Вы находитесь на странице: 1из 17

...

ssemani@emanidigital.com#:
=========================

Dont Break the passwd here login with Root Account


#change the hostname as static
#Modify the IPV6 as static
# Yum Client
Question#1 (Do it in both the systems)
Set Selinux in Enforcing mode
-------------------------------
Set the selinux policy Permissive to Enfrocing on both sides.
----------
#vim /etc/selinux/config
SELINUX=permissive <-- change permissive to Enforcing
:wq
#setenforce 1; systemctl reboot
-------------------------------------------------------------done------------
Question#2
Customize the user environment on both systems.
------------------------------------------------
Create a custom command called "qstat" on both system1 and system2 that runs the
command /usr/bin/ps -Ao
pid,tty,user,fname,rsz
That command should be available to all users on the system.
----------
Solution
---------
#which ps
/usr/bin/ps -Ao pid,tty,user,fname,rsz --caopy this one
open the /etc/bashrc
#vim /etc/bashrc
vim:ts=4:sw=4 (below this line)
alias qstat='/usr/bin/ps -Ao pid,tty,user,fname,rsz'
:wq
#source /etc/bashrc
#qstat

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
done!!!!!!!!!!!!!!!!!!!!!
Question#3
Configure ssh on both the systems.
-------------
Configure ssh server on serverX.example.com and domain.my113t.org should not have
ssh access.
solution
------------
#vim /etc/hosts.deny
sshd: *.my133t.org
:wq
#systemctl restart sshd
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!done!!!!!!!!!!!!!!!!!!!!!!!
Question#4
Configure ipv6
--------------
Configure IPV6 on both desktopX and serverX on eth0 device, this should not effect
IPV4 network. In
serverX IPV6 should be fddb:fe2a:ab1e::c0a8:10/64 .In desktopX IPV6
fddb:fe2a:ab1e::c0a8:20/64 should be
and after reboot both IPV4 and IPV6 should be able to communicate on both sides.
Solution:-
----------
@server:-
---------
#nmcli connection modify "System eth0" ipv6.addresses 'fddb:fe2a:ab1e::c0a8:10/64'
ipv6.method static
#nmcli connection down "System eth0"
#nmcli connection up "System eth0"
after reboot try to ping to the below ip
#ping6 fddb:fe2a:ab1e::c0a8:20(if it is pinging then ok)
@Client:-
---------
#nmcli connection modify "System eth0" ipv6.addresses 'fddb:fe2a:ab1e::c0a8:20/64'
ipv6.method staticFile: /
#nmcli connection reload
#systemctl restart network
after reboot try to ping to the below ip
#ping6 fddb:fe2a:ab1e::c0a8:10(if it is pinging then ok)
___________________________________________________________________________________
___________________________
Question#5
Configure Network Teaming.(linkagregation) on both sides.
--------------------------------------------------------------
Configure Network teaming on system1 and system2 use two device called eth1 and
eth2
in serverX Ipaddress is 192.168.0.100/24
and desktopX ipaddress is 192.168.0.200/24
do the same configuation on system1 or serverX machine,just change the IP.
#localte team
#nmcli connection add type team con-name team0 ifname team0 config '{"runner":
{"name":"activebackup"}}'
#nmcli connection show
#nmcli connection add type team-slave con-name ganesh ifname eth1 master team0
#nmcli connection add type team-slave con-name ganesh ifname eth2 master team0
#nmcli connection modify team0 ipv4.addresses '192.168.0.100/24'
#nmcli connection reload
#systemctl restart network
#teamdctl team0 state
setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eth1
#############################################done##################################
#######################
Question#6
port forwarding:
----------------
Configure PORT FORWARDING incomming connection on port 513/tcp on the firewall to
port 143/tcp on network
172.25.0.0/24.
#firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source
address=172.25.0.0/24 forward-port
port=513 protocol=tcp to-port=143'
#firewall-cmd --reload
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
done!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!111
Question#7
Configure mail on both system1 and system2.
