Managing SUSE Linux Enterprise - Amazon Web Services

Managing SUSE Linux EnterpriseCourse Navigation

Previous Sect ions

Sof t ware Managem ent

Section 10

Net work Managem entSection 11

St orage Managem entSection 12

Ident it y and Secur it ySection 9

Adm inist rat ion and Monit or ing

Section 13

Inst all ing SUSE Linux Ent erpr iseSection 14

ConclusionSection 15

https://www.lucidchart.com/documents/view/63286c5d-2735-473b-bc7e-7bf2e35cc09a

https://www.lucidchart.com/documents/view/641955d9-5c20-457a-9a13-646a1c48d904

https://www.lucidchart.com/documents/view/534dec3c-02eb-4e0a-934c-9f7cee739298

https://www.lucidchart.com/documents/view/53ce5db1-5c71-451b-8226-a07515863343

https://www.lucidchart.com/documents/view/a84ccba5-34a4-492f-a567-fb7382d56b48

https://www.lucidchart.com/documents/view/44c9a7d5-4a9c-4d80-a907-a4ef87ed79b7

https://www.lucidchart.com/documents/view/552b8423-4801-4861-be42-5c9dc654c949

Software Management

Back t o Main

Course Navigation

Understanding Management of RPM Packages

Understanding Compiling Software from Source

Understanding Software Management with Libzypp


Section 10




Section 13



Topics in t h is sect ion include:

- Underst anding Com pil ing Sof t ware f rom Source

- Underst anding Managem ent of RPM Packages

- Underst anding Sof t ware Managem ent w it h Libzypp

Next

https://www.lucidchart.com/documents/view/01d67c88-ccf2-4cf9-a210-d308cee52816







Software Management

Back t o Main

Course Navigation





Section 10




Section 13



Com pil ing f rom Source Overview

Why compile from source?

- You write software, have to test it works

- Packages are usually already-compiled software

- In-house software or experimental

- Curiosity?

1. Get the software tarball from an authoritative source.

2. Make a source directory.

3. Move the tarball there.

4. Unpack the tarball.

5. READ THE DOCUMENTATION (if it exists).

6. Configure the software.

7. Compile and install it .

Underst anding Com pil ing Sof t ware f rom Source


Next Back

Typical Source Com pile








Software Management

Back t o Main

Course Navigation





Section 10




Section 13





configure Determines needs, compiler, dependencies, uses that to construct a Makefile from the Makefile.in template

make Uses the steps in the Makefile to compile the software

Com pil ing Com m ands

install Part of the Makefile instructions, copies files to destination

clean Removes files normally causes by the make process

distclean Like cl ean, but also removes the conf i gur e information

Make Target s

make Performs the desired compile of the source code

install The steps to copy binaries/shared files to proper locations

uninstall Removes the installed items, may not be present/work

Next Back








Software Management

Back t o Main

Course Navigation





Section 10




Section 13



aut om ake

Makef i le



aut oconf

conf igure

Makef i le.in

conf igure.ac

Makef i le.am

Put t ing I t All Toget her

m ake

+

=sof t ware com piled

and in build dir

Overall, the process is:

$ . / conf i gur e

$ make

$ make i nst al l

Consider the aut omake advantages

- Can construct an entire automated build system

- Centralizes bug and patch fixes for all managed packages

Going Through t he Process

Next Back

Makef i le

m ake inst all

+

=sof t ware m ade and copied t o dest dir








Software Management

Back t o Main

Course Navigation





Section 10




Section 13





- Not easy to replicate company-wide- Updates and upgrades are labor-intensive- Lots of duplicated efforts- Lack of consistency of outcome- No central database/tracking of installs/changes, etc.

Disadvant ages of Source Inst alls

- Open Build Service is a free system for building software packages from source

- Automates the build process completely- Lets you focus on creating and maintaining the code- Over 500,000 packages and 60,000 developers so far

Build Services

Next Back








Software Management

Back t o Main

Course Navigation





Section 10




Section 13



Underst anding Managem ent of RPM Packages

RPM environm ent is m ade of :

- r pm command- RPM database- RPM package files

Cont ent s of an RPM Package

- File identifier or package lead- Signature- Header (and information)- Scripts- Archive of files/payload of files



RPM Com m and Basic Operat ions

- Query- Install- Remove- Other

RPM Nam ing Convent ions

Short vs. long package names- t r ee- t r ee- 1. 8. 0- 1. 5. x86_64

package_ver si on- bui l d_ar chi t ect ur e. r pm

Next Back








Software Management

Back t o Main

Course Navigation





Section 10




Section 13




Inst all ing Packages via RPM

$ r pm - i vh <package. r pm>

- Reads package file, checks for dependencies- Can be bypassed with - - nodeps (use caution)

- If existing files conflict, use - - f or ce (again, use caution)- Copies files, directories, and links to specified locations- Enters package information into package database

--update Upgrades existing, installs any new packages

--freshen Upgrades existing installed, no net new installs



Updat ing vs. Freshening

- When used against a set of packages/repository

-i Installs the package

-v Verbosely tells what 's going on

-h Hash-mark progress bar

- Optimal for workstations, general-purpose servers

- Optimal for limited-focus hosts, security, appliances

Next Back








Software Management

Back t o Main

Course Navigation





Section 10




Section 13




Querying RPM Packages (Inst alled and on Disk)

$ r pm - q <packagename> $ r pm - qp <packagename. r pm> <on di sk! >

- Important to know if querying installed package or package file on disk (requires - p)

- All queries are prefaced or include the - q option



-qf Queries the owning package for a given file

-ql Lists out the files in the package

-qi Displays package name, version, description, etc.

