6:30 AM 7/28/2021

Linux Administration + Azure(cloud) + shell scripting + Ansible +

ITIL process
total duration : 4 months

1. Linux administration (Redhat & suse) 3 months os administration

OS
2. Azure(Micro soft) cloud + 15 to 20 Days platform
3. shell scripting 3 to 4 Days automation launguage
4. Ansible 3 to 4 Days automation tool
5. ITIL process organization process

snow + nagios

7 to 8:30 class
8:30 to 9 AM doubts and practical issues

4 to 5 hours practice and study

9 hours workings
2 class + 5 practice = 7
7 thousadnd

30 + 35 + 40 + 42 + 50 + 55 + 70 + 90 + 1 lakh
7 to 8 years

joining from mobile : unfit for job

disable whats notifications between 7 to 9 : fit keeping mind on course

subject + how to handle tasks in organization + organization tools

requirements:
laptop or desktop (4 GB RAM + min 200 GB disk + any processor)
1.5 gb data for your mobile

don't:
don't join from mobile
disable notification between 7 to 9 AM
don't miss my class because no backup classes

you can attent n number batches without any extra fees

10 Days demo

first term or full = 5th May 2021

second term = 5th june 2021
google pay or phone pay : 9845699199

10 thousand is the fee

you can attend n number batches
you have to join min until you get job.

end to end support

every month test will be there
final mock test
preparing resume
uploading resume in naukri
supporting for your job
1 month salary need to pay me in 2 terms

Linux administration
cloud administrator
your fit for devops
*
***
What is OS?

we are going to lear OS administration.

Windows ==> is a OS which is developed by microsoft
ubuntu ==> is a OS which is developed by ubuntu company

redhat OS (RHEL) redhat entreprize linux

CENTOS
ubuntu
suse
solaris
IBM AIX
Hp Unix
MAC OS
kali linux

what is os?
os is a mediator between end user and hardware.
os is a interpreter between end user and hardware.

==> OS is nothing but collection of programs. operating system able to

understand your input and pass it to processor.
windows os developed in .net language
unix or Linux flavours developed in c language.

Redhat OS is opererating system which is developed in c language.

suse also OS it developed in c language.

redhat
centos ==> No support in case if you face any problem. (free and no support)
rhel ==> you can get support from redhat company in case if your facing any
problem at OS level. (free and no support) and os with support.

HISTORY OF UNIX and LINUX

UNIX : Unix is a OS which is realease in 1969.

this is the parent for all unix flavours
Unix flavours:
1. Linux
2. AIX (IBM)
3. HPUX (HP)
4. Solaris (Oracle)
5. SuSE(Novel)

==> Unix is a OS which is developed in c language

==> It released in 1969
==> It developed by AT & T employess, but not released by AT & T.
1. Ken thompson
2. dennis ritchie
 3. Douglas
Linux is a one of main flavour of Unix OS
Linus who joined in one of university to learn about UNIX OS.
finally he customized Unix OS and released his own OS that is LINUX in 1991.
In 1994 redhat company ocured LINUX OS.
from that onwards it's running as redhat linux.

Unix and Linux are opensource operating systems

unix and linux are free operating systems and it's open source operating sysems.

os is nothing code. unix and linux code is open for everyone . you can modify
OS if your strong in coding.
windows is not opensource.
AIX is not Open source

send test message to following email id to get daily running notes.

[email protected]

please send me running notes.

develop
administration <===============
redhat linux 7

Linux administrator: responsibilities of Linux administrator

OS administration
1. Build server
2. software management
3. User management
4. OS patching(upgrading Packages)
5. Networking (server level networking) assigning ip, creating HA(HIGH
availability ) between 2 ethernet cards,....
6. transferring data using any of network
services(ssh,ftp,nfs,samba,http,dns...)
7. Housekeeping tasks on drives or partitions
8. Performance tunning

45 topics

what is server?
difference between desktop(laptop) and server?
critical components of computer:
1. processor
2. RAM
3. HDD
4. Network

server is nothing but high end configuration machine.

Laptop/Desktop server
1. RAM 2 slots 4 *2 =8 8 * 2= 16 GB 1. RAM 27 * 32 GB
can possible 27 * 64 or 27 * 128 =
2. processor 1 2. 2 min
3. HDD max 4 3. min 2 slots max depends
server model
4. Network max 2 4. Min 2 max depends on
server model
 5. No remote console 5. remote console board will
exist by default.
6. No HBA card 6. HBA card will be there
7. single power supply 7. min 3 power supplies ( 1
direct power 2 generator 3 battery)

remote console: we can administrate server through remotely.

eg: physical server in US but from india i can poweroff and poweron, install
OS, reinstall OS .
can possible with console board.
console board is a extra hardware component which will be installed only for
servers.
by default hardware(dell,HP,LENOVO) will provide console board option only for
servers.
DELL = IDRAC
HP = ILO

server ==> os ==> application

server is in US
purchage server ==> ship to the data centre(location) ==> Mount server in RACK
(data centre person) ==> cabling (DCengineer) ==> Poweron server(DCE) ==> login to
console settings(DCE) ==> assign ip , set username and password for console (DCE)
==> send console ip , username,password to Linux administrator(DCE).

DCE = data center engineer

finally linux administrator from india he will access console through network.
linux administrator responsibilities: Installing OS, installing
software(java), user management...............

linux administrator in india

Physical = OLD
virtaul = OLD this and cloud
cloud vm = running trend build servers in azure.

imp components of server:

1. console board ==> we can control physical server through
remotely(poweron,poweroff,osinstallation....)
2. HBA card ==> we can integrate server with storage area to access
disks
for laptop or desktop we can connect max 2 to 4 HDD's. if you
want to connect more than 4 hdd mothod board will not support.
for server we can connect n number of LUNS(HDD's)

tomorrow
1. platforms (PM,vm, cloud vm)
2. DC. what is DC?

Platforms
1. Physical platform (physical server)
2. virtual platform (virtual server)
3. cloud platform (cloud virtual server)

DC = Data center
this is the safe area to maintain servers.
centralized AC system( temp 6 or 7) there will be alarm system in case
room temp cross >7%.
 servers will generate so much heat. who will make cool down the
server? AC(temp). below of processor there will be a fan(cooler).
access control to RACK or servers
multiple power supplies for servers
multiple internet connections

what are the components we will maintain in DC?

1. Servers
2. Network components(switches,routers,firewall,Load balancer)
3. SAN(storage area network) or san box

one application one server

100 application 100 servers

understanding Virtual platform

Physical platform:
Install operating on physical box.
physical server ==> OS ==> Hand over to applicaton ==> application team will
setup application

simple application it requires 4 GB RAM and 1 processor .

if you request hardware(DELL), my requirement is 4 GB RAM and 1 processor do
we have any server with these configuration?
vendor will say no
2 processors 250 GB RAM = 400000
with hardware support = 6 lakhs
400000 + 200000 = 600000
next 3 years only 200000
are we wasting hardware resources? yes
2 OS can't run same time
virtual platform:
vmware company developed esxi bare metal os
using this extra layer on hardware we can split physical hardware to n number
of virtual slices.
esxi is the extra layer on physical server
esxi(Elastic sky X intrated)
current version is 7
vm=virtual machine
PM configuration : 2 processors(2GHPS*2=4 GHPS) 250 GB RAM
vcentre is a orchestration tool . Using vcentre/vsphere we can access
physical servers and manage those pm.
Physical server 1 ==> esxi(baremetalos) ==> vcentre ==vm1 ==> rhel os ==>
application1 ( 2 cpus 4 GB RAM)
Physical server 1 ==> esxi(baremetalos) ==> vcentre ==> vm2 ==> suse os ==>
application 2 (4 CPUS 4 GB RAM)
Physical server 1 ==> esxi(baremetalos) ==> vcentre ==> vm3 ==> suse os ==>
application 3 (1 CPU 2 GB RAM)
Physical server 1 ==> esxi(baremetalos) ==> vcentre ==> vm4 ==> suse os ==>
application 4 (1 CPU 6 GB RAM)
Physical server 2 ==> esxi(baremetalos) ==> vcentre ==> vm5 ==> RHEL os ==>
application 5
Physical server 2 ==> esxi(baremetalos) ==> vcentre ==> vm6 ==> windows os
==> application 7

250 GB RAM
requirement is 120 machines with 2 GB. is it possible to launch all 120 servers in
1 pm? Yes each machine 2 GB RAM
do you feel is there any resource wastage in virtual platform? no
vmware team : esxi installation , vcentre configuration and virtual creation
OS : install OS and support to application or db team

esxi is developed by vmware

hyper-v developed by microsoft
xen developed by cirtix

hardware(data centre) team : mounting server in RACK, enable console

access and support for hardware related issues
OS team : install OS, supporting to application team or db team.
network team : setup the network(router,switches,firewall,load
balancer)
DB team : data structure language ( oracle db, MS SQL, MySQL) what is
use of all these tools ? to structure the data.
backup team : who will backup your data
application team : development team or who develops the application

we comes under OS administration team.

pm = dis advantage ==> wasting resources

vm = dis advantage ==> so much investiment

you invested money for purchage 10 servers in 1st year

in second year you don't require 10 servers only 5 servers you need

if your able to spend min 4 hours per day then only continue
topic1 day1
topic 2 day2 (topic 1 and topic 2)
topic 3 day3 (topic 1,topic2 and topic3)

laptop with below configuration

RAM = 4 GB
HDD = 250 GB
any processor
os = windows 7 or 10 is installed

i will vmware workstation software, i will help you to install vmware

workstation
create virtual machine
install os
i will share os also

how to login to server

how to create file
how to create directory
how to remove file/directory
go to particular location
what is the command to get RAM size?
what is the command to get processor capacity?
what is the command to get disks information
how to power off vm

existing laptop make sure 15 to 20 GB hdd space is free.

vm 1 = 5 GB
vm 2 = 5 GB
 Unix Architecture
=============

unix is a OS.

plan
develop
release 1969
1. Application Layer (OS)
2. Shell layer (OS)
3. kernel layer (OS)
4. Hardware layer(Hardware)

OS is nothing collection of programs. these programs will work as a mediator

between end user and hardware.

1. application layer: this is the layer will interact with end user for input.
which is the layer interacts with end user to give input that layer called as
application.
2. shell: is a mediator between application layer and kernel. It contains
predefined programs.
shell will validate application layer input(command). is command is
validate or not.
ls is right command now shell will validate and pass this command to
kernel
llll is wrong command now shell will not pass this task to kernel
prasad is wrong command, shell can't understand what is prasad. shell
will block the task.
ls is nothing but program or code. shell will verify ls command code.
total 500
1. sh (480 programs) one command is working
2. bash (490 programs) same command is working
3. dash (300 programs) same command is working
4. csh (350 programs) not working
5. tcsh (400 programs) not working
6. nologin (50 programs) not working
ksh

usreadd -s /bin/nologin tuser

for t user i given shell is nolgoin . tuser can not login to system.
useradd -s /bin/csh tuser2

3. Kernel: is a heart of OS. it is a core program of OS.

kernel comes to which part? hardware or OS?
OS
winows kernel and unix kernel both are same?
NO
windows kernel developed by microsoft.
unix kernel developed by unix communitity.
if i want to use windows kernel what i have to do?
install windows OS
redhat kernel is different
ubuntu kernel is different
SuSE kernel is different
kernel is a one of program of your OS.
job of kernel is
==> Task management (FIFO= first in first out)
 ==> Memory(RAM) management
==> Resource management

4. HW
processor : worker who is going to execute your task or process
harddisk : please play song
speakers : give sound

1. vmware workstation software in laptop

2. make sure VT technology or virtualization is enabled in bios
3. Create virtual machine
4. Install rhel os on newly create vm

Default directories 06-May-2021

13 directories
/

Unix flavarours / is a directory.

unix flavarours root is the default administrator
1. /boot : it contains OS bootable files. these will help OS to bootup/start
( critical)
2. /root : it is home directory of administrator(root). what kind of data
will be here root user personal data. normal user can't enter into /root
directory.
3. /home : it contains Normal users home directories. eg : /home/prasad
/home/venu . root user can enter into any of the user home directory.
prasad can't enter into venu home
venu can't enter into prasad
4. /etc : It contains OS and third party software configuration files or
setting files. (critical)
5. /usr ( /usr/bin & /usr/sbin) : It contains user binary
programs(commands). (critical)
6 ./bin : common commands
7. /sbin : administrator commands (super user commands) (critical)
8. /var : variable directory. it contains system activity reports. eg some
root created user this data will update in /var so and so time root create venu
user.
root deleted one software that will capture and store in
/var directory
var contains system activies nothings logs.
9. /lib : it contains system or os related libraries and modules.
(critical)
10. /proc : who is worker in system ? processor. /proc directory is used by
processor. running processes or processor activity data will store in /proc.
11. /dev : logical device names will be in /dev . sd(hard disk), sr0 (dvd),
dvd, floppy (critical)
12. /mnt : empty directory can be used for any purpose.
13. /tmp : every one will have rights to use /tmp directory. user and
running process can use /tmp.
running processes can store files temp and delete while process
is kill.

/ is parent directory for boot

/is parent directory for root . root is a subdirectory inside /.
pwd to know the present working directory.

print working directory.

pwd
cd /
ls
cd : change directory
ls : list out current folder data

clear command is for clear the screen

ctrl + l also is for clear the screen

folders will in blue color

files will in black color

5. /usr ( /usr/bin & /usr/sbin) : It contains user binary programs(commands).

/usr
1. bin : it contains common commands which required for all .
including root.
2. Sbin : it contains administrator commands or super user commands.
ls is command /bin useradd is a command /sbin
cd is command /bin userdel is a command /sbin
ping command /bin rpm -ev is a command to delete
installed software /sbin

file management
creating file & modify content in side file

1. Cat
2. vi
3. touch

To create file
syn: cat > <filename>
cat > file2
*************
*************
ctrl + d

hold ctrl key and press d to save and come out

how to view the file content

cat file2
syn : cat <filename>
to print file content with line numbers
cat -n <filename>
how to append data to existing file
cat >> file2
**********************
**********************
ctrld
the draw back of cat is we can't modify the existing content.

vi
virtual interface

create file & modify file content

sync : vi <filename>
vi file2

there are 3 modes inside vi

1. Regular mode(commands mode) (esc)
2. Insert mode (i)
3. Replacement mode(R)
cat /var/log/secure >> /root/file2
redirected secure file content to /root/file2
vi /root/file2

i : is for switch to insert

esc key : is switch to command

dd : is for delete cursor standing line.

10dd : is for delete 10 lines from cursor standing line.
yy : is for copy cursor standing line
10yy : is for copy 10 lines from cursor standing line
p : is for past the copied line below of cursor position
P : is for past the copied lines above of cursor position
shift +p
u : is for undo latest changes
cc : is for cut the cursor standing line
10cc : is for cut the 10lines from cursor standing line
$ : take cursor to last position of line
0: take cursor to first position of line

i = switch to insert mode in same position of cursor

a = siwtch to insert mode after cursor standing
shift cursor to next position of cursor and switch to insert
o = create new line below of cursor standing line and switch to insert mode
newline + insert mode
O = create new line above of the cursor standing line and switch to insert
mode

i insert (same position)

a insert (after cursor)
o insert (below cursor)
G : is for take cursor to last line of file
$ : end of line
gg : is for take cursor to first line of file
0 : first position of line

:w : is save file
:wq : is for save the changes and quit from file
:wq! : is for save the changes and quit forcefully
:q : is for come out from file without save changes

:se nu : is for print content with line numbers

:set nu
:se nonu : is for hide line numbers
set nonu
/word : is for search word from top to bottom
?word : is for search string or word from bottom to top
n : next place of string
N : previous location of string

Replacing the word or string

:%s/prasad/sanepalli prasad/g
:%s/existingword/newword/g
s = substute
g = global

x = is for delete single char from cursor position.

10x = is for delete 10 char from cursor position.
dw = is for delete 1 word from the cursor position.

r = is for replace single char from cursor position

R = switch to replacement mode
esc = command mode
i = swtich to insert mode
R = switch to replacement mode

:5 = is for take cursor to 5th line

2 note books
1 running notes
2 interview question

*
**
***

cat completed
vi completed
touch

pwd : print working directory . it prints the pathe currently where we are
ls : list out current folder files and directories
cd : change directory eg : cd /etc or cd /var
blue = directories
black = files

touch command is for update current date and time stamp for file
touch command we can use for 2 purposes
1. to update current date and time to existing file
2. in case file is not there touch creates the empty file

file1 last modified date and time is may 7th

touch file1 it wont overwrite data it just update present date and time to file1
ls -ld file2

in case file not exist then touch creates the empty file.

100 files in one of directory

script will pick and copy to other location what are files newly created

out of 100 files 90 files are yesterday files is script will process
those files?
no
logic in program is pick only recent files with 5 min created files
touch file{1..100}

this command is for create 99 empty files

touch file{1..99}

Folder or directory

create
mkdir testdir
make directory
mkdir testdir1 testdir2 testdir3
mkdir tdir{1..50}
to create 50 empty directories

how to create hidden file or hidden directory

vi .filename
prefix . is hidden
mkdir .important
touch .tfile

how to list out hidden data

ls -a
-a mean list hidden and normal files and directories

how to create parent and child directories

mkdir tdir10
mkdir -p /bangalore/KRpuram/bhalli/ICICI/Brach1

bangalore is a directory for this directory parent is /

KRpuram is a directory for this directory parent is /bangalore
bhalli is a directory for this directory parent is
/bangalore/KRpuram

how to install tree package

mount /dev/sr0 /media
rpm -ivh /media/Packages/tree- press tab it takes full package name automatically
tree /ICICI
shutdown the machine
shutdown -h now = is for power off your linux machine
poweroff
init 0

cp
mv
rm

files
sync : cp <sourcefilename> <destination>

-r
cp -r <source directorypath> <destination>

file ==> content

directory ==> will have files and directories

. = current pwd
.. = previous path

cp /root/file1 /mnt
cp -r /root/file1 /mnt ==> force copy
cp -r /root/dir1 /mnt ==> is for copy directory

rm(remove)

rm /root/file1 ==> to remove file

rm -f /root/file3 ==> remove file forcefully without my confirmation
directory
rm -r /root/directory
rm -rf /root/dir ===> remove directory without cofirmation

mv (move & rename)

mv /root/file1 /root/file1-bkp ===> rename (source and

destionation path is same then mv will understand it is rename)
mv /root/file1 /mnt ===> move
mv /root/file2 /mnt/file2-bkp ==> move and rename
cp = file will available in source and destionation
mv = file or directory will available only in destination

how to get RAM size

how to get CPU core
how to get disks
what is the os version
what is kernel version

How to get the OS version?

cat /etc/os-release
hostnamectl

7, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 7.10
8, 8.1, 8.2, 8.3, 8.4,8.5, 8.6............................
8.10
redhat enterprize linux
rhel

how to get kernel version?

uname -r rhel 5 : 2.6.18.120
rhel 6 : 2.6.32.120
rhel 7 : 3.0.10.

How to get RAM size?

RAM = memory
free -g g = in GB's
free -m m = in mega bytes
free -k k = Kilo bytes

cat /proc/meminfo

how to get processor information?

 lscpu
cat /proc/cpuinfo
how to get disks informaton/
how many disks and size of the disk
lsblk
fdisk -l
lsscsi

list block devices

lscpu
listcpus
how to know the hostname?
hostname
or
uname -n
how to change the hostname permanently?
hostnamectl set-hostname batch24vm1

how to know the arch of os?

arch

uname -a
flavaour of Unix
hostname
kernel version
os release date
arch

===================================12 May 2021================

Head and tail commands

head <filename>
by default it prints 10 lines of the file from top.
tail <filename?
by default it prints 10 lines of the file from bottom

head -20 filename

tail -20 filename
head -2 filename
tail -2 filename

how to print between lines?

print data from 10th line to 20th line
head -20 filename | tail -10

cmd 1 | cmd 2 | cmd 3

| = pipe symbol : It has capacity to store first command output and pass that
output to next command as input

wc : word count

wc -l filename ==> to count the file line numbers

wc -w filename ==> to count the file words
-c char
 how to know total count of directory (files and directories).
eg : in /etc directory how many files/directories are there
ls -l /etc | wc -l

ls is for list out current folder files and directories

ls -a is for print all normal files/directories with hidden
ls -l is for print all files and directories with more information(long list)

more and less commands

more and less commands are for print file output page by page.
there are 100 pages in one of the file, if we want to read page by page then we
can go with more / less commands in linux
more filename
less filename

space bar is for go to next page

enter key is for line by line
b is previous page

more : up and down arrows will not work

less : up and down arrwos will work

search string can possible in both but less will highlight found string in black
color.
q or ctrl c
h help

ls -l | more
we can see the output in page by page

date
how to know the current date and time
date
date +"%d-%m-%Y"
time
date +"%T"
date
date +"%F"

5 days back what was the date

date --date="5 days ago"
after 5 days
date --date="5 days"

how to set the date and time

date -s " 13 may 2021 07:22:00 IST"

* how to change the time zone?

unlink /etc/localtime
ln -s /usr/share/zoneinfo/UTC /etc/localtime
now we set time zone is UTC
date
again want to change timezone to IST
unlink /etc/localtime
 ln -s /usr/share/zoneinfo/Asia/Kolkata /etc/localtime
date

cal

How to know the size of file or directory

du -hs filename
du -hs /etc
du = disk usage
-hs
h = human readable
s = size
du -sh *
size in human readable

du -ks *
size in kilo bytes
* how to find out highst usage file or directory in particular location?
du -ks * | sort -r -n | head -1
-r reverse the numbers
0
1
2
3
4
without reverse
4
3
2
1
0
head -1 which one will print 4

du -ks * | sort -n | tail -1

ls -l
ls list out current folder files and directories
-a : all files and directories it includes hidden also
-l : long list
files
-rw-r--r-- 2 prasad unix 2049 01 may file22
dir
drwxr-xr-x 2 prasad unix 4096 02 may dir22

-
d field 1
rw-r-xr-x permissions == field 2
2 : hard link count (link count) ==> field 3
prasad = owner ===> filed 4
unix = group ====> field 5
2049 = size in bytes ===> field 6
01 may = file creation or modified date and time ===> field 7
file22 = name of file ====> field 8
field 1 :
- = file
d= directory
l = linked file or dirctory
b = Block device (hard disk, cd, floppy)
c = char device ( /dev/sda is sda is nothing first hard disk)
 p = pipe (os related file)
s = socket (os related file)
* what is p at starting of file?
what is d at starting of line when you execute ls -l *
what is s?

owner(user) group others owner

group
rw- r-- r-- prasad unix
unix group members are : babu and raja
what permissions prasad has on file22?
read and write

r = read
w = wirte
x = executable
sashi, vinod, kishore

kishore comes under which catorgory on file22 ?

others
what permissions kishore has on file22?
only read

owner(user) group others owner

group
rwx rwx --- prasad unix
file22

what permissions prasad has on file22

rwx
what permissions babu and raja has on file22?
rwx
what permissions kishore has on file22?
no permissions

3rd field is hard links of file

file1 1 that means nolinks
file1 showing 3 means 2 link some where
file2 showing 10 means 9 links are created for this particular file

ls -l
long list
ls -ltr
l : long
sort with date and time = t
r = reverse output
t = sort with date and time

application appuser1
/apppart appuser1

777 ==> first 7 owner second 7 group members 7 others

770 ==> full permissions to owner and group for others nothing
r=4
w=2
x=1
 ===
7

chmod 777 /file1

Grep

grep is for search the string or word inside file or files in one depth of
location.

grep -w word filename

-w word
count the sting in file
grep -wc prasad file2

-w word search
-c count the string
-i ignore case sensitive
-n find string and find line numbers in case string found
-l : list out file names wherever string found (grep -wl prasad *)
-v : exclude particular string from output ( grep -wi prasad file2 | grep -v
PRASAD)
-B = print before some lines once string found
-A = print after some lines once string found
multiple words searching
grep -w "word1\|word2\|word3\|word4" /root/file2
* how to search multiple strings inside file
grep -w "word1\|word2\|word3\|word4" /root/file2

> filename : make empty the file. it deletes content of file

echo is for print content on screen
eg : echo HI
redirect HI word to file
echo HI > /root/f5
to same file add some more content
echo HELLO >> /root/f5
redirectional symbols
>
>>
grep -wl prasad *
in current folder search prasad word and print only filenames wherever prasad word
is exist.

-A eg : once error found the print 5 lines from error lines

error in line 1
line2
line3
line4
line5
grep -w -A 5 error /var/log/messages
 how to shutdown the server
shutdown -h now
shutdown -h 5
shutdown -h 5 "I am prasad powering off server as per change
window"
-h halt
init 0
poweroff
halt
recommended commands : shutdown and init
gracefull stop
halt : inturupt and stop the server

reboot
shutdown -r now
shutdown -r 5
shutdown -r 5 " rebooting server as per maintenance, server will reboot
in 5 min. Please close your things"
-r : reboot
init 6
reboot

how to know the file type?

file filename
file directory
file file2
file Desktop
file /usr/lib64/sa/sa1
file
how to know information about file or directory?
stat filename
stat directoryname

inode: each and every file or directory will get one inode number which will
be assigned by kernel
* how to know inode of file? below 3 years
ls -i filename
or
stat filename

history of unix and linux

DC = data centre
difference between server and normal pc
Responsibilities of Linux administrator
platforms (physical, virtual & cloud vm)
configured VMWARE work station
vm creation
OS installation
understood about 13 default directories
file management
how to create direcory
cp
mv
rm
RAM, CPU, disks, kernel, hostname,head command, tail command, less and more,
wc, shutdown and reboot commands .
grep and date and time commands
free
lscpu
lsblk
uname -r
cp source destination
mv
rm

disk management
attach new disk
create partitions (c drive , d drive , e drive) in linux we will
call partitions.

RAM = mediator between input device to processor (Random access memory)

disk = storage area
processor = worker. he is going to execute your task

disk
disk architecture
how to create partition in disk

read = opening file

write = creating file and adding data to file, creating directory is write,
modifying file content is write

the disk size will be devided into sectors

1 TB = is nothing but collection of sectors
where data will store ? high level answer is hdd
data will store in sectors

what is sector size = 512 bytes

0101 = binary format
01010101 = 8 bits
8 bits = 1 Byte
1024 bytes = 1 KB
1024 KB = 1 MB
1 sec = 1/2 KB
created file with 4 KB = how many sectors kernel allocated to file ? 8 sectors
1024 MB = 1 GB (Giga byte)
1024 GB = 1 TB (tera byte)
1024 TB = 1 PT (peta byte)
1024 PT = 1 EB (exa byte)

each and every sector will have sectory id.

metadata(Journaling)
it's a index of your sectors . file how many sectors are allocated and sector id.
journal will maintain data about data.

100 sectors
file1 - 1 to 20 sectors and sector id will be maintained by journal
file2 - 21 to 40 sectors and sector id will be maintained by journal

journaling is nothing data about data. it maintains data about data. we are
storing data about that journal will maintain.

24 sectors in each track

only 23 sectors used for store data 24 sector is used for maintain that particular
track sectos

meta data:(journaling): meta data will store in each and every disk
first sector : MBR
in each and every disk first sector is reserved for meta data.
OS
how to list out connected disks?
lsblk
list block devices

sd = sata/scsi disk
sda
sdb
sdc
sdd
a = first disk
b = second disk
c = 3rd disk
d = 4th disk
sda --> sda1
--> sda2
--> sda3
--> sda4
a64 partitions
in each disk we can create max 64 partitions.

H/w ==> OS ==> collection programs ==> input with help of OS ==> task will be
carried to process with help of RAM ==> processor will execute task
write some data

scsi = small computer system interface (new)

IDE = Itegrated Device electronics ( Old)
scsi = we can create 64 partitions (sda)
IDE = we can create 16 partitions (hda)
* how many partitions max we can create in IDE disk?
16
* how may partitions max we can create in SCSI/sata?
64

disk ==> partition ==> file type ==> mount

file system types: ext2, ext3, ext4, xfs
rhel 4 = ext2 extended version 2, 3,4 and xfs
rhel 5 = ext3
rhel 6 = ext4
rhel 7 = xfs
rhel8 = xfs
linux= disk ==> partiton ==> convert partition to any of file system type(xfs)
==> mount ==> use
windows = disk ==> drive ==> convert drive to any of file system type(NTFS) ==>
mount ==> use

dont practice on sda disk

how to add or attach new disk to vm?

vm ==> right click ==> settings ==> add ==> disk ==> next

login to linux box and refresh the channels to reflect new disk
echo " - - - " >> /sys/class/scsi_host/host0/scan
echo " - - - " >> /sys/class/scsi_host/host1/scan
 echo " - - - " >> /sys/class/scsi_host/host2/scan
there is one space before and after -
wrong : echo "---"
correct : echo " - - - "

create partition
format partition with file system( diff between ext2, ext3, ext4
and xfs) journaling
mount

sda
sdb
sdz
sdaa
sdab
sdac
8 EB

-rw-rw---- prasad unixgrp prasadfile1

rw- = owner
rw- = group members
--- = others

is prasad can delete prasadfile1?

yes he can delete because he is a owner
unixgroup members : pramod and raja
is raja can delete prasadafile1?
yes , becuase raja is groupmember of unixgrp . Unixgrp permissions are rw

is rajesh can delete pradsadfile1?