-----------------------------------------------
--> Do not accept incoming mail from external sources.
--> All mail sent locally on this system automatically routed to
system1.group1.example.com
--> Mail sent from these systems should show up as comming from group1.example.com
--> Your max test by sending mail to 'another"
-------------------------------------------------------------
#lab smtp-nullclient setup(do in the lab not in exam)
Setting up server machine...
Setting up mutt...
#####if pkg is not installed ####
# rpm -qa | grep postfix
postfix-2.10.1-6.el7.x86_64
# yum install postfix* -y^C
# systemctl enable postfix^C
# systemctl restart postfix^C
# firewall-cmd --add-service=smtp --permanent
# firewall-cmd --reload
6 steps you have remember and do the same desktop in exam(system2)
#postconf -e "inet_interfaces=loopback-only"
# postconf -e "mydestination="
# postconf -e "relayhost=[smtp10.example.com]"
# postconf -e "myorigin=example.com"
# postconf -e "local_transport=error: local delivery disabled"
# postconf -e "mynetworks=127.0.0.0/8 [::1]/128"
# systemctl restart postfix.service
# su - student
[student@serverX ~]$ mail -s 'Ganesh is configured smtp null client'
student@desktop10.example.com
Hi To all ,
You can't send the mails to me.
because its null client
i can send to you
.
EOT
#######################done###############
Question#8
NFS Server:
--------------
Export your "/public" directory via NFS to the example.com domain. Make sure that
client in example.com
domain should able to read only
permission in /public.
Question#9
Configure secure NFS server.
----------------------------
Export your "/publicsecure" directory with using Kerboros via NFS to the
example.com domain.
Make sure client in example.com domain shoud able to read and write prmission on
/publicsecure and
create a subdirectory called "publicshare".
a.publicshare directory owner should be ldapuserX and ldapuserX user should able to
read and write not
to any other .
b.Download keytab for the server from the is url
http://classroom.exampe.com/pub/keytabs/serverX.keytab
___________________________________________________________________________________
_______________________
Question#10
NFS mounts.
------------
a) Mount /public permanently on the /mnt/secure on the desktopX.
b) Mount the secure nfs share /publicsecure permanently on the /mnt/securepath on
desktopX.
--verify that user ldapuserX has read and write access on the /mnt/securepath on
the desktopX
-->use keytab file http://classroom.example.com/pub/keytabs/desktopX.keytab
#############################
Solution of Question8 and 10a
NFS share
-----------
@Server machine
*****************
#yum install nfs* -y
#systemctl enable nfs-server
#systemctl restart nfs-server
#firewall-cmd --permanent --add-service=nfs
#firewall-cmd --permanent --add-service=mountd
#firewall-cmd --permanent --add-service=rpc-bind
#firewall-cmd --reload
#mkdir /public
#vim /etc/exports
/public 172.25.0.0/16(ro)
in exam your domain will be 3 fields
#exportfs -rv
#showmount -e serverX
@Client(desktop)
*****************
#yum install nfs-utils -y
#showmount -e serverX
#mkdir /mnt/secure
#vim /etc/fstab
172.25.X.11:/public /mnt/secure nfs defaults 0 0
:wq

#mount -a
#df -H
Solution of Question9 and 10b.
NFS with Krb5
--------------
@Server machine
****************
#lab nfskrb5 setup(this is only for classroom)
#yum install nfs* -y
#systemctl enable nfs-secure-server
(please restart in this sequence only)
#systemctl restart nfs-server
#systemctl restart nfs-secure-server
#firewall-cmd --permanent --add-service=nfs (we already added at first Question)
#firewall-cmd --permanent --add-service=mountd
#firewall-cmd --permanent --add-service=rpc-bind
#firewall-cmd --reload
(use capital O and keep the file as /etc/krb5.keytab only)
#wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/serverX.keytab
#mkdir -m777 /publicsecure
#mkdir /publicsecure/publicshare
#chown ldapuserX /publicsecure/publicshare/
#ls -ld /publicsecure/publicshare/
#ls -ld /publicsecure/
#vim /etc/sysconfig/nfs
at line no 13 #RPCNFSDARGS="-V 4.2" (Please use capital V)
#vim /etc/exports
/publicsecure 172.25.0.0/16(rw,sec=krb5p)
#exportfs -rv
#showmount -e 172.25.X.11
!!!!!!!!!!!!!!!!!!!!!!
