Red Hat Certified System Administrator (RHCSA) 자격증을 취득하기 위한 랩 환경에 대해서 알아보겠습니다. RHCSA 자격증은 리눅스 시스템 관리자로의 경력을 증명하는 데 도움을 주는 중요한 자격증 중 하나입니다. 아래에서는 RHCSA 랩 환경에서 수행할 수 있는 몇 가지 기본 실습을 안내하겠습니다.

Red Hat EX200 RHCSA training LAB 가상 머신 환경 설정

목차

RHCSA 시험을 준비하기 위해 가상 환경을 설정하는 것이 좋습니다. 가상화 플랫폼인 VirtualBox 또는 VMware를 사용하여 CentOS 또는 RHEL (Red Hat Enterprise Linux) 가상 머신을 생성합니다.

locale 및 LANG 정보 확인 및 설정

server.example.com, desktop.example.com, classroom.example.com
# locale -a
# localectl
# localectl list-locales
# localectl set-locale LANG=en_US.utf8
# localectl set-locale LANG=ko_KR.utf8
# vi /etc/locale.conf (변경 방법2 or) LANG=ko_KR.euckr
# yum lang available
# yum lang list
# yum lang install ko

SSH 키 기반 인증 확인

# desktop$ ssh-keygen
# desktop$ cd ./.ssh/ ; ls id_rsa id_rsa.pub
# desktop$ ssh-copy-id student@server
# server$ vim /etc/ssh/sshd_config
PasswordAuthentication no (ssh key 없는 사용자는 로그인 불가)
# server$ cd ./.ssh/ ; ls authorized_keys

"이 포스팅은 쿠팡 파트너스 활동의 일환으로, 이에 따른 일정액의 수수료를 제공받습니다."

sudo 권한 부여

# sudo, /etc/sudoers

# systemctl poweroff,
# systemctl reboot,
# systemctl halt
(poweroff, reboot, halt 역호환성을 위해 심볼릭 링크로 남아 있음)
# systemctl isolate multi-user.target (run-level 3),
# systemctl isolate graphical.target (run-level 5),
# systemctl get-default, systemctl set-default multi-user.target
거의 아무 서비스도 실행하지 않고 구성을 변경할 수 있는 복구 쉘로 시스템을 부팅하려면
# system.unit=rescue.target (run-level 1)
재부팅 후 부트로더 카운트 중단 => e 키를 눌러 편집
=> linux16으로 시작하는 행(커널 명령줄) End 키로 마지막에 system.unit=rescue.target 추가
=> Ctrl + x 키로 변경 사항을 적용하여 부팅 => who -r 현재 상태 확인
=> systemctl set-default graphical.target 변경 후 Ctrl+d 키로 전환

계정 암호정책

# vi /etc/login.defs
# chage -l user01, chage -M 30 -m 1 user01
# chage -E $(date +%Y-%m-%d -d +90days) user01 (90일 후 계정 만료)
# chage -d 0 user01 (첫 로그인 시 암호 변경)

디스크 파티션 정보 사전 확인

주파티션(부팅가능,최대4개), 확장파티션(논리파티션을 생성을 위한 공간),
논리파티션(부팅불가능,확장파티션내에생성가능)

1. RHCSA training LAB Recover the root password

 set the password as "redhat" on a given virtual machine.

재부팅 후 부트로더 카운트 중단 => e 키를 눌러 편집
=> linux16으로 시작하는 행(커널 명령줄) End 키로 마지막에 rd.break 추가
=> Ctrl + x 키로 변경 사항을 적용하여 부팅
switch_root# mount
switch_root# mount -o remount,rw /sysroot
switch_root# chroot /sysroot
sh-4.2# echo “redhat”|passwd –stdin root (or passwd root)
sh-4.2# touch /.autorelabel
sh-4.2# exit
switch_root# exit
logout (자동 재부팅 진행)
# init 5 (or startx or systemctl isolate graphical.target) (X 윈도우 모드로 전환)
# systemctl set-default graphical.target

