Category: linux

Directory structure in Linux

We are going to see Directory structure in Linux/ Unix and what was the use of those directories.

Directory structure in Linux

/: Root

Root is a parent directory for all the directories and files.

Each and every directories and files will comes under root only.

Only root user only will do any changes in this directory.

For root user /root is the home directory and for others home directory will comes under /home

/home

All the users home directory will be created under /home to store their files. Ex: /home/user

/boot

This directory contains boot loader information.

Boot loader file contains kernel and initramfs image details.

/bin

Contains all the executable binary files which are

commands which we are using in linux/unix.

/sbin

/sbin also contains binary files like same as /bin.

But, this commands are typically used by system administrator.

/etc

Contains configuration files of all the application/programs used in Linux/Unix.

and startup scripts also stored in this location.

/dev

This directory contains all the device files and drivers as well. Like CD Drive, HDD, USB, tty

/tmp

This directory is for temporary use only. All the temps files and directories stored here  which is created by user or system.

Files will be deleted after reboot of the system.

/opt 

Stands for optional.

This directory contains applications installed which all are separate vendor.

/var

Contains all the variable files and logs and  this can be grow in future based on the usage.

Ex:  /var/log/dmesg, /var/log/secure,etc…

/mnt

This will be used to mount devices temporary purpose.

/usr

This directory contains libraries, variables, binaries. /usr/bin directory contains binary files for user level programs and /usr/sbin contains binary files foe system administrator levels.

 

 

Help command and Data Types in Python

In this post we are going to see Help command and Data Types in Python.

Use help along with command which you want need to know more that command.

Here is the example:

Below command will shows the help about print command.

[root@server ~]# python
Python 2.7.5 (default, Aug 2 2016, 04:20:16)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> help ('print')

 

Data types:

  1. Numbers
  2. Strings
  3. Lists
  4. Tuple
  5. Dictionary

Numbers:

Three types of numbers data type available in Python.

Integers: 10

Floating point: 2.1, 3.45

Complex numbers: (4+1J), (3.6 – 5.4a).

Python installation in Linux/Unix

In RedHat by default python installed. We are going to see the Python installation in Linux/Unix.

First we have to prepare our system to install Python.

Preparing system:

login as root user, as its a administrator and having full privileges.

Use subscription-manager to know whether you have access to RedHat software repository or not.

[root@server ~]# subscription-manager repos --list-enabled

if you don’t see any repository enabled, than your machine not registered or not having subscription.

Now update using yum command.

[root@server ~]# yum update

Once you executed the above command with valid subscription, all the packages will get updated in your OS.

Now setup your environment:

As you aware already, we are going to use yum to install and check Python package.

Check whether python installed or not using yum.

[root@server ~]# yum list installed | grep python

If the package not installed, use below command to install python.

[root@server ~]# yum install python

above command will ask your confirmation to proceed install. Simply type  and press enter.

Once executed above command, again check whether its installed or not.

[root@server ~]# yum list installed | grep python

Use python  command to run python in interactive mode.

[root@server ~]# python
Python 2.7.5 (default, Aug 2 2016, 04:20:16)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> quit()
[root@server ~]#

Finally we installed python in linux.

Creating a new filesystem in Linux/Unix

We are going to see  creating a new filesystem in Linux/Unix and especially in RHEL7.

As a first step we should know how many physical disks available in our machine and available free space in those disks.

For that we can use below commands. fdisk command will list all the physical disks with partitions and size of the disk.

[root@server ~]# fdisk -l

Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x00060f18

Device Boot Start End Blocks Id System
/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 17803263 8388608 83 Linux
/dev/sda3 17803264 21997567 2097152 83 Linux
/dev/sda4 21997568 41943039 9972736 5 Extended
/dev/sda5 21999616 30388223 4194304 82 Linux swap / Solaris
/dev/sda6 30390272 41943039 5776384 8e Linux LVM

Disk /dev/sdb: 8589 MB, 8589934592 bytes, 16777216 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x1f51ec05

Device Boot Start End Blocks Id System
/dev/sdb1 2048 12584959 6291456 8e Linux LVM
/dev/sdb2 12584960 16777215 2096128 8e Linux LVM

Disk /dev/sdc: 8589 MB, 8589934592 bytes, 16777216 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

df command will list the free space in the mentioned disk

[root@server ~]# df -h /dev/sdc
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.4G 0 1.4G 0% /dev

We are going to use /dev/sdc disk, as its having free space and none FS created in this.

