OS sections in docs
Documentation about Operating Systems and there administration.
Documentation regarding Redhat-like specific systems.
prerequisites :
hostname -f == hostname 1yum install -y ipa-server ipa-server-dns
2
3ipa-server-install \
4 --domain=example.com \
5 --realm=EXAMPLE.COM \
6 --ds-password=password \
7 --admin-password=password \
8 --hostname=classroom.example.com \
9 --ip-address=172.25.0.254 \
10 --reverse-zone=0.25.172.in-addr.arpa. \
11 --forwarder=208.67.222.222 \
12 --allow-zone-overlap \
13 --setup-dns \
14 --unattended
1yum install -y ipa-client
2
3ipa-client-install --mkhomedir --enable-dns-updates --force-ntpd -p admin@EXAMPLE.COM --password='password' --force-join -U
4
5# Test login
6echo -n 'password' | kinit admin
1sudo sh -c "cat <<EOF > ~/IdmZoneCheck.sh
2#!/bin/bash
3### IdM zone check ###
4# Check if the zone name is provided as a parameter #
5if [ -z "$1" ];
6then
7 echo -e "Provide the zone name to be checked as a parameter!\n(ex: IdmZoneCheck.sh domain.local)"
8 exit
9fi
10clear
11echo -e "### IDM / TCP ###\n\n"
12echo -e "TCP / kerberos-master (SRV)"
13dig +short _kerberos-master._tcp.$1. SRV
14echo -e "_TCP / kerberos (SRV)"
15dig +short _kerberos._tcp.$1. SRV
16echo -e "_TCP / kpasswd (SRV)"
17dig +short _kpasswd._tcp.$1. SRV
18echo -e "_TCP / ldap (SRV)"
19dig +short _ldap._tcp.$1. SRV
20echo -e "\n### IDM / UDP ###\n\n"
21echo -e "_UDP / kerberos-master (SRV)"
22dig +short _kerberos-master._udp.$1. SRV
23echo -e "_UDP / kerberos (SRV)"
24dig +short _kerberos._udp.$1. SRV
25echo -e "_UCP / kpasswd (SRV)"
26dig +short _kpasswd._udp.$1. SRV
27echo -e "\n### IDM / MSDCS DC TCP ###\n\n"
28echo -e "_MSDCS / TCP / kerberos (SRV)"
29dig +short _kerberos._tcp.dc._msdcs.$1. SRV
30echo -e "_MSDCS / TCP / ldap (SRV)"
31dig +short _ldap._tcp.dc._msdcs.$1. SRV
32echo -e "\n### IDM / MSDCS DC UDP ###\n\n"
33echo -e "_MSDCS / UDP / kerberos (SRV)"
34dig +short _kerberos._udp.dc._msdcs.$1. SRV
35echo -e "\n### IDM / REALM ###\n\n"
36echo -e "REALM (TXT)"
37dig +short _kerberos.$1. TXT
38echo -e "\n### IDM / CA ###\n\n"
39echo -e "A / ipa-ca"
40dig +short ipa-ca.$1. A
41echo -e "\n### IDM / A ###\n\n"
42echo -e "A / $HOSTNAME"
43dig +short $HOSTNAME. A
44EOF
1./IdmZoneCheck.sh idm.ad-support.local
1sudo realm list
2authselect current
3sssctl domain-list
4sssctl config-check
5getent -s files passwd
6getent -s sss passwd user
7getent passwd
8dig -t SRV _ldap._tcp.example.com
9sssctl user-checks toto -s sshd -a auth
Prerequisites :
for RHEL8 :
1dnf -y install realmd adcli sssd oddjob oddjob-mkhomedir samba-common-tools krb5-workstation authselect-compat
2
3realm discover example.com
4realm join example.com -U svc-sssd --client-software=sssd --os-name=RedHat --os-version=8
5
6sudo authselect select sssd with-mkhomedir
7sudo systemctl enable --now oddjobd.service
/etc/sssd/sssd.conf 1[sssd]
2services = nss, pam, ssh, sudo
3domains = example.com
4config_file_version = 2
5default_domain_suffix = example.com
6
7[domain/example.com]
8default_shell = /bin/bash
9override_shell = /bin/bash
10
11ad_domain = example.com
12krb5_realm = example.com
13realmd_tags = manages-system joined-with-adcli
14cache_credentials = True
15id_provider = ad
16krb5_store_password_if_offline = True
17ldap_id_mapping = True
18ldap_user_objectsid = objectSid
19ldap_group_objectsid = objectSid
20ldap_user_primary_group = primaryGroupID
21
22use_fully_qualified_names = True
23fallback_homedir = /home/%u
24
25access_provider = ad
26ldap_access_order=filter,expire
27ldap_account_expire_policy = ad
28ad_access_filter = (memberOf=CN=INTERNAL Team,OU=team-platform,OU=test-groups,DC=example,DC=com)
29
30
31[nss]
32homedir_substring = /home
33
34[pam]
35pam_pwd_expiration_warning = 7
36pam_account_expired_message = Account expired, please contact AD administrator.