2. Change given virtual machine IP Address (Static) as mentioned below

 -HOSTNAME: desktop.example.com
 -IP: 192.168.2.47
 -Subnet: 255.255.255.0
 -Gateway: 192.168.2.2
 -DNS: 192.168.2.43
 -DNS Search: arkit.lab.local

# nmtui (or GUI)
or
# nmcli g(eneral)
# nmcli general hostname desktop.example.com (nmcli g h)
(or hostnamectl set-hostname desktop.example.com or vi /etc/hostname)
# nmcli device status (nmcli d s)
# nmcli device show eth0
# nmcli connection add con-name eth0 ifname eth0 type ethernet \
ipv4.addresses “10.10.10.20/24” ipv4.gateway 10.10.10.1
# nmcli connection modify eth0 ipv4.dns 168.126.63.1 ipv4.method manual
# nmcli connection modify eth0 connection.autoconnect yes
# nmcli connection modify eth0 ipv4.dns-search arkit.lab.local
# systemctl restart network

3. user 생성

users = harry, natasha, sarah
second group = admin
password = redhat
sarah = 로그인 쉘 차단

# groupadd admin
# useradd -G admin harry
# useradd -G admin natasha
# useradd -G admin -s /sbin/nologin sarah
# echo “redhat” | passwd –stdin harry ; id harry
# echo “redhat” | passwd –stdin natasha ; id natasha
# echo “redhat” | passwd –stdin sarah ; id sarah
# cat /etc/group ; cat /etc/passwd
*추가 system-config-users

4. SELinux 설정

enforcing -> disabled 영구설정

# sestatus (or getenforce)
# setenforce 0 (setenforce 1)
# vi /etc/selinux/config (원본) (or /etc/sysconfig/selinux(링크))
SELINUX=disabled
# reboot
*추가 getsebool -a

5. Create a catalog under /home named admins. Its respective group is requested to be the

admin group. The group users could read and write, while other users are not allowed to
access it. The files created by users from the same group should also be the admin group.

# chown .admin /home/admins
# chmod 2770 /home/admins
(or chmod g=rwx,o=—,g+s /home/admins)
# ls -ld /home/admins

6. Configure a task: plan to run echo hello command at 14:23 every day.

 매일 14시 35분에 harry 유저가 Hello 출력

# which echo
# crontab -e -u harry (or crontab -eu harry)
35 14 * * * /bin/echo Hello
# crontab -l -u harry (or crontab -lu harry)
# systemctl status crond
# ls /var/spool/cron
# tail /var/log/cron

7. Find the files owned by harry, and copy it to catalog: /tmp/harry

# mkdir /tmp/harry
# find / -user harry -exec cp -apR {} /tmp/harry/ \;

추가 -perm -6000 => set-uid와 set-gid가 동시에 갖는 퍼미션을 찾는다
-perm +6000 => set-uid와 set-gid중 둘 중 하나 이상의 퍼미션 값을 가진 것을 찾는다.
-type l => 심볼릭 링크, -type d => 현재 디렉토리에 있는 모든 하위 디렉토리를 찾는다

8. grep 명령 활용

/etc/fstab 파일에서 swap 문자열 찾아 /tmp/swap/fstab.txt 파일로 복사

# mkdir /tmp/swap
# grep swap /etc/fstab > /tmp/swap/fstab.txt

9. ACL 설정

/etc/fstab 파일을 /tmp/acl에 복사
/tmp/acl/fstab
=> admin 그룹만 액세스 가능
=> natasha 계정은 읽기, 쓰기, 실행 권한
=> harry 계정은 모든 권한 불가능
=> tom 계정은 /tmp/acl 디렉토리에 접근 불가
=> 기타 계정은 읽기만 가능

