- OPS335 -
This course teaches the maintenance and administration of a UNIX server using Linux. Students will learn to install and upgrade the operating system software, set up user accounts, back up and restore files, install and configure servers, monitor network traffic and recover from system disasters.
Open System Application Server
Prerequisite: OPS235During this semester you will have to complete about 10 labs, 2 quizzes, 2 assignments, 1 midterm test, and 1 final exam. This is the place where I will post information you will need. Please visit this page often.
Text:Linux Administration Handbook, 2nd Edition by Evi Nemeth, Garth Snyder and Trent R. Hein, ISBN 0131480049, Published by Prentice Hall
Academic Policies:My Academic Policies
Assignment Expectations:How to Prepare Assignments?
Resubmit Procedures:How to Resubmit Assignments?
Lab Expectations:How to Complete/Submit Your Labs?
Laboratory List:Lab #0Lab #1Lab #2Lab #3Lab #4Lab #4-ALab #5Lab #6Lab #7Lab #8Lab #9Lab #10
Unofficial Marks:grades so far
Assignment List:Assignment #1-5%Assignment #2-10%Bonus Assignment-10%Alternate Bonus Assignment-10%
Proposed Weekly Plan:Schedule
Lecture topics, notes and other stuff:
FINAL EXAM: is scheduled for Tuesday April 15 at 2:00 PM in the gymnasium - One letter-sized, hand-written on both sides reference sheet is allowed.
Week #15 - Apr 14 - 2008
- All labs/assignments have now been marked as of Wednesday April 16. Please do not send me any more labs or assignments. I will not mark them. NOTE: Some of you have submitted assignment #2 by email but have not handed in a written report. I do not accept assignments by email. If there is no written report then the assignment is counted as NOT handed in.
- All labs/assignments (except assignment #2) have been marked as of 11am Monday April 14. I'm still working on assignment #2. Please note that I will not accept any labs or assignments after the exam on Tuesday April 15.
- Also, due to the flood of last-minute late labs, which were mostly copies of labs from other students, I've decided to award 1/2 mark per correct late (✓) lab. I think this will be more fair to those who have submitted their work on time.
- Today (Monday) we did quiz #2 and a review of the exam.
- NOTICE: PLEASE DO NOT SEND LABS #0 thru #5. I WILL NOT READ THEM. I WILL ONLY ACCEPT LABS #6 thru #10 ONLY UNTIL APRIL 15.
- Suggested answers to quiz #2 are 1)c,e 2)a,c 3)c 4)d 5)b 6)c) 7)e 8)d 9)d,e 10)a 11)b 12)b 13)c 14)a,b 15)a) 16)d) 17)d 18)c 19)a 20)d 21)e 22)a 23)c 24)d 25)c 26)d 27)d 28)d 29)b 30)c
- Lab #9 is now available.
- This week's topic is email. For an overview read this Wikipedia article.
- The home page for Postfix is postfix.org.
- Here are some typical Postfix configuration setups.
- A student told me about this neat subnet mask conversion tool called 'whatmask'. On Fedora you can install it with the command 'yum install whatmask'. To learn how to use it, just enter 'man whatmask'.
- Assignment #2 is now available and is due on April 11.
- I have been made aware that many students in this class find the bonus assignment much too difficult since they have not yet taken OPS435 (BASH Scripting). For this reason I have created an alternate bonus assignment, still worth 10%. However this assignment does not require a GUI interface, any data validation or a manual page. It is available to ALL students, no matter if you've taken OPS435 or not. But, you may only submit one bonus assignment. Each student must choose to do the original bonus assignment or the alternate bonus assignment. The assignment is due on March 31.
- Here is an example to get you going on the alternate bonus assignment.
- Here is an example to get you going on the bonus assignment.
- Friday is a holiday so students in sections A and C will have to find some other time to do lab #8. It will still be due on its normal due date.
- This week we'll discuss web servers and the Apache web server specifically.
- Here is an example Apache httpd.conf configuration file.
- We discussed building a gateway in T2107 for two internal subnets. Here's the diagram.
- In lab #5 we had to set SELinux to permissive mode. We created DNS config files that were not known by SELinux. So What is SELinux? It's a security feature.
- First we had file permissions: rwx for ugo, chmod
- Then came Access Control Lists (ACLs): finer granularity: getfacl, setfacl, ...
