RHCSA
1
hostnamectl set-hostname mars.lab.example.com
nmcli con mod ens160 ipv4.method manual ipv4.add "192.168.122.101/24" ipv4.gateway 192.168.122.2 ipv4.dns 223.5.5.5
nmcli con up ens160
2
cd /etc/yum.repos.d
for i in `ls`;do mv -f $i $i.bak;done
vim rhcsa.repo
[BaseOS]
name=BaseOS
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/BaseOS/$basearch/os/
gpgcheck=0
enabled=1
[AppStream]
name=AppStream
baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/AppStream/$basearch/os/
gpgcheck=0
enabled=1
yum clean all
yum makecache
3XXX
yum install -y setroubleshoot-server
yum install -y httpd
vim /etc/httpd/conf/httpd.conf
Listen 82
systemctl enable httpd --now
journalctl -xe
semanage port -a -t http_port_t -p tcp 82
systemctl enable httpd --now
firewall-cmd --add-service=http --permanent
4
groupadd admins
useradd lucy -G admins
useradd harry -G admins
useradd jams -s /usr/sbin/nologin
echo redhat | passwd --stdin lucy
echo redhat | passwd --stdin harry
echo redhat | passwd --stdin jams
5
yum install -y cronie
crontab -u lucy -e
*/2 * * * * /bin/echo hiya
6
mkdir /home/test
chgrp admins /home/test
chmod 2770 /home/test
7
vim /etc/chrony.conf
server ntp.aliyun.com iburst
systemctl restart chronyd
8XXX
yum install -y autofs
yum install -y nfs-utils
9
cp /etc/fstab /var/tmp/fstab
chown root:root /var/tmp/fstab
chmod -x /var/tmp/fstab
setfacl -m u:lucy:rw /var/tmp/fstab
setfacl -m u:harry:- /var/tmp/fstab
setfacl -m u::r /var/tmp/fstab
10
useradd jacks -u 3533
echo redhat | passwd --stdin jacks
11
mkdir /root/findfiles
find / -type f -user querys -exec cp {} /root/findfiles/ \;
12
grep crosswords /usr/share/doc/words/readme.txt > /root/list
13
tar zcvf /root/backup.tar.gz /usr/local
14
vim /root/newsearch
#!/bin/bash
find /usr -type f -size +30k -size -50k -perm /u=s -exec ls {} > /root/myoutput.txt \;
chmod +x /root/newsearch
/root/newsearch
15
vim /usr/bin/repwis
#!/bin/bash
find /usr/ -type f -size -10M -not -group root -exec cp {} /root/myoutput/ \;
chmod +x /usr/bin/repwis
mkdir /root/myoutput
repwis
16-18
vim /etc/systemd/journald.conf
Storage=persistent
systemctl restart systemd-journald.service
chgrp systemd-journal /var/log/journal
mkdir /home/contsvc/container_journal
find /var/log/journal -type f -name *.journal -exec cp {} /home/contsvc/container_journal/ \;
chown -R contsvc:contsvc /home/contsvc/container_journal
yum module install -y container-tools
man containers-registries.conf
$HOME/.config/containers/registries.conf
su - contsvc
vim /etc/containers/registries.conf
unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.io", "docker.io"]
# [[registry]]
# prefix = "example.com/foo"
# insecure = false
# blocked = false
# location = internal-registry-for-example.com/bar"
mkdir -p .config/containers
vim .config/containers/registries.conf
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
insecure = false
blocked = false
location = "f0pqsi2y.mirror.aliyuncs.com"
podman run -d --name httpserver -v /home/contsvc/container_journal/:/var/log/journal/:Z docker.io/library/httpd
man systemd.unit
~/.config/systemd/user/*
mkdir -p .config/systemd/user
cd .config/systemd/user
podman generate systemd --name httpserver --files --new
exit
ssh contsvc@mars
systemctl --user daemon-reload
systemctl --user enable container-httpserver.service --now
loginctl enable-linger
podman exec httpserver logger -p local5.info "This is an RHCSA exam"
19
su -
echo "student ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/student
useradd devops -G wheel
echo redhat | passwd --stdin devops
20
su - devops
vim .bash_profile
umask 027
source .bash_profile
21
vim /etc/login.defs
PASS_MAX_DAYS 20
22
su - student
vim .bash_profile
echo "welcome.."
