WhatsNewInRHEL7 RHLS Hnath Hacker
Short Description
Linux news...
Description
Migrate to Red Hat Enterprise Linux 7 with Red Hat Learning Subscription George Hacker Curriculum Manager Pete Hnath Director – Curriculum Development July 30, 2015
Agenda ●
●
Changes Introduced with Red Hat Enterprise Linux 7 –
Controlling services with systemd
–
Troubleshooting the new boot process
–
System logging and integration with the system journal
–
Network configuration with NetworkManager
–
Firewall configuration with firewalld
–
Changes to Anaconda, the Red Hat installer
Introducing Red Hat Learning Subscription
CHANGES TO SERVICE MANAGEMENT
Service Management with systemd ●
●
Historical background of SysV init –
PID 1 = /sbin/init
–
Concept of numbered run-levels
–
inetd/xinetd daemons manage ports for simple services
Red Hat Enterprise Linux 7 uses systemd for service management –
PID 1 = /usr/lib/systemd/systemd
–
System objects (services, ports, paths) are called units
–
System state is determined by units called targets
Benefits of systemd ●
Parallelization –
●
On-demand starting of daemons possible –
●
Without requiring a separate daemon, similar to xinetd
Automatic service dependency management –
●
Increases boot speed
For example, it doesn't make sense to start a network service if the network is unavailable
Manage related processes by using Linux control groups
systemd Concepts and Terms ●
systemd objects are called units
●
Units are managed with the systemctl utility
●
Common unit types include: –
System services (.service extension)
–
These usually start continuously running daemons IPC sockets (.socket extension)
–
Similar in function to xinetd services File system paths (.path extension)
●
●
●
Used to delay a service until a file system change occurs
Other systemctl Status Commands ●
●
systemctl status UNIT –
UNIT is specified as NAME[.TYPE]
–
When TYPE is omitted, .service is the default
Keywords that indicate the service state –
loaded – Unit configuration file has been processed
–
active (running) – Running with one or more processes
–
active (exited) – Completed a one-time configuration
–
active (waiting) – Running but waiting for an event
–
inactive – Not running
–
enabled / disabled – Boot-time status.
Checking the Status of Units ●
systemctl
●
systemctl --type=TYPE
●
systemctl status UNIT -l
●
systemctl list-units --type=TYPE
●
systemctl list-unit-files --type=TYPE
Changing the Status of a Unit ●
●
Change current status of a unit –
systemctl start UNIT
–
systemctl stop UNIT
–
systemctl restart UNIT
–
systemctl reload UNIT
Change the boot-time status of a unit –
systemctl enable UNIT
–
systemctl disable UNIT
Insert Screenshare Here
Masking a Unit ●
Masks are used to disable services that may cause a conflict
●
Avoids inadvertent launch of a service –
For example, network and NetworkManager may conflict with each other, so one should be masked
–
systemctl mask UNIT
–
systemctl unmask UNIT
CHANGES TO THE BOOT PROCESS
System Boot Process ●
The following steps are taken when the system boots –
Power on (UEFI or BIOS performs POST, identifies boot device)
–
Configured with a BIOS key combination (often F2) Loads the boot loader from disk (grub2 for RHEL7)
–
Configured with grub-install Boot loader loads its configuration and presents a menu
●
●
/etc/grub.d/*, /etc/default/grub, and /boot/grub2/grub.conf Boot loader loads the selected kernel and initial RAM disk image ●
–
●
/etc/dracut.conf
System Boot Process (continued) ●
●
●
● ●
Boot loader passes control over to the kernel – /etc/grub.d/*, /etc/default/grub, and /boot/grub2/grub.conf Kernel initializes hardware, then runs /sbin/init from the initramfs (which is systemd in RHEL7) – Configured using init= kernel parameter Initramfs systemd executes all units in initrd.target target – Mounts actual root file system as /sysroot (/etc/fstab) /sysroot becomes / and installed systemd executed systemd looks for a default target – Either configured on system or passed as kernel parameter – /etc/systemd/system/default.target
Targets That Can Be Used at System Boot ●
graphical.target –
●
multi-user.target –
●
System supports multiple users, text-based logins
rescue.target –
●
System supports multiple users, graphical and textbased logins
sulogin prompt, basic system initialization
emergency.target –
sulogin prompt, initramfs pivot complete and system root mounted read-only on /
Managing System State on an Active System ●
●
Power off or reboot –
systemctl poweroff
–
systemctl reboot
Changing the current target on a booted system –
systemctl isolate TARGET
Insert Screenshare Here
Selecting a Different Target at Boot Time ●
Add a kernel parameter –
●
systemd.unit=TARGET
GRUB2 process –
Reboot
–
Interrupt the boot loader
–
Select the desired kernel entry
–
Press 'e' to edit
–
Use arrow keys to get to line that starts with "linux16"
–
Append systemd.unit=TARGET
–
Press Ctrl-X to boot with the changes
Recovering root Password ●
systemd targets still require a password to access the system
●
Instead of appending systemd.unit=TARGET, append rd.break –
This option stops the boot process before the initramfs switches to the actual system
–
mount -o remount,rw /sysroot
–
chroot /sysroot
–
passwd root
–
touch /.autorelabel
CHANGES TO SYSTEM LOGGING
Logging Services ●
●
●
systemd-journald –
Collects kernel messages, the early stages of the boot process, standard output/error of daemons as they start up and run
–
Written to a structured journal of events, by default does not persist between reboots
–
Log messages also forwarded to rsyslog for further processing
rsyslog –
Similar to syslog
–
Sorts messages by type (or facility) and priority, then writes them to persistent files in /var/log.