- The first two cases above are set by the user. Next came Mandatory Access Control (MAC). This is set by the sys admin. SELinux is an example of mandatory access control - used in Fedora. OpenSuse uses a package called Apparmor.
- We began discussions on SAMBA. A good overview of SAMBA can be found on wikipedia.
- NOTICE: Final withdrawal date is March 14, 2008. (All subjects will be graded after this date, and grades will affect the Grade Point Average.)
- No classes/labs - March break.
- Please do not send in any more labs 0 to 5.
- No lecture on Monday because of Family Day holiday.
- If any student missed the mid-term test, they must write me an email with their detailed explanation.
- Labs #0 to #5 and assignment #1 will NOT be accepted AFTER Friday, February 22.
- Analysis of Mid-Term Test results:
- Solutions to the midterm tests are here for the morning class and here for the afternoon class.
- Lab04-A is posted for one bonus mark. Almost the same as lab04 except that we configure two interfaces onto one network card.
- Midterm test on Monday Feb 11. Worth 30% of your final grade. This is a closed book test. No electronic aids are allowed, however, you may bring one letter-sized, hand-written, original reference sheet, which must be handed in with your test. The test is 90 minutes long. Also, you must take the test in the period you are registered. Sections C and D start at 9:50am and sections A and B start at 1:30pm.
- Readings from the text that may help on the midterm test include the following:
- Pages 21-32 - booting
- Pages 32-38 - startup scripts
- Pages 111-148 - file systems and LVM
- Pages 297-309 - networking
- Analysis of Quiz #1 results:
- NOTE: If you missed quiz #1, then you can get a copy of the questions in the lab this week. I will not be giving a makeup quiz. The answers to the quiz are as follows: c,b,d,a,b,d,c,b,d,d,b,d,a,d,b,b,a,d,d,b.
- Quiz #1 will be done on Monday Feb 4. Please be on time. No reference sheets allowed. Closed book. 20 multiple choice questions. Quiz covers labs 0 through 3 and lectures that cover them.
- Assignment #1 is due on Feb 18 (week 7). Must be handed in during your lab period. And your tarball of the assignment must be emailed on the same day.
- Our midterm test is next week. The test will cover labs 0 through 4. One reference sheet is allowed, hand-written on both sides. The sheet must be letter size and must be handed in with your test.
- This weeks topic is Linux Networks. Here are some diagrams we'll discuss:
- NOTE: Friday's labs were cancelled because of the snow storm. Nevertheless lab03 is still due by midnight next Thursday. You have 6 days to do it instead of 7. Also note that assignment #1 is posted and don't forget to read my assignment expectations before doing the assignment.
- This week we'll be talking about Linux startup. Here's what happens:
- PC is turned on.
- ROM boot loader loads MBR code.
- Code in MBR loads Linux kernel and initial ramdisk (initrd).
- Kernel mounts initrd in ram.
- Kernel runs and does hardware detection.
- Kernel mounts root file system.
- init program runs (process ID=1).
- init reads /etc/inittab and determines runlevel (0-6).
- init calls the rc script.
- rc executes startup scripts (/etc/rc.d).
- System reaches desired runlevel.
- Some commands we discussed and used include file, cpio, dmesg, lsmod, init, telinit.
- We also discussed Linux driver files (*.ko) which are located in /lib/modules/... directory.
- Here's the OPS335 unofficial outline. I'm waiting for it to be approved - hopefully by next week.
- This week's topic is file systems: methods for storing and organizing computer files and the data they contain to make it easy to find and access them.
- Here's a diagram of the Linux File system.
- And a diagram of an EXT2 inode and a block diagram of an EXT2 file system itself.
- Commands I used in class include the following: fdisk, dd, head, mkfs, fsck, resize2fs, losetup, mount, umount, mkdir, df and partprobe.
- Here are some common errors students make when doing theor labs.
- Commands you used in lab00 include fdisk, partprobe, su, sudo, mail, ssh, scp and vi.
- You can configure the HP laser printer in the lab by following these instructions.
- Lab tutor for Wednesday (sections B and D) is Reaz - email is rahmed7
- Please read my Policies and Procedures. You can find links to them at the top of this page.
- I'm still updating the official OPS335 outline - should be ready next week.
- Labs, assignments, tests, grading. We'll have about 10 labs (10%), one midterm test (30%), two quizzes (5%), two assignments (15%) and one final exam (40%).
