Red Hat Enterprise Linux 8 Administration E-Book

Red Hat Enterprise Linux 8 Administration

Master Linux administration skills and prepare for the RHCSA certification exam

Miguel Pérez Colino

Pablo Iranzo Gómez

Scott McCarty

BIRMINGHAM—MUMBAI

Red Hat Enterprise Linux 8 Administration

Copyright © 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

The content reflects the views of the authors and does not reflect the views of the authors' employer (Red Hat, Inc.). This work has no connection to Red Hat, Inc. and is not endorsed or supported by Red Hat, Inc.

Group Product Manager: Vijin Boricha

Publishing Product Manager: Shrilekha Inani

Senior Editor: Shazeen Iqbal

Content Development Editor: Romy Dias

Technical Editor: Arjun Varma

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Subalakshmi Govindhan

Production Designer: Shankar Kalbhor

First published: September 2021

Production reference: 1160921

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80056-982-9

www.packt.com

To all the people contributing to and being part of the open source community, building it one piece at a time, pushing its boundaries to make huge things.

Contributors

About the authors

Miguel Pérez Colino is an experienced IT enthusiast with a clear orientation towards open source software and open standards. He has an extensive background in IT, from operations to the architecture of large deployments and from identifying and prototyping solutions to defining IT strategies. He has delivered large projects, including NATO interoperable command and control systems in defense, extensive large deployments in retail (>15,000 devices), and digital transformation in the finance sector.

Now, as part of the Cloud Platforms Business Unit of Red Hat, he works as a senior principal product manager building tools and defining methodologies to ease modernization and migration for customers, enabling the use of open source.

I want to thank my family, Sonia, Miguel, and Matilde, for the support and patience they have had with me during the months that I have been writing this book. Also, to Pablo Iranzo for being part of this adventure, and without whom we would not have been able to finish it. The whole Packt editing team has helped this first-time book authors immensely, as well as Scott and Gunnar, and I'd like to thank all of them for their contributions.

Pablo Iranzo Gómez is a software engineer whose Linux exposure began while studying physics, a period during which he was also involved in LUGs and some projects related to HPC clusters and system administration and consultancy.

Currently, he is a senior software engineer in Red Hat's SolEng department, focusing on OpenShift, with experience in consulting, cloud technical account management, OpenStack software maintenance in industries such as hospitality, retail, airlines, government, telco, 5G, partners, IT covering system administration and automation, virtualization, PaaS, support, the cloud, and so on, having a broad understanding of different views, needs, and risks across the industry.

Pablo was born in and lives in Valencia, Spain with his family.

I want to thank my wife, Eva, for all the support she offered me enrolling in this endeavor; to my kid, Pau, for all the happy moments that empowered me to drive forward; to Javier, for the countless hours of unconditional understanding; and I want also to say thanks to Miguel for offering me to help him with this; and, of course, the whole Packt team, who have helped, guided, and advised me during the whole process.

At Red Hat, Scott McCarty is a principal product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. His focus areas include container runtimes, tools, and images.

Scott is a social media start-up veteran, an e-commerce old-timer, and a weathered government research technologist, with experience across a variety of companies and organizations, from seven-person start-ups to 15,000-employee technology companies. This has culminated in a unique perspective on open source software development, delivery, and maintenance.

First, I would like to thank all of the people in the open source community that have contributed to creating code and documentation that helps us all achieve more. I would like to thank all of the people that build, distribute, document, and release Red Hat Enterprise Linux and bring it into environments that I never thought Linux could reach. Finally, I'd also like to thank all of the sysadmins out there that run all of this software to prevent downtime and move projects forward.

About the reviewer

Matthew Bach is a senior specialist solutions architect at Red Hat, focused on the emerging technologies portfolio, such as OpenShift, middleware, and Ansible for DoD customers. He has been in the IT industry for over 17 years and is a 13-year US Navy information systems technician veteran. Matthew currently holds several Red Hat and other security-related certifications. When Matthew is not working with his customers on exciting technologies, he likes to spend time with his family, or on a mountain bike exploring the many trails Virginia has to offer.

To my wife, Ashley, with love: Thank you for your love, support, and patience through all of my endeavors in the endless pursuit of this career. I can think of no one I'd rather be with for the rest of my days than you and our five awesome kids.

To Maurice Carroll, thank you for the countless hours you spent cultivating an interest in computers with a teenage grandson, and my very first box of Red Hat Linux. You lit a spark in me that remains today.