# mkdir /tmp/acl
# cp -ap /etc/fstab /tmp/acl/fstab
# chgrp admin /tmp/acl/fstab
# chmod o=r– /tmp/acl/fstab
# setfacl -m u:natasha:rwx /tmp/acl/fstab
# setfacl -m u:harry:— /tmp/acl/fstab
# setfacl -R -m d:u:tom:— /tmp/acl
# getfacl /tmp/acl/fstab

*추가 : /tmp/acl 디렉토리의 admin 그룹 기본 퍼미션 rw- 설정
# setfacl -R -m d:g:admin:rw- /tmp/acl

10. User 생성2

user = tom
uid = 1234
password = redhat

# useradd -u 1234 tom
# echo “tom”|passwd –stdin tom (or passwd tom)
# id tom

11. NTP 서버 시간 동기화

url = time.bora.net

# rpm -qa|grep chrony
# yum install chrony -y (or yum install system-config-date -y)
# vi /etc/chrony.conf
server time.bora.net iburst
# systemctl enable chronyd
# systemctl restart chronyd
# chronyc sources -v
# timedatectl (timedatectl set-ntp true)

  • 기타 tzselect, timedatectl set-timezone Asia/Seoul

12. Create archive of /opt/dir to /tmp/dir.tar.gz

# tar -cvfpz dir.tar.gz /opt/dir (tar -tvf dir.tar.gz)

*추가 : bzip2 압축
# tar cvfpj dir.tar.bz2 /opt/dir (tar -tvf /var/tmp/tmp.tar.bz2)

13. Create a 2G swap partition which take effect automatically at boot-start,

  and it should not affect the original swap partition.

# free -m
# fdisk -l ; lsblk
# fdisk /dev/sda
p -> n -> e -> 6 enter -> +500M enter -> p -> t enter -> l enter -> 82 -> p -> w
# partprobe (재부팅 없이 커널에 파티션 테이블 변경사항 적용, lsblk)
# partx /dev/vda (파티션 테이블 정보 확인)
# mkswap /dev/sda6 (스왑 공간으로 초기화, UUID 확인)
# blkid /dev/sda6 (새 스왑 파티션의 UUID 확인)
# echo “UUID=blkid swap swap defaults 0 0” >> /etc/fstab
or echo “/dev/sda6 swap swap pri=1 0 0” >> /etc/fstab
# swapon -a (or swapon /dev/sda6 스왑공간 활성화)
# swapon -s (스왑공간 활성화 확인)
# free -m

14. Make your system as yum client to the URL http://mirror.centos.org/centos/7/os/x86_64/

# yum-config-manager –add-repo=”http://mirror.centos.org/centos/7/os/x86_64/”
# cd /etc/yum.repos.d/
# vi base.repo
[base]
name=base
baseurl=http://mirror.centos.org/centos/7/os/x86_64/
enabled=1
gpgcheck=0
# yum clean all
# yum repolist
*추가 yum list, yum group list, yum search, yum info, yum provides, yum install, yum update, yum remove

15. Kernel Update

url = http://mirror.centos.org/centos/7/os/x86_64/

# uname -a (or uname -r)
# yum-config-manager –add-repo=”http://mirror.centos.org/centos/7/os/x86_64/”
# cd /etc/yum.repos.d
# vi update.repo
[update]
name=update
baseurl=http://mirror.centos.org/centos/7/os/x86_64/
enabled=1
gpgcheck=0
# yum clean all
# yum repolist
# yum-config-manager –enable
# yum list kernel (or uname -r or uname -a)
# yum update kernel -y
# systemctl reboot
# uname -a (or uname -r)
# grub2-editenv list (확인)
# grep “CentOS Linux” /etc/grub2.cfg
# grub2-set-default “CentOS Linux” (“” 커널이 부팅 시 기본 커널로 지정)
# grub2-mkconfig -o /boot/grub2/grub.cfg