37pam_account_locked_message = Account locked, please contact AD administrator.
38pam_verbosity = 3
39
40[ssh]
41
42[sudo]
1sss_cache -E; systemctl restart sssd ; sss_cache -E
2systemctl status sssd
/etc/sudoers.d/admin :1%EXAMPLE.COM\\internal\ team ALL=(ALL) ALL
1realm permit -g 'internal team@example.com'
Documentation about how to be produtivity with a terminal.
Ctrl + r : Search and reverse. (ctrl+r pour remonter l’history).Ctrl + l : Clear the screen (instead to use “clear” command).Ctrl + p : Repeat last command.Ctrl + x + Ctrl + e : Edit the current command on an external editor. (Need to define export EDITOR=vim ).Ctrl + shift + v : Copy / paste in linux.Ctrl + a : Move to the begin of the line.Ctrl + e : Move to the end of the line.Ctrl + xx : Move to the opposite end of the line.Ctrl + left : Move to left one word.Ctrl + right : Move to right one word.
man <cmd> : Open man page of command.
space : go ahead page by page.b : go back page by page.q : quit.Enter : go line by line./<word> : search a word in man.n : go to the next expression that you search.N : go back to search expression.man -k <key word> : look for in all man for your key words.man -k <word1>.*<word2> : “.*” allow to search several words.whatis <cmd> : give short explaination about the command.
Usefull to keep a track or document and share what have been done.
script : save all commandes and result in a “typescript” file.script -a : append to an existing “typescript” file (otherwise erase previous one).exit : to stop session.
asciinema : save the terminal session in video.
For RHEL - something like Tlog exists and can be configure and centralised with Rsyslog.
/etc/DIR_COLORS.xterm define terminal colors
dircolors change colors in the ls output
git clone https://github.com/tmux-plugins/tmux-logging.git
tmux new -s ma_session : Create new session.tmux attach : Attach to the last used session.tmux attach -t X : Attach to ymux sessions with X number.tmux ls : List active tmux sessions.tmux split-window -dh "!!" : Run command in separate panel.tmux source-file ~/.tmux.conf : Reload config
C-b w : List sessions/panels.C-b x : Close panel or session.
echo $’\xae’ = “®”
Vim has a special shorthand for entering characters with diacritical marks. If you need some familiar variant of a Latin alphabet character you’ll be able to input it with the digraph system.
Digraph input is started in insert or command mode (but not normal mode) by pressing Ctrl-k, then two printable characters in succession.