Table of Contents

Preface

Section 1: Systems Administration – Software, User, Network, and Services Management

Chapter 1: Installing RHEL8

Technical requirements

Obtaining RHEL software and a subscription

Installing RHEL8

Preparation for a physical server installation

Preparation for a virtual server installation

Running an RHEL installation

Summary

Chapter 2: RHEL8 Advanced Installation Options

Technical requirements

Automating RHEL deployments with Anaconda

Deploying RHEL on the cloud

Installation best practices

Summary

Chapter 3: Basic Commands and Simple Shell Scripts

Logging in as a user and managing multi-user environments

Using the root account

Using and understanding the command prompt

Changing users with the su command

Understanding users, groups, and basic permissions

Users

Groups

File permissions

Using the command line, environment variables, and navigating through the filesystem

Command line and environment variables

Navigating the filesystem

Bash autocomplete

Filesystem hierarchy

Understanding I/O redirection in the command line

Filtering output with grep and sed

Listing, creating, copying, and moving files and directories, links, and hard links

Directories

Copying and moving

Symbolic and hard links

Using tar and gzip

Creating basic shell scripts

for loops

if conditionals

Exit codes

Using system documentation resources

Man pages

Info pages

Other documentation resources

Summary

Chapter 4: Tools for Regular Operations

Technical requirements

Managing system services with systemd

Systemd unit file structure

Managing services to be started and stopped at boot

Managing boot targets

Scheduling tasks with cron and systemd

System-wide crontab

User crontab

Systemd timers

Learning about time synchronization with chrony and NTP

NTP client

NTP server

Checking for free resources – memory and disk (free and df)

Memory

Disk space

CPU

Load average

Other monitoring tools

Finding logs, using journald, and reading log files, including log preservation and rotation

Log rotation

Summary

Chapter 5: Securing Systems with Users, Groups, and Permissions

Creating, modifying, and deleting local user accounts and groups

Managing groups and reviewing assignments

Adjusting password policies

Configuring sudo access for administrative tasks

Understanding sudo configuration

Using sudo to run admin commands

Configuring sudoers

Checking, reviewing, and modifying file permissions

Using special permissions

Understanding and applying Set-UID

Understanding and applying Set-GID

Using the sticky bit

Summary

Chapter 6: Enabling Network Connectivity

Technical requirements

Exploring network configuration in RHEL

Getting to know the configuration files and NetworkManager

Configuring network interfaces with IPv4 and IPv6

IPv4 and IPv6... what does that mean?

Configuring interfaces with nmtui

Configuring interfaces with nm-connection-editor

Configuring interfaces with nmcli

Configuring interfaces with text files

Configuring hostname and hostname resolutions (DNS)

Overview of firewall configuration

Configuring the firewall

Testing network connectivity

Summary

Chapter 7: Adding, Patching, and Managing Software

RHEL subscription registration and management

Managing repositories and signatures with YUM/DNF

Doing software installations, updates, and rollbacks with YUM/DNF

Creating and syncing repositories with createrepo and reposync

Understanding RPM internals

Summary

Section 2: Security with SSH, SELinux, a Firewall, and System Permissions

Chapter 8: Administering Systems Remotely

Technical requirements

SSH and OpenSSH overview and base configuration

OpenSSH server

OpenSSH client

Accessing remote systems with SSH

Key-based authentication with SSH

SSH agent

SCP/rsync – remote file management

Transferring files with an OpenSSH secure file copy

Transferring files with sftp

Transferring files with rsync

Advanced remote management – SSH tunnels and SSH redirections

Remote terminals with tmux

Summary

Chapter 9: Securing Network Connectivity with firewalld

Introduction to the RHEL firewall – firewalld

Enabling firewalld in the system and reviewing the default zones

Reviewing the different configuration items under firewalld

Enabling and managing services and ports

Creating and using service definitions for firewalld

Configuring firewalld with the web interface

Summary

Chapter 10: Keeping Your System Hardened with SELinux

Technical requirements

SELinux usage in enforcing and permissive modes

Reviewing the SELinux context for files and processes

Tweaking the policy with semanage

Restoring changed file contexts to the default policy

Using SELinux Boolean settings to enable services

SELinux troubleshooting and common fixes

Summary

Chapter 11:System Security Profiles with OpenSCAP

Getting started with OpenSCAP and discovering system vulnerabilities

Using OpenSCAP with security profiles for OSPP and PCI DSS

Scanning for OSPP compliance

Scanning for PCI DSS compliance

Summary

Section 3: Resource Administration – Storage, Boot Process, Tuning, and Containers

Chapter 12: Managing Local Storage and Filesystems

Technical requirements

Let's start with a definition

A bit of history

Partitioning disks (MBR and GPT disks)