-qp Queries a package file on disk (not installed)

-qc Lists out the configuration files for the package

--scripts What install/uninstall scripts are included

Next Back








Software Management

Back t o Main

Course Navigation





Section 10




Section 13




Uninst all ing RPM Packages

$ r pm - e <packagename> <- - dangi t >

- Short package name is usually sufficient- Multiple versions of a short name requires long name- Alternatively can remove all matches- Watch for .RPMSAVE leave-behinds for config files



-e/--erase Removes the specified package

-allmatches Removes all matching package name

--nodeps Use caution, will break dependencies

Int egr it y Check ing RPMs

$ r pm - V <packagename>

- Checks nine attributes of a package's files:- Owner, Group, Mode, MD5 Checksum, Size, Major and

Minor numbers, Symlink string, Modify t ime

-Va Verifies all nine attributes on EVERY FILE ON SYSTEM

Next Back

Correct ives aka "Dangit s"








Software Management

Back t o Main

Course Navigation





Section 10




Section 13



Underst anding Sof t ware Managem ent w it h Libzypp

Libzypp and zypper Basics

- Libzypp is the main engine behind zypper- Similar to how APT works for Debian/Ubuntu- Default on SUSE, uses RPM libraries as well




Back Next

The zypper Com m and

zypper gl obal - opt i on command command- opt i on ar g

- Most zypper commands require root access- Configure other user access through sudo

Opt ions in zypper

- Options are either global or command-specific- Global options precede commands- Com m and options follow a command

Com m ands in zypper

- Uses words as commands, allows abbreviations - i n for install, r ef for refresh, etc.

- Most commands require at least one argument- zypper i n <package1> <package2>

St ar t EVERY zypper session w it h:

$ sudo zypper r ef- Downloads repository metadata, builds .solv files- Set with r epo. r ef r esh. dal ay in / et c/ zypp/ zypp. conf








Software Management

Back t o Main

Course Navigation





Section 10




Section 13







Back Next

install, in Installs a package/packages


remove, rm Removes a package/packages

verify, ve Verifies package dependency integrity

search, se Searches for packages, shows status if installed

list-updates, lu Lists the available updates for packages

Updat e Packages/Dist r ibut ion

update, up Updates installed packages to newer version

dist-upgrade, dup Does a distribution upgrade (service packs too)

patch-check, pchk Checks for patch availability

Pat ch Managem ent

list-patches, lp Lists the available patches

patch Installs the necessary/available patches








Software Management

Back t o Main

Course Navigation





Section 10




Section 13







Back Next

Package Reposit or ies

- Repositories are local or remote sets of packages- Metadata is pulled, compared, and pre-parsed- Dependencies are pre-solved if possible

Managing Reposit or ies

$ zypper l r <lists configured repositories>

$ zypper ar URL ALI AS <adds a repository>

- URL is the full path to the remote repository- ALIAS is a friendly unique name YOU set to identify

$ zypper r r al i as/ #/ URL <removes a repository>

- Can remove via the alias, repository number, or URL

$ zypper r enamer epo ol d new <renames a repository>

- If the repo maintainers make a name change, etc.

Rem oving Reposit or ies

Renam ing Reposit or ies








Software Management

Back t o Main

Course Navigation





Section 10




Section 13







Back

Managing Sof t ware w it h YaST








Network Management

Back t o Main

Course Navigation

Understanding Network Management with Wicked

Understanding Network Management in SLE

Understanding f̀irewalld`



Section 10



Section 13



Underst anding Net work Managem ent in SLE

Next


- Underst anding Net work Managem ent in SLE

- Underst anding Net work Managem ent w it h Wicked

- Underst anding `f irewalld`








Network Management

Back t o Main

Course Navigation






Section 10



Section 13





Next

Devices are network adapters, usually built-in to the motherboard, or the software that defines a virtual machine.

Devices

Def in ing Net work Term s

Interfaces are software that opens up a hardware device to be communicated with via system calls, etc.

Int er faces

Links are the establishment of a connection between a hardware device and the network the hardware is attached to.

Links

Addresses are the IP addresses used to communicate with the interface to a hardware device.

Addresses

Routes are the paths packets take from a given host to another host, when communicating outside of a local network.

Rout es








Network Management

Back t o Main

Course Navigation






Section 10



Section 13





Next

Det erm ining Connect ivit y

ping Sends a series of packets and reports response

$ pi ng - c 5 10. 20. 30. 40PI NG 10. 20. 30. 40 ( 10. 20. 30. 40) 56( 84) byt es of dat a.64 byt es f r om 10. 20. 30. 40: i cmp_seq=1 t t l =128 t i me=0. 230 ms64 byt es f r om 10. 20. 30. 40: i cmp_seq=2 t t l =128 t i me=0. 260 ms64 byt es f r om 10. 20. 30. 40: i cmp_seq=3 t t l =128 t i me=0. 242 ms64 byt es f r om 10. 20. 30. 40: i cmp_seq=4 t t l =128 t i me=0. 527 ms64 byt es f r om 10. 20. 30. 40: i cmp_seq=5 t t l =128 t i me=0. 241 ms

- - - 10. 20. 30. 40 pi ng st at i st i cs - - -5 packet s t r ansmi t t ed, 5 r ecei ved, 0% packet l oss, t i me 4096msr t t mi n/ avg/ max/ mdev = 0. 230/ 0. 300/ 0. 527/ 0. 113 ms

Exam ples

- Simplest method is to ping a remote host- Name resolution is another layer up- If local, no routes involved

Tracing a Pat h

tracepath Shows the series of routers to reach a host

- Historically used t r acer out e- Deprecated now; use t r acepat h instead- Uses UDP and isn't fancy; blocked on most public

networks








Network Management

Back t o Main

Course Navigation






Section 10



Section 13





Next

SUSE Linux Net work Conf igurat ion

- Configure three ways- Manually using i p command, non-persistent- Edit i f c f g- configuration file, persistent- Through YaST, persistent

Set t ing IP Addressing Manually

- The i p command is a one-stop shop for IP addressing- IP addressing usually set through DHCP