Use the below command to do changes and create filesystem in this disk

[root@server ~]# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x52240e5b.

Command (m for help):

Once you executed fdisk command with disk name(/dev/sdc), you will get in to the fdisk tool to do changes and it will show like above. type ‘m’ and press enter to get to know the keys which will be helpful in this tool

[root@server ~]# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x52240e5b.

Command (m for help): m
Command action
 a toggle a bootable flag
 b edit bsd disklabel
 c toggle the dos compatibility flag
 d delete a partition
 g create a new empty GPT partition table
 G create an IRIX (SGI) partition table
 l list known partition types
 m print this menu
 n add a new partition
 o create a new empty DOS partition table
 p print the partition table
 q quit without saving changes
 s create a new empty Sun disklabel
 t change a partition's system id
 u change display/entry units
 v verify the partition table
 w write table to disk and exit
 x extra functionality (experts only)

Now we are going to create a filesystem/partition. So for that type  to create new filesystem. Once pressed enter you will get prompt to select the partition type. Select Primary.

Than provide the partition number or else just press enter to take default value.

First Sector:  Provide the sector value, from there only filesystem/partition will start.

Last Sector:  Finally we have to provide the last sector value where the filesystem/partition will get end or in number value with G(GB),M(MB),K(KB). For best practise we can use the number value with like this +4G and than press enter to complete it.

Command (m for help): n
Partition type:
 p primary (0 primary, 0 extended, 4 free)
 e extended
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-16777215, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-16777215, default 16777215): +4G
Partition 1 of type Linux and of size 4 GiB is set

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

and now type  and press enter to save the changes and quit from the fdisk.

We created partition in physical disk. Use partprobe command to affect the disk changes without restarting the machine in this session.(Note: for hardware changes system restart is must. So here specially we are using this command to avoid machine reboot)

[root@server ~]# partprobe
[root@server ~]# fdisk -l /dev/sdc

Disk /dev/sdc: 8589 MB, 8589934592 bytes, 16777216 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x61352143

Device Boot Start End Blocks Id System
/dev/sdc1 2048 8390655 4194304 83 Linux

We have to format the partition using anyone of the filesystem type(XFS, EXT4,ETX3…).

Note: if you are going to use this partition in LVM, no need to follow the further steps.

As we are using RHEL7, going to use default one which XFS to format.

Command to format the partition using XFS filesystem.

[root@server ~]# mkfs.xfs /dev/sdc1
meta-data=/dev/sdc1 isize=512 agcount=4, agsize=262144 blks
 = sectsz=512 attr=2, projid32bit=1
 = crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=1048576, imaxpct=25
 = sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
 = sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0

After formating need to create a directory to mount this and the directory will act as mount point.

[root@server ~]# mkdir /app

Finally filesystem should be mounted under the created directory to make use it.

We ahev two type in mounting filesystem.

Temporary mount: Will mount the filesystem. But, after restarting mount will be lost. Again we need to mount it.

Permanent mount:  Need to make entry in /etc/fstab file and this mount will not lost even after restarting the machine as well.

Temporary mount:

[root@server ~]# mount /dev/sdc1 /app

Permanent mount:

Open the /etc/fstab file using vi editor and provide the below entry. Save and exit from the file using :wq.

[root@server ~]# vi /etc/fstab

/dev/sdc1 /app xfs defaults 0 0

Use mount command with grep to check the filesystem whether its listing or not.