- Questions people always ask me.
- Here's a picture of the initial menu displayed on the PCs in lab T2107. The PCs are preloaded with Fedora 7 - that's what we'll be using this semester. Also, each PC has a data recovery card installed which will restore the original image on each boot. You will not be using your own hard drive this semester - at least for this course you won't.
- What you should know from OPS235 - please review
- How to partition a hard disk using fdisk
- How to navigate a file system tree using cd
- How to use the vi editor
- How to add/remove user accounts using useradd/userdel
- How to add/remove software packages using rpm and yum
- How to change file/directory permissions using chmod
- How to mount/unmount file systems using mount/umount
- How to use file redirection with > and <
- How to use pipes with |
- How to use basic commands such as cp, cat, echo, ls, mkdir, rm, touch, wc, head, tail, chmod, ln, find, sort, cut, grep, gzip, gunzip, tar, file, df, du, pwd, who, cal, passwd, whereis, which, umask, id, clear
- How to configure a network interface using ifconfig
- How to use a Linux GUI such as GNOME or KDE
OBJECTIVE & PREPARATION
This lab is a repeat of a portion of lab1 (and some of lab2) that you already performed in OPS235 plus some newer content that relates to this week's notes. You are expected to be able to complete all this using your existing skills and knowledge or refer back to your OPS235 lab-book or OPS235 WIKI notes.
In this is lab, you will install your host machine (Centos7), install virtualization software, and create and install 3 virtual machines.
- Centos 7 Full Installation DVD.
- One SATA hard disk in a removable drive tray (minimum 250GB). It is strongly advised you dedicate a drive for this course only.
- USB drive (8 GB+) for creating and storing backups (Virtual Machines, configuration files).
- OPS335 Lab Log-book (Previous OPS235 log lab-book as an additional resource).
INVESTIGATION 1: HOST INSTALLATION
Installation instructions for Centos 7
- It may be advisable to obtain a newer version of the Centos 7 Full Installation DVD since there may be improvements since the last version from when you took OPS235.
- Note: There are two versions of OPS235 lab1 if you are using for reference for either a SATA removable hard drive or a Solid State Drive (SSD). Both labs are identical in basic content, except the SSD labs uses VMware Workstation 12 Pro to create the host machine. For an SSD drive, you would also need to setup nested VMs when you setup KVM in lab2 (i.e. follow instructions in OPS235 labs CAREFULLY).
- Download and burn on a DVD a copy of the Centos 7 installation DVD (64 bit edition) from the Centos web site or the Belmont server.
Note: we'll be using the 64 bit version of Centos because all of our lab computers are equiped with Intel 64 bit mainboards and CPUs, and any computer you bought in the last few years for yourself will be 64bit as well.
- You need to refer to your OPS235 notes in order to install your host machine.
There are two unique labs how to perform this depending if you are using either a removable hard drive (old method) or a Solid State Drive (SSD - preferred method). Below are separate links to OPS235 lab 1 notes based on your type of hard drive:
[ Removable SATA Drive ] [ Solid State Drive (SSD - preferred) ]
Some of our machines' boot order is configured to be Harddrive first, DVD second. Which means you won't be able to boot from the DVD if you already have an operating system installed on your drive.
- Customize your installation following these guidelines:
- Turn on networking and use host as the hostname.
- Under software selection, choose Gnome desktop.
- The partition setup is similar to what you had in OPS235:
- Delete any old partitions.
- Select the hard disk and indicate "I will configure partitions" and click done.
- Click the link to create partitions automatically (this will give a typical layout with /, /boot, /boot/efi, /home, etc).
- Free up at least 100GB of disk space by shrinking the /home partition (At least 40 GB for root (/) and 40GB for /home). Since your machine will have far fewer users and more virtual machines than a typical installation, we will need that space elsewhere.
- Create a new logical volume for /var/lib/libvirt/images and give it the space made available by shrinking /home (You will need enough space for up to 10 virtual machines at 8GB each plus room to compress/extract images).
- Make certain that the existing partitions have the file system type ext4 (not xfs).
- After the installation starts you will also have the opportunity to create users.
- Set the root password
- Create a user account named with your MySeneca ID
- In the current version of CentOS the first time you boot your system a graphical licence prompt comes up.
License Prompt for Older Centos7 versions
It is recommended that you use the current Centos7 version (links provided in this lab). Older Centos7 versions may require a user to accept the license agreement from a shell prompt. Below is the following instructions to enter from the command prompt:
- Log in and check that you have access to the internet. If you don't - you need to get the network interface to come up on boot. Edit /etc/sysconfig/network-scripts/ifcfg-eno1 (the name of the interface may be different) and change onboot to yes.
- You can then use the ifup/ifdown commands to reset your network configuration or you can just reboot.
- Make certain that SELinux is enforcing for security reasons (this should be the default). To make it enforcing, simply edit the /etc/selinux/config file and follow the instructions inside.
- Install all updates using the yum update command.
If you experience yum update "hanging" around item 689 of over 1200 packages, issue the following commands:
The most recent variants of Centos and Fedora are using a service called firewalld that is intended to replace iptables, however the iptables service is still in relatively common usage. In this course we will concentrate on iptables.
- Disable firewalld: systemctl disable firewalld systemctl stop firewalld
- Install and enable the IPTables services: yum install iptables-services systemctl enable iptables systemctl start iptables
At this point you have a basic Centos system installed and updated. This will serve as a host for the virtual machines where you will do the majority of the work in this course. All the rest of our labs will assume you have this basic system running. If, for any reason, your system becomes corrupted during the semester, you'll have to redo this lab to be able to continue with the remaining uncompleted labs. You are responsible for YOUR system. If you do not perform back-ups you have taken this risk on yourself. Poor planning on your part does not constitute an emergency for anyone else.
Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book
INVESTIGATION 2: VIRTUAL MACHINE INSTALLATION
Configuring a VM host
- You will need to install some software to allow your machine to act as a host for virtual machines. We'll be using the same libvirt and virt-manager you used in OPS235.
You may find it helpful to refer back to the OPS235 notes to perform the following operations:
- Install the required virtualization software
- Start and enable the virtualization service
- Reboot your host machine
- Start the graphical virtual machine manager (virt-manager). Do this as you regular user, and don't run virt-manager from a terminal where you're logged in as root.
- We will be creating our own virtual network. A default virtual network has been created for you, but you will be using a custom one in this course.
- Right click localhost (QEMU) and select Details.
- Click on the Virtual Networks tab.
- Stop and delete the default network.
- Use the plus sign to add a new virtual network using the following options:
- Name your virtual network ops335
- Use the last two digits of your student number for the third octet of network IP address (for example, if your student number is 000-000-090, the network address would be 192.168.90.0/24.
- Ensure the DHCP range will allow you to assign at least 10 static IP addresses outside it (note: leave the low numbers available for static addresses).
- Choose Forwarding to physical network radio button, Destination: Any physical device and Mode: NAT
- Ensure the network is started at boot.
With the virtualization software installed and your personal network created, you are now ready to create your first virtual machine. First, It is a good idea to make certain that your host machine has been set up correctly prior to creating your first virtual machine:
- Open a separate terminal and issue the ifconfig command on your host machine to know your physical network and your virtual network. Note this information for the next few steps.
- Issue the following command to download Bash shell script to check your host machine's set-up prior to proceeding with this lab:
- Assign execute permissions, and run the script to check your work:
- Use the information from the ifconfig command to correctly specify the physical network interface and the virtual network interface.
NOTE: You will need an ISO file for CentOS 7 (the same one you burned your DVD from). It is recommended to use the command:
to download this image onto your host machine. In this way, you can keep it on your host machine for the remainder of this course in case you need it.
Perform the following steps to create your first VM on your Virtual Machine Manager application:
- Create a new virtual machine named vm1.
- Accept the default file type (which is qcow2). You are NOT required to specify the VM file pathname as you did in OPS235.
VM File Types ( .qcow2 vs .img )
In OPS235, you selected the VM images as a "raw" image. In OPS335, you will be accepting the default image file ".qcow2" (which stands for "QMENU Copy on Write version 2" ) that provides more features when manipulating stored VM images.
- Since you will be installing a Linux server (as opposed to a Gnome Desktop workstation), you can use the default memory and CPU options for use with lab computers.
- Set the disk image size set to 8GB
Note: Since you already setup your virtual network to OPS335, your VM will be automatically connected to your new ops335 virtual network.
- Note the following installation steps when you install your created VM:
- Select the correct location / Time Zone.
- For Software Selection: Accept the default minimum install. None of your VMs in this course will have a GUI since GUIs needlessly consume resources and image space.
- Click Installation Destination, and then click Done to confirm that an automatic install will be performed.
- Click Network & Hostname and set hostname to: vm1.localdomain and make certain the Ethernet connection is set to ON.
- During installation you will be prompted to set the root password and an initial user account. For the initial user, enter the same information you entered on your host machine.
First user created
For successful completion of the labs, please ensure the first user created is named using your Seneca username.
- You will notice that the server installation defaults to a command-line interface. This is normal, and we will only be using this interface during this course.
- Ensure your machine has a network connection by running the command
- If that did not work - make sure your network interface is started automatically on boot.
Default for network config for onboot
If you've turned on your networking interface during installation - it will be turned on by default. If you've left the network interface off during the installation - it will be off by default.
- Once you have a working connection - update your machine.
- Use yum to install the bind-utils package. The commands it provides (e.g. nslookup) will be useful in troubleshooting your network connection.
- Configure the virtual machine to use iptables (instead of firewalld) the same way you did for the host.
- Reboot the virtual machine once it is updated.
If your virtual machine hangs on boot, you will need to change a graphics option:
- While the VM is off, click on View (from the menu at the top of the VM window), and select Details.
- From the menu on the left side, select Display.
- Change the drop-down list for Type from VNC to Spice, and click apply.
- Switch the view back to Console and start the machine again.
Cloning a Virtual Machine
- Now that you have one virtual machine working, you will create two more. If you struggled with the previous steps, repeat them to create two more virtual machines (naming them vm2 and vm3, with hostnames vm2.localdomain and vm3.localdomain respectively).
- If you are confident with what you have done so far, you may clone your existing machine to create the others by performing the following steps:
- Make certain that your vm1 virtual machine is shutdown.
- For your vm1 machine, go to the details section and remove the deviceChannel qemu-ga.
- In the virtual machine manager, right click on vm1 and select Clone....
- Set the Name to be: vm2
- Once successfully created, boot the new VM and correct the host name. This can be done using the hostnamectl command-line tool.
Errors When Booting Clone
If you experience errors when starting the "Cloned" VM, go to the clone's details section (i.e. when you open the VM, but not start it, then select: View then Details) and remove the deviceChannel qemu-ga.
It is recommended to follow that procedure, since if you don't, you would only be permitted to start the "cloned VM" if the original VM (used to create the clone) is already running.
Repeat this procedure for any additional "cloned VM" that you create for this course.
- Record in your notes the steps for cloning a vm.
- Use the host command to check for connectivity
- After creating vm2 repeat the above steps to create vm3 and correct the host name.
Backup your VMs!
You MUST backup ALL of your VMs whenever you complete your OPS335 labs or when working on your OPS335 assignments:
[ Backing up Your Virtual Machines ]. Refer to OPS235 lab2 notes on how to backup your VMs. You should backup your VMs to a USB key in case something happens to your host machine. Note: VM files contained in the /var/lib/libvirt/images directory have the extension in .qcow2 and instead of .img (eg. for OPS235 courses prior to Fall 2016.
Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book
COMPLETING THE LAB
Upon completion of this lab you should have 4 installed machines. One machine running Centos 7 and acting as a host and gateway for three virtual machines running minimal installations of Centos 7. Each machine must be fully updated and have access to the network (for example, to get further updates) and be able ping the others. Each machine must be using iptables for the firewall.
Depending on your professor you will either be asked to submit the lab in class, or online. Follow the appropriate set of instructions below
Online Submission (Peter Callaghan's Classes only)
Follow the instructions for lab 0 on blackboard.
In Class Submission (Murray Saul's Classes only)
Arrange evidence (command output) for each of these items on your screen, then ask your instructor to review them and sign off on the lab's completion:
- ✓ Host Machine installed
- ✓ 3 virtual machines installed
- ✓ Each machine (host and VM) has access to the network
- ✓ Lab logbook completed
- ✓ Run the labcheck_install.sh shell script on your hostmachine to show your professor the results
- What kernel release is your host system running?
- What kernel release are your virtual machines running?
- What is the UUID (Universally Unique Identifier) of your root file system? What command was used to obtain this information?
- What is the size and type of the /boot file system on your host?
- What file was edited to change the host name on your VM's? Are there other ways to change the hostname?