$ i p addr add 10. 20. 30. 40/ 24 br d + dev et h0$ i f up et h0$ i p addr show et h02: et h0: <BROADCAST, MULTI CAST, UP, LOWER_UP> mt u 1500 qdi sc

l i nk/ et her 00: 0c: 29: c3: 61: 4b br d f f : f f : f f : f f : f f : f f

i net 172. 16. 242. 134/ 24 br d 172. 16. 242. 255 gl obal et h0

val i d_l f t f or ever pr ef er r ed_l f t f or ever

i net 6 f e80: : 20c: 29f f : f ec3: 614b/ 64 scope l i nk

val i d_l f t f or ever pr ef er r ed_l f t f or ever

Sem i-Aut om at ic IP Addressing

- Static addresses are outside of DHCP control- If a server, use an IP reservation for persistent IP

- Set in the / et c/ dhcpd. conf- Matches the MAC address to an IP address








Network Management

Back t o Main

Course Navigation






Section 10



Section 13





Next

$ cat / et c/ sysconf i g/ net wor k/ i f cf g- et h0

BOOTPROTO=' dhcp'BROADCAST=' 'I PADDR=' 'MTU=' 'NAME=' 'NETMASK=' 'NETWORK=' 'REMOTE_I PADDR=' 'STARTMODE=' aut o'DHCLI ENT_SET_DEFAULT_ROUTE=' yes'

Persist ency Across Device Nam ing

- Train udev to persistently name/assign interfaces- / et c/ udev/ r ul es. d/ 70_per si st ent - net . r ul es

- To network devices what UUID is for disks

Net work ing Def in it ion Files

- SUSE networking files are in / et c/ sysconf i g/ net wor k- conf i g is for parameters- dhcp is for lease info- Interface configs are in i f cf g- files

Exam ple ifcfg-et h0 f i le








Network Management

Back t o Main

Course Navigation






Section 10



Section 13





Next

Managing Int er faces on SUSE Linux

- Usually acts on single interface by name, some on all

$ i f st at us et h0et h0 up l i nk: #2, st at e up, mt u 1500 t ype: et her net , hwaddr 00: 0c: 29: c3: 61: 4b conf i g: compat : suse: / et c/ sysconf i g/ net wor k/ i f cf g- et h0 l eases: i pv4 dhcp gr ant ed l eases: i pv6 dhcp r equest i ng addr : i pv4 172. 16. 242. 134/ 24 [ dhcp] r out e: i pv4 def aul t v i a 172. 16. 242. 2 [ dhcp]

$ i f up et h0et h0 up

Br inging Up and Down Int er faces

Det erm ining Int er face St at us

$ i f down et h0et h0 down

$ i f st at#ker nelI nt er f ace RX Pkt s/ Rat e TX Pkt s/ Rat e RX Dat a/ Rat e TX Dat a/ Rat e RX Er r s/ Dr op TX Er r s/ Dr op RX Over / Rat e TX Col l / Rat e l o 106 0 106 0 6420 0 6420 0 0 0 0 0 0 0 0 0 et h0 7991 0 1546 0 5524K 0 133011 0 0 0 0 0 0 0 0 0

Get t ing Int er face St at s








Network Management

Back t o Main

Course Navigation






Section 10



Section 13





Next

Managing Int er faces via YaST

- Works great for GUI and ncurses- Uses the l an module- Handles all file changes & restarts of services- Persistent, unlike i p command changes








Network Management

Back t o Main

Course Navigation






Section 10



Section 13



Underst anding Net work Managem ent w it h Wicked



Next

Wicked Net work ing

- Alternative to the i p ______ show commands- Reads and displays / et c/ sysconf i g/ net wor k files- Not entirely complete; work in progress

Wicked Daem ons

wicked.service Manages the interfaces

wickedd.service Manages the networking

Show Int er faces via Wicked

$ wi cked show et h0et h0 up<out put i s I DENTI CAL t o i f st at us et h0 out put >

Show Int er faces via Wicked XML

$ wi cked show- xml et h0<obj ect pat h=" / or g/ opensuse/ Net wor k/ I nt er f ace/ 2" > <name>et h0</ name> 2 <st at us>r eady, devi ce- up, l i nk- up, net wor k- up, ar p, <l i nk- t ype>et her net </ l i nk- t ype><. . . t r uncat ed heavi l y . . . >








Network Management

Back t o Main

Course Navigation






Section 10



Section 13



Underst anding `f irewalld`




Firewall i t !

- New in SLE 15 and replaces SuSEf irewall2- Two flavors:

- Graphical: firewall-config- Command line: firewall-cmd

Linux and Firewalls

- Firewalls limit incoming packets based on:- Origin of IP - Destination ports- Protocol used

- Handled at the kernel level by net f i l t er- User-configurable by ipt ables for many years- ipt ables can be very complex and confusing

- f irewalld is a new user-configurable layer- Manages ipt ables rules for you- Provides an interface for apps to interact with- Allows for more flexible use of zones- Allows for use of protocol/services names, not port numbers

f irewalld Zones

- A f irewalld zone is a defined area of trust that contains a set of allowed (incoming) services and connects to a network via an assigned interface

- All outgoing (from the local host) connections are allowed- Incoming traffic must be in an allowed service (protocol) for the

interface/zone

Next








Network Management

Back t o Main

Course Navigation






Section 10



Section 13







Conver t ing f rom SuSEf irewall2

- More and different security zones- Conversion script for easier migration

- susefirewall2-to-firewalld

Modes of Operat ion

- Runt im e - Allows experimentation, testing, transient- Perm anent - In place across reloads/reboots- Configure and experiment, only commit when good

Graphical vs. Com m and Line

- Equally functional, choose one or use both- GUI tool is easier to navigate, useless on cli-only systems

- Auto-reload when saved and exited

- CLI tool is very scriptable, higher learning curve- Requires manual reload

- Failing to commit to permanent and reload leaves old config in place!