@Client(desktop)
**********************
#lab nfskrb5 setup (do not do it in exam)
#showmount -e serverX
(use capital O and keep the file as /etc/krb5.keytab only)
#wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/desktop14.keytab
#systemctl enable nfs-secure (N.B:--only this one service need to restart at
desktop or clinet not other
2services)
#systemctl restart nfs-secure
#mkdir /mnt/securepath
#vim /etc/fstab
172.25.X.11:/publicsecure /mnt/securepath nfs defaults,sec=krb5p 0 0
:wq
#mount -a
#ssh lpdauserX@localhost (password is kerberos)
[ldapuser14@server14 ~]$ df -H
[ldapuser14@server14 ~]$ cd /mnt/securepath/publicshare
in this directory ldapuser should write some content.
mkdir coss
touch file
((((((((((((((((((((((((((((((DONE))))))))))))))))))))))))))))))
Question#11
Configure SAMBA SHARE:
--> Share the directory "/common" via samba. Your samba server must be a member of
"Staff" workgroup.
--> The share name must be "common". Make sure that browsable must be enabled.
--> The shared must be available to example.com clients only.
--> The user "frank" should have read access to the share with samba.
######################################################################
#yum install samba* -y
#systemctl enable smb nmb
#systemctl restart smb nmb
#firewall-cmd --permanent --add-service=samba
# firewall-cmd --reload
#chcon -t samba_share_t /common/
#ls -ldZ /common/
#useradd frank
#smbpasswd -a frank
New SMB password:
Retype new SMB password:
Added user frank.
#vim /etc/samba/smb.conf
at line no 89: change workgroup = STAFF
then go to the last line place the cursor at [public] and copy 7 lines
under it.
;[public]
;comment = Public Stuff
;path = /home/samba
;public = yes
;writable = yes
;printable = no
;write list = +staff
please observe the changes
and paste it in the same file
[common]
comment = Public Stuff
path = /common
#write list = +staff
browseable = yes
hosts allow = 172.25.
valid user = frank
:wq
#systemctl restart smb nmb
@client
--------
#yum install cifs-utils.x86_64 samba-client.x86_64 -y
#smbclient //server10/common -U frank%redhat
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
if upto this prompt is coming its fine!!!!!!!!!!!
#######################################################MULTIUSER##################
We already installed,enabled,added to firewall also
now starts from
Question#12
Multiuser Samba mount.
-----------------------
--> Share the directory "/secure" via samba.
--> The share name must be "secure". Make sure that browsable must be enabled.
--> The shared must be available to example.com clients only .
--> The user "rob" should have read access to the share with samba password "redhat
" and user
"robby" shoud have read and write
access to the share with samba password "redhat"
a.Mount samaba share /secure permanentely on the /mnt/securedata.
--> on desktopX as a multiuser mount.
#mkdir /secure
#chcon -t samba_share_t /secure
#useradd rob
#useradd robby
#setfacl -m u:robby:rwx /secure
#smbpasswd -a rob
New SMB password:
Retype new SMB password
Added user rob.
#smbpasswd -a robby
New SMB password:
Retype new SMB password:
Added user robby.
