Transcription

Red Hat Enterprise Linux 101Ben Breard, RHCASolutions Architect, Red [email protected]

Agenda2 10 things everyone should know about RHEL The Basics Device Management Disk Management Configuring Services RPM & YUM Kernel Basics Networking Compiling Software Tips & Tricks

10. In Linux (like Unix):“Everything is a file”Everything is a file descriptor or a process3

9. Fun Facts about Linux4 In development for over twenty years A new version is released every 3 months 3.5 commits every hour to the upstream kernel 15 million lines of code

PERCENT OF TOTAL GLEMONTA VISTANEW DREAM NETWORKNETAPPMARVELLNTTBROADCOMWOLFSON MICROELECTRONICSPENGUTRONIXHPCorporate Contributions to LinuxANALOG DEVICESATHEROS COMMUNICATIONSTEXAS INSTRUMENTSAMDFUJITSUORACLERENESAS TECHNOLOGY2%NOVELL8%INTEL10%CONSULTANTS4%RED HAT8. Red Hat is a Development PowerhouseRed Hat is consistently the largest contributor to the Linux kernelKERNEL 2.6.30-2.6.35 (DEC 2010)12%0%Source:The Linux Foundation Linux Kernel Development 2010December 2010 (Pages 14-15)

7. Red Hat Enterprise Linux LifecycleA major release is supported for:A) a couple yearsB) 7 yearsC) 10 yearsD) 13 years6

7. Red Hat Enterprise Linux LifecycleA major release is supported for:A) a couple yearsB) 7 yearsC) 10 yearsD) 13 years7RHEL 2, 3, 4

7. Red Hat Enterprise Linux LifecycleA major release is supported for:A) a couple yearsB) 7 yearsC) 10 yearsD) 13 years8RHEL 5, 6, .

7. Red Hat Enterprise Linux LifecycleA major release is supported for:A) a couple yearsB) 7 yearsC) 10 yearsD) 13 years9Extended Life Support

6. API/ABI CompatibilityThe API / ABI Compatibility Commitmentdefines stable, public, system interfaces for thefull ten-year life cycle of Red Hat EnterpriseLinux 6. During that time, applications will not beaffected by security errata or service packs, andwill not require re-certification. Backwardcompatibility for the core ABI is maintainedacross major releases, allowing applications tospan subsequent releases.10

5. WHERE TO GO FOR HELP Customer Portal: http://access.redhat.com 11Knowledge base, forums, reference archSupport cases (now including chat)Downloads & Documentation Via phone: 888-GO-REDHAT Documentation: http://docs.redhat.com

4. Flexible Training Options12

3. Virtualization is built-inHypervisorOperating SystemMemory management Power management CPU Scheduling TCP/IP stack Security Fibre channel Clustering File system Volume Management Disk drivers Network Drivers. Linux 99.5%13Memory management Power management CPU Scheduling TCP/IP stack Security Fibre channel Clustering File system Volume Management Disk drivers Network Drivers. Driver for Intel VT, AMD-V KVM 0.5%

2. Customers help us drive changeRed Hat Enterprise Linux 6 includes1,821 customer and partner requested features14

1. The most important thing to remember isLinux is Fun.and if you disagree, you haven't used it enough.15

The Basics16

Red Hat Enterprise Linux Supported architectures: x86, x86 64, PPC64, s390x Simple and straight forward to install Deployments can be automated using kickstart RPM package based distribution Identify the version via cat /etc/redhat-release /etc/sysconfig/ contains many system settings system-config utilities provide simple configuration utilities Register to RHN or Satellite for updatesDocumentation17

Boot Process GRUB – GRand Unified Bootloader Default bootloader for Linux. Can chain load other operating systems.Stage 1 – Small image, 446 bytes, in the MBR. Simply loads stage 2.Stage 2 – Loaded from /boot Configure via /boot/grub/grub.confLoads the kernel (vmlinuz) and initial RAM disk(initrd.img)Configure GRUB18

File System Hierarchy Standard ome/tmp/lib/usr/opt/varfilesystem-fhs19

Command ComparisonCommand PurposeMS-DOSLinuxCopies filescopycpMove filesmovemvList filesdirlsDelete filesdelrmCompare filesfcdiffDisplay help[command] /?man, -h, --helpCreate directorymkdirmkdirRename filesrenmvDisplay locationchdirpwdChange dirchdircdRAM in usememfreeProcess IDsTASKLISTtopap-doslinux.html20

User Management Local accounts: useradd, userdel /etc/passwd, /etc/group, /etc/shadow Set password: passwd [username] SSSD – LDAP, Kerberos, Active Directory, IdM su – switch user sudo /etc/sudoers visudo to configureManage Users & Groups21

