WhatsNewInRHEL7 RHLS Hnath Hacker

Share Embed Donate

Short Description

Linux news...


Migrate to Red Hat Enterprise Linux 7 with Red Hat Learning Subscription George Hacker Curriculum Manager Pete Hnath Director – Curriculum Development July 30, 2015

Agenda ●

Changes Introduced with Red Hat Enterprise Linux 7 –

Controlling services with systemd

Troubleshooting the new boot process

System logging and integration with the system journal

Network configuration with NetworkManager

Firewall configuration with firewalld

Changes to Anaconda, the Red Hat installer

Introducing Red Hat Learning Subscription


Service Management with systemd ●

Historical background of SysV init –

PID 1 = /sbin/init

Concept of numbered run-levels

inetd/xinetd daemons manage ports for simple services

Red Hat Enterprise Linux 7 uses systemd for service management –

PID 1 = /usr/lib/systemd/systemd

System objects (services, ports, paths) are called units

System state is determined by units called targets

Benefits of systemd ●

Parallelization –

On-demand starting of daemons possible –

Without requiring a separate daemon, similar to xinetd

Automatic service dependency management –

Increases boot speed

For example, it doesn't make sense to start a network service if the network is unavailable

Manage related processes by using Linux control groups

systemd Concepts and Terms ●

systemd objects are called units

Units are managed with the systemctl utility

Common unit types include: –

System services (.service extension)

These usually start continuously running daemons IPC sockets (.socket extension)

Similar in function to xinetd services File system paths (.path extension)

Used to delay a service until a file system change occurs

Other systemctl Status Commands ●

systemctl status UNIT –

UNIT is specified as NAME[.TYPE]

When TYPE is omitted, .service is the default

Keywords that indicate the service state –

loaded – Unit configuration file has been processed

active (running) – Running with one or more processes

active (exited) – Completed a one-time configuration

active (waiting) – Running but waiting for an event

inactive – Not running

enabled / disabled – Boot-time status.

Checking the Status of Units ●


systemctl --type=TYPE

systemctl status UNIT -l

systemctl list-units --type=TYPE

systemctl list-unit-files --type=TYPE

Changing the Status of a Unit ●

Change current status of a unit –

systemctl start UNIT

systemctl stop UNIT

systemctl restart UNIT

systemctl reload UNIT

Change the boot-time status of a unit –

systemctl enable UNIT

systemctl disable UNIT

Insert Screenshare Here

Masking a Unit ●

Masks are used to disable services that may cause a conflict

Avoids inadvertent launch of a service –

For example, network and NetworkManager may conflict with each other, so one should be masked

systemctl mask UNIT

systemctl unmask UNIT


System Boot Process ●

The following steps are taken when the system boots –

Power on (UEFI or BIOS performs POST, identifies boot device)

Configured with a BIOS key combination (often F2) Loads the boot loader from disk (grub2 for RHEL7)

Configured with grub-install Boot loader loads its configuration and presents a menu

/etc/grub.d/*, /etc/default/grub, and /boot/grub2/grub.conf Boot loader loads the selected kernel and initial RAM disk image ●


System Boot Process (continued) ●

● ●

Boot loader passes control over to the kernel – /etc/grub.d/*, /etc/default/grub, and /boot/grub2/grub.conf Kernel initializes hardware, then runs /sbin/init from the initramfs (which is systemd in RHEL7) – Configured using init= kernel parameter Initramfs systemd executes all units in initrd.target target – Mounts actual root file system as /sysroot (/etc/fstab) /sysroot becomes / and installed systemd executed systemd looks for a default target – Either configured on system or passed as kernel parameter – /etc/systemd/system/default.target

Targets That Can Be Used at System Boot ●

graphical.target –

multi-user.target –

System supports multiple users, text-based logins

rescue.target –

System supports multiple users, graphical and textbased logins

sulogin prompt, basic system initialization

emergency.target –

sulogin prompt, initramfs pivot complete and system root mounted read-only on /

Managing System State on an Active System ●

Power off or reboot –

systemctl poweroff

systemctl reboot

Changing the current target on a booted system –

systemctl isolate TARGET

Insert Screenshare Here

Selecting a Different Target at Boot Time ●

Add a kernel parameter –


GRUB2 process –


Interrupt the boot loader

Select the desired kernel entry

Press 'e' to edit

Use arrow keys to get to line that starts with "linux16"