#vim /etc/samba/smb.conf
copy the 10 lines from common
[common]
comment = Public Stuff
path = /common
#write list = +staff
browseable = yes
hosts allow = 172.25.
valid users = frank
please observe the changes
[secure]
comment = Public Stuff
path = /secure
write list = robby
public = no
browseable = yes
hosts allow = 172.25.
valid users = rob robby
:wq
@client
##################
#useradd rob
#useradd robby
#smbclient //server10/secure -U rob
Enter rob's password:
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir coss
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \coss
smb: \>
#smbclient //172.25.X.11/secure -U robby
Enter robby's password:
Domain=[STAFF] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir coss
smb: \> exit
#vim /root/smb
username=robby
redhat=redhat
:wq
#mkdir /mnt/securedata
#vim /etc/fstab
//172.25.x.11/secure /mnt/securedata cifs
credentials=/root/smb,multiuser,sec=ntlmssp 0 0
:wq
#su - robby
[robby@desktop10 ~]$ cifscreds add server10
Password: please provide same samba users credential which is created in server
side (robby,rob).
$[robby@desktop10 securedata]$ in this directory please try to create a file.
touch file12
[robby@desktop10 securedata]$ ls
file12
###############done###################
IF YOU ARE GETTING THE ERROR MSG LIKE PLEASE TROUBLESHOOT IT
if touch file12
touch: cannot touch file1: Permission denied
#####################
WEB SERVER
################
Question#13 Configure "web server":
---------------------------------------
--> Configure the system1 as "web server" for the site http://serverX.example.com
--> Download the web page station.html from
http://classroom.example.com/pub/updates/station.html
--> Rename the downloaded page as index.html.
--> Copy the index.html file to the "document root" and dont modify
a. Make sure the web site should be allow to example.com only and deny to
my133t.org doimain .
!!!!!!!!!!!!
Solution
----------
#yum install httpd* -y
#systemctl enable httpd.service
#systemctl restart httpd.service
#firewall-cmd --permanent --add-service=http
Success
#firewall-cmd --reload
success
#rpm -qd httpd run this command
#cat /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf (read this file and copy last 7
lines)
and paste in vim /etc/httpd/conf/httpd.conf
####segreate from 354 line#########################
paste is here
<VirtualHost *:@@Port@@>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "@@ServerRoot@@/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "/var/log/httpd/dummy-host2.example.com-error_log"
CustomLog "/var/log/httpd/dummy-host2.example.com-access_log" common
</VirtualHost>
and please observe the changes
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
</VirtualHost>
<Directory /var/www/html> [this is file lines you have to remember]
Order allow,deny
Allow from .example.com
</Directory>
!!!!!!!
Now download the web page station.html from
http://classroom.example.com/pub/updates/station.html
#wget -O index.html http://classroom.example.com/pub/updates/station.html ( run
this command)
#systemctl restart httpd.service
#curl -k http://serverX.example.com (better use firefox)
(((((((((((((((((((((((((((((((((((((Done))))))))))))))))))))))))))))))
Question#14
Configure "web server":
---------------------------
Create the directory "confidential" for the DocumentRoot of your webserver.
Download the page "host.html"
from http://classroom.example.com/pub/updates/host.html And move as index.html.It
should be accessable to
localhost only and not to any other host.
----------------------------------------------
#mkdir /var/www/html/confidential
N.B--Again open the conifguration file
and copy from the
<Directory /var/www/html> [this is file lines you have to remember]
Order allow,deny

Allow from .example.com

</Directory>
please observe the changesFile:

<Directory /var/www/html/confidential>
Order allow,deny
Allow from 172.25.X.11
</Directory>
:wq
Now Download Download the page "host.html" from
http://classroom.example.com/pub/updates/host.html
#wget -O index.html http://classroom.example.com/pub/updates/host.html (run this
command no need to
raname again)
#systemctl restart httpd.service
open firefox from desktop,foundation machine it should be forbiddent,if it
brsowseable then mistake with
your configuration
It will only browse with serverX.example.com
((((((((((((((((((((((((((((((((((((((((((((((((Done)))))))))))))))))))))))))))
Question#15
Configure name virtual hosting server:
--------------------------------------
Configure the name virtual hosting server for the site http://wwwX.example.com.
Download the page
"www.html" from http://classroom.example.com/pub/updates/www.html and rename as
index.html under
documenRoot "/var/www/virtual". User called rock should able to add some content
into /var/www/virtual
directory.
