Professional Documents
Culture Documents
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and
print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way.
Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display,
perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization
of Oracle.
The information contained in this document is subject to change without notice. If you find any problems in the document, please
report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Restricted Rights Notice
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United
States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS
The U.S. Governments rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted
by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
Author
l
i
Craig McBride
nim Stu
u
o@ e this
Technical Contributors and Reviewers rs
coHaraldo Van
usBreederode, Joel Goodman, Manish
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective
owners.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Table of Contents
Practices for Lesson 1: Course Introduction ........................................................................................... 1-1
Course Practice Environment: Security Credentials.................................................................................. 1-2
Practices for Lesson 1: Overview............................................................................................................. 1-3
Practice 1-1: Exploring the dom0 Environment ......................................................................................... 1-4
Practice 1-2: Starting, Stopping, and Listing VM Guests ........................................................................... 1-11
Practice 1-3: Exploring the host01 VM ..................................................................................................... 1-13
Practice 1-4: Exploring the host02 VM ..................................................................................................... 1-17
Practice 1-5: Exploring the host03 VM ..................................................................................................... 1-20
Practice 1-6: Logging Off from Your Student PC ...................................................................................... 1-22
Practices for Lesson 2: Network Addressing and Name Services .......................................................... 2-1
Practices for Lesson 2: Overview............................................................................................................. 2-2
Practice 2-1: Configuring a DHCP Server................................................................................................. 2-3
Practice 2-2: Configuring a DHCP Client .................................................................................................. 2-6
Practice 2-3: Viewing and Testing the DNS Configuration......................................................................... 2-9
Practice 2-4: Configuring a Caching-Only Nameserver ............................................................................. 2-16
a
s
a
h 3-1
)
Practices for Lesson 3: Authentication and Directory Services ..............................................................
o
c ide3-2
u
Practices for Lesson 3: Overview.............................................................................................................
d Gu
e
r
Practice 3-1: Configuring an OpenLDAP Server .......................................................................................
3-3
ita dent
l
i
Practice 3-2: Implementing OpenLDAP Authentication .............................................................................
3-21
nim Stu
Practice 3-3: Authenticating from an OpenLDAP Client ............................................................................
3-26
u
s
i
@
Practices for Lesson 4: Pluggable Authentication Modules
.........................................................
4-1
o (PAM)
th
s
r
e
o
Practices for Lesson 4: Overview.............................................................................................................
4-2
us
c to........................................................................
n
Practice 4-1: Configuring PAM for a Single
Login Session
4-3
a
(ju Non-root
seLogin......................................................................... 4-8
Practice 4-2: Configuring PAM tosPrevent
n
e
ia EmaillServices
rand
ic ..................................................................................... 5-1
Practices for Lesson 5: Web
a
e
l
so5: Overview
Practices for Lesson
r
rab............................................................................................................. 5-2
o
Practice 5-1:cConfiguringfe
the Apache Web Server .................................................................................... 5-3
n ans
juafor Lesson
Practices
tr 6: Installing Oracle Linux 7 by Using Kickstart...................................................... 6-1
n
Practices
nofor Lesson 6: Overview............................................................................................................. 6-2
Practice 6-1: Performing a Kickstart Installation........................................................................................ 6-3
Practice 6-2: Using Rescue Mode............................................................................................................ 6-14
Practices for Lesson 7: Samba Services.................................................................................................. 7-1
Practices for Lesson 7: Overview............................................................................................................. 7-2
Practice 7-1: Configuring a Samba Server ............................................................................................... 7-3
Practice 7-2: Accessing Samba Shares from a Client Host ....................................................................... 7-8
Practice 7-3: Accessing a Linux Samba Share from a Windows System ................................................... 7-12
Practices for Lesson 8: Advanced Software Package Management........................................................ 8-1
Practices for Lesson 8: Overview............................................................................................................. 8-2
Practice 8-1: Exploring the host04 VM ..................................................................................................... 8-3
Practice 8-2: Managing Yum Plug-Ins ...................................................................................................... 8-9
Practice 8-3: Using Yum Utilities .............................................................................................................. 8-16
Practice 8-4: Creating an RPM Package .................................................................................................. 8-22
Practice 8-5: Managing Software Updates with PackageKit ...................................................................... 8-31
Practice 8-6: Working with Yum History and Yum Cache .......................................................................... 8-39
Practices for Lesson 9: Advanced Storage Administration ..................................................................... 9-1
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
t
ua s.....................................................................................
e
j
Practices for Lesson 12: iSCSI and Multipathing
12-1
(
n
s
e
a
Practices for Lesson 12: Overview
...........................................................................................................
12-2
i
c
li (Target)................................................................................. 12-3
aanr iSCSIleServer
Practice 12-1: Configuring
o
b Client (Initiator)................................................................................. 12-14
rs eanraiSCSI
oConfiguring
Practice 12-2:
c
f
Practice
ns iSCSI Multipathing .......................................................................................... 12-21
an12-3:tConfiguring
a
u
j
r
- 13: Control Groups (Cgroups)................................................................................ 13-1
Practices for
Lesson
nonfor Lesson 13: Overview........................................................................................................... 13-2
Practices
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Practice 16-1: Using sftp to Upload Docker Package and Images ............................................................. 16-3
Practice 16-2: Installing and Configuring Docker ...................................................................................... 16-5
Practice 16-3: Using Docker Commands.................................................................................................. 16-9
Practice for Lesson 17: Security Enhanced Linux (SELinux) .................................................................. 17-1
Practice for Lesson 17: Overview ............................................................................................................ 17-2
Practice 17-1: Exploring SELinux............................................................................................................. 17-3
Practice 17-2: Configuring an SELinux Boolean ....................................................................................... 17-11
Practice 17-3: Configuring SELinux Context ............................................................................................. 17-15
Practices for Lesson 18: Core Dump Analysis......................................................................................... 18-1
Practices for Lesson 18: Overview ........................................................................................................... 18-2
Practice 18-1: Configuring Kdump ........................................................................................................... 18-3
Practice 18-2: Creating a Core Dump File ................................................................................................ 18-12
Practice 18-3: Preparing Your System to Analyze the vmcore................................................................... 18-14
Practice 18-4: Using the crash Utility........................................................................................................ 18-16
Practices for Lesson 19: Dynamic Tracing with DTrace .......................................................................... 19-1
Practices for Lesson 19: Overview ........................................................................................................... 19-2
Practice 19-1: Using sftp to Upload DTrace Packages .............................................................................. 19-3
Practice 19-2: Installing the DTrace Packages ......................................................................................... 19-8
Practice 19-3: Using DTrace from the Command Line .............................................................................. 19-12
Practice 19-4: Creating and Running D Scripts......................................................................................... 19-20
a
s
a
h
)
o
c ide
u
d Gu
e
r
ta ent
i
l
i
Appendix - NIS Configuration...................................................................................................................
20-1
nim Stud
Appendix - Overview ...............................................................................................................................
20-2
u
s
i
@
h
Practice A-1: Configuring an NIS Server ..................................................................................................
20-3
o
rs se t
o
Practice A-2: Configuring an NIS Client....................................................................................................
20-9
c
u
........................................................................................
n
o
Practice A-3: Implementing NIS Authentication
20-11
t
a
(ju..................................................................................................
se
Practice A-4: Testing NIS Authentication
20-15
n
s
e
a
i
c
Practice A-5: Auto-Mounting
a User Home
li Directory ................................................................................ 20-17
arSystems
e
l
o
Practice A-6: Restoring
the
to
s rab Their Original State...................................................................... 20-20
r
o
c Access
Appendixes: Remote
fe Options...................................................................................................... 21-1
s
n
n
a
Appendixes:
Overview.............................................................................................................................
21-2
ju -tra
Appendix n
an NX Client to Connect to dom0................................................................................ 21-3
no A:B: Using
Appendix
Using an NX Player to Connect to dom0............................................................................... 21-7
Appendix C: Using VNC (TightVNC) to Connect Directly to VM Guests ..................................................... 21-13
Appendix D: Using NoMachine Version 4 to Connect to dom0 .................................................................. 21-16
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
t 1:
Practices lfor
n
ita Lesson
e
i
Course
Introduction
tud
nim
S
u
o@ 1 this
s
Chapter e
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
If you are attending a classroom-based or live virtual class, ask your instructor or LVC
producer for OS credential information.
If you are using a self-study format, refer to the communication that you received from
Oracle University for this course.
For product-specific credentials used in this course, see the following table:
Product-Specific Credentials
Virtual Machines/Application
Username
Password
host01/OS
root
oracle
host01/OS
oracle
oracle
s
a
h
host02/OS
root
oracle
o) e
c
host02/OS
oracle
oracle
du Guid
e
r
host03/OS
root
nt
ita doracle
l
e
i
m tu oracle
host03/OS
oracle uni
S
s
i
@
h
o
rs se t
o
c
u
n
o
t
a
(ju nse
s
ria e lice
a
o abl
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Practices Overview
In these practices, you will:
Log in to your classroom PC and become familiar with the Oracle VM Server for x86
environment installed on your classroom PC
Connect to the virtual machines used for the hands-on practices and become familiar
with the VM guest configurations
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
In this practice, you explore the dom0 configuration and directory structure.
Assumptions
You are logged in to your student PC as vncuser with the password vnctech.
Tasks
1.
s
a
Open a terminal window.
h
o) in thee
c
Begin this task from the dom0 GNOME virtual desktop window as shown
du Guid
following screenshot:
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
2.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Enter the commands from an open terminal window as shown in the following
screenshot:
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
t
a
u
e
j
(
s
Become the root user by
The root password is oracle.
s usingicthe
ensuthe- command.
a
i
r
l
Confirm that you are
root
by
printing
user
identity
with the whoami command:
a le
o
$ su
ors ferab
c
n ans oracle
juaPassword:
tr
#nwhoami
noroot
3.
4.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
# ifconfig -a
...
bond0
...
eth0
...
lo
...
vif...
...
virbr0
a
s
a
h
)
o
c ide
u
Link encap:Ethernet ...
d Gu
e
r
inet addr:192.0.2.1 ...
ta ent
i
l
i
...
im Stud
n
u
virbr1
Link encap:Ethernet ...
o@...e this
s
inet addr:192.168.1.1
r
co o us
...
n
ua se t ...
j
virbr2
Link encap:Ethernet
(
saddr:192.168.2.1
en
a
i
inet
...
c
r
i
l
a
e
l
... rso
rabencap:Ethernet ...
o fLink
c
e
virbr3
s
n
jua -tran inet addr:192.168.3.1 ...
n
no...
In this example, the network interface for dom0 is bond0 and is assigned an IP
Link encap:Ethernet ...
You also notice vif<#>.<#> entries. These are virtual interfaces that are tied to
the VM/domU IDs. You can get the VM/domU IDs from the xm list command,
which you run later in this practice.
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
5.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
Explore the top level of the /OVS directory. (Only partial output is shown.)
# ls l /OVS
drwxrwxrwx ... iso_pool
drwxrwxrwx ... publish_pool
drwxrwxrwx ... running_pool
drwxrwxrwx ... seed_pool
drwxrwxrwx ... sharedDisk
There are five directories in the /OVS directory.
b.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
uasevenseVMt directories exist, for VMs host01, host02,
j
(
This example shows
that
shost05,icvpn-host1,
en
a
i
host03, host04,
and vpn-host2.
r
l
a le
o
Therhost04
bis preconfigured with access to Oracles Public Yum Server. This
ra
oissusedfeinVM
c
VM
Practices for Lesson 8: Advanced Software Package Management.
s
n ahost05
n
VM has the virtualization package groups installed. This VM is used in
jua The
r
t
n
Practices
for
14: Virtualization with Linux.
no The vpn VMsLesson
are used in Practice 10-7: Configuring a Site-to-Site Virtual Private
Network (VPN).
c.
The u01.img and u02.img files are utility virtual disks that are used in various
practices in this course.
The vm.cfg file is the configuration file for the virtual machine. This file is read
when the virtual machine is created.
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Note that the Oracle Linux dvd.iso is mounted on a virtual CD ROM device.
Note that there are four virtual network interfaces. The interface on the virbr0
bridge is eth0, the interface on the virbr1 bridge is eth1, the interface on the
virbr2 bridge is eth3, and the interface on the virbr3 bridge is eth4.
e.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
f.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
g.
This directory contains the contents of the Oracle Linux 7.1 ISO.
Note that the RPM software packages are in the Packages directory.
/var/www/html/repo/OracleLinux/OL7/1/x86_64
images
RELEASE-NOTES-U1-en RPM-GPG-KEY-oracle
isolinux RELEASE-NOTES-U1-en.html TRANS.TBL
LiveOS
repodata
Packages RPM-GPG-KEY
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
In this practice, you use xm commands to list, create, and shut down virtual machines.
Assumptions
Tasks
1.
2.
a
s
a
h
# xm list
)
o
c Time(s)
e
Name
ID
Mem VCPUs
State
d
u
i
d Gu 281.1
e
Domain-0
0
2048
2
r----r
ta ent
host01
1
1536
1 ili -b---157.6
d
m -b---i
u
t
n
host02
2
1536
1
159.0
u is S
@
host03
3
1536
13.2
so se 1th -b---r
o
You have three guests (host01,
uand host03) running.
c host02,
n
o
t
a
Shut down a VM.
(ju nse
s
e command to shut down the host03 VM. The w
cname>
riaw <VM
Use the xm shutdown
i
l
a
le until all services in the domain shut down cleanly. Run xm
osystematobwait
option tells rthe
s
r
o the
list tocdisplay
VMs.
erunning
f
s
n
axmn shutdown command takes a few seconds to complete.
jua The
r
t
nonNote that host03 is no longer active.
# xm shutdown w host03
Domain host03 terminated
All domains terminated
# xm list
Name
ID
Domain-0
0
host01
1
host02
2
Mem VCPUs
2048
2
1536
1
1536
1
State
r-----b----b----
Time(s)
289.6
157.6
159.0
3.
Start a VM.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Use the xm create <config_file> command to start the host03 VM. The
<config_file> is named vm.cfg and is located in the
/OVS/running_pool/<VM_name> directory. Run xm list to display the running VMs.
The State column for dom0 and host03 shows r (run state). The State column for
host01 and host02 shows b (blocked). The following describes these values:
b: The domain is blocked, and not running or runnable. This can be caused
because the domain is waiting on IO (a traditional wait state) or has gone to
sleep because there was nothing else for it to do.
# cd /OVS/running_pool/host03
# xm create vm.cfg
Using config file ./vm.cfg.
Started domain host03 (id=#)
# xm list
Name
ID
Mem VCPUs
Domain-0
0
2048
2
host01
4
1536
1
host02
2
1536
1
host03
3
1536
1
a
s
a
h
)
o
c ide
u
d GuTime(s)
State
e
r
t
304.5
n
itar----l
e
i
d
m
-b---18.7
tu
ni
S
u
159.0
o@ e this -b---s
r
r----13.2
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you perform the following:
Log in to host01.
View the storage devices available on host01.
View the network configuration on host01.
View the Unbreakable Enterprise Kernel version on host01.
Assumptions
a
s
a
Tasks
h
)
o
c ide
1. Explore the host01 VM guest.
u
d Gu
e
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
The /dev/xvda disk device represents a 12 GB system image file created with
the following command (in the /OVS/running_pool/host01 directory on
dom0):
# dd if=/dev/zero of=system.img bs=1M count=12288
The /dev/xvdb disk device represents a 10 GB utility image file created with
the following command (in the /OVS/running_pool/host01 directory on
dom0):
# dd if=/dev/zero of=u01.img bs=1M count=10240
The /dev/xvdd disk device represents a 10 GB utility image file created with
the following command (in the /OVS/running_pool/host01 directory on
dom0):
# dd if=/dev/zero of=u02.img bs=1M count=10240
a
s
a
h
)
o
cInstall Base
e
Environment.
r
nt
itaswapdepartitions.
l
This system disk uses LVM volumes for the rootiand
im Stu
n
u
c. Use the ip addr command to display the network interfaces.
@ this
o
s
r
# ip addr
o
se
c
u
n
1: lo: <LOOPBACK,UP,LOWER_UP>
to mtu 65536 qdisc noqueue ...
a
u
e
j
( 00:00:00:00:00:00:00:
link/loopback
brd 00:00:00:00:00:00
ns
s
e
a
i
c
r
i
l
inet addr:127.0.0.1/8
scope host lo
o a able
... ors
ceth0:s<BROADCAST,MULTICAST,UP,LOWER_UP>
er
f
2:
mtu 1500 qdisc ...
n
an
jua -trlink/ether
00:16:3e:00:01:01 brd ff:ff:ff:ff:ff:ff
n
o
inet 192.0.2.101/24 brd 192.0.2.255 scope global eth0
n
...
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:02:01 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:03:01 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:04:01 brd ff:ff:ff:ff:ff:ff
The system has four Ethernet network interfaces, eth0, eth1, eth2, and eth3.
The eth0 interface is on the 192.0.2 subnet, and provides access to dom0 and
the other VM guest systems. The remaining interfaces do not have IP addresses.
The eth1 interface is configured in Practices for Lesson 2: Network Addressing
and Name Services.
The eth2 and eth3 interfaces are configured as part of a bonded network interface
in Practices for Lesson 10: Advanced Networking.
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
e.
s
a
h
o) e
f. View the /etc/yum/repos.d directory.
c
id a
duLinuxG7uand
Two .repo files exist, the Public Yum repository file forrOracle
e
t
custom repository file, vm.repo, for the local Yumilrepository
ita deonndom0.
nim Stu
# cd /etc/yum.repos.d
u
# ls
o@ e this
s
r
public-yum-ol7.repo vm.repo
co o us
n
t repositories in both files.
utoaview enabled
e
g. Use the grep command
j
(
s
s file contains
en an enabled repository (enabled=1).
a
i
Only the vm.repo
c
r
i
l
o a ab*le
s
# grep
enabled
r
co sfer
public-yum-ol7.repo:enabled=0
n
an
juapublic-yum-ol7.repo:enabled=0
r
t
n
no...
vm.repo:enabled=1
h.
Note that the baseurl references the local Yum repository on dom0 (192.0.2.1).
# cat vm.repo
[OL7.1Dom0]
Name="Oracle Linux 7.1 Dom0 Repo"
baseurl=http://192.0.2.1/repo/OracleLinux/OL7/1/x86_64
enabled=1
gpgkey=http://192.0.2.1/repo/OracleLinux/OL7/1/x86_64/RPM-GPGKEY-oracle
gpgcheck=1
i.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
logout
Connection to host01 closed.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you perform the following:
Log in to host02.
View the storage devices available on host02.
View the network configuration on host02.
Assumptions
Tasks
1.
a
s
a
h
a. Use the ssh command to log in to host02.
)
o
to
c idchecks
e
Because this is the first time you have logged in using ssh, the
command
u
dyou areGconnecting
u
e
make sure that you are connecting to the host that you r
think
to.
t
a
t
n
Enter yes.
ili ude
m
i
t
The root password is oracle (all lowercase).
n
S
u
o@ e this
# ssh host02
s
r
cohost02
us(192.0.2.102) cant be
The authenticity of host
n
o
t
a
established. RSA key
is ...
e
ju fingerprint
(
s
n
s
Are you sure ia
you want eto continue connecting (yes/no)? yes
r
licadded host02,192.0.2.102 (RSA) to the
a
Warning:o Permanently
e
l
b
rs known
listoof
rahosts.
c
e
f
s
nroot@host02s
password: oracle
n
a
jua[root@host02
r
t
~]#
hostname
n
o
n host02.example.com
Explore the host02 VM guest.
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
The /dev/xvdb disk device represents a 10 GB shared disk image file created
with the following command (in the /OVS/sharedDisk directory on dom0):
# dd if=/dev/zero of=physDisk1.img bs=1M count=10240
The /dev/xvdd disk device represents a 20 GB utility image file created with
the following command (in the /OVS/running_pool/host02 directory on
dom0):
# dd if=/dev/zero of=u02.img bs=1M count=20480
The /dev/xvde disk device represents a 10 GB utility image file created with
the following command (in the /OVS/running_pool/host02 directory on
dom0):
# dd if=/dev/zero of=u03.img bs=1M count=10240
a
s
a
h
)
o
c GUIidBase
e
r
nt
itaswapdepartitions.
l
This system disk uses LVM volumes for the rootiand
tu
niminterfaces.
S
c. Use the ip addr command to display the network
u
o@ e this
s
# ip addr
r
co omtu
us 65536 qdisc noqueue ...
1: lo: <LOOPBACK,UP,LOWER_UP>
n
t
a
(ju00:00:00:00:00:00:00:
se
link/loopback
brd 00:00:00:00:00:00
n
s
e
a
i
c
inet addr:127.0.0.1/8
scope host lo
ar le li
o
... rs
ab
r
o
c
e
f
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
n2: eth0:
ans
jua -trlink/ether
00:16:3e:00:01:02 brd ff:ff:ff:ff:ff:ff
n
no inet 192.0.2.102/24 brd 192.0.2.255 scope global eth0
...
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:02:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.102/24 brd 192.168.1.255 scope global eth1
...
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:03:02 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:04:02 brd ff:ff:ff:ff:ff:ff
The system has four Ethernet network interfaces, eth0, eth1, eth2, and eth3.
The eth0 interface is on the 192.0.2 subnet, and provides access to dom0 and
the other VM guest systems.
The eth1 interface is on a private subnet, 192.168.1, and is used in Practices for
Lesson 11: OCFS2 and Oracle Clusterware.
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
The eth2 and eth3 interfaces are configured as part of a bonded network interface
in Practices for Lesson 10: Advanced Networking.
The /etc/hosts, kernel version, and Yum configuration is the same on all three VM guests.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you perform the following:
Log in to host03.
View the storage devices available on host03.
View the network configuration on host03.
Assumptions
Tasks
1.
a
s
a
h
a. Use the ssh command to log in to host03.
)
o
checks
ccommand
e
Because this is the first time you have logged in by using ssh,uthe
d
i
d youG
e
to make sure that you are connecting to the host that you
think
areuconnecting
r
t
to. Enter yes.
lita den
i
m
tu
The root password is oracle (all lowercase).
ni
S
u
is successfully logged in to
@ youthhave
The hostname command confirms
owhether
s
r
e
host03.
co o us
n
# ssh host03
ua se t
j
(
s of ichost
en host03 (192.0.2.103) cant be
The authenticity
a
i
r
l
established.
lekey fingerprint is ...
o a aRSA
b
s
r
Areco
you surer you want to continue connecting (yes/no)? yes
fe
s
n
Warning:
Permanently added host03,192.0.2.103 (RSA) to the
n
a
a known hosts.
ju list
trof
n
noroot@host03s password: oracle
Explore the host03 VM guest.
Use the fdisk command to view the storage devices. The host03 VM has the same
disk configuration as the host01 VM.
# fdisk l | grep /dev
Disk /dev/xvda: 12.9 GB, 12884901888 bytes, 25165824 sectors
/dev/xvda1
*
2048
1026047
512000
83
Linux
/dev/xvda2
1026048
25165823
12069888
8e
Linux LVM
Disk /dev/xvdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Disk /dev/xvdd: 10.7 GB, 10737418240 bytes, 20971520 sectors
Disk /dev/mapper/ol-root: 11.0 GB, 11022630912 bytes, ...
Disk /dev/mapper/ol-swap: 1287 MB, 1287651328 bytes, ...
Three devices are available: /dev/xvda, /dev/xvdb, and /dev/xvdd.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
The /dev/xvda device has Oracle Linux 7.1 installed Server with GUI Base
Environment.
This system disk uses LVM volumes for the root and swap partitions.
Use the ip addr command to display the network interfaces.
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue ...
link/loopback 00:00:00:00:00:00:00: brd 00:00:00:00:00:00
inet addr:127.0.0.1/8 scope host lo
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:01:03 brd ff:ff:ff:ff:ff:ff
inet 192.0.2.103/24 brd 192.0.2.255 scope global eth0
...
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:02:03 brd ff:ff:ff:ff:ff:ff
inet 192.0.2.104/24 brd 192.0.2.255 scope global eth1
...
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:03:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.103/24 brd 192.168.1.255 scope global eth2
...
The system has three Ethernet network interfaces: eth0, eth1, and eth2.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s interfaces
en are on the 192.0.2 subnet. These interfaces are
The eth0 and
eth1
a
i
c
r
i
l
a lfor
used ino
Practices
e Lesson 12: iSCSI and Multipathing.
b
s
r
a
The
co eth2sfinterface
er is on a private subnet, 192.168.1, and is used in Practices for
n
Lesson
11:
jua -tran OCFS2 and Oracle Clusterware.
n the cat command to view the /etc/resolv.conf file.
d. o
n Use
This file provides access to Domain Name Service (DNS) for host-to-IP address
resolution. It identifies three DNS nameservers and the search domain.
# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 192.0.2.1
nameserver 152.68.154.3
nameserver 10.216.106.3
The /etc/hosts, kernel version, and Yum configuration is the same on all three VM guests.
e.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
In this practice, you learn how to log off from your system.
Tasks
1.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
on
n
b. Select Log Out vncuser from the System menu.
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
t 2:
Practices lfor
n
ita Lesson
e
i
Network
and
tud
nimAddressing
S
u
Name
o@ eServices
this
s
r
co Chapter
us 2
n
o
t
a
(ju nse
s
ria e lice
a
o abl
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Practices Overview
In these practices, you:
Configure host03 VM as a DHCP server and host01 VM as a DHCP client
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Assumptions
You are the root user on dom0.
Tasks
1.
2.
a
s
a
h
)
o
c ide
u
d Gu
e
r
Install the dhcp package on host03 if necessary.
ita dent
l
i
a. Use the rpm command to check whether the dhcp
tuis installed.
nimpackage
S
u
In this example, only the dhcp-libs @
o and dhcp-common
this packages are installed.
s
r
e
# rpm qa | grep dhcp co
us
n
o
t
a
dhcp-libs-...
(ju nse
s
dhcp-common-...
ria e lice
a
l
b. Use the s
yum
available
command, pipe the output to the grep command,
o list
b
r
a
r string dhcp.
o forfethe
andcsearch
s output is shown.
n apartial
n
jua Only
r
-t
onThe dhcp.x86_64 package needs to be installed in this example.
n
# yum list available | grep dhcp
dhcp.x86_64 ...
dhcp-libs.i686 ...
c.
You are asked about the GPG key only the first time you use the yum install
command.
# yum install dhcp
...
Transaction Summary
============================================================
Install 1 Package
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
4.
You can edit the dhcpd.conf file as follows by using the vi command, or you can
use the sftp command and copy /OVS/seed_pool/sfws/dhcpd.conf from dom0
to /etc/dhcp/dhcpd.conf on host03. See your instructor if you need help in using
the sftp command.
s
a
h
o) e
c
du Guid
e
r
ita dent
# vi /etc/dhcp/dhcpd.conf
l
i
option subnet-mask
255.255.255.0;
nim Stu
u
option domain-name
o@"example.com";
this
s
r
e
option domain-name-servers
s
co o u192.0.2.1;
n
t
option broadcast-address
192.168.1.255;
a
(ju nse
default-lease-time
21600;
s
e
a
i
c
r
i
l
a le
max-lease-time
43200;
o
b
s
r
subnet
192.168.1.0
netmask 255.255.255.0 {
ra
corange
e192.168.1.200
f
s
n
192.168.1.254;
jua} -tran
nonenabling and starting the dhcpd service, specify a command-line argument to
Before
instruct the dhcpd service to only listen for DHCP requests on the eth2 network interface.
a.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
5.
Use the systemctl command to enable the dhcpd service to start at boot time.
a
s
a
h
b. Use the systemctl command to start the dhcpd service.