*추가 uname -r ; wget http://server.domainX.example.com/pub/updates/kernel.rpm
rpm -ivh kernel.rpm
reboot (재부팅 후 uname -r)

16. Make your system LDAP Client.

  (Configure autofs and ldap authentication using the below settings.
   -Ldap Server: ipa.mygsdlabs.local
   -Search base DN: dc=mygsdlabs,dc=local
   -TLS certificate location: ftp://ipa.mygsdlabs.local/pub/ca.crt
   -Location of the Home directory: ipa.mygsdlabs.local/home/nfsshare)
   LDAP 인증

# yum install sssd krb5-workstation authconfig-gtk -y (or yum groupinstall directory-client)
# authconfig-gtk (or authconfig-tui)
# cd /etc/openldap/cacerts/
# wget ftp://ipa.mygsdlabs.local/pub/ca.crt
# getenforce
# restorecon ca.crt
# getent passwd ldapuser
# su – ldapuser (or ssh ldapuser@localhost)

17. ldapuser autofs 구성

NFS url = server.example.com
ldapuser home = /home/guests/ldapuser

# rpcinfo -p server.example.com
# showmount -e server.example.com
# yum install autofs nfs-utils -y

# vi /etc/auto.master (간접)
/home/guests /etc/auto.guests
# vi /etc/auto.guests

  • -rw,sync,vers=3 server.example.com:/home/guests/&
    or
    # vi /etc/auto.master.d/indirect.autofs (간접)
    /home/guests /etc/auto.indirect
    # vi /etc/auto.indirect
  • -rw,sync server.example.com:/home/guests/&
    or vi /etc/auto.master.d/direct.autofs (직접) /- /etc/auto.direct vi /etc/auto.direct /ldapuser -rw,sync server:/home/guests/ldapuser systemctl enable autofs systemctl start autofs su – ldapuser ( cat /etc/passwd 홈디렉토리 사전확인 )
  • * 참고 : NFS서버단에서 iptables -F 필요

18. Create LVM as project1 with ext4 file system of 20 physical extend of 32MiB size

  for a volume group eng and mount it on /redhat

# lsblk
# fdisk /dev/sda
p -> n -> e -> enter -> +800M -> t -> 8e -> p -> w
# partprobe (전후사용 lsblk)
# pvcreate /dev/sda6 /dev/sda7 ; pvs
# vgcreate -s 32M eng /dev/sda6 /dev/sda7 ; vgs (default : -s 4M)
# vgdisplay
# lvcreate -l 20 -n project1 eng ; lvs
# mkfs -t ext4 /dev/eng/project1 (or mkfs.ext4 /dev/eng/project1)
# mkdir /redhat
# blkid /dev/eng/project1
# vi /etc/fstab
UUID=”blkid” /redhat ext4 defaults 0 1
(or /dev/eng/project1 /redhat ext4 defaults 0 0)
# mount -a ; mount (검증 및 확인)
# df -Th
# lvdisplay /dev/eng/project1

19. VG 확장, VG 축소, LV 확장

- VG 확장

# lsblk
# fdisk /dev/vdb 디스크 추가
# partprobe (전후사용 lsblk)
# pvcreate /dev/vdb4
# vgextend [vgname] /dev/vdb4

  • VG 축소 pvmove /dev/vdb4 vgreduce [vgname] /dev/vdb4 pvremove /dev/vdb4
  • LV 확장
    # vgextend eng /dev/sda7
    # vgs ; vgdisplay eng
    # lvextend -L +300M /dev/eng/project1 -r (ext4, xfs 동일)
    or
    # lvextend -L +300M /dev/eng/project1 (ext4)
    # resize2fs /dev/eng/project1
    or
    # lvextend -L +300M /dev/eng/project1 (xfs)
    # xfs_growfs /mnt/dir