Formatting and mounting filesystems

Setting default mounts and options in fstab

Using network filesystems with NFS

Summary

Chapter 13: Flexible Storage Management with LVM

Technical requirements

Understanding LVM

Creating, moving, and removing physical volumes

Combining physical volumes into volume groups

Creating and extending logical volumes

Adding new disks to a volume group and extending a logical volume

Removing logical volumes, volume groups, and physical volumes

Reviewing LVM commands

Summary

Chapter 14: Advanced Storage Management with Stratis and VDO

Technical requirements

Understanding Stratis

Installing and enabling Stratis

Managing storage pools and filesystems with Stratis

Preparing systems to use VDO

Creating a VDO volume

Assigning a VDO volume to an LVM volume

Testing a VDO volume and reviewing the stats

Summary

Chapter 15: Understanding the Boot Process

Understanding the boot process – BIOS and UEFI booting

Working with GRUB, the bootloader, and initrd system images

Managing the boot sequence with systemd

Intervening in the boot process to gain access to a system

Summary

Chapter 16: Kernel Tuning and Managing Performance Profiles with tuned

Technical requirements

Identifying processes, checking memory usage, and killing processes

Adjusting kernel scheduling parameters to better manage processes

Installing tuned and managing tuning profiles

Creating a custom tuned profile

Summary

Chapter 17: Managing Containers with Podman, Buildah, and Skopeo

Technical requirements

Introduction to containers

Installing container tools

Running a container using Podman and UBI

Basic container management – pull, run, stop, and remove

Attaching persistent storage to a container

Deploying a container on a production system with systemd

Building a container image using a Dockerfile or Containerfile

Configuring Podman to search registry servers

Summary of Podman options

When to use Buildah and Skopeo

Building container images with Buildah

Inspecting a remote container with Skopeo

Summary

Section 4: Practical Exercises

Chapter 18: Practice Exercises – 1

Technical requirements

Tips for the exercise

Practice exercise 1

Exercise 1 resolution

Chapter 19: Practice Exercise – 2

Technical requirements

Tips for the exercise

Practice exercise – 2

Answers to practice exercise 2

Other Books You May Enjoy

Section 1: Systems Administration – Software, User, Network, and Services Management

Deploying and configuring systems and keeping them up to date is the base task that every system administrator performs in their day-to-day work. In this section, the core parts of doing so are explored in a restructured way so that you can follow the tasks one by one and learn, practice, and understand them properly.

The following chapters are included in this section:

Chapter 1: Installing RHEL8

The first step to start working with Red Hat Enterprise Linux, or RHEL, is to have it running. Whether in your own laptop as the main system, in a virtual machine, or in a physical server, its installation is necessary in order to get your hands on the system you want to learn to use. It is highly encouraged that you get yourself a physical or virtual machine to use the system while reading this book.

In this chapter, you will deploy your own RHEL8 system, so as to be able to follow all the examples mentioned in this book as well as discover more about Linux.

The topics to be covered in this chapter are as follows:

Technical requirements

The best way to get started is by having an RHEL8 virtual machine to work with. You may do it in your main computer as a virtual machine or using a physical machine. In the following section of this chapter, we will review both options and you will be able to run your own RHEL8 system.

Tip

A virtual machine is a way to emulate a complete computer. To be able to create this emulated computer on your own laptop, in case you are using macOS or Windows, you will need to install virtualization software such as Virtual Box, for example. If you are already running Linux, it is already prepared for virtualization, and you will only need to add the virt-manager package.

Obtaining RHEL software and a subscription

To be able to deploy RHEL, you will need a Red Hat Subscription to obtain the images to be used, as well as access to repositories with software and updates. You can obtain, free of charge, a Developer Subscription from the developers' portal site of Red Hat using the following link: developers.redhat.com. You then need to follow these steps:

Figure 1.1 – The developers.redhat.com home page, indicating where to click to log in

Figure 1.2 – Red Hat login page (common to all Red Hat resources)

You can choose to use your credentials in several services (in other words, Google, GitHub, or Twitter) if you prefer to do so.

You can find the Linux section in the navigation bar before the content:

Figure 1.3 – Accessing the Linux page at developers.redhat.com

Click on Download RHEL which appears as a fancy button on the next page:

Figure 1.4 – Accessing the RHEL downloads page at developers.redhat.com

Then select the ISO image for the x86_64 (9 GB) architecture (which is the one used in Intel- and AMD-based computers):

Figure 1.5 – Choosing the ISO download of RHEL8 for x86_64

Figure 1.6 – Download dialog for RHEL8 for x86_64

The ISO image is a file that contains an exact copy of the contents of a full DVD (even when we are not using a DVD). This file will later be used to install our machines, whether dumping it to a USB drive for Bare Metal installations, unpacking it for network installations, or attaching it for virtual machine installations (or using out-of-band capabilities in servers such as IPMI, iLO, or iDRAC)

Tip

To verify the ISO image, and ensure that the one we have obtained is not corrupted, or altered, a mechanism called "checksum" can be used. Checksums are a way to review a file and provide a set of letters and numbers that can be used to verify that the file is precisely the same one as in the origin. Red Hat provides a list of sha256 checksums for doing so in the downloads section of the Customer Portal (https://access.redhat.com/). An article describing the process is available here: https://access.redhat.com/solutions/8367.

