm -rf a1 rm: cannot remove 'a1': Operation not permitted [john@serverA test]$ rm -rf j1
configure umask 033 for all user, users root and Student1 must have their own 022 umaks
# By Default for all users , /etc/profile [root@serverA ~]# vim /etc/profile [root@serverA ~]# useradd student3 [root@serverA ~]# passwd student3 Changing password for user student3. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. [root@serverA ~]# su - student3 [student3@serverA ~]$ umask 0033 # For specifica user # Student2 [student1@serverA ~]$ vim .bashrc umask 0022 [student1@serverA ~]$ source .bashrc [student1@serverA ~]$ umask 0022 # Root [root@serverA ~]# vim .bashrc umask 0022 [root@serverA ~]# source .bashrc [root@serverA ~]# umask 0022
Firewall and Selinux
An apache service is running under port 92, and the root folder is under /web, fix it and set the right label. Change ssh port to 90 and set the right selinux conf
[root@serverA ~]# rpm -q httpd package httpd is not installed [root@serverA ~]# yum -y install httpd [root@serverA ~]# systemctl start httpd [root@serverA ~]# systemctl enable httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. [root@serverA ~]# systemctl status httpd [root@serverA ~]# vim /etc/httpd/conf/httpd.conf Listen 92 [root@serverA html]# pwd /var/www/html [root@serverA html]# cat index.html <h1>This is a latest Website !!</h1> # Search code from vim /etc/ssh/sshd_config [root@serverA ~]# semanage port -a -t http_port_t -p tcp 92 [root@serverA ~]# semanage port -l | grep 92 http_port_t tcp 92, 80, 81, 443, 488, 8008, 8009, 8443, 9000 [root@serverA ~]# systemctl restart httpd.service [root@serverA ~]# netstat -tnl | grep 92 tcp6 0 0 :::92 :::* LISTEN [root@serverA ~]# curl localhost:92 <h1>This is a latest Website !!</h1> [root@serverA ~]# vim /etc/httpd/conf/httpd.conf DocumentRoot "/var/www/website" [root@serverA website]# vim index.html [root@serverA website]# systemctl restart httpd [root@serverA website]# curl localhost:92 <h1>This is another website</h1>
Open port 92 firewalld, make the change persistent.
[root@serverA ~]# rpm -q firewalld firewalld-1.2.5-1.el9.noarch [root@serverA ~]# systemctl start firewalld [root@serverA ~]# systemctl enable firewalld [root@serverA ~]# systemctl status firewalld [root@serverA ~]# firewall-cmd --permanent --add-service=http success [root@serverA ~]# firewall-cmd --permanent --add-port=92/tcp [root@serverA ~]# firewall-cmd --reload [root@serverA ~]# firewall-cmd --list-all public target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client http ssh ports: 92/tcp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Logging
Configure journald logs to be save persistently
[root@serverA ~]# vim /etc/systemd/journald.conf [Journal] Storage=persistent [root@serverA ~]# systemctl restart systemd-journald [root@serverA ~]# ls /var/log/journal
Configure rsyslog to save any critical log or higher to /var/log/crit
[root@serverA ~]# vim /etc/rsyslog.conf *.crit /var/log/critical.log [root@serverA ~]# systemctl restart rsyslog.service
Configure firewalld logs to be rotate every 3 weeks
[root@serverA ~]# vim /etc/logrotate.d/firewalld /var/log/firewalld { weekly missingok rotate 3 copytruncate minsize 1M }
Storange: SWAP, LVM and Stratis
Create a 5 gb partition format It with ext3 and mount it on /mnt/ext3 persistently,mount must be with part UUID.