Next








Network Management

Back t o Main

Course Navigation






Section 10



Section 13







Com m on f irewalld-cm d exam ples

List the network interfaces and zone assignments$ f i r ewal l - cmd - - zone=publ i c - - l i s t - i nt er f aceset h1

Add an interface to a zone$ f i r ewal l - cmd - - zone=i nt er nal - - add- i nt er f ace=et h1success

View Available Services$ f i r ewal l - cmd - - get - ser vi cesamanda- cl i ent amqp bacul a bgp bi t coi n dns docker i r c <. . . t r uncat ed heavi l y . . . >

Deep-dive information on a Service's specifics$ f i r ewal l - cmd - - i nf o- ser vi ce dnsdns por t s: 53/ t cp 53/ udp pr ot ocol s: <. . . out put t r uncat ed . . . >

Deep-dive information on a Zone's specifics$ sudo f i r ewal l - cmd - - i nf o- zone=publ i cpubl i c ( act i ve) t ar get : def aul t i cmp- bl ock- i nver si on: no i nt er f aces: et h0 sour ces: ser vi ces: ssh dhcpv6- cl i ent ht t p<. . . out put t r uncat ed . . . >

Next








Network Management

Back t o Main

Course Navigation






Section 10



Section 13







Graphical f irewalld Managem ent

Next








Network Management

Back t o Main

Course Navigation






Section 10



Section 13







Back

Graphical f irewalld Managem ent








Storage Management

Back t o Main

Course Navigation

Recognizing Tradit ional Linux File Systems

Linux I/O Stack Overview

Configuring Logical Volume Management (LVM)


Configuring Software RAID

Defining and Describing Btrfs

Understanding Network File System Version 4 (NFSv4)


Section 10



Section 13


- Linux I /O St ack Overview

- Recognizing Tradit ional Linux File Syst em s

- Conf igur ing Logical Volum e Managem ent (LVM)

- Conf igur ing Sof t ware RAID

- Def in ing and Descr ibing Bt r fs

- Underst anding Net work File Syst em Version 4 (NFSv4)







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13


Linux I /O St ack Overview


fdisk is the grandfather of disk tools and is still useful and appropriate, though it is a destructive partit ioning tool.

fdisk

Conf igur ing Disks w it h Par t it ions

Command line tool for creating and managing partit ion tables. Designed to be safe and non-destructive, it can also resize partit ions.

par t ed

The disk partit ioning module of YaST, it also does a lot of other advanced configuration of disks and comes in text and GUI modes.

YaST Par t it ioner

MBR vs. GPT Disks

- Master Boot Record (MBR)- Limited to four primary partit ions per disk- Can swap a primary for a single Extended- Extended partit ions contain Logical partit ions- Limited to 2 TB in size- Partit ioning and boot data is uni-located

- GUID Partit ion Table (GPT)- 127 partit ions are allowed in the specification- Linux is limited to 15 partit ions per disk- Massive disk sizes in the stratospheric range- Multiple redundancy for partit ion and boot data

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13




Using par t ed t o Manage St orage

- Comes in two modes:- Int eract ive: Great for discovery, shell-like interface- Non-int eract ive: Great for scripting, automation

$ par t ed / dev/ sdb mkl abel msdos mkpar t pr i mar y xf s 1 25%

$ l sbl kNAME MAJ: MI N RM SI ZE RO TYPE MOUNTPOI NTsda 8: 0 0 20G 0 di sk ??sda1 8: 1 0 8M 0 par t ??sda2 8: 2 0 18G 0 par t /sdb 8: 16 0 10G 0 di sk ??sdb1 8: 17 0 2. 5G 0 par t

Non-int eract ive m ode exam ple

$ par t ed / dev/ sdb (parted) pr i nt<. . t r uncat ed . . >Number St ar t End Si ze Type Fi l e syst em Fl ags 1 1049kB 2684MB 2683MB pr i mar y t ype=83(parted) r esi ze 1 20%Number St ar t End Si ze Type Fi l e syst em Fl ags 1 1049kB 2147MB 2146MB pr i mar y t ype=83

Int eract ive m ode exam ple

Not e about alignm ent

- Recommend optimal alignment, lines up the partit ion table addresses to the real physical disk blocks

- Avoids performance degradation

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13




Using YaST t o Par t it ion Disks

- Use for simple or complex disk partit ioning schemes- Handles all needed tasks, partit ion probes, refreshes, etc.- In some cases, may be the sole supported method

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13


Recognizing Tradit ional Linux File Syst em s



Filesyst em s Available in SLE 15

- Some restrictions apply to filesystem usage- ReiserFS sundowned- JFS supported for existing volumes, no new

Ext2/3 Extended filesystems 2/3 are older, but supported

Ext4 Current ext filesystem version, supported

XFS Excellent for data partit ions, large volume sizes

Btrfs Default for / in SLE 12 and 15, many features

VFAT All versions of FAT, 12/16/32 bit, many features

NTFS NTFS-3G supported only on SLED 15

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13




Linux I /O St ack Overview Creat ing Filesyst em s f rom t he CLI- Uses the mkf s. xxxx commands- Exceptions are xfs and btrfs

- mkf s. xf s creates old XFS fs, no shrinking- mkf s. bt r f s works, but only YaST mode is supported

View ing Available Disks/Par t it ions

- Base level of what 's attached to your system- Prelude to making filesystems and mounting

blkid Reads a block device's attributes, including UUID

lsblk Lists block device attributes, shows in tree format

Prepar ing t o Mount Filesyst em s

- The / et c/ f st ab- Configures what will be and can be mounted- Using UUIDs makes device recognit ion order less

problematic- The / et c/ mt ab

- Shows what is mounted- Special-use mount directories

- / mnt- / mount- / var / r un/ medi a

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13





Mount ing Filesyst em s

- Once items are properly set up in the / et c/ f st ab- Mounting is easy and secure (only root can set up)

$ mount / dev/ sdc5 / home$ mount | gr ep home/ dev/ sdc5 on / home t ype xf s ( r w, r el at i me)

mount Maps a disk filesystem to a system mount point

Unm ount ing Filesyst em s

- Filesystem must not be in use- Use appropriate tools to remove users/processes

$ umount / home$ mount | gr ep home<. . . no out put . . . >

umount Removes the mount for a given filesystem

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13





- User processes often stop the unmounting of storage- Can be an open file from a program- User signed in to a bash session

- In order to unmount/backup/repair- Have to find and kill those processes/sessions

To find open files on a filesystems$ l sof / home

To end the processes keeping the filesystem bushy$ ki l l - HUP ` l sof - t / home`

Getting users off a filesystem- Find the offender, up arrow and add -k to kill

$ f user - u / home/ cl oud_user / f i l e1/ home/ cl oud_user / f i l e1 12345( cl oud_user )

Freeing Up Filesyst em s for Backup Et c.