We have the software, in this case the ISO image, to install RHEL8 in any computer. These are the same bits that are used in production machines worldwide and that you can use yourself for learning purposes with your developer subscription. Now it is time to give them a go in the next section.

Installing RHEL8

For this section of the chapter, we will follow the typical installation process to have RHEL installed on a machine. We will follow the default steps, reviewing the options available for each one.

Preparation for a physical server installation

A physical server requires some initial setup before beginning with installation. Common steps include configuring the disks in the internal array, connecting it to the networks, preparing the switches for any interface aggregation that is expected (teaming, bonding), preparing access to external disk arrays (in other words, fiber channel arrays), setting up out-of-band capabilities, and securing the BIOS configuration.

We will not get into the details of these preparations, except for the boot sequence. The server will require to boot (start loading the system) from an external device such as a USB thumb drive or optical disk (whether physical or emulated through the out-of-band capabilities).

To create a bootable USB thumb drive from a machine with Linux or macOS, this is as simple as doing a "disk dump" with the dd application. Perform the following steps:

$ dmesg | grep removable

[66931.429805] sd 0:0:0:0: [sdb] Attached SCSI removable disk

Important note

Please verify the disk name very carefully, as the procedure for using "disk dump" will completely overwrite the disk target.

Check whether the USB is mounted and, if so, dismount it (for macOS users, please use diskutil list to ascertain whether the device is mounted):

$ lsblk /dev/sdb

NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT

sdb      8:0   1  3,8G  0 disk

├─sdb1   8:1    1  1,8G  0 part /run/media/miguel/USB

├─sdb2   8:2    1 10,9M  0 part

└─sdb3   8:3    1 22,9M  0 part

In this case, only partition 1 of the sdb disk, referred to as sdb1, is mounted. We will need to unmount all the partitions mounted. In this example, this is straightforward as there is only one. To do so, we can run the following command:

Important note

Using super-user do or sudo, for administrative tasks, such as unmounting devices, we could open an administrator shell (root in Linux and Unix-like systems) or run the command using sudo, which provides administrative privileges to the current user. When running commands with sudo, the user will be requested to enter their password (not the admin password, but the user's own password) to proceed with the execution (this default behavior may be overridden in the sudoers configuration file).

$ sudo umount /dev/sdb1

Dump the image! (Warning, this will erase the selected disk!):

$ sudo dd if=rhel-8.3-x86_64-dvd.iso of=/dev/sdb bs=512k

Tip

Alternative methods are available for creating a boot device. Alternative graphical tools are available for creating a boot device that can help select both the image and the target device. In Fedora Linux (the community distribution where RHEL was based on, and a workstation for many engineers and developers), the Fedora Media Writer tool can be used. For other environments, the UNetbootin tool could also serve to create your boot media.

Now, with the USB thumb drive, we can install any physical machine, from a tiny laptop to a huge server. The next part involves making the physical machine boot from the USB thumb drive. The mechanism for doing that will depend on the server being used. However, it is becoming common to offer an option to select a boot device during bootup. The following is an example of how to select a temporary boot device in a laptop:

Figure 1.7 – Example of a BIOS message to interrupt normal startup

Figure 1.8 – Example of a BIOS menu for interrupted startup

Figure 1.9 – Example of a BIOS menu to choose the USB HDD boot device

Let the system start the installer from the USB drive.

Once we know how to prepare a USB drive with an RHEL installer, and how to make a physical machine to boot from it, we can skip to the Running an RHEL installation section in this chapter and proceed to install it. This can be pretty useful if we have a mini server (in other words, an Intel NUC), an old computer, or a laptop to be used as the machine for following along with this book.

Next, we will look at how to prepare a virtual machine in your installation, in case you are considering following this book with your current main laptop (or workstation) but you still want to keep a separate machine to work with.

Preparation for a virtual server installation

A virtual server works like having some virtualization software that emulates a real machine in your current system. In a Linux workstation, installing virt-manager will add all the under-the-hood components required to run (for your information, these components are KVM, Libvirt, Qemu, and virsh, among others). Other no-cost virtualization software, recommended for Windows or macOS systems, includes Oracle VirtualBox and VMware Workstation Player.

The examples in this section will be executed using virt-manager, but are easily applicable to any other virtualization software, whether in a laptop or in the largest deployments.