File Permissions -rw-r--r--. 1 root root 200 Oct 15 01:37 rsyslog (r)ead 4, (w)rite 2, e(x)ecute 1 Useful commands chmod, chown, chgrp -R for recursive, -v verbose Ex: chmod 600 myfile.txt Ex: chmod u x myfile.sh Ex: chown owner:group myfile.txtNavigatingOwnership.html22

Text Editors 23vi – visual editor Always installed Very fast for tweaking configuration files vim – vi enhanced Learn vi with vimtutor Emacs – Powerful and extendable editor nano – A user friendly editor Graphical editors: gedit, kwrite

OpenSSH Provides the Secure Shell protocol Replaces insecure legacy applications like telnet Can tunnel insecure protocols using port forwarding Includes scp (secure copy) and sftp (secure ftp)Configuration file: /etc/ssh/sshd config PermitRootLogin, Port, Protocol Forward X via ssh -X [email protected] Passwordless authentication ssh-keygen -t rsa ssh-copy-id -i /.ssh/id rsa [email protected] remote commands: ssh [email protected] uptimeOpenssh-intro24

Managing Devices25

Device Naming Convention Device type followed by device number Storage devices use name prefix, device letter,partition number 26ttyS0 - 1st serial devicesdb3 - 2nd disk 3rd partition MAKEDEV mknode

Devices under /dev27 sd – scsi/sata disk vd – virtio disk dm – device mapper mapper/vg name-lv name tty – terminals (switch via ctrl alt F{1.6}) ttyS – serial ports

Viewing File Systems & Block Devices mount – use to display and mount file systems findmnt – provides a tree view of mount points /etc/fstab – Configure persistent mounts Device /dev/VolGroup00/LogVol00 /fs-type optionsext4defaultsdump-freq pass#00 df -h – disk free, view file system usage du -sh – disk usage, view file and directory size lsblk – list block devices blkid – Identify the UUID for a deviceViewing File Systems28mount point

Pop QuizWhat does this command do? 29du -h sort -rn less

Partitioning fdisk or parted fdisk /dev/sdb m for menu n for new Follow the prompts W for write 30Run partprobe to inform the OS of partition tablechanges.

LVM Remember the order of operations pv, vg, lv {pv,vg,lv}display {pv,vg,lv}create {pv,vg,lv}remove {pv,vg,lv}resize {pv,vg,lv}sLogical Volume Administration31

Create File Systems mke2fs mkfs [tab] [tab] 32mkfs.ext4 [device]

DM RAID mdadm --create /dev/md0 --level 1 --raiddevices 2 /dev/sda1 /dev/sdb1 cat /proc/mdstat for status Use a bitmap when possible for faster recovery mdadm --grow /dev/md0 –bitmap internalConfigure /etc/mdadm.conf for email alerts MAILADDR MAILFROMDM RAID Info33

mdadm --detail /dev/md0/dev/md3:Version : 0.90Creation Time : Tue Jun 28 16:05:49 2011Raid Level : raid1Array Size : 128384 (125.40 MiB 131.47 MB)Used Dev Size : 128384 (125.40 MiB 131.47 MB)Raid Devices : 2Total Devices : 2Preferred Minor : 0Persistence : Superblock is persistentUpdate Time : Thu Jun 30 17:06:34 2011State : cleanActive Devices : 2Working Devices : 2Failed Devices : 0Spare Devices : 0UUID : 49c5ac74:c2b79501:5c28cb9c:16a6dd9fEvents : 0.6Number Major Minor RaidDevice State340310active sync /dev/sda113651active sync /dev/sdb1

Configuring Services35

Init / Upstart Short for initialization Always PID 1 Init scripts are located in /etc/init.d/ Default runlevel set in /etc/inittab 36id:3:initdefault: Change runlevel via init X Runlevels execute scripts under /etc/rc.d/rc[X].d/ Use /etc/rc.local for commands on startup

Init / Upstart{K,S}, Order, Daemon - sym link to ./init.d/daemon37

Start, Stop, Onboot /etc/init.d/[daemon] service {start, stop, restart, status} daemon Ex: service httpd restartTo see available actions only enter service daemon service dhcpdUsage: /etc/init.d/dhcpd {start stop restart force-reload condrestart try-restart configtest status}38 chkconfig daemon {on, off} View: chkconfig --list daemon

RPM & YUM39

RPM Package Manager 40Upgradability – Configuration files persist upgradesPowerful Querying – Identify which files belong towhich packages System Verification – Integrity of binaries Pristine Sources – Original tgzs are included in srpms

RPM Commands41 Install a package: rpm -ivh [package name] Upgrade a package: rpm -Uvh [package name] Remove a package: rpm -e [package name] View installed packages: rpm -qa Filter for package: rpm -qa grep [package name] Verify package: rpm -V [package name] Query file: rpm -qf /path-to-file Locate documentation: rpm -qdf /path-to-file