)
o
c ide
u
# systemctl start dhcpd
d Gu
e
r
c. Use the systemctl command to view the status of the
nt
itadhcpddeservice.
l
i
Note that the server is only listening on eth2.
nim Stu
u
o@ e this
# systemctl status dhcpd
s
r
co oDaemon
dhcpd.service DHCPv4 Server
us
n
t
a
Loaded: loaded(ju
(/etc/systemd/system/dhcpd.service;
enabled)
e
s
n
s
Active: active
since ...
ce
ria e (running)
i
l
a
...
o abl
s
r
<date_time>
co sferhost03...: Listening on LPF/eth2/00:16...
n
jua...-tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you:
Configure host01 VM as a DHCP client
Obtain an IP address from the DHCP server (host03) for the eth1 network interface
You begin this practice by opening a second terminal window on dom0 and logging in to host01
as the root user. You are already logged in as the root user to host03 from Practice 2-1.
Assumptions
a
s
a
h
)
o
Tasks
c ide
u
d Gu
1. Log in to the host01 VM guest from dom0.
e
r
ita dent
a. Open a second terminal window on dom0.
l
i
m su -tcommand
u
nithe
b. From the second terminal window on dom0, u
use
to become the
S
s
i
@
root user.
h
o
rs se t
o
The root password is oracle.
c
u
n
o
t
a
$ su
(ju nse
s
Password: oracle
ria e lice
a
o abl
#
s
r
o user
eron dom0, use the ssh command to log in to host01.
f
c. n
As c
the roots
n
aroot
jua The
r
t
password is oracle (all lowercase).
n
o
n [dom0]# ssh host01
root@host01s password: oracle
Last login: ...
[root@host01]#
2.
Use the rpm command to verify that the dhclient package is installed on host01.
3.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
4.
5.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
raablease for eth1 from the DHCP server.
orsrequest
From host01,
c
e
f
n ans
ja.uaUse-tthe
r dhclient command to request a lease for eth1 from the DHCP server.
n
no[host01]# dhclient eth1
b.
Use the ip addr command on host01 to verify that eth1 obtained an IP address.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
6.
s
a
h
o) e
c
fixed-address 192.168.1.200;
n
t
ua255.255.255.0;
e
j
(
s
option subnet-mask
s icen
a
i
r
...
a le l
o
}
ors ferab
c
b. n
View information
s about the lease on the server (host03).
n
a
jua[host03]#
r
-t
cat /var/lib/dhcpd/dhcpd.leases
n
o
n ...
lease 192.168.1.200 {
starts ...
ends ...
...
hardware ethernet 00:16:3e:00:02:01
}
7.
[host01]# exit
logout
Connection to host01 closed.
[dom0]#
In this window, you are logged in as the root user on dom0.
Leave this window open for the next practice (Practice 2-3).
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you:
View the DNS configuration on dom0
Test the lookup functionality of DNS from host03
Assumptions
You are logged in as the root user on dom0 from one terminal window.
You are logged in as the root user on host03 from a second terminal window.
The prompts in the solution section include either dom0 or host03 to indicate which
system to enter the command from.
a.
Use the service command to verify that the named service is started on dom0.
a
s
a
h
)
o
c ide
u
Tasks
d Gu
e
r
1. Use the rpm command to verify that the bind package is linstalled
nt
ita donedom0.
i
In this example, the package is installed.
nim Stu
u
[dom0]# rpm qa | grep bind o@
this
s
r
e
bind-libs-...
co o us
n
bind-utils-...
ua se t
j
(
s icen
bind-...
a
i
r
l is enabled and running on dom0.
a service
e
2. Ensure that the
named
l
o
b
raand
orsservice
e
Usecthe
chkconfig commands on dom0 because dom0 is running
f
s
n
n
a
Oracle
VM
Server
for
x86
version 3.2.1
ju -tra
n the systemctl command on the host01, host02, and host03 virtual machines
o
Use
n because
the VMs are running Oracle Linux 7.1.
b.
Use the chkconfig command to verify that the named service is configured to start at
boot time on dom0.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
In this example, the service is configured to start when the system boots at either
run level 2, 3, or 4.
[dom0]# chkconfig named --list
named
0:off 1:off 2:on 3:on
3.
4:on
5:on
6:off
This file lists location and characteristics of your domains zone files.
Note that the zone file, /var/named/data/master-example.com, is defined.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
b.
This file defines IPv4 addresses (A records) for the DNS server, the DNS domain,
and the four VM guest systems.
[dom0]# cat /var/named/data/master-example.com
...
dns
A
192.0.2.1
example.com
A
192.0.2.1
host01
A
192.0.2.101
host02
A
192.0.2.102
host03
A
192.0.2.103
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
host04
...
c.
192.0.2.104
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
a. Use the ping command to contact host01 and host02.
h
)
o
c ide
You can successfully contact these systems by name, because /etc/hosts
u
d Gu
resolves host names to IP addresses.
e
r
ita dent
l
[host03]# ping host01
i
tubytes of data.
nim56(84)
PING host01.example.com (192.0.2.101)
S
u
64 bytes from host01.example.com
icmp_seq=1...
o@ (192.0.2.101):
this
s
r
e
o
...
c to us
n
a
CTRL-C
(ju nse
s
[host03]# ping
host02
ia lice
r
a
PING host02.example.com
(192.0.2.102) 56(84) bytes of data.
o able
s
r
64 cbytes
o from
er host02.example.com (192.0.2.102): icmp_seq=1...
f
s
n
...
an
juaCTRL-C
r
t
on
n
b. Use the vi editor to edit the /etc/hosts file and comment out the lines for the VMs
with a # sign as follows.
[host03]# vi /etc/hosts
127.0.0.1
localhost.localdomain
192.0.2.1
example.com
#192.0.2.101
host01.example.com
#192.0.2.102
host02.example.com
#192.0.2.103
host03.example.com
c.
localhost
dom0
host01
host02
host03
You can still successfully contact these systems by name, because DNS is
resolving host names to IP addresses.
[host03]# ping host01
PING host01.example.com (192.0.2.101) 56(84) bytes of data.
64 bytes from host01.example.com (192.0.2.101): icmp_seq=1...
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
...
CTRL-C
[host03]# ping host02
PING host02.example.com (192.0.2.102) 56(84) bytes of data.
64 bytes from host02.example.com (192.0.2.102): icmp_seq=1...
...
CTRL-C
d.
Use the grep command to search for the hosts string in the
/etc/nsswitch.conf file.
In the second hosts entry, files means to use the local /etc/hosts file to
resolve host names to IP addresses.
Also in the second hosts entry, dns means to use DNS to resolve host names
to IP addresses when unable to resolve by using the /etc/hosts file.
a
s
a
h
[host03]# grep hosts /etc/nsswitch.conf
)
o
c ide
#hosts: db files nisplus nis dns
u
d Gu
e
hosts:
files dns
r
nt the dns
itaand dremove
l
e
i
e. Use the vi editor to edit the /etc/nsswitch.conf
file
im Stu
argument from the hosts entry as follows. un
o@ e this
s
[host03]# vi /etc/nsswitch.conf
r
co o us
hosts:
files dns
# old entry
n
t
a
hosts:
files (ju
# new entry
se
n
s
e
ria e toliccontact host01 and host02.
f. Use the pingacommand
l these systems by name now because DNS is no longer used.
o contact
b
s
You
cannot
r
a
co sfer
n
[host03]#
n ping host01
a
juaping:
r
t
n- unknown host host01
no[host03]#
ping host02
ping: unknown host host02
g.
Use the vi editor to edit the /etc/nsswitch.conf file and restore the dns
argument to the hosts entry as follows.
[host03]# vi /etc/nsswitch.conf
hosts:
files
hosts:
files dns
h.
# old entry
# new entry
You can now successfully contact these systems by name, because DNS is
resolving host names to IP addresses.
[host03]# ping host01
PING host01.example.com (192.0.2.101) 56(84) bytes of data.
64 bytes from host01.example.com (192.0.2.101): icmp_seq=1...
...
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
CTRL-C
[host03]# ping host02
PING host02.example.com (192.0.2.102) 56(84) bytes of data.
64 bytes from host02.example.com (192.0.2.102): icmp_seq=1...
...
CTRL-C
i.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
u
tcomment
nimfile and
j. Use the vi editor to edit the /etc/resolv.conf
out all lines as
S
u
s
i
@
follows.
so se th
r
o
[host03]# vi /etc/resolv.conf
c to u
n
a
# Generated by NetworkManager
(ju nse
s
#search example.com
ia lice
r
a
#nameserver
le
o 192.0.2.1
b
s
r
a
#nameserver
co sfer152.68.154.3
n
#nameserver
jua -tran 10.216.106.3
n the ping command to contact host01 and host02.
k. o
n Use
You cannot contact these systems by name now.
[host03]# ping host01
ping: unknown host host01
[host03]# ping host02
ping: unknown host host02
l.
Use the vi editor to edit the /etc/resolv.conf file and remove the # signs to
uncomment the search and nameserver entries as follows.
[host03]# vi /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 192.0.2.1
nameserver 152.68.154.3
nameserver 10.216.106.3
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
You can now successfully contact these systems by name, because DNS is
resolving host names to IP addresses.
[host03]# ping host01
PING host01.example.com (192.0.2.101) 56(84) bytes of data.
64 bytes from host01.example.com (192.0.2.101): icmp_seq=1...
...
CTRL-C
[host03]# ping host02
PING host02.example.com (192.0.2.102) 56(84) bytes of data.
64 bytes from host02.example.com (192.0.2.102): icmp_seq=1...
...
CTRL-C
5.
a
s
a
h
a. View the /etc/resolv.conf file.
)
o
e
c the
Note the commented line indicating that NetworkManager d
generated
d
u
i
u
e
/etc/resolv.conf file.
G
r
t
lita den
i
[host03]# cat /etc/resolv.conf
m
tu
ni
S
# Generated by NetworkManager @u
o e this
s
search example.com
r
o
us
nameserver 192.0.2.1 nc
o
t
a
nameserver 152.68.154.3
(ju nse
s
nameserver 10.216.106.3
ria e lice
a
o abl
s
b. View the
/etc/sysconfig/network-scripts/ifcfg-eth0
file.
r
o fer
c
sthe DNS[123] entries in the ifcfg-eth0 file correspond to the
n Note that
n
a
jua nameserver
r
entries in the resolv.conf file.
-t
n
o
n Note that the DOMAIN entry in the ifcfg-eth0 file corresponds to the search
Note that NetworkManager generates the /etc/resolv.conf entries on host03.
entry in resolv.conf.
6.
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
Perform a reverse lookup by querying DNS for the domain name that corresponds to IP
address 192.0.2.102.
[host03]# host 192.0.2.102
102.2.0.192.in-addr-arpa domain name pointer host02.example.com
d.
Use the -v option to display verbose information about the example.com domain.
[host03]# host -v example.com
Trying "example.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65099
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ...
s
a
h
o) e
IN
A
c
du Guid
e
r
;; AUTHORITY SECTION:
ita dent
l
i
example.com.
86400
IN
SOA
...
tu
nim dns.example.com.
S
u
...
o@ e this
s
r
Use the dig command to perform DNS
on
s host03.
colookups
u
n
o
t
Query DNS for the information
uaabout host02.example.com.
e
j
(
s
s icen
a
[host03]# dig
host02.example.com
i
r
a le l
o
...
ab
ors ferSECTION.
;; cQUESTION
n ans
IN
A
jua;host02.example.com.
tr
n
no;; ANSWER SECTION.
;; QUESTION SECTION:
;example.com.
7.
host02.example.com.
86400
IN
192.0.2.102
;; AUTHORITY SECTION.
example.com.
86400
IN
dns.example.com
IN
192.0.2.1
;; ADDITIONAL SECTION.
dns.example.com.
86400
...
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Assumptions
All commands in this practice with one exception are executed on host03.
The one command that needs to be run on dom0 includes dom0 in the prompt.
Tasks
1.
Use the rpm command to determine if the bind package is already installed.
In this example, there are several package names that returned from the rpm
command but the bind package is not installed.
s
a
h
o) e
c
r
rpcbind-...
ita dent
l
i
PackageKit-device-rebind-...
nim Stu
u
keybinder3-...
o@ e this
bind-utils-...
s
r
co o us
bind-libs-...
n
t
bind-license-... (jua
e
s
s icen
a
bind-libs-lite-...
i
r
l
e
l
o acommand
b. Use thers
yum
to
b install the bind package.
a
r
o
c sy fwhen
e prompted Is this ok.
n Answer
n
a
ju # yum
trainstall bind
n
no...
Transaction Summary
===============================================================
Install 1 Package
Total download size: 1.8 M
Installed size: 4.3 M
Is this ok [y/d/N]: y
...
Complete!
2.
Note that only one zone is defined, whose name is a period (.).
This zone is a hint zone type and specifies that the nameserver look in the
/var/named/named.ca file for IP addresses of authoritative servers for the root
domain when the nameserver starts or does not know which nameserver to query.
The /etc/named.conf also includes the /etc/named.rfc1912.zones file.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
# cat /etc/named.conf
...
// Provided by Red Hat bind package to configure the ISC BIND
// named(8) DNS server as a caching only nameserver ...
...
options {
...
directory /var/named;
...
/*
- If you are building an AUTHORITATIVE DNS server,
do NOT enable recursion.
- If you are building an RECURSIVE (caching) DNS
server, you need to enable recursion.
recursion yes;
...
};
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
l
logging { a
e
l
o
rab
ors f...
c
e
s
n};
jua -tran
n . IN {
nozone
type hint;
file named.ca;
};
include /etc/named.rfc1912.zones;
include /etc/named.root.key;
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
file: Specifies the name of the zone file, which is stored in the working
directory defined by the directory option (/var/named in this example)
# cat /etc/named.rfc1912.zones
...
// Provided by Red Hat caching-nameserver package
...
zone localhost.localdomain IN {
type master;
file named.localhost;
allow-update { none; };
};
a
s
a
h
)
zone localhost IN {
o
c ide
u
type master;
d Gu
e
r
file named.localhost;
ita dent
l
i
allow-update { none; };
im Stu
n
u
};
o@ e this
s
r
co o us
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0....ip6.arpa
IN {
n
t
a
u
e
j
type master;
(
ns
s
e
a
i
c
file
named.loopback;
r e li
aallow-update
l
o
{ none; };
b
s
r
a
r
o
}; c
fe
s
n
n
a
ju -tra
n 1.0.0.127.in-addr.arpa IN {
nozone
type master;
file named.loopback;
allow-update { none; };
};
zone 0.in-addr.arpa IN {
type master;
file named.empty;
allow-update { none; };
};
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
named
named
named
named
named
named
named
...
...
...
...
...
...
...
data
dynamic
named.ca
named.empty
named.localhost
named.loopback
slaves
a
s
a
h
)
o
c ide
u
IN
A
198.41.0.4
d Gu
e
r
ta ent
i
l
i
IN
A
im
ud192.228.79.201
t
n
S
u
IN
A is
192.33.4.12
@
h
o
t
s
199.7.91.13
or INuse A
c
n
toIN
a
u
e
j
A
192.203.230.10
(
s
n
s
e
IN
A
192.5.5.241
ria e lic
a
l
so rab
r
o
c sfe
IN
A
192.112.36.4
n
n
a
IN
A
128.63.2.53
ju -tra
n
no
IN
A
192.36.148.17
# cat /var/named/named.ca
...
a.root-servers.net
3600000
...
b.root-servers.net
3600000
c.root-servers.net
3600000
d.root-servers.net
3600000
...
e.root-servers.net
3600000
f.root-servers.net
3600000
...
g.root-servers.net
3600000
h.root-servers.net
3600000
...
i.root-servers.net
3600000
...
j.root-servers.net
3600000
...
k.root-servers.net
3600000
...
l.root-servers.net
3600000
...
m.root-servers.net
3600000
...
IN
192.58.128.30
IN
193.0.14.129
IN
199.7.83.42
IN
202.12.27.33
3.
Use the vi editor to add the following entry to the beginning of the list of nameservers
in the /etc/resolv.conf file:
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
nameserver 127.0.0.1
This line indicates use of the local system as the primary nameserver.
# vi /etc/resolv.conf
search example.com
nameserver 127.0.0.1
nameserver 192.0.2.1
...
b.
a
s
a
h
)
o
c. Use the systemctl command to start the named service.
c ide
u
d Gu
This command takes a few seconds to complete.
e
r
ita dent
l
# systemctl start named
i
tuas the root user, and
nim
S
d. From the second terminal window on dom0, u
ssh
to host03
s 3e.
o@ e ttohistep
monitor the journal in real time beforesproceeding
r
o allowsuyou
s to see the host name to IP resolution
Monitoring the journal in realc
time
n
o
t
a
occurring.
(jonu host03
seis oracle.
n
s
The root password
e
riato enlarge
ic this window to see more of the journal entries.
l
a
e
You might
want
l
so rab
r
o
c ssh
[dom0]#
fe root@host03
s
n
n
a
password: oracle
ju root@host03s
tra
n
no[root@host03 ~]# journalctl f
-- Logs begin at ...
...
e.
In the original window, use the ping command to contact host01 and host02.
You can now successfully contact these systems by name, because DNS is
resolving host names to IP addresses.
...
CTRL-C
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
f.
g.
h.
Use the exit command to log off host03 from this second window.
a
s
a
h
)
o
c ide
u
d status
u of the
e
G
In the first terminal window on host03, use the rndc command
to
obtain
r
t
lita den
i
named service.
m
tu
ni
S
u
# rndc status
o@ e this
s
Version: ...
r
co o us
CPUs found: 1
n
t
a
e
worker threads: 1(ju
s
s icen
a
i
UDP listeners
per interface:
1
r
l
a
e
l
o zones:
numbersof
b 101
r
a
r
o
c level:
debug
fe 0
s
n
n
a
ju ...-tra
n named service on host03 and restore to original configuration.
Stop
nothe
# exit
logout
Connection to host03 closed.
4.
5.
a.
b.
c.
Use the vi editor to remove the following entry from the /etc/resolv.conf file:
nameserver 127.0.0.1
# vi /etc/resolv.conf
search example.com
nameserver 127.0.0.1
nameserver 192.0.2.1
...
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
Use the vi editor to edit the /etc/hosts file and remove the comment (# sign) from
the entries previously commented out.
# vi /etc/hosts
192.0.2.101
host01.example.com
192.0.2.102
host02.example.com
192.0.2.103
host03.example.com
6.
host01
host02
host03
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
Practices lfor
Lesson
ita dent 3:
i
Authentication
nim Stu and Directory
u
Services
o@ e this
s
r
co Chapter
us 3
n
o
t
a
(ju nse
s
ria e lice
a
o abl
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Practices Overview
In these practices, you configure:
OpenLDAP server and enable LDAP authentication
OpenLDAP client and log in as an LDAP user
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you:
Configure an OpenLDAP server in preparation to implement LDAP authentication
Assumptions
a
s
a
h
Tasks
)
o
c ide
r
a. From dom0, determine the VNC port number for host03
by
running
ita dentthe xm list l
l
i
host03 | grep location command.
tu Your port number might
nim is 5904.
S
The sample shown indicates that the port u
number s
o@ e thi
be different.
s
r
co location
us
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
The GNOME login screen appears. You might need to press Enter to display the
login screen.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
t You are prompted for the Password.
a list of eusers.
d. Click Oracle Student inju
the
(
s
s Password
enand click Sign In.
a
e. Enter oracle for
the
i
c
r
i
l
le appears.
o a desktop
The GNOME
b
s
r
a
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
f.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
g. From the pop-up menu, click Open
co in Terminal.
us
n
o
t
a
A terminal window appears.
(ju nse
s
e su - command to become the root user.
h. In the terminal window,
ria euse
icthe
l
a
l is oracle.
o password
The root
b
s
r
a
co sfer
$ su
n
an oracle
juaPassword:
r
t
no#n
2.
openldap-servers
openldap-clients
migrationtools
Answer y when prompted Is this ok.
# yum install openldap-servers openldap-clients migrationtools
...
Transaction Summary
=============================================================
Install 3 Packages
Total download size: 2.3 M
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
a
s
a
# ls /usr/share/openldap-servers
h
)
o
DB_CONFIG.example slapd.ldif
c ide
u
d Gu
e
c. Use the cp command to copy the /usr/share/openldap
r
nt and rename
ita dedirectory
servers/DB_CONFIG.example file into the /var/lib/ldap
l
i
the copied file DB_CONFIG.
nim Stu
u
o@ e this
# cp /usr/share/openldap-servers/DB_CONFIG.example
s
r
/var/lib/ldap/DB_CONFIGco
us
n
o
t
a
d. Use the ls -l command
econtents of the /var/lib/ldap directory.
(juto listnthe
s
s
a owner
Note that thericurrent
ce and group is root.
i
l
a
legroup need to be changed to ldap.
oowneraand
Bothrs
the
b
co sfer
# ls l /var/lib/ldap
n
an 1 root root ... DB_CONFIG
jua-rw-r--r--.
r
t
on
e.n Use the chown -R command to change both the owner and group of the
/var/lib/ldap directory to ldap.
# chown R ldap.ldap /var/lib/ldap
f.
Note that the owner and group are now set to ldap.
# ls l /var/lib/ldap
-rw-r--r--. 1 ldap ldap ... DB_CONFIG
4.
Use the systemctl command to enable and start the slapd service.
# systemctl enable slapd
ln s /usr/lib/systemd/system/slapd.service
/etc/systemd/system/multi-user.target.wants/slapd.service
# systemctl start slapd
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
5.
...
...
...
...
...
...
...
...
alock
__db.001
__db.002
__db.003
DB_CONFIG
dn2id.bdb
id2entry.bdb
log.0000000001
s
a
h
Note that, in this version of OpenLDAP, there is no slapd.confcfile.
o) e
duthe slapd.d
Instead, there is a configuration database, which is located
in
uid
e
G
r
directory.
ita dent
l
i
# cd /etc/openldap
nim Stu
u
# ls l
o@ e this
s
r
drwxr-xr-x. 2 root root c...
o certs
us
n
o
-rw-r--r--. 1 root root
... tcheck_password.conf
a
(jurootn...
se ldap.conf
-rw-r--r--. 1 root
s
e
r2iaroot
ic ... schema
l
drwxr-xr-x.
root
a
e
l
b ldap ... slapd.d
so r3aldap
r
drwx------.
o
c
e
f
scommand to change to the slapd.d directory.
n theacd
n
jb.ua UseUse
r
-t the ls -l command to display the contents of the directory.
n
o
n
# cd slapd.d
# ls l
drwxr-x---. 3 ldap ldap ... cn=config
-rw-------. 1 ldap ldap ... cd=config.ldif
c.
ldap
ldap
ldap
ldap
ldap
ldap
...
...
...
...
...
...
cn=schema
cn=schema.ldif
olcDatabase={0}config.ldif
olcDatabase={-1}frontend.ldif
olcDatabase={1}monitor.ldif
olcDatabase={2}hdb.ldif
6.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Use the grep command to search for the my-domain string in all files in the configuration
directory.
Note that the following files contain the my-domain string:
olcDatabase={1}monitor.ldif
olcDatabase={2}hdb.ldif
7.
s
a
h
o) e
c
du Guid
e
n
o contain the dc=my-domain string.
tthat
Note that there are two a
parameters
u
e
j
(
ns
olcRootDNas
e
i
c
ar le li
olcSuffix
o
rab
orsolcDatabase={2}hdb.ldif
# cat
c
e
f
n ans
FILE DO NOT EDIT!! Use ldapmodify.
jua# AUTO-GENERATED
r
t
n
no...
olcRootDN: cn=Manager,dc=my-domain,dc=com
...
olcSuffix: dc=my-domain,dc=com
...
b.
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
The H ldapi:/// option specifies URI(s) referring to the ldap server(s). Only the
protocol/host/port fields are allowed. A list of URI separated by whitespace or
commas is expected.
LDAPI allows LDAP connections to run over IPC connections, meaning the
LDAP operations can run over UNIX sockets.
After issuing the ldapmodify command, the prompt changes to >.
>
>
>
>
>
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
EOF
im Stu
n
u
Press the Enter key after entering EOF.
@ this
o
s
r
This terminates the ldapmodify
o command
seand displays the following message:
c
u
n
to
Modifying entry olcDatabase={2}hdb,cn=config
a
u
e
j
(
nsto set the Database RootDN.
s
e
d. Use the ldapmodify
command
a
i
c
li
arthe ldapmodify
e
l
o
After s
issuing
command, the prompt changes to >.
b
r
a
r
o
c thesentries
Enter
fe in bold as shown.
n
n
a
ju # ldapmodify
Q Y EXTERNAL H ldapi:/// <<EOF
tra
n
o
n > dn: olcDatabase={2}hdb,cn=config
EOF
Press the Enter key after entering EOF.
This terminates the ldapmodify command and displays the following message:
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
f.
Use the grep command to search for the my-domain string in all files in this
directory.
Note that one database file still contains the my-domain string:
a
s
a
h
Ignore the occurrences in the hdb_BAK file.
)
o
c ide
u
# grep my-domain *
d Gu
e
r
grep: cn=schema: Is a directory
ta ent
i
l
i
hdb_BAK:olcSuffix: dc=my-domain,dc=com
im Stud
n
u
hdb_BAK:olcRootDN: cn=Manager,dc=my-domain,dc=com
s
@ thiread
o,cn=auth
olcDatabase={1}monitor.ldif:
by
s
r
e
o
s
c
dn.base=cn=Manager,dc=my-domain,dc=com
read by * none
u
n
o
t
a
Update the Database Access.
(ju nse
s
ce the olcDatabase={1}monitor.ldif file.
ria etoliview
a. Use the cat a
command
lto use ldapmodify to edit this file.
ocomment
b
s
Note
the
r
a
co thatsthere
er is one parameter that contains the dc=my-domain string.
f
n
Note
an
jua -trolcAccess
nonThe my-domain value for this olcAccess parameter needs to be changed to
8.
olcDatabase={1}monitor.ldif
example.
# cat olcDatabase={1}monitor.ldif
# AUTO-GENERATED FILE DO NOT EDIT!! Use ldapmodify.
...
olcAccess: {0}to * by
dn.base=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
read by dn.base=cn=Manager,dc=my-domain,dc=com read by *
none
...
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
a
s
a
Modifying entry olcDatabase={1}monitor,cn=config
h
)
o
c ide
n
o
t
a
(ju nse
# diff olcDatabase={1}monitor.ldif
monitor_BAK
s
e
a
i
c
...
ar le li
o
b * by
> olcAccess:
ors fera{0}to
c
dn.base=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
n readanbys dn.base=cn=Manager,dc=my-domain,dc=com read by *
juanone
tr
n
no...
This terminates the ldapmodify command and displays the following message:
e.
Use the grep command to search for the my-domain string in all files in this
directory.
Note that no database files now contain the my-domain string.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
9.
Note that the encrypted password is displayed. This is a sample only; yours is
different.
a
s
a
h
)
o
c ide
u
# slappasswd
d Gu
e
r
New password: oracle
ta ent
i
l
i
Re-enter new password: oracle
im Stud
n
u
{SSHA}CsLkwW6B9+yBlzrGuHBdIT0z2Mj4q4l+ is
o@
thbuffer.
s
b. Select the encrypted password and
copy
it into
the
r
e
o
us
c astoshown.
n
Highlight the encrypted a
password
(ju highlighted,
se select Edit > Copy from the terminal window
With encrypted password
n
s
e
menu.
ria e lic
a
o abl
s
r
co sfer
n
jua -tran
non
10. Use the ldapmodify command to set the olcRootPW directive.
a.
b.