[root@serverA mnt]# gdisk /dev/nvme0n2 Command (? for help): n Partition number (1-128, default 1): First sector (34-10485726, default = 2048) or {+-}size{KMGTP}: Last sector (2048-10485726, default = 10485726) or {+-}size{KMGTP}: Current type is 8300 (Linux filesystem) Hex code or GUID (L to show codes, Enter = 8300): Changed type of partition to 'Linux filesystem' Command (? for help): p Disk /dev/nvme0n2: 10485760 sectors, 5.0 GiB Model: VMware Virtual NVMe Disk Sector size (logical/physical): 512/512 bytes Disk identifier (GUID): F9F8FF62-EF96-453E-9417-301C3F4A6525 Partition table holds up to 128 entries Main partition table begins at sector 2 and ends at sector 33 First usable sector is 34, last usable sector is 10485726 Partitions will be aligned on 2048-sector boundaries Total free space is 2014 sectors (1007.0 KiB) Number Start (sector) End (sector) Size Code Name 1 2048 10485726 5.0 GiB 8300 Linux filesystem Command (? for help): w Do you want to proceed? (Y/N): y The operation has completed successfully. [root@serverA ~]# mkfs -t ext3 /dev/nvme0n2p1 mke2fs 1.46.5 (30-Dec-2021) Creating filesystem with 1310459 4k blocks and 327680 inodes Filesystem UUID: 6f6b3565-97a5-4728-8036-8a7e7198b780 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736 Allocating group tables: done Writing inode tables: done Creating journal (16384 blocks): done Writing superblocks and filesystem accounting information: done [root@serverA ~]# blkid /dev/nvme0n2p1 /dev/nvme0n2p1: UUID="6f6b3565-97a5-4728-8036-8a7e7198b780" SEC_TYPE="ext2" TYPE="ext3" PARTLABEL="Linux filesystem" PARTUUID="4bb409f9-73c0-4ca9-9079-69421bd1556f" [root@serverA ~]# tail -1 /etc/fstab UUID="6f6b3565-97a5-4728-8036-8a7e7198b780" /mnt/ext3 ext4 defaults 0 0 [root@serverA ~]# systemctl daemon-reload [root@serverA ~]# mount -a [root@serverA ~]# [root@serverA ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS nvme0n2 259:4 0 5G 0 disk └─nvme0n2p1 259:9 0 5G 0 part /mnt/ext3
[root@serverA ~]# gdisk /dev/nvme0n3 Command (? for help): n Partition number (1-128, default 1): First sector (34-10485726, default = 2048) or {+-}size{KMGTP}: Last sector (2048-10485726, default = 10485726) or {+-}size{KMGTP}: Current type is 8300 (Linux filesystem) Hex code or GUID (L to show codes, Enter = 8300): 8200 Changed type of partition to 'Linux swap' Command (? for help): p Number Start (sector) End (sector) Size Code Name 1 2048 10485726 5.0 GiB 8200 Linux swap Command (? for help): w Do you want to proceed? (Y/N): y The operation has completed successfully. [root@serverA ~]# mkswap /dev/nvme0n3p1 Setting up swapspace version 1, size = 5 GiB (5367635968 bytes) no label, UUID=cd40a5ef-cca7-4ff6-94d7-f07ff4e5de0f [root@serverA ~]# blkid /dev/nvme0n3p1 /dev/nvme0n3p1: UUID="cd40a5ef-cca7-4ff6-94d7-f07ff4e5de0f" TYPE="swap" PARTLABEL="Linux swap" PARTUUID="b94de884-d851-43c0-959e-202856707778" [root@serverA ~]# free -h total used free shared buff/cache available Mem: 3.5Gi 1.1Gi 1.9Gi 10Mi 712Mi 2.4Gi Swap: 2.0Gi 0B 2.0Gi [root@serverA ~]# [root@serverA ~]# vim /etc/fstab [root@serverA ~]# tail -1 /etc/fstab /dev/nvme0n3p1 swap swap default 0 0 [root@serverA ~]# systemctl daemon-reload [root@serverA ~]# swapon -a [root@serverA ~]# free -h total used free shared buff/cache available Mem: 3.5Gi 1.1Gi 1.9Gi 10Mi 712Mi 2.4Gi Swap: 7.0Gi 0B 7.0Gi
Create a vg called VG1 with a partition of 5gb, consider a PE size of 10MB
[root@serverA lvm]# pvs PV VG Fmt Attr PSize PFree /dev/nvme0n1p3 cs lvm2 a-- 18.41g 0 /dev/nvme0n4 VG1 lvm2 a-- 4.99g 4.99g [root@serverA lvm]# vgcreate -s 10M VG1 /dev/nvme0n4 [root@serverA lvm]# vgdisplay VG1 --- Volume group --- VG Name VG1 System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size 4.99 GiB PE Size 10.00 MiB Total PE 511 Alloc PE / Size 0 / 0 Free PE / Size 511 / 4.99 GiB VG UUID F02ZEL-KtaB-tY8J-MrEb-BIkW-h7Xu-HIhJ8S
Create a lv called LV1 on top of VG1 with a size of 600MB, format it with ext4 and mount it under /mnt/lvm
[root@serverA ~]# lvcreate -L 600M --name LV1 VG1 Logical volume "LV1" created. [root@serverA ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert LV1 VG1 -wi-a----- 600.00m root cs -wi-ao---- 16.41g swap cs -wi-ao---- 2.00g [root@serverA ~]# mkfs -t ext4 /dev/VG1/LV1 [root@serverA ~]# blkid /dev/VG1/LV1 /dev/VG1/LV1: UUID="0177cb94-3534-42ba-adb1-5e8da2667d42" TYPE="ext4"
Extend the vg with another partition of 5 gb and extend the lv from 60LE to 700LE, final size must be between 6.9gb – 7.1gb.