YUM Yellowdog Updater, Modified 42Package manager or “frontend” for RPMWhenever possible use YUM forinstalling/removing/upgrading packages Dependency resolution – avoid “dependency hell” Easily pull from repositories Add repositories to /etc/yum.repos.d/

YUM Commands43 Update system: yum update Update package: yum update [package] Install package: yum install [package] Install group: yum groupinstall [group] Install local rpm: yum localinstall /path-to-rpm Remove package: yum remove [package] Search for package: yum search [package] List package groups: yum grouplist Search based on file: yum provides /path-to-file Clear cached packages & headers: yum clean all

Kernel Basics44

Kernel 45The “heart” of the operating systemHandles process scheduling, input/output, memorymanagementDrivers for system components are handled as kernelmodulesRed Hat attempts to ship as many modules as possible(so that only the minimal components are “hardcoded”)Each module has its own parameters, many of whichare used for tuning

Kernel Check the current version via uname -r View installed kernels using rpm -q kernel View parameters passed to the kernel at boot time 462.6.32-358.2.1.el6.x86 64cat /proc/cmdlineKernel modules: List: lsmod Add: modprobe Remove: rmmod

Kernel Tunables Exposed under /etc/sysctl.conf /proc /sys tuned-adm /usr/share/doc/kernel-*/Documentation modinfoProc FilesystemPerformance Tuning Guide47

Networking48

Networking ip ad sh Ifconfig Restart networking: service network restart Bounce an interface: ifdown eth0 && ifup eth0 Interactive TUI run setup 49View network info via:Configure hostname, gateway, gatewaydev in/etc/sysconfig/network Configure interface: /etc/sysconfig/network-scripts/ifcfg-eth0 DNS is set in /etc/resolv.conf

Network Interface Scriptscat /etc/sysconfig/network-scripts/ifcfg-eth0DEVICE "eth0"BOOTPROTO "dhcp"NM CONTROLLED "no"ONBOOT yesTYPE "Ethernet"HWADDR F0:DE:F1:9A:5E:E8Configuring Interfaces50

Network Interface Scriptscat /etc/sysconfig/network-scripts/ifcfg-eth0DEVICE "eth0"BOOTPROTO "static"NM CONTROLLED "no"ONBOOT yesTYPE "Ethernet"HWADDR F0:DE:F1:9A:5E:E8IPADDR 10.10.10.1NETMASK 255.255.255.0GATEWAY 10.10.10.254DNS1 4.2.2.251(for CIDR use PREFIX 24)

Firewall - iptables Stateless and stateful packet inspection (IPv4 & IPv6)Network address and port translation, e.g. NAT/NAPT (IPv4and IPv6) Rules are persisted in /etc/sysconfig/iptables Tweak config file for easy edits & restart iptables System-config-firewall-tui lokkit --service http lokkit --port 3129:tcp service iptables {start/stop} chkconfig iptables on/offiptables guide52

Compiling Software53

STOP!54

Consider the following:1. Is this already packaged and available as an RPM? RPMs are easier to manage, update, uninstall, etc. Most ISVs ship RPMs and/or have yum repositories. Check trusted 3rd party repositories (EPEL, Atrpms, etc)2. If it's not available in an RPM, should you role one?55 There is a learning curve to creating RPMs Once a SPEC file is written, updating is easy

Developer Tools 56gcc - GNU Compiler Collection includes front ends for C,C , Objective-C, Fortran, Java, and others.make – Automatically builds compiled code using amakefile automake – Tool for automatically generating makefiles Eclipse – Open source IDE

The Quick and Dirty 57Install these package groups: development-tools &development-librariesExtract the tarball tar -zxvf some.tar.gz cd some ./configure make make install

Tips & Tricks58

Misc 59The best way to learn is by immersion. Consider taking a class Installing RHEL or Fedora on a personal laptop When troubleshooting always consider selinux & iptables SELinux Intro: https://access.redhat.com/site/articles/217213 SELinux for Mere Mortals Configure static routes: https://access.redhat.com/site/solutions/8023 Jumbo frames: add MTU 9000 to the interface config file

Misc60 Find files with locate Terminal tips: Use tab completion Shift PgUp to backscroll (not an issue w/ putty) Ctrl l will clear the terminal Ctrl r searches history sudo !! - rerun last command w/ escalated privileges Use screen for long SSH sessions Use a tuned profile

Creating a Virtual Template Delete ssh keys: rm -rf /etc/ssh/ssh host * Comment or delete HWADDR from the network config Remove UDEV rules from ** touch /.unconfigured 61Edit /etc/rc.sysinit to make it non-interactive

62