Paste the encrypted password from the buffer by selecting Edit > Paste from the
terminal window menu.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
hmessage:
)
This terminates the ldapmodify command and displays the following
o
c ide
u
u
Modifying entry olcDatabase={2}hdb,cn=config ed
G
r
t
lita den
11. Load the standard schemas.
i
m
tube loaded by using the
ni whichScan
The standard schemas are provided as LDIFu
files,
ldapadd command.
o@ e this
s
r
The standard schema files are located
co oin the
us/etc/openldap/schema directory.
n
t
a
e of the /etc/openldap/schema directory.
a. Use the ls command (
toju
view thescontents
n
s
e
ia in lboth
Each one is roffered
ic the original LDAP schema form and in LDIF.
a
e
l
so rab
# ls /etc/openldap/schema
r
o
c sfe
collective.ldif
cosine.schema java.ldif
openldap.schema
n
n
a
a
ju collective.schema
r
duaconf.ldif
java.schema pmi.ldif
-t
n
o
n ...
d.
b.
These four schemas define the basic objects and attributes needed to describe a
typical organization.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
This step populates the /etc/passwd and /etc/group files that are used later in
this practice.
a.
useradd
useradd
useradd
useradd
a
s
a
h
)
o
e
b. Use the passwd command to create a password (of password) u
forc
the student1
d
i
d Gu
user.
e
r
t as the
n
itotause password
Ignore the BAD PASSWORD warning, continuing
l
e
i
password.
nim Stud
u
# passwd student1
o@ e this
s
r
Changing password for user
co student1.
us
n
o
t
a
New password: password
(jupassword
sefails the dictionary check ...
n
s
BAD PASSWORD:
The
e
ria e licpassword
a
Retype new
password:
o abl
s
r
passwd:
co all
erauthentication tokens updated successfully.
f
s
n
n
command to add the students group.
agroupadd
jc.uaUse-tthe
r
no#ngroupadd students
d.
Use the tail /etc/group command to obtain the GID for the students group.
The output shows that the GID for the students group is 1008.
# tail /etc/group
...
students:x:1008:
e.
Use the usermod command to add oracle, student1, and student2 users to the
students group.
...
students:x:1008:oracle,student1,student2
13. Configure the base domain and test the LDAP server.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
b.
You can create the base.ldif file as follows by using the vi command, or you
can use the sftp command and copy /OVS/seed_pool/sfws/base.ldif from
dom0 to /etc/openldap/base.ldif on host03. See your instructor if you need
help in using the sftp command.
# vi base.ldif
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
dn: ou=People,dc=example,dc=com
nim Stu
u
ou: People
o@ e this
s
r
objectClass: top
co o us
n
objectClass: organizationalUnit
ua se t
j
(
s icen
a
i
r
dn: ou=Group,dc=example,dc=com
a le l
o
rs erab
ou: o
Group
c
f top
s
n
objectClass:
n
a
ju objectClass:
tra
organizationalUnit
n
o
c.n Use the ldapadd command to add the base information to the LDAP directory.
The W option prompts for simple authentication. This is used instead of specifying
the password on the command line.
The -D cn=Manager,dc=example,dc=com option uses the Distinguished
Name (DN) to bind to the LDAP directory. For SASL binds, the server ignores this
option.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ta ent
i
l
i
# People, example.com
im Stud
n
u
dn: ou=People,dc=example,dc=com
o@ e this
ou: People
s
r
co o us
objectClass: top
n
ua se t
j
objectClass: organizationalUnit
(
s icen
a
i
r
a le l
o
# Group,
example.com
rs erab
dn:co
ou=Group,dc=example,dc=com
f
s
n
n
a
ju ou:-tGroup
ra
n
objectClass:
noobjectClass: top
organizationalUnit
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
b.
c.
(old value)
(new value)
a
s
a
h
)
o
c ide
r
15. Migrate the users.
ita dent
l
i
a. Use the grep command to list users in the /etc/passwd
im Stfile
u with UID in the 1000n
u
1009 range.
thasisshown.
so@this
r
The purpose of step 12 was too
populate
file
e
c do
us
entries
n
Do not be concerned if your
not match exactly.
o
t
a
(ju/etc/passwd
se
n
# grep :100[0-9]
s
e
ria e lic
a
oracle:x:1000:1000:Oracle
Student:/home/oracle:/bin/bash
l
o
b
s
r
student1:x:1001:1001:Oracle
Student1:/home/student1:/bin/bash
o fera
c
s
n
Student2:/home/student2:/bin/sh
n
a
juastudent2:x:1005:1005:Oracle
r
t
student3:x:1006:1006:Oracle
Student3:/home/student3:/bin/sh
nnonew_user:x:1007:1007::/home/new_user:/bin/bash
$DEFAULT_BASE = dc=padl,dc=com;
$DEFAULT_BASE = dc=example,dc=com;
b.
(old value)
(new value)
c.
Use the absolute path name with the command because the
/usr/share/migrationtools directory is not in your path.
# /usr/share/migrationtools/migrate_passwd.pl passwd >
users.ldif
d.
Use the ldapadd command to import the user information to the LDAP directory.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Use the ldapsearch command to display the new oracle user entry in the LDAP
server.
The common name (cn) is Oracle Student.
# ldapsearch x cn=Oracle Student -b dc=example,dc=com
...
# oracle, People, example.com
dn: uid=oracle,ou=People,dc=example,dc=com
uid: oracle
cn: Oracle Student
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0...
shadowLastChange: ...
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/oracle
gecos: Oracle Student
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
Use the grep command to list groups in the /etc/group file with GID in the 10001009 range.
This was the purpose of step 12, to populate this file as shown.
Do not be concerned if your entries do not match exactly.
# grep :100[0-9] /etc/group
oracle:x:1000:oracle
student1:x:1001:
student2:x:1005:
student3:x:1006:
new_user:x:1007:
students:x:1008:oracle,student1,student2
b.
a
s
a
h
)
o
file
c. Run the migrate_group.pl command to migrate group information
c in theidgroup
e
u
into an LDIF format.
d Gu
e
r
Redirect the output to group.ldif.
ita dent
l
i
Use the absolute path name with the command
tuthe
nimbecause
S
u
/usr/share/migrationtools directory
is
not
in
your
@ this path.
o
s
or use
# /usr/share/migrationtools/migrate_group.pl
group > group.ldif
c
n
o
t
a
d. Use the ldapadd command
e the group information to the LDAP directory.
(ju tonimport
s
s
The LDAP password
ce
ria eislioracle.
a
o -x a-Wbl-D cn=Manager,dc=example,dc=com -f group.ldif
# ldapadd
s
r
r
co LDAP
ePassword:
f
Enter
oracle
s
n
n
a
juaadding
r
new
entry
cn=oracle,ou=Group,dc=example,dc=com
-t
n
o
n
# grep :100[0-9] /etc/group > group
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
e.
Use the ldapsearch command to display the new students group entry in the
LDAP server.
# ldapsearch x cn=students -b dc=example,dc=com
...
# students, Group, example.com
dn: cn=students,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: students
userPassword:: e2NyeXB0...
gidNumber: 1008
memberUid: oracle
memberUid: student1
memberUid: student2
a
s
a
h
)
o
# search result
c ide
u
search: 2
d Gu
e
r
result: 0 Success
ita dent
l
i
nim Stu
u
# numResponses: 2
o@ e this
s
r
# numEntries: 1
co o us
n
17. Trust the LDAP service for firewalld.
ua se t
j
(
s command
a. Use the firewall-cmd
en to permanently permit access by LDAP clients for
a
i
c
r
i
l
a le
the public
o zone.
s
r
o ferab--permanent --zone=public --add-service=ldap
# firewall-cmd
c
n ans
juasuccess
tr
n
b.no
Use the systemctl command to restart the firewalld service.
# systemctl restart firewalld
c.
Use the firewall-cmd command to list everything for the active zone.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you use the Authentication Configuration Tool to implement OpenLDAP
authentication.
Assumptions
Ensure that you are using vncviewer to connect to host03 and not using ssh.
Tasks
1.
From host03, use the yum command to install the authconfig-gtk software package.
a
s
a
h
# yum install authconfig-gtk
)
o
c ide
...
u
d Gu
e
Transaction Summary
r
ita dent
l
==============================================================
i
nim Stu
Install 1 Package
u
o@ e this
s
r
Total download size: 105
cok o us
n
Installed size: 247
uak se t
j
(
s icy en
Is this ok [y/d/N]:
a
i
r
a le l
...
o
Complete!
ors ferab
c
s
n
jua -tran
non
2.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
3.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
Click Install.
The following dialog box is displayed.
a
s
a
h
)
o
c ide
u
d Gu
c. Click Install.
e
r
ita dent
The following dialog box is displayed.
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
l dialog box closes when you select LDAP password as
a Install.leThis
Do not
click
o
rs erab Method in the next step.
oAuthentication
the
c
f
s
n
n
a
d.
Continue
entering
the following information.
ju -tra
nonEnter dc=example,dc=com as the LDAP Search Base DN.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
n
o
n
e. Click Apply to save your changes.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
4.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you:
Install the OpenLDAP client packages
Configure the OpenLDAP client
Log in as OpenLDAP user to test LDAP authentication
Disable OpenLDAP authentication
You begin this practice by opening a second terminal window on dom0 and logging in to host01
as the root user.
Assumptions
a
s
a
h
)
o
Tasks
c ide
u
d Gu
1. Log in to the host01 VM guest from dom0.
e
r
ita dent
l
a. If necessary, open a second terminal window on dom0.
i
m tu
nithe
S- command to become the
b. From the second terminal window on dom0, u
use
su
s
i
@
h
o
root user.
rs se t
o
c
u
The root password is oracle.
n
o
t
a
(ju nse
$ su
s
ria e lice
Password: a
oracle
o abl
s
#
r
co suser
eron dom0, use the ssh command to log in to host01.
f
c. an
As the root
n
aroot
ju The
r
t
password is oracle (all lowercase).
n
no[dom0]#
ssh host01
root@host01s password: oracle
Last login: ...
[host01]#
2.
b.
Use the grep command to search for user student1 in the local /etc/passwd file.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
You are asked about the GPG key only the first time you use the yum install
command.
# yum install openldap-clients
...
Transaction Summary
=============================================================
Install
1 Package
a
s
a
h
)
o
c ide
u
Total download size: 183 k
d Gu
e
r
Installed size: 575 k
ita dent
l
i
Is this ok [y/d/N]: y
im Stu
n
u
...
o@ e this
s
Retrieving key from http://192.0.2.1/repo/OracleLinux/OL7/1/...
r
co o us
...
n
t
a
e
Is this ok [y/N]:(ju
y
s
s icen
a
i
...
r
a le l
o
Complete!
ors ferab
c
b. n
Use the yum
s command to install the nss-pam-ldapd package.
n
a
jua Answer
r
-t y when prompted Is this ok.
n
o
n Note that the nscd package is installed as a dependency.
# yum install pam_ldap
...
Transaction Summary
=============================================================
Install
1 Package (+1 Dependent package)
Total download size: 413 k
Installed size: 586 k
Is this ok [y/d/N]: y
...
Complete!
4.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
Use the vi editor to make the following changes to the ldap.conf file.
Change the IP address for the URI directive to the IP address of host03.
# vi ldap.conf
BASE
dc=example,dc=com
URI
ldap://192.0.2.103/
5.
This is the configuration file for the Naming Services LDAP Client Daemon.
s
a
h
a. Use the cd command to change to the /etc directory.
o) e
c
# cd /etc
du Guid
e
r
b. Use the vi editor to edit the nslcd.conf file.
ita dent
l
i
Use the :set nu command to turn on line numbers.
nim Stu
u
# vi nslcd.conf
o@ e this
s
r
...
co o us
n
:set nu
ua se t
j
(
s 18,imake
enthe following change.
a
c. At around line number
i
c
r
l
a le
b
uri rso
(old value)
aldap://127.0.0.1/
r
o
c
e
f
(new value)
nuri ans ldap://192.0.2.103/
jd.uaAt around
r
-t line number 25, view the base setting.
n
o
n You do not need to change the base setting.
base
e.
6.
dc=example,dc=com
b.
This backup file is used later in this practice to restore the original configuration.
# cp system-auth system-auth.BAK
c.
Use the vi editor to make the following changes to the system-auth file. In the first
section (lines beginning with auth) of the file, add the following bold line in the location
as shown.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
You must make several changes to this file. Do not exit the vi editor until step 6g.
# vi system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is ...
auth
required
pam_env.so
auth
sufficient
pam_unix.so nullok try_first_pass
auth
requisite
pam_succeed_if.so uid >= 1000 quiet...
auth
sufficient
pam_ldap.so use_first_pass
auth
required
pam_deny.so
a
s
a
h
)
o
c ide
u
dadd the
d. In the second section of the file (lines beginning with account),
following
bold
u
e
G
r
t
line in the location as shown.
lita den
i
m
Ensure that the new entry is on a single line.ni
tu
S
u
account
required
pam_unix.so
o@ e this
s
r
account
sufficient copam_localuser.so
us
pam_succeed_if.so
n
o
t
account
sufficient
uid < 1000 quiet
a
u
e
j
(
s
account
[default=bad
s icen success=ok user_unknown=ignore]
a
i
r
pam_ldap.so
a le l
o
account
pam_permit.so
ab
ors ferrequired
c
ssection of the file (lines beginning with password), add the following bold
n third
n
a
je.uaInlinethe
r
-int the location as shown.
n
o
n password requisite
pam_pwquality.so try_first_pass ...
password
password
password
f.
sufficient
sufficient
required
In the fourth section of the file (lines beginning with session), add the following two
bold lines in the location as shown.
Ensure that the two new entries are each on a separate single line.
session
session
-session
session
session
session
optional
pam_keyinit.so revoke
required
pam_limits.so
optional
pam_systemd.so
[success=1 default=ignore] pam_succeed_if.so ...
required
pam_unix.so
optional
pam_ldap.so
session
umask=077
g.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
7.
optional
pam_mkhomedir.so skel=/etc/skel
b.
Use the vi editor to remove sss and add ldap to the passwd, shadow, and group
directives as shown.
# vi nsswitch.conf
passwd:
files sss
shadow:
files sss
group:
files sss
passwd:
files ldap
shadow:
files ldap
group:
files ldap
8.
9.
(old
(old
(old
(new
(new
(new
entry)
entry)
entry)
entry)
entry)
entry)
s
a
h
o) e
c
du Guid
e
c. Save the file and exit vi.
r
lita dent
i
Configure the /etc/sysconfig/authconfig file onm
host01.
u
tdirectory.
ni
S
u
a. Use the cd command to change to the /etc/sysconfig
o@ e this
s
r
# cd /etc/sysconfig
co o us
n
t file and change USELDAP=no to
a authconfig
b. Use the vi editor to editju
the
e
(
s
USELDAP=yes asashown.
s icen
i
r
a le l
# vi authconfig
o
ors ferab
USELDAP=no
(old entry)
c
s
n
(new entry)
an
juaUSELDAP=yes
r
t
Useothe
n n systemctl command to start the nslcd service on host01.
Use the grep command to search for user student1 in the local /etc/passwd file.
The command produces no output, indicating that student1 is not a local user.
# grep student1 /etc/passwd
b.
c.
Use the ldapsearch command to search for student1 in the OpenLDAP directory.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
# search result
o
search:
ors 2 ferab
c
n an0s Success
juaresult:
tr
n
no# numResponses: 2
# numEntries: 1
d.
Notice that you can successfully log in as student1 even though the user account
does not exist locally.
Notice that a home directory was created for student1.
# su student1
Creating directory /home/student1.
[student1@host01 ~]$ whoami
student1
e.
Use the pwd command to verify that the /home/student1 directory was created on
the localhost.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Notice that the contents of /etc/skel were copied into the users home directory.
[student1@host01 ~]$ ls la
...
-rw-------. 1
student1 student1 ...
-rw-------. 1
student1 student1 ...
-rw-------. 1
student1 student1 ...
[student1@host01 ~]$ ls la /etc/skel
...
-rw-------. 1
student1 student1 ...
-rw-------. 1
student1 student1 ...
-rw-------. 1
student1 student1 ...
.bash_logout
.bash_profile
.bashrc
s
a
h
o) e
c
du Guid
e
r
g. Use the exit command to log off as student1.
ita dent
l
i
[student1@host01 ~]$ exit
nim Stu
u
logout
o@ e this
s
r
s
11. Disable the OpenLDAP client authentication
co oonuhost01.
n
t
a
a. From host01, use the (systemctl
ju nsecommand to stop the nslcd service.
s
ia nslcd
ce
rstop
i
# systemctl
l
a
le the authconfig file and change USELDAP=yes to
oeditoratobedit
s
r
b. Use the
vi
co sfeasrshown.
USELDAP=no
n
an
jua# vi
r
t
/etc/sysconfig/authconfig
n
noUSELDAP=yes
(old entry)
USELDAP=no
c.
.bash_logout
.bash_profile
.bashrc
(new entry)
Use the vi editor to replace ldap with sss for the passwd, shadow, and group
directives as shown.
# vi /etc/nsswitch.conf
passwd:
files ldap
shadow:
files ldap
group:
files ldap
passwd:
files sss
shadow:
files sss
group:
files sss
(old
(old
(old
(new
(new
(new
entry)
entry)
entry)
entry)
entry)
entry)
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
# cd /etc/pam.d
# cp system-auth.BAK system-auth
cp: overwrite system-auth? y
e.
f.
a
s
a
h
)
12. Disable the OpenLDAP server authentication.
o
c ide
u
a. From host03, open the Authentication Configuration Tool by running
d the
usysteme
G
r
config-authentication command.
t
lita den
i
m
# system-config-authentication
tu
ni
S
u
The GUI appears as follows:
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Perform the next step from host03.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
b.
Select Local accounts only from the User Account Database drop-down list.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
c.
d.
Do not log off host03. The next practice (Practice 4-1) assumes that you are logged in as the
root user on host03.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
t 4:
Practices lfor
n
ita Lesson
e
i
Pluggable
tud
nim Authentication
S
u
is
Modules
o@ e th(PAM)
s
r
co Chapter
us 4
n
o
t
a
(ju nse
s
ria e lice
a
o abl
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
In these practices, you configure PAM authentication modules first to allow a single login only,
and then to disable all non-root logins.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
In this practice, you configure a PAM authentication module on host03 to allow only a single
login session for a user.
Assumptions
The prompts in the solution section include either host01 or host03 to indicate which
system to enter the command from.
Tasks
1.
a
s
a
h
)
o
This directory contains files that describe the authentication procedure
for
c idane
u
application.
d Gu
e
r
[host03]# ls /etc/pam.d
ita dent
l
i
atd
gdm-pin
ppp
sudo
nim Stu
u
chfn
gdm-smartcard
remote @sudo-i is
so se th
r
...
o
c sshdo configuration
u
the
n
b. Use the cat command to view
file in /etc/pam.d.
t
a
u
e
j
(
s
This file contains
sa groupicofendirectives that define the authentication modules as well
a
i
r
l
as any controls
or
a larguments.
e
o
s rab modules are listed in the third column.
The
orauthentication
c
e /etc/pam.d/sshd
fcat
s
n
[host03]#
n
a
ju #%PAM-1.0
tra
n
noauth
required
pam_sepermit.so
auth
substack
password-auth
auth
include
postlogin
account
required
pam_nologin.so
account
include
password-auth
password
include
password-auth
# pam_selinux.so close should be the first session rule
session
required
pam_selinux.so close
session
required
pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be
executed in the user context
session
required
pam_selinux.so open env_params
session
optional
pam_keyinit.so force revoke
session
session
c.
password-auth
postlogin
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
include
include
d.
2.
pam_smbpass.so
pam_sss.so
a
s
a
h
)
o
r
a. Most of the authentication modules have a man page ldescribing
nt purpose and
ita detheir
i
usage. Use the man pam_sepermit command ito
n mviewSthetuman page for the
u
pam_sepermit authentication module.
his
o@ file,
tsepermit.conf,
s
Note that this module uses a configuration
which controls
r
e
o mode.
s
c
u
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
Use the man sepermit.conf command to view the man page for the
sepermit.conf file.
[host03]# man sepermit.conf
...
sepermit.conf configuration file for the pam_sepermit
module
...
The lines of the configuration file have the following
syntax:
...
3.
SELinux is covered in a subsequent lesson but for the purposes of this practice, use the
sestatus command to display information about SELinux.
The output shown is a sample showing that SELinux is enabled and is in enforcing
mode.
With SELinux in enforcing mode, the pam_sepermit authentication module allows or
denies login.
[host03]# sestatus
SELinux status:
enabled
...
Current mode:
enforcing
...
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co logoin toushost03.
From host01, confirm you can remotely
n
t
a
ucommand
a. From dom0, use the ssh
to log in to host01 as the oracle user.
e
j
(
s
s icen
a
i
The password
is oracle.
r
a le l
o
[dom0]#
ssh
s roracle@host01
r
ab
o
c
e
f
oracle@host01s
password: oracle
s
n
n
a
a
ju Last
trlogin...
n
no[oracle@host01 ~]$
4.
b.
c.
Use the hostname command to confirm that you successfully logged in to host03.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Note that you are now logged off of host03 and back to host01.
[oracle@host03 ~]$ logout
Connect to host03 closed.
[oracle@host01 ~]$ hostname
host01.example.com
5.
a
s
a
h
)
o
c ide
u
d Gu
b. Use the vi editor to add the following entry to /etc/security/sepermit.conf.
e
r
t only a single
ita denallows
This entry, when read by the PAM module pam_sepermit.so,
l
i
login session for the oracle user.
nim Stu
u
[host03]# vi /etc/security/sepermit.conf
o@ e this
s
r
oracle:exclusive
co o us
n
t
From host01, attempt to logju
in a
to host03.
e
(
s
s to iconnect
a. Use the ssh command
en to host03. Password is oracle.
a
i
c
r
l
a connection
Note s
that
le is denied.
o the
b
r
a
[oracle@host01
co sfer ~]$ ssh host03
n
password: oracle
an
juaoracle@host03s
r
t
n
denied, please try again.
noPermission
oracle@host03s password: CTRL-C
[host03]# find / -name sepermit.conf
/etc/security/sepermit.conf
6.
[oracle@host01 ~]$
b.
From host03, use the tail command to view the latest entries in the
/var/log/secure log file.
To permit the oracle user login from host01, you can do either of the following:
7.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Comment out this line by inserting a # sign at the beginning of the line as follows:
[host03]# vi /etc/pam.d/sshd
auth
required
pam_sepermit.so
#auth
required
pam_sepermit.so
8.
(current entry)
(insert # sign)
Password is oracle.
Note that the connection is allowed, and no longer denied by the PAM
authentication module.
[oracle@host01 ~]$ ssh host03
oracle@host03s password: oracle
Last failed login: ...
[oracle@host03 ~]$ hostname
host03.example.com
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
tu
nimto host03.
b. Use the logout command to close the connection
S
u
is to host01.
@ andthback
ohost03
Note that you are now logged off of
s
r
e
co o us
[oracle@host03 ~]$ logout
n
t
a
Connect to host03(ju
closed.se
s~]$ hostname
en
a
[oracle@host01
i
c
r
i
l
host01.example.com
o a able
s
r
cohost01,
elogr out as oracle user.
c. n
From
f
s
an
jua[oracle@host01
r
~]$ logout
t
n
o
Connect
to
host01
closed.
n
9.
(current entry)
(remove # sign)
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you configure a PAM authentication module on host01 to prevent all non-root
user logins.
Assumptions
The prompts in the solution section include either host01 or host03 to indicate which
system to enter the command from.
Tasks
1.
a
s
a
h
)
o
c ide
u
d Gu
e
Password is oracle.
r
ita dent
l
[dom0]# ssh host01
i
nim Stu
root@host01s password: oracle
u
Last login: ...
o@ e this
s
r
[root@host01]#
co o us
n
t configuration file in /etc/pam.d.
a the elogin
uview
b. Use the cat command(jto
s
n
suses ithe
epam_nologin.so
a
i
The login utility
authentication module as well as
c
r
l
a
e
several
other
PAM
modules.
l
so rab
r
o
[host01]#
c sfcat
e /etc/pam.d/login
n
n
a
a
ju #%PAM-1.0
tr[user_unknown=ignore
n
auth
success=ok ignore=ignore default=...
noauth
substack
system-auth
On host01, configure a PAM authentication module on host01 to prevent all non-root
user logins.
a. From dom0, use the ssh command to log in to host01 as root.
auth
account
...
c.
include
required
postlogin
pam_nologin.so
Use the man pam_nologin command to view the man page for the pam_nologin
authentication module.
Note that this module uses a configuration file /etc/nologin which, if it exists,
disables non-root logins.
[host01]# man pam_nologin
...
pam_nologin Prevent non-root users from login
...
pam_nologin is a PAM module that prevents users from
logging into the system when /var/run/nologin or
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
Use the vi editor and create the /etc/nologin file with the following contents:
[host01]# vi /etc/nologin
No logins allowed at this time.
2.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
Connection closed by 192.0.2.101
r
o
c
us
n
b. From host01, use the tail
commandto
to view the latest entries in the
a
(jufile. nse
/var/log/secureslog
a licisedenied by the PAM authentication module.
riconnection
Note that the
a
le
o tailab/var/log/secure
s
r
[host01]#
co sfer
...
n
an host01 sshd[...]: fatal: Access denied for user
jua<date_time>
r
t
n
by PAM account configuration [preauth]
nooracle
To permit the non-root user logins, you can do either of the following:
3.
Comment out this line by inserting a # sign at the beginning of the line as follows:
[host01]# vi /etc/pam.d/login
...
account
required
pam_nologin.so
#account
required
pam_nologin.so
4.
(current entry)
(insert # sign)
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
From host01, use the grep command to search for the string pam_nologin in all the
files in the /etc/pam.d directory.
Note that this module also is called from the ppp, remote, and sshd files.
Because you are using ssh to log in, you would need to comment out the line in the
sshd file as well.
6.
a
s
a
h
)
o
c ide
u
d Gu
e
Do not log off host03. The next practice (Practice 5-1) assumes that you are logged in as the
root user on host03.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
Practices lfor
Lesson
ita dent 5: Web
i
and Email
tu
nim Services
S
u
o@ e5 this
Chapter
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Verify that the httpd package is installed, start the service, and ensure that the
service starts at boot time
Assumptions
a
s
a
Install the httpd software package and enable and start the httpd service.) h
co ide
==============================================================
n
t packages)
a Dependent
u(+4
e
j
Install 1 Package
(
s
s icen
a
i
r
l
a size:
e
l
o
Total s
download
1.5 M
b
r
a
r
o
Installed
c sfsize:
e 4.3 M
n
n
a
Is
this
ok
ju -tra [y/d/N]: y
n
no...
Complete!
Tasks
1.
b.
Use the systemctl command to enable the httpd service to start at boot time.
# systemctl enable httpd
ln s /usr/lib/systemd/system/httpd.service
/etc/systemd/system/multi-user.target.wants/httpd.service
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
2.
b.
The Apache Test Page appears and confirms that Apache is working correctly.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
c.
3.
Close the Firefox web browser by clicking the X in the top-right corner of the window.
A Confirm close dialog box might appear. If so, click the Close tabs button to
close the window.
Create and view a test webpage.
a. Use the vi editor to create the /var/www/html/index.html file with the following
entry:
# vi /var/www/html/index.html
<html><body><p>This is my test page.</p></body></html>
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
4.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
l by clicking the X in the top-right corner of the window.
c. Close the Firefox
a weblebrowser
o
rs hosteronabthe Apache web server and name it www.example1.com.
Create a o
virtual
c
f
s
a. an
Use the vi
editor to edit the /etc/httpd/conf/httpd.conf file to add the
n
ju following
tra entries to the end of the file:
n
no# vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerName www.example1.com
DocumentRoot /var/www/example1
ErrorLog /var/log/httpd/example1.error_log
<Directory /var/www/example1>
Order deny,allow
Deny from all
Allow from 192.0.2
</Directory>
</VirtualHost>
b.