No
is rajash is owner? no
is rajesh is member into unixgrp? no
so he comes under others
what is others permissions - - - no permissions

step 1 : Create partition using fdisk command

enter into disk and create partition
fdisk /dev/sdc
p = print partition table information
n = create new partition
d = delete partition
m = help
w= write changes and come out(save)
q = quit without save changes
Step 2 : update disk changes to kernel
partprobe /dev/sdc
updating sdc changes to kernel
step 3 : assign any file system type to partition
linux: ext2, ext3, ext4,xfs
windows: fat, fat32, NTFS
mkfs.xfs /dev/sdc1
wrong: mkfs.xfs /dev/sdc completely wrong
mkfs make file system
xfs or ext4 : are the programs . these programs will have feature which
improve performance of disk.
 after format of partition kernel will assign one uniq number for partition.
blkid -o list
step 4 : create one directory and mount partition to that particular
directory
mkdir /app1
/dev/sdc1 ===> /app1
mount /dev/sdc1 /app1
mkdir /app2
mount /dev/sdc2 /app2

how to list out mounted partitions

df -h
display file systems in human readable format
to list out mounted partition with file system
df -hT

in each disk we can create 4 primary partition. in disk we can create 64 i said
starting. that is true 4 primary and 60 logical
primary : both are options which provided by os. primary is for store os file
or bootable files . primary i can use for both the purpose os and normal data
logical : is for store normal data. is logical will support os files or
bootable files ? no

primary (p)
extended(E)
/dev/sdc 100 GB
/dev/sdc1 p 5gb 1
/dev/sdc2 p 5 gb 2
/dev/sdc3 p 5 gb 3
/dev/sdc4 E 85gb extended we can't mount . inside extended
we will create logical partitions
/dev/sdc5 L 5
/dev/sdc6 L 6
/dev/sdc7 L
/dev/sdc8 L
/dev/sdc9 L 60 L + 3 P = 63
.
.
/dev/sdc64 L

file system types are programs.

ext2 was some features later they introuduced ext3 that time ext3 was
having more features compare to ext2.

features: speed, maximum size, jouranling(metadata)

FS type Individual file system or partition size Over all
partitions size additional features
ext2 2 TB 32 TB
no jouranling/no metadata concept
ext3 2 TB 32 TB It supports
jouranaling
ext4 16 TB 1 EB it supports
journaling
xfs 500 TB 8 EB It
supports journaling
 individual partition
/dev/sdc1 ext2 2 TB
/dev/sdc2 ext3 2 TB
/dev/sdc3 ext4 16 TB
over all
sdc1
sdc2
sdc3
sdd1
---------

journaling(metadata) : it is like indexing

partition maitains index or data about data.
eg : text book
page 1 to page 5 = topic 1
page 6 to page 7 = topic 2
disk level
1 to 100 sectors are allocated for file20
101 sector to 125 sector are allocated for file21

102 sector by mistake added to file20? is this correct? no . file system is

corrupted here repair is required
xfs_repair /dev/sdc1
102 why are you here. as per meta data we assigned you to file21 not file20.

xfs = xfs_repair command will arrange sectors properly with help of journaling or
metadata.

repair which one is fast ext2 or xfs?

xfs
* what is journaling?
journaling is nothing metadata. meta data is nothing maintaing data about
data.
so and so sectors assigned to which file that information maintained by
journaling.
adv : fast recovery or fast repair
ext3, ext4 = e2fsck -y /dev/sdc3
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
---------------
disk management, user administration, basic commands,
links, permissions = test

100 GB disk
/dev/sdb
sdb1 p 5
sdb2 p 5
sdb3 p 5
sdb4 e 85
60 logical partition

disk managment
1. basic ==>
2. LVM
3. RAID

attached disk ==> entered into disk ==> created partition ==> formated partition
any file system type ==> mounted partition for using purpose ==> permanent mount
echo " - - - " >> /sys/class/scsi_host/host0/scan
echo " - - - " >> /sys/class/scsi_host/host1/scan
echo " - - - " >> /sys/class/scsi_host/host2/scan
echo " - - - " >> /sys/class/scsi_host/host3/scan

/dev/sdh1 <===> /b24part 13MB data

afterreboot partition will be unmounted state.

To make partition permanent we have add entry in /etc/fstab

/etc/fstab fields
6
1 2 3 4 5
6
<Device name> <mountpoint name> <Filesystemtype> <Defaultpermissions>
<Metadatabkp> <Filesystemcheckup>

/dev/sdh1 /java xfs defaults 1

1
/dev/sdh2 /java2 xfs defaults
1 2
/dev/sdh3 /java3 xfs defaults
1 2
/dev/sdh4 /java4 xfs defaults
1 1

partprobe /dev/sdh
mkfs.xfs /dev/sdh1
mkdir /java
mount /dev/sdh1 /java

defaults,ro
along with default permissions want to mount partition in read only
5th field(metadata backup)
1 = do meta data backup
0 = don't backup meta data
6th field
file system checkup(repair) or secotors arrangement
0/1/2
0 = don't do file system checkup(repair) while server coming up
1 = do file system check with first priority
2 = do file system check with second priority

how to unmount the partition

step 1 : unmount the partition
umount /java
step 2 : remove entry in /etc/fstab
step 3 : remove partition inside fdisk
fdisk /dev/sdh
d
w

disabling disk at os level

echo "offline" > /sys/block/sdh/device/state
remove disk from os level
echo 1 > /sys/block/sdh/device/delete
go to portal and delete disk
===================================================================================
==========
User administration

Server administrator
inside server what will be there: app/db
vm ==> OS ==> APP/DB

vm and os installation

facebook ==> application

icicinetbanking ==> application
amazon.com ==> application
myjio.com ==> application

facebook is a application, web application & mobile app

web application there will be seperate team 5000
3000 developers and supporting team ===> add new features to the
application(developing applicaton)
500 employees are working for testing application ==> is testing code
which developed by developers
1000 employees are for infra(server, db, backup,networking). ==>
supporting to servers or infrastructure

production ==> which is the environment generating revenue for company that
evironment we call it as production ( 5000) = US
DR ==> Replica of production = India (2500)
QA ==> US 3000 servers
DEV/LAB ==> 4000

15000 thousand servers

developer has to login to server and start writting code

tester has to login to server and test the application code
support team(infra team) has to login and setup the infrastructure for
developes( java, make sure server is accessible, providing acces to developes, disk
management)

infra team required access to all 15000 thousand servers

developer joined project so for him we have create account in server
for authenticate.

methods of user administration

1. Local user administration
2. Global user administration

user
group : no of users

user administration ( create user, modify user and delete user)

group administration ( create group, modify group , manager users in group,
delete group)

useradd is a command to create user

useradd command will work only for root user. $useradd rajesh ===>
will not work because $ will come for normal users
# useradd rajesh ===> will work
ueradd rajesh
passwd rajesh

properties of user
1. UID ( uniq id)
2. PGID ( primary group id)
3. SGID (Secondary Group id)
4. Home directory of user
5. Shell

1. UID ( uniq id) : for each and every user kernel has to allocate one uid.
0 - 65000
0 = root ( administrator)
1 to 99 = reserved for system accounts (operating system users). os is
running with help these users only(bin,lib,sys,)
100 - 999 = are reserved for applicaton/thirdparty users
1000 - 65000 = are for normal users

how to list out all users?

cat /etc/passwd

group: by default kernel will assign one group for each and every user . the group
name match to your username
uername is prasad
groupname is prasad
how to see the groups information?
cat /etc/group

there are 2 users

prasad group : prasad what is primary group of prasad? prasad
adding prasad user into venu group
added prasad into raja group also
venu group : venu
raja group : raja

Q1 : what is the primary group of prasad? prasad

Q2 : what are the secondary groups of prasd? venu & raja
primary group : invididual group
secondary : user is member into other groups

cat /etc/passwd

shells (6)
/bin/bash
/bin/sh
/bin/dash
/bin/csh
/bin/tcsh
/bin/nologin
how to list out how many shells installed?
cat /etc/shells

by default kernel will allocate /bin/bash shell for all the users.
which is the default shell for users in linux?
/bin/bash

fields of /etc/passwd (7 Fields)

siva:x:1005:1006:comment:/home/siva:/bin/bash
 1 2 3 4 5 6 7

1. username
2. mask password redirecting to /etc/shadow. actually password will be in
/etc/shadow
3. UID
4. Primary group id
5. comment
6. home directory
7. shell

useradd user1
there will be user : user1
group name : user1
for user1 primary group is user1
useradd user2
there will be user : user2
group name : user2
for user2 primary group is user2
going to add user1 into user2 group
here for user1 secondary group is user2
going to add user1 into root group
for user1 secondary groups are root & user2.

--------------------------------- 25-
may-2021

useradd appuser1
passwd appuser1

by uid , gid, home directory and shell all the details considered
automatically.
creating user with specification.

useradd -u 2000 -G root -d /opt/dbuser1 -m -c dbuser -s /bin/sh dbuser1

without specifications
useradd dbuser2
uid, homedirectory, shell

-u : unique id
-G : secondary group
-d : home directory path
-m : make home directory
-c : comment
-s : shell for user

cat /etc/default/useradd
this is file which will feed missing information in useradd command.

deleting user without home directory

userdel username
deleting uer with home directory
userdel -r username

how to modify user properites

how to change uid
 how to change groupname
how to change the home directory
how to change the shell
finally how to change the login name or username

to create user ==> useradd

to modify user ==> usermod
usermod -u 2010 -d /home/dbuser1 -m -c dbuser1 -s /bin/bash
dbuser1

usermod -c duser1 dbuser1

how to change username

usermod -l duser1 dbuser1
new existing

how to lock the user

usermod -L username
unlock
usermod -U username

user information will update in /etc/passwd

password information will update in /etc/shadow

passwd username
cat /etc/shadow

prasad:entryptedpassword:18772:0:99999:7:inactivedays:expairy days
1 2 3 4 5
6 7 8

Field 1 : username
Field 2 : entrypted password
Field 3 : Days counting from 1970 jan 1
Field 4 : minimum age of password
Field 5 : max age of password
Field 6 : warning days of password
Field 7 : account inactive days
Field 8 : account expairy days

min age of password 2

25 may 2021 i set password for dbuser3
now dbuser3 can't change his password next 2 days
min age of password is 10
25 may 2021 i set password for dbuser3
dbuser3 can't change his password next 10 days

max: password expairy

passwd dbuser3
the password will expair after 99999 days
going to set max age of password is 30 days
passwd -x 30 dbuser3
if i set password today for dbuser3 as per password properties when
password will expair? after 30 days
that is june 25
because todays date is 25 may
warning : warning days will notify user of password expairy
eg : max age is 30 warning age is 7
from when onwards it start giving notification
 18 june onwards . each and every login time it gives warning message on
screen like your password is going to expare in 7 day.
19 june onwards . each and every login time it gives warning message on
screen like your password is going to expare in 6 day.
20 june onwards . each and every login time it gives warning message on
screen like your password is going to expare in 5 day.

password properties will be in /etc/login.defs

user properties will be in /etc/default/useradd

how to change password properties

passwd -x 100 -n 2 -w 5 b24user
x = max age
n = min age
w = warning age
how to get the password status?
passwd -S username
-S = status of password
user properties : usermod
password properties : passwd

how to lock the user

usermod -L username
how to lock the password
passwd -l username
passwd -u uername

/etc/shadow 2nd field = encrypted password

username:!!: = No passowrd
username:xaba23kxkfax_dfda: = there is password
username:!!xaba23kxkfax_dfda: = password is there but password is in locked status
(!!)
username:!xaba23kxkfax_dfda: = password is there but Account is in locked status
(!)

Max password age = 90 after 90 days password will expaire . days will
count from password set
min password age = 2 user can't set password in 2 days from password
set days
warning password age = 7 83 day onward it start giving notification to
user

chage is a command
passwd using passwd we can change password properties
passwd -x 90 -n 3 -w 10 b24user10

chage -M 90 -m 3 -W 10 b24user10
passwd -S username
chage -l username

* how to change password and make sure user change password in next login
passwd username
chage -d 0 username

group administration
how to create group
how to modify group properties
adding users in group
 deleting users from
to create group
groupadd linuxg
how to add user into group
gpasswd -a b24user linuxg
how to get the group information
grep linuxg /etc/group

lid -g linuxg
user information : id username
group information : lid -g groupname
how to modify group properties
groupid
groupmod -g 3000 linuxg
groupname
groupmod -n linuxgrp linuxg
new existing

* adding multiple users in group?

gpasswd -M user1,user2,user3,user4 linuxgrp

userdelete : userdel -r username

groupdelete : groupdel groupname

* which are files will update once we create user?

1. /etc/passwd ==>user information
2. /etc/shadow ==> password info
3. /etc/group ==> user primary group info
useradd username

how to know the IP of machine?

ip a

step 1 : change ONBOOT=yes on network file

cd /etc/sysconfig/network-script
ls
ifcfg-ens33
ifcfg-eno36******8
vi ifcfg-ens33
ONBOOT=no
change this parameter to
ONBOOT=yes
:wq!
step 2 : restart network
systemctl restart network
how to know the ip
ip a
192.168.

step 3 : download putty

https://the.earth.li/~sgtatham/putty/latest/w64/putty-64bit-0.75-
installer.msi

step 4 : install putty

double on which you downloaded
 step 5 : on desktop you can see putty tool
enter ip
username : root
password : ****8

there will be 3 hidden files inside his home directory

1. .bash_profile ==> here we will define program or scripts
which need to execute while user login
2. .bashrc ==> here we will define program or scripts
which need to execute while user login
3. .bash_logout ==> here we will define program or script which
need to execute while user logout.
4. .bash_history ==> it contains that particular user history
commands
skeliton folder data will copy from skeliton directory each and every user home
directory.
path of skeliton is = /etc/skel

how to know which user is logged in currently?

whoami
how to switch from one user to another user?
su - usrename
su = switch user
- = take user into his home directory while switching to any other user
* what is the difference between su - usrename and su username?
if we specify - user will switch and take to his home directory

history ==> to get particular user history commands

how to clear the history
history -c

awk

we can print file content with specified columns.

we can pull specified columns from output
eg : there are 5 columns in that i want to print only 3 column . how to do
achieve this
cat /filename | awk '{print $3}'
df -h |awk '{print $6 " " $5}'
awk '{print $1}' /tfile1
awk '{print $1 " " $3}' /tfile1
awk '{print $1 " ==> " $3}' /tfile1

awk -F: '{print $1}' /etc/passwd

-F = field specifing field with :
awk -F: '{print $3 " : " $1}' /etc/passwd

awk -F: '{if ($5 >= 60) print $1}' /etc/shadow

if $5 is nothing password max age is greater than >= 60 then print username
$1

how to change max password age to 50 days who are having greater than 50 max age?
task 1 : is for identify users which are having >= 50 max password age
awk -F: '{if ($5 >= 51) print $1}' /etc/shadow
task 2 : redirect listed users into one file
 awk -F: '{if ($5 >= 51) print $1}' /etc/shadow > /tmp/users
task 3 : using loop we are going to set max password age to 50 for
/tmp/users

for i in `cat /tmp/users`

do
chage -M 50 $i
done
for i in `cat /tmp/users`; do chage -M 50 $i; done

" " = print content whaterever is in between quotes

' ' = print content whaterver is specified in between quotes
` ` = to call the commands
for i in prasad
i is variable value is prasad

i is a vairable in that i am keeping /tmp/users file content.

what i contains now? user names

variable :
what is variable? variable is nothing but array which can used to store program or
value
in variable we can invoke program or any value
a=10
a is a variable in that value is 10
b=20
b is a variable in b we stored 20 value
p=prasad
p is a variable in that we stored prasad
how to call variable
$
echo $p
echo $a
echo $b
echo is for print something

===================================================28-05-
2021==========================
step 1 : download vmware workstation 12 pro & rhel 7.2 os.
step 2 : install vmware workstation 12 pro
activate vmware workstation using licence key which is there in whats
up group (first key)
reboot laptop
note: make sure vt technology is enabled at bios level
step 3 : vmware workstation short cut will be on desktop or programs files.
Please open it and create vm
step 4 : create vm
step 5 : click dvd/cd and map ISO image which you downloaded (3.8 GB) file .
by default it will in downloads.
step 6 : power on virtual machine
step 7 : start os installation
screenshots are there in what's up group.

the default administrator in unix servers is root

administrator is root
main folder or directory is /
/ parent directory
 / is a directory

/
13 usefull directories inside /

pwd = print working directory

/root
/root
/ main directory inside root is a subdirectory
pwd
cd /
ls
cd = change directory
moving from one place to other place.
ls = list the current folder data

blue = folder(directory)
black = files

disk management
user administration

disk ==> partition ==> format partition (ext4,xfs) ==> mount ==> use
read/write

step 1 : attach new disk at vm level

step 2 : login to system and refresh the channels to get new disk
echo " - - - " >> /sys/class/scsi_host/host0/scan
echo " - - - " >> /sys/class/scsi_host/host1/scan
echo " - - - " >> /sys/class/scsi_host/host2/scan
echo " - - - " >> /sys/class/scsi_host/host3/scan
echo " - - - " >> /sys/class/scsi_host/host4/scan
step 3 : create partition
fdisk /dev/sdd
p = print partition table information
n = to create new partition
w = to save and comeout
step 4 : update disk changes to kernel
partprobe /dev/sdd
step 5 : keep partition in any of file system type (ext2,ext3,ext4,xfs)
mkfs.xfs /dev/sdd1
make file system
step 6 : create directory and mount partition to that directory
mkdir /b24application
mount /dev/sdd1 /b24applicaiton

Useradd <username>

ueradd -u 3000 -G root -d /opt/b24u1 -m -c "test user" -s /bin/sh b24u1

-u uid = 3000
-G secondary group id . joined b24u1 into root group
-d home directory path . /opt
-m make home directory right now for b24u1 user /opt/b24u1
-c comment
 -s shell (/bin/sh,/bin/bash,/bin/csh,/bin/tcsh,/bin/nologin) but we defined
/bin/sh is the default shell b24u1 user.

passwd b24u1

id b24u1
cat /etc/passwd
cat /etc/shadow

Permissions (31-may-2021)

chmod
chown
chgrp

drwxr-xr-x. 2 root root 6 May 31 13:10 /b24newdir

-rw-r--r--. 1 root root 0 May 31 13:11 /b24newfile

1 2 3
rwxr-xr-x
1 2 3
rwx|r-x|r-x
U g o
421 r=4 w=2 x=1 4+2+1= 7 rwxr-xr-x =
755
U =owner rwx
g = group
o= others

read = where you have permissions to read or open file

write = where you have permissions to add new content , modify existing content or
delete content
execution = where you have permissions to execute (running permissions).

drwxr-xr-x. 2 root root 6 May 31 13:10 /b24newdir

-rw-r--r--. 1 root root 0 May 31 13:11 /b24newfile

who is the owner on /b24newdir?

root
what permissions are there for owner?
rwx (7)
what is the group assgined for /b24newdir?
root
what permissions group members has?
r and x = read and execution (5)

how to know who are the group members?

grep root /etc/group
root:x:0:duser1

duser1 is the member in root group

there is new user username is prasad, he comes under which catogory?
( owner,group member or others)
others
what permissions prasad has on /b24newdir?
read and execution(r-x) 5
 chmod 770 /b24newdir
[root@batch23vm01 /]# chmod 770 /b24newdir
[root@batch23vm01 /]# ls -ld /b24newdir
drwxrwx---. 2 root root 6 May 31 13:10 /b24newdir

as per above permissions, is prasad has what permissions?

nill or no permissions to others

there is one more user , that is venu. what permissions venu has on
/b24newdir?
nill or no permissions to others
there is one more user, that is duser1. what permisisons duser1 has
on /b24newdir?
full permissions(rwx) 7 because he is member in root group

gpasswd -a prasad root

now what permissions prasad have on /b24newdir?
ful permissions because we have added prasad into root group

num based
chmod 777 /b24newdir
chmod 777 /b24newfile
char based granting and revoking permissions
how to remove permissions only to others?
chmod o-rwx /b24newdir

how to grant only read and execution permissions for others?

chmod o+r-x /b24newdir

how to change ownership?

chown prasad:prasad /b24newfile
chmod 700 /b24newfile

granting permissions to group members

chmod g+r /b24newfile
o=others
g=group
u=owner

chown root:prasad /b24newfile

root default permissions
-rw-r--r--. 1 root root 0 Jun 1 07:11 newfilebyroot 644
drwxr-xr-x. 2 root root 6 Jun 1 07:11 newdirbyroot 755

normal user default permissions

-rw-rw-r--. 1 prasad prasad 0 Jun 1 07:13 newfilebyprasad 664

drwxrwxr-x. 2 prasad prasad 6 Jun 1 07:15 newdirbyprasad 775

* what are the default permissions when normal user creates file/dir?
on file 664
on dir 775
* what about root user?
on file 644
on dir 755

umask
*** what is umask? umask is a feature which will control default permissions. i
mean granting or restricting default permissions.
or explain about umask
default permissions
dir file
777 666
- 022 022 (umask)
755 644 root ---------------------
775 664 normal 755 644

prasad
touch file1 777
venu
here venu also will have full permissions on prasad file. there is chance he will
delete.
vi /etc/profile
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi

uid is greater than 199 then umask is 002

777 666
002 002
------ ------
775 664
else uid is below 199 then umask is 022
777 666
022 022
------ ------
755 644

when prasad creates files or directories by default every one should get full
permissions.
temp : umask 000
touch file4

666
000
-----
666
Perm: add following umask value at end of the file
step 1 :vi .bashrc
umask 077
step 2 : source .bashrc

umask should be 077 for all the normal users?

when normal user creates file permissions should be 600
dir 700

global environment configuration file is = /etc/profile here if we apply umask

it will applicable for all users
individual environment configuration file is = /home/prasad/.bashr or .bash_profile
==> only for individual user
how to get what is current umask value?
umask
how to change umask value per one user temp?
umask 077
how to change umask value per one user perm?
inside his home directory add following umask value in .bashrc or
.bash_profile
cd
cd command will take you to your home directory
vi .bashrc
umask 077
save and comeout
reload the bashrc
source .bashrc

bin = common commands which will work for all the users
cd , pwd, rm, mv,chmod,chgrp
sbin = super user binaries these commands will work only for root user.
userdel,useradd, chown

/test/tdir/somefiles

change permissions recursively

chmod -R 700 /b24dir
change ownership and group recursively
chown -R prasad:venu /b24dir
chgrp -R newgroup /b24dir

vi /tmp/users
user1
user2
user3
for i in `cat /tmp/users`
do
chage -M 70 $i
done

gpasswd -M existing,newusers groupname

stickybit,links

-------------------

Normal : chmod 777

0777
0 7 7 7
special perm owner group others

0 no special permissions applied

1 7 7 7
2 7 7 7
4 7 7 7

0 = no special permissions
1 = sticky bit permissios are applied
2 = SetGID
4 = SetUID
0777 rwxrwxrwx
1777 rwxrwxrwt others has special permissions ( chmod 1777 /dir1 or chmod
+t /dir1)
2775 rwxrwsrwx group has special permissions (chmod 2775 /dir1 or chmod
g+s /dir1)
4700 rwsrwxrwx owner has special permissions (chmod 4700 /script or chmod
u+s /script)

sticky bit: 1777

sticky bit is a special permission, where we can provide access to all other users
on directory but each other will not have permissions to delete or modify.
eg : all the users can use /dir1 (rwx), but each others data can't be
modified or delete.
user1 can create, modify and delete his files only inside /dir1
user1 can't modify or delete others data.

chmod 1777 /data

chmod +t /data
chmod -t /data
** which directory have by default sticky bit permissions?
/tmp
/tmp directory will be applied with sticky bit so any body can use /tmp
directory.
setuid : 4755

passwd : to set the password or to reset the password.

q1 : passwd command will work for all the usres?
yes
q2 : normal user can change their own password or not?
yes , but they should rember current password
q3: password information will update in which file?
/etc/shadow

/etc/shadow file permisson ---------

no one has permissons on /etc/shadow file except root
norma user able to write data inside /etc/shadow using passwod program.
/bin/passwd has special permissions that is user special permissions.
behalf of owner any body can use this

chmod u+s /usr/bin/date

chmod u-s /usr/bin/date
which date
which command will print absolute path of command
or
whereis date

granting super user commands access to normal users using setUID. commands will
executed by root behalf of normal users.
prasad ==> command ==> executed by root

SetGid

there is directory /data

owner is prasad
group is unixgrp
on this directory granted full permissions to every one
chmod 777 /data
if venu creates file or directory inside of /data what will be the owner and group
which he created?
file : venu venu
dir : venu venu

whatever data is landing inside /data group should be unixgrp?

eg : if venu creates file permissions should be like this
venu unixgrp
eg : if prasad creates file or directory inside /data group should be unixgrp?
prasad unixgrp

reserving goupname on directory

chmod g+s /directory

chmod g-s /directory

Permissions
normal permissions (owner,group and others)
special permissions
sticky bit
Setuid
Setgid
ACL
ACL : Access control list
using acl we can control the access. based on requirement we can provide
access to individual users on file or directory.
can possible to apply permissions users and groups also.

drwxr-xr-x root root

drwxrwxr-x prasad unixgrp

drwxrwxr-x prasad unixgrp /pdatabyprasad

owner is prasad (rwx)

group is unixgrp (rwx)
others (r-x)

prasad,venu,raja,rohith,siva
unixgrp= prasad & venu
who are others for this directory ? raja,rohith,siva

chmod 770 /pdatabyprasad

there is requirement, that is grant read and execution permissions to only siva?
howwe can fulfill this requirement?
here we can to use ACL concept to apply permssions to invidual permisons.

setfacl -m u:siva:r-x /pdatabyprasad

chmod 775 /pdatabyprasad

/HRDATA/salarydetails
applied permissions 700 on /HRDATA/salarydetails in this case no one
has any level of access except owner

granting read and execution permissions to prasad

setfacl -R -m u:prasad:r-x /HRDATA/salarydetails
 [root@batch23vm01 HRDATA]# ls -ld salarydetails
drwxrwx---+ 2 root root 6 Jun 4 12:56 salarydetails
we can see + sym at end of the permission after applying ACL

how to list out acl permissions on directory or file?

getfacl /HRDATA/salarydetails

how to apply acl permissions to user and group in single command?

setfacl -R -m u:b24u22:rwx,g:unix:rwx /HRDATA/salarydetails

how to flush all acl permisions on directory?

setfacl -b /HRDATA/salarydetails
how to revoke acl permissions to particular group or user?
setfacl -R -x g:unix /HRDATA/salarydetails
setfacl -R -x u:prasad /HRDATA/salarydetails

-m = multiple options
-R = Recursively ( only for directories)
u = user, g= group
-x = exlcude acl permissions
-b =flush the acl permssions on directory or file

LINKS (shortcut)
1. Soft link
2. Hard link

assum there is file inside /etc that file link create into /
ln -s /etc/fstab / ==> soft
ln /etc/fstab / ==> hard

unlink /fstab

inode: it's equal to y

HARD Soft
1 Inode Inode will be same for source(original) and destination
(duplicate) different inode will be for source and
destination
2 files/directories "Hard will not support for directories
we can not create links for directory using hard" soft supports links for
files/directories
3 across partitions using hard we can't create link from one partition to
another partition using soft we can create link from any where to any where
4 size source and destination size will be same"
destination size will be calculated based on lengh of file name

source 1 GB Destination 4 KB"

5 Lost unfortunatly we lost original still duplicate files
will be accessible unfortunatly we lost original but not possible to access
duplicates or links

FIND

find command is for search files/directories.

options:
 1. name : we know name of file or directory then easy search
2. Permisission : based on permissions we can start searching file or
directory
3. Owner/group : based on file/directory ownership we can search file or
directory.
4. Size : we can search file/dir based on size
5. modified date and time : we can search file/directory based on modified
date and time

how to create file with particular timestamp?

touch -a -m -t 202001250720.00 file2
-a access
-m modify
-t timestamp
2020 yyyy
01 mm
25 dd
07 hh
20 min
00 sec
how to create empty file?
touch file1
what is creation/modify date and time? current
07 june 2021 7:15

how to create file with particular size?

dd if=/dev/zero of=/b23dir/file3 bs=1024 count=1M
created file with 1 GB

how to search file with name?

find <path> -name nameoffile
find / -name file1
which is parrent directory in unix /

searching only directory with match of name

find / -type d -name file1
searching only files with matcho of name
find / -type f -name file1
d directories
f files
-name
-perm
-user or -group
-name -size
-perm -mtime or -mmin
find /b23dir -perm 777
searching only directories which are having full permissions under /
directory
find / -type d -perm 777

useradministration - completed
diskmanagement - not started
software management - not started
booting procedure - not stared
network services(ssh,ftp,nfs,samba,ntp,dns,rsync,http)

-user and -group

touch /b23dir/testfile1
 chown -R prasad:unix /b23dir/testfile1
find /b23dir -user prasad
find /b23dir -group unix

-size
find / -size +1000M

search files/directories with size between +500M -1000M

find / -size +500M -size -1000M

extra action on result

find /b23dir -size +500M -size -1000M -exec rm -rf {} \;
{} first command result

find /b23dir -type f -exec rm -rf {} \;

*** how to clear empty files inside /var partition

find /var/log -type f -size 0 -exec rm -rf {} \;
find 0 size files inside /var and remove those.

find out empty files in /var directory

find /var/log -type f -size 0 |wc -l

========================================================
[root@batch23vm01 /]# find /var/log -type f -size 0 |wc -l
19
[root@batch23vm01 /]# touch /var/log/emptyfilesbyprasad{1..20}
[root@batch23vm01 /]# find /var/log -type f -size 0 |wc -l
39
[root@batch23vm01 /]# find /var/log -type f -size 0 -exec rm -rf {} \;
[root@batch23vm01 /]# find /var/log -type f -size 0 |wc -l
0
==========================================================

-mtime searching files/directories based on modify date

-mmin searching files/directories based on modify min

delete older than 30 days files inside /var/log directory

find /var/log -type f -mtime +30

-mtime = days
find out 30 days back modified or created files
find /var/log -type f -mtime +30 -exec rm -rf {} \;

how to find out files which are modified with 1 hour?

find /var/log -type f -mmin -60
=========================================================
[root@batch23vm01 /]# find /var/log -type f -mmin -60 |wc -l
8
[root@batch23vm01 /]# touch /var/log/file2222
[root@batch23vm01 /]# find /var/log -type f -mmin -60 |wc -l
9
[root@batch23vm01 /]# touch /var/log/file22222222
[root@batch23vm01 /]# find /var/log -type f -mmin -60 |wc -l
10
[root@batch23vm01 /]# find /var/log -type f -mmin +60 -mmin -120 |wc -l
5
==============================================================

jan 1 2021

+145
find / -type f -mtime +145 -mtime -300

Find

name
Perm
size
modification/creation date and time
find <path> <option> <fullfil the option>

find / -name name

filter only files
find / -type f -name file2

find / -type f -perm 1777 ==> list out stickybit files

find / -type empty or find / -type f -size 0 ===> to list out empty files
owner
find / -user prasad -exec chown -R raja {} \;
size find files between 1 Gb to 2 GB and remove those files

find / -type f -size +1024M -size -2048 -exec rm -rf {} \;

LVM (Logical volume manager) 08- June -2021

Disk management
1. Basic method
2. LVM
3. RAID

disk : storage area

RAM : Mediator between end user and processor
processor : is worker. he is the one who is going to execute your tasks.

disk ==> create partitions ==> format with any of file system
type(ext2,ext3,ext4,xfs) ==>mount the partition ==> use ( read/write)

LVM architecture

disk ==> PV ==> VG ==> LV

max how many vg's we can create in 1 machine?
256 volume groups
max how many LV's(logical volumes) we can create in 1 machine?
29932

create partition with Normal method:

step 1 : connect disk for vm
step 2 : refresh the channels to reflect newly connected disk at os level
echo " - - - " >> /sys/class/scsi_host/host0/scan
echo " - - - " >> /sys/class/scsi_host/host1/scan
echo " - - - " >> /sys/class/scsi_host/host2/scan
 echo " - - - " >> /sys/class/scsi_host/host3/scan
echo " - - - " >> /sys/class/scsi_host/host4/scan
lsblk
step 3 : enter inside disk and create partition
fdisk /dev/sde
p print partition table information
n create new partition
d delete partition
w save changes and comeout from disk
q comeout from disk without save changes

step 4 : update partitions information to kernel

partprobe /dev/sde
step 5 : format partition with any of file system type (ext2,ext3,ext4,xfs)
rhel 6 = ext4 rhel7= xfs
mkfs.xfs /dev/sde1
mkfs.ext4 /dev/sde2
step 6 : create directory /app1 and mount it
mkdir /app1
mount /dev/sde1 /app1
how to list out mounted partitions
df -h

create partition with LVM method from scratch.

step 1 : connect disk for vm
step 2 : refresh the channels to reflect newly connected disk at os level
echo " - - - " >> /sys/class/scsi_host/host0/scan
echo " - - - " >> /sys/class/scsi_host/host1/scan
echo " - - - " >> /sys/class/scsi_host/host2/scan
echo " - - - " >> /sys/class/scsi_host/host3/scan
echo " - - - " >> /sys/class/scsi_host/host4/scan
lsblk
step 3 : convert disk as a pv
how to list out existing pvs? pvs
pvcreate /dev/sdf
pvcreate /dev/sdg
step 4 : create vg with new pv
how to list out existing vgs? vgs
vgcreate appvg /dev/sdf
vgcreate <vgname> <pv>
step 5 : create lv from appvg
how to list out existing lvs? lvs
lvcreate -L 1G -n lv01 appvg

-L = Labeling size is 1 GB
-n = name of lv
step 6 : format lv(partition) with any of the file system
type(ext2,ext3,ext4,xfs)
syn : mkfs.xfs /dev/vg/lv
mkfs.xfs /dev/appvg/lv01
step 7 : create directory and mount partition to that directory
mkdir /application
mount /dev/appvg/lv01 /application
df -h

add partitions details in /etc/fstab

/dev/appvg/lv01 /application xfs defaults 1 2

why we have to mentain partition details in /etc/fstab?

 during server bootup kernel will refer /etc/fstab and mount only those file
system while server coming up.

linux + AZURE + shell scripting + ansible

devops = linux,azure,shell scripting, ansible, some extra tools.

difference between Basic disk management and LVM

Basic LVM
partitions max 64 29932
scaleup NOT possible can possible (we can
extend partition space in online)
RAID NOT possible Can possible.
cluster Not possible can possible

first sec last sec

/dev/sdc1 2048 100000 not possible to extend space
/dev/sdc2 100001 200000 can possible to extend space if there are free
sectors after last sector

lvextend -L +10G /dev/vg/lv -r

offline and online

/application/impfile1

umount /applicaiton

Scenario1 : How to get disk for physical machine

pm = physical machine
vm = virtual machine

now days servers are coming without hard. 20 lakhs

is it possible to install os without hard disk? no

SAN = storage area network

It's a physical box which contains n number physical hard disks.
it can be accessible via network.

component 1 : Server ===> managed by OS administrator ===> Linux

os is running . who will fill storage request form? Linux admin
component 2 : SAN Switch ===> managed by storage administrator
component 3 : SAN Box ===> Managed by storage administrator

step 1(OS) : OS administrator open ticket with storage team for new LUN.
in ticket OS administrator attach storage request form.
OS administrator has to fill storage request form with following
details,
1. HBA card number(wwn) world wide number
2. server name
3. required size
 4. Datacentre
5. mode of lun(tem/perm)
step 2 (storage person) : aknowledge the ticket and download the storage
request form which OS admin attached
storage person will create LUN and map that lun number to both
the HBA cards. the HBA card numbers are there in storage req form.

step 3 (OS): scan the channels to get the newly connected disk or lun
eg : we have 4 HBA cards then 4 channels need to refresh
echo " - - - " >> /sys/class/scsi_host/host0/scan
echo " - - - " >> /sys/class/scsi_host/host1/scan
echo " - - - " >> /sys/class/scsi_host/host2/scan
echo " - - - " >> /sys/class/scsi_host/host3/scan

*** while scan for new disk we will specify 3 --- what is that?
- = channel
- = target
- = LUN(disk)
how to know the server is virtual or physical?
dmidecode -s system-product-name

virtual means it shows virtual

physical means it shows server model
how to find how many HBA cards are connected to server?
systool -c fc_host -v
what is the command to find wwn and speed of HBA cards?
systool -c fc_host -v

multipathing: multiple paths(routes) to storage using HBA cards.

assume you 2 HBA cards. that means 2 routes are there from server to storage
box
in case any 1 HBA card failed but there will not be any impact because other
route (HBA) card is in live.

once storage team map single lun to 2 HBA cards at os it shows as 2 disks.
lsblk you can see 2 disks with same size.
eg : if you have 4 HBA cards storage will create 1 lun and map to 4 HBA
cards. in this os person can see 4 disks at os level.
4 disks = 1 lun

how to list out dsks with multipath?

multipath -ll

* what is multipath configuration file?