[root@serverA ~]# pvcreate /dev/nvme0n5p1 Physical volume "/dev/nvme0n5p1" successfully created. [root@serverA ~]# pvs PV VG Fmt Attr PSize PFree /dev/nvme0n1p3 cs lvm2 a-- 18.41g 0 /dev/nvme0n4 VG1 lvm2 a-- 4.99g 4.40g /dev/nvme0n5p1 lvm2 --- <5.00g <5.00g [root@serverA ~]# vgextend VG1 /dev/nvme0n5p1 [root@serverA ~]# pvs PV VG Fmt Attr PSize PFree /dev/nvme0n1p3 cs lvm2 a-- 18.41g 0 /dev/nvme0n4 VG1 lvm2 a-- 4.99g 4.40g /dev/nvme0n5p1 VG1 lvm2 a-- 4.99g 4.99g [root@serverA ~]# vgs VG #PV #LV #SN Attr VSize VFree VG1 2 1 0 wz--n- 9.98g 9.39g [root@serverA ~]# lvextend -l 700 /dev/VG1/LV1 Size of logical volume VG1/LV1 changed from 600.00 MiB (60 extents) to <6.84 GiB (700 extents). Logical volume VG1/LV1 successfully resized. [root@serverA ~]# lvdisplay /dev/VG1/LV1 --- Logical volume --- LV Path /dev/VG1/LV1 LV Name LV1 VG Name VG1 LV UUID HIp0VX-jVVE-wWZx-AkZM-shJz-OtBO-ZGXqFd LV Write Access read/write LV Creation host, time serverA, 2024-10-13 17:16:53 +0800 LV Status available # open 0 LV Size <6.84 GiB Current LE 700 Segments 2 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:2
Create a stratis pool with a partition of 5gb called POOL1, create a fs called fs1 and mount it on /mnt/fs1
[root@serverA ~]# yum -y list *stratis* Last metadata expiration check: -1 day, 21:50:26 ago on Sun 13 Oct 2024 07:37:36 PM CST. Available Packages stratis-cli.noarch 3.6.0-1.el9 appstream stratisd.aarch64 3.6.7-1.el9 appstream stratisd-dracut.aarch64 3.6.7-1.el9 appstream stratisd-tools.aarch64 3.6.7-1.el9 appstream [root@serverA ~]# yum -y install stratis-cli [root@serverA ~]# yum -y install stratisd [root@serverA ~]# systemctl start stratisd [root@serverA ~]# systemctl enable stratisd [root@serverA ~]# systemctl status stratisd [root@serverA ~]# stratis pool create POOL1 /dev/nvme0n3p1 [root@serverA ~]# stratis pool list Name Total / Used / Free Properties UUID Alerts POOL1 5.00 GiB / 526 MiB / 4.49 GiB ~Ca,~Cr, Op b273563e-77e9-4e34-b5bd-6baf825e30a6 WS001 [root@serverA ~]# stratis filesystem create POOL1 fs1 [root@serverA ~]# stratis filesystem list Pool Filesystem Total / Used / Free / Limit Created Device UUID POOL1 fs1 1 TiB / 546 MiB / 1023.47 GiB / None Oct 13 2024 17:33 /dev/stratis/POOL1/fs1 2bc949f7-ad62-45c7-bdbf-a22da23964bd [root@serverA ~]# vim /etc/fstab [root@serverA ~]# tail -2 /etc/fstab /dev/stratis/POOL1/fs1 /mnt/fs1 xfs defaults,x-systemd.requires=stratisd.service 0 0 [root@serverA ~]# systemctl daemon-reload [root@serverA ~]# mount -a
Create a snapshot of fs1 called snap1 and mount it on /mnt/snap
[root@serverA ~]# stratis filesystem snapshot POOL1 fs1 snap1 [root@serverA ~]# tail -2 /etc/fstab UUID="7e12cd69-c778-4bfe-9d43-0671f661225d" /mnt/snap xfs defaults 0 0 [root@serverA ~]# systemctl daemon-reload [root@serverA ~]# mount -a
Configure autofs to mount a share home dir under /home/share, this home dir is accessible in 192.168.208.137/home/shareuser