[root@server ~]# mount | grep /app
/dev/sdc1 on /app type xfs (rw,relatime,seclabel,attr2,inode64,noquota)

Successfully we created a filesystem now.

 

 

Install and managing iptables in Linux/Unix

Will see Install and managing iptables in Linux/Unix

IPTables is a firewall which comes by default with Linux/ Unix and it’s holds a bunch of rules as a chain. Below are some default chains.

INPUT – Incoming network traffic to this machine from outside.

FORWARD – Network traffic going to/  from machine to another side of this firewall.

OUTPUT – Outgoing network traffic from this machine

Rules are kept in a chain with below-mentioned action in order to do action like below.

ACCEPT – To allow incoming traffic from the outside

DROP –        Will drop the packets with no reply to sender

REJECT –     Packet will be dropped and a message sent to the sender with an appropriate message.

Check whether the iptables package installed or not using the command.

[root@server ~]# rpm -qa | grep iptables
iptables-devel-1.4.21-17.el7.x86_64
iptables-1.4.21-17.el7.x86_64
iptables-services-1.4.21-17.el7.x86_64

If the package not installed use yum to install it like below.

Note: yum package manager should be installed to use it.

[root@server ~]# yum install iptable*

Now enable the iptables permanently in this run level

[root@server ~]# systemctl enable iptables
 Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

Command to start and check the status of the iptables:

[root@server ~]# systemctl start iptables

[root@server ~]# systemctl status iptables
 ● iptables.service - IPv4 firewall with iptables
 Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
 Active: active (exited) since Sun 2017-10-29 09:20:21 IST; 5s ago
 Process: 2331 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 2331 (code=exited, status=0/SUCCESS)

Oct 29 09:20:21 server systemd[1]: Starting IPv4 firewall with ipta....
 Oct 29 09:20:21 server iptables.init[2331]: iptables: Applying firew...
 Oct 29 09:20:21 server systemd[1]: Started IPv4 firewall with iptables.
 Hint: Some lines were ellipsized, use -l to show in full.

To check default configuration of iptables use below command.

[root@server ~]# iptables -L
 Chain INPUT (policy ACCEPT)
 target prot opt source destination
 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
 ACCEPT icmp -- anywhere anywhere
 ACCEPT all -- anywhere anywhere
 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
 target prot opt source destination
 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
 target prot opt source destination

Another important command that will help to save the iptables configuration changes which we made. However, will not save the configuration changes and will lose the changes after restarting iptables/ machine.

Use the below command to save the rules changes which we made.

[root@server ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

or

[root@server ~]# iptables-save
# Generated by iptables-save v1.4.21 on Sun Oct 29 15:17:07 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [90:12391]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Oct 29 15:17:07 2017

Command to enable port in iptables. here we are going to enable port 80 for webserver(http) from outside to this server.

[root@server ~]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Command to enable port 80 to allow traffic from the server/firewall to outside in iptables.

[root@server ~]# iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT

also will enable the port to specific host in iptables. For this we can  -s  option to mention the hostname in the command like below.

enabling 80 port to allow the traffic from the node1 alone.

[root@server ~]# iptables -A INPUT -p tcp -s node1.lbcdomain.com --dport 80 -j ACCEPT

Same like above will enable the ports for specific network to limit the access. So that, traffic allowed from the machines which all are falls under this network.

[root@server ~]# iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 80 -j ACCEPT

 

Increasing LVM in xfs filesystem

We will see how to Increasing LVM in xfs filesystem in this post.

LVM is playing important role in Linux/Unix OS and it will help to increase/ reduce filesystem size in Linux/Unix OS.

We are going to see how to increase a filesystem in Linux/Unix especially in RHEL7 OS.

We can increase the filesystem in online and we no need to unmount the filesystem for this operation.

Steps to be followed in increasing filesystems:

First we need to check whether the free space available in the VG. if the required space available in the VG then will go head and extend simply using from step 4 to 6.

If there is no free space in VG, Follow the below steps.