20. GUI mode

# startx (or init 5 or systemctl isolate graphical.target)
# systemctl set-default graphical.target

21. Configure a HTTP server, which can be accessed through http://station.domain40.example.com.

  Please download the released page from http://ip/dir/example.html

# rpm -qa | grep httpd
# yum install httpd -y
# wget -O /var/www/html/index.html ftp://example.com/station.html
or
# cd /var/www/html ; wget http://ip/dir/example.html ; cp example.html index.html
# vim /etc/httpd/conf/httpd.conf
DocumentRoot /var/www/html/ ServerName station.domain40.example.com
# systemctl enable httpd
# systemctl restart httpd
# chkconfig httpd on
# curl http://localhost/index.html (검증)

22. Create Standard Partition 2GB in size and mount to /data, should be permanent.

  (Create a 2GB partition, make it as ext4 file system, mounted automatically 
  under /data and which take effect automatically at boot-start.)

# fdisk -l ; lsblk
# fdisk /dev/sdc
p -> n -> Enter -> Enter -> +2G -> p -> w
# partprobe /dev/sdc (전후사용 lsblk)
# mkfs.ext4 /dev/sdc1
# mkdir /data
# vi /etc/fstab
/dev/sdc1 /data ext4 defaults 0 0
mount -a
df -Th

23. Resize the LVM(/newpath) to 100MB (size maybe between 80MB to 130MB) ensure no data loss.

# df -Th
/dev/mapper/eng-project1 120M 1.6M 110M 2% /redhat
# umount /redhat
# e2fsck -f /dev/eng/project1
# lvreduce -L 100M /dev/eng/project1 -r
(or resize2fs /dev/eng/project1 100M ; lvreduce -L 100M /dev/eng/project1)

24. Download ftp://192.168.0.254/pub/boot.iso to /root, and mounted automatically

  under /media/cdrom and which take effect automatically at boot-start.

 # cd /root; wget ftp://192.168.0.254/pub/boot.iso
 # mkdir /media/cdrom 
 # vim /etc/fstab
 /root/boot.iso /media/cdrom iso9660 defaults,loop 0 0
 # mount -a

25. Configure the verification mode of your host account and the password as LDAP.

  And it can ldapuser40. The password is set as "password". 
  And the certificate login successfully through can be downloaded from http://ip/dir/ldap.crt. 
  After the user logs on , the user has no host directory unless you configure the autofs in the following questions.
  LDAP Server: ldap//instructor.example.com (In domain form, not write IP)

 # yum groupinstall directory-client (1.krb5-workstation 2.pam-krb5 3.sssd)
 # yum install authconfig-gtk sssd krb5-worksation -y (or yum groupinstall directory-client)
 # system-config-authentication (or authconfig-gtk or authconfig-tui)
 1. User Account Database: LDAP
 2. LDAP Search Base DN: dc=example,dc=com
 3. LDAP Server: ldap://instructor.example.com (In domain form, not write IP) 
 4. Download CA Certificate
 5. Authentication Method: LDAP password (커버로스 관련 내용 없다면)
 6. Apply
 # getent passwd ldapuser40
 # su - ldapuser40

26. Enable IP forwarding on your machine.

 # vi /etc/sysctl.conf
 net.ipv4.ip_forward=1
 # sysctl -p

마무리

이 내용은 과거 실습 내용으로 참고만 해 주시고 이러한 명령어와 주제에 대한 연습을 통해 RHCSA 자격증을 준비하는데 도움이 될 것입니다. 랩 환경에서 명령어를 실행하고 설정을 변경하면서 실습을 수행하세요. 또한 Red Hat의 공식 자료와 교재를 참고하는 것도 도움이 될 것입니다. RHCSA 시험을 통과하고 싶다면, 실습과 이론을 모두 잘 준비하는 것이 중요합니다.

댓글 달기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다

이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.

아마존 해외 구매: 서버, 네트워크, 노트북 구매

Amazon Best Sellers Servers

Amazon Best Sellers Networking

Amazon Best Sellers Laptops

위로 스크롤