Use the vi editor to edit the /etc/hosts file and append www.example1.com to the
192.0.2.103 entry as follows:
# vi /etc/hosts
192.0.2.103 host03.example.com
host03
www.example1.com
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
e.
f.
Use the apachectl configtest command to check the configuration file for
possible errors.
In this example there are no errors.
Fix any errors you might have made.
a
s
a
h
)
o
c without
e
d
u
i
g. Use the apachectl graceful command to reload the configuration
affecting
d Gu
e
r
active requests.
ta ent
i
l
i
# apachectl graceful
nim Stud
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
# apachectl configtest
Syntax OK
5.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
6.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
b browser by clicking the X in the top-right corner of the window.
rs Firefox
b. Closeothe
raweb
c
e
f
second
nsvirtual host on the Apache web server named www.example2.com.
avi
uanUsea-tthe
ja.Create
r
editor to edit the /etc/httpd/conf/httpd.conf file to add the
n entries
to the end of the file:
nofollowing
# vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerName www.example2.com
DocumentRoot /var/www/example2
ErrorLog /var/log/httpd/example2.error_log
<Directory /var/www/example2>
Order deny,allow
Deny from all
Allow from 192.0.2
</Directory>
</VirtualHost>
b.
Use the vi editor to edit the /etc/hosts file to append www.example2.com to the
192.0.2.103 entry as follows:
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
# vi /etc/hosts
192.0.2.103 host03... www.example1.com
c.
www.example2.com
d.
e.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
thisthe configuration without affecting
so@tosereload
r
g. Use the apachectl graceful o
command
c to u
active requests.
n
a
(ju nse
# apachectl graceful
s
ria e lice
a
o abl
s
r
co sfer
n
jua -tran
non
f.
Use the apachectl configtest command to check the configuration file for
possible errors.
In this example there are no errors.
Fix any errors you might have made.
# apachectl configtest
Syntax OK
7.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
b browser by clicking the X in the top-right corner of the window.
rs Firefox
b. Closeothe
raweb
c
e
f
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
8.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
sOut from the menu.
n aLog
n
jb.uaSelect
r
-t
onThe following window appears.
n
c.
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
t 6:
Practices lfor
n
ita Lesson
e
i
Installing
tud Linux 7 by
nim Oracle
S
u
Using
o@ eKickstart
this
s
r
co Chapter
us 6
n
o
t
a
(ju nse
s
ria e lice
a
o abl
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Practices Overview
In these practices, you:
Create a new host07 virtual machine and perform a Kickstart installation on host07
Use rescue mode to repair a boot problem on host07
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you do the following:
Configure dom0 as an HTTP server.
Make the installation tree available from the HTTP server.
Create the Kickstart file and make it available from the HTTP server.
Shut down the host01 VM and create a new host07 VM.
Assumptions
You are logged on as the root user on dom0.
a
s
a
h
Tasks
)
o
c ide
$ su
an e to
Password: oracle (ju
ns
s
e
a
#
i
c
ar le li
o
b. As the rroot
raonbdom0, use the rpm command to ensure that the http package is
o s fuser
c
e
installed.
n ans
jua The
tr package is installed.
n
no# rpm qa | grep http
httpd-2.2.3-53.0.1.el5
c.
Use the service command to query the status of the httpd service.
# service httpd status
httpd (pid ...) is running...
In this example, the httpd service is running. If the service is not running, use the
service command to start the httpd service:
# service httpd start
...
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
2.
The Oracle Linux 7.1 DVD image is the OracleLinux-R7-U1-Server-x86_64dvd.iso file in the /OVS/seed_pool directory.
# cd /OVS/seed_pool
# ls
...
OracleLinux-R7-U1-Server-x86_64-dvd.iso
...
b.
Using a temporary mount point other than /mnt is a requirement imposed by Oracle
University (OU). On OU systems, there is a FAT file system mounted in
/mnt/cdrive. This file system holds binaries that monitor the machine status and
take care of initiating the build for the next class after the current class is finished. If
you are mounting an ISO on /mnt, it mounts on top of /mnt/cdrive. This causes
the binaries to fail to report to the OU Dashboard. Outside of the OU environment,
you can use /mnt for this procedure.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
# mkdir /mnt/iso
o@ e this
s
r
c. Use the mount command to mount
co theoOL7.1
us DVD image on /mnt/iso.
n
t
a
# mount -t iso9660
(ju-o loop
seOracleLinux-R7-U1-Server-x86_64n
s
dvd.iso /mnt/iso
e
ria e lic
a
d. Use the s
mkdir
l to create the /var/www/html/OL71 directory.
o command
b
r
a
co /var/www/html/OL71
er
# mkdir
f
s
n
n command to copy all files and directories from /mnt/iso to
acp
je.uaUse-tthe
r
n
no/var/www/html/OL71.
3.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
From dom0, use the scp command to copy /root/anaconda-ks.cfg from host01
to /var/www/html/ks.cfg on dom0.
# cd /var/www/html
# scp host01:~/anaconda-ks.cfg ks.cfg
root@host01s password: oracle
anaconda-ks.cfg
100% ...
The Kickstart file is now available from the HTTP server running on dom0.
You use the vi editor to change this Kickstart file as instructed in step 3c.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
cootherwise,
usyou get permission denied errors.
#version=RHEL7
# System authorization information
authconfig --enableshadow --passalgo=sha512
url --url http://192.0.2.1/OL71/
ignoredisk --only-use=xvda
# Keyboard layouts
Keyboard --vckeymap=us --xlayouts=us
# System language
lang en_US.UTF-8
# Network information
network --bootproto static --device eth0 --gateway 192.0.2.1
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
--ip 192.0.2.107
--nameserver=10.216.106.3,192.0.2.1,152.68.154.3
--netmask 255.255.255.0 --ipv6=auto
--hostname=host07.example.com --activate
# Root password
rootpw --iscrypted ...
# System timezone
timezone America/Denver --isUtc --nontp
user --name=oracle --password=$6$... --iscrypted --gecos=Oracle
Student
a
s
a
h
)
o
c ide
u
d Gu
e
r
a ent
t
i
l
i
# Partition clearing information
nim Stud
u
clearpart --all --drives=xvda
o@ e this
s
r
co o us
%packages
n
ua se t
j
@core
(
s icen
a
i
r
a le l
%end so
r erab
oKickstart
c
Verify
the
f file.
s
n
n
a
a use the scp command to copy /var/www/html/ks.cfg from dom0 to
ja.u From-trdom0,
n
no/root/ks.cfg on host01.
# System bootloader configuration
bootloader --location=mbr --boot-drive=xvda
autopart --type=lvm
4.
100%
...
c.
From host01, use the yum command to install the pykickstart package.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Install
1 Package
Use the ksvalidator utility to verify the ks.cfg file in the /root directory on
host01.
In this example, the command produces no output indicating there are no errors in
the ks.cfg file.
# ksvalidator /root/ks.cfg
e.
a
s
a
h
# vi /root/ks.cfg
)
o
c entry)
e
#version=RHEL7
(old
d
u
i
d(new G
u
e
version=RHEL7
entry)
r
t
lita den
i
f. Repeat step 4d and rerun the ksvalidator utility.
m
tu
ni
S
u
# ksvalidator /root/ks.cfg
o@
thi1s of the kickstart file:
s
The following problem occurred
on e
line
r
co o us
n
ua se t
j
Unknown command: (version=RHEL7
s icen
a
i
r
g. Fix the error in
the
/root/ks.cfg
file.
a le l
o
# vio/root/ks.cfg
rs erab
c
f
version=RHEL7
(old entry)
s
n
n
a
a
ju #version=RHEL7
r
(new entry)
-t
n
o
h.n Repeat step 4d and rerun the ksvalidator utility.
The following example removes the comment (# sign) from the first line.
The command produces no output indicating there are no errors in the ks.cfg file.
# ksvalidator /root/ks.cfg
i.
5.
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
usb = 1
usbdevice = 'tablet'
6.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
The available memory on dom0 allows a maximum of only three VMs to be running.
Therefore, it is necessary to shut down one VM to start a new VM.
# xm shutdown w host01
Domain host01 terminated
All domains terminated
If the xm shutdown command is taking more than a few seconds to complete, use
CTRL-C to kill the command and run the following xm destroy command.
# xm destroy host01
b.
a
s
a
h
)
o
c ide
u
d Gu
e
r
t l host07 |
a xm list
c. Determine the VNC port number for host07 by running
n
itthe
l
e
i
grep location command.
nim Stud
u
# xm list l host07 | grep location
@ this
o
s
r
(location o
0.0.0.0:5902)
se
c
u
n 3) to
(location
a
u
j
(indicatesnthat
sethe port number is 5902. Your port number might
The sample shown
s
e
ria e lic
be different.
a
o abl command.
d. Run thers
vncviewer&
co sfer
# vncviewer&
n
n
aVNC
jua -The
r
t
Viewer: Connection Details dialog box is displayed.
n
o
e.n Enter localhost:<port_number>, substituting the port number displayed from the
# xm create vm.cfg
Using config file ./vm.cfg.
Started domain host07 (id=...)
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
s rab
orOracle
c
The
feLinux boot menu screen appears for only 60 seconds, after which the
s
n
n
a
Test
this
ju -tra media & install Oracle Linux 7.0 menu option is selected by default.
do not see this screen, meaning the 60-second timeout has expired, click the
nonIfX you
in the top-right corner of the current screen to close it, enter the following
command from dom0, and begin step 6 again starting with 6b.
# xm destroy host07
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
f.
7.
From the Oracle Linux boot menu, press Esc to exit to the boot prompt.
The boot prompt is shown:
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
Initiate the Kickstart installation.
r
cbeoconfigured
usto retrieve the Kickstart file, ks.cfg,
IP address (ip=192.0.2.200)
Netmask (netmask=255.255.255.0)
Gateway (gw=192.0.2.1)
This address information allows an initial network connection required to retrieve the
Kickstart file from the installation server.
The information in the Kickstart file is then used to configure the network interface.
boot: linux ip=192.0.2.200 netmask=255.255.255.0 gw=192.0.2.1
ks=http://192.0.2.1/ks.cfg
There is a slight delay before the Kickstart installation begins.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
8.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
sprompted.
en
b. Click Reboot when
a
i
c
r
i
l
a verifylethe installation.
Log in to host07
o and
s
r
rathebssh command to connect to host07 as the root user. The
odom0, fuse
a. From
c
e
n anissoracle.
juapassword
-tr the IP address for host07 because the /etc/hosts file on dom0 does not
onUse
n contain an entry to resolve the host name.
b.
Use the hostname command to confirm that you are logged on to the host07 VM.
# hostname
host07.example.com
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
d.
Size
11G
Used
979M
Avail
9.4G
Use%
10%
Mounted on
/
s
a
h
o) /boot
c
497M 142M
355M
29%
e
d
u
i
d Gu
e
n
ua se t
nameserver 192.0.2.1
j
(
s icen
a
nameserver 152.68.154.3
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you do the following:
Corrupt a file on host07 to cause boot failure.
Boot into rescue mode to correct the file.
Assumptions
You are the root user on host07.
Tasks
1.
s
a
h
Use the :set nu command to turn on line numbers.
o) e
c
du Guid
At around line number 103, change linux16 /vmlinuz-3.8.13e
r
55.1.6.el7uek.x86_64 to linux16 /vmlinuz-3.13ta ent
i
l
i
55.1.6.el7uek.x86_64.
im Stud
n
u
# vi /boot/grub2/grub.cfg
o@ e this
s
:set nu
r
co o us
linux16 /vmlinuz-3.8.13-55.1.6.el7uek.x86_64
(old entry)
n
t
a
u
e
j
(
linux16 /vmlinuz-3.13-55.1.6.el7uek.x86_64
(new entry)
ns
s
e
a
i
c
li command to reboot host07.
c. Use the systemctl
ar lreboot
e
o
ab
# systemctl
ors ferreboot
c
n ans to 192.0.2.107 closed by remote host.
juaConnection
tr
Connection
to 192.0.2.107 closed.
n
no[dom0]#
b.
2.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
The following screen shows that an error occurred during the boot process.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
3.
d. Close the window by clicking the X in the upper-right corner of the window.
Shut down host07.
a. Run the xm destroy host07 command to shut down the host07 VM. Run xm list
to display the running VMs.
The output shown is a sample, the ID and Time(s) values are different on your
system.
# xm destroy host07
# xm list
Name
ID
Mem VCPUs
State
Time(s)
Domain-0
0
2048
2
r----281.1
host02
2
1536
1
-b---159.0
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
4.
host03
3
1536
1
-b---13.2
Notice that host07 is no longer active. You have two guests (host02 and host03)
running.
Configure host07 to boot from Oracle Linux 7 installation media.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
The procedure applies to Oracle VM Server for x86 version 2.2.1 Hardware Virtualized
(HVM) Guests.
For Para-virtualized (PVM) Guests, refer to MOS note 549410.1.
Use the vi editor to change the boot entry in the host07 vm.cfg file from boot =
cd to boot = d.
If the vm.cfg file is read-only, use :wq! to save the file.
# cd
# vi
...
boot
boot
...
5.
6.
/OVS/running_pool/host07
vm.cfg
a
s
a
h
)
o
c ide
u
Start the host07 VM.
d Gu
e
r
Run the xm create vm.cfg command to start the host07
xmt list to display
n
itaVM. Run
l
e
i
the running VMs.
nim Stud
u
# xm create vm.cfg
o@ e this
s
r
Using config file ./vm.cfg.
co o us
n
Started domain host07
(id=#)
ua se t
j
(
# xm list
s icen
a
i
r
Name
State
Time(s)
a le l ID Mem VCPUs
o
Domain-0
0
2048
2
r----281.1
rs erab
o
c
f
2
1536
1
-b---159.0
nhost02ans
juahost03
r
3
1536
1
-b---13.2
-t
n
o
host07
14
1536
1
-b---13.2
n
= cd
= d
(old entry)
(new entry)
# vncviewer&
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
The Oracle Linux boot menu screen appears for only 60 seconds after which the Test
this media & install Oracle Linux 7.0 menu option is selected by default.
If you do not see this screen, meaning the 60-second timeout has expired, click the X
in the top-right corner of the screen to close it, enter the following command from
dom0, and begin again starting with step 5.
# xm destroy host07
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
7.
From the Oracle Linux boot menu, press the Esc key to display the boot: prompt. The
following screen appears:
Alternatively, you could use the arrow keys selecting Troubleshooting to display a
new menu, and then select Rescue a Oracle Linux system from the
Troubleshooting menu.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
ans
uaninto-tRescue
jBoot
r
Mode.
n
o
n
a. Enter linux rescue at the boot: prompt and press Enter.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
Review the information displayed on the following screen. Use the Tab key to select
Continue and press Enter.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
his Press Enter to continue.
o@
c. Review the information displayed onrs
the
followingtscreen.
e
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
8.
Review the information displayed on the following screen. Press Enter to continue.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
im Stu
n
u
A shell prompt is displayed.
o@file.
this
s
Repair the corrupted /boot/grub2/grub.cfg
r
e
comounted
ufiles systems.
n
a. Use the df command to view
the
o
t
a
e
(ju are
smounted
Notice that the file
systems
under the /mnt/sysimage directory.
n
s
e
a
i
c
r
i
l
# df -h
a le
o
s
r
Filesystem
...
Mounted on
o ferab
c
s
n
...
an
jua/dev/mapper/ol_host07-root
r
t
...
/mnt/sysimage
n
o
n /dev/xvda1
...
/mnt/sysimage/boot
...
b.
c.
firmware
lib
lib64
lost+found
mnt
modules
proc
root
run
sbin
sys
tmp
Use the chroot command to change the root partition of the rescue mode
environment to the root partition of your file system.
# chroot /mnt/sysimage/
usr
var
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
e.
Mounted on
/
...
/boot
home
lib
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
a
s
a
h
)
o
c ide
# cp /boot/grub2/grub.cfg.BAK /boot/grub2/grub.cfg
u
d Gu
e
r
g. Use the exit command to exit the chroot environment.
ita dent
l
i
# exit
nim Stu
u
is of the window.
h. Close the window by clicking the X in the
top rightth
corner
o@
s
r
e
Boot host07 from the system hard drive.
co o us
n
t the boot entry in the host07 vm.cfg file
a to change
a. From dom0, use the vi u
editor
e
j
(
s
from boot = d s
back to boot
en = cd.
a
i
c
r
i
l
a le
# cd /OVS/running_pool/host07
o
b
s
r
# viovm.cfg ra
c
e
f
n ans
jua...
tr= d
boot
(old entry)
n
noboot = cd
(new entry)
f.
9.
...
...
...
b.
Use the xm destroy host07 command to shut down the host07 VM.
# xm destroy host07
c.
Use the IP address because the /etc/hosts file on dom0 does not contain an
entry to resolve host07.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent directory.
l
i
a. Use the /bin/rm r command to remove the /var/www/html/OL71/
nim Stu
u
# cd /var/www/html
o@ e this
# /bin/rm r OL71/
s
r
co o us
Use the xm list command to verify that host01, host02, and host03 are running and
that host07 is not running.
# xm list
Name
Domain-0
host01
host02
host03
ID
0
4
5
9
Mem VCPUs
2048
2
1536
1
1536
1
1536
1
State
r-----b----b----b----
Time(s)
758.9
37.4
37.3
109.3
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
t 7:
Practices lfor
n
ita Lesson
e
i
Samba
Services
tud
nim
S
u
o@ e7 this
Chapter
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
In these practices, you configure a Samba server and access the Samba shares on the server
from an Oracle Linux client host.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Use the testparm command to check the syntax of the sbm.conf file.
Assumptions
You are the root user on dom0.
s
a
h
Tasks
o) e
c
r
t
a. As the root user on dom0, use the ssh command to ilog
tain to host03.
n
l
e
i
The root password is oracle.
nim Stud
u
[dom0]# ssh host03
o@ e this
s
r
root@host03s password: coracle
o
us
n
o
t
Last login: ...
a
(ju nse
[host03]#
s
ia lice
r
a
b. From host03,
lerpm -qa command to list the installed samba packages.
o useathe
b
s
r
In
cothis example,
er two samba packages are installed.
f
s
n
n package and the samba-client package needs to be installed.
asamba
jua The
r
t
nrpm -qa | grep samba
no#samba-libs-4.1.12-21.el7.x86_64
samba-common-4.1.12-21.el7.x86_64
c.
Use the yum command to install the samba package and the samba-client package.
...
Complete!
2.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
b.
c.
a
s
a
h
)
# systemctl start smb
o
c ide
u
# systemctl status smb
d Gu
e
r
smb.service Samba SMB Daemon
ita dent
l
i
Loaded: loaded (/usr/lib/systemd/system/smb.service;
enabled)
im Stu
n
u
Active: active (running ) since
@ ...
o
this
s
Main PID: ... (smbd)
r
e
ctoo serve
usconnections...
3.
public
interfaces: eth0 eth1 eth2
b.
Use the firewall-cmd command to list the services that are trusted for the active
zone.
In this example, the dhcpv6-client , ldap, and ssh services are trusted.
# firewall-cmd --list-services
dhcpv6-client ldap ssh
c.
Use the firewall-cmd command to trust the samba service for the public zone.
4.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
Use the passwd command to set the password to oracle for user01.
5.
a
s
a
h
)
# cd /etc/samba
o
c ide
u
# ls
d Gu
e
r
lmhosts smb.conf
ita dent
l
i
m :set tunu command to turn on line
b. Use the vi editor to edit the smb.conf file. Use
nithe
S
u
numbers.
s
i
@
h
o
rs se t
# vi smb.conf
o
c
u
n
o
...
t
a
(ju nse
:set nu
s
ce workgroup = MYGROUP to workgroup =
ria e89,lichange
c. At around lineanumber
o abl
s
r
GROUPA.
co workgroup
er parameter defines the workgroup name for your environment. In
f
s
n
The
an
jua the
r
t
classroom environment, this parameter has no effect.
non workgroup = GROUPA
d.
At around line number 92, change netbios name = MYSERVER to netbios name
= SMB-HOST03.
e.
At around line number 123, ensure that the security parameter is set to user and
that the security parameter line is uncommented.
You do not need to make changes to this line.
security = user
f.
The default options for this share definition allow users to access their home
directory as Samba shares from a remote location.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
valid users = MYDOMAIN\%S
;
;
g.
At around line number 288, immediately following the [homes] stanza, add a [tmp]
stanza for the /tmp directory.
This stanza allows users to access the /tmp directory as a Samba share.
[tmp]
path = /tmp
writable = yes
guest ok = yes
6.
a
s
a
h
)
o
c ide
h. Save the changes to the smb.conf file and exit vi.
u
dfile. Gu
e
Use the testparm command to check the syntax of the sbm.conf
r
t
n
itathe testparm
l
e
If you do not specify a name for the configuration file iwith
command, the
m tud
i
n
command uses the default path name at /etc/samba/smb.conf.
u is S
@
o
Press Enter when prompted.
s se th
r
o
# testparm
c to u
n
a
Load smb config files
(ju from
se/etc/samba/smb.conf
n
s
e
rlimit_max: rincreasing
rlimit_max
(1024) to minimum Windows
ia lic
a
limit (16384)
o able
s
r
Processing
"[homes]"
r
co sfesection
n
n section "[tmp]"
a
juaProcessing
r
t
Processing
section "[printers]"
nnoLoaded
services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
<Press the ENTER key>
[global]
workgroup = GROUPA
netbios name = SMB-HOST03
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
read only = No
browseable = No
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
[tmp]
path = /tmp
read only = No
guest ok = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
7.
8.
a
s
a
Reload the smb.conf file.
h
)
o
a. Run the systemctl command to reload the smb service.
c ide
u
d smbGservice.
u
This command reloads the smb.conf file without stopping
the
e
r
t
lita den
# systemctl reload smb
i
m
ni of the Ssmbtuservice.
b. Run the systemctl command to view the status
u
o@ e this
# systemctl status smb
s
r
o
cDaemon
us
Use the smbpasswd command to add user user01 to the local smbpasswd file.
You use this password when accessing a Samba share from another Linux system
or a Windows system as user01.
# smbpasswd -a user01
New SMB password:MyOracle1
Retype new SMB password:MyOracle1
Added user user01.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you do the following:
Access the Samba shares that you set up on host03 in the previous practice, from
host01, which acts as an Oracle Linux Samba client.
Mount and unmount a Samba share on host01.
Assumptions
All steps are performed from the host01 VM except where indicated.
Tasks
1.
s
a
h
The root password is oracle.
o) e
c
[dom0]$ su
du Guid
e
Password: oracle
r
t
tain to host01.
n
ilog
l
e
i
c. As the root user on dom0, use the ssh command
to
im Stud
n
u
The root password is oracle.
o@ e this
s
[dom0]# ssh host01
r
o
coracle
us
root@host01's password:
n
o
t
a
u
se
Last login: ...s (j
n
e
riathe eyumliccommand to install the samba-client package.
d. From host01,ause
l ok.
oy to Isathis
b
s
r
Answer
co sfer
n
[host01]#
jua...-tran yum install samba-client
noIsn this ok [y/N]: y
...
Complete!
2.
b.
After restarting the smb service, run the smbclient command in step 2a again.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
At the smb: prompt on host01, use the ls command to list the files in the /tmp
directory on host03.
smb: \> ls
.
..
...
smb: \>
d.
D
DR
0
0
...
...
a
s
a
h on
e. Use the smbclient command to access the home directory for user user01
)
o
c ide
host03.
u
d Gu
e
n
t
a
e
f. Use the ls command (
toju
list the files
in the home directory for user user01.
s
s because
enSELinux is in Enforcing mode.
a
i
c
r
The command
fails
i
l
lein a subsequent lesson in this course.
oisacovered
b
s
SELinux
r
a
co\> ls
er
f
smb:
s
n
an
juaNT_STATUS_ACCESS_DENIED
r
listing \*
t
n
o
n smb: \>
smb: \> exit
g.
h.
To allow Samba users access to their home directories, set SELinux to Permissive
mode on host03.
You could configure SELinux to allow Samba users to access their home
directories; however, for the purposes of this practice, set SELinux to Permissive
mode.
[host03]# getenforce
Enforcing
[host03]# setenforce 0
[host03]# getenforce
Permissive
i.
On host01, re-issue the smbclient command to access the home directory for user
user01 on host03.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
j.
Use the ls command to list the files in the home directory for user user01.
Because of the change in the SELinux mode, you can now list and access the files
in user01s home directory.
smb: \> ls
.
..
.mozilla
.bash_logout
.bash_profile
.bashrc
...
smb: \>
3.
D
D
DH
H
H
H
...
...
...
...
...
...
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
@ this
k. Use the exit command to exit the smb
osession.
s
r
o
se
c
smb: \> exit
u
n
o
tshare
a
u
e
j
On host01, mount and unmount
a
Samba
from your Oracle Linux client.
(
s
n
s
e
a. On host01, create
riaa mount
icpoint for user01s home directory.
l
a
e
l
[host01]#
so mkdir
r
rab /homedir
o
c
e
f
b. n
Use the yum
s command to install the cifs-utils package.
n
a
jua Answer
r
-t y to Is this ok.
n
o
n [host01]# yum install cifs-utils
...
Is this ok [y/N]: y
...
Complete!
c.
Use the mount.cifs command to mount user01s home directory on the newly
created mount point.
d.
Use the df -hT command to verify that the mount operation was successful.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
e.
Type
Size
Used
Avail
cifs
11G
3.2G
7.1G
Use%
Mounted on
32% /homedir
Verify that the /homedir directory is read-only by using the mount command.
[host01]# mount | grep homedir
//host03/user01 on /homedir type cifs (ro,relatime,vers=1.0...)
f.
[host01]# ls /homedir
Notice that the directory is empty.
g. On host03, use the touch command to create the /home/user01/testfile file.
s
a
h
o) e
h. On host01, list the contents of /homedir.
c
u uid
Notice that the testfile can now be seen from host01.ed
G
r
t
a
t
n
i
l
[host01]# ls /homedir
mi tude
i
n
testfile
u is S
@
o
i. On host01, use the umount command
ththe Samba share.
s to unmount
r
e
o
s in the /homedir directory.
c youtoareunot
Using the cd command ensures
n
a
[host01]# cd
(ju nse
s
[host01]# umount
ria e/homedir
ice
l
a
l to log off host01.
o command
b
j. Use thers
exit
a
co sfexit
er
[host01]#
n
an
jualogout
r
t
n
to host01 closed.
noConnection
[host03]# touch /home/user01/testfile
k.
l.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you become familiar with procedures to access a Linux Samba share from a
Windows system. You do not have a Windows system in the Oracle classroom environment. All
you can do is read through the tasks in this practice to help understand the steps.
Assumptions
Tasks
1.
In this task, you examine the steps to access the home directory for user01, residing
on the host01 VM. This home directory is offered as a network share through Samba
services running on host01. You performed the same task previously, but you
accessed the share from an Oracle Linux client.
The steps are identical to the steps that are needed to map any Windows network
share.
You can use your Windows username if the Samba administrator has mapped your
Windows domain username to a Samba Linux username on the Linux host providing
the Samba services.
In this example, you use user01 as the username, and provide the Samba password
set up for this username.
Launch the tool to map a network drive.
s
a
h
o) e
c
du Guid
e
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
ua se t
j
(
s icen
a
i
r
a.