The first is often the “base” form of the letter, and the second denotes the appropriate embellishment.
https://vimvalley.com/ https://vim-adventures.com/ https://www.vimgolf.com/
1# HCL
2mkdir -p ~/.vim/pack/jvirtanen/start
3cd ~/.vim/pack/jvirtanen/start
4git clone https://github.com/jvirtanen/vim-hcl.git
5
6# Justfile
7mkdir -p ~/.vim/pack/vendor/start
8cd ~/.vim/pack/vendor/start
9git clone https://github.com/NoahTheDuke/vim-just.git
trigger a vim tutorial vimtutor
the most powerfull command:. : Repeat the last modification repete toutes les dernieres modif realisees.* : Where the cursor is located, keep in memory the word and goes to next one..* : together repeat an action on next word.
Documentation about commands which should works on all unix-like systems.
mdadm (multiple devices admin) is software solution to manage RAID.
It allow:
/dev/sdb, /dev/sdc) or (/dev/sdb1, /dev/sdc1)raidtools1# View real-time information about your md devices
2cat /proc/mdstat
3
4# Monitor for failed disks (indicated by "(F)" next to the disk)
5watch cat /proc/mdstat
1# Display details about the RAID array (replace /dev/md0 with your array)
2mdadm --detail /dev/md0
3
4# Examine RAID disks for information (not volume) similar to --detail
5mdadm --examine /dev/sd*
The conf file /etc/mdadm.conf does not exist by default and need to be created once you finish your install.
This file is required for the autobuild at boot.
SshFS sert à monter sur son FS, un autre système de fichier distant, à travers une connexion SSH, le tout avec des droits utilisateur. L’avantage est de manipuler les données distantes avec n’importe quel gestionnaire de fichier (Nautilus, Konqueror, ROX, ou même la ligne de commande).
- Pre-requis : droits d'administration, connexion ethernet, installation de FUSE et du paquet SSHFS.
- Les utilisateurs de sshfs doivent faire partie du groupe fuse.
Rq : FUSE permet à un utilisateur de monter lui-même un système de fichier. Normalement, pour monter un système de fichier, il faut être administrateur ou que celui-ci l’ait prévu dans « /etc/fstab » avec des informations en dur.
First Install samba and samba-client (for debug + test)
/etc/samba/smb.conf1[home]
2Workgroup=WORKGROUP (le grp par defaul sur windows)
3Hosts allow = ...
4[shared]
5browseable = yes
6path = /shared
7valid users = user01, @un_group_au_choix
8writable = yes
9passdb backend = tdbsam #passwords are stored in the /var/lib/samba/private/passdb.tdb file.
testparm
/usr/bin/testparm -s /etc/samba/smb.conf
smbclient -L \192.168.56.102 -U test : list all samba shares available
smbclient //192.168.56.102/sharedrepo -U test : connect to the share
pdbedit -L : list user smb (better than smbclient)
NFS vs iscsi
Concurrent access to a block device like iSCSI is not possible with standard file systems. You’ll need a shared disk filesystem (like GFS or OCSFS) to allow this, but in most cases the easiest solution would be to just use a network share (via SMB/CIFS or NFS) if this is sufficient for your application.
ext4 : le plus répandu sous GNU/Linux (issu de ext2 et ext3). Il est journalisé, c’est à dire qu’il trace les opérations d’écriture pour garantir l’intégrité des données en cas d’arrêt brutal du disque. De plus, il peut gérer des volumes de taille jusque 1 024 pébioctets et permet la pré-allocation d’une zone contiguë pour un fichier, afin de minimiser la fragmentation. Utilisez ce système de fichiers si vous comptez pouvoir relire des informations depuis votre Mac OS X ou Windows.
Preserve files permissions and ownership.
The Basic
1# Archive
2tar cvf mon_archive.tar <fichier1> <fichier2> </rep/doosier/>
3
4## Archive and compress with zstd everything in the current dir and push to /target/dir
5tar -I zstd -vcf archive.tar.zstd -C /target/dir .