rsyslog Configuration ●
●
rsyslog configuration files –
/etc/rsyslog.conf
–
/etc/rsyslog.d/*.conf
#### RULES #### section of /etc/rsyslog.conf –
Looks like traditional syslog configuration
–
FACILITY.PRIORITY DESTINATION
Table of Defined Priorities –
emerg (0) – System is unusable
–
alert (1) – Immediate action must be taken
–
crit (2) – Critical condition
–
err (3) – Non-critical error condition
–
warning (4) – Warning condition
–
notice (5) – Normal, but significant, event
–
info (6) – Informational event
–
debug (7) – Debugging-level event
Review systemd Journal Entries ●
●
The journalctl command is used to view systemd journal entries –
Highlighted entries indicate notice/warning priority messages
–
Red messages indicate error and higher priority messages
Common journalctl usage –
journalctl -p PRIORITY
–
journalctl -f (similar to tail -f)
–
journalctl --since TIMESPEC --until TIMESPEC
–
journalctl -o verbose
Insert Screenshare Here
CHANGES TO NETWORK MANAGEMENT
Network Interface Names ●
●
The default naming behavior is to assign fixed names based on firmware, device topology, and device type. Interface names have the following characters: –
Ethernet interfaces begin with en, WLAN interfaces begin with wl, and WWAN interfaces begin with ww
–
The next character(s) represents the type of adapter with an o for on-board, s for hotplug slot, and p for PCI geographic location Not used by default but also available to administrators, an x is used to incorporate a MAC address A number N is used to represent an index, ID, or port ●
–
Network Interface Names (continued) ●
●
●
If the fixed name cannot be determined, the traditional names, such as ethN, will be used Example names: –
eno1 = first embedded interface name
–
enp2s0 = an example PCI network card name
Default naming can be overridden by installing biosdevnam package or set with custom udev rules
Validating Network Configuration ●
Display IP addresses –
●
Display network statistics –
●
ip -s link show IFACE
Display routing table –
●
ip addr show IFACE
ip route
Display port and service information –
ss -ta
–
Has similar options to older netstat utility, which is deprecated
Network Manager Concepts and Terms ●
●
●
The NetworkManager daemon is used to manage network interfaces by default NetworkManager terms –
Device – network interface
–
Connection – configuration used for a device (collection of settings)
A device can have multiple connection configurations –
Only one can be active at a time
Network Configuration with nmcli ●
The nmcli command configures NetworkManager –
nmcli con show
–
nmcli con show --active
–
nmcli con show CONNECTION
–
nmcli dev status
–
nmcli dev show INTERFACE
Creating a New Connection ●
Examples –
nmcli con add con-name "default" type ethernet \ ifname eth0
–
nmcli con add con-name "static" ifname eth0 \ autoconnect no type ethernet ip4 172.25.X.10/24 \ gw4 172.25.X.254
●
–
nmcli con up "static"
–
nmcli con up "default"
Different types of interfaces can have different options –
nmcli con add help
Modifying Network Settings ●
Example –
nmcli con show NAME
–
nmcli con mod NAME connection.autoconnect no
–
nmcli con mod NAME ipv4.dns 172.25.X.254
–
nmcli con mod NAME ipv4.addresses \ "172.25.X.10/24 172.25.X.254"
–
nmcli con mod NAME +ipv4.addresses 10.10.10.10/16
●
The previous commands modify configuration files
●
Reactivate the connection to make them active –
nmcli con up NAME
Network Configuration Files ●
Found in /etc/sysconfig/network-scripts/ifcfg-*
●
NetworkManager must be notified of changes
●
–
nmcli con reload
–
nmcli con down NAME
–
nmcli con up NAME
The connection name is specified with the NAME= line in the interface configuration file
Host Name Configuration ●
Host name is defined in /etc/hostname –
●
Instead of /etc/sysconfig/network
hostnamectl command is used to manage it –
hostnamectl status
–
hostnamectl set-hostname FQDN
Insert Screenshare Here
CHANGES TO FIREWALL CONFIGURATION