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13


Conf igur ing Logical Volum e Managem ent (LVM)




Logical Volum es in Plain Term s

- Tradit ionally:- Disks are limited to a physical capacity- Partit ions can only be as big as a physical disk- Filesystems could only be as big as the partit ion size

- Wit h LVM:- Physical disks are pooled together to make volum e groups- Volum e groups can be divided into logical volum es

- Can be resized non-destructively- Logical volum es can have f i lesyst em s created on them

- Can be resized non-destructively

- In shor t :- Volum e groups are the new disks- Logical volum es are the new par t it ions- Filesyst em s are created as usual, but on logical volum es

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13






PhysicalVolume

PhysicalVolume

PhysicalVolume

volgrp1

PhysicalVolume

PhysicalVolume

PhysicalVolume

PhysicalVolume

PhysicalVolume

PhysicalVolume

volgrp1lvm vol1 lvm vol2

PhysicalVolume

PhysicalVolume

PhysicalVolume

volgrp1lvm vol1 lvm vol2/ / hom e

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13






Disks, ASSEMBLE!

- Physical volumes are created with pvcr eat e- Can be whole disks or partit ions of a disk

- Lots of use cases for both- List your available devices first:

$ l sbl k- Then prepare your disks to be physical volumes:

$ pvcr eat e / dev/ sda etc.

- Note: If you get errors and need to zero out a disk:$ wi pef s - a / dev/ sd<abc>

- Then list your new physical volumes:$ pvs or pvscan or pvdi spl ay

PhysicalVolume

PhysicalVolume

PhysicalVolume

/dev/sda /dev/sdb /dev/sdc

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13






PhysicalVolume

PhysicalVolume

PhysicalVolume

volgrp1

PhysicalVolume

PhysicalVolume

PhysicalVolume

Volum e Groups

- Volume groups are created with vgcr eat e- Constructed from the available physical volumes:

- The ones prepared using pvcr eat e- Confirm the available physical volumes:

- $ pvs or pvscan or pvdi spl ay- Then create the volume group:

$ vgcr eat e vol gr p1 / dev/ sda / dev/ sdb / dev/ sdc- Then list your new volume group:

$ vgs or vgscan or vgdi spl ay

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13






Logical Volum es

- Volume groups are created with l vcr eat e- Constructed from a volume group

- Logical volumes can only use a single volume group- List your volume group:

$ vgs or vgscan or vgdi spl ay- Then create the desired logical volumes:

$ l vcr eat e - L 10GB - n l vmvol 1 vol gr p1$ l vcr eat e - L 40GB - n l vmvol 2 vol gr p1

- Check to see what you've done is correct:$ l vs or l vscan or l vdi spl ay

PhysicalVolume

PhysicalVolume

PhysicalVolume

volgrp1

PhysicalVolume

PhysicalVolume

PhysicalVolume

volgrp1lvm vol1 lvm vol2

Now put a f i lesyst em on your logical volum es!

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13






Adding More Space t o Logical Volum es

- Back up your data first!- NEVER do any disk operation without backup(s)

- YaST Partit ioner is recommended for all disk operations

Extend the volume group by adding a PV:$ vgext end vol gr p1 / dev/ sdd

PhysicalVolume

PhysicalVolume

PhysicalVolume

volgrp1

Then grow the logical volume:$ l vext end - L +1024GB / dev/ vol gr p1/ l vmvol 2$ l vr esi ze - L +1024GB / dev/ vol gr p1/ l vmvol 2

PhysicalVolume

PhysicalVolume

PhysicalVolume

volgrp1PhysicalVolume

lvm vol1 lvm vol2

PhysicalVolume

Wait , which f i lesyst em s can be resized?

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13






Resizing Filesyst em s

- Not every filesystem supports resizing- Some can be resized while online and being accessed!

Filesyst em s Suppor t ed

Fi l esyst em Command Gr ow Shr i nk

Ext 2 r esi zef s On/ Of f l i ne Of f l i ne



XFS xf s_gr owf s Onl i ne No Suppor t

Grow an ext2/3/4 filesystem to the max space:$ sudo r esi ze2f s / dev/ vol gr p1/ l vmvol 2

PhysicalVolume

PhysicalVolume

PhysicalVolume

volgrp1PhysicalVolume

lvm vol1 lvm vol2/ / hom e

Now We Can Resize t he Filesyst em !

Grow a Btrfs filesystem to the max size:$ sudo bt r f s f i l esyst em r esi ze /

Grow an XFS filesystem to the max size:$ sudo xf s_gr owf s - d / home

Always confirm resize operations:$ df - hT 

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13






LVM Snapshot s

- An LVM snapshot is similar to a logical volume (LV)- Requires unallocated space to create

- Can be mounted and accessed like an LV- Requires sufficient free space in the volume group (VG)

- Testing filesystems changes- Update/upgrade/freshen testing- Backups while original is in use

Use for Many Operat ions

St eps1. Make the snapshot.2. Install and test on snapshot.3. Confirm operation success.4. Delete snapshot.5. Repeat as necessary.

Sof t ware Test ing ? Exam ple

St eps1. Make the snapshot.2. Perform operation (back up, etc.).3. Confirm operation is successful.4. Delete snapshot.