/etc/multipath.conf
* how to flush the unused LUNS from physical server?
multipath -F
* How to refresh the multipath?
systemctl restart multipathd
or
multipath -r

single lun1 /dev/sdc

/dev/sde
which one we have consider as disk and convert to pv?
we can't directly use sdc or sde
to luns we have to create common name for both disks or for lun

/dev/sdc ==> /dev/prasaddisk

 /dev/sde ==> /dev/prasaddisk
how to create common name for disks using multipath

step1 : inside /etc/multipath.conf

vi /etc/multipath.conf
common name
lun number
step 2 : systemctl restart multipathd
or
multipath -r

what is common name? /dev/prasaddisk

how to convert disk as pv?

pvcreate /dev/prasaddisk
how to create partition inside this?
fdisk /dev/prasaddisk
n

Platform
1. Physical platform( server ==> Linux os)
2. Virtual platform ( Server 1 ==> esxi OS ==> vm1 ==> Linux OS)
( Server 1 ==> esxi 0S ==> VM2 ==> Linux OS)
( Server 1 ==> esxi 0S ==> VM3 ==> Windows)
( Server 1 ==> esxi 0S ==> VM4 ==> Windows)
( Server 1 ==> esxi 0S ==> VM5 ==> SuSE)
( Server 1 ==> esxi 0S ==> VM6 ==> Solari)

vm = virtual machine
esxi is a OS which is developed by vmware company. it's a bare metal OS.
using this we can spilt physical components virtuali.

RAM 8 GB
vm1 2 GB running 1 GB only using by machine1
vm2 2GB running
vm3 2 GB powered off
vm4 2 GB running

Scenario 2 : How to get Lun(disk) for virtual machine

step 1 (OS) : open ticket with VMWARE team to attach new disk with required
size for so and machine.
step 2(vmware) : vmware team will acknowledge ticket and create new disk to
virtual machine.
step 3 (OS) : will check is newly connected disk is available at os end. If
the disk is available then convert that disk as a pv.
Physical machine
step 1(OS) : OS administrator open ticket with storage team for new LUN.
in ticket OS administrator attach storage request form.
OS administrator has to fill storage request form with following
details,
1. HBA card number(wwn) world wide number
2. server name
3. required size
4. Datacentre
5. mode of lun(tem/perm)
step 2 (storage person) : aknowledge the ticket and download the storage
request form which OS admin attached
storage person will create LUN and map that lun number to both
the HBA cards. the HBA card numbers are there in storage req form.

step 3 (OS): scan the channels to get the newly connected disk or lun
eg : we have 4 HBA cards then 4 channels need to refresh
echo " - - - " >> /sys/class/scsi_host/host0/scan
echo " - - - " >> /sys/class/scsi_host/host1/scan
echo " - - - " >> /sys/class/scsi_host/host2/scan
echo " - - - " >> /sys/class/scsi_host/host3/scan

*** Scenario 3 : create partition in lvm method from scratch?

step1 : we will co-ordinate with vmware team to get new disk , because our
servers are running in virtual platform.
we will open ticket with vmware team to get new disk
physical : we will open case with storage team to get new lun. also we
have fill storage request form
once storage team map lun to server(HBA) cards then we will
referesh channels for new disk
step 2 : once vmware team connect disk to server then we will refresh
channels to get newly connected disk in case disk is not reflected after attach.
echo " - - -" >> /sys/class/scsi_host/host0/scan
echo " - - -" >> /sys/class/scsi_host/host1/scan
echo " - - -" >> /sys/class/scsi_host/host2/scan
echo " - - -" >> /sys/class/scsi_host/host3/scan
echo " - - -" >> /sys/class/scsi_host/host4/scan
echo " - - -" >> /sys/class/scsi_host/host5/scan
step 3 : convert newly connected disk as a pv
pvcreate /dev/sdh
pvs or pvdisplay
step 4 : we will create new vg with new pv
vgcreate orclevg /dev/sd{g,h}
step 5 : then we will create LV in newly created vg
lvcreate -L 10G -n oralv01 oraclevg
step 6 : we will format lv with xfs file system type
mkfs.xfs /dev/oraclevg/oralv01
step 7 : create directory and mount newly created lv to that directory
mkdir /oracledata
mount /dev/oraclevg/oralv01 /oracledata
step 8 : we will update device details in /etc/fstab for permenant mount
/dev/oraclevg/oralv01 /oracledata xfs defaults 1 2
device name mountpoint fstype
permissions meta data backup file system checkup

*** Scenario 4 : How to extend partition space ?

step 1 : verify is enough space is availble in vg where lv is present.
df -h /application
here we will come to know lv is part of which vg
vgs
here we come to know available space(VFREE).

step 2 : straight away extend partition space if there is enough space in vg

======> True condition because there is enough space is availble in VG
lvextend -L +18G /dev/appvg/lv01 -r
step 3 : below scenario if there is no enough space available in VG
======> False condition is there is no enough space available in VG
task 1 (virtual machine) : we have to co-ordinate with vmware team to
get new disk and convert that newly connected disk as pv and add into
existing vg.
task 2 (Physical machine): we hav to co-ordinate with storage team to
get new disk and convert that newly connected disk as pv and add it into
existing vg.

vg space will expand after adding new pv

How to reduce vg?

vgreduce vgname pvpath
vgreduce appvg /dev/sdd1
note: Min 1 pv is required to maintain vg
is it possible to create empty vg, mean with out pv is it possible to
create vg?
No
How many vgs we can create in 1 machine?
256

/dev/sdd 10 GB
/dev/sdd1 5 GB appvg
/dev/sdd2 5 GB appvg
vgreduce appvg /dev/sdd2

*** How to reduce lvm partition space

extend is online activity becuase we have not unmount partition. on fly we
have extended partition space.
reduce is downtime activity. we have to unmount the partition.
requirement is reduce 10 gb from existing lv?
lvname is lv01 (/application)
get current size of lv01 ===> lvs or df -h /application
XFS
Note : make sure we have approval to umount partition, becuase lvreduce requried
downtime.
step 1 : backup the partition
xfsdump -f /bkpoflv01 /application
destination source
step 2 : umount the partition
umount /application
step 3 : reduced the lv size
lvreduce -L 15G /dev/appvg/lv01
step 4 : format the LV
mkfs.xfs /dev/appvg/lv01 -f
step 5 : mount the lv back
mount -a
or
mount /dev/appvg/lv01 /application
step 6 : restore the data which we backed up before unmount the partition
xfsrestore -f /bkpoflv01 /applicaiton

ext3 & ext4

step 1 : umount the partition

umount /application1
step 2 : repair the file system
e2fsck -f /dev/appvg/lv02
step 3 : label the size or keep the size how much you want to keep it for lv
eg : out of 10 GB decided to reduce 2 GB
how much space we have to keep it for lv ? 8 GB
 resize2fs /dev/appvg/lv02 8G
resize to 8 gb that is the meaning.
step 4 : reduce the 2 GB space from lv
lvreduce -L -1.9g /dev/appvg/lv02
step 5 : mount it back
mount -a

pv ==> VG ==> lvs ==> format ==> mount

vg = collection PV's
appvg = 1 PV = 20 LV's

/var/log/dmesg ==> redhat : we noticed some alerts or messages related to disk

like warning notifications. disk may will fail.
/var/log/messages ==> SuSE
we can find hardware related logs in /var/log/dmesg in redhat machines.

2nd situation or use when we will migrate data from one disk to another disk
is .
current disk size is 1 TB which is not enough for future. decided
upgrade same disk to 4 TB
vg ==> pv1 , pv2, pv3, pv4
vg ==> 1 pv with 4 TB.

** How to migrate LV's from one pv to another pv

Note : it's a online activity
without unmount partition or mount point we can perform this activity.
recommended is umount and perform this activity.

step 1 : Get new disk to transfer data from faulty disk to new disk. the new
disk capacity should equal or greater than faulty disk.
faulty disk is = /dev/sdb = 5 GB
new disk is = /dev/sdi = 7 GB
faulty disk is present in datavg
step 2 : convert new disk as pv
pvcreate /dev/sdi
step 3 : add new pv into existing vg where fault disk is exist.
vgextend datavg /dev/sdi
now how many pvs are in datavg? 2 one faulty one and other one is new one.
step 4 : data lvs from fault disk to new disk
pvmove /dev/sdb /dev/sdi
remove faulty disk from vg and pvlist
vgreduce datavg /dev/sdb
pvremove /dev/sdb

disable disk ==> echo "offline" > /sys/block/sdb/device/state

delete disk from OS end ==> echo 1 > /sys/block/sdb/device/delete
it is a vm = vmware team will delete that disk from vm
it is a pm = if disk is connected to server then dc engineer will replace new
disk with help of hardware vendor.
hardware vendor is DELL , dell engineer will get new disk and replace
with faulty one.
** How to verify is pv is free or having any lvs?
pvdisplay -m /dev/sdi
how to disable and enable lv? umount the lv and disable lvchange -an /dev/vg/lv
enable = lvchange -ay /dev/vg/lv and mount it back
how to disable vg? make sure none lv is not mounted. then disable vg = vgchange
-an vgname enable = vgchange -ay vgname
how to disable pv? make sure vg is in disabled mode the respective pv pvchange
-xn /dev/sdb enable = pvchange -xy /dev/sdb

how to refresh vg,lv and pvs

pvscan
vgscan
lvscan

How to extend partition space?

true
there is enough space in vg then straight away we will extend lv space
lvextend -L +10G /dev/vg/lvname -r
false
there is no enough space in vg then we will with vmware/storage team to
add new disk or extend existing disk
lv01 ==> appvg ==> /dev/sdc sdc capacity is 100 GB if we extend
sdc disk capacity frm 100 GB to 200 GB
step 1 : vmware team will expand /dev/sdc disk capacity from 100 GB to 200
GB. then we will rescan the disk and execute pvresize command
rescan the disk = echo 1 > /sys/block/sdc/device/rescan
pvresize /dev/sdc
now you can see updated space for pv.

pm ==> LUN id
multipath -ll
logical id
open case with storage team to expand existing lun capacity.
in ticket we have to share existing logical id
where to get the logical id multipath -ll

now storage team will expand existing lun and confirm us

rescan the disk = echo 1 > /sys/block/sdc/device/rescan

pvresize /dev/sdc
now you can see updated space for pv.

VG backup and restore

vgcfgbackup will backup the meta data of vg.

meta data is nothing data about data.
archive maintains recent 10 activities of each vg.
backup the vg
vgcfgbackup -f /tmp/appvgbkp16-06-2021.vg appvg

how to get recent activities in particular vg

vgcfgrestore -l vgname
how to restore
vgcfgrestore -f /tmp/appvgbkp16-06-2021.vg appvg

default vg level backups will be inside /etc/lvm/archive

 /etc/lvm/backup ==> activities
/etc/lvm/archive ==> backup path of activities. using archive only we will
restore the vg changes.

what is the LVM version we are using?

lvm2
what is the main configuration file of lvm?
/etc/lvm/lvm.conf
what is the service responsible for lvm related activities?
systemctl status lvm2-lvmetad.service

how to rename lv name?

lvrename <old lvname> <New lv name>
lvrename /dev/vgname/lv01 /dev/vgname/newlvname

what is the command to rename vg?

Step 1 :umount all lv's which are present in respective vg
step 2 :disable the vg
vgchange -an vgname
Step 3 : rename the vg
vgrename oldvgname newvgname
step 4 : enable vg
vgchange -ay vgname
step 5 : correct entries in /etc/fstab
/dev/oldvg/lv1
change it to new vg name inside /etc/fstab
/dev/newvg/lv1
step 6 : remount the lvs
mount -a

How to merge 2 vgs into 1 vg?

Step 1 :umount all lv's which are present in respective vgs
step 2 :disable both the vgs
vgchange -an vgname
vgchange -an datavg
vgchange -an applicationvg
going to merge datavg with applicationvg. after merging we will see
only application vg
vgmerge applicationvg datavg
here merging datavg with applicationvg
step 3 : enable vg
vgchange -ay applicationvg
step 4 : correct entries in /etc/fstab
werever we have datavg name replace with applcationvg
step 5 : mount it back

*** still disk is not released from vg? or pv is not released from vg?
vgreduce --removemissing vgname

RAID
Redundant Array of Inexpensive Disks

==> with help of RAID we can achieve Disk level redundancy.

==> under array there will be multiple disks, incase any disk failure other or
remaining disks will support to the transactions. there will not be any break or
inturption.

RAID Level
=============
RAID 0 Stripping
RAID 1 Mirroring
RAID 2
RAID 3
RAID 4
RAID 5
RAID 6
RAID 1+0
RAID 0+1

RAID 0 : Stripping

we are going to implement these RAID levels using any of below methods
1. LVM ==> we are going to create lv with raid level
2. MDADM(multi disks administration)

/dev/sdc ==> 10 GB
/dev/sdd ==> 13 GB

b24lv01 stripping 10

command to create stripped lv

lvcreate -L 10G -n b24lv01 -i 2 tvg
command to create mirrored lv
lvcreate -L 4G -n b24lv02 -m 1 tvg

lvs --segment

procedure for create stripped lv

step 1 : get 2 disks and add into same vg
pvcreate /dev/sd{c,d}
vgcreate tvg /dev/sd{c,d}
step 2 : create stripped lv
lvcreate -L 10G -n b24lv01 -i 2 tvg
step 3 : format and mount
mkfs.xfs /dev/tvg/b24lv01
mkdir /db01
mount /dev/tvg/b24lv01 /db01
how to check lvs with segment is
lvs --segment
procedure for create mirrored lv
step 1 : get 2 disks and add into same vg
pvcreate /dev/sd{c,d}
vgcreate tvg /dev/sd{c,d}
step 2 : create mirrored lv
lvcreate -L 4G -n b24lv02 -m 1 tvg
step 3 : format and mount
mkfs.xfs /dev/tvg/b24lv01
mkdir /db02
mount /dev/tvg/b24lv02 /db02

purpusfully going to currupt one of disk from mirrored lv

lvconvert -m0 tvg/b24lv02 /dev/sdc
 converting b24lv02 lv as linear and removing /dev/sdc disk

to get mirrored information

lvs -a -o +devices

lvs -a
-a all with option + devices

raid 5
lvcreate -L 5G -n lv05 --type raid5 oravg
raid 1
lvcreate -L 2G -n lv01 --type raid1 oravg
stripped
lvcreate -L 2G -n lv00 --type raid0 -i 2 oravg

MDADM
create partition with RAID 5
step 1 : create array or device with raid 5
mdadm --create /dev/md5 --level=5 --raid-devices=3 /dev/sdc /dev/sde /dev/sdf
how to check device details
mdadm --detail /dev/md5
step 2 : format the device using xfs file system
mkfs.xfs /dev/md5
step 3 : create directory and mount it
mkdir /mdir
mount /dev/md5 /mdir

making /dev/sdc disk as faulty

mdadm --fail /dev/md5 /dev/sdc
add new disk in array
mdadm --add /dev/md5 /dev/sdd
remove faulty one from array
mdadm --remove /dev/md5 /dev/sdc

=========================failed to add disk into array in mdadm=========

mdadm --examine --scan >> /etc/mdadm.conf
mdadm --assemble --scan /dev/md5

LVM questions
1. Please explain step to create lvm partition frm scratch?
2. Extend partition space which is created in lvm method?
if enough space is available in vg then how to extend partition space?
if there is no enough space in vg then how to extend partition space?
3. pvmove
questions for pvmove
1. old disk faulty or read and write speed came down so decided to
remove faulty disk, so how we can do this.
2. existing disk capacity is 20 gb deciced to get new disk with 1 TB
and migrate data from old disk to new disk which we got with 1 TB size.
4. what is pe and le size?
4 MB
PE = physical extends
LE = logical extends
5. how to extend pe size?
while creating vg we can define LE size
vgcreate -s 8M vgname /dev/sdi
6. explain about raid levels?
7. which raid level gives fault tolerance and better performance?
RAID10
8. what is parity?
9. what are the difference between raid 5 and raid 10.
10. Unfortunatly deleted lv, how to recover it.
11. which is current lvm version?
lvm2
lvm version

older version is lvm1

12. difference between lvm 1 and lvm 2.
lvm1 lvm2
lvs 256 29932
max device size 2 TB 8 EB
mirroring No Yes
stripping expansion No Yes

13. difference between -l and -L while creating lv?

-L specifying size for lv in size based
-l specifying size for lv with LE
100 LE are there
100 * 4 MB = 409 MB's
lvcreate -l 25%FREE -n newlv01 vg
we are allocating 25 LE's for newlv01
another eg
lvcreate -l 90%FREE -n newlv01 vg
90 % allocating to newlv01 and 10 % space will be available in vg.

SOFTWARE Management or package management ===> 22-

June-2021

=================================================================

Installing/uninstalling/upgrading/updating/querying(getting
information)

media player
notepad
winword
java
oracle db
vlc.msi
microsoft installer
vlc.exe executable file

there are 2 mehtods to perform package(software) management

1. RPM ==> redhat/suse/centos/ubuntu all most all linux
flavaours will support.
2. YUM ==> redhat/centos/fedora
3. Zypper ==> only for suse . it's similar to yum.
suse = rpm and zypper
redhat = rpm and yum

rpm = redhat package manager

yum = yellowdog update and modifier
 day 1 : basic commands of rpm
day 2 : yum and yum repository
day 3 : patching using local repository
day 4 : roll back the latest patch
day 5 : redhat satellite
day 6 : suse (suma manager)

packagename.rpm
softwarename.exe
softwarename.msi

how to install pkg?

rpm -ivh packagename.rpm

you can find package in 2 locations

DVD
internet(official web site)

how to mount dvd?

step 1 : right click on virtual machine and settings.
step 2 : click on dvd and make sure selected " use ISO image file" . here
browse the iso image file which we downloaded (rhel7.2)
step 3 : come back to server and mount the dvd
mount /dev/sr0 /media

rpm -qa pkgname

-q - query
-a - all
how to list out all installed packages? rpm -qa
how to count all installed packages ? rpm -qa |wc -l
how to filter particular package is installed or not ? rpm -qa
pkgname

installing vsftpd package

rpm -ivh /media/Packages/vsftpd-3.0.2-22.el7.x86_64.rpm
i = install
v = verbose (% of installation 10%, 20%)
h = print hash(#)symbols during installation progress.
############
uninstall pkg
rpm -ev vsftpd

how they named package name

vsftpd-3.0.2-22.el7.x86_64.rpm

name version release architecture . rpm

1 2 3 4
5
vsftpd 3.0 2-22 el7.x86_64 . rpm
el7 = enterprize linux 7
el6 x86_64 ( 32 and 64 bit)
el6 x86_32 ( 32 bit)

how to download pkg from internet

pkgs.org
 rpm and yum use the one db, that is Berkeley.
/var/lib/rpm

pkg information will be updated in berkeley db.

rpm -qa this command will reach to berkeley db and query for installed
packages.

rpm -qa ===> query installed packages

rpm -qa pkgname ==> is for filter the particular package status
rpm -ivh pkgname.rpm ==> is for install single pkg
rpm -ev pkgname ==> is for uninstall pkg

Query options:
qa = list out all installed
qi = query information about installed pkg
qi = get the information about installed pkg
qip = to get the information about which is not installed pkg information

rpm -qa --last | more

is for list out installed pkgs from recent
*** how to list out recently installed pkgs? with date and time stamp
rpm -qa --last | more
*** how to verify or test is the pkg is going to install or not?
rpm -ivh --test pkgpath

pkg will have dependencies

pkg2, pkg3, pkgs4 are the dependencies for pkg1
pkg2, pkg4 are the dependencies for pkg10
main pkgs are pkg1 and pkg10
for pkg10 dependencies are pkg2 and pkg4.
mariadb-server
GLIBC_2.17
pkg1
pkg2
pkg3
pkg4
python
pkg10
pkg11
pkg12
lib.m

*** how to verify dependency packages for one of pkg?

rpm -qRp pkgpath.rpm
R= required
rpm -qR pkgname
R = will let you know the dependencies.

how to print documes path of pkg

rpm -qd pkgname
rpm -qdp pkgname.rpm
*** unfortunatly we have deleted one of the command (eg: chmod) . how to get it
back.
step 1 : login to other machine and get the pkg of chmod command
rpm -qf /bin/chmod
the above command will print the pkg of chmod file or command
step 2 : we came to know chmod command or file is created by which rpm so we
can try to re-install same pkg in server where we deleted chmod command
unfortunatly.

rpm -ivh /media/Packages/coreutils-8.22-21.el7.x86_64.rpm --force

how to get confirguration files of rpm?

rpm -qc vsftpd

rpm -ivh
rpm -ev
rpm -qi,d,f,c,R

how to upgrade pkg?

rpm -Uvh newpkg.rpm
rpm -Uvh /media/Packages/vsftpd-3.0.2-29.el7.x86_64.rpm
how to update pkg? old and new both should be in machine
rpm -ivh oldpkg.rpm --force
--force = re-install if same pkg is installed
--force = forcing to install pkg don't bother about the existing pkgs

*** how to downgrade pkg?

note : make sure we have old pkg in your system
rpm -Uvh --oldpackage /media/Packages/vsftpd-3.0.2-22.el7.x86_64.rpm

YUM
yellowdog update and modifier

yum install pkgname

rpm -ivh pkgname

rpm -qa
yum list installed
rpm -qa vsftpd
yum list installed vsftpd

rpm -ev vsftpd

yum remove vsftpd RPM YUM
ZYPPER
rpm -ivh pkgname.rpm yum install pkgname.rpm
zypper install pkgname.rpm
rpm -ev pkgname yum remove pkgname
zypper remove pkgname.rpm
rpm -qa yum list installed
zypper search
rpm -qa vsftpd yum list installed
vsftpd zypper search pkgname
rpm -qi pkgname yum info pkgname
zypper se pkgname
rpm -Uvh pkgname.rpm yum upgrade pkgname.rpm
zypper upgrade pkgname.rpm
rpm -Uvh --oldpackage pkgname.rpm yum downgrade
pkgname.rpm
 rpm -ivh pkgname.rpm --force yum reinstall
pkgname.rpm

installing pkg with out dependencies?

rpm -ivh pkg .rpm --nodeps

RPM YUM
Repository not possible Repoisitory can possible

advantages of repository:
1. It consider the
dependencies automatically.
2. it will work like
centralized package management server.
yum Server will
have all pkgs
client
1 will connect with yum server and take pkgs
client
2 also can connect with yum server and take pkgs
client
3 also can connect with yum server and take pkgs
3. Easy to perform
patching(upgrade/downgrade)

configuring yum repository server

server = 192.168.145.162
client = 192.168.145.***

Steps at server:
step 1 : mount the ISO image
vm settings ==> dvd ==> use iso image file ==> browse the OS
image file
mount /dev/sr0 /media
step 2 : install pre-requisite pkgs
1. createrepo 2. vsftpd
rpm -ivh /media/Packages/createrepo
rpm -ivh /media/Packages/vsftpd
step 3 : create local directory and copy pkgs from DVD to local
directory.
mkdir -p /var/ftp/pub/rhel75
cp -r /media/Packages/* /var/ftp/pub/rhel75
step 4 : create repository
createrepo -v /var/ftp/pub/rhel75
step 5 : configure repository
cd /etc/yum.repos.d
vi local.repo
[rhel75.repo]
name=rhel75.repo
baseurl=file:///var/ftp/pub/rhel75
gpgcheck=0
enabled=1
first 2 lines are displayname of repo
baseurl = path of repodata or pkgs
gpgcheck= 0 disable 1 enable authentication to clients . 0 no authentication
required for client machine. freely they can come to yum server and take pkgs
gpgcheck =1 authentication is required . server will have 1 key same key should be
inside client machines also
enabled =0 disable repository
enabled=1 enable repository
step 6 : refresh repository and enable vsftpd service for connect
client machines.

yum clean all

the above cmd is for refresh repository
yum repolist
is for list out repositories
note : make sure yum server has ip address. clients are going to connect to
yum using that IP only.
ip a
if there is no ip then
vi /etc/sysconfig/network-scripts/ifcfg-ens33
ONBOOT=yes
save and comeout frm this file and restart network
systemctl restart network
now there should be ip
ip a
systemctl restart vsftpd
systemctl enable vsftpd
systemctl stop firewalld
systemctl disable firewalld
setenforce 0

method 1: local yum repo sever

method 2 : rhn redhat network server for the pkgs

method 3 : satellite here we will have the repositories .

client integration with YUM server

pre-requisites:
1. make sure client machine has ip address
2. make sure there is network between client machine to yum server (ping
ipofyumserver)
3. make sure client able to connect server on 21 port number
telnet yumserverip 21
how to come out from telnet output is
ctl ]
> quit

client : make sure it has lower version (7.2)

as part of patching we will upgrade this 7.2 to 7.6

patching means lower to next level of os

7.2
patching
7.6
patching
7.8
 step 1 : configure the repositories
cd /etc/yum.repos.d
vi local.repo
[rhel75.repo]
name=rhel75.repo
baseurl=ftp://192.168.145.162/pub/rhel75
gpgcheck=0
enabled=1

step 2 : refresh the repositories and list out repositories

yum clean all
yum repolist

patching
yum update

current os version is 7.0 and kernel version is

3.10.0-123.el7.x86_64

scenario 1 : create repository with 7.0 packages

scenario 2 : create repository with 7.5 packages

scenario 1 : create repository with 7.0 packages

step 1 : mount 7.0 dvd
step 2 : install vsftpd and createrepo pkgs
step 3 : create one new folder inside /var/ftp/pub and copy packages
from dvd
mkdir -p /var/ftp/pub/rhel70
cp -r /media/Packages/* /var/ftp/pub/rhel70/
step 4 : create repository
createrepo -v /var/ftp/pub/rhel70

step 5 : configure repository

vi /etc/yum.repos.d/local.repo
[rhel70]
name=rhel70
baseurl=file:///var/ftp/pub/rhel70
gpgcheck=0
enabled=1
save and come out from file
refresh repositories
yum clean all
yum repolist
setenforce 0
systemctl restart vsftpd
systemctl enable vsftpd
systemctl stop firewalld
systemctl disable firewalld

gpgcheck=0 authentication doen't required for client machines

gpgcheck=1 authentication is required for client machines
step 1 : mount 7.5 dvd
 step 2 : install vsftpd and createrepo pkgs
step 3 : create one new folder inside /var/ftp/pub and copy packages
from dvd
mkdir -p /var/ftp/pub/rhel75
cp -r /media/Packages/* /var/ftp/pub/rhel75/
step 4 : create repository
createrepo -v /var/ftp/pub/rhel75

step 5 : configure repository

vi /etc/yum.repos.d/local.repo
[rhel75]
name=rhel75
baseurl=file:///var/ftp/pub/rhel75
gpgcheck=0
enabled=1
yum clean all
yum repolist
setenforce 0
systemctl restart vsftpd
systemctl enable vsftpd
systemctl stop firewalld
systemctl disable firewalld

client :
vi /etc/yum.repos.d/local.repo
[rhel75]
name=rhel75
baseurl=ftp://192.168.145.162/pub/rhel75
gpgcheck=0
enabled=1

yum clean all

yum repolist
how to check are there updates
yum list updates
how to perform patching
yum update

integrate client machine with yum repo server ==> done

take snapshot ===> done
collect the pre-checks ==> cat /etc/os-version;uname -a;df -h;cat
/etc/fstab;vgs;lvs;pvs : all the commands will exuecte parlely
cat /etc/os-version && uname -a && df -h && cat /etc/fstab
&& vgs && lvs && pvs : sequence
cmd1 && cmd2 && cmd3

we will ask app/db team to stop the things whaterver running in server =====>
done
perform patching ===> done
yum update

yum activities will update into /var/log/yum.log

reboot
request app team to validate application functionality in sever where
we done the patching.

true application is working then close the change

false applicaiton is not working as expected. they are asking to roll
back the patch.

solution 1 : merge the snapshot

solution 2 : just boot with old kernel and request application team to validate
applicaiton functionality : temp approach
reboot and select old kernel in grub screen.
slution 3 : set previous kernel as default to boot in next time

7.5 1
7.0 2
how to list out installed kernels and which is top
grep menuentry /boot/grub2/grub.cfg
grub2-set-default 2
grub2-mkconfig -o /boot/grub2/grub.cfg
shutdown -r now
Solution 4 : roll back full patch using yum history
note : make sure we brought machine to rhel 7.0 kernel
in the grub screen we will select 7.0 kernel

yum server side we have 2 repositories

7.0
7.5
client side :
currently client machine is pointing 7.5 repository that need to change
and point out to 7.0 repo

step 1 : make sure client machine is reffering to old repository

vi /etc/yum.repos.d/local.repo
[rhel70]
name=rhel70
baseurl=ftp://192.168.145.162/pub/rhel70
gpgcheck=0
enabled=1
If it is a satellite
subscription-manager --enable=previouserepoid

step 2 : find out yum history activity id

yum history
yum history info 2

step 3 : remove following file

rm -rf /etc/yum/protected.d/systemd.conf
step 4 : roll back the packages which are upgraded as part of patching
yum history undo 2
2 is yum history activity id
step 5 : reboot the server

step 6 : downgrade redhat-release package

yum downgrade redhat-version

method 1: local yum repo sever

method 2 : rhn redhat network server for the pkgs

method 3 : satellite here we will have the repositories.