The preliminary steps have been described above and require obtaining the Red Hat Enterprise Linux ISO image, which, in this case, will be rhel-8.3-x86_64-dvd.iso. Once downloaded and, if possible, having checked its integrity (as mentioned in the last tip of the Obtaining RHEL software and a subscription section), let's prepare to deploy a virtual machine:

Figure 1.10 – The virtual manager main menu

Figure 1.11 – Virtual manager – New VM menu

Figure 1.12 – The virtual manager menu to select an ISO image as an installation medium

Figure 1.13 – The virtual manager menu for selecting memory and CPU

It is time to assign at least one disk to the virtual machine. In this case, we will assign a single disk with the minimum disk space, 10 GB, but in future chapters, we will be able to assign more disks to test other functionalities:

Figure 1.14 – The virtual manager menu to create a new disk and add it to the virtual machine

Figure 1.15 – The virtual manager menu for selecting the name of the virtual machine and the network

After taking these steps, we have a fully functional virtual machine available. Now it is time to complete the process by installing the RHEL operating system on it. Check how to do this in the next section.

Running an RHEL installation

Once we have prepared our virtual or physical server for installation, it's time to proceed with it. We will know whether all the previous steps were performed correctly if we arrive at the following screen:

Figure 1.16 – Initial boot screen for RHEL8 installation with Install selected

We are offered three options (selected in white):

– Install Red Hat Enterprise Linux 8.3 in basic graphics mode: This option is useful for systems with an old graphics card and/or an unsupported one. It can help to get the system installed in case an issue with visualization is identified.

– Rescue a Red Hat Enterprise Linux system: This option can be used when we have a system with issues booting or when we want to access it to introspect it (in other words, review a possible compromised system). It will initiate a basic in-memory system to perform these tasks.

– Run a memory test: The system memory can be checked to prevent issues, as in the case of a brand-new server, for instance, where we want to ensure that its memory is running correctly, or a system suffering issues and panics that may indicate a memory-related issue.

– Boot from local drive: In case you booted from the install media, but you already have a system installed.

– Return to main menu: To go back to the previous menu.

Important note

The RHEL boot menu will show several options. The one selected will show in white, with one single letter in a different color, in this case, "i" for install and "m" for test media. These are shortcuts. Pressing the key with that letter will take us directly to this menu item.

Let's proceed with Test this media & install Red Hat Enterprise Linux 8.3 to let the installer review the ISO image we are using:

Figure 1.17 – RHEL8 ISO image self-check

Once completed, it will reach the first installation screen. The installer is called Anaconda (a joke, as it is written in a language called Python, and it follows a step-by-step approach). It is important to pay attention to the options we will select during installation, as we will review them later in the Automating deployments with Anaconda section of the book.

Localization

The first step to installation is selecting the installation language. For this installation, we will select English, followed by English (United States):

Figure 1.18 – RHEL8 install menu – Language

In case you cannot easily find your language, you may type it in the box under the list to search for it. Once a language is selected, we can click the Continue button to proceed. This will take us to the INSTALLATION SUMMARY screen:

Figure 1.19 – RHEL8 install menu – Main page

On the INSTALLATION SUMMARY screen, all the configuration parts required are shown, with many of them (the ones without a warning sign and red text underneath) already preconfigured with defaults.

Let's review the LOCALIZATION settings. First, Keyboard:

Figure 1.20 – RHEL8 install – The Keyboard selection icon

We can review the keyboard settings, which can help, not just changing the keyboard, but adding extra layouts in case we want to switch between them:

Figure 1.21 – RHEL8 install – Keyboard selection dialog

This can be done by clicking on the + button. Here is an example of adding the Spanish; Castilian (Spanish) layout. We search for spa until it appears, and then we select it and then click Add, as follows:

Figure 1.22 – RHEL8 install – Keyboard selection list

To make it the default option will require clicking on the ^ button underneath. In this case, we will keep it as a secondary option so that the supporting software gets installed. Once completed, click Done:

Figure 1.23 – RHEL8 install – Keyboard selection dialog with different keyboards

Now, we will move on to Language Support:

Figure 1.24 – RHEL8 install – Language selection icon

Here, we can also add our local language. In this example, I'll use Español, and then Español (España). This will again include the software required to support the language that has been added:

Figure 1.25 – RHEL8 install – Language selection dialog with different languages

We will proceed with both languages configured, although you may want to choose your own localized language.

Now, we will move on to Time & Date, which can be seen as follows:

Figure 1.26 – RHEL8 install – Time and Date selection icon

The default configuration is set to the city of New York in the United States of America. You have two possibilities here:

Figure 1.27 – RHEL8 install – Time and Date selection dialog – Madrid selected

Figure 1.28 – RHEL8 install – Time and Date selection dialog – UTC selected

We will proceed with the localized time for Spain, Madrid, Europe, although you may want to select your localized time zone.