  1. Create a filesystem and change the filesystem type from “Linux” to “Linux LVM”(8e is the id/Hex code for Linux LVM filesystem type)
  2. Create physical volume for that created filesystem.
  3. Extend the Volume Group by adding the the created PV in this VG. now you will get free/unused space in your VG. Use “vgs” command to check that.
  4. Now extend/increase the size of logical volume using “lvextend” command.
  5. Than run “xfs_growfs” command to shrink the filesystem
  6. Finally check the mount point size using “df -h <mountpoint>” and logical volume size using “lvs” command. Both size should be same after extending the filesystem as well.

In our case we are going to create a fileystem in existing physical disk unused space and than will create PV, vgextend and lvextend likewise.

Using below command will check the free spcae in our physical disk

[root@localhost ~]# df -h /dev/sdb
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.4G 0 1.4G 0% /dev

we have nearby 2GB space in existing disk.

Use below commands to create a filesystem:

[root@localhost ~]# fdisk /dev/sdb

use “n” key to create new partition and provide the required details to create it.

Use “t” key to change the filesystem type from “Linux” to “Linux LVM”

Below command will help us to check whether the filesystem created perfectly and change filesystem type. Here “/dev/sdb2” is theone which we created and changed filesystemtype.

Click here to know how to create a filesystem/partition in linux/unix

[root@localhost ~]# fdisk -l /dev/sdb

Disk /dev/sdb: 8589 MB, 8589934592 bytes, 16777216 sectors
 Units = sectors of 1 * 512 = 512 bytes
 Sector size (logical/physical): 512 bytes / 512 bytes
 I/O size (minimum/optimal): 512 bytes / 512 bytes
 Disk label type: dos
 Disk identifier: 0x1f51ec05

Device Boot Start End Blocks Id System
 /dev/sdb1 2048 12584959 6291456 8e Linux LVM
 /dev/sdb2 12584960 16777215 2096128 8e Linux LVM

Now create physical volume using below command:

[root@localhost ~]# pvcreate /dev/sdb2
 Physical volume "/dev/sdb2" successfully created.

As next step we need to extend the VG by adding the created PV in our VG.

Before that check the size and free size of our VG like below.

[root@localhost ~]# vgs
 VG #PV #LV #SN Attr VSize VFree
 newvg 2 2 0 wz--n- 11.50g 516.00m

Extend the newvg using below command:

And check the VG size and free space after extending the VG.

[root@localhost ~]# vgextend newvg /dev/sdb2
 Volume group "newvg" successfully extended
 [root@localhost ~]# vgs
 VG #PV #LV #SN Attr VSize VFree
 newvg 3 2 0 wz--n- 13.50g 2.50g

Now we have 2.5GB free space. SO, we are going to use this free spave to extend the LV.

Use lvs command to check avilabe LV’s and find the LV name which we are going to extend now.

[root@localhost ~]# lvs
 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 lv1 newvg -wi-ao---- 4.00g
 lv2 newvg -wi-a----- 7.00g

Here we are going to extend lv1

Use below command to extend the LV1:

[root@localhost ~]# lvextend -L +2G /dev/newvg/lv1
 Size of logical volume newvg/lv1 changed from 4.00 GiB (1024 extents) to 6.00 GiB (1536 extents).
 Logical volume newvg/lv1 successfully resized.

And shrink the filesystem using below command:

[root@localhost ~]# xfs_growfs /dev/newvg/lv1

Finally check the mountpoint size and lv1 size using below command. Both should be same after extending the size.

[root@localhost ~]# df -h /lvolume1
 Filesystem Size Used Avail Use% Mounted on
 /dev/mapper/newvg-lv1 6.0G 33M 6.0G 1% /lvolume1
[root@localhost ~]# lvs /dev/newvg/lv1
 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 lv1 newvg -wi-ao---- 6.00g

size replicating in both check.

Successfully we extend the LV size.

 

 

 

Reducing LVM xfs format filesystem

 

In this post we are going to see Reducing LVM xfs format filesystem.