Solution
#########
#mkdir /var/www/virtual
#cd /var/www/virtual
#wget -O index.html http://classroom.example.com/pub/updates/www.html
copy the begining 5 lines from main web server configuration
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
</VirtualHost>
and observe the changes
changes
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@wwwX.example.com
DocumentRoot /var/www/virtual
ServerName wwwX.example.com
</VirtualHost>
#systemctl restart httpd.service
#useradd rock
#setfacl -m u:rock:rwx /var/www/virtual
#su - rock
#vim /var/www/virtual/rock.html
Rock is modifying the virtual content
:wq
#systemctl restart httpd.service
first browse firefox http://wwwX.example.com
then browse firefox http://wwwX.example.com/rock.html
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((DONE)))))))))))))))))))
)))))))))))))))))
Question#17
confiure ssl web server
-----------------------------
Configure secure web server site name http://serverX.example.com and the web site
will need to protect
with SSL.
Download the certificates form following locations
http://classroom.example.com/pub/example-ca.crt
http://classroom.example.com/pub/tls/private/serverX.key
http://classroom.example.com/pub/tls/certs/serverX.crt
#solution
----------
# yum install mod_ssl -y
firewall-cmd --permanent --add-service=https
success
#firewall-cmd --reload

success
---->download the keys below location (please download only .crt extension keys in
this directory)
#cd /etc/pki/tls/certs/
wget http://classroom.example.com/pub/example-ca.crt
wget http://classroom.example.com/pub/tls/certs/serverX.crt
#cd /etc/pki/tls/private
wget http://classroom.example.com/pub/tls/private/serverX.key
Now run a command
# egrep 'SSLC|SSLE|SSLP' /etc/httpd/conf.d/ssl.conf
and copy form SSL engine on to server-chain.crt
and what ever # commented delete except server-chain.crt(just uncomment it)
Step#1
copy the first 5 lines from the begining and observe the changes
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
Step 2
(And what ever you copied from egrep 'SSLC|SSLE|SSLP' /etc/httpd/conf.d/ssl.conf )
please paste in the middle
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#
to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
# Point SSLCertificateFile at a PEM encoded certificate. If
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#
Point SSLCertificateChainFile at a file containing the
#
the referenced file can be the same as SSLCertificateFile
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
</VirtualHost>
final changes please observer
<VirtualHost 172.25.X.11:443>(X is your system number) 80 to 443
ServerAdmin root@serverX.example.com
DocumentRoot /var/www/html
ServerName serverX.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 <-- this one you have to add
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/serverX.crt
SSLCertificateKeyFile /etc/pki/tls/private/serverX.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
</VirtualHost>
#systemctl restart httpd.services
And this should be browse from all the systems.
((((((((((((((((((((1(((((((((((((((((((((((((((((((((DONE)))))))))))))))))))))))))
)
Question#16
Configure wsgi web server:
-------------------------------
Configure "wsgi" web server site name "webappX.example.com" and download dynamic
WSGI conent from http://
classroom.example.com/pub/updates/webapp.wsgi and stored inside virtual web server
DocumentRoot of your
webserver. and donot effect virtual web serevr. port should be 8999 and client
should access the web site
using webappX.example.com:8999.