6
7# Extract
8tar xvf mon_archive.tar
9
10# Extract push to target dir
11tar -zxvf new.tar.gz -C /target/dir
Other usefull options • t : list archive’s content. • T : Archive list given by a file. • P : Absolute path is preserve (usefull for backup /etc) • X : exclude • z : compression Gunzip • j : compression Bzip2 • J : compression Lzmacd
1# check partion
2parted -l /dev/sda
3fdisk -l
4
5# check partition - visible before the mkfs
6ls /sys/sda/sda*
7ls /dev/sd*
8
9# give partition after the mkfs or pvcreate
10blkid
11blkid -o list
12
13# summary about the disks, partitions, FS and LVM
14lsblk
15lsblk -f
in script mode
1# with fdisk
2printf "n\np\n1\n\n\nt\n8e\nw\n" | sudo fdisk "/dev/sdb"
3
4# with parted
5sudo parted /dev/sdb mklabel gpt mkpart primary 1 100% set 1 lvm on
Gparted : interface graphique (ce base sur parted un utilitaire GNU - Table GPT)
list of component:
LVM2 use a new driver, the device-mapper allow the us of disk´s sectors in different targets: - linear (most used in LVM). - stripped (stripped on several disks) - error (all I/O are consider in errors) - snapshot (allow snapshot async)
1lvs --all --segments -o +devices
2server_xplore_col1 vgdata -wi-ao---- 21 striped 1.07t /dev/md2(40229),/dev/md3(40229),/dev/md4(40229),/dev/md5(40229),…
3server_xplore_col2 vgdata -wi-ao---- 1 linear 219.87g /dev/md48(0)
1# Summary
2pvs
3vgs
4lvs
5
6# Scanner
7pvscan
8vgscan
9lvscan
10
11# Details info
12pvdisplay [sda]
13pvdisplay -m /dev/emcpowerd1
14vgdisplay [vg_root]
15lvdisplay [/dev/vg_root/lv_usr]
16
17# Summary details
18lvmdiskscan
19 /dev/sda1 [ 600.00 MiB]
20 /dev/sda2 [ 1.00 GiB]
21 /dev/sda3 [ 38.30 GiB] LVM physical volume
22 /dev/sdb1 [ <100.00 GiB] LVM physical volume
23 /dev/sdc1 [ <50.00 GiB] LVM physical volume
24 /dev/sdj [ 20.00 GiB]
25 1 disk
26 2 partitions
27 0 LVM physical volume whole disks
28 3 LVM physical volumes
1parted /dev/sda resizepart 3 100%
2udevadm settle
3pvresize /dev/sda3
4
5# Extend a XFS to a fixe size
6lvextend -L 30G /dev/vg00/var
7xfs_growfs /dev/vg00/var
8
9# Add some space to a ext4 FS
10lvextend -L +10G /dev/vg00/var
11resize2fs /dev/vg00/var
12
13# Extend to a pourcentage and resize automaticly whatever is the FS type.
14lvextend -l +100%FREE /dev/vg00/var -r
1parted /dev/sdb mklabel gpt mkpart primary 1 100% set 1 lvm on
2udevadm settle
3pvcreate /dev/sdb1
4vgcreate vg01 /dev/sdb1
5lvcreate -n lv_data -l 100%FREE vg01
6
7# Create a XFS
8mkfs.xfs /dev/vg01/lv_data
9mkdir /data
10echo "/dev/mapper/vg01-lv_data /data xfs defaults 0 0" >> /etc/fstab
11mount -a
12
13# Create an ext4
14mkfs.ext4 /dev/vg01/lv_data
15mkdir /data
16echo "/dev/mapper/vg01-lv_data /data ext4 defaults 0 0" >> /etc/fstab
17mount -a
1swapoff -v /dev/dm-1
2lvremove /dev/vg00/swap
3vi /etc/fstab
4vi /etc/default/grub
5grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
6grubby --remove-args "rd.lvm.lv=vg00/swap" --update-kernel /boot/vmlinuz-3.10.0-1160.71.1.el7.x86_64
7grubby --remove-args "rd.lvm.lv=vg00swap" --update-kernel /boot/vmlinuz-3.10.0-1160.el7.x86_64
8grubby --remove-args "rd.lvm.lv=vg00/swap" --update-kernel /boot/vmlinuz-0-rescue-cd2525c8417d4f798a7e6c371121ef34
9echo "vm.swappiness = 0" >> /etc/sysctl.conf
10sysctl -p
1# #n case of crash, just relaunch pvmove without arguments
2pvmove /dev/emcpowerd1 /dev/emcpowerc1
3
4# Remove PV from a VG
5vgreduce /dev/emcpowerd1 vg01
6
7# Remove all unused PV from VG01
8vgreduce -a vg01
9
10# remove all PV
11pvremove /dev/emcpowerd1
/var even if doesn’t want:1lvchange -ay --ignorelockingfailure --sysinit vgroot/var
1# VG rename
2vgrename
3
4# LV rename
5lvrename
6
7# PV does not need to be rename
Even if in the past I was using partition MS-DOS disklabel or GPT disklabel for PV, I prefer now to use directly LVM on the main block device. There is no reason to use 2 disklabels, unless you have a very specific use case (like disk with boot sector and boot partition).