Tip

As you can see in the screen, there is an option to select Network Time to have the machine's clock synchronized with other machines. This option can only be selected once the network is configured.

Software

With the Localization configuration completed (or almost completed; we may come back for the network time later), we move on to the Software section, or, more precisely, to Connect to Red Hat under it:

Figure 1.29 – RHEL8 install – Connect to Red Hat selection icon

In this section, we can use our own Red Hat account, like the one we created previously under developers.redhat.com, to access the latest updates for the system. To configure it, we will need to configure the network first.

For the purposes of this deployment, we will not configure this section now. We will review how to manage subscriptions and get updates in Chapter 7, Adding, Patching, and Managing Software, of this book.

Important note

Systems management with Red Hat Satellite: For large deployments with more than 100 servers, Red Hat offers "Red Hat Satellite," with advanced software management capabilities (such as versioned content views, centralized security scans with OpenSCAP, and simplified patching and updating for RHEL). To connect to a Red Hat Satellite, the activation key can be used, thereby simplifying the management of systems.

Let's now move on to Installation Source, as follows:

Figure 1.30 – RHEL8 install – Installation Source icon

This can be used for installation using remote sources. It is very useful when using the boot ISO image that only contains the installer. In this case, as we are using the full ISO image, it already contains all the software (also referred to as packages) needed to complete the installation.

The next step is Software Selection, as shown in the following screenshot:

Figure 1.31 – RHEL8 install – Software Selection icon

In this step, we can select a predefined set of packages to be installed on the system so that it can perform different tasks. While it can be very convenient to do so in this stage, we are going to adopt a more manual approach and select the Minimal Install profile to add software to the system later.

This approach also has the advantage of reducing the attack surface by installing just the minimum required packages in the system:

Figure 1.32 – RHEL8 install – Software Selection menu; Minimal Install selected

System

Once the set of packages has been selected, let's move on to the System configuration section. We will start with the destination of the installation, where we can choose the disk or disks to be used to install and configure them:

Figure 1.33 – RHEL8 install – Installation Destination icon with a warning sign as this step is not complete

This task is very important as it will define not just the way the system is deployed on the disk, but also how the disk is distributed and with which tools. Even when in this section, we won't use the advanced options. We will take some time to review the main options.

This is the default Device Selection screen, with only one local standard disk discovered, no Specialized & Network Disks options, and ready to run the Automatic partitioning. This can be seen in the following screenshot:

Figure 1.34 – RHEL8 install – INSTALLATION DESTINATION menu, with automatic partitioning selected

Clicking Done in this section will complete the minimal set of data required to continue with the installation.

Let's review the sections.

Local Standard Disks are a set of disks to be used by the installer. It may be the case that we have several disks, and we only want to use a specific disk:

Figure 1.35 – RHEL8 install – INSTALLATION DESTINATION menu, with several local disks selected

This is an example of having three available disks and using only the first and third ones.

In our case, we only have one disk, and it is already selected:

Figure 1.36 – RHEL8 install – INSTALLATION DESTINATION menu, with a single local disk selected

It would be easy to use full disk encryption by selecting Encrypt my data, which is highly recommended for laptop installations or for installing in environments with low levels of trust:

Figure 1.37 – RHEL8 install – INSTALLATION DESTINATION menu, with the data encryption option (not selected)

For this example, we will not encrypt our drive.

The Automatic install option will distribute the disk space automatically:

Figure 1.38 – RHEL8 install – INSTALLATION DESTINATION menu; Storage Configuration (Automatic)

It will do so by creating the following resources:

Let's select this option and then click Done.

Tip

System partitions and the boot process: Do not worry if you still do not fully understand some extended concepts regarding system partitions and boot processes. To cover the filesystems, partitions, and how to manage disk space, there is a chapter entitled Managing Local Storage and Filesystems dedicated to it. To review the boot process, there is a chapter entitled Understanding the Boot Process, which reviews step by step the full system start up sequence.

The next step involves reviewing Kdump, or Kernel Dump. This is a mechanism that allows the system to save the status in case a critical event happens and it crashes (it dumps the memory, hence its name):

Figure 1.39 – RHEL8 install – Kdump configuration icon

In order to work, it will reserve some memory for itself where it will stay, waiting to act if the system crashes. The default configuration does a good calculation of the requirements:

Figure 1.40 – RHEL8 install – Kdump configuration menu

Clicking Done will take us to the next step, Network & Host Name, which appears as follows:

Figure 1.41 – RHEL8 install – Network & Host Name configuration icon

This section will help to have the system connected to a network. In the case of a virtual machine, access to external networks will be handled by the Virtualization Software. It is very common that the default configuration uses Network Address Translation (NAT) and Dynamic Host Configuration Protocol (DHCP), which will provide a network configuration to the virtual machine and access to external networks.