Back ing Up a Filesyst em ? Exam ple

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13


Conf igur ing Sof t ware RAID





Mult iple RAID Syst em s Available

- Multiple Device (MD) is the kernel default- Device Mapper also available (not covered)- No relationship between them

RAID Levels

Level Descr i pt i on Saf et y

0 St r i pi ng acr oss di sks None

1 Mi r r or i ng of 2 di sks Medi um

5 St r i pi ng wi t h par i t y Medi um

6 St r i pi ng wi t h doubl e par i t y Hi gh

Met hods of Conf igur ing RAID on SLE

- Using mdadm- Command line interface, very long commands

- Using YaST Par t it ioner- GUI is pleasant and easy to use- TUI/ncurses is a symphony of the TAB key

Monit or ing RAID

- Watch the / pr oc/ mdst at file- See any changes every X seconds:

$ wat ch cat / pr oc/ mdst at

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13







Using m dadm t o Manage RAID

- The mdadm command is complex- Many modes and options available- Inspires a lot of scripting

m dadm Modes and Opt ions

- C Create a new array ( - - Cr eat e)

- F Follow or monitor an array ( - - moni t or )

- G Grow an array ( - - gr ow)

Exam ple of Ar ray Creat ion

mdadm - C <ar r ay> - n #of di sks - l <l evel > <di sks>$ mdadm - C / dev/ md0 - l 1 - - r ai d- devi ces=2 - x 1 / dev/ sda / dev/ sdb

Creat e an m dadm Default Conf ig File

- Examines the system for existing arrays and their disks- Makes a configuration file that reflects the setup

$ mdadm - E - s > / et c/ mdadm. conf

- Q Query an array for basic info ( - - det ai l ) full info

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13







Track ing Your RAID Ar ray

- Edit the / et c/ sysconf i g/ mdadm file- MAILADDR should be set to a proper email- Test it works ? this is important information

Enable and St ar t MD Monit or ing

$ sudo syst emct l enabl e mdmoni t or . ser vi ce

$ sudo syst emct l st ar t mdmoni t or . ser vi ce

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13


Def in ing and Descr ibing Bt r fs






Everyt hing Is Bet t er w it h Bt r fs

- Very active development; myriad of features- Inherently copy-on-write- Uses subvolumes extensively- Massively scalable - Transparent compression/encryption- Optimized for SSD (solid state devices)

Bt r fs Suppor t in SLE

- Fully supported by the YaST Partit ioner- Can use varying RAID for metadata/data

- Metadata changes much more often- Multiple checksums for safety/error detection

- Recommended for the / filesystem- Subvolumes make updates easier- Roll back failed updates, etc.

- XFS recommended for data filesystems- Separating user and system data is recommended

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13








Som e (1)

File (2)

Dat a (3)

File1Or iginal

Som e (1)

Ot her (4)

Dat a (3)

File1 1st Change

File (2)

Som e (1)

More (5)

Dat a (3)

File1 2nd Change

Ot her (4)

Unallocat ed and Available Blocks

File (2)

What Is Copy-on-Wr it e?

- Copy-on-write is simple- Never update data in place; always allocate new blocks

- When a tradit ional FS writes a change to a block:- It changes the data in the block

- When Btrfs wants to change a block:- It writes a "copy" to a new block and tracks the old one

- Makes the FS transactional- If a transaction (write) fails, the real data is safe- Makes recovery much faster; just use the original- No need for a separate journal

- Constant allocation of new space can cause fragmenting

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13








Bt r fs and Subvolum es

- All Btrfs volumes have an init ial subvolume "@"- You can subdivide the main volume into subvolumes

- Each subvolume is an individual Btrfs filesystem- Subvolumes appear to be directories

- Are mounted off the / or @ subvolume

Discover Default Subvolum es

$ sudo bt r f s subvol ume l i s t /I D 257 gen 18079 t op l evel 5 pat h @I D 258 gen 19648 t op l evel 257 pat h @/ varI D 259 gen 18079 t op l evel 257 pat h @/ usr / l ocal<. . . out put t r uncat ed . . . >

The Beaut y of Subvolum es

- Subvolumes can have separate attributes- Quotas, snapshot rules

- Can be nested within each other- Makes updating systems easier and safer

- Snapshots are done pre/post many system tasks- Makes software testing easier too

- Easy to script; makes iteration effortless

Disabling CoW

- Disable for super-busy volumes- Virtualized systems, databases, mail, logging

- Configure in / et c/ f st ab, using nodat acow option- Set individual files or directories with

$ chat t r +C <f i l e/ di r >Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13








Snapshot s

- Btrfs uses snapshots for many system operations- Snapshot : Copy of the state of a subvolume at a given time

- Snapshots are independently mountable- Easiest way to clone a subvolume is to snapshot it

- Excludes some directories to reduce rollback data loss- / boot / gr ub*- / opt (keeps your third-party apps safe)- / home (if on the same subvolume as / )- / sr v (safeguards www and FTP data)- / t mp (all temporary directories excluded)- / usr / l ocal (usually contains manual installs)- / var (on separate subvolume, CoW disabled)

When YaST/Zypper installs packages, a pre and post snapshot are made. These can be marked as regular or important, such as kernel, last 10 of both kept. Enabled by default .

Inst allat ion

All admin tasks in YaST cause a pre and post snapshot to be made. These can be marked as regular or important, such as kernel, last 10 of both kept. Enabled by default .

Adm inist rat ion

A single snapshot per configured subvolume made every hour. First snapshots of last 10 days/months/years are kept. Disabled by default for / par t it ion.