Reducing LV size on xfs fileystem is little different from reducing LV size on etx4/3/2 fileystem’s.

Follow the below steps to perform this:

1. As first step take data backup using xfsdump

2. Then unmount the fileysystem

3. Now shrink the logical volume to the required size using lvreduce command.

4. Format the filesystem using xfs format.

Note: While we reducing size over etx4/3/2 filesystems, will use resize2fs command to shrink instead of formating. So, we no need to take data backup while using etx4/3/2 filesystem for LVM.

5. Mount the filesystem again.

6. Now finally restore the data using xfsrestore command.

LVM details are below:

VG Name: newvg

LV’s: lv1, lv2. Going to use lv2 for this lab.

Use lvs command to check the size of existing LV’s

[root@localhost ~]# lvs
 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 lv1 newvg -wi-ao---- 6.00g
 lv2 newvg -wi-a----- 7.00g

lv2 has been mounted under /lvolume2 mount point. Now take the backup of /lvolume2 under /tmp filesystem like below.

[root@localhost ~]#xfsdump -f /tmp/lv2.dump /lvolume2

Now unmount the filesystem using below command:

[root@localhost ~]# umount /lvolume2

Reduce or shrink the size to required size using lvreduce command:

In below example we are going to reduce the lv2 filesystem size from 7Gb to 6GB.

[root@localhost ~]# lvreduce -L -1G /dev/newvg/lv2
 WARNING: Reducing active logical volume to 6.00 GiB.
 THIS MAY DESTROY YOUR DATA (filesystem etc.)
 Do you really want to reduce newvg/lv2? [y/n]: y
 Size of logical volume newvg/lv2 changed from 7.00 GiB (1792 extents) to 6.00 GiB (1536 extents).
 Logical volume newvg/lv2 successfully resized.

Now format the filesystem using below command:

[root@localhost ~]#mkfs.xfs -f /dev/newvg/lv2

Mount the filesystem again into the /lvolume2

[root@localhost ~]#mount /dev/newvg/lv2 /lvolume2

Finally restore the backup data

[root@localhost ~]#xfsrestore -f /tmp/lv2.dump /lvolume2

 

Reference: yallalabs

sed command in Unix/Linux

We are going to see how to use sed command in Unix/Linux

SED – Stream Editor This is doing maximum operation over the file like insert, delete, search and replace the word or a character. mostly its used to find and replace operation in Linux/Unix environment.

Note: Once executed sed command, the output will be changed as per your requirement and original file remain the same.

Substituting or replacing string in a file using sed:

Mostly we are using sed to replace the string in a file. Use the below command to change a string. Here I am going to change platform as technology and I will use the below mentioned same file in all the examples.

[root@localhost ~]# cat > sed.txt
Linux is more secure and opensource operating system and Linux is low cast.
Multiuser is available in Linux and Linux is powerful OS.
Linux is the current and future OS in administration.

The command for substituting and replacing string in above file:

[root@localhost ~]# sed `s/Linux/Unix/` sed.txt
Unix is more secure and opensource operating system and Linux is low cast.
Multiuser is available in Unix and Linux is powerful OS.
Unix is the current and future OS in administration.

 

Command to change the nth occurrence of the string/pattern in a line:

Below command will change the nth string/pattern in line and we are going to change the second string.

[root@localhost ~]# sed 's/Linux/Unix/2' sed.txt
Linux is more secure and opensource operating system and Unix is low cast.
Multiuser is available in Linux and Unix is powerful OS.
Linux is the current and future OS in administration.

 

Command to  change the string/pattern which is matching to our string in a file:

Command will change all the string which matching to our given string/pattern in a file and we need to use  option for this.

[root@localhost ~]# sed 's/Linux/Unix/g' sed.txt
Unix is more secure and opensource operating system and Unix is low cast.
Multiuser is available in Unix and Unix is powerful OS.
Unix is the current and future OS in administration.

 

Command to change nth occurrence of all the line in a file which matching to our given string/pattern:

This command will change all the nth occurrence in all the lines.