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
ocredentials
Select Connect using different
s to provide your Linux username and its
c
u
n
o
associated Samba password.
t
a
u
e
j
(
s
c. In the Windows Security
s window,
en enter the credentials for the share as user01 and
a
i
c
r
i
the Samba password
as
MyOracle1.
l
o a able
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
After successful completion of the mapping operation, the home directory for
user01 on host01 is mapped to drive H:.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
n
e. Use Disconnect toarelease
share.
s ictheenetwork
i
r
l
o a able
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
Practices lfor
Lesson
ita dent 8:
i
Advanced
Package
tu
nim Software
S
u
Management
o@ e this
s
r
co Chapter
us 8
n
o
t
a
(ju nse
s
ria e lice
a
o abl
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Practices Overview
In these practices, you:
Learn to manage Yum plug-ins
Create a binary RPM package
Manage software updates with PackageKits Software Update program
Work with Yum history and Yum cache
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you do the following:
Start the host04 VM.
Log in to host04.
View Public Yum Server configuration on host04.
Assumptions
Tasks
1.
a
s
a
You were instructed to shut down host03 at the end of Practice 7. ) h
o e
In this example, only host01 and host02 VMs are running. uc
d Guid
e
r
# xm list
t
n
ita State
e
Name
ID
Mem VCPUsmil
Time(s)
d
i
u
t
n
u 2 is Sr----Domain-0
0
2048
758.9
@
h
o
host01
4
-b---37.4
s se 1t
r1536
o
c
host02
5
1536 u
1
-b---37.3
n
o
t
a
ju system,
b. If host03 is running on(your
seuse the xm shutdown command to shut it down.
n
s
e
a lon
rimemory
The available
ic dom0 allows a maximum of only three VMs to be running.
a
e
l
so ratobshut down one VM before starting the host04 VM.
It is rnecessary
o
c sfe w host03
# xm shutdown
n
a
anhost03 terminated
ju Domain
r
t
n domains terminated
noAll
c.
If the xm shutdown command is taking more than a few seconds to complete, press
Ctrl + C to kill command and run the following xm destroy command.
# xm destroy host03
d.
e.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
2.
Log in to host04.
a. Determine the VNC port number for host04 by running the xm list l host04 |
grep location command.
# xm list l host04 | grep location
(location 0.0.0.0:5904)
(location 3)
The sample shown indicates that the port number is 5904. Your port number might
be different.
b. Run the vncviewer& command.
# vncviewer&
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
his for the Password.
tprompted
so@
r
d. Click Oracle Student in the list ofousers.
You
are
e
us
cand click
n
e. Enter oracle for the Password
Sign In.
o
t
a
(juappears.
se
The GNOME desktop
n
s
e
ria etoldisplay
ic the pop-up menu.
f. Right-click theadesktop
l
so rab
r
o
c sfe
n
a
ju -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
im Stu
n
u
g. From the pop-up menu, click Open in Terminal.
o@ e this
A terminal window appears. ors
us to become the root user.
csu - command
n
h. In the terminal window, useathe
o
t
(jisuoracle.
se
The root password
n
s
e
ria e lic
a
$ su
l
o oracle
b
s
r
a
Password:
co sfer
n
#
ua -tran
jWhen
nstarting the host04 VM, there might be a pop up notice to update the system. Close
o
n
the pop up window and do not install updates.
3.
/etc/resolv.conf
/etc/profile
/etc/yum.repos.d/public-yum-ol7.repo
The DNS and proxy configurations are specific to the Oracle University environment.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
Use the cat command to view the contents of the /etc/sysconfig/networkscripts/ifcfg-eth0 file.
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
...
DNS1=192.0.2.1
DNS2=152.68.154.3
DNS3=10.216.106.3
DNS4=193.32.3.252
DOMAIN= us.oracle.com example.com
...
b.
Use the cat command to view the contents of the /etc/resolv.conf file.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
enthe last five lines in the /etc/profile file.
rias e tolicview
c. Use the tailacommand
l variable is set in the last line of this file.
o proxy
b
s
r
The
HTTP
server
a
co /etc/profile
er
f
s
n
#
tail
jua...-tran
n
noexport
http_proxy=http://ges-proxy.us.oracle.com:80
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
ol7_UEKR3 (enabled=1)
# cat /etc/yum.repos.d/public-yum-ol7.repo
[ol7_latest]
...
enabled=1
...
[ol7_UEKR3]
...
enabled=1
...
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you do the following:
View currently installed Yum plug-ins.
Assumptions
You are the root user on host04.
Tasks
1.
a
s
a
h
)
o
# yum clean all
c ide
u
Cleaning repos: ol7_UEKR3 ol7_latest
d Gu
e
r
Cleaning up everything
ita dent
l
i
If the following message appears, open another
imterminal
tuwindow and kill the
n
S
u
PackageKit process id (PID).
o@ e this
s
r
In this example, the PID is 2048.
o
c
usthe yum lock; waiting for it
n
o
Another app is currently
holding
t
a
(ju nse
exit...
s
ia lice is: PackageKit
rapplication
The other
a
le
o : ...
Memory
b
s
r
a
o fer...
cStarted:
s
n
n
a
jua -State
: Sleeping, pid: 2048
r
t
n
no...
In a new terminal window, use the su - command to become the root user
(password is oracle), then use the kill <PID> command to kill the
PackageKit process.
to
$ su
Password: oracle
# kill 2048
b.
Many yum commands display the plug-ins; this is just one example.
The first yum command takes a few minutes to complete because the Public Yum
repositories need to initialize. Subsequent yum commands do not require this
initialization process.
Each time you execute the yum command, the currently enabled Yum plug-ins are
listed immediately, before the output of the yum command.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
This directory contains a configuration file for each installed Yum plug-in.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s to iview
d. Use the cat command
enthe contents of the langpacks.conf file.
a
i
c
r
l
This plug-in
le
o ais aenabled.
b
s
r
# cat
co langpacks.conf
er
f
s
n
an
jua[main]
r
t
n
noenabled=1
...
e.
Note that there are two configuration files but only one plug-in listed in the output of
step 1a. The rhnplugin.conf file is the configuration file for the yum-rhnplugin. The yum-rhn-plugin is used to connect to the Red Hat Network (RHN)
and this plug-in is not enabled when running Oracle Linux.
# cd /etc/yum/pluginconf.d
# ls -l
total 12
-rw-r--r--. ... langpacks.conf
-rw-r--r--. ... rhnplugin.conf
Use the cat command to view the contents of the rhnplugin.conf file.
2.
Use the rpm -qa command to find the package name of the langpacks plug-in.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
Use the rpm ql command to view the files that are included with the yumlangpacks package.
a
s
a
h
)
c. View the yum-langpacks(8) man page.
o
c ide
u
After viewing the man page, press q to quit.
d Gu
e
r
# man yum-langpacks
ita dent
l
i
...
nim Stu
u
DESCRIPTION
@ this
o
s
r
e yum to install language
yum-langpacks is aoplugin s
for
c
u
n allows
packs. This plug-in
to various user commands.
a
u
e
j
(
ns
s
e
a
i
c
command
li of:
ar isle one
o
langavailable
[language1] [language2] [...]
rab [language1]
ors ** flanginfo
c
e
[language2] [...]
s
n
jua -tran* langinstall [language1] [language2] [...]
* langlist [language1] [language2] [...]
non
* langremove [language1] [language2] [...]
langavailable
This command allows user to find if language
support is available for the given input
languages.
langinfo
This command allows user to check which packages
get installed when the given input language
support is installed.
langinstall
This command allows user to install language
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
splug-inictoelistn the packages that get installed with Yiddish
e. Use the langpack
a
i
r
a le l
language support.
o
s use reither
ab Yiddish or the language ID, yi, as an argument to this
orcan
You
c
e
f
s
n command.
n
a
jua# yum
r
-t langinfo Yiddish
n
o
n Loaded plugins: langpacks
Language-Id=Yiddish
hunspell-yi
f.
Is this ok [y/N]: y
...
Language packs installed for: yi
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
g.
h.
3.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
Install the aliases Yum plug-in.
nim Stu
u
s you can install.
a. Use the yum command to list available Yum
hithat
o@plug-ins
t
s
r
e
In this example, there are sixcYum
o plug-ins
s available to install.
u
n
o
tyum-plugin
# yum list available
ua| grep
e
j
(
s
kabi-yum-plugins.noarch
s icen...
a
i
r
a le l
yum-plugin-aliases.noarch
...
o
b
s
r
yum-plugin-changelog.noarch
...
o fera
c
s
n
...
n
a
juayum-plugin-tmprepo.noarch
r
t
yum-plugin-verify.noarch
...
nnoyum-plugin-versionlock.noarch
...
b.
4.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Note that the man page installed with the yum-plugin-aliases package is yumaliases(1).
# rpm ql yum-plugin-aliases
/etc/yum/aliases.conf
/etc/yum/pluginconf.d/aliases.conf
...
/usr/share/man/man1/yum-aliases.1.gz
b.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
l lists all current aliases with their
a firstle form
The
o
b
the second form looks up a command and
raresult,
ors final
c
e
f
s
n
its final result or an error message. The last
jua -transhows
form creates a new alias.
n
no...
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
inst install
in install
rm remove
down downgrade
rein reinstall
...
ls list
lsi ls installed
lsa ls available
...
d.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
t
e. Use the aliases plug-in
available
packages to install.
utoalist the
e
j
(
s
n
s
The commandia
r to listeavailable
ice packages to install is yum list available.
l
a
l the same list of available packages.
oalias aproduces
The lsa
b
s
r
co lsasfer
# yum
n
jua...-tran
n
5.0.2-7.el7_1.1
ol7_latest
nozsh.x86_64
zziplib.i686
0.13.62-5.el7
ol7_latest
zziplib.x86_64
0.13.62-5.el7
ol7_latest
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you do the following:
View available errata for your system.
View CVE information.
Update the packages affected by the specific CVE.
View software package information.
View dependencies for a software package.
Assumptions
a
s
a
h
)
Tasks
o
c ide
u
d Gu
1. Manage errata for your system.
e
r
a. Run the yum updateinfo list to list all the erratalthat
nt for your
ita aredavailable
e
i
system.
im Stu
n
u
Sample output is provided. New errata@
exist sinceis
this example was created.
h
o
t
s
This errata list provides the errata
or ID forueach
se entry in the errata.
c
n
Errata fall into three categories:
to
a
u
e
j
(
Bug fixes
ns
s
e
a
i
c
r listed
i priority (critical, important, moderate)
lby
Securityafixes
e
l
o
oEnhancements
rs erab
c
f
s
n
# yum updateinfo
list
n
a
a
ju Loaded
r
-t plugins: aliases, langpacks
n
o
n ELSA-2015-0672 Moderate/Sec. bind-libs-32:9.9.4-18.el7_1.1...
You are the root user on host04.
ELSA-2015-0672 Moderate/Sec.
...
ELBA-2015-0741 bugfix
ELBA-2015-0974 bugfix
...
ELEA-2015-0969 enhancement
ELEA-2015-0732 enhancement
...
ELSA-2015-0265 Critical/Sec.
ELSA-2015-0718 Critical/Sec.
...
updateinfo list done
bind-libs-lite-32:9.9.4-18.el7...
binutils-2.23.52.0.1-30.el7_1.1...
binutils-2.23.52.0.1-30.el7_1.2...
crash-7.0.9-5.el7_1.x86_64
dnsmasq-2.66-13.el7_1.x86_64
firefox-31.5.0-2.0.1.el7_0...
firefox-31.5.3-3.0.1.el7_1...
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
Use the cves option with the yum updateinfo list command to display only the
security patches.
This list provides the CVE ID instead of the errata ID.
# yum updateinfo list cves
Loaded plugins: aliases, langpacks
CVE-2015-1349 Moderate/Sec. bind-libs-32:9.9.4-18.el7_1.1...
CVE-2015-1349 Moderate/Sec. bind-libs-lite-32:9.9.4-18.el7...
...
CVE-2015-0822 Critical/Sec. firefox-31.5.0-2.0.1.el7_0...
CVE-2015-0827 Critical/Sec. firefox-31.5.0-2.0.1.el7_0...
...
CVE-2014-8962 Important/Sec. flac-libs-1.3.0-5.el7_1.x86_64
CVE-2014-9028 Important/Sec. flac-libs-1.3.0-5.el7_1.x86_64
...
CVE-2015-0255 Moderate/Sec. xorg-x11-server-common-1.15.0-...
updateinfo list done
a
s
a
h
)
o
c ide
u
d selects
c. Correlate a published CVE to its errata ID. The following example
uthe last CVE
e
G
r
t
in the previous output.
n
lita list
e
i
d
m
Use the --cve <CVE> option to the yum updateinfo
tu command.
ni
S
u
The list for this CVE includes the security
o@ patches
thisby errata ID for the particular CVE
s
ID. This CVE affects two packages
in this example.
r
e
co a different
us CVE.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
e.
2.
Use the yum command to list the Oracle Database preinstallation packages (oraclerdbms) that are available for installation.
a
s
a
h
You can use the lsa alias instead of list available.
)
o
c ide
r
oracle-rdbms-server-11gR2-preinstall.x86_64
a ent
t
i
l
i
oracle-rdbms-server-12cR1-preinstall.x86_64
im Stud
n
u
b. View more information for the Oracle Database
packages.
is
@ preinstallation
h
o
t
s
In this example, there are two releases
e package. You select to download the
or inuofthissthis
c
:
:
:
:
:
:
:
:
:
oracle-rdbms-server-11gR2-preinstall
x86_64
1.0
3.el7
18 k
ol7_latest/x86_64
Sets the system for Oracle single instance and ...
GPLv2
This package installs software packages and ...
Name
Arch
Version
Release
:
:
:
:
oracle-rdbms-server-12cR1-preinstall
x86_64
1.0
3.el7
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Size
Repo
Summary
License
Description
c.
:
:
:
:
:
17 k
ol7_latest/x86_64
Sets the system for Oracle single instance and ...
GPLv2
This package installs software packages and ...
Check the dependencies for the target package by using the repoquery command.
The repoquery utility is part of the yum-utils package and is useful for querying
information from Yum repositories.
If a dependency package is missing, it is downloaded along with the oraclerdbms-server-12cR1-preinstall package in the next step.
# repoquery --requires oracle-rdbms-server-12cR1-preinstall
/bin/bash
/bin/sh
/etc/redhat-release
bind-utils
...
xorg-x11-utils
xorg-x11-xauth
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
is
o@ ethethoracle-rdbms-server-12cR1d. Use the --downloadonly option tos
download
r
o dependent
preinstall package and anyc
missing
us packages.
n
o
t
a
In this example, six packages
(ju nsaree downloaded in addition to the
oracle-rdbms-server-12cR1-preinstall-1.0-3.el7.x86_64.rpm
s
ia lice
package. ar
le
o aoracle-rdbms-server-12cR1-preinstall
b
s
r
# yum
install
-co sfer
downloadonly
n
anplugins: aliases, langpacks
juaLoaded
r
t
n
no...
Transaction Summary
==============================================================
Install 1 Package (+6 Dependent packages)
Total download size: 9.8 M
Installed size: 29 M
Background downloading packages, then exiting:
(1/7): compat-libcap1-1.10-7.x86_64.rpm ...
...
exiting because Download Only specified
e.
Verify that the package and its dependency packages are downloaded by examining
the content of the /var/cache/yum/x86_64/7Server/ol7_latest/packages
directory.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
3.
You can also specify an alternative directory for the downloaded packages with
downloaddir=<directory path>.
--
If the package that you want to download is already installed, it is not downloaded
and its dependencies are not downloaded. In the next step, you use a different
technique to download a package if the package is already installed on your system.
# cd /var/cache/yum/x86_64/7Server/ol7_latest/packages
# ls
compat-libcap1-1.10-7.x86_64.rpm
...
oracle-rdbms-server-12cR1-preinstall-1.0-3.el7.x86_64.rpm
In this task, you examine the Yum utilities available and use the yumdownloader
utility to download a package.
a. Use the rpm -ql command to examine the files that make up the yum-utils
package.
Note that yumdownloader and repoquery are included in the yum-utils
package.
# rpm -ql yum-utils
...
/usr/bin/repoquery
...
/usr/bin/yumdownloader
...
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icoption
en of the downloadonly plug-in to attempt to
a
i
b. Use the --downloadonly
r
l
le
otheaxorg-x11-server-Xorg
download
program.
b
s
r
a
r
o
c package
n The
fe is not downloaded because it is already installed.
s
n
a
ju # yum
trainstall xorg-x11-server-Xorg --downloadonly
n
noLoaded plugins: aliases, langpacks
The command does not download the dependencies for the xorg-x11-serverXorg program.
# yumdownloader xorg-x11-server-Xorg
Loaded plugins: aliases, langpacks
xorg-x11-server-Xorg-1.15.0-33.el7_1.x86_64.rpm ...
d.
Use the yum deplist command to display the dependencies for the xorg-x11server-Xorg program.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t command for the xorg-x11-server-Xorg
j
(
e. Use the repoquery
--whatrequires
swhich packages
en depend on xorg-x11-server-Xorg.
a
i
c
r
program to find
out
i
l
le a few seconds to run.
o a atakes
b
s
Thisrcommand
co sfthis
erlist with the list obtained with the yum deplist command in step 3d.
n Compare
an --whatrequires xorg-x11-server-Xorg
jua# repoquery
r
t
n
noxorg-x11-drv-ati-0:7.2.0-9.20140113git3213df1.el7.x86_64
# yum deplist xorg-x11-server-Xorg
Loaded plugins: aliases, langpacks
Finding dependencies:
package: xorg-x11-server-Xorg.x86_64 1.15.0-33.el7_1
dependency: config(xorg-x11-server-Xorg) = 1.15.0-33.el7_1
provider: xorg-x11-server-Xorg.x86_64 1.15.0-33.el7_1
dependency: libGL.so.1()(64bit)
provider: mesa-libGL.x86_64 10.2.7-5.20140910.el7
...
xorg-x11-drv-ati-0:7.4.0-1.20140918git56c7fb8.el7.x86_64
xorg-x11-drv-dummy-0:0.3.6-15.el7.x86_64
...
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you prepare to build an RPM package. The steps for this preparation are:
Create a nonprivileged user to perform the build.
Check for the required packages to perform the build and install them if necessary.
Create the directory infrastructure for the build.
Create the program for the package.
Create the compressed TAR file and store it in the appropriate build directory.
Create the spec file.
After performing the steps to prepare for the RPM package build, you perform the build by using
the rpmbuild command.
In the last task, you install the new RPM package as root to verify that the program gets
installed as you expected.
a
s
a
h
)
Assumptions
o
c ide
r
ita dent
l
Tasks
i
tuinstall it if it is not installed.
nim and
1. Verify the presence of the required rpmdevtools
package
S
u
o@
a. Run the rpm command to search for s
the
rmpdevtools
this command.
r
e
co package
us is not installed.
In this example, the rpmdevtools
n
o
t
a
ju nse
# rpm -qa | grep (rpmdevtools
s
ce to install the rpmdevtools package.
riathe yum
i
b. If necessary, a
use
command
l
le is a dependency for the rpmdevtools package and is
o abpackage
s
The
rpm-build
r
co satfether same time as rpmdevtools. The rpm-build package contains the
installed
n
an command, which you use to build the RPM package in this practice.
jua rpmbuild
r
t
The rpmdevtools package contains several commands that are useful when
noncreating
RPM packages, including the following two commands that you use later in
this practice:
...
Complete!
2.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
b.
Use the ls ld command to view the home directory for the rpmbuilder user.
# ls -ld /home/rpmbuilder
drwx------. 3 rpmbuilder rpmbuilder ... /home/rpmbuilder
c.
Use the passwd command to create a password of oracle for the rpmbuilder user.
3.
s
a
h
o) e
c
du Guid
e
r
ita dent
Create the directory infrastructure for the RPM build.
l
i
tu
a. Use the su - command to become the rpmbuilder
nim user.
S
u
Use the whoami command to confirm
you are tthe
hisrpmbuilder user.
o@
s
r
e
# su rpmbuilder
co o us
n
$ whoami
ua se t
j
(
rpmbuilder ias
en
c
r
i
l
a le to list the contents of the rpmbuilder users home
b. Use the s
lso -la command
r
o ferab
directory.
c
s
n -la
n
a
jua$ ls
r
-t
n
...
o
n -rw-r--r--. ... .bash_logout
-rw-r--r--.
-rw-r--r--.
drwxrwxr-x.
drwxrwxr-x.
drwxr-xr-x.
c.
...
...
...
...
...
.bash_profile
.bashrc
.cache
.config
.mozilla
Run the rpmdev-setuptree command, and then use the ls -la command to verify
the presence of new entries in the home directory.
Note the new rpmbuild directory and the new .rpmmacros file.
$ rpmdev-setuptree
$ ls -la
...
-rw-r--r--. ... .bash_logout
-rw-r--r--. ... .bash_profile
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
-rw-r--r--.
drwxrwxr-x.
drwxrwxr-x.
drwxr-xr-x.
drwxrwxr-x.
-rw-rw-r--.
d.
4.
...
...
...
...
...
...
.bashrc
.cache
.config
.mozilla
rpmbuild
.rpmmacros
Use the ls -lR command to view the directory structure in the new rpmbuild
directory.
$ ls -lR rpmbuild
...
drwxrwxr-x. ... BUILD
drwxrwxr-x. ... RPMS
drwxrwxr-x. ... SOURCES
drwxrwxr-x. ... SPECS
drwxrwxr-x. ... SRPMS
...
s
a
h
o) e
c
u uid
Create the program that is going to be part of the RPM package.ed
G
r
t
a
t
n
i
a. Use the cd command to change to the rpmbuild directory.
l
mi tude
i
n
$ cd rpmbuild
u is S
@
o
thfile.
b. Use the vi editor to create the following
s hello.c
r
e
o
c to us
$ vi hello.c
n
a
#include <stdio.h>
(ju nse
s
ria e lice
a
l
main()s{o
b
r
a
o fer World!\n");
cprintf("Hello
s
n
n
a
jua -return(0);
r
t
}n
o
n
c.
d.
5.
Create the compressed TAR file with the build directory structure and the compiled
program, and store it in the rpmbuild/SOURCES directory.
The build directory name must reflect the correct name and version for the package
that you are building.
a. Use the pwd command to ensure you are in the /home/rpmbuilder/rpmbuild
directory.
From this directory, use the mkdir command to create the hello-1.0 directory.
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Use the mv command to move the hello program to the new directory.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
$ pwd
/home/rpmbuilder/rpmbuild
$ mkdir hello-1.0
$ mv hello hello-1.0/
b.
Use the tar command to create a compressed TAR file of the hello-1.0 directory
structure and store the resulting .tar.gz file in the rpmbuild/SOURCES directory.
$ tar cvzf SOURCES/hello-1.0.tar.gz hello-1.0/
hello-1.0/
hello-1.0/hello
c.
Use the ls command to verify that the new .tar.gz file is in the SOURCES directory.
$ ls SOURCES
hello-1.0.tar.gz
6.
a
s
a
hspec file.
)
a. From the rpmbuild directory, use rpmdev-newspec to create a skeleton
o
c ide
u
$ rpmdev-newspec SPECS/hello.spec
d Gu
e
r
t >= 4.11.
SPECS/hello.spec created; type minimal, lirpm
ta version
n
e
i
d
imnew spec
b. Use the cat command to view the contents of n
the
tufile.
S
u
$ cat SPECS/hello.spec
o@ e this
s
r
Name:
hello co
us
n
o
t
a
Version:
(ju nse
s
Release:
1%{?dist}
ria e lice
Summary: a
so rabl
... or
c sfe
n
%changelog
a
an
jc.u Use-tthe
r
cd command to change to the SPECS directory.
no$ncd SPECS
Create and populate the spec file.
d.
Use the vi editor to edit the hello.spec file and populate the header section by
making the following changes:
Note: A preconfigured hello.spec file exists on dom0 (192.0.2.1) in the
/OVS/seed_pool/sfws directory.
You can edit the hello.spec file as follows by using the vi command, or you can
use the sftp root@192.0.2.1 command and copy
/OVS/seed_pool/sfws/hello.spec from dom0 to
/home/rpmbuilder/rpmbuild/SPECS/hello.spec on host04.
If you use this hello.spec file on dom0, you do not need to edit the file as instructed
in the following steps. You can go immediately to step 6j.
Leave hello as the Name tag.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Add this line: A program that display Hello World as a new line following
the %description directive.
After making the changes, the header section looks like this:
Name:
Version:
Release:
Summary:
hello
1.0
1%{?dist}
Test for the hello program
License:
#URL:
Source0:
GPL
a
s
a
hello-1.0.tar.gz
h
)
o
c ide
u
d Gu
#BuildRequires:
e
r
#Requires:
ita dent
l
i
nim Stu
u
%description
o@ e this
s
r
A program that displays Hello
co oWorld
us
n
t
a
e. Leave the %prep section
juas is.nse
(
s
The %prep macro
is a section
where you get the files ready for the build section.
cesome
ria patching
i
l
a
This might
involve
files. The %setup macro in this section unpacks
e
l
o
b
s
r
the
rain the SOURCES directory into the BUILD directory. The -q option
cosource
efiles
f
indicates
a
quiet
action.
s
n
anexample, the only necessary step for this section is the unpacking step.
jua In-tthis
r
n
f. no
Use the vi editor to remove the entries in the %build section but leave the %build
macro.
%build
%configure
delete this line
make %{?_smp_mflags]
delete this line
Generally, this section contains the steps to build the software. A command such as
the make command is allowed. In this example, the software is already built.
g. Use the vi editor to make the following changes to the %install section of the
hello.spec file:
Leave the rm -rf $RPM_BUILD_ROOT line as is. This line cleans the BUILDROOT
directory before performing the build.
Comment out the %make_install line. The next line creates the required
directory.
Add a line to create the build directory structure in the BUILDROOT directory by
using the install -d command. This line is followed by an install command
that copies the built program into its build directory.
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
After making the changes, the %install section looks like this:
%install
rm -rf $RPM_BUILD_ROOT
#%make_install
install -d $RPM_BUILD_ROOT/usr/local/bin
install hello $RPM_BUILD_ROOT/usr/local/bin/hello
As seen in this example, this section installs the software, which means that the
necessary directories are created and the package files are copied to their
respective directory.
h. Use the vi editor to make the following changes to the %files section:
After making the changes, the %files section looks like this:
%files
/usr/local/bin/hello
In the %files section, you list the files and their location for the binary RPM
package. This section can also trigger the creation of directories.
i. Leave the %changelog section unchanged. Save the file and exit vi.
a
s
a
h
)
o
c ide
u
d Gu
e
r
j. Use the cat command to view the hello.spec file.ilEnsure
thet contents of the
n
ita that
e
hello.spec file match the following.
nim Stud
u
Edit the file again if necessary to ensure
o@theecontents
this of hello.spec looks like
s
r
this:
o
c
us
n
o
$ cat hello.spec
t
a
(ju nse
Name:
hello
s
a 1.0lice
Version: ari
e
o abl1%{?dist}
s
Release:
r
r
co
Summary: sfe
Test for the hello program
n
jua -tran
n
GPL
noLicense:
#URL:
Source0:
hello-1.0.tar.gz
#BuildRequires:
#Requires:
%description
A program that displays Hello World
%prep
%setup -q
%build
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
%install
rm -rf $RPM_BUILD_ROOT
#%make_install
install -d $RPM_BUILD_ROOT/usr/local/bin
install hello $RPM_BUILD_ROOT/usr/local/bin/hello
%files
/usr/local/bin/hello
%changelog
7.
a
s
a
h
)
o
c ide
$ cd /home/rpmbuilder/rpmbuild
u
dand spec
ufile
e
The SPECS/hello.specnparameter
t
a
RPM binary build. (ju
se
n
s
e
The four major
iasectionslicduring the build process, %prep, %build, %install, and
rshown
a
%clean,
are
o ablein bold format in this example.
s
r
r
If
you seefaewarning:
Could not canonicalize hostname: message, this
co
s
n
This is a DNS resolution error and can be fixed by adding the host
abentoignored.
jua can
r
t
name
/etc/hosts.
no$nrpmbuild -bb -v SPECS/hello.spec
Perform the build of the binary RPM package.
a. Use the cd command to change to the /home/rpmbuilder/rpmbuild directory.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Wrote: /home/rpmbuilder/rpmbuild/RPMS/x86_64/hello-debuginfo...