Tim eline

Types of Snapshot s

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13








Not es about Snapshot s

- Btrfs volumes must be +16 GB for auto use of snapshots- Snapshots on non-/ volumes are disabled by default- Snapshots and original data both point to same blocks

- So an init ial snapshot takes no extra space- Only changed blocks are copied (see CoW part)

- Snapshots are completely configurable

Enable/Disable $ vi m / et c/ sysconf i g/ yast 2<. . . >USE_SNAPPER yes <- on by def aul t ; set t o no t o di sabl e>

Conf igur ing Adm inist rat ion Snapshot s

Enable$ sudo zypper i n snapper - zypp- pl ugi nDisable$ sudo zypper r m snapper - zypp- pl ugi n

Conf igur ing Inst allat ion Snapshot s

Enable$ sudo snapper - c r oot set - conf i g " TI MELI NE_CREATE=yes"Disable$ udo snapper - c r oot set - conf i g " TI MELI NE_CREATE=no"

Conf igur ing Tim eline Snapshot s

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13


Underst anding Net work File Syst em Version 4 (NFSv4)







Net work File Syst em (NFS) Basics

- Designed for sharing data across networks- Part of the Linux kernel; easy to configure

- Uses the / et c/ expor t s file by default

- SLE 15 uses NFSv4; many improvements- Runs via Remote Procedure Call (RPC)- Depending on the use case:

- Can be a data directory- Home directory- Some or all of / usr- Entire systems

How NFS Shar ing Works

NFS Client

/home/user1

NFS Server

NFS Client

/home/user1

NFS Client

/home/user1

Next

Exported/home







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13









Ensure NFS Is Enabled and Started$ sudo syst emct l enabl e nf s$ sudo syst emct l st ar t nf s$ sudo syst emct l st at us nf s? nf s. ser vi ce - Al i as f or NFS cl i ent Loaded: l oaded ( / usr / l i b/ syst emd/ syst em/ nf s. ser vi ce; enabl ed; vendor pr eset : di sabl ed) Act i ve: act i ve ( exi t ed) s i nce Sun 2019- 12- 29 17: 16: 48 EST; 4s ago Pr ocess: 36913 ExecSt ar t =/ bi n/ t r ue ( code=exi t ed, st at us=SUCCESS) Mai n PI D: 36913 ( code=exi t ed, st at us=0/ SUCCESS)Dec 29 17: 16: 47 134 syst emd[ 1] : St ar t i ng Al i as f or NFS cl i ent . . .Dec 29 17: 16: 48 134 syst emd[ 1] : St ar t ed Al i as f or NFS cl i ent .

St ar t ing and St opping NFS

Edit the / et c/ expor t s File

/ expor t / di r name host s( opt i on, opt i on)/ expor t / somedi r keyst one( r w, sync, r oot _squash)

Expor t ing Shares via NFS

$ cat / var / l i b/ nf s/ et ab/ home 192. 168. 0. 0/ 24( r o, sync, wdel ay, hi de, nocr ossmnt , secur e,r oot _squash, no_al l _squash, no_subt r ee_check, secur e_l ocks, acl ,no_pnf s, anonui d=65534, anongi d=65534, sec=sys, r oot _squash,no_al l _squash)

Ver ifying Expor t s Local/Rem ot e

Next







Storage Management

Back t o Main

Course Navigation









Section 10



Section 13









YaST NFS Server and Client

- Makes sharing easier than puzzling out via CLI- Makes connection easier for non-tech people

Back







Administration and Monitoring

Back t o Main

Course Navigation

Configuring System Logging

Understanding Time Sync with `chrony`

Understanding Supportconfig


Section 13


Section 10






- Underst anding Tim e Sync w it h `chrony`

- Conf igur ing Syst em Logging

- Underst anding Suppor t conf ig









Back t o Main

Course Navigation





Section 13


Section 10





Underst anding Tim e Sync w it h `chrony`


- Network Time Protocol (NTP) is the standard- Many system actions require accurate t ime

- Synchronization- Security system - Financial transactions

Tim e Managem ent Overview

NTP Client

NTP

NTP

NTP

NTP Client

NTP

St rat um 1

St rat um 2

St rat um 3NTP

At om ic Clock

Next









Back t o Main

Course Navigation





Section 13


Section 10







- Tradit ional NTP service has been moved to Legacy

- On its way to obsolete

- Effective in SLE 15 all NTP is done by chrony

- Automatic conversion during upgrades

Tim e Syst em Changes in SLE 15

- Made up of client and server/daemon

- chr onyc - Client configuration, replaces ntp utilit ies

- chr onyd - systemd daemon/service, replaces ntpd

- Main configuration file

- / et c/ chr ony. conf

- Include directory

- / et c/ chr ony. d

The chrony Package

Next









Back t o Main

Course Navigation





Section 13


Section 10







- Set up authoritative t ime servers in / et c/ chr ony. confser ver t i ck. usno. navy. mi l

ser ver t ock. usno. navy. mi l

- Your organization may have time source policies

- Often requires use of corporate t ime servers

- Top-level servers will deny too-frequent queriers

Conf igur ing t he chronyd daem on

$ sudo syst emct l enabl e chr onyd

$ sudo syst emct l st ar t chr onyd

$ sudo syst emct l st at us chr onyd? chr onyd. ser vi ce - NTP cl i ent / ser ver

Loaded: l oaded ( / usr / l i b/ syst emd/ syst em/ chr onyd. ser vi ce;

enabl ed; vendor pr eset : di sabl ed)

Act i ve: act i ve ( r unni ng) s i nce Mon 2019- 12- 30 14: 49: 50 EST;

Docs: man: chr onyd( 8)

man: chr ony. conf ( 5)

Mai n PI D: 63705 ( chr onyd)

Tasks: 1 ( l i mi t : 19660)

CGr oup: / syst em. sl i ce/ chr onyd. ser vi ce

??63705 / usr / sbi n/ chr onyd

Enable/St ar t chrony daem on

Next









Back t o Main

Course Navigation





Section 13


Section 10







- The chronyd service must be running

Using t he chronyc client

$ chr onyc sour ces210 Number of sour ces = 2MS Name/ I P addr ess St r at um Pol l Reach Last Rx Last sampl e ========================================================================^+ 192. 5. 41. 40 1 8 377 194 - 434us[ - 2807us] +/ - 82ms^* 192. 5. 41. 41 1 8 377 198 - 9132us[ - 12ms] +/ - 72ms

$ chr onyc sour ces - v

- Temporary changes only

- All persistent changes must be in configuration files

- / et c/ chr ony. conf

- / et c/ chr ony. d/ *

Test and Tune chronyd w it h chronyc

Next









Back t o Main

Course Navigation





Section 13


Section 10





Conf igur ing Syst em Logging



- System logging is a key part of monitoring systems

- SLES 15 has two options, uses both

- rsyslog for main monitoring, advanced usage

- syst em d journal for local system-related logging

Syst em Logging Overview

- Designed for local system use only

- Missing many rsyslog-like features

- Can be set to forward to rsyslog (recommended)

Why Not Just Use syst em d journal?