[root@localhost ~]# sed 's/Linux/Unix/2g' sed.txt
Linux is more secure and opensource operating system and Unix is low cast.
Multiuser is available in Linux and Unix is powerful OS.
Linux is the current and future OS in administration.

g is the key to change the occurrence globally in a file and here we are mentioning which occurrence have to be changed in a file which we mentioned as 2.

Command to set parenthesize first letter of all the characters in a line:

[root@localhost ~]# sed 's/\(\b[A-Z]\)/\(\1\)/g' sed.txt
(L)inux is more secure and opensource operating system and (L)inux is low cast.
(M)ultiuser is available in (L)inux and (L)inux is powerful (O)S.
(L)inux is the current and future (O)S in administration.

 

Here all the capital letters are taken as a first word and parenthesize has been set.

Command to replace the string/pattern in specific line:

[root@localhost ~]# sed '3 s/Linux/Unix/' sed.txt
Linux is more secure and opensource operating system and Linux is low cast.
Multiuser is available in Linux and Linux is powerful OS.
Unix is the current and future OS in administration.

Command to duplicate/print the modified line again:

Below command will print the modified line two times.

[root@localhost ~]# sed 's/Linux/Unix/p' sed.txt
Unix is more secure and opensource operating system and Linux is low cast.
Unix is more secure and opensource operating system and Linux is low cast.
Multiuser is available in Unix and Linux is powerful OS.
Multiuser is available in Unix and Linux is powerful OS.
Unix is the current and future OS in administration.
Unix is the current and future OS in administration.

 

Command to display/print the modified line alone:

in below example we are going to change the string in second line and will display the second line alone because its modified. We should use -n option along with /p tag in sed command.

[root@localhost ~]# sed -n '2 s/Linux/Unix/p' sed.txt
Multiuser is available in Unix and Linux is powerful OS.

 

Command to replace string/pattern in range of lines:

Command will replace the first occurrence in 2 and 3rd line.

[root@localhost ~]# sed '2,3 s/Linux/Unix/' sed.txt
Linux is more secure and opensource operating system and Linux is low cast.
Multiuser is available in Unix and Linux is powerful OS.
Unix is the current and future OS in administration.

 

Command to replace all the occurrence in rage of lines:

in below command string will be replaced in 2 and 3rd lines of all occurrence.

[root@localhost ~]# sed '2,$ s/Linux/Unix/g' sed.txt
Linux is more secure and opensource operating system and Linux is low cast.
Multiuser is available in Unix and Unix is powerful OS.
Unix is the current and future OS in administration.

 

Installing Puppet in RHEL7/ Cent OS 7

Will see Installing Puppet in RHEL7/ Cent OS 7

Nowadays all the administration tasks are rapidly moving to automation and its reducing manpower, cost and time. It’s mandatory to learn any one of the scripting and anyone of automation tool for system administrators at this situation.  Automating tasks in server end is very critical and most important one.  There are lots of tools available for automation. Here we are going to see the puppet.

What is puppet?

It’s an open source tool and developed by puppet labs for Linux/Unix/Mac and Windows machines. Puppet is written in Ruby language and its mostly used for automating jobs in the server and automating the jobs from the server to clients.

Features:

To avoid duplication of work.

Powerful framework

Mature tool

System administrator tasks simplify.

To make speed and repeated changes automatically.

To maintain system consistency and integrity

Very easy to manage vm, cloud and physical machines.

Enabling EPEL repository and dependencies for installation:

System time should be set as accurately on server, which is going to act as master chef server. So, set the time in your server.

Make sure that both the master and agent server should resolev the hostnames. So, make an entry in /etc/hosts file.

once time fixed will enable EPEL repository by using below command.