Firewall Configuration with firewalld ●
The firewalld daemon manages Netfilter rules –
●
●
iptables still works underneath
Applications can request ports to be opened using DBus messages Firewall management is simplified with the concept of zones –
The source address of packets determines which zone they are directed to
–
Rules in the zone are applied to the packet
Predefined Zones ●
The following are some of the predefined zones: –
trusted – allow all incoming traffic
–
public – reject incoming traffic, except related packets, ssh, ipp-client, or dhcpv6-client services
–
external – reject incoming traffic, except related packets and ssh traffic
–
Outgoing IPv4 forwarded traffic is masqueraded dmz – reject incoming traffic, except related packets and ssh traffic
–
block – reject all incoming traffic, unless related traffic
●
Managing Firewall Rules ●
●
There are three ways to manage firewall rules –
Edit text files in /etc/firewalld/*
–
firewall-config graphical utility
–
firewall-cmd command-line utility
Current rules versus permanent rules –
The --permanent option modifies permanent rules, not current rules
Useful firewall-cmd Commands –
firewall-cmd --get-services
–
firewall-cmd --get-zones
–
firewall-cmd --get-active-zones
–
firewall-cmd --list-all
–
firewall-cmd --add-service=SERVICE --zone=ZONE
–
firewall-cmd --add-port=PORT/PROTO --zone=ZONE
–
firewall-cmd --reload
Insert Screenshare Here
CHANGES TO RED HAT ENTERPRISE LINUX INSTALLATION
Installation Summary Screen ●
●
Can complete the separate hubs in any order Must complete hubs with warning signs before proceeding with the installation
Installation Summary Screen
Troubleshooting an Installation ●
●
Virtual console functions –
Ctrl-Alt-F1 – main installer console with debugging info
–
Ctrl-Alt-F2 – shell prompt with root access
–
Ctrl-Alt-F3 – installation log
–
Ctrl-Alt-F4 – storage log
–
Ctrl-Alt-F5 – program log from other utilities
–
Ctrl-Alt-F6 – spare shell prompt?
–
Ctrl-Alt-F7 – default console with GUI installation
Red Hat Enterprise Linux 7.1 –
All programs are in tmux panes on first virtual console
Installation Options ●
●
Installation source media –
inst.repo=MEDIA
–
MEDIA can be cdrom, URL, or hd:device:path
–
Replaces method= (deprecated)
Kickstart file location –
inst.ks=URL
RED HAT LEARNING SUBSCRIPTION (RHLS)
Red Hat Learning Subscription
49
INSERT DESIGNATOR, IF NEEDED
•
Unlimited access to all Red Hat on-line courses
•
Content: Over 100 days
•
Videos: Over 300
•
Labs: Up to 400 hours
•
Help: Email support
The Challenge. Solved. Challenges New staf New releases
50
Red Hat Learning Subscription Full learning path leading to certification. On-going access to new releases.
Time
On-Demand learning in small chunks.
Cross-training
Access to full Red Hat Training portfolio.
Performance support
Indexed, searchable content.
Global coverage
Access in 5 continents, in 9 languages.
Cost
Dozens of courses for the price of two.
INSERT DESIGNATOR, IF NEEDED
Course List - Platform • • • • •
RHEL – RHCSA / RHCE Track Red Hat System Administration I Online (RH124R) Red Hat System Administration II Online (RH134R) RHCSA Rapid Track Course (RH199R) Red Hat System Administration III Online (RH254R) RHCE Certification Lab (RH299R)
RHEL – Satellite Track • Red Hat Satellite 6 Administration (RH403R) Advanced RHEL – RHCA Track • Red Hat Server Hardening Online (RH413R) • Red Hat Performance Tuning (RH442R) • Red Hat High Availability (RH436) – coming soon! Advanced RHEL – Containers • Managing Containers with RHELAtomic Host (RH270R)
51
INSERT DESIGNATOR, IF NEEDED
Video Demos
52
INSERT DESIGNATOR, IF NEEDED
Searchable And On-Demand
53
INSERT DESIGNATOR, IF NEEDED
Hands-On Practice
54
INSERT DESIGNATOR, IF NEEDED
Full RHCE Track in HD Video Coming this Fall •
•
•
55
INSERT DESIGNATOR, IF NEEDED
Red Hat System Administration I (RH124) Red Hat System Administration II (RH134) Red Hat System Administration III (RH254)
QUESTIONS?
View more...
Comments