Satellite concept

satellite server will provide repositories to client machines.

we have limitted access to satellite server. we have access to add host and un-
register host.

*** how to register server with satillite server?

subscription-manager register --org="xyz.org"
--activationkey="12xkljldfdsfsfkl;fjlf;fkdsfaf"
or
subscription-manager register
it will prompt for username and password
*** how to check the integration status with satellite server
subscription-manager status
and
subscription-manager list
*** how to unregister server with satellite server?
subscription-manager unregister

*** How to check is the server is registered with satellite in satellite sever.
in browserver
http://satelliteserverip
username
password
DASHBOARD==> Hosts ==> servername ==> unregister

*** how to enable particular repostirory

cmd 1 : how to list out repositories
subscription-manager repos --list
cmd 2 : enable particular repository
subscription-manager --enable=repository id

***** roll back latest patch which is integrated with satellite server.
boot with old kernel
enable old repo using
subscription-manager --enable=old repository id
yum history undo 4
reboot
*** how to enable only particular repo out of many
yum --disablerepo="*" --enablerepo="repoid or reponame" install pkgname
in above command we are installing one pkg from particular repository
*** How to exclude one pkg from yum update
yum update --exclude="pkgname"
zypper update --exclude="pkgname"

yum update ===> full patch (every 3 months once for all servers)
yum update --security =====> it updates only the security related patches.
(every month for all servers)
yum update kernel ======> it updates only kernel

zip not install when you perform yum update zip will not install
zip is installed then when we perform yum updte zip will update to latest.

Satellite is for redhat machines

suma is for SuSE
 redhat , 6,7,8
7.0,7.1,7.2,7.3.....7.10
SuSE SLES 12 & SLES 15
SLES 12.sp1, SLES 12.sp2,SLES
12.sp3 , sp4, sp5 every 1.5 years once they will relase
SLES 15.sp1, SLES 15.sp2, SLES
15.sp3

register suse server with suma

step 1 : download boot strap file and execute
curl -Sks -O https://sumasevername or IP /pub/bootstrap/sap-12-5-
lifecycle-production-SLE12-SP5-SAP-Pool.for.x86_64.sh

chmod -R 755 sap-12-5-lifecycle-production-SLE12-SP5-SAP-

Pool.for.x86_64.sh
sh sap-12-5-lifecycle-production-SLE12-SP5-SAP-Pool.for.x86_64.sh

step 2 : check now server is registered or not

SUSEConnect --status-text
step 3 : login to suma server using browser and activate
http://sumaseverip
username
password

salt ==> search for system ==> activate

zypper update

Patching procedure

Linux administration:
==> Operational team (24/7) support , incidents, service requests, change
management
==> patching team ( schedulling, getting approval, patch)
==> Build team ( server provisioning) team : build the servers as per build
sheet.
==> IAM ( Identity access managment) team : user and group related requests.
creating user, deleting user, granting privilages, password reset

Operational team:
User unable login
High cpu usage alert
high memory usage alert
server crash or server hung
extend RAM size
extend cpus
extend partition space
remote machine not able to connect to machine

Linux team : OS patching

app/db : stop/start application and validate application
functionality after patching
 platform vmware = vmware team : taking full machine snapshot
platform cloud = Microsoft Azure : taking full machine snapshot
Backup team = Backup the machine data . we can't find backup
team for cloud platform.

PMO team : this is the team responsible for schedule window, co-ordinate with
team and complete patching activity successfully.
Make sure CR is in place CR=change request
make sure change execution plan(CEP) is read for upcoming change
Implementation plan has been reviewed
approvals are in place.
scheduling meeting for upcoming change(patching)

ENV Implementation Priority/Criticality

produciton 4 1
DR 5 2
QA 3 3
Dev 2 4
stagging/Lab 1 5

facebook production severs 10000 third(3) produciton is the

environment will generate the revenue for the company
Facebook DR server 7000 fourth (4)
Facebook QA servers 5000 second (2)
facebook DEV severs 5000 first (1)
Lab = 1000

buffer time between environment ? 10 days

DEV 2nd july 2021
QA 12th july 2021
prodution 24th July 2021

**** patching procedure

step 1 : we will join in scheduled meeting and take snapshot for scheduled
servers
step 2 : we will disable alerts for scheduled servers (nagios)
step 3 : and we will collect the prechecks from scheduled servers.
cat /etc/os-release;uname -a;date;df -h;cat
/etc/fstab;lsblk;pvs;vgs;lvs
step 4 : we will request app/db team to stop the respective application in
scheduled servers.
step 5 : we will reboot server before patching once application team stop
the applications (sanity reboot)
step 6 : we will make sure server is integrated with satellite server
if server is not integrated with satellite then we will integrate and
perform patching
redhat : subscription-manager status
suse : SUSEConnect --status-text
yum update
zypper up or zypper update
step 7 : we will observe the patching progress and reboot server after
patching
step 8 : we will do post checks and hand over server to application team for
start application
post checks like is new kernel is reflecting after patching and
mount points are matching with pre-checks,.......
step 9 : we will close our change task based application team confirmation.

order
1. patching procedure
2. satellite related questions
3. Roll back
4. server is not coming up after patching

patching procedure, creating partition from scratch using lvm method, extending
partition space, pvmove , Types of raid levels, satellite related questions, local
repository configuration, roll back procedure.

Booting procedure *****

networking (ssh,ftp,sftp,nfs,samba,ntp,dns,http,rsync) nfs,dns,ftp
housekeeping alerts ****
performance alerts ****
bootup issues ****
kernel parameters
cron , sudo,swap
ITIL
mock test
Azure
shell scripting
ansible
clustering

create new partition with 10 GB with below requirements

mount point = /data1
fs type should be = xfs

/boot standard 512 MB LVM will not support bootable files.

/var LVM 9 GB
swap swap equal or double of your RAM
RAM = 2 GB then you can prefer 2 or 4 GB SWAP
/tmp LVM 5 GB
/ LVM 10 GB

1. Create partition using lvm method from scratch with below specifications
mount point name = /b24data1
file system type = xfs
size = 12 GB

Booting procedure
***

Booting procedure start from press power on button to until we get login prompt.

Booting procdure helps to understand the boot process, wil help to understand how
the hardware and software is working.
and also it helps to understand bootup issues.
to identify and fix boot up issues.

RHEL 7 & 8 RHEL 5 & 6

1. BIOS (HW) 1. BIOS
2. MBR ( OS ) 2. MBR
3. GRUB ( OS ) 3. GRUB
4. Kernel ( OS ) 4. Kernel
5. Systemd ( OS ) 5. INIT
6. Runlevel
the above 5 stages will execute between power on to login prompt

Stage 1 : BIOS ( Basic input output system)

as soon as we power on server smps will supply power to mother board.
the first program is post which will execute.
POST (power on self test)
the below 3 tasks will exuecte in BIOS stage
sub task 1: POST
sub task 2 : CMOS
sub task 3 : BIOS
Sub task 1 : POST
Post will do the self test or health checkup of all components which are
connected to mother board.
hard disks
RAM
processor
Flopy disk
.......

post is a program which is integrated inside chip.

chip is a predefined program. inside chip post injected by hardware vendor. If
mothoder board is developed by dell then who injected post program in chip dell.
suppose post noticed RAM issue or RAM is not conneted properly then post will
give the beep sound.
administrator will understand it's giving beep sound so problem with RAM
suppose no hard is found error message on screen?
problem is may hard disk is not connected or it courrupted.

Sub task 2 : CMOS (complementary metal-axide semiconductor)

cmos will capture server critical information before server goes down. i.e
date & time, ram cache memory, recenly opened programs

while server booting up cmos will give critical information back to RAM

eg : you will power off laptop or server on july 12th 2021 and power on it
back on 2022 jan 1 .
that time we can see updated date and tme

how it happening is the cmos program will store the current date and time and
it keeps update with help cmos battery.
for cmos who is supplying power?
cmos battery
Sub task 3 : BIOS
in this task bios will identify bootable disk and hand over control to next
stage.

eg : CD ROM
disk
 floppy
usb

Bios will look for OS in connected components as per order like disk, cd, usb..
once it find the OS in any of components then pass control to MBR
post : it does the health checkup of all the components which are connected mother
board.
once post task completed then cmos will give critical information back to RAM.
then bios will identify OS in connected disks and pass control to MBR once it finds
the OS.

Stage 2 : MBR
Master boot recorder
it is a simple program which will be in first sector of OS disk.
512 bytes nothing 1/2 KB.

MBR or 512 bytes maintaince next stage information that is grub information.
is grub is in good condition to take control or not that is what MBR
maintains.

512 bytes
446 bytes are occupied by next stage information(grub) nothing but
primary boot loader information.
64 bytes are occupied to maintain partition table infromation
2 bytes are occupied by validator which will validate is primary
boot loader is in good condition or not(grub)
-----
512

MBR is a mediator who is maintaining next stage information. If next stage(grub) is

in good condition then pass control to grub
incase grub is not in good condition then MBR will print error message like
grub error.

who will validate grub condition?

MBR
who will print grub error?
MBR

MBR just pass control to Grub if grub is in good condition.

Stage 3 : Grub ( grand unified boot loader)

rhel 4 ==> LILO linux loader
rhel 5 & 6 ==> grub
in rhel 7 & 8 we have grub2 version
grub maintaince installed operating systems information.
like rhel 7.2
rhel 7.5
rhel 7.9 default is 7.9 then automatically 7.9 will boot each and
every reboot.
currently in one machine or server 3 OS's are installed which are those 7.2,
7.5 and 7.9.

like rhel 7.2

rhel 7.5 default is 7.5 then automatically 7.5 will boot each and
every reboot.
rhel 7.9
currently in one machine or server 3 OS's are installed which are those 7.2,
7.5 and 7.9.
now os administrator able to choose which os needs to bootup.
grub will help to choose os which needs to boot up.

grub is a just boot loader which is providing facility to choose which one has to
boot up during server coming up.

grub is a boot loader which will maintain multiple os's or kernels and it provide
facility to choose which kernel or os has too bootup.

suppose it automatically selected 7.2 os grub will pass control to 7.2

kernel
suppose it selected 7.5 then 7.5 kernel will load or grub will pass
control to 7.5 kernel.
grub config file: /boot/grub2/grub.cfg
here we will define default kernel or os
while server is booting up grub will look default setting in
/boot/grub2/grub.cfg and pass controls to that particular kernel.

Stage 4 : Kernel

sub task 1 : Load drivers and modules

sub task 2 : mount / file system in read only mode
sub task 3 : execute systemd process

sub task 1 : Load drivers and modules

audio will have audio driver . audio driver is mandatory to play any
audio.
network will have network driver. network driver is mandatory to be in
network or to connect to other machine over the network.

/boot directory there will 2 important files

1. initramfs : what is initramfs? initramfs is nothing temp / file
system. initramfs will contain data of /. it will help to load drivers and modules.
2. vmlinuz : It loads the drivers and modules

vmlinux is depending on initramfs? yes because vmlinuz can't execute without

temp /. who is temp / initramfs.
*** what is initramfs? what is the role of initramfs? explain about initramfs?
initramfs is a temporary / file system. it help to load drivers and modules
during server boot up.
initramfs will unmount automatically once original / file system mounts in
read only mode.
*** / file system will mount in which stage during bootup?
kernel
*** / file system will mount in which mode?
read only mode

sub task 2 : mount / file system in read only mode.

now original / file system is mounted or not? yes

once original / file system mounts then temp / (initramfs) will unmount
automatically.
sub task 3 : execute systemd process
systemd is the first process of operating system.
it ocupies process id 1.

rhel 4, 5, 6 = /sbin/init pid =1

rhel 7 & 8 = systemd /usr/lib/systemd/systemd pid=1
*** what is the process id of systemd?
1
what about init process id?
1

Stage 5 : systemd
systemd program will look for default.target . systemd will execute default
target.
default target programs will execute parlely.
finally we will get login prompt.

RHEL 4,5,6 Targets

Runlevels (7) 5
run level 0 shutdown init 0
poweroff.target
run level 1 single user mode init 1
rescue.target
run level 2 cmd line without nfs services init 2
multi-user.target default
run level 3 cmd line with nfs services init 3 default
run level 4 R & D (research and development) init 4
run level 5 graphical (gui) graphical user interface init 5
graphical.target
run level 6 reboot init 6
reboot.target

how to print current runlevel?

runlevel or who -r or systemctl get-default
how to set default runlevel?
systemctl set-default graphical.target

Created symlink from /etc/systemd/system/default.target to

/usr/lib/systemd/system/graphical.target.

original target program is in /usr/lib/systemd/system

here target programs will be there this target will link to etc default
target file
/usr/lib/systemd/system/graphical.target =========>
/etc/systemd/system/default.target

cd /usr/lib/systemd/system
ls -l
lrwxrwxrwx. 1 root root 15 Jun 30 21:44 runlevel0.target -> poweroff.target
lrwxrwxrwx. 1 root root 13 Jun 30 21:44 runlevel1.target -> rescue.target
lrwxrwxrwx. 1 root root 17 Jun 30 21:44 runlevel2.target -> multi-user.target
lrwxrwxrwx. 1 root root 17 Jun 30 21:44 runlevel3.target -> multi-user.target
lrwxrwxrwx. 1 root root 17 Jun 30 21:44 runlevel4.target -> multi-user.target
lrwxrwxrwx. 1 root root 16 Jun 30 21:44 runlevel5.target -> graphical.target
lrwxrwxrwx. 1 root root 13 Jun 30 21:44 runlevel6.target -> reboot.target

how to boot with old or previous kernel?

rhel 7.8 0
rhel 7.5 1
rhel 7.0 2
how to print default kernel?
grubby --default-kernel
how to set specific kernel to boot in next boot time?
 i want to boot rhel 7.5
grub2-set-default 1
==================================== output=========
[root@localhost ~]# grub2-set-default 1
[root@localhost ~]# grubby --default-kernel
/boot/vmlinuz-3.10.0-123.el7.x86_64
[root@localhost ~]# grub2-set-default 0
[root@localhost ~]# grubby --default-kernel
/boot/vmlinuz-3.10.0-862.el7.x86_64
[root@localhost ~]#

how to rebuild initramfs

cd /boot
dracut -f initramfs-3.10.0-123.el7.x86_64.img 3.10.0-123.el7.x86_64
how to read initramfs data
lsinitrd /boot/initramfs-3.10.0-123.el7.x86_64.img | more

================================================Networking
==========================================================

what is network?
IP Classes?
how to assign ip address for the linux box?
Nic bonding(network level HA) disk level HA = RAID network level HA is NIC
bonding
services:
1. FTP Imp
2. SSH vimp
3. SFTP vimp
4. NFS vvimp
5. SAMBA imp
6. NTP
7. DNS imp
8. HTTP
9. Rsync imp

what is network?
creating connectivity between more than 2 systems or 2 components for
transfer data or voice.

2 components
one mobile to n number of mobiles
one computer to n number of computers
one server to n number of servers

how we are creating network?

WIFI (wire less)
cable ( wire)

what is data? eg: file, video, audio, text message

what is voice? eg : mobile call, communicator call

types of networks
1. Intranet (LAN) Local area ntwork : creating network
within building for all the components.(private)
2. Extranet (MAN) Metropolitan area network : creating
network between branches within one city. eg : one building to other
3. Internet (WAN) wide area network(public)
desktop environment (pc or laptop) = patch panel . patch panel is nothing board all
the network cables connected to one Board(LAN)
server envirnoment (servers) = switches

Address (IP address)

IP = Internet protocol
IPV4 = 32 bits
IPV6 = 128 bits
11111110 = 8 bits
computer language ? binary(01)

11111100.00111010.11000011.00010011
8 bits 8 bits 8 bits 8 bits
1 byte 2nd byte 3rd byte 4th byte
1octet 2nd octet 3rd octet 4th octet

address should be unique

1. private IP
2. public IP

1 to 255

1.1.1.1
1.1.1.2
1.1.1.3
1.1.1.4
255*255*255*255

IANA is community who will manage the network for world.

categorizing IP's
IANA = Internet assigned number authority

total 255

IP Classes
Class A 0 - 127 (pub & private) network
Class B 128 - 191 network
Class C 192 - 223 network
Class D 224 - 239 multicasting
Class E 240 - 255 R & D

private public
Class A 10.0.0.0 165laksh ips 1.0.0.0,
2.0.0.0,3.0.0.0
Class B 172.16.0.0 - 172.31.0.0
Class C 192.168.0.0

out of 255 only 3 numbers are given for private remaining all for public.
10, 172,192

11.1.1.1= public or private? public

197.1.1.2 = public
9.9.1.1 = public
192.166.1.1 = public
192.168.1.1 = private
10.1.1.1 = private
 public ip
accenture 5 lakshs 10.1.1.1 =========> whatsup
IBM 6 lakshs 10.1.1.1 =========> facebook, icicinetbanking,

end user ==> Airtel(ISP) ==> IANA

ISP = Internet service provider

swtich = forwarding traffic (creates network) ==> network team

router = forward and backward traffic ( public to private) & private
to public. ibm network to accenture network . one network to other network
firewall = security component. it will monitor the packets(data) and
filter. what packet is coming inside and what packate(data)is going out.
restricting one system should not come inside, allowing network.
firewall is nothing but security person who will monitor
and protect your network.
load balancer = Balance the traffic for backend pools

outside inside
ftp ====> firewall ==> system
block ftp
http ===> firewall ====> web site
allow

how to get ethernet cards information?

ip a
or ifconfig -a

1. lo loopback
loopback is default virtual ethernet card. it will exist for all components
use: within the system services will comunicate through loopback.
2. ethernet card
is used for communicate with remote machines.

MAC: Media access controller

each and every ethernet card will have unique hardware number that is MAC
address.
00:0c:29:f4:ee:ba
00:0c:29 = serial number of manufacture ( dell is
manufacturer) whaterver ehternet cards are manufac will have
same number i.e 00:0c:29
f4:ee:ba = serial number of product
HBA: Host bus adapter
unique name or number? wwn

there are 2 Ways to assign IP address

1. Static IP
2. DHCP IP ( Dynamic Host configuration
protocol)

1. static IP : we will decide ip and assign ip to machine it's going to be

persist(permanent)
make sure no other system is using same ip.
2. DHCP
there will be dhcp server or tool to assign ip addresses to servers.
dhcp will decide ip address based on availability and assign ip to server.
server is down for 2 days then dhcp server will take it back the
ip.
adv: there will not be any IP conflict
dis : in case dhcp server goes down then none client machine will have ip.

ethernet card configuration file will be in

/etc/sysconfig/network-scripts
ifcfg-ens****
ifcfg-eth****
ifcfg-eno33****

how to find out speed of ethernet card?

dmesg | grep -i ens33
[ 33.794945] IPv6: ADDRCONF(NETDEV_UP): ens33: link is not ready
[ 33.805415] e1000: ens33 NIC Link is Up 1000 Mbps Full Duplex, Flow
Control: None

1000 Mbps ( mega bytes per sec)

=================================================please start using tab

key***********************

vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
DEVICE=ens33
ONBOOT=yes
IPADDR0=192.168.145.100
IPADDR1=192.168.145.101
IPADDR2=192.168.145.102
PREFIX0=24

BOOTPROTO=dhcp/static/none
ONBOOT=yes
what is onboot? onboot=yes means ethernet card should comeup during server
booting up
onboot=no means ethernet card should be in down state while
server coming up
IPADDR0=192.168.145.100 primary
IPADDR1=192.168.145.101 secondary ip for same ethernet card(ens33)
IPADDR2=192.168.145.102 secondary ip for same ethernet card(ens33)

subnet or netmask or prefix

A Class 255.0.0.0 ( 8 ) 10.0.0.0 network. system. system. system
B Class 255.255.0.0 (16) network. network. system. system
C Class 255.255.255.0 (24)

ifup ens33 or ifup eth0 or ifup eno22334555

ifdown ens33 or ifdown eth0

ping
telnet
nc
traceroute
netstat or ss

ping is for to test the connectivity between one to other machines.

ping remotemachineip
 we can expect the response back
====================
[root@localhost ~]# ping 192.168.145.100 -c 3
PING 192.168.145.100 (192.168.145.100) 56(84) bytes of data.
64 bytes from 192.168.145.100: icmp_seq=1 ttl=64 time=0.314 ms
64 bytes from 192.168.145.100: icmp_seq=2 ttl=64 time=0.340 ms

ping will confirm you route between machine to machine

ping is not there from one machine to other machine

1. make sure both machines has ip address
2. make sure remote machine is up(running)
verified above 2 things but still there is network
server 1 in switch1
server 2 in switch 2
request network team there is network between switch 1 to switch 2. if not
there route then ask them to allow.
telnet
services :
20/21 ftp to transfer data from one machine to another machine. first ftp will
check there is a route or not from source to destination then data will start
transffering to remote machine. network is route ftp is service to carry the
data.
ssh 22
sftp 22
nfs 2049
samba 137/138
ntp 123
dns 53
http 80
rsync 22

how to check service status in remote machine?

telnet remotemachineip servicenumber(port number)
telnet 192.168.145.100 22

checking ssh service status in 192.168.145.100 machine.

ctrl + ]
quit

how to install httpd?

yum install httpd
how to check service status
systemctl status httpd
how to restart particular service
systemctl restart httpd
systemctl stop httpd
systemctl start httpd
systemctl status sshd
systemctl start sshd
systemctl stop sshd
systemctl restart sshd

systemctl status vsftpd

systemctl start vsftpd
systemctl stop vsftpd
systemctl restart vsftpd
 ping is for test route
telnet will check service(bus,car,....)status in remote machine. if we get
connection refused that means service is not ready in server machine.
packets(data) will not reach to destination when service is not in
running state in server side.

yum server 192.168.145.100

m2 192.168.145.20
m3 192.168.145.21
req : m3 want to connect m2 on 22 port

telnet is a tool for test service status from one machine to other machine.

how to list out all installed services and status?

systemctl list-units --type=service

NC : net cat

nc is alternative tool for telnet command

most of the organizations will not allow to use telnet command or tool.

telnet NC (nmap-ncat) rpm -ivh

nmap-ncat.****************
connection orient connection less
using telnet we can sent packates(data) we can't sent
packates(data) using NC . zero packates will be sent.
TCP can check only for tcp services NC can supports
both transportations(tcp & udp)

tcp & UDP

syn: telnet <remotemachine ip > <portnumber>

nc -vz <remote machine ip > <portnumber>

network, ethernet cards, how to assign ip, ping,telnet, nc

ping will confirm you route status but will not tell in which place packates are
dropping or till which place (hub) packates are reaching.
traceroute

Traceroute: trace the route from source to destination

between source(Bangalore) to destination(Tirupathi).
ping is not working between source and destination
traceroute 192.168.145.100 using trace route command we can identify in
which area route is blocked or which hub route is blocked.
ip IP IP
server1 ==> switch1 ==> router1 ==> router3 ==> router5 ==> router 8 ==>
firewall2 ==> router9 ==> router7 ==> router12 ==> Switch 4 ==> server2
hub1 hub2 hub2
hub4 hub5 hub6 hub7
hub8 hub9 hub10
using traceroute we can confirm up to which hub packate is reaching. which hub
couldn't transfterring packate to next hub.
* maximum trace route can test 30 hubs between source to destination.

traceroute 192.168.145.20
traceroute -p 22 192.168.145.20
 netstat or ss

netstat were there in rhel 4,5,6

ss and netstat will work in rhel 7 & 8.

systemctl status service

ss or netstat will tell you on service how many connections are there.
eg: ssh is the service
using ssh service how many clients are connected that ss or netstat will
confirm you

Listen : service is in running state and server is ready to accept the

connection
established : how many clients are connected on port number

netstat -nap
n - network
a - all
p - process id

NIC Bonding

RAID = to configure HA between disks

High availability
Services level = clustering . what is use of clustering is ? 2 more than 2 systems
will be configured with same services setup. incase any one server goes down also
there will not be any impact because same service is available in other machines.

network level HA we will get through NIC bonding

min we will go with 2 ethernet cards . use these 2 ehternet cards we will configure
the HA.

modes
mode0 (rr) round robine = HA and Load balancing . both the ethernet
cards will be in active. both ethernet cards will take the load
mode1 (AB) active- backup = at a time 1 will be in active and other one
will be in backup state. you will not get load balancing.
mode2
mode6

pre-requisite :
make sure 2 ethernet cards are connected to server

step 1 : open first ethernet card and do below modifications

vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes

step 2 : open second ethernet card and do below modifications

vi /etc/sysconfig/network-scripts/ifcfg-ens38
BOOTPROTO=none
 ONBOOT=yes
MASTER=bond0
SLAVE=yes

Step 3 : create new virtual ethernet card and do below changes

BOOTPROTO=none
DEVICE=bond0
ONBOOT=yes
IPADDR=192.168.145.200
PREFIX=24
BONDING_OPTS="mode=1 miimon=100"
Step 4 : disable Networkmanager service and restart network
task 1 : stop the NetworkManager service (systemctl stop NetworkManager &&
systemctl disable NetworkManager)
task 2 : restart the network service (systemctl restart network)

below command will give the bonding status

cat /proc/net/bonding/bond0

FTP
File transfer protocol

1. It is very fast, stable and efficient service to transfer data over the
intranet and internet.
2. It supports only files transfer , using ftp we can't transfer
folders/directories.
3. Data transimitting in binary format.
binary(01010101)

draw back : Data security

because data is traveling in binary format . easy to extract binary
format.

5 things about service

1. Package name : vsftpd openssh
2. service name : vsftpd(start the service) sshd
3. Daemon name : vsftpd sshd
4. Port number : 20/21 22
5. configuration file : /etc/vsftpd/vsftpd.conf /etc/ssh/sshd_config

** what is Daemon: daemon is nothing background process of service

when we start service automatically daemon also will start.
whe we stop service automatically daemon also will stop.
how to find out is daemon is running or not?
ps -ef | grep vsftpd
how to start daemon?
systmctl start vsftpd

computer and network can't understand names.

ftp = 20/21
ssh = 22
nfs = 2049
http = 80
configuration file: we can specify instructions for service.
apply instructions in configuration file and push instructions using service
restart
server = 192.168.145.200
client = 192.168.145.20
server machine:
step1 : Install vsftpd & start service in server machine
yum install vsftpd
systemctl start vsftpd
note : please stop and disable firewall
systemctl stop firewalld
systemctl disable firewalld
also disable selinux
vi /etc/selinux/config
SELINUX=enforcing
to
SELINUX=permissive

save and comeout from /etc/selinux/config

setenforce 0
Client machine
Step 2 : Install ftp pkg
yum install ftp
ftp serverip
or
ftp username@serverip
ftp [email protected]

babu user is present in which machine?

remote machine(ftp server)
after connect if we execute pwd . it executes in remote machine
ftp>pwd
it prints the print working directory in remote machine
ftp>!pwd
! = local or current machine
it prints the print working directory in local machine

pwd = after connect to remote machine

remote machine pwd
!pwd = local machine pwd
ls =remote
!ls = local(client) machine
get = download file from remote machine to local(client)
put = upload file from local to remote.
mget = multiple files download
mput = multiple files upload

bye for disconnect

how to deny user for ftp service?

vi /etc/vsftpd/ftpuser
append username in this file to block user for ftp
service

server 1 has data

server 2 want to download
 how to access FTP server through the browser

how to disable anonymous users for ftp server?

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
to
anonymous_enable=NO

FTP service use the 2 ports 20 and 21.

20 = Data transfer
21 = connection

** what is the difference between active and passive modes?

the default mode is in unix servers?
passive
for windows machines the default mode is?
active

passive active
data port will be decided by server. Data port will be
decided by client.

client ===> ftp server

2000 ===> server has allow 2000
next 3000 ===> ftp server has to allow 3000
INPUT rule
client <==== ftp server
for server OUTPUT

wha is default anon users home directory?

/var/ftp

How to change the anon users default path?

vi /etc/vsftpd/vsftpd.conf
anon_root=/ftp

mkdir /ftp
chmod -R 777 /ftp
systemctl restart vsftpd

SSH
Secure shell

Advantages:
1. very secure: data will travel in encryption format. unauthorized users(hackers)
can't open data.
2. we can transfer files and directories using ssh service
3. remote administration can possible through ssh service.

draw back is : Bit slow because it has to do hand shak,encrypt data and transmit.
 what is ssh background functionality or architecture of ssh service

1. Handshak
2. Create tunnel
3. transfer encrypted data

there will be 2 keys by default in all machines.