RHEL7/ Cent OS 7:

[root@server init.d]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-releas e-latest-7.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.yXngEr: Header V3 RSA/SHA256 Signature, key ID 352c64e 5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
 1:epel-release-7-10 ################################# [100%]

List the EPEL Repository Packages :

[root@server init.d]# yum --disablerepo=* --enablerepo=epel list

Now to have puppet ready setup, have to use apache with passanger. To get that, download and place the repo file in /etc/yum.repos.d/

[root@server init.d]# curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo

To setup puppet master/node now we need to enable the puppet lab repository and dependencies and run it on both master and agent servers.

[root@server init.d]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Preparing... ################################# [100%]
 package puppetlabs-release-22.0-2.noarch is already installed

 

Installing Puppet:

Use the below command to install Puppet server. This will install init script (/etc/init.d/puppetmaster) to run a test-quality puppet master server.

[root@server ~]# yum install puppet-server

Installed:
 puppet-server.noarch 0:3.8.7-1.el7

Dependency Installed:
 facter.x86_64 1:2.4.6-1.el7 hiera.noarch 0:1.3.4-1.el7 libselinux-ruby.x86_64 0:2.5-6.el7 libyaml.x86_64 0:0.1.4-11.el7_0
 puppet.noarch 0:3.8.7-1.el7 ruby.x86_64 0:2.0.0.648-29.el7 ruby-augeas.x86_64 0:0.4.1-3.el7 ruby-irb.noarch 0:2.0.0.648-29.el7
 ruby-libs.x86_64 0:2.0.0.648-29.el7 ruby-shadow.x86_64 1:2.2.0-2.el7 rubygem-bigdecimal.x86_64 0:1.2.0-29.el7 rubygem-io-console.x86_64 0:0.4.2-29.el7
 rubygem-json.x86_64 0:1.7.7-29.el7 rubygem-psych.x86_64 0:2.0.0-29.el7 rubygem-rdoc.noarch 0:4.0.0-29.el7 rubygems.noarch 0:2.0.14.1-29.el7

Complete!

Now we need to configure the puppet master/agent architecture.  in our case this node going to work as master server. So, edit /etc/puppet/puppet.conf file and change the dns_alt_names.

[root@server ~]# vi /etc/puppet/puppet.conf
[main]
 dns_alt_names=server,server.lbcdomain.com
 certname=server.lbcdomain.com

Save and exit from the file.

Run the below command to create puppet master certificate:

[root@server ~]# puppet master --verbose --no-daemonize

Once received “Notice: Starting Puppet master version 3.8.7” press ctrl+c to kill the process.

Now will configure Web server:

Puppet comes with basic web server. In production basically will not use this web server. Before managing nodes by puppet master server, will configure web server first.

[root@server ~]# yum -y install httpd httpd-devel mod_ssl ruby-devel rubygems gcc gcc-c++ pygpgme curl

Now install passenger and apache module:

[root@server ~]# yum install -y mod_passenger

create parent, public and tmp  directories for the application. Copy the ext/rack/config.ru from the puppet source code into the parent directory and set ownership as puppet to the directory.

[root@server ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[root@server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
[root@server ~]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
[root@server ~]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru

Create configuration file to add virtual host for puppet.

[root@server ~]# vi /etc/httpd/conf.d/puppetmaster.conf

make the below entries in virtual host file.

[root@server ~]# vi /etc/httpd/conf.d/puppetmaster.conf
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120

Listen 8140

<VirtualHost *:8140>
        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
        SSLHonorCipherOrder     on

        SSLCertificateFile      /var/lib/puppet/ssl/certs/server.lbcdomain.com.pem
        SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/server.lbcdomain.com.pem
        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
        SSLCACertificateFile   /var/lib/puppet/ssl/ca/ca_crt.pem
        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.
        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify 'SSLCARevocationCheck chain' to actually use the CRL.
        # SSLCARevocationCheck chain
        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData

        # This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For

        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

         DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>  

Now restart the apache service.

[root@server ~]# systemctl restart httpd

Enable apache and disable puppet to autostart while booting.