##########
solution
---------------
#yum install mod_wsgi -y
#cd /var/www/virtual
#wget http://classroom.example.com/pub/updates/webapp.wsgi
#firewall-cmd --permanent --add-port=8999/tcp
#firewall-cmd --reload
#man semanage port
search for /example and copy and paste in terminal
#semanage port -a -t http_port_t -p tcp 8999 (and change it 81 to 8999)
open the vim /etc/httpd/conf/httpd.conf
and search Listen and Copy the Listen and paste it
and change like this
Listen webappX.example.com:8999
down
and in this file only copy from
<VirtualHost 172.25.X.11:80>(X is your system number)
ServerAdmin root@wwwX.example.com
DocumentRoot /var/www/virtual
ServerName wwwX.example.com
</VirtualHost>
and observe the changes
<VirtualHost 172.25.X.11:80> change 80 to 8999
(X is your system number)
ServerAdmin root@webappX.example.com <--wwwX to webappX
DocumentRoot /var/www/virtual/webapp.wsgi<-- add this one
and change DocumentRoot to WSGIScriptAlias / so final
WSGIScriptAlias / /var/www/virtual/webapp.wsgi
ServerName wwwX.example.com<-- servername -webappX.example.com
</VirtualHost>
Final output
--------------
<VirtualHost 172.25.X.11:8999>
WSGIScriptAlias / /var/www/virtual/webapp.wsgi
ServerAdmin root@webappX.example.com
ServerName webappX.example.com
</VirtualHost>
:wq
#systemctl restart httpd.service
-->browse #firefox http://webappX.example.com:8999 (If Unix epoch time is coming
its done)
and
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((DONE)))))))))))))))))
)))))))))))
Question#20
Configure mariadb.
-------------------
Install mariadb database and user root password is redhat database sholud access
only localhost. create a
"contacts" database.
Restore a data base backup
http://classroom.example.com/pub/materials/mariadb/mariadb.dump .
'rob' user can query and access "contacts" database should be use password is
"redhat".
#yum groupinstall mariadb* -y
#systemctl enable mariadb
#systemctl restart mariadb
#firewall-cmd --permanent --add-service=mysql
#firewall-cmd --reload
#vim /etc/my.cnf
unnder [mysqld]
skip-networking=1
:wq
#mysql_secure_installation
Enter current password for root (enter for none): dont give any passwd here just
hit enter
Set root password? [Y/n] Y
********
********
Remove anonymous users? [Y/n]Y
Disallow root login remotely? [Y/n]Y
Remove test database and access to it? [Y/n]Y
Reload privilege tables now? [Y/n]Y
Thanks for using MariaDB!!!!!!!!!!!!!!!
#mysql -u root -predhat <-- enter
MariaDB [(none)]> help create;
MariaDB [(none)]> CREATE DATABASE content;
Query OK, 1 row affected (0.00 sec)File: /run/media/kiosk/4D94-
2D97/GANESH_COSS/GANESH_RHCE_SOLUTION
Page 11 of 14
MariaDB [(none)]>help grant;and copy the below line
MariaDB [(none)]>CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
*****please observe the changes*************
MariaDB [(none)]>CREATE USER 'rob'@'localhost' IDENTIFIED BY 'redhat';
MariaDB [(none)]>help grant; and copy the below line
GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
**************please observe the changes**************
MariaDB [(none)]>GRANT SELECT ON content.* TO 'rob'@'localhost';
now exit from the database type exit;
##step2#######
download a database from
http://classroom.example.com/pub/materials/mariadb/mariadb.dump
# mysql -u root -predhat content < /root/mariadb.dump
#mysql -u rob -predhat content
MariaDB [content]> show tables;
+-------------------+
| Tables_in_content |
+-------------------+
| category
|
| manufacturer
|
| product
|
+-------------------+
3 rows in set (0.00 sec)
MariaDB [content]> tee /mnt/password.txt
MariaDB [content]> select * from category where id=1;
+----+------------+
| id | name
|
+----+------------+
| 1 | Networking |
+----+------------+
1 row in set (0.00 sec)
#cd /mnt/
#cat /mnt/password.txt
#################################copy the output and paste in a
file.txt################
Question#18
CONFIGURE "target server"
---------------------------
configure target server use the this iqn iqn.2015-02.com.example:system1 and 3G
backing store device
volume group name iscsi_storage. iscsi storage should availabe to
desktopX.example.com sysetm only.