S.M.A.R.T. is a technology that allows you to monitor and analyze the health and performance of your hard drives. It provides valuable information about the status of your storage devices. Here are some useful commands and tips for using S.M.A.R.T. with smartctl:
To display S.M.A.R.T. information for a specific drive, you can use the following command:
1smartctl -a /dev/sda
This command will show all available S.M.A.R.T. data for the /dev/sda drive.
1yum install iscsi-initiator-utils
2
3#Checks
4iscsiadm -m session -P 0 # get the target name
5iscsiadm -m session -P 3 | grep "Target: iqn\|Attached scsi disk\|Current Portal"
6
7# Discover and mount ISCSI disk
8iscsiadm -m discovery -t st -p 192.168.40.112
9iscsiadm --mode discovery --type sendtargets --portal 192.168.40.112
10
11# Login
12iscsiadm -m node -T iqn.1992-04.com.emc:cx.ckm00192201413.b0 -l
13iscsiadm -m node -T iqn.1992-04.com.emc:cx.ckm00192201413.b1 -l
14iscsiadm -m node -T iqn.1992-04.com.emc:cx.ckm00192201413.a1 -l
15iscsiadm -m node -T iqn.1992-04.com.emc:cx.ckm00192201413.a0 -l
16
17# Enable/Start service
18systemctl enable iscsid iscsi && systemctl stop iscsid iscsi && systemctl start iscsid iscsi
1for BUS in /sys/class/scsi_host/host*/scan; do echo "- - -" > ${BUS} ; done
2
3sudo sh -c 'for BUS in /sys/class/scsi_host/host*/scan; do echo "- - -" > ${BUS} ; done '
Partition your FS
1yum install device-mapper-multipath
vim /etc/multipath.conf:1defaults {
2user_friendly_names yes
3path_grouping_policy multibus
4}
1multipaths {
2 multipath {
3 wwid "36000d310004142000000000000000f23"
4 alias oralog1
5 }
1 devices {
2 device {
3 vendor "DGC"
4 product ".*"
5 product_blacklist "LUNZ"
6 :
7 path_checker emc_clariion ### Rev 47 alua
8 hardware_handler "1 alua" ### modified for alua
9 prio alua ### modified for alua
10 :
11 }
12 }
Checks config with: multipathd show config |more
1# in crontab or tmux session - take every hour a track of the memory usage
2for i in {1..24} ; do echo -n "===================== " ; date ; free -m ; top -b -n1 | head -n 15 ; sleep 3600; done >> /var/log/SYSADM/memory.log &
1diff -W200 -y <(unzip -vqq file1.jar | awk '{ if ($1 > 0) {printf("%s\t%s\n", $1, $8)}}' | sort -k2) <(unzip -vqq file2.jar | awk '{ if ($1 > 0) {printf("%s\t%s\n", $1, $8)}}' | sort -k2)
fuser: 1fuser -m </dir or /files> # Find process blocking/using this directory or files.