1. private key ( to open packet or to decrypt packet)
2. public key ( to parcel packet or to encrypt packet)

5 things about service

1. Package = openssh
2. service = sshd
3. daemon = sshd
4. port number = 22
5. configuration file = /etc/ssh/sshd_config

How to connect remote machine using ssh service?

ssh <remote machine ip>
ssh username@remote machine ip
ssh -l username remote machine ip
the above commands are for linux to linux or linux to any of unix flavours.

putty is a software which we installed in windows machine. using putty we are able
to connect linux machine from windows.

how to copy file or directory through scp ?

syn:
scp <filepath in source> username@ipofremotemachine:/path

scp /tmp/testfile [email protected]:/home/babu/

scenario 1 : Deny root user login through ssh service

scenario 2 : Deny normal users login through ssh service
scenario 3 : change ssh service port number
scenario 4 : configure password less authentication between machine to machine.
scenario 5 : configuring banner massege for ssh login users.

scenario 1 : Deny root user login through ssh service

step 1 : change following parameter PermitRootLogin in /etc/ssh/sshd_config

PermitRootLogin yes
to
PermitRootLogin no
step 2 : restart sshd service to reflect the recent changes
systemctl restart sshd

use cases: root is a common user or not? yes

unix team capacity is 10 members, is root password is required for all
10 users? yes because they are administrators.
so root is common user

draw back or complaince if we didn't deny the root user:

10 users knows root user password they are login to machine directly using
root credentials.
one of administrator deleted /boot data
how to identify which user is delete /boot data? there is no way to identify
who deleted data

recommendation is : deny root user for ssh service

if we denied root user through ssh service. user will use his own credentials
to login and then switch to root user if he want to do any administrator tasks.
there will be a proper log in /var/log/secure like so and user switched
to root user at so and so time.
rhel = /var/log/secure
suse = /var/log/messages

-----------------------------------------------------------------------------
-------------------------------------------------------------------------------
Jul 23 13:01:37 b24vm01 sshd[5327]: Accepted password for babu from
192.168.145.1 port 53979 ssh2
Jul 23 13:01:37 b24vm01 sshd[5327]: pam_unix(sshd:session): session opened
for user babu by (uid=0)

Jul 23 13:02:03 b24vm01 su: pam_unix(su-l:session): session opened for user

root by babu(uid=2037)

-----------------------------------------------------------------------------
-----------------------------------------------------------------------------------
--

scenario 2 : Deny normal users login through ssh service

there will be service accounts or application users
oracle db will have service account that is oracle
this oracle user is used for stop/start the database.
the stop and start will work only for root and oracle users.

db team capacity is 10 users. is that oracle user is common user for all db
team? yes

application is sap = common user is sapuser

deny the sap user = individual credentials ==> switch to ==> sap user
deny the oracle user = Individual credentials ==> switch to ==> oracle user
deny the root user = Individual credentials ==> switch to ==> root user

add DenyUsers parameter end of the file.

vi /etc/ssh/sshd_config
DenyUsers babu,oracle

scenario 3 : change ssh service port number

step 1 : in configuration file
Port 2222
step 2 : allow 2222 port in selinux
semanage port -a -t ssh_port_t -p tcp 2222
step 3 : restart sshd service to reflect the changes
systemctl restart sshd

reserved port numbers information maintained in /etc/services

connecting to remote maching with new ssh port number
-p
-p2222
ssh 192.168.145.200 -p2222

scenario 4 : configure password less authentication between machine to

machine.

requirement : machine 1 wants to connect with with machine 2 without passowrd

solution: machine 1 has to share his public key with machine 2
then machine 2 will allow machine 1 user without password

192.168.145.200 (prasad) wants to connect 192.168.145.20(babu)

here prasad has to share public key with 192.168.145.20(babu)

step1 : generate keys as a prasad user

note : make sure you logged in as prasad and generate keys
ssh-keygen
===========================
[prasad@b24vm01 .ssh]$ ls
id_rsa id_rsa.pub
[prasad@b24vm01 .ssh]$ pwd
/home/prasad/.ssh
[prasad@b24vm01 .ssh]$ whoami
prasad
[prasad@b24vm01 .ssh]$
================================
id_rsa private key
id_rsa.pub public key
step 2 : share public key with remote machine
cd
cd .ssh
ssh-copy-id -i id_rsa.pub [email protected]
first time it will prompt for babu password

alternative way to configure password less

step 1 : generate keys in source machine(192.168.145.200) as a prasad
user
note : make sure you logged in as prasad user before generate
keys
ssh-keygen

copy or cat public key

step 2 : login to remote machine(destination machine) and switch to
babu user

create .ssh folder inside babu user home directory

mkdir .ssh
chmod 700 .ssh
cd .ssh
vi authorized_keys
here copy public key of prasad user
chmoe 600 authorized_keys
scenario 5 : configuring banner massege for ssh login users.

vi /etc/mybanner
we will get content from security team

welcome to google company server. Notifying that please login to

system if your autherized.

step 2 : update banner file in /etc/ssh/sshd_config file

Banner /etc/mybanner

step 3 : restart the sshd service

systemctl restart sshd

SFTP
Secure File transfer protocol

ftp
ssh
SFTP It's part of ssh service only like scp.

pkg : openssh
service : sshd
daemon : sshd
port : 22
configuration : /etc/ssh/sshd_config

ssh: scp and SFTP

what is the ssh port number ?

22
what about sftp port number?
22
because sftp is part of ssh service.
how to deny user for sftp service?
include username in /etc/ssh/sshd_config
DenyUsers username

ftp remotemachineip
sftp remotemachineip (through ssh)

NFS
Network file system

ftp : Binary format ( no security)

ssh : encrypted format
nfs : ?

file system(partition) will be in network for remote machines access.

It's a centralized network file system.
clints can mount based on access .
 5 things about service
1. Pkg : nfs-utils
2. service : nfs-server
3. daemon : nfsd,mountd,nfslogd,statd & lockd
4. port : 2049
5. configuration file : /etc/nfsmount.conf and
/etc/nfs.conf

make sure nfs-utils pkg is installed then export the file system.

vi /etc/exports
/oradata *(rw,sync)

eg:
* means = all the systems in network (world)
/oradata 192.168.145.20(rw,sync)

granting nfs file system access only to 192.168.145.20

machine.
/oradata
192.168.145.20,192.168.145.21(rw,sync)
granted access to 2 machines.
/oradata 192.168.145.*(rw,sync)
granted access to full 145 subnet(network)

rw = read and write access to client machines

ro= read only granted read only access to client machines.
sync and async?

exporting file system in server machine:

step 1 : make sure nfs-utils package is installed
step 2 : export the file system
vi /etc/export
/oradata *(rw,sync)
step 3 : restart nfs-server service
systemctl restart nfs-server

check is the file system is exported or not?

exportfs

please stop the firewalld service

systemctl stop firewalld
systemctl disable firewalld

Mounting file system in client machine

step 1 : check the connectivity between client machine to nfs server
ping 192.168.145.200
telnet 192.168.145.200 2049
make sure nfs-utils package is installed in client machine.
step 2 : create one local directory and mount the nfs file system
mkdir /oradata
mount 192.168.145.200:/oradata /oradata
step 3 : add file system in /etc/fstab file
vi /etc/fstab
192.168.145.200:/oradata /oradata nfs defaults 0 0

difference between sync and async

 difference between soft mount and hard mount
difference between root_squash and no_root_squash options
if df -h command is struck in client machine. How you will troubleshoot?

nfs works only for unix machines.

export options:
/oradata *(rw,sync)
/oradata *(rw,async)
*** what is the difference between sync and async option in nfs?
sync: nfs server will give aknowledgement to client machine once complete
data transfer to server machine.
eg : client initiated transferring 4 gb data to nfs server. here nfs
server will confirm or ack back to client machine once 4 gb data copied to server.
Async : nfs server will give aknowledgement to the client machine as soon as
client start transffering data to server machine.
async will not wait until data transffer to nfs server. starting itself
server will confirm back to client like data is recieved.

*** which option will imporve the nfs server performance sync or async?
async
how async will give better performance at nfs server end is? nfs server will
give ack to nfs client machine as soon as client start transffering data.
async will not compare or check source and target size

*** what is the difference between root_squash and no_root_squash options

root_squash : only nfs server root user will have full permissions on
exported file system.
remote machine root users will not have full permission on exported
file system.
adv: single administrator(nfs server root user)
the default option is root_squash.
remote root users file
nfsnobody nfsnobody
no_root_squash : Remote root users will have full permissions on exported
file system along with local root.

100 client machines are using nfs file system, so how many
administrators are there on exported file system?
100 machines root users.
remote root users file
root root

*** wha is the difference between soft mount and hard mount?
192.168.145.200:/oradata on /oradata type nfs4
(rw,relatime,vers=4.1,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp,port=0,ti
meo=600,retrans=2,sec=sys,clientaddr=192.168.145.20,local_lock=none,addr=192.168.14
5.200)

vers=nfsversion 4.1
rsize= read size
wsize=write size
hard
timeo=600 timeout
retrans=2 times

soft 2 time with 600 sec

 hard : the default functionality of hard is , client will try to access
server data continuesly incase connection is intupted between client and server.
server is down for 2 days but client keep try to reach nfs server
if hard mount is specified
file system mounts back once connection issue is resolved between nfs
client and server.

soft : the default functionality of soft mount is, client will try to access
server with limitted times after reaching limitted times client will not try to
reach server.
eg : 2 intervals with 600 sec timeout
soft will try first time after 10 min and second time again
after 10 min.
max 2 times with 20 min after 2 time with 20 min client
will not try to reach server.

file system will not mounts back once connection issue is resolved
between nfs client and server
here administrator has to mount nfs file system manually once
connection issue is resolved.

soft: mount 192.168.145.200:/oradata /oradata -o soft

hard: mount 192.168.145.200:/oradata /oradata
whis is the default mount option, soft or hard?
hard

**** how to get nfs server version

nfsstat -s | grep -i "server nfs"
**** how to get nfs client version
nfsstat -c | grep -i "Client nfs"

autofs

we will use autofs method to access the nfs file system. advantages of autofs
is,
1. we can save network bandwithd between client machine to nfs server
2. It improves NFS server performance.

file system will mount when user access the file system. automatically it
unmounts incase not using for 5 min.

in client machine file system will get unmounted when we are not using and also
file system will be mounted back as soon as we start using file system.

In client machine
step 1: install autofs pkg incase not installed
yum install autofs
step 2 : add below entry in master file
vi /etc/auto.master
/- auto.misc
step 3 : configure the file system details in /etc/auto.misc file
/oradata -fstype=nfs 192.168.145.200:/oradata

step 4 : restart the autofs service

systemctl restart autofs
 in case following fstab entry means
192.168.145.200:/oradata /oradata nfs defaults 0 0

configuration file of autofs : /etc/autofs.conf

service : autofs

*** df -h output got struck. what is the issue? how we can resolve this issue?

cause: may be nfs file system is not able to mount

problems: server side

problem 1 : may be nfs server is down solution : ping to nfs server
from client machine ==> ping nfsserverip
problem 2 : may nfs service is down
problem 3 : may someone un-exported nfs file system in server side
problem 4 : May wrong entries in /etc/exports file . nfs service will
not start up incase there are wrong entries in /etc/exports file
problem 5 : may firewall is blocking

first check the connectivity between nfs client machine to nfs server
telnet 192.168.145.200 2049
if connection is not there then i will check below problems.
problem 1 : may be nfs server is down
identified nfs server is down.
what next?
vmware machine: login to vmware vcenter and power on that particular machine
cloud : login to azure portal and power on that particular machine
later we will identify root cause for server power off
problem 2 : may nfs service is down
identified nfs service is down
we will login to nfs server and check nfs service status "systemctl
status nfs-server"
bring up nfs service if service is down
systemctl start nfs-server
systemctl enable nfs-server service will start when server is coming
up.

problem 3 : may someone un-exported nfs file system in server side

identified : some one removed entry in /etc/exports
solution : add entry again and start the nfs service
later we will identify who unshared file system

problem 4 : May wrong entries in /etc/exports file . nfs service will not start up
incase there are wrong entries in /etc/exports file
identified : some one added wrong entries in /etc/exports file so nfs service
was not started
soultion : correct the wrong entries in /etc/exports file and restart the
service
problem 5 : may firewall is blocking
server is up and nfs service is running but still client couldn't able
to mount the nfs file system.
in this situation may issue with firewall
1. firewall at os level
2. network firewall which is maintaining by network team
we can check firewall service at os level
systemctl stop firewalld
systemctl disable firewalld
open case with network team for allow 2049 port between client machine to nfs
server
source : client machine
destination : nfs server
port : 2049

passive : ftp server will decide random port and map data tranfer from 20 to
random number. random port is opened by server.
active : ftp client will open random port number for data transfer and request ftp
server to map and start transfering.
each and and every time client will comeup with new random port number.
server has to allow that.
20 data 20 ==> random port to transfer data
21 cmd/connection
SAMBA

nfs : file system export = unix servers to unix servers

samba : file system export = unix to windows as well windows to unix servers.

scenario 1 : export file system in windows and mount it in linux server

scenario 2 : export file system in linux and mount it in windows

ftp : data transfer

ssh : data transfer
sftp : data
nfs : data
samba : data

using samba service we can transfer data across cross platforms, mean unix to
windows and windows to unix servers.

5 Things about service

pkg : samba,cifs-utils,keyutils
service : smb
daemon : smbd
port : 137,138,139 and windows side 445
configuration file : /etc/samba/smb.conf

scenario 1 : export file system in windows and mount it in linux server

how to list out exported file system in windows?

In run prompt enter==> \\localhost

note : don't export directory from desktop

you can export directory from any other drives eg : d:

exporting directory in windows machine

create new directory in D drive ==> right click on that ==> share with
==> specific people ==> down arrow select every one ==> grant read and
write permissions ==> share

later we created one user with password

how to know the ip address of windows box?

in cmd line enter following command ==> ipconfig

how to mount windows share drive in linux

yum install cifs-utils
mkdir /b24sharedrive
 mount -t cifs //192.168.145.1/B24sharedrive /b24sharedrive -o
username=babu,password=Test@12345
cifs = common internet file system
df -h

Hidding samba credentials while mounting windows share

create hidden file in root user home directory.

vi /root/.smbcredentials
username=babu
password=Test@12345

mount -t cifs //192.168.145.1/B24sharedrive /b24sharedrive -o

credentials=/root/.smbcredentials

vi /etc/fstab
//192.168.145.1/B24sharedrive /b24sharedrive cifs
defaults,credentials=/root/.smbcredentials 0 0

===============scenario 2 : export file system in linux and mount it in

windows=========================

yum install samba

step 1 : decide which directory or mount point want to export for widnows machine
mkdir /winshare
chmod -R 777 /winshare
step 2 : export /winshare directory
vi /etc/samba/smb.conf

add below lines

[winsharefromprasad]
path = /winshare
read only = no
valid users = prasad raja

step 3 : set samba password for prasad user

smbpasswd -a prasad
using this password only we are going to access unix share from windows box.
normal password password will not work.
step 4 : restart smb service
systemctl restart smb

how to list out samba users

pdbedit -L

disable selinux
setenforce 0

windows machine
run prompt
\\192.168.145.200
in login prompt
192.168.145.200\prasad
password
permanent:
double click on my computer
add a network location

Firewalld , Selinux & difference between TCP and UDP

========================================

1. Firewall

what is firewll? firewall is a security component at network level.

physical firewall = which is managed by network team
OS level firewall = OS administrator will manage firewall rules at os
level firewall

firewall will maintain the rules. what is the rule? one policy for
traffic allow or deny.

source and destination on 22 is allowed

rule no 1 : 192.168.145.20 ==> 192.168.145.200 22 allowed
who will write this rules ? physical = network administrator OS level
firewall = OS administrator

advantages of physical firewall :

Monitor the packets
filter the packets
allow traffic
deny traffic
OS level firewall:
allow traffic
deny traffic
what is packate? packate is nothing but data.
what is data ? data is nothing binary format data?
transffering 1 GB file
network will understand 1 GB file is a data . that data divided as
packets.
data ==> parcel the packets ==> transfer to destination

writing input rule in 200 machine. we are allowing 20 machine through 2049
port
source = 192.168.145.20
destination = 192.168.145.200
port = 2049
protocol = tcp/udp
Input rule
output rule

my machine is = 192.168.145.200
other machine is = 192.168.145.20
20 machine want to connect 200 machine on 2049 port?

tell me which type of rule we have to write for 200 machine? Input
tell me which type of rule we have to write for 20 machine? output
pkg name = firewalld
 service = firewalld
daemon = firewalld
configuration file = /etc/firewalld/firewalld.conf

how to check firewall status?

systemctl status firewalld
how to know the which are services are allowed in firewall?
firewall-cmd --list-services

allowing traffic
firewall-cmd --zone=public --add-service=nfs --permanent
firewall-cmd --reload
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --zone=public --add-port=20/tcp --permanent
firewall-cmd --zone=public --add-port=21/udp --permanent
firewall-cmd --zone=public --add-port=20/udp --permanent
firewall-cmd --reload
firewall-cmd --get-default-zone
public

firewall-cmd --set-default-zone=external
how to deny service
firewall-cmd --zone=public --remove-service=nfs --permanent

SELinux
Secured enhanced Linux

he came through ftp service so we should allow only /var/ftp/pub not /etc/.
this kind of rules maintained or managed by selinux.

selinux maintaince many rules. pre-defined rules

getsebool -a

SELINUX modes
1. enforcing ( strickly follow the rules) recommended is
enforcing ============> by default
2. permissive (waring) it just prints the warning but it allows
the data
3. disable = no rules at all every allowed and have access on
data

how to get default mode?

sestatus
configuration file of selinux is /etc/selinux/config
how to disable selinux temp?
setenforce 0 now mode is permissive
setenforce 1 now mode is enforcing

how to allow particular rule

[root@b24vm01 ~]# setsebool -P samba_export_all_ro on
[root@b24vm01 ~]# setsebool -P samba_export_all_rw on
[root@b24vm01 ~]# setsebool -P samba_share_fusefs on

TCP / UDP
TCP = Transimission control protocol
UDP = User datagram protocol

ftp = tcp/udp
ssh = tcp
sftp = tcp
nfs = tcp
samba = tcp
dns = udp hostname and ip
ntp = udp date and time
http = tcp
dhcp = udp
rsync = tcp
protocol is nothing but process.
tcp follows some set of policies and udp follows different set of polocies
difference 1 : connection orient
TCP : connection oriented protocol . it establish connection to destion before
start data. it check the destination status and then start transfer data.
UDP : connection less protocol. It will not verify destination status. it trasfer
data without checking the destination person is avaialbe or not.

difference 2 :
security
TCP : very secure to transfer data because it establish connection to destination
and does the hand shak and then start transfer data
udp : not secure . it will not verifydestation status and also doen't do the
handshak.
realible
tcp : is very realible. in case packet failed to deliver to destination the tcp
will re-try to deliver packet.
udp : will not re-try for delivering failed packets.

Header size :
TCP: 20 bytes (source ip, destination, port number, ack number, retries, sequence
number,packate status ......)
UDP : 8 Byes ( source ip, destionation ip, portnumber)

performance(fast)
UDP is very fast

size of the pakate = tcp 64 bytes

udp 58 bytes

booting procedure will help to analyze and understand bootup issues.

here from power on to until we get login prompt 5 stages are involved.
the stage 1 is : BIOS
stage 2 : MBR
stage 3 : grub
stage 4 : Kernel
stage 5 : targets
coming to the stage 1 that is BIOS (basis input output system) this stage purely
belongs to hardware.
as soon we power on server
post pogram takes contrl and does the health checkup of all the
components which are connected to mother board.
post full form is power on self test
once self test completed then cmos loads the critical infomation back to main
memory.
cmos will capture critical information from os before server goes down. same
information pass back to main memory(RAM)
once critical information pass back to main memory then bios look for
bootable devices as per order.
bios will try for os in devices
eg : first priority is dvd and bios look for os in dvd if os not found in dvd
then move to next priority device and find out os.

once it find out os then pass control from BIOS to MBR.

now control is at MBR . MBR means master boot recorder.

it maintaince next stage information
it stores in first sector of device.
MBR capacity is 512 bytes
mbr maintaince next stage information is nothing grub information. Once mbr
finds valide grub then pass control to GRUB

now control is at GRUB stage.

grub is a boot loader. grub has capacity to maintain multiple kernels or
operating systems.
end user can set default kernel to boot up in grub.
grub will facilitate to choose which kernel want to load. i mean end user can
choose which kernel or which os want to boot.
if we didn't select any kernel then it boots with default kernel which we mentioned
in /boot/grub2/grub.cfg file
after 5 sec grub pass control to default kernel

now control is at kernel level

kernel loads the drivers and modules with help of initramfs
initramfs is nothing but temporary / file system.
drivers and modules will load once initramfs mounts and executes the initrd
program to load drivers(bonding, network manager, lvm module)
/ file system will mount in read only mode once drivers are loaded
finally systemd program will execute
now control is at targets

based on which target we set as default those services will start parlely.
finally we gets login prompt once all services are loaded or started.

DNS
Domain Name system

DNS service is for resolve name to IP as well IP to name

ftp= data transfer
ssh= data transfer
sftp = data transfer
nfs = data transfer
samba = data transfer
DNS = we will use this service to resolve name to ip as well ip to name.
what kind of data is travelling through DNS service is ?
hostname and IP

resolve = converting name to IP

converting IP to name

facebook web application = www.facebook.com

where is the facebook server address? IP address is the
address for machine or application
www.facebook.com

if you enter hostname the dns system will resolve hostname to ip

address and transfer traffic to right machine.

DNS types
1. Local DNS . Maintaining hostnames and IP address in invidual
machines
2. DNS server

M1 wants to connect with M6

ssh 192.168.145.19
ssh M6

private DNS server = which is maintaining by your

organization
public DNS server(root dns servers)= IANA control
IANA= Internet assigned number authority , it's
a world wide community who maintain the root dns servers.

How the IANA is distrubuting domain names?

https://uidai.gov.in/

2 types of domain names

GTLD (general top level domains
CC TLD (contry code top level domains)

GTLD: .gov .com .corp .org .info .edu .trav .nic (21)
CC TLD : .in .us .uk .sl .pk .nl

5 things about service

pkg : bind, bind-utils
service : named
daemon : named
port : 53 (tcp/udp)
configuration file : /etc/named.conf
zone files : 1. name to ip /var/named/forwardlookupzonefile
2. IP to name /var/named/reverseloookupzone file

Scenairo 1 : configure DNS server

scenario 2 : Integrate client machines with DNS server.

Scenairo 1 : configure DNS server

prerequisites:
1. Static ip for DNS server

Lookup zone files

1. forward lookup zone : Name to ip records (
/var/named/forward.b24.com)
2. Reverse lookup zone : IP to Name records (
/var/named/reverse.b23.com)

forward and reverse lookup zone format(records)

1. SOA (F & R) (Start of authority)
2. NS ( F & R) (name server) = name server or dns server details
3. MX (F & R) (mail exchange server) = mail server details
4. A (F) Address record(name to IP) IPV4
 5. AAAA (F) Address record (name to IP ) IPV6
6. CNAME (F) conanicol name(alias name)
7 . PTR (R) Pointer ( IP to name) IP to name

Resources:
TTL = time to live

server1 IN A 192.168.145.25
server2 IN A 192.168.145.26
till now above 2 entries are there in forward lookup zone file.
$TTL 1d
if i add new record in forward lookupzone file (03-aug-2021).
server3 IN A 192.168.145.27
it will star reflecting or working from 04-aug-2021, because TTL value is 1 Day.
once TTL expaires the new recrods will loaded.

$TTL 1h = the new records will start working or enable after 1 hour
$TTL 2h = the newly added records will reflect after 2 hours from adding
time.
====================================sample forward lookupzone file
content==================================
$TTL 86400
@ IN SOA master.prasad.com. root.prasad.com. (
2017050601 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum
)
@ IN NS master.prasad.com.
@ IN A 192.168.190.144
master IN A 192.168.190.144
===============================================================================
master.prasad.com.
master is my hostname
prasad.com is my domainame like google.com, facebook.com
root.prasad.com. administrator for domain

@ = hostname.domainname.com.
IN = Internet
SOA has bellow resources
1. serial number (2021080301) first change in 3rd aug 2021 2021080302=
second change in 03rd aug 2021
2. refresh = 1h ( updating recrods to slave dns sever)every 1 hours master
server will push the changes to slave dns
3. retry = 30m (refresh is failed in last attempt so retry will trigger
every 30 min incase reshesh failed)
4. expiry = 1d ( master could not able to push changes to slave for 1 day
then master will trea slave is not fit for dns server)
master goes down automatically who will become master? slave
system
when slave doen't have update data then master confirming that
don't become as master incase i fail also.
5. minimum (nx records) actually our domain is prasad.com
some one is trying m1.prasad.con
trying to m2.prasad.com which not there in our
domain.
Master DNS server(primary)
Slave DNS server (secondary)
master DNS server will keep push records to slave.
slave dns server will compare with master dns server using serial number. if
serial number matchine then slave will understand data is synced.

master DNS and Slave DNS serial numbers are matching then slave will be in
sync state
master serial number is 02 and slave serial number is 01. Here slave is not
synced with master.

prasad = added one record . after adding record then prasad will change the
serial number 01
rajesh = next rajesh is adding one more record in file , even rajesh will
change the serial to 02
lakshmikar
somu
siva = end of the day siva made some changes in DNS then finally siva will
update the serial number

2021080307
aug 3rd 7 changes made in dns

NS = name server details

$TTL 1h
@ IN SOA b24vm01.b24.com. root.b24.com. (
2021080303 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum
)
@ IN NS b24vm01.b24.com.
@ IN A 192.168.145.200
b24vm01 IN A 192.168.145.200
m1 IN A 192.168.145.21
m2 IN A 192.168.145.22
m3 In A 192.168.145.23

fully qualified domain name is m1.b24.com

b23vm01.b24.com.
m2.b24.com.
FQDN
google is not fully qualified domain name
google.com. is FQDN
mail.yahoo.com. is FQDN
wrong one is mail.yahoo

CNAME = alias

facebook IN A 192.168.145.100
fb IN CNAME facebook
fbook IN CNAME facebook

fb.b24.com it will redirect to facebook.b24.com --> 192.168.145.100

fb.b24.com==> facebook.b24.com ==> 192.168.145.100
PTR = pointer which will maintain in reverse lookup zone file
Ip will point out to Name
 192.168.145.100 IN PTR facebook

step 1 : install bind and bind-utils pkgs

prerequisites:
1. Static ip for DNS server
yum install bind bind-utils
step 2 : create forward lookupzone file and update the content
vi /var/named/forward.b24.com
-------------------------------------------------------------------------
$TTL 1h
@ IN SOA b24vm01.b24.com. root.b24.com. (
2021080301 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum
)
@ IN NS b24vm01.b24.com.
@ IN A 192.168.145.200
b24vm01 IN A 192.168.145.200
------------------------------------------------------------------
b24vm01 is my dns server hostname
domain b24.com.
dns server ip address is 192.168.145.200

Step 3 : configure the dns main file

vi /etc/named.conf

-------------------------------------------------------
options
{
directory "/var/named"; // "Working" directory
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";

listen-on port 53 { 127.0.0.1; 192.168.145.200; };

allow-query { localhost; 192.168.145.0/24; 192.168.140.0/24; };

};

zone "b24.com" IN {
type master;
allow-query {any; };
file "forward.b24.com";
};
-------------------------------------------------------

Step 4 : verify syntax of conf file and forward lookup zone file
named-checkconf /etc/named.conf
named-checkzone b24.com /var/named/forward.b24.com
systemctl restart named
systemctl enable named

How to integrate client machine with DNS server

vi /etc/resolv.conf
 domain b24.com
nameserver 192.168.145.200

ssh hostname ==== it was

ssh ip it works

switoff swap ==> swapoff -a

all the tasks were there in swap will move from swap to main memory(RAM)

solution:
take system into emergy or rescue mode
create simple swap file temp
lvcreate
mkswap /dev/vg/swaplv
swapon -a /dev/vg/swaplv
add entry in the fstab
reboot

hostname resolution is not happening?

verify dns server details in /etc/resolv.conf
how to check there is connectivity between client machine to dns server on 53 udp
port?
tcp is connection oriented protocol
udp is connection less protocol
dns 53 is tcp or udp? udp
telnet will not work for udp ports
nc will support both udp and tcp
nc -uvz <dnsserverip> <53>
nc -uvz 192.168.145.200 53
u = udp
v = verbose
z= zero packets

we are sing Infoblox for dns records.

records will publish after 15(TTL) min.

HTTP(apache)
===========================

ftp = data
ssh = data
sftp = data
nfs = data
samba = data
dns = hostname and ip
http = data
http (Hyper text transfer protocol)
only http supports hyper text publish.
http
nginx

Linux administrator role on http is , install http and make sure

service is running.
 design of web page is developer role.

linux administrator will get code to publish.

administrator will pulish code using http

5things about httpd service

pkg = httpd
service = httpd
daemon = httpd
port = 80-tcp (http=80 and https = 443)
configuration file = /etc/httpd/conf/httpd.conf
document root path = /var/www/html/

step 1 : install httpd pkg

yum install httpd
step 2 : keep the code in /var/www/html/site1 folder
mkdir /var/www/html/site1
copy here website data
step 3 : configure the web page
cd /etc/httpd/conf.d
vi mysites.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.site1.b24.com
DocumentRoot /var/www/html/site1/garelick
</VirtualHost>

step 4 : restart httpd service

systemctl restart httpd
systemctl stop firewalld
systemctl disable firewalld

step 5 : add website details in dns server

dns server:
vi /var/named/forward.b24.com
www.site1 IN A 192.168.145.20
systemctl restart named

yum install unzip

unzip filename.zip

============================
from 192.168.145.20 to 192.168.120.20 145 network 1 120 network2
between these 2 networks there will be firewall

network administrator has to write rule to allow trafic between

network 1 to network 2 on 2049 port
source destionation 2049 allow == rule1

from 192.168.145.20 to 192.168.145.25

can you guess is firewall is involved here? No because both are
in same network

==========================================
HTTP types
1. IP based web site configuration ( single ip and single web
site)
 2. Name Based web site configuration ( single Ip and multiple web
sites with different name)
3. Port based web site configuration

step 1 : keep the code in /var/www/html/site2 folder

mkdir /var/www/html/site2
mkdir /var/www/html/site3
copy here website data
step 2 : configure the web page
cd /etc/httpd/conf.d
vi mysites.conf
NameVirtualHost *:80
NameVirtualHost *:80
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.site2.b24.com
DocumentRoot /var/www/html/site2/rento
</VirtualHost>
<VirtualHost *:80>
ServerName www.site3.b24.com
DocumentRoot /var/www/html/site3/zuchristmas
</VirtualHost>

step 3 : restart httpd service

systemctl restart httpd
systemctl stop firewalld
systemctl disable firewalld

step 4 : add website details in dns server

dns server:
vi /var/named/forward.b24.com
www.site1 IN A 192.168.145.20
www.site2 IN A 192.168.145.20
www.site3 IN A 192.168.145.20
systemctl restart named

3. Port based web sites configuration

by default httpd listen on 80
listen on 80
listen on 8080
http://ip or hostname
http://ip or hostname:8080
step 1 : create directory inside /var/www/html/site4
mkdir -p /var/www/html/site4
create index file
cd /var/www/html/site4
vi index.html
WEB SITE 4 is running with 8080 Port
step 2 : appen new line in /etc/httpd/conf/httpd.conf
Listen 80
Listen 8080
step 3: configure the web page
cd /etc/httpd/conf.d
vi mysites.conf
NameVirtualHost *:8080
<VirtualHost *:8080>
ServerName www.site4.b24.com
 DocumentRoot /var/www/html/site4
</VirtualHost>
step 4 : add website details in dns server
dns server:
vi /var/named/forward.b24.com
www.site1 IN A 192.168.145.20
www.site2 IN A 192.168.145.20
www.site3 IN A 192.168.145.20
www.site4 IN A 192.168.145.20

in windows machine cmd:

ipconfig /release
ipconfig /renew

where will be httpd logs?