source .bash_profile
23
su - student
mkdir bin
vim bin/ex200
echo "1231231231323"
chmod +x bin/ex200
ex200
24
rd.break
ctrl+x
mount -o rw,remount /sysroot
chroot /sysroot
echo redhat | passwd --stdin root
touch /.autorelabel
exit
exit
25
同2
26
lvextend -rL 230MiB /dev/mapper/lilyvg-lilylv
27
fdisk /dev/sdb
n
+756MiB
t
82
w
mkswap /dev/sdb1
blkid
cat /etc/fstab
echo "UUID=bea77f0e-b597-4da6-ad79-07d35342af43 none swap defaults 0 0" >> /etc/fstab
swapon -a
28
fdisk /dev/sdb
n
+1G
t
83
w
pvcreate /dev/sdb3
vgcreate qagroup -s 16MiB /dev/sdb3
lvcreate -n qa -l 60 qagroup
mkfs.ext3 /dev/mapper/qagroup-qa
mkdir -p /mnt/qa
blkid
cat /etc/fstab
echo "UUID=bc0432c8-6894-4f10-a2c9-00ef07dab5b6 /mnt/qa ext3 defaults 0 0" >> /etc/fstab
mount -a
29
yum install -y vdo
man vdo
vdo create --name=vdo0 --device=/dev/sdb1 --vdoLogicalSize=10T
/dev/mapper/vdo0 /vdo xfs defaults,x-systemd.requires=vdo.service 0 0
vdo create --name=vdough --device=/dev/sdc --vdoLogicalSize=50G
mkfs.xfs /dev/mapper/vdough
mkdir /vbread
echo "/dev/mapper/vdough /vbread xfs defaults,x-systemd.requires=vdo.service 0 0
" >> /etc/fstab
mount -a
30
yum install -y tuned
tuned-adm recommend
tuned-adm profile virtual-guest
tuned-adm active
RHCE
1
sudo yum install -y ansible
mkdir ansible
cd ansible
vim inventory
[dev]
node1
[test]
node2
[prod]
node3
node4
[balancers]
node2
[webservers:children]
prod
vim ansible.cfg
[defaults]
inventory=/home/ansible/ansible/inventory
roles_path=/home/ansible/ansible/roles
remote_user=ansible
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
2
vim adhoc.sh
#!/bin/bash
ansible all -m yum_repository -a 'name=EX294_BASE description="EX294 base software" baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/BaseOS/$basearch/os/ gpgcheck=yes enabled=yes gpgkey=https://mirrors.aliyun.com/rockylinux/RPM-GPG-KEY-Rocky-8'
ansible all -m yum_repository -a 'name=EX294_STREAM description="EX294 stream software" baseurl=https://mirrors.aliyun.com/rockylinux/$releasever/AppStream/$basearch/os/ gpgcheck=yes enabled=yes gpgkey=https://mirrors.aliyun.com/rockylinux/RPM-GPG-KEY-Rocky-8'
chmod +x adhoc.sh
./adhoc.sh
3
vim packages.yml
---
- name: Install php, mariadb, package group development tools and upgrate packages
hosts: dev,test,prod
tasks:
- name: Install php and mariadb on hosts of dev, test, prod
ansible.builtin.yum:
name:
- php
- mariadb
state: latest
- name: Install package group development tools on hosts of dev
ansible.builtin.yum:
name: "@Development tools"
state: present
when: inventory_hostname in groups.dev
- name: Upgrate all packages on hosts of dev
ansible.builtin.yum:
name: '*'
state: latest
ansible-playbook packages.yml --syntax-check
ansible-playbook packages.yml
4.1
sudo yum install -y rhel-system-roles.noarch
vim timesync.yml
---
- name: Config ntp server
hosts: all
vars:
timesync_ntp_servers:
- hostname: ntp.aliyun.com
iburst: true
roles:
- timesync
ansible-playbook timesync.yml --syntax-check
ansible-playbook timesync.yml
4.2
vim selinux.yml
---
- name: Config selinux
hosts: all
vars:
selinux_policy: targeted
selinux_state: enforcing
selinux_fcontexts:
- { target: '/var/www/html(/.*)?', setype: 'httpd_sys_content_t', ftype: 'd', state: 'present' }
selinux_ports:
- { ports: '82', proto: 'tcp', setype: 'http_port_t', state: 'present', local: true }
selinux_restore_dirs:
- /var/www/html
roles:
- role: selinux
ansible-playbook selinux.yml --syntax-check
ansible-playbook selinux.yml
5XXX
vim requirements.yml
---
- src: https://files.itatom.xyz/rhce/haproxy.tar.gz
name: balancer
- src: https://files.itatom.xyz/rhce/phpinfo.tar.gz
name: phpinfo
ansible-galaxy install -r requirements.yml -p roles/
6
ansible-galaxy init apache --init-path roles/
vim roles/apache/tasks/main.yml
---
- name: Ensure pkgs intalled
ansible.buildin.yum:
name: "{{ pkgs }}"
state: latest
- name: Ensure pkgs enabled and started
ansible.builtin.service:
name: "{{ item }}"
enabled: yes
state: started
loop: "{{ pkgs }}"
- name: Config firewalld
ansible.posix.firewalld:
service: http
permanent: true
state: enabled
immediate: true
- name: Create template
ansible.builtin.template:
src: /home/ansible/ansible/roles/apache/templates/index.html.j2
dest: /var/www/html/index.html
owner: apache
group: apache
mode: '0644'
setype: httpd_sys_content_t
vim roles/apache/vars/main.yml
---
pkgs:
- httpd
- firewalld
vim newrole.yml
---
- name: Config webserver
hosts: webservers
roles:
- apache
vim role/apache/templates/index.html.j2
Welcome to {{ ansible_fqdn }} on {{ ansible_default_ipv4.address }}
ansible-playbook newrole.yml --syntax-check
ansible-playbook newrole.yml
7
vim roles.yml
---
- name: Config balancer
hosts: balancers
roles:
- balancer
- name: Config webserver
hosts: webservers
roles:
- phpinfo
ansible-playbook roles.yml --syntax-check
ansible-playbook roles.yml