Solution:-
----------
@Server
-------
#yum install targetcli.noarch -y
#systemctl enable target
#systemctl restart target
#firewall-cmd --permanent --add-port=3260/tcp
#firewall-cmd --reload
#fdisk /dev/vdb
Command (m for help): n
Select (default p): e
Partition number (1-4, default 1):(enter)
First sector (2048-20971519, default 2048):(enter)
Last sector, +sectors or +size{K,M,G} (2048-20971519, default 20971519):(enter)
(Partition 1 of type Extended and of size 10 GiB is set)
Command (m for help): n
First sector (4096-20971519, default 4096):(enter)
Last sector, +sectors or +size{K,M,G} (4096-20971519, default 20971519):+3G
Partition 5 of type Linux and of size 3.4 GiB is set
Command (m for help): t
Partition number (1,5, default 5):(enter)
Hex code (type L to list all codes): 8e
Command (m for help): p
Command (m for help): w
#partprobe
#pvcreate /dev/vdb5
#vgcreate iscsi_storage /dev/vdb5
#lvcreate -n storage -l 100%FREE iscsi_storage
#targetcli
/> ls(you will get output like this below)File: /run/media/kiosk/4D94-
2D97/GANESH_COSS/GANESH_RHCE_SOLUTION
Page 12 of 14
o- / ..................................................................... [...]
o- backstores .......................................................... [...]
o- block .............................................. [Storage Objects: 0]
| o- fileio ............................................. [Storage Objects: 0]
| o- pscsi .............................................. [Storage Objects: 0]
| o- ramdisk ............................................ [Storage Objects: 0]
o- iscsi ........................................................ [Targets: 0]
o- loopback ..................................................... [Targets: 0]
/> /backstores/block create iscsi_storage /dev/iscsi_storage/storage
/> /iscsi create iqn.2015-02.com.example:serverX
/> ls(observe the changed output now)
o- / ..................................................................... [...]
o- backstores .......................................................... [...]
| o- block .............................................. [Storage Objects: 1]
| | o- iscsi_storage [/dev/iscsi_storage/storage (3.0GiB) write-thru deactivated]
| o- fileio ............................................. [Storage Objects: 0]
| o- pscsi .............................................. [Storage Objects: 0]
| o- ramdisk ............................................ [Storage Objects: 0]
o- iscsi ........................................................ [Targets: 1]
| o- iqn.2015-02.com.example:serverX ............................... [TPGs: 1]
|
o- tpg1 ........................................... [no-gen-acls, no-auth]
|
o- acls ...................................................... [ACLs: 0]
|
o- luns ...................................................... [LUNs: 0]
|
o- portals ................................................ [Portals: 0]
o- loopback ..................................................... [Targets: 0]
/> /iscsi/iqn.2015-02.com.example:system1/tpg1/acls create iqn.2015-
02.com.example:desktopX
/> /iscsi/iqn.2015-02.com.example:system1/tpg1/luns create
/backstores/block/iscsi_storage
/> /iscsi/iqn.2015-02.com.example:system1/tpg1/portals create 172.25.X.11
/> ls(you should get final output like this)
o- / ..................................................................... [...]
o- backstores .......................................................... [...]
| o- block .............................................. [Storage Objects: 1]
| | o- iscsi_storage [/dev/iscsi_storage/storage (3.0GiB) write-thru activated]
| o- fileio ............................................. [Storage Objects: 0]
| o- pscsi .............................................. [Storage Objects: 0]
| o- ramdisk ............................................ [Storage Objects: 0]
o- iscsi ........................................................ [Targets: 1]
| o- iqn.2015-02.com.example:serverX ............................... [TPGs: 1]
|
o- tpg1 ........................................... [no-gen-acls, no-auth]
|
o- acls ...................................................... [ACLs: 1]
|
| o- iqn.2015-02.com.example:desktopX .................. [Mapped LUNs: 1]
|
|
o- mapped_lun0 ..................... [lun0 block/iscsi_storage (rw)]
|
o- luns ...................................................... [LUNs: 1]
|
| o- lun0 ........... [block/iscsi_storage (/dev/iscsi_storage/storage)]
|
o- portals ................................................ [Portals: 1]
|
o- 172.25.X.11:3260 ............................................ [OK]
o- loopback ..................................................... [Targets: 0]
/> saveconfig
/> exit
#systemctl restart targetd
###################################################################################
####################
Question#19
Configure iscsi client.
