(RHCSA) Deploy, Configure, and Maintain Systems

This is part of the independent and unofficial RHCSA Exam Study Guide series providing free 🤑 resources to prepare for the exam.

This post covers the objectives under the section:

“DEPLOY, CONFIGURE, AND MAINTAIN SYSTEMS”

It contains two main parts:

• Resources: with links to learn and practice for each objective.
• Cheatsheet: containing some examples of commands and actions performed in each objective (when applied).

📚 Resources:

SCHEDULE TASKS USING AT AND CRON

• 📌 RHCSA v8 Practice Session: Schedule tasks using at and cron – Part 1

• 📌 RHCSA v8 Practice Session: Schedule tasks using at and cron – Part 2

• 📌 24.1. Scheduling a Recurring Job Using Cron

• 📌 24.3. Scheduling a Job to Run at a Specific Time Using at

• 📌 24.2. Scheduling a Recurring Asynchronous Job Using Anacron

• 📌 Automate your Linux system tasks with cron

• 📌 How to allow only specific non-root user(s) to use crontab

• 📌 CentOS / RHEL : anacron basics (What is anacron and how to configure it)

• 📌 Cron Vs Anacron: How to Schedule Jobs Using Anacron on Linux

START AND STOP SERVICES AND CONFIGURE SERVICES TO START AUTOMATICALLY AT BOOT

• 📌 systemd on Linux 1: Intro and Unit Files

• 📌 systemd on Linux 2: systemctl commands

• 📌 RHCSA v8 Practice Session: Managing services and configuring services for automatic start

• 📌 Chapter 13. Introduction to systemd

• 📌 Chapter 14. Managing system services with systemctl

• 📌 Getting started with systemctl

• 📌 10 handy systemd commands: A reference

CONFIGURE SYSTEMS TO BOOT INTO A SPECIFIC TARGET AUTOMATICALLY

• 📌 RHCSA v8 Practice Session: Configure systems to boot into a specific target automatically

• 📌 Chapter 15. Working with systemd targets

• 📌 Boot systems into different targets manually – RHCSA Objective Preparation

CONFIGURE TIME SERVICE CLIENTS

• 📌 RHCSA v8 Practice Session: Configure time service clients

• 📌 Chapter 29. Using the Chrony suite to configure NTP

• 📌 Chapter 30. Using Chrony

• 📌 Manage NTP with Chrony

• 📌 How to Install and Use Chrony in Linux

• 📌 How to Set Time, Timezone and Synchronize System Clock Using timedatectl Command

INSTALL AND UPDATE SOFTWARE PACKAGES FROM RED HAT NETWORK, A REMOTE REPOSITORY, OR FROM THE LOCAL FILE SYSTEM

Attention: Before starting, it is recommended to set up a local repository using the Red Hat Enterprise Linux 8 installation ISO file:

• Add the RHEL 8 iso file as an image to Virtual Box (similar process to the virtualization tool of your choice):

  • 📌 How to add ISO images to VirtualBox 6

• Mount locally a repository from the ISO image:

  • mount -o ro /dev/sr0 /mnt ➡ mount iso image to /mnt drive (find the device name if not /dev/sr0).

  • /dev/sr0 /mnt iso9660 ro 0 0 ➡ on /etc/fstab/, mounts the iso image at system startup.

  • create /etc/yum.repos.d/local.repo file ➡ to install a local repository.

    [BaseOS]
    name=BaseOS
    baseurl=file:///mnt/BaseOS
    gpgcheck=0
    enabled=1
    
    [AppStream]
    name=AppStream
    baseurl=file:///mnt/AppStream
    gpgcheck=0
    enabled=1
    

Done!

• 📌 RHCSA v8 Practice Session: Install and update software packages – Part 1

• 📌 RHCSA v8 Practice Session: Install and update software packages – Part 2

• 📌 Chapter 12. Managing software packages

• 📌 Beginners Guide to Linux Software Management with RPM

• 📌 yum & dnf Explained for Beginners!