/var/log/httpd
there will be 2 files
1. error_log : here web site related errors. permissions related
errors for particular website
2. acces_log : here which are users accessed website

httpd codes:
1** or 100 = Information code or information error
2** or 200 = successfull . meaning successfully end user able to access the
web site
3** or 300 = redirection. web site is redirected to different web page
4** or 400 = client or end user site problem to access web site. client
entered wrong credentials to acess web page . web server captures as 400 error code
facebook.com entered wrong credentials: in sever side in logs we
can see 400 error.
correct one is facebook.com
wrong : facebook.com:800000
it's not server problem. client is access wrong name or port number
5** or 500 = server side problem . I mean httpd server side problem.
server could not able to supply data to clients
may httpd service is not running
may web site data is not there
permissions problem on /var/www/html/site3

supported formats:
html
htm
NTP
Network Time protocol

data transfer services are = ftp,ssh,sftp,nfs,samba,http

Hostname and IP = DNS service

through NTP service date and time will carried.

what kind of data is travelling in NTP service?
date and time
is it sensitive data? No , that is the reason NTP is developed in UDP protocol.

Advantages of NTP : end user and inside servers will have same date and time so
there will not be connection time our issues.
dis advantage if we don't have NTP : end users may will get session time out error
because end user will maintain one time and servers are mainting different date and
time so there a chance connection timeout error will happen.

Scenario 1 : configure NTP server

Scenario 2 : Integrate client machine with NTP server.

5 things about service

1. Pkg : ntp
2. service : ntpd
3. Daemon : ntpd
4. port : 123 udp
5. configuration file : /etc/ntp.conf

step 1 : make sure ntp package is installed

step 2 : configure the ntp server
vi /etc/ntp.conf
change 1 : #restrict 192.168.1.0 mask 255.255.255.0 nomodify
notrap
change to restrict 192.168.145.0 mask 255.255.255.0 nomodify
notrap

change 2 : add below 2 lines under server catogory "server

3.rhel.pool.ntp.org iburst"
server 127.127.1.0
fudge 127.127.1.0 stratum 10

fudge = local time should become source for client machines

stratum is = reserve 10 servers are source servers clients will
start picking stratum 11 onwards.
===================================================================================
============
In case global ntp servers are not supplying date and time then 127.127.1.0(same
system should play ntp server role). local system supply d&t to clients.

server 0.rhel.pool.ntp.org iburst global ntp maintaining by

rhel company
server 1.rhel.pool.ntp.org iburst global ntp maintaining by rhel company
server 2.rhel.pool.ntp.org iburst global ntp maintaining by rhel company
server 3.rhel.pool.ntp.org iburst global ntp maintaining by rhel company
server 127.127.1.0 local ntp for client machines
fudge 127.127.1.0 stratum 10 local ntp for client machines

step 3 : systemctl restart ntpd

systemctl enable ntpd
systemctl stop firewalld
systemctl disable firewalld

ntpq -np
=============================== client side===================

chrony is the agent for ntp

step1 : make sure chrony pkg is installed
yum install chrony
step 2 : configuration changes
vi /etc/chrony.conf
server 192.168.145.200 prefer
 server 192.168.145.201

restart chronyd service

systemctl restart chronyd
systemctl enable chronyd

systemctl stop chronyd

chronyd -q "server 192.168.145.200 iburst"
systemctl start chronyd
chronyc tracking

recieved alert for time sync issue or time is delay in one of the machine?

step1 : get the NTP server ip and sync up or get the latest date and
time from NTP server.
ntpq -np or chronyc tracking
offset: is the exact value of variaent time or diffence between ntp server
and client machine.
step 2 : if we notice there is much offset value in chronyc tracking
command then fetch the latest date and time.

systemctl stop chronyd

chronyd -q "server 192.168.145.200 iburst"
systemctl start chronyd

Rsync

remote sync. used for transfer data between machines and within machine also.
rsync -avz /data username@remotemachineip:/tmp ==> transferring data
from one machine to other machine . equal to scp
rsync -avz /data /opt ==> transferring data with in machine. equal
to cp

adv: compress data while transferring data to remote machine and it transffer only
differencial data.
what is differencial data?
in destination /data folder capacity is 1 GB
in source /data folder capacity is 1.5 GB what is differencial? 0.5 GB
is the difference. Only 0.5 GB data will be transimitted to destionation.
rsync will not overwrite
scp will overwrite

which is fast between scp and rsync? rsync because it does the
sync(differencial) and compress data

sync:
rsync -avz /data/ 192.168.145.20:/data
scp -r /data 192.168.145.20:/data
a = preserve permissions based on source
v= verbose
z= compress
rsync use the ssh port and parameters
what is the port number of rsync = 22
yum install rsync

rsync -avz html/ 192.168.145.200:/html

 =====================zip,tar,gzip==============================
compress and archive commands

zip -r /opt/data.zip /data

unzip /opt/data.zi-

tar = tape archive

tar -cvf /opt/data1.tar /data1

tar -xvf /opt/data1.tar
[root@b24vm01 opt]# du -hs data.zip data1.tar
3.8M data.zip ====> compressed
6.0M data1.tar ====> Archived

-c = create
v = verbose
f = force
x= extract

gzip = gunzip
zip and gzip are compression commands
tar = archive methodology command
difference between zip and gzip is ?
zip supports both folders and files
gzip supports only files
zip : source and backup will be available
gzip : we can find only destionation file after compression
sync: gzip file1
gunzip file1.gz

zip = .zip
tar = .tar
gzip = .gz
.tar.gz

data1.tar.gz
tar -xvzf data1.tar.gz

z= z zip or gunzip zip file

/var file system usage is 100 %

there are old files. in this case which command is recommended? zip or gzip
gzip
why we are not going with zip is ? zip does the compression but orginal and
destination will be there . in the current sutioution there is no space in /var
zip = source and destination both will be there
gzip = only destination after compression

sudo
switch user do

using sudo we can grant administrator commands access to normal users.

eg : useradd command is will not work for normal users, but using sudo we can allow
particular normal user to execute this command

configuration file of sudo is /etc/sudoers

 how to grant sudo permissions to normal user
visudo

prasad ALL=(ALL)
/usr/sbin/useradd,/usr/sbin/usermod,/usr/sbin/userdel

in above syntax granted 3 commands access to prasad user.

username any hostname=(all commands) particular commands out off all

prasad ALL=(ALL) commands

prasad,babu,rajesh ALL=NOPASSWD:
/usr/sbin/useradd,/usr/sbin/usermod,/usr/sbin/userdel,/usr/sbin/lvcreate

how to grant commands permissions to group?

%unixgrp ALL=NOPASSWD: ALL

all commands will work to unixgrp members

*** how to know what are the commands access has for particular user
sudo -l
execute the above command as that user

*** which command does the sudo file syntax validation?

vi /etc/sudoers or visudo
ans: visudo

UserAlias = creating name for multiple users

CommandAlias = grouping commands and creating one alias

visudo
%unixgrp ALL=NOPASSWD: ALL
User_Alias PRASADUSERALIAS = raja, venu, rayudu, prasad, naresh
PRASADUSERALIAS ALL=NOPASSWD: ALL
Cmnd_Alias PRASADCOMMANDS=
/usr/sbin/lvcreate,/usr/sbin/lvdel,/usr/sbin/userdel
babu ALL=NOPASSWD: PRASADCOMMANDS

Housekeeping alerts 1 interview question

Performance tunning min 3 interview questions
swap & kernel parameters min 1 interview question
issues:
server is not booting up
kernel panic errors, grub error and file system related
issues
server rebooted automatically. how to identify the root cause
server performance degrated? how to verify and idetify the root
cause
ITIL process
shell scripting
mock test
interview related things
azure

Handling Housekeeping alerts or Disk alerts

=======================================
Monitoring tool : Nagios,zabix,HPSM

OS partitions
other partitions(application/DB)

OS partitions:
1. /
2. /boot
3. /var
4. /tmp
5. /home
other partitions:
DB
/oradata
/oralog
/ora
SQL
/DB2
/DB2applogs

ls -ld /oradata
ls -ld /var
ls -ld /appdata1 here we are able to identify owner of partition.
DL= Distribusion list
[email protected] (os team will be part of this group)
OS partition alerts diverted to [email protected]
[email protected]
[email protected]

threesold values for disk or partition

partition War Critical OK
/ >=80 >=95 <=80
/appdata1 >=85 >=90 <= 80
P3 P2
priority ticket

Alert 1 : / parition is full . how to handle such alerts

Solution 1: clear unwanted data from partition

first thing identify which file or directory consuming more space

du -hs filename
du -hs directory
du -hs *
du -ks * | sort -r -n | head -2
solution 2: compress the important data
noticed one of folder or file is required for later. such kind of
files are directories we can compress and keep in same place
gzip filename

we cleared unwanted data from partition and also compress old data but still
partition usage is > threesold value. then finally we can extend parition space
Solution 3: extend partition space

*** unfortunatly deleted important file or directory?

How to recover it?
 first thing there is no recovery option in unix by default
alternative: in case we are using backup tools (TSM,Tivoli,.....) then
we can request backup team to restore only one particular directory from recent
backup.

every day at 12 AM TSM backup tool is backing up full data then with help of
yesterday or recent backup we can restore.

os team = will request backup team to backup so and so directories needs

to backup daily basis
app team = these are my partitions kindly backup
db team = these are my partitions kindly backup daily basis.

Alert 2 : /var parition is full . how to handle such alerts

Solution 1: clear unwanted data from /var partitions. mainly old logs
will be there in /var so we can delete those old logs
cd /var/log
first thing identify which file or directory consuming more space
du -hs filename
du -hs directory
du -hs *
du -ks * | sort -r -n | head -2

how to find out older than 3 months logs

find /var/log -mtime +90
the above command will just list out the older than 3 months logs
or files
find /var/log -type f -mtime +90

i want to delete older than 3 months logs , because it is

unwanted data for me.
find /var/log -type f -mtime +90 -exec rm -rf {} \;

implemented solution 1 but no free space from /var then we will go with
second solution.

solution 2: compress the important data or move imp data to other place where
we have enough space.

cd /var/log
find /var/log -type f -mtime +5 -exec gzip {} \;
we are compressing all the files older than 5 days.
implemented solution 2 but no free space from /var then we will go with third
solution
Solution 3 : extend the partition space

Alert 3 : /boot partition is full. How to handle such alerts

Solution 1: clear unwanted data from /boot partition. mainly old kernel
files from /boot
cd /boot
first thing identify which file or directory consuming more space
du -hs filename
du -hs directory
du -hs *
du -ks * | sort -r -n | head -2
 initramfs-3.10.0-123.el7.x86_64.img
initramfs-3.10.0-560.el7.x86_64.img
initramfs-3.10.0-862.el7.x86_64.img
symvers-3.10.0-123.el7.x86_64.gz
symvers-3.10.0-560.el7.x86_64.gz
symvers-3.10.0-862.el7.x86_64.gz
System.map-3.10.0-123.el7.x86_64
System.map-3.10.0-560.el7.x86_64
System.map-3.10.0-862.el7.x86_64

always keep latest 1 kernel data in system. we can use the latest kernel data
incase want roll back the patching.

there are 3 kernels data in that i can delete 3rd one

deleting 3rd kernel data

initramfs-3.10.0-123.el7.x86_64.img
symvers-3.10.0-123.el7.x86_64.gz
System.map-3.10.0-123.el7.x86_64

Alert 4 : /tmp partition is full. How to handle such alerts

Solution 1: clear unwanted data from /tmp partition.

cd /tmp
first thing identify which file or directory consuming more space
du -hs filename
du -hs directory
du -hs *
du -ks * | sort -r -n | head -2

without any body approval we can delete data from /tmp partition
3 GB /tmp
decided by SME or architech
> 12 years of experience

512 MB
100 MB is free that more enough for /boot partition

/ = 5 GB
/boot = 512 MB
/var = 7 GB
/home = 10 GB

/app1
/db1

database data will not store in /var

database data will store in /oralog

ticketing tool ==> ack alert==> working in progress ==> once you brought
partition usage is below threesold then ==> close the ticket

===================================================================================
====================================

to prasad
cc his manager and our team(os team)
subject : / partition is full

Hi Prasad,

Noticed you kept your data in / the folder details are below
[root@b24vm01 ~]# ls -ld /prasadimpdata/
drwxr-xr-x. 2 prasad prasad 6 Aug 10 14:15 /prasadimpdata/

Please take necessary action on this folder

if the folder folder is important keep it in your home directory else delete
if from /.

not allowed to keep personal data in os partitions.

Thanks and regards,

Babu S.

===================================================================================
==========================

Performence Fine-tunning

performance = speed

RAM = Random access memory

Memory = RAM
processor = worker
Disk = storage components
Network card = which will help to create route between one machine to other
machines

first we are going to identify server performance, based on results we will

fine tunne the performance.

TOP in house tool to identify server performance

SAR in house tool to identify server performance

TOP = using top we can analyze or identify server performance like memory usage,
Cpu load and swap utilization.
eg : 200 tasks(processes) are running that processes memory & cpu
usage we can find in top command.
also we will get individual process(task) cpu,memory and swap
utilization.
task = is nothing but one process whicy triggered by end user.

opening word file is a task for processor

playing song is a task(process) for processor
opened notepad and keep adding data inside file that is one process for
processor
processor = worker
process = task
top - 02:25:38 up 3 days, 23:40, 1 user, load average: 1.10, 1.15, 1.12

date & time server is up from 3 days currently 1 user is logged in

load average: 1.10, 1.15, 1.12

load on cpu but not exact load it's load average

1.10 1.15 1.12
current min last 5 min last 15 min
Load avg Load avg Load avg

1 cpu 1 number in 3 places = 1 1 1 perfect load based on worker

capacity (100 %) cpu is utilized
1 cpu 2 number in 3 places = 2 2 2 double load is running by
worker(200 %) cpu is utilized
4 cpus 1 number in 3 places = 1.10 1.15 1.12 only 25 % cpu is
utilized . 4/1 2 value in 3 places how much % is utilized 50 %
average load on cpus that is nothing load average.
**** what is your understanding on load average? what is load average?
average load on cpus that is nothing load average.
the average will decided based cpus,cpu speed, size of tasks and number tasks
are triggering.
Load average = cpu's + cpu speed + tasks + tasks size(heavy or small)
eg : current last 5 last 15 i can see 1 1 1 with 1 cpus this is normal
usage

4 cpus 2 Ghz speed ls is task 10 ls commands are execute in min

ls is light weight task
java execute one backend process = heavy task
cp -r 100 GB file to other place = heavy task
how to list out cpus?
top + 1

1 cpu 0.50 0.51 0.50 = last 15 min usage is 50

%
1 cpu 1 1 1 = last 15 min usage is 100 % load
is perfect . load coming based on cpu capacity
2 cpus 1 1 1 = what is load avg? 50 %
very normal
4 CPUS 1 1 1 = what is load avg? 25 %
very normal
8 cpus 4 4 4 = what is load avg? 50 % very
normal
1 4 4 4 = what is load avg? 400 % critical

Tasks: 280 total, 1 running, 279 sleeping, 0 stopped, 0 zombie

total 280 tasks are triggered

1 is running
279 sleeping
0 jobs are pause
0 jobs are dead process

*** what is zombie processe?

 zombie is a dead process. It will not occupy memory or CPU speed, but it will
exist in processor table.
the capacity of processor is 2000 processes in that only 1999 processes only can
run everytime because there is one dead process is in table.

2000 - 1 zombie
2000 - 100 zombie = 1900 only can run everytime
zombieo processes are not show stoppers but little bit performance will degrade.
instead of run 2000 processes at a time it will allow only
1900 because there are 100 zombie processes.

*** is zombie will ocupy RAM(memory)?

no
*** is zombie will ocupy processor table space?
yes
*** how to clear the zombie process?
solution 1 : restart the parent processe
eg : tomcat or nfs is the parent process.
systemctl stop tomcat
systemctl stop nfs-server
note: zombie is not moved out from process table after restarting
parent process then apply the solution 2.
solution 2: reboot the server

nfs-server is the ppid

client connections will be pid(child processes)
100 clients are connected so how many child processes are there ? 100

How zombie process is generated/created?

parent process will give kill signal to childs . please kill your self. I am
leaving process table in some miliseconds.
signal reached to childs they are process of killing them self but
parent left before they confirm i killed myself.

child process didn't respond to parent within time so parent left that dead
process in processor table.
solution : reboot or restart parent process(service)

*** how to identify zombie process?

in top we can see the zombie processes list
or
ps -ef | grep -i defuct

===============orphan processes=====================
orphan is nothing who doen't have parents, but process is running state.

orphan is dead process?

no. process is alive and running.

what is first process id in rhel 7?

1(systemd)
what is first process id in rhel 6 or below?
1(init)

first process will become parent for all orphan processes.

who will opt orphan processes?
systemd or init(1)
is orphan process consumes resources(cpu/mem)?
yes because it is in running state.

how to clear orphan process?

reboot the server

tomcat(11234 ppid) 11235 11236(Z)

tomcat(11238 ppid) 11245(r) 11246(r)
*** what are process states?
R = Running
S = sleeping
Z = zombie
T = Stopped(pause)
D = Un-inturptable processes

*** how to kill the process?

kill pid
or
pkill processname

kill with process pkill with process name

kill signals

kill -9 pid
***** -9 is inturpt and kill process forcefully.
-15 is refresh process
-18 or SIGSTOP
kill -SIGSTOP <pid> ========> stop the process or pause process
kill -SIGCONT <pid> ========> resuem stopped process

sleep 2000 =====> on screen

sleep 20000 & =====> send job to background to run

***** how to send job to background?

cmd &
sleep 20000 &
how to list out background running jobs?
jobs
how to get job to foreground?
fg %jobid

stop or pause job which is running in foreground

ctrl + z

%Cpu(s): 17.4 us, 4.8 sy, 0.0 ni, 77.1 id, 0.0 wa, 0.0 hi, 0.7 si, 0.0 st

us = user processes consumed cpu

sys = system processes consumed cpu
ni = nice processes(priority processes) consumed cpu
id = cpu idle %
wa = waiting proceses consumed cpu
hi = hardware inturupted processes consumed cpu

us = user processes
application user
db users

cpu idle 77 : what is actual cpu usage? 23%

cpu idle 100 : what is the cpu usage ? 0 % utilized

sy value is 90 %? what is that meaning? system processes are consuming 90 % cpu

this is not expected behaviour from OS.

<10 % sys
remaining 90 % app or db
** identified sy value is more eg: 50 %. How you can resolve this issue?
solution 1 : get approval from system owner and reboot the system
solution 2 : still utiliztion is high even after reboot then open case with
os vendor with sosreport if it is a redhat system
open case with os vendor with
supportconfig if it is a suse system

redhat = redhat/IBM
suse = novel/suse
solaris = oracle
AIX = IBM
hp ux = HP
alway company will renewval the license with full support from vendor.

L3/sme not able to identify or fix the issue then we can reach out
venor(redhat) for solution.

support.redhat.com ==> open support case ==> fill the details in ticket like
subject
description of issue
criticality
attach screenshots
sosreport
redhat = sosreport (support.redhat.com)
suse = supportconfig (scc.suse.com)

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

21915 qd1adm 20 0 3242244 141780 26660 S 300.66 0.107 67802:29 al_jobserver

pid = 21915
user = qd1adm the a1_jobserver is the process is started by qd1adm user.
PR = priority value -20 to 20
-20 is the high priority value
20 default
-20 first priority
-19 next prirotity
NI = priority
VIRT = virtual memory utilization by a1_jobserver process
RES = Residential memory usage(RAM usage)A1_jobserver process consumed actual ram
memory
SHR = shared memory not only a1_jobserver consuming 26660 the memory using by some
other processes also
S = status of the process
r = running
s = sleeping
Z = zombie
T = stopped/pause
 D = Un-inturaptable process

%CPU = 300% a1_jobserver process consuming 300 % of cpu. how many cpus i have ?
16= what is my total cpu capacity? 1600 % in that 300% is matter? no
***** noticed one of the process consuming 200% cpu, what you will do?
first i will verify how many cpus are there in my system.
if i have 4 cpus that means 400 % is my cpu capacity in that 200% is occupied
by one process. nothing critical.
if i have 1 cpu then situation is critical because 1 process started
consuming 200% .

% MEM the particula process memory usage in %.

dev = dd1adm = dev

QA = qd1adm = client development or demo environment
pre-prod = ppd1adm = replica of prod
prod = prd1adm = Live environment

***** How to list out high memory utilization processes?

in top we will press capital M to sort out high memory utilization processes
top + M
how to print only top 5 high memory utilization processes?
top + n + 5 ===> is for set only 5 process on screen
presss M to print high memory utilzation processes
***** how to list out high cpu utilization processes?
top + n+ 5
P

rtvscand is the antivirus process(symantec)

***** how to identify particular user processes?

top + u + username
***** How to kill the process in top
top + k + pid + kill signal(9)

SAR
system activity report
using sar command we can analyze cpu,memory,disk,network performance .

difference between top and sar is?

top is for analyze live processes resource utilization
sar is for analyze live and historical performance data.

historical ? 1 hour back cpu utilization, 2 day back cpu utilization, 20 days back
memory utilization can possible in sar command.
but in top only max 15 min Load average can possible to analyze.

by default one month data will be in the system(/var/log/sa)

sar is overall analytical data

top is current with invidual processes

sar -r 1 1
-r mem
-u cpu
 -b block devices(disk)
-s swap

sar -r <intervalsec> <repeate times>

sar -r 2 1

sar -r 1 5 memory utilization for 5 times with 1 sec interval

sar -u 1 5 cpu utilization for 5 times with 1 sec interval
sar -S 1 5 Swap utilization for 5 times with 1 sec interval
sar -d -b 1 1 disk and partition performance
or
sar -p -d 1 1

df -h will give usage

sar -p -d 1 1 will give disk performance(speed)
===================================================================================
================
02:53:38 DEV tps rkB/s wkB/s areq-sz aqu-sz await
svctm %util
02:53:39 fd0 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00
02:53:39 sda 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00
02:53:39 sdc 1.00 0.00 8.00 8.00 0.00 0.00
0.00 0.00
02:53:39 sdb 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00
02:53:39 sdd 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00
02:53:39 sde 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00
02:53:39 sap-lv_swap 0.00 0.00 0.00 0.00 0.00 0.00
0.00 0.00
02:53:39 backup-backup 0.00 0.00 0.00 0.00 0.00
0.00 0.00 0.00
02:53:39 sap-sap 1.00 0.00 8.00 8.00 0.00 0.00
0.00 0.00
===================================================================================
==================
tps = transactions per sec
rkb/s= read kb per sec
wkb/s = write kb per sec
areq-sz = average requests
aqu-size = average any waiting in queue
await = average waiting read/write taks
0 = no body or no processes are waiting for read/write
10 = average 10 processes are waiting for read/write the data

disk performance = r/w speed i/o i= write o=read

cpu performance = Heat speed
ram = total capacity
disk storage = 5 tb

pkg = sysstat
service = sysstat
 daemon = sysstatd
historical data will store in = /var/log/sa
interval is every 10 min
configuration file is /etc/sysstat.conf

historical
sar -r -f /var/log/sa/sa20210814 ====> yesterday memory utilization
sar -u -f /var/log/sa/sa20210814 ====> yesterdays cpu utilization
data

/usr/lib64/sa
sadc = system activity data collector. he is one who collects resources
[cpu,memory(ram),disk] utilization data.
sa1 = sa1 will collect data from sadc for every 10 min.
sa2 = sa2 will coloborate data per data and create overall day file at
11:50 PM. same time sa2 creates file for tomorrow.

these 3 jobs run using cron scheduler.

cron is a job scheduler.
================================================
:/usr/lib64/sa # cd /etc/cron.d
:/etc/cron.d # ls
OMSConsistencyInvoker dmeventd omilogrotate omsagent scxagent sysstat
:/etc/cron.d # cat sysstat
# crontab for sysstat

# Activity reports every 10 minutes everyday

*/10 * * * * root [ -x /usr/lib64/sa/sa1 ] && exec /usr/lib64/sa/sa1 1
1

# Update reports every 6 hours

55 5,11,17,23 * * * root [ -x /usr/lib64/sa/sa2 ] && exec
/usr/lib64/sa/sa2 -A

========================================

How you will handle high cpu utilization alert/ticket?

in ticket : you can find

server name
ip address
description of alert

is the above information is enough to work on ticket?

==> we will acknowledge ticket and login to server to check the alert.
ack = assigning ticket with your name and changig ticket status to in-
progress
open(new)
in-progress
resolve(completed)
close
re-open
===> verify which process is consuming more cpu using top command
 i will execute top + P to get highest utilization processes

suppose db or application processes are consuming more cpu then i will

take the screenshot of utilization and send mail to team.

Hi DB Team,

it's regarding following alert/ticket "ticket number" . we recieved

high cpu utilization ticket and noticed your processes are
consuming more cpu. kindly look on it.

screenshot of the utilization

forwarding ticket to your queue.

Thanks & Regards,

babu S.

queues = unix one queue

db one queue
app one queue in ticketing tool

we will re-assign ticket to respective team queue.

if they say this is normal utilization. we can not kill or clear any
process?
what next?
solution : increase the cpu with change request

Jobs
====================

1.AT
2.Cron

these 2 are the default schedulers in Unix servers.

we can schedule any task or script using at job or cron based on requirement.

difference between AT & Cron is ?

AT tool is schedule one time execution jobs. job will expair after execution.
cron is for schedule recuring jobs. job will execute based schedule. it will
not expair like at.

at -l ===> is for list out scheduled jobs in at

at 07 AM 30 aug 2021
sh /t.sh
ctl + d

now job is scheduled

we can find details of job in below location

cd /var/spool/atjobs/
 cat jobid
remove at job from scheduler
atrm 1
1 is nothing job id

services of jobs
at service is atd systemctl status atd
cron service is cron systemctl status cron

configuration files for jobs

at = /etc/at.allow
at = /etc/at.deny
cron = /etc/cron.allow
cron = /etc/cron.deny
we can add username inside /etc/cron.allowe incase want allow for job schedule.

requirement: prasad request for crontab access?

vi /etc/cron.allow
prasad

here we granted access for schedule jobs.

crontab -e

there are 6 fields

* * * * * task/script/command
1 2 3 4 5 6
***** explain crontab fields?

Min Hours daysinmonth monthsinyear daysinweek task

0-59 0-23 1-31 1-12 0-6

req1 : job should execute every min . the script path is /usr/local/bin/s.sh
* * * * * sh /usr/local/bin/s.sh
req2 : job should run every sund between 8 to 9 AM every 5 min

*/5 8-9 * * 0 sh /usr/local/bin/s1.sh

5th field is week days in week

0 sun
1 mon
2 tue
3 wen
4 thu
5 fri
6 sat

same job has to execute on sat and sun

*/5 8-9 * * 0,6 sh /usr/local/bin/s1.sh

req3: job should execute every day at 2,4,6,8 am at 30 min . 2:30 4:30 6:30 8:30

30 2,4,6,8 * * * sh /usr/local/bin/s2.sh
how to modify other users job as a root. root can modify or verify other users jobs

as a root we are executing command

crontab -u prasad -l
crontab -u prasad -e
-l list out the scheduled jobs
-e edit or schedule the jobs

***** how to know is the job is executed or not ?

we can verify executed jobs data in /var/log/cron ===> redhat
/var/log/messages ===> suse

SWAP
swap is a virtual memory for RAM(main memory). we will allocate swap from
disk space.

actual mediator between end user and processor is RAM but swap is a assistance for
RAM.

page out = out task from ram to swap

page in = entering task from swap to ram for execution

page is nothing but task/process

when RAM is full or reached to quota then kernel will send some jobs to swap. RAM
is heavily load please stay sometime in swap. once RAM is free
again he will call for execution.

creating swap using partition.

how to create swap space?
step 1 : create lvm partiton
lvcreate -L 20G -n swap1 rootvg
step 2 : format swap with swap file system
mkswap /dev/rootvg/swap1
step 3 : add entri in /etc/fstab
vi /etc/fstab
/dev/rootvg/swap1 swap swap defaults 0 0
step 4 : switch on the swap
swapon /dev/rootvg/swap1

how to check swap space

free -m
or
swapon -s

creating swap using file

we don't have enough space in vg or we don't have free disk. but we noticed 5
GB available in / decided to create 2 GB swap for emergency case.

step 1 : create 2 gb file

dd if=/dev/zero of=/swapfile3 bs=1G count=2
step 2 : format the swap file
mkswap /swapfile3
 step 3 : change the permissions
chmod 700 /swapfile3
step 4 : add swap entry in /etc/fstab
echo " /swapfile3 swap swap defaults 0 0 " >> /etc/fstab
step 5 : enable the swap
swapon /swapfile3

what is cache and buffer?

cache is nothing recently executed jobs information which will store in RAM.

eg: medical store. rugularly customers are coming for one of the medicin. the
worker will keep the item near to him or very far?
near to him.
to better performance

RAM is full new jobs are not allowing to execute then we can clear the cache
***** how to clear cach memory?
echo 3 > /proc/sys/vm/drop_caches

active cache, inactive cache and buffered one will be cleared.

how to reduce swap?

step 1 : switch off the swap
swapoff /dev/vg/lv
incase any pages(tasks) inside swap those will move to RAM forcefully as soon
as we switch off the swap.

step 2 : remove lv
step 3 : again create new lv with new size.

**** how to push jobs from swap to RAM ?

swapoff -a

======================Kernel parameters and Ulimits of

kernel=============================

what is kernel?
kernel role is manage the resources like memory management & tasks
management.
even kernel will have the limits and settings.
how to list out kernel parameters or settings?
sysctl -a

===============================
sysctl -a |grep "net.core.rmem_max"
net.core.rmem_max = 212992
temp
sysctl net.core.rmem_max=16777216
net.core.rmem_max = 16777216
Perm
sysctl -w net.core.rmem_max=16777216
net.core.rmem_max = 16777216
 configuration file for kernel parameter /etc/sysctl.conf
the below command is for load or reflect kernel parameters which are recently added
in /etc/sysctl.conf
sysctl -p
verify file and apply the new parameters

vm.swappiness = 60

swap will activite once main memory reach to 40% utilization. any of the processes
can use swap once after main memory reach to 40 % utilization.

swappiness =60 main memory utilization should reach to 40 % to

activate swap
10 main memory utilization should reach to 90 % to activate
swap.

what is recommended? less or more value? less value

10 then all tasks will use main memory.