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp...
+ umask 022
+ cd /home/rpmbuilder/rpmbuild/BUILD
...
+ exit 0
c.
8.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
Install the newly built package.
i
tu
nim user.
a. Use the exit command to log off as the rpmbuilder
S
u
is user.
@are thethroot
oyou
Use the whoami command to verify
s
r
e
co o us
$ exit
n
ua se t
logout
j
(
s icen
a
# whoami
i
r
a le l
root so
or ferab to change to the directory where the new package resides.
b. n
Usecthe cdscommand
an
jua# cd
r
/home/rpmbuilder/rpmbuild/RPMS/x86_64
t
no#nls
hello-1.0-1.el7.x86_64.rpm
hello-debuginfo-1.0-1.el7.x86_64.rpm
c.
d.
Run the which hello command to display the path of the command.
# which hello
/usr/local/bin/hello
e.
f.
Use the ls l command to display the file and its permissions in its target directory.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
# ls -l /usr/local/bin
total 8
-rwxr-xr-x. 1 root root ... hello
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
PackageKit is a software program that provides graphical tools to install software and software
updates on your Linux systems. PackageKit is available for several Linux distributions.
In this practice you use the Software Update program that is part of PackageKit to manage
software updates on your Oracle Linux system.
You also change the frequency at which the Software Update program checks for updates.
PackageKit also includes the Software graphical tool to install and remove packages, but this
program is not used in this practice.
Assumptions
Ensure that you logged in to host04 using vncviewer and not ssh.
a
s
a
h
)
When using the PackageKit Software Update program, the proxy set through
an
o
cthe Yum
e
d
u
environment variable does not work. You need to set the proxy directly
in
i
d Gu
e
configuration file.
r
ita dent file and add
As the root user on host04, use the vi editor to edit m
theil/etc/yum.conf
tu line.
ni
the following proxy line following the installonly_limit=3
S
u
o@ e this
# vi /etc/yum.conf
s
r
co o us
[main]
n
ua se t
...
j
(
s icen
installonly_limit=3
a
i
r
a le l
proxy=http://ges-proxy.us.oracle.com:80
o
ors ferab
c
s
n
jua -tran
non
Tasks
1.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
2.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
n ans
jua The
tr Software Update window appears.
n
no Checking for updates might take several minutes to complete.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
b.
While the list of changes is being created, open a terminal window on the desktop, and
examine the process that is running to obtain the lists of updates, called changes in the
Software Update program.
3.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
If the Software Update program fails with an error message, use the yum clean all
command to clean all cached information and then use the yum repolist command
to initialize the metadata. For example:
# yum clean all
...
# yum repolist
...
a.
Return to the Software Update program. In this example, the program has found 79
updates.
This is sample output. Your environment might be different because updates have
been added since this example was captured.
Do not click the Install Updates button because it takes too long to install all of
the updates.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
4.
Change the frequency at which the Software Update program checks for updates.
a. From a terminal window as the root user, run the gpk-prefs command to view the
Software Update Preferences GUI.
# gpk-prefs
The Software Update Preferences window appears.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
rs erab
o
c
f for updates: drop-down menu.
b. n
Select the Check
s
n
a
ju The
trachoices are Hourly, Daily, Weekly, and Never as shown.
n
no
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
@ this
o
s
r
c. From the drop-down list, select Hourly.
o
se
c
u
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
@ this
o
s
r
e. Click Close to close the Software
window.
o UpdateuPreferences
se
c
n
o
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you become familiar with:
The history of transactions kept by Yum
The history contains information about Yum transactions, such as date and time of
occurrence, whether the transactions were successful, and the number of packages
affected in the RPM database. You can use the history kept by Yum to undo a given
transaction or to redo a transaction.
Cache information kept by Yum
Yum caches a variety of information to allow faster operations and, in some cases, to
allow you to perform package management without a network connection. Information
cached by Yum operations includes packages, header information for packages, and
metadata for enabled repositories.
a
s
a
h
You are the root user on host04.
)
o
c ide
u
d Gu
Tasks
e
r
1. Display Yum history information.
ita dent
l
i
a. As the root user on host04, use the yum history
tu to list transactions.
nim command
S
u
The following is sample output.
o@ e this
s
r
o outside
Ignore the Warning: RPMDB
altered
c
us of yum message. This message is
n
o
caused by using rpm commands
and
can be ignored. See the following for more
t
a
(ju nse
information: http://illiterat.livejournal.com/7834.html.
s
ce
rialist
i
l
# yum history
a
le
o abaliases,
Loadedrs
plugins:
langpacks
r
o
c
e
f
| Date and time | Action(s)
|
nID a|nsLogin user
juaAltered
r
-t
n
---------------------------------------------------------------------o
n
6 | Oracle Student <oracle> | <date_time>
| Install
|
7
Assumptions
b.
|
|
|
|
|
Update
Install
Erase
Install
Install
|
2
|
1
|
1
|
1
| 1214
Select the most recent transaction ID and display detailed information for that
transaction.
In this example, the most recent transaction ID is 6.
# yum history info 6
Loaded plugins: aliases, langpacks
ID
| Command line
| Date and time | Action(s)
Altered
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
2.
Install the changelog Yum plug-in and uninstall it by using information in the Yum history.
a.
You install this plug-in package and you uninstall it in this task.
Install the yum-plugin-changelog package by using the yum install command.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
b. List the Yum history to display the latest transaction.
u
his when installing the yumothe@action
The most recent transaction reflects
ttaken
s
r
e
plugin-changelog package.
coTwoopackages
us were installed as part of that
n
t
transaction.
a
(ju nse
s
# yum historyalist
ce changelog, langpacks
ri aliases,
i
l
a
Loaded plugins:
le
so rabuser
ID cor | Login
| Date and time
| Action(s)|Altered
e
f
s
n
an| Oracle Student <oracle> ...
jua-------------------------------------------------------------r
t
7
| Install |
2
n
no...
Total download size: 114 k
Installed size: 384 k
Is this ok [y/d/N]: y
...
Complete!
history list
c.
Undo the most recent transaction by using the yum history undo <ID number>
command.
Replace <ID number> with the ID number obtained from your previous history
listing.
Answer y to Is this ok.
# yum history undo 7
...
Transaction Summary
==============================================================
Remove 2 Packages
Installed size: 384 k
Is this ok [y/N]: y
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
...
Complete!
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
The packages installed by installing the yum-presto package are uninstalled when
you use the yum history undo command.
# yum history list
Loaded plugins: aliases, changelog, langpacks
ID
| Login user
| Date and time
| Action(s)| Altered
-------------------------------------------------------------8 | Oracle Student <oracle> ...
| Erase
|
2
7 | Oracle Student <oracle> ...
| Install |
2
...
history list
3.
a
s
a
h
)
o
c ide
# cd /var/cache/yum
u
d Gu
e
r
b. Access each subdirectory until you reach the 7Servertdirectory.
nt the ls l
i a deUse
command to display the contents of this directory.mil
u is a subdirectory for
tthere
nidirectory,
S
u
In the /var/cache/yum/x86_64/7Server
o@ e this
each enabled repository.
s
r
co o us
# ls
n
ua se t
x86_64
j
(
en
# cd x86_64/rias
c
i
l
# ls
o a able
s
r
7Server
co sfer
n
7Server/
an
jua# cd
r
t
nls -l
no#drwxr-xr-x.
... ol7_latest
Examine Yum cache information.
a. Use the cd command to change to the /var/cache/yum directory.
drwxr-xr-x. ...
-rw-r--r--. ...
c.
ol7_UEKR3
timedhosts
This directory contains the metadata for the http://publicyum.oracle.com/repo/ OracleLinux/OL7/latest/ repository.
The metadata for this repository consists of several compressed XML files that were
downloaded from the Oracle Public Yum site.
The gen directory contains the uncompressed updateinfo.xml.gz file.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
The packages directory contains cached packages when caching is enabled in the
/etc/yum.conf file or if you have used the --downloadonly flag when using
the yum install command.
# cd ol7_latest
# ls -l
-rw-r--r--. ...
-rw-r--r--. ...
-rw-r--r--. ...
drwxr-xr-x. ...
-rw-r--r--. ...
drwxr-xr-x. ...
-rw-r--r--. ...
-rw-r--r--. ...
-rw-r--r--. ...
a
s
a
h
)
o
d
u
downloaded are still present because you have not installeddthese packages.
udisabled.
e
G
r
Packages are deleted after they are installed when package
caching
is
t
lita den
i
# ls -l packages
m
tu
ni
S
u
-rw-r--r--. ... compat-libcap1-1.10-7.el7_1.x86_64.rpm
o@ e this
s
...
r
co o us
n
Clean the Yum cache.
t
ua scommand
e
j
(
a. Use the yum clean
packages
to clean the packages in the Yum cache.
n
s
e
a
i
c
li
# yum clean
arpackages
e
l
o
Loaded
rab aliases, changelog, langpacks
orsplugins:
c
e
f
ol7_UEKR3 ol7_latest
nCleaning
ansrepos:
jua...-tpackage
r
files removed
n
o
b.n Use the ls command to list the contents of the packages directory.
d.
4.
cachecookie
comps.xml
filelists.xml.gz
gen
other.xml.gz
packages
primary.xml.gz
repomd.xml
updateinfo.xml.gz
c.
...
...
...
...
...
...
...
filelists.xml
filelists.xml.sqlite
other.xml
other.xml.sqlite
primary.xml
primary.xml.sqlite
updateinfo.xml
d.
Use the yum clean metadata command to clean the metadata in the Yum cache.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
e.
a
s
a
h
)
o
c ide
u
d Gu
r
t
If you experience problems accessing packages and
information
from the
n
itapackage
l
e
i
d
m
Oracle Public Yum or from the Oracle Unbreakable
Linux
Network
(ULN)
site,
it is
i
u
t
n
S
u
often helpful to issue the yum clean metadatais
command. This forces yum to
o@
download the latest metadata thers
next
time it isth
invoked.
o
se
c
u
# ls -l
uan se to
j
drwxr-xr-x. ... (gen
s packages
en
a
drwxr-xr-x. r...
i
c
i
l
ogena able
# ls -l
s
r
total
co 0 sfer
n
n and start host03.
ahost04
ua down
jShut
r
t
n the systemctl poweroff command to shut down host04.
a.no
Use
5.
b.
c.
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
ID
0
4
5
15
Mem VCPUs
2048
2
1536
1
1536
1
1536
1
State
r-----b----b----b----
Time(s)
758.9
37.4
37.3
37.3
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
t 9:
Practices lfor
n
ita Lesson
e
i
Advanced
tud
nim Storage
S
u
Administration
o@ e this
s
r
co Chapter
us 9
n
o
t
a
(ju nse
s
ria e lice
a
o abl
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you:
Create a partition on a storage device
Create an ext4 file system on the partition
Assumptions
Tasks
1.
2.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
This lists the following three storage devices:
o@
this
/dev/xvda, approximately 12rs
GB
in size
e
s
co10 GBo inusize
/dev/xvdb, approximately
n
t
a
/dev/xvdd, approximately
(ju ns10e GB in size
s
e
riasystem
The operating
isic
installed on the /dev/xvda device.
l
a
le /dev/xvdd devices are unused.
o aband
s
The
/dev/xvdb
r
co l
e|r grep /dev
f
s
n
#
fdisk
an
juaDisk
r
t
/dev/xvda:
12.9 GB, 12884901888 bytes, 25165824 sectors
n
o
n /dev/xvda1 * 2048 1026047
512000
83
Linux
/dev/xvda2
1026048
25165823
12069888
8e
Linux LVM
Disk /dev/xvdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Disk /dev/xvdd: 10.7 GB, 10737418240 bytes, 20971520 sectors
Disk /dev/mapper/ol-root: 11.0 GB, 11022630912 bytes, ...
Disk /dev/mapper/ol-swap: 1287 MB, 1287651328 bytes, ...
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
a
s
a
h
)
o
c ide
u
d Gu
e
r
Calling ioctl() to re-read partition table.
a ent
t
i
l
i
Syncing disks.
im Stud
n
u
d. Use the fdisk command to list the partition
@ tablethonis/dev/xvdb.
o
s
# fdisk l /dev/xvdb
or use
c
n
to
a
u
e
j
( GB,ns10737418240 bytes, 20971520 sectors
Disk /dev/xvdb:s 10.7
a
i
r e lice
...
a
l Start
o Boot
b
s
Device
End
Blocks
Id
System
r
a
r
o
c
e
f
/dev/xvdb1
2048 2099199
1048576
83
Linux
ns
asystem
uan a-tfile
jCreate
r
on /dev/xvdb1.
n
o
n
Use the mkfs command to make an ext4 file system on /dev/xvdb1.
Command (m for help): w
The partition table has been altered!
3.
4.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
Use the mount command to mount /dev/xvdb1 on /Dev with ACL support.
c.
Size
Used
Avail
Use%
976M
2.6M
907M
1%
Mounted on
/Dev
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Assumptions
Ensure that you are using vncviewer to connect to host03 and not using ssh.
You switch between the root user and the oracle user for this practice.
Tasks
1.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
2.
As the oracle user, use the touch command to create the test file in the /Dev
directory.
Note that you do not have permission to create files in the /Dev directory.
[oracle@host03]$ touch /Dev/test
touch: cannot touch Dev/test: Permission denied
3.
As the root user, use the getfacl command to display the /Dev directorys ACL.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
4.
As the root user, use the setfacl command to add a rule to the ACL giving the oracle
user read, write, and execute permissions to the /Dev directory.
[root@host03]# setfacl m u:oracle:rwx /Dev
5.
6.
s
a
h
Note the new user:oracle:rwx line in the output of the getfacl command.
o) e
c
r
getfacl: Removing leading / from absolute
t
ta pathennames
i
l
i
# file: Dev
im Stud
n
u
# owner: root
o@ e this
s
# group: root
r
co o us
user::rwx
n
t
a
e
user:oracle:rwx (ju
s
s icen
group::r-x ria
a le l
o
mask::rwx
ors ferab
c
other::r-x
n ans
uathe
jAs
root
tr user, use the ls ld command to display the permissions for the /Dev
n
directory.
no
As the root user, use the getfacl command to display the /Dev directorys ACL.
Note the plus sign (+), indicating that the directory has an ACL.
[root@host03]# ls -ld /Dev
drwxrwxr-x+ ... /Dev
7.
As the oracle user, use the touch command to create the test file in the /Dev
directory.
Click the oracle@host03 tab to enter commands as the oracle user.
8.
As the oracle user, use the ls command to display a long listing of the /Dev directory.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
In this practice, you set quotas on a directory for the oracle user. You also remove the quotas
and the ACL on the directory.
Assumptions
You switch between the root user and the oracle user for this practice.
Tasks
1.
b.
a
s
a
h
)
o
cenable iACL
e
These options enable disk quotas for users and groups and also
d
u
d Gu
e
support.
r
ita dent /dev/xvdb1
l
i
[root@host03]# mount t ext4 o acl,usrquota,grpquota
nim Stu
/Dev
u
o@diskeusage
d. Use the quotacheck command to create
thistables for /Dev.
s
r
s
cocugo u/Dev
[root@host03]# quotacheck
n
t
a
e. Use the ls command (
toju
display the
sefiles created in /Dev.
n
s
e
ria lse llic/Dev
[root@host03]#
a
l root ... aquota.group
o root
b
s
-rw-------.
r
a
co sferroot root ... aquota.user
-rw-------.
n
jua...-tran
n
f. no
Use the quotaon command to enable quotas on /Dev.
c.
h.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Change the block quota to set a hard limit of 2048 blocks (2 MB) for the oracle
user.
[root@host03]# edquota oracle
Disk quotas for user oracle (uid 500):
Filesystem blocks soft hard inodes soft hard
/dev/xvdb1
0
0
0
1
0
0 (old entry)
/dev/xvdb1
0
0 2048
1
0
0 (new entry)
Alternatively, you could use the setquota oracle 0 2048 0 0 /Dev
command.
i. Use the repquota command to report disk usage on /Dev.
Note that the hard limit for the oracle user is now 2048.
[root@host03]# repquota /Dev
*** Report for user quotas on device /dev/xvdb1
Block grace time: 7days; Inode grace time: 7days
Block limits
File limits
User
used soft
hard grace used soft hard grace
------------------------------------------------------------root
-20
0
0
2
0
0
oracle -0
0
2048
1
0
0
2.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
As the oracle user, verify the disk quota setting.
o@ e this
s
r
a. Click the oracle@host03 tab
as the oracle user.
ctooentero commands
us
n
t
a
b. Use the dd if=/dev/zero
bs=1M count=4096 command to
(ju onof=bigfile
se
n
attempt to create a
as
4 MB file e
/Dev.
ri quotaeexceeded
ic
l
a
Note the
Disk
error message.
l
o ab
s
r
[oracle@host03]$
co sfer cd /Dev
n
[oracle@host03]$
dd if=/dev/zero of=bigfile bs=1M count=4096
n
a
juaxvdb1:
r
t
n- write failed, user block limit reached.
nodd:
writing bigfile: Disk quota exceeded
3+0 records in
1+0 records out
2097152 bytes (2.1 MB) copied, ...
c.
Note that the bigfile is not 4 MB, but was truncated after quota limits were
reached.
[oracle@host03]$ ls l /Dev
...
-rw-rw-r--. 1 oracle oracle 2097152 ... bigfile
...
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
[oracle@host03]$ quota
Disk quotas for user oracle (uid 500):
Filesystem blocks quota limit grace files quota limit grace
/dev/xvdb1
2048*
0 2048
2
0
0
e.
Use the rm command to delete the bigfile file in the /Dev directory.
[oracle@host03]$ rm bigfile
f.
a
s
a
h
)
o
[oracle@host03]$ rm test
c ide
u
d Gu
h. Use the cd command to change to the oracle users home directory.
e
r
ita dent
l
[oracle@host03]$ cd
i
u
tpractice.
nforim
As the root user, reset the /dev/xvdb1 partition
the next
S
u
o@ e thasisthe root user.
a. Click the root@host03 tab to enter
commands
s
r
o
us command to reset the disk quota for the
b. Use the setquota oraclen0c0 0 0o/Dev
t
a
oracle user.
(ju nse
s
[root@host03]#
ce oracle 0 0 0 0 /Dev
ria setquota
i
l
a
le to remove the ACL from the /Dev directory.
o acommand
c. Use thers
setfacl
b
co sfer setfacl b /Dev
[root@host03]#
n
n
agetfacl
jd.uaUse-tthe
r
command to display the /Dev directorys ACL.
nonNote that the user:oracle:rwx line in the output has been removed.
g.
3.
Note the difference in the number of blocks and number of files from step 13.
[oracle@host03]$ quota
Disk quotas for user oracle (uid 500):
Filesystem blocks quota limit grace files quota limit grace
/dev/xvdb1
0
0 2048
1
0
0
Use the rm command to delete the test file in the /Dev directory.
Use the ls ld command to display the permissions for the /Dev directory.
Note that there is no plus sign (+), indicating that the directory has no ACL.
[root@host03]# ls -ld /Dev
drwxr-xr-x ... /Dev
f.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
g.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you create an encrypted file system, create a file system on the encrypted
volume, reboot your system and provide the passphrase to mount the encrypted file system,
and remove the encrypted file system.
Assumptions
You are the root user on host03 VM.
Tasks
1.
a
s
a
h
)
# cryptsetup luksFormat /dev/xvdb1
o
c ide
u
d Gu
e
r
WARNING!
ita dent
l
i
========
im Stu
n
u
This will overwrite data on /dev/xvdb1
s
@ thiirrevocably.
o
s
r
e
co oyes):
us YES
Use the cryptsetup command to check the status of the encrypted volume.
# cryptsetup status cryptfs
/dev/mapper/cryptfs is active.
type: LUKS1
cipher: aes-xts-plain64
keysize: 256 bits
device: /dev/xvdb1
offset: 4096 sectors
size:
2093056 sectors
mode:
read/write
d.
Use the blkid command to view the attributes of the /dev/xvdb1 block device.
# blkid /dev/xvdb1
/dev/xvdb1: UUID=... TYPE=crypto_LUKS
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
e.
Use the ls l command to list the /dev entry for the cryptfs encrypted volume.
# ls l /dev/mapper
...
crw-------. ... control
lrwxrwxrwx. ... cryptfs -> ../dm-2
lrwxrwxrwx. ... ol-root -> ../dm-0
lrwxrwxrwx. ... ol-swap -> ../dm-1
2.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co a mount
uspoint named /cryptfs.
921M
1%
/cryptfs
Use the vi editor to create /etc/crypttab and to add the following entry.
# vi /etc/crypttab
cryptfs /dev/xvdb1 none luks
3.
Reboot your system and enter the passphrase to mount the encrypted file system.
a. Use the systemctl reboot command to reboot your system.
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
d.
Provide the passphrase, Cvt69*@P3, when prompted for the encrypted file system
passphrase during reboot.
The boot process continues after providing the correct passphrase.
Please enter passphrase for disk cryptfs!: Cvt69*@P3
4.
s
a
h
o) e
c
du Guid
e
# cryptsetup luksClose
n /dev/mapper/cryptfs
to
a
u
e
j
( devicenmapping
s
f. Verify that the cryptfs
has been removed.
s
e
a
i
c
r
i
l
a le
# ls /dev/mapper
o
s
r
control
rab ol-swap
o ol-root
c
e
f
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
In this practice, you use the kpartx utility to create device maps from partitions tables.
Assumptions
Tasks
1.
s
a
h
[dom0]# ls l
o) e
c
r
-rw-r--r-- 10737418240 u01.img
ta ent
i
l
i
-rw-r--r-- 10737418240 u02.img
im Stud
n
u
-rw-r--r-737 vm.cfg
this
so@file.
r
c. Use the cat command to view theovm.cfg
e
s
c tobyu/dev/xvda.
n
The system.img file isarepresented
(ju nseby /dev/xvdb.
The u01.img a
file
is represented
s
e
i
c
r
i
l
a
The u02.img
o afilebislerepresented by /dev/xvdd.
s
r
[dom0]#
co cat
ervm.cfg
f
s
n
=
anhost03
juaname
r
t
builder
= hvm
n
nomemory
= 1536
b.
boot = cd
disk = [ file:/OVS/running_pool/host03/system.img,xvda,w,
file:/OVS/running_pool/host03/u01.img,xvdb,w,
file:/OVS/running_pool/host03/u02.img,xvdd,w,
...
2.
From dom0, use the kpartx l command to list the partitions on the system.img
disk image file.
The output shows that the system.img disk image file contains two partitions.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
3.
4.
From dom0, use the kpartx l command to list the partitions on the u01.img disk
image file.
The output shows one partition.
Sample output is shown.
[dom0]# kpartx l u01.img
loop8p1 : 0 2097152 /dev/loop8 2048
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
b. From host03 VM, use the fdisk command
o@toelistththeispartition table for /dev/xvdb.
s
r
The output shows one partition.
co o us
n
This confirms that theu
u01.img
filetis mapped to /dev/xvdb.
a
e
j
(
s
s l |icgrep
[host03]# fdisk
en /dev/xvdb
a
i
r
l
Disk /dev/xvdb:
e GB, 10737418240 bytes, 20971520 sectors
o a abl10.7
s
r
/dev/xvdb1
2048 2099199
1048576
83
Linux
co sfer
n
n information on the u02.img file.
apartition
ua -the
jReview
r
t
n dom0, use the kpartx l command to list the partitions on the u02.img disk
a. o
n From
image file.
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
5.
c.
6.
Used
Avail
Use%
Mounted on
a
s
a
h
)
34M
924M
4% /Dev
o
c ide
u
d. Use the cp command to copy the init* files from /boot to /Dev.
d Gu
e
r
You view these files later in this practice to confirmlithe
oft the kpartx
tasuccess
n
e
i
command.
nim Stud
u
[host03]# cp /boot/init* /Dev @
o e this
s
r
[host03]# ls /Dev
co o us
n
initramfs-0-rescue-...img
initrd-plymouth.img
t
a
u
e
j
(
initramfs-3.10.0-229.el7.x86_64.img
lost+found
ns
s
e
a
i
c
initramfs-3.8.13-55.1.6.el7uek.x86_64.img
ar le li
o
The remaining
rab in this practice are entered from dom0.
ors commands
c
e
f
s from the partition table on u01.img.
n device
Create
anmaps
ja.uaFrom-trdom0,
use the ls command to list the /dev/mapper directory.
nonBefore adding the device files, a listing of /dev/mapper shows only the control
file.
[dom0]# ls /dev/mapper
control
b.
Use the kpartx l command to list the partitions on the u01.img disk image file.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
Use the kpartx a command to add the device mappings for the detected partitions.
To save time in this practice, you do not need to shut down the host03 VM before
using the kpartx a command.
It would be best practice to shut down host03 before creating device mappings and
before mounting the devices on dom0.
[dom0]# kpartx a u01.img
d.
7.
From dom0, use the mkdir command to create a mount point, /mnt/map1.
a
s
a
h
)
b. Use the mount command to mount /dev/mapper/loop9p1 on /mnt/map1.
o
c ide
u
d Gu
Substitute the device name from step 6d.
e
r
[dom0]# mount /dev/mapper/loop9p1 /mnt/map1
ita dent
l
i
c. Use the ls command to view the files on /mnt/map1.
nim Stu
u
Note that these are the same filess
that
you copied
o@
thisto /Dev in step 5d.
r
e
[dom0]# ls /mnt/map1 co
us
n
o
t
a
initramfs-0-rescue-...img
initrd-plymouth.img
(ju nse
s
initramfs-3.10.0-229.el7.x86_64.img
lost+found
ria e lice
a
initramfs-3.8.13-55.1.6.el7uek.x86_64.img
o abl
s
r
o kpartx
erdevice mapping on dom0.
Removecthe
f
s
n
an use the umount command to unmount /mnt/map1.
ja.uaFrom-trdom0,
n
umount /mnt/map1
no[dom0]#
[dom0]# mkdir /mnt/map1
8.
b.
c.
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you:
Explore Udev files and directories
Query the Udev database
Create a Udev rule to create a symbolic link to a device
Assumptions
You are the root user on the host03 VM.
Tasks
1.
Explore Udev.
a.
Use the rpm -ql command to view the udev files included with the systemd RPM
package.
# rpm ql systemd | grep udev
/etc/udev
/etc/udev/hwdb.bin
/etc/udev/rules.d
/etc/udev/udev.conf
/usr/bin/udevadm
...
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
n Udev rules files in the /lib/udev/rules.d
s to view
eexisting
a
i
b. Use the ls command
c
r
i
l
and /etc/udev/rules.d
o a able directories.
s
r
co/lib/udev/rules.d
er
# ls
f
s
n
75-probe_mtd.rules
an
jua100-balloon.rules
r
t
n
75-tty-description.rules
no10-dm.rules
11-dm-lvm.rules
77-mm-ericsson-mbm.rules
...
# ls /etc/udev/rules.d
70-persistent-ipoib.rules
c.
+=: Add the value to the current values for the key
# less /lib/udev/rules.d/50-udev-default.rules
# do not edit this file, it will be overwritten on update
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s command to query the Udev database for the device path of
n theaudevadm
n
jb.uaUse
r
/dev/xvdd.