Once on the configuration page, we can see how many network interfaces are assigned to our machine. In this case, there is only one, as follows:

Figure 1.42 – RHEL8 install – NETWORK & HOST NAME configuration menu

First, we can enable the interface by clicking on the ON/OFF toggle on the right. To turn it off, it looks like this:

Figure 1.43 – RHEL8 install – NETWORK & HOST NAME configuration toggle (OFF)

And to turn it on, it should look like this:

Figure 1.44 – RHEL8 install – NETWORK & HOST NAME configuration toggle (ON)

We will see that the interface now has a configuration (IP Address, Default Route, and DNS):

Figure 1.45 – RHEL8 install – NETWORK & HOST NAME configuration information details

To make this change permanent, we will click the Configure button at the bottom-right corner of the screen to edit the interface configuration:

Figure 1.46 – RHEL8 install – NETWORK & HOST NAME configuration; interface configuration; Ethernet tab

Clicking on the General tab will present the main options. We will select Connect automatically with priority and leave the value as 0, just like this:

Figure 1.47 – RHEL8 install – NETWORK & HOST NAME configuration; interface configuration; General tab

Clicking Save will make the changes permanent and have this network interface enabled by default.

Now it's time to give a name to our virtual server. We will go to the Host Name section in the main page and type the name we want for it. We can use rhel8.example.com, and then click Apply:

Figure 1.48 – RHEL8 install – NETWORK & HOST NAME configuration; Host Name detail

Tip

The domain example.com is used for demonstration purposes, and it is safe to be used on any occasion, knowing that it will not collide or cause any trouble to other systems or domains.

The networking page will look like this:

Figure 1.49 – RHEL8 install – NETWORK & HOST NAME configuration menu; configuration complete

Clicking Done will take us back to the main installer page, with a system connected to a network and prepared to connect once the installation is complete.

The chapter entitled Enabling Network Connectivity will describe in more detail the options available to configure the network in an RHEL system.

Important note

Now that the system is connected to the network, we can go back to Time & Date and enable network time (which is done automatically by the installer), as well as go to Connect to Red Hat to subscribe the system to Red Hat's Content Distribution Network (or CDN). The subscription of the system to the CDN will be explained in detail in Chapter 7, Adding, Patching, and Managing Software.

It is now time to review the final system option, security profiles, by going to Security Policy as follows:

Figure 1.50 – RHEL8 install – Security Policy configuration icon

In it, we will see a list of security profiles that can be enabled by default in our system:

Figure 1.51 – RHEL8 install – SECURITY POLICY configuration menu

The security profiles have requirements that we are not covering in this installation (such as having separate /var or /tmp partitions). We can click on Apply security policy to turn it off, and then on Done:

Figure 1.52 – RHEL8 install – Security policy configuration toggle (off)

More on this topic will be covered in Chapter 11, System Security Profiles with OpenSCAP.

User settings

The main administrator user in a Unix or Linux system is called root.

We can enable a root user by clicking in the Root Password section, although this is not necessary and, in security restricted environments, you are advised not to do so. We will do so in this chapter in order to learn how to do it and explain the cases covered:

Figure 1.53 – RHEL8 install – Root Password configuration icon (warning as it is not set)

After clicking on Root Password, we are presented with a dialog to type it:

Figure 1.54 – RHEL8 install – Root Password configuration menu

It is recommended that the password has the following:

If the password does not meet those requirements, it will warn us and it will force us to click Done twice to use a weak password.

It is now time to create a user for the system by clicking on User Creation:

Figure 1.55 – RHEL8 install – User Creation configuration icon (warning as it is not complete)

This will take us to a section to input user data:

Figure 1.56 – RHEL8 install – User Creation configuration menu

The same password rules will apply here as in the previous section.

Clicking on Make this user administrator will enable the performance of administrative tasks (and also no need to configure the root password).

Tip

As a good practice, do not use the same password for the root account and for the user account.

The Chapter 5, Securing Systems with Users, Groups, and Permissions includes a section on how to use and manage administrative privileges for users with the sudo tool.

Click on Done to return to the main installer screen. The installer is ready to proceed with the installation. The main page will look like this:

Figure 1.57 – RHEL8 install – Main menu once completed

Clicking on Begin Installation will launch the installation process:

Important note

If any of the steps required to start the installation are omitted, the Begin Installation button will be grayed out, and therefore not available to be clicked.