-----------------------
Create a new 2024Mb iscsi target on your DesktopX.example.com machine. this target
should be called
iqn.2015-02.com.example:system1 and assign file system ext4 and mount under
/mnt/iscsi directory.
@Clint side(Desktop)
-------------------
#yum install iscsi-initiator-utils.i686 -y
#systemctl enable iscsid.service
#vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2015-02.com.example:serverX
:wq!
#systemctl restart iscsid.service
#man iscsiadm(in a new terminal or tab)
goto to end page and copy this line
iscsiadm --mode discoverydb --type sendtargets --portal 192.168.1.10 --discover
and make the following changes
#iscsiadm --mode discoverydb --type sendtargets --portal 172.25.X.11
--discoverFile: /run/media/kiosk/4D94-2D97/GANESH_COSS/GANESH_RHCE_SOLUTION
Page 13 of 14
Again copy from this line and make following changes as below
iscsiadm --mode node --targetname iqn.2001-05.com.doe:test --portal
192.168.1.1:3260 --login
observe the changes
#iscsiadm --mode node --targetname iqn.2015-02.com.example:serverX --portal
172.25.X.11:3260 --login
#fdisk -l(it should show another drive as local storage i.e. /dev/sda)
#fdisk /dev/sda
Command (m for help): n
Select (default p): p
Partition number (1-4, default 1):(enter)
First sector (8192-6291455, default 8192):(enter)
Last sector, +sectors or +size{K,M,G} (8192-6291455, default 6291455): +2024M
Command (m for help): p
Command (m for help): w
#partprobe
#mkfs.ext4 /dev/sda1
#mkdir /mnt/iscsi
#blkid(copy the UUID of /dev/sda1)
#vim /etc/fstab
UUID="25ad4e73-bc45-48e2-8f99-1891fc096c29" /mnt/iscsi ext4 _netdev 0 0
:wq!
#mount -a
#df -H
#iscsiadm --mode node --targetname iqn.2015-02.com.example:system1 --portal
172.25.X.11:3260 --logout
(use the same command which has been used to login with changing it to logout)
#reboot
#df -H(check whther /dev/sda1 is still mounted or not if yes then it is successful)
(((((((((((((((((((((((((((((((((((((((((((((((((((((((((DONE))))))))))))))))))))))
))))))))))))))))))))
Question#21
Script:
-------
Write the script called /root/script. If you pass an argument as "redhat" it should
print "fedora" . If
you pass an argument as "fedora" it should print "redhat". If you pass any argument
other than "redhat"
or "fedora"it will print standard error "STDERR|red-fed".
#!/bin/bash
if [ "$1" == "redhat" ]
then
echo "fedora"
elif [ "$1" == "fedora" ]
then
echo "redhat"
else
echo "STD|ERR-red/fed"
fi
:wq
#chmod +x /root/script1.sh
# sh /root/script1.sh redhat
(o/p=fedora)
# sh /root/script1.sh fedora
(o/p=redhat)
# sh /root/script1.sh ganesh
STD|ERR-red/fed
#############################################done#####################
Question#22
Create a script on DesktopX.
-------------------------------
--> It should be a single argument which is the name of file that contain
usernames.
--> If argument is not supplied it should display usage :/root/batchusers and exit.
--> If non existant file is specified, it should display "file not found."
--> Accounts should be encounted with no login shell /bin/false
--> Script does not root need to set password.
#!/bin/bash
if [ $# -eq 0 ]
then
echo "FILE:IN USAGE"
elif [ -f $1 ]
then
for x in `cat $1`
do
useradd -s /sbin/nologin $x
done
else
echo "file not found"
fi
:wq
#vim coss
user1
user2
user3
:wq
#sh /root/script2.sh coss
it will add the users
#cd /home
#########################################################DONE#####################
#######
#
#mysql -u root -B -D mysql -e 'select user from user where
password=password('animous');' -p > /mnt/password.txt