Conf igur ing rsyslog

/ et c/ r sysl og. conf Main configuration file for rsyslogd

/ et c/ r sysl og. d Configuration include directory

/ et c/ sysconf i g/ sysl og Service Run-time Parameters

- Long established logging mechanism

- Used since the SLE 12 release

- Easily configured, steady and consistent

Logging w it h rsyslog

Next









Back t o Main

Course Navigation





Section 13


Section 10








- At its heart, logging is made up of rules

Rules are made up of:

- Select or (set of messages)

- Facil i t ies.Pr ior it ies (explained further on)

- Act ions (what to do with them)

- Dest inat ion/Target (also explained further on)

Conf igur ing Logging Ent r ies

Filter Actionmai l . * - / var / l og/ mai l

Exam ple Logging Rule

Exam ple Select ors (Facil i t ies and Pr ior it ies)

Fi l t er Descr i pt i on

f ac. * Al l Pr i or i t i es except debug

f ac. pr i That pr i or i t y and hi gher

f ac. =pr i Just t hat pr i or i t y

f ac. ! pr i Al l pr i or i t i es BUT

f ac. * ; f ac. =pr i Mul t i pl e f ac wi t h di f f pr i l evel s

Next









Back t o Main

Course Navigation





Section 13


Section 10








Facil i t ies (t h ink of as Cat egor ies or Channels)

Code Faci l i t y Descr i pt i on

0 ker n Ker nel messages

1 user User messages

2 mai l Mai l - r el at ed messages

3 daemon Syst em Daemon messages

4 aut h Secur i t y/ Aut hent i cat i on

5 sysl og ( r s) ysl og i nt er nal messages

9 cr on Cr on daemon messages

10 secur i t y Secur i t y/ Aut h messages

12 nt p NTP messages

16 l ocal 0 Local or cust om use

23 l ocal 7 Local or cust om use

Pr ior it ies (t h ink of as Sever it y of Messages)

Code Pr i or i t y Sever i t y

0 emer g Emer gency: syst em i s unusabl e

1 al er t Al er t : act i on must be t aken i mmedi at el y

2 cr i t Cr i t i cal : cr i t i cal condi t i ons

3 er r Er r or : er r or condi t i ons

4 war n War ni ng: war ni ng condi t i ons

Next









Back t o Main

Course Navigation





Section 13


Section 10








Act ions You Can Log To

ACTI ON DESCRI PTI ON

Fi l e Regul ar f i l e, / f ul l / pat h/ t o/ f i l e

Named Pi pe Pr ef i x | / f ul l / pat h/ t o/ pi pe

TTY/ Consol e / dev/ t t y or / dev/ consol e

Remot e Syst em @I PAddr ess or @Host name

user 1, user 2 Li st of user s t o not i f y i f l ogged i n

* Not i f y al l l ogged i n user s

Dat abase Log ent r i es t o a t abl e

Out put Channel $mychannel , l i ke a var i abl e

Shel l Execut e ^pr ogr am- t o- exec

Next









Back t o Main

Course Navigation





Section 13


Section 10








- If running a local-only system, no need for rsyslog- If rsyslog is installed and configured, syst em d will be

configured by default to forward entries to rsyslog

Work ing w it h syst em d journals

$ vi m / et c/ syst emd/ j our nal d. conf<. . . >St or age=per si st ent<. . . >

$ sudo syst emct l r est ar t j our nal d

Conf igure syst em d journal Persist ency

$ sudo j our nal ct l - k <Shows onl y l at est Ker nel ent r i es>

$ sudo j our nal ct l - u chr onyd<Shows ent r i es t hat mat ch t he syst emd chr ony uni t >

$ sudo j our nal ct l - - s i nce " t oday" - - unt i l " 4: 00"<Di spl ays ent r i es f r om 12: 00 AM unt i l 4: 00 AM>

Useful journalct l opt ions

$ vi m / et c/ syst emd/ j our nal d. conf<. . . >For war dToSysl og=yes<. . . >

$ sudo syst emct l r est ar t j our nal d

Conf igure journal Forwarding t o rsyslog

Next









Back t o Main

Course Navigation





Section 13


Section 10





Underst anding Suppor t conf ig




- A method of collecting a detailed system report- Produces a .tar file of the results

- Located in / var / l og/ nt s_###_########. t bz- Necessary when opening a Support Request

- First thing you will be asked for

What is Suppor t conf ig?

$ su -$ suppor t conf i gGat her i ng syst em i nf or mat i on Dat a Di r ect or y: / var / l og/ nt s_134_191230_1727 Basi c Ser ver Heal t h Check. . . Done RPM Dat abase. . . Done Basi c Envi r onment . . . Done Syst em Modul es. . . Done Memor y Det ai l s. . . Done Di sk I / O. . . Done B- t r ee Fi l e Syst em. . . Done YaST Fi l es. . . Done Audi t i ng. . . Done Cr ash I nf o. . . Done Syst em Logs. . . Done <. . . >

Cr eat i ng Tar Bal l

==[ DONE ] ============================================ Log f i l e t ar bal l : / var / l og/ nt s_134_191230_1727. t bz Log f i l e s i ze: 1. 5M Log f i l e md5sum: ab258f 372b0e9r 92b5e1e406f 92a283- f======================================================

Generat ing a Suppor t conf ig t arball

Next









Back t o Main

Course Navigation





Section 13


Section 10









- YaST -> Support Module -> Supportconfig

- Must be root user

- One-Stop-Shopping for:

- Service Requests

- Supportconfig tarballs

- Uploading tarballs

Using t he YaST Suppor t Module

Back

Date post:	09-Feb-2022
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

Managing SUSE Linux Enterprise - Amazon Web Services

Documents