Figure 1.58 – RHEL8 install – Installation in progress

Once the installation is complete, we can click on Reboot System and it will be ready to use:

Figure 1.59 – RHEL8 install – Installation complete

It is important to remember to detach the ISO image from the virtual machine (or remove the USB thumb drive from the server) and check that the boot order is properly configured in the system.

Your first Red Hat Enterprise Linux 8 system is now ready! Congratulations.

As you can see, it is easy to install RHEL in a virtual or physical machine and have it ready to be used for any service we want to run in it. In the cloud, the process is very different as machines are instantiated from images to run. In the next chapter, we will review how to run RHEL in a virtual machine instance in the cloud.

Summary

The Red Hat Certified System Administrator exam is entirely practical, based on real-world experience. The best way to prepare for it is by practicing as much as possible, which is why this book begins by providing access to Red Hat Enterprise Linux 8 (RHEL8) and offering alternatives on how to deploy your own virtual machine.

Different scenarios are covered regarding installation. These are the most common ones, and include using a physical machine, a virtual machine, or a cloud instance. In this chapter, we focused on using a virtual machine or a physical one.

When using physical hardware, we will be focusing on the fact that many people like to reuse old hardware, buy second-hand or cheap mini servers, or even use their laptop as the primary installation for their Linux experience.

In the case of virtual machines, we are thinking about the people that want to keep all their work on the same laptop, but without messing with their current operating system (which may not even be Linux). This could also work well with the previous option by having virtual machines on your own mini server.

After this chapter, you are ready to proceed with the rest of the book, having at least an instance or Red Hat Enterprise Linux 8 available to work with and practice on.

In the next chapter, we will review a number of advanced options, such as using the cloud for RHEL instances, automating the installation, and best practices.

Let's get started!

Chapter 2: RHEL8 Advanced Installation Options

In the previous chapter, we learned how to install Red Hat Enterprise Linux, or RHEL, on a physical or virtual machine so that we use it while we're reading this book. In this chapter, we will review how to use RHEL instances in the cloud and the main differences that appear when doing so.

You will also learn not just how to deploy a system, but the best choices to do so, and be able to perform the deployment in an automated fashion.

To complete the installation, a section on best practices has been included so that you can start avoiding long-term issues from day one.

These are the topics that will be covered in this chapter:

Technical requirements

In this chapter, we will review the automated installation process using Anaconda. For that, you will need to use the RHEL8 deployment we created in the previous chapter.

We will also create cloud instances, for which you will need to create an account in the cloud environment of your choice. We will be using Google Cloud Platform.

Automating RHEL deployments with Anaconda

Once you have finished your first deployment of RHEL locally, you can log in as root on the machine and list the files that the root user has in their folder:

[root@rhel8 ~]# ls /root/

anaconda-ks.cfg

You will find the anaconda-ks.cfg file. This is an important file, called a kickstart, and it contains the responses given to the installer, Anaconda, during the installation process. Let's review the content of this file.

Important note

In cloud images, there is no anaconda-ks.cfg file.

This file can be reused to install other systems with the same options as the ones we used for this installation. Let's review the options that we added during our previous installation.

Lines starting with # are comments and have no effect on the installation process.

The comment specifying the version that is being used is as follows:

#version=RHEL8

Then, a type of installation was performed. It can be graphical or text (for headless systems, it is common to use the second one):

# Use graphical install

graphical

The software source for installing application packages, or any other package, is specified with the repo entry. As we were using the ISO image, it was accessed (mounted, in Linux parlance) as if it were a CDROM:

repo --name="AppStream" --baseurl=file:///run/install/sources/mount-0000-cdrom/AppStream

Sections are specified with the % symbol. In this case, we will enter the packages section with the list of packages to be installed and use the %end special tag to close them. There are two selections: a group of packages that is defined by it starting with the @^ symbol (in this case, minimal-environment) and the name of a package that doesn't require any prefix (in this case the package is kexec-tools, which are responsible for installing the kdump capability we explained previously):

%packages

@^minimal-environment

kexec-tools

%end

We continue to click options without a section. In this case, we have the keyboard layouts and system language support. As you can see, we added the English US American keyboard (marked as us) and the Spanish, Spain one (marked as es):

# Keyboard layouts

keyboard --xlayouts='us','es'

For the system language, we also added English US American (en_US) and Spanish, Spain (es_ES). There are several ways to manage, store, and represent text in operating systems. The most common one nowadays is UTF-8, which enables us to have many character sets under one single standard. That's why the system language has.UTF-8 appended to it:

# System language

lang en_US.UTF-8 --addsupport=es_ES.UTF-8

Tip

Unicode (or Universal Coded Character Set) Transformation Format – 8-bit