Append systemd.unit=TARGET

Press Ctrl-X to boot with the changes

Recovering root Password ●

systemd targets still require a password to access the system

Instead of appending systemd.unit=TARGET, append rd.break –

This option stops the boot process before the initramfs switches to the actual system

mount -o remount,rw /sysroot

chroot /sysroot

passwd root

touch /.autorelabel


Logging Services ●

systemd-journald –

Collects kernel messages, the early stages of the boot process, standard output/error of daemons as they start up and run

Written to a structured journal of events, by default does not persist between reboots

Log messages also forwarded to rsyslog for further processing

rsyslog –

Similar to syslog

Sorts messages by type (or facility) and priority, then writes them to persistent files in /var/log.

rsyslog Configuration ●

rsyslog configuration files –



#### RULES #### section of /etc/rsyslog.conf –

Looks like traditional syslog configuration


Table of Defined Priorities –

emerg (0) – System is unusable

alert (1) – Immediate action must be taken

crit (2) – Critical condition

err (3) – Non-critical error condition

warning (4) – Warning condition

notice (5) – Normal, but significant, event

info (6) – Informational event

debug (7) – Debugging-level event

Review systemd Journal Entries ●

The journalctl command is used to view systemd journal entries –

Highlighted entries indicate notice/warning priority messages

Red messages indicate error and higher priority messages

Common journalctl usage –

journalctl -p PRIORITY

journalctl -f (similar to tail -f)

journalctl --since TIMESPEC --until TIMESPEC

journalctl -o verbose

Insert Screenshare Here


Network Interface Names ●

The default naming behavior is to assign fixed names based on firmware, device topology, and device type. Interface names have the following characters: –

Ethernet interfaces begin with en, WLAN interfaces begin with wl, and WWAN interfaces begin with ww

The next character(s) represents the type of adapter with an o for on-board, s for hotplug slot, and p for PCI geographic location Not used by default but also available to administrators, an x is used to incorporate a MAC address A number N is used to represent an index, ID, or port ●

Network Interface Names (continued) ●

If the fixed name cannot be determined, the traditional names, such as ethN, will be used Example names: –

eno1 = first embedded interface name

enp2s0 = an example PCI network card name

Default naming can be overridden by installing biosdevnam package or set with custom udev rules

Validating Network Configuration ●

Display IP addresses –

Display network statistics –

ip -s link show IFACE

Display routing table –

ip addr show IFACE

ip route

Display port and service information –

ss -ta

Has similar options to older netstat utility, which is deprecated

Network Manager Concepts and Terms ●

The NetworkManager daemon is used to manage network interfaces by default NetworkManager terms –

Device – network interface

Connection – configuration used for a device (collection of settings)

A device can have multiple connection configurations –

Only one can be active at a time

Network Configuration with nmcli ●

The nmcli command configures NetworkManager –

nmcli con show

nmcli con show --active

nmcli con show CONNECTION

nmcli dev status

nmcli dev show INTERFACE

Creating a New Connection ●

Examples –

nmcli con add con-name "default" type ethernet \ ifname eth0

nmcli con add con-name "static" ifname eth0 \ autoconnect no type ethernet ip4 172.25.X.10/24 \ gw4 172.25.X.254

nmcli con up "static"

nmcli con up "default"

Different types of interfaces can have different options –

nmcli con add help

Modifying Network Settings ●

Example –

nmcli con show NAME

nmcli con mod NAME connection.autoconnect no

nmcli con mod NAME ipv4.dns 172.25.X.254

nmcli con mod NAME ipv4.addresses \ "172.25.X.10/24 172.25.X.254"

nmcli con mod NAME +ipv4.addresses

The previous commands modify configuration files

Reactivate the connection to make them active –

nmcli con up NAME

Network Configuration Files ●

Found in /etc/sysconfig/network-scripts/ifcfg-*

NetworkManager must be notified of changes

nmcli con reload

nmcli con down NAME

nmcli con up NAME

The connection name is specified with the NAME= line in the interface configuration file