[root@server ~]# systemctl disable puppet.service
[root@server ~]# systemctl enable httpd.service

Now enable puppet listening port in firewall:

Port: 8140

[root@server ~]# firewall-cmd --zone=public --add-port=8140/tcp --permanent
[root@server ~]# firewall-cmd --reload

 

Now install puppet on Node machines:

before starting puppet agent installation have to configure yum repository same like master server.

Command to install puppet:

[root@client ~]# yum -y install puppet

Make master puppet server details in puppet configuration file like below.

[root@node ~]# vi /etc/puppet/puppet.conf

[agent]
server = server.lbcdomain.com

Now start puppet service in node machine and enable it to start automatically while booting in this run level.

[root@client ~]# systemctl start puppet
[root@client ~]# systemctl enable puppet

Now signin puppet agent node machine certificate in puppet master server:

Agent node will request certificate on first time they attempt to run.

Login and execute the below command in master puppet server.

[root@server ~]# puppet cert list

"node.lbcdomain.com" (SHA256) D4:88:EC:C5:0A:F7:5D:4E:32:C5:B3:61:E0:51:7B:0C:CD:B3:49:9E:68:0B:E7:5D:75:19:1D:0B:92:8A:E7:C1

Run the below command to sign the cert sign

[root@server ~]# puppet cert sign node.lbcdomain.com

Notice: Signed certificate request for node.lbcdomain.com
Notice: Removing file Puppet::SSL::CertificateRequest node.lbcdomain.com at '/var/lib/puppet/ssl/ca/requests/node.lbcdomain.com.pem'

Run below command in puppet agent node machine to verify the certificate.

[root@client ~]# puppet agent -t

Info: Caching certificate for node.lbcdomain.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for node.lbcdomain.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node.lbcdomain.com
Info: Applying configuration version '1445401911'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.09 seconds

Finally we completed puppet master and agent configuration successfully.

 

SSH Authentication in RHEL7/ Cent OS 7

In this post will see how  to enable SSH Authentication in RHEL7/ CentOS 7

SSH authentication will help us to log in a server/node without a password.
here we have two servers

server.lbcdomain.com : 192.168.43.226
node2.localdomain.com : 192.168.43.67

Now we need to install the OpenSSH packages using the command on both the servers.

[root@server ~]# yum -y install openssh

Now we need to start and enable the service permanently in this run level.

[root@server ~]# systemctl enable sshd.service

[root@server ~]# systemctl start sshd.service

Then need to edit /etc/ssh/sshd_config file and change if Password authentication is set as No to yes

[root@server ~]# vi /etc/ssh/sshd-config

then change the below

PasswordAuthentication No

Then save and exit from the file.

This is the right time to generate the key pair using command

Press Enter to confirm the default path (/home/root/.ssh/id_rsa)and the file name for RSA keys.

Next, for passphrase press enter to leave it blank.

After that, you will receive a message that mentioned RSA key pairs details.

[root@server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh/id_rsa):
Created directory '/home/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/root/.ssh/id_rsa.
Your public key has been saved in /home/root/.ssh/id_rsa.pub.
The key fingerprint is:
d5:44:c4:ef:ef:49:ff:fe:e0:06:ed:d3:0e:71:e4:08 sshuser1@server
The key's randomart image is:
+--[ RSA 2048]----+
| ++ |
| o. |
| . E. .|
| . ..+ |
| S oo o|
| . oo |
| oo+ |
| .=o=|
| ..*X|
+-----------------+


[sshuser1@server root]$ cd ~/.ssh/
[sshuser1@server .ssh]$ ls
id_rsa id_rsa.pub

We generated keys above and we should copy the public key to the remote server which we need to allow to access this server without password

use the command to copy the public key

#ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

Now open /etc/ssh/sshd_config file in node2 server and make the below changes.

PasswordAuthentication no

save and exit from the file.

Now restart the sshd service on both the servers

RHEL7:
 systemctl restart sshd

RHEL6: 
service sshd restart

We almost completed the ssh authentication. To test this connection will try to log in from server.lbcdomain.com to node2.lbcdomain.com server using ssh

#ssh [email protected]