[root@serverA home]# yum -y install nfs-utils [root@serverA home]# showmount -e 192.168.208.137 Export list for 192.168.208.137: /home/shareuser 192.168.208.136 [root@serverA share]# yum -y install autofs [root@serverA share]# systemctl start autofs [root@serverA share]# systemctl enable autofs Created symlink /etc/systemd/system/multi-user.target.wants/autofs.service → /usr/lib/systemd/system/autofs.service. [root@serverA share]# systemctl status autofs [root@serverA ~]# cat /etc/auto.master /home /etc/auto.nfs --timeout=300 [root@serverA ~]# cat /etc/auto.nfs share -rw,sync 192.168.208.137:/home/shareuser [root@serverA home]# cd share [root@serverA share]# ls s1 s2 s3 s4 s5
Containers
[root@serverA ~]# yum -y install container-tools [root@serverA ~]# podman login docker.io Username: kcsanjeeb091@gmail.com Password: Login Succeeded! [root@serverB ~]# loginctl enable-linger sanjeeb [root@serverB ~]# useradd sanjeeb [root@serverB ~]# ssh sanjeeb@192.168.208.137 [sanjeeb@serverB containers]$ pwd /home/sanjeeb/.config/containers [sanjeeb@serverB containers]$ cat registries.conf unqualified-search-registries = ['docker.io'] [[registry]] insecure = false blocked = false location = "docker.io" [sanjeeb@serverB ~]$ pwd /home/sanjeeb [sanjeeb@serverB ~]$ vim Containerfile [sanjeeb@serverB ~]$ cat Containerfile FROM docker.io/library/httpd [sanjeeb@serverB ~]$ podman build -t myhttpd . [sanjeeb@serverB ~]$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE localhost/myhttpd latest a3e79aafef7f 2 months ago 182 MB docker.io/library/httpd latest a3e79aafef7f 2 months ago 182 MB # Making Volume [sanjeeb@serverB webapp]$ pwd /home/sanjeeb/webapp [sanjeeb@serverB webapp]$ vim index.html [sanjeeb@serverB webapp]$ cat index.html <h1>My latest website is up and running !!</h1> [sanjeeb@serverB ~]$ podman run -d --name myhttpdcontainer -v ~/webapp:/usr/local/apache2/htdocs:Z -p 4499:80 localhost/myhttpd:latest b6240e39cbc690aafaf584487e7e486c35423077ac2421220cd954a64b881f1b [sanjeeb@serverB ~]$ podman stop myhttpdcontainer [sanjeeb@serverB user]$ pwd /home/sanjeeb/.config/systemd/user [sanjeeb@serverB user]$ podman generate systemd --name myhttpdcontainer --files --new /home/sanjeeb/.config/systemd/user/container-myhttpdcontainer.service [sanjeeb@serverB user]$ systemctl --user enable container-myhttpdcontainer.service Created symlink /home/sanjeeb/.config/systemd/user/default.target.wants/container-myhttpdcontainer.service → /home/sanjeeb/.config/systemd/user/container-myhttpdcontainer.service. [sanjeeb@serverB user]$ systemctl --user start container-myhttpdcontainer.service [sanjeeb@serverB user]$ systemctl --user status container-myhttpdcontainer.service [sanjeeb@serverB user]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1128dcab8bf9 localhost/myhttpd:latest httpd-foreground 17 seconds ago Up 17 seconds 0.0.0.0:4499->80/tcp, 80/tcp myhttpdcontainer # Adding firewall [sanjeeb@serverB user]$ sudo firewall-cmd --permanent --add-port=4499/tcp success [sanjeeb@serverB user]$ sudo firewall-cmd --reload success [sanjeeb@serverB user]$ sudo firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client http mountd nfs rpc-bind ssh ports: 4499/tcp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: