Info g�neral:

============
Kubernetes, Jenkins, Ansible (Docker) les nouvelles technologie
Red Hat Certified System Administrator (RHCSA)
Red Hat Systems Engineer (RHCE)
The Network File System (NFS) protocol is used to share files between Linux
Domain Name System (DNS)
Network Time Protocol (NTP)
The Lightweight Directory Access Protocol (LDAP)
Transport Layer Security (TLS)
Network Address Translation (NAT)
Hypertext Transfer Protocol (HTTP)
Secure Shell (SSH)
User Datagram Protocol (UDP)
Internet Control Message Protocol(ICMP)
Transfer Control Protocol(TCP)
Dynamic Host Configuration Protocol (DHCP)
KVM (Kernel Virtual Machine).

Pour masquer la commande taper :

stty -echo
export HISTIGNORE='*'; export PS1='VERTICA MAGIC PROMPT:'
Pour la remettre (stty echo)
=====
show a message to all users who have just logged in to a shell session on your
server

Put the message in /etc/motd

===

ls -R ==> shows a long list of files and folders

As an alternative to deleting the history file, you can also use history -w after
using history -c .

man -k ls | grep 8
==================
1: Executable programs or shell commands
� 5: File formats and conventions
� 8: System administration commands

=======Archives with tar

To create an archive, you use the tar -cfv archivename.tar /files-you-want-
toarchive
Enables you to add one single file to a tar archive? -r
The option -t can be used to see the contents of the tar archive : tar -tvf
/root/homes.tar
To extract the contents of an archive, use tar -xvf /archivename
If you want to put the contents of the file /root/homes.tar in the directory /tmp,
for instance, you can use tar -xvf homes.tar -C /tmp .

====Using Compression

gzip home.tar . gzip replaces home.tar with its compressed version, home.tar.gz
-z (gzip) or -j (bzip2) options while creating the archive with tar.
tar tvf etc.tar.gz . Notice that the tar command has no issues reading from a gzip
compressed file
gunzip etc.tar.gz . This decompresses the compressed file
default virtualisation technology for redhat 7 is KVM
Need one or more 64 bits CPU

Which process must be running to manage KVM virtual machines?

#libvirtd

which command enables you to list all virtual machines that are available,
including VMs that haven�t been started?
#virsh list --all

You want to stop a virtual machine in the fastest way possible

#virsh destroy vmname

KVM virtualization can be used only on 64-bit computer architecture. yes

cat /proc/cpuinfo | egrep �svm|vmx�

Type yum groupinstall �Virtualization Host� to install everything that is needed to
make your server a virtualization host.

At the hypervisor
level, this network is represented by a vnet interface. The first VM that starts
gets
the interface vnet0, the second machine that starts gets vnet1, and so on.

[root@lab ~]# brctl show

bridge name bridge id STP enabled interfaces
virbr0 8000.fe5400414535 yes vnet0
vnet1
vnet2
vnet3

ps aux | sort -k3 ==> sort the third column of the output

Mount and copy installation from DVD:

===========================
Configure Apache server as an installation server

#mount /dev/cdrom /media

#mount -o loop xxx.iso /media
#mkdir /var/www/html/inst
#cp -a /media/. /var/www/html/inst
#chcon -R --reference=/var/www/html /var/www/html/inst
#firewall-cmd --permanent --add-service=http
#firewall-cmd --reload
#systemctl restart httpd
#systemctl enable httpd

to use it:http://localhost/inst

Commande Line skills

====================
Max of virtual terminals is 6
/dev/tty1 ===> /dev/tty6
to move between terminals :ALT+Fn

> standard output

2> error output
2>&1 file (both error and standard output)

anaconda-ks-cfg and initial-setup-ks.cfg ==> these files describe what happened

during installation process.

Note /!\ anaconda-ks-cfg important to automate installation with kickstart

symbolic link (as racourcis) if you delete origine , you lose link (ln -s)

Exemple:

rm conf
#ln -s conf_1 conf

drwxr-xr-x 2 apg apg 4096 May 2 2013 conf_3

drwxr-xr-x 2 apg apg 4096 Sep 30 2013 conf_0
drwxr-xr-x 3 apg apg 4096 Apr 17 2015 conf_1
drwxr-xr-x 2 apg apg 4096 Aug 3 2016 conf_2
lrwxrwxrwx 1 apg apg 6 Feb 3 16:05 conf -> conf_1

to create a series of directories:

#mkdir -p test1/test2/test3

grep and -e (multiple search)

#grep -v -e '^$' -e '^#' /etc/nsswitch.conf

command to help

#whatis ls

Adressage:
==========

A 1.1.1.0 127.255.255.255
B 128.0.0.0 191.255.255.255
C 192.0.0.0 223.255.255.255
D 224.0.0.0 239.255.255.255
E 240.0.0.0 255.255.255.255

Files from FTP Server ==> ftp://localhost

=====================

vsFTP (published files) ==> /var/ftp/pub

in our case we add inst forlder to pub => /var/ftp/pub/inst

#yum -y install vsftpd
#systemctl start vsftpd
#firewall-cmd --permanent --add-service=ftp
#firewall-cmd --reload
#systemctl enable vsftp

===============network==============
� notation CIDR � (Classless Inter-Domain Routing). Elle donne le num�ro du r�seau
suivi par une barre oblique (ou slash, � / �)
et le nombre de bits � 1 dans la notation binaire du masque de sous-r�seau. Le
masque 255.255.224.0,
�quivalent en binaire � 11111111.11111111.11100000.00000000, sera donc repr�sent�
par /19 (19 bits � la valeur 1, suivis de 13 bits 0).

CIDR bits disponibles Masque de sous-r�seau Nombre d'h�tes par sous-r�seau

/1 31 128.0.0.0 2^31-2 =
2147483646

IPv4 addresses: These are based on 32-bit

IPv6 addresses: These are based on 128-bit addresses

Private network addresses are addresses that are for use in internal networks only:
10.0.0.0/8 ( a single Class A network)
172.16.0.0/12 (16 Class B networks)
192.168.0.0/16 (256 Class C networks)

to know which distribution intalled :cat /etc/redhat-release (just for redhat)

#ip link show
#ip addr show ==== output similar as #ip a
#ip route show
#ip addr add dev name_interface adresse_ip/plage (define interface)
#ip -s link
#ip route add 20.0.0.0/8 via 192.168.4.4 (add route)

#cd /etc/sysconfig/network-scripts

NB!!!! hostname file exist in version redhat7 /etc/hostname

#cat /etc/resolv.conf

to change network configuration , there are 3 ways : nmcli command & ip command
use network manager service to configure interfaces

[Mon Feb 20 13:27:36 - docky@psgmscloud001 etc]$ nmcli connection show

NAME UUID TYPE DEVICE
Bridge br_v355 d81f859c-5cba-c969-2c67-8316583b140e bridge br_v355
Bridge br_v570 9897f62f-353d-ddfc-9aa3-0092a9764d79 bridge br_v570
System ens192 03da7500-2101-c722-2438-d0d006c28c73 802-3-ethernet ens192
System ens33 c96bc909-188e-ec64-3a96-6a90982b08ad 802-3-ethernet ens33
Vlan ens33.355 6bda7166-b6cf-4301-49da-ee748b1568d6 vlan ens33.355
Vlan ens33.570 72eddd8c-3485-90d2-5882-22a89da73109 vlan ens33.570
docker0 318f30b1-a81f-46e7-9944-f42914a2c51b bridge docker0

exemple add connection:

#nmcli con add con-name testing ifname eth0 type ethernet ipv4 10.0.0.15/24

#nmcli conn down docker0

#nmcli conn up docker0

after any updates on onterfaces we should restart network service:

#systemctl restart NetworkManager

=====configuring routing and DNS service

#cd /etc/sysconfig/network-scripts
# vi ifceth0
..
..
..
=========== tools to check network===
ping for one packer : ping -c 1 ipadresse
hostname
traceroute :get route information
dig:get dns information
nmap: to get information about remote service availability
netstat: netstsat -i :packet information for network cardfire
netstat -tulpen :listening ports

#host hostname_server

#dig hostname_server

=================================
all commands executed using sudo are logged by default to : /var/log/secure.
sudo command based on the setting in /etc/sudoers file
to edit /etc/sudoers use: visudo command

Managing Local User Accounts :

****************************

Any "user" should belong to groupe "wheel" to be able to use sudo to run all
administration commands.
/etc/default/useradd configuration file used to set the default location for all
new user home directories.
to modify the /etc/shadow file, use ===>> vipw -s
To edit the contents of the /etc/group ==> vigr

/etc/passwd:

username:password:UID:GID:(text:username real name):/home/dir:shell

/etc/group :
groupename:password:GID:list of users in this group

Some defaults,such as the range of valid UID numbers and default password aging
rules, are read from : /etc/login.defs

useradd command : assigns new users.

usermod : modifies existing users.
userdel -r username : removes the user and the user's home directory.

useradd -m -u 1201 -G sales,ops linda

If when creating user accounts you tell your server to add a home directory as well
(for instance, by using useradd -m ),
skeleton directory is /etc/skel
default values are set in two configuration files:
/etc/login.defs
/etc/default/useradd

-c, --comment COMMENT Add a value, such as a full name, to the GECOS field.

-g, --gid GROUP Specify the primary group for the user account.

-G, --groups GROUPS Specify a list of supplementary groups for the user account.
-a, --append Used with the -G option to append the user to the
supplemental groups mentioned without removing the user from other
groups.

-d, --home HOME_DIR Specify a new home directory for the user account.

-m, --move-home Move a user home directory to a new location. Must be used with the
-d option.

-s, --shell SHELL Specify a new login shell for the user account.

-L, --lock Lock a user account.

-U, --unlock

In Red Hat Enterprise Linux 7 the useradd command assigns new users the first
free UID number available in the range starting from UID 1000 or above
unless one ,is explicitly specified with the -u UID option

[student@serverx -]$ useradd -u 1000

Notice that bob now owns all files that prince once owned. Depending on the
situation, one solution to this problem is to remove all "unowned" files from the
system when the user that created them is deleted. Another solution is to manually
assign the "unowned" files to a different user. The root user can find "unowned"
files
and directories by running:

find I -nouser -o -nogroup 2> /dev/null.

passwd sets passwords

======================

[root@serverx -]# passwd student

UID ranges
==========

UID 0 is always assigned to the superuser account, root.

UID 1-200 is a range of "system users" assigned statically to system processes by
Red Hat.

UID 201 -999 is a range of "system users" used by system processes that do not own
files on
the file system. They are typically assigned dynamically from the available pool
when the
software that needs them is installed. Programs run as these "unprivileged" system
users in
order to limit their access to just the resources they need to function.

UID 1000+ is the range available for assignment to regular users.

Note
=====
Prior to Red Hat Enterprise Linux 7, the convention was that UID 1-499 was used for
system users and UID 500+ for regular users. Default ranges used by useradd and
groupadd can be changed in the /etc/login.defs file.

Managing Local Group accounts

******************************

The -g GID option is used to specify a specific GID.

[student@serverx -]$ sudo groupadd -g 5000 ateam

The -r option will create a system group using a GID from the range of valid system
GID
numbers listed in the /etc/login.defs file.

[student@serverx -]$ sudo groupadd -r appusers

groupmod : modifies existing groups .The -n option is used to specify a new name.

[student@serverx -]$ sudo groupmod -n javaapp appusers

The -g option is used to specify a new GID.

[student@serverx -]$ sudo groupmod -g ateam 6000

The groupdel command will remove a group.

[student@serverx -]$ sudo groupdel javaapp

A group may not be removed if it is the primary group of any existing user. As with
userdel,
check all file systems to ensure that no files remain owned by the group.

usermod alters group membership

===============================

Change a user's primary group with : usermod -g groupname.

Add a user to a supplementary group with usermod -aG groupname username.

[student@serverx -]$ sudo usermod -aG wheel elvis

Note /!\ Without -a , the user would be removed from all other supplementary
groups.

/etc/shadaw

name:password:1astchange:minage:maxage:warning:inactive:expire:b1ank

The login name. This must be a valid account name on the system.
The encrypted password. A password field which starts with a exclamation mark means
that the password is locked.
The date of the last password change, represented as the number of days since
1970.01.01.
The minimum number of days before a password may be changed, where O means "no
minimum age requirement."
The maximum number of days before a password must be changed.
The warning period that a password is about to expire. Represented in days, where 0
means "no warning given."
The number of days an account remains active after a password has expired.A user
may still log into the system and change the password during this period.
After the specified
number of days, the account is locked, becoming inactive.
The account expiration date, represented as the number of days since 1970.01.01.
This blank field is reserved for future use.

====
To construct the user environment, a few files play a role:
/etc/profile: Used for default settings for all users when starting a login shell
/etc/bashrc: Used to define defaults for all users when starting a subshell
~/.profile: Specific settings for one user applied when starting a login shell
~/.bashrc: Specific settings for one user applied when starting a subshell

Password aging => using chage command

=================

[smadmin@psgmsconn001 oelalami]$ chage -h

Usage: chage [options] user

Options:
-d, --lastday LAST_DAY set last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS

# chage - m 0 - M 90 -W 7 - I 14 username

chage -d 0 username will force a password update on next login.

chage -1 username will list a username's current settings.

The date command

================

Date command can be used to calculate a date in the future.

[student@serverX -)$ date -d "+45 days"

Sat Mar 22 11:47:06 EDT 2014

The usermod command

===================
can "lock" an account with the -L option

[student@serverX -]$ sudo usermod -L elvis

[student@serverX -]$ su - elvis
Password: elvis
su: Authentication failure
the account can later be unlocked with usermod -U USERNAME.
If the account was also expired, be sure to also change the expiration date.

The nologin shell

=================
Sometimes a user needs an account with a password to authenticate to a system, but
does not need
an interactive shell on the system

[root@serverX -]# usermod -s /sbin/nologin student

[root@serverx -]su - student

Last login: Tue Feb 4 18:40:30 EST 2014 on pts/0

This account is currently not available.

Note linux
===========
goupmemes -g groupename -l

======================Controlling Access to Files with Linux File System

Permissions

In Linux, if write and the sticky bit are both set on a directory, then only the
user that owns a file or subdirectory in the directory may delete it

When using this option, be sure to use the X permissions instead of the x
permission to indicate that execute permissions should only be set on
directories, and not regular files

[student@desktopX -]# chmod -R g+rwX folder

The owner of the group can be changed with the chown command

[root@desktopX -]# chown student filename (student is owner)

[root@desktopX -]# chown -R student filename

group can be changed

====================

If you want to use the chown command use a . or : in front of the group name to
change the groupe.

[root@desktopX -]# chown :admins filename

user and group can be changed at the same time:

[root@desktopX -]# chown visitor:guests filename

Note: chgrp can be used to change ownership group.

To show the current effective primary group

[root@server1 ~]# groups lisa

lisa : lisa account sales

Using newgrp to Change the Effective Primary Group

========================================================#
[lisa@server1 ~]$ groups #
lisa account sales #
[lisa@server1 ~]$ newgrp sales #
[lisa@server1 ~]$ groups #
sales lisa account #
[lisa@server1 ~]$ touch file1 #
[lisa@server1 ~]$ ls -l #
total 0 #
-rw-r--r--. 1 lisa sales 0 Feb 6 10:06 file1 #
========================================================#

Special permissions
===================

u+s (suid)

Effect on files : File executes as the user that owns the file, not the user that
ran the file.
Effect on directories : No effect.

g+s (sgid)

Effect on files : File executes as the group that owns the file
Effect on directories : Files newly created in the directory have their group owner
set to match the group owner of the directory.

o+t (sticky)
Effect on files : No effect.
Effect on directories : Users with write on the directory can only remove files
that they own; they
cannot remove or force saves to files owned by other users.

Setting special permissions

===========================

setuid u+s; setgid = g+s; sticky = o+t

Numerically (fourth preceding digit): setuid = 4; setgid 2; sticky = 1

Exemple : chmod "2"755 /somedir

default permission:

file: � 666 �
folder: �777�

====umask (r=4 w=2 x=1)

#umask
022

The system default umask values for Bash shell users are defined in the
/etc/profile and
/etc/bashrc files. Users can override the system defaults in their . bash_profile
and .bashrc files.

default umask is :022

then :

for file: 666-022=644 rw-r--r--

for folder:777-022=755 rwxr-xr-x

========================Process
run jobs in background exemple:

#sleep 1000 &

[student@serverx -]$ jobs
[student@serverx -]$ fg %jobnumber (To restart the process in the foreground)
[student@serverx -]$ ps j (display job information)
[student@serverx -]$ bg %jobnumber (To restart the process in the background)

Running R TASK_RUNNING: The process is either executing on a CPU or waiting to

run.

Sleeping S TASK_INTERRUPTIBLE: The process is waiting for some condition.When an

event or
signal satisfies the condition, the process returns to Running.
D TASK_UNINTERRUPTIBLE: This process is also Sleeping, but unlike s state,
will not respond to delivered signals. Used only under specific
conditions in
which process interruption may cause an unpredictable device state.
K TASK_KILLABLE : Identical to the uninterruptible D state, but modified
to
allow the waiting task to respond to a signal to be killed (exited
completely).
Utilities frequently display Killable processes as D state.

Stopped T TASK_STOPPED: The process has been Stopped (suspended), usually by

being signaled by a user or another process.
The process can be continued (resumed) by another signal to
return to Running.

TASK_TRACED: A process that is being debugged is also temporarily

Stopped and shares the same T state flag.
Zombie Z EXIT_ZOMBIE: A child process signals its parent as it exits.
All resources except for the process identity (PlD) are released.

x EXIT_DEAD: When the parent cleans up (reaps) the remaining child

process
structure, the process is now released completely. This state will
never be observed
in process-listing utilities.

Match the following items to their counterparts in the table.

Description State

Process has been stopped temporarily. T

Process has just been terminated. z
Process is scheduled but is not yet on a CPU. R
Process is waiting for 1/0. s
Process is uninterruptibly waiting for a device to respond. D
Process is at a prompt, needing user input. s
Process is executing a system call. R

#nohup commande

ps aux | grep dd ===meme chose que ====> pgrep dd

Wed May 16 12:48:03 - root@vsgmscapc111 PerformanceCenter]# kill -l

1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR
31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7
58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAX

ACL (access control list)

=========================
use star instead of tar to adds support for ACL.

#getfacl filename
[Fri Dec 30 15:30:39 - omar.el_alami@psgmscadr001 ~]$ getfacl filename
# file: filename
# owner: omar.el_alami
# group: ldapusers
user::rw-
group::---
mask::---
other::---

#setfacl -m user:omar.el_alami:rwx filename

#setfacl -m mask:--- filename (pour empecher l acces � filename en rwx meme
si l user � ACL avec r ou w o rwx (un comment s ajout effective)

[Fri Dec 30 15:25:18 - omar.el_alami@psgmscadr001 ~]$ getfacl test

# file: test
# owner: omar.el_alami
# group: ldapusers
user::rw-
user:omar.el_alami:rwx #effective:---
group::---
mask::---
other::---

#getfacl -x user:omar.el_alami filename (pour suprimmer le droit ACL)

Important
==========

To set a default ACL, you just have to add the option d after the option -m (order
does matter!). So, use setfacl -m d:g:sales:rx /data if you want group sales to
have
read and execute on everything that will ever be created in the /data directory.

If you want others not to get any permissions on anything that is created in
/data, for example, use setfacl -m d:o::- /data .
TIP ACLs

================Getting "services logging-information" through twho systems that

work together:
redhat 6 ==>> rsyslogd (allow to define what kind of information should be log and
where)
redhat 7 ===>> journald (to get details information about events log)

"services loging information" == Direct write :/somewhere/my.log

(exemple apache)
== through systemctl :journald
== through rsyslogd : /var/log/..
I need to get logging information journalctl ==> rsyslog

rsyslog ==> journalctl

for rh7

systemctl ==>> used to stop/start/status service(information get from journald)

#systemctl status rsyslog

rsyslogd:

in /etc/rsyslog.conf
$ModLoad imuxsock
$OmitLocalLogging off

In /etc/rsyslog.d/listend.conf
$SystemLogSockerName /run/systemd/journal/syslog

Integrating rsyslogd and journald

Note: we can redirect any loging from rsyslog to journalctl

in /etc/rsyslog.conf
$ModLoad omjournal
*.*:omjournal:

systemd-------------->journald
process-------------->rsyslog
or --------->internal like (apache process)

you can display process log:

# systemctl -u slapd

=============== logrotate

# cd /etc | ls -ltr
logrotate.conf logrotate.d/
# view logrotate.conf

#df -h
#dh -hs (espace utiliser)

Importante commande to know what exactly happend:

#journalctl_COMM=su -o verbose

for athentification failuer check:

# tail -g /va/log/secure

===============LDAP

To authenticate on an LDAP server, there are two options:

Password authentication
Kerberos authentication

which LDAP server to use,

which TLS certificate to use,
and which container in LDAP should be used as the base LDAP URL

The nslcd service is configured and started when using autconfig-tui

When authconfig-gtk is used, the sssd service is used as the backend.

[root@localhost ~]# cat /etc/nslcd.conf | grep -v ^# | grep ^[a-Z]

[root@localhost ~]# cat /etc/sssd.conf | grep -v ^# | grep ^[a-Z]

When you use authconfig-tui, the variable FORCELEGACY=yes is set in

/etc/sysconfig/authconfig. This makes that nslcd is used instead of sssd.

Connecting to an External LDAP Server

=====================================
in the /etc/hosts file:
192.168.122.200 ipa.example.com

for DNS:
server.rehatsertification.com
cn.dc.dc
for LDAP:
lisa.rehatcertification.com
cn=lisa,dc=rehatcertification,dc=com
========base context=======

#which login
#ldd /bin/login
#cd /etc/pam.d/ | ls
#vi login

senario
=====

login (libpam.so)
auth requisite (pam_ldap.so)
/etc/nslcd.conf (here the ldap server definition)

=====ssh======
#ssh -p 2022 remote_server (specify -p 2022 cause in this case listen to port 2022
insted of 22)

in remote server:
#cat /etc/ssh/sshd_config (change port, how can connect......)

with password authentification is stocked in .ssh/known_host

authenticate with ssh key instead password: we should create public key and private
key

To create a key pair, use the ssh-keygen command :

#ssh-keygen

.ssh/id_rsa
.ssh/id_rsa.public

sender@rhserver#ssh-copy-id -p 2022 sender@ldapserver

sender@rhserver#ls
newfile

After copying over the public key to the remote host, it will be written to the
~/.ssh/authorized_keys file on that host

sender@rhserver# scp -P 2022 sender@ldapserver:/home/tmp ==> notice that with scp

"P" is Capital

systemctl status sshd ==> This should show you that the sshd process is currently
up and running.
ssh 192.168.122.220 -l root ==>This connects to the sshd process on server2 and
opens a root shell.

[Tue May 08 14:47:37 - omar.el_alami1@psgmscada001 ~]$ w

14:47:39 up 267 days, 1:43, 4 users, load average: 5.52, 5.20, 5.04
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
omar.el_ pts/1 pacomtrl.ms.bell 14:01 3:22 0.10s 0.27s sshd:
omar.el_alami1 [priv]
omar.el_ pts/0 psgmscapc001.ms. 14:47 0.00s 0.11s 0.09s w
steve.ma pts/2 pacodrvl.ms.bell 14:20 2:34 0.08s 0.29s sshd: steve.maheux
[priv]
ssh -X linda@server2 ==> if you want to connect as linda to server2, and also be
able to start graphical applications.

As root, open the configuration file /etc/ssh/ssh_config and make sure it includes
the following line:
ForwardX11 yes

====

Use ss -lt to Display All Listening Ports on the Local System

======shell
$ TEST=abbcd
echo $TEST
abbcd

echo ${TEST}
TEST

echo ${TEST%d}
abbc

echo ${TEST%%b}
a

[omar.el_alami@vsgmsorasql001 ~]$ FILE=omar:test

[omar.el_alami@vsgmsorasql001 ~]$ echo ${FILE#*:}
test
[omar.el_alami@vsgmsorasql001 ~]$ echo ${FILE%:*}
omar
[omar.el_alami@vsgmsorasql001 ~]$

====basename & direname ======

[omar.el_alami@vsgmsorasql001 ~]$ basename /home/omar.el_alami/omar.txt

omar.txt

[omar.el_alami@vsgmsorasql001 ~]$ direname /home/omar.el_alami/omar.txt

/home/omar.el_alami/

===========boucle while

while read -p "enter votre choix" choix

do

case "$choix" in
no) echo "negative"
;;
yes) echo "ok"
exit
;;
*) echo "pas bon choix"
exit 2
;;
esac
done

==============chiffre
#chiffre=$(($1 $3 $2))
((chiffre=$1 $3 $2))

#let "chiffre =$1 $3 $2"

echo $chiffre

[omar.el_alami@vsgmsorasql001 ~]$ ./omar.txt 6 6 "*"

36

[omar.el_alami@vsgmsorasql001 ~]$ ./omar.txt 6 6 *

[omar.el_alami@vsgmsorasql001 ~]$ ./omar.txt 6 6 *

./omar.txt: line 2: ((: chiffre=6 omar.txt 6: syntax error: invalid arithmetic
operator (error token is ".txt 6")

============openstack Platform docker Containers=======

================= docker Containers===========

How to register and subscribe a system to the Red Hat Customer Portal using Red Hat
Subscription-Manager

# subscription-manager register --username <username> --password <password> --auto-

attach

Unregistering a system
======================
# subscription-manager remove --all
# subscription-manager unregister
# subscription-manager clean

install docker:

# yum install docker

start docker service:

# systemctl start docker.service
# systemctl enable docker.service
# systemctl status docker.service

to check all docker components installed :

# rpm -ql docker | less

===docker run time environement=========

======Using Docker Registries============

public: https://hub.docker.com

private:

# yum install docker.registry

tree importante file to know:

/etc/docker-registry.yml
/etc/sysconfig/docker-registry
/var/lib/docker-registry (find all docker image pull )

[Tue Feb 14 15:03:46 - docky@psgmscloud001 omar.el_alami]$ systemctl status

firewalld.service

== to know all images pulled in our local machine

#docker images

instead of each time pulled images . it is better to TAG them.

exemple:

#docker pull name_of_image (pull image from registry)

#docker tag tool-nimsoft:0.7-7.80 localhost:5000/chris/myfedora

after push it into local reposirory

#docker push tool-nimsoft:0.7-7.80 localhost:5000/chris/myfedora
to remove it.

#docker rmi localhost:5000/chris/myfedora

===========lauching an existing container image===

#docker run [OPTS ]image [COMMAND][ARGS]

man docker-run

NB=== pour eviter la creation des images qui cause saturation d espace avec le
temps il faut utiliser :

# docker run -it --rm "nom image docker" bash

====creer une image=======

#cd Dockerfiles
#touch omar.elalami/php:1.0
# docker build -t omar.elalami/php:1.0 remque :-t is Tag (cela veut dire
donner un nom)

#docker images --filter "dangling=true" ( les images updater qui peut etre
suprimer )
Pour les suprimer:
#docker rmi ${docker images -q --filter "dangling=true"}
==== editer la configuration d un container===

#docker inspect ID_container

===== start/stop/ affiche contaiuner==

#docker stop/start ID_container

#docker ps -a -q (affiche les ID container)
#
#

docky@psgmscloud001 omar.el_alami1]$ docker top MCBC-cadc01 -x

dont save container after run ==> docker run -rm

remove containers ==> docker rm
remove images ==> docker rmi

/var/lib/docker == store all images and containers

=======apache
#which httpd
/sbin/httpd

#rpm -qf /sbin/httpd (savoir quelle rpm )

#rpm -qc /sbin/httpd (savoir configuration files)

...
...
/etc/sysconfig/httpd (not the most important)
/etc/httpd/httpd.conf (most important)

create basic website:

#yum install -y httpd

#vi /etc/httpd/httpd.conf

DocumentRoot "/var/www/html"
#touch index.html
#vi /var/www/html/index.html
<blink>hello</blink>

#systemctl start httpd

#systemctl enable httpd

#yum install -y elinks (tool leger to check)

#elinks http://localhost

hello
======m plusieurs hosts==== (site web)

<virtuelHost *:80>
ServerAdmin webmaster@account.example.com
DocumentRoot /web/account
ServerName account.example.com
ErrorLog logs/account.example.com-error_log
CustomLog logs/account.example.com-access_log common
</virtuelHost>

Steps:
======

il faut definir les url dans :

vi /etc/hosts

configuration virtuel host : /etc/httpd/conf.d/

192.168.22.10 account.example.com

#mkdir /web/account
#vi index.html
welcome to account site

#systemctl restart httpd

#elinks httpd http://account.example.com

===== pour voir ce qui c est passe lors de start httpd

#systemctl status httpd -l

===== vi

Pour remplacer un mot sur vi

:%s/avant/apres/g

========= ADDING DISKS, PARTITIONS,AND FILE SYSTEMS TO A LINUX SYSTEM====

MBR Master boot record (fdisk) support 4 primary partition limit 2 TiB
GPT GUID Patition table (gdisk)

#fdisk -l /dev/vdb (to list information)

#fdisk /dev/vdb

m : help
n :new
p: primary
e:extended
w:to save
d: to delete
q:to quit

+size { K , M , G}
exemple: +512M

t:change partition type

For all partition types can be displayed with the L command.

exemple :82 for swap

Run the partprobe command with the disk device name as an argument to force a re-
read
of its partition table.
[root@serverx -]# partprobe /dev/vdb

#gdisk /dev/vdb (option same as fdisk just not for code partition )

Creating file systems:

[root@serverx -]# mkfs -t xfs /dev/vdbl

monting file systems:

[root@serverX -]# mount /dev/vdb1 /mnt

[root@serverx -]# mount | grep vdb1 (to check)

Persistently mounting file systems :

[root@serverX -]# cat /etc/fstab

the UUID is being used to specify the device

[root@serverx -]# blkid /dev/vdbl
/dev/vdb1 : UUID="226a7c4f-e309-4cb3-9e76-6ef972dd8600" TYPE="xfs"

The dump flag is used with the dump command to make a backup of the contents of the
device.
The fsck order field determines if the fsck should be run at boot time

an administrator should verify that the entry is valid by unmounting the new file
system and using mount -a, which reads /etc/fstab

Managing Swap Space

===================

create swap => with fdisk just define type partition :as 82 Linux swap.
format device:
[root@serverX -]# mkswap /dev/vdbl
Activate a swap space :
[root@serverX -]# swapon /dev/vdbl to deactive [root@serverX -]# swapoff
/dev/vdbl
Note /!/ By default, swap spaces are used in series, meaning that the first
activated swap space
will be used until it is full, then the kernel will start using the second swap
space. Swap
space priorities are displayed with swapon -s

=====MANAGING LOGICAL VOLUME MANAGEMENT (LVM) STORAGE

type LVM :8e

1. Partition physical storage

2. Create physical volume (PV)
3. Create volume group (VG)
4. Create logical volume (LV)

There are five steps needed to create a usable logical volume:

==============================================================

1. Prepare the physical device.

Use fdisk, gdisk or parted to create a new partition

2. Create a physical volume.

[root@serverX -]# pvcreate /dev/vda2 /dev/vdbl

3. Create a volume group.

root@serverX -]# vgcreate vg-alpha /dev/vda2 /dev/vdbl

4. Create a logical volume.

[root@serverX -]# lvcreate -n hercules -L 2G vg-alpha

Note /i/ Different tools will display the logical volume name using either the
traditional
name, /dev/vgname/lvname, or the kernel device mapper name, /dev/mapper/vgname-
lvname.

5. Add the file system.

[root@serverx -]# mkfs -t xfs /dev/vg-alpha/hercules

To make the file system available across reboots:

# mkdir /mnt/hercules

Add an entry to the /etc/fstab file:

/dev/vg -alpha/hercules /mnt/hercules xfs defaults 1 2

Run mount -a to mount all the file systems in /etc/fstab,

root@serverX -]# mount -a

There are four steps needed to remove all logical volume components:
====================================================================

1.Prepare the file system.

Move all data that must be kept to another file system, then use umount to unmount
the file
system.
Do not forget to remove any /etc/fstab entries associated with this file system.

[root@serverx -]# umount /mnt/hercules

2.Remove the logical volume.

[root@serverX -]# lvremove /dev/vg-alpha/hercules

3. Remove the volume group.

[root@serverX -]# vgremove vg-alpha

4. Remove the physical volumes.

[root@serverX -]# pvremove /dev/vda2 /dev/vdb1

Reviewing LVM status information

================================

Physical volumes :
[root@serverX -]# pvdisplay /dev/vda2

Volume groups:
[root@serverX -]# vgdisplay vg -alpha

Logical volumes:
[root@serverX -]# lvdisplay /dev/vg-alpha/hercules

Extending Logical Volumes

=========================
Extending a volume group:
There are potentially four steps needed to extend a volume group:

1. Prepare the physical device.

[ root@serverX -]# fdisk /dev/vdb

2. Create the physical volume.

[root@serverx -]# pvcreate /dev/vdb2
3. Extend the volume group.

[root@serverX -]# vgextend vg-alpha /dev/vdb2

4. Verify the new space is available.

[root@serverX -]# vgdisplay vg-alpha

Reducing a volume group

=======================

Note: pvmove is used to relocate any physical extents used on the physical
volume to other PVs in the VG.
This is only possible if there are enough free extents in the VG and if all of
those
come from other PVs.
Use the PV device name for which the PEs will be moved as the argument to the
command.

There are only two steps needed to reduce a volume group:

1. Move the physical extents.

[root@serverX -]# pvmove /dev/vdb2

2. Reduce the volume group.

[root@serverx -]# vgreduce vg-alpha /dev/vdb2

Extend a logical volume and XFS file system

==========================
There are three steps needed to extend a logical volume:

1. Verify the volume group has space available.

[root@serverx -]# vgdisplay vg-alpha

2. Extend the logical volume.

[root@serverx -]# lvextend -L +300M /dev/vg-alpha/hercules

3. Extend the file system.

[root@serverX -]# xfs_growfs /mnt/hercules

Extend a logical volume and ext4 file system

============================================

1. Verify the volume group has space available.

[root@serverx -]# vgdisplay vg-alpha

2. Extend the logical volume.

[root@serverx -]# lvextend -L +300M /dev/vg-alpha/hercules
3. Extend the file system.
[root@serverX -]# resize2fs /dev/vg-alpha/hercules

=== shows file system type as well as disque space.

[Thu May 10 09:15:35 - caadmin@psgmscadc005 dc]$ df -T
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/mapper/vg_os-lv_root
ext4 10190136 4867884 4797964 51% /
tmpfs tmpfs 6095060 12 6095048 1% /dev/shm
/dev/sda1 ext4 487652 105590 356462 23% /boot

=======racourcis clavier=====

!! repeat last command

!88 (88 number ligne commande)
ctrl+U
ctrl+K
ctrl+f
ctrl+b
ctrl+A
ctrl+E
ctrl+R (search commande ligne)

============SELinux =========
#sestatus (display seeting)
#getenforce
#getsebool -a
# ls /ps / cp -Z (-Z to display or set Seelinux context)
#setenforce
usage : setenforce [ Enforcing I| Permissive | 1 | 0 ]

Setting the default SELinux mode

#cat /etc/selinux/config

============firewall & iptable

Tree categories Chains:

INPUT OUTPUT FORWARD
to allow all policy :
A# iptables -L
chain INPUT (policy ACCEPT)
chain OUTPUT (policy ACCEPT)
chain FORWARD (policy ACCEPT)

TWO SERVERS: A B

B# ping A ==> ok

A# iptables -P INPUT DROP

A# iptables -L
chain INPUT (policy DROP)
chain OUTPUT (policy ACCEPT)
chain FORWARD (policy ACCEPT)

B# ping A ==> Nok

Add firewall rule:

A#iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT (m=match)

via server B on lance :open web pahe in host A

http://a/ ok

DELETE firewall rule

#iptables -R INPUT 1

SAVE & RESTORE iptable rules

==============================

All modification did before still in memory , then to save we run :

#service iptables save

iptables:saving firewalll rules to /etc/sysconfig/iptables: ok

to see :
#cat /etc/sysconfig/iptables

to let iptable service start on boot :

#systemctl enable tables

Start a Network Service and Allow Access

========================================
Exeercice:

*Configure an NTP client and set the time via the pool.ntp.org servers.
*configure ssh to not allow root logins
*Display firewall rules from BASH for the firewalld public zone
*Use iptable to allow inbound SSH traffic
*Configure a logging server that records log messages from others hosts.
#cat /etc/ntp.conf | less (to display content )
#service ntpd start (the service should be started)
# ntpq -p (to see time server sources)
the active one begin with *

#service ntpd stop

#ntpdate pool.ntp.org

#firewall-cmd --zone=public --list-all

FirewallD is not running
#service firewalld start
#firewall-cmd --zone=public --list-all
public (default)
interfaces:
sources:
services:dhcpv6-client ssh
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#cat /etc/rsyslog.conf (and allow to host to log message)

Clear the firewall

#iptables -F

list the firewall chains and rules :

#iptables -L -v

Exemple:Open a port to allow ssh

#iptables -A INPUT -p tcp --dport 22 -j ACCEPT

zone <= services

/\
||
interface
/\
||
firewalld (default managment interface) or iptable (va diparaitre)
/\
||
Netfilter

note !!!! old method iptable now is firewald

#systemctl status firewalld

[Wed Feb 22 14:15:40 - docky@psgmscloud001 omar.el_alami]$ firewall

firewall-cmd firewalld firewall-offline-cmd

#firewall-cmd --get-zones
#firewall-cmd --get-services
#firewall-cmd --get-default-zones
#ls /ect/firewald/services
sander.xml

#ls /usr/lib/firewalld/services/ (display all services)

#firewall-cmd --zone=home --add-service=high-availability or to make it permanent
(#firewall-cmd --permanent --zone=home --add-service=high-availability )
success
#firewall-cmd --list-all

exercice:
#firewall-cmd --get-default-zones
home
#firewall-cmd --set-default-zones dmz
success
#firewall-cmd --permanent --add-service=ssh
success
#firewall-cmd --permanent --add-service=ntp
success
#firewall-cmd --permanent --add-service=ftp
success
#firewall-cmd --permanent --add-service=vnc-server
success
#firewall-cmd --permanent --add-service=http (for apache)

#systemctl restart firewalld

*******************crontab:

minute hour day month day

(month) (week)
* any value
, value list separator
- range of values
/ step values
@yearly (non-standard)
@annually (non-standard)
@monthly (non-standard)
@weekly (non-standard)
@daily (non-standard)
@hourly (non-standard)
@reboot (non-standard)

======================= questions exams EX200

Configure your Host Name, IP Address, Gateway and DNS.
Host name: station.domain40.example.com
/etc/sysconfig/network
hostname=abc.com
hostname abc.com
IP Address:172.24.40.40/24
Gateway172.24.40.1
DNS:172.24.40.1

Answer: # cd /etc/syscofig/network-scripts/
# ls
# vim ifcfg-eth0 (Configure IP Address, Gateway and DNS)
IPADDR=172.24.40.40
GATEWAY=172.24.40.1
DNS1=172.24.40.1
# vim /etc/sysconfig/network
(Configure Host Name)
HOSTNAME= station.domain40.example.com
OR
Graphical Interfaces:
System->Preference->Network Connections (Configure IP Address, Gateway and DNS) Vim
/etc/sysconfig/network
(Configure Host Name)

Add 3 users: harry, natasha, tom.

The requirements: The Additional group of the two users: harry, Natasha is the
admin group. The
user: tom's login shell should be non-interactive.

Answer: # useradd -G admin harry

# useradd -G admin natasha
# useradd -s /sbin/nologin tom
# id harry;id Natasha (Show additional group)
# cat /etc/passwd

OR
# system-config-users

Create a catalog under /home named admins. Its respective group is requested to be
the admin
group. The group users could read and write, while other users are not allowed to
access it. The
files created by users from the same group should also be the admin group.

Answer: # cd /home/
# mkdir admins /
# chown :admin admins/
# chmod 770 admins/
# chmod g+s admins/
Configure a task: plan to run echo hello command at 14:23 every day.

Answer: #
#which echo
# crontab -e
23 14 * * * /bin/echo hello
# crontab -l (Verify)

Find the files owned by harry, and copy it to catalog: /opt/dir

Answer: # cd /opt/
# mkdir dir
# find / -user harry -exec cp -rfp {} /opt/dir/ \;

Find the rows that contain abcde from file /etc/testfile, and write it to the
file/tmp/testfile, and the
sequence is requested as the same as /etc/testfile.

Answer: # cat /etc/testfile | while read line;

do
echo $line | grep abcde | tee -a /tmp/testfile
done
OR
grep `abcde' /etc/testfile > /tmp/testfile

Create a 2G swap partition which take effect automatically at boot-start, and it

should not affect
the original swap partition.

Answer: # fdisk /dev/sda

p
(check Partition table)
n
(create new partition: press e to create extended partition, press p to create the
main partition, and
theextended partition is further divided into logical partitions) Enter
+2G
t
l
W
partx -a /dev/sda
partprobe
mkswap /dev/sda8
Copy UUID
swapon -a
vim /etc/fstab
UUID=XXXXX swap swap defaults 0 0
(swapon -s)

Create a user named alex, and the user id should be 1234, and the password should
be alex111.
Answer: # useradd -u 1234 alex
# passwd alex
alex111
alex111

OR
echo alex111|passwd -stdin alex

Install a FTP server, and request to anonymous download from /var/ftp/pub catalog.
(it needs you
to configure yum direct to the already existing file server. )

Answer:

# cd /etc/yum.repos.d
# vim local.repo
[local]
name=local.repo
baseurl=file:///mnt
enabled=1
gpgcheck=0
# yum makecache
# yum install -y vsftpd
# service vsftpd restart
# chkconfig vsftpd on
# chkconfig --list vsftpd
# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES

Configure a HTTP server, which can be accessed through

http://station.domain40.example.com.
Please download the released page from http://ip/dir/example.html.

Answer:
# yum install -y httpd
# chkconfig httpd on
# cd /var/www/html
# wget http://ip/dir/example.html
# cp example.com index.html
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.0.254:80
<VirtualHost 192.168.0.254:80>
DocumentRoot /var/www/html/
ServerName station.domain40.example.com
</VirtualHost>

Configure the verification mode of your host account and the password as LDAP. And
it can
ldapuser40. The password is set as "password". And the certificate login
successfully through
can be downloaded from http://ip/dir/ldap.crt. After the user logs on , the user
has no host directory
unless you configure the autofs in the following questions.
Answer:
#system-config-authentication
LDAP Server: ldap//instructor.example.com (In domain form, not write IP)
OR
# yum groupinstall directory-client (1.krb5-workstation 2.pam-krb5 3.sssd)
# system-config-authentication
1.User Account Database: LDAP
2.LDAP Search Base DN: dc=example,dc=com
3.LDAP Server: ldap://instructor.example.com (In domain form, not write IP)
4.Download CA
Certificate
5.Authentication Method: LDAP password
6.Apply
getent passwd ldapuser40

(voir l autre excercice)

Configure the system synchronous as 172.24.40.10.

Answer:

Graphical Interfaces:
System-->Administration-->Date & Time
OR
# system-config-date

Change the logical volume capacity named vo from 190M to 300M. and the size of the
floating
range should set between 280 and 320. (This logical volume has been mounted in
advance.)

Answer:
# vgdisplay
(Check the capacity of vg, if the capacity is not enough, need to create pv ,
vgextend , lvextend)
# lvdisplay (Check lv)
# lvextend -L +110M /dev/vg2/lv2
# resize2fs /dev/vg2/lv2
mount -a
(Verify)
==================(Decrease lvm)
# umount /media
# fsck -f /dev/vg2/lv2
# resize2fs -f /dev/vg2/lv2 100M
# lvreduce -L 100M /dev/vg2/lv2
# mount -a
# lvdisplay (Verify)
OR
# e2fsck -f /dev/vg1/lvm02
# resize2fs -f /dev/vg1/lvm02
# mount /dev/vg1/lvm01 /mnt
# lvreduce -L 1G -n /dev/vg1/lvm02
# lvdisplay (Verify)

Create a volume group, and set 16M as a extends. And divided a volume group
containing 50
extends on volume group lv, make it as ext4 file system, and mounted automatically
under
/mnt/data.

Answer: # pvcreate /dev/sda7 /dev/sda8

# vgcreate -s 16M vg1 /dev/sda7 /dev/sda8
# lvcreate -l 50 -n lvm02
# mkfs.ext4 /dev/vg1/lvm02
# blkid /dev/vg1/lv1
# vim /etc/fstab
# mkdir -p /mnt/data
UUID=xxxxxxxx /mnt/data ext4 defaults 0 0
# vim /etc/fstab
# mount -a
# mount
(Verify)

Create a 512M partition, make it as ext4 file system, mounted automatically

under /mnt/data and
which take effect automatically at boot-start.
Answer:
# fdisk /dev/vda
n
+512M
w
# partprobe /dev/vda
# mkfs -t ext4 /dev/vda5
# mkdir -p /data
# vim /etc/fstab
/dev/vda5 /data ext4 defaults 0 0
# mount -a

Create a volume group,and set 8M as a extends. Divided a volume group containing 50

extends
on volume group lv (lvshare), make it as ext4 file system, and mounted
automatically under
/mnt/data. And the size of the floating range should set between 380M and 400M.
Answer:
# fdisk
# partprobe
# pvcreate /dev/vda6
# vgcreate -s 8M vg1 /dev/vda6 -s
# lvcreate -n lvshare -l 50 vg1 -l
# mkfs.ext4 /dev/vg1/lvshare
# mkdir -p /mnt/data
# vim /etc/fstab
/dev/vg1/lvshare /mnt/data ext4 defaults 0 0
# mount -a
# df -h

Download ftp://192.168.0.254/pub/boot.iso to /root, and mounted automatically under

/media/cdrom and which take effect automatically at boot-start.
Answer:
# cd /root; wget ftp://192.168.0.254/pub/boot.iso
# mkdir -p /media/cdrom
# vim /etc/fstab
/root/boot.iso /media/cdrom iso9660 defaults,loop 0 0
# mount -a
mount [-t vfstype] [-o options] device dir

Add admin group and set gid=600

Answer:
# groupadd -g 600 admin

Add user: user1, set uid=601

Password: redhat
The user's login shell should be non-interactive.
Answer:
# useradd -u 601 -s /sbin/nologin user1
# passwd user1
redhat

Copy /etc/fstab to /var/tmp name admin, the user1 could read, write and modify it,
while user2
without any permission.
Answer:

# cp /etc/fstab /var/tmp/
# chgrp admin /var/tmp/fstab
# setfacl -m u:user1:rwx /var/tmp/fstab
# setfacl -m u:user2:--- /var/tmp/fstab
# ls -l
-rw-rw-r--+ 1 root admin 685 Nov 10 15:29 /var/tmp/fstab
=============================Exam REdhat7
To enables automatic start of a virtual machine called vm.example.com:
# virsh autostart vm.example.com

command used to know whether Firewalld is running or not:

# firewall-cmd --state

command checks that the ntpd service has already been started:
# systemctl is-active ntpd

Which directory is used to store the configuration of the main services?

/usr/lib/systemd/system

Which command(s) to remove the user named tom, his home directory and mail spool?
# userdel -r tom

How do you write a loop in bash to display the three names foo, bar and bat?
for a in foo bar bat
do echo $a
done

How to send standard output and error to the same file, here called err?
# program >err 2>&1

Which nmcli command(s) to add the 8.8.8.8 DNS server to the static connection
called net-eth0?

# nmcli con mod net-eth0 +ipv4.dns 8.8.8.8

# nmcli con up net-eth0

Which command to display the current network address configuration?

# ip a

Which nmcli command to change the net-eth0 IP address and default gateway
respectively to 192.168.2.10/24 and 192.168.2.1?
# nmcli con mod net-eth0 ipv4.addresses 192.168.2.10/24
# nmcli con mod net-eth0 ipv4.gateway 192.168.2.1
# nmcli con mod net-eth0 ipv4.method manual
# nmcli con up net-eth0

Which of these commands creates a logical volume of 2GB?

# lvcreate --name lv_vol -L 2G vgroot

Which command do you use to copy the key.pub public key to the authorized_keys file
of the me user located on the server.example.com server?
# ssh-copy-id -i key.pub me@server.example.com

Which nmcli commands to ignore the DNS configuration coming with DHCP for a
connection called net-eth0?
# nmcli con mod net-eth0 ipv4.ignore-auto-dns yes
# nmcli con up net-eth0

Which file contains the GRUB2 environment variables?

/etc/default/grub

Which command installs the vsftpd package and keeps the history updated?
# yum install /root/vsftpd-3.0.2-9.el7.x86_64.rpm

How do you put the gzip command that you just launched at the bash prompt in the
background?
CTRL-Z
# bg

Which command to set the default zone to home?

# firewall-cmd --set-default-zone=home

You just set up a NFS server called nfsserver.example.com.

You also created and exported the /home/guests directory from the NFS server.
You now want to locally mount the remote directory with the Automounter daemon.
Which instructions would you typically write in the new indirect map called
/etc/auto.guests?

* -rw,nfs4 nfsserver.example.com:/home/guests/&

Which of these commands creates a user member of the supplementary group called
team with a home directory called /opt/user?
# useradd -G team -b /opt user

Which command displays the list of services currently in status failed?

# systemctl --failed

Which of these commands creates a volume of 25 logical extents?

# lvcreate -l 25 -n lv_vol vgroot

How do you check that a bash script accepts only two parameters?

if [ $# -ne 2 ]; then
echo "Syntax error: 2 required parameters"
fi

Which command to permanently set the host name to centos7.example.com?

# hostnamectl set-hostname centos7.example.com

Which command to copy all the files owned by tom into the /opt directory?
# find / -user tom -exec cp -p {} /opt \;

Which of these commands displays the list of installed package groups?

# yum grouplist

Which command to put /tmp on tmpfs?

# systemctl enable tmp.mount

You are about to configure a http server with a working directory under /opt.
Which command do you use to assign the correct SELINUX configuration to the /opt
directory?
# semanage fcontext -a -t httpd_sys_content_t "/opt(/.*)?"
Which command sets the GRUB2 second entry as the default one?
# grub2-set-default 1

Something didn�t work as expected. You think it could be a SELinux configuration

problem.
Which command do you use to check any report coming from the SELinux auditing
system?

# sealert -a /var/log/audit/audit.log

Which of these commands displays the SELinux boolean list with description of each
of them?
# semanage boolean -l

Which command is required to start custom scripts at boot time?

# chmod u+x /etc/rc.d/rc.local

Which command tells you which package (with its precise version) was installed the
most recently?
# yum history info

Which command to mount an iso image to the /mnt directory?

# mount -o loop /root/DVD.iso /mnt

Which command to update the configuration without stopping any existing connection?
# firewall-cmd --reload

Which of these commands creates a volume group with physical extent size of 4MB?
# vgcreate -s 4M vg /dev/vdb

Which command updates the GRUB2 configuration?

# grub2-mkconfig -o /boot/grub2/grub.cfg

Which command to generate public and private 2048-bit RSA keys?

# ssh-keygen -b 2048 -t rsa

Which command to get a synthetic view of the disk organization?

# lsblk -a

Which of these commands sets an acl with read and write permissions for user tom on
a file?
# setfacl -m u:tom:rw file

Which command to use to transfer the memo file from the local directory to a remote
server called remote.example.com as user bob?
# scp memo bob@remote.example.com:memo

Which command to prevent anybody from starting the chronyd daemon?

# systemctl mask chronyd

Which directive do you put in the /etc/sysctl.conf file to allow a server to act as
an IPv4 router?
net.ipv4.ip_forward = 1
Which nmcli command to assign the following configuration to a new network
interface called eth0?
IP address: 192.168.1.10/24
default gateway: 192.168.1.1
# nmcli con add ifname eth0 type ethernet ip4 192.168.1.10/24 gw4 192.168.1.1

Which command to remove the user mary from a secondary group called team?
# gpasswd -d mary team

Which command to kill the httpd service and all its associated processes (CGI
scripts included)?
# systemctl kill httpd

Which command triggers a SELinux relabel of the / file system?

# touch /.autorelabel

Which command sets the GRUB2 second entry as the default one?
# grub2-set-default 1

Which of these commands extends a logical volume and its associated file system by
2GB?
# lvextend -L +2G -r /dev/vg/lv_vol

Which command to update the index database used by the locate command?
# updatedb

Which of these commands reduces a logical volume and its associated file system by
2GB?
# lvreduce -L -2G -r /dev/vg/lv_vol

Which command tells you which package (with its precise version) was installed the
most recently?
# yum history info

Which command to temporarily disable the HAProxy service from the public zone?
# firewall-cmd --remove-service=haproxy --zone=public

Which of these commands searches for a package name containing a specific command
called semanage?
# yum whatprovides */semanage

Which of these commands adds a supplementary group called team to a user named tom?
# usermod -aG team tom

Which of these commands forbids any change to a given file?

# chattr +i file

Which directory is used to store the firewall configuration of the main services?
/usr/lib/firewalld/services
Due to a disk problem, you need to go in rescue mode.
Which command do you use?
# systemctl isolate rescue

Which of these commands remounts the root partition in read-write mode?

# mount -o remount,rw /

Which command do you use to fix your /etc/resolv.conf configuration?

# nmtui

Which nmcli command to prevent the net-eth0 connection to start at boot?

# nmcli con mod net-eth0 connection.autoconnect no

===============Notes:
[root@server1 ~]# systemctl -t help
Available unit types:
service
socket
target
device
mount
automount
snapshot
timer
swap
path
slice
scope

==== Install container development kit on Redhat ( openshift from

minishift)=============
https://access.redhat.com/documentation/en-
us/red_hat_container_development_kit/3.4/html/getting_started_guide/getting_started
_with_container_development_kit

Depending on your host operating system, you have the choice of the following
recommended native hypervisors:

macOS ==> xhyve

Linux ==> KVM
Windows ==> Hyper-V
curl -L https://github.com/dhiltgen/docker-machine-
kvm/releases/download/v0.7.0/docker-machine-driver-kvm -o /usr/local/bin/docker-
machine-driver-kvm

Step 1: Set up Hypervisor ==( In Linux Setting Up the KVM Driver)

====================================================================
Install docker-machine-driver-kvm version 0.7.0.

#
# chmod +x /usr/local/bin/docker-machine-driver-kvm

Install KVM packages

# yum install libvirt qemu-kvm

As root, add yourself to the libvirt group:

# usermod -a -G libvirt <username>

Update your current session to apply the group change:

$ newgrp libvirt

Start the libvirtd service as root

# systemctl start libvirtd
# systemctl enable libvirtd

Step 2 : Setting Up CDK to Use VirtualBox

==========================================

download CDK from ===> cdk-3.1.0-1-minishift-linux-amd64

#mkdir -p ~/bin
#cp dk-3.1.0-1-minishift-linux-amd64 ~/bin/minishift
# chmod +x ~/bin/minishift

#export PATH=$PATH:$HOME/bin
# echo 'export PATH=$PATH:$HOME/bin' >> ~ /.bashrc

Step 3 Set up The CDK

======================

$ minishift setup-cdk

Step 4 Start CDK

===========

skip registration for now

# minishift start --skip-registration
Starting local openshift cluster using 'kvm' hypervisor .....
..............
..........

https://192.168.42.215:8443
....
...
...

# virsh list

id===Name=============State
1 minishift running
add oc command to minishift:
#minishift oc-env

# vi .bashrc
export PATH="/home/user/.minishift/cache/oc/v3.9.14/linux:$PATH"

# oc version

To add the docker command

=========================

# subscription-manger repos --enable=rhel-7-server-rpms

# subscription-manger repos --enable=rhel-7-server-extras-rpms
# subscription-manger repos --enable=rhel-7-server-optional-rpms

#yum install docker

# systemctl stop docker
# systemctl disable docke
# minishift docker-env >>>> output sera ajouter dans .bashrc

# vi .bahsrc
export ....
export ....
export ....

# source .bashrc

# openshift console
or #

check:
https://192.168.42.215:8443

developer
developer

sudo subscription-manager repos --enable rhel-7-server-extras-rpms

sudo subscription-manager repos --enable rhel-7-server-optional-rpms
sudo subscription-manager repos --enable rhel-server-rhscl-7-rpms

Repo ID: rhel-7-server-rpms

Repo Name: Red Hat Enterprise Linux 7 Server (RPMs)
Repo URL:
https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/os
Enabled: 1

Repo ID: rhel-7-server-optional-rpms

Repo Name: Red Hat Enterprise Linux 7 Server - Optional (RPMs)
Repo URL:
https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/optional/os
Enabled: 1

RHEL7 redhat.repo:
[rhel-7-server-optional-rpms]
name = Red Hat Enterprise Linux 6 Server - Optional (RPMs)
baseurl =
https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basearch/optional/os
enabled = 1