2fuser -cu </dir or /files> # Same as above but add the user
3fuser -kcu </dir or /files> # Kill process
4fuser -v -k -HUP -i ./ # Send HUP signal to process
5
6# Output will send you <PID + letter>, here is the meaning:
7# c current directory.
8# e executable being run.
9# f open file. (omitted in default display mode).
10# F open file for writing. (omitted in default display mode).
11# r root directory.
12# m mmap'ed file or shared library.
lsof ( = list open file):1lsof +D /var/log # Find all files blocked with the process and user.
2lsof -a +L1 <mountpoint> # Process blocking a FS.
3lsof -c ssh -c init # Find files open by thoses processes.
4lsof -p 1753 # Find files open by PID process.
5lsof -u root # Find files open by user.
6lsof -u ^user # Find files open by user except this one.
7kill -9 `lsof -t -u toto` # kill user's processes. (option -t output only PID).
1#When you have no fuser or lsof:
2find /proc/*/fd -type f -links 0 -exec ls -lrt {} \;
1# Get the state
2firewall-cmd --state
3systemctl status firewalld
4
5# Get infos
6firewall-cmd --get-default-zone
7firewall-cmd --get-active-zones
8firewall-cmd --get-zones
9firewall-cmd --set-default-zone=home
10
11firewall-cmd --permanent --zone=FedoraWorkstation --add-source=00:FF:B0:CB:30:0A
12firewall-cmd --permanent --zone=FedoraWorkstation --add-service=ssh
13
14firewall-cmd --get-log-denied
15firewall-cmd --set-log-denied=<all, unicast, broadcast, multicast, or off>
1#Remove
2firewall-cmd --zone=public --add-service=ftp --permanent
3firewall-cmd --zone=public --remove-service=ftp --permanent
4firewall-cmd --zone=public --remove-port=53/tcp --permanent
5firewall-cmd --zone=public --list-services
6
7# Add
8firewall-cmd --zone=public --new-service=portal --permanent
9firewall-cmd --zone=public --service=portal --add-port=8080/tcp --permanent
10firewall-cmd --zone=public --service=portal --add-port=8443/tcp --permanent
11firewall-cmd --zone=public --add-service=portal --permanent
12firewall-cmd --reload
13
14firewall-cmd --zone=public --new-service=k3s-server --permanent
15firewall-cmd --zone=public --service=k3s-server --add-port=443/tcp --permanent
16firewall-cmd --zone=public --service=k3s-server --add-port=6443/tcp --permanent
17firewall-cmd --zone=public --service=k3s-server --add-port=8472/udp --permanent
18firewall-cmd --zone=public --service=k3s-server --add-port=10250/tcp --permanent
19firewall-cmd --zone=public --add-service=k3s-server --permanent
20firewall-cmd --reload
21
22firewall-cmd --zone=public --new-service=quay --permanent
23firewall-cmd --zone=public --service=quay --add-port=8443/tcp --permanent
24firewall-cmd --zone=public --add-service=quay --permanent
25firewall-cmd --reload
26
27firewall-cmd --get-services # It's also possible to add a service from list
28firewall-cmd --runtime-to-permanent
1for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done;
2
3sudo sh -c 'for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done;'
4ssh
522/tcp
6dhcpv6-client
7546/udp
1firewall-cmd --info-service cfrm-IC
2cfrm-IC
3 ports: 7780/tcp 8440/tcp 8443/tcp
4 protocols:
5 source-ports:
6 modules:
7 destination:
1firewall-cmd --list-all
2public (active)
3 target: default
4 icmp-block-inversion: no
5 interfaces: ens192
6 sources:
7 services: ssh dhcpv6-client https Oracle nimsoft
8 ports: 10050/tcp 1521/tcp
9 protocols:
10 masquerade: no
11 forward-ports:
12 source-ports:
13 icmp-blocks:
14 rich rules:
1firewall-cmd --zone=backup --list-all
1firewall-cmd --get-active-zones
2backup
3 interfaces: ens224
4public
5 interfaces: ens192
1ls /etc/firewalld/
2firewalld.conf helpers/ icmptypes/ ipsets/ lockdown-whitelist.xml services/ zones/
1firewall-cmd --get-ipset-types
2firewall-cmd --permanent --get-ipsets
3firewall-cmd --permanent --info-ipset=integration
4firewall-cmd --ipset=integration --get-entries
5
6firewall-cmd --permanent --new-ipset=test --type=hash:net
7firewall-cmd --ipset=local-blocklist --add-entry=103.133.104.0/23
1nmcli con show
2NAME UUID TYPE DEVICE
3ens192 4d0087a0-740a-4356-8d9e-f58b63fd180c ethernet ens192
4ens224 3dcb022b-62a2-4632-8b69-ab68e1901e3b ethernet ens224
5
6nmcli dev status
7DEVICE TYPE STATE CONNECTION
8ens192 ethernet connected ens192
9ens224 ethernet connected ens224
10ens256 ethernet connected ens256
11lo loopback unmanaged --
12
13# Get interfaces details :
14nmcli connection show ens192
15nmcli -p con show ens192
16
17# Get DNS settings in interface
18UUID=$(nmcli --get-values connection.uuid c show "cloud-init eth0")
19nmcli --get-values ipv4.dns c show $UUID
1nmcli connection add type ethernet mac "00:50:56:80:11:ff" ifname "ens224"
2nmcli connection add type ethernet mac "00:50:56:80:8a:0b" ifname "ens256"
1nmcli con load /etc/sysconfig/network-scripts/ifcfg-ens224
2nmcli con up ens192
1nmcli con mod enp1s0 +ipv4.addresses "192.168.122.11/24"
2ip addr del 10.163.148.36/24 dev ens160
3
4nmcli con reload # before to reapply
5nmcli device reapply ens224
6systemctl status network.service
7systemctl restart network.service
1UUID=$(nmcli --get-values connection.uuid c show "cloud-init eth0")
2DNS_LIST=$(nmcli --get-values ipv4.dns c show $UUID)
3nmcli conn modify "$UUID" ipv4.dns "${DNS_LIST} ${DNS_IP}"
4
5# /etc/resolved is managed by systemd-resolved
6sudo systemctl restart systemd-resolved
- BIOS est lancé automatiquement et détecte les périphs.
- Charge la routine de démarrage depuis le MBR (Master Boot Record) - C'est le disk de boot et se trouve sur le premier secteur du disque dur.
- Le MBR contient un loader qui charge le "second stage loader" c'est le "boot loader" qui est propre au système qu'on charge.
-> linux a LILO (Linux Loader) ou GRUB ( Grand Unified Bootloader)
- LILO charge le noyau en mémoire, le décompresse et lui passe les paramètres.
- Le noyau monte le FS / (à partir de là, les commandes dans /sbin et /bin sont disponibles)
- Le Noyau exécute le premier procès "init"
LILO peut avoir plusieurs Noyaux comme choix. Le choix par default : “Linux”.
/etc/lilo.conf : Config des parametres du noyau
/sbin/lilo : pour que les nouveaux params soient enregistrés.
-> créé le fichier /boot/map qui contient les blocs physiques où se trouve le prog de démarrage.
1# [RHEL] RootCA from DC need to be installed on host:
2cp my-domain-issuing.crt /etc/pki/ca-trust/source/anchors/my_domain_issuing.crt
3cp my-domain-rootca.crt /etc/pki/ca-trust/source/anchors/my_domain_rootca.crt
4update-ca-trust extract
5
6# [Ubuntu]
7sudo apt-get install -y ca-certificates
8sudo cp local-ca.crt /usr/local/share/ca-certificates
9sudo update-ca-certificates