Host Name Configuration ●

Host name is defined in /etc/hostname –

Instead of /etc/sysconfig/network

hostnamectl command is used to manage it –

hostnamectl status

hostnamectl set-hostname FQDN

Insert Screenshare Here


Firewall Configuration with firewalld ●

The firewalld daemon manages Netfilter rules –

iptables still works underneath

Applications can request ports to be opened using DBus messages Firewall management is simplified with the concept of zones –

The source address of packets determines which zone they are directed to

Rules in the zone are applied to the packet

Predefined Zones ●

The following are some of the predefined zones: –

trusted – allow all incoming traffic

public – reject incoming traffic, except related packets, ssh, ipp-client, or dhcpv6-client services

external – reject incoming traffic, except related packets and ssh traffic

Outgoing IPv4 forwarded traffic is masqueraded dmz – reject incoming traffic, except related packets and ssh traffic

block – reject all incoming traffic, unless related traffic

Managing Firewall Rules ●

There are three ways to manage firewall rules –

Edit text files in /etc/firewalld/*

firewall-config graphical utility

firewall-cmd command-line utility

Current rules versus permanent rules –

The --permanent option modifies permanent rules, not current rules

Useful firewall-cmd Commands –

firewall-cmd --get-services

firewall-cmd --get-zones

firewall-cmd --get-active-zones

firewall-cmd --list-all

firewall-cmd --add-service=SERVICE --zone=ZONE

firewall-cmd --add-port=PORT/PROTO --zone=ZONE

firewall-cmd --reload

Insert Screenshare Here


Installation Summary Screen ●

Can complete the separate hubs in any order Must complete hubs with warning signs before proceeding with the installation

Installation Summary Screen

Troubleshooting an Installation ●

Virtual console functions –

Ctrl-Alt-F1 – main installer console with debugging info

Ctrl-Alt-F2 – shell prompt with root access

Ctrl-Alt-F3 – installation log

Ctrl-Alt-F4 – storage log

Ctrl-Alt-F5 – program log from other utilities

Ctrl-Alt-F6 – spare shell prompt?

Ctrl-Alt-F7 – default console with GUI installation

Red Hat Enterprise Linux 7.1 –

All programs are in tmux panes on first virtual console

Installation Options ●

Installation source media –


MEDIA can be cdrom, URL, or hd:device:path

Replaces method= (deprecated)

Kickstart file location –



Red Hat Learning Subscription



Unlimited access to all Red Hat on-line courses

Content: Over 100 days

Videos: Over 300

Labs: Up to 400 hours

Help: Email support

The Challenge. Solved. Challenges New staf New releases


Red Hat Learning Subscription Full learning path leading to certification. On-going access to new releases.


On-Demand learning in small chunks.


Access to full Red Hat Training portfolio.

Performance support

Indexed, searchable content.

Global coverage

Access in 5 continents, in 9 languages.


Dozens of courses for the price of two.


Course List - Platform • • • • •

RHEL – RHCSA / RHCE Track Red Hat System Administration I Online (RH124R) Red Hat System Administration II Online (RH134R) RHCSA Rapid Track Course (RH199R) Red Hat System Administration III Online (RH254R) RHCE Certification Lab (RH299R)

RHEL – Satellite Track • Red Hat Satellite 6 Administration (RH403R) Advanced RHEL – RHCA Track • Red Hat Server Hardening Online (RH413R) • Red Hat Performance Tuning (RH442R) • Red Hat High Availability (RH436) – coming soon! Advanced RHEL – Containers • Managing Containers with RHELAtomic Host (RH270R)



Video Demos



Searchable And On-Demand



Hands-On Practice



Full RHCE Track in HD Video Coming this Fall •



Red Hat System Administration I (RH124) Red Hat System Administration II (RH134) Red Hat System Administration III (RH254)


View more...


Copyright ©2017 KUPDF Inc.