-t
n
o
n # udevadm info --query=path --name=/dev/xvdd
/devices/vbd-5696/block/xvdd
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
ATTR{ro}==0
...
looking at parent device /devices/vbd-5696:
KERNELS==vbd-5696
SUBSYSTEMS==xen
DRIVERS==vbd
ATTR{devtype}==vbd
ATTR{nodename}==device/vbd/5696
3.
a
s
a
# vi /etc/udev/rules.d/10-local.rules
h
)
o
KERNEL==xvdd, SUBSYSTEM==block, SYMLINK=my_disk
c ide
u
dto trigger
urules.
e
b. Run the udevadm trigger command to manually force Udev
G
r
t
lita den
i
# udevadm trigger
m
i
tu
ndevices.
S
u
c. Use the ls -l command to list the /dev/my*
o@
this
s
Note that /dev/my_disk is a symlink
to /dev/xvdd.
r
e
co o us
# ls l /dev/my*
n
t
(jua nse -> xvdd
lrwxrwxrwx. ...s /dev/my_disk
ce to query the Udev database for the symlinks for
riainfo
i
l
d. Use the udevadm
command
a
o able
s
/dev/xvdd.
r
co sfinfo
er --query=symlink --name=/dev/xvdd
n
#
udevadm
an
juamy_disk
r
t
non the /dev/my_disk symlink.
Remove
4.
a.
The SYMLINK directive names the new symlink for the device.
b.
Run the udevadm trigger command to manually force Udev to trigger rules.
# udevadm trigger
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
5.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s from the menu.
n anOut
jb.uaClick-tLog
r
nonThe following window appears.
c.
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
t 10:
Practices lfor
n
ita Lesson
e
i
Advanced
tud
nim Networking
S
u
o@ e10 this
Chapter
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Practices Overview
In these practices, you do the following:
Configure network bonding by using the GUI and the command line
Explore network bonding interface configuration
Configure 802.1q VLAN tagging interfaces
Explore 802.1q VLAN tagging interface configuration
Configure a site-to-site VPN
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Assumptions
Tasks
1.
a
s
a
h
The IP address of bond0 is different on your system.
)
o
c ide
r
The bonded interfaces you create in this practice are also
on
the
subnet.
nt
ita de192.168.2
l
i
[dom0]# ifconfig
im Stu
n
u
...
@ this
o...
s
bond0
Link encap:Ethernet
r
e
o
s...
c
u
inet addr:10.150.30.83
n
to
a
...
u
e
j
(
ns ...
s
eth0
Link
encap:Ethernet
e
a
i
c
ar le li
...
o
lo ors Link
abencap:Local Loopback ...
r
c
e
f
s inet addr:127.0.0.1 ...
n
jua...-tran
n
Link encap:Ethernet ...
novif...
...
virbr0
...
virbr1
...
virbr2
...
virbr3
...
2. Log in to host02 by using vncviewer.
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a.
From dom0, determine the VNC port number for host02 by running the xm list l
host02 | grep location command.
For example, if the port number is 5903, enter localhost:5903 and click
Connect.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
is
th
so@
r
d. Click Oracle Student in the list ofousers.
You
are
prompted
for the password.
e
s
c
u
n and click
e. Enter oracle for the Password
to Sign In.
a
u
e
j
( appears.
The GNOME desktop
ns
s
e
a
i
c
r etoldisplay
i
f. Right-click theadesktop
the pop-up menu.
l
o
b
s
r
co sfera
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
3.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
im Stu
n
u
g. From the pop-up menu, click Open in Terminal.
o@ e this
A terminal window appears. ors
us to become the root user.
csu - command
n
h. In the terminal window, useathe
o
t
(jisuoracle.
se
The root password
n
s
e
ria e lic
a
$ su
l
o oracle
b
s
r
a
Password:
co sfer
n
#
ua -tran
jView
the
n network interfaces on host02.
o
n
a. Use the ip addr command to view the network interfaces.
Note that the eth2 and eth3 interfaces do not have IP addresses.
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue ...
link/loopback 00:00:00:00:00:00:00: brd 00:00:00:00:00:00
inet addr:127.0.0.1/8 scope host lo
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:01:02 brd ff:ff:ff:ff:ff:ff
inet 192.0.2.102/24 brd 192.0.2.255 scope global eth0
...
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:02:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.102/24 brd 192.168.1.255 scope global eth1
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
...
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:03:02 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
link/ether 00:16:3e:00:04:02 brd ff:ff:ff:ff:ff:ff
b.
Note that the eth0, eth1, eth2 and eth3 Ethernet network interfaces have
configuration files
# ls /etc/sysconfig/network-scripts
ifcfg-eth0 ...
ifcfg-eth1 ...
ifcfg-eth2 ...
ifcfg-eth3 ...
...
4.
a
s
a
h
c. Use the nmcli con command to view the network connections.
)
o
c configuration
e
r
nt a device.
ita dewith
Note that the eth2 and eth3 connections are notilassociated
nim Stu
# nmcli con
u
is
o@ e thDEVICE
NAME
UUID
TYPE
s
r
co o us eth1
eth1
...
802-3-ethernet
n
t
eth2
... (jua
802-3-ethernet
-e
s
n
s
e
eth3
-ia lic802-3-ethernet
r...
a
eth0
le 802-3-ethernet eth0
o ...
b
s
r
a
o fSettings
er Editor to configure network bonding.
Use thecNetwork
s
n
annetwork icon from the GNOME desktop notification area.
ja.uaClick-tthe
r
drop-down menu includes four Ethernet interfaces and the Network Settings
nonThe
option.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
b. Click the Network Settings option from the drop-down menu.
du Guid
e
The Network Settings Editor appears.
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
d. Click Bond to add a bonded interface.
s
r
co o us
The following window appears.
n
t connection 1.
uaname siseBond
The default Connection
j
(
s name
eisnbond0.
a
The default interface
i
c
r
i
l
o a able
s
r
co sfer
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
e.
Click the Add button to add the slave interfaces to the bond.
The following window appears.
a
s
a
h
)
o
c ide
u
dthe following
u window.
e
G
f. Accept the default Ethernet selection. Click Create to display
r
t
lita den
i
m
tu
ni
S
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
g.
Click the down arrow on the Device MAC address prompt to display the available
Ethernet devices.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
h. Select the eth3
device
l the drop-down list.
a lefrom
o
Click
rabbutton.
orsthe Save
c
e
f
s
n
jua -tran
non
i.
Repeat steps 5e (click Add), 5f (click Create), and 5g (click the down arrow) and
add the eth2 slave interface. Click Save and the following window appears.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
j.
Click the down arrow on the Mode prompt to display the available modes.
The list of modes appears.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
k.
You can designate an interface as Primary to make it the active slave when it is
available.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
l.
Click the IPv4 Settings tab to assign an IPv4 address to the bonded interface.
The following window appears.
Change the Method to Manual.
Click Add to add the following Address information:
Address: 192.168.2.12
Netmask: 24
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Gateway: <empty>
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
m. Click Save to complete configuring network bonding.
You need to click in the Gateway field before Save becomes selectable.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
The Bond (bond0) interface now appears in the Network Settings window.
s
a
h
o) e
c
du Guid
e
r
n. Select the Bond (bond0) option to display the followingta
window. t
n
i
l
e
i
d
Note that the Hardware Address, IP Address, iand
Bond slaves
m
tu are shown.
n
S
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
5.
Note that the new bond0 interface is listed and includes MASTER and state
UNKNOWN.
Note that eth2 and eth3 now include SLAVE and master bond0.
Note that eth2, eth3, and bond0 all have the same MAC address.
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
# ip addr
...
4: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 ...
master bond0 state UP ...
link/ether 00:16:3e:00:03:02 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 ...
master bond0 state UP ...
link/ether 00:16:3e:00:03:02 brd ff:ff:ff:ff:ff:ff
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 ...
state UNKNOWN
link/ether 00:16:3e:00:03:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.12/24 brd 192.168.2.255 scope global bond0
...
b.
a
s
a
h
)
o
c idifcfge
Note that there are network configuration files for the two slave
interfaces,
u
d Gu
e
an e to
ifcfg-eth0 ... (ju
s icens
a
ifcfg-eth1 r...
i
a le l
...
o
rab to view the contents of the ifcfg-Bond_connection_1 file.
ors fcommand
e
c. n
Usecthe cat
s
n
a
jua Note
r
that
the BONDING_OPTS setting has mode=active-backup.
t
n
no Note that the BONDING_OPTS setting also sets the Link Monitoring method to MII
Note that there is a network configuration file for the bonded interface, ifcfgBond_connection_1.
by default.
The Link monitoring frequency is 1 millisecond, and Link up delay and Link down
delay are set to 0 by default.
# cat /etc/sysconfig/network-scripts/ifcfg-Bond_connection_1
DEVICE=bond0
BONDING_OPTS=miimon=1 updelay=0 downdelay=0 mode=active-backup
TYPE=Bond
BONDING_MASTER=yes
BOOTPROTO=none
IPADDR=192.168.2.12
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_PRIVACY=no
NAME=Bond connection 1
UUID=...
ONBOOT=yes
d.
Use the cat command to view the contents of the ifcfg-bond0_slave_1 file.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
e. Use the cat command to viewthe
cocontents
usof the ifcfg-bond0_slave_2 file.
n
o
t
a
Note that MASTERju
is set to theeUUID value in the ifcfg-Bond_connection_1
(
ns
s
file.
e
a
i
c
ar le li
# cat /etc/sysconfig/network-scripts/ifcfg-bond0_slave_2
o
ors ferab
HWADDR=00:16:3E:00:03:02
c
n ans
juaTYPE=Ethernet
tr
NAME=bond0
slave 2
n
noUUID=...
ONBOOT=yes
MASTER=...
SLAVE=yes
f.
Note that the bond and slave connections are now shown.
# nmcli con
NAME
eth1
eth2
eth3
Bond connection 1
bond0 slave 2
bond0 slave 1
UUID
...
...
...
...
...
...
TYPE
802-3-ethernet
802-3-ethernet
802-3-ethernet
bond
802-3-ethernet
802-3-ethernet
DEVICE
eth1
--bond0
eth2
eth3
eth0
g.
...
802-3-ethernet
eth0
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
# ip addr
...
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 ...
state UP
...
Do not log off host02. You use it again in subsequent practices.
i. If necessary, open a new terminal window on dom0.
s
a
h
The root password is oracle.
o) e
c
$ su
du Guid
e
r
Password: oracle
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Use the su - command to become the root user in this new terminal window.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Assumptions
Tasks
1.
a
s
a
h
)
o
c ide
u
d Gu
e
r
View the network interfaces on host01.
ita dent
l
i
m tu
a. Use the ip addr command to view the network
niinterfaces.
S Yours might be different
u
s
i
The IP address for eth1 was obtained
by usinghDHCP.
@
o
rs se t
than the example shown.
o
c
udo not have IP addresses.
interfaces
n
o
Note that the eth2 anda
eth3
t
(ju nse
# ip addr
s
ria e lice
a
1: lo: <LOOPBACK,UP,LOWER_UP>
mtu 65536 qdisc noqueue ...
l
o
b
s
r
ra 00:00:00:00:00:00:00: brd 00:00:00:00:00:00
colink/loopback
e
f
s
n
inet addr:127.0.0.1/8 scope host lo
jua...-tran
no2:n eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc ...
[dom0]# ssh host01
root@host01s password: oracle
Last login: ...
2.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
c.
Note that the eth2 and eth3 connections are not associated with a device.
# nmcli con
NAME
eth1
eth2
eth3
eth0
3.
UUID
...
...
...
...
TYPE
802-3-ethernet
802-3-ethernet
802-3-ethernet
802-3-ethernet
DEVICE
eth1
--eth0
a
s
a
h
)
o
c ide
r
a. Use the nmcli con add command to add a bond connection
t
ta etype.
n
i
l
i
Use the type bond argument to specify a bonded
interface.
im S
tud
n
u
Use the con-name bond0 argument
to specifyithe
s name of the new bond
@
h
o
t
s
connection.
r
e
o
s
c
u
Use the nmcli con add command to add eth2 as a bond-slave connection type.
c.
Use the nmcli con add command to add eth3 as a bond-slave connection type.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
UUID
...
...
...
...
...
...
...
TYPE
802-3-ethernet
802-3-ethernet
802-3-ethernet
802-3-ethernet
802-3-ethernet
bond
802-3-ethernet
DEVICE
eth1
--eth3
eth2
bond0
eth0
s
a
h
Note that a new ifcfg-bond0 file exists.
o) e
c
r
Note that a new ifcfg-bond-slave-eth3 file exists.
ita dent
l
i
# ls /etc/sysconfig/network-scriptsnim
tu
S
u
ifcfg-bond0
...
@ this
o
s
r
ifcfg-bond-slave-eth2 ...o
se
c
u
n... to
ifcfg-bond-slave-eth3
a
u
j
(
se
...
n
s
e
c the contents of the ifcfg-bond0 file.
ria etoliview
f. Use the cat a
command
l
o ab
s/etc/sysconfig/network-scripts/ifcfg-bond0
r
# cat
o
c sfer
n
DEVICE=bond0
an
juaBONDING_OPTS=mode=active-backup
r
t
n
noTYPE=Bond
e.
BONDING_MASTER=yes
BOOTPROTO=none
IPADDR=192.168.2.11
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=bond0
UUID=...
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
ONBOOT=yes
g.
Use the cat command to view the contents of the ifcfg-bond-slave-eth2 file.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
h.
Use the cat command to view the contents of the ifcfg-bond-slave-eth3 file.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
t
ua to view
e
j
(
s
i. Use the ip addr command
the
network interfaces.
n
s
e
a
i
c
li now includes SLAVE and master bond0.
Note that the
areth2leinterface
o
ab interface now includes SLAVE and master bond0.
Note
reth3
orsthat the
c
e
f
sthe new bond0 interface is listed and includes MASTER and state
n athat
n
jua Note
r
UNKNOWN
-t
n
o
n # ip addr
# cat /etc/sysconfig/network-scripts/ifcfg-bond-slave-eth3
TYPE=Ethernet
NAME=bond-slave-eth3
UUID=...
DEVICE=eth3
ONBOOT=yes
MASTER=bond0
SLAVE=yes
...
4: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 ...
master bond0 state UP ...
link/ether 00:16:3e:00:03:01 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 ...
master bond0 state UP ...
link/ether 00:16:3e:00:03:01 brd ff:ff:ff:ff:ff:ff
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 ...
state UNKNOWN
link/ether 00:16:3e:00:03:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.11/24 brd 192.168.2.255 scope global bond0
...
j.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
k.
Use the ip addr command to ensure that the bond0 interface is UP.
# ip addr
...
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 ...
state UP
...
Do not log off host01. You use it again in subsequent practices.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Assumptions
a
s
a
h
)
o
c ide
u
Tasks
d Gu
e
r
1. Test connectivity between the bonded interfaces on host01tand
host02.
a ent
i
l
i
a. From host02, use the ping command to communicate
tudbonded interface on
nim toSthe
u
host01.
o@on host01
thisis 192.168.2.11.
The IP address of the bonded interface
s
r
e
o ofuoutput.
s
Press CTRL-C to exit afternac
few lines
o
t
a
(ju nse
[host02]# ping 192.168.2.11
s
ria e (192.168.2.11)
ice
PING 192.168.2.11
56(84) bytes of data.
l
a
l
o
b
64 bytes
icmp_seq=1 ttl=64 time=...
rs from
a192.168.2.11:
r
o
c
e
f
sfrom 192.168.2.11: icmp_seq=1 ttl=64 time=...
n64 bytes
n
a
jua64 -bytes
r
from 192.168.2.11: icmp_seq=1 ttl=64 time=...
t
n
no64 bytes from 192.168.2.11: icmp_seq=1 ttl=64 time=...
^C
...
b.
From host02, use the netstat -r command to view the route table.
c.
Iface
eth0
eth0
eth1
bond0
From host01, use the ping command to communicate to the bonded interface on
host02.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
of data.
time=...
time=...
time=...
time=...
From host01, use the netstat -r command to view the route table.
If the netstat command is not found, use the yum command to install the nettools package. Answer y to Is this ok.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
ans of /sys/class/net/bond0/.
uanthe-tcontents
jView
r
n network interface contains a directory in /sys/class/net.
o
Each
n
a. From host01, use the cd command to change to the /sys/class/net directory.
[host01]# netstat r
-bash: netstat: command not found
[host01]# yum install net-tools
...
Is this ok [y/d/N]: y
...
Complete!
[host01]# netstat r
Kernel IP routing table
Destination
... Iface
...
192.168.2.0
... bond0
2.
b.
eth1
eth2
eth3
lo
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
ifalias
ifindex
iflink
link_mode
mtu
netdev_group
operstate
power
queues
slave_eth2
slave_eth3
speed
statistics
subsystem
tx_queue_len
e.
a
s
a
h
)
o
c ide
u
f. Use the cat command to view the uevent file.
d Gu
e
r
[host01]# cat uevent
ita dent
l
i
INTERFACE=BOND0
nim Stu
u
IFINDEX=6
o@ e this
s
r
othe bonding
g. Use the cd command to changecto
us directory.
n
o
t
a
Use the ls command
ethe contents of the directory.
(juto display
s
n
s
[host01]# cd ia
bondingce
r
li
a
e
[host01]#
ls
l
o
ors ferab all_slaves_active miimon
active_slave
primary_reselect
c
s
n
arp_interval
mii_status
queue_id
an
juaad_actor_key
r
t
arp_ip_target
min_links
resend_igmp
n
noad_aggregator
ad_num_ports
arp_validate
mode
slaves
[host01]# cat address
00:16:3e:00:03:01
ad_partner_key
ad_partner_mac
ad_select
h.
downdelay
fail_over_mac
lacp_rate
num_grat_arp updelay
num_unsol_na use_carrier
primary
xmit_hash_policy
i.
j.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
k.
l.
3.
a
s
a
h
)
o
[host01]# vi /etc/sysconfig/network-scripts/ifcfg-bond0
c ide
u
d Gu
...
e
r
BONDING_OPTS=mode=active-backup
ita dent(old value)
l
i
BONDING_OPTS=mode=active-backup miimon=120
(new value)
nim Stu
u
isfrom disk.
@ thfiles
b. Use the nmcli command to reload all o
connection
s
r
e
NetworkManager does not monitor
co changes
us to connection files by default.
n
o
t
a
You need to use thisjcommand
to
to reread the connection
e tella NetworkManager
( u nmaking
s
profiles from diskswhenever
change.
e
ria e licreload
[host01]# a
nmcli lcon
o ab
r
orsnmcli
c. Usecthe
to bring down the bond0 connection.
ecommand
f
s
n
an the master interface also stops the slave interfaces.
jua Stopping
r
t
n
[host01]#
nmcli con down bond0
noConnection
bond0 successfully deactivated (d-Bus active ...)
d.
e.
f.
g.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
You can also determine the active slave by viewing the /proc/net/bonding/bond0
file.
On host01, use the cat command to view the active_slave file, which is located in
the /sys/class/net/bond0/bonding directory.
a.
s
a
h
Use the ls command to view the contents of the directory.
o) e
c
[host01]# cd /proc/net/bonding
du Guid
e
r
[host01]# ls
ita dent
l
i
bond0
nim Stu
u
is file.
c. Use the cat command to view the contents
o@ofethethbond0
s
r
Note that Currently Active Slave
co is oeth2.
us
n
t
a
[host01]# cat bond0
ju nse
(Bonding
s
Ethernet Channel
ria e lice Driver: v3.7.1 (April 27, 2011)
a
o abl
s
r
Bonding
co Mode:
er fault-tolerance (active-backup)
f
s
n
Primary
Slave:
None
n
a
juaCurrently
r
t
Active Slave: eth2
nnoMII
Status: up
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Speed: Unknown
Duplex: Unknown
Link Failure Count: 0
Permanent HW addr: 00:16:3e:00:03:01
Slave queue ID: 0
d.
e.
f.
a
s
a
h
)
o
[host01]# cat /var/log/messages
c ide
u
d (eth2):
u link
<date_time> host01 NetworkManager[9730]: <info>
e
G
r
t
disconnected (deferring action for 4 seconds)
ita den
l
i
m
<date_time> host01 kernel: bonding: ibond0: tlink
u status
n disabling
S
u
definitely down for interface eth2,
it
o@ e bond0:
this making interface eth3
<date_time> host01 kernel: rbonding:
s
co o us
the new active one.
n
t
a
<date_time> host01
<info> (eth2): link
uNetworkManager[9730]:
e
j
(
s
n
s
disconnected ia
(calling edeferred action)
c
r
iview
l
a
e
g. Use the cat
command
to
the contents of the bond0 file.
l
o ab
s
r
Note
co thatsnow
er the Currently Active Slave is eth3.
f
n
n that eth2 is down.
anote
jua Also
r
t
n
cat bond0
no[host01]#
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
5.
a.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
b.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ta ent
i
l
i
c. Select the Bond (bond0) interface and click the i-
mbuttontuto dremove the connection.
n
S
u
The window is shown as follows after @
clicking the i-
button.
s
h
o
t
s
or use
c
n
to
a
u
e
j
(
ns
s
e
a
i
c
ar le li
o
ors ferab
c
s
n
jua -tran
non
d.
e.
eth2
eth3
lo
f.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
g.
h.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
i. Use the ip link command to view the links. nim
tu
S
u
@ this
Note that the bond0 entry no longeroexists.
s
r
o noulonger
se include SLAVE or master
Note that the eth2 and eth3
entries
c
n
to
bond0 in their description.
a
u
e
j
(and eth3nsentries have their original MAC addresses.
s
Note that the eth2
e
a
i
c
r
i
l
a
[host02]#
le
o ip alink
b
s
r
...co
er
f
s
n
an <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...
jua4: -eth2:
r
t
link/ether
00:16:3e:00:03:02 brd ff:ff:ff:ff:ff:ff
no5:n eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...
Note that the network configuration file for the bonded interface no longer exists.
Note that the network configuration files for the slaves still exist.
[host02]# ls /etc/sysconfig/network-scripts
ifcfg-bond0_slave_1 ...
ifcfg-bond0_slave_2 ...
ifcfg-eth0 ...
ifcfg-eth1 ...
...
k.
Use the nmcli con delete command to delete the slave connections.
[host02]# nmcli con delete bond0 slave 1
[host02]# nmcli con delete bond0 slave 2
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
l.
DEVICE
eth1
--eth0
6.
Note that the network configuration files for the slaves no longer exist.
[host02]# ls /etc/sysconfig/network-scripts
ifcfg-eth0 ...
ifcfg-eth1 ...
...
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
Remove bond and slave connections on host01.
nim Stu
u
Use the command line to remove the connections.
@ this
o
s
r
a. On host01, use the nmcli con command
to
o
seview the network connections.
c
u
...
...
bond
802-3-ethernet
bond0
eth0
Use the nmcli con delete command to delete the bond and the slave connections.
[host01]# nmcli con delete bond0
[host01]# nmcli con delete bond-slave-eth2
[host01]# nmcli con delete bond-slave-eth3
c.
eth0
d.
802-3-ethernet
eth0
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
...
Note that the network configuration files for the bond and slaves no longer exist.
[host01]# ls /etc/sysconfig/network-scripts
ifcfg-eth0 ...
ifcfg-eth1 ...
ifcfg-eth2 ...
ifcfg-eth3 ...
...
e.
a
s
a
h
)
o
Note that the bond0 directory no longer exists.
c ide
u
d Gu
[host01]# ls /sys/class/net
e
r
a ent
bonding_masters eth0 eth1 eth2 eth3ilitlo
nim Stud
g. Use the cat command to view the /sys/class/net/bonding_masters
file.
u
s
i
@
Note that the file is empty.
so se th
r
o
[host01]# cat /sys/class/net/bonding_masters
c to u
n
a
e of the /proc/net/bonding directory.
h. Use the ls command (
toju
view thescontents
n
s
e
a lisicempty.
Note that the
ridirectory
a
le
o ls a/proc/net/bonding
b
s
[host01]#
r
co sfer
n
jua -tran
non
f.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Assumptions
Tasks
1.
a
s
a
h
)
In this example, the kernel module is not loaded.
o
c ide
u
# lsmod | grep 8021q
d Gu
e
r
t the 8021q
b. If the kernel module is not loaded, use the modprobeilcommand
ita detonload
kernel module.
nim Stu
u
Use the lsmod command to ensure 8021q
his
o@ eis tloaded.
s
r
# modprobe 8021q
co o us
n
# lsmod | grep 8021q
ua se t
j
(
8021q
20082s
0 en
a
i
r
ic
l
a
...
e
l
so rab
r
o
c sfe
n
a
ju -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
2.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
tu
b. Click the Network Settings option from the drop-down
nim menu.
S
u
The Network Settings Editor appears.
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
c.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
d. Click VLAN to add a VLAN connection.
s
r
co o us
The following window appears.
n
t connection 1.
uaname siseVLAN
The default Connection
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
sscreen as follows.
n athe
n
je.ua Update
r
-t Connection name: to vlan-eth0.100.
Change
n
o
n Click the Parent interface: down arrow and select eth0
(00:16:3E:00:01:02).
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
n ans
jf.uaClick-tthe
r IPv4 Settings tab to assign an IPv4 address to the VLAN interface.
n
no Change the Method to Manual.
Address: 192.168.100.2
Netmask: 24
Gateway: <empty>
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
n ans
jg.uaClick-tSave
r to complete configuring VLAN tagging.
n
no The VLAN (eth0.100) interface now appears in the Network Settings window.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
h.
3.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ta ent
i
l
i
i. Click the X in the top-right corner to close the window.
im Stud
n
u
View the network interfaces on host02.
@ this
oprotocol
s
a. Use the ip addr command to view
the
r
o
se addresses for the network devices.
c
u
n exists.
Note that the eth0.100adevice
to
u
e
j
( MAC
Note that the eth0.100
nsaddress is the same as the eth0 MAC address.
s
e
a
i
c
li
ar192.168.100.2/24
Note that the
IPv4 address is assigned to the eth0.100
e
l
o
b
s
device.
r
o fera
c
s
n
# ip addr
jua...-tran
no2:n eth0: ...
link/ether 00:16:3e:00:01:02 brd ff:ff:ff:ff:ff:ff
inet 192.0.2.102/24 brd 192.0.2.255 scope global eth0
...
7: eth0.100@eth0: ...
link/ether 00:16:3e:00:01:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.2/24 brd 192.168.100.255 scope ... eth0.100
...
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Note that the eth0.100 device is associated with the vlan-eth0.100 connection.
# nmcli dev
NAME
eth0
eth1
eth0.100
...
c.
TYPE
ethernet
ethernet
vlan
STATE
connected
connected
connected
CONNECTION
eth0
eth1
vlan-eth0.100
UUID
...
...
...
TYPE
vlan
802-3-ethernet
802-3-ethernet
DEVICE
eth0.100
eth0
eth1
a
s
a
h
)
o
c iddirectory.
e
u
d. Use the ls command to view the /etc/sysconfig/network-scripts/
d Gu
e
r
Note that there is a network configuration file for theitVLAN
interface,
a ent ifcfg-vlanl
i
eth0.100.
im Stud
n
u
# ls /etc/sysconfig/network-scripts
o@ e this
ifcfg-eth0
... ors
c to us
ifcfg-eth1
...
n
a
(ju ...nse
ifcfg-lo
s
e
ifcfg-vlan-eth0.100
ria e lic...
a
l
... rso
b
a
co sfcommand
er
e. n
Use the cat
to view the contents of the ifcfg-vlan-eth0.100 file.
n
a
jua Note
r
-t that the DEVICE setting is eth0.100.
n
o
n Note that the PHYSDEV setting is eth0.
# cat /etc/sysconfig/network-scripts/ifcfg-vlan-eth0.100
VLAN=yes
TYPE=Vlan
DEVICE=eth0.100
PHYSDEV=eth0
VLAN_ID=100
REORDER_HDR=0
BOOTPROTO=none
IPADDR=192.168.100.2
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=vlan-eth0.100
UUID=...