** what is default swappiness default value? 60 %

======================Limits===================
even kernel will have limits. How to list out kernel limits
ulimt -a

==================================================================
ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 127383
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 127383
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
========================================================
what is current max user processes? 127383
eg: file size is 1 GB currently in system in this case if you try to open 2 gb
file. kernel will not allow to open because we set kernel limt to 1 GB.

ulimit -f 1024
SBX11:~ # ulimit -a |grep "file size"
core file size (blocks, -c) unlimited
file size (blocks, -f) 1024

ulimit -f unlimited
SBX11:~ # ulimit -a |grep "file size"
 core file size (blocks, -c) unlimited
file size (blocks, -f) unlimited

file size what is the max file size we allow to create or open.
open files what is the max files should allow to open at a time. ulimit -n
2048
max user processes what is the max user processes allowed to open . ulimit -u
187484

permanent
/etc/security/limits.conf

@sapsys soft nofile 65536

@sapsys hard nofile 65536
@sdba soft nofile 65536
@sdba hard nofile 65536
@dba soft nofile 65536
@dba hard nofile 65536

allowing 3 users to open max number of files is 65536.

@user soft(min) hard(max) nofiles

nofiles number of files

nproc number of processes
maxlogins - max number of logins for this user

adding below value inside /etc/security/limits.conf

@prasad soft maxlogins 3
@prasad hard maxlogins 10

the prasad can login to system with 10 login sessions maximum.

we set limit for prasad user that max you can login how many times? 10

* soft maxlogins 3
* hard maxlogins 10
we set limit for all the users that max individual user can login with how
many sessions? 10

***** one of the user not able to login?

it is not problem with user or password but still user unable to login .
===> the error was: max processes limit reached
solution : change max process limit value in /etc/security/limits.conf

user is try to open very big file but it's not opening what be the problem?
the opening file size is bigger than ulimt value.
solution: change file size limit to high value and try to open same file.

locate command?
what is the difference between locate and find?
find is for find files and directories with many clues(options)
locate is for find files and directories with name based
find (name,size,permissions,modify time, read time)
locate(name)
 panel will say i know the name of the file and i want search it. which right
approach?
locate or find? locate

locate filename
why locate is faster than find.
locate will look for file path in system db.
find will imediatly all the locations manually and find out the file.

which command is for to find path of command

eg : which find
which useradd

outlook(mail)
communicator(skype,myteams,slack)
setting up meetings in outlook
how to join in meeting

first login time: power on laptop and enter your company credentials
the credentials will share by your reporting manager. from whom we will
get login credentials? reporting manager.
first day of joining HR will share your reporting manager name,email-id and
mobile number to you to take credentials.
we have to call the reporting manager and ask for credentials.

we will login using those credetials.

just enter outlook in run prompt as soon as we login to system.

first time outlook ask username and password to complete configuration for
mail box.

-----------------------------------------------------------------------------
-----------
subject :SG1SBX11 - Not accessible
Hi Iqbal/Akhilesh,

Subjected server is not able to access it. could you please look on it.

Thanks & Regards

Prasad Babu S
Mob: +91 9845699199
-------------------------------------
ack:
reply all
Hi Prasad,

looking on issue. we will revert you back once issue is resolved.

Thanks & Regards,

Iqbal.

-----------------------------------------------------------
subject :create new partition
Hi Iqbal,

Kindly create new partition with below specifications.

Server name : MAZNASG1SBX11
Mount point : /usr/sap/pd1
Size = 1 TB
File system type : xfs
-----------------------------------------------------------

ack:
reply all

Hi Prasad,

working on your request.

Thanks and regards,

Iqbal.

===========================how to set signature==============

outlook ==> file ==> options==>mail ==> signatures==> add
========================how to schedule meeting ==============

new items ==> meetings ==> required and optional

required = mandatory people
optional = optional

===========================================Server Build and

Decommisioning============================================
1. Deploy server in VMWARE Platform
2. Deploy Server in cloud platform

campbell = Souaps = 700+

TKS = steel based = 2000
DANA = steel based = 800
= archiculture and forms in us = 1000 servers

manufacture buildings = 5 building in different areas

administration buildings = 4 in different areas
IT team/finance/marketing/R & D/desining team

orders one application =customers can book thair product in online and pay
amount in online
100 servers required to fullfill above requirement

desing and create new product = 200 servers

QA = some testing tools to verify product and deliver = 100 servers
finance = 100 servers(salary,bonus,IT returns, form 16 process)
IT team = 50 Servers
30 servers for manufactor branches
 TEAMS:
1. APPLICATION TEAM
2. QA TEAM
3. DB TEAM
4. Infra team
5. Network team

application team: developers, testers, SME, architech

DB TEAM = L1,L2engineer,L3 engineer,SME , architech
Infra team(OS) = L1 engineer,L2, L3, SME, architech

L1 = Below 3
L2 = Between 4 to 6 Years
L3 = Between 6 to 9 Years
SME = subject mater expert between 9 to 15 Years
Arch = between 15 to 20

arch - manager

client or owner of the company will ask new feature or new application.
He will dicuss with application architech and explain he requirement.

here application architech will inform requestor(client), we may require 100

servers to develop this application.

application arch will fill build sheet with neccessary information.

OS, number cpus, cpus capacity,RAM, partitions,ethernet cards

application teams = 25

downtime contact list = the particular team mail id (DL id).

in future we required any approval for reboot or patching and all then we
will reach out to downtime contact email id.

inventory management tool(CMDB,HPEL).

server name, OS, RAM, disks, server provision date, what application is
running, downtime email id, environment(dev,QA,prod,LAB), IP,hostname

one of the server is not responding to the commands and not able to login to
systems. How you will handle this situation?
send mail to downtime contact email id which is there in inventory management too.
==========> login to inventory management tool ==> search for particular server
==> get downtime contact email address.===================

Hi Team,

Noticed sujected server is not responding to commands or not able to

access system. we may need to reboot it.

Kindly provide approval for reboot.

we will find out RCA(Root cause for analysis) later.
Thanks & Regards,
Rajesh
 =========Template to be cloned
RHEL7.2_App_Ready_Template======================================

RHEL7.2_DB_Ready_Template
RHEL7.5_App_Ready_Template
RHEL7.5_DB_Ready_Template
RHEL7.9_App_Ready_Template
RHEL7.9_DB_Ready_Template
RHEL8.2_App_Ready_Template
RHEL8.2_DB_Ready_Template
SuSE12.SP4_App_Ready_Template
SuSE12.SP4_DB_Ready_Template
SuSE12.SP5_App_Ready_Template
SuSE12.SP5_DB_Ready_Template
SuSE15.SP1_App_Ready_Template
SuSE15.SP1_DB_Ready_Template
Windows2019_App_Ready_Template
Windows2019_MSSQL_Ready_Template

template = is nothing but readymate OS

scratch is = vcentre==> create vm ==> map iso image ==> install os = 1 hour
to complete os installation
template = 1 min to deploy server

vcentre or vsphear

login to vcentre ==> go to templates area ==> right click on ready

template and deploy virtual machine from this template

start post build activities after server deploy. access server through
putty and start post build activities.

S/N  Task
1  Verified OS and confirmed its SLES 15.sp2  as per build sheet
2  Creating file systems. Fs-xfs and LVM
3  Setting up swap through waagent.
4  Create application group and users as per SAP basis team
request. 
5  Grant full sudo permission to sapbasis user which is local user. 
6  "Hardening Machine along with patching and Sap package
installation .
Install packages which are requested by SAP Basis team.
Libatomic1 , numactl, saptune & sensors"
7  Verify Domain integration status.
8  Backup Configuration 
10  Adding to maintenance calendar  - Separate email sent
11  Hand over server to SAP team. 

============decomissioing servers==
co-ordinator will co-ordinate about server decommision.
 once we recieve approval for server decommision. we will follow below process
to decomission the server.
1. co-ordinator will create change or tikcet with unix team to decommision.
2. we will acknowledge ticket
3. backup the full machine and poweroff server for 7 days. request backup
team to backup the full machine.
4. delete machine ofter 7 days incase no complaince like who powered off this
server? why you poweroff? if we don't get such question from any body then srtight
away we will delete machine from vcentre.
5. close the change

both are administration tools for administrate virtual machines.

vsphear = free tool which is providing by vmware company will not much
features compare to vcentre.
vmotion, replication , DR things and not possible in vsphear
vcentre = is third party tool which contails all the features.
it is from vmware.

booting procedure
patching/roll back
lvm (create/extend/reduce)
nfs
fine tuning performance
what is zombio
what is orphan
process states
what is load average

how your deploying server in vmware environment

post build activities

ITIL
=================

Information technology Infrastructure Library

why we have to follow process.

we committed to client that we will provide 24/7 support.
A Shift B Shift C Sshift
6 to 3PM 2 to 11 PM 10 to 7 am cshift guy can call to a shift persona and get
updates

6:30 3:00

a shift guy is late for 1 hour

by that time C shift guy left

eg: P1 priority 1 issue is going on . client business is impacted.

in shift L1 engineer available.

 SLA(service level aggrement ) with client
service provider will give aggrement to client like we will resolve p1
issues in 4 hours.

accenture(service provider) ====> 1 ADM

service provider will give aggrement to 1 ADM like we will resolve p1 issue
in 4 hours.

L1 engineer accepted P1 ticket and started working on issue.

L1 engineer keep working on issue. almost last 4 hours but issue is not
fixed. sla is breached. now accenture has to bare pentalty.

right process is
L1 engineer accept the p1 ticket and try for 1 hour and not able fix then
escalte to L2 engineer. still how many hours left for further
toubleshoot ? 3 hours
now ticket is with L2 engineer.
L2 engineer will work on P1 issue for 1 hour and escalte to next level in
case he couldn't able to fix issue in 1 hour.
still how many hours left for L3/SME to troubleshoot? 2

Advantages of good support to client:

1. project will continue in same company

ITIL is nothing follow the pre-defined process and check lists which is
defined by our self.

ITIL process is followed by infra team.

1. OS administrators
2. DB Administrators
3. backup team
4. network team

3 main ITIL components

========================
1. Change management
2. Incidnent Management
3. problem management

process to follow implement any change in server that is nothing but change
management.
unexpectedly incident(server is down) happened in this case how we will handle?
that is nothing but incident management.
same issue is repeating but we don't have permanent solution for that issue, we
will follow problem management process to handle such issue.

changes
extending partition space
reducing partition space
increasing ram size
increasing cpu's cores
deleting one user
customizing kernel parameters.
patching

incidents
 1. server is rebooted
2. server got hung
3. server is not accessible
4. server performance is degraded
5. none of the users not able to login to server

client = who is owner of project/application.

service provider = who is providing support to client application.
SLA (service level aggrement)

incident SLA
P1 or critical = issue has to resolve with in 4 hours
P2 or high = issue has to resolve with in 8 hours
like this aggrement will be there between service provider and client.

client will write this aggrement and ask service provider to sign on that.

1. change management

the process which we will follow to handle changes.

1. patching activity what process follow to patch server

day1 day2 day 3 day4 day5
day6
RFC ==> CR preparation ==> TAB meeting===> CAB meeting ==> go or no go call
==> implement(patch)

for simple yum update or zypper update we are spending 5 days process.

what is the task? patching

implement task means what? perform the patching
who is implementing change? prasad is performing patching
who is implementor? prasad
what time patching is scheduled? 7 AM IST to 12 PM IST
schedule is nothing change window
what is the change window ? = 7 AM to 12 PM IST

Types of changes
1. Routine change
2. Standard change
3. Emergency change

1. Routine changes: per year or per quoarter some tasks/changes are fixed for
execution those changes called as routine changes
eg: OS patching
software upgradation
2. standard changes: ad-hoc changes
1. provision the server
2. decommision the server
3. customize the kernel parameters
4. customize the kernel ulimits
5. increase the RAM
6. Increase the CPUS
7. extend partition space
8. install/un-install/upgrade any package
9. customizing any service parameters (ssh,vsftpd parameters)
3. some impact will be there incase not implement change imediatly that kind of
changes are emergency changes.
RFC ==> CR or CEP preparation ==> TAB meeting===> CAB meeting ==> go or
no go call ==> implement(patch)

RFC= request for change

CR = change request
CEP = change execution plan
TAB = technical advisory board
CAB = change advisory borad

requestor will define the priority for incident.

i am not able to login . P1
you will change only your not able to login to system so it is p3 in 24
hours we can fix such issues.

client will fix the cab meeting per week

CAB meeting is Fixed every thursday 7 PM IST
============================================
RFC = who is the requestor for patching activity? OS team
application team person asking to customize one of the kernel paramerer?
application team
db team asking to docommission one of the partition? who is the RFC ? DB team

CR = Change request should be ready

change description= change the follwoing kernel parameter value .......
requestor = Application team ( rajesh)
window = 11 AM 29th Aug 2021 IST
criticality = Medium
impact if we didn't execute this change = reason which is provided by
application team
implementation team = OS team(unix)
implementor = prasad

the above data has to update in ticketing tool

CEP = change execution plan

CEP and CR is created now change co-ordinator has to schedule TAB meeting with all
the respective teams.

change co-ordinator has to schedule TAB meeting.

suppose TAB meeting scheduled on wen(25-aug-2021) at 5 PM IST.

all the team will join and discuss about change(CEP). co-ordinator will
gothrough one by one CEP task.
CEP is looks good and CR is ready to update in CAB meeting excel sheet.
change coordinator will ask CAB meeting team to add our CR also. CAB meeting
team will ask is TAB is completed? if yes then only they
accept for CAB meeting.
incase CR is not yet ready or CR is not approved in ticketing tool then we should
not put cr into CAB meeting.
CAB meeting team will verify CR is approved and TAB meeting is done
 CR is approved on thursday around 7 PM is it eligible for CAB meeting? no
because already CAB meeting started.
we can take this CR for next CAB meeting.we missed for 26th so we can
discuss this CR in 2nd sep

CAB ? change advisory board

client and SME are the board member

prasad representing for patching activity

suppose change is approved in CAB meeting then we are good to procced with change
in coming weekend.

CAB was on thu

go or no go will be scheduled on friday = change 1 patching = go
change 2 kernel parameter = no go
go or no go call

implement change as per change window

follow the CEP plan and execute the steps.

task 1 : create CR in ticketing tool will all necessary information

task 2 : prepare CEP and upload it in CR.
Task 3 : make sure approval is there on CR before CAB meeting
Task 4 : conduct TAB meeting and discuss about CR with technical concerns
Task 5 : request CAB meeting co-ordinator to add our CR in CAB meeting list
Task 6 : represent in CAB meeting and discuss about our change.
Task 7 : get approval in go or no go call
Task 8 : implement change as per change window

1. Routine change ( CAB )

2. Standard change (CAB )
3. change ( No CAB,NO TAB, High level CR will be there with approval)

2 Incident management
======================

incase any incident happened in project how to handle? that is nothing but incident
management process

prodcution : revenue will generate from production environment

DR = incase production goes down then DR will play prod role.
QA = client test environment
Dev = developers test enviornment
LAB = any body can use this lap for testing

question 1. dev server is down is this critical? no P2

question 2. production server is down is this critical? yes P1

P1 = priority 1 = critical
P2 = priority 2 = High
P3 = Priority 3 = medium
P4 = priority 4 = low
======================
SLA - Service level aggreement for Incidents
Priority ack/respond Restore/resolve Close RCA requied
P1/S1 15 min 4 hours 24 hours RCA -24 or 48
P2/S2 15 min 12 hours 48 hours NA
P3/S3 30 min 24 hours NA NA
P4/S4 30 min 48 hours NA NA

ack: assign ticket with your name,change status to in-progress and add comment like
working on issue.
it should happen within 15 min

restore/resolv = issue is resolved now things are working as expected

close = issue is fixed permanently . after 1 day requestor confirmed it's working
no issue observed last 24 hours so you can close this incident.

P1 - business impact or revenue is impacted

task 1 : shift engineer will ack the ticket and inform incident management team(via
mail)
task 2 : incident management team will open meeting for incident with required
teams
task 3: join in meeting and start working on issue
task 4: every 30 min incident management team will give update to client on issue.
current status to client
unix team rajesh is working from last 30 min.

incident manager will ask rajesh what is update? rajesh will say still
troubleshooting. then imediatly incident manager will ask rajesh
could you escalate issue to your senior.
siva l2 joined
30 not able to fix then incident manager will ask loop your SME

task 5 : incident manager wil give update to all stack holder about issue status
like issue is resolved

summary
issue :
resolved by =

sla time is 4 hours from ticket start but we breach sla we took 5 hours to resolv
the issue? what is next

service provider has to pay penalty to client

=================================================

issue has to fix with in 4 hours but not

1. process is not follwed. right engineer not escalated ticket to next level
2. lack of technical stuff . the engineer not strong in technical

impact : may project will go to other company

: penalty
RCA: root cause for analysis

root cause for incident

what is your analyze?

server was hung due to high memory usage by application process?

once server is up we will open case with redhat for rca

there will be one RCA template to fill and submit to client.

with in 24 hours we have to submit RCA to client.

root cause is high memory utilization?

what is permanent solution? increase RAM from 4 to 16 GB
open CR and follow the CR process to implement it.

problem:

issue is re-occuring again and again but we don't have permanent solution

1. open case with vendor and keep work with vendor until we get permanet solution.

How to take server into rescue mode

In which situations we will take server into rescue mode.

1. OS partitions are corrupted. eg: /boot, /var, / partitions
take server into rescue mode and repair the os partitions
(xfs_repair /dev/vg/lv)
2. forgot root password. we take machine into resuce mode and set new
password for root user
3. Grub is corrupted or deleted by mistake.
take server into rescue mode and re-generate grub file
4. Initramfs is corrupted or unfortunatly initramfs is deleted
take server into rescue mode and re-generate initramfs

what is the location of initramfs?

/boot

steps to take machine into rescue mode?

1. poweroff server
2. make sure ISO image is mapped in DVD
3. make sure DVD is the first preference in booting order. enter into bios and set
first booting priority is dvd
right click on vm and power ==> power on to firmware
boot==> make sure dvd is top.
shift + is for take dvd into top and f10 for save and comeout
4. select troubleshooting in installer home screen.
 Troubleshooting ==> rescue a redhat enterprize linux system ==>skip to
shell(if we want to repair file system)
continue = if we want to
regenerate grub, regenerate initramfs,set the root password.

to repair os partitions
skip to shell

enable all the vgs

vgchange -ay
repair the os partition
xfs_repair /dev/vg/lv

to set root user password

to regenerate grub file
to regenerate initramfs

going to select continue in rescue mod

actually os partitions and all will adjust in /mnt/sysimage

here press enter to enter into rescue mode
chroot /mnt/sysimage
how to regenerate initramfs
cd /boot
uname -r
dracut -f /boot/initramfs-3.10.0-862.el7.x86_64.img 3.10.0-862.el7.x86_64

how to regenerate grub.cfg or repair grub

grub2-mkconfig -o /boot/grub2/grub.cfg
how to install the grub

grub-install /dev/sda

suppose /boot/grub2 folder has been deleted . how to get it back

grub-install /dev/sda
suppose /boot/grub2/grub.cfg file has been deleted . how to get it back
grub2-mkconfig -o /boot/grub2/grub.cfg

===================================================================================
=============
emergency : machine enter into emergency mode automatically incase any file
system problem
eg : given wrong entries in /etc/fstab in this case system will enter
into emergency mode
we can correct fstab entries in emergency mode without dvd/iso image
help, but we should remember root user password.

enter root password to enter into emergency mode

in emergency mode / will be in read only mode
so we have to remount / with read/write mode
mount -o remount,rw /

then open /etc/fstab and correct incase there is any typo

 and reboot the server
reasons to enter system into emenrgency mode
1. wrong entries in /etc/fstab
2. other file system are corrupted not os file systems.
incase os file systems are corrupted then we will get kernel panic error.

===================================================================================
===========
emergency will understand by os automatically.
single user mode : administrator will take machine into single user mode for
repair any file system or anything else

question 1 : explain me patching procedure?

Rajitha Bollineni,aknagendra Babu, sai tej,13KIRUTHIKA S6012,jaikumar
neelakantan, D V Pradeep Kumar,Vinod Roxx,aadil arman,Prachiti Kulkarni,Anand
Heggi,Rathnakishor Gadikota,Hari Prasad T, Sure Vinaykumar,Vani J,Dinesh U,Revathi
Ammu,Mohan SurapaRaju,bomma sulakshana,N.Lakshmikar Reddy2,reddaiah reddy,sivakumar
reddy,madhukar m, vignesh vicky,Radhika Etigedda,asifali ms, Aishwarya
Konathala,Akula devika,c.naveen Kumar,Dharmendra N

question 2 : what is zombie and what is the impact of zombie process incase it
exist?
Hari Prasad T,Harshananda V, kalpana raju,vignesh vicky,Anand Heggi,Radhika
Etigedda,Aishwarya Konathala,asifali ms,bomma sulakshana,vignesh vicky,N.Lakshmikar
Reddy2,Radhika Etigedda,Dharmendra N,Dinesh U,Vinod Roxx,Swathi UN,mounika
muddapolu,Indu Sweety,Sakthi Vel,Vani J,Rathnakishor Gadikota,JYOTSNA
CHITTE,Prachiti Kulkarni,Revathi Ammu,13KIRUTHIKA S6012,Prem Chand,Harshananda
V,Hari Prasad T,lakshmi chella,Siva Chinnu,amanullah shaik,N. Narasimhulu,kalpana
raju,Sure Vinaykumar,Rathnakishor Gadikota,Ashok M,Madhu S,c.naveen Kumar,sai
tej,Divya Raja,asifali ms,Sireesha p,

booting procedure?
Vani J, Sireesha p, sivakumar reddy,Revathi Ammu,N.Lakshmikar Reddy2,aknagendra
Babu,Dinesh U,Radhika Etigedda,Akula devika,Swathi UN,Prachiti Kulkarni,
13KIRUTHIKA S6012,Aishwarya Konathala,Mohan SurapaRaju,kalpana raju,asifali
ms,mounika muddapolu,Rathnakishor Gadikota,amanullah shaik,bomma sulakshana,
lakshmi chella,D V Pradeep Kumar,N. Narasimhulu,Ashok M,Dharmendra N,pramod
s,vignesh vicky,Rajesh Chitte,Mr. Botla,reddaiah reddy,
Anand Heggi,JYOTSNA CHITTE,jaikumar neelakantan,Sakthi Vel,K Bhagyalakshmi,Hari
Prasad T,Hasini K,Rajitha Bollineni,reddaiah reddy,Divya Raja,
Chandu L,Madhu S,satya krishna

new batch 7:00 to 8:15

b24 8:20 to 9:30

shell scripting [wen,thu,friday]

sat or sund = responsibilities and how to handle recurter
mon- friday = azure
sat or sunday troubleshooting

saturday afternoon and sunday any time we can plan mocktest

sep second your resumes will be ready to upload

before dec 1 week you should have offer in hand

cluster HA
hardening
vulnurabilities
ansible//

===========> SHELL Scripting <===================

shell is nothing but mediator between application layer to kernel

shell is a language. using shell we are going to write simple programs to automate
administration.
c,python,perl,c++,core java,yaml(ansible),powershell(windows).

req: 100 partitions using lvm mehthod

vg is already there what next

creating lvs

lvcreate
mkfs
mkdir /tdir
mount
add entry in /etc/fstab
sh lv.sh
please enter lv name: tlv
please enter mount point name : /application1
please enter file system type : xfs
please enter size : 10G
please enter vg : vg00

integrate client machine with NTP server

hardening tasks:
permitrootlogin no
banner
timeout
deny users

AWK
SED

awk : we can print particular column data from file or command output

eg: printing only column 6 & 5 from df -h command output

df -h |awk '{print $6 " " $5}'

printing only first column from /etc/shadow file

awk -F: '{print $1}' /etc/shadow
awk -F: '{print $1}' /etc/shadow |wc -l

SED
string editor

what is use of sed command is? we can modify file without opening.
eg: we can add content to file using sed command
we can replace word using sed command
 we can delete word using sed command

note: sed will add/modify without opening file

1. Replacing string in file using sed

sed -i 's/Rajesh/Mahesh/g' /testfile
i = insert
s = substute
g = Global
2. add some data next to infra word line.
i want to add some content in next line once it find infra word.

sed -i '/infra/a adding 4th line ' /testfile

a = adding content in new line

3. delete particular line once it find specified string(word)

sed -i '/Infra/d' /testfile
d= delete line of string
4. how to delete particular word from file
sed -i 's/mahesh//g' /testfile

*** how to print particular lines?

want to print line 3
sed -n '3p' /testfile
print particular lines
sed -n '1~4'p /testfile

^ ==> starting of the line

$ ==> end of the line

^
===========
[root@b24vm01 ~]# grep "PermitRootLogin" /etc/ssh/sshd_config
PermitRootLogin yes
# the setting of "PermitRootLogin without-password".
[root@b24vm01 ~]# grep "^PermitRootLogin" /etc/ssh/sshd_config
PermitRootLogin yes
===========
$
=============
[root@b24vm01 ~]# grep "administrator" /testfile
Mahesh joined in IBM as linux administrator
working as linux administrator in Accenture

grep "administrator$" /testfile

Mahesh joined in IBM as linux administrator

sed -i 's/administrator$/admin/g' /testfile

Types of Variables:
1. System variables
2. user variables
1. System variables will be in capital letters
how to print the system variables? env

what is variable?
 1. it's a array which can store the value or program

HISTSIZE is a system variable. it's a pre-defined program. the functionality of

HISTSIZE variable is store the latest 1000 commands which are executed by end user.
[root@b24vm01 ~]# echo $HISTSIZE
1000

using history command we can list out the recent 1000 commands

what is the functionality of HISTSIZE? it can store the latest 1000 commands which
are executed by user
who defined functionality inside HISTSIZE? OS developer
how to call the variable value? echo $variable

export:
set the variable value for temparary:
export HISTSIZE=2000

variables we can set in 2 files

1. /etc/profile ===> global environment configuration file
2. /home/individual user home directory/.bash_profile or /home/individual
user home directory/profile ===> Individual users environment configuration file

defining program or functionality in variable

a=`ls -ltr`
here a is a variable it has ls -ltr functionality

how to call the variable?

echo $a

How to identify system variables? system variables will be in

UPERCASE(CAPITAL LETTERS)
how to list out only system variables? env

How to identify user defined variables? will be in small letters

compgen -v

How to define variables?

accept:
_VAR1
VAR
var
var_b
_var

not accepted:
5_var
-var
var-var
var_a!
var_a$
var_a&
Topics:
 =====
1. SED
2. AWK
3. VARIABLES
4. QUOTES
5. Operators (ARTHEMETIC Operators, Relational operators, Logical operators)
6. start simple program
7. what is shebang

4. QUOTES

1. " " = content can be printed between double quotes but it can
understand the special symbols(\n\t\v $variable $0)
2. ' ' = content can be printed between single quotes but it can not
understand the special symbols.
3. ` ` = is for call or execute sub program or command

echo " My hostname is `hostname`"

a=prasad
echo "My name is $a"

here double quotes will understand $a and call the $a value

output will be like
My name is prasad

a=prasad
echo 'My name is $a'
My name is $a

-----------------------------------------------------------------------------------
--------
[root@cmb24vm02 ~]# a=prasad
[root@cmb24vm02 ~]# echo "My name is $a"
My name is prasad
[root@cmb24vm02 ~]# echo 'My name is $a'
My name is $a
[root@cmb24vm02 ~]# echo "My Hostname is `uname -n`"
My Hostname is cmb24vm02
[root@cmb24vm02 ~]# echo 'My Hostname is `uname -n`'
My Hostname is `uname -n`
[root@cmb24vm02 ~]#
-----------------------------------------------------------------------------------
---------
5. Operators (ARTHEMETIC Operators, Relational operators, Logical
operators)

ARTHEMETIC Operators
+
-
*/
/

expr 5 + 5
expr 5 - 3
expr 5 \* 2
How to exclude empty lines from output
cmd | grep -v ^$

the below command will give current CPU IDLE %

sar -u 1 1 | awk '{print $9}' | grep -v %idle | grep -v "^$" | awk -F.
'{print $1}'

c=`sar -u 1 1 | awk '{print $9}' | grep -v %idle | grep -v "^$" | awk -F.
'{print $1}'`

c is nothing but variable it contains multiple commands

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
c=`sar -u 1 1 | awk '{print $9}' | grep -v %idle | grep -v "^$" | awk -F.
'{print $1}'`
usage=`expr 100 - $c`
echo " The current CPU usage is : $usage %"
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

mkdir -p /scripts
cd /scripts
vi cpuusage.sh
c=`sar -u 1 1 | awk '{print $9}' | grep -v %idle | grep -v "^$" |
awk -F. '{print $1}'`
usage=`expr 100 - $c`
echo " The current CPU usage is : $usage %"

sh cpuusage.sh

or
./cpuusage.sh

chmod a+x cpuusage.sh

sh cpuusage.sh
sh is the shell which i used to execute file or program.

Relational operators

== -eq equal
> -gt
>= -ge
< -lt
<= -le
!= not equal

eg :
[ 5 -le 4 ];then
do something

if [ 5 <= 7 ];then
echo "value is less then 7"
else
echo " value is greater than 7"
fi
 if
else
fi

================

if
fi
========

if
else
elif
elif
elif
fi
=====================================

simple program with shell format

script 1 : disable permitrootlogin
#! /bin/bash
sed -i "s/^PermitRootLogin/#PermitRootLogin/g" /etc/ssh/sshd_config
sed -i "/^#PermitRootLogin/a PermitRootLogin no" /etc/ssh/sshd_config
current=`grep "^PermitRootLogin no" /etc/ssh/sshd_config |wc -l`
if [ $current -eq 1 ];then
echo "Permit root login has been disabled in `hostname`"
else
echo "root is allowed to login in `hostname`"
fi
======================================================================
./test1 ./test2 .sh is not mandory for script. extention is just for our
reference or identify.

***** what is shebang?

#! /bin/bash or #! /bin/sh or #! /bin/ksh or /bin/perl or /bin/python

shebang is a runtime platform to run or execute remaining program/script.

setting up run time shell to run script.