• 📌 DNF Command Examples For Beginners

• 📌 25 Useful DNF Command Examples For Package Management In Linux

• 📌 How to add a Yum repository

• 📌 Create an FTP-based YUM/DNF repository on Red Hat Enterprise Linux 8 (Follow along until the end of “Step 5: Test and verify your local repository”. In the RHCSA exam, you may be required to set up a local repository from the Red Hat Enterprise Linux (RHEL) installation ISO file.)

• 📌 How to query files, packages, and repositories in Linux

• 📌 RPM command examples to query, install, remove and upgrade packages

• 📌 How to query packages information with the rpm package manager

WORK WITH PACKAGE MODULE STREAMS

• 📌 RHCSA v8 Practice Session: Work with package module streams

• 📌 Chapter 2. Distribution of content in RHEL 9

• 📌 4.6. Listing available modules

• 📌 5.3. Installing modular content

• 📌 5.5. Setting module default streams

• 📌 8.3. Removing installed modular content

• 📌 Chapter 11. Managing versions of application stream content

• 📌 Introduction to Application Streams in Red Hat Enterprise Linux

MODIFY THE SYSTEM BOOTLOADER

• 📌 Understanding the Linux Boot Process - CompTIA Linux+, LPIC-1

• 📌 Linux Booting Process Steps - RHEL 8

• 📌 An introduction to the Linux boot and startup processes

• 📌 Understanding CentOS/RHEL 8 Boot Process

• 📌 BIOS and UEFI As Fast As Possible

• 📌 What is UEFI

• 📌 RHCSA v8 Practice Session: Modify the system bootloader

• 📌 An introduction to GRUB2 configuration for your Linux machine

• 📌 Chapter 26. Working with GRUB 2 (see until the end of item “26.5. Customizing the GRUB 2 Configuration File”)

• 📌 26.10. Terminal Menu Editing During Boot

• 📌 How to update GRUB2 using grub2-editenv and grubby in RHEL 8 Linux

• 📌 12 practical grubby command examples (cheat sheet)

📑 Cheatsheet:

SCHEDULE TASKS USING AT AND CRON

• See examples and references at man crontab and man -s 5 crontab, also, see the cheatsheet at /etc/crontab file.

• Add 0 */2 * * mon-fri user1 backup.sh to /etc/crontab file ➡ run backup.sh shell script as user1 every 2nd hour at minute 0, every day-of-week.

• crontab -e ➡ open current user’s crontab file (no need to specify user for the cron job, file will be saved as /var/spool/cron/user1).

• Create /etc/crond.d/verify-backup file ➡ cron will read and run the jobs as specified in the file.

  # Run verify-backup.sh script everyday, twice a day.
  0 */12 * * * user1 verify-backup.sh
  

• Add user2 to /etc/cron.deny file ➡ to block crontab access for user2.

• Schedule a one time task using at:

  • at now + 5 hours ➡ start at prompt, deliberating the time to run.
  • Type echo "task completed by at >> /tmp/at-test.txt" ➡ to define a test task.
  • Press CTRL + d ➡ to exit the at prompt.

• atq ➡ lists the user’s pending job.

• at -c 4 ➡ cat job 4 to standard output.

• atrm 4 ➡ removes job 4 from the queue.

• cat /var/log/cron ➡ verify the log file for cron and at.

• Add 7 5 remove_obsolete_pkgs dnf autoremove to /etc/anacrontab file ➡ once a week, run dnf autoremove, delaying 5 mins to begin.

• anacron ➡ manually run all jobs scheduled in /etc/anacrontab.

• Each entry in /etc/anacrontab generates a file in /var/spool/anacron with it’s execution date.

• journalctl -g anacron ➡ check logs for the word anacron.

START AND STOP SERVICES AND CONFIGURE SERVICES TO START AUTOMATICALLY AT BOOT

• systemctl ➡ shows loaded units.

• systemctl list-unit-files ➡ lists unit files.

• systemctl list-units ➡ lists active units.

• systemctl --failed ➡ list all units that failed to start last system boot.

• systemctl start firewalld ➡ starts firewalld service.

• systemctl --user start mycustom.service ➡ starts mycustom.service unit file, stored at ~/.config/systemd/user/, as current user.

• systemctl restart firewalld ➡ restarts firewalld service.

• systemctl stop firewalld ➡ stops firewalld service.

• systemctl enable firewalld ➡ enable firewalld service to start at system boot.

• systemctl disable firewalld ➡ disable firewalld service, it won’t start at system boot.

• systemctl status firewalld ➡ check firewalld service status.

• systemctl show firewalld ➡ show firewalld unit details.

• systemctl is-enabled firewalld ➡ check if firewalld service is enabled.

• systemctl daemon-reload ➡ reload the systemd manager configuration.

• systemctl mask firewalld ➡ prohibit firewalld from being enabled or disabled.

CONFIGURE SYSTEMS TO BOOT INTO A SPECIFIC TARGET AUTOMATICALLY

• systemctl get-default ➡ displays the current default target.

• systemctl isolate multi-user.target ➡ switch to multi-user.target.

• systemctl set-default multi-user ➡ set multi-user.target as default.

• systemctl -t target --all ➡ lists all units of type target.

• systemctl reboot ➡ reboot the system.

CONFIGURE TIME SERVICE CLIENTS

• date, timedatectl ➡ check current system date and time.

• timedatectl set-ntp false ➡ disable networking time sync, also disables chronyd.service if enabled.

• timedatectl set-time "2021-07-08 04:30:00 ➡ change date and time.

• date --set 04:00 ➡ change time.

• tzselect ➡ starts the helper to set timezone.

• systemctl status chronyd ➡ (requires chrony) check if Chrony is active, it is the preferred implementation of the Network Time Protocol.

• Bind chronyd to a different server:

  • chronyc sources ➡ checks current time sources chronyd is accessing.
  • On /etc/chrony.conf, comment all entries beggining with pool or server.
  • Add a new line in the end: server 127.127.1.0
  • Add a new line in the end: server 127.127.1.4 iburst prefer (Check man chrony.config to learn the directives allowed.)
  • systemctl restart chronyd ➡ apply changes.
  • chronyc sources ➡ checks current time sources chronyd is accessing.

INSTALL AND UPDATE SOFTWARE PACKAGES FROM RED HAT NETWORK, A REMOTE REPOSITORY, OR FROM THE LOCAL FILE SYSTEM

• To add a repository from an iso image:

  • mount -o ro /dev/sr0 /mnt ➡ mount iso image to /mnt drive.

  • /dev/sr0 /mnt iso9660 ro 0 0 ➡ on /etc/fstab/, mounts the iso image at system startup.

  • create /etc/yum.repos.d/local.repo file ➡ to install a local repository.

    [BaseOS]
    name=BaseOS
    baseurl=file:///mnt/BaseOS
    gpgcheck=0
    

• Check man -s 5 yum.conf for directives and options for a .repo file, and cat /etc/dnf/dnf.conf to see an example of the syntax.

Using rpm

• rpm -i ./zsh-5.5.1-6.el8_1.2.x86_64.rpm ➡ install package file from current dir.

• rpm -i --reinstall -vh /zsh-5.5.1-6.el8_1.2.x86_64.rpm ➡ reinstall package from file (verbose mode, show progress printing a hash bar).

• rpm -qi zsh ➡ show package info (from installed package).

• rpm -qa | grep zsh ➡ query all packages and grep the word zsh.

• rpm -qip ./zsh-5.1.1-6.el8_1.2.x86_64.rpm ➡ show package file info (from the repository).

• rpm -K ./zsh-5.5.1-6.el8_1.2.x86_64.rpm --nosignature ➡ validate integrity (completeness and error-free state) and authententicity for the given package file.

• rpm -V zsh ➡ check installed package file attributes compared to the package file present on the repository (permission mode, size, owner, group, etc…), if no output, integrity of attributes are OK.

• rpm -q zsh ➡ check whether zsh package is installed.

• rpm -qf /etc/hosts ➡ search what package provides the file /etc/hosts (similar to dnf provides /etc/hosts).

• rpm -qc zsh ➡ list all configuration files for zsh.

Using dnf/yum

• dnf repolist ➡ show installed repositories.

• dnf repolist --all ➡ show all repositories dnf is aware of (enabled or disabled).

• dnf search tmux ➡ search in packages containing the worf tmux in it’si name or metadadata.

• dnf config-manager --disable BaseOS ➡ disable BaseOS repository.

• dnf config-manager --enable BaseOS ➡ enable BaseOS repository.

• dnf install tmux -y ➡ install tmux package, assuming yes for all questions.

• dnf list --installed ➡ show installed packages.

• dnf repoquery --repo "AppStream", dnf repository-packages BaseOS list ➡ list all the packages available for a specific repository.

• dnf provides /etc/group ➡ show which package contains the /etc/group file.

• tail /var/log/dnf.log ➡ see recent interactions.

• dnf repoquery --deplist policycoreutils ➡ list dependencies for the given package.

• dnf group list --installed ➡ list only installed package groups.

• dnf group install "Security Tools" ➡ install package group.

WORK WITH PACKAGE MODULE STREAMS

• dnf module list --installed ➡ list only installed modules.

• dnf module list perl* ➡ list all the streams for all modules with name starting as perl.

• dnf module list --enabled* ➡ list all enabled module streams.

• dnf module enable postgresql:9.6 ➡ enable module on the specified stream.

• dnf module update postgresql -y ➡ update postgresql module.

• dnf module install --profile postgresql:10 ➡ install the module’s stream 10.

• dnf module install --profile perl:5.26/minimal ➡ install the module with minimal profile for the stream 5.26.

• dnf module remove --profile postgresql:10 ➡ uninstall the module’s stream 10.

• dnf module info --profile postgresql ➡ list all profiles available for the module.

• dnf module info --profile postgresql:10 ➡ show details for the specific module stream.

• dnf module reset postgrelsql ➡ reset module.

MODIFY THE SYSTEM BOOTLOADER

• grubby --default-kernel ➡ display the path of the default kernel.

• grubby --default-index ➡ display the index number of the default kernel.

• grubby --set-default /boot/vmlinuz-3.10.0-229.4.2.el7.x86_64 ➡ set specified kernel to default.

• sudo grubby --set-default-index=1 ➡ set specified kernel to default, by using it’s index number.

• grubby --info=ALL ➡ display information of all boot entries.

• grubby --info /boot/vmlinuz-3.10.0-229.4.2.el7.x86_64 ➡ display information of the specified kernel entry.

• grubby --remove-args=quiet --update-kernel=DEFAULT ➡ remove the quiet argument from the DEFAULT boot entry.

• grubby --args=quiet --update-kernel=DEFAULT ➡ add the quiet argument to the DEFAULT boot entry.

• /etc/default/grub ➡ edit this file to change grub params.

• grub2-mkconfig -o /boot/grub2/grub.cfg, grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg ➡ make the config file to apply changes.

Next:

(RHCSA) Manage Basic Networking

…or back to Red Hat Certified System Administrator (RHCSA) Exam Study Guide

Useful links & references:

• Red Hat Enterprise Linux Documentation

• Enable Sysadmin (a blog from Red Hat)

Footnotes:

• Follow me on Twitter to get more posts like this and other quick tips in your feed.
• If you have any doubts or tips about this article, I’d appreciate knowing and discussing it via email.
• Do you have any other Linux tips? Would you like to publish that in this blog? Please send an email to all drops.
• As English is not my native language, I apologize for the errors. Corrections are welcome.
• Contact: contact [@] alldrops [.] info.