ONBOOT=yes
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you:
Assumptions
Tasks
1.
2.
a
s
a
h
)
In this example, the kernel module is not loaded.
o
c ide
u
# lsmod | grep 8021q
d Gu
e
r
t the 8021q
b. If the kernel module is not loaded, use the modprobeilcommand
ita detonload
kernel module.
nim Stu
u
Use the lsmod command to ensure 8021q
his
o@ eis tloaded.
s
r
# modprobe 8021q
co o us
n
# lsmod | grep 8021qa
t
u
e
j
(
s
8021q
20082s
0 en
a
i
r
ic
l
...
a
e
l
b VLAN interface and view the results.
so anra802.1Q
r
On host01,
create
o
c
e
f
n anmcli
ns con add command to create the VLAN interface.
ja.uaUse-tthe
r
the type vlan argument to specify an 802.1q tagged virtual LAN interface.
nonUse
Use the con-name vlan-eth0.100 argument to specify the name of the new
VLAN connection.
Use the ifname eth0.100 argument to specify the interface to bind the
connection to.
Use the dev eth0 argument to specify the parent device this VLAN is on.
b.
Use the ip addr command to view the protocol addresses for the network devices.
Note that the eth0.100 MAC address is the same as the eth0 MAC address.
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
a
s
a
# nmcli dev
h
)
o
c ide
NAME
TYPE
STATE
CONNECTION
u
d eth0Gu
eth0
ethernet
connected
e
r
nt
ita devlan-eth0.100
eth0.100
vlan
connected
l
i
...
nim Stu
u
is
othe@network
d. Use the nmcli con command to view
thconnections.
s
r
e
coconnection
us is listed.
Note that the vlan-eth0.100
n
o
t
a
# nmcli con
(ju nse
s
NAME
DEVICE
ria e lUUID
ice TYPE
a
l
vlan-eth0.100
vlan
eth0.100
so rab ...
r
o
c sfe
eth0
...
802-3-ethernet
eth0
n
n
a
ju ...-tra
n
e.no
Use the ls command to view the /etc/sysconfig/network-scripts/ directory.
Note that the eth0.100 device is associated with the vlan-eth0.100 connection.
Note that there is a network configuration file for the VLAN interface, ifcfg-vlaneth0.100.
# ls /etc/sysconfig/network-scripts
ifcfg-eth0
...
ifcfg-eth1
...
...
ifcfg-vlan-eth0.100 ...
...
f.
Use the cat command to view the contents of the ifcfg-vlan-eth0.100 file.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you:
Test connectivity between the VLAN interfaces on host01 and host02
Assumptions
s
a
h
Test connectivity between the VLAN interfaces on host01 and host02. co)
d
u
i
a. From host02, use the ping command to communicate to theeVLAN
d interface
u on
G
r
host01.
t
ta en
li192.168.100.1.
i
The IP address of the VLAN interface on host01
is
m
tud
ni
S
u
Press CTRL-C to exit after a few lines@
of output. is
o
th
s
r
e
[host02]# ping 192.168.100.1
o
c to us 56(84) bytes of data.
n
PING 192.168.100.1 (192.168.100.1)
a
(ju nse icmp_seq=1 ttl=64 time=...
64 bytes from 192.168.100.1:
s
ce
ria192.168.100.1:
i
l
64 bytes from
icmp_seq=1 ttl=64 time=...
a
e
l
o
b
64 bytes
icmp_seq=1 ttl=64 time=...
ra192.168.100.1:
ors from
c
e
f
n64 bytessfrom 192.168.100.1: icmp_seq=1 ttl=64 time=...
jua^C -tran
n
no...
Tasks
1.
b.
From host02, use the netstat -r command to view the route table.
c.
From host01, use the ping command to communicate to the VLAN interface on
host02.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
From host01, use the netstat -r command to view the route table.
2.
a
s
a
h
)
o
c ide
r
You first observe traffic on the VLAN interface, eth0.100,
where
ita denyout do not see
l
i
VLAN tags.
im where
tu you do see VLAN tags.
neth0,
S
You next observe traffic on the parent interface,
u
o@ e this
a. On host02, open a second terminalrwindow.
s
co theoroot
ususer in this second terminal.
l
le
o oracle
b
Password:
s
r
a
co sfer
[host02]#
n
an
jc.uaIn this
r
t
second terminal window, enter the following tcpdump command.
nonUse the -e option to view the Ethernet header, which includes the 802.1Q tags.
d.
On host02, in the first terminal window, use the ping command to communicate to the
VLAN interface on host01.
...
e.
In the second terminal window on host02, view the output of the tcpdump command.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
f.
In the second terminal window on host02, press CTRL-C to exit the tcpdump
command.
a
s
a
... 00:16:3e:00:01:01 (oui Unknown) > 00:16:3e:00:01:02h (oui
o) e >
Unknown), ethertype IPv4 (0x0800), length 98: 192.168.100.1
c
G
r
...
ita dent
l
i
^C
im Stu
n
u
... packets captured
o@ e this
s
... packets received by filter
r
co o us
On host02, in the first terminal window, use the ping command to communicate to the
VLAN interface on host01.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
i.
Note that you see the tagged 802.1Q packets (vlan 100 is in bold font in the sample
output).
... 00:16:3e:00:01:02 (oui Unknown) > Broadcast, ethertype
802.1Q (0x8100), length 46: vlan 100, p 0, ethertype ARP,
Request who-has 192.168.100.1 tell 192.168.100.2, length 28
... 00:16:3e:00:01:01 (oui Unknown) > 00:16:3e:00:01:02 (oui
Unknown), ethertype 802.1Q (0x8100), length 46: vlan 100, p 0,
ethertype ARP, Reply 192.168.100.1 is at 00:16:3e:00:01:01 (oui
Unknown), length 28
...
a
s
a
h
)
o
c ide
u
d Gu
e
r
ttcpdump
n
itato exit
l
j. In the second terminal window on host02, press CTRL-C
the
e
i
command.
nim Stud
u
is
@ >th00:16:3e:00:01:02
... 00:16:3e:00:01:01 (oui Unknown)
(oui
o
s
r
e
Unknown), ethertype 802.1Q
(0x8100),
length
46:
vlan
100,
0,
o
c to us is at 00:16:3e:00:01:01p(oui
ethertype ARP, Replyan
192.168.100.1
ju nse
Unknown), length (28
s
...
ria e lice
a
o abl
^C
s
r
ercaptured
...co
packets
f
s
n
an received by filter
jua...-tpackets
r
n packets dropped by kernel
no...
k.
3.
Click the X in the upper-right corner of the second terminal window to close the
window.
Click Close Terminal if prompted.
View the contents of /sys/class/net/eth0.100/.
a.
eth1
eth2
eth3
lo
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
flags
ifalias
ifindex
iflink
link_mode
mtu
netdev_group
operstate
power
queues
speed
statistics
...
...
...
...
d.
4.
a
s
a
h
)
e. Use the cat command to view the uevent file.
o
c ide
u
d Gu
Sample output is shown. The IFINDEX value might be different.
e
r
[host01]# cat uevent
ita dent
l
i
DEVTYPE=vlan
nim Stu
u
INTERFACE=eth0.100
o@ e this
s
r
IFINDEX=8
co o us
n
t
a
View the /proc/net/vlanju
directory.
e
(
s
s cd command
a. From host01, use
the
en to change to the /proc/net/vlan directory.
a
i
c
r
i
l
Use theolsacommand
le to view the contents of the directory.
b
s
r
a
[host01]#
co sfcd
er /proc/net/vlan
n
an ls
jua[host01]#
r
t
n
eth0.100
noconfig
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Ingress traffic originates from outside of the networks routers and proceeds toward
a destination inside of the network.
[host01]# cat eth0.100
eth0.100 VID: 100
REORDER_HDR: 1 dev->priv_flags: 1
total frames received
11
total bytes received
700
Broadcast.Multicast Rcvd
0
total frames transmitted
total bytes transmitted
Device: eth0
INGRESS priority mappings: 0:0
EGRESS priority mappings
5.
19
1382
1:0
2:00
3:0
4:0
5:0
...
a
s
a
h
)
o
[host01]# nmcli con
c ide
u
d Gu
NAME
UUID
TYPE
DEVICE
e
r
t
eth0
...
802-3-ethernet
n
ita eth0
l
e
i
...
nim Stud
u
vlan-eth0.100
...
vlan
eth0.100
o@ e this
s
r
s the vlan-eth0.100 connection.
b. Use the nmcli con delete command
co o toudelete
n
t
a
[host01]# nmcli con
evlan-eth0.100
(ju delete
s
n
s
a command
c. Use the nmcliricon
ce to view the network connections.
i
l
a
leconnection no longer exists.
o the VLAN
Note s
that
b
r
a
co sfnmcli
er con
[host01]#
n
an
UUID
TYPE
DEVICE
juaNAME
r
t
n
...
802-3-ethernet
eth0
noeth0
...
d.
e.
Note that the network configuration file for the VLAN interface no longer exists.
[host01]# ls /etc/sysconfig/network-scripts
ifcfg-eth0 ...
...
Use the ip link command to view the links.
f.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
[host01]# ls /sys/class/net
bonding_masters eth0 eth1
g.
eth2
eth3
lo
h.
6.
s
a
Remove VLAN interface on host02.
h
)
odetails.
d
u
i
d Gu
a. Click the network icon from the GNOME desktop notificatione
area.
r
t
n
itaoption.
The drop-down menu includes the Network Settings
l
e
i
b. Click the Network Settings option from the menu.
nim Stud
u
The Network Settings Editor appears,
includes
his the VLAN (eth0.100)
o@which
t
s
r
e
interface.
o
c
us
n
o
c. Click the VLAN (eth0.100)
entry.
t
a
(ju nse
s
ria e lice
a
o abl
s
r
co sfer
n
jua -tran
non
d.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
e. Click the X in the top-right corner to close the window.
im Stu
n
u
f. Use the nmcli con command to view the
connections.
is
@network
h
o
t
s
r
e
Note that the VLAN connectionono longers
exists.
c
u
n
o
[host02]# nmcli con a
t
u
e
j
(
s
NAME
DEVICE
n TYPE
s UUID
e
a
i
c
r
i
l
eth0
802-3-ethernet
eth0
o a able ...
... ors
c scommand
er to view the /etc/sysconfig/network-scripts/ directory.
f
g. an
Use the ls
an
ju Note
r
t
n that the network configuration file for the VLAN interface no longer exists.
no[host02]#
ls /etc/sysconfig/network-scripts
ifcfg-eth0
...
h.
...
i.
eth2
eth3
lo
j.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
[host02]# ls /proc/net/vlan
config
k.
7.
In preparation for the next practice, power off host01, host02, and host03.
a. From host01, use the systemctl command to power off host01.
[host01]# systemctl poweroff
a
s
a
[host02]# systemctl poweroff
h
)
o
c ide
c. From dom0, use the xm shutdown -w command to power off host03.
u
d Gu
e
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
Overview
In this practice, you:
Explore and start the vpn-host1 and vpn-host2 virtual machines
Generate RSA authentication keys for vpn-host1 and vpn-host2
Assumptions
s
a
You are the root user on dom0.
h
o) e
c
The host01, host02, and host03 virtual machines are shut down.
id
du
e
The vpn-host1 and vpn-host2 virtual machines exist on your
system.Gu
r
t
n
ita configuration.
l
e
i
The following describes the vpn* virtual machines network
nim Stud
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
Tasks
1.
Use the cat command to view the vm.cfg file for vpn-host1.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
n ans
jc.uaUse-tthe
r xm create command to start the vpn-host1 virtual machine.
n
no[dom0]# xm create vm.cfg
2.
Use the cat command to view the vm.cfg file for vpn-host2.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
builder = hvm
memory = 1536
boot = cd
disk = [ file:/OVS/running_pool/vpn-host2/system.img,hda,w,
file:/OVS/seed_pool/OracleLinux-R7-U1-Server-x86_64dvd.iso,hdc:cdrom,r]
vif = [ mac=00:16:3e:00:01:02, bridge=virbr0,
mac=00:16:3e:00:02:02, bridge=virbr1,
mac=00:16:3e:00:04:02, bridge=virbr3]
device_model = /usr/lib/xen/bin/qemu-dm
kernel = /usr/lib/xen/boot/hvmloader
vnc = 1
vncunused=1
vcpus = 1
timer_mode = 0
apic = 1
acpi = 1
pae = 1
serial = pty
on_reboot = restart
on_crash = restart
usb = 1
usbdevice = 'tablet'
3.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
scommand
ento start the vpn-host2 virtual machine.
a
i
c
c. Use the xm create
r
i
l
le vm.cfg
oxmacreate
b
s
[dom0]#
r
a
covpn-host1
erby using vncviewer.
f
s
n
Log
in
to
an determine the VNC port number for vpn-host1 by running the following
ja.uaFrom-trdom0,
noxmnlist command.
[dom0]# xm list l vpn-host1 | grep location
(location 0.0.0.0:5902)
(location 3)
The sample shown indicates that the port number is 5902. This might not be true in
your case.
b. From dom0, run the vncviewer& command.
[dom0]# vncviewer&
The VNC Viewer: Connection Details dialog box appears.
c. Enter localhost:<port_number>, substituting the port number displayed from the
previous xm list l vpn-host1 | grep location command.
For example, if the port number is 5902, enter localhost:5902 and click
Connect.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
The GNOME login screen appears. You might need to press ENTER to display the
login screen.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
ors ferab
c
s
n
jua -tran
non
d.
e.
Click Oracle Student in the list of users. You are prompted for the password.
Enter oracle for the Password and click Sign In.
f.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
4.
s
a
h
o) e
c
du Guid
e
r
ita dent
l
i
nim Stu
u
@ this
o
s
g. From the pop-up menu, click Open
in
Terminal.
r
o
se
c
u
n
A terminal window appears.
to
a
u
e
j
( use thensus - command to become the root user.
h. In the terminal window,
s
a
i
ce
r eislioracle.
The root a
password
o asubl
s
r
[vpn-host1]$
co sforacle
er
n
Password:
an
jua[vpn-host1]#
r
t
non a new RSA authentication key for vpn-host1.
Generate
5.
[dom0]$ su
Password: oracle
[dom0]#
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
Determine the VNC port number for vpn-host2 by running the following xm list
command.
[dom0]# xm list l vpn-host2 | grep location
(location 0.0.0.0:5903)
(location 3)
The sample shown indicates that the port number is 5903. This might not be true in
your case.
d. Run the vncviewer& command.
[dom0]# vncviewer&
The VNC Viewer: Connection Details dialog box appears.
e. Enter localhost:<port_number>, substituting the port number displayed from the
previous xm list l vpn-host2 | grep location command.
a
s
a
h
)
o
d
u
i
d Gu
Connect.
e
r
The GNOME login screen appears. You might need
nt to display the
ittoapressdeENTER
l
i
login screen.
im Stu
n
u
f. Click Oracle Student in the list of users.@
You are prompted
is for the password.
h
o
t
s
g. Enter oracle for the Password and
or click Sign
seIn.
c
u
n
The GNOME desktop appears.
to
a
u
e
j
(to display
h. Right-click the desktop
nsthe pop-up menu.
s
e
a
i
c
li Open in Terminal.
i. From the pop-up
click
ar menu,
e
l
o
rs window
Ao
terminal
rab appears.
c
e
f
s window, use the su - command to become the root user.
j. n
In the terminal
n
a
jua The
r
-t root password is oracle.
n
o
n [vpn-host2]$ su
Password: oracle
[vpn-host2]#
6.
7.
b.
Use ipsec showhostkey --left to display host key on left host, vpn-host1.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
c. Select leftrsasigkey=<string> and copy it into the buffer.
o
c ide
u
Highlight the string as shown.
d Gu
e
r
twindow menu.
With the string highlighted, select Edit > Copy fromitthe
a terminal
n
l
e
i
[vpn-host1]# ipsec showhostkey --left
nim Stud
u
ipsec showhostkey loading secrets
from i"/etc/ipsec.secrets"
th s
so@sefrom
r
ipsec showhostkey loadingosecrets
c to u
"/etc/ipsec.d/www.example.com.secrets"
n
a
e
ipsec showhostkey(ju
loaded sprivate
key for keyid:
n
s
e
a
PPK_RSA:AQOuaErmq
i
c
r e li
arsakey
#
l AQOuaErmq
o
b
s
r
a
leftrsasigkey=0sAQOuaErmqqXZqWP/5tXPI2xXqR/qq8TPyGUnoUQ+rCkHy+WK
co sfer
n
q14MrCcmPaHDVZfMIoRAN4Mot2k2535sHnc+SkWxaDyjueGKczTndALmck0eXXWa
an
juaWgcfNS94rH9wtleQuZXmTlnSQvW8kiHO1N1o22NrCRYZF8zrpQTNFC1WNAiO2qxW
r
t
n
noZSgdJn2q9iW6MFq0804AsNKI9QrrpC1n7xXyDrWhi+v5B73C0ly4/uYeNIotyK9C
ImM713QK3MUpZOSNnRiACIQYw8aX+YEKSgjPU3+nEHp243QeUVraIf5LE0cKtTQu
S3Ur1cgZfQZCFX1rGyHqD/ZtUyzL9Fvo5j04kjnZgJTywr4f0Tmw7a+2QJPIQQ52
iOv1jnV5WzbKB2zpDICsCzRZ7yVaK7MXrDxvbNss8gjXjK5BXgFLcVlFh/eJgcji
/AUK0S1vqXdYiJjWtZpjznRTDyE7+jqgLsSi0jY5y7i4dYhD+I0RujzTuv6z7ObD
+yLYpa/DoXQFMrFjB3kz9L+uqz7TtmwCthNdCJVJjnKL0jBIZ7IfVqBvIJoS5nra
WYbF/thUq7C6ziHML8AL2tUcx5wIne28ijJOT2LfjeU=
d.
e.
f.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
imit intoSthe
g. Select the rightrsasigkey=<string> and n
copy
tu buffer.
u
Highlight the string as shown.
o@ e this
s
r
With the string highlighted, select
> Copy
s from the terminal window menu.
co Edit
u
n
o
t --right
a
[vpn-host2]# ipsecushowhostkey
e
j
(
s
ipsec showhostkey
s loading
en secrets from "/etc/ipsec.secrets"
a
i
c
r
i
l
ipsec showhostkey
o a able loading secrets from
s
"/etc/ipsec.d/www.example.com.secrets"
r
co sfer
ipsec showhostkey
loaded private key for keyid:
n
n
a
juaPPK_RSA:AQPXXwWB4
r
-t # rsakey AQPXXwWB4
n
o
n rightrsasigkey=0sAQPXXwWB4r62JUqcItOtIps5GIkOxOe0n51jZ/09Sra5Qth
hlc0WaapVjycZIgDj3tVE4h/UCpBGZbE1MZ7u8DRZjrcv3aXF2CSESJcW8w0hoOD
9SUh3ZvDt1OE5bBWtM7moeJ2iY9rM0OqigRfIMeMKw0ZFdglxGGmuvfWtJrD886c
GYUFTP3K3+1zblg9vlcoOGdfb5jy03jAHgBC2waC1YYAZFQOcHp9XBGVzPq8VkXZ
AnECA8VtPuyExBXt/GBGUgJOdrLjG/HHtweLlqgB3hmy5NZhYiyS8UVpC7RBLpWG
OotjmM2dupw+voGP38bWy8K51T8wfRQbfsbUd84Ga6R7676ZKSZXBSMyDsLrsWl6
e1tf9sShJ9E6YZ3ZqSt1FsR8zMlArQhE2gfp+InlQAp1Q7v8TUODy0z1bih407o0
nsYGFXwB9izXGNGrvxoKgvzgleRj7ROP6DAls/8aXdir0N0que975Rc01YM2o0sj
nWwQq124YvenLn1RCbH5fq5NF6V29U7+B5q/2afL6hCvfmQ==
h.
You are going to paste the contents of the buffer into this temporary file and then
append the contents to the /etc/ipsec.conf file on vpn-host1.
[vpn-host2]# vi right
i.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
j.
Select Edit > Paste from the terminal window menu to past the contents of the
buffer into the file.
Press Esc to exit insert mode.
Save and close the right file.
From vpn-host2, use the sftp command to copy the right file to vpn-host1.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nitomcopyStheturight file.
k. From the sftp> prompt, use the put command
u
o@command
After the copy is complete, use thesquit
thisto exit sftp.
r
e
co o us
sftp> put right
n
t ...
a
u/root/right
e
Uploading right to
j
(
s
en
sftp> quit rias
c
i
l
lethe cat command to concatenate the /etc/ipsec.conf file
o a ause
l. From vpn-host1,
b
s
r
o /root/right
er
andcthe
file into a single file.
f
s
n
n
a
ju Use
trathe mv command to rename /etc/ipsec.conf before issuing the cat
n
command.
no The example assumes you are still in the /etc directory.
[vpn-host1]# mv ipsec.conf ipsec.BAK
[vpn-host1]# cat ipsec.BAK /root/right > ipsec.conf
m. Use the cat command to view the updated ipsec.conf file.
The file now includes the leftrsasigkey= string and the rightrsasigkey=
string at the end of the file.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
8.
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
s
o@ e thinithe
Complete the sitetosite connectionrs
configuration
/etc/ipsec.conf file on
o
s
c
u
vpn-host1.
n
to and add the conn sitetosite
a
u
e
j
a. Use the vi editor to edit
/etc/ipsec.conf
ns information before the leftrsasigkey= line.
s ( iIPceaddress
a
parameter and rthe
left
i
a lestartl with left, including the leftrsasigkey= line.
o
Indentsall
lines that
r erab
conot
n Do
exit
f the vi editor until step 9d.
s
n
a
ju [vpn-host1]#
vi /etc/ipsec.conf
tra
n
o
n ...
#include /etc/ipsec/d/*.conf
conn sitetosite
leftid=192.168.1.101
left=192.168.1.101
leftsourceip=192.168.2.101
leftsubnet=192.168.2.0/24
leftrsasigkey=...
...
b.
Add the right IP address information after the leftrsasigkey= line and before
the rightrsasigkey= line in the /etc/ipsec.conf file on vpn-host1.
Indent all lines that start with right, including the rightrsasigkey= line.
...
leftrsasigkey=...
rightid=192.168.1.102
Copyright 2015, Oracle and/or its affiliates. All rights reserved.
right=192.168.1.102
rightsourceip=192.168.3.102
rightsubnet=192.168.3.0/24
rightrsasigkey=
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
...
c.
Add the following two lines at the end of the /etc/ipsec.conf file on vpn-host1.
...
authby=rsasig
auto=start
d.
9.
Save the changes made to the /etc/ipsec.conf file and exit the vi editor.
If any errors are returned, the line number is included. Use the vi editor and make the
necessary corrections to the file.
In this example, no errors are returned and the syntax is correct.
a
s
a
h
[vpn-host1]# /usr/libexec/ipsec/addconn --config /etc/ipsec.conf
)
o
c ide
--checkconfig
u
d Guto vpn-host2.
evpn-host1
r
10. Use the sftp command to copy the /etc/ipsec.conf filea
from
t
t
n
i
l
e
i
Include the IP address of vpn-host2, not the hostim
name, asu
andargument.
t
n
S
u
Answer yes when prompted.
o@ e this
s
r
The root users password is oracle.
o
c
us
n
o
[vpn-host1]# sftp 192.0.2.112
t
a
e
ju hostns192.0.2.112
(of
The authenticity
(192.0.2.112) cant be
s
e
a
i
c
established.
r e li
l
o afingerprint
ECDSA rs
key
is ...
b
a
r
o
Arec you sure
fe you want to continue connecting (yes/no)? yes
s
n
n
a
ju Warning:
tra Permanently added 192.0.2.112 (ECDSA) to the list ...
n
noroot@192.0.2.111s password: oracle
Connected to 192.0.2.112.
sftp>
e.
From the sftp> prompt, use the put command to copy the /etc/ipsec.conf file to
/etc/ipsec.conf on vpn-host2.
After the copy is complete, use the quit command to exit sftp.
sftp> put /etc/ipsec.conf /etc/ipsec.conf
Uploading /etc/ipsec.conf to /etc/ipsec.conf ...
sftp> quit
b.
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
You could add rules to trust the ipsec protocols. libreswan requires the firewall to
allow the following packets:
a.
a
s
a
b. On vpn-host2, use the systemctl command to stop the firewalld service.
h
)
o
c ide
[vpn-host2]# systemctl stop firewalld
u
d Gu
e
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
d.
netstat rn
Gateway
...
192.0.2.1 ...
0.0.0.0
...
0.0.0.0
...
0.0.0.0
...
Iface
eth0
eth0
eth1
eth2
s
a
h
Press CTRL-C to kill the ping command.
o) e
c
du Guid
[vpn-host2]# ping 192.168.2.101
e
r
t data.
PING 192.168.2.101 (192.168.2.101) 56(84)
of
n
itabytes
l
e
i
CTRL-c
nim Stud
u
@vpn-host2.
14. Start the ipsec service on both vpn-host1oand
this
s
r
e
a. On vpn-host1, use the systemctl
co command
us to start the ipsec service.
n
o
t
a
[vpn-host1]# systemctl
e ipsec
(ju nstart
s
s
b. On vpn-host2, ruse
ia the systemctl
ce command to start the ipsec service.
i
l
a
le
o asystemctl
[vpn-host1]#
start ipsec
b
s
r
r
o
c sfafter
e starting the ipsec service.
15. Testn
connectivity
n
a
ja.u On -vpn-host1,
use the netstat rn command to view the route table.
tra
n
o
n Note that now there is a route to the 192.168.3.0 subnet.
[vpn-host1]#
Destination
0.0.0.0
192.0.2.0
192.168.1.0
192.168.2.0
192.168.3.0
b.
netstat rn
Gateway
...
192.0.2.1 ...
0.0.0.0
...
0.0.0.0
...
0.0.0.0
...
0.0.0.0
...
Iface
eth0
eth0
eth1
eth2
eth1
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
c.
netstat rn
Gateway
...
192.0.2.1 ...
0.0.0.0
...
0.0.0.0
...
0.0.0.0
...
0.0.0.0
...
Iface
eth0
eth0
eth1
eth1
eth2
a
s
a
h
)
o
c ide
u
d Gu
e
r
d. From vpn-host2, use the ping command to test connectivity
to
t
ta e192.168.2.101.
n
i
l
i
Note that now you can ping this address.
im Stud
n
u
Press CTRL-C to kill the ping command.
@ this
o
s
r
[vpn-host2]# ping 192.168.2.101
o
se
c
u
n
PING 192.168.2.101 (192.168.2.101)
56(84) bytes of data.
to
a
u
e
j
(
s
64 bytes from 192.168.2.101:
icmp_seq=1
ttl=64 time=...
n
s
e
a
i
c
li
64 bytes from
icmp_seq=2 ttl=64 time=...
ar 192.168.2.101:
e
l
o
b
64 bytes
icmp_seq=3 ttl=64 time=...
rs from
a192.168.2.101:
r
o
c
e
f
nCTRL-cans
je.uaFrom-trvpn-host2,
use the ipsec auto --status command to view current
n
status.
noconnection
Unauthorized reproduction or distribution prohibited Copyright 2016, Oracle and/or its affiliates
a
s
a
h
)
o
c ide
u
d Gu
e
r
ita dent
l
i
nim Stu
u
o@ e this
s
r
co o us
n
ua se t
j
(
s icen
a
i
r
a le l
o
rs vpn-host1
rab and vpn-host2 virtual machines.
othe
16. Shut down
c
e
f
n ans use the systemctl poweroff command to shut down vpn-host2.
ja.uaFrom-trvpn-host2,
n
systemctl poweroff
no[vpn-host2]#
b.
From vpn-host1, use the systemctl poweroff command to shut down vpn-host1.