***** incase shebang is not defined inside script. is the script is going to
execute or fail?
the script will execute if there is no shebang line. it is going to consider
current/default shell as shebang line.

the script is going to take default shell as shebang and execute in that.

script 2: create lv partition

==========================================
#! /bin/bash
read -p "please enter disk to convert as pv: eg:sdb : " p
pvcreate /dev/$p
read -p "Please enter VG name "v
vgcreate $v /dev/$p
read -p "Please enter LV name to create : " lname
read -p "Please enter VG name : " vgname
read -p "Please enter size for lv eg: 10G : " lsize
read -p "Please enter FS type eg:xfs ext4 : " ltype
read -p "Please enter mount point name : " lmount
lvcreate -L $lsize -n $lname $vgname
mkfs.$ltype /dev/$vgname/$lname
mkdir -p $lmount
echo "/dev/$vgname/$lname $lmount $ltype defaults 1 2 " >> /etc/fstab
mount -a
df -hP /$lmount
===============================================
#! /bin/bash
read -p "Do you want to create PV? eg : yes/no : " pd
if [ "$pd" = "yes" ];
then
read -p "please enter disk to convert as pv: eg:sdb : " p
pvcreate /dev/$p
fi
read -p " Do you want to create VG? eg : yes/no :" vd
if [ "$vd" = "yes" ];
then
read -p "Please enter VG name: " v
read -p "Please enter pv name eg:sdb :" p
vgcreate $v /dev/$p
fi
read -p " Do you want to create lv? eg : yes/no :" ld
if [ "$ld" = "yes" ];
then
read -p "Please enter LV name to create : " lname
read -p "Please enter VG name : " vgname
read -p "Please enter size for lv eg: 10G : " lsize
read -p "Please enter FS type eg:xfs ext4 : " ltype
read -p "Please enter mount point name : " lmount
lvcreate -L $lsize -n $lname $vgname
mkfs.$ltype /dev/$vgname/$lname
mkdir -p $lmount
echo "/dev/$vgname/$lname $lmount $ltype defaults 1 2 " >> /etc/fstab
mount -a
df -hP /$lmount
fi
=========================================Server hardening
script=================================================

hardening script
1. permitrootlogin no
2. password policies max age 70 min age 2 war 10
3. ssh banner
4. disable ftp service
5. un-install telnet
6. allowed groups through ssh is ssh-users ==> in /etc/ssh/sshd_config :
AllowGroups ssh-users
ssh-users is group
only ssh-users group members are allowed to login system.

#! /bin/bash
h=`hostname`
echo "Hardening the following server : $h"
echo "Task 1 : Disabling Root Login through ssh service:"
sed -i "s/^PermitRootLogin/#PermitRootLogin/g" /etc/ssh/sshd_config
sed -i "/^#PermitRootLogin/a PermitRootLogin no" /etc/ssh/sshd_config
current=`grep "^PermitRootLogin no" /etc/ssh/sshd_config |wc -l`
if [ $current -eq 1 ];then
echo "Permit root login has been disabled in `hostname`"
else
echo "root is allowed to login in `hostname`"
fi
echo "Task 2 : Applying password policies:"
sed -i 's/^PASS_MAX_DAYS 99999/PASS_MAX_DAYS 70/g' /etc/login.defs
sed -i 's/^PASS_MIN_DAYS 0/PASS_MIN_DAYS 2/g' /etc/login.defs
sed -i 's/^PASS_WARN_AGE 7/PASS_WARN_AGE 10/g' /etc/login.defs
echo "Task 3: Set the Banner for SSH users"
echo " ###### IT's a PRASAD Server . If your authorized to Login then try to
attempt login" > /etc/bfile
echo " If your not authorized or not working in PRASAD company then don't Login"
>> /etc/bfile
sed -i 's/^Banner/#Banner/g' /etc/ssh/sshd_config
sed -i '/^#Banner/a Banner /etc/bfile' /etc/ssh/sshd_config
echo "Disable FTP service"
systemctl stop vsftpd && systemctl disable vsftpd
echo "Un-install telnet"
echo yes |yum remove telnet
echo "Allow only ssh-group users through ssh"
s=`grep "AllowGroups ssh-users" /etc/ssh/sshd_config|wc -l`
if [ "$s" = "0" ];
then
echo "AllowGroups ssh-users">> /etc/ssh/sshd_config
systemctl restart sshd
fi
echo " Server has been hardened $h"
===================================================================================
======

***** exit or error codes in linux

0 = success
127 = command not found
126 = command triggered but not executed
1 = catchall for general error
130 = command or script is terminated by control-c
128 = passed invalid option to script in that case script will exit with 128 error
code

how to check error code of previous command or script?

echo $?

===================================================
script 4: Process/move file from landing location to destionation location as soon
as file araives into landing location.
statement-of-icici1256-dd-mm-yyyy.pdf
statement-of-hdfc123-dd-mm-yyyy.pdf
mkdir -p /landingfolder
mkdir -p /icici /hdfc /sbi /citi
#! /bin/bash
cd /landingfolder
ls -ld *icici* | awk '{print $9}' > /tmp/icicifiles
ls -ld *hdfc* | awk '{print $9}' > /tmp/hdfcfiles
ls -ld *sbi* | awk '{print $9}' > /tmp/sbifiles
ls -ld *citi* | awk '{print $9}' > /tmp/citifiles
for i in `cat /tmp/icicifiles`
do
mv /landingfolder/$i /icici/
done
for h in `cat /tmp/hdfcfiles`
do
mv /landingfolder/$h /hdfc/
done
for s in `cat /tmp/sbifiles`
do
mv /landingfolder/$s /sbi/
done
for c in `cat /tmp/citifiles`
do
mv /landingfolder/$c /citi/
done

schedule above script through crontab

* * * * * sh /scripts/segregatefiles.sh

===============================================
passing command line arguments to script

Create users in individual machines

#! /bin/bash
useradd -s $2 -d $3 -m $1
echo "$1:$4" | chpasswd
chage -M $5 $1

vi /scripts/useradd.sh
## add above 3 lines in file

execute script now

sh /scripts/useradd.sh rajesh1 /bin/bash /home/rajeshhome test123

$1 rajesh1
$2 /bin/bash
$3 /home/rajeshhome
$4 test123

[root@cmb24vm02 scripts]# sh /scripts/useradd.sh babu2 /bin/bash /home/babu2

test123 365
[root@cmb24vm02 scripts]# cat useradd.sh
#! /bin/bash
useradd -s $2 -d $3 -m $1
echo "$1:$4" | chpasswd
chage -M $5 $1

-----------------------------------------------------------------------------------
---------------------------------------

How to uninstall and install multiple pkgs from multiple servers.

 Jump server

Step 1 : configure password less between jump host to remaining machines.

task 1 : Generate keys in jump host

su - tempadmin
ssh-keygen
task 2 : create file and add hostnames or IP address of remote machines
vi /tmp/slist
192.168.145.200
192.168.145.20
task 3: push the public key to slist list servers
for i in `cat /tmp/slist`
do
ssh-copy-id -i /home/tempadmin/.ssh/id_rsa.pub $i
done
Step 2 : Un-install telnet pkg in all servers

Install telnet pkg in all the servers

for i in `cat /tmp/slist`
do
ssh $i "echo yes |sudo yum install telnet"
done

Un-Install telnet pkg in all the servers

for i in `cat /tmp/slist`
do
ssh $i "echo yes |sudo yum remove telnet"
done

===============================================

echo -e

\n new line
\t tab
\vveritical order

echo -e "1.AIX\n2.Redhat\n3.Solaris"
=================================================
Collecting pre-checks from all servers

#! /bin/bash
h=`hostname`
d=`date +"%d-%m-%Y"`
echo -e "host name is \t:\t`hostname`"> /tmp/$h-prechecks-$d.txt
echo -e "Uptime is \t:\t`uptime`">> /tmp/$h-prechecks-$d.txt
echo -e "Mount Points are\n=================================\n`df -hPT`
\n====================================" >> /tmp/$h-prechecks-$d.txt
echo -e "FSTAB output is\n=================================\n`cat /etc/fstab`
\n====================================" >> /tmp/$h-prechecks-$d.txt
echo -e "kernel version is \t:\t `uname -r`" >> /tmp/$h-prechecks-$d.txt
echo -e "OS version is \t:\t `hostnamectl status | grep "Operating System"`" >>
/tmp/$h-prechecks-$d.txt
echo -e "Physical volumes \n `sudo pvs`" >> /tmp/$h-prechecks-$d.txt
echo -e "Volume groups \n `sudo vgs`" >> /tmp/$h-prechecks-$d.txt
echo -e "Logical volumes \n `sudo lvs`" >> /tmp/$h-prechecks-$d.txt
/tmp/hostname-prechecks-29-08-2021.txt

Step 1 : copy this script to remote machines

vi /tmp/prechecks.sh
above content

task 1 : using for loop copy this script to remote machines

for i in `cat /tmp/slist`
do
scp -r /tmp/prechecks.sh $i:/tmp/
done
task 2 : collect the prechecks from remote machines
for i in `cat /tmp/slist`
do
ssh $i "sh /tmp/prechecks.sh"
scp $i:/tmp/*-prechecks*.txt /home/tempadmin/
done
===========================================================================

***** How to enable dubug mode in script?

#! /bin/bash
set -x
script
................
.................
.................
set +x
***** how to run script with debug mode?
sh -x lvm

-x is for enable debug mode for script.

***** what is the difference $* and $@

$0 = It prints the current shell

$SHELL = it print default shell
$? = previous command execution status
$1 = command line first input sh script.sh prasad comment
$1 prasad
$2 comment

$* = print all arguments which we provide to the script.

sh script.sh 1 2 prasad linux shell

which are the command line arguments? 1 2 prasad linux shell

$* will just print the all command line arguments

$@ will understand single and doble quotes and print the arguments.

eg: $@
#! /bin/bash
for i in "$@"
do
echo "$i"
done

output
 sh arg.sh 1 "2 3" prasad linux solaris 'shell scripting'
1
2 3
prasad
linux
solaris
shell scripting

eg:eg: $*
#! /bin/bash
for i in $*
do
echo "$i"
done

output
[root@cmb24vm02 scripts]# sh arg.sh 1 "2 3" prasad linux solaris 'shell
scripting'
1
2
3
prasad
linux
solaris
shell
scripting

======================================================================

How to monitor file and send mail notification to team about file download status?
serastatement.
icici one statement
hdfc one statement

from bank around 2 AM we will get this file into one of the location.
all the banks statement should arraive at 2 AM or max 4 AM

incase this file is not there then amount will not credit to the shop people.

file format: /Braches/statement/Banks/ICICI/stmt-of-seara-icici-29-08-2021.pdf

/Braches/statement/Banks/hdfc/stmt-of-seara-hdfc-29-08-2021.pdf

todays date is 30 aug 2021

script and schedule

script
====================================================
#! /bin/bash
yd=`date --date "yesterday" +"%d-%m-%Y"`
d=`date+"%d-%m-%Y-%T"`
if [-f /Braches/statement/Banks/ICICI/stmt-of-seara-icici-$yd.pdf ];then
echo "ICICI statement has been downloaded\n filename is : stmt-of-seara-icici-
$yd.pdf" | mailx -s " ICICI statement has been downloaded"
[email protected]
else
echo " ICICI statement not yet downloaded. Please take necessary action" | mailx -s
" ICICI file not downloaded $d" [email protected]
fi
if [-f /Braches/statement/Banks/hdfc/stmt-of-seara-hdfc-$yd.pdf ];then
echo "HDFC statement has been downloaded\n filename is : stmt-of-seara-hdfc-
$yd.pdf" | mailx -s " HDFC statement has been downloaded"
[email protected]
else
echo " HDFC statement not yet downloaded. Please take necessary action" | mailx -s
" HDFC file not downloaded $d" [email protected]
fi

========================================================schedule===========
crontab -e
01 2-4 * * * sh /scripts/monitorbankstmt.sh

mailx is the command to send mail

sync: echo "Body" | mailx -s "subject" mailid1,maild2,maild3

====================print file status on the

screen====================================
#! /bin/bash
yd=`date --date "yesterday" +"%d-%m-%Y"`
d=`date +"%d-%m-%Y-%T"`
if [ -f /Braches/statement/Banks/ICICI/stmt-of-seara-icici-$yd.pdf ];then
echo "ICICI statement has been downloaded\n filename is : stmt-of-seara-icici-
$yd.pdf"
else
echo " ICICI statement not yet downloaded. Please take necessary action"
fi
if [ -f /Braches/statement/Banks/HDFC/stmt-of-seara-hdfc-$yd.pdf ];then
echo "HDFC statement has been downloaded\n filename is : stmt-of-seara-hdfc-
$yd.pdf"
else
echo " HDFC statement not yet downloaded. Please take necessary action"
fi
=============================================================================

===============================execute something after

reboot##########################
one script has to execute incase server rebooted?

schedule below job in cron

@reboot touch /afterrebootfile`date +"%d-%m-%Y-%T"`
=========================================================================

cat t.sh
#! /bin/bash
d=`date +"%d-%m-%Y-%T"`
touch /tmp/tfile-$d.txt

crontab -l
@reboot sleep 10 && sh /scripts/t.sh

===================================================================================
==========

ANSIBLE
 1. overview of ansible
2. installation of ansible
3. How to run ad-hoc commands for multiple servers
4. how to write ansible playbook
5. run playbook

4 to 5 playbooks

what is ansible?
ansible is configuration management tool. which is developed by redhat
company.

hardening tasks for Linux servers.

requirement: push hardening tasks to 2000 servers every month once.
every 1 hour once hardening script has to apply for all servers.
ansible is a tool. the use of tool is configuration management & continues
delivery.

ANSIBLE supports YAML language.

eg: only prodction severs want to perform patching

can possible through ansible playbook.
same time want to upgrade only kernel for dev systems.
can possible through the ansible playbook.

playbook is nothing but script

Play = one task

playbook = collection of tasks. It is equal to script.
ansible tower = scheduler and monitoring of playbooks.

which node we will call as master node? which is contains ansible tool(pkg).
where will be the ansible modules? master node
in which machine we create inventory? master node
what is inventory? group of remote machines
what is module? predefined program which is developed in python.

eg: module yum is a a module for administrate pkg management

yum present

user module
this module is for perform user administration in remote machine.

are we installing any agent in remote machines?

no
ansible will establish connection with remote machines through ssh and
run the ansible module in remote machine.
master it's self establish connection with remote machine, carry
module and execute module in remote machine.

an

master node==> establish connection with client node(ssh)==> Master node

carry the module and execute task in client node ==> close the connection.
 install ansible in Linux machines

updating new packages in repository

step 1: copy new pkgs to directory where we have all other pgks
cp -r /root/ansible-pkgs/* /var/ftp/pub/rhel75/
step 2: update repository
createrepo --update /var/ftp/pub/rhel75
step 3: refresh or cleanup repositories
yum clean all

install the ansible

yum install ansible

clone: full copy of machine

you can run this cloned vm as seperate machine. but we have to change
hostname and IP.

how to list out installed ansible modules?

ansible-doc -l
how to get manual page of module or information about module?
ansible-doc -s yum

yum is the module . module is nothing code/program.

inventory:
group of systems/servers
vi /etc/ansible/hosts
[prod]
192.168.145.200
192.168.145.25
[qa]
192.168.145.25

run ad-hoc commands or module to inventory servers

ansible prod -m user -a "name=auser uid=20000"

ansible prod -m command -a "useradd tuser2222"
ansible prod -m command -a "hostname"
ansible prod -m command -a "df -h"
ansible prod -m yum -a "name=telnet state=present"
ansible prod -m yum -a "name=telnet state=absent"

master : 192.168.145.20
clients:192.168.145.25
192.168.145.200
192.168.145.170

tab key should not use inside yml file.

note: yml will not support tab key only space it supports.

=========playbook1 creating file in remote machines=====================

---

- hosts: prod
tasks:
- name: creating file in remote machine
file:
path: /babufile1
owner: prasad
group: root
mode: '1770'
===============================================
verify syntax errors:
ansible-playbook file.yml --syntax-check
dry run in remote machines
ansible-playbook file.yml --check

--check will go to remote machines and check peasibility to execute

how to execute the playbook?

ansible-playbook file.yml

=================Create file in remote machines=======================

---

- hosts: prod
tasks:
- name: creating file in remote machine
file:
path: /babufile2
state: touch
owner: prasad
group: root
mode: '1770'

- name: creating directory in QA servers

file:
path: /tdir222
state: touch
owner: prasad
group: root
mode: '0777'
========================installing multiple
packages==============================================
---

- hosts: prod
tasks:
- name: Installing packages
yum:
name:
- nano
- zip
state: present
=======================================================
dry run : ansible-playbook installation.yml --check

execute : ansible-playbook installation.yml

=================disable selinux in remote machines===============
---

- hosts: prod
tasks:
- name: disabling selinux in remote machines
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=permissive
========================================
dry run : ansible-playbook disableselinux.yml --check

execute : ansible-playbook disableselinux.yml

batch24 email address: [email protected]

batch24@123

========================================> portal.azure.com

1. creating resource group

2. create vnet(virtual network) and subnets
3. deploying server (gui,ARM template and shell)
4. disk management (attaching new disk & scaling up existing disk)
5. create recovery service vault(storage area)
6. backup management
==> backup policy creation
==> enabling backup for virtual machine
==> Triggering ad-hoc backup for virtual machine
==> restoring the vm using latest recovery point
7. creating snapshot for OS disk
8. create storage account
9. deleting vault
10 . availability set and availability zone

==========================================

11. vnet peering

going to create network between 2 vnets

step 1 : creating 2 vnets with 2 different subnet ip range

region : prasadrg-west
vnet 1: vnet1-west2
sub : sub1-vnet1-west2
10.1.1.*
vnet 2 : vnet2-west2
sub: sub2-vnet2-west2
192.168.1.*

step 2 : Deploy 2 machine in 2 different vnets

m1 = vnet1-west2
m2 = vnet2-west2

requirement: vnet1-west2 want to connect to vnet2-west2

so we have to create peering from vnet1-west2 to vnet2-west2
click on vnet1-west2

NSG(network security group) = firewall

IN = server <<=== outside

out = server ===>> outside

deploying servers in cloud

public network in that one user is one tenant.

how to protect your self in public network? using nsg rules. we can allow
only specified ports.

==================================== 25-SEP-
2021============================================

Daily work in organization

shifts: 3
A shift(india) B shift(UK) C shift (US)
morning afternoon Nigh shift
6-2PM 2PM - 10PM 10PM-6AM

your in morning shift

at 6 o clock there will be a shift hander meeting
here nighshift(previous) shift and morning shift
hand over to morning shift guy

Regular issues and tasks:

tasks:
create the partition with specified size
we will get requests to create partitions
we will get requests to grant sudo privilages to normals
we will work on login related issues.
rugularly we will get partition full alerts
other than these we will get performance related alerts like High cpu and high
memory utilization alerts.
also we will get request to export nfs file system and mount in remote machines.

we will get requests to grant sudo privilages from application team.

we will get requests to schechedule jobs in cron.

also we will take care machine deployments

we will deploy the server as per build sheet
also complete post build activities in newly deployed server
like creating partitions, creating accounts and installing requested
softwares based on build sheet.

also we will work on vulnurabilities

 how to increase RAM/CPU's for virtual machine in vmware
we can increase ram/cpu's in online if hotadd feature is enabled for
virtual machine.
we can increase ram/cpu's in offline if hotadd feature is disabled for
virtual machine

online : select machine ==> edit settings ===> increase ram/cpu

offline : poweroff the machine ==> edit settings ===> increase the
ram/cpu

CLOUD:
step 1 : deallocate the server(stop the virtual machine)
step 2 : change the machine size
step 3 : power on the virtual machine

in situaltion we will decide to increase RAM/memory?

scenario 1 : keep recieving high memory utlization alert and requested

application team to verify they said memory utilization by application is normal.
they can't cleanup any processes
so in this case we have only one option is scaling up the machine resources

but we will follow the change process to increase any of resource for
virtual machine.

==================================================================================

problem: application team complained about server performance

every day at 11 PM server performance is too slow.

how we can identify root cause?

1. using sar verify the historical data like yesterday at 11 PM what was the
cpu/memory usage.
if the utilization is high the complain is geninue
cd /var/log/sa
sar -u -f sa24092021
sar -u -f sa23092021
what is the further action on observation 1?
1. verify what are jobs scheduled between 11 PM to 12 PM in crontab.
cd /var/spool/cron/
ls
here you can see files with username whoever scheduled cronjobs.
==========> how to know the triggered jobs through cron?
cat /var/log/cron

identified many jobs are scheduled between 11 to 12 PM .

we can request scheduled job owners to change their slots.
we have to schedule meeting with job owners and request them to
schedule jobs in sequence order.

job 1 is going to take 10 then 11 PM

job 2 is going to take 5 then 11:10 PM
job 3 is going to take 20 min then 11:20 PM
no jobs identified at 11 to 12 pm but there was high cpu/memory utilization.
2. we have to be in system at 11 PM and identify which are users login at 11
pm and what they are triggering new tasks.
suppose multiple teams login to server at same time and executing their
jobs then we can request them to take some gap between teams.
 3. application team confirmed they can't stop or clean any processes and
running jobs are need to execute at same then
we can open change to increase the cpu/memory

***** how to verify which are users logged in system yesterday?

last | more
***** how to list out particular user sudo privilages?
login to user and execute sudo -l
***** how to list out particular user scheduled jobs as root
crontab -u prasad -l
crontab -u prasad -e
***** in which log file we can find which are users logged in and what they did?
/var/log/secure
***** /var/log/secure file captures what time user is delete and who deleted

/var/log/messages == services logs nfs,samba,ssh,ftp ,dns related logs will

be in /var/log/messages
/var/log/dmesg ===> it contains hardware related logs like hardware failure ,
new hardware is connected, any hardware warning alerts
/var/log/cron ===> cron job schedule/execution

*****server is in hung mode how to handle this incident?

step1 : find the server owner in inventory db
step 2 : we will send mail to server owner about server situation.
Hi Team,

server is not respondig to commands. Please give approval to reboot.

server name : xyz.server

step 3 : login to vcenter and reset the vm

azure : login to azure portal and restart virtual machine

step 4 : send mail to server owner about server status.

Hi Team,

server is up now . Please verfify start the application and

confirm us.
we will identify root cause for server hung and let you know.

Thanks & Regards,

Babu

step 5 : generate sos(redhat) and supportconfig(suse) and open case with

vendor for RCA(root cause analasys)

***** server is rebooted unexpectedly?

step 1 : request server owner to verify application functionality
Hi Team,

noticed server is rebooted unexpectedly. Kindly verify

application functionality and cofnirm us.
finding out root cause for reboot
 Thanks & Regards,
Babu.
step 2 : verify any of the user rebooted server manually
last | more
or
check in history command any one execute shutdown -r now command

server is rebooted at 10 am
we can see which are users logged in at 9 to 10:30 am
go to their users and verify history command

no one rebooted server purposefully and not able to find out clue
for reboot then open case with vendor

step 3 : generate sos(redhat) and supportconfig(suse) and open case

with vendor for RCA(root cause analasys)

patching,roll back, satelite

server is not coming up after patching
lvm : create,extend and reduce
building server
what are the hardening tasks?
remidiating security vulnurabilities?
handling high cpu and high memory related alerts
handling housekeeping alerts
nfs : export and mount
df -h output is hang
cpu load average
zombie : what is zombie, how to identify zombie and how to clear zombie
crontab fields
how to list out kernel parameters?
difference between softlink and hard link
ulimits?

vulnurabilities:
1. permitrootlogin yes it is a security vulnurability
how to mitigate or remediate?
change permitrootlogin no in /etc/ssh/sshd_config
2. old samba packge is running
how to mitigate or remediate?
upgrade to latest samba pkg
zypper update samba
yum update samba
3. ftp service is running in db server?
how to mitigate or remediate?
stop or uninstall vsftpd service
4. usb is allowed in so and so servers
remediation : disable usb at kernel level

every month we will get vulnurability report from qualis guard

there are many tool which will identify the vulnurabilities and send report.
download the report
analyze the report
 remediate the vulnurabilities as per solution.

what is the P1 issue which you faced recently?

Application was not able to process the transactions

problem or error message: no space left in device to write

-----------------------------------------------------------------------------------
-------
logged in to server and idetified /var partition was full.
imediatly i cleared old logs and also extended some space to /var partition

root cause was : application started dumping application logs in /var

requested application team to don't redirect application logs to /var

recommended to create new partition and use it for application logs.

===============================================================================
one p1 issue: remote applications were not able to connect to the server on 55022
port
application is running but still other applications could not able to connect
no firewall were blocking but still other applications could not able to
connect
port will start listening whenever application start.

i identified issue with ip addresses

there are 2 Ip address 1 primary and second one is secondary.
secondary became primary so clients could not able connect on primary ip
becuas 55022 port is allowed through which ip primary ip.

solution : restart network service

systemctl restart network

min hr days in month month days in week

01 * * * 1

conection timeout
no such file or directory
could not able to write : no space, write protection, doen't have permission
to write

operational ( wipro and adm )

client is adm
service provider wipro
what is the contract time to support = 5 Years

=====================Azure Load balancer==============

 front end ip
backend pools ( web1 & web2)
Load balancer rules

step 1 : Create 2 machines

step 2 : install httpd in both the machines
yum install httpd
step 3 : configure the web page in both machine
cd /var/www/html/
vi index.html
Server 1
step 4 : create the loadbalancer

===============================

front end ip = which will accept the load from outside.

which is the ip accesible for outside.
Back end pools = actual workers(nodes)
health probes = Load balancer checks the health of backend pools.

cluster
=============================
pace maker cluster

redhat = redhat cluster

solaris = veritas cluster
pacemaker is a third party cluster
it can support any of unix servers.

cluster commands:
crm status = to check the cluster status
crm config show = to show the cluster configuration
crm config edit = to edit the cluster configuration
crm configure property maintenance-mode=true ====> put cluster
in disable/maintenance mode
crm configure property maintenance-mode=false ===> take out
cluster from maintenance mode

migrate resource group from one node to another node

crm resource move <groupname> node2

ascs = first application

ers = second application

ascs is running in node1

ers running in node2

requirement migrate/move ascs services from node1 to node 2

crm resource move g-XT1_ASCS node2hostname
or
crm resource migrate g-XT1_ASCS node2hostname

how to refresh the one resource

crm resource cleanup rsc_sap_XT1_ERS70 MAZNAXZ1PPD07
refresh resource node
with out downtime for application we have to complete patching? what is the good
approach

steps in node1:
step 1: migrate resource group to node2
crm resource move g-XT1_ASCS node2hostname
step 2 : perform patching node 1
step 3 : reboot the server
step 4 : once node 1server is up then do the post validation
steps in node2
step 5 : login to node2 and migrate both services to node1
crm resource move g-XT1_ASCS node1hostname
step 6 : perform patching in node 2
step 7 : Reboot the server(node 2)
step 8 : once node 2 is up then do the post validation
step 9 : move back resource group to node2 from node1.

===================ANF azure netapp file share================

it's a third party service which is integrated inside azure.

custer will pay 100 to azure

azure will pay 90 to netapp

employee = reddaiah 2000

employer = accenture 2000
==========
4000
8 % interest

uan = unique account

pf number = acceture
pf number = IBM

bgv =
payroll =

IAAS = infra structure as a service

PAAS = platform as a service

SAAS = software as a service

pam_tally2 -u username ===> how many wrong password attempts are there
pam_tally2 -u username -r ===> clear the wrong password attempts.

account will be locked after trying 3 wrong password attemps.

account will be release once after clear the wrong attempts.

scenario 1 : how to take azure machine into rescue mode

server is not coming up after os patching
grub error during boot up.
 step 1 : create snapshot for OS disk in problematic machine
step 2 : spinup new disk using snapshot
step 3 : attach this disk to other machine
step 4 : repair the problem
login to rescue machine
mkdir /rescue
mount /dev/sdc4 /rescue -o nouuid
mount /dev/sdc3 /rescue/boot -o nouuid
cd /rescue/
mount -t proc proc proc
mount -t sysfs sys sys/
mount -o bind /dev dev/
mount -o bind /dev/pts dev/pts/
chroot /rescue
regenerate grub.cfg file
grub2-mkconfig -o /boot/grub2/grub.cfg
how to install grub2
grub2-install /dev/sda
how to regenerate initramfs
redhat
cd /rescue/boot
dracut -f /boot/initramfs- kernel version
suse
mkinitrd

exit
umount /rescue/proc
umount /rescue/sys
umount /rescue/dev/pts
umount /rescue/dev
cd
umount /rescue/boot
umount /rescue

step 5 : deattach disk from machine

step 6: swap the os disk in problemetic machine

***** could not able to create new file inside partition? what may be the problem?
1. May inodes are full for partition
2. file system converted into read only mode

1. may inodes are full for plartition

how to verify how many free inodes available for partitiion
df -hi
suppose noticed inodes are full for partition what action we will take care.

solution1 : clear the empty files

find /partition -empty -exec rm -rf {} \;
solution 2 : extend the partition space
***** reverse question from panel: can we extend only inodes?
no we can not extend only inodes
we will get inodes along with disk space.

***** how to check is the file is used by any of process?

lsof /file
how to check which are the users using file systems?
fuser -v /dbpart1
or
lsof +D /dbpart1

noticed many processes are using partition. but we have approval to unmount
the partition. now we can kill the all processes
fuser -vik /dbpart1
or
kill -9 pid
***** how to list all processes in machine?
ps -ef
or
ps -aux
how to filter only particular user processes
ps -aux | grep username

***** /var/log was full we deleted and cleaned up 2 gb space but still that 2 gb is
not reflected to partition. still showing /var is full.

reason is : we delete file when some process is using that file.

eg : we deleted file which is occupied 1 GB but that 1 GB space not
reflecting may backend process was using that file and in between we deleted file.
in this case space will not reflect because process still using not
release file.

how to find out such processes

lsof +D /dbpart1 | grep -i deleting
lsof +D /dbpart1 | grep -i deleted

solution: restart the process or restart the system

/var/log/messages
how to know which service is putting logs in /var/log/messages
how to find out which process is storing logs in /var/log/secure
lsof /var/log/messages
lsof /var/log/secure
***** rsyslog is the service which is responsible for logs capure and segregate to
respective file
logs are not coming to /var/log/messages how to rectify this problem
systemctl restart rsyslog

***** configuration file permissions are reverting after server reboot.

we changed /etc/ssh/sshd_config file permissions to 650 but after reboot
again permissions are reverted to 600
==========================================
grep ssh /etc/permissions.secure
/etc/ssh/sshd_config root:root 600
rescuem1:/etc # chmod 666 /etc/ssh/sshd_config
rescuem1:/etc # ls -ld /etc/ssh/sshd_config
-rw-rw-rw- 1 root root 3446 Oct 8 03:40 /etc/ssh/sshd_config
rescuem1:/etc #

reboot the server

============================================
solution is change permissions in
/etc/permissions.secure,/etc/permissions,/etc/permissions.easy and
/etc/permissions.local
permissions are hard coded in above files.

azure questions:
*** how many resource groups are allowed in one subscription
980
*** max number of vnets in one subscription
128
*** how many types of load balancers?
standard and basic

inside standar lb
we will have option to create public and internal(private) load
balancer

***** difference between standard lb and basic lb

standard Basic
backend pools 1000 300
health probes tcp,http,https tcp and http
multiple front ends inbound and outbound inbound

vmware: power off vm

connect ISO image
change boot option like enter into bios setting in next boot
power on the vm
in bios we will set first boot priority is dvd